Securing Communications in a Trump Administration

Susan Landau has an excellent essay on why it's more important than ever to have backdoor-free encryption on our computer and communications systems.

Protecting the privacy of speech is crucial for preserving our democracy. We live at a time when tracking an individual -- ­a journalist, a member of the political opposition, a citizen engaged in peaceful protest­ -- or listening to their communications is far easier than at any time in human history. Political leaders on both sides now have a responsibility to work for securing communications and devices. This means supporting not only the laws protecting free speech and the accompanying communications, but also the technologies to do so: end-to-end encryption and secured devices; it also means soundly rejecting all proposals for front-door exceptional access. Prior to the election there were strong, sound security arguments for rejecting such proposals. The privacy arguments have now, suddenly, become critically important as well. Threatened authoritarianism means that we need technological protections for our private communications every bit as much as we need the legal ones we presently have.

Unfortunately, the trend is moving in the other direction. The UK just passed the Investigatory Powers Act, giving police and intelligence agencies incredibly broad surveillance powers with very little oversight. And Bits of Freedom just reported that "Croatia, Italy, Latvia, Poland and Hungary all want an EU law to be created to help their law enforcement authorities access encrypted information and share data with investigators in other countries."

Posted on November 23, 2016 at 2:01 PM • 108 Comments

Comments

ramriotNovember 23, 2016 2:21 PM

In the UK case the more important element is logging.

Even without exceptional access (backdoors), the metadata in communications is of often far greater use than the actual content of same. Thus anything that extends the tendency for truncating logs to a set minimum time period puts everyones history under possible scrutiny.

Be that from your local magistrate or worse an international criminal organisation. Even the head of the collective body of ISP's in the UK has said that having mandatory logging no matter how carefully it is secured is just way to tempting for it to remain secure for long.

tzNovember 23, 2016 3:09 PM

Does anyone else find it ironic that for the last 8 years, we were somehow not worried or half worried because Obama was "benevolent" though used the Espionage Act more than all previous Presidents combined, but now that it is Trump everyone is worried about privacy and security?

Obama could not be convinced.

If Hillary isn't to be held accountable (a pardon, defacto if not dejure) then Assange and Snowden should get the same treatment.

Perhaps Trump could be convinced - his record is hiring smart people to accomplish things instead of crony capitalism. There is a site where people can apply for the 4000 presidental appointments, so I would suggest everyone apply instead of whine or complain.

HolygarchyNovember 23, 2016 3:30 PM

The difference, and you can argue all you want is the difference between a passive and invasive intent. E.g. perceived malignancy.

You refute this?

Remember, before the 2012 elections we were just your average crazies. Snowden was 2013, it's 2016 are you still living in the 1950's?

Clive RobinsonNovember 23, 2016 4:07 PM

@ tz,

Does anyone else find it ironic that for the last 8 years, we were somehow not worried...

It goes back a lot longer than that, there have been repeated clear red flags that some could clearly see for over thirty years. However when trying to discuss it you got labled as a conspiracy theorist or some such.

Go back to BadBIOS for an example just before the Snowden Revelations. Or shortly before that the discussions about the NSA hole in Utah. Even our host Bruce, did not realy grok what the implications of what became known then. There was the memorable thread where he asked just what could be recorded away by the NSA on commodity hardware. I definatly got the impression his jaw dropped at the analysis and figures that came back, as did many others when it became clear every phone call and private communications of the whole US with plenty of capacity to spare.

Then all the sand that many had buried their heads in got blown away by the howl that arose from the Ed Snowden Revelations. It was the realisation that the majority had failed to think things through to their logical conclusion at what the laws of physics not man alowed or disalowed. The backlash against Snowden was not for what he revealed technically --it was more or less known-- it was due to the pain and hurt of having been taken as fools by the Intelligence Community who had effectively been laughing at the US citizens and treating them as cuckolds.

hawkNovember 23, 2016 4:27 PM

I guess the recent Trump appointment has everyone worried.

I listened to an interview with Admiral Rogers. He didn't pretend to have all the answers but insisted it was possible, somehow, to design a safe system but one with extraordinary access. He seems convinced of this because, to him, no one is even bothering to try, everyone is just talking past each other. Not sure.

WaelNovember 23, 2016 4:32 PM

This is how things will be secure -- it's a matter of perspective:

Word evolution:

Past: Encrypt: Verb, hide the meaning of the message
Near future: Encrypt = Encrypt: Verb, put users of ciphers in a crypt

RickNovember 23, 2016 4:35 PM

I totally agree with the thesis. But the title suggests this had something to do with Mr Trump. Huh? Not sure what has to do with the other.
At least he's not a criminal.

TedNovember 23, 2016 4:58 PM

It will be interesting how the EU’s General Data Protection Regulation (adopted in April 2016, to be applied in May 2018) will co-exist with current and future data access and collection practices.

A study by Efrén Díaz Díaz provides an analysis of the privacy and data protection legal framework for EU member states. In the conclusion, he summarizes the primary innovations and advantages of the GDPR. Mr. Diaz also discusses regulations for privacy and personal data protection in the US.

Efrén Díaz Díaz (2016): The new European Union General Regulation on Data Protection and the legal consequences for institutions, Church, Communication and Culture

Sancho_PNovember 23, 2016 5:26 PM


@Rick: (”Not sure what [this] has to do with the other.”)

Let me try to help:

Congraz, Mr. Trump, for bringing back common sense to the Americans,
you are my hero!

Trump is good for all Americans, those who have voted in favor of and against him.

WaelNovember 23, 2016 5:40 PM

.

we need technological protections for our private communications every bit as much as we need the legal ones we presently have.

A subtle hint that the "the legal ones" maybe short lived as well.

1234November 23, 2016 6:24 PM

There's a financial disparity in the battle to secure communications. Governments have vast financial resources, and a misguided desire to access encrypted communication. Individuals, non-profits, and small companies don't have the financial resources to win that battle. And the big corps will end up caving to government, because fighting them is ultimately not profitable.

Solution? Cryptocurrencies that have high financial value and incorporate some ability to communicate securely. There is a high financial incentive to keep the encryption secure, so that large amounts of money are not lost.

Precinct AuditorNovember 23, 2016 7:19 PM

It's not the Administration of any year that should trouble you Schneir, et al, it's the Government's power to subpoena the records of any company, any time, under FISA, RICO or the like. Try to remember that Obama's version of "transparency" was as clear as mud. It's the liberals who are attracted to government oversight and control of everything, by a nose.

AnuraNovember 23, 2016 7:36 PM

@Precinct Auditor

Trump has campaigned as the candidate of "Law and Order" and supports a massive expansion of military and law enforcemet, as well as the surveillance powers, which most Republicans are behind. Most elected Democrats and Republicans support expanding the surveillance powers of the NSA, so don't fool yourself into thinking things will be great if only your party is power. Next year, the US will have the most authoritarian government in its history.

If you think Obama was lacking in transparency well... Did you pay attention during the campaign? Trump refused to say or do anything (such as release his tax returns) unless he thought it would paint him in a positive light - the only things that we know about him are that he is extreme secretive, has massive conflicts of interests he is already exploiting, cares only about himself, has no clue what he is doing, has no clue about issues, is easily manipulated, is easily angered, and tends to obsess over tiny things that get under his tissue paper skin. Yeah, sorry, that's not the kind of person you want with any sort of power whatsoever.

Precinct AuditorNovember 23, 2016 8:24 PM

@Anura
Massive? Expansion? Take it easy, I think you're reading far too much into not nearly enough. Time will tell if that will come to pass. But a return to enforcing the laws that exist now, treating law enforcement as fellow humans deserving of respect and fair treatment? Yes, and rightly so.
I'd like to see Hillary prosecuted for breaking the law that you or I would be prosecuted for as members of the unwashed masses. (I'd also like to see Assange given a conditional pardon and asylum.)
I never fool myself into thinking puppies and rainbows because of anything. Humans are humans, we are flawed. Obama is human, so is Trump.
Trump's tax return is fascinating to the press. The press wants to misinterpret it for us. That's ok, I'll wait to see it for myself, without all the sturm und drang. Don't be a tool of the 5th Column nee 4th Estate, it won't help.
You had eight years of having it all your way. You have no one to blame but yourself for your loss. Since the rest of what you say sounds like sour grapes coated in simple hatred, I'm going to leave you to wallow in your wounded world view.
Bon nuit.

Tom SayerNovember 23, 2016 8:28 PM

@Precint Auditor,

Time just like FOIA, may never either.

This is what protections are supposedly all about.

Fear is reasonable, panic is not.

Precinct AuditorNovember 23, 2016 8:36 PM

@Tom Sayer,

FOIA sometimes works, sometimes it's thwarted by certain agencies for good and ill. If "equal protection under the law" does not equate to Hillary being prosecuted, then one of the hallmarks of America that immigrants and natives look to her for -- that no one is above the law -- is slipping away, corroding her essence.

Reasonable fear is healthy, panic kills -- agree.

trendNovember 23, 2016 8:59 PM

You can add Canada to that list as well. RCMP are pushing for all of the same capabilities and requirements just enacted in the UK. There's a public consultation process gathering information via a government website right now.

This is on top of the increased CSIS powers already enabled by the previous party and not yet reduced as promised by the current party.

AnonymouseNovember 23, 2016 10:52 PM

@Precinct Auditor

Do you remember what Trump said and promised regarding Hillary during his campaign? (Will you hold him accountable for those and promises?)

Did you hear Trump say "the Clintons are good people" on 60 Minutes?

Clive RobinsonNovember 24, 2016 2:11 AM

@ Wael,

Near future: Encrypt = Encrypt: Verb, put users of ciphers in a crypt

Hmm, which implies,

Present: Decrypt: Verb, pull zombie PICTs[1] from the crypt and setting them on the unsuspecting citizens.

[1] PICT: Propaganda Intelligence Community Technician (synonym : Troll) - individuals who's "pay grade" "glass ceiling" assumes that their total authoritarian follower mentality and lack of even physical ability to climb stairs renders them unable to perform any kind of normal "zombie brain eating" work thus they remain chair bound trying to consume "Cyber-Brains".

WaelNovember 24, 2016 2:28 AM

@Clive Robinson,

Present: Decrypt: Verb, pull zombie...

Lol! I didn't even think about the decryption part! Oh, well... good prediction :)

Clive RobinsonNovember 24, 2016 2:32 AM

@ 1234,

Individuals, non-profits, and small companies don't have the financial resources to win that battle.

It has nothing to do with "financial resources", after all how much does a box of carbon paper, a couple of dice and a pencil cost?

That's all you need to use a One Time Pad crypto system.

No the real issue is the soft spot of "human failings" we hide behibd the word "usability". That is people do not want to develop the simple skills or have the discipline for secure communications, they just want to "Type and Go" or be as they see it "More productive". It's these very human failings that governments are attacking, by trying to prevent "simple security" from their view becoming available.

WaelNovember 24, 2016 2:47 AM

@Clive Robinson,

"Type and Go" or be as they see it "More productive".

That's an incredibly diplomatic way of describing "Cut and Paste". No one "types" these days. The mouse is more productive.

Let me make a prediction: Some "self-deluded genius" is going to craft a piece of malware that uses the mouse (the wired one) as a vector of spying on the user.

Clive RobinsonNovember 24, 2016 5:00 AM

@ Wael,

A subtle hint that the "the legal ones" maybe short lived as well.

I'm not even sure such laws actually exist anymore... But just appear to exist like a shimmering oasis in the desert to a parched and probably hallucinating mind.

With regards,

Some "self-deluded genius" is going to craft a piece of malware that uses the mouse (the wired one) as a vector of spying on the user.

As I have a habit of saying "Energy and Bandwidth", if they are there and sufficient then all you need is a modulation mechanism such as a "transducer" and it's job done. If the energy is not there by default sometimes it's almost trivial to add...

We already know that a high EM frequency signal can put coherent energy onto/in a hard surface, that by the simple process of vibrating reflects the coherant signal both phase and amplitude modulated. It is after all the method of operation of the "laser mic". But as the Russians demonstrated a lifetime ago with the great seal bug, sometimes you need to find an EM frequency that walls are transparent to but the vibrating surface is not. Obviously the coherent energy source does not have to be an EM one there are other forms of both radiant and conductive energy that will (and do) work "nuff said". Go and look at redactions in some FOI releases to get clues, after all it can be seen that they were exploiting acoustic and mechanical radiation / conduction during and just after WWII from some FOI release redactions.

Clive RobinsonNovember 24, 2016 5:42 AM

@ Anura,

Trump has campaigned as the candidate of "Law and Order" and supports a massive expansion of military and law enforcemet, as well as the surveillance powers, which most Republicans are behind.

It's not just "Republicans" is also very much the youth who have no hope of worthwhile further education or jobs due to their circumstances.

Historically "guard labour" was a "way out" of a "non-life" into respectability, family, home etc. A real way that younger dreams of "Running away to join the circus" could never provide. A sort of pre "welfare state" safety net supposadly giving ethics, education and opportunity.

However it can go wrong badly wrong, go read up on the interviews with "Lindsay English" of Abu Ghraib notoriety about her early life and background.

Further have a look at the words and actions of the disafected youth in non north west Europe and the rise of "Far Right" --in Europran terms-- ideologies in those hit by the problems of the Euro Zone and the unelected Council of Ministers. Likewise the UK Brexit vote.

This number of people are not born "right wing" nor are they generaly brought up "right wing" it's the fact that they are effectively ostracized by unelected people in power that makes them "easy pickings" for "Whiteman's-Radicalisation". Which when you cut through the political rhetoric is just as poisonous as any other form of radicalisation, right or left wing. Because it always sets it's self as being in search of justice, of righting harms etc etc through destructive means such as "Teardown the old order" etc in short turning against the society that appears to have excluded or ignored them.

The fact that politicians seem oblivious to this or even want to drive people that way is to be frank quite worrying.

Now I can not attest to Mr Trumps intentions, but enlargining the guard labour will help lance the boil of the upswelling of right wing sentiment hiding as Nationalism. The problem comes down the road of "Now you've got them, what do you do with them?"... The old answer was "start a war to cull their numbers" thus reduce the problem whilst stimulating the economy...

ThothNovember 24, 2016 6:31 AM

@Andrew Conway

There is no such thing as a secure email provider. All email providers are vulnerable no matter if it's in Iceland, Switzerland, Romania, Germany, China, Russia or wherever they are and no matter what they promise.

As long as you ...
- Don't physically have the hardware within reach in your premises
- Don't use distributed network and computing architecture
- Cannot destroy cryptographic keys in time or cannot deny possession of the cryptographic keys

You are pretty much done with.

Concept of email servers hosted by a third party in another location is a very bad idea. Emails were never meant to be used for secure communications since it's inception either.

ThothNovember 24, 2016 6:34 AM

@Andrew Conway

Oh, and TOR does not solve the problem either since it is assumed that NSA et. al. knows the inside out of the TOR network these days and knows which email provider you are using. All it needs is for them to act on the suspected email provider(s) after some observation and that is all it takes to get whichever email accounts they want and it's contents.

ThothNovember 24, 2016 6:55 AM

@Clive Robinson

I guess the better way to disguise track is to tunnel it through HTTPS (make it look legit) and within the HTTPS tunnel, you do your own E2EE protocols.

I think it would be interesting if the a distributed Fleet Multicast system that uses HTTPS as an external tunnel with the actual E2EE fleet broadcast message inside to avoid detection would be pretty useful.

The thought process is the fact that random looking bytes with weird protocols would usually light up under the observation of a national or international actor threat model whereas the ton of HTTPS traffic out there is numerous and the best way to avoid detection is to blend into the crowd. What better way to not allow suspect of using a secure E2EE protocol than to hide it within a normal looking HTTPS.

Link: http://www.theregister.co.uk/2016/11/24/foi_sparks_backdoor_debate_in_europe/

AnuraNovember 24, 2016 8:06 AM

@Clive Robinson

I did not intend to imply that the left is less prone to extremism, this is just the way things are right now.

As for the guard labor, at this point that will likely fail. The problem is that Republicans have to cut taxes for the rich, and they have to increase the military and increase the militarization of law enforcement agencies. This is expensive, and with the tax cuts they are going to blow up the deficit. This means spending cuts on other agencies, which actually have a positive effect on the economy (military and law enforcement are probably a net negative - while they create demand, the long term effects on the economy are negative because we focus on being big and tough, not on generating positive outcomes, and the military destroys global wealth, while our prisons turn petty criminals into career criminals).

The big cuts are going to go to social services, and since those go to the people with the highest propensity to spend, they are going to have a huge impact on demand. Not only that, but the spending itself has a much higher utility, so the actual quality of life is going to drop significantly. The problem is that since all the tax cuts are going to the rich, most of the money is going to simply inflate asset prices, which has little impact on things like employment, and tends to lead to bubbles which cause misallocation of resources, which will eventually lead to a crash.

So we are likely going to have a very plentiful labor market, but a very tight job market. Market forces come in, and real wages for workers decline as corporate profits increase. The economy reaches the point where it slips into negative growth and then you have a recession. The problem is that we have morons in Congress who think that the best way to solve a recession is more tax cuts for the rich, and focusing on ways to increase profits without actually growing business.

Unfortunately, once layoffs start due to a lack of demand, demand further drops leading to more layoffs. This leads to a spiral, which further increases unemployment, and further reduces wages for the workers. On top of that, most likely the government is going to focus more on privatization, which tends to me the workers get paid much less so that the firms can collect rent on their labor. This, again, is one more thing that pushes wages down and further lowers economic output.

I don't know why people can't see that the reason for the slow growth is a lack of demand, not a lack of capital - literally every single sign points to a lack of demand: low inflation, stagnating wages, stagnating growth, high income inequality... Hell, after-tax corporate profits as a percentage of GDP reached a record high under Bush, and then shot up after the recession to remain at record highs under Obama - and Republican policy is going to focus on corporate taxes and regulations?

I think it's unlikely guard labor will be increased enough to make up for the drops in demand, especially since the areas where people are aching for manufacturing jobs are not going to get them, and the fact that welfare is propping up the local economies. While a handful of people will get a shiny new prison or weapons factory, it's not going to be close to enough to make up for the losses due to all the cuts and the growing inequality.

ab praeceptisNovember 24, 2016 8:20 AM

r (and others interested)

"curl audit" - I noticed that, too, and had, of course, a good look at it.

While the work of the auditors is commendable I strongly doubt that we can consider curl now as clean (supposing the problems get solved). In fact, the auditors themselves say that they focussed on code parts that by their nature is sensitive.

I'll leave it to others to comment on quite obvious factors. The first problem (fgets/buffer size) already hints at some issues worthy of thinking and talking about.

My point is something different. Some of what has been found can not possibly be found using static analysis. The fgets call is correct; the problem is somewhere else.

So, how to avoid it? There are multiple answers but only one valid one. Gladly, we have a clear case here; the curl team states that they are serious about security and that they do many, many unit tests - but they failed. Why?

As I said before, unit test are basically but well intended lottery. To make it worse, they usually stongly tend towards demonstrate properly working mechanisms/code. And that's where the first monster rears its ugly head: a biased and limited perspective. More often than not "Check whether it works properly" is guided by a biased view, particularly when the unit test authors are the same people who write the code to be tested. Second, their frame usually is based on "reasonable assumptions" - while hackers are targetting the corner cases and the grey zone.

The a.m. first fgets/buffer case is a good example. The framing question (which is rather typical) is something like "what's the expected cookie size?", followed by "let's be on the safe side and add some space". Usually a final question is "what's the damn, insane maximum to be expected? What's the cookie size nobody outside a mental asylum will ever cross over?". The answer was 5KiB. And it was a very reasonable answer. For normal or even somewhat exotic use, that is. For hackers, however, it was an open "f*ck me!" invitation.

Then that code is tested against the very same set of assumptions. And, of course, it runs OK (after some minor bugs are killed)

All in all -> Fail.

What's the right way? Formal spec. and modelling. Properly done, a good model would show the problem, namely that something outside of my control can play be the rules or not.
And it's not an exotic or difficult case. No, it in the very definition of code that interacts with other player outside of my control. It's the internet, i.e. among the worst imaginable contexts. So *obviously* I must assume that *no* size limit whatsoever is reasonable. There is just nothing keeping another party away from sending a 3TB cookie.

Ergo my model must be based on possibly umlimited data (cookies, in this case) coming in. My mechanism needs to slice, manage (e.g. clean up, null, free, etc), and "guard" the exchange.

Which, finally also leads me to bring up Clives "tasklet" or library approach again YES! We *obviously* need something like that. We need, for instance, an "untrusted_get_data()" rather than ignorantly continuing to use fgets and company.

Clyde I cherish your tender ruby orbNovember 24, 2016 10:51 AM

Back to tongue-in-cheek clickbait headings, are we? Because privacy interference has nothing to do with Trump and everything to do with the FBI mafia

https://motherboard.vice.com/read/fbi-hacked-over-8000-computers-in-120-countries-based-on-one-warrant

http://whowhatwhy.org/2016/11/20/distrust-fbi-let-us-count-ways/

https://www.documentcloud.org/documents/3224250-Hearing-in-Tippens-Day2.html

FBI killed Ibragim Todashev to frame Jokar Tsarnaev for its own crime, another of a decade-long series of crimes FBI induced to justify political repression. There's nothing these animals won't do if they're not brought under control.

rNovember 24, 2016 11:18 AM

Who's baiting hooks now?

Show us that the FBI framed Jokar or gtfo, what's the matter? They weren't visible enough for you to target them before hand and all you can find is shadows and speculation now?

BLAH BLAH Conspiracy, BLAH BLAH Rough Framing, BLAH BLAH Click my link.

Maybe you should up your Auntee, focus on things that matter.

Oh something else, alot of us here don't need engineered documents.

Why is that?

Because we don't need an extra subchannel to coordinate our efforts, there's something else guiding us and it's apolitical.

Framed Jokar, lol.

Do you know how many pieces of evidence the FBI has outsourced for a lie and a pat on the back?

And you think Jokar matters why?

65535November 24, 2016 11:24 AM

@ All knowledgeable about the Snooper’s Charter

Let me ask some specific questions about this Snooper’s Charter:

1] Will it be used by various nations to side-step privacy, for example, by routing USA traffic through the UK and so on?

2] Who is not covered in the Snoopers Charter? Politicians? Lawyers? Doctors? Banks?

3] Who is the judicial arm that allows MI5/MI6, law enforcement and others to view this huge data base?

4] What are the “Emergency Exception” rules to view and rummage through this huge data base and how many “Excepts” are there?

5] Due to a lot of documents created/Sent in PDF or Word or Excel and the fact that Adobe Pro DC/Adobe Readers are somewhat server dependent as is Microsoft Office 365; how will lawyers and judges know they have not be targeted for these types of common documents? Sure, these type of documents can be signed and zipped with a password but what happens when UK authorities want to read them?

6] What are the countries that will not comply to this Snoopers Charter?

7] Will this Snooper’s Charter be a huge danger to journalist?

9] How will journalists keep their sources secret?

10] For the Average UK citizen what are the penalties for not decryption their digital conversations and documents? For example, a small fine or a long time in jail?

rNovember 24, 2016 11:28 AM

@65535,

#7, When Snowden leaked, weren't there english news papers that were successfully sanctioned as opposed to the american ones that found themselves resistant to the pressure?

Oh Clyde, prolapse meNovember 24, 2016 12:17 PM

Oops! Criticism of FBI crime set off r's 1035-960 propaganda reflex, bop with the rubber hammer, 'Cconspiracy!!1!!' We like incoherent derision, it indicates cognitive dissonance on the part of the compliant masses.

Captain ObviousNovember 24, 2016 1:18 PM

@Thoth


There is no such thing as a secure email provider. All email providers are vulnerable no matter if it's in Iceland, Switzerland, Romania, Germany, China, Russia or wherever they are and no matter what they promise.

As long as you ...
- Don't physically have the hardware within reach in your premises
- Don't use distributed network and computing architecture
- Cannot destroy cryptographic keys in time or cannot deny possession of the cryptographic keys

You are pretty much done with.

Concept of email servers hosted by a third party in another location is a very bad idea. Emails were never meant to be used for secure communications since it's inception either.

And there being no technical reason at all why every $50 android phone from two years ago couldn't have satisifed all of those constraints... Evil.

CallMeLateForSupperNovember 24, 2016 1:54 PM

"...FBI killed ... to frame Jokar Tsarnaev for its own crime"

"Jokar"?! Surely you joke.

For &Diety's sake, man! Stop waving your banner of outrage long enough to note that your oppressed one's name is "Dzhokhar".

65535November 24, 2016 5:34 PM

@ r

I am sorry for the delay. In the States we have a big holiday and I had a family get together to attend.

As for 7 yes, the UK paper Guardian ran into a good bit trouble; grinding up HDs and mobos. But, so did American Glenn Greenwald who had to move to Brazil during the Snowden revelations. I would consider having to change country locations a significant pressure. I think others who have criticized the US Intelligence Community in the US have move from the US to other countries [i.e. Tor/ wikileaks, Appelbaum]. And, I think anybody who further crosses the US IC community gets rousted at US airports via body searches and other intimidation.

In other words the US IC tends to directly attack the individual reporters unlike the UK attacking a large media outlet.

As for 8, I deleted it due to it overlapping into 9. I did not have time to re-number the post before the holiday party.

I am still interested in all of my questions asked. I assume that the final draft of the Snoopers Charter is now available to lawyers and technical experts to fully examine.

If this UK Snoopers Charter extends to ALL ISPs certainly many UK lawyers, journalists, politicos, doctors, accountants, bankers, and law enforcement individuals with home ISP accounts would have all of their communications recorded.

This vast data base would seem to generate a great deal of skullduggery for insiders to dig up dirt on their opponents. Say, Defense lawyers v. Prosecutors; Politicians on the left v. Politicians on the right, Dirty cop v. Clean cop and so on.

I really would like to know the boundaries of this very invasive law – which seems to be spreading to other EU countries.

Clyde, be a dear and take the bag of hit money to MemphisNovember 24, 2016 5:36 PM

Right, because the choice of transliteration scheme is so enormously crucial to the question of FBI-induced attacks on the domestic civilian population.

Tam was FBI's ventriloquist dummy. Multiple heads exploding at the thought of FBI impunity - contract relationships, or indoctrination?

AntongNovember 24, 2016 7:27 PM

In the beginner Adam and Eve was 'decrypt' (without cloth) as it in heaven. That was nice. Now, the government want to be 'nice'. Am my mind disorder?

HalNovember 24, 2016 8:15 PM

@Dave

Shouldn't be, but that is the subtext, isn't it? Look at some more of this past year's opinion posts on Lawfare - wiretapping is an absolutely essential government need, unless the wrong people were to do it.

At least they occasionally bring out Landau et al to provide a fair and balanced opinion.

ThothNovember 24, 2016 8:34 PM

@all

SCENARIO GAMING
================

It is good to discuss about secure communications and secure endpoints but it will be pointless without a set of guidelines to handle situations when they arise. Preparedness is the key to any sort of success.

Everyone may contribute security scenarios for studying as long as it is not trolling. We need to take preparedness very serious in this day and age where the World Governments and their lackeys are out to create problem for civilians who just want to protect what is left of their personal rights to privacy and personal security.

Please be mindful of not using named entities to keep the scope wider.

------------------------------------------------------------
Scenario 1 : International Border Crossing
------------------------------------------------------------

This scenario will focus on crossing international air, land and sea borders while carrying cryptographic devices (i.e. pocket encryptors, HSMs, smart cards) or the carrying of security sensitive information in soft or hard copy (passwords, PINs, keys, databases).

All data stored on hard disk, flash disk or paper format should be stronger encrypted with a hardware secured key and then obfuscated using replacement text (that exist in dictionaries and books) for encrypted bytes. One technique is the Markov Chain[1] and there is a Github project page[2] for that.

OTPs as the KEK could be used to encrypt the Data Encryption Key used to encrypt the plaintext into the ciphertext before transforming via the Markov Chain but OTPs can be unwieldy if used to encrypt very huge data.

Another method is secret sharing of the KEK and using multiple trusted human couriers in tamper evident bags and envelopes as per @Clive Robinson described in the past. The problem would be once the OTPs are found (suspicion found on some garbled text), the way to quickly and efficiently destroying them would be necessary. The better recommendation is to store these sensitive (and possibly split shared) secret keys (in wrapped or plain form) in a tamper resistant hardware (i.e. smart cards) that can be easily made to look like ordinary transit cards by printing random design or doodling on the card's PVC surface and then slipping them with your other credit cards.

The way forward would likely be hardware secured devices that looks like and behaves like common daily items.

The ability to set the card into "Transport Mode" where a "Transport Key" is required to unlock the card would come in handy (assuming the "Transport Key" is secret shared and brought to the location much earlier than the transport of the card that might hold sensitive keymats). Displaying fake card information or blank information when under duress with the option to quietly wipe the card without any notice from the surface would be useful (I am essentially describing planned GroggyBox card function).

For lone-wolf journalist that do not have the luxury of sending trusted courier ahead of time to transport key shares and "Tranport Keys" would really have to bet on the fact that the hardware cryptographic device is capable of:

1.) Physically blending into the environment by disguising as a commercial object without raising unwanted attention.
2.) Duress PIN/Password entry that uses the same login mechanism as a normal login would.
3.) Fake partitions containing fake information
4.) Showing blank information (blank card)
5.) If the hardware comes with buttons and an internal power supply, setup a pattern code or a specialized button for quick zeroizing.
6.) Require user to re-login after every security critical operation is done on the hardware.

Links:
[1]: https://en.wikipedia.org/wiki/Markov_chain
[2]: https://github.com/linenoise/asemica

HalNovember 24, 2016 10:14 PM

I'm afraid I can't let you do that @Thoth...

Trusted human couriers don't belong in body bags, irregardless of the perceived importance of their message.

(Just messing with you. That clearly wasn't your intent, but the use of language can be tricky icky ;)

TedNovember 24, 2016 10:34 PM

The “freedom of information request” link in the EurActive article provides the collection of EU questionnaire responses from twelve countries who submitted comments on the matter of encryption and the fight against crime, and also agreed to fully disclose their replies.

Here are those questionnaire responses from the UK and Germany. The other available responses are from Denmark, Estonia, Croatia, Hungary, Italy, Latvia, Poland, Finland, Sweden and the Czech Republic. There are about 10 questions on the questionnaire. Here are the first three:

1. How often do you encounter encryption in you operational activities and while gathering electronic evidence in cyber space in the course of criminal procedures?
2. What are the main types of encryption mostly encountered during criminal investigations in cyber space?
3. Under your national law, is there an obligation for the suspects or accused, or persons who are in possession of a device/e-data relevant for the criminal proceedings, or any other person to provide law enforcement authorities with encryption keys/passwords? If so, is a judicial order (from a prosecutor or a judge) required? Please provide the text of the relevant provisions of your national law.

From the November 21, 2016 Council of the European Union letter posted with the public responses:

"As regards the replies of Member States to this questionnaire, the General Secretariat of the Council is still in the process of collecting these replies."
"So far 25 Member States have returned the completed questionnaire. Considering that not all replies have been received, no analysis has been prepared so far."

TedNovember 24, 2016 10:40 PM

The Netherlands had submitted an official position on encryption to the House of Representatives in January 2016, according to CSAN 2016. Believing that encryption offers a substantial protection for the economic and social interests of their country, they agreed to take no legal measures to limit the development, availability, or use of encryption. Although the detection of some criminal activities may in part be obscured, they concluded that making a technical entryway for law enforcement could also leave critical digital infrastructure vulnerable to other exogenous actors. Furthermore, as the country plans to increase their reliance on digital engagements among government, business, and citizens, they will increasingly depend on the security safeguards of encryption technologies.

From “Cyber Security Assessment Netherlands 2016”
https://www.ncsc.nl/english/current-topics/Cyber+Security+Assessment+Netherlands/cyber-security-assessment-netherlands-2016.html

ComSec for everyoneNovember 24, 2016 11:38 PM

To anyone stuck with old Windows that won't run this, and who doesn't have hundreds to spend on a new Windows DVD.
Please consider replacing your end-of-life'd Windows XP with the free, and legal, QubesOS(https://qubes-os.org/downloads/) rather than getting a pirated(and likely infected) copy of some newer version of Windows.
QubesOS doesn't have all the scary things you hear about Linux. For example, you don't have to do any wizardry in a "terminal" or "command line" for basic things like connecting to your WiFi, checking your email and so on. You can do everything with a simple, color coded, point and click GUI.
What makes it better is it was designed from day 1 to be safe from hackers and identity thieves.
Linux was not made with that in mind and it takes very complicated technical configuration to make it safe. Windows can't even be made safe.
If you aren't worried about your own computer, then worry about other people's computers being infected by some shady Windows infection on yours.

QubesOS is the only safe, responsible OS for every-day normal people.
God bless you.

P2PNovember 25, 2016 12:13 AM

@Thoth
"I guess the better way to disguise track is to tunnel it through HTTPS (make it look legit) and within the HTTPS tunnel, you do your own E2EE protocols."
This is why everyone with a computer or smartphone should connect to Tor (it has obfs4 which is indistinguishable from HTTPS) Even its default looks like HTTPS, albeit with some unusual options in the initial handshake.
I2P and Freenet are similar to Tor with 1 tradeof; it's less centralized (no reliance on authorities), but more vulnerable to sybil attacks, and everyone's a (fairly safe, non-exit) relay.

Running a (nonexit) relay for one or both of those will help liberty and freedom for everyone everywhere. Make sure your laptop or phone is plugged in if you do, and make sure you set it not to use more bandwidth than you can afford. In totalitarian dictatorships you might be persecuted for running relays!

The more people in these networks the better for freedom and democracy, even if you aren't a relay.

In addition to or instead of the above, please join mesh networks such as Serval and/or Rumble. These will keep working even after a massive terrorist attack that takes out the whole Internet. If enough people run these, our critical infrastructure becomes more resilient to single points of failure.

Republican/Dempcratic/Labour/Tory makes no difference, Bush attacked the Internet for 8 years and so did Obama.

Impeach trump and vote for a libertarian replacement.
Abraham Lincoln was libertarian, as were George Washington and Benjamin Franklin.
The draft of the bill of rights was submitted anonymously.
Protect the fourth amendment, the first amendment, and human dignity in general; call your state's federal House representatives' Washington DC offices and tell them you support H.R. 6341 "Review the Rule Act”.
The illegal changes to rule 41 that were snuck in using a protocol designed for small, minor errata will actually make sweeping changes and ruin a great cointry.

Please post this everywhere and send it to everyone who you have any faith in as a human being. This world can still be saved. It's not too late.

RatioNovember 25, 2016 12:21 AM

@Clive Robinson,

[...] have a look at the words and actions of the disafected youth in non north west Europe and the rise of "Far Right" --in Europran terms-- ideologies in those hit by the problems of the Euro Zone and the unelected Council of Ministers. Likewise the UK Brexit vote.

Where is this rise of far-right ideology in eurozone countries with economic issues? It's not in Portugal or Spain. Nor in Ireland. Hardly in Greece or Cyprus (Golden Dawn). Not in Italy. If there's a marked shift in those countries it's towards the likes of Podemos, Movimento 5 Stelle, and Syriza. Where is this eurozone country that got hit by the Euro crisis and moved far-right?

(The members of the Council of Ministers are as elected there as they are in their countries.)

Disaffected youth voting Leave led to Brexit? The same youth that voted 3 to 1 for Remain in the age bracket 18—24 according to polling data from YouGov?

RatioNovember 25, 2016 12:53 AM

@65535,

I am still interested in all of my questions asked. I assume that the final draft of the Snoopers Charter is now available to lawyers and technical experts to fully examine.

The text is available online, but IIRC it's over 700 pages so you may have to volunteer yourself if you really want to know all the details. Do let us know what you find. :)

I really would like to know the boundaries of this very invasive law – which seems to be spreading to other EU countries.

Spreading how? Like when Canada enacts a law and it spreads to the US?

@Wael,

Just don't eat from the tree (apple, they say.)

Encrypted using Serpent? Should have waited a while for Blowfish to evolve. :P

Eat the apple. Eat the apple. Remember, an apple a day keep the doctor away. Wonder why medical organizations use the Rod of Asclepius as part of their logo? Now you know. ;)

RatioNovember 25, 2016 1:01 AM

@P2P,

Republican/Dempcratic/Labour/Tory makes no difference, Bush attacked the Internet for 8 years and so did Obama.

Impeach trump and vote for a libertarian replacement.

All the other guys are all the same, but my guy is different.

WaelNovember 25, 2016 1:34 AM

@Ratio,

Encrypted using Serpent?

I believe it was Lucifer. Serpent was a later deception ;)

Should have waited a while for Blowfish to evolve. :P

Didn't we go through that calculation (although I was off by a factor of a 1000). Huh? Do you call a hundred trillion, trillion,..., trillion times the age of the universe a "while", oh ye of little frickin' faith trouble-maker ;)

Now you know. ;)

How can you talk about eating? Didn't you do a bird today? Live and learn! Thanks :)

Not SquaredNovember 25, 2016 2:22 AM

Tor (it has obfs4 which is indistinguishable from HTTPS) Even its default looks like HTTPS, albeit with some unusual options in the initial handshake.

If it has "unusual options", that makes it easy to fingerprint.

ab praeceptisNovember 25, 2016 3:08 AM

Thoth

Careful. Looking closely (now I'm looking at it a little the Nick P way) the Markov property is a wet dream - on computers; in math it works. To console you, the whole functional PL paradigm has the problem, too.

Simple reason: There is no such thing as "stateless" in a computer. Yes, I know, Markov is about "memory-less" but that's the same thing in the end.

You always have state (~ memory). In the cache, in registers, on busses, in pipleines, even in instructions.

Just a quick shot, not at all reflected or inspected, but maybe something that you will not use but be inspired:

Players: T (traveling party) and C (Contact in target country)

Assumption: C is *not trusted* with the data, but he is trusted as being non adversary and as witness that you arrived free. Let's say a colleage.

Before travelling you sym enc. your data with a key P known only to you. Next via a partial PKEX you and he agree on another key K which, without being know to you, is used to sym encrypt the data again which are then transferred to C. Altrnatively you kepp the twice encrypted data on your stick and take it with you.
Note: K is used but not told or shown to you and it is properly deleted/scrubbed on your side right after usage by the program having used it.

Current status: Your data, twice encrypted, are at C or on your notebook/stick whatever. You yourself know but P.

Next, you cross the border. Even if they tortured you, you simply don't know K. Also they can play with your drive/stick all day long without getting at your data (provided you used good sym crypto).

The only way to get at those data again is to meet C being in good condition and freedom. Only then will he tell K.

In case the given country is criminal and murderous enough to find C and to torture him, too, you add another layer with a C' in a secure country whose K' will only be revealed if both you and C are fine and OK.

Btw, the program used shouldn't be on you while travelling; just in case. An additional small obscurity layer making the molesters life a little harder.

RatioNovember 25, 2016 3:33 AM

@Wael,

Encrypted using Serpent?
I believe it was Lucifer. Serpent was a later deception ;)

Hmmm, not sure. I've even heard it said that they're basically the same thing. That the guy who made this Serpent later turned it into Lucifer. Or that Serpent had been Lucifer all along. Something like that. Maybe you know the details? ;)

Anyway, I'm pretty sure that later, after their encryption, they moved out and, get this, got The Camel to protect the key to their new home. ت (← crooked smile to a T?)

Should have waited a while for Blowfish to evolve. :P
Didn't we go through that calculation (although I was off by a factor of a 1000). Huh? Do you call a hundred trillion, trillion,..., trillion times the age of the universe a "while", oh ye of little frickin' faith trouble-maker ;)

Well, under those assumptions: what's a couple-gazillion years when you've got eternity?

How can you talk about eating?

Talk about it? I've got a snack here right now! :D

ab praeceptisNovember 25, 2016 3:40 AM

ComSec for everyone

Yeah, right, cubes os is the saviour!

QubesOS doesn't have all the scary things you hear about Linux.

Praised be the cubes os messiah!

For example, you don't have to do any wizardry in a "terminal" or "command line" for basic things

YESSS! Those are the plague. And the reason to run all my servers with windows 10. No bloody wizardry need. Just nice and cozy clicking.

You can do everything with a simple, color coded, point and click GUI.

Blessed be cubed os! If there was one thing driving me crazy and strongly disturbing my feeling secure it was that the windows 10 gui isn't *colour coded*.
Finally, at cubes os someone has understood security and has done it right!


If only there weren't this little disturbing point on the cubes os site:

All user applications run in “AppVMs,” lightweight VMs based on Linux

But still, using "base metal XEN hypervisor" and "IOMMU/VT-d" sounds very impressive. Particularly in a colourcoded simple click GUI version.

And it's extremely innovative, too. Security by using virtualization. No-bloody-body evar did that - except some projects who worked on that decades ago.

Finally, to round it off, have a look at the partners and sponsors. Only the finest. soros, nsa, cia, ghcq front-ends, everyone associated with honesty, security, and the better of mankind is there. What could possibly go wrong ...

Last time with another "open security" project it was our host Bruce Schneier, whom they abused. This time it's Dan Bernstein. And always near the top at prominent "witness" positions.

Those bastards! They know perfectly well that people like Schneier and Bernstein are a) very much techies and b) have a very high reputation. Show them close to your project and people will trust.
I would put them in jail alone for luring such good people into their dirty games.

ThothNovember 25, 2016 4:00 AM

@P2P

"please join mesh networks such as Serval and/or Rumble."

Nice idea but I need to find time to install and setup my hardware.

"Impeach trump"

I doubt if he will allow any impeachement. He has tonnes of cash to shut people up as most of presidents in US have done before using multiple tactics including bribing people out. Difficult stuff unless he makes a really severe mistake that Congress is left with no choice but to impeach him. Need a better plan.

WaelNovember 25, 2016 4:10 AM

@Ratio,

Maybe you know the details?

As a matter of fact, I do! Rumor has it that the serpent spoke to Adam and Eve in French. But when they got kicked out of heaven, they were spoken to in German :)

got The Camel to protect the key to their new home. ت (← crooked smile to a T?)

Good one, although I have the feeling I won't hear the end of this ;) But camels are amazing animals!

T, eh? Well that's the "newer" Arabic way of writing it! Long time ago, there were no "dots" used in the alphabet, so that letter "ت" without the dots could be a "T", a "B", a "Th", a "Y", or an "N"! Can you believe that crap? Must've been difficult to read in the past! Long story...

Well, under those assumptions: what's a couple-gazillion years when you've got eternity?

We haven't got eternity! We're about 15 billion years old. And before evolution happens, the universe will die. In other words: when hell freezes ;)

I've got a snack here right now! :D

Dayaum! You're an animal!

Clive RobinsonNovember 25, 2016 4:12 AM

@ Ratio,

In your comment on the post by P2P, you very deliberatly only quoted a small fraction of what was said so you could say,

All the other guys are all the same, All the other guys are all the same, but my guy is different.

When on reading the P2P post it's clear that the claim is that all elected representatives are as bad as each other and not your,

but my guy is different

Because P2P is asking that you should call on them all to try to get a specific legaslitive change.

So there is no "but my guy..." in it.

ThothNovember 25, 2016 4:15 AM

@ab praeceptis, Clive Robinson, Nick P

Markov Chain is simply for surface obfuscation as usual. The main security is the AES 256 or whatever strong cipher being used. Defense in-depths take into consideration from how it looks to most people (Low Strenth Attacker) to how it looks from agencies and organisations (High Strength Attacker), thus the use of things like Markov Chain as the top layer to try and get pass LSAs while strong crypto and secure hardware against HSAs.

If you think along the line of an observing scanning the crowd, you would quickly and easily pick up data that has very high randomness and immediately flag it whereas if you look at something with natural language and is somewhat formed in a way even if it is poorly sentenced, the likelihood is you might just pass it ... unless someone tips you off.

One way to get into that mind set is to write a network scanner from scratch to sniff traffic. If you are going to write a sniffer to observe and flag data for an agency (i.e. NSA), you would pretty much want your sniffer to first look for commonly used crypto headers and the next step is to look for data that have huge amount of anomaly and randomness as these are possible signs of crypto in use.

Now, using the mentality of how you want to design a sniffer, you work backwards and think of how you want to defend against that sniffer which is not to have predictable traffic and also to obfuscate it in an outer layer to make it look like commonly used protocols and not some specialized security traffic that allows agencies to narrow down to certain user groups.

"Btw, the program used shouldn't be on you while travelling"

Fact is, most executives and users don't follow these rules anymore of using a fixed secure setup to do secure comms and document handling. People these days expect to be fast and on the go. They want to use convenient security solutions paired with their commercial smartphones, tablets, laptops and so on despite the fact that these stuff are insecure. Since there is such a demand for highly mobile security solutions, there should be some adaption to allow highly mobile and relatively secure setup to give some protection.

re: Yea QubesOS ...etc...

"I would put them in jail alone for luring such good people into their dirty games."

These people control the presidents and world leaders as though they are pawns in their chest games. The true leaders of the nations are not the head of state or Prime Ministers. It's the military-industrial-intel-feds setup that's going around and f***ing up the citizens and the Governments. The puppet masters are those who want to profit from creating conflicts and instability in society for their own ends.

Clive RobinsonNovember 25, 2016 4:28 AM

@ Bong bonobo foot apparel ;-)

With regards,

Lucifer's Lettuce! Now you've got my attention :)

You've "Gorn un dunn-tit again"...

In certain places it is believed that Lucifer has a wife leading him astray (the inverse of "Behind every good man stands a woman..." thus "Infront of every bad man stands a woman leading him astray..").

And in some places --Dundee Scotland being one-- a euphemism for the delicate lady parts is "lettuce"...

So the question arises as to which foot have you unclothed so you can get a good chew on it?

WaelNovember 25, 2016 4:29 AM

Markov Chain is simply for surface obfuscation as usual.

Holly sh*t! My Bovine Excrement meter just got pegged. I'll call it a night!

Bong-Smoking Primitive Monkey-Brained SpookNovember 25, 2016 4:43 AM

@Clive Robinson,

So the question arises as to which foot have you unclothed so you can get a good chew on it?

Good heavens, man! You and your euphemisms! Well, it depends which country I'm in at the time :) And yes, Lucifer has a wife (don't know her name, although I think you'd call her Margaret Thatcher.) But the phu*ker went astray long time ago. He didn't need his wife for that. Her job was to make his pathetic life more miserable.

RatioNovember 25, 2016 6:07 AM

@Wael,

T, eh? Well that's the "newer" Arabic way of writing it! Long time ago, there were no "dots" used in the alphabet, so that letter "ت" without the dots could be a "T", a "B", a "Th", a "Y", or an "N"! Can you believe that crap? Must've been difficult to read in the past! Long story...

Ooh, I did not know. Welll, it depends on the position in the word of course. You can tell ya and nun apart from the rest in terminal and isolated forms, no? Were there no dots at all? No short vowels, no dots, no uppercase... What did they write?!

@Clive Robinson,

In your comment on the post by P2P, you very deliberatly only quoted a small fraction of what was said so you could say,

All the other guys are all the same, All the other guys are all the same, but my guy is different.

I quoted the part of @P2P's comment I was responding to. If I'd had thought that quoting less would accurately represent what I was commenting on, I'd have quoted even less.

When on reading the P2P post it's clear that the claim is that all elected representatives are as bad as each other and not your,

but my guy is different

Then why the appeal to vote Libertarian? Are they all the same, yes or no? Hence my comment: All the other guys are all the same, but my guy is different.

WaelNovember 25, 2016 7:29 AM

@Ratio,

What did they write?!

No dots at all! A word like بيت which means a house (pronounced bayt.) without dots could be: "bint" meaning daughter or girl, "Tha bat" means "fixed" or "affirmed", "tabbat", "nabbat", and a dozen more. It actually gets worse. I said nothing about accent marks that were nonexistent in the past, either! For example: بيّتَ means "he predetermined" or he intended! See that accent mark on the "Ta", the one that looks like a small 'w'? It means the letter underneath it is "doubled". You should understand now why that symbol was chosen! :)

65535November 25, 2016 8:38 AM

@ Ratio

“The text is available online, but IIRC it's over 700 pages so you may have to volunteer yourself if you really want to know all the details. Do let us know what you find”

Thanks. I could not find the full text of the Snoppers’ Charter. I found a semi-complete out line of it at Wikipedia:

“The Investigatory Powers Act 2016 (nicknamed the Snoopers' Charter or Snooper's Charter) is an Act of the Parliament of the United Kingdom that has been passed by both Houses of Parliament, but has yet to receive the Royal Assent” – Wikipedia

https://en.wikipedia.org/wiki/Investigatory_Powers_Act_2016

I found 1020KB version as of 19.05.2016 at:

http://services.parliament.uk/bills/2016-17/investigatorypowers/documents.html

[and pdf version 258 pages]:

http://www.publications.parliament.uk/pa/bills/cbill/2016-2017/0002/17002.pdf

[And a html linked version but I am not sure if it is the final version]

http://www.publications.parliament.uk/pa/bills/cbill/2016-2017/0002/cbill_2016-20170002_en_1.htm

I found the “Progress of the Bill” stopping at “Consideration of amendments” which then leads to Royal Assent. I would guess the actual bill may be amended. Thus it is not finalized.

http://services.parliament.uk/bills/2016-17/investigatorypowers.html

So, I have to guess there will be some 11th hour changes to the bill before “Royal Assent.”

If anybody has a direct link to the Investigatory Powers Bill in full PDF or Text please speak up.

@Ted

“There are about 10 questions on the questionnaire. Here are the first three:
“1. How often do you encounter encryption in you operational activities and while gathering electronic evidence in cyber space in the course of criminal procedures?
2. What are the main types of encryption mostly encountered during criminal investigations in cyber space?
3. Under your national law, is there an obligation for the suspects or accused, or persons who are in possession of a device/e-data relevant for the criminal proceedings, or any other person to provide law enforcement authorities with encryption keys/passwords? If so, is a judicial order (from a prosecutor or a judge) required? Please provide the text of the relevant provisions of your national law. “

[And]

“The Netherlands had submitted an official position on encryption to the House of Representatives in January 2016, according to CSAN 2016. Believing that encryption offers a substantial protection for the economic and social interests of their country, they agreed to take no legal measures to limit the development, availability, or use of encryption.”

Thanks. That helps answer question 6, What are the countries that will not comply to this Snoopers Charter? I surmise that the Netherlands will not comply with the Snoopers’ Charter.

If I am misinterpreting you post then let me know. Encryption and non-backdoor encryption seems to be the solution to privacy.

P2PNovember 25, 2016 6:02 PM

@ratio
"All the other guys are all the same, but my guy is different."
Two of them are the same. Republicans showed how much they hate the Internet and hate the bill of rights for 8 years under Bush's totalitarian regime.
The Democrats did the exact same for 8 years under Obama's regime.
The definition of the libertarian party is that they are in favor of the bill of rights and state's rights, wanting to support the Constitution of the United States of America, rather than giving godlike-status to the feds.
So, yes, the only sane option is to impeach Trump (or Clinton if they recount and she won) and elect a libertarian.

@Not Squared
''Tor (it has obfs4 which is indistinguishable from HTTPS) Even its default looks like HTTPS, albeit with some unusual options in the initial handshake.'

If it has \"unusual options\", that makes it easy to fingerprint."
That's the point, with obfs4 it doesn't have unusual options, and even China's great firewall ("Golden Shield Project") has trouble fingerprinting it with massive government funded DPI and active MITM of the same scale as NSA's.
The fact that the NSA spends so many taxdollars hiring trolls to discredit Tor and scriptkiddies to use zero-days that companies were blackmailed into making (see project BULLRUN) to attack anyone who promotes Tor is quite telling.

TedNovember 25, 2016 7:32 PM

@65535

Thanks. That helps answer question 6, What are the countries that will not comply to this Snoopers Charter? I surmise that the Netherlands will not comply with the Snoopers’ Charter.

According to this Wired UK article, data could be bulk collected from a foreign region where terrorism is suspected, if security and intelligence agencies apply for a warrant from the Secretary of State. I don’t know if this answers the question?

The article also includes a list of the nearly 50 public authorities that can access Internet Connection Records (ICRs) based on Schedule 4 of the Investigatory Powers Bill. A link to a 304-page iteration of the bill can be found in the article at “Full bill as passed by House of Lords.”

“Snooper's Charter is set to become law: how the Investigatory Powers Bill will affect you”
http://www.wired.co.uk/article/ip-bill-law-details-passed

AnuraNovember 25, 2016 8:38 PM

@P2P

The Libertarian party is not about the constitution, they are about completely tearing down everything government and replacing it with everything private - they blindly believe that this always leads to perfect outcomes, but history has taught us that wealth is power and power leads only to more wealth and more power until society refuses to any more (and with monopoly control over news, they can delay that for generations). Any social and economic philosophy that ignores the amount of power that comes with wealth should never have gotten off the ground.

All they want to do is eliminate the democratic control over our society and our economy, which at least our representatives have to try and stay electable, and in turn increase the power of wealth (which the wealthy don't have to have any concern for what poor people think). Coercion is the only concern of the Libertarian party; it is perfectly acceptable if a handful of people acquire 100% of all land and businesses, while everyone else is forced into slavery through entirely coercion-free contractual obligations (if you are the monopoly employer and land owner - or oligopoly, or cartel, etc - then firing someone is essentially the same as sentencing them and their dependents to death). It doesn't even have to get to that point of a single owner - a tight job market and a plentiful labor market for a long enough time and they can treat their employees like cattle; we've seen it before, and we'll see it again (whether or not someone accepts a job is entirely dependent on whether or not there are better alternatives, and if there are no better alternatives then the only incentive to go easier on employees is if they start dying faster than they can hire replacements).

Not only that, but they cannot even fully separate corporations from government, as they still need need courts, law enforcement, and military - these are some of the largest parts of our budget today. So you bring in that corruption, except it's worse because you can only profiteer off of wars and imprisoning people - and so that's what every single person looking to grow wealth will focus on, growing military and law enforcement, increasing prison sentences, making use of cheap prison labor to compete with the free citizen. There is so much you can do to exploit the legal system to imprison your enemies, without having to break a single law, because everyone will do *something* at some point in time, especially if you have vague laws like "indecency". It makes it really easy to grow that wealth faster, especially with police auctioning properties at invitation-only auctions.

Corruption and Capitalism are inseparable if you have high inequality - that wealth gives access to politicians, control over the media, and allows massively disproportionate influence over the entire political process from voting to governing to legislating. You want to eliminate corruption, you have to eliminate inequality; unfortunately, Republicans are going to do their best to increase inequality. Sure, Democrats and Republicans play games with the media, and both parties abuse their power to seek more, but in the end there are different scales, and only one party* is working to reduce inequality (which would reduce corruption) while the other is trying to do the opposite.

*Unless you count the Green Party, but they are too alarmist and purist to accomplish anything.

ComSec for everyoneNovember 25, 2016 10:16 PM

@ab praeceptis
[i]Yeah, right, cubes os is the saviour![/i]
No, but it's the least bad option for the masses.

[i][b]QubesOS doesn't have all the scary things you hear about Linux.[/b]

Praised be the cubes os messiah![/i]
An operating system needn't be a supernatural being to not have all the attributes that have maligned the public opinion of Linux. If you try to switch someone from Wi dows, which most laptops and desktops run on, there is often fear of command lines and bad WiFi drivers.

[i][b]For example, you don't have to do any wizardry in a "terminal" or "command line" for basic things[/b]

YESSS! Those are the plague. And the reason to run all my servers with windows 10. No bloody wizardry need. Just nice and cozy clicking.[/i]
Yes, that's why so many people use Windows.

[i][b]You can do everything with a simple, color coded, point and click GUI.[/b]

Blessed be cubed os! If there was one thing driving me crazy and strongly disturbing my feeling secure it was that the windows 10 gui isn't *colour coded*.[/i]
My bad there. I just meant it has an intuitive way to separate the VM running your banking browser from one for school, one for friends and family, one for lolcats, etc.
Most people don't think about isolation/separation in co puting, or think it would be too hard to keep track of. I meant to alude tomthe simplicity of colored folders, colored postits, colored binder tabs, in ease of organizing.

[i]Finally, at cubes os someone has understood security and has done it right![/i]
No, finally someone has made reasonable security easy for everyday people.


[i]If only there weren't this little disturbing point on the cubes os site:

All user applications run in “AppVMs,” lightweight VMs based on Linux[/i]
I wanted to make a non-technical message you could send to your friends/neighbors/families.
QubesOS can run Linux or Windows or OpenBSD or Whonix or TAILS, yes.
But its security doesn't depend on the security of Linux etc, and it's reasonably secure by default, unlike all Linux distros that are made for normal people, e.g. Ubuntu.
It has a smaller TCB (trusted computing base); the Xen bare-metal hypervisor has far less vulnedabilities than Windows or Linux. And the user doesn't need to understand any of that to benefit from it.

[i]But still, using "base metal XEN hypervisor" and "IOMMU/VT-d" sounds very impressive. Particularly in a colourcoded simple click GUI version.

And it's extremely innovative, too. Security by using virtualization. No-bloody-body evar did that - except some projects who worked on that decades ago.[/i]
Hypervisors aren't new, but making them easy to use for ordinary people in a reasonably secure way is new.

[i]Finally, to round it off, have a look at the partners and sponsors. Only the finest. soros, nsa, cia, ghcq front-ends, everyone associated with honesty, security, and the better of mankind is there. What could possibly go wrong ...

Last time with another "open security" project it was our host Bruce Schneier, whom they abused. This time it's Dan Bernstein. And always near the top at prominent "witness" positions.

Those bastards! They know perfectly well that people like Schneier and Bernstein are a) very much techies and b) have a very high reputation. Show them close to your project and people will trust.
I would put them in jail alone for luring such good people into their dirty games.[/i]
Unless you accuse Tor of being a trojan horse just because it has DARPA roots and gets grants, why accuse QubesOS? The source is public, and the TCB is small enough to point out backdoors in it.
I just want there to be less malware, botnets, and DDoS's. Less stolen or deleted data. A safer Internet for everyone, not just the top 0.0001% who can configure Linux/OpenBSD securely or with simple enough needs to be okay with high assurance specialty OSs that pass EAL7+.

I also recommend SubgraphOS but think QubesOS is actually ready for mainstream unlike SubgraphOS or GenodeOS.

Happy holidays!

Clive RobinsonNovember 25, 2016 11:07 PM

@ ab praeceptis, Thoth,

Next, you cross the border. Even if they tortured you, you simply don't know K.

@Nick P, myself and some others chatted about this some time ago.

We felt that a system that alowed for coercion in any form was not appropriate (lets say we like our body parts and brains unmolested or incarcerated).

So we came up with a system that you could show to a judicial acceptability that you did not have the key, nor could you get at it as the parts were kept out of jurisdiction (used key spliting with option for multiple lock box security).

There was also an option for duress signaling via "One Time Pass Phrase" which would result in a "harmless decode".

The whole point was that the multiparties could show they had not got the key nor even if all were rounded up and willing to talk could the key be recovered...

Whilst they still might tourture people (some A-holes are like that) the chances are they would stop fairly quickly when it was clear what the couriers abd other in-country parties were saying was true.

Clive RobinsonNovember 26, 2016 12:44 AM

@ Wael,

Holly sh*t! My Bovine Excrement meter just got pegged.

Actually the general idea is an old one going back to WWII (I think you will find I've mentioned it before).

Back then most "agent code" was a paper and pencil liability known as the "poem code"... and one or two people thought that the Germans had got on top of cracking them (with very good reason). They wanted to switch to a OTP system but there was strong objections from some quarters (what we call MI6, actually SiS or "the service" loathed, despised and apparently did their best to sabotage the likes of SOE et al).

One actually serious objection was what the German signals service would see with OTP cipher text -v- Poem Code cipher text. The issue being both "length" and "letter frequency". Whilst the soloution with length was trivial to see the issue with letter frequency was not. The poem code unlike the OTP was a transposition code and thus preserved the plaintext letter frequency, thus to an experienced eye the OTP random nearly flat letter frequency stood out like a flashing light on a dark hillside.

Thus the question of what to do about changing the letter frequency without making the OTP weak. It was quickly realised that what ever was done needed to be done to the ciphertext after the OTP and not before.

This is where a ciphering trick --now attributed to the Nihilist's-- which is a variation on a straddling checkerboard came to the rescue. What the trick did was a form of "data compression". It converted the plaintext into numbers against an agreed key phrase, but asigned single digits to the eight more frequent letters --a sin to err / eat on irish / estoniar / etc-- and double digits to the other letters. As one of the OTP options was a "number code" it was realised that using the Nihilist decompression function on the OTP number output would give a letter code with a letter frequency that was not flat and usefully expanded it's length.

For various reasons, such as it caused the operators increased work and made the likely hood of a message being undecipherable higher the idea was not put into general service.

So yes disguising strong ciphertext to look like weak ciphertext is not a new idea, and has the ability not just to hide in the masses but also waste any signals agencies cryptanalysists time and other resources.

For those interested in the Nihilist's trick it's in wikipedia under the VIC cipher with a worked example, https://en.m.wikipedia.org/wiki/VIC_cipher

ThothNovember 26, 2016 2:25 AM

@Clive Robinson

re: Nihilist's tricks

Using strong alogrithms and keys as a secure basis and then converting the strongly encrypted ciphertext into something like a bunch of random humanly readable text (albeit increased length) is rather useful not just to make SIGINT work harder but also easier to transport on paper (type on a piece of paper or printer and send via conventional mail). It removes suspicion and for most covert ops, suspicion is more dangerous than grabbing the crypto key since suspicion is the first thing that will create a chain of events afterwards that will definitely be much more troublesome to cleanup.

WaelNovember 26, 2016 2:59 AM

@Clive Robinson,

Actually the general idea is an old one going back to WWII (I think you will find I've mentioned it before).

I remember. I also bought the book based on your recommendation

The problem I had was with the characterization of a "Markov Chain".

P2PNovember 26, 2016 4:37 AM

@Anura

The Libertarian party is not about the constitution, they are about completely tearing down everything government and replacing it with everything private - they blindly believe that this always leads to perfect outcomes, but history has taught us that wealth is power and power leads only to more wealth and more power until society refuses to any more (and with monopoly control over news, they can delay that for generations). Any social and economic philosophy that ignores the amount of power that comes with wealth should never have gotten off the ground.

All they want to do is eliminate the democratic control over our society and our economy, which at least our representatives have to try and stay electable, and in turn increase the power of wealth (which the wealthy don't have to have any concern for what poor people think). Coercion is the only concern of the Libertarian party; it is perfectly acceptable if a handful of people acquire 100% of all land and businesses, while everyone else is forced into slavery through entirely coercion-free contractual obligations (if you are the monopoly employer and land owner - or oligopoly, or cartel, etc - then firing someone is essentially the same as sentencing them and their dependents to death). It doesn't even have to get to that point of a single owner - a tight job market and a plentiful labor market for a long enough time and they can treat their employees like cattle; we've seen it before, and we'll see it again (whether or not someone accepts a job is entirely dependent on whether or not there are better alternatives, and if there are no better alternatives then the only incentive to go easier on employees is if they start dying faster than they can hire replacements).

Not only that, but they cannot even fully separate corporations from government, as they still need need courts, law enforcement, and military - these are some of the largest parts of our budget today. So you bring in that corruption, except it's worse because you can only profiteer off of wars and imprisoning people - and so that's what every single person looking to grow wealth will focus on, growing military and law enforcement, increasing prison sentences, making use of cheap prison labor to compete with the free citizen. There is so much you can do to exploit the legal system to imprison your enemies, without having to break a single law, because everyone will do *something* at some point in time, especially if you have vague laws like "indecency". It makes it really easy to grow that wealth faster, especially with police auctioning properties at invitation-only auctions.

Corruption and Capitalism are inseparable if you have high inequality - that wealth gives access to politicians, control over the media, and allows massively disproportionate influence over the entire political process from voting to governing to legislating. You want to eliminate corruption, you have to eliminate inequality; unfortunately, Republicans are going to do their best to increase inequality. Sure, Democrats and Republicans play games with the media, and both parties abuse their power to seek more, but in the end there are different scales, and only one party* is working to reduce inequality (which would reduce corruption) while the other is trying to do the opposite.

*Unless you count the Green Party, but they are too alarmist and purist to accomplish anything.
That is a false dichotomy.
The choice isn't between having the feds continue to nullify more and more of the bill of rights, and total anarchy/oligarchy with no government whatsoever.
Libertarianism isn't the former or latter. Republicans are the former (Bush's 8 year War on Liberty) and Democrats are the former (Obama's 8 year War on Liberty) is the former.
Libertarianism is having the bill of righta protect citizens from corrupt government officials, as well as protecting them from corrupt business executives.
Libertarianism is giving power to the government that the constitution says that the government can have.
Giving the powers that the constitution says are reserved to the people, back to the people, doesn't mean the government having no power. It means the government having as much power as it did in the beginning, plus the power to enforce ratified ammendments that were legally added, such as letting African Americans and women vote.
Libertarianism means the feds have very little power, just the power that is really important for them to have, with most of the government power going to the states, and any powers not explicitly granted to the government being reserved by the people.
I just want to see America succeed, and for that to happen it needs a leader who keeps his oath to uphold the constitution.

P2PNovember 26, 2016 4:40 AM

Sorry, I put Anura's post in the blockquote tag but it all ran together.
My response starts at "That is a false dichotomy."

RatioNovember 26, 2016 6:10 AM

@Wael,

I said nothing about accent marks that were nonexistent in the past, either! For example: بيّتَ means "he predetermined" or he intended! See that accent mark on the "Ta", the one that looks like a small 'w'? It means the letter underneath it is "doubled".

Couple last questions: The small "w" on the "ya" you mean, right? The "ta" has an accent indicating a short "a" (which could also have been on the "ba" in بيت, correct?). So the example is "byyta"?

@65535,

I found the “Progress of the Bill” stopping at “Consideration of amendments” which then leads to Royal Assent. I would guess the actual bill may be amended. Thus it is not finalized.

You should read that diagram as: the only step left is for the Bill to receive Royal Assent (which is a formality). Also see the latest news on that same page, indicating the same thing in words. [See also Consideration of amendments, Royal Assent for background information on these two stages.]

If anybody has a direct link to the Investigatory Powers Bill in full PDF or Text please speak up.

You've found the drafts of the Bill. Apparently 700+ pages is what I think ~250 pages of legalese feels like. ;)

Acts of Parliament are available online. You can find the "final version" there in due time.

What are the countries that will not comply to this Snoopers Charter?

Any country that isn't part of the United Kingdom. UK legislation applies to the UK.

RatioNovember 26, 2016 6:59 AM

@P2P,

[...] the only sane option is to impeach Trump (or Clinton if they recount and she won) and elect a libertarian.

You say you want people to [p]rotect the fourth amendment, the first amendment, and human dignity in general.

How does that require a Libertarian? How does being Libertarian suffice? (You know what the no true Scotsman fallacy is, right?)

AnuraNovember 26, 2016 9:44 AM

@P2P

You ignored my points about why Libertarians won't change anything. If you think that corruption is about parties, not people, you are already a victim of right-wing propaganda. People who run for office are people who seek power, and if you only have military, Law Enforcement, the courts, etc. then they have everything they need to use selective prosecution and vague laws to eliminate your opponents, and then control over the media will cement their power - look at what they've managed to do with Breitbart, a massive propaganda outlet that has gotten the right who has been living in fear of government under Obama to start cheering a massive expansion of military and law enforcement against manufactured threats just because "their guy" is in office.

The only condition required for corruption is if access to politicians can make you more powerful, and as long as we live in a capitalist society, that access is amplified greatly. The only way to reduce that is to reduce the potential rewards, and that can only be done if we insure low income inequality under all circumstances (of course, getting rid of FPTP voting and the electoral college is equally important if you want to limit power). The reason your party isn't corrupt is because it doesn't have power, and without power there can be no corruption. It's as simple as that. If your party gains power, then Republican politicians will simply change their affiliation and nothing will change - well, except for the parts that get worse as you hand even more power to the wealthy.

All it takes is a little propaganda, and the public will say "shut up and take my freedom" before you can even get to the part about "to the best of my ability, preserve, protect and defend the Constitution of the United States", and with enough support (which is easy to manufacture once you have enough power) the public can throw away all the freedoms you sought to cement under a Libertarian in one single election, and then it is over, done, gone, no more freedom until the public can be convinced otherwise, and then it will probably take a war. No laws, no matter how bulletproof will, solve the problem if the public can be convinced to change them.

I suggest you look into how the Miltiary Industrial Complex has been structured to manipulate the public as much as possible ("just try and stop buying our stuff, and we tell your constituents you are voting against their jobs"), and then look at all the propaganda spreading fear under the cold war, then look at what is going on post-cold war world today (I've heard repeatedly over the last six years or so about how Chicago, AKA "the murder capital of the world" is experiencing a massive increase in violence, all from right-wingers who get their propaganda from Breitbart), and then tell me why that can't happen under the guise of freedom from someone who runs under the Libertarian party. The right is currently working to privatize the prison industry - why wouldn't Libertarians? You know how much horrifying potential for corruption that adds - just cement these prisons in struggling rural area, and bam! Permanent prison industrial complex ("You better support harsher sentences, that prison is your only source of income").

I don't see how the libertarians prevent any of the forms of corruption common in America today, at all. I do see how they make it worse.

WaelNovember 26, 2016 10:47 AM

@Ratio,

Couple last questions:

Couple last answers:

The small "w" on the "ya" you mean, right?

Right! Can't believe I messed up that one, but two nights without sleep can sometimes do that. Our neighbor's dog was barking constantly a couple of nights ago.

The "ta" has an accent indicating a short "a" (which could also have been on the "ba" in بيت, correct?). So the example is "byyta"?

So here is a summary:
‎ت = T
‎ن = N
‎يـ = Y
‎ث = Th

So the small "w" is called a "shadda", meaning "stress" mark. The reason it was chosen is because it's comprised of two letters that represent the most commonly written letter symbol (the above letters without the dots.) So it means "two letters". See how logical that is? Contrast that with the English "double-yew: W"! Looks like a "double-Vee", eh?

Using one letter (seen) as another example of "accent marks":

‎سٓ = Saa
‎سِ = See
‎سُ = Soo
‎سٍ = Sen
‎سّ = San
‎سٌ = Son

And that's not all of it... You can guess why the rest of the "vocalization" marks took this form. Why don't you sing along? :)

I linked to a similar video a while back, but I can't remember the context (I remember a strong "g" @Gerard van Vooren and @Dirk Praet -- where in the world are you?).. Couldn't find the link...

RatioNovember 27, 2016 7:52 AM

@Wael,

يـ = Y

Don't worry, I know how to read and write the letters. :) It's not speed-reading or calligraphy, but it works. Sorta. Meaning and pronunciation (guess the unwritten short vowels!) however...

(I wonder how you wound up with the initial form of "ya". Editing mixed left-to-right and right-to-left text is a pain.)

‎‎سٍ = Sen
‎سّ = San
‎سٌ = Son

(The one in the middle should be like the first one but with the lines above?)

I'd seen all of those before, but I didn't know what these last three indicated. The only other mark I remember seeing is the little circle that indicates "no vowel", but there are probably others. I should probably find out. ;)

Oh, one final (really!) question. بيّتَ is read "byyta" (or however you want to represent the "ya")?

RatioNovember 27, 2016 9:24 AM

@Wael,

Bay ya ta. I'll have to find a video with that word ;)

Not how you say it, how you read it. :)

So بيّتَ is missing two "short a" marks: one on the "ba" and one on the "ya". Writing vowel mark is never optional, okay?! ;)

(I assumed you'd written them all, hence my confusion.)

Look up "tanween"

I was reading about that. Thanks. :)

WaelNovember 27, 2016 9:54 AM

@Ratio,

Got it :) The "Formal" way would look like you said. It looks like this: بٓيَّتَ but no one writes it like that (handwriting.) You are correct, nonetheless, and I was sloppy.

P2PDecember 9, 2016 1:51 PM

@Anura

You ignored my points about why Libertarians won't change anything. If you think that corruption is about parties, not people, you are already a victim of right-wing propaganda. People who run for office are people who seek power, and if you only have military, Law Enforcement, the courts, etc. then they have everything they need to use selective prosecution and vague laws to eliminate your opponents, and then control over the media will cement their power - look at what they've managed to do with Breitbart, a massive propaganda outlet that has gotten the right who has been living in fear of government under Obama to start cheering a massive expansion of military and law enforcement against manufactured threats just because "their guy" is in office.

You're right, impeaching the current duopoly and electing a libertarian wouldn't 100% stop selective enforcement, but it would get rid of most of the laws that are selectively enforced, e.g. most victimless crimes.

The only condition required for corruption is if access to politicians can make you more powerful, and as long as we live in a capitalist society, that access is amplified greatly. The only way to reduce that is to reduce the potential rewards, and that can only be done if we insure low income inequality under all circumstances (of course, getting rid of FPTP voting and the electoral college is equally important if you want to limit power). The reason your party isn't corrupt is because it doesn't have power, and without power there can be no corruption. It's as simple as that. If your party gains power, then Republican politicians will simply change their affiliation and nothing will change - well, except for the parts that get worse as you hand even more power to the wealthy.
There's little if any "perfect" but that doesn't make everything the same. Running programs as root is dangerous, but that doesn't make it pointless to have programs drop as many privileges as feasible once started. A libertarian government, by definition, would keep only as much power as actually needed, e.g. for disaster relief, real invasions (as in hostile takeover, not some poor people running away from whatever hell they had to live in in south america or the middle east), and such. Basically, minarchy. The federal government would still have power that could be abused but it woild have a lot less. So what if republicans join in? They should and so should democrats and fence sitters. It would be a vast improvement for everyone.
All it takes is a little propaganda, and the public will say "shut up and take my freedom" before you can even get to the part about "to the best of my ability, preserve, protect and defend the Constitution of the United States", and with enough support (which is easy to manufacture once you have enough power) the public can throw away all the freedoms you sought to cement under a Libertarian in one single election, and then it is over, done, gone, no more freedom until the public can be convinced otherwise, and then it will probably take a war. No laws, no matter how bulletproof will, solve the problem if the public can be convinced to change them.
Throwing out the laws that directly contradict the constitution and/or that are against civil liberties wouldn't gaurentee "freedom and justice for all" forever, but it would help a lot more than maintaining the current duopoly.
I suggest you look into how the Miltiary Industrial Complex has been structured to manipulate the public as much as possible ("just try and stop buying our stuff, and we tell your constituents you are voting against their jobs"), and then look at all the propaganda spreading fear under the cold war, then look at what is going on post-cold war world today (I've heard repeatedly over the last six years or so about how Chicago, AKA "the murder capital of the world" is experiencing a massive increase in violence, all from right-wingers who get their propaganda from Breitbart), and then tell me why that can't happen under the guise of freedom from someone who runs under the Libertarian party. The right is currently working to privatize the prison industry - why wouldn't Libertarians? You know how much horrifying potential for corruption that adds - just cement these prisons in struggling rural area, and bam! Permanent prison industrial complex ("You better support harsher sentences, that prison is your only source of income").
There would be a lot less crimes that anybody could get arrested for, and there would be enough free market that people could find better ways to make money than trying to merge their private sector businesses(construction and such) with public sector (prisons). There would be a lot less taxes for one, meaning less incentive to try to get tax-exempt government contracts, and the government itself would be a lot smaller and thus have less attack surface for corruption.
I don't see how the libertarians prevent any of the forms of corruption common in America today, at all. I do see how they make it worse.
You're right that voting in a libertarian wouodn't prevent corruption, but it would result in much less corruption than the current status quo.

AnuraDecember 9, 2016 3:28 PM

@P2P

You're right that voting in a libertarian wouodn't prevent corruption, but it would result in much less corruption than the current status quo.

You've failed to explain how that structure prevents people from gaining power and then throwing out the libertarian government. How does it prevent individuals from gaining massive amounts of wealth, which gives them access to politicians and control over the media? The only two things they need to throw out everything is control over politicians and media.

As for your computer analogy, you aren't getting rid of root access, you are just services at random, without concern for whether the services is necessary, while ignoring any threats you are currently facing and saying "See? We've reduced the attack surface! It's secure!" There is a trade-off between usability and security, and Minarchism is like proving you can make a more secure OS by removing most of the utilities and services, while leaving the browser and networking services untouched - technically more secure in some ways, but absolutely useless for most of the things you need it for, and if your primary threat is someone with physical access then it doesn't even solve the problem.

Minarchism ignores the problems that are solved by laws, regulations, agencies, services, etc. while making it a lot easier for wealthy individuals to gain influence over govenrment. Not only that, but it ignores externalities; things like traffic tickets reduce motor vehicle accidents, reducing fatalities, healthcare costs, and economic costs. Developing land can destroy other property values, while polluting harms health, increases asthma, leading to both increased mortality rates and health care costs. Minarchism means that you can only get compensation after you are already sick or dying, but then you risk losing the case and going bankrupt as well. Minarchism is not a system that is designed to deliver good outcomes to the population, and because of that it's not ever going to be accepted in its entirety.

Elections, governments, economic systems, are all human constructions; because of that, they are prone to exploitation; when designing systems. Capitalism is a system in which power is self-reinforcing, and there are many regulations in place to reduce the accumulation of power. Moving to a Minarchist government would eliminate all of our protections, it would lead to a much more massive accumulation of wealth and power, and they would be able to change the constitution and pass whatever laws they want. You have to prevent individuals from gaining too much power in the first place, or everything else is worthless.

AnuraDecember 9, 2016 10:09 PM

Also, just for fun, justify banning the sale of children under a libertarian government while also allowing adoption and allowing surrogate mothers to receive compensation. And if you allow the sale of children, justify the banning of slavery while allowing parents to make their children do chores. Libertarianism doesn't work because it assumes the world is black and white and everything can be reduced down to simple, absolute laws of property and coercion.

P2PDecember 11, 2016 12:28 PM

You've failed to explain how that structure prevents people from gaining power and then throwing out the libertarian government. How does it prevent individuals from gaining massive amounts of wealth, which gives them access to politicians and control over the media? The only two things they need to throw out everything is control over politicians and media.
You're right, politicians would still have power, and could still be bought out. But there'd be a lot less incentive to buy them out, because however much Trump would have you believe otherwise, most taxes go to paying the beuraucracy, and propaganda to get people to vote for more beureucrats. In libertarianism there could be just as much government aid for the little guys, but at the same time so much less taxes that big business wouldn't NEED to find corrupt politicians and bribe them into passing laws that let some random company get around taxes, multiplied by how many big businesses there are. That's a lot of money wasted on bribes and on people to interpret the mostly useless laws. For the few remaining cases (if any) where big businesses remained at odds with the law, the government would also be so much more efficient that there would be a lot harder time finding a corrupt politician, since there wouldn't be room for many politicians at all anymore, and the corrupt ones would be a lot easier to fire (there'd be a lot less sheep for the wolves to hide in).

As for the media aspect, yes there'll still be voters influenced by ads, ads which are more affordable to rich people, but with such a smaller set of laws to vote on it will be a lot easier for people to vote smart.

As for your computer analogy, you aren't getting rid of root access, you are just services at random, without concern for whether the services is necessary, while ignoring any threats you are currently facing and saying "See? We've reduced the attack surface! It's secure!" There is a trade-off between usability and security, and Minarchism is like proving you can make a more secure OS by removing most of the utilities and services, while leaving the browser and networking services untouched - technically more secure in some ways, but absolutely useless for most of the things you need it for, and if your primary threat is someone with physical access then it doesn't even solve the problem.
Nothing solves the worst case scenario of sabotaged hardware, so isn't it logical to secure against other threat scenarios? Libertarianism is like saying "javascript should never be able to modify the Master Boot Record or have block-level disk access", e.g. "the federal government should never be able to force you to buy something or tax something that begins and ends within 1 state's borders".
Minarchism ignores the problems that are solved by laws, regulations, agencies, services, etc. while making it a lot easier for wealthy individuals to gain influence over govenrment. Not only that, but it ignores externalities; things like traffic tickets reduce motor vehicle accidents, reducing fatalities, healthcare costs, and economic costs. Developing land can destroy other property values, while polluting harms health, increases asthma, leading to both increased mortality rates and health care costs. Minarchism means that you can only get compensation after you are already sick or dying, but then you risk losing the case and going bankrupt as well. Minarchism is not a system that is designed to deliver good outcomes to the population, and because of that it's not ever going to be accepted in its entirety.
Minarchism ignores the problems that are solved by laws, regulations, agencies, services, etc. while making it a lot easier for wealthy individuals to gain influence over govenrment. Not only that, but it ignores externalities; things like traffic tickets reduce motor vehicle accidents, reducing fatalities, healthcare costs, and economic costs. Developing land can destroy other property values, while polluting harms health, increases asthma, leading to both increased mortality rates and health care costs. Minarchism means that you can only get compensation after you are already sick or dying, but then you risk losing the case and going bankrupt as well. Minarchism is not a system that is designed to deliver good outcomes to the population, and because of that it's not ever going to be accepted in its entirety.I'm all for law but most of those are things that can be worked out just fine at the state level. There is a very minimum set of privileges needed by the federal government, and everything else is reserved for state government or for the people. Also, making there be less people in the government and making them have less power somewhat lowers the incentive to corrupt them, while making it harder for the corrupt ones to stay in office. Not 100%, but a lot better than what we have now.
Elections, governments, economic systems, are all human constructions; because of that, they are prone to exploitation; when designing systems. Capitalism is a system in which power is self-reinforcing, and there are many regulations in place to reduce the accumulation of power. Moving to a Minarchist government would eliminate all of our protections, it would lead to a much more massive accumulation of wealth and power, and they would be able to change the constitution and pass whatever laws they want. You have to prevent individuals from gaining too much power in the first place, or everything else is worthless.
Sorry, I think I might have been using the wrong word then. By libertarian I didn't mean the federal government shouldn't have the power to ban vote selling, or to prevent itself from being traded on the stock market. To me that seems more like oligarchy. When I say libertarianism I mean what the founding fathers set up, plus the amendments that were ratified by an overwhelming majority of the states (where each person gets 1 vote, not each dollar gets 1 vote).
Also, just for fun, justify banning the sale of children under a libertarian government while also allowing adoption and allowing surrogate mothers to receive compensation. And if you allow the sale of children, justify the banning of slavery while allowing parents to make their children do chores. Libertarianism doesn't work because it assumes the world is black and white and everything can be reduced down to simple, absolute laws of property and coercion.
That's not why there should be as much government as there is now. That's just why there should be government. A libertarian country would be minarchic, not anarchic. It's not executive orders or extremely broad reading of the commerce clause that bans slavery and lets women vote. It's amendments to the Constitution, ratified by an ovetwhelming majority of the states. Libertarianism would give us the liberty that our founding fathers wanted us to have, without the outdated views regarding women's rights and slavery. In essence, everyone can have their cake and eat it, because it's a compromise. You don't throw out ALL law, and you don't eat the whole cake.

AnuraDecember 11, 2016 1:47 PM

@P2P

Now I'm just confused - are you saying that politicians would or would not be able to write laws? Libertarianism reduces all laws to matters property rights and coercion, and Minarchism is a system in which the government is all military, courts, and law enforcement and run purely by Libertarian principles. This is what is argued reduces corruption, because politicians can't write laws specifically to target people. But now it sounds like you are still going to allow politicians to write laws, which basically reduces everything down to interpretation of your constitution (which means you just have to influence judicial appointments to do whatever the hell you want).

It sounds to me you are proposing we have the exact same constitution and government we have now, but by electing Libertarians we would somehow permanently reduce the problem? That makes no sense at all, so let me know if I am just mistaken.

It should also be noted that you are talking about reducing everything to the states - I hope you realize that this makes it a lot easier to target voting rules against specific groups. Unless all states have the same rules on who can vote, and when and where they go to vote, you cannot say there is equal representations. Besides that, by requiring state and local governments are funded by local sources, it leads to a situation that reinforces inequality, which leads to poor areas having higher expenses and less potential funds, while rich areas have lower expenses and more potential funds - this means that rich areas are well maintained, promoting growth, and poor areas are poorly maintained promoting decline.

Give people room, and they will exploit it - the more money they have, the more they will exploit. Most of the laws Libertarians want to get rid of exist because capitalism inherently leads to inequality and instability - most corruption is in trying to get rid of the laws that protect us from the problems of capitalism; getting rid of them just speeds up the process of the US becoming a aristocracy. Libertarianism is cutting off the nose to spite the face.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.