We are developing the social individualist meta-context for the future. From the very serious to the extremely frivolous... lets see what is on the mind of the Samizdata people.

Samizdata, derived from Samizdat /n. - a system of clandestine publication of banned literature in the USSR [Russ.,= self-publishing house]

Cryptography is good

Stack Exchange is a site, or a collection of sites, where people post questions on various subjects, other people post answers and yet others vote on whether they like both the questions and the answers. High-voted posts “float to the top of the heap”. Here is a post from the “Information Security” stack exchange that recently “trended” as one of the most popular questions overall: How to explain that “Cryptography is good” to non-techie friends. And here are extracts from the two topmost answers in terms of votes:

“If lack of encryption allows FBI to catch terrorists, then lack of encryption allows criminals to loot your emails and plunder your bank account.”

The rational point here is that technology is morally neutral. Encryption does not work differently depending on whether the attacker is morally right and the defender morally wrong, or vice versa.

and

I would take their argument and replace “cryptography” with “locks and keys on our houses” and see if they still agree:

If more terrorists and criminals would be caught by not having locks and keys on our houses, I would not blame warrantless searches by government and companies in our homes.

I know little of cryptography, but those arguments seem good to me.

Sixty pages

Tom Peterkin of The Scotsman reports:

Revealed: what can happen when a Named Person reports on your children

The Named Person scheme is to be rolled out across Scotland in August but one father’s experience of the pilot rings alarm bells for its many opponents

The handwritten note on an official form read: “Mr Smith feels it is impossible to stop his youngest son from sucking his thumb as he needs it for comfort. Did not appear to take advice on board fully.”

The words, written by the two-year-old thumbsucker’s Named Person, sent a shiver down the spine of Andrew Smith [not his real name], a father-of-two young boys and a respected academic at one of Scotland’s leading universities.

Contained within a 60-page document that had been compiled about his family, the note referred to a blister which had appeared on the toddler’s thumb as a result of the childhood habit. It also suggested Smith contact his GP if the blister became “hot to touch or very red”.

Smith, whose name has been withheld to protect the identities of his children, grew more alarmed as he leafed through the document, the vast majority of which had been redacted.

The surviving extracts appeared to indicate that the minutiae of his family life had been recorded in painstaking detail for almost two years, under a Named Person scheme which has been introduced in his part of the country ahead of its final roll-out across all of Scotland in August. A separate note made by the Named Person charged with keeping an eye on the academic’s two little boys was concerned with nappy rash.

It says elsewhere in the story that someone – exactly who was redacted – had reported this man because his kid had a snotty nose. It is a standing joke how quickly you go from tut-tutting at that sight to sympathizing with the parent once you have children yourself. As one of the commenters to this story, “Badenoch”, says,

There is a lot in this act which gives control over a child and it contain some ‘deceptive’ language with words like ‘wellbeing’. What does that mean legally?

Excerpts from the act.

“the wellbeing of a child or young person is being or would be—promoted, safeguarded, supported, affected, or subject to an effect.

“assess the wellbeing of the child or young person by reference to the extent to which the child or young person is or, as the case may be, would be—Safe, Healthy, Achieving, Nurtured, Active, Respected, Responsible, and Included.

If a child picking blackberries falls into a shallow burn and siblings, friends or parents laugh at the child’s misfortune. Has the child been placed in danger, poorly supervised, bullied and excluded? Or Has it been encouraged, active, nurtured and included? Who decides and once written down, and read by a third party, can it then change into something sinister ?

Facebook and Tor

I enjoyed this tweet. Regulars might recognise the name.

My Number

The new unified identification system with its associated up-to-the-minute database will streamline government, reduce fraud and tax evasion, make it easier to stop people “falling between the cracks” of different government departments, provide a convenient single means for citizens to prove their identity, and protect us all from terrorism. If you have nothing to hide you have nothing to fear.

What will bring about all these benefits? It sounds very like the UK Identity Cards Act 2006, but that cannot be since various malcontents forced the Act’s repeal in 2010. While it is true that for the British Civil Servant no setback is ever permanent, for now the torch has passed to Japan, where the latest version of the Eternal Scheme is called “My Number”.

Even in such a cooperative and law-abiding culture as Japan there are the inevitable troublemakers:

More Japan citizens sue gov’t over My Number system

Around 30 citizens in central and southwestern Japan filed lawsuits Thursday with regional courts, demanding the government suspend the use of identification numbers under the newly launched My Number social security and tax number system.

The lawsuits are the latest in a string of cases in which residents and lawyers argue that the right to privacy is endangered by the system, which allocates a 12-digit identification number to every resident of Japan, including foreign nationals, to simplify administrative procedures for taxation and social security.

Mitsuhiro Kato, who heads the lawyers’ group in the lawsuit with the Nagoya District Court, said at a press conference, “There were cases in which personal information was (illegally) sold and bought. Once the use of My Number expands, the state would come to control individual activities.”

According to the lawsuit, the action to collect citizens’ personal information without their consent infringes on their right to manage their own personal information. The plaintiffs are also worried about the risk of their personal information being leaked given the insufficient security measures currently in place.

My Number legislation has been enacted to make it easier for tax and other authorities to discover cases of tax evasion and wrongful receipt of welfare benefits.

But public concerns have grown over the government’s handling of personal information under the My Number system following massive data leaks from the Japan Pension Service in the wake of cyberattacks in May.

Here is a little more about that massive data leak from, or rather hack of, the Japanese pension system: 1.25 million affected by Japan Pension Service hack.

But fear not:

The hacked computers were not connected online to the fund’s core computer system, which keeps financial details of the pension system’s members, officials said. No illicit access to the core system, which contains the most sensitive information, such as the amount of premiums paid by and the amount of benefits paid to each individual, has been detected, they said, adding that they are still investigating the incident.

It is remarkable how when we read about these government data security breaches in any country, the most alarming possibilities always seem to have been avoided. Some special providence must protect government databases.

The public face of My Number is provided by popular actress Aya Ueto and a rabbit-like mascot with numbers in place of eyes called “Maina-chan”.

Wenn du sie nicht schlagen kannst, verbünde dich mit ihnen

GERMANY’S secret service spied on the EU’s British foreign policy chief and on the US secretary of state, it emerged yesterday.

The Bundesnachrichten- dienst, or BND, Germany’s equivalent of MI6, placed Baroness Ashton of Upholland under electronic surveillance when she was the EU’s high representative on foreign affairs and security.

It also tried to tap the mobile and office phones of John Kerry, the secretary of state, according to Der Spiegel magazine.

However, the attempt to listen in to Kerry’s mobile conversations failed because a bungling spy used an African country code by mistake. His other phones, including one at the American State Department, were successfully tapped.

The revelations are deeply embarrassing for Angela Merkel, who criticised the US over allegations the National Security Agency (NSA) monitored the German chancellor’s phone as part of a mass surveillance programme that included snooping on allies.

Speaking at the time, Merkel told President Barack Obama that “spying on friends is not acceptable”.

Particularly not those friends. To expose your poor spies to hours on end of Baroness Ashton or John Kerry is an unacceptable violation of the Framework Directive 89/391/EEC on Occupational Safety and Health.

Update: Niall Kilmartin adds, “Wow. They lose track of 130,000 immigrants from Isis recruiting areas but they can (almost) bug John Kerry. Is this a dramatic revelation of German government priorities, or does it merely indicate that the standard of electronic security set by Hillary was followed throughout her department and maintained by her successor?”

Samizdata quote of the day

Developers cannot build software that allows law enforcement to access encrypted communications but prevents malicious actors from exploiting that access. Cryptography cannot distinguish good people from bad, so a backdoor for one is a backdoor for all. Undermining the encryption used by U.S. companies would place the average consumer at risk of attack by malicious third parties, and merely motivate criminals and terrorists to use one of many alternative options. Powerful cryptography tools can easily be built outside the United States; as the self-declared Islamic State’s use of German messaging service Telegram demonstrates, software rarely respects borders.

Sara Sinclair Brody

New stirrings at the Old Firm

The Herald reports: Rangers and Celtic fans to unite for football grounds demo over anti-bigotry law

RANGERS and Celtic fans are among those who are joining forces to are support a new campaign in grounds across Scotland for the scrapping of a controversial law designed to stamp out sectarian abuse at football matches.

The demonstration over Saturday and Sunday aims to show a united fans front in protest against the Offensive Behaviour at Football and Threatening Communications (Scotland) Act 2012 on the grounds that it is “fundamentally illiberal and unnecessarily restricts freedom of expression”.

Supporters group Fans Against Criminalisation say protests are expected at Scottish Premiership and Scottish Championship grounds featuring fans from Celtic, Rangers, Hibs, Motherwell, Kilmarnock, St Johnstone, Hamilton Academical, Inverness Caledonian Thistle and Greenock Morton.

Hibs fans unfurled an “Axe The Act” banner on Sunday during their 3-0 victory over Alloa at Easter Road.

One banner unfurled at Celtic Park on Saturday said: “Scottish football – not singing, no celebrating.”

Another banner containing a rude gesture and the words, “Recognise This”, appeared to be a stark objection to the Scottish Professional Football League’s bid to bring in facial recognition cameras. Some fans have warned they risk driving fans away for making them feel like criminals.

An FAC spokesman said: “We have now been harassed, intimidated, filmed, followed, demonised and criminalised for four years and we have had enough.

It is interesting that fans from both the clubs in the Old Firm are among those involved in the protests. The series of pictures at the top of the Herald article shows banners being raised in protest at Celtic Park rather than Ibrox. Due to its association with Unionism the SNP government dislikes Rangers and would discount any protest coming from that quarter alone.

On the false choice between Privacy and Security

Many commentators are referring to the current fracas over strong encryption and other security technologies, including especially Apple’s refusal to provide the FBI with hacking tools for the iPhone, as a trade-off between privacy and security.

Even people who feel that strong security technologies are a good thing often position things as a trade-off of this sort.

I would like to reiterate something many of us already know: this is an entirely false dichotomy.

Backdoors in security systems don’t just eliminate privacy, they also make systems insecure.

The current fight isn’t just to make sure that the government cannot learn that you’re reading dissident publications or to make sure the government cannot automatically find everyone who has opinions it doesn’t like, although those are certainly worthy things to want.

The current fight is about whether we will impose a technological infrastructure which will be exceptionally vulnerable to attackers in order to provide nothing more useful than some very, very short-term advantages to people investigating crimes.

This pits the interests of everyone in society who depends on technology for their safety, which is to say, more or less everyone, against a tiny group of law enforcement officials who find their jobs somewhat more difficult.

We should remember that the damage caused by insecurity in our critical systems is not theoretical — it is pervasive problem even today. We saw only this last week a hospital forced to pay ransom to restore its computer systems. We’ve seen instances in the last year of the US federal government losing data on literally everyone with a recent security clearance to enemies unknown who presumably are very, very interested in knowing who all those US government agents might be. Untold millions of dollars are stolen every day in various sorts of computer fraud — everything from credit card fraud to fraudulent IRS e-file refunds. We already know that you can do horrible things to SCADA systems and the like that could potentially kill people, and whether you believe that’s already happened or not, it is clearly only a matter of time before people die that way.

All of this is because of lack of security in computer systems — a lack of security that the FBI, Cyrus Vance Jr., and other special interests propose to make dramatically worse on a permanent basis, in order to make their jobs somewhat easier for the short term. Imagine what things will be like in a world where Cyrus Vance has a slightly easier job but maniacs who have stolen US government master crypto keys can cause thousands or millions of automated cars to crash, killing their occupants.

So, please stop making it sound like it is merely the right to privacy that is at stake. Certainly the right to privacy is crucial for our society, but even those who do not agree with privacy should understand that back doors are not about making a trade-off in favor of increased security but in favor of pervasive insecurity.

This is not about security vs. privacy. We’re talking about nothing less than deranged short-term thinking that privileges the convenience of a small part of the machinery of law enforcement over the safety of almost everyone in our entire society.

Oh, the horror of the darknet…

The New Scientist Christmas number carries an interview with Carmen Weisskopf of the Swiss group Bitnik who carried out an automated random shopping expedition on the anonymous (or anonymous-ish) ‘darknet’. A place that official propaganda would have us believe is a Mirkwood full of hidden horrors.

What about trust? Has the bot been scammed yet, and paid for good that haven’t been delivered?

No. And this shows the level of trust that is there. The people who sell on these markets are used to trusting people online, and want to get a good rating. Even the Swiss police who seized the ecstasy bought by our bot were surprised at its quality compared to that available on the streets.

Honesty is not a product of fear of the police and state surveillance – shock. Not of course news to anyone brought up before the 20th century, nor in any of the many present-day societies where official power is the leading source of corruption.

Samizdata quote of the day

What do you want?
Information.
Whose side are you on?
That would be telling. We want information… information… information.
You won’t get it.
By hook or by crook, we will.

– The Prisoner (intro written by George Markstein, as far as we know)

[youtube https://www.youtube.com/watch?v=zalndXdxriI&w=420&h=315]

 

Samizdata quote of the day

I’m surprised – I didn’t think we would see these calls for more unchecked government surveillance until the start of the new week. But hats off to Dan Hodges – by publicly freaking out in his newspaper column and calling for the Investigatory Powers Bill to be passed, he has opened the door for Theresa May, David Cameron and a parade of GCHQ ex-chiefs to hit the TV studios and make the same demands.

Of course, what Dan does not do is explain how new government surveillance powers would a) have prevented the Paris attacks of 13 November, or b) might realistically prevent any future attacks. And if you pushed him, I doubt that he could explain the scope of current surveillance laws in any detail, or describe the ways that the British security services currently do or do not make use of those powers.

Samuel Hooper

Samizdata quote of the day

Journos: UK officials don’t want to “ban encryption” — they want to ban encryption that *works*.

Edward Snowden