Zoom Lied about End-to-End Encryption

The facts aren’t news, but Zoom will pay $85M—to the class-action attorneys, and to users—for lying to users about end-to-end encryption, and for giving user data to Facebook and Google without consent.

The proposed settlement would generally give Zoom users $15 or $25 each and was filed Saturday at US District Court for the Northern District of California. It came nine months after Zoom agreed to security improvements and a “prohibition on privacy and security misrepresentations” in a settlement with the Federal Trade Commission, but the FTC settlement didn’t include compensation for users.

Tags: , , ,

Posted on August 5, 2021 at 6:25 AM30 Comments

Comments

JonKnowsNothing August 5, 2021 7:11 AM

@All

In a MSM report on the Zoom settlement was this interesting item:

Zoom users relied on the company’s promises that “Zoom does not sell users’ data” …

Because Zoom implemented the Facebook SDK, user data was sent by Zoom to Facebook “regardless of whether the user has created a Zoom or Facebook account, and, even worse, before the user would have even encountered Zoom’s terms and conditions or any privacy disclosures….

Zoom has reportedly since “removed the Facebook SDK, Zoom continues to share similarly valuable user data with Google via Google’s Firebase Analytics SDK, also integrated into the Zoom app….

The settlement “requires Zoom to not reintegrate the Facebook SDK for iOS into Zoom meetings for a year” and to ask Facebook to “delete any US user data obtained from the SDK.”

While the top of the issue is the end to end encryption fallacy, a take away are the SDKs from Facebook and Google.

Loads of programs/apps use these SDKs and nearly every device that has an App in the Store are developed using one or more SDKs. SDKs are cherry baskets with promises of Here’s How To Do Stuff EZPZ . Yet how many are really vetted?

Like passing parameters to a routine that someone else has written, you have to Trust that the function call and parameters are Working As Intended. Only if your output is wonky do you start to look:

  • Did I do the call right?
  • Is there a new release update to the SDK?
  • Anyone else having XYZ problem searches and posts?
  • If all else fails, maybe the source is borked.

But on the backside what the SDKs are doing, no one knows. Zoom found out by claiming more than they should have but SDKs are everywhere. In this case the Facebook SDK is part of the problem and Zoom is not the only one using it.

===

ht tps://arstechnica.com/tech-policy/2021/08/zoom-to-pay-85m-for-lying-about-encryption-and-sending-data-to-facebook-and-google/

(url fractured to prevent autorun)

echo August 5, 2021 7:27 AM

While having discussions with a lawyer I brought up the issue of video comms software and ease of use and security and the law. Like a lot of lawyers it wasn’t their subject area and they used what they used or what they were issued with. I’m surprised but shouldn’t be surprised that a lot of people including coprorate IT managers and lawyers who theoretically speaking should know better leapt on the Zoom bandwagon during the pandemic.

As per comment in an earlier thread I find people leap from one extreme to another (or whatever is popular due to hype or not due to the latest scare story) due to lack of expertise, lack of training, orders from on high, habit, and so on. There’s obviously the Zoom thing but at the other extreme there are lawyer who would refuse to even accept third party emails or try to fore Whatsapp on you because it’s what they used. Can you get them to listen to the technical and legal issues within a human rights and consumer law context? No because ego kicks in very fast.

I’ve also commented on models of reasoning (big topic as it involves neuro-psycho-social stuff which can be a fairly deep topic) and contract law (and legal reasoning) which involves similar things.

I’ve been casually gathering links this past week to illuminate the strategies of “big tech” and the “far right” and how they use the same management and marketing and legal tricks to dominate and cheat their way to “success”.

The US and UK (and EU) are very different legal jurisidctions. Now judges can be prone to dominent trends and bad habits as much as anyone and I’ve noticed one UK case as well as this US Zoom case where the case was ruled more on a “fine” basis than compensation basis because the judge argued compensation would reduce available capital and would impact service viability. This kind of judgement had gone out of fashion although more and more were hiding behind policy disguised by fiscal policy. Myself I feel there is something very very wrong with this kind of judgment as it reinforces a “get out jail free” mentality and nods along to accountants dictating policy with all the knock on effects on governance and human rights and fair dealing.

Now why hasn’t anyone involved with Zoom been criminally prosecuted? That’s another question. I’ve also been collecting links which idicate UK security services are not taking the far right threat seriously nor, I suppose, corporate commmercial activity although the sale of ARM to Nvidia has been paused due to considering national security implications and the odd far right wingnut has been kicked off social media.

SIP is an open standard and can do point to point. Why anyone trusts or wants to use commercial walled garden closed source applications some of which simply replicate SIP or even worse wrap SIP while eroding its advantages or introducing their own disadvantages I don’t know.

Truth.is.stranger.than.fiction August 5, 2021 8:25 AM

Zoom also sent customer data to China where encryption is outlawed. https://www.businessinsider.com/china-zoom-data-2020-4

Third Party Risk assessments need to identify the data flow mapping and it needs to be appended to contracts. Class Action Lawsuits are farcical. They do nothing to stop the bad behavior. But if business contracts contain enough detail about data flows, data sharing and cloud data center locations then violations such as this would be criminal.

These are the people that belong in jail. But if their business contracts did not restrict offshoring of data there’s nothing anyone can do. Consumers have no rights in the US.

@Echo it wasn’t lost or me how stupid it is to discuss confidential business on video, which is not covered by any privacy laws in the USA. Given how leaky all of this data is, it should be viewed as a highly risky activity. WFH employees in sensitive positions should use landlines. Security aside, there’s legal reasons too. Internet data can be subject to warrantless search whereas landlines cannot.

I don’t think that people use video for personal communications. It’s annoying and difficult to concentrate. Communication suffers as a result since it is so unnatural and requires the use of too many concurrent parts of the brain. When you are speaking to someone live you don’t stare at their face. Even in a meeting you are looking at your notes or computer. Brain Diagram: https://images.app.goo.gl/PLsywtnxfwNCemht7

Think about it this way. When someone is driving and speaking on the phone, and they have to do something difficult like backup or turn into oncoming traffic, they will say ‘Give me a second, I have to concentrate’ and they will momentarily stop speaking until after they execute the action. The brain knows when it is overused and this is why video conferencing reduces productivity and stresses people out.

Etienne August 5, 2021 8:35 AM

The crypto appliqué is a device that can be inserted into the network or radio path, and also be removed and stored securely. The keys can be zeroized at the press of a button.

This follows the rule, that encryption should never be performed in the same device modulating the information.

The crypto appliqué standards would be certified after testing. It can communicate with single or group users within these standards.

There, I fixed it 🙂

Clive Robinson August 5, 2021 9:49 AM

@ ALL,

First lets get the silly question out of the way…

<

blockquote>“Zoom will pay … for lying to users about end-to-end encryption”

<

blockquote>

Is anyone even remotely surprised by this?

If you’ve answered “yes” Where have you been hiding this century?

For the rest of us the more serious question is,

Why are we not surprised?

That is why have “Big Silicon Valley Corps” or what ever you would like to call them been able to “data rape” anyone anywhere around the globe even though it’s actually illegal to do so in very many places?

But I guess the real queation is “Why is 85million USD not even remotely a deterrent?”

I’ve remarked before that Fines no matter how large will not work with these Corps, how much more evidence do we need that? Whilst some would argue we need to put “directing minds” in jail for long periods of time (ie multiple life sentences) and strip not just them but their entire families of every asset they own, after a little thought you realise that will not work either.

Thus what is it we need to make effective parity for the “Any person legal or natural”, such that the “legal” entity be it a trust, Corp, company, or other financial vehical actually has the “fear of retribution” that a normal “natural” entity feels thus is generally constrained by legislation and regulation deterrents?

Aaron August 5, 2021 10:08 AM

So Facebook and Google, both multi-billion dollar companies, via proxy of Zoom, pay $15 to $25 per person for data they used to get for free.

The legal system doesn’t understand how to dole out legitimate, effective punishment to companies who (often willfully) abuse their customers data and trust.

echo August 5, 2021 10:48 AM

@Truth.is.stranger.than.fiction

it wasn’t lost or me how stupid it is to discuss confidential business on video, which is not covered by any privacy laws in the USA. Given how leaky all of this data is, it should be viewed as a highly risky activity. WFH employees in sensitive positions should use landlines. Security aside, there’s legal reasons too. Internet data can be subject to warrantless search whereas landlines cannot.

Compared to some standards the US is a human rights and privacy nightmare not to mention one sided extradition treaties with somewhat dubious prosecutorial interpretations of good faith among other things.

I don’t think that people use video for personal communications. It’s annoying and difficult to concentrate. Communication suffers as a result since it is so unnatural and requires the use of too many concurrent parts of the brain. When you are speaking to someone live you don’t stare at their face. Even in a meeting you are looking at your notes or computer.

This depends on context. Who you are conferencing with, what the subject matter is about, and a range of other factors. For some things I will always insist on “face to face” meetings or teleconferencing if this is not available or impractical. There are some things which simply do not work on paper including but not limited to meaning conveyed my emotions or timing or where a high level of trust and relationship building is required. You need as many senses working as possible in a situation like this. Emails and transcripts can lose a lot of information as well as suffer from back and forth in attempts to clarify so can take up more time. For some things including extremely high levels of domain expertise and nuances you simply have to have this kind of communcation. Even an “um” and an “ah” conveys information in a high bandwidth way if the understanding is there. The more senses involved or the more real an experience the more things can sink in. I suspect “mirror neurons” have a significant role to play in this. It also helps sometimes to know who you are dealing with. Organisations and paperwork and other staff can get in the way and you never really know until you meet someone. People are emotional and social beings and rapport can go some way to building bridges and energy you won’t get other ways.

It also depends on how you arrange things. Depending on your set up it can be an equivalent to an “over the desk” meeting or a more casual sofa meeting.

Plain backgrounds maximise quality of data compression and good lighting reduces picture noise. Where you position your cameras, whether built in or seperate, your note taking and reference material arrangement, sitting posture, quality of audio, whether you build in breaks or not, all help to create a more natural and relaxed environment. I’ve had business meetings this way and even wine and dine dinners with friends located in another country.

I was surprised by how so many people had problems with teleconferencing during the pandemic. I guess it just goes to show that “common sense” and basic knowledge are anything but. There’s a lot you can miss if you have never done this kind of thing before. Almost all of the shortcomings were down to people doing one or more things wrongor they weren’t used to it or the goldfish bowl group conferences in the age of let it all hang out social media during the pandemic left them feeling stressed and awkward.

R-Squared August 5, 2021 10:51 AM

@ Aaron

The legal system doesn’t understand how to dole out legitimate, effective punishment to companies who (often willfully) abuse their customers data and trust.

Corporations, like women in San Francisco, are above the law. Before Civil Rights, of course, women were treated as cattle or property owned by men, but now women have rights, although the criminal justice system remains largely male only.

BOP Statistics: Inmate Gender – Federal Bureau of Prisons

Sex Ratio of Prisoners Across the World: Taking Gender Seriously

San Francisco shoplifting: Women caught on video allegedly bolting from CVS with bags full of stolen goods

Witness Steve Adams told Lee that the four women were “picking the place dry” and that when he asked store employees if they were going to call police, “they just shrugged.”

“This sort of thing is becoming so normal,” the witness told Lee.

Humdee August 5, 2021 11:43 AM

I wonder if there is any liability here for colleges and universities. Many of them required Zoom during the pandemic for online classes (some still do). The question them becomes is whether that requirement violated any laws, perhaps even state privacy laws.

lurker August 5, 2021 1:20 PM

@echo: SIP is an open standard and can do point to point.
Twelve years ago I tried to explain this to some professional people, and had to give up for similar reasons to why PGP isn’t widely used. These people wanted me to set up Skype for them at a time when Skype’s dirty laundry was being aired.

Martin P. August 5, 2021 1:33 PM

$85M is not nearly enough to represent a solid incentive to avoid doing their scam again. It should have been at least $1G so that they’d remember the cost of repeatedly lying to their users.

lurker August 5, 2021 1:42 PM

@JKN

Because Zoom implemented the Facebook SDK, user data was sent by Zoom to Facebook “regardless of whether the user has created a Zoom or Facebook account, and, even worse, before the user would have even encountered Zoom’s terms and conditions or any privacy disclosures….

The settlement requires Zoom … to ask Facebook to “delete any US user data obtained from the SDK.”

If this was done with bombs, or even sharpened sticks, it would be called war. Because it’s done on the internet it becomes fair game? What’s so precious about US users’ data that doesn’t apply to anyone else on the planet? The other face of extra-territoriality?

Winter August 5, 2021 1:50 PM

@Martin
“$85M is not nearly enough to represent a solid incentive to avoid doing their scam again.”

Indeed, but next time they are recidive criminals. And if they then play loose with user data in Europe, the GDPR kicks in with a 2% global income fine, or 4% if they are considered repeat offenders.

Who? August 5, 2021 2:08 PM

@ Winter

Indeed, but next time they are recidive criminals. And if they then play loose with user data in Europe, the GDPR kicks in with a 2% global income fine, or 4% if they are considered repeat offenders.

These corporations have been violating users privacy for decades, and only got slapped. It will not be different next time.

SpaceLifeForm August 5, 2021 3:06 PM

@ Martin P.

To me, the interesting thing in this story is how few Zoom users there are.

Clive Robinson August 5, 2021 3:51 PM

@ Truth.is.stranger.than.fiction,

I hope you are feeling better and are home.

Yes to the latter, and whilst I feel better physically, mentally there is quite a bit to think on… And supprisingly it has lessons for security people in it as well…

Basically I’ve a blood clot 0.8 inches long and 0.7inches and it’s in my right atrium. The output from my Left ventrical in maybe 20% of what it should be, and officially I now have “heart failure” to add to the list… Oh and several blood clots in the lungs again, and a compleatly new one for me “gaul stones”…

So lesson 1, “Life can always suprise you”.

For those that do not know the “cure” such as it is for blood clots, is what some call anti-coagulants and others call blood thiners. Me being more of a shovel is a shovel type person call it what it realy is in this case “Rat Poison” (much to the surprise of many in the medical proffession). You can look it up as it’s called warfarin and untill recently it was killing rats by the bucket load[1] but due to security lesson number 2 it’s not…

Well back to the blood clots, there are four basic things that can happen with the blood clots,

1, They get worse or don’t reduce.
2, They reduce slowly and get reabsorbed by the body.
3, They break up and go every where you don’t want the bits to go.
4. They detach and become a major obstruction at say the heart valves.

You don’t want 3 or 4 as you’ve less survival options than the rat. What you want is option 2 which option 1 can be turned into by carefull dose control.

The thing is staying in option 2 effectively is a bit like a jugling act whilst tight rope walking for many people. It should not be but it is and I reckon it’s due to “scary maths teachers” and the evils of “infinitesimals” as Sir Isaac used to call them.

The reason is what is given the grand sounding name of “Half life calculations” which sounds like it belongs in those “physics labs” the military make their bombs in. In teality it’s a very very natural and almost the most basic of real world calculations.

Rat poison like most poisons has a unique effective dose for every individual and it changes for various reasons. It also like virtually all chemical and biological reactions has a “half life” the calculation of which for some reason causes some people to get twitchy, when realy it’s just a “percentage of the remainder” calculation over a fixed time period which realy is not hard to work out. (90% of 1 followed by 90% of 0.9 followed by 90% of 0.81, 0.729 etc). When you plot the curve out for long enough you will find that at a fixed interval (of time) you will have half of what you had at the begining of the time interval and this goes on in theory for ever. Hence the term “half life” for the (life) time it takes to lose half the quantity.

Third security lesson, nature hates linear more than it hates vacuums, so exponential curves are natural straight lines are not, live with it or weep.

But… As with all things in life, nothing is ever simple… The same with rat poison and nearly everything security. Warfarin effects multiple clotting cycles, so although some things are easy to calculate the overall effect is harder… Unless you cheat “constructively”.

This is fourth and perhaps the most important lesson to learn,

It has been said that a cruise missile knows not where it is but where it has been and which direction it went in next. Well the same is true as much for atomic particles as it is for the largest of ships and everything in between including tracking bullets…

As most of us know nearly all ships have the nack of ending up where their owners want them to be without the deck officer using much more than pencil and paper and often just addition or subtraction.

The trick is to estimate where you will be at a certain point in time in the future. Then at that time take a measurment, then work out the difference or “error function” between your estimate and reality. You then feed a percentage of the errpr function back into your next estimate to stear for and so on… Not as difficult as it sounds, in fact I’ve taught ten year olds how to do it, easier than fifteen year olds (I blaim those Maths teachers 😉

The thing is the shorter the time period you use the more those exponential curves actually look like straight lines thus the faster and easier the calculations and the less likely any error will effect the journey.

Thus the real trick is knowing when to make an estimate and when to relax and enjoy as best you can the journey and not getting stressed…

But some journeys should never be made, Dante Alighieri wrote in his “The Divine Comedy” a very notable even for it’s time, graphical description of hell seen through medieval eyes most know as “Dante’s Inferno”. He tried to convey that this journey should not be made back in the last decade of his life (~1309-1321). The Devine Comedy is an allegorical account of his immagined journey through Hell, Purgatory, and Paradise, guided by Virgil and Dante’s idealized love Beatrice.

[1] In recent years what has bern called “Super Rats” have either learned or evolved into surviving. So this is major security lesson number 2 “The environment changes to out evolve any solurion goven time”. Put simply the rats now recognise the early symptoms and go and wrap themselves around a hot water pipe and wait for their body to metabolize and excreate the poison etc.

Freezing_in_Brazil August 5, 2021 5:36 PM

@ Truth.is.stranger.than.fiction

If we want to cure Cybersecurity woes, criminalize intentional negligence. If we want to cure Cybersecurity woes, criminalize intentional negligence.

I don’t know about the Common Law, but for Roman law this is a non-trivial theoretical problem since, in the Latin legal tradition, negligence is an element of guilt [culpa] and not malice [dolus].

I’m aware there’s gross negligence in the Common Law. Its Roman correspondent would have to be something like ‘culpa dolosa‘. But then I’m not sure if this is possible.

SpaceLifeForm August 5, 2021 5:51 PM

@ Clive

Hopefully soon, after the Wafarin does it’s job, they can move you to an alternative. Wafarin dosing is very tricky. One day, it is too much, the next, not enough. But, of course, you can not try to do too much too fast.

My mum went thru that. Once she got off of Wafarin, it was much easier to control.

Hang in there! It will work, just not overnight.

Steve August 5, 2021 6:41 PM

@clive sez:

But I guess the real queation is “Why is 85million USD not even remotely a deterrent?”

Perhaps, per Reuters

Though Zoom collected about $1.3 billion in Zoom Meetings subscriptions from class members, the plaintiffs’ lawyers called the $85 million settlement reasonable given the litigation risks.

Perhaps the reason is that $85 million is only 6.5 percent of the money Zoom made?

Ooochie owie, the wrists, they smart.

Oh, and by the by, the lawyers? Again, per Reuters, “They intend to seek up to $21.25 million for legal fees.” (My emphasis)

So, you know who the real winners are in suits like these.

Hey, those Porsches and Ferraris don’t buy themselves, you know.

MarkH August 5, 2021 6:41 PM

@Clive, personal:

When you wrote a few days ago that problems were serious, I was mindful that you’re more likely to understate the matter than exaggerate … but this clot, Ye gods!

I must repose hope in your medical boffins, who generally do their best. I’ll have some gnawing anxiety (atop my chronic worries) until I know you’ve navigated to some (comparatively) safe harbor.

Freezing_in_Brazil August 5, 2021 8:59 PM

@ Clive Robinson

As someone who owes almost everything to the lessons heed, I appreciate yours. Thanks again. You’re in all our warmest thoughts as you recover.

Regards.

Clive Robinson August 5, 2021 9:44 PM

@ Lurker,

What’s so precious about US users’ data that doesn’t apply to anyone else on the planet? The other face of extra-territoriality?

Err “US users” are also “US voters” and “US political campaign donors” anongst other things. They also by right of citizenship have “standing” under US legislation and regulation.

So yeh, as far as US legislators are concerned “US users” are indeed exceptional.

As for “extra-territorial” that’s a more vexatious question and goes back to US taxation laws.

It is still common practice in most countries that they only tax you on what you earn in their jurisdiction, because it generally costs more to chase down extra-territorial income than it actually gains (due to other traditions). The US however considers it’s self to have primacy in such things, thus insists that they receive all the tax US citizens earn and the countries they earn it in should be grateful to not be “Bombed back into the stone ages” and then be told they have to pay for the bombs (remember the Vietnam President being given bill by new incomming US ambassador under Trump?).

Then there are the one sided extradition treaties (remember Julian Assange?).

It’s those little things that get under everyones skin and creates international problems, with US politicos appatently oblivious to the rest of the world.

echo August 5, 2021 10:02 PM

@PGP

Twelve years ago I tried to explain this to some professional people, and had to give up for similar reasons to why PGP isn’t widely used. These people wanted me to set up Skype for them at a time when Skype’s dirty laundry was being aired.

A crude view is PGP made something which is easy be something which is hard. Skype made something which is hard something which is easy.

Skype could have been a standard then was bought by Microsoft who then meddled with it, tried to force advertising, bungled cross platform, splintered by developing teams, and are now trying to quietly drop Skype while force everyone onto Teams (which nobody I know likes as it is a slow and bloated and useless) by default.

Myself I feel people generally can only cope with one dominant communication gateway at a time. It’s just how people work. They don’t want a new application or a different application for everyone. In some respects this is why the telephone became widespread. It looked and worked the same wherever you went and anyone could talk with anyone. It’s so easy a child or the infirm could use one.

Five Eyes, the Russians, Chinese, or even Saudi’s don’t bother me at all. The biggest bother is low hanging fruit like jobsworths or the nosey and greedy. As long as any communication channel cuts those out I’m good.

Clive Robinson August 6, 2021 6:13 AM

@ SpaceLifeForm,

Hopefully soon, after the Wafarin does it’s job, they can move you to an alternative. Wafarin dosing is very tricky. One day, it is too much, the next, not enough.

I was on warfarin and was managing just fine by myself when I had timely INR readings. It was being moved to the supposadly safer “riveroxiban” alternative that has probably nearly killed me…

In one very nice hospital in East London (who later put a team together and sang their way to the #1 slot in the UK “Top of the Pops”) they had a warfarin clinic system that worked and worked well despite the dreadful slowness of an INR test. The Pharmacist and I used to play a little game on my twice weekly visits. She would tell me what the INR test reading was (given in “prothrombin time” or PT) and I would start doing my mental calculations and she would type it in to their very expensive piece of software that would grind away on the PC. I would say what I thought the adjusted dose should be, and when the computer produced it’s result we’d see it on the screen and compare.

Usually I beat the computer and got the dose right. It was only when there was a big jump that I got it a little wrong, but we finally realised the computer was “ambitious”[2]. So a small correction factor was getting inadvertently added that caused a long tail problem.

I taught the Pharmacist how my method worked and the reasoning behind it and she was a little shocked on the “liberties” it apparently takes with mathmatics. But as I pointed out waves go up and down, so does the tide, and generally ships don’t crash and they get to harbour safely and on time.

Which is the big lesson for security and safety people as well, “Don’t get confused by surface swell, nore draged aside by deep running currents”.

That is after a little thought you will realise that,

“Whilst nature hates linear and will go with exponential in the longterm. In the short term the error function from using “percentages”, is too small in range for nature to care about and rapidly self filters or integrates out[3].”

Thus simple linear maths and “guesses” works fine and dandy and above all is “quick and simple”.

I can give a long winded exlanation as to why starting by noting,

Xn+12 =Xn2 + 2Xn + 1

I won’t this time 😉 because typing in all those HTML tags is almost enough to give a hangover with out the joy of getting one normally…

[1] The INR or “International normalised ratio” test is measured in prothrombin time, or PT. Prothrombin is one of the clotting factors and is a protien produced by the body in that great big chemical factory of your liver. The main problem with this is something called Vitimin-K which in what almost looks like magic stops the effect of warfarin. Vit-K is obtained from a lot of foods, but mainly green leaf vegetables are what you have to be carefull of (which is a real bummer if they are what you like eating, and I do…).

[2] The error function obviously also “opens out” as the size of jump is made. It turns out that the floating point math package the expensive software used had a bug and it got excercised by the particular way they used it… So it was not me that was getting my estimate wrong. NOW it turns out the “bug” made the error work on “the safe side” that is it was wrong in a way that was “ambitious” or “under-damped” and would thus drive the patient faster toward the thereputic value, but then “ring” with a longer “error tail”. My results were slightly over-damped which ment a smoother transition without a “ringing error tail”. You want the former behaviour when you are starting someone on warfarin to get them quickly to the thereputic value, but once stable you generally want the latter as the most likely cause for a jump is a one off ingestion event like a “party” or some such or the pills being taken early or late the day before the test.

[3] Even data scientists can be taught a trick or to about Mother Nature’s Ways. Whilst there is a whole cannon of control theory for those who want to come up with their own method and error functions, the maths grows in complexity like Topsies Cat and it slows to a crawl very very quickly for very very small percentage returns… You can see this all around you but the place you are most likely to see it in action from the hand of man is control loops in “Phase Locked Loops”(PLL). Which you are surrounded by with modern technology, it realy is in all things these days with CPU clocks running many times that of the control Xtal’s.

But the “secret sauce trick” is not to care about accuracy but only about errors and sometimes guesses. You care not a jot where something is actually going, you just make a guess wait a little while and look at the size and direction of the error signal. Then feed that error information back into your next guess and the next error will be smaller and your guess more accurate. Each time through that loop actually also “digitally filters” the result through a low pass filter or integrator which alows you to set any desired “loop filter” characteristics you want. But usually it is “inherently stable”. The advantage of a digital loop filter is you can use diferent guesses to get different characteristics, so a small lookup table keyed by the error output can give you some extrodinary results quickly and easily, whilst the control theory maths will get you there, you will have steam rising from the CPU…

JonKnowsNothing August 6, 2021 10:46 AM

@Clive, SpaceLifeForm, All

re: Zooming to Apple

Zoom might have fudged about their End to End Encryption but MSM news stories today are about how Apple will be doing the same thing with their End to End Encryption.

Apple will be using the cover of “Won’t someone think of the children” by actively scanning devices for cop-tagged-files and using other methods scanning for “untagged files of concern”.

Such files are already scanned as people are using the iCloud by Default settings to save their files. Google does the same thing with their Cloud by Default Uploads.

End Users do not know how to turn off the Cloud by Default settings, they are well hidden and they no longer have any ideas how to Not Use The Cloud like direct download to local storage. It’s all Soooo Easy to Use because we (Apple, FB, Google) hide the settings and we (Apple, FB, Google) hide the information.

Of course, they (Apple, FB, Google) hardly discuss the complete scrapping of all items stored in the Cloud and the full transfer of IP ownership for those items to them (Apple, FB, Google). The millions of global images so acquired that are used to train their AI Systems from which they earn millions of dollars they (Apple, FB, Google) submit that doesn’t factor in the Ease of Use default settings either.

===

ht tps://arstechnica.com/information-technology/2021/08/apple-plans-to-scan-us-iphones-for-child-abuse-imagery/

ht tps://www.theregister.com/2021/08/05/apple_csam_scanning/

ht tps://www.theguardian.com/technology/2021/aug/06/apple-plans-to-scan-us-iphones-for-child-sexual-abuse-images

(url fractured to prevent autorun)

Clive Robinson August 6, 2021 2:21 PM

@ JonKnowsNothing, SpaceLifeForm, Winter, ALL,

Apple will be using the cover of “Won’t someone think of the children” by actively scanning devices for cop-tagged-files and using other methods scanning for “untagged files of concern”.

So if we take the FUD off, we are left with Apple scanning every file in some way to match a “cop-tag” of some form.

Now you can be sure that some judge will take this cop-tag as,

1, Proof positive because some cop says it is…

2, Not scanning or being looked at under fourth amendment rights because “nobody sees the file”…

Anyone else see where this will go?

How about an embarasing document that says some famous persons child has taken a big fiscall reward for not even a nominal somenecure job.

It’s hash becomes a cop-tag that says “child exploitation” so every journalist that get’s sent what in reality is a politically embarrassing file, is automatically a “kiddy fiddler” or worse. Not just in the eyes of the Police, but Judges, Jury, etc. But in reality the file never ever gets looked at “to be verified” by a human because that is a life sentance or worse crime…

Call it “Justice 2021 style” just for fun, but we can all see it happening or something very similar in the very near future…

JonKnowsNothing August 6, 2021 3:04 PM

@Clive, SpaceLifeForm, Winter, All

re: Scanning some, most, all files or items stored on the device

Another potential alarming aspect is knock-on effects from exchanges of legal content between parties.

Once the cop-tag includes other “apps” or “mis-apps” on the device, calendar, events, voice-memos, general exchanges are open for scanning.

Another robo-debt clawback called “Debt Recovery” happened in Australia. Once again the “re-used, already declared illegal” secret algorithm was used to send Demand Notices for payments made and approved over 2+ years and are now declared “over payments”. Notices of $10,000 AUD are common with the appropriate threats attached.

Under a process known as “balancing”, Centrelink then compares that estimate provided by the parent with their actual earned income, recouping any overpaid money by raising a debt.

The method of extracting declared and earned income is secret.

Consider a Use Case:

APerson: Can you watch my kids for a while?

BPerson: Sorry I cannot. Maybe CPerson can do it?

The secret algorithm pulls the exchange and determines APerson, BPerson, CPerson are all illegally accessing government supports even though $ZERO funds are mentioned. Just the Cop-Tag of Child-Care or Child-Watch is all that’s needed to qualify for “further inspection”.

The Use Case, is a trivial example, but not so trivial that people who need someone to watch their kids, their sick family members, their infirm elders wouldn’t recognize the exchange.

Not that long ago, the UK border cops, booted a young person from entering the country to visit relatives residing in the UK because when they demanded to know the purpose of the visit and “visiting relatives” was not an acceptable answer, the young person said “well I will also help watch the younger members of the family”.

The border police ejected and deported the young relative for being an “Au Pair in exchange for Room and Board”; Room and Board is income’; and and the family visitor had no “Work Authorization”.

Cop-tags: Child-Care, Child-Watch, Au-Pair.

===

ht tps://www.theguardian.com/australia-news/2021/aug/04/centrelink-pauses-welfare-and-childcare-debt-repayments-during-lockdowns

(url fractured to prevent autorun)

Denton Scratch August 7, 2021 3:21 AM

@Truth.Is

But if business contracts contain enough detail about data flows, data sharing and cloud data center locations then violations such as this would be criminal.

It’s not a crime to violate the terms of a contract, whatever details appear in that contract.

If I violate the terms of a contract with you, you may be able to sue me for damages, so as to put you in the position you would have been in had the contract been performed as agreed. There is no provision in law for punishing contract violators as such. To constitute a criminal offence, the violation must also involve some criminal wrong, such as theft or fraud.

Contract law is common law, at least in those countries that use common law.

Denton Scratch August 7, 2021 3:27 AM

@Winter

The GDPR fines are actually a percentage of global turnover, not income.

R-Squared August 7, 2021 3:40 AM

@ JonKnowsNothing

Cop-tags: Child-Care, Child-Watch, Au-Pair.

Help wanted ads in some of the towns where I live. Au pair is a same sex roommate on a college dorm type “Greek system” for enforcing morality.

Doesn’t work that way in practice of course. Heather has two mommies etc., you get a lesbian couple adopting the kids, 3s0me, or 4some on a double date with a pair of buddy-buddy boyfriends etc.

Turns into quite a party, Jeffrey Epstein style, or “orgy” if you want be Greek about it.

The Germans in particular are insistent that nobody is ever left without a bedmate under any circumstances.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.