Friday Squid Blogging: International Squid Awareness Day

It's International Cephalopod Awareness Days this week, and Tuesday was Squid Day.

I can't believe I missed it.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on October 13, 2017 at 4:26 PM • 107 Comments

Comments

JacobOctober 13, 2017 4:34 PM

Infineon's TPM (v.1.2, V.2) has been producing weak RSA keys, regardless of OS, for many years.

Requires fairly complex and lengthy fix, consisting of firmware/software updates (FW update at the mercy of machine OEM), possibly with zeroing out TPM's registers thus requiring extensive backups/boot recovery options before fix implementation.
Get ready to lose PK certificates and encryprion keys. Also, you must review of all past-generated keys if still in use.

This bodes ill on assurance procedures for a critical trust anchor. The TPM chip, implementing various anti-hacking methods, protected against EM and PWR side-channel attacks, undergone extensive code reviews and received EAL 4 assurance certificate, shows that one can still not trust the custodians.

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV170012
https://sites.google.com/a/chromium.org/dev/chromium-os/tpm_firmware_update

ScottOctober 13, 2017 4:51 PM

@Bruce, on the Adam Ruinsd Everything podcast you recommended activists in oppressive regimes to simply use Chromebooks [0]; "of course, Google will spy on you, but at least, it's not your government." Which is fine, unless you are an activist operating in China. I assume getting the laptop into the country is the easier part, but good luck updating it! Google services are blocked in the country. So, what would be a more universal approach? Thanks!

[0] http://www.maximumfun.org/adam-ruins-everything/adam-ruins-everything-episode-4-security-and-big-data-bruce-schneier

AlanSOctober 13, 2017 4:55 PM

From Lawfare: Deputy Attorney General Rod Rosenstein's Remarks on Encryption.
Riana Pfefferkorn at Standford Center for Internet and Society: A Response to "Responsible Encryption".

Much of Rosenstein’s speech recycled the same old chestnuts that law enforcement’s been repeating about crypto for years. I’m happy to roast those chestnuts. But his remarks went beyond the usual well-worn lines to a new level of inflammatory rhetoric that signals a change in American law enforcement’s approach to the crypto wars.

RatioOctober 13, 2017 10:41 PM

Tougher penalties proposed for unsophisticated plots:

New, tougher penalties are being proposed [in the UK] to deal with the "less sophisticated" but "equally as deadly" terror plots seen in recent years.

Existing legislation imposes lesser sentences on those who plan rudimentary plots with cars or knives, not bombs.

Minimum terror sentences would rise to three to six years, compared to 21 months to five years under current law.

The new legislation would also allow people who helped the plotters, even slightly, to be charged.

The encryption of data would also classify as an "aggravating factor", allowing the imposition of longer sentences.

[…]

As well as the use of encryption, other "aggravating factors" will now include all use of electronics to avoid detection.

Other offences covered by the new guidelines include collecting or sharing extremist material, raising funds for terrorism, glorifying terrorist acts and joining or supporting a banned organisation.

(Emphasis mine.)

AnonOctober 13, 2017 11:15 PM

@Jacob

I'd be tempted to ask if such an "oversight" is deliberate.

Another example of subversion/infiltration in standards and certification?

JacobOctober 14, 2017 4:13 AM

@ anon,

Re possibility of subverting a standard - certainly the following line from the MS advisory makes one wonder:

"This vulnerability is present in a specific vendor’s TPM firmware that is based on Trusted Computing Guidelines (TCG) specification family 1.2 and 2.0, not in the TPM standard or in Microsoft Windows"

So it appears that following the guidelines provided by industry-standard TCG was the culprit.

P.S. to read the MS advisory given in my OP, click once on the link, acknowledge the MS terms of service, and then click again on the given link.

Wesley ParishOctober 14, 2017 4:35 AM

@Nick P

Not sure if I've mentioned this before:

Redox is a Unix-like Operating System written in Rust, aiming to bring the innovations of Rust to a modern microkernel and full set of applications.
ht tps://www.redox-os.org/

Sounds interesting.

Mike BarnoOctober 14, 2017 9:20 AM

@ Jacob,

to read the MS advisory given in my OP, click once on the link, acknowledge the MS terms of service, and then click again on the given link.

That process alone sounds likely to be a security risk that this forum's readers should avoid.

JacobOctober 14, 2017 10:08 AM

@ Mike Barno

Are you concerned about the link, about the click or about the click-twice?

1. This is the official MS site for patch download and related advisories.
2. MS asks you to acknowledge their terms of service before showing you the material, but after you agree they give you their default listing where you need to search for what you want to see. The 1st click lets you register your agreement, and the 2nd click sends you to the right page.
3. If you don't feel comfortable with the link I provided, you can always search the web for MS advisory ADV170012 and get to the same MS site from the resulting link.

Bill PughOctober 14, 2017 11:10 AM

Sometimes I don't know the right question to ask. I visited a credit bureau's website to pull a credit report on myself. I entered all my (sensitive) information on the form to request a credit report and hit the submit button.

A screen appeared saying they were unable to process my information.

I have read on this blog about sites that record all keystrokes as you type even if you never submit.

I feel the website should not be throwing up forms that it can not process. It should inform you, so you can come back later. I made sure this was all done in HTTPS.

Does this behavior by the recently hacked credit bureau somehow put my data at risk? More data in transit = more vulnerability?

Thanks, Bill

Nick POctober 14, 2017 12:40 PM

@ Wesley Parish

It was a very interesting project. I read all the updates. They did a ton of pragmatic work in a short time with a new language that was memory and concurrency safe. Excellent project. Two others good for our purposes are Robigalia and Tock OS. The first is building a Rust runtime on top of seL4. He's paused a bit to do work on code-level verification for Rust. The second is an embedded OS that's been the driver of neat papers on handling low-level stuff like hardware interactions with minimal impact on language-level safety. Here's an progress report about that.

Design-by-Contract support with tooling for spec-driven testing (a la Eiffel and Ada) would be nice. These collectively would bring it competitive with safety-critical C and Ada tooling but with better memory safety and more flexible concurrency than Ada's Ravenscar. A lot of potential here. In parallel, hobbyists or startups can be developing an alternative to Genode, MINIX 3, or QNX with a server-focused design plus some ports of popular apps. Maybe even a port of one those OS's. Start dropping secure, highly-available appliances in datacenters. Rust also needs the ability SPARK Ada has to do nearly-automated proofs on the code.

Clive RobinsonOctober 14, 2017 1:03 PM

@ AlanS, ALL

Another link on the Numbskull appointy at the DOJ and his not even magic thinking,

https://arstechnica.co.uk/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

These DOJ "think of the children" FUD propaganda psychos are determined to turn the US into a police state...

No doubt they would be in favour of using FMRI as an improved "lie detector".

They obviously can not think rationaly about the effect they will have on society. Perhaps they should go and talk to a few East Germans or similar before they spout their stupid nonsense any more.

The upshot is these psycho nut jobs are not going to stop, thus "off device" encryption is the way to go not just in the future but right now, as they will "reach back" any which way they can and spend millions if not billions of US tax payer dollars just to prove they can wave their's around more than others...

It would be pitifully sad if it were not for the fact these unacountable idiots have been given power they neither deserve or can sensibly handle...

Not that it's any better this side of the puddle, or for that matter in Australia or other "Five-Eyes" WASP nations.

People should be seriously ask at which end of the nation state dog the IC is and likewise the elected polititions, and which wags the other. Because it's becoming clear that it's not the way most people think it should be.

keinerOctober 14, 2017 1:05 PM

RE: CCleaner compromised

I know, I'm late, but it's on a machine not frequently used, however, I donwloaded the compromised CCleaner at the time it was delivered and shut down the machine. On the next boot, I had a block on the respective LAN interface for the respective machine:

09/06/17-09:51:25.051715 ,1,2018959,3,"ET POLICY PE EXE or DLL Windows file download HTTP",TCP,205.185.208.139,80,192.168.1.24,57558,16224,Potential Corporate Privacy Violation,1

...so the compromised machine tried to contact the IP 205.185.208.139 for downloading an .exe file

Unfortunately the pcap file for the event is gone with the wind.

Maybe somebody can make somefink out of that...

RachelOctober 14, 2017 1:28 PM

Mr Schneier
No one acknowledged your comment the other week about your refusal to promote any security product or personnel on your site. This infers you also decline those you might personally vouch for. I really applaud your integrity, and thank you, for assisting us to feel we can rely on you. Congratulations on the progress with your book.Lots love xx

65535October 14, 2017 6:42 PM

@ Clive Robinson

I agree with you and disagree with Deputy Attorney General Rod Rosenstein.

‘"Warrant-proof encryption defeats the constitutional balance by elevating privacy above public safety," Deputy Attorney General Rod Rosenstein said in a speech at the US Naval Academy’ -Arstechnica

https://arstechnica.co.uk/tech-policy/2017/10/trumps-doj-tries-to-rebrand-weakened-encryption-as-responsible-encryption/

Yes. Oh sure. The NSA/CIA/FBI has not solved a large scale attach in the USA that depended upon encryption. The little problem we had in Los Vegas is an example. The perp was an ex-mil contractor with seemly no phone records or Facebook posts yet probably had a security clearance at one point. The FBI missed him completely.

Attorney General Rosenstein, you want secret warrantless searches to be above the Fourth Amendment. You are wrong and not obeying the US Constitution or your general police work duties. You are lazy and want a all personal records of all US citizen at the press of a button. You are too lazy to fill out the proper warrants and you probably don't want to leave your lavish office and over stuffed chair. Your balance of privacy and public safety is grossly and dangerously out of calibration.

65535October 14, 2017 7:20 PM

Correction to my comment and it should read:

The NSA/CIA/FBI has not solved a large scale attack in the USA

handle_xOctober 14, 2017 7:45 PM

"The NSA/CIA/FBI has not solved a large scale attack in the USA"

I think that's kind of a strange assertion. They have prevented some things.
"per xyz criteria, that we know of" would be a proper appendage on that.
We don't really have access to the entire list of attempts on this subject.

Needless to say you don't need to be a fan of something like bulk data collection,
but it will be there whether you like it or not until you can prove exactly how you were already provably damaged by it, and make that argument last until a SCOTUS hearing.

Which is ~optional, completely up to them to hear you or not. (Guess what they'll pick.)

tyrOctober 15, 2017 12:39 AM

@Clive, 65535

To my knowledge none of the cited TLAs existed
when the constitution was written. They have
all come into existence to enable the USA
government to bypass the restrictions of the
constitution. If this smacks of Orwells 1984
there's a damn good reason. Once you create
a special class no longer limited by the law
that effects the rest of society then it is
inevitable that the special classes will hide
what they are doing for 'constitutional'
balance.

DOD used to be the War Department so that it
presented itself openly as to function.
The FBI started as clerks armed with a pen
and a notebook because we have no need for
a Federal Police. NSA was created out of
the paranoid delusions sold by Tsarist nuts
working for the Gehlen Apparat and the
wonderful idea of Operation Paperclip.
Each time something is exposed it is blamed
on a few bad apples. Between mission creep
and internal squabblings the plight of
the ordinary citizen gets worse every day.

They have the Doomsday clock right back
where it was during the cold war without
any rationale or logic in sight.

Apparently some idiots have interpreted
the treaty on space weapons as excluding
KEW. You can read Heinleins 'Moon is a
Harsh Mistress' for details on how a
gravity well works as a force multiplier.

You might want to ask the dinosaurs why
using them on your planet is a bad idea.

Ernest Wilhelm Saxe-Coburg-GothaOctober 15, 2017 1:21 AM

FWVLIW and conceivably OT, I keep finding in my ISP's Spam folder emails with the title "What would you want to do with me" and suddenly I know exactly what I would use the Guantanamo Bay Detention Facilities for. Lord Blackadder's troubles with the thought of certain things a certain money-lending religious order was reported to do with glee to loan defaulters, provides ample inspiration. I know exactly how those facilities could be of public benefit.

I am sure everybody who has ever had to suffer the existence of the moron class known as spammer, also knows how to use the Guantanamo Bay Detention Facilities.

mostly harmfulOctober 15, 2017 2:40 AM

"The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia." &emdash;Malcolm Turnbull

@AlanS

Thanks for posting the links to Rod Rosenstein's longwinded American adaptation of Turnbull's Razor (see epigraph), and to Riana Pfefferkorn's response.

I am puzzled why Mr Rosenstein chose to deliver his address at the US Naval Academy, since it was obviously written to frighten cowards, but only the stupid ones. Had I been present in the audience, I might have taken offence at the implications.

Since Rosenstein is Deputy Attorney General of a police state, where 19 out of 20 defendants in federal criminal court plead guilty instead of going to trial, he has occasion to devise new duties commensurate with his embarrassment of free time. What to do with it all?

Naturally, he tries his hand at writing speeches in support of the insupportable. Mr Turnbull's adage certainly qualifies.

Looking forward to his next piece. I hear it will be about Responsible™ Kitchen Knives made out of balloons.

Anyways, here is Robert Graham's response: http://blog.erratasec.com/2017/10/responsible-encryption-fallacies.html

Clive RobinsonOctober 15, 2017 8:06 AM

@ mostly harmful,

Anyways, here is Robert Graham's response:

Robert obviously wrote it in an emotional state, as he has some typos etc in there that reverse his intended meaning.

Alowing for those mistakes it's actually a factual and rational response to the FUD from a power crazed idiot, who things he can pervert meaning to obtain yet more power that is most certainly not needed by law enforcment and will have a very definate detrimental effect on society.

What Rosenstein wants, is actually self defeating in any way regarding unlawful activities. Whilst what he is demanding will initially get increased numbers, just like CCTV did, all it will do is "cull the slow and the stupid criminals". It will thus act in an evolutionary way with the smart and cautious criminals easily avoiding the Rosenstein measures. Even in the unlikely event Rosenstein gets "100% of products backdoored" as anyone with even minimal knowledge of the subject knows effective "Pencile-n-Paper" crypto exists, and as such can not be backdoored and can be made by anyone...

Thus logically Rosenstein is aming his ideas at creating a police state, no iffs buts or maybes. He will of course vehemently denie it if chsllenged publicly, but strip of the FUD and Self Serving calumny and rhetoric.

To say Rosenstein is a psychopath is perhaps dubious without appropriate qualification. But if it looks like a duck, waddles like a duck, quacks like a duck and behaves in many other ways like a duck do you realy need to think it's a bird of another feather before you throw bread at it?

RachelOctober 15, 2017 8:54 AM

Wael
An Ode to Dirk Praet is required. We understand you have qualifications in these areas

Tuco RamirezOctober 15, 2017 9:34 AM

I agree with AlanS on the DoJ speech; same chestnuts but with more defined direction. Again we are reminded that the state is a poor architect of commercial or private structure. Ultimately, the driving force behind private communications is business and business requires trust.

We've been through this since the Clipper chip, which resulted in chasing our commercial crypto industry offshore, while stunting trust in commercial and personal communications with a lingering public policy threat.

Industry has not helped itself, either. Post Clipper, our own Benedict Arnold, Art Coviello, in a position at the center of the commercial trust industry, literally sold the keys of commerce to the government. Once the rally point and stage for personal privacy, RSA sold their customer's privacy to the government.

Today, Google's $300B core business, based on "ad monetization" does not garner the confidence of banks to trade $billions a day on mobile (Android) trading platforms, for example, even if transactions over the covert channel are protected by the slogan, "Do no evil."

Industry needs to focus on the message that large productivity gains will result from private communication and that need far outstrips the convenience of law enforcement.

-Tuco

PS: Personal privacy, while a righteous and correct public policy issue does not have the strongest, clearest advocacy. Hopefully, it will simply ride the coat tails of commerce.

PPS: A concerning aspect of Rosenstein's speech to the midshipmen is the long preface reminding them of their oath to obey their leaders. It's odd in this context and suggests that he is warning them that they may experience personal conflict with what they may be ordered to do(!).

Sancho_POctober 15, 2017 10:22 AM

”My teenage daughter could not believe that such an evil place [NK] exists in the 21st century.
Sometimes people ... fail to appreciate how fortunate we are to live in a country blessed with officials who obey the rules and protect the innocent.…
Protecting people from abuse by the government is an important aspect of the rule of law.”
(DAG Rod Rosenstein)

What a hypocrite! What would his teenage daughter believe,
how would she see her daddy and her nazzion after reading:
https://www.theguardian.com/us-news/ng-interactive/2017/oct/09/cia-torture-black-site-enhanced-interrogation

Sancho_POctober 15, 2017 10:28 AM

Rod Rosenstein is a blatant lier, too:
In context of 'lawful access to encrypted data' he said:

”We are in the business of preventing crime and saving lives.”

When they talk about weak encryption to prevent crime our answer must be:
No discussion under a false pretense.

Access to encrypted data / content may be helpful after a crime, but not before:
- Cyber Information (TM) can be faked, therefore it may be used as a hint, but must not serve as evidence.
- To increase the haystack by broad surveillance is the wrong way to prevent crime.

TatütataOctober 15, 2017 1:00 PM

Politico, US edition: A picture of you, in federal data

For decades the government has been accumulating data about individual Americans. Now it’s even collecting faces. So what’s to stop a snoopy bureaucrat?
By NANCY SCOLA 10/11/2017 05:00 AM EDT

handle_xOctober 15, 2017 1:17 PM

"Access to encrypted data / content may be helpful after a crime, but not before"

I think that's overstating it. They could prevent 'some' crimes with "all" data.
"Cyber information" can be used as evidence given the proper legal hurdles cleared.
They can also do what is called "parallel construction" to find mundane evidence
supporting a prosecution outside of the forbidden fruit that can't get into court.

Yes they are trying to defeat strong encryption standards from becoming widely used
but they are also defeating encryption in use today by partnering with industry to
get the data on either side of the 'end-to-end' - or just reroute it surreptitiously
out of the local national legal protections to a foreign partner and back again.

"We are in the business of preventing crime and saving lives.” -isn't a blatant lie.
It's a lie of omission. There is a cost to trimming actual private communications away.
A real monetary cost, also a tax on civil rights, a lien on the very Constitution.
It's ye old slippery slope.

But he's right that presumably some lives could be saved and crimes solved by having an all-seeing eye, that's not a lie. It's just an intentionally one-sided non analysis.
From their perspective it is true, it's plausible enough to state out loud.

If it had a PR team behind it, they'd put a little focus-group'ed jingle music to it.
Just like the BAE / Lockheed / Honeywell / Boeing / Level3 ads do.

handle_xOctober 15, 2017 1:26 PM

George W. Bush had over 10 in-person warnings from NSA before 9/11.
"Go home, you covered your butt." -goes back to clearing brush. *(actually did)

As we've seen even when they do have enough information to prevent major crimes, often times they don't act on it for various reasons including blatant political servitude.
When it touches other countries there's a 'national security' issue thrown in too.

Yet they're dedicated to throwing the book at the Aaron Swartz'es without hesitation.
Not the Exxons, not the Comcasts, not the Monsantos or the Halliburtons.

Clive RobinsonOctober 15, 2017 1:48 PM

@ Rachel, Wael,

An Ode to Dirk Praet is required.

It's sad he decided that things had become intolerable, this site is most definitely the poorer for his loss.

Sadly try as our host has to keep party politics out of what are often technical not political discussions, the number of European posters has dropped in recent times because of US politics and similar.

Hopefully the technical side of things will pick up and old and new voices will appear, with differing world views.

handle_xOctober 15, 2017 2:33 PM

Politics = the legal framework for people to get what they want.
Libertarianism vs. Authoritarianism isn't apolitical.

Trying to keep any perception of the mention of politics out of a discussion about security policies and law though... referencing the actions of various political actors?
Is it even really possible? I'll grant it's a noble aim.

What Bruce decried and wanted less of was the 2-party "I'm right you're wrong" politik.
I don't think there's any way of avoiding (nor benefit in doing so) political discourse.
How exactly you go about it is key to it being productive, and in fact about security,
or not.

For example I mentioned George W. Bush and 9/11 and NSA just now to illustrate how forewarning secret knowledge of a crime may or may not lead to it being thwarted.
Would you say that's a "political" bent?

Clive RobinsonOctober 15, 2017 2:49 PM

@ Handle_x,

Is it even really possible? I'll grant it's a noble aim.

I think you misread what I wrote,

    Sadly try as our host has to keep party politics out of what are often technical not political discussions,

All human endever where more than one person involved entails politics / egos that is a given, "party" politics however rarely enters human endevor unless a politician choses to stick their nose in...

handle_xOctober 15, 2017 3:24 PM

But has it really become intolerable? Here? It's pretty sheltered.
Bruce is actually pretty quick to stop things from devolving into fights.
Certainly he does a better job than most public forums in this regard.

Is it realistic to say this forum has deteriorated beyond repair? I don't see that.
I've been reading it for years.

There is a measurable increase in partisan politics in society and this invariably will creep into all discussions to some degree. It's a difficult ongoing task to weed out what is flamebait without becoming the censor-heavy authoritarianism we all dislike. I think Bruce strikes a pretty good balance between the two competing ideals.

Go one further - if DP thought things here were beyond intolerable, which public forums CAN he tolerate? What do they do differently? What does he see as the fatal flaw here?
Personally it smacks of a general lament of society rather than a pointed critique here.

mostly harmfulOctober 15, 2017 3:44 PM

@Clive Robinson[1] "Robert obviously wrote it in an emotional state, as he has some typos etc in there that reverse his intended meaning."

Heh. He did leave more typos in that piece than usual. Does give it a sort of beat-poet urgency: "This math kills fascists, Daddy-O!"[2]

Fortunately, having spent a number of years reading yo&emdash;

*ahem* …in the process of reading the posts left by certain commenters here, I've learned that a dense thicket of typos can also disguise valuable insight, deftly explained. My appreciation for a good typo now far surpasses my tolerance for puns.

On the other hand, listening to the lies, quackery and flat out nonsense that characteristically flows out of the mouths of bosses, cops, and deputy attorneys general, I've developed a serious allergy. Not to the lies and nonsense per se, but to what it means when an Authority exhibits such blatantly antisocial behavior.

While Graham and Pfefferkorn take the opportunity to reiterate fundamental concerns about an increasingly dire situation (icebergs, lifeboat shortages, etc), I think it bears emphasising that the likes of Rosenstein are not really presenting any argument at all; he isn't trying to make sense. Quite the contrary: He is poisoning the discussion with not-so-veiled threats.

It reminds me of an anecdote I read recently, from an extemporaneous telephone interview[3] with Steve Albini (musician, recording engineer, member of Shellac):

Shellac was driving from Chicago to St. Louis to do a show, and there's a strip of highway between here and St. Louis on I-55 &emdash; Is it 55 or 58? I forget. Anyway. &emdash; where rock bands in vans are routinely pulled over for trumped-up reasons just so that the cops can root around in the van and see if they can find any drugs. It happens almost every trip. It's like a tollbooth. And when we got pulled over in this sort of predictable way, this cop came up to the window and told Bob that he had changed lanes without signaling and that's why he pulled him over. Now, we all knew that that was a lie. Everybody in the van knew that we'd been in the same lane for 40 miles and that there was no signaling and no lane changing. The cop knew he was lying to us. There was nothing about that interaction that was anything to do with the words that were coming out of his mouth. He wasn't saying, "I saw you change lanes without signaling so I pulled you over." What he was saying is, "I can say anything I want and get away with it." Right? So the power relationship is what matters there &emdash; not the language.

Albini goes on to point out that the meaning of these sociopathic demonstrations of non-communication are threats plain and simple, akin to a cop unbuckling his pants[4] while he orders you out of the car, only less nasty (or perhaps not) by degree:

So when George Bush says, "There can be no doubt that there are weapons of mass destruction," that he's lying doesn't matter. The rationale for the lie is that he wanted to start a war; that's what matters. So I don't think that dishonesty of itself is the issue. I think it's the function of [that kind of] dishonesty - the way that it's used as a kind of a doorbell to let you know that you're in for fwcking. That's why it's a problem.

When authorities flaunt blatant nonsense like in Rosenstein's speech, it isn't an argument. It's an open threat. But to whom is it issued?

It's pretty clear who isn't being talked to. It isn't issued at working slobs like myself. It's almost eerie, how un-talked-to we are. We're just the menu. This is "Shush cattle, the diners are confering with the chef" time.

It looks to me instead like a threat issued to Silicon Valley bosses, legislators, maybe the odd hold-out judge or two&emdash;sorts whose interests hardly align with my cohort's and whose spines, with notable exceptions like the Lavabit guy (Ladar Levison) and Joseph Nacchio (formerly CEO of Qwest), are composed wholly of cartilage, so to speak.

The deputy AG's speech actually reads, in parts, like the script for an alien-invasion flick if you squint at it right, and realise full well what he means by the term "complications":

Private sector entities are crucial partners in this fight. We engage in formal and informal information sharing, promote cybersecurity best practices, and make clear that private sector cyber victims will be treated with respect and concern.

Translation: PETTY LORDLINGS OF EARTH, WE COME IN PEACE!

But our effectiveness, and those of our governmental partners, has limits. The digital infrastructure is not always constructed with adequate regard for public safety, cybersecurity, and consumer privacy.

Unless we overcome those complications, we will remain vulnerable.

*Shudder*

NOTES


  1. Get well if you are able, Clive. Glad to see you still kicking today, regardless!

  2. Yeah, yeah, it doesn't really. Not literally. Neither did Woody Guthrie's guitar.

  3. Full interview here: http://www.markprindle.com/albini-i.htm

  4. Or, to take an equivalently anti-social example that occurs more commonly, drawing his gun.

Nervous TickOctober 15, 2017 3:56 PM

If the way to a man's heart is through his stomach, and eyes are the windows to the soul,
surely typos demonstrate something phrenologically interesting to a PhD somewhere.

Research grant : Approved

rachelOctober 15, 2017 4:14 PM

Clive
Thanks, agree with your sentiments about Dirk and forum. Wishing you an abundance of vital force, clarity, good humour and hot nurses!
I am momentarily reminded of a Geordie firefighting colleague of Newcastle whom was a clearance diver in the merchant navy several decades ago. He said everyone got circumcised as it afforded them 11 days shore leave. the nurse in his ward deliberately caused pain to the sailors by hiding the pain relief tool and sticking naughty pictures up. but i should probably not explain any more

Wael
I know you can do the NewYork phone book trick, at (non political) parties
Can you post the Squid link from a couple years back where everyone praises Clive and discusses raising funds for him? He deserves to read it again. my device precludes me from doing so

Clive RobinsonOctober 15, 2017 5:08 PM

@ handle_x,

But has it really become intolerable?

It was in effect the sentiment expressed by Dirk at the time he last posted.

What is noticeable is that the 100 comments page fills up rather less quickly than it used to, so the number of people posting has gone down. The gradient I remember was showing a slow decline prior to last years events, abd a quite steep curve at the time of the events and shortly there after. I could be wrong --I don't have the stats-- but it was the way I remember it.

With regards,

Is it realistic to say this forum has deteriorated beyond repair?

That would not be my choice of words. However blogs in general appear to be reducing in readership and many of those that have run technical blogs appear to make more comments on Twitter these days.

When all is said and done writing content is a thoughtfull process and if fact checking etc is required then just a hundred or two words can take a day or so to write. Where as a twenty word tweet takes just seconds and is usually more accepting if "informal" comment.

Looking around the web I see that a lot more people are "passive consumers" rather than "active participents" so it's not just this blog that has seen a demise.

Further the increase of cheap mobile bandwidth appears to be favouring both audio and video presentation over text these days.

As I've said several times one of the things I like about this blog is it is both moderated and does not require loging in to post, unlike many other blogs.

It would be nice if our host could be more interactive with other posters as he was in the past. But I predicted things would change for various reasons and they appear to have happened.

No I don't claim to be able to see the future but I can make reasonable predictions based on what happens. Like our host I've started to get cautious as I can see that the landscpe has gone from plesant pastoral to conflict mine fields riddled with listening posts, and I can see this getting worse before it gets better (if it ever does).

The real windsock of intentions can be seen from the ITU confrance in Doha back in 2014. It became abundantly clear that many people wanted major changes in the Internet and they have the power of statehood to make things happen their way if push comes to shove.

Any way it's late in the UK and the hospital has a lights out policy that has kicked in so I'm acquiescing to their rules four now.

TatütataOctober 15, 2017 7:34 PM

Also in the US edition of Politico, a criticism of the US cybersecurity apparatus:

What our cyberwall knows

Was that hacker Russian? As the government learns from constant attacks, companies want to know why it doesn't share more of what it's finding out.
By CORY BENNETT 10/11/2017 05:04 AM EDT

From the article:

“One of the questions I always ask [companies]: ‘Can you tell me best piece of information you ever got from the federal government to defend your infrastructure?’” said Rep. Will Hurd (R-Texas), chairman of the House subcommittee on information technology. “The answer is usually: nothing, silence.”

JG4October 15, 2017 9:23 PM


@Clive - wish you a speedy and complete recovery.

the tone of the discussion seems to have settled down in the past month. I hope that Dirk P. will return.

I found my copy of Ken Alibek's book yesterday, which turns out to be fortuitous timing, as this was in the morning newsfeed today. that'll make the hair on the back of your neck stand up:

http://www.bbc.com/future/story/20170926-the-deadly-germ-warfare-island-abandoned-by-the-soviets

if I can find my copy of Apollo 13, I'll try to draw some analogies of how the failure of oxygen security isn't so different from the catastrophic failure of Equifax. at the root, a failure to follow best practices.

music seems to get some respect around here

http://nypost.com/2017/10/12/springsteens-broadway-debut-is-dissolving-the-audience-to-tears/

they would have done much better with scuba tanks in the pool. I just can't understand why they don't have the swimming pools plumbed to spray the roof and a mist curtain around the house. when the heat is in the megawatts, water mist is your friend. there can still be enough cool water at the bottom of the pool to hide out while the flames pass over.

Couple Cling to One Another in Flame-Surrounded Pool; Only One Survives
https://www.wsj.com/articles/couple-cling-to-one-another-in-flame-surrounded-pool-only-one-survives-1507874085

it's all psyops all the time

The Legacy of Reagan’s Civilian ‘Psyops’
https://consortiumnews.com/2017/10/13/the-legacy-of-reagans-civilian-psyops/

there was plenty of exchange of ideas between the Nazi eugenecists and the US eugenecists, but this is especially ironic

http://billmoyers.com/story/hitler-america-nazi-race-law/
...
To get to the core of race in America today, read this new book by James Whitman. Whitman is the Ford Foundation Professor of Comparative and Foreign Law at Yale Law School. Prepare to be as startled as this respected legal scholar was when he came upon a meticulous record of a meeting of top lawyers in Nazi Germany after Hitler’s rise to power. Not only did those lawyers reveal a deep interest in American race policies, the most radical of them were eager advocates of using American law as a model.

further proof that the FBI are dirty, in a non-partisan way

https://www.judicialwatch.org/press-room/press-releases/fbi-finds-30-pages-clinton-lynch-tarmac-meeting-documents-wants-six-weeks-turn-docs/

further proof that the FBI always have been dirty, in a non-partisan way

http://news.nationalgeographic.com/2017/10/elizebeth-friedman-codebreaker-nazi-spy-fagone/
...
how J. Edgar Hoover rewrote history to sideline her achievements

someone must have estimated what percentage of embassy staff are doing work other than their title and job description would tend to suggest. the Turkish government was caught a few years ago in bed with a right wing death squad. this person may be wishing they remembered to bring the Israeli interrogation pills with them

https://www.dailysabah.com/investigations/2017/10/04/us-consulate-staff-making-phone-calls-with-feto-linked-figures-arrested-for-espionage
The Turkish media is reporting that a staffer at the American consulate general in Istanbul was recently arrested under the serious charge of attempting the “destruction of the constitutional order,” “espionage,” and seeking “to overthrow the government.”

RatioOctober 16, 2017 12:15 AM

French intelligence texts jihadist by mistake, inadvertently warning of surveillance operation:

A French intelligence agent sent a text message by mistake to the mobile phone of a jihadist, inadvertently warning him that he was under surveillance and undermining an investigation, it emerged on Friday.

The target of the probe, described as an “Islamist preacher” based in the Paris area, immediately understood that his phone was being tapped and his movements monitored.

He called the agent to complain and warned his contacts that they were under surveillance. As a result, separate investigations by two different intelligence services came to nothing, M6 television reported.

(If only Louis de Funès were available for the reconstruction…)

RatioOctober 16, 2017 2:41 AM

Mogadishu truck bomb: 500 casualties in Somalia’s worst terrorist attack:

The death toll from Saturday’s attack, which involved a truck packed with several hundred kilograms of military-grade and homemade explosives, stood at 276 on Sunday, according to Associated Press, but is expected to rise as more bodies are dug from the rubble spread over an area hundreds of metres wide in the centre of the city. At least 300 people were injured, according to local reports.

[...]

The bomb, which is thought to have targeted Somalia’s foreign ministry, was concealed in a truck and exploded near a hotel on a busy street, demolishing the building and several others.

Sources close to the Somali government said the truck had been stopped at a checkpoint and was about to be searched when the driver suddenly accelerated. It crashed through a barrier, then exploded. This ignited a fuel tanker which was stationary nearby, creating a massive fireball.

[...]

Al-Shabaab, which has been affiliated to al-Qaida since 2011, has not yet claimed responsibility for the attack.

However the organisation has a history of launching bomb attacks against civilian targets in Mogadishu, and is known to avoid claiming responsibility for operations which it believes may significantly damage its public image among ordinary Somalis.

TatütataOctober 16, 2017 11:09 AM

Yet another interesting tidbit

Supreme Court to consider major digital privacy case on Microsoft email storage - The Washington Post


The Supreme Court on Monday accepted a second important case on digital privacy, agreeing to hear a dispute between the federal government and Microsoft about emails stored overseas.

The case began in 2013, when U.S. prosecutors got a warrant to access emails in a drug trafficking investigation. The data was stored on Microsoft servers in Ireland.

Microsoft turned over information it had stored domestically but contended U.S. law enforcement couldn’t seize evidence held in another country. It said if forced to do so, it would lead to claims from other countries about data stored here.

@Grauhut:

man tor
man suricata
man selinux

man kann, man soll, man muss...

(Or if you prefer in French: "yakafokon")

I don't quite see the relationship between these fixes with the overall topic.

GrauhutOctober 16, 2017 11:47 AM

@Tatütata: Un connoisseur! Oui, i love french services, sollte man auch! :)

I don't think bashing the government makes sense.

‘Can you tell me best piece of information you ever got from the federal government to defend your infrastructure?’” ...“The answer is usually: nothing, silence.”

"Nothing, silence" means they didn't do their homework and never read a single cert advisory or that rep. asked the wrong people.

Even the German BSI consists of nice guys that try to be helpful (within their limits).

Sancho_POctober 16, 2017 5:30 PM

@Ratio, re Luis de Funès at work ???

No, this is exactly what I propose since years:

The police / TLA may tap any comm channel, but
- name a personal responsible agent for the particular tap,
- keep all such cases in a report for statistics and review from outside,
- within 6 hours inform a judge about the tap and the reason,
- not later than 10 days from starting the tap inform the suspect and all tapped contacts in any case, even if the tap was shelved (*),
- arrange an interview between the suspect, the agent, a prosecutor and probably a defender of the suspect,
- inform the suspect about the cause that was leading to the tap,
- inform the suspect regarding his right to see the judge and to complain formally,
- name them an independent organization (like e.g. EFF) to exercise his rights,
- allow their representative to review all collected data, statistic and to see the judge,
- make the statistics public on quarterly basis and name a police / TLA mediator for complaints,
- there must be a budget to compensate in case of justified complaints.

(*) Only the judge could prevent that with a written justification, but for not more than 30 days in total, and has to inform their mediator the same day.
To overcome the 30 day-rule a judge from a higher court has to be involved.

In case of wrongdoing or failure in the handling of the procedure the responsible agent will be discharged and their supervisor reprimanded, after a second case the supervisor also will be discharged.

Without touching philosophical principles, the presence of our justice system (police and court) is there to prevent wrongdoing.
To be useful, the system must be visible:
We’ll drive slowly when we see the police because we can see them, but we are infuriated when they caught us hiding behind the bush.

It’s the same principle with kids and parents, and honesty is the keyword in human interaction.

While it’s easy, it is definitely wrong to cowardly hide a micro in the bedroom, listen to phone calls or to read personal diaries without consent.

Transparency and openness must not be a slogan, but the truth.

So tap the preacher, inform him and his contacts about the fact and the suspicion, that would show them what is deemed wrong in our society, and that the system is there and working. Apologize when wrong.

If there indeed some (or at least bordering to) wrongdoing was found, a judge at the hearing openly can order time limited wiretapping, including the order not to use encryption (whatever that is), not to change the phone without notice, and inform all comm partners by a special tone at the beginning of the call.

Or whatever, details must be discussed, but our society + politicians must be bold enough to enable our justice system to what must be done.

EricOctober 16, 2017 9:25 PM

65535 wrote, "The perp was an ex-mil contractor with seemly no phone records or Facebook posts yet probably had a security clearance at one point. The FBI missed him completely."

This is quite concerning. You have to wonder what other psycho perverts are in there handling our secrets. Guess their polygraphers didnt ask the right questions...

WaelOctober 17, 2017 2:06 AM

@Rachel,

Can you post the Squid link from a couple years back where everyone praises Clive and discusses raising funds for him? He deserves to read it again.

Been an extra long day for me. Can't remember keywords except for "Crypto Currency".

An Ode to Dirk Praet is required.

These things happen on their own when I am in an extra goofy mood.

@Clive Robinson,

It's sad he decided that things had become intolerable, this site is most definitely the poorer for his loss.

He'll be back. Probably busy with some other things. Or maybe he bashed someone's nose in a bar or something laying low for a while.

mostly harmfulOctober 17, 2017 3:04 AM

An Autopsy of Cooperation: Diamond Dealers and the Limits of Trust-Based Exchange
Barak D Richman
Journal of Legal Analysis, 10 October 2017
https://academic.oup.com/jla/article/doi/10.1093/jla/lax003/4430792/An-Autopsy-of-Cooperation-Diamond-Dealers-and-the

From the abstract:

Both academic and popular representations of the diamond industry describe trust-based relations and an industry arbitration system that sustain trade. In recent years, however, trust among merchants has eroded, and merchants have correspondingly lost confidence in the industry's arbitration. This article describes the events that have led to the breakdown of cooperative trust in the industry and derives lessons regarding the nature and limits of reputation-based exchange in the modern economy.

From the introduction:

[This article] investigates the causes of why trust is breaking down&emdash;or, in accordance with an economist's explanation, why so many diamond dealers now find short-term strategies more attractive than long-term strategies associated with investing in and preserving a good reputation. It first outlines how trust-based cooperation among diamantaires had sustained cooperation and enforced executory agreements without relying on state coercion. It then reviews the many structural changes that have taken place in the past twenty years to each of the industry's three major market levels&emdash;diamond production, retail sales, and middleman markets&emdash;and it investigates how these changes might explain why the benefits of cooperation no longer overcome the temptations for short-term gains. Since the diamond industry has been held as the paradigmatic industry in which reputations and private ordering govern exchange, the demise of cooperation in the industry has implications for foundational scholarship that had presupposed the industry's ongoing cooperation. The article revisits some of these seminal discussions and aims to derive broader lessons from the diamond experience for the sustainability of self-enforcing governance and trust-based exchange.

@Nervous Tick "Research grant : Approved"

LOL

Clive RobinsonOctober 17, 2017 6:36 AM

@ Eric,

You have to wonder what other psycho perverts are in there handling our secrets. Guess their polygraphers didnt ask the right questions...

I understand your sentiment, but there is a problem... Polygraphs work on an uncontroled emotional response... You can train yourself fairly easily to take control of those emotional responses or, create fake ones that in effect hide any signal in the noise. But some people, sich as psychopaths / sociopaths and those who have certain brain injuries do not have the emotional responses. Perhaps worse there are people on the autistic spectrum who's responses are overly responsive which when combined with a more littoral interpretation tend to appear deceitful.

It's why many jurisdictions do not give any creadence to polygraphs...

S_JOctober 17, 2017 2:52 PM

Saw a news story recently.

Several Lotteries in the United States are noticing that they have "frequent flier" winners.

I'm seeing articles like this.
http://www.pennlive.com/watchdog/2017/09/defying_the_odds_part_1.html

It reminds me of an earlier story from a few years ago, posted here. Some lotteries with scratch-off tickets had poor randomization...or a pseudo-randomization that leaked information.

I don't know if this story contains instances of that type of problem, or if there are other side-channels (or illegal collusion) that allows some people to win multiple times per year over the course of a decade.

But I think it is of interest that various authorities are beginning to notice this.

Clive RobinsonOctober 17, 2017 6:18 PM

@ AlanS,

Adding to early post:

Just to say again that Deputy Attorney General Rod Rosenstein, is either clueless or deliberatly using propaganda against the US Citizens, which is something he is not alowed to do.

His "Remarks on Encryption" speach is full of so many mistakes and false premises that it can only be deliberate on his behalf or as he's unelected his task master's behalf. Which would I suppose add him to the select group of "lick spital hangers on and ego strokers" payed handsomely from the public purse to bite the hardworking hands of the everyday citizen who honestly pay taxes into that purse. That he and his ilk dishonestly help themselves from. Presumably by what they, like many preceding deluded tyrants, feel is "divine right".

What is not being made clear in the argument is that encryprtion is "mathmatics". That does not nor ever has required a digital computer, less so one connected to an electronic communications network.

There are algorithms out there that have not just realistic and easy to understand proofs of security, some such as One Time Phrases can be shown to be not even possible to show to be encryption by an observer. Such mathmatical systems only need the maximum of pencil and paper to use.

From this knowledge, a little thought shows that what Deputy Attorney General Rod Rosenstein espouses in his Remarks on Encryption is not possible. No matter what the tech companies do they can not in any way give Rosenstein what he wants. The tech companies know this, mathmeticians know this, engineers know this and so should the general public.

What we do know as history has taught us is that from before even written records criminals have used either encryption or equivalent to communicate privately.

It can be safely assumed that criminals or those that help them are also aware of the fact that Deputy Attorney General Rod Rosenstein is foolishly pushing that which is not possible. Thus it must by simple deduction be known to those around Deputy Attorney General Rod Rosenstein including his bosses...

Which raises an important question,

If the measures Deputy Attorney General Rod Rosenstein is demanding are not going to work against criminals, then who are the measures designed to be used against?

The simple answer is against "we the people" that is Deputy Attorney General Rod Rosenstein is advocating a Police State in every way he can...

There is considerable evidence that this is the case of other USG agencies, thus Deputy Attorney General Rod Rosenstein is suffering from the political equivalent of "big car little prick" syndrom. Only in his case he has his nose pressed up against the car dealers show room window, as he does not even have the means to get a "big car".

Also it's a racing certainty that if he was to be given a big car, his basic inadequacies would result in him not using the big car sensibly. Thus like Toad of Toad Hall he will become not just a menace but a real danger as he runs the innocent down, and blaiming them rather than face upto the realities of his inadequacies...

RatioOctober 17, 2017 7:43 PM

@Sancho_P,

[Louis de Funès at work?] No, this is exactly what I propose since years

You've been proposing for years that intelligence agents alert people under surveillance to this fact by mistake?

I'll skip over the details of your actual proposal, but I can't help but feel there's some bad logic here:

[...] our justice system (police and court) is there to prevent wrongdoing. To be useful, the system must be visible: We’ll drive slowly when we see the police because we can see them, but we are infuriated when they caught us hiding behind the bush.

So: we don't break the rules when we think we'll get caught, and since the objective of the system is to prevent people from breaking the rules, it's clearly a problem when people that thought they wouldn't get caught turn out to be wrong (!). That's just so infuriating and totally not what "no speeding" means. 'Cause, like, the problem isn't speeding itself. It's speeding when you can see cops, man. That's just wrong.

Your surveillance proposal suffers from this same sort of faulty reasoning. For example, the scenario above shows you realize that people will change their behavior if they know they're being watched, but your proposal seems to completely ignore this reality.

(This same line of reasoning, by the way, could be used as an argument for suppressing testimony of eyewitnesses that the accused did not see. Similarly, video evidence that shows the accused would only be admissible if it can be shown they saw the cameras at the time. The footprints left in the dust get thrown out, too: the accused couldn't have seen there was dust on the floor the night of the burglary. And so on, and so forth…)

RatioOctober 17, 2017 8:29 PM

UK facing most severe terror threat ever, warns MI5 chief:

Britain is facing its most severe ever terrorist threat and fresh attacks in the country are inevitable, according to the head of Britain’s normally secretive domestic intelligence service in a rare public speech.

Andrew Parker, the director general of MI5, said the UK had seen “a dramatic upshift in the threat” from Islamist terrorism this year, reflecting attacks that have taken place in Westminster, Manchester and London Bridge.

[...]

Parker’s speech to specialist security journalists on Tuesday was his chance to frame the debate about Britain’s battle against Islamist terrorism at a time when the agency’s staff numbers are already expanding from 4,000 to 5,000.

[...]

Parker added that military defeat in Syria and Iraq for Islamic State did not mean its threat would wane. “Meanwhile, Daesh [Isis] itself is under military pressure and is rapidly losing ground in its heartland in Syria and Iraq. So much so that it’s now advising would-be fighters to choose other countries … At the same time the Daesh brand has taken root in some other countries where areas of low governance give it space to grow.”

He said 100 Britons were believed to have died fighting for Isis and fresh danger was posed by the potential return of 850 more who had travelled to its territory, although a large influx had not yet materialised.

More numbers from Parker's remarks on video: “We're now running well over 500 live operations involving around 3,000 individuals known to be involved in extremist activity in some way.”

JG4October 18, 2017 7:30 AM


from yesterday's Big Brother is Watching You Watch compendium

there's only one plausible explanation

Facebook Is Looking for Employees With National Security Clearances Bloomberg (JTM)
https://www.bloomberg.com/news/articles/2017-10-16/facebook-is-said-to-seek-staff-with-national-security-clearance

a very nice analogy to releasing flawed software. both are public nuisances where no one is held accountable

Quelle Surprise! Pollution Pays!
https://www.nakedcapitalism.com/2017/10/quelle-surprise-pollution-pays.html

speaking of flawed, "it may be our carelessness, but it is your problem"

No Forfeiture-Database Backup With Millions on the Line, NYPD Admits
https://www.courthousenews.com/no-forfeiture-database-backup-millions-line-nypd-admits/

Clive RobinsonOctober 18, 2017 7:59 AM

@ Ratio,

You do not appear to understand that the Police are about prevention not punishment.

Likewise it appears that you do not understand the notion of serving a warrent on a suspect to gain access to their papers and possessions and sneaking about out of sight.

Such sneaking about out of sight is a compleat anathema to the fundemental ideas behind justice that have been in place for more than a thousand years.

Sneaking about and punishment rather than prevention are some of the clear indicators of tyranny that society can not exist in.

Sancho_POctober 18, 2017 11:44 AM

@Ratio

Wait, read again, cool down, then read again what I wrote re the purpose of our justice system.
Then compare what you answered, each sentence derails your arguments more away from the track to the horizon, finally out of sight, and we wonder where you’r heading to.
I think it starts here:

”[everything OK until here] …, it's clearly a problem when people that thought they wouldn't get caught turn out to be wrong (!).

So please do me the favor, come back and try again!

another_Dirk_fanOctober 18, 2017 7:18 PM

@Wael

"He'll be back. Probably busy with some other things. Or maybe he bashed someone's nose in a bar or something ..."

iirc Dirk last left this blog during a time of some contentious talking about free speech. In this country law schools may tend to imply that free speech means something like:
“I disapprove of what you say, but I will defend to the death your right to say it.”
https://www.themarysue.com/voltaire-beatrice-evelyn-hall/
https://quoteinvestigator.com/2015/06/01/defend-say/

Th concept of free speech may be seem somewhat quaint in this country when serial liars like Trump and Attorney General Sessions are in power, but we still probably want it in the US. From today's senate judiciary committee hearing:

"Sessions offered a slightly new wrinkle Wednesday, asserting that he may have discussed Trump campaign policy positions in his 2016 conversations with Kislyak. The attorney general said it was “possible” that “some comment was made about what Trump’s positions were,” though he also said, “I don’t think there was any discussion about the details of the campaign.”

The Post reported in July that Kislyak reported back to his superiors in the Kremlin that the two had discussed campaign-related matters, including policy issues important to Moscow. Sessions has previously said he did not “recall any specific political discussions,” though he allowed that most ambassadors are “pretty gossipy” and that it was “campaign season” when he and Kislyak talked.

In one of the testiest exchanges of the hearing, Sen. Al Franken (D-Minn.), who had asked Sessions about Trump campaign and Russia contacts at the confirmation hearing, accused the attorney general of changing his story over time.

While Sessions first asserted he “did not have communications with the Russians,” he now seemed to be only denying that he had inappropriate discussions about election interference, Franken said.

Sessions shot back that Franken’s question came with a “very, very troubling” lead-up and that he answered “in a way that I felt was responsive to what you raised in your question.” The two men interrupted each other, and, at one point, Sessions erupted. “Mr. Chairman, I don’t have to sit in here and listen to his charges without having a chance to respond,” he said. “Give me a break.”"

RatioOctober 18, 2017 7:19 PM

@Sancho_P,

I'd read and understood your points regarding the justice system the first time around. I was calm when I read your comment and when I wrote my reply, and I'm calm now. So much for assumptions.

There is a reason I included a parenthesized exclamation mark at the end of the sentence where you think I'm starting to lose the plot. That reason isn't that I'm in the habit of leaving random words and punctuation strewn all over my comments. It's to alert the reader (that is, you).

So you don't think it's a problem when people who thought they could break the rules and get away with it turn out to be wrong? (Good, I don't either. I think it's a good thing.) But then, what does this even mean?

We’ll drive slowly when we see the police because we can see them, but we are infuriated when they caught us hiding behind the bush.

WaelOctober 18, 2017 7:31 PM

@another_Dirk_fan,

I hope he’ll be back soon because this topic is outside my area of expertise!

@Dirk Praet! A couple of people are missing you plus @Clive Robinson and me. Do you want to come here or should I ask your friend @Rolf Weber to say something nice about you?

KrugerOctober 19, 2017 11:11 AM

Bruce, do you have a squid blog for security only? Seems this blog is about other things.

Sancho_POctober 19, 2017 5:08 PM

@Kruger

Oh wait, this is the right place for security related squid!
Sorry for chatting while we wait for your contribution.

Sancho_POctober 19, 2017 5:33 PM

@Ratio

Probably I was a bit short in that paragraph, but I assumed it would be obvious in context, sorry, let me try again:

“We’ll drive slowly when we see the police …“

This is the principle of our coexistence, the reason for our social behavior, and finally for what is called “morale”: It is the deep understanding that there are rules we have to obey, whether we like (=comprehend) them or not.
We’ve to learn that in our childhood - or will never.

If you or I would be alone on this spaceship there wouldn’t be any rules, e.g. against speeding. Every tree we see would be ours, likely we’d grab any resource and waste it, pollute the environment as we expect to be alone and the last one here on earth (strangely we do so anyway).

But we are not alone, so there have to be rules.
However, it needs more than rules:
The visible police car reminds us of the rules and of possible consequences in case we forget them.
So we check our speedometer or think of what we have in the trunk, glove box or our pockets. It's not only about speed(ing).
As a result of our immediate caution, watching the traffic the police can almost “smell” suspicious cars and persons, as a dog immediately would.

Now we, the “good” ones, more or less accept or even appreciate the situation, understanding that the police is there also to protect us.
We are instinctively and unwittingly reminded of our childhood.

On the other hand we don’t like when we are caught by a radar device hidden behind a bush or civil car, probably out in the wild, without anybody else on the road, and only learn much later about the fact (mind you, in the EU usually we do not have Sheriffs riding up behind us as they have in the Wild West).
This situation stirs anger and hatred against police and the untouchables, against the powers cowardly hiding behind a veil [1].
Even it was correct we will not accept that, on the contrary, it unites people of all “colors” against rules and the establishment.

So we, the society, not only need rules but also a visible police (and enforcement).

Otherwise it will not work!
On the contrary, it will result in hatred against LE (and chaos [2]).

That’s the unzipped reason why Luis de Funès must text the Islamist (and all contacts the Islamist had) and tell them about, also and especially when nothing was found.

That was my point.
- However, I’d be grateful to learn if there is still some ambiguity in my proposal or if the track is visible now? ;-)

[1]
We should strictly distinguish between rules + police and the shady world of spies.
Surveillance hasn’t always the same meaning.
When the US taps the Russian Ambassador this is not to remind him of certain rules, it’s because they hope to collect intelligence from a bright Russian. So they don’t have to text him about (he knows anyway from reading the media).

[2]
Think of sectors without no or very little rules, police and enforcement.
Everything digital? That’s because it takes dozens of years and bad experience for the rules to evolve, still then there is no police and enforcement out of the blue. Nature is learning by doing.

RatioOctober 19, 2017 10:57 PM

@Sancho_P,

Probably I was a bit short in that paragraph, but I assumed it would be obvious in context, [...]

Brevity wasn't the problem. I understood (understand) the sentence just fine, but what it says didn't (doesn't) make sense to me. Things get worse as the sentence goes on, as you'll see.

“We’ll drive slowly when we see the police …” This is the principle of our coexistence, the reason for our social behavior, and finally for what is called “morale”: It is the deep understanding that there are rules we have to obey, whether we like (=comprehend) them or not. [...] But we are not alone, so there have to be rules.

(You were looking for moral, morals, mores, or something along those lines. Moral and morale both correspond to the same word moral in Spanish, but the first in the sense of principios éticos and the second in the sense of estado de ánimo.)

I mostly agree so far. But please note that stating that “we’ll drive slowly when we see the police” says little, if anything, about our morality.

However, it needs more than rules: The visible police car reminds us of the rules and of possible consequences in case we forget them. [...]

It's not about forgetting the rules; it's about breaking them. (And, yes, the rules don't enforce themselves.)

On the other hand we don’t like when we are caught by a radar device hidden behind a bush or civil car, probably out in the wild, without anybody else on the road, and only learn much later about the fact [...]

… and we've reached the second part of the sentence.

There is a rule against speeding. Now, should this rule be enforced? If no, let's get rid of it; it serves no purpose (as is, anyway). If yes, then who cares about people being upset that their breaking this rule has consequences when they mistakenly assumed it would not.

This situation stirs anger and hatred against police and the untouchables, against the powers cowardly hiding behind a veil [1].

Why? I'm not really seeing the logic here. (And what's cowardly about it? It's not like parking where people can easily see you takes enormous amounts of bravery either or anything.)

Your footnote [1] says:

We should strictly distinguish between rules + police and the shady world of spies. Surveillance hasn’t always the same meaning. When the US taps the Russian Ambassador this is not to remind him of certain rules, [...]

… and when the police taps anyone, it's not for that reason either.

So we, the society, not only need rules but also a visible police (and enforcement). [...]

I agree with the conclusion, but not with its premises.

That’s the unzipped reason why Luis de Funès must text the Islamist (and all contacts the Islamist had) and tell them about, also and especially when nothing was found.

Yes, everyone should get a gold star when they don't do things they shouldn't be doing. (That was sarcasm.)

I still don't see how this (especially the part you bolded) makes any sense. Do you see why now?

tyrOctober 20, 2017 12:01 AM


@Sancho P

Humans have been around for a hundred thousand
years most of that time without the specialized
guard labour of capitalism. It's weird how any
thing that is set up for special interests gets
sold to the next generations as indispensible
to society. In the same way every attempt to
do a small change is castigated as going to
end civilization as we know it. The way to bet
on the future is to seek out heresy because it
always turns out to be right in the long run.

Assuming that roving bands of state sponsored
criminals constitutes a needed part of rational
society, should make you wonder just what this
society is that it needs such a solution to
exist. Once you internalize the idea that no
other way exists the fact that billions of
humans have lived without those dubious benefits
fades into limbo. It also exists on the false
premise that the ordinary human needs to be
corraled coerced and trained like laboratory
rats or it will suddenly explode into antisocial
behaviors. That's not true, if it was true you
wouldn't be here now. It is a convenient fiction
sold to society by people with an agenda that
is not for their benefit.

C U AnonOctober 20, 2017 3:51 AM

I know ↑ that commentary ↑ has a name, but do we realy "need to speak it's name".

WaelOctober 20, 2017 9:48 AM

Ladies and Gentlemen,

Do we need to mention that @C U Anon is @Clive Robinson?

Let the sockpuppetry witch hunt begin... And now, for the thousands reading this blog and the quarter million subscribers around the world...

Let's get ready to Rumble

Here is the tale of the tape:

On the right... @Clive, the encyclopedia, Robinson: A 740 year old veteran, has health problems, but don't let that fool you. His brain is sharp as a katana sword. He hails from the UK. He's being accused of sockpuppetry. For example...

Are you saying everybody above are compleatly and utterly uninformed?

On the left... @Ratio, the meticulous, precise new kid on the block. Speaks many languages. He does'nt seem to have a clean record either. He is thought to be @ianf -- a real git, with great sense of humor and lousy manners, in freakin' disguise... He hails from... well, we don't know. Rumor ha it he's Italian.

Someone's "O" gotta go!!!

This is a pay-per-view event. Hosted by someone who got his sockpuppet busted :(

AnuraOctober 20, 2017 11:34 AM

Well, CU usually refers to University of Colorado; it's extremely unlikely that the abbreviation has any other meaning, so they are probably American.

WaelOctober 20, 2017 12:00 PM

@Anura,

Writing style and mode of thinking weighs more than an arbitrarily chosen handle. One is under conscious control and the other is vulnerable to subconscious slips. Nothing conclusive, but worth looking into. Meta-data discloses more information than intended. Doesn’t bother me either way. I can discuss a subject with 10 real people or one person with 10 different names just as effectually — won’t change the outcome of the discussion, unless it digresses to accusations and subjectivity, both of which I avoid.

Nick POctober 20, 2017 12:59 PM

As I think of securing computers, I also think of ways to embed productivity into the development of those systems or on top of them. After all, virtually nobody buys PC's for security: they buy them to get stuff done. I've spent a lot of time looking at different environments and languages. Among most powerful I saw was Common LISP and the LISP machines. However, those weren't quite popular. The other approach that was very powerful and even designed partly for children were the Smalltalk machines at Xerox PARC. You could say the Smalltalk model of independent objects passing messages even saw the Internet coming. That's no surprise since they had Douglas Engelbart's people there. ;) Anyone confused by that should see the Mother of All Demos presented in 1968 before the World Wide Web or PC's existed.

You might have seen things about that system. I just found something better though: a live demo of that environment done by Alan Kay after they rescued the 1970's software from a trash heap. He does his presentation in the original GUI from PARC. It's amazing to see how it blends code, windows, drawing/art, and gestures. In the 70's! I agree with Kay that Jobs really missed the big picture during his visit as the Apple GUI was nowhere near as impressive in what capabilities it gave to the users. It was just about a nice-looking GUI. If only we started in alternate history where we grew up on these PARC machines that Intel/IBM then optimized their CPU's for. We'd have avoided the crud of web apps since environments such as Smalltalk could be extended natively to do such things with some libraries.

WaelOctober 20, 2017 2:04 PM

@Nick P,

New thing I learned today: The Mother of All Demos. Didn’t know it happened that long ago by Douglas Engelbart! Thanks.

WaelOctober 20, 2017 3:59 PM

@Anura,

I stand behind my methodology.

And I stand in front of it! I’ll get tired, you’ll get exhausted. Chinese saying:

Man who run in front of car get tired;
Man who run behind car get exhausted!

C'est la vie...

Sancho_POctober 20, 2017 4:57 PM

I can’t see any sock-puppet here, anyway, it’s content that matters.

@Ratio

You have a valid point re speeding as it’s not an indication of morality (thanks for the correction).
But it’s this simple example here leading to your (don’t get me wrong) “digital” view: Say 40 is OK, 41 isn’t, that’s an issue which might be solved with auto-speed control of our cars in the future, as well as auto-ticketing without police or radar when speeding in manual mode.
Bright future, isn’t it?

But most of our rules aren’t that simple.
On the contrary, even with a myriad of detailed laws nearly each case is different and has to be seen independently (that’s what the layers want us to believe and why laws are what they are).
A strictly technical view (0/1) negates that we are humans and that we ardently demand to be treated as such.

Seen as a part of education (to social behavior) the rules must be justified, explainable and understandable to and for kids, teens, youngsters and oldies.
Very difficult!
In fact, the brighter the individual the more difficult it is.
[see your “… serves no purpose (as is, anyway)” if I understand correctly]

And the Imam may be very bright!

Why anger and hatred:
When individuals learn that someone was in their drawers without consent at first they are deeply shocked. Some are for the rest of their life.
But seconds later many will compensate that by a feeling of vengeance.
That’s just normal for (but not unique to) the stronger, brighter males.
It’s really unwise to provoke that feeling, often a (hidden) tit for tat will result.

For the cowardly:
It seems you’ve never been standing decorated with a badge on the street, but be assured it needs quite some boldness nowadays if alone.
To search @Ratio’s drawers and then _tell him about the fact_ needs more, I guess?

For the golden star:
Let’s think not only about the Imam but more about his contacts. They all learn that their Imam got into the focus, not very clearly why, but possibly because he had contact to someone who knows someone who …
So all of them (and also the "not contacts" of the community) will know “they are there” and “probably we are registered now”.
The Imam, if wise, will explain them what they should _not_ do and why.
If not (see anger and hatred) he will be soon in the focus again.
And if the politicians are not cowards that could result in trouble.

Socializing people is our (society and LE’s) first objective, it’s mandatory when living together on a canoe.

Sancho_POctober 20, 2017 5:27 PM

@tyr

Sorry, it seems I may not understand everything.
But I’ll try some points:

Capitalism was there since the beginning, as was guard labor, it’s nature.
What’s new is the lack of rules and control in the upper part of society, (in part) due to rapid industrial evolvement.

Re antisocial behaviors
Be aware that cannibalism (feeding on our breed) is part of our survival strategy and must be controlled by mind or otherwise. That’s true for state sponsored criminals as well as for us civilized Westerns who
still today feed on their counterparts who suffer for our prosperity.

The basic issue is: Our canoe is not endless. Depending on our footprint it may hold 5 to 15% of Westerns in balance for a relatively short period (in thinking of mankind). The only energy we have comes in radiation from the sun. Whatever energy (wind, water, sun, fossile) we use is lost for the environment with in part dramatic consequences, not to talk about waste.
Nuclear isn’t an option, neither is fusion.

Problem is ingeniousness and technics easily find niches to avoid the immediate crash. But the construct gets more and more complex and fragile, the crash will be harder and harder the longer it's avoided.

Your “laboratory rats” are a good picture, but you know that someone controls them, I don’t believe we have someone to control us.

And I suggest a visit to some African states, start with Somalia?

tyrOctober 20, 2017 10:01 PM


@Sancho P.

Somalia is an interesting case. One of
the area tribes used to have a rite of
passage for young males. They had to
kill someone from ambush to be considered
as a full adult with a place in society.

What you see there is the leftovers of
misguided colonial interventions.

Inability to see past the generation gaps
always gives a distorted worldview that
accepts personal bias as eternal truths.

Heraclitus pointed out that everything is
subject to change while humans seem to wish
for some eternal verities.

I use the word capitalism in the sense of
a system that commodifies human beings as
labour, converts the world into property
and puts a price on everything. That has
not been around forever it is a construct
barely 300 years old.

Sancho_POctober 21, 2017 6:36 PM

@tyr

OK, seems you mean contemporary capitalism.
Property in the sense of territory, slaves/harem even predates mankind.
For the (time and) use of money and prostitutes see "Customs" at:
https://en.wikipedia.org/wiki/Lydians
I guess they had corruption, too ;-)
The evil is us.

RatioOctober 22, 2017 9:15 PM

@Sancho_P,

You have a valid point re speeding as it’s not an indication of morality.

I'm not sure what it is you're agreeing with here. What I meant was that someone not speeding, or not stealing, or not killing, or not _____ when they know that the police is right there watching them isn't saying much, if anything, about their morality. You can't conclude that their behavior must have been the result of their morality.

[...], even with a myriad of detailed laws nearly each case is different and has to be seen independently (that’s what the layers want us to believe and why laws are what they are).

If the facts of different cases are the same, the cases should yield the same outcome. (Equality under the law.)

A strictly technical view (0/1) negates that we are humans and that we ardently demand to be treated as such.

I think that's exactly backwards. You would rather be subject to vague, ambiguous rules than to clear, unambiguous ones?

[...], the brighter the individual the more difficult [justifying and explaining the rules] is.

I'm not entirely sure what you're saying, but I don't think I agree.

My “… serves no purpose (as is, anyway)” was about having rules that aren't enforced (specifically the rule against speeding in that hypothetical scenario).

When individuals learn that someone was in their drawers without consent at first they are deeply shocked. Some are for the rest of their life. But seconds later many will compensate that by a feeling of vengeance. That’s just normal for (but not unique to) the stronger, brighter males. It’s really unwise to provoke that feeling, often a (hidden) tit for tat will result.

This clearly doesn't apply in the case of speeding, where there's no expectation of privacy. In the case of going through someone's drawers an independent third party like a judge presumably consented.

Don't you think your proposal to inform everyone who is or was under surveillance would lead to more anger and hatred? Or did I misunderstand the logic?

(Tit for tat would be going through the other guy's drawers. Igual por igual.)

It seems you’ve never been standing decorated with a badge on the street, but be assured it needs quite some boldness nowadays if alone.

We were talking about sitting in a car by the side of the road versus parking the car just out of sight? Anyway, I guess I don't appreciate the enormous amounts of bravery involved.

Let’s think not only about the Imam but more about his contacts. They all learn that their Imam got into the focus, not very clearly why, [...]

Oh, it's a real mystery all right.

A French intelligence agent sent a text message by mistake to the mobile phone of a jihadist, inadvertently warning him that he was under surveillance [...]

I'm guessing they suspected him of tax fraud? Unpaid parking tickets? Am I close?

Sancho_POctober 23, 2017 6:36 PM

@Ratio

It’s interesting we disagree in fundamental ideas, anyway, I’ll try.

Yep: Not to speed, even without being watched, is not an indication of morality, on the contrary, may be suspicious (intoxicated, technical problem, heart attack, ….).
The world is colorful.
But besides the simple (binary) speeding example my main point was the sheer presence of police - also for text and drive, overloaded truck, Methuselah behind the wheel, …
Try to see it from the good, innocent side of populace.
The message is: Police are there not to punish but to protect us.

Indeed I’d prefer less (imperfectly) detailed laws, and more common sense (ethic) rules and to dispute the individual case.
Your “should” outcome would be the same problem anyway, only that it needs real humans to decide instead of algorithms in the near future.
How clear is 'clear, unambiguous'? Don’t ask machines / AI for the answer!

Re my “the brighter the individual …”:
“Go on green” - When, which green, brightness, when flashing, green + red simultaneously, which direction, how come, …?
Simply said the (more binary) authoritarian follower will answer “Yes, Sir” while the (complex = analog thinking) will ask several questions when presented a rule.
=> The brighter ones want to understand, the simpler ones simple can’t.

Most oft the time rules are not enforced, but that neither makes them useless nor invalid. On the other side, rules are not absolute: “No dumping” doesn’t mean you can’t throw the rest of your apple into the bushes - but don’t do it on the street!
“You shall not kill” - but obviously you can send the guys to go after Bin Laden.
Yea, it’s complicated out there, especially when we try to think binary.

Me (in context of cowardly searching one’s drawers and vengeance):
“… It’s really unwise to provoke that feeling, often a (hidden) tit for tat will result.”
1) You: ”This clearly doesn't apply in the case of speeding, where there's no expectation of privacy.”
Um, I have an expectation of privacy when on the road, and AFAIK police can’t mount an GPS tracker without a judge in any “democratic” state of the world, but I’d have to search that down to make sure.

2) You:”In the case of going through someone's drawers an independent third party like a judge presumably consented.”
Here the pivot is “presumably” - I have to apologize for jumping from the simple tangible drawer back to the intangible communication of that poor chap, which can be (702) searched by LE without any warrant only for suspicion:
https://www.eff.org/deeplinks/2017/10/usa-liberty-act-wont-fix-whats-most-broken-nsa-internet-surveillance

3) Your “Igual por igual.” No, sorry, binary is too simple.
I wouldn’t try to go through the burglar’s drawers, even if it was a LEO, and I knew his name. But probably someone else would think about his (or anybody else’s) kids and acid or so.
To come back to the intangible comm world, imagine you yourself would be the guy who learns about their surveillance by the mistaken text message.
Would that event improve your sentiments regarding the LEOs? Really?

So I think when we all (the good and the bad) know there are valid rules even to protect us there wouldn’t be the bad feeling when we hear from LE.
[Granted, there have other things to improve as well]

Your ”… [police] sitting in a car by the side of the road”:
A very good example how it should not be. Where I live the police stand outside of their car, never saw them cowardly hunting like in the US. But the streets are different here!

Last not least the (your / MSM) jihadist and their “suspicion”.
Again, the binary thinking doesn’t come close to the real world, and your last line again reveals your simple “If x then y” attempt.
What is a jihadist, when is someone rightly to be called a jihadist, and can we call them jihadist before a judge found them guilty? Of what exactly?
Having a beard? No future? Three wives?

Before there is evidence it is just a suspicion. No judge should presumably consent to invade someone’s privacy.
Until convicted he is innocent, not a jihadist. Innocent = respected man.

Fairness, honesty and openness unfortunately (?) are values one can’t transform into lines of code.
But hey, otherwise we humans would be replaceable ;-)

Btw. I’m not sure if we should further stress @Bruce’s hospitality, as I assume we will not come to an agreement on our different views?

RatioOctober 24, 2017 2:38 AM

@Sancho_P,

I'm still trying to figure out what the fundamental ideas that we disagree on actually are.

Try to see it from the good, innocent side of populace. The message is: Police are there not to punish but to protect us.

They're there to do both, and more: protect, prevent, investigate, punish. (In general, that is. Your "us" would only be protected, since they're defined to be all good, all the time, and will thus never even be a suspect.)

Your “should” outcome [that is, equality under the law] would be the same problem anyway, only that it needs real humans to decide instead of algorithms in the near future.

I don't follow. What is this "same problem" you're referring to?

How clear is 'clear, unambiguous'?

That wasn't intended to be a black-and-white thing. Let me rephrase: would you rather be subject to rules that are vaguer and more ambiguous, or to rules that are clearer and less ambiguous?

“Go on green” - When, which green, brightness, when flashing, green + red simultaneously, which direction, how come, …? [...] => The brighter ones want to understand, the simpler ones simple can’t.

This was an example of a brighter person wanting to understand?

Most oft the time rules are not enforced, but that neither makes them useless nor invalid.

Rules that are not enforced might as well not exist. Worse, not removing these rules might lead to people one day finding there's some unenforced rule from 1623 that they've just broken and that will now be applied rigorously. It's like dead code in software: get rid of it.

On the other side, rules are not absolute: [...] “You shall not kill” - but obviously you can send the guys to go after Bin Laden.

That's a straw man: there is no such rule.

Um, I have an expectation of privacy when on the road, [...].

We're talking about speeding. In public. And objecting to being seen. I don't even …

[“In the case of going through someone's drawers an independent third party like a judge presumably consented.”] Here the pivot is “presumably” - I have to apologize for jumping from the simple tangible drawer back to the intangible communication of that poor chap, which can be (702) searched by LE without any warrant only for suspicion [...]

Le 702 in France by French intelligence agencies? This is still about the guy in the article?

Your “Igual por igual.” No, sorry, binary is too simple.

I was just saying what "tit for tat" means, because I suspected you were using it to indicate some sort of escalation. (Talking about an acid attack on someone's kid as revenge seems to confirm that.)

To come back to the intangible comm world, imagine you yourself would be the guy who learns about their surveillance by the mistaken text message. Would that event improve your sentiments regarding the LEOs? Really?

Would I like it? No, of course not. I can't imagine anyone would. I guess I'd want to know why. But I still don't see how your proposal does anything to improve on this. You'd rather people that weren't even aware they were under surveillance be informed. So I once again have to ask if that isn't making the whole situation worse by your own logic?

Where I live the police stand outside of their car [instead of sitting in it], never saw them cowardly hunting like in the US. But the streets are different here!

Spain, it's different. ;-)   I still don't see where the cowardice and bravery come in…

Last not least the (your / MSM) jihadist and their “suspicion”. Again, the binary thinking doesn’t come close to the real world, and your last line again reveals your simple “If x then y” attempt.

Ehm, no. You said people around him would not know why he "came into focus". The article describes him as a jihadist. What might be the reason they had him under surveillance? Could it possibly be that these intelligence agencies suspected him of being a jihadist? I don't know where I got this idea; it just occurred to me. Or was it about those unpaid parking tickets after all?

Before there is evidence it is just a suspicion. No judge should presumably consent to invade someone’s privacy. Until convicted he is innocent, not a jihadist.

He was under surveillance so that they could try and find evidence! That's the whole point! They suspected him of being a jihadist (whatever that stands for exactly in this case), convinced a judge that they had good reasons for their suspicions, and got the judge to allow them to invade his privacy under certain conditions. That's how we got here. At no point in this process is he even presumed to be guilty.

(I'd typed this all before I saw your remark at the end. Meh. Might as well press "submit" now. Hopefully you'll at least be clearer on what my positions actually are.)

Sancho_POctober 24, 2017 6:12 PM

@Ratio

Yes, I am clearer, and it’s not about politics, so he may apologize our chatting.

Good, you’r on the right track now, so whenever you see them:
Police are there to protect us. That shall be.
But now, where we agree, there is no need to detail on their activities how they try to protect us (”prevent, investigate, punish” and more) because protect is the “/“.
Of course, to protect us they’ll have to punish some of us, thereby showing others that our society works.

For “the same outcome”, “clear” and “more ambiguous” it’s one point:
We have thousands of laws and growing, thousands of lawyers and spend eons of court hours (not in the US because of foul bargaining).
This is a huge business: Write clear useless laws and cash on disputes.
Yes, I’d prefer more basic rules and to spend probably the same amount on ethical ruling. No, it wasn’t torture, it was enhanced interrogation, btw it was not on US soil, unfortunately there is no jurisdiction. And shooting an unarmed combatant in the bed is not killing a civilian.
That’s not a straw man, it’s obviously the truth: Some rules are not enforced (but basically I agree, there are too many rules).

Privacy and speeding: I have the expectation to be left alone, even in public. A GPS transmitter and continuous, automated ticket-service at the police is a no-go (but will be reality soon).
Speeding is also a rule that is not always enforced, at least now.

Good you mention that the French don’t even have a 702 but are ripped off their privacy anyway.

Spot on your: ”I guess I'd want to know why.”
The proposal serves several purposes:
Police have the chance to eavesdrop on a certain target (and her contacts, which is bad but necessary and interesting for the police).
The bureaucratic overhead will make sure they decide after thinking.
The fact and the result has to be explained to the target, this is at first to educate the police but also the target. In the course of explaining police will learn a lot (e.g. not to waste time in the haystack) and about the target (dangerous person?) and the whole environment (the contacts). [1]

But the fact that the target is now aware regarding the suspicion is the most important feature of the proposal. Which reaction(s) could result? What would police learn from the reaction?
Also the proposal would give us a chance of control and accountability, which is dearly needed in a working society.

Well, the MSM describe him as a jihadist, this is a prejudice and the reason we can not trust MSM. It’s dishonest.
Seems you avoid to think what they see as a jihadist.
So they suspected him to be a …, OK. And they have enough evidence to convince a (not rubberstamp) judge? Then go and get him, discuss with the guy, make clear that society is here to check his behavior.
And, if found guilty, then … Yes, that’s the part which remains unsolved.
This is the reason for our mess. Politics.

[1]
Probably you are not aware that I avidly fight for “content is mine, metadata is for LE”, not only because they have them anyway, but because metadata is more and less than content in the sense of information and haystack.

RatioOctober 25, 2017 12:58 AM

@Sancho_P,

Yes, I’d prefer more basic rules and to spend probably the same amount on ethical ruling.

Whose ethics? How is this ruling enforced? What's the difference between your "ethical ruling" and the exising concept of "legal ruling"?

No, it wasn’t torture, it was enhanced interrogation, btw it was not on US soil, unfortunately there is no jurisdiction. And shooting an unarmed combatant in the bed is not killing a civilian. That’s not a straw man, it’s obviously the truth: Some rules are not enforced (but basically I agree, there are too many rules).

Without getting into the legality or morality of any of your examples, I said that using “you shall not kill” in your earlier example about bin Laden was a straw man because there is no such rule. (Besides, he died in 2001 according to a recent comment here, if I'm not mistaken. I did not know that. I still don't know that.)

Privacy and speeding: I have the expectation to be left alone, even in public. A GPS transmitter and continuous, automated ticket-service at the police is a no-go (but will be reality soon).

We weren't talking about that hypothetical future, though, right? These two scenarios aren't interchangeable.

The proposal serves several purposes: Police have the chance to eavesdrop on a certain target (and her contacts, which is bad but necessary and interesting for the police). The bureaucratic overhead will make sure they decide after thinking. The fact and the result has to be explained to the target, this is at first to educate the police but also the target. In the course of explaining police will learn a lot (e.g. not to waste time in the haystack) and about the target (dangerous person?) and the whole environment (the contacts).

(1) The police can put people under surveillance now. (2) There are bureaucratic, legal, and resource constraints now. (3) The difference basically being that the police would inform people they haven't found (sufficient?) evidence on while they had them under surveillance of (a) the fact that they were under surveillance and (b) the reason why they were under surveillance.

(3a) has no obvious positive effect that I can see, and would lead to anger and hatred towards the police by your logic. Keep in mind that no incriminating evidence was found on these people, and that they were not aware that were under surveillance. My guess is that (3b) would be useless for the target (no real answer) and / or unworkable for the police (ruining investigations being an obvious reason) in virtually all cases.

But the fact that the target is now aware regarding the suspicion is the most important feature of the proposal. Which reaction(s) could result? What would police learn from the reaction?

This is the most important point in favor…?!

Also the proposal would give us a chance of control and accountability, which is dearly needed in a working society.

I'm not sure what the exact differences between the current situation and your proposal are in those areas. Public statistics? (Which ones? Number of cases? Locations? Types of cases? Number of "successful" vs "unsuccessful" cases?)

Well, the MSM describe him as a jihadist, this is a prejudice and the reason we can not trust MSM. It’s dishonest.

Yes, the writing in the article I quoted is sloppy. It should have said he was suspected to be a jihadist, not that he was one. Why he was under surveillance is blindingly obvious, though: they suspected him of being a jihadist. (Another theory says this is all ruse: in reality it was about his unpaid parking tickets. I'm going with the first option for now.)

What is the prejudice and dishonesty you're seeing? That an unknown imam in the Paris area is suspected of being a jihadist? Because there's no such thing as a jihadist imam in Paris? Well, I'll go out on a limb and say that there might even be two of them. I'll tell you what, $100 says I'm right. Want to take the other side of that? (Of course they exist, see Barcelona for an example.)

Seems you avoid to think what they see as a jihadist.

You tell me, what do they see as a jihadist? A beard, no future, and three wives? As far as I know that is respectively legal, legal, and illegal (but who knows if that's enforced) in France.

So they suspected him to be a …, OK. And they have enough evidence to convince a (not rubberstamp) judge? Then go and get him, discuss with the guy, make clear that society is here to check his behavior.

We're talking about an adult human being, not a three-year-old!

I'm still not clear on the fundamental issues we disagree on, but maybe we'll find out some other time. (I feel we're going round in circles on some things.)

Sancho_POctober 25, 2017 6:44 PM

@Ratio

The difference between ethical ruling and what you (correctly) call “legal ruling” is that the former requires human interaction and the latter (the law twisting) can be done by machines [1].
But when you think on our canoe there is no such rule as ”you shall not kill” then you should skip Bin Laden and focus on the “torture” (or not), but I have to admit I don’t know how common the "do not torture" rule is.
Btw. for the discussion it doesn’t matter when BL really died, they brag about his execution as a fact.

I didn’t want to confuse you, so only take the part before the future in brackets:
Today we rightly have the expectation of privacy when driving our car.

Re 1, 2, 3:
(1) That’s fact and would not be questioned when (2) would still be true.

But your (3) omits the proposal's restoring of the lost constraints, the accountability and the dialog, which gives the police the opportunity for a deep insight which they would not get after months of sitting in the office and clandestine eavesdropping, only increasing the haystack and the mess. We don’t need thousands on several (and different) lists but insight and mutual understanding what is and what is not accepted in our society.

And (3) also omits the chance for the target to discuss the facts in his community and family (multiplying the “presence of police” and the will of the society), to consult a layer of his own confidence (and language) and even a lawyer of an independent organization in case he was treated unfair. I see this as the most important difference as it shapes society and understanding between ordinary people and LE.
Mind you, this is exactly what machines will never substitute: Real life.

Yes, they suspected him to be a jihadist, but for both (and us all) to learn it then needs feedback:
Talk about, be bold, straight, honest to each other.

Yes, they …
(Imams as jihadists, but don’t forget “we” have to define what a jihadist is)
… exist, but until we tell them they won’t know that they are targeted, already in the focus. And, importantly, why.
And where our limits are (the red line, if you prefer)

“not a three year old” - Who he is can only be decided if we talk to him!

You are right with the circles, but in my feeling we honestly agree to disagree in several parts. We’d probably need a mediator to identify some misunderstandings, however, that’s not possible in a written and somehow limited conversation.

It’s a victory when we can peacefully accept that we are different!
It was interesting, anyway. Thanks!

[1]
I was tempted to write “can and will be done by machines” but I’m going to spare that for another circle ;-)

RatioOctober 25, 2017 9:26 PM

@Sancho_P,

Quick final comments on your main points:

The difference between ethical ruling and what you (correctly) call “legal ruling” is that the former requires human interaction and the latter (the law twisting) can be done by machines [1].

In anticipation of your footnote [1], and so that you can prepare for some other circle, I'll just say that I don't think that's true. (By which I mean that if machines are not able to issue ethical rulings, they are not able to issue legal rulings, and that if they are able to issue legal rulings, they are able to issue ethical rulings.)

Today we rightly have the expectation of privacy when driving our car.

Our driving in public is public. Our speeding in public is public.

Regarding the points from your comment that I numbered 1–3:

(1) That’s fact and would not be questioned when (2) would still be true.

But (2) is in fact true: there clearly are bureaucratic, legal, and resource constraints. (Insufficient and nonexistent aren't the same thing.)

We don’t need thousands on several (and different) lists but insight and mutual understanding what is and what is not accepted in our society.

"Quoi?! Le djihadisme, c'est illégal en France?? Je suis vraiment désolé!!"
— "Don't worry about it. It's a common misunderstanding. Camembert?"

And (3) also omits the chance for the target to discuss the facts in his community and family (multiplying the “presence of police” and the will of the society), to consult a layer of his own confidence (and language) and even a lawyer of an independent organization in case he was treated unfair.

All things he can do now, if he realizes he is (was) a target. The only thing that changes is that everyone would know they were (had been) under surveillance, even people who never knew. See my remarks above on (3a) and (3b).

“not a three year old” - Who he is can only be decided if we talk to him!

So we start by treating him as an adult human, not by infantilizing him. Right?

It was interesting, anyway. Thanks!

Yes, it was. Thank you.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.