Should We Allow Bulk Searching of Cloud Archives?

Jonathan Zittrain proposes a very interesting hypothetical:

Suppose a laptop were found at the apartment of one of the perpetrators of last year's Paris attacks. It's searched by the authorities pursuant to a warrant, and they find a file on the laptop that's a set of instructions for carrying out the attacks.

The discovery would surely help in the prosecution of the laptop's owner, tying him to the crime. But a junior prosecutor has a further idea. The private document was likely shared among other conspirators, some of whom are still on the run or unknown entirely. Surely Google has the ability to run a search of all Gmail inboxes, outboxes, and message drafts folders, plus Google Drive cloud storage, to see if any of its 900 million users are currently in possession of that exact document. If Google could be persuaded or ordered to run the search, it could generate a list of only those Google accounts possessing the precise file ­ and all other Google users would remain undisturbed, except for the briefest of computerized "touches" on their accounts to see if the file reposed there.

He then goes through the reasons why Google should run the search, and then reasons why Google shouldn't -- and finally says what he would do.

I think it's important to think through hypotheticals like this before they happen. We're better able to reason about them now, when they are just hypothetical.

Posted on January 16, 2016 at 5:26 AM • 120 Comments

Comments

alexTJanuary 16, 2016 5:37 AM

What make you think this is an hypothetical?

This is done routinely with known child porn files by many cloud storage providers based on hashes of said files.

Clive RobinsonJanuary 16, 2016 6:31 AM

I wonder if Bruce is the other side of the date line again ;-)

As regards the idea Jonathan Zittrain has had it's abad one.

Once Google --or whoever-- has gone to the trouble and expense of setting up such a system, market forces will demand they capatalise on it.

Thus it will get used for other things (remember in the US the law says in effect you have no privacy rights as anyone who collects users data owns the data and can do as they see fit with it.

So all other hypotheticals are a little pointless if you are dealing with "Free Market" thinkers.

But you also need to consider why it's use for other things will not be regulated against. Put simply as seen with recent legislation the US Gov want's the "collect it all" system, but they don't want to pay for it...

So now the idea has been put in the public domain, recent history suggests it will only be a matter of time before it happens.

JWJanuary 16, 2016 6:43 AM

Google does this under the hood anyway with de-duplication. There would need to be any touching of accounts because you can find the document outside account "ownership" and the follow links backwards. The idea that there are documents sitting separately inside inviolate accounts is simply not reality and the problem with crafting policy on matters like this - analogies to the physical are not "truth".

KevJanuary 16, 2016 6:59 AM

I take issue with the second argument for: that possession of the document signifies guilt.

In considering any action, one should consider likely reactions. It would be very easy for a group, on detection of a failed plot, to spam email a huge mailing list with the plan; thus implicating many innocents with possession of the contraband document.

If they're clever they could ensure it gets caught by google's spam blocker and send out thousands of (encrypted) copies to a random mailing list before the event. Then the real group can plausibly hide in plain sight.

Fascist NationJanuary 16, 2016 7:18 AM

Since the US government has already declared anything on the cloud is open and therefor lacks any privacy claims under the 4th Amendment, who needs a warrant? Heck, the bottom line on everything is who needs a warrant when you are government? Certainly not an "honorable" judge you've been dragged before.

JacobJanuary 16, 2016 7:42 AM

This idea is just like implementing a backdoor to encrypted communication: once you allow it, all communications are less secure.

Once you allow to scan cloud storage for documents or key words, all it takes to search through clouds looking for DHS keywords (https://gist.github.com/jm3/2815378) is an Executive Order or an "Engagement with Silicon Valley Executives".

rJanuary 16, 2016 9:49 AM

with reguard to alexT's comments, i've read the same thing - supposedly it happens at the edge of email gateways in the respect i'm aware of via comparison of 'known hashes'. A cloud provider would only be a small step and I assume this is why the push for 'zero knowledge' providers is a thing... in addition this could readily explain spideroak's warning about accessing your accounts over android or when sharing your things publicly from them. I do find it a little odd they don't provide an android or ios app.

breaJanuary 16, 2016 10:42 AM

Isn't this what the whole Snowden revelations were all about? That this very thing has already been happening for years? Wasn't there a slide with a timeline on it specifically mentioning the date Google had come online with the mass surveillance program?? How many years ago was this article written?

CuriousJanuary 16, 2016 11:13 AM

Also, this kind of nonsense would go hand in hand with data storage directives, that makes suspects of everyone. That is in a way suspect, and doesn't really seem like a coincidence to me.

BoppingAroundJanuary 16, 2016 11:39 AM

The real question is what can 'we' do to prevent such a search. It's not like anyone who's aiming to dupe you in any way will ask you if you want to be searched (and duped).

DanielJanuary 16, 2016 12:46 PM

I don't believe that we can reason our way through such hypotheticals because the ultimate answers lie not in logic but in our values. Child pornography, as discussed in the article, is an excellent example of this truth. Child pornography has been around for ages; indeed the term pedophile is from the golden age of Greece 2000 years ago. It wasn't until the last 30 years or so that it has come to been seen as a "bad thing".

Cultural values, to borrow a legal phrase, goes to the "weight of the evidence" and the fact is that the weight of the evidence is not a constant thing but is seen through the lens of what a culture does and does not perceive as a threat in the present. Child pornography, like terrorism, is not an exception because it must logically be so but because we live in a culture where security is such an important cultural value that we will bend the rules to buttress it. Indeed, security is such an important value that those who question the amount of weight put on the evidence are either seen as paranoid, unpatriotic, harboring misplaced sympathies, or at worst accused on being among one or more of the despised classes themselves.

For someone like myself, I'm willing to tolerate a degree of "evil" in order to protect what I see as a greater good--privacy of everyone. Other people see what Bruce has called the Four Horsemen of the Internet Apocalypse as such a menace that they are willing to violate innocent people's privacy to get it. In my view, neither position in logically or reasonably superior to the other. It simply reflects the fact that different people view the weight of the evidence differently based upon their differing value hierarchies.

Digital DissectionJanuary 16, 2016 1:41 PM

Let's start to peel back some layers

Suppose a laptop were found at the apartment of one of the perpetrators of last year's Paris attacks. It's searched by the authorities pursuant to a warrant, and they find a file on the laptop that's a set of instructions for carrying out the attacks.

The discovery would surely help in the prosecution of the laptop's owner, tying him to the crime.

While genuine thought exercise hypotheticals do have tremendous value for furthering one's thinking, they also must be viewed as commonly used weapons to get people to mis-think about something. Above, you have clearly already fallen to the bad side, because you have somehow gotten to the conclusion that the world is helped, but it started with the premise that no such prosecution was necessary (paraphrase first sentence above: suppose facts are already incontravertably in evidence that this laptop belongs to someone guilty of perpetrating last year's Paris attacks).

The purpose of prosecution and trial is to resolve the fact that *you cant yet assume guilt*. If you could already assume guilt at that point in time, no prosecution would be needed, and at least that critically persuasive facet is moot.

As to the rest of the retarded thought exercise, the same answer applies as does on that memo of mando-backdoor options for Obama that we saw a fairly long time ago. I.e. someone on that memo was smart enough to conclude 'but yeah, of course its all bullshit because you just add another layer of end to end encryption'.

I.e, what makes this particular hypotehtical particularly evil, is that it presumes a world with an effective encryption ban in place. Because surely the hypothetical falls apart as soon as you introduce that possibility right?

Retarded RepentanceJanuary 16, 2016 2:10 PM

I guess the real threat model here though is actually retarded terrorists. Technology continues to give such efficiency gifts across the board, that it does literally enable people that could not have previously achieved much death and destruction previously to now be able to do so. Same reason I'm guessing pocket tactical nukes won't be legalized anytime soon.

CellarJanuary 16, 2016 2:13 PM

Pray tell, if it is fine to do this because "child porn" --and it does already happen for this reason-- why wouldn't it be fine because "terrorism"?

Or because "drug crimes", or because "think of the children", or because "dirty commies!" or because corporate greed, or because really any other reason fashionable this week. "Terrorism" really isn't so very special.

They're just reasons to do away with pesky inconvenient privacy. So, do we want any privacy at all without going the crypto route? Then no, we can't do any bulk scanning. Just about all "cloud" providers are already doing this, so privacy is dead in the cloud.

Note that anyone who does such scanning also risks (and IMO must lose) any "common carrier" protection. Since obviously they're no longer common carriers as they're discriminating based on content -- and not at the client's behest either, nor under their control, which is why spam filtering is acceptable.


Oh, and this sort of thing very easily leads to incriminating yourself by, say, accidentally copying over some files from a friend's shared cloud storage to your own. All it takes is an inconsiderate swipe of the mouse.

Just like a porn-y pop-under ad can already incriminate your browser cache and by extension you. This can already easily cascade into a registration as a sex offender, a stigma that's really hard to live with.

So we have a pattern here: "Look, we can just scan erryone, let's do it!" and hey, next you know you've thrown out all sorts of very basic protections in the law.

You know, things like reasonable expectation of privacy, no searching without probable cause, innocent until proven guilty, that sort of thing. Instead, you've rigged a system of law-dominoes that might be triggered by anyone at all, who might well be innocent.

And that is just and fine because the reasons you do all that are coloured by the spectre of the "bad guys" you're thinking of while cooking up your new! improved! detection methods, and innocent people are all but forgotten. To the point that any proverbial smoke turns into proof that whoever happens to be found in the vicinity is an arsonist.

Thus, the new! improved! intarwebz are no longer for porn. It's all for incrimination.

Nota bene that this fits very well with the current trends in law enforcement, where any reason at all to shed basic protections of the law is self-evidently a good one, especially if technology is involved. It's the same thing with the veritable flood of all-but-invisible NSLs, stingrays, everything the NSA does, you name it, all that stuff.

So while this proposition is not hypothetical at all, I do say thinking through the hypotheticals is necessary. Why did we put protections in the law at all? They're dead letters now. If you want them back, better get cracking.

TyroneJanuary 16, 2016 2:45 PM

Yet another reason why, if you must use cloud storage, your should only use it to hold a container file for a virtual encrypted drive (e.g. Bestcrypt, Veracrypt, Cipher Shed, Truecrypt, etc.), and read//write to the open virtual encrypted drive. That way all encryption/decrption is local, and all Google has is an encrypted container file to look at. Even if the connection to Google is monitored by Google, they still just see encrypted traffic.

Alien JerkyJanuary 16, 2016 3:32 PM

What if the laptop was stolen a week earlier from someone who is a government scientist or politician? Imagine the links that would be made to other people. Are they all possibly guilty? What is the risk of ruining innocent peoples lives? Imagine some of those people have high level clearances. Just the suspician can result in the loss of their clearance.

Whiskers in MenloJanuary 16, 2016 3:55 PM

This is astoundingly easy to abuse and obfuscate.

Criminals already have a list of almost all email addresses and can send via their spam engines
copies to any number of domestic and international addresses.

For the most part in the world of spam the sender is not the sender this implies that knowing
what to look for is harder than expected. A laptop account will contain spam email and local
copies. If spam (marketing content) was used to communicate connectivity graphs would prove
near worthless and encryption key escrow/management issues could vanish.

The serious criminals and international terrorists would be invisible.

Kiddie porn seems to be a special case in that there is illegal commerce
involving an identifiable object. I do not believe searching my digital bits
with millions of others without a warrant is legal. In a world of parallel
reconstruction the illegal search might never be disclosed.

This is little different than searching all of google for hdr22@clintonemail.com
and *@clintonemail.com to discover any message or agent she might have
been in contact. Addresses like hdr22@clintonemail.com would be ideal
highly connected individuals to collapse the connection graph to include
most of the interesting people in the world.
Add: *@clintonemail.com, *@wjcoffice.com, and *@presidentclinton.com
And: *@rockthevote.com *@donaldjtrump.com ....
Knowing that email systems can have a default address and aliases it
is not sufficient to follow a single email but all addresses.
Complicate this with the semantics of BCC mailing and what we do not
know grows.

L. W. SmileyJanuary 16, 2016 3:56 PM

OT - Just this past week "someone I know" started receiving pop up alerts (#1) from a certain large ISP (let's call them Dogcast). They're being served up by inline javascripts injected in some manner into ebay and amazon pages (both of which require javascript enabled) also kat.cr pages. "Someone" has been trying with some success to block these with adblock extension in firefox and chrome browsers. Anyway this "someone I know" has finally been driven to install i2p and is testing i2psnark to see if alert #2 or a meaningful email will appear at some point. Any suggestions for my friend on how to kill inline javascript (there's no source.js url with these. Also amazon at least is https so how is it being injected?

skepticalJanuary 16, 2016 5:07 PM

Suppose instead of the document being in Google's cloud datacenters, it is in the owners 10 ton state of the art safe. A reasonable person might, quite reasonably, believe that it would be hard to plant that document there by a third party and conclude that the document was put there by the owner (or owners of the safe).

No such conclusion can be made of Google's cloud datacenters as access to those, as a service Google provides in the form of sharing documents through Google Docs, is not an impenetrable or at least difficult to crack safe. But the average person, juror, judge, or sociopathic politician doesn't understand that. This is a rod to serfdom or worse.

tyrJanuary 16, 2016 5:33 PM


For some reason I immediately thought that this is
the perfect way to do entrapment of anyone that the
powers that be don't like.

All you do is dump them a copy of the file at some
point and they are automagically screwed. As one
commentor noted, the instant you conflate possession
with automatic intent to do bad things then you lose
the very foundations of rational civlization. Text
like Crypto becomes a munition for selective application
by government.

Worse seeking to understand the world can be construed
as criminal intent. The conquest of terrorism is not
going to come about until it can be understood in truth
instead of some elaborate fantasy about what, why, and
how it exists.

JonJanuary 16, 2016 6:08 PM

Here's a better way of attacking it, Whiskers in Menlo.

Have every file have a 256-byte field (given the typical sizes of even the simplest text file when saved by a modern application, 256 bytes is trivially small) and have that field update with as best a random number as you have handy every time the file is 'touched'.

Since that field is a part of the file, there are no two files that will ever hash to the same value (barring hash collisions).

And (if you want to) this can defend against child pornography picture detection too - Just muck up a few pixels (preferably the first ones tested - picture matching algorithms want to be efficient too) and the 'matching test' will fail while the picture itself remains perfectly clear to the observer.

Jon

GrauhutJanuary 16, 2016 6:11 PM


No, we shouldn't allow this.

It is simply not a good idea to let governments have too much private information.

http://www.ibmandtheholocaust.com/index.php?page=70128


Makes no difference if "we are the good guys". Times change, governments change, we shouldn't allow govs to collect all that data. Autoritarians, commies or fascists, could take over and get it. Thats way too much risk.

JonJanuary 16, 2016 6:17 PM

PS - As far as entrapment goes, ANY encrypted file can be, with a carefully constructed "Key" (as a one-time pad), made to look incriminating. J.

JonJanuary 16, 2016 6:30 PM

All right, one more crack:

It's not a matter of 'would you run the scan?', the question really is "would you run the scan on yourself?".

More than that, "Would you run the scan on your son? Your father? Your brother? On your daughter? Would you run the scan on your nieces and nephews? And how happy would you be about someone else doing the same? If a false-positive came up, would you calmly accept it?"

Stop dehumanizing the victims as 'other people'. They're not 'gooks' or 'slants' or 'terrorists'. They're people. Just like you and your family, and before you do unto them, think about what it would be like if they did unto you.

Thanks, J.

Alien JerkyJanuary 16, 2016 7:14 PM

So, assume a heavily encrypted file that the alphabet agencies cannot decode. What stops them from just making an incriminating file and saying that was what they decrypted, even though it was not the encrypted file?

Alien JerkyJanuary 16, 2016 7:17 PM

I just realized something. We often refer to the NSA, FBI,... as the alphabet agencies. Google now is called Alphabet. So that makes google an alphabet agency also.

KCNAJanuary 16, 2016 7:18 PM

@L. W. Smiley
Any suggestions for my friend on how to kill inline javascript (there's no source.js url with these. Also amazon at least is https so how is it being injected?

A browser plugin (or other background process running on the machine) can inject JS into HTTPS pages. For example some versions of Kaspersky software seems to be doing this (possibly for security reason?).

Another alternative could be "man in the middle", perhaps together with a compromised router (e.g. where it directs web browsing through a compromised DNS server).

KCNAJanuary 16, 2016 7:28 PM

@L. W. Smiley
Your friend can run Fiddler as a local proxy on their machine. It will display all the URLs retrieved by the browser.

It will even show all URL calls where the browser communicates with another local process through the HTTP protocol.

If it does not list a URL for a popup message (or a resource such as an image in the message) then it is possible that the message is generated locally by some other process that does not rely on the HTTP protocol.

Also the messages may look like they are from Dogcast but that could just be an attempt to get your friend to click on links in them. I see such messages (adverts) every so often where the text refers to my ISP (they determine the ISP from my routers public IP-address).

Isue NooneJanuary 16, 2016 8:01 PM

The CIA funded Facebook and Google as startups under it's investment firm InQtel.

Google supplies copyright information directly to firms who profit from sending single mothers $40,000 bills and threats of litigation. The Gestapo even think the governments and companies like Google, Facebook and Apple have gone too far.

Though some guy is sueing Twitter because he blames Twitter for ISIS killing his brother by allowing ISIS to use Twitter. So let's see what happens (though I doubt much as corporations are allowed to profit from war).

Crushed BiGovJanuary 16, 2016 8:05 PM

Whiskers in Menlo


I know a lot of crooked politicians and bureaucrats just begging for Cloud child porn doom.

65535January 16, 2016 8:45 PM

'Should We Allow Bulk Searching of Cloud Archives?' -Bruce Schneier

I think they already are.

As an untrained observer the FBI/NSA/DEA are targeting these Facilities. It’s small wording change in the “Freedom to Spy Act" or USAF Act from 'email account' to 'Facilities.'

‘The FBI Is Using NSLs to Target “Facilities” Now’ –Emptywheel

‘...most importantly, the 2015 version envisions targeting “facilities/accounts,” whereas the 2011 version envisioned targeting “phone numbers/e-mail accounts/financial accounts.”’- emptywheel

https://www.emptywheel.net/2016/01/12/the-fbi-is-using-nsls-to-target-facilities-now/

I read the word Facility as, well a “Facility.” I would guess Facility is an ISP/phone company, cloud provider, or Data Center.

They are already bulk searching cloud providers. It is a done deal.

[Next, see discussion of 2 hops or 3 hops]

‘NSA Privacy Officer Rebecca Richards Explains What Connection Chaining Is!’-emptywheel

“Given the breathtaking variety of selector types the NSA uses, this could represent a great deal of queries on the provider side, many tracking user activity rather than user communications.” - Emptywheel

https://www.emptywheel.net/2016/01/15/nsa-privacy-officer-rebecca-richards-explains-what-connection-chaining-is/

Mike GerwitzJanuary 16, 2016 10:48 PM

This type of risk is one that you must accept if you rely on a Service as a Software Substitute.

By relying on a remote service for your data storage and computing, you give up both freedom and control---even if the data are encrypted; we've all seen what information can be gleaned from metadata. In this case, perhaps where a document was distributed: if Eve knows that Alice viewed document X, and Bob has a document Y that is shown (through metadata) to have been sent from Alice, and that document has certain properties that match, then it might be enough to convince a court that Bob contains document X, and get a warrant.

Companies treat child pornography and abuse in a special category. But the precedent remains, and it could be tempting to extend at least the exact-match kind of search to the Paris terrorist example

Terrorism and child pornography are two examples that are often used to justify broad searches, chilling free speech and violating privacy. These types of privacy/security "trade offs" start down a very slippery slope.

As so much of everyone’s private communications and work migrates into the hands of a few massive private companies, the net-wide search will become too tempting to leave alone. Exactly what makes it tempting is what makes it troubling

You should reject those services and do your own computing! These remote services are not a substitute for locally installed software---a distinction that many do not consider or realize.

Not everyone has the technical capability to handle certain problems on their own; hosting your own e-mail server is a good example. In such cases, users should, at the very least, choose a service that commits to their privacy, to the degree that LavaBit did.

For social media: consider decentralized alternatives, like GNU Social, GNU MediaGoblin, and many others. Using those services will also encourage your friends and family to ask questions about why you made that choice, and consider switching themselves, since they'll have others they know using those services. Even if you cannot host your own, you can shop around for hosts that you feel that you can trust, and still participate in the same network as your friends and family; there's no lock-in to one service like Twitter or Facebook. Wholesale searches are also made rather difficult by distributed networks.

Forfeiture of privacy and freedom should not be the default, as it is encouraged today.

Phony AbbottJanuary 17, 2016 2:40 AM

The Aussie way. Access to all Australians metadata for Border Force, sudo immigration cops, so they can hunt for asylum seekers.This is after government claimed metadata would be available to law enforcement agencies to solve legitimate crime. Now Border Force will have unfettered access to all Australians metadata, after the government stated the Attorney General would have to give specific permission to other agencies on a case by case basis for legitimate crime investigation. Australian government side stepped this by sneaking through further amendments to the legislation. The Australian Government is useless already at protecting their own data and worse at protecting the publics information.

http://www.cnet.com/au/news/scope-creep-australian-border-force-granted-metadata-access/


Complete PDF here

http://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r5409_first-reps/toc_pdf/15017b01.pdf;fileType=application%2Fpdf

CuriousJanuary 17, 2016 4:39 AM

I think I've come up with an interesting twist to all of this.

I wrote above about making everyone a suspect, but it would be even worse:
Imagine the government or a company, having the possibility of removing suspects, or immunizing certain people from a mass search. Doing such would sort of interfere with an investigation, even before it started, presumably making investigation powers illegit (but totally fine for a police state).

Also, worse (in a sense, police state sense), if a general search was claimed to not be an investigation, I think an automatic removal of either content or for example a termination of subscription can be understood as real persecution of people on a general basis, given the unwarranted use of powers that doesn't entail any criminalization (prosecution).

Clive RobinsonJanuary 17, 2016 6:18 AM

@ Jon,

And (if you want to) this can defend against child pornography picture detection too - Just muck up a few pixels (preferably the first ones tested - picture matching algorithms want to be efficient too) and the 'matching test' will fail while the picture itself remains perfectly clear to the observer.

Not really true anylonger.

To prevent simple obsfication like image croping or bluring background details the image is analysed for certain features and their relations to each other in the image. Think of it as a cross between facial recognition and fingerprint cataloging techniques.

The earliest such system I can remember looked for "flesh tones" in the image and their basic shape. Whilst producing false positives, it allowed a human "forensic" examiner to filter out many irrelevant images, befor viewing the suspect images. Thus they could utilize their time more efficiently.

There are also filters that pick up on most basic forms of stego as well, so hiding an image in an image will be unlikely to succeed.

Thus as a minimum you would have to look at some kind of custom recolourizer and compression system if you do not go down the probably easier and more secure encryption path.

MartinJanuary 17, 2016 6:29 AM

I see several issues with this approach:

1) It requires the unencrypted storage of files in cloud services and unencrypted communication. I won´t work if the files are crypted with user owned key. And as thus it would be a perfect excuse to limit cryptography. Once it is known they do it: Which terrorist in his or her right mind would use unencrypted file storage and communication? There are even suppliers of mail and file storage services that offer encrypted storage by themselves like Posteo for mailo for example. Forbid these practices? Not.

2) Once it is known they do it: Which terrorist in his right mind would use Google, Microsoft or any other monitorable cloud services ever again? Its easy enough to order a virtual server somewhere and put it there. Will you then require all virtual server VM images be searchable as well? Where does it stop?

3) Once it is known they do it: With a prepaid SIM and temporary mail address it is still possible to register a Google account that cannot linked to an identity easily.

Bottom line: To ensure that this approach stays effective you basically have to do the following:

1) Forbid all crypto.

2) Forbid all anonymous communication.

which sums into removing all means an individual can enforce the protection of his or her privacy in the net.

Do terrorists at all use Google, Microsoft for anything serious? If there any proof or at least a strong hint that such a search will ever be useful to actually really find a terrorist? Again, this is so easy to misuse for mass surveillance. Authorities have abused all trust people put in them in this area already and even do so right now. But are there any strong hints that it would help to prevent serious crime? I think those who want to commit serious crime aren´t that naive anymore to use Google and Co. Or are they?

OTOH for child pornography: It is really provably (!) helps to find the people who abuse childs and stop them from doing so, this is a strong argument for a hash based file search. Still, once it is done: Do you really think people who abuse childs to produce child pornography are really that naive that they won´t adapt and use encrypted file storage and transfer in the future? The images are the visible symptom. To stop crimes like this it is necessary to stop the cause. Of course, for as long as it actually really helps to stop people abusing childs from doing so in the future, I think I am fine with hash based blocking and reporting. Yet, even that can be an issue: What if a worm starts sending out images like this to random people? Convict them all? Not.

So a line might be: If a file based hash search really provably helps to prevent terrorist attacks or child pornography *without* any false positives, okay when it is done on a reviewable (!) court order in its limited exact file hash searches. But it shall never serve as an argument to weaken crypto or the right to communicate anonymously. So if people who do either of this are not too naive, it will only help short term. Which brings back to the cause: How can I limit the causes why human beings engage in terrorist activities or child abuse in the first place? Everyone is responsible and accountable for his or her own actions. Yet, I have seen no one yet who was born with the desire of killing other people or abusing a child. And this discussion is just soo much more important. What does it need to heal our dysfunctional neoliberal societies? And as change can only ever start within one self: What is it what I can do to contribute to healing?

So even if some limited use of file bash hashed search can make sense to me – temporarily at least –, in my eyes it is soo much more important to address the causes, not the symptoms.

MartinJanuary 17, 2016 6:37 AM

Of course, with terrorists it is also necessary to heal the dysfunctional societes terrorists often come from. To heal the fanatic approach of "my god is righter than yours and my war is holy".

And this all remembers me about the key word search that has been in discussion more than ten years ago and where I participated in putting key words into my mail signature to help to show how limited this approach is. A file based hash is much more fine grained, but still you could send someone an offending mail via some anonymous approach (or a virus/worm) to bring him or her into legal trouble.

MartinJanuary 17, 2016 7:29 AM

Also if those file based searches would be ethical: Can anybody on court request it? For example also to research illegal activity within governments, from soldiers in wars or from NSA or other security agency officers? What if I would see a document about instructions to torture or kill people by NSA or other security agency officers or soldiers? Can I request a file based hash scan as well to see who planned it? Or would I rather be prosecuted as likely being a whistle blower who cannot have gained access to such an document legally? When I approach law enforcement authorities with such a document and the request to research it, what would happen?

My trust in governments and law enforcement authorities regarding this is near zero at the moment.

Apocalypse Now?January 17, 2016 8:33 AM

Bruce has spoken many times about imaginary threats and their very real consequences.

These days government agents are allowed and authorized to imagine all kinds of violent intent in the people they meet and simply shoot them down like a dog if the "shoot, don't shoot scenario" playing in his or her head says "shoot". Maybe it's not right, but it's all legal. Sometimes the real time video playback doesn't match at all with what was going on in the government's mind, however and there are consequences. But the reward/risk calculation still favors shoot first and make up a story later.

The scenario of the laptop is the exact same thing but worse because everyone in the whole world becomes a terrorist suspect subject to abuse of the rights. The argument is set up to convince us granualr government searches of everything everywhere is justified and legal, if only to stop one horrific act of violence. Parenthetically, if the world police can bust assorted other criminals, like jay walkers with outstanding summons that's an extra benefit. And we all know that will happen, and is likely happening in some places already.

Those on the side of individual freedom and liberty keep thinking, or at least hoping, one day "they" will go too far and the sleeping masses will awaken. Right now, I think that's a long shot and instead world governments will be allowed, if not encouraged to let their imaginations run wild.

The message I get from the article is: Don't use google, ever. But, people I know, and you too, use google, fb, twitter and the like making it impossible to avoid if you want to interact with anyone.

A long time ago the threat was foreign teen age hackers changing your home page to spiders, now it's governments and corporations of the world picking over electronic data to secretively generate power, arrests and a revenue stream.

My imagination tells me this won't end well.

In short, I think the article and his analysis is ludicrous.

ianfJanuary 17, 2016 8:40 AM


@ Martin “it is also necessary to heal the dysfunctional societies terrorists often come from. To heal the fanatic approach of "my god is righter than yours and my war is holy".

I sit here with bated breath awaiting your realistic proposals of such healing, preferably such NOT involving analogies to Alien-the-film's solution “let's get out of this place and nuke it from orbit.”

rJanuary 17, 2016 9:19 AM

@Clive,

Nice point about spacial relationships / color analysis against an altered image... I can definitely see that working.

Mike GerwitzJanuary 17, 2016 9:21 AM

@Martin:

It requires the unencrypted storage of files in cloud services and unencrypted communication. I won´t work if the files are crypted with user owned key.

As I mentioned above, this isn't necessarily true. If the same encrypted file is distributed (rather than being re-encrypted to individual recipients), then it would be possible to match it. There may also be additional metadata about its transfer (depending on the service) that could identify it. Cryptanalysis of the file might yield additional information that would increase confidence enough to convince courts to issue a warrant. A search of that person's computer might yield the decrypted file---which, even with care, might be available from the OS swapping memory to disk.

These types of dragnet searches must be prohibited in any capacity.

Once it is known they do it: Which terrorist in his right mind would use Google, Microsoft or any other monitorable cloud services ever again?

Precisely, which is the argument with today's crypto wars: why would anyone use US-based services or software? We then have the situation whereby innocent users of the service are being surveiled, but not the actual targets.

Lawrence HusickJanuary 17, 2016 9:54 AM

Under present US law, if a file resides on a commercial server for more than 180 days, it is no longer considered private, so may be searched. That takes care of a lot of the issues.

ianfJanuary 17, 2016 11:36 AM


@ Lawrence Husick

Under present US law, if a file resides on a commercial server for more than 180 days, it is no longer considered private, so may be searched.

Please supply the direct reference to the "US law" that s.p.e.l.l.s this out in unequivocal manner, so we'll know that you're not a windbag.

Mike GerwitzJanuary 17, 2016 11:49 AM

@Lawrence Husick

Under present US law, if a file resides on a commercial server for more than 180 days, it is no longer considered private, so may be searched.

I too would like to see this law. I suspect that you have misinterpreted it, if it exists.

That takes care of a lot of the issues.

That would create even _more_ issues for privacy!

WhyCantISpeakOutAgainstTheEvilInThisWorldWithoutBeingCalledAPervertJanuary 17, 2016 12:42 PM

@ Martin: OTOH for child pornography: It is really provably (!) helps to find the people who abuse childs and stop them from doing so, this is a strong argument for a hash based file search.

But are they stopping child abuse? Or are they just going after the low-hanging fruit of possession while protecting the child abusers?

I have a problem with this. Where is the evidence proving it? We've got people going to jail because they can't prove the characters in their anime are over 18. It's a cartoon!

Studies have shown that access to pornography reduces the incidence of rape. You can create photo realistic computer graphics without hurting anyone to sate the perverts. There's the impression that this makes their perversion worse, that they will escalate to hurting real children, but the evidence seems quite to the contrary. It appears to allow them to cope with their perversion without bottling it up to the point where real people get hurt.

This is personal for me. My son is in elementary school. His classmate's father just got arrested for visiting a child porn website. I went through the whole psychological thing of panicking and grabbing my pitchfork & torch. Oh My God! My kid plays with his kid! Was he ever over at their house? Was he ever alone with HIM? Now I know why his wife never reciprocated with playdates! Guy hasn't even had his day in court yet, but we've all convicted him in the community.

I really wish I knew what the full story was. Nobody's talking about the case, or the evidence against him.

Perhaps he is a monster who tortures children. In which case, our wonderful CP laws JUST PREVENTED his children from documenting, possessing, or distributing evidence of their abuse, and seeking help and protection from our police and courts.

Or is this another case of pictures of his kids taking a bath? That's happened before. People go to jail for that. People get labeled a sex offender for life for sexting as a teenager.

Or was his computer bot'ed, used as a relay. Is he taking the fall for someone elses evil, of which he was completely unaware?

You know, there's a story floating around the internet of adults in Afghanistan buying children, young boys, keeping them chained to a bed, and homosexually raping them every night. Apparently it bothered our troops, who were ordered not to interfere with the local cultural practices, to have to listen to the cries and pleading of those boys being ass raped every night.

Now maybe it's true, and maybe it's not. Thanks to our CP laws, it's illegal to document, possess, or distribute evidence of such crimes against humanity.

I have a real problem with our CP laws that PROTECT PEOPLE WHO HURT CHILDREN so our leaders won't be embarrassed, while punishing the the low-hanging fruit of possession of datafiles or pixels.

Never mind the whole problem of how Javascript or HTML can be injected by anyone along the internet network-path, inserting images that will be stored in your disk-cache while being rendered offscreen.

Hell of a system. A break in your router software and any hacker can fill your harddrive with CP. You'll never even know until it's too late.

Who have you pissed off in your lifetime?

 

@ Martin it is also necessary to heal the dysfunctional societies terrorists often come from. To heal the fanatic approach of "my god is righter than yours and my war is holy".

I sit here with bated breath awaiting your realistic proposals of such healing, preferably such NOT involving analogies to Alien-the-film's solution "let's get out of this place and nuke it from orbit."

When you meet their basic needs, people tend to form less dysfunctional societies. They don't want to risk losing what they have gained.

We're looking at food, water, sanitation, safety (policing), health care, shelter, environmental control (heat/cooling), sex, social relationships, entertainment, communications, education, etc.

They're not easy problems to solve.

People talk about off-world colonization. It's still a pipe dream. But with all due respect to NASA, I think people are going to build and live in underground housing. (Safety, blocks radiation, solid structurally, keeps the air in, thermal insulation, etc.)

Without first building large numbers of such housing units here on earth, they'll never get the kinks out. On earth you can vent to the outside air. On Mars, screw up the air purification system, everyone dies.

Plus underground living solves a host of problems regarding environmental control (heating/cooling) here on earth. There's a reason people live underground in that town, Coober Pedy, over in Australia!

Granted, if you have money, you'll want better accommodations on the surface. But for the poor, underground living works surprisingly well.

Water and Sanitation: We need toilets that are self contained with a bidet. No toilet paper. No external water/sewage taps. These toilets need to recycle pee & poop into purified drinkable water, with solids sanitized, processed, and disposed of manually. This isn't nearly as disgusting as you think it sounds. Hell man, that water you drink every day of your life has passed through the kidneys and been peed out of countless mammals, fish, birds, reptiles, insects, and all of God's other living creatures over the eons. There's a reason I like my bottled water originating from a municipal tap. And if you still think it's gross, just use the purified water to humidify your air.

Food: It turns out to be remarkably easy to turn a wall into a greenhouse, a 10x10 foot room into a 9x10 foot room. (Healthier too. Look up Forest Bathing.)

Picture milk crates of various rectangular sizes bolted together providing power and data buses throughout, with removable rectangular plastic plug-in self-contained hydroponic greenhouses that just slid in and out with self-contained permanent LED lighting, and with a little app on your phone to control the day/night cycle to trigger blooming and maximize production.

Everyone can grow their own food. Granted initially at a high cost, but that will come down rapidly. It would certainly decrease our dependence on outdoor crops that are being affected by climate change, along with transportation and storage. (The majority of which spoil before being eaten.) It's much easier to store, ship, and sell seeds and hydroponic supplies.

The only holdup is our war on drugs. While it's completely legal to do this, to grow your own crops in an urban garden, those who have the most experience doing so are using it to grow cannabis. I knew someone who tried this, growing actual food not drugs. Even so he was raided repeatedly by the local SWAT team until he gave up. It just wasn't safe for him or his family. All those guns, breaking down his door at all hours of the day and night.

Great example there of overreach, how our policies grow outside of the original laws.

Getting back to the original topic: Sex can be addressed with porn, toys, etc. Social, entertainment, communications, and education can largely be addressed via internet access.

Which leaves us with Policing and Health Care.

It's doable. It just takes the will to do it.

 

@ Mike Gerwitz: These types of dragnet searches must be prohibited in any capacity.

First they came for the Socialists, and I did not speak out — Because I was not a Socialist.

Then they came for the Trade Unionists, and I did not speak out — Because I was not a Trade Unionist.

Then they came for the Jews, and I did not speak out — Because I was not a Jew.

Then they came for me — and there was no one left to speak for me.

- Pastor Martin Niemöller

Who or what will they target with these dragnet searches next, once they have the capability?

 

albertJanuary 17, 2016 1:10 PM

"Should We Allow Bulk Searching of Cloud Archives?"

Short answer: NO!

Again, it's the question of retribution vs. prevention. In general, the record on prevention is abysmal, whereas the record on retribution is considerably better. With terrorists and mass shooters, the retribution has been streamlined considerably by the practice of street justice. Local rogue actors will always pop up in mass shootings. Research into their backgrounds reveals signs that should have been noticed, but weren't. This leads to the false notion that such things can be monitored and dealt with. This can happen only in a total police state, with totally brainwashed citizens. Granted, we're a long way from becoming a DPRUSA, but progress is made in small steps, taken at intervals greater than the attention span of the Unwashed Masses.

It's clear to me that technology is incapable of curing the abuses of technology, so the answers must lie in the folks who do the abusing. Here we find such systemic dysfunction, that, if present conditions prevail, there is little hope for change.

Have a nice day, Everyone!

(Squid post)
https://www.youtube.com/watch?v=ANv5UfZsvZQ
. .. . .. --- ....

Daine KreimerJanuary 17, 2016 1:33 PM

Huh, hypothetical? It has been done for years. This is the first paragraph of wikipedia's entry for PhotoDNA:

"PhotoDNA is a technology developed by Microsoft that computes hash values of images in order to identify alike images. It is used with Microsoft's own services Bing and OneDrive, as well as by Google Gmail, Twitter, Facebook and the National Center for Missing & Exploited Children, to whom Microsoft donated the technology. In December 2014, Microsoft also made PhotoDNA available to qualified organizations as a free cloud service through the Azure Marketplace" (my emphasis).

ianfJanuary 17, 2016 1:43 PM


@ Why Cant I Speak Out Against The Evil In This World Without Being Called A Pervert

You can speak out, you just did; not that what you had to say was all that memorable.

    [re: ways to heal the dysfunctional societies terrorists often come from]
You certainly have a talent for weaving hybrid phantasy/ science-fiction scenarios, except they are too TL;DR for this medium. For that reason alone I suggest you expand it into full-length SF novel, publish on Smashwords or Kindle, then sit back and listen to the $Kaching! dividends—which you then could use to make your dysfunctional society-healing intentions come true, if only one one-person society (on Earth or Mars) at a time.


PS. leave Martin Niemöller be. His words were not a metaphor to be deployed willy-nilly as some analogy by budding SF writers, or anyone else for that matter.

Lucifer's LubricantJanuary 17, 2016 2:43 PM

@ianf


@ Martin “it is also necessary to heal the dysfunctional societies terrorists often come from. To heal the fanatic approach of "my god is righter than yours and my war is holy".”

I sit here with bated breath awaiting your realistic proposals of such healing,

Realistic Proposal #1: Advance Global Free Speech wherever and whenever possible. Fight tooth and nail against any method for establishment interests to maintain dominion over that realm.

Theory: Free Speech is the most efficient solution basis to all global social problems.

This theory was ingrained in me at an early age in a propagandistic fashion. But I consider my continued belief in its plausibility despite that to be evidence of its worth.

Twitter is not a medium of free speech. Never was. Neither reddit, nor facebook, nor instagram. The internet in general- the jury is still out. A cloud storage provider that you are not the CEO of- take a guess.

Hypothetical HadesJanuary 17, 2016 2:58 PM

No doubt a big reason this hypothetical provokes such a reaction from me, is that it sounds precisely like how I would imagine Satan asking John Carmack for an engineering solution to arbitrary global communication censorship to sound like. It doesn't sound like a hypothetical crafted by someone who is more afraid of a future without free speech, than a certain amount of horriffic terrorist incidents happening. There are worse things than a few thousand relatively quick deaths. Try a few billion horribly slow ones.

Alien JerkyJanuary 17, 2016 3:19 PM

Hmm, let us consider how information can be mis-interpreted. When I was a kid, my grandmother used to cook chicken in a pressure cooker. She said it made for more tender chicken. Finding her old recipe I decide to give it a try. So on a lazy weekend afternoon I go shopping. I go to one of those huge superstores that carry everything.

I go to the kitchen supplies and buy a pressure cooker. What goes real good with the recipe is home grown tomatoes, so over to the garden section and pick up some seeds, should also get a bag of fertilizer. My allergies are acting up so over to the pharmacy section and get some pseudephedrine. Hmm, running a little low on cleaning supplies so over to housegoods and get some bleach. I like target shooting at the shooting range, so need a box of bullets. Oh yeah, that sprinkler pipe broke when I was mowin the lawn and hit it with the mower. So over to hardware and get a piece of pipe.

Imagine the conclusions that can be drawn by taking these purchases out of context.

Sancho_PJanuary 17, 2016 4:08 PM


@Grauhut ”No, we shouldn't allow this.”
Yes, but unfortunately they won’t ask us :-(
***

@JW (16th, 6:43 AM) is right, there is no document INSIDE a private account.
This is not a search of a private room or house or millions of (not) suspects, no privacy violation whatsoever. The warrant would address only one single object, the provider’s database.
A "facility".

So the question / warrant would be “Is the hash in the facility?”
and not “Is the hash in Bruce Schneier’s private account?
Constitution and Amendments may not apply to Googles database.
But IANAL!

There is a more interesting question if we forget the US - centered thinking:
Is the provider’s database a national entity or is it international?
For the hypothetical case, why do we assume that only the US may have an appetite or even a right to access the facility?
The Gmail database contains data of nearly all nations.

Why shouldn’t e.g. NK want to access their national's data?
Because it’s Google?

See my next posting for some German fun.

Sancho_PJanuary 17, 2016 4:13 PM

I wanted to add the following to the squid thread, however it fits perfectly here:

A Friday canary, related to the “hypothetical” bulk search.

Disclaimer:
Be aware, I’m not a German (but I try to read that stuff) and IANAL!
+ I may not fully understand this German pipe dream:

Google is likely facing a problem in Germany. It seems Gmail is still not registered in Germany as a “telecommunication service provider” (== both, a business and a provider of public telecommunication), like e.g. the Deutsche Telekom.

A “registered provider” would be under (some) control of the “Bundesnetzagentur” (think of IT-Stasi but without teeth) and - last not least - has to install a lawful interception device [1] for German authorities.
This is a crux because Gmail also handles non-German accounts on their servers. The provider would have to check if the request is legit, but could they? Do they know the (all) nationalities of each user?

The quarrel is going on since 2010 (see http://openjur.de/u/866817.html), it may have heavy implications for other communication providers (Mi$o, Yacooz, …), too.

Probably someone has a better understanding than I have?

[1]
It’s called SINA-box, a must for any provider having more than 10k users (not accounts). When warranted, the provider has to secretly copy all data of the specified account(s) to that box. AFAIK the German authorities do not have direct server access to the provider.
Now back to the request to search the database - who would be entitled?

MagnifierJanuary 17, 2016 7:00 PM

@Daniel

Child pornography has been around for ages; indeed the term pedophile is from the golden age of Greece 2000 years ago. It wasn't until the last 30 years or so that it has come to been seen as a "bad thing".

Are you suggesting that if in 1980, 1950, or 1900 that if a high level politician were discovered to be an enthusiast of pictures or renderings of 10 year old children having sex with 50 year old adults, that it would not have hurt their political career?

Certainly in the realm of your subject matter there are issues that need resolving (read: virtual child porn). But that statement begs to be called out, even if it is merely troll bait i'm chewing on.

rJanuary 17, 2016 7:46 PM

@ianf,

I'm with you on Mr 'SpeakOut', so I'm calling b.s. here too.

I had like 3 some odd pages ineffectual rant dedicated to glass houses and globalization but ya know what? I gotta get up tomorrow morning: I live in reality.

If equal representation wasn't just a federali buzz word maybe the people in my neck of the woods needn't worry about keeping their lights off at night or only answering the back door. If my neighborhood militia wasn't heavily involved in drugs, guns, the sex trade, extortion, money laundering and racketeering maybe they'd have constitutional protection or a friend in the NRA? If I didn't have to chase hookers out from behind my garage every other day just to find out they've been leaving their needles under the jungle gym at the school down the road too maybe I could feel safe in my child molester filled neighborhood right? Maybe we should pack up our stuff and head to his neck of the woods, it's got to be better than having to take my kid to the hospital to have his blood checked for lead poisoning, having to wonder why in a country as great as ours is I can't get enough clean bottled water for my family... having to worry about shower spray giving my son legionaires disease because somebody punted a long buried problem.

Wow I thought I deleted all that, hrm...

Anyways let's get serious here, if they're going to chase stolen cellfones with stingrays but not get serious about equal representation and start using that shit for the general good of mankind they need to have their badges and weapons turned in.

And by that I mean, anything not being used for good is being used badly.

Especially when said item is being used in secret, by secret, and for secret. To hell with national security, they sold what many working families view as security down the river 50 yarns ago if we have no job security then there is no national security. Government subsidized employment through McDonald's or Wal-Mart does not cut it.

If they want to continue to use eschelon class tactics on people they need to man up and reinforce the justice system ad's build or belief in them back up cuz they are doing damage every day they don't take action.

Mike GerwitzJanuary 17, 2016 7:56 PM

@WhyCantISpeakOutAgainstTheEvilInThisWorldWithoutBeingCalledAPervert:

I think that you may have misread my post; your response doesn't quite follow.

Pundit BlumpkinsJanuary 17, 2016 7:57 PM

May we have more realistic hypotheticals, please? How about:

The authorities find... [child pornography originated by minors.]

The discovery would surely help... [illegally attack the honor and reputation of a dissident suspected of helping Wikileaks disclose evidence of US government crimes of concern to the international community.]

Surely... [a criminal cop] has the ability to... [alter a chat log to insert sexual content and and falsify witness testimony to fabricate circumstantial evidence of sexual predation.]

http://news.nationalpost.com/matt-dehart-claims-fbi-tortured-him-and-grilled-him-about-anonymous-and-wikileaks

"That evening, an agent showed him a criminal complaint — drafted only that afternoon — accusing him of soliciting the production of child pornography in 2008, according to both Matt and FBI records."

“I looked the guy in the eye and said, ‘I didn’t do that,’ and he said, ‘I know,’ "

..."'[DeHart] thought that the search for child pornography was really a ruse to try to get the proof about his extracurricular national security issues. I found him very credible on that issue.' — Judge Aleta Trauger"

Funny how the police-state suckups at Just Security are always ruminating about how to stop criminals, except when the criminals work for the USG. This abstract chin-scratching is dishonest misdirection from urgent questions of domestic and international resistance to a criminal US state.

ianfJanuary 17, 2016 9:09 PM


@ rrrrrrrrr you lost me at "equal representation" which seemed way out of any context I could think of, so I done the dishes instead.

65535January 17, 2016 10:15 PM

Just wonderful.

[WaPo]

'…the most controversial and revealing technology is the threat-scoring software Beware [Criminal Score index of sorts]… Exactly how Beware calculates threat scores is something that its maker, Intrado, considers a trade secret, so it is unclear how much weight is given to a misdemeanor, felony or threatening comment on Facebook [So Facebook is selling information to local police?]… Councilman Clinton J. Olivier, a libertarian-leaning Republican, said Beware was like something out of a dystopian science fiction novel and asked Dyer a simple question: “Could you run my threat level now?”

“…Dyer agreed. The scan returned Olivier as a green, but his home came back as a yellow [Just below Red]… He [Council member Olivier] added later: “[Beware] has failed right here with a council member as the example.”… from the Bureau of Justice Statistics. The most common forms of surveillance are cameras and automated license plate readers, but the use of handheld biometric scanners, social media monitoring software, devices that collect cellphone data and drones is increasing…” –Washington Post

https://www.washingtonpost.com/local/public-safety/the-new-way-police-are-surveilling-you-calculating-your-threat-score/2016/01/10/e42bccac-8e15-11e5-baf4-bdf37355da0c_story.html

It does look like the police are already scanning huge data facilities without a warrant. Further, I would guess the “Beware” Criminal Scoring system interfaces with the FBI/NSA/DEA “TIDE” database. The TIDE or “Terrorist Identities Datamart Environment” data base is like the Roach Motel. Your data checks in but never checks out [or is never removed].

https://en.wikipedia.org/wiki/Terrorist_Identities_Datamart_Environment

I believe connecting the local police to such invasive resources will become a huge fishing expedition for “vice” crimes and will not stop Terrorists. This will probably end badly.

End note: What happens when you run a police officer through the “Beware” scoring system? Will he be flagged as “yellow” or “Red”?

ianfJanuary 17, 2016 10:34 PM


@ L. W. Smiley,
                         the more I read about swatting and the gung-ho "we take bomb jokes seriously here" attitude, the more I appreciate that I live in a place where the street police is basically lazy – due to not liking to fill in the reports, stats updates, or having to deal with the internal bureaucracy more than ab-so-lu-te-ly necessary. It helps that for the past 30 years or so they've been going through one reorganization after another, which has led to petty crime [house break-ins, shop/ street grab-n-run larceny, car-jacking and occasional robbery] solving rate effectively heading down towards 0% (not my opinion, those's in the know), and with the only crimes that they pay any attention to involving drugs, guns, and "carrying a knife while intoxicated outside a night club," all of which looks macho-good on TV.

In fact, I believe the CID gets bonuses for mass-writing off cases for which they have no manpower anyway, rather than for attempting to solve some ordinary, unspectacular ones (besides, overtime). Because all the spare manpower they have is fully occupied with lecturing in high schools about risks of cannabis as a stepping stone to harder drugs, and the art of solving everyday conflicts by means other than fists—e.g. friendly bowling matches and other group sports (for which the schoolyard antagonists also are eligible for, errr… Nous Sommes Des Copains grants). That, and how no girrrrl ever "has asked for it," because grrrrls are from Venus (here the grrrrls in the classroom look for a mo like they'd won at bingo). That near-nil crime solving rate has the additional benefit of insured crime victims caring less and less about catching the perps, which in turn makes the overall statistical crime trends head in the right direction. Hence, a win-win situation!

Stopped posting the same "name" every time when I started using tor on this site... I suspect many "January 17, 2016 11:38 PM

@65535

Will he be flagged as “yellow” or “Red”?

Neither. He'll be flagged as "blue." Blue gets a free pass at almost anything.

Clive RobinsonJanuary 18, 2016 1:15 AM

@ 65535,

I just love this little snippet,

    The scan returned Olivier as a green, but his home came back as a yellow [Just below Red]…

With those extra words with the "just" added to sound like he lived on the outskirts of a "good area" which only "just" had a few bad folk aways off down the road...

In the UK satirical magazine "Private Eye" did a little maths on crime statistics and concluded that as a politician you were four times more likely to go to prison than the rest of the UK Populous (including the 0.1% of the population actually in jail :-)

So based on those statistics the US politician was lucky not to come up depest darkest "red"...

Clive RobinsonJanuary 18, 2016 1:27 AM

When is a mic not a mic?

When it's some other transducer with sufficient bandwidth and sensitivity.

We have seen this with "crisp packets" and video cameras which is actually quite difficult.

But how about something closer to home, like the gravitometers in your mobile phone...

https://crypto.stanford.edu/gyrophone/

It's why you realy have to be carefull with the likes of the Jackpair kickstarter and other inline voice encryptors. Your smart phone might or might not disable it's inbuilt mic but those little gravity sensors to get the screen to rotate etc, nope they will be left on...

Clive RobinsonJanuary 18, 2016 1:36 AM

Opps,

My Monday morning brain has let me down. My above on gravitometers in phones should have been posted in the Friday Squid page.

65535January 18, 2016 3:57 AM

@ Clive

Sorry. There is no squid post this week.

Canary of sorts?

Yes, it is odd about ranking a residential abode address as “yellow”. It maybe true that politicians have a higher criminal rank than others but, I think the Beware system is meant for violent confrontations and Swat Team size… although I could be wrong. I will say that address “criminal ranking” must take a complex “data base set” with people moving from house to house in the course of time and could produce false values.

CuriousJanuary 18, 2016 4:10 AM

@Clive

I can't help but wonder if an accelerator in smart phones might be recording password inputs, or any inputs on the phones. Unfortunately, this might have been mentioned already, so please forgive me if something like this was discussed here on this forum previously.

Zittrain naively contradicts himselfJanuary 18, 2016 4:33 AM

Zittrain's article says "The company should refuse to run searches sought by governments that do not embrace the rule of law".

The US (like many countries) frequently blatantly ignores its own laws as well as international laws.

So why would he agree to run the search for US authorities?

He seems to naively believe that the US embraces the rule of law.

Mic ChannelJanuary 18, 2016 5:12 AM

So possession of the document is an indicator of guilt, or at least further investigation and thereby an authorised tossing-over of someone's entire cloud account, all their other cloud accounts, and probably all their known contacts' cloud accounts. And throw in a few seizures of equipment and swat raids etc. All of this supported by properly authorised warrants etc. All legal. All above board. They'd find something.

If i were a terrorist, then I would make sure to leave a laptop behind in the apartment which contained just such an incriminating "to-do" document, having first obtained that document from a rival terrorist group. Or perhaps a pesky politician. Or a district attorney who had previously refused to be bribed.

All these people would eventually be found not guilty, of course. Well, I say 'of course', but that presumes access to decent and affordable legal representation who didn't mind defending them and being smeared by association. But that finding of innocence would take years.

And in the meantime, I would have been relatively untroubled by the over-worked security services. Who could have predicted that? Yes, this entire scenario is a bit contrived, but then so was Zittrain's original thought-experiment question.

JdLJanuary 18, 2016 5:31 AM

"We" can flap our arms all we like, "debating" whether or not to "allow" government(s) to search through our online archives, but let's get real. Governments are huge criminal organizations that do what they please. Therefore it is dumb to post anything online in an unencrypted state unless you WANT governments to read it.

I go one step farther and apply steganography to everything I'm about to upload. All anyone can see is some big .wav files. Inside each may or may not be private data. Any government criminals who want to see what that data is, or even to know for sure whether anything is stored inside, can pound sand.

Coyne TibbetsJanuary 18, 2016 7:53 AM

First of all, NSA and similar agencies are probably already doing this. Second, law enforcement won't ask if this is a good idea; they'll simply demand it whether there is a good reason or not (and legislatures will likely hurry to comply). (Call the agencies and law enforcment "agencies" collectively.)

Then, a lot of his argument presumes file hashes and exact matches (though he does touch on the idea that this may not be exact enough). I'm more inclined to think it will be/is being done in metadata and contextualization: that is the current state of the technology. These will be demanded by the agencies, so they can not only search a target file, but also execute near-match and sweeping searches. (As we have seen in the past, they will promise not to abuse sweeping searches, but will do so anyway.)

Imagine contextualization profiles for drug lords, terrorists, "radicalized" individuals (that is, political malcontents--think political prison), drug users, child abusers, gamblers, and so on; every file flagged with its appropriate profile matches. Perhaps the agencies might be searching for one group of terrorists, but they will make the search as broad as possible within the request given to Google.

This leads to false positives. The agencies will no doubt want to see each such actual document. Let's take an extreme case and assume an agency is looking for a terrorist, as he proposes, and turns up a false positive drug lord's document. Should we really assume such a false positive will be discarded with no action taken? (Some persons would counter that such a document is "not admissible"; my response is, "This document might not be, but the information it contains will be used against the drug lord anyway, via parallel construction.")

Sometimes it's worthwhile to hypothesize, but this document was out of date before he finished it.

I Want Squid FridayJanuary 18, 2016 9:13 AM

Sean Penn and his infallible OPSEC:

https://www.emptywheel.net/2016/01/12/the-chapo-secrets-the-press-should-be-squealing-about/

Subsequent reporting, handed over from Mexican intelligence, makes clear that authorities know those details pertaining to Chapo’s side. Kate del Castillo and Penn first went to Guadalajara, where they stayed in Villa Ganz. From there they were driven to an air strip in Tepic, Nayarait, where they were flown in a private plane to Cosalá, Sinaloa and then driven to a location on the border of Durango. Del Castillo’s primary interlocutor is named as Andrés Granados Flores, though she also met with Óscar Manuel Gómez Núñez (the latter of whom was arrested weeks after the Penn meeting as the mastermind of Chapo’s escape last year).


Penn’s own narrative makes it clear that both Alfredo and Iván Guzmán, Chapo’s sons, attended the meeting. The only Sinaloans whose names he may have changed were “Alonzo” (who is likely to be Granados) and, possibly, some bodyguard type in Chapo’s presence, Rodrigo. He may have protected the identity of others, but not by changing their name, as the disclosure describes.

In other words, the key players in this story whose names were changed were not Chapo’s men, but the two men who linked him with del Castillo in the first place, Espinoza (whom I call Spiny) and El Alto. It is true Rolling Stone did not name locations; at it turns out, Mexican authorities were following so closely, with cameras, anyway, hiding the locations didn’t help Chapo much.

Now why didn't our favorite space cadet name the corrupt US financial institutions laundering El Rato's drug money, if he wants to help end the war on drugs? Hmmm?

Maybe we should quote the literary genius himself:

"There's a lot of mediocrity being celebrated, and a lot of wonderful stuff being ignored or discouraged."

Yes Sean, yes there is...

Joe BuckJanuary 18, 2016 11:06 AM

The Fourth Amendment says: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

It seems clear to me that a judge could issue a warrant requiring Google or another cloud storage provider to search its storage for a particular file that is relevant to a criminal investigation. As others have pointed out, because of the de-duplication that all cloud storage providers perform, the search is easy to conduct, it won't find anything else, and the description of the "things to be seized" is precise. As the Fourth Amendment says, a warrant should be required, and this shouldn't be allowed to be used for fishing expeditions (example: a record company demanding that Google search its storage for hashes matching every song ever published).

Clive RobinsonJanuary 18, 2016 11:46 AM

@ Joe Buck,

As the Fourth Amendment says, a warrant should be required, and this shouldn't be allowed to be used for fishing expeditions (example: a record company demanding that Google search its storage for hashes matching every song ever published).

Err No you've got that wrong.

As I said above US law say's that the PII and similar belong to the collector, in your example Google. The 4th only applies as a restraint on law enforcment not commercial transactions, so Google would be quite witgin their "collected data" rights to enter into a commercial arrangment with a record company to "for hashes matching every song ever published".

Unless Google put some restraint in the commercial contract the record company would be well within their purchased rights to the data to use it in a civil (tort) law suit in the US against US entities legal and natural.

Not so for European originated data, that is covered by a fairly broad set of legislation and the now --mortaly?-- wounded "safe harbour" agrement.

Yes it's a mess but at the end of the day, most people when they have had time to think through US "collected data" rights, think the European Privacy legislation is far superior. Some even think --quite correctly-- that even European legislation does not go far enough in protecting citizens privacy.

JonJanuary 18, 2016 12:18 PM

@ Clive Robinson

TL;DR version: Hash-based image comparison is trivially defeated, but it has the nice feature that you don't have to distribute the entire database of unlawful images to compare to.

You're right in that image recognition of things like flesh tones and shapes does indeed weed out imagery for a human inspector, but we're talking about HASHED images here, and in them, yes, flipping one pixel will defeat a hash match.

This is at least partly because direct (or even 'close to') automatic image comparison requires a copy of the image being compared to, as well as the unhashed 'suspect' image.

This means that to see if a 'suspect' image is 'alike' to a criminal one, you need a database of child pornography images. This is okay for law enforcement, they have exemptions from prosecution for possessing that sort of thing, but not so much for private companies that may be asked to do this sort of image comparison.

What law enforcement can provide to everyone is a list of hashes, and require ('ask nicely if all your permits are in order') that every image be hashed and compared. Matching hashes then ring all kinds of alarm bells. This also gives the company cover, because both hashing and comparing hashes can be fully automatic without any human ever looking at the 'suspect' image until it matches something.

This also provides cover for law enforcement - If just the database of hashes leaks, they've not just distributed a giant pile of child pornography..

Anyhow, should these sorts of searches be automatic? Should every image posted everywhere have its hash (metadata, to be sure) shipped off for comparison?

J.

Jim LippardJanuary 18, 2016 1:55 PM

These kinds of searches have been conducted by ISPs going back to the mid-1990s to identify and shut down compromised shell accounts, via such terms of service violations and indicators of compromise as hacking tools, pirated software, and ".nfo" warez information files.

Sancho_PJanuary 18, 2016 5:54 PM


@Clive Robinson

"Not so for European originated data, that is covered by a fairly broad set of legislation and the now --mortally?-- wounded "safe harbor" agreement.

Yes it's a mess but at the end of the day, most people when they have had time to think through US "collected data" rights, think the European Privacy legislation is far superior. Some even think --quite correctly-- that even European legislation does not go far enough in protecting citizens privacy."

Only that data in a cloud storage facility don’t have an “EU protected” flag.
It is strange to derive nationality (and rights) from the “place” where the server is located - if one can permanently locate the data at all.
But I’d also challenge your ”European originated” idea.

Some time ago I had a Yahoo account residing in the US (I used a VPN provider from NY). After using it often from a Swiss VPN Yahoo then asked me to shift the account to EU servers for “more speed”. - Switzerland and EU, fun!

The USG believes in a right to access data from any US based service, following Zittrain’s hypothetical they would search my (EU citizen) Hotmail or Gmail account.
And I guess the Spanish authorities would like to do that as well.
But in case someone has double citizenship?

Also see USG versus Microsoft:
http://www.theguardian.com/us-news/2015/sep/02/microsoft-us-government-cloud-computing-ireland
and an interesting opinion by Orin Kerr:
https://www.washingtonpost.com/news/volokh-conspiracy/wp/2015/07/23/does-it-matter-who-wins-the-microsoft-ireland-warrant-case/

J.K.AJanuary 18, 2016 6:50 PM

Aren't anti-virus companies already doing this? I heard services like kasperskey network rely on file hashes to detect the prevalence of viral infections. Who knows what other uses they have.

PeanutsJanuary 18, 2016 8:38 PM

Microsoft forcing end of life for skylake Windows 7 now. With a few trivial exceptions for the marketing dept, end of life is immediate.

https://www.geek.com/microsoft/microsoft-wont-support-older-versions-of-windows-on-new-processors-1644875/

If you 'want/need' to run w 10 you need to limit by external firewall to known safe to egress to end points otherwise it shares every bit of intellectual property with the cloud.

I do not believe any of the privacy band-aid programs can beat the w 10 Survailance platform implant design, none I've seen appear to have been tested at all let alone tested by a competent 3rd party to ensure minimal info leakage and that extra data mining cycles which are un stoppable have no egress

The immediate best option is to not use Windows on skylake immediately
Regards
Peanuts and have not forgotten the last ask on details re password system approaches which use keys you should not be able to remember, soon

GrauhutJanuary 19, 2016 12:37 AM

@Sancho_P: Understanding German Squids

Surveillance by police works like that: They require service providers to install a vpn box running SINA, a hardened Linux distribution, to wich those providers have to copy traffic or mails on court order.

The German secret services act the usual way, tap that crap at cable interconnects.

The Netzagentur (network agency) is a regulatory office, mainly controlling technical compliance of equipment and competition in the telco market, very similar to the FCC.

The IT-Stasi (who doesnt want to be some kind of) is the BSI, the federal office for IT (in)security, a former BND secret service department. :)


But there is no need to be to afraid of them, when some de.gov servers where hacked and ddosed last year they had to use Cloudflare and other commercial services to contain it. The German national cyber response center (NCAZ) in Berlin, right around the corner, was not enough to get these jobs done in time... :D

Clive RobinsonJanuary 19, 2016 4:21 AM

@ Bruce, Sancho_P, European residents.

Thr ECHR might just have outlawed bulk surveillance...

https://cdt.org/blog/did-the-european-court-of-human-rights-just-outlaw-massive-monitoring-of-communications-in-europe/

It will be interesting to see what happens in the next few days as this has obvious knock on effects relating not just to this threads "thought experiment" but the current US-EU "Safe Harbour" negotiations which have to compleate by the end of January or all kinds of major US Companies have significant problems...

It might also effectivly nullify certain US recent legislation in that it can not be applied to EU Citizens data that they have been given no choice on it being collected or exported.

It will be interesting to see what various legal experts conclude and which side of the puddle they are on.

@ Bruce, if you ask nicely some of the people you associate with in this area might give you sufficient opinion for a good Op-Ed or three ;-)

HagenJanuary 19, 2016 8:37 AM

I enjoy reading this blog and the comments for a while since it's rich of contend and background information. However, what should a (1) a person with serious security requirements and (2) a normal private user really do now ?

(1) If I would have to seriously protect sensitive data, let's say a journalist protecting it's sources, a lawyer protecting customer contracts containing business secrets or a political opposition member in a country repressing it's opposition, I wouldn't (solely) rely on encryption. The military says, as soon as a target is reconnoitered, it's as good as destroyed. Likewise, there are so many possible attack vectors to intercept passwords to acquire private keys or to subvert the encryption itself, that a sufficiently capable party interested in that data will eventually succeed. So wouldn't it make more sense to obscure the mere existence of the sensitive data and/or the fact that communication occurs, i.e. preventing the "target" from being spotted at first ? Truecrypt implemented that rudimentary for local storage with it's "plausible denial" concept, trying to obscure the existence of a hidden volume with whatever data in it. The same seems principally possible for communication between partners, however is rarely discussed. Instead, many people tend to belief in "Maginot thinking:" if the walls (encryption) are thick enough, we're save behind them.

(2) The popular technical answer for a private person to halfway protect himself from becoming as transparent they want for the advertising industry and for governments is to choose the right Linux distribution and to refraining of unnecessarily confiding private data to anybody, especially to who we know is committed to collect it as a business model. That may work pretty well for us, but saying so, we effectively advocating abnegation, because that means staying away from mainstream gaming (will soon require directx 12 and therefore W10,) the most popular social media, searching the internet with google and their likes, and generally cloud based applications as a solution for mobility and redundancy. So the choice seem to by either utterly ruin privacy or most of what an average private user is doing with his PC/notebook/tablet. Ok, well, internet porn may still work. :) Must not a solution be either political (forcing government to protect it's citizens constitutional rights) or educational, i.e. teaching children that they are already acting in public if they use an internet connected Windows/Apple/Android device?

BoppingAroundJanuary 19, 2016 9:42 AM

Hagen,
I'm afraid there is very little you can do regarding gaming (besides pirating
and playing single player and/or multiplayer on pirate servers [A]), SNS,
Google and 'cloud' in general. SNS and Google are the literal anti-thesis to
privacy no matter how hard they try to convince you otherwise.

Hell, the Net access as a whole is rotting too. Some ISPs here and there are
selling 'anonymised' click-stream data already.

Personally I don't believe in 'political' solutions — partnership with the
mighty is never trustworthy. Think of every data leak that has happened so
far. All you'd get is 'sorry' and that's the best case. 'Terrorism' craze is
of no help (for you) too.

The 'average normal user' is fucked and his only option is to help hilmself by
himself; and even then I'm unsure if it'd work and to what extent. They should
do it anyway if they want to. If it works, good. If it doesn't, at least they
tried.

-----------------------------------------------------

[A] I'm not sure if pirate servers exist these days for contemporary games.
They used to in the past.

Dirk PraetJanuary 19, 2016 12:29 PM

@ Sancho_P

The USG believes in a right to access data from any US based service

Under that same principle, the Russian/Chinese government would have a right to access data of US citizens residing on servers of Russian/Chinese companies in the US. Which I kinda doubt anyone in the DoJ or Congress would be likely to support.

Absent any international law or treaty stating the opposite for data, the entire idea goes directly against the territoriality principle and national sovereignty. Just like US LE - with or without a warrant from a US judge - has no rights to question either a US national or a local citizen on, say, German soil UNLESS German authorities have explicitly given permission to do so.

Although Orin Kerr makes a couple of good points, I don't see any US legislation in the pipeline differentiating between data of a US citizen and a national of the country said data is residing in. Neither do I agree with his opinion that the outcome of the US v. Microsoft doesn't really matter very much.

Things have changed since last July. There was the Schrems verdict that for all practical purposes invalidated Safe Harbour. Schrems has meanwhile filed additional lawsuits in Belgium and Germany. There's the recent Szabó and Vissy v. Hungary ruling @Clive referenced. CISA has been passed. A Court of Appeal in the UK just ruled that Schedule 7 of the UK Terrorism Act is incompatible with the ECHR. EU-US negociations on Safe Harbour 2 are not getting anywhere, and the deadline of January 31st is coming closer.

None of this bodes well for either the Anglo-American surveillance apparatus or the (US) companies they have enlisted. Many EU government institutions and enterprises where confidentiality is of the issue have started to include "no spy"-clauses and mandatory DPR compliance in their RFQs and RFPs. So yes, there is actually a lot at stake, not just for MSFT but for the US technology industry as a whole. And a verdict in favour of the USG is not going to help them in any way to continue doing business as usual with the EU. Quite the opposite.

Clive RobinsonJanuary 19, 2016 1:09 PM

@ Hagen,

There are many things you can do as an individual to protect yourself, historicaly it's something hermits used to do, but in tgis day and age we call it "going off grid".

But as some people have found "living off grid" can cause others to take an interest in you because anything outside of what they consider normal must be suspicious therefore must be stopped or at the very least investigated.

That is you are "required to appear normal" which means "you must communicate with people" and "render unto Ceaser".

Virtualy all loss of privacy is down to "communicating with others", Claud E. Shannon came up with a model of a "communication channel" and many peoples ideas on security are based on these. However the model is woefully incomplete and it is in these areas that most data is exposed on way or abother. A Shannon Channel is between a transmitting device interface and a receiving device interface and includes the possability of evesdropping to that channel. However it does not cover any deficiencies in the transmitter or receiver or what comes before or after them respectively. So the model does not cover betrayal, end runs or metadata.

So as a simple case I wisper a secret into your ear, when we part I can not control what you do with the secret (betrayal). During the meeting I can not rule out that some one who can lip read is looking at my or your lips through a telescope (end run) or using a parabolic or shotgun mic listen in (eavesdrop) nor can I rule out that the meeting time place and duration (metadata) has been recorded by an observer.

The traditional defence against eavesdropping is "encryption" but it does not stop the other attacks and adds new attack surfaces of it's own, not least of which is generating and managing the Key Material (KeyMat) which generaly means you need to set up another communications path or "side channel" which also has to be secure in some way as well as being vulnerable to all the other attacks.

However apart from "betrayal" of trust there are some technical things you can do. For instance on the --iffy-- assumption you have a secure side channel and the KeyMat has been securely delivered and stored there is nothing to stop you and the recipient hand coding the message with pencil and paper. If the encryption method is secure then even if the attacker can get at all parts of the communications equipment and the communications channel all they will get is some metadat not the actual secret data. This means that an attacker has to get close and actually "end run" around the encryption process by hiding a camera or going through your rubbish (bin diving) to get at either the "plaintext" secret or KeyMat. Prevention of this is possible but it requires exemplary OpSec from both you and the message recipient.

Whilst this might be practical for some for most it is not. Which is why "air gapped" systems were thought up. The idea is simple, you have an encryption device which is never connected to a communications network. You keep it in a "Crypto Cell" in a guarded "Communications Center" (ComCen) and it outputs the ciphertext that is then carried by hand to the communications operator who puts it into the transmitter the ciphertext ouput is then shredded/burnt as "Secret waste". During WWI various people realised that electro-mechanical cipher machines leak information via unintended energy emmisions the control of which is part of TEMPEST or EmSec.

As you have probably seen of more recent times just about any energy usage creates signals that can be picked up from a distance thus as sound carries fairly easily through air it is better to think not of "air-gapping" but "energy-gapping" systems. However the OpSec required to do this is impractical for all but those with a great deal more to lose than their privacy. It also does not hide the communications metadata which can be of more use to an attacker than knowing individual message content.

It is also well neigh impossible for most things ordinary people want to use technology for such as web browsing and e-commerce. Which only became possible with the advent of PKI but as recent attacks have shown the hierarchical PKI is vulnerable to all sorts of tricks and thus can not be relied upon even for privacy.

What also does not help is the lies originating from the likes of the FBI's Comey or the UK's Theresa May. Their desire to snoop has effectively nothing what so ever to do with stopping terrorism. Because terrorists tend not to use electronic communications and developed this aversion long prior to the Ed Snowden Revelations. They tend to use word of mouth or hand carried USB thumb drives their own message couriers because as the Russian's demonstrated with a little US help, missiles can fly down satellite phone radio signals and drones can "Find Fix and Terminate" cell phone and wired communications traced in other ways.

So yes the battle to maintain your privacy is a hard one but there are "sweet spots" where you can get some privacy without becoming the modern equivalent of a hermit.

WaelJanuary 19, 2016 1:44 PM

@Clive Robinson,

There are many things you can do as an individual to protect yourself...

That's a pretty good summary!

JohnJanuary 19, 2016 2:04 PM

I go to the kitchen supplies and buy a pressure cooker.

[..]

Imagine the conclusions that can be drawn by taking these purchases out of context.

To complex a scenario.

You live in an apartment, and you're moving - you need to move some furniture, and your small petrol car is not sufficient for the task. So you borrow a friends pickup and as a quid pro quo he asks you to bring him two bags of fertilizer for his garden.

Unfortunately, his pickup has an almost empty tank, so you fill it with diesel.

That's all it takes. You - known to live in an apartment and driving a petrol car, have no reason for those purchases except....

Sancho_PJanuary 19, 2016 6:23 PM

@Clive Robinson, Dirk Praet

Of course right now the situation is not settled in international law (let alone the idea that non of the possibly signing nations would then play by the rules, NK, US, UK, China, Russia, Germany, Spain, I can’t name them all here).

Now it would be interesting if there ever was a well founded solution all could agree with, I mean theoretically.

The location based concept (regardless of server or business location) similar to physical objects seems to be the most flawed concept for data rights as @Clive explained. Also this location could change in seconds for technical reasons or business merging etc.
The “European originated” isn’t much better, we are individuals (individual nations) and data origins from individuals, barely from nations or “The EU”.

This would boil down to the right / jurisdiction of the individual (originator) of the data, simply called privacy.
Neither business nor authoritarian regimes want that, thus it remains fiction.
:-(

Sancho_PJanuary 19, 2016 6:25 PM

@Grauhut
OK I see, Netzagentur, BSI, BND - Too many cooks spoil the broth, thanks!

Dirk PraetJanuary 19, 2016 7:44 PM

@ Sancho_P, @ Clive

This would boil down to the right / jurisdiction of the individual (originator) of the data, simply called privacy. Neither business nor authoritarian regimes want that, thus it remains fiction.

Not entirely. Article 12 of the UDHR states that "no one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation". Article 8 of the ECHR equally provides a right to respect for one's "private and family life, his home and his correspondence", and subject to certain restrictions that are "in accordance with law" and "necessary in a democratic society".

The EU DPD and its GDPR successor enshrine quite some rules into EU legislation. Whereas the DPD (or Directive 95/46/EC) was just a directive that member states still needed to translate into national law, the GDPR is a full-blown regulation that does not require any enabling legislation to be passed by governments. And "Privacy by Design and by Default" (Article 23) requires that data protection is designed into the development of business processes for products and services.

So yes, there's quite some good reasons that David Cameron and Theresa May want the UK out of the ECHR and the upcoming GDPR, as again shown by the Dyson ruling on Miranda yesterday. The simple fact is that ever since Snowden, European courts, including the ECJ, have been taking an increasingly dim view of US mass surveillance practices enabled by their dominant technology sector and of the sloppy work of their own EC and heavily lobbied MEPs with regards to the protection and privacy of EU data held by US companies.

AnonJanuary 19, 2016 9:36 PM

@Dirk

I'm not sure the Russian/Chinese argument would hold much sway with Congress. I think their view is that no one should be using Russian/Chinese cloud storage anyway, at least for any data that has actual economic value.

Sancho_PJanuary 20, 2016 6:17 PM


@Dirk Praet

Well, the UDHR.
I’d be careful to bet on this fig leaf of colonial arrogance and western supremacy.
This paper tiger denies cultural differences (our colorful world, ask @Wael) by proposing “rights” which non of the adopting nations ever respected, on top the US.

The EU? Any importance?
I’m not going to deny some efforts to balance between protecting its taxpayers against non-EU nations and on the other hand exploiting them internally (“data is power is business”, they are just bright enough to understand that from the US).
Granted, they try, but I’m afraid the intention isn’t pure humanity.

AnonJanuary 20, 2016 6:59 PM

The US vs Microsoft case is fascinating, but applying a territorial approach to data could lead to some bizarre consequences. What if an IT company decides to split every file into 3 pieces stored on servers in 3 separate countries? Would the US need an MLAT with each of those 3 governments? I'm pretty sure law enforcement would consider that approach completely unworkable. Also, how is the US government, even supposed to know what server currently has the files that are requested, unless Microsoft volunteers that information? Is the USG just supposed to send MLAT to every country in the world with Microsoft servers in a shotgun approach? I never make it to the end of Clive's dissertation length posts, but comparing data to a physical cottage which for the most part is A) indivisible, B) can't be replicated, C) can't be moved, and D) is usually at a known location seems to fail as an analogy at almost every level.

JonJanuary 20, 2016 9:06 PM

Strictly technically, John that too is unlawful. Any payment, even payment in some other material than money (like filling their tank(s)), counts as a car rental, and no, your friend is not licensed or insured or permitted to rent his truck out.

For all the LEAs out there, I would like to point out that I do indeed possess a large diesel truck (F-350, long bed, crew cab, diesel, dually) and that I have allowed those who borrowed it to refuel it for me.

For Hagen I would like to suggest another idea -

Cover traffic.

Agree with many of your best friends to create a system of exchanging garbage data. Send three or four of them 30-40k of totally random garbage every day, and have three or four of them send you something like that amount every day also.

Note that for good opsec it must be totally random garbage. Of varying size. Of varying numbers of recipients. Et cetera. Not pictures of cats, not rants about Bernie Sanders, totally random garbage. And it must be frequent.

Then to actually transmit sensitive information, you send via a completely outside channel (that can be untrusted as far as the contents of the message is concerned, just as long as they don't ALSO have all the email handy) that says "XOR the first lump of garbage from last Thursday with the 3rd lump of data I sent you on the anniversary of your adopting a dog" or something like that.

Note further that any well-encrypted data is indistinguishable from random noise. And that given any encrypted data, ANY one-time pad can be constructed to make that data appear as anything at all.

Best o' luck.

J.

WaelJanuary 20, 2016 9:40 PM

@Sancho_P, @Dirk Praet,

This paper tiger denies cultural differences (our colorful world, ask @Wael)

What a miserable idea! The blind leading the blind!

HagenJanuary 21, 2016 4:46 AM

@Jon

That is exactly what I was thinking about. In a scenario I suppose Clive Robinson had in mind, encryption plus opsec may work fine. For example against economic espionage: a company can hardly hide the business there are in and the fact that business secrets may be involved if they communicate with their customers or lawyers. So the “target” for economic espionage is more or less obvisious to any offender, so a strategy relying on encryption and opsec may be the best what they can do. However they will be in the relatively favorable position that the local officials will be on their side.

Contrary, for example for a journalist who wants to protect his sources, that may not be sufficient. Whistleblowers may be punishable locally if getting caught. As a result of that the journalist is in the much worse position compared with a CEO having business secrets that he probably needs to achieve protection *against* his own countries TLOs and not with them. There is also much more at risk for whistleblowers and dissidents then just money and for us maybe also: the existence of investigative journalism. At least in Europe journalists expressed exactly this concern (among others) as a motive to fight against mass surveillance. i.e. a political solution. Though there is none and possibly unrealistic to expect, I think they respond with simply abstaining from electronic communication in sensitive cases and may be well advised to do so. But (unless I’m wrong) from a principle, theoretical standpoint, using entropic data in up- and downsteams, already all around anyway due to multimedia data compression for example, should enable to hide the mere fact that communication take place. No known target – no attack against it. Easier that arranging a personal meeting with someone living in North Korea. ;)

But anyway – thanks to Clive Robinson, Jon and all others for your detailed replies.

Dirk PraetJanuary 21, 2016 7:28 PM

@ Sancho_P

I’d be careful to bet on this fig leaf of colonial arrogance and western supremacy.

I find your downplaying of the UDHR and the ECHR quite disturbing. May I suggest reading them some time, then target your anger at the governments (and corporations) refusing to implement them.

AnonJanuary 21, 2016 7:56 PM

@dirk

Regarding the UDHR, has there ever been a government sanctioned by the UN security council for violating article 12? A law that is not enforced now and has never been enforced in the past doesn't exist for all practical purposes. For all real world discussions, perhaps the UDHR should be considered null and void.

Dirk PraetJanuary 22, 2016 7:43 AM

@ Anon

For all real world discussions, perhaps the UDHR should be considered null and void.

Which is exactly what many - if not most - governments would like us to do, so they themselves may continue to ignore it. Don't buy into it. Or as one Thomas Jefferson once put it: "When the people fear the government, there is tyranny. When the government fears the people, there is liberty."

Sancho_PJanuary 22, 2016 6:20 PM


@Dirk Praet

UDHR / ECHR / [any “rights” given by any human supremacy] are far from “Security” so I’ll try to keep it short:

On the contrary, I won’t downplay the importance of discussing where we (the cultures as entities of mankind) stand, where we could find consensus and where and why we disagree.
But we never did [1].

It’s a bit unfair always to blame the US just because it’s their relative freedom that allows us some limited access to their actions.
It’s not only the US.
However, you, Dirk, formerly have linked most of their blatant violations against what some call “human rights” (in western view). Starting from 1948 (UDHR) to now, probably none of these “rights” wasn’t unaccountably violated, always with the knowledge of the POTUS.
This is both a shame and a clear indication for the fact that our western “rights” are only used to deny others access to “our” dining table while exploiting their resources.

The sad part is that mankind long ago has irretrievably lost it’s future to the God of Growth, while proposing “rights” to the sound of a toast.
Already the generation behind ours will dearly pay for.
Religion is the problem (theology probably not).

”Which is exactly what many - if not most - governments would like us to do, so they themselves may continue to ignore it.”
- This is a joke, isn’t it?
Who created the UDHR? We the people or the powers?


[1]
The reason may be that our powers are driven by greed and business (they call it capitalism but it is not), contrary to expertise and moral value.

AnonJanuary 22, 2016 7:47 PM

@Dirk

I think you've conceded my point that the UDHR has in over 70 years has had zero results. Even from the standpoint of those who might agree with its principles, it's best regarded as a total failure.

As for Thomas Jefferson, you have to be joking. Jefferson was a strong proponent of the view that treaties were not and should not be self-executing. In simpler terms, he believed treaties should have no force in any domestic court, to the extent the treaty provisions fell within Congress's legislative powers. So in the Jeffersonian view, if the USG violated a US citizens rights under the UDHR, US citizens would have no right to sue. Their only recourse would be to find another sovereign to champion their cause(let's say the German government). The German government wouldn't be able to sue in US courts either, but would have to pursue diplomatic remedies. If this is starting to sound like a complete farce, well it is.

Dick MillsJanuary 23, 2016 8:03 AM

Under present US law, if a file resides on a commercial server for more than 180 days, it is no longer considered private, so may be searched.

I too would like to see this law. I suspect that you have misinterpreted it, if it exists.

Wikipedia: Stored Communications Act says:

If an unopened email has been in storage for 180 days or less, the government must obtain a search warrant

AnonJanuary 23, 2016 12:31 PM

@Tyrone:

Yet another reason why, if you must use cloud storage, your should only use it to hold a container file for a virtual encrypted drive (e.g. Bestcrypt, Veracrypt, Cipher Shed, Truecrypt, etc.), and read//write to the open virtual encrypted drive. That way all encryption/decrption is local, and all Google has is an encrypted container file to look at. Even if the connection to Google is monitored by Google, they still just see encrypted traffic.

That's a large "just". Consider what "traffic" means for a party that hosts your data's physical storage media: I/O metadata. The location and (possibly the precise) size of all data requested from disk.

Now apply Big Data traffic analysis to this: compare the usage patterns of "fully anonymized" customers to the usage patterns of less-private users. They know what your operating system is. They know which applications you're using, when you've loaded them (which gives them activity maps in a negative way - they can't prove you are using the internet, but they can be sure you didn't run the web browser before you requested the sectors corresponding to it), which data files are probably associated with which applications, and when you access those files. They know which areas of those files you edited (if your OS/app edits in-place), and they know when you made those edits. If you add 3 blocks to a file, and other users with similar usage patterns and a file of matching size update theirs to share the same new size, you can infer both connections and when (the window within) their communication took place. Many such edits (for collaborative work) may narrow the target pool enough that personal visits become practical, even if the users do not have similar usage patterns.

How can you defeat this? Don't simply mount an encrypted drive across the network. Buy enough RAM to cache the drive, or (if that's impractical) use a custom driver that loads entire sets of sectors at a time (always in a multiplier of large fixed size) when requested, concealing the data you are after. The latter only lowers the resolution of their pattern-identification, and also may transform you into an effectively unique outlier (are all your collaborators using the same opsec?), but since you're wasting vast amounts of bandwidth either way (hope you can afford that) (and that your connection even allows for transferring so much data in a reasonably responsive time), you might try partitioning the sets of data you expect to access, each able to fit within RAM, and never use more than one at once.

But remember that privacy isn't your only concern. The government wants to screw with you? Hey, that file you're accessing frequently - it looks like that file might be pretty important to you. Now, sure, it's not so much a "file" as "X blocks of data", but the government can infer it's a file. The thing about files, though - even encrypted - is how they still occupy a physical medium. This medium can fail. Oops! It just did. Maybe they can recover your data, but it'll take a while. Not sure how long. But it's not like you were involved in anything that would fall apart if you couldn't access your data for a few critical days/weeks/months, right?

Now apply data profiling to this. You might not be one of the people involved in a conspiracy they're tracking, but there are only a few thousand people with usage patterns that are "close enough" to be suspect; costing them their data for a few days/weeks/months/indefinitely is a small price to pay for being certain that the conspiracy is disrupted.

Dirk PraetJanuary 24, 2016 6:48 PM

@ Anon

I think you've conceded my point that the UDHR has in over 70 years has had zero results. Even from the standpoint of those who might agree with its principles, it's best regarded as a total failure.

May I recommend taking a basic course in international law? The UDHR in itself was meant as an inspirational document out of which emerged two legally binding covenants, i.e. the International Covenant on Civil and Political Rights and the International Covenant on Economic, Social and Cultural Rights.

There also is an increasingly growing view among international lawyers that most, if not all the provisions of the UDHR for all practical purposes have become part of international customary law. Which means that, unlike treaties, which only bind a country once it has accepted the treaty obligations, all signatories are bound, whatever their particular view may be. A country cannot repudiate international customary law, as it can a treaty obligation.

Although in practice it is rather uncommon for countries to be formally found in breach of the UDHR, it never reflects well on a nation's reputation to be accused of doing so or for them to be able to maintain the moral high ground on certain causes, especially those profiling themselves as champions on human rights.

Jefferson was a strong proponent of the view that treaties were not and should not be self-executing

What of it? Hence the difference between declarations, treaties, covenants and customary (international) law.

@ Sancho_P

However, you, Dirk, formerly have linked most of their blatant violations against what some call “human rights”

Yes I have. So what? Since when is it wrong to call out a nation's blatant hypocrisy on the matter? Plenty of nations have an abysmal record on human rights, but there is only one that is still consistently accusing others of violating human rights all while having a really shameful record of its own.

The sad part is that mankind long ago has irretrievably lost it’s future to the God of Growth, while proposing “rights” to the sound of a toast.

If in your opinion "all is lost", then why bother discussing the issue or trying to convince others of such a dim and defeatist opinion? If you no longer have the courage to stand up for what you believe in, then maybe it's time to settle down, become a model citizen and follow the shenanigans of the Kardashians on social media. Alternatively, there is booze, whores and heroin on every street corner. Either way, the system wins.

AnonJanuary 24, 2016 10:36 PM

@Dirk

I think you're taking a legalistic view and missing the big picture. Why do countries follow international law(customary or otherwise)? It usually boils down to one of two reasons.

1) If they don't follow an international law provision, then they're afraid other countries won't live up to their end of the treaty or won't follow that law either.
2) There's a credible threat of economic sanctions or military force for failure to comply.

If both 1 and 2 are absent, then the international law in question is largely a narcissistic exercise so that the lawyers and diplomats can pretend to be doing something important.

Dirk PraetJanuary 25, 2016 4:04 PM

@ Anon

If both 1 and 2 are absent, then the international law in question is largely a narcissistic exercise so that the lawyers and diplomats can pretend to be doing something important.

No, it isn't. The entire purpose of international law is to establish a framework of legal rules, regulations and accepted practices by which countries, organisations and people throughout the world interact with each other and with citizens of different countries. Its failures are not a result of the people behind it being a bunch of naive, narcissistic dumbasses, but of the general lack of coercive enforcement mechanisms and authoritative supranational tribunals.

Today, there are only a few such bodies, i.e. the UN Security Council (SC) and subordinate organisations such as the International Court of Justice (ICJ). Unfortunately - and to the frustration of most of the international community -, both are pretty much impotent as long as the permanent members of the Security Council hold veto powers that also apply to the enforcement of ICJ decisions. To make things worse, the US in 1984 withdrew its acceptance of the court's jurisdiction following the court's judgment that called on the US to cease and refrain from the "unlawful use of force" against the government of Nicaragua.

In a nutshell: the problem is not with international law itself, but with a handful of powerful nations among which the US, the UK, China and Russia, refusing to play ball with the rest of the world in the simple pursuit of their own national interests or those of their minions. There's nothing legalistic about that. However much it may be today's reality, calling the UDHR and international law null and void is an explicit condonation of that status quo and an approval of said governments position on the matter. Which ultimately begs the question: whose side are you on?

AnonJanuary 25, 2016 5:15 PM

@dirk

I think Thomas Jefferson would have been completely horrified by the idea of "authoritative supranational tribunals". I concur that the UN is impotent and will leave it at that.

Sancho_PJanuary 25, 2016 5:53 PM


@Dirk Praet

re "Yes I have. So what? Since when is it wrong ..."
Oh sorry, it wasn’t meant to criticize you, I appreciate the facts from your previous comments.
My point regarding violations of moral values (not human rights) merely was “The absence of knowledge is not proof of absence”, it’s not only the US, other nations don’t do better, only silently.
I (and as I understand you, too) do not ("wittingly") hate America.
- In my thinking no human can grant human rights, proposing himself a superhuman.

However, I do not understand the contradictions in your last paragraph @me.
I wrote what I believe (your quote), I won’t discuss it here because it’s OT and I’m stubborn enough to disbelieve in convincing someone but myself.
So there is no need for the “If - then” decision.
However, you’d have missed at least the alternative to go on living one’s life in a quite normal, boring fashion :-)

ianfFebruary 7, 2016 5:51 AM


On January 17, 2016, one Lucifer's Lubricant made a

Realistic Proposal #1:
    Advance Global Free Speech wherever and whenever possible. Fight tooth and nail against any method for establishment interests to maintain dominion over that realm.
Very applause-worthy humanist, romantic and idealistic a goal.

As for the realism of its implied implementability on a global scale, I suggest you pull your [mental/ intellectual/ menial] resources together with Jason Richardson-White, who also promotes a similar long-range goal of human development. Unfortunately I can not supply you with the particulars of that other promoter of free speech that I've run into in 2001, and whose far-reaching thinking I eulogized a month ago.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.