Surveillance and Our Insecure Infrastructure

Since Edward Snowden revealed to the world the extent of the NSA’s global surveillance network, there has been a vigorous debate in the technological community about what its limits should be.

Less discussed is how many of these same surveillance techniques are used by other—smaller and poorer—more totalitarian countries to spy on political opponents, dissidents, human rights defenders; the press in Toronto has documented some of the many abuses, by countries like Ethiopia , the UAE, Iran, Syria, Kazakhstan , Sudan, Ecuador, Malaysia, and China.

That these countries can use network surveillance technologies to violate human rights is a shame on the world, and there’s a lot of blame to go around.

We can point to the governments that are using surveillance against their own citizens.

We can certainly blame the cyberweapons arms manufacturers that are selling those systems, and the countries—mostly European—that allow those arms manufacturers to sell those systems.

There’s a lot more the global Internet community could do to limit the availability of sophisticated Internet and telephony surveillance equipment to totalitarian governments. But I want to focus on another contributing cause to this problem: the fundamental insecurity of our digital systems that makes this a problem in the first place.

IMSI catchers are fake mobile phone towers. They allow someone to impersonate a cell network and collect information about phones in the vicinity of the device and they’re used to create lists of people who were at a particular event or near a particular location.

Fundamentally, the technology works because the phone in your pocket automatically trusts any cell tower to which it connects. There’s no security in the connection protocols between the phones and the towers.

IP intercept systems are used to eavesdrop on what people do on the Internet. Unlike the surveillance that happens at the sites you visit, by companies like Facebook and Google, this surveillance happens at the point where your computer connects to the Internet. Here, someone can eavesdrop on everything you do.

This system also exploits existing vulnerabilities in the underlying Internet communications protocols. Most of the traffic between your computer and the Internet is unencrypted, and what is encrypted is often vulnerable to man-in-the-middle attacks because of insecurities in both the Internet protocols and the encryption protocols that protect it.

There are many other examples. What they all have in common is that they are vulnerabilities in our underlying digital communications systems that allow someone—whether it’s a country’s secret police, a rival national intelligence organization, or criminal group—to break or bypass what security there is and spy on the users of these systems.

These insecurities exist for two reasons. First, they were designed in an era where computer hardware was expensive and inaccessibility was a reasonable proxy for security. When the mobile phone network was designed, faking a cell tower was an incredibly difficult technical exercise, and it was reasonable to assume that only legitimate cell providers would go to the effort of creating such towers.

At the same time, computers were less powerful and software was much slower, so adding security into the system seemed like a waste of resources. Fast forward to today: computers are cheap and software is fast, and what was impossible only a few decades ago is now easy.

The second reason is that governments use these surveillance capabilities for their own purposes. The FBI has used IMSI-catchers for years to investigate crimes. The NSA uses IP interception systems to collect foreign intelligence. Both of these agencies, as well as their counterparts in other countries, have put pressure on the standards bodies that create these systems to not implement strong security.

Of course, technology isn’t static. With time, things become cheaper and easier. What was once a secret NSA interception program or a secret FBI investigative tool becomes usable by less-capable governments and cybercriminals.

Man-in-the-middle attacks against Internet connections are a common criminal tool to steal credentials from users and hack their accounts.

IMSI-catchers are used by criminals, too. Right now, you can go onto Alibaba.com and buy your own IMSI catcher for under $2,000.

Despite their uses by democratic governments for legitimate purposes, our security would be much better served by fixing these vulnerabilities in our infrastructures.

These systems are not only used by dissidents in totalitarian countries, they’re also used by legislators, corporate executives, critical infrastructure providers, and many others in the US and elsewhere.

That we allow people to remain insecure and vulnerable is both wrongheaded and dangerous.

Earlier this month, two American legislators—Senator Ron Wyden and Rep Ted Lieu—sent a letter to the chairman of the Federal Communications Commission, demanding that he do something about the country’s insecure telecommunications infrastructure.

They pointed out that not only are insecurities rampant in the underlying protocols and systems of the telecommunications infrastructure, but also that the FCC knows about these vulnerabilities and isn’t doing anything to force the telcos to fix them.

Wyden and Lieu make the point that fixing these vulnerabilities is a matter of US national security, but it’s also a matter of international human rights. All modern communications technologies are global, and anything the US does to improve its own security will also improve security worldwide.

Yes, it means that the FBI and the NSA will have a harder job spying, but it also means that the world will be a safer and more secure place.

This essay previously appeared on AlJazeera.com.

Tags: essays, infrastructure, privacy, surveillance

Posted on April 17, 2017 at 6:21 AM • 91 Comments

Comments

Z.Lozinski • April 17, 2017 7:28 AM

Perhaps one step to improve the situation is in documenting the (now incorrect) assumptions we have collectively made in designing and implementing the world’s communications infrastructure. I think one of the problems is that how these assumptions have been broken is not well understood, and so people ignore them.

We need everyone building systems and devices – not just the security engineers – to understand how these have changed.

1 – Anyone that can connect to the SS7 network is a legitimate telecom operator. That was true in the 1970s when C7 was being designed and the 1980s when it was first implemented. It is not true now, with SIGTRAN gateways allowing anyone with an IP connection to send SS7 messages. Examples where this is being exploited: telecom accounting fraud, fake CallerId for incoming calls, and fake SMSes to subvert multi-factor authentication. (Hence the recent change in accepting SMS as a valid 2F).

2 – Anyone that can put up wireless infrastructure is a a legitimate operator. Valid in the 1980s, when a cell site was a USD 100K investment. Not true any more for mobile telecoms, with the growth of IMSI catchers (USD 2000 per Bruce’s example. Not true any more for WiFi and mobile data (USD 100). How many people trust the nearest hot-spot? Even those who should know better still make this mistake: see the wall of sheep at any CCC or HOPE.

3 – Anyone that connect to the international banking system is a legitimate bank. True when corresponding banks literally had each others physical name, address and registered signature. We have seen ATM scams based on setting up a bank in New York, We have seen fake SWIFT transactions (Bank of Bangladesh).

4 – Digital certificates provide any assurance about the security of a connection. Maybe in theory, if the entire trust chain is properly implemented; not in practice. There are too many Certificate Authorities; too many domain registrars have weak security; certificate trust is imbedded in browsers; too many examples of vulnerability to MITM.

5 – Apps from a trusted AppStore solve all these problems. I believe Apple and Google are doing their best, as their business really does depend on this model working. Look at the recent Brazilian bank incident – how would using an App help the end user when the App believed it was communicating with a trusted endpoint?

6- The trickle down effect is massively underestimated. In WW2 it took a national effort by the UK and USA to break a high grade communications system (Engima, FISH etc.) that was comparable to the Manhattan Project in terms of people and resources. The Cold War had similar levels of investment. Even ignoring the script kiddies, we have gone from USD billions to tens/hundreds of thousands (constant 2017 currency) to mount a major attack. This is where I believe that the security community needs to get the national agencies of the major developed countries to re-think their assumptions.

I’m sure there are others.

ab praeceptis • April 17, 2017 7:38 AM

Z.Lozinski

I believe that the security community needs to get the national agencies of the major developed countries to re-think their assumptions.

Yes, right after teaching pigs to fly.

As far as “intelligence agencies” of 5 eyes and nato members are concerned there is only 1 thing to do and that is to not trust them a single nanometer and to defend against them (and if necessary to fight them) by any and all means.

Rufo Guerreschi • April 17, 2017 8:27 AM

There is much to blame on leading cryptographers and IT security experts, including Bruce Schneier, that for the last 30 years believed there is no way for a third party to provide lawful access to a ultra-high assurance IT system in way that does not cause unacceptable risks for use privacy or at least a risk not larger than it is currently.
It is not true that we have to choose either or or, but it is really a both or neither.
Over the last 2 years, we have come up with an event series, and a draft of standard and certification body, for providing ultra-high assurance IT services while enable constitutioanl and legitimate – no more no less – lawful access: http://www.free-and-safe.org
https://www.openmediacluster.com/trustless-computing-consortium/

Rufo Guerreschi • April 17, 2017 8:34 AM

You write: “Yes, it means that the FBI and the NSA will have a harder job spying, but it also means that the world will be a safer and more secure place.”

FBI and NSA having a “harder job spying” means that they may be unable to remotely compromise 2 suspects digital communications data or metadata.

It is highly debatable that “the world will be a safer and more secure place” if that could enable hundreds of millions of petrol dollars to arrive at IS, or a top staff of a US Presidential candidate to sell the American democracy to get some illegal help during the election from a foreign state adversary.

Anonymous= • April 17, 2017 8:52 AM

Surveillance and our Insecure Infrastructure

Worldwide omnipresent surveillance and insecure-by-design infrastructure comprise an entire strategy unto itself, which a certain Satanic devil-worshipping mob will never give up until their talons are surgically removed, their wings are pinioned, and their beaks are cut off. These things, gruesome as they are, MUST be done in order to gain victory over that number 666.

… fixing these vulnerabilities is a matter of US national security, but it’s also a matter of international human rights. … Yes, it means that the FBI and the NSA will have a harder job spying, but it also means that the world will be a safer and more secure place.

I could not agree more with this.

Ratio • April 17, 2017 8:53 AM

@ab praeceptis,

As far as “intelligence agencies” of 5 eyes and nato members are concerned there is only 1 thing to do and that is to not trust them a single nanometer and to defend against them (and if necessary to fight them) by any and all means.

@Z. Lozinski was talking about the national agencies of the major developed countries. Interesting shift of focus…

So would you consider the intelligence agencIes of countries that aren’t members of Five Eyes or NATO to be trustworthy? If so, why?

Take your time answeing. I wouldn’t wanna rush ya.

Elliot • April 17, 2017 9:17 AM

You generally can’t solve a problem in a lower level layer by tweaking a higher level layer. This is a problem of regulating human behavior. As the technology genie is more and more free, the damage that a single individual can do is exponentially increased, and the need therefore to regulate individual behavior is exponentially greater. The paradox is that respect for freedom can only be enforced through a system which has the capacity to be deeply invasive as necessary. Such a system will obviate the need for and will replace contemporary economic and regulatory systems. If you’re not working on the realization of the next evolutionary step of human sentience, version 2.0 of human organization, you’re just rearranging deck chairs.

Z.Lozinski • April 17, 2017 9:46 AM

@Rufo Guerreschi,

There is much to blame on leading cryptographers and IT security experts, including Bruce Schneier, that for the last 30 years believed there is no way for a third party to provide lawful access to a ultra-high assurance IT system in way that does not cause unacceptable risks for use privacy or at least a risk not larger than it is currently.

It is not true that we have to choose either or or, but it is really a both or neither.

Experience suggests that this is a very hard problem to solve (see: “The Athens Affair”, Vassilis Prevelakis and Diomidis Spinellis, IEEE Spectrum, 44(7):26–33, July 2007). The LI subsystem in a national network is as critical as it gets and that was compromised. The cost of this breach is currently EUR 83M plus the death of one of Vodafone’s engineers. It is not just about having a design that is secure in principle, the integrity of the implementation is equally important. Nearly all deployed systems seem to have vulnerabilities, so we need an increased focus on security engineering.

By all means please propose new solutions, because we need them. But practice is as important as theory: Enigma was secure in theory.

baby jesus • April 17, 2017 10:02 AM

Wyden is Comey’s teacup poodle. If he had the merest teeny tiny mouse balls, he would point out that FBI and NSA have no legislative authorization. Then he would formalize their nonexistence to make them stop wrecking critical international infrastructure.

Bob Dylan's Rustic Earring • April 17, 2017 10:05 AM

@Rufo writes, It is highly debatable “that the world would be a safer place” if that could enable hundreds of millions of petrol dollars to arrive at IS, or a top staff of a US Presidential candidate to sell the American democracy to get some illegal help during the election from a foreign state adversary.

Sure it is debatable because both sides are arguing about a future and the future is intrinsically unknowable; we can only talk about it in terms of probability. So the only proper response to your statement is: we hope not. We hope that a dedication to security and privacy won’t make the world a more dangerous place. People who post here tend to share that social hope. If you desire to change minds you are better off talking about concrete reasons why such a hope is unjustified rather than trotting out a parade of speculative horribles.

Z.Lozinski • April 17, 2017 10:06 AM

I will add another assumption, and I think this gets to the heart of Bruce’s argument.

7 – NOBUS works (in favour of the world’s developed economies). Yes, the technical intelligence agencies of the developed countries recruit good people, and fund them well. But … is it valid to assume that the Bad Guys (TM) don’t have access to equally skilled people, sufficient funding, or that they cannot reverse engineer or re-purpose one of the Good Guys exploits if they find it? Remember the DPRK has designed advanced nuclear weapons.

I’m coming to the conclusion that pervasive surveillance based on widespread insecurity does not benefit public safety and security. In the digital world, there are no secrets. Once surveillance technology is widely deployed, especially by states with less focus on due process and the legal issues, it will leak. We have seen that happen with the fall of Libya.

Our threat model needs to include the DPRK or Daesh using Western-developed exploits running on EC2 instances against us.

Theophrastus • April 17, 2017 10:10 AM

NOTHING that gets in the way of some pig’s profits is going to fly. Absolutely nothing. Profits are the new God. Look at this poor schnook who got roughed up for having the temerity to stand in the way of United Airlines’ profits last week – he got the goon squad. While our legislators almost certainly won’t get the goon squad (unless, perhaps they’re to the left of Mussolini), they’ll certainly get IGNORED.

Michele • April 17, 2017 10:35 AM

[IMSI catchers work] because the phone in your pocket automatically trusts any cell tower to which it connects. There’s no security in the connection protocols between the phones and the towers.

You’ve identified one privacy flaw with mobile phone networks (ignoring Wifi and Bluetooth for now), but let’s be more ambitious. It’s bad that any random person with an IMSI catcher can track you. If that’s fixed, the phone companies (and coöperating “partners” i.e. governments) will still be able to track you. It’s commonly stated that this is a necessary aspect of the tech, so the companies can route calls to you, but that’s lazy thinking.

We know from Tor that it’s possible to separate network entry and exit such that your network service provider cannot (easily) track you. We know from its predecessor, the ZKS Freedom Network, that it’s possible to anonymously bill for access; and of course there’s Chaumian cash and Bitcoin. In other words, we have all the technology needed to create a non-tracking phone network.

We could do away with IMSIs/SIMs and make sure TMSIs and hardware identifiers are never reused between cell towers. Instead, users could use anonymous crypto tokens (cash) to get access to a tower, and then onion-route to their real provider. The phone’s software could transparently get these from the provider, once the provided checked the user had paid their monthly fees. (ZKS Freedom users just paid by credit card and didn’t need to know about cryptocurrency.) Alternately, users could do without a fixed provider and buy prepaid tokens from wherever phone cards are sold, if they don’t need a (long-term) incoming phone number or can get that from elsewhere.

Push back when people say the lack of privacy is inherent. People need to know it’s fixable so they can demand or create fixes.

Who? • April 17, 2017 10:40 AM

@ Rufo Guerreschi and Z.Lozinski,

There is much to blame on leading cryptographers and IT security experts, including Bruce Schneier, that for the last 30 years believed there is no way for a third party to provide lawful access to a ultra-high assurance IT system in way that does not cause unacceptable risks for use privacy or at least a risk not larger than it is currently.

This is not a technical problem, so there is no way to fix it. Such a thing as a lawful access to a ultra-high assurance IT system can be used and can be abused (do you remember NSA’s LOVEINT?). IT systems either are or aren’t secure.

Michele • April 17, 2017 10:55 AM

Z.Lozinski

Apps from a trusted AppStore solve all these problems. I believe Apple and Google are doing their best, as their business really does depend on this model working. Look at the recent Brazilian bank incident – how would using an App help the end user when the App believed it was communicating with a trusted endpoint?

Assuming you’re talking about this:
https://www.scmagazine.com/brazilian-bank-hacked-loses-control-of-its-online-presense/article/648773/

A well-coded app would verify certificates based on a proper chain of trust, not the broken CA system. As pointed out on the last Friday Squid story, no CA should issue for a DNSSEC domain without verifiying DNSSEC authority; but an app doesn’t even need to trust the ICANN DNSSEC root. It could verify the bank’s key directly, plus whatever DNS/CA signatures are provided.

Trust, and single roots of trust in particular, are the problem. App stores shouldn’t know who’s using them, so they can’t be forced to give up particular users; onion routing or a large set of third-party mirrors can fix that. Users shouldn’t have to trust the App store’s signature; we can have Apps stores and developers and third-party verifiers co-sign to fix that. People shouldn’t have to trust compilers or build infrastructure; reproducible builds can help. And then there’s the whole idea of trusting one bank to begin with (with fractional reserve banking, we know for a fact they don’t even have “our” money); the solution space is nascent but interesting: digital ledgers, cryptocurrencies.

I’m interested to see what will happen with governments and legal systems (these being trust roots) in the coming decades too. Does it really make sense, as an example, for Ireland to have authority over the world’s dominant internet communication infrastructure (Facebook)?

Michele • April 17, 2017 11:04 AM

Who?

believed there is no way for a third party to provide lawful access to a ultra-high assurance IT system in way that does not cause unacceptable risks for use privacy or at least a risk not larger than it is currently. … This is not a technical problem, so there is no way to fix it.

Perhaps that was the point? As an example, we can provide lawful access to a Tor exit node without compromising anonymity, because the “access” isn’t to anything useful. Of course, the concept of “lawful access” doesn’t have much meaning then, but that’s the direction we need to be heading: Snowden’s leaks revealed that governments have pervasively abused all trust given to them—all governments, in every way and to every degree imaginable.

So that’s kind of a fix for lawful access that removes the risk…

Who? • April 17, 2017 11:12 AM

Please, do not mix my words with others. I have not said that.

My point is that an ultra-secure IT system with a government backdoor is not secure at all.

mark • April 17, 2017 12:01 PM

Bruce, you’ve missed the 900kg canary in the room: advertising. Making things more secure mean that companies can’t surveil your traffic, and send you spam. That’s the real reason the GOP was bribed to repeal the protections. Never mind we’re paying for that access, it’s not enough for the companies, who want to monetize EVERYTHING.

mark

smellynewbie • April 17, 2017 12:36 PM

My point is that an ultra-secure IT system with a government backdoor is not secure at all.

Perhaps it’s less about security but more about control.

Politics are ubiquitous. Control settles things somewhay.

Z.Lozinski • April 17, 2017 1:32 PM

@Michele,

Does it really make sense, as an example, for Ireland to have authority over the world’s dominant internet communication infrastructure (Facebook)?

We can re-phrase your question. “Does it really make sense, as an example, for Ireland to have authority over [one of] the world’s dominant computer services firms (Accenture)?”

Accenture’ HQ is in Ireland, and the company is subject to Irish law. (And by extension EU law, for those areas governed by the Treaty of Lisbon.) Ireland has a well respected constitution and a legal system that is free of corruption.

The generally accepted question among governments is: “Yes. This does make sense.” Countries have jurisdiction over legal persons (companies) in their jurisdiction. In the Post-Westphalian settlement, all countries are equal under international law.

Of course, this is also the root of the issue with offshore tax havens: they are countries (with full rights) who in some way are abusing (“hacking”, even) the international regulatory system.

I would point out that only a subset of Facebook (and Microsoft) infrastructure is in Ireland. But by what legal theory is Ireland a poor choice to exercise legal authority over the parts within its jurisdiction?

[Full disclosure: I was educated in Ireland and my copy of the constitution is still on my bookshelf.]

Z.Lozinski • April 17, 2017 1:50 PM

@Miuchele,

In other words, we have all the technology needed to create a non-tracking phone network.

We could do away with IMSIs/SIMs and make sure TMSIs and hardware identifiers are never reused between cell towers. Instead, users could use anonymous crypto tokens (cash) to get access to a tower, and then onion-route to their real provider.

You’re right. And this illustrates how assumptions are imbedded into technology, and remain, even when they are no longer valid.

It started as a technology issue because this was how the original St. Louis mobile network was designed in 1949. It was based on public radio (think police, taxi), where you knew the location of the car you were calling. The term used in the current mobile standards is even “paging area”. Over the years, this thinking was imbedded in mobile network technology.

Now, there is a business issue, and a regulatory issue.

The business issue. Your model means if I provide a cell tower I have to carry radio traffic for any operator. The Radio Access Network (RAN) is the most capital intensive part of the network. As a operator, I will chose to deploy cell sites in the locations I expect to find most of my customers. I want to allocate capital expenditure and gain the exclusive use. You may have a poorer selection of cell sites and sharing traffic means you get a better return on capital at my expense. This is not a theoretical argument. There is a case study that Vodafone UK had better cell site selection for first generation analog cellular systems, based on an in-house developed radio propagation model.

The regulatory issue is that this model has been encouraged by regulators who want competition in the provision of infrastructure and want to avoid a repetition of the fixed network model where only one provider serves any individual premise. Although national roaming is a technical option in 3GPP specifications it is often forbidden by national regulations or license conditions.

Fixing this is possible, but it would require getting 3GPP to accept location privacy as a requirement for 5G, writing the detailed technical contributions to make it work, and getting them accepted.

We have to identify the assumptions that are no longer valid.

albert • April 17, 2017 1:57 PM

“…Wyden and Lieu make the point that fixing these vulnerabilities is a matter of US national security, but it’s also a matter of international human rights. All modern communications technologies are global, and anything the US does to improve its own security will also improve security worldwide….”

I don’t think anyone gives a Rats Sorry Ass about “human rights”, certainly not the Blood-Sucking Parasites running things. Our national security -demands- secure communications. Why not try it? It might work. My worry is that LE/IC will ensure that ‘terrorism’ increases after secure communications are in place. The War Machine will not stop easily, but it must be stopped.

Still, a good op ed from Bruce, and in Al Jazeera, no less!

@Rufo,

“…It is highly debatable that “the world will be a safer and more secure place” if that could enable hundreds of millions of petrol dollars to arrive at IS, or a top staff of a US Presidential candidate to sell the American democracy to get some illegal help during the election from a foreign state adversary….”
LOL
Yeah, keep beating on those tired old memes.
Of course, some -facts- may serve to bolster your opinions…

. .. . .. — ….

Michele • April 17, 2017 4:18 PM

Z.Lozinski

I would point out that only a subset of Facebook (and Microsoft) infrastructure is in Ireland. But by what legal theory is Ireland a poor choice to exercise legal authority over the parts within its jurisdiction?

There’s nothing wrong with that, and I have no general problem with Ireland’s courts. But their authority is far broader than you suggest. Quoting the Facebook EULA via europe-v-facebook:

If you are a resident of or have your principal place of business in the US or Canada, this Statement is an agreement between you and Facebook, Inc. Otherwise, this Statement is an agreement between you and Facebook Ireland Limited. References to “us,” “we,” and “our” mean either Facebook, Inc. or Facebook Ireland Limited, as appropriate.

That means for anyone outside of the US or Canada (perhaps excepting a few other countries that have Facebook offices), their use of Facebook is governed exclusively by Irish law. Pretty much by accident, Ireland has ended up with jurisdiction over a worldwide communication infrastructure. Just because FB chose Ireland for tax reasons, maybe not thinking about Data Protection implications.

This doesn’t quite seem to mesh with traditional views of jurisdiction. Companies can basically choose which set of laws apply to them and their clients, even if those clients are all over the world and neither they nor the company have any strong connection to the country. Kind of reminds me of Snow Crash and other anarchocapitalistic novels.

Michele • April 17, 2017 4:32 PM

Z.Lozinski

The business issue. Your model means if I provide a cell tower I have to carry radio traffic for any operator.

Well, you won’t really know which operator it’s for, but you can set the price. So strictly speaking, you’d carry traffic for any operator/user willing to pay your rates, and some operators aren’t going to allow unlimited use for a flat rate. Maybe your rate is $1/day (and you give out a dated zero-knowledge proof of payment), and for a flat $20/month plan that’d be a problem. So the phone will seek a cheaper cell or make the user pay.

I don’t understand the rest of your comment fully. Are you saying that populated areas will be overcovered and rural areas undercovered, because people will build near the users? Probably true, but the same is true of grocery stores: I know of areas with 8 in a 15-minute walk-radius (with 1 or 2 unlikely to survive) and others where you’d have to walk an hour for produce. That’s not great, but society considers it to mostly work well enough, and that’s capital-intensive too.

John Galt • April 17, 2017 4:57 PM

@ Schneier

Thumbs up, Bruce.

The cage needs to be rattled. Also note the hipocracy on the AJ site right under your op/ed… mentioning a ‘cloud group’ that won’t help Trump ‘target’ a specific class of immigrants… BUT, they are more than happy to target EVERYONE, equally — and doing for at least a decade.

@ Michele

[[[ This doesn’t quite seem to mesh with traditional views of jurisdiction. Companies can basically choose which set of laws apply to them and their clients, even if those clients are all over the world and neither they nor the company have any strong connection to the country. Kind of reminds me of Snow Crash and other anarchocapitalistic novels. ]]]

That’s why I say “cloud computing” is the dumbest thing in the world.

Why?

All ‘cloud’ providers essentially subject everyone to the “law of the sea” (maritime anarchy and international law).

Example: MS or someone stores all Irish data in the US; and, all American data in the UK; and all UK data in Germany.

What is the result? Global Communism run by the UN “Committees”

Breach? Misappropriation? Etc? (Cause of Action and Jurisdictional Statement) A Plaintiff is forced to sue in a federal maritime jurisdiction and across international boundaries along with International Service of Process — EXPENSIVE TO THE POINT OF IMPOSSIBLE FOR REDRESS!

NO RECOURSE. Period. Not only that, but to actually be in a position to assemble a list of “facts” suitable for a jurisdictional statement is almost impossible. Why? The endpoints aren’t where they really appear to be. How? Everything VPNs to China or India?

“Prove it.”

You can’t.

Data Harvesting legalized. Dump “the cloud” and possess your own storage disk is the only SMART thing to do. Possession is 9/10ths of the law. You don’t possess but THEY do. You lose.

John Galt • April 17, 2017 5:19 PM

@ Schneier

PS: NOTE: I said “hipocracy”… as a play on words… as a new word for a form of government (as opposed to ‘democracy”)

ab praeceptis • April 17, 2017 6:31 PM

Ratio

Thanks for the hint -> “major developed countries”. That indeed excludes 5 eyes and most nato countries (being either not major or not really developped or both).

Otherwise I stick with what I said. National agencies of any kind in most countries will certainly not re-think anything before hell is frozen and pigs fly – unless they are looking right into a gun barrel.

But I conceed that “national agencies” is much more than just the intelligence agencies on which I focussed. On the other hand it just so happens that e.g. agricultural agencies rarely establish mechanisms for eavesdropping on all citizens.

Sheepdog • April 18, 2017 2:10 AM

Hm, being one of the culprits behind several of the related telco standards and systems, I’d respectfully beg to disagree. We knew quite well back in the 80’s that our systems weren’t secure. Furthermore, as proven by very early man-in-the-middle exploits, it wasn’t incredibly difficult to exploit the lack of base station authorization at the time. As I remember the discussions at the time, the issue was rather – just as now – a simple cost/benefits tradeoff. For a 1980’s network operator the cost was associated to the operational complexity (always foremost in the minds of traditional bellheads), not hardware. More importantly though, the benefits were the value (again, for the operator) of preserving mobile customer data confidentiality, which at the time were perceived to be significantly lower than today, for a number of obvious reasons.

A significant part of today’s problem is the legacy fallback feature, whereby any modern advanced phone will happily fall back to any old protocol like GSM without warning or control. Nobody will ever fix all old GSM vulnerabilities (the very reason for having the GSM fallback is to allow fallback to old systems).
Furthermore, the equipment manufacturers introduce new vulnerabilities (or fail to fix new threats) into the old legacy code associated with GSM and 3G protocols since there’s so little value-add in maintaining this stuff. Just to give a feeling of the related development effort, my previous handset employer employed approx 600 designers for 4G design, approx 40 designers for 3G design, and two chaps (living rather lonely lives outsourced to India) maintaining the GSM code.

The only way I see to fix the legacy issue is to somehow come up with a scheme to disable legacy support in handsets, in a way that is acceptable to both end users and operators (presumably meaning that just removing GSM isn’t an option for years to come).

John Galt • April 18, 2017 2:29 AM

@ Sheepdog

[[[ More importantly though, the benefits were the value (again, for the operator) of preserving mobile customer data confidentiality, which at the time were perceived to be significantly lower than today, for a number of obvious reasons. ]]]

Confidentiality as a “perception of value” in the middle of spy country… is zero to the spys.

That’s the #1 problem: Spies. Our own, no less.

The #2 problem is the “endpoints” who have been “trained” or “conscripted” and “paid” to aid and abet the spies. This includes, first and foremost, disk images.

The #3 problem is the fact that users are so wary AND TIRED of all the BS, that they just “live” with the encroachment on their lives until ultimately, “they crackup” (Quote from Silent Weapons for Quiet Wars.)

What does that mean? Well, we see the outward manifestations of it already in fist fights at places like Berkeley this week.

Today, it’s fists. Tomorrow, machetes and pitch forks. The day after that …. rat tat tat tat tat tat…. BOOM.

ALL PREVENTABLE.

I’m far less worried about ragheads on the other side of the world than I am about the computer nitwits in my own neighborhood who don’t know anything about this stuff. Instead, they just get pissed off.

It’s like a day of Water Torture. Sooner or later… we all know what happens.

Ion • April 18, 2017 3:06 AM

Vigorous debate? What have you been drinking? Net neutrality is nullified and people want state owned internet providers because they say they are faster. You’ve seen women’s marches as if Trump would have personally inspect that every person with a vagina will be turned into a home maker or soccer mom. And most people seem to have never heard of Snowden. The army and homeland defense get their budgets increased instead of cut to 20%. Police receives military equipment while they assassinate minority individuals without care.

John Galt • April 18, 2017 4:04 AM

@ Ion

[[[ And most people seem to have never heard of Snowden. ]]]

Maybe in your group.

BUT, do you remember what happened the week of the release of Oliver Stone’s “Snowden”???

September 17, 2016 (just when Snowden and Stone were hitting the news reels)… Someone set off a trashcan bomb that smothered the news from coast to coast.

Then New Jersey.

The 18th… a “mass stabbing” in Minnesota shopping mall.

“Three Possible Terror Attacks on a Single Day” http://transcripts.cnn.com/TRANSCRIPTS/1609/18/cnr.05.html

IMHO, Someone threw the Apple of Discord into the room to change the subject and keep Snowden and Stone off the front pages.

keiner • April 18, 2017 4:12 AM

@Ion

Good point! Name the so-called “Western Democracy” not imposing mass surveillance on its population these days. Simply called “war on terror”. And the chilling effect to democracy and the revelation of bad governance all over the place.

Democracy is only a fake, see Hungary, Poland or Turkey learning from Putin and Trump. And even Germany and France are only fake these days. No democratic opposition, in France there is “state of exception” for years, as in the times of war in Algeria. Germany left without an opposition, leaders of the two big parties playing funny games with all kinds of laws, not willing to reveal federal support for nazi-terror against immigrants (NSU), although the facts are on the table.

https://www.youtube.com/watch?v=Ax_ZOuIbWqk

Opposition cannot stop cover-up of NSU and NSA. Or stop mass surveillance, although the highest court in Germany will most likely stop the underlying trash-law in some years (for the second time? or is it the third time?)

It’s a shame all over the place.

ATN • April 18, 2017 5:26 AM

Simply called “war on terror”. And the chilling effect to democracy and the revelation of bad governance all over the place.

Is there a country where there is more terrorists than corrupt politician/police/juges/civil servant/secret services/… these days?

Nobody • April 18, 2017 5:32 AM

the article mixes up two things. One is on the air interface security, where base station are not authenticated in 2G (stingray type of attack). Forbidding your phone to attach to anything lower then 3G is solving that problem, but you may end up without connectivity once in a while.

the second problem is the interconnection security, which is a completely different topic and even if the FCC forces all operators in US to upgrade, it would not make the interconnection network safe, but it would reduce the US attack surface.

Tony Pelliccio • April 18, 2017 6:40 AM

So I checked out the Alibaba thing and IMSI catchers are getting less and less expensive over time. I can see some great fun to be had with one. Of course my local PD probably already has one.

Winter • April 18, 2017 6:44 AM

“Democracy is only a fake, ”

Democracy is a fake in the same way as money, security, and the police are fake. They are all institutions that can be subverted. One aspect of Democracy is that voters can vote to abolish democracy and become a dictatorship. Which is what the voters in the countries you mention did.

keiner • April 18, 2017 7:36 AM

@ATN

In Iraq and Afghanistan I think it will be hard to decide… (moreover have a look at Jemen, some parts of central Africa. Egypt? Israel? Lebanon?…)

John Galt • April 18, 2017 11:29 AM

@ winter

[[[ Is there a country where there is more terrorists than corrupt politician/police/juges/civil servant/secret services/… these days? ]]]

That’s the master plan of Karl Marx.

“Dictatorship” of the “proletariat”.

Cloud Computing gives the “dictators” all they need. The proletariat is dumb enough to do it.

Terrorists join the National Guard, CIA, NSA, and Google.

The Forbin Project.

https://www.youtube.com/results?search_query=the+forbin+project

My Info • April 18, 2017 12:11 PM

@Ratio, ab praeceptis

5 Eyes == U.S., U.K., Canada, Australia, New Zealand

Nothing in common but the use of English as a native language.

Right to bear arms? Even the cops in U.K. have to make do with billy clubs. Australia? They’re convicts. They outright banned guns a few years ago. The Canadians? No. They’re too high on all those street drugs they import from South America through Mexico and the U.S.

This ain’t no treaty. It’s something really, really creepy going on. A lot creepier than it’s being made out to be.

No firearms. Hideous torture and unearthly punishment without trial.

My Info • April 18, 2017 12:30 PM

There is another major English-speaking country not included in FIVE EYES. India.

https://www.washingtonpost.com/news/wonk/wp/2017/04/17/after-a-series-of-flip-flops-trump-prepares-to-deliver-on-a-key-campaign-pledge/

Trump, who campaigned on an “America First” ideology, had promised to “end forever the use of the H-1B as a cheap labor program.”
…
The current worker visa program has been diluted as rules have gone unenforced, the officials said.
Indian outsourcing firms such as Infosys, Tata Consultancy Services and Wipro currently receive the lion’s share of the visas because they submit tens of thousands of applications to increase their chances.
…
Some advocates for H-1B visa reform cautioned against making rash changes without considering the ripple effect on the nation’s green card system or employers at large.

https://www.archives.gov/founding-docs/amendments-11-27

AMENDMENT XIII

Passed by Congress January 31, 1865. Ratified December 6, 1865.

Section 1.

Neither slavery nor involuntary servitude, except as a punishment for crime whereof the party shall have been duly convicted, shall exist within the United States, or any place subject to their jurisdiction.

Section 2.

Congress shall have power to enforce this article by appropriate legislation.

Trouble is that Congress is full of shit.

Anura • April 18, 2017 12:47 PM

@John Galt

FYI, you need to stop getting all of your knowledge from the Republican party propaganda. It’s making you ignorant.

The end goal of Marxism is a stateless, moneyless society. “Dictatorship of the Proletariat” was an idea for the transition to communism in order to defeat capitalism. It was misguided, but in no way the end goal. It says absolutely nothing about Marxism as an idea, or socialism in general, but I guess the narrative is necessary to keep libertarians from questioning their own, fragile beliefs.

Of course, the goal of libertarianism (of the people who are actually running the libertarian propaganda and in a position to benefit) is a system where a handful of White Christian males control the means of production to force their religion and their culture on the world through “voluntary contracts” where those with the power can tell the peasants they have to either their lives by the rules of the ruling class or starve to death on the streets. They justify it as simply a matter of the market deciding which morals are good and which are bad through social Darwinism (ignoring game theory and misunderstanding the theory of evolution), and they use oversimplified statements like “humans are selfish” and “it’s just common sense” so people don’t actually think about how and why wealth and power arises in society.

John Galt • April 18, 2017 12:56 PM

@ My Info

FYI, Clinton Foundation roster members were using State Dept to reinstitute slavery and establish the 21st Century oligarchy of slavers.

When Trump announced “extreme vetting,” Clinton Foundation shut down their “Clinton Global Initiative” — the same campaign Billy used to sell Google cellphones to foreign dictators. (You can watch Billy and Schmidt on Youtube giving a presentation to those dictators.)

The “extreme vetting” was going to result in tracking the ‘immigrants’ (slaves) back to the CF.

The CF even plants “breadfruit” to “feed the hungry” … and if you know anything about history, you’d know that Captain Bligh was bringing breadfruit back to the King from Polynesia. Breadfruit was/is cheap “fodder” for slaves. (Mutiny on the Bounty)

India — the caste system. British East India Company. Same outfit that collected Tea Taxes in Boston. BEIC also started 3 wars in Afghan in the 1800s — trying to enslave them to mine copper and other minerals. (Anglo-Afghan Wars). When the Afghans booted them out before war #3, the Afghans gave the BEIC the opportunity to just “pack up and leave.” Guess what? The BEIC rep tried to bribe the Afghans who offered them amnesty. OOPS. The Afghans then proceeded to say, “get the F out and don’t ever come back” as they slaughtered about 30,000 Brits. They left one alive to deliver the message back to the slavers.

John Galt • April 18, 2017 1:02 PM

@ Anura

You’re nuts.

The Republicans read my stuff — not the other way around.

Put that in your hash pipe.

John Galt • April 18, 2017 1:11 PM

@ Anura; My Info

Representatives and direct Taxes shall be apportioned among the several States which may be included within this Union, according to their respective Numbers, which shall be determined by adding to the whole Number of free Persons, including those bound to Service for a Term of Years, and excluding Indians not taxed, three fifths of all other Persons.

Article I, Section 2, Clause 3

Are you a “collectivist” Democrat? You are only 3/5ths of what I am.

Bong-Smoking Primitive Monkey-Brained Spook • April 18, 2017 1:17 PM

Put that in your hash pipe.

…

I’m far less worried about ragheads

…

The level of sarcasm is at an all-time high today! 🙂

Anura • April 18, 2017 1:27 PM

@John Galt

Admittedly, the current political situation is indistinguishable from right-wingers adopting policy based on the confidence of the people making the statements rather than the wisdom of the statements themselves. This really is the Dunning-Kruger Presidency.

And yes, we know you don’t believe in democracy either, and cheer and the suppression of minority votes because it helps your side. You believe that the free market will select our leaders based entirely on merit, and that they will ultimately do what’s best for us without us actually having to think for ourselves outside of what is required to serve our masters.

My Info • April 18, 2017 1:28 PM

@John Galt

FYI, Clinton Foundation roster members were using State Dept to reinstitute slavery and establish the 21st Century oligarchy of slavers.

I’m not surpised. Abe Lincoln was a Republican, and the KKK were Dixie Democrats.

The end goal of Marxism is a stateless, moneyless society. “Dictatorship of the Proletariat” was an idea for the transition to communism in order to defeat capitalism. It was misguided, …

That is a forever incomplete transition, an intentional misleading of said proletariat. There is no such thing as true ideal communism. Said dictatorship gains control of society’s resources, exercises a certain measure of greed over the fruits of the labor of the proletariat, and then we’re right back at capitalism where we began.

I’ve read capitalist theory, too. Three factors of production: land, labor, and capital, and the bickering over what share of income is rightfully allocated to each factor of production. Capital deepening, sunk costs, and all that. A lot of that theory is hundreds of years old, but that’s still what they teach.

@Bong-Smoking Primitive Monkey-Brained Spook

Nobody • April 18, 2017 1:34 PM

@Michele

A stingray usually works that way, that it claims to the terminal to be a 2G station (quite strong one so the terminal connects to it). In 2G (GSM) the base station is not authenticated. In 3G, 4G and 5G it is. This stingray attack is called a bidding down attack.

So the problem is fixed in the sense that new base stations are authenticated, but replacing 2G stations cost money, and if a user can no longer connect to 2G stations (i.e. prohibiting usage of 2G networks on the phone side) means that there will be cases with no connection and unhappy (complaining) users.

If you ask an cellular provider to pay money for “better” security, he will just ask if the users will pay more for it…..

And there we are back to the classical problems
money vs security
user comfort vs security

John Galt • April 18, 2017 1:42 PM

@ My Info

[[[ I’m not surpised. Abe Lincoln was a Republican, and the KKK were Dixie Democrats. ]]]

And Clintons are from Arkansas. Home of the KKK (Forrest Gump’s granddaddy).

[[[ That is a forever incomplete transition, an intentional misleading of said proletariat. There is no such thing as true ideal communism. Said dictatorship gains control of society’s resources, exercises a certain measure of greed over the fruits of the labor of the proletariat, and then we’re right back at capitalism where we began. ]]]

The old-Euro aristocracy commissioned Marx to write the new slave marketing plan; because of the pitch forks.

Some of them were dumb enough to buy it.

The DNC marketing plan (adopted from Marx):

Would you like:
1) a guaranteed job? Never be fired?
2) free food?
3) free housing?
4) free child care?
5) free entertainment (eg Facebook)
6) free transportation (busses and google cars?)
7) free utilities?
8) free sex and/or condoms and/or abortions (Selective Breeding — Planned Parenthood)
9) free education?
9) free health care?
10) anything else your little heart desires?

Would you like to come work for me on my brand new federally funded cotton plantation?

OOPS.

In 1850, what happened to old or disabled slaves who couldn’t work the fields, anymore?

ANSWER: ObamaCare… bury them in the North 40 as fertilizer.

@ Monkey … Spook

Glad you enjoyed it. You know, with things the way they are, you gotta maintain a good sense of humor. I’m glad I’m not the only one.

@ Anura

I studied Marx in college — extensively. And, before I got done reading it, I already knew that Marx was selling the old aristocracy under a new mantra.

Ever seen Braveheart (Mel Gibson?) Well, think of the DNC (and most of the “professional” politicians no matter what party) as Edward the Longshanks.

Wake up. I’d rather wake you up than have to fight with you.

Sincerely. Peace bro. Reread Marx with your critical thinking cap.

My Info • April 18, 2017 1:59 PM

The old-Euro aristocracy commissioned Marx to write the new slave marketing plan; because of the pitch forks.

Some of them were dumb enough to buy it.

There’s a lot of bad blood between me and that old-Euro aristocracy. That old Spanish Law from the days of feudalism in Europe is taking over the West Coast and Texas. I always wondered why people hated the system of villeinage in those days, and then I read up on it a little — oh, yeah, the villeins were the lantalaiset — no wonder people hated them so much.

Would you like to come work for me on my brand new federally funded cotton plantation?

OOPS.

OOPS is right. You probably need some sort of rags to wear when you come in to work….

Anura • April 18, 2017 2:15 PM

@My Info

Said dictatorship gains control of society’s resources, exercises a certain measure of greed over the fruits of the labor of the proletariat, and then we’re right back at capitalism where we began.

Sure, that’s why that particular idea is bad for the transition. That concept hasn’t been promoted by socialists in a very long time, and most socialist concepts these days are decentralized to avoid those problems.

Three factors of production: land, labor, and capital, and the bickering over what share of income is rightfully allocated to each factor of production.

“Factors of production” is just taxonomy. I personally think it’s better to talk in terms of resources: we have natural resources (inc. land), synthetic resources (e.g. structures, equipment, ideas) and human resources. It’s not limited to capitalism, either; it applies to economics in general. The fundamental difference between economic systems is primarily the control over natural and synthetic resources. In capitalism these are privately owned by individuals for their own ends, while in socialism these are collectively owned for the common good of those that use the resources.

Marxists see money as unnecessary and harmful. Money is something that can be hoarded by individuals and used to control society, while we are all in control of our own labor. While it’s there as a way to track and allocate scarce resources, with the right organization structure you should be able to create a more fair allocation that keeps everyone equal.

I don’t know how to organize society to deliver decent outcomes without money myself, and I don’t think it’s a good idea to hope it arises naturally. I think most socialists these days see things the same way. Personally, I don’t see it as necessarily desirable to abandon money; I think money allows us to directly account for costs, which can lead to more efficient outcomes while also allowing for greater individual independence. To me, socialism is about decentralizing power as much as possible.

@John Galt

I studied Marx in college — extensively. And, before I got done reading it, I already knew that Marx was selling the old aristocracy under a new mantra.

I’m guessing you went in with the belief “Marx bad, capitalim good” and you looked for a subtext that proved you were right.

Have you ever had an actual argument about anything? All you seem to do is make up strawmen and attack the perceived motives of your opponents, which are based entirely on your preconceived assumptions. You act like you define your entire political beliefs based on who you perceive your enemies to be, but have never put an ounce of thought into the actual merit of the arguments they are making.

John Galt • April 18, 2017 2:25 PM

@ My Info

[[[ That old Spanish Law from the days of feudalism in Europe is taking over the West Coast and Texas. ]]]

I have something else for you: It’s the old peonage system. Latino territory. That’s why “they” are letting them flood into American.

Why? Because “they” intend to use them as part of the electorate to “legitimize” slavery, peonage, and all other forms of involuntary servitude again.

Why? Because… think about it… America is 20 Trillion in debt? Inflows are less than outflows. Bankrupt.

How do they save “themselves” from the coming collapse? Reinstitute slavery.

That’s the plan.

It’s the same reason that MANY (IF NOT ALL) of the Silicon Valley companies have moved offshore where slaves are still free of cost.

Ask any Albanian refugee about the Communists. They’ll tell you the same thing I said. The Communists do not “step aside” after they “teach you to live.”

I once worked with a guy from Laos … a refugee “boat people” after the fall of Vietnam. His sole mission in life was to accumulate enough money to go back to his home country to “kill communists.” He was a former soldier. His name was Xat.

I heard their stories and, even today, I hold them in high esteem. These people were what I called true “heart and sole” good people.

John Galt • April 18, 2017 2:44 PM

@ Anura

[[[ Marxists see money as unnecessary and harmful. Money is something that can be hoarded by individuals and used to control society, while we are all in control of our own labor. While it’s there as a way to track and allocate scarce resources, with the right organization structure you should be able to create a more fair allocation that keeps everyone equal.]]]

Your problem isn’t money. Your problem is “psychopaths.” 2% of the population. Let that sink in. SLAVES HAVE NO MONEY, EITHER.

You want to know how the world really works?

I’m offering you one more olive branch.

Locate a copy of Atlas Shrugged in PDF form. Search for the words, “Watch money.” When you find that phrase, you will be right smack dab in the middle of a “speech” by a character named “Francisco d’Anconia.”

“In the middle” of that speech means you back up and find the beginning of his speech and proceed into the next Part III for a few pages.

This is your wake up call.

Please heed my advice.

Peace.

Anura • April 18, 2017 2:55 PM

@John Galt

Your problem isn’t money. Your problem is “psychopaths.” 2% of the population. Let that sink in. SLAVES HAVE NO MONEY, EITHER.

I didn’t say the problem was money. I have no clue what you mean by “psychopaths” but I’m sure you have a narrative in your head that makes sense to you. The problem is purely with the laws that created capitalism – the entire concept of private property ownership creates an owner class that the working class is dependent on.

I’m not going to read some long speech in the hopes that it will be more relevant than the comment above, given that it’s pretty clear you didn’t even read my short comment.

John Galt • April 18, 2017 3:21 PM

@ Anura

[[[ I’m not going to read some long speech in the hopes that it will be more relevant than the comment above, given that it’s pretty clear you didn’t even read my short comment. ]]]

It is less than 20 pages. It’s the most educational piece of literature in the history of all the world’s literature.

You read 100 pages of Marx’s Manifesto and didn’t learn a thing.

You didn’t even read ObamaCare (thousands of pages) to learn about your burial in the north 40-acres of cotton patch.

Do yourself a favor.

WHen you are finished reading that, you can read “The Slavery of Our Times” written by Leo Tolstoy in 1901 before the Bolsheviks murdered millions of people. ~ 100 pages. (I read it in a little over two hours.)

Another book to read would be “Twelve Years a Slave” available on Google Books.

OR, you can be stubborn and “take the [old covered] bridge at the fork in the road and save yourself a heap of time. “(Funny Farm — Chevy Chase)

Anura • April 18, 2017 3:32 PM

@John Galt

Given your apparent inability to read anything without making up your own narrative, what makes you think I will take away the same thing as you? Unless you can actually address a single point without simply referring to a story or focusing on trying to find the motive of the person making the argument, I’m going to have to assume that you have not actually put any objective thought into any of your views, and that instead you just look for things to justify your existing views and ignore anything that doesn’t fit the narrative.

Please make an effort respond to something that was actually said, with an actual argument that addresses that point in and of itself.

John Galt • April 18, 2017 3:42 PM

@ Anura

[[[ Please make an effort respond to something that was actually said, with an actual argument that addresses that point in and of itself. ]]]

I’ve read everything you wrote.

The answer to EVERYTHING you wrote is contained in that ~20 pages of Atlas Shrugged.

Someone once said something to the effect that if someone else said it first; and, and you can’t say it any better yourself… then borrow from that first person.

I’m not here to argue with anyone. You want to argue. I’ve read Marx. You haven’t read Rand.

So, we are not on equal footing.

Figuring things out for yourself is the only freedom anyone really has. Use that freedom… make up your own mind.

Let me know when you are done. THEN, tell me if it addressed your point(s). You might even thank me.

My Info • April 18, 2017 3:44 PM

@John Galt

I have something else for you: It’s the old peonage system. Latino territory. That’s why “they” are letting them flood into American.

Peonage, bondage, serfdom, villeinage, servitude, thralldom, slavery, etc., etc. Those are all English words.

No. This is not something else. Latino territory? Is that just people who speak Spanish? What about French, Italian, Portuguese, and Romanian, all of which are likewise descended from Latin? I assure you, all these languages also have words for the same thing.

Land, labor, capital.

The land is owned in fiefdom and let out in villeinage, the labor is owned as peons, bondservants, serfs, or slaves, so the three factors of production are reduced to, … guess what!

Capital, capital, capital.

The trouble with this system is that your peons, slaves, and bondservants are too poor to buy what “you” produce in this version of capitalism, and there is no longer a market for what you sell.

Anura • April 18, 2017 3:49 PM

@John Galt

You might have technically read what I have written, but you didn’t actually consider it beyond figuring out what narrative you needed to apply to it. Given your response to what I wrote, it’s quite clear that you completely ignored the actual points being made. Hence, unless you can demonstrate that you have read anything I wrote, and unless you can demonstrate that you have considered the things I actually wrote and not the narrative you’re comfortable with addressing, then I see absolutely no reason to waste my time.

John Galt • April 18, 2017 4:01 PM

@ My Info

[[[ Peonage, bondage, serfdom, villeinage, servitude, thralldom, slavery, etc., etc. Those are all English words. ]]]

There are ~415,000 words in the English language — and an equivalent number in every other language in the history of the world. Each word has a “definition” … and there are nuances between even synonyms that caused two separate words to be uttered given the particular ‘context’.

But, I’m gonna put it to you this way: My grandfather once told me that my signature is the most valuable asset that I will ever have on this planet.

Now… where are you signatures and what did you sign? What were the terms and conditions?

Do you even know?

[[[ Hence, unless you can demonstrate that you have read anything I wrote, and unless you can demonstrate that you have considered the things I actually wrote and not the narrative you’re comfortable with addressing, then I see absolutely no reason to waste my time. ]]]

“Watch Money.”

You could’ve finished reading it already in the amount of time you’ve been jerking me around right here on this forum — and banging your arguments into your keyboard.

So… I guess I’m wasting my time.

Take the bridge in the fork in the road. “That’s not a bridge! It’s termites holding hands!”

Later dudes. I gotta get back to my original focus.

Anura • April 18, 2017 4:16 PM

@John Galt

You could’ve finished reading it already in the amount of time you’ve been jerking me around right here on this forum — and banging your arguments into your keyboard.

And you could have actually responded to a point made. You didn’t. You responded with references to fictional stories. This tells me that you probably are incapable of actually defending your position with your own words. Given that you simply refer to fiction instead of giving straight opinion that responds to the actual points made tells me that you treat politics as purely a matter of values and have absolutely no concern for the practical. I’m guessing you are aware of your ignorance, but see capitalism as the only possible morally correct system and are completely unwilling to consider arguments beyond capitalism = freedom.

John Galt • April 18, 2017 4:31 PM

@ Anura

[[[ Given that you simply refer to fiction instead of giving straight opinion that responds to the actual points ]]]

Actually, they are ALL documentaries.

Francisco “d’Anconia” is an anagram for a real company, too.

Twelve Years…. written by a real slave.

The Slavery of Our Times…. a documentary of Tolstoy’s own observations — a Russian Aristocrat who realized all the BS for what it is.

Anura • April 18, 2017 4:33 PM

@John Galt

There’s your problem: you are unable to distinguish reality from fiction.

Anura • April 18, 2017 4:46 PM

@John Galt

How about this, you tell me how this sentence is in any way whatsoever an argument against a moneyless society being more equal, and then I’ll read what you wrote.

SLAVES HAVE NO MONEY, EITHER.

Either you don’t have any concept of what a moneyless society is, or you making an argument that freedom cannot exist without money, in which I would say you are just arguing with your own narrative so you can feel safe and comfortable inside your confirmation bias security blanket.

Anura • April 18, 2017 4:47 PM

s/wrote/wanted

John Galt • April 18, 2017 4:48 PM

@ Anura

LOL

Take the bridge.

Anura • April 18, 2017 4:58 PM

@John Galt

No, thank you. I have no desire to hear the words “Nobody knew that economics could be so complicated” from a President in my lifetime, so I am not going to ignore it when people mindlessly regurgitate right-wing propaganda.

Clive Robinson • April 18, 2017 5:24 PM

@ My Info,

5 Eyes == U.S., U.K., Canada, Australia, New Zealand

They have a lot more in common India as well than just speaking english. Look at their law systems and education systems, and trading status.

If you put the UK first, then all the others including India were once under British Rule.

People often forget, that due to War with France, English King Henry VIII formed a Navy that became the backbone of England as far as European countries were concerned (ever wonder why people from England are called “limes”?).

With the Navy controlling sea routes and providing transportation England later Britain became one of the most powerful countries in the world if you look at Victorian maps of the world you will see just how big the British Empire grew.

All of the countries you mention were once part of that Empire and with the exception of India are all considered to be White Anglo Saxon Protestant (WASP) nations.

Oh and a salutory lesson America, Canada, India came to be under the British influance mainly due to the actions of what were “Merchant Venturers” who knew how to “forment trouble of the usefull kind” by causing the French to get involved, followed with publicity / propaganda, that caused British Politicians to “Send in the troops”… Something you might find parallels with certain Corporations and then Nationalistic Behaviour of certain countries.

As some say “same 541t diferent day”.

John Galt • April 18, 2017 5:54 PM

@ Clive

[[[ People often forget, that due to War with France, English King Henry VIII formed a Navy that became the backbone of England as far as European countries were concerned (ever wonder why people from England are called “limes”?). ]]]

Yeah. They had scurvy from a lack of Vitamin C — and to cure it, they stocked the ships’ holds with limes for the crew to keep them healthy.

[[[ All of the countries you mention were once part of that Empire and with the exception of India are all considered to be White Anglo Saxon Protestant (WASP) nations. ]]]

In India/Hindi, they still practice both Tantra Ritual Sex Human, Child, and Animal Sacrifice — dating back to the psychopaths that ruled over the Vedics.

Do you know what “nirvana” REALLY is????

http://1.bp.blogspot.com/_RQGylz13etk/SmL7iwxNpuI/AAAAAAAAAh4/YYS3uqqX8jw/s400/goat4.jpg

http://1.bp.blogspot.com/-wIXdbxWRZ1M/VKl0OfuttVI/AAAAAAAAUDM/MBixRS7f48Q/s1600/kali.jpg

https://shaktitrails.wordpress.com/2015/10/08/1001-symbol-three-shades-of-goddesses-kali-durga-gauri/

and my favorite…

What a psychopath Indian Cannibal Child Sacrificer looks like:

https://richardtulloch.files.wordpress.com/2012/01/the-goddess-kali-punishes.jpg

Clive Robinson • April 18, 2017 6:29 PM

@ John Galt,

Do you know what “nirvana” REALLY is????

It means to blow / snuff out a flame of illumination such as a candle or lamp (rather than heating / cooking).

As in many faiths a flame is seen as representation of the human id or spirit.

In some religions the flame is seen to be held captive to the lamp, thus the hunan id/spirit is likewise trapped into the likes of reincarnation, untill such time as it is sufficient by some measure to reach the state of nirvana and thus freedom to nolonger be trapped. Thus existance of the human spirit can be seen as purgatory or hell on earth as a slave in captivity.

In pre-christian Rome the powers that be tried to stop it as a religion. They failed, and the reason why was the aspect of the teachings that taught about “life after death” of the id/spirit as the form of ultimate freedom.

Thus there is a fundenental difference between the religions and their views about life after death.

My view is that there is neither life after death as a spirit nor by reincarnation, as it logically does not make sense for a whole host of reasons. Thus I look into who gains by such view points, and I find the religious half house between Kings and Presidents… Where peoples hopes are twisted for others to gain power by.

My Info • April 18, 2017 6:49 PM

@John Galt

But, I’m gonna put it to you this way: My grandfather once told me that my signature is the most valuable asset that I will ever have on this planet.

Now… where are you signatures and what did you sign? What were the terms and conditions?

Do you even know?

This is getting really, really old. There is no way to know, know way to verify.

You have to sign all kinds of shit these days. Consent for treatment you are receiving against your will. You WILL be tortured if you don’t sign. They have plenty of WAYS to MAKE you sign, or DRUG you and TRICK you into signing. You will not be allowed to live if you don’t sign. Yet your signature is still binding no matter what the conditions of duress under which you made it.

You practically need a notarized signature on a sales draft or an invoice for a cup of coffee. It’s getting really, really, really carried away.

Click-through terms and conditions on websites or internet access portals or shrink-wrap proprietary software?

I can’t carry more than a dollar or two cash, or I’ll be robbed. Most of my possessions are robbed from any anyway on a daily basis.

Signature?

The lawful transmittal of the document to the intended recipient after I have signed it of my own will free of duress?

The means of protecting myself and my home from constant and ongoing burglaries, thefts, robberies, and assaults?

That was the good old days. These days, it’s just out-and-out WAR AND BLOODSHED, no matter where I live. I don’t even want to hear that signature crap until we can get serious support and an actual declaration of war from Congress, and funding for military support to save our own lives within the borders of our own nation.

CarpetCat • April 18, 2017 7:02 PM

It’s funny. I was wondering when the @Moderator was gonna show up. All this talk about which system of control we’re under, whether Communism, Democracy, Pol Pot Animal Farmism, etc.

Then I realized something! We’re actually under Schneierism. What’s Schneierism, you ask? Well, it’s simple. You (the Bruce you, not the real you) just make a juicy blog topic every month, month and a half or so- and bam! The perfect containment thread for the rest of blog.

Brilliant. Bloody brilliant.

John Galt • April 18, 2017 7:05 PM

@ My Info

Glad I got you to thinkin’….

Now, watch this and may the light shine a little more….

https://www.youtube.com/watch?v=eyPZFi2b380

@ Clive

[[[ It means to blow / snuff out a flame of illumination such as a candle or lamp (rather than heating / cooking). ]]]

Nirvana is becoming that “favorite cannibal” I linked.

[[[ My view is that there is neither life after death as a spirit nor by reincarnation, as it logically does not make sense for a whole host of reasons. Thus I look into who gains by such view points, and I find the religious half house between Kings and Presidents… Where peoples hopes are twisted for others to gain power by.]]]

That’s a debate that has caused more anguish over time than any other.

Regardless, you gotta admit that there seems to be something “in the air” that determines our courses.

But, when we come into contact with a psychopath, it’s Hannibal the Cannibal Lecter that makes the hair on your neck stand up.

They are out there. Monsters do exist.

We are currently well on our path to the Colonel Kurtz compound scene in Copola’s Apocalypse Now…

“I don’t care where I die, as long as it’s not here!” (as said by “Chef”)

John Galt • April 18, 2017 7:26 PM

@ CarpetCat

[[[ It’s funny. I was wondering when the @Moderator was gonna show up. All this talk about which system of control we’re under, whether Communism, Democracy, Pol Pot Animal Farmism, etc. ]]]

Actually, it IS related. The subject matter of this thread suggests a METHOD of that “control” you mentioned. Now, figure out which one(s).

AS BRUCE SAID IN HIS OP/ED, “There’s a lot more the global Internet community could do to limit the availability of sophisticated Internet and telephony surveillance equipment to TOTALITARIAN governments.”

65535 • April 19, 2017 4:45 AM

@ Bruce, Z.Lozinski, Sheepdog, and others who want to protect privacy and security:

I agree.

What are today’s NSA/CIA/DEA/FBI “NIT” tools will soon trickle down to Local Police, Private Investigators, Criminals, and Repressive Dictators or Repressive Countries, tomorrow!

It is the nature of technology and major “Democratic” countries who serve as an example or “precedent” so to speak.

There is little true “National Security” need for these tools to be encourage and manufactured. To be blunt, the USA FBI, and local police don’t need IMSI catchers or like tools to handle “Protest suppression,” “News Reporters” or “low level vice crime and victim-less crime” control [Pot laws, prostitution and the like].

These dangerous tools are use for a huge mass-surveillance and low level criminal acts… and watching dissidents. This is a fishing expedition on the part of law enforcement and others. These tools in the wrong hands don’t have true National Security status!

Worse, due to the Five-eye country asking for and encouraging highly invasive spy tools there is now a large cottage industry making said tools – and being richly paid to do so. This is a death spiral for democracy.

Next, is the flimsily Certificate Authority system and the poor Domain Name registers [DNS] and IP allocation system [which destroys the “SSH, SSL/TLS security system” as shown]. The whole system is scammed by dubious CAs’s, poor DNS security and poor IP allocation entities – to bad actors.

Lastly, and most importantly, the USA and the Five-eye countries” essentially promoting “Secret Search Warrants” and “secret court” systems.

If some small corrupt country sees the USA as using and paying large amounts for these dangerous and invasive cyber spying tools corrupt countries will surely buy them – “because the shining USA does the same.”

This is a travesty. It must stop now!

Z.Lozinski • April 19, 2017 7:18 AM

@Michele,

This doesn’t quite seem to mesh with traditional views of jurisdiction. Companies can basically choose which set of laws apply to them and their clients, even if those clients are all over the world and neither they nor the company have any strong connection to the country. Kind of reminds me of Snow Crash and other anarchocapitalistic novels.

In the technology industry, this is common. The companies I have worked for and with define the jurisdiction in which contracts will be enforced as part of the contract. I don’t think this is sinister, it is about the certainty of knowing where litigation will be pursued, and that it is a fair jurisdiction, and businesses love certainty. My employer uses the state of New York, because that is where they are incorporated. Other companies specify California, Delaware, or Germany. I understand there is a trend in the Middle East to specify contracts are judged in England & Wales (which imply using the courts in London).

I think that what we are seeing with Facebook and Microsoft is selection of an jurisdiction in which they have significant operations.

Z.Lozinski • April 19, 2017 7:25 AM

@Michele

I don’t understand the rest of your comment fully. Are you saying that populated areas will be overcovered and rural areas undercovered, because people will build near the users?

Yes, that is what I was saying. Rural cellular coverage is an issue in most countries. Rural cell sites are more expensive to deploy than cell sites in a city where the nearest fibre is only 100m away. There are also fewer subscribers in rural areas, so the costs are higher per subscriber. Finally the operators don’t like subsidising the competition

Clive Robinson • April 19, 2017 7:43 AM

@ 65535,

This is a travesty. It must stop now!

Whilst I agree with your sentiment, you and I know what will happen.

Evidence of further misbehaviour will be discovered, there will be crys for action. Legislation will be proposed, drawn up and discussed. It will be put forward as a bill with a fancy name that appears to be what “The People” would want. Then a certain well known senator will put their weight behind it (Fine-Stein 😉 all seams good voices come out in favour of the bill. Then at the last moment ammendments will be brought forward that not just emasculate the apparent intent, but in effect legalise what the IC/LEO community were doing and add more besides. Then the well known senator will prevaricate other stoges will make long winded speaches about patriotism and at the last minute the well known senator will argue that for the sake of the good of the bill the amedments should go through rather than have the bill voted out.

Thus the IC/LEOs get not just a “hall pass” but one that is platinum plated and hand engraved…

We’ve seen it befor and we will see it again over and over. If people protest then they must be supporting terrorism and defiling the memory of the 9/11 victims etc etc… Thus they must be watched put on no fly lists, watch lists and subjected to villification that they can not defend themselves against.

Job done move on to the next “rights stripping” legislation, such as LEO’s capable of taking not just money in your pocket but anything else they like with no limitation. Thus you will have no assets to secure a member of the legal fraternity to get your property back or defend you against further persecution…

The Phisher King • April 19, 2017 10:11 AM

IMSI catchers? Pfft!
Waste of time – why bother with that when you can release a cool-looking app that spies on the users of that app and all you need to do to make it legal is describe what you are going to do in the terms and conditions, because as we know almost no-one reads those.
To show how simple and effective it is a Canadian TV channel did just that – http://www.cbc.ca/marketplace/episodes/2015-2016/apps

vas pup • April 19, 2017 11:48 AM

@Winter • April 18, 2017 6:44 AM, @Anura, @John Galt and other respected bloggers:
Please distinguish republican form of government (I mean not GOP) where people vote/elect and democracy where people enjoy freedom (political regime). Yes, Winter, I agree people could vote for dictator/authoritarian leader, but it is still republican form of government, but not democracy. Election (even free with honest count of votes) does not guarantee democracy – you know many examples in the history (e.g.Germany – 1933). Democracy is spectrum thing meaning you should have base line to compare: either state of human rights in your own country in the past and current state to see direction, or compare to the best examples in the world. Let say, if you compare with North Korea – US, Russia and China are democracies, but you may get other picture if your base line is Iceland, Denmark, Finland, even UK(they enjoy binding referendum on very important matters). See, some of them have King/Queen, but have more freedom than some Presidential republics do.
There is no absolute democracy.
I guess base line should be taking from International Human Rights Act – how it is implemented in particular country by ALL branches of government: legislature – provide clear and fair/balanced laws related to human rights; executive and judicial provide non-biased uniform application of fair laws. But, I know you may say – that could be in a pipe dream.

John Galt • April 19, 2017 3:35 PM

@ Clive (Mr. “Erudite”)

[[[ @ 65535,

This is a travesty. It must stop now!

Whilst I agree with your sentiment, you and I know what will happen.

… blah blah blah…

Job done move on to the next “rights stripping” legislation, such as LEO’s capable of taking not just money in your pocket but anything else they like with no limitation. Thus you will have no assets to secure a member of the legal fraternity to get your property back or defend you against further persecution…

]]]

This is my last post at this website. I wouldn’t have said anything else and disappeared into the sunset; but, you set yourself up for this. So here goes:

Your last paragraph describes the legal status of slaves in Louisiana circa 1685 and codified in 1725. It was called the “Code Noir” (aka “Black Codes”). It was part of the Code Napoleon. (See SCOTUS The Amistad (1837); Dred Scott (1857))

Obviously, you consent.

So, your first statement is a lie (“whilst I agree”) like The Grinch patting little Cindy-Lou-Who on the head and sending her back to bed while The Grinch robbed all of Who’s houses in Whoville (Dr Seuss and the Grinch Who Stole Christmas.)

Erudite? Or an example of John Galt’s illustration of fabulous Napa Valley Cabernet made out of sour grapes, athletes foot fungus, oil scum, charcoal from the campfire, and fermented cigarette butts?

Bruce’s question: How do you keep the spytech out of the hands of totalitarians? Or, as
Noam Chomsky said in “Manufacturing Consent” — — Who Protects Us from the Protectors?

ANSWER: Look in the mirror — the Erudite in Chief at Schneier On [IT] Security. Birds of a feather flock together. Or, maybe Schneier hasn’t realized that he’s been coopted by totalitarians guarding his flock?) That’s my immediate impression. I could be wrong. But I don’t think so.

Maybe Horton will hear the Who’s in Whoville?

Trust no one, Agent Mulder.

Toodle-ooo Ya’ll

Clive Robinson • April 19, 2017 5:02 PM

@ John Galt,

Obviously, you consent.

What are you on???

There is nothing in my statments to say I consent to anything.

Which makes the rest of your comment something that only a bad firing of the neurons in your brain could account for…

Wesley Parish • April 20, 2017 3:18 AM

Less discussed is how many of these same surveillance techniques are used by other — smaller and poorer — more totalitarian countries to spy on political opponents, dissidents, human rights defenders; the press in Toronto has documented some of the many abuses, by countries like Ethiopia , the UAE, Iran, Syria, Kazakhstan , Sudan, Ecuador, Malaysia, and China.

But it’s obvious that the definition of human approximates to that of the Ifdawn Marest‘s in David Lindsay’s Voyage to Arcturus

“This is a fearful business!” he exclaimed, regarding her gloomily. “One would think Ifdawn a land of devils.”

Oceaxe gave a beautiful sneer as she took a step toward the river. “Better men than you—better in every sense of the word—are walking about with foreign wills inside them. You may be as moral as you like, Maskull, but the fact remains, animals were made to be eaten, and simple natures were made to be absorbed.”

“And human rights count for nothing!”

She had bent over the river’s edge, to wash her arms and hands, but glanced up over her shoulder to answer his remark. “They do count. But we only regard a man as human for just as long as he’s able to hold his own with others.”

https://www.gutenberg.org/files/1329/1329-h/1329-h.htm

Patriot COMSEC • April 20, 2017 5:38 AM

As a combat veteran, a technologist, and someone who retired from the US Intell Community, I am struck by what gets people riled up, and what they ignore.

Most of us are absorbed by some kind of technology–we like it, we don’t want it to make the world worse. But it does a lot of harm in some cases. Different countries organize their intell agencies in different ways, and some turn inward. For example, Poland was famous for this until relatively recently.

If the news is to be believed, the US has helped out a lot of bad guys to spy on their neighbors and their own citizens. Some are more brutal than others. Some were good for a while, but then they turned bad.

Yes, it is sad to see weak networking mechanisms being turned against decent people in Eritrea. Corrupt officials in nasty countries go to companies in places like Switzerland and pay top dollar for technologies that can spy on folks.

All of that fits our definition of bad. And… 160,000 violent deaths in Iraq? ISIS armed, de facto, by the US, etc. A prison in Cuba with some people who did nothing wrong, rotting in a room, day after day. CIA and NSA cannot control their information, not effective.

Well, at least the stock market is going up.

The problem is a failure to imagine other people as being human beings like us, and the fact that hatred is increasing in the world. Violence is increasing, surveillance is increasing, and my take on it is this: the US would be better to focus on collecting hard against specific targets and move heavily towards HUMINT. And we need to lessen the amount of hate and war in the world, which is not a technical problem, but one of imagination.

Those angelic expressions of technical prowess are sleeping in their silos and canisters, and we want them to stay there. Unfortunately, the honorable functions of folks at NSA and CIA seem weakened, even disabled. It is a bad time for that. It would be better to allow the mass of people real privacy, and only go after specific targets with vigor. The electronic element against the entire planet has already failed because any determined enemy knows what to do to avoid detection. And detection may be a canard anyway.

The Tsarnaev brothers went to bad websites, got Jihadist training, got reported on by Russian Intell to US Intell, and what happened? Nothing. The system is broken.

TM • April 20, 2017 7:45 AM

What has Bruce Schneier done to deserve these knucklehead commenters? Depressing.

Tony Pelliccio • April 20, 2017 8:01 AM

Interesting on the IMSI catchers. I was explaining to a colleague the other day that first the Federal government had them, then the local PD’s got them. Now I can get one for short money online whereas the first two adopters paid handsomely.

But yes, trust has long been built into telephone systems. Before OOB phone companies used to actually send call setup data in band. They didn’t think anyone would figure it out until one fateful day the Bell System Technical Journal published an article on MF tones. Then the game was up.

And the first jump into securing the PSTN was to do call setup OOB via modems, really SLOW modems. And it worked until better alternatives presented themselves.

Clive Robinson • April 20, 2017 8:52 AM

@ TM,

What has Bruce Schneier done to deserve these knucklehead commenters?

Been moderately successful in life, is in some peoples eyes a reason to try to take you down a peg or two.

It’s the cognitive/priapic “Napoleon Complex” the knuckleheads suffer from, though $DEITY alone knows why they wish to exhibit in public…

vas pup • April 20, 2017 10:07 AM

@Patriot COMSEC • April 20, 2017 5:38 AM.
I absolutely agree on most in your post. My guess is that our LEAs/IC start finally utilized the idea that dissent NOT = to disloyalty. Constructive (we suggested reasonable solution) critics of your own government policy (internal or foreign) should be appreciated, not silenced. Nobody has monopoly on truth. Evidence based foreign policy utilizing at least own negative past experience should be more fruitful. Any other opinion should be considered on merits, not ideology or political affiliation. When 999 out of 1000 have same opinion, the most important is opinion of that one because all other 998 out of 999 is not important. Truth is not based on count of supporters, does not have nationality, race, gender you name it. At the end of the day, even N. Korea have to accept science when they developed their nuke arsenal – 2+2=4 even there.
That is why I’ll consider any post of dissent – like @Skeptical or @ John Galt, BUT: dissent opinion should be rational, and respectful to opinion of other respected bloggers and Bruce – no personal attacks, please.

Patriot COMSEC • April 20, 2017 7:43 PM

We want technology to be beneficial, just as we want other people to be decent. But it is clear that information security has become a battleground, and the fight is going back and forth between large states and, surprisingly, newly empowered individuals. The large states and companies have the advantage, especially in the attack (collection). The complexity of networks benefits the attacker with deep enough pockets to hire a lot of clever folks.

We are going to have to live with this. Just as we have to live with guns, which are fundamentally cruel, and nuclear weapons, which are fundamentally sick. We are going to have to live with fundamentally unsecure networks and weakened infrastructure until the fight ends, which is never. But I hope we do not have to live with private companies selling our personal information.

Information is the currency of the Age of Surveillance. Bad technologists push out the good. We are already on the slippery slope because we are talking about trust. We are talking about trust because it is not here anymore. Talking about the main ingredient of the soup once it is missing is like going on a date and wanting to spark romance, “Ok, let’s have a Platonic dialogue: what is romance?” Are you excited yet?

But discussion is important to learning. Mr. Schneier is in the forefront of the most salient issue of our time. I am grateful to be able to put in my two bits on his interesting and informative blog.

Jennifive • April 20, 2017 11:20 PM

people are commenting to not use 2G on the phone? Genuine question – how do you propose to implement this? Is there an app? I can’t imagine how you could force your phone to authenticate over 3G or higher, exclusively.
The good news in this regard is that some countries are phasing out 2G entirely, it is imminent in Australia for example. So, if you have some way of telling a 2G connection is occurring its a warning bell.

for those that don’t know there are some kind generous folks maintaining a geo map of all known stingrays/IMEI catchers, and providing an app that prevents your phone from connecting. They do require root access to the phone to install however as it accessing baseband services.

this may seem US-centric at present but in a few years we may have trouble telling the genuine cell towers from the psuedo ones

Nick P has had some very useful comments on this topic over the years

Patriot COMSEC • April 21, 2017 2:13 AM

@Jennifive

“…people are commenting to not use 2G on the phone?”

 There are some isolated places in the world that still use 1G analog, and it works like a charm.

“…or those that don’t know there are some kind generous folks maintaining a geo map of all known stingrays/IMEI catchers, and providing an app that prevents your phone from connecting. They do require root access to the phone to install however as it accessing baseband services.

this may seem US-centric at present but in a few years we may have trouble telling the genuine cell towers from the psuedo ones…”

 You cannot make a map of IMSI/IMEI catchers because they are often mobile.

 Do you think a piece of equipment from somebody's national-level agency is going to be defeated by an app?

 If you are interested in GSM technology, then buy an engineering phone and start mapping networks. They often come with software, and in many countries it is perfectly legal to do.  In fact, many older phones can be turned into engineering phones.  If you are looking at towers and one pops up with some funny stats, but then disappears, you can guess what happened.  

 IMSI/IMEI catchers used to be hot stuff, but now the thrill is gone.  By the way, if you want to have a safe phone, that is easy:  lose it.

http://www.patriotcomsec.wordpress.com

Schneier on Security

Surveillance and Our Insecure Infrastructure

Comments

Leave a comment Cancel reply