We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Samizdata quote of the day

The government lost the crypto-wars. Crypto is now freely available, but in a sense they won because there are so many ways at people’s data that bypass the cryptography. What we’re learning from the Snowden documents is not that the NSA and GCHQ can break cryptography but that they can very often render it irrelevant… They exploit bad implementations, bugs in hardware and software, default keys, weak keys, or they go in and break systems and steal data.

- Bruce Schneier

19 comments to Samizdata quote of the day

  • They exploit bad implementations, bugs in hardware and software, default keys, weak keys, or they go in and break systems and steal data.

    …or, unlike common criminals, they “ask nicely” for the keys to the back door, promising they will only use it in case of a fire.

  • Sam Duncan

    Of course, Alisa, if you don’t hand them over, they drop the “nicely” part. (It’s illegal, in the UK, to withold crypto keys when they’re demanded. An Englishman’s house may be his castle, but his computer is anybody’s.) Any resemblance, then, to common criminals is, I’m sure, purely coincidental.

  • Indeed. I’d say even imaginary.

  • Tono-Bungay

    Can anyone of a technical bent explain (in words of no more than two syllables, please, if at all possible) why it is that the idea of data havens has never caught on?

    Not being of a particularly technical bent myself, I’m at a loss as to why a micronation (e.g. Sealand, only something that can move around) hasn’t filled a room with servers and offered space to people who want to keep their data secure?

  • Mr Ed

    T B Might it have something to do with economics? The vast bulk of the population having no interest in crypto-communications, electronic money and other nîche interests? I took a look at the people around me during a pub meal in a Yorkshire market town yesterday, and despite my best imagings found it difficult to think that any one of them would take the slightest interest in such
    matters.

    That, and the OECD recommending sanctions etc.

  • SC

    In that article a NSA guy is quoted as being angry at Snowden: “There’s a sense of betrayal that someone appointed himself judge and jury”. But that’s exactly what the NSA has been doing for years!

  • Runcie Balspune

    @ Tono-Bungay

    Data security is not the issue. Data has to get to and from a physical server and in doing so will almost certainly cross the jurisdiction of a government with less consideration for privacy.

    Privacy on the internet is an illusion, the protocols are based on broadcast technology over a public network. The key to privacy is anonymity, which is why encryption is a waste of time, the secret services are not interested in what you say but who you say it to, that was the real revelation of the Snowden leaks.

    Concepts such as The Onion Network (TOR) go aways to making it difficult to trace connections, but at the end of the line there will always be an ISP to backdoor, or an internet cafe CCTV.

  • Richard Thomas

    Every one of us must be the judge and jury, every day. To the extent that we delegate that authority to our government, we must have confidence that they will execute that authority along lines which agree generally with our own agenda. When that fails to be the case, we should consider returning that authority to our own control.

    The governments are moving away from their people, not vice versa.

  • CaptDMO

    But…but…it’s ONLY the…um…er…Meta Data.
    I guess that means zip. file.

  • Julie near Chicago

    Richard, you’re absolutely right (“all are judge & jury, every day”). Nailed! :>))

  • Rich Rostrom

    “They exploit bad implementations, bugs in hardware and software, default keys, weak keys…”

    Everything old is new again.

    In The Hut Six Story, Gordon Welchman explained that the success of the Allies against Enigma substantially depended on German operational errors, some quite egregious. GCHQ and NSA tried to have the book suppressed – because they didn’t want attention called to the importance of operational errors to their codebreaking, even in the 1970s.

    And that appears to be true today.

  • Mr Ed

    Rich

    I’ve heard it said that in cracking Enigma, one German radio operator in a remote Desert outpost was very helpful, as his daily reports were invariably to the effect of ‘In middle of desert. Nothing to report.’ which gave a flying start to decoding other messages.

  • Tono-Bungay

    @ Runcie Balspune


    Privacy on the internet is an illusion, the protocols are based on broadcast technology over a public network. The key to privacy is anonymity, which is why encryption is a waste of time, the secret services are not interested in what you say but who you say it to, that was the real revelation of the Snowden leaks.

    Ah, now I get it: the data itself isn’t as important as where it is coming from and to whom it is going.

    Thank you for pointing that out; I missed that aspect of the InterNet completely! [facepalm] :)

  • I guess it’s another version of ‘It’s not what you know, but whom you know’.

  • Nico

    Data havens can’t work because they have serious disadvantages: they’re easy to cut off, hard to defend, and are generally going to be far from… their users (high latency) and sources of energy (see first disadvantage). No one believes that a floating boat with a cable connection to the mainland is an independent country.

    Also, you have to get your data into them, and then back out as needed, all preferably without having to visit. So you’re still vulnerable to attacks on your computers that interface with the data havens.

    There is no substitute for strong institutions to protect the people from themselves. We’d be much better off talking about how to evolve the institutions we have in that direction than just about any other option (there’s voting with one’s feet, if one can find a suitable place to move to).

  • Nick BTF! Gray

    All this talk of winning and losing is very judgemental! The government didn’t lose the crypto-war, it came a credible second place. Just like the Germans in WW2, they didn’t lose- they came second!

  • Nico, without detracting from your points (with which I agree): can’t the same be said about tax havens, which in all truth should more appropriately be called ‘money havens’? I guess my question is (not necessarily to you personally, just thinking-aloud kind of thing): how is money different from information and how are the two similar, at least when it comes to protecting either from government?

  • Richard Thomas

    I think the different with tax havens is that those holding the reins of the powers that would roll right over a data haven typically are the ones keeping money in tax havens.

  • Nico

    Alisa: great question. Made me think.

    Pithy (wrong) answer: consider Cyprus…

    But a tax haven needn’t be mismanaged. Cyprus is not a good example.

    There are subtle differences between data and money as far as havens go: property rights recognition, timescales in when you’ll want your stuff back. No one is going to invade Switzerland, but good luck making use of your money where you want to use it if the government there wants to take it from you. Ask an American in the 30s, or an Argentine today, say. If you’re patient you might out-wait your government (it took decades to get back to gold being legal in the U.S. though), or maybe you’ll sneak around and risk criminal charges. Would you wait decades to get your data back? Probably not.

    Since you’ll need your data about, might as well just use crypto (which won’t really protect you from a government that doesn’t think you should get to keep secrets from them) and forget this data haven business. If you need to make data oublic that your govt doesn’t want you to then you don’t need a haven, just anyone abroad willing to publish your data.

    BTW, Americans didn’t really bother trying to get around capital controls back then: the U.S, economy was large enough. And then it boomed with the war. People in smaller, poorer countries care much more. Also, capital controls are a click away the world over. American controls over U.S. persons’ holdings abroad are quite tight: you can do what you like, but the feds must know. Much worse is the insistence on taxing you for up to ten years if you leave. But people aren’t leaving in droves — small numbers, bigger than ever perhaps, but small.

    Very few people really get to vote with their feet. This is why we must work on making our institutions better. There is nowhere to run.