Friday Squid Blogging: Firefly Squid Museum

The Hotaruika Museum is a museum devoted to firefly squid in Toyama, Japan.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on August 17, 2018 at 6:06 PM • 124 Comments

Comments

RGAugust 17, 2018 6:56 PM

Google Spin Out Of Control
At an employee meeting yesterday, Google cofounder Sergey Brin denied having knowledge of their secret Chinese Dragonfly program (involving hundreds of employees) until AFTER news leaked and controversy erupted (PhD still acting dumb)
Contradicting previous reports [1], Google CEO Sundar Pichai told employees, according to The Times. "That said, we are not close to launching a search product in China."

Sergey Brin Demands Privacy!
“The discussions became tense when Google's leaders discovered that someone attending the meeting or listening in remotely was supplying live information to Conger, the New York Times reporter. Brin said he would NOT continue discussing China because of the leaks, according to the sources who spoke to Business Insider.”
https://www.businessinsider.com/google-ceo-sundar-pichai-on-censored-search-in-china-2018-8
The Intercept reports ‘Goggle Execs Mislead Staff On China Censorship’
https://theintercept.com/2018/08/17/internal-meeting-reveals-how-google-bosses-misled-staff-on-their-china-censorship-plan-here-are-the-questions-they-must-answer/

Update AP Location Tracking Investigation Findings
In a Thursday statement to the AP, Google said: "We have been updating the explanatory language about Location History to make it more consistent and clear across our platforms and help centers."
The statement contrasted with a statement Google sent to the AP several days ago that said in part, "We provide clear descriptions of these tools." https://apnews.com/ef95c6a91eeb4d8e9dda9cad887bf211
Google risks mega-fine in EU over location 'stalking'
First big test for GDPR looms
"Burying its stalking settings, while distracting users with a deliberately crippled 'Location history' button, isn't just deceitful - it's unlawful," campaigner Phil Booth opined. "Without proper consent or legitimate purpose, Google is breaching the GDPR rights of every EU citizen it has been tracking.
We will likely see European Data Protection Authorities take a stance on this issue over the coming months. https://www.theregister.co.uk/2018/08/16/google_risks_megafine_in_eu_over_location_stalking/
Still Cell Tower Location Tracking (even with GPS Turned Off) [2]
Analyst Rich Mogull of Arizona-based Securosis LLC said telecom providers track and sell location data as a matter of course, with a wide range of businesses including Google extensively attempting to compile location datasets on consumers. https://www.businessinsider.com/verizon-cell-phone-location-data-brokers-2018-6?r=UK&IR=T
These breathtaking lies, deceptions and cover-ups are just from the last few days. If you can't dazzle with brilliance, baffle with bullshite.
My analysis is there are untold number of operations which citizens are not aware of. Hence the total USA government silence. Both sides (spy vs. spy) have become addicted to Google’s unmatched algorithms and surveillance. [3]

Taking the limit, Google’s ultimate intent is to make everyone in the world dependent upon them. This includes news organization, politicians[4], militaries, governments and pornographers. The intent today is personalized advertising but, left unchecked will metamorphosize into a worldwide dragnet of control, submission then permission[5]. Little wonder why Google is forbidden to operate on mother turf Russia [6].

[1] https://www.businessinsider.com/google-employees-react-report-china-censored-search-engine-2018-8 Article also documents that Google is also simultaneously working with US military on Project Maven
[2] Google also uses its wifi database to locate users
[3] Anti-trust legislation must be brought to bear on the Big Brother in our pockets, swiftly and comprehensively. It is not an exaggeration to say that the survival of free and open society depends on it
[4] POTUS calls Google ‘a great company’. His 2018 campaign leads in political spending for both Google and Facebook ads
[5] Even worship as the Communist Red Party currently demands?
[6] right under our noses. Russia Investigation

echoAugust 17, 2018 7:41 PM

This isn't the kind of language I expect to hear from a RN Captain of a flagship vessel. Quite the reverse, really. One is not amused.

https://www.independent.co.uk/news/uk/home-news/hms-queen-elizabeth-porsmouth-us-donald-trmp-royal-navy-ship-a8496536.html
As the media departed the Queen Elizabeth, Captain Kyd warned: “No negative stories please, otherwise we’ll come and bomb you!”

Nobody stopped to ask why the police officer was carrying a pocket knife?

https://www.standard.co.uk/news/world/police-use-stun-gun-on-grandmother-87-after-she-cut-dandelion-leaves-with-a-steak-knife-a3912981.html
Police Taser grandmother, 87, who was 'cutting dandelion leaves with a steak knife'

PeaceHeadAugust 17, 2018 10:09 PM

RG: excellent comments and insights. thanks
Ismar: also excellent comment and insight. I too am concerned. These types of things seem to keep accumulating behind the scenes, and for what other than some futuristic technoarmageddon, I don't know.

I've been worried ever since I saw the "big dog" ai drone robot quadruped. And USA has ai drone surface ships too. Meanwhile all these vulnerabilities are proliferating exponentially times exponentially in multiple vectors.

The foolishness is poised to kill the world, though I hope it fails. Maybe S. Hawking was correct.

PEACE is STRONG, not weak.
War accomplishes defacto extinction of all participants and grants nothing but pestilence lasting halflifes doubled.

gordoAugust 17, 2018 10:40 PM

Former CIA Director John Brennan, a day ago in a New York Times op-ed, on then-candidate Trump in July 2016 calling on Russia to find the missing Clinton emails:

"The already challenging work of the American intelligence and law enforcement communities was made more difficult in late July 2016, however, when Mr. Trump, then a presidential candidate, publicly called upon Russia to find the missing emails of Mrs. Clinton. By issuing such a statement, Mr. Trump was not only encouraging a foreign nation to collect intelligence against a United States citizen, but also openly authorizing his followers to work with our primary global adversary against his political opponent."

https://www.nytimes.com/2018/08/16/opinion/john-brennan-trump-russia-collusion-security-clearance.html

If we're to believe then-FBI Director Comey (see Attachment C, below), then it's not a stretch to say that "hostile actors," e.g., China and Russia, well before July 2016, had already obtained copies of all of Mrs. Clinton's emails, missing or otherwise, that is, if their intelligence services were doing their jobs. Such is the politics, if not stuff, of hyperbole. Two questions, however, that remain, and seem to matter, are whether the Trump campaign took any bait and who set the trap.

---

ATTACHMENT C

From: COMEY, JAMES 8. (DO) (FBI)
Sent: Monday, May 02, 2016 7:15 PM
To: MCCABE, ANDREW G. (DO) (FBI); BAKER, JAMES A. (OGC) (FBI); RYBICKI, JAMES E. (DO) (FBI)
C: COMEY, JAMES 8. (DO) (FBI)
Subject: Midyear Exam --- UNCLASSIFIED
Classification: UNCLASSIFIED

[. . . ]

With respect to potential computer intrusion by hostile actors, we did not find direct evidence that Secretary Clinton's personal email system, in its various configurations since 2009, was successfully hacked. But, given the nature of the system and of the actors potentially involved, we assess that we would be unlikely to see such direct evidence. We do assess that hostile actors gained access to the private email accounts of individuals with whom Secretary Clinton was in regular contact from her private account. We also assess that Secretary Clinton's use of a private email domain was both known by a large number of people and readily apparent. Given that combination of factors, we asses it is reasonably likely that hostile actors gained access to Secretary Clinton's private email account. (Attachment C, PDF pp. 544-548)

https://int.nyt.com/data/documenthelper/39-justice-department-report-fbi-clinton-comey/5e54a6bfd23e7b94fbad/optimized/full.pdf#page=544
[ocr-friendly, June 2018 US OIG DOJ report, "A Review of Various Actions by the Federal Bureau of Investigation and Department of Justice in Advance of the 2016 Election"]

Wesley ParishAugust 18, 2018 1:42 AM

Could anyone in the Americas please confirm for me whether or not the oas website is up or down? I've been trying to find the online copy of the American Convention on Human Rights also know as Pact of San José, but the website seems to be unable to handle my request, and times out all the time.

http://www.cidh.org/Basicos/English/Basic3.American%20Convention.htm
The server at www.cidh.org is taking too long to respond.

FWIW, I'm trying to compare the provisions of all the regional human rights instruments on various matters such as interrogation, arrest, detention, and trial.

Clive RobinsonAugust 18, 2018 6:12 AM

@ gordo,

Two questions, however, that remain, and seem to matter, are whether the Trump campaign took any bait and who set the trap.

The answers to which are still MIA...

Hopefully at some point they will stagger out of the fog of war then we will be all a little bit wiser.

echoAugust 18, 2018 6:13 AM

@Wesley Parish

I know of theEuropean Convention but didn't know about the American Convention on Human Rights. It's funny who neo-con Brexiter fantasists look to america for inspiration forgetting that the USA is a federated state and that, as you reveal, have a roughly euivalent convention to the European Convention which UK extremists are extrenely keen on withdrawing from.

Skimming the American Convention... Competency and remedy may imply equity? What does equity sayabout competency of representation and financial assistance? I notice how many Americans speak of overcharging by the police and plea bargains because they cannot afford to defend themselves properly ina court of law without bankrupting themselves. This appears to me to be inequitous. Given the courts haveobligations under the american Convention it seems that for the courts to properly fulfill their function this is an issue requiring a proper solution? Or do the judges and 'officers of the court' believe inadequacy is sufficient if they pretend hard enough?

I don't know american law well enough to have much of a point of view but this seems like a reasonable question.

Unless superceded by other law English law relating to equity prior to independence should still apply in a US court.

Clive RobinsonAugust 18, 2018 6:56 AM

@ echo,

I don't know american law well enough to have much of a point of view...

Of recent times the only "constants" appears to be Right' Stripping, Illegal search and seizure, parallel construction, oh and psychos in the DoJ and other parts of the US Gov changing the meaning of what ever they please, to do that which they have been previously forbidden to do...

It's StarTrek's "Make it so" managment style running wild on Star Wars "Dark Side".

But then you take a step back and a long look at those who write and pass into law new greed corruption and worse...

Admittedly it's not much better in the UK other than we appear to have a slightly more honest judiciary despite the behaviour of the "Grinning Japanapes" and his old flat mate "Lord Bore Bore".

@ ALL,

Justice costs more than just money, and it's every citizens right to take rather more than a vague interest in it. Because you are bound by the Justice System in your own country just as surely as any slave ever was to it's master.

As has been noted on more than one occasion,

    The price of freedom is eternal vigilance

Lest we have to go through the effectively nhilistic process[1] of,

    The tree of liberty must be refreshed from time to time with the blood of patriots and tyrants.

[1] Nhilistic has many dictionary definitions but essentially it is the rejection of all moral precepts due to the belife that life as experienced by the observer is or has become meaningless. Which in general causes aberant behaviours in the observer to rectify the situation thus gain meaning in short measure by apparently self destructive behaviours, in the hope that in the longer measure thereby achive societal change in a Phoenix like way. In essence the basis on which Civil Wars start.

AlejandroAugust 18, 2018 7:34 AM

@RG

Re: "Pichai told employees, according to The Times. "That said, we are not close to launching a search product in China."

Google and the Chinese government would be a supremely powerful force and adversary. Both are ruthless, aggressive, arrogant, huge. I assume "not close" means they are working on a deal and google's share of the loot/data/profits isn't good enough, yet. Or, maybe they are just waiting for the right moment to announce it. The excuse.

JG4August 18, 2018 8:36 AM


I had a disturbing thought yesterday during a daily walk around Spookwerks Circle, discussing libertarian topics relating to self-ownership. Many months ago I pointed out that the conversation could be monitored/recorded by measuring dust particle motion with lasers. One of many issues of self-ownership is theft of intellectual property, via the various surveillance/recording programs. What follows can filed under "threat models few have considered." Note that many of the issues in the news revolve around topics of ownership. Like whether buying something comes with the right to repair. Or modify to better suit your taste.

What I had missed until yesterday is that the motion of the vocal cords can be remotely tracked by choosing a suitable microwave frequency that will penetrate ~10 cm of tissue, acquire a Doppler shift and return. In a word, radar. Much the same thing could be done with a backdoored WiFi router to monitor the Doppler shifts from any responsive reflector (ideally foil, but even window panes, pictures hanging on the wall, or drywall can work).

Only if the necessary building blocks are accessible in the WiFi chipsets. It's a club and you ain't in it. Spookwerks Circle has an ample and continuous supply of employment signs with the secret codes DSP and SDR on them. They are very excited about FPGA. I don't hear GPU mentioned often, but I'd be surprised if it isn't relevant.

https://www.nakedcapitalism.com/2018/08/links-8-18-18.html

...

Facebook flat-out ‘lies’ about how many people can see its ads – lawsuit The Register

Taming the Tech Monster Project Syndicate (David L)

A Bot Panic Hits Amazon Mechanical Turk Wired

Telling the Truth About Defects in Technology Should Never, Ever, Ever Be Illegal. EVER. Electronic Frontier Foundation (Dan K)

...

Big Brother is Watching You Watch

Arizona Officer Uses Bodycam to Film Himself Having Sex in Office, Loses Job Newsweek. UserFriendly: “Classy.”

Exclusive: U.S. government seeks Facebook help to wiretap Messenger – sources Reuters

NSA Cracked Open Encrypted Networks of Russian Airlines, Al Jazeera, and Other ‘High Potential’ Targets Intercept

The devil is in the detail of government bill to enable access to communications data The Conversation

Imperial Collapse Watch

Congress Rushes to Spend Billions on Space Weapons—Even if They Don’t Work Defence One (Kevin W)

America Is Committing War Crimes and Doesn’t Even Know Why Foreign Policy (UserFriendly)

...

echoAugust 18, 2018 9:20 AM

@Clive

the UK state is corrupt on a lot of levels. I have accumulated a large database of incidents none of which are unique. Almost all the abuse takes place behind closed doors. The doughnut topopgraphy of lies tends to apply. Some of the biggest bigots are people with the least excuse, sadly.

I have been advised privately by a manager within the state aparatus to move to mainland Europe as a friend of theirs on the wrong end of the system ultimately had to do. In their own words the UK is behind the times and too bigoted to get justice. I am planning one last throw of the dice in the UK to bring my case to court. If this goes nowhere I'm on the next plane out and claiming asylum. Variants of this have been on my mind for a while. The fact more than a few people are openly claiming they are leaving because of concerns or in some instances wishing they had never moved to the UK because the abuse is worse here than where they came from is breaking in to the mainstream.

There is a problem and the only safe solution is to "capture it all" and be prepared to get out before you are destroyed.

I hope it doesn't come to this.

https://www.theguardian.com/uk-news/2018/aug/18/former-counter-terrorism-chief-says-uk-has-not-woken-up-to-far-right-threat
“I don’t think we’ve woken up to it enough,” he said. “Now I’m not going to say that it’s the same level of threat as the Islamist threat. From last year’s numbers for example, out of 14 plots stopped, 10 were Islamist, four were extreme rightwing, so no pretence that it’s exactly the same order of magnitude, but it’s very significant and growing, and what I’ve seen over the last couple of years is a lack of recognition of that.”

https://www.theguardian.com/us-news/2018/aug/18/omarosa-trump-video-texts-white-house-source-claims
Omarosa Manigault Newman does not just have tapes of conversations from her time as an adviser to Donald Trump, a person with direct knowledge of the records said on Friday. She also has a stash of video, emails, text messages and other documentation supporting the claims in her tell-all book about her time in the White House.

echoAugust 18, 2018 9:32 AM

I complained a few weeks ago about security issues relating to the fact almost all women's clothes have small pockets or no pockets. I do appreciate that pockets and pockets with something in them can ruin the lines and be unflattering in many ways.

I have acquired a selection of concealed belts and purses but they are either awkward to reach or fail in at least some minor way design wise although functional as designed from the point of view of carrying money and essential documents when travelling.

A handbag with all my stuff in it is an all eggs in one basket target. So called theft proof handbags are more bother than they are worth and not very stylish and too expensive. Can I find a decent key clip to hook over my skirt that won't rip my skirt to shreds? Most seem to be built for men working on oil rigs and would shred my nail varnish off if they don't wreck a soft leather skirt costing three figures. I also checked out thigh purses. They are either flimsy like hold ups or overdone affairs for carrying guns of all things with nothing in between.

https://pudding.cool/2018/08/pockets/

justinacolmenaAugust 18, 2018 9:36 AM

@echo

the UK state is corrupt on a lot of levels

Granted.

advised privately by a manager within the state aparatus to move to mainland Europe

Even worse problems there. White nationalism, a.k.a. Nazism in Germany, which rides roughshod over E.U.

next plane out and claiming asylum

Only "asylum" they've got there is the mental asylum. You may as well try Bedlam. That "jump-on-a-plane" bit is not working very well for a lot of folks these days. Too much paperwork. One way? International? I don't trust Germany that much. The Euro is nothing but the new Deutsche Mark.

echoAugust 18, 2018 10:20 AM

@justinacolmena

I'm just fed up being $JOBTITLE idea of a sexual fantasy. I wouldn't be surprised if some (one thin skinned charmless conceited inadequate coward in particular I am thinking of) have Nazi propoganda poster housewife images floating between their reptile brain and middle brain. I'm not a robot servant or window dressing for $JOBTITLE career aspirations. Unfortunately too many women are more conservative than men and blow with fashion to the point where women enslave themselvs so not much help either!

Sigh. Here's more lurid scare stories from the comics.

http://uk.businessinsider.com/eu-fears-british-spies-have-bugged-brexit-talks-report-2018-8
The EU fears British spies have bugged Brexit talks to obtain sensitive files

https://www.mirror.co.uk/news/uk-news/waterboarding-probe-sandhurst-after-cadet-13098782
'Waterboarding' probe at Sandhurst after cadet 'pinned down and tortured' at William and Harry's military college

https://www.dailywire.com/news/34581/american-couple-believing-evil-make-believe-hank-berrien
American Couple Believing 'Evil Is A Make-Believe Concept' Bike Through Territory Near Afghan Border. ISIS Stabs Them To Death.

bttbAugust 18, 2018 10:43 AM

With China in the news (or squid thread), https://foreignpolicy.com/2018/08/15/botched-cia-communications-system-helped-blow-cover-chinese-agents-intelligence/ :

"Botched CIA Communications System Helped Blow Cover of Chinese Agents
The number of informants executed in the debacle is higher than initially thought.

[...]

As part of China’s Great Firewall, internet traffic there is watched closely, and unusual patterns are flagged. Even in 2010, online anonymity of any kind was proving increasingly difficult.

[...]

In the words of one of the former officials, the CIA had “fucked up the firewall” between the two systems.

[...]

Once Chinese intelligence obtained access to the interim communications system,­ penetrating the main system would have been relatively straightforward, according to the former intelligence officials. The window between the two systems may have only been open for a few months before the gap was closed, but the Chinese broke in during this period of vulnerability.

[...]

Once one person was identified as a CIA asset, Chinese intelligence could then track the agent’s meetings with handlers and unravel the entire network. (Some CIA assets whose identities became known to the Ministry of State Security were not active users of the communications system, the sources said.)

One of the former officials said the agency had “strong indications” that China shared its findings with Russia, where some CIA assets were using a similar covert communications system. Around the time the CIA’s source network in China was being eviscerated, multiple sources in Russia suddenly severed their relationship with their CIA handlers, according to an NBC News report that aired in January—and confirmed by this former official..."

bttbAugust 18, 2018 11:03 AM

@Clive Robinson

You wrote https://www.schneier.com/blog/archives/2018/08/friday_squid_bl_637.html#c6780244 :

"To be honest I don't think Putin cares that much as long as they are all pissing out of his boat."

That makes sense to me.

Even if one doesn't respect, presumed, trash like Trump or Manafort who, presumably, either sell out or are forced to betray their country, it might be worth it for people to follow the basics of the current Manafort Trial. Somewhere, iirc, I read it is like a "Master's Class" in money laundering.

justinacolmenaAugust 18, 2018 11:17 AM

Nazi propoganda poster housewife

Just a suit and a tie and put women in their place. They practically strangle themselves with all that gender role strictness and "awareness" of anything outside their narrow norms. Like Adolf Hitler on the piano wire.

The EU fears British spies have bugged Brexit talks to obtain sensitive files

At least the Brits don't blab their "fears" of German surveillance in the tabloid papers.

@bttb Re: China in the news

Over a two-year period starting in late 2010, Chinese authorities systematically dismantled the agency’s network of agents across the country, executing dozens of suspected U.S. spies.

China is big on industrialism and going to work, somewhat like the Germans, and a little bit protectionist, but they lack that bloody German mercantilism which is characterized among other things by an obsession with "intellectual property."

There's a fellow named Kim Jong-un (김정은) hard at work here, and he apparently passes for Chinese in the mainstream press.

HumdeeAugust 18, 2018 11:42 AM

http://reason.com/volokh/2018/08/17/opening-a-file-after-a-hash-was-made-and#comment

Nowhere is the intersection of technology and law fraught with more conceptual peril than it is with child pornography. Orin Kerr has a great post up about a new legal decision about file hashing functions that, as the title of his post puts it, "Opening a File After A Hash Was Made and Matched to Known Image of Child Pornography is Not a "Search," Fifth Circuit Rules." Kerr thinks that the court got it right if and only if one of two criteria is met. (1) A file hash match removes all doubt as to what the file contains or (2) that it removes enough doubt about what the file hash match makes it "obvious" what the file contains. The court held the first but Kerr thinks the second is conceptually stronger.

I'm not sure either is true but I am eager to hear what readers of this blog think.

bttbAugust 18, 2018 12:05 PM

In 1984, Tina Turner came out with the album Private Dancer. Two songs from that album:

https://www.youtube.com/watch?v=XZT3AuOGZwk ; Steel Claw
https://genius.com/Tina-turner-steel-claw-lyrics

https://www.youtube.com/watch?v=d4QnalIHlVc ; song Private Dancer
https://www.lyricsmode.com/lyrics/t/tina_turner/private_dancer.html

and other, non Private Dancer, performances:

https://www.youtube.com/watch?v=fIitgkc4Iwk ; Ike and Tina Turner Live

https://www.youtube.com/watch?v=qFGu4Vz121o ; Tina Turner- Live in Barcelona

Clive RobinsonAugust 18, 2018 1:35 PM

@ bttb, ALL,

    "Botched CIA Communications System Helped Blow Cover of Chinese Agents"

There is a bit more to it than just "China" we know that the system was previously used in the Middle East but there was no apparent "push back" at the time.

It's safe to assume that both Russia and Israel and several EU nations were more than aware of the system and it's defects. However as "The CIA is friend to no man or deity" it's "quite likely with a high degree of probability" that various SigInt entities just looked the other way...

But there is more to it, than that for a couple of reasons. Firstly various Middle East nations are no slouches when it comes to ElInt and SigInt and the CIA and various other US IC entities have continuously under rated them and been caught with not just their jaws dropping... But secondly, the CIA has a history of being technically not that bright in house, thus over estimating technology vendor promisses... Which has resulted in over ambitious technology rollouts...

It is therefore more than likely that it's rather more than the Middle East and China this system was/is used for.

To be blunt I've said it many times before on this blog and other places,

    The Internet as it is currently used is not nor can it ever be secure

It's a mistake Tor users and the Dark-Net are begining to learn.

There are ways the Internet can be made more secure and I've mentioned them a number of times when talking about Tor's deficiencies. But the one thing you can not hide is the fact there is a node connection to both the Internet and more secure overlaying network.

Which raises the question of how you might anonymously connect to such a node, the answer to which most people will not like...

In essence you need a "sacrificial goat" that acts as a "cut out". The agent uses old school Opsec to "one way" send messages via dead letter boxes and the like to the goat, and the goat then puts them in at a node. The goat like the SOE radio operators during WWII are expected to have a very short life time. Thus these days they would never be given "plaintext" as they will be expected to be tourtured in various ways prior to being "discarded" by those capturing them.

The important thing to remember which everyone seems to forget is "technology rarely has deniability, and is almost impossible to destroy"...

Where as a cigarette paper with an invisable nitrate or permanganate ink on it "burns in a flash to dust, that is indistinguishable from ordinary cigarette paper used with tobacco".

Such nitrates are very common and get on peoples hands when preparing cured meats such as salami or bacon, or handling tobacco.

The fact something is "new" does not mean it's better. Likewise because it's "easier to use" does not make it more secure. Two things the CIA appear to either not know or chose to ignore for some reason.

Oh if people think I'm being a little hard it's not just the CIA, though the dude with the ginger wig in Moscow was a hoot. But If people think back to the fake / talking rock in a Moscow Park, that was supposedly "bluetooth enabled" or similar, that was alledgedly a British IC device, so yeah getting the "high tech bug of doom" is not just the CIA.

The actual problem in Spy Craft is actually "the last mile" problem. That is how does an agent get the secret message over the last mile to their handling officer? It's safe to assume all officers like all diplomats are watched 24x365.25 and have their homes and offices bugged when dealing with the likes of the Russian's or Chinese. Even the cars, cafes, restaurants, toilets within a mile or so are going to be bugged directly or indirectly (laser mics etc) as a matter of normality. As the price of technology drops this surveillance capability ceases to be just the province of the Super Powers, all first world and even some third world countries can now afford to do it...

It's actually increasingly difficult to solve the last mile problem, some actually believe it's now nolonger possible to do it either with technology or old school Spy Craft and OpSec.

I'm not so sure, there are after all "stray cats" that could be trained[1] ;-) But the question arises as to just how small can you make an autonomous drone/robot to act as a goat?

[1] Not surprisingly the CIA is reputed to have had a "stray animal" plot to eliminate Castro. Is it true? Quite probably, during WWII thousands if not hundreds of thousands of plots were thought up and drafts put on paper for consideration, few would have made it to the planning stage, less still to operational consideration. It's actually known that "James Bond" author Ian Flemming was involved with the formulation of a number of plots and part of the planning of a plot to assassinate Hitler, that came within a wisker of getting the operational green light. He was also involved with "The man who never was" which took the body of a Welshman who had killed himself with rat poison and turned him into an army officer carrying important papers who had been shot out of the air. This plot was green lighted and went into operation and reputedly saved many many lives on D-Day.

PeaceHeadAugust 18, 2018 1:47 PM

JG4: excellent links. again, thanks. by the way, the technology you are referring to is real; you could search the u.s. patent office's website if it still functions. also, an nsa whistleblower revealed similar techniques about 3 years ago. And about 5 years ago or more, there was info about cellphones being used as radar arrays. It's used by counterterrorism workers to some degree, but it could be and probably is used by a wide variety of others. For those of us who consider the electromagnetic specturm on a regular basis, it's all pretty much been done. Hence, there's no such thing as a "tin-foil hat"; it's very hard to build an effective Faraday Cage these days when there's already earth-penetrating tomography which can be done with limited success from satellites; it's implied that terrestrial (earth-bound) tomography would be alot more powerful and yield more precise results. And of course there are plenty of other scientific techniques of accomplishing much the same.

So, in my oppinion, most privacy really does not even exist at all.

The bigger question(s) remain:

1) if we are all constantly on display for those with the traversive technologies, what exactly are their routine behaviours and do they contribute to halting crimes or committing them or both or neither?

2) why is there so much completely irrelevant debate about security techniques whieh are effectively obsolete?
3) what is the impact on geopolitical military stability of the most risky and/or potentially damaging/lethal technologies and practices?

4) how can we contribute to reducing both the risks and potential damages and lethalness?

In my opinion, we need a more ubiquitous paradigm shift towards realism and diplomacy and scientific ethics and real-world egalitarianism combined. And we also need the perpetual inventors of the most harmful tools and techniques to go on hiatus for as long as possible--every time they invent a new threat it puts everyone at risk. And yet the inventors typically don't seem to be aware of this highly regular trend--they are routinely irresponsible with their inventions and inventing statuses.

PEACE IS THE ONLY WAY; SOONER OR LATER THEY WILL REALISE OR DESTROY THEMSELVES.
Hopefully, and with much efforts, we won't be caught in their caustic crossfires.

Clive RobinsonAugust 18, 2018 2:06 PM

@ Humdee,

I'm not sure either is true but I am eager to hear what readers of this blog think.

Well a hash will match any number of files by simple logic. The probability of a match between two files is often quoted as the square root of the hash size from a simplification of the Birthday Paradox. So from that if the hash is 128bits in size the probability will be 1/(2^64).

From an idetification perspective a hash is a one way function, that is you can find the hash of a file fairly easily, however working a hash back to a file is not considered realisticaly possible.

This has an evidentiary asspect. If I give you a hash you can not identify the file it is a hash of unless you have either hashed the file or somebody else has and you can thus compare the hash you have been given with the hash you are already aware of.

Thus a hash is not by it's self an identifer of a file, let alone it's contents. Further there is absolutly no guarantee of uniqueness of a hash, thus there is not a unique mapping even if you do have a copy of a hash of a file, it could be for another file altogether.

Having got that under the belt, people can then make their own idea as to "the burden of proof" and "beyond reasonable doubt".

One thing you can be sure of though, if a successful prosecution is predicated on a hash uniquness, if the defence brings two different files into court that match the hash in question then the "beyond reasonable doubt" is blown right out of the water and a sensible prosecutor will call a halt to the case, unless they want an adverse judgment and thus case law.

The thing is that we know that at some point two files matching a hash is going to happen. Not just because it has already, but simple logic predicates it happening, just as the mile counter in your car will clock over to zero and count up again if you go the distance.

AnuraAugust 18, 2018 2:36 PM

@Clive Robinson

According to the comments section, this is not a cryptographic hash but a proprietary algorithm that tries to determine whether two images are the same, even if the pixels differ. This means that this program opened the file, processed the image, and computed a hash that is by design not collision resistant for small differences, and by verifying the hash matched known child pornography they were able to get permission to open it.

https://en.wikipedia.org/wiki/PhotoDNA

PhotoDNA is a technology developed by Microsoft and improved by Hany Farid of Dartmouth College that computes hash values of images, video and audio files to identify similar images.[1] PhotoDNA is primarily used in the prevention of child pornography, and works by computing a unique hash that represents the image. This hash is computed such that it is resistant to alterations in the image, including resizing and minor color alterations.[1] It works by converting the image to black and white, resizing it, breaking it into a grid, and looking at intensity gradients or edges.[2]

I really have no clue what is going on with the law here, but we are more in the realm of forensics than computer science here, which forensics is a lot closer to pseudoscience than actual science. I don't see any information on false positives or false negatives.

bttbAugust 18, 2018 3:20 PM

@justinacolema, Clive Robinson
Justinacolema wrote "...executing dozens of suspected U.S. spies."
That got my attention, too.

bttbAugust 18, 2018 3:46 PM

@Clive Robinson, justinacolema

Clive wrote: "To be blunt I've said it many times before on this blog and other places,

'The Internet as it is currently used is not nor can it ever be secure'

It's a mistake Tor users and the Dark-Net are begining to learn."

What do you think about running Tor nodes, when possible, even if not 'using' Tor oneself?

Clive continued: "There are ways the Internet can be made more secure and I've mentioned them a number of times when talking about Tor's deficiencies. But the one thing you can not hide is the fact there is a node connection to both the Internet and more secure overlaying network.

Which raises the question of how you might anonymously connect to such a node, the answer to which most people will not like...

In essence you need a "sacrificial goat" that acts as a "cut out". The agent uses old school Opsec to "one way" send messages via dead letter boxes and the like to the goat, and the goat then puts them in at a node. The goat like the SOE radio operators during WWII are expected to have a very short life time. Thus these days they would never be given "plaintext" as they will be expected to be tourtured in various ways prior to being "discarded" by those capturing them.

The important thing to remember which everyone seems to forget is "technology rarely has deniability, and is almost impossible to destroy"......"

echoAugust 18, 2018 5:36 PM

@Clive

The fact something is "new" does not mean it's better. Likewise because it's "easier to use" does not make it more secure. Two things the CIA appear to either not know or chose to ignore for some reason.

I suspect for the same reason why the American navy became dependent on GPS (which is now a policy being reversed) and why automatic transmission in cars is popular. Logistics and fuel prices may be a factor too as an older Q&A reveals.

https://www.cnet.com/roadshow/news/why-americans-hate-manual-transmissions/
Why Americans hate manual transmissions.
It's a cultural preference and an economic luxury.

https://www.quora.com/How-did-it-evolve-that-Americans-drive-automatics-and-Europeans-manuals-stick-shifts

It's actually increasingly difficult to solve the last mile problem, some actually believe it's now nolonger possible to do it either with technology or old school Spy Craft and OpSec.

I have wondered about this. I imagine it is much much harder now but then again I don't know.I suppose it depends how you go about things?

@bttb

If rewritten as "Chinese traitors executed for breach of espionage laws" this reads much differently to "American spies".

I am not a fan of the death penalty.

echoAugust 18, 2018 6:18 PM

I wonder if tools like Adobe Voco, or Lyrebird can convincingly fake Freddie Mercury singing? He had a complex voice.

BOHEMIAN RHAPSODY’s Singing-Voice Actor Sounds Uncannily Like Freddie Mercury
https://nerdist.com/bohemian-rhapsody-vocalist-freddie-mercury/

https://www.tandfonline.com/doi/abs/10.3109/14015439.2016.1156737?journalCode=ilog20
Freddie Mercury—acoustic analysis of speaking fundamental frequency, vibrato, and subharmonics

The Secrets Behind Freddie Mercury's Legendary Voice
https://www.youtube.com/watch?v=p3MjsrMNCbU

Sancho_PAugust 18, 2018 6:39 PM

@Humdee, Clive Robinson, Anura, re “opening a file”

Thanks for the link, I’m always interested in Orin Kerr’s (mostly) bizarre arguments.
As expected, to me it seems he again didn’t grasp the basics here:

- Just opening a single image file with a known PhotoDNA-ID is not a search.
Opening is opening. Search is search.

- Opening the file is a violation of privacy, it would require a warrant.
Would be easy to obtain in this context. To argue the suspect may delete the file in the meantime is odd as the private has to have backups [1]. How long, does the private believe, is the file in possession of the suspect?

This kind of “hash” is similar to an inventory, already a very strong hint at the file’s content.

- To confirm contraband it is not necessary to open the file, it is necessary
a) to "hash" the file
AND
b) to make sure the "hash" is listed as contraband. This test would flag a possible mistake in the private’s database.
- But this has to be done by LE, not by a private.

Also Orin Kerr didn’t detect the serious flaw in Judge Ho’s opinion when quoting:

When Detective Ilse first received Reddick's files, he already knew that their hash values matched the hash values of child pornography images known to NCMEC. (my emph)

On the contrary, he did not know, and both, a judge as well as a lawyer,
should know that.

OK, now, if the detective has done their work and learned the file’s hash is in the official database for contraband, he may proceed and open the file to finally confirm CP (and to exclude the very rare case of a double hash or other mistake).

- A search is to dig in someone’s belongings without authorization of the owner or a judge.
That’s very simple, isn’t it?
And it applies not only to LE, on the contrary, at first it applies to privates.

This is (not only) why Microsoft goes for “hashes”, not content, and (I guess) has stated explicitly in their T&C that they will do so.


[1]
But here is, never addressed, a very serious problem from the very beginning:
This all hinges on the assumption that the private’s system is so far free of error and certified to be used as evidence in court. This is not only the used HW and SW, it also includes the procedures and handling of data.
Could Reddick’s lawyer review the chain of “evidence” in full?

What if they mistake the account? Or the account’s content?

Clive RobinsonAugust 18, 2018 6:39 PM

@ Anura,

According to the comments section, this is not a cryptographic hash but a proprietary algorithm that tries to determine whether two images are the same

If you go back and read my comment I did not mention cryptography. It was quite delibetate as was my final comment about a cars distence recording device.

Befor generic crypto hashes there were ordinary simple mathmatical or logical hashes used for various purposes. Primarily to provide a short equivalence of a "primary key" of the file or data object of larger size, thus would save both RAM and time for various functions.

The point is those "general properties" of hashes "one way" and "semi-uniqueness" or "collision resistance" still apply to the MS image hash, thus the rest of my comment still holds as a general comment.

What I did not want to do was get into the speciffics as they can be used to add the "smoke and mirrors" of "faux technical argument" that is used by certain legal types to confuse non technical members of the public of which judges are just one quite small but important segment.

I don't know if you were around shortly before the turn of the century when "Digital Watermarking" was the latest buzzword looking for venture capital or buyouts by the likes of Disney etc. Put simply they added noise to the immage that was the equivalent of LPI radio systems using Direct Sequence Spread Spectrum (DSSS). It appeared to those with a software background to be a "neat idea" and those with a radio engineering background who sounded notes of caution became the targets for accusations of being "Buzzkills" at best and NIH idiots or new market wreckers. As wiser heads predicted it was a faux market the final nail as far as many were concerned came from Ross J. Anderson and his Cambridge Computer labs researchers. The program they developed twisted the image in two dimensions. Not enough for the human mind to notice but enough to make the DSSS signal effectively usless as it had to be sufficiently above the image noise floor as to be quite noticable to the human eye to be readable after the manipulation.

What has not happened is the chasing of the DRM Holly Grail of perfect digital watermarking as undoubtedly there is big money to be made if it can be done. Obviously adding signals had been shown to be a failure, so people started investigating things like fractal compression to pull out image features in a broad sense. Comparing the fractal compressions would give an image related fingerprint rather than a watermark, thus various techniques were tried to turn fingerprints into inherent watermarks, generally with poor results.

From what you have said the MS hash sounds like it might be a spinoff of the fractal or similar compression technique then followed by a space reducing hash function.

To be honest there are quite a few ways you can do this, however there is a considerable gotcha. Whilst the final hash may have quite good collision resistance the preceading image compression system may well not. Worse it is quite likely to be variable in nature that is certain image factors will have high collision resistance whilst others very low collision resistance.

Such failings if there are any will more than likely be "covered up" under "commercial confidentiality" or similar. In a lot of cases that might not be of importance, but lots of people have been forced into guilty pleas by bad forensics before.

One area is human finger prints, people forget that matching them is not a science, just opinion from a human or AI system.

However few fingerprint matches are ever challenged in court (you get told judges do not like such behavior...). Oddly the few times they have been chalenged, they have been found quite wanting.

Now this could be the fact that only the truely innocent challenge them thus the identification was false to start off with but quite a rare occurance. Or it could be that most matches are bogus in some way and it's only the fear of death penelties, long jail terms, bankruptcy or representitives refusing to challenge the evidence that lets such a bogus system survive.

It's interesting to note that the rich defendents get representatives that tenaciously challenge evidence, and that the rich are far far more likely to be acquitted than the poor. When you add to that the information comming out about unreliable or non existant evidence from "justice projects" that take up the cases of those who appear to be wrongly convicted that you start to wonder what the heck is going on in the judicial process.

Then when you start to take a good look at "forensic science" you quickly start to ask yourself "Where is the science?", then after a little more digging "Where is the integrity?"

Way to many "forensic examiners" get a pass on all sorts of nonsense due to the "in awe" effect of cop shows, so much so it's got it's own term "The CSI effect".

But... As with "going dark" the "proffessionals" put a reverse spin on it to try to excuse poor performamce or get more resources etc.

To see this consider this from the Wiki page on the CSI effect,

    It most often refers to the belief that jurors have come to demand more forensic evidence in criminal trials, thereby raising the effective standard of proof for prosecutors. While this belief is widely held among American legal professionals, some studies have suggested that crime shows are unlikely to cause such an effect, although frequent CSI viewers may place a lower value on circumstantial evidence.

That last lines gives the game away, the CSI effect has caused jury members to quite rightly disregard much circumstantial evidence[2]. However it's also been found that to much regard has been given to expert witnesses by juries when the expert looks and sounds credible in a sciency way. That is they fit the jurors expectations in various ways (just as con artists do when going for the sell).

From what you have said I suspect the method is not just new, but also not independently tested, let alone "time tested" as I said this may not matter depending on how it is used, but these sorts of thing tend to suffer from "mission creep" as a larger usage means more returns / profit.

One of my many interests is looking at forensic testing and working out how to cheat it for both false negatives and false positives. I've found out a number of times new tests are ridiculously easy to find not just fault with but how to falsify the results. I think I will in the near future be casting my eye over the MS system with interest if I can get sufficient information to be able to do so.

[2] One reason that the legal proffessionals get het up about the disregard for Circumstantial Evidence is that it's the type of evidence most likely to be presented to a jury for various reasons you rarely get to here the whole truth about. That is what they don't like to mention is it's also the evidence most called into question in appeals because it's sufficiently often bogus[3]. Or carefully selected to hang an entirely false narative on by prosecuters of those known to not be able to aford an independent representative. That is rather than have primary indicative evidence the prosecution has conjecture and slight of hand presentation. Which lets be honest should never meet the burden of proof of beyond reasonable doubt.

[3] One classic example of just how bogus circumstantial evidenve is, is "the line up" where a witness points a finger at the defendent and says "It was him" or equivalent, it looks dramatic and in the past used to swing juries to the prosecutions story.

The fact is that juries being skeptical of such witness IDs is actually a good thing for justice. Because independent testing shows that given correct identification procedures only 10-25% of people can be positive about their identification selection even when they get it right... Which often very few people do when given ten sufficiently similar in build, hight, hair colour and clothing style people to pick from. Other investigations have shown that the most disheveled or cowed person in a line up is more likely to be selected. But the scary result is the body language, tone of language and words spoken by those officers accompanying the witness at the line up is often used as guidence by the witness...

Australian Maths Is Smart MathsAugust 18, 2018 8:08 PM

(Australia)
https://www.itnews.com.au/news/govt-finally-reveals-how-it-plans-to-target-encryption-500156

Simply though, this is just putting a legal sticker on things already revealed by Edward Snowden. I doubt the sharing culture at Facebook, Apple, Google et. al. will need to change to comply with the legislation. If anything, existing sharing arrangements will ramp up.

Evidently the legislation requires "assistance" but unless something nasty is known about RSA and AES, I can't see how assistance can be provided for the few end-to-end encrypted solutions. Perhaps there is a Speck of hope somewhere to make end-to-end auditing a reality, along with outlawing RSA and AES and other non-Australian mathematics.

In any case I can't advise anyone today to bother with the IT industry. It's probably one of the few sectors where you can undermine your own credibility without having to face regulation or legal consequences. Interested parties want to keep it that way.

I sleep well knowing I am not actively or passively undermining anyone's technical solutions, ironically including those of government.

Clive RobinsonAugust 18, 2018 8:16 PM

@ Anura,

It appears that I'm possibly right about MS PhotoDNA.

After having a hunt around this paper came to light,

https://www.microsoft.com/en-us/research/wp-content/uploads/2016/02/venkie00robust.pdf

It's basically about a semisecure method of getting a fingerprint of an image (though it talks about watermarks).

Rather than use a fractal compression method, it uses a Haar Wavelet transformation to decimate the image into psudo random rectangles (you can trace th Haar Transform backwards through Walsh Transforms then back again to FFTs to get a rough idea of how their code works).

The transformation used in the paper is based on a "secret key" but that is irrelevant for this discussion, as the key is needed to make a fingerprint thus be able to make a fingerprint comparison.

Each decimated area rectangle of the image is then "weighted" in some manner (say average intensity) and these weightings form the input to an error correction algorithm based on Hamming methods. It's this we need to be especially aware of as a sorce of problems.

Whilst the paper claims "uniqueness" it's a "load of B@77@cks" for that to be true there must be as many checksums as there are images, with estimates of more than 2billion new images a day a while back it's fairly easy to see that the size of the hash would have to be very large which defeats it's original intended purpose.

As for image manipulation and thus comparison to a new derived image the limits shown in the paper are realy quite small.

Also if you look at the effective security argument in the paper it is only about the difficulty of fritzing the result based on the use of a secret key the manipulator does not have access to.

As with the "golden key" argument in the backdoor access idea, the chance of keeping this key secret is small in this particular application. Thus it might well be possible to design images to match the algorithm output...

But why bother, it's not going to be two difficult to psudorandomly distort an image such that it would still be accepted as a valid image but sufficiently different that it would not trigger the algorithm described in the paper. If the seed to the psudorandom distortion is supplied by an independent channel then the recipient could reverse the distortion if required.

justinacolmenaAugust 18, 2018 10:07 PM

a) to "hash" the file
AND
b) to make sure the "hash" is listed as contraband. This test would flag a possible mistake in the private’s database.

Anything like a photo can be subtly altered to evade the hash, while not substantially altering its appearance to human vision. Otherwise the hash itself would end up being too easily reversible.

No good solution for this problem at present, and the academics stubbornly maintain Omertà.

WeatherAugust 18, 2018 10:21 PM

@clive r
I agree with what you said,but I was working on a compression program you could adjust the bruteforce time to expand based on the probability to compress, a eg would be 5% of programs,pictures could be compressed to min,and a short time expanding or the other extreme 95% compressed with 10k years to expand,
If out of 2 million pictures a day 10,000 match body skin and you make those 10k have 95% non collision hash, with the other 5% matching every other picture in existence, there will be ways around it like blue or red skin colour...

Just a though, holes?

RGAugust 19, 2018 4:51 AM

@Alejandro
Following your thoughts, the moment is now

Google’s ambitions for China could trigger a crisis inside the company
Employees are in the dark — and they’re furious
https://www.theverge.com/2018/8/18/17724960/google-china-dragonfly-employee-protest
---

It is not only the American Google employees who should be furious as Google desires to transfer its critical National Security related jobs and Intellectual Property to China.

The fact is most of the senor management we born and raised overseas. Do their mother countries have a warm friendly relationship with China?
Now even average citizens see the Google senior leadership lies and deception. In Europe new $5 billion fines are expected for gross violations of monstrous unstoppable psychopathic mass surveillance.

When the heat becomes to hot get the hell out! And that is what is happening folks...

Hopefully The West will realize our foundational securityrug is about to be yanked out. The winner in this priceless Artificial Intelligence/Intellectual Property race will reign over the world (as both Putin and Musk fear).

World Domination Alert - Immediate Action Required
To be blunt The White House, Congress and The Pentagon need to get off its arse and totally restrict the one-way flow of Silicon Valley IP to China. Critical parts of our future National Security are about to be GIVEN AWAY as a condition of entry to China by milt-national leaders who demonstrate little if any allegiance to the West and the USA.

We require an immediate executive order preventing AI technology/search engine transfers to China while Congress developed new laws. To be fair use China’s new draconian espionage laws as a blueprint.

Wesley ParishAugust 19, 2018 5:10 AM

@echo

The American Convention on Human Rights is a product of the Organization of American States, roughly the Latin American and Caribbean states, and including the two Anglo-American North American states the United States and Canada.

The United States pretty much ramrodded the American Convention on Human Rights through the OAS, being the OAS' big bully-boy; it was the first actual multilateral treaty on human rights to go into force anywhere in the world - at that time the UN only had the Universal Declaration of Human Rights. But the United States has not signed it, claiming that its homegrown Bill of Rights in the US Constitution makes it unnecessary. More to the point, the US fears that Mexico Colombia, Panama, and other Latin American states might start using it on Uncle Sam. And Uncle Sam, like all bullies, is a coward when it comes to facing up to reality.

I mean, if the United States signed and acceded to the American Convention on Human Rights, Argentinians might find they can take Uncle Sam to court for Uncle Sam's part in the dirty war of the seventies; likewise the Chileans ... read Isabel Allende's memoir Paula, her letter to her dying daughter Paula. (I bought a copy for a friend's teenage daughter, who was suffering a rare medical condition at the time and needed something to keep her from going down deep into depression; I haven't seen her for a while; I hope she's forgiven me! :)

And Uncle Sam, that [w]ee, sleekit, cow'rin, tim'rous beastie, regretfully, talk[s] like [a] predator, but cower[s] like prey.

Wesley ParishAugust 19, 2018 5:46 AM

@usual suspects

for those who fail to be wee sleekit cow'rin tim'rous beasties, via slashdot, we have an interesting spread:

Australians who won’t unlock their phones could face 10 years in jail
https://nakedsecurity.sophos.com/2018/08/16/australians-who-wont-unlock-their-phones-could-face-10-years-in-jail/

VORACLE Attack Can Recover HTTP Data From VPN Connections
https://www.bleepingcomputer.com/news/security/voracle-attack-can-recover-http-data-from-vpn-connections/
(Troubling.)

http://www.osnews.com/story/30657/The_jury_is_in_monolithic_OS_design_is_flawed

Wi-fi could be used to detect weapons and bombs
https://www.bbc.co.uk/news/technology-45196164

Encrypting NFSv4 with Stunnel TLS
https://www.linuxjournal.com/content/encrypting-nfsv4-stunnel-tls
(NFS is a bit of a worry at times. Nice to have some good news.)

And a bumper crop from ElReg!

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway
https://www.theregister.co.uk/2018/08/18/cellular_gateway_snafu/

What happens to your online accounts when you die?
https://www.theregister.co.uk/2018/08/17/digital_entropy_of_death/

I wish I could quit you, but cookies find a way: How to sidestep browser tracking protections
https://www.theregister.co.uk/2018/08/17/usenix_cookies/
(Where's Cookie Monster? Why isn't he on the job, because, This Is A Job For Cookie Monster! :)

And not exactly security-focused, but Yet Another IoT thing that is likely to twiddle your bits very intimately:

Now you can tell someone to literally go f--k themselves over the internet: Remote-control mock-cock patent dies
https://www.theregister.co.uk/2018/08/17/key_teledildonics_patent_gets_lifted/
(It's not something that gets a lot of focus in general, but I suspect it's full of vulnerabilities. It tempts me to burst into print about likely vulnerabilities ... oh the temptation! It's a pity nobody's brought it to Mel Brooks' attention ...:)

Clive RobinsonAugust 19, 2018 6:09 AM

@ bttb,

"...executing dozens of suspected U.S. spies." That got my attention, too.

In general people don't realise the distinction of a "spy" and their "officers" or others in the espionage game.

The fictional James Bond was not a "spy" but an "officer of Her Majesty's Britanic Government".

An "officer" is usually part of a "diplomatic mission" in some way and has "Diplomatic Immunity". Thus is not realy subject to any sanctions in the foreign country they are opperating in.

A "spy" is a citizen of the foreign nation under surveillance, and thus subject to it's laws. They are in effect "Traitors" in the popular --non legal-- sense. That is they are aquiring information in some manner and then handing it over to the "officers" of a foreign nation.

So in this case the US citizens as Diplomats were the CIA "officers" in China, Who were the ones who caused the Chinese citizens they had recruited as "Spys" to become compromised and get killed.

The confussion is part of the reason journalists, politicians and others talk of "methods and sources" and "assets".

The US has of recent times been very careless with assets and has for quite silly political point scoring "burned" not just their own assets but both the metods and sources of other nations.

It's got to the point where only an idiot would willingly act as a US asset.

There are other assets besides "spys" these include "No Official Cover" (NOC) officers or as the Russian's allegedly used to call them "illegal residents". In essence in this case they would be US citizens of Chinese ancestry, who have gone back to live in China usually not to carry out direct espionage but to act as facilitators to US field officers. Some like to call them long or deep cover operatives. It is something both the Russian's and Chinese have long been accused of doing.

Then there are the part timers who are at the coal face of espionage with "full deniability" thus absolutly no cover. If you are a business man who regularly visits quite legitimately a "country of interest" you might get a friendly visit from a supposed govenment employee, asking you as a patriot etc to "just have a look around" and let the employee know what you might have seen that looked or sounded a little odd or unusual. Worse the request might be done through your boss, so you think you are potentially chasing down new business etc... Good luck if you ever get caught, either by the nation you are spying on, or worse by another part of your own countries government (look up Matrix Churchill).

But as with the distinction between "soldiers and mercenaries" you have the difference between "officers and contractors". In essence a contractor provides a specialised service for money. Back in WWI and WWII it's known that criminals such as house breakers and safe crackers were employed at quite large sums of money to get into embassies to copy "code books" they likewise did the same abroad with factories to copy blueprints and other trchnical drawings and papers[1]. Their work got known as "Black Bag Jobs" because they were reputed to look like "doctors visiting patients" as an excuse to be out and about during curfews etc and using the traditional "black Gladstone bag" that doctors did to carry the tools of their breaking/cracking trade.

Likewise there are other contractors who carry out other less pleasant activities such as removing people by kidnapping or assassination, or making "sanitising" bodies to look like suicide or disappear compleatly and clean up afterwards. If you read or watch mainly US originating spy stories / films you will here it called "wet work". The origin of the term is not clear and some have pointed at it comming into the common lexicon from Chicago Mobsters from prohibition era activities. What is known is that long prior to that it was an expression used by Eastern European and Russian criminal gangs and much later became a term used by Russian Security Services. The term "wetwork" also has another meaning that is for people in trades where washing a lot is required, so the term could have migrated to criminals who had to wash blood etc off of their hands and clothing and the places they committed their acts of violance.

[1] Back in the 1980's the head of the French secret service was intetviewed and he made it fairly clear that economic espionage was cheaper than R&D and was a legitimate part of "National Security"...

Clive RobinsonAugust 19, 2018 6:43 AM

@ Australian Maths...,

Evidently the legislation requires "assistance" but unless something nasty is known about RSA and AES, I can't see how assistance can be provided for the few end-to-end encrypted solutions.

As has been said befor "Beat cops, want message contents, intelligence operatives want traffic flow".

The legislation thus courts are slowly starting to move towards "traffic as evidence" as well with the burden of proof thrown onto the defendant to show their activities are innocent. With a little thought you will realise that with the distinct lack of modern device/OS/App security putting an individual in an impossible situation is a lot lot easier than obtaining real evidence of illegal activity.

Traffic activity is easy for the authorities to requite and nigh on impossible for an average user to stop. All that has to happen is that the point you get your Internet connection your packets get "tagged" by your ISP etc. You can not see such tagging but we know from various sources that it is actively being perused by major carriers wanting a slice of the Google Money. Even VPN suppliers have been caught out doing this sort of thing. In the US those tagging records are very definitely "business records" and you have no rights what so ever ovet them. In most other juresdictions they are likewise covered as "engineering" or "technical" records over which you have no rights.

But in most cases tagging is not required at all. All that is required is your DNS request records. Even for end to end encryption on peer to peer networking your system usually goes through a "discovery" process to find the remote end, whilst it might not be the DNS servers you use, you will in most cases end up using a third party service "in plaintext" as traffic or for the search on the server it's self.

Which brings me around to your closing comment,

I sleep well knowing I am not actively or passively undermining anyone's technical solutions, ironically including those of government.

Don't "sleep well" as even "inactivity" is "activity" especially when it comes to privacy and freedom. If you do not actively defend your privacy and freedom then others without your interests at heart will assume you do not care about having them, and by the time you start to protest you do value them it will be way way to late.

I could give a whole list of quotes about eternal vigilance, refreshing trees with blood, and more prophetic poems about those who come for others, but you can rest assured that those that do not learn the lessons of history condem themselves and others to relive it.

Clive RobinsonAugust 19, 2018 6:55 AM

@ echo,

It's a cultural preference and an economic luxury.

And there was me thinking, it was so they could keep one hand free for scratching their body parts, playing with their in vehicle audio visual entertainment systems, air con, CB radios, mobile phones, or keeping it on their weapon for the comfort it gives them ;-)

That is anything that can distract them from driving safely. I could be wrong but with one of the highest death and injury rates along with non injurous crashes, bashes, knocks, and dings, something has to account for the carnage on US roads...

Clive RobinsonAugust 19, 2018 7:40 AM

@ Sancho_P,

Also Orin Kerr didn’t detect the serious flaw in Judge Ho’s opinion when quoting:

Yup, the fatal flaw in all the legal argument that it is not a search is that "hashes are most definately not unique" nor can they ever be (see Cantor diagonal argument for why).

The simple example most can relate to is, as I said the simple mechanical milometer / odometer in a vehical. It has a limited range of numbers (just under a hundred thousand miles) and they can and do roll over. As there are way way way more vehicals with odometers built than the hundred thousand mile display ability then simple reason alone will tell you that by far the majority of odometer readings are not unique. As the number of veihcles made is easily well above the hundreds of millions the odometer would have to be a lot lot lot larger, but still you would have nonunique values in the majority of vehicles.

Hashes of their various forms all have this nonunique failing. Thus knowing a file has the same hash is not nore can it ever be a guaranty that the file contents are the same, or worse still approximately the same.

In fact if you read the various articles you come across another point that both the Judge and the Proffesor either did not know --very unlikely-- or chose to ignore.

A pornographic image is only poronographic in the eye of the beholder. That is under law it is the opinion of the viewing officer as to if it is pornographic or not.

Thus if the officer has not seen the image the officer can not make that determination.

So if the hash says it's "possible porn" and the officer decides under the rules they work to it's not porn where does that leave us?

Well at the very least the officer had made an unjustified viewing of the files contents. The only way that should happen is by use of a warrant and presumptive evidence submitted to the signing judge or witness.

But this is where it breaks down, the officer presenting presumptive evidence has to have a chain of evidence to support the presumption.

In the UK there was a harassment case by an individual against British Gas. British Gas's defence boiled down to "the computer says". Law lords ruled on the case and made it abundantly clear that it was not a valid argument let alone defence. Put simply it was pointed out that computers had no mind let alone a directing on, thus were incapable of forming an opinion. Computers were designed by man, programed by man to do mans bidding. Thus the responsability was firmly and irrevocably in the hands of man. Thus any mistakes made by a creation of man were mans respondability.

So a computer can not stand as witness, nor can the product of it's programming. The responsability lies with an individual to check the computer output...

Don't check it, and it's found to be false, in a criminal case presenting false representation is a serious matter...

The officer had no way of checking if the hash was to actual pornography or not, and should most assuradly have known that as should the judge and proffessor. There fore the responsability was on the officers shoulders to view the file. If a warrant or other legal authorisation was not used then the activity of the officer was illegal and they should by rights be punished for their behaviour.

As others have noted the learned proffessor appears to have such a high ivory tower his reasoning takes flights of fancy due to the rarefied atmosphere atop it...

Clive RobinsonAugust 19, 2018 11:35 AM

@ Wesley Parish,

Australians who won’t unlock their phones could face 10 years in jail

Sophos like many other commentators are either taking the side of the LEO's or don't know very much about security...

This legislation is fairly simple to side step and it would appear from what's been said, the real targets of the legislation are not the touted child abusers, terrorists, or serious organised crime. Thus one can only assume it's an unwarranted "power grab" by those who should not receive such power, as the intent is by default to use it against the ordinary citizen.

Knowing the godam crock of the brown stuff Australian politics are and some of the corruption levels of those involed... It would not be difficult to make the assumption this "pact with the devil" legislation is realy aimed at political activists, whistle blowers, and journalists, who could rock their corrupt little world.

As a phone manufactuter I would consider pulling out of Australia, as not realy worth the risk. But certain types of business people are shall we say not bright enough to realise that. We know that from the failed RIM (Blackberry) efforts in various authoratarian nations etc. It's a game that you can not win by trying to play, only loose in the long run, so the sensible option is not to play. One can only hope that Google which is selling it's soul to China --ie all the IP and it would appear new development-- will like RIM quickly become a shadow of it's former self. I guess the qurstion is "Will the USG treat them like Kaspersky etc and cut all ties with Google on National Security grounds...

That asside the way to side step this legislation is to not use it as anything other than an open communications pipe. That is do not put any secure messaging apps etc on it and not to lock it except at a minimum level.

That way any messages you send are from the phones point of view "plaintext" so no encryption or keys are needed on it.

If you want to send secure messages etc use a non communications method to do encryption / decryption and then transfer the cipher text to the phone. To play safe use a pencil and paper type hand cipher that has the required security margins.

However using such a system has proved problematic for many users... Which how do I put it politely "If you cannot secure your comms then perhaps you are not quallifed to communicate"...

AlenjandroAugust 19, 2018 11:42 AM

@RG

Pichai's carefully parsed comment that they "are not close to launching a search product in China" is a dead give away that something is up and indeed will happen.

I get angry thinking about all the intellectual property the USA will lose when google moves there. No doubt worth many billions of dollars, not to mention all the blood, sweat and tears. Not to mention the jobs.

But, there it goes for another profit center.

I assume Google and NSA are thinking they can out-smart the Chinese on their own turf about this. I think that's laughable myself.

And yes, I assume Google and NSA are partners in this.

echoAugust 19, 2018 4:55 PM

@Clive

You are not on the receiving end of too much testosterone in the room nor backseat driving women "trying to help" which is code for rote learned don't rock the boat own goals.

I contacted the EHRC last week to open a discussion about bringing a strategic case which required some "reasoanble adjustments" on their part. I provided the briefest of summaries and made it clear they were to liase with me in all instances due in part to confidentiality and consent reasons not to mention the balance of expertise. I received an email from another EHRC office which edited all this out and raced to the bit where they wanted my intellectual property to assist with a current judicial review.

Tonight I reviewed their complaints page. They can't even get this simple task right. I carefully crafted the issue to them to avoid creating a bad situation where a complaint would arise. Now I have had to put a complaint in they can't respect their own principles published on their own complaints page! This is the EHRC!!!!!!!

I just don't believe how stupid the UK is.

echoAugust 19, 2018 5:10 PM

@Clive

I didn't need the graphic imagery. Really I didn't. You're not the one in the room listening to a thick of mince police officer boasting how successful he is atcatching a drug pusher, mansplaining about evidence collection, and being nosey about my personal life. As things turned out I spoke with another woman and it turned out he had been lying about the drug pusher issue. It was nothing of the sort and was wholly innocent. I also didn't need a lecture on collecting evidence and joining the dots when I had done all the work and said so and was very obviously wanting to discuss this. Funnily enough we never talked about this because he was too busy chatting me up. I have more complaints about him including his initial threatening behaviour and rudeness and his colleague rudely disappearing off for most of the meeting to process other, I daresay, more important work leaving me with this fat lazy over the hill creep.

I'm not even including being insulted punched and by another police officer whose colleagues looked the other way or deliberate attempts to pervert the course of justice by another officer desperate to cover up their own mistakes. Oh, and being railroaded out of a complaint which, in the words of one officer describing the incident I was complaining about "Should never have happened".

There's little point complaining because, by way of an example, when notified of an incident the IPPC decided to prosecute without informing me and I only learned about the result later in the newspapers. This gave them ample opportunity to rig the trial with bad legal argument and facts which if heard at the trial may have produced a different result.

Sancho_PAugust 19, 2018 6:04 PM

@Clive Robinson re hashes and more

OK, I see your point, but my concern is different.

PhotoDNA is a well established and widely used technology. While there may be reservations regarding accuracy, reliability and falls positives, as well as possibilities to trick the system, it is an efficient staple for the LE to identify already known contraband, in both, the US and the EU.

That said, my concern is the (lazy?) LEO with oath (the "official") who let’s private sheriffs do the work.

The private searches the user’s property by “hashing” - so far, so good, in fact, I like it.
They flag the image and send the hash(es) with a notice to the LEO.
- But why the content?
- This is already a violation of privacy, because mine is mine and not theirs.

With the hash and the flag notice the officer should go for a warrant and check the user’s content. The private has neither right nor duty to do it before the warrant is presented to them.

But now, as the system in the US seems to work (???), if they send hash + content to the LEO, it is the first duty for the officer to check the file with the official system if there is a match. This wouldn’t neither require a warrant nor to open the file.

And if there is a match, it would be easy to get the warrant.

I think that would be the way to do it.

RexAugust 19, 2018 6:06 PM

Does the Internet know more about you than you think it should?
https://neworgans.net/

The New Organs is an independent project commissioned by
Mozilla to investigate how internet companies track and
monitor people online and offline.

RGAugust 19, 2018 6:09 PM

Apparently the current leadership in Silicon Valley has no moral or ethical issues with their big-data surveillance assisting the Communist Chinese Red Party thugs as its draconian repression of citizens worsens.
Are these tactics reminiscent of Nazi Germany? Is China rapidly regressing to their bloody past where tens of millions were slaughtered?

Note: German owned Business Insider has superb unbiased factual reporting (unlike the American MSM). So I like to reference their articles!

Here's what China does to people who speak out against them
1. Make you disappear
2. Physically drag you away so you can't speak to the media
3. Put your family under house arrest, even if they haven't been accused of a crime
4. Threaten to kill your family and forbid them from leaving China
5. Take down your social media posts
6. Remove your posts from the internet — and reportedly throw you in a psychiatric ward
7. Barge into your house to force you off the airwaves
8. Trap you in your house, and detain people who come to see you
9. Forbid you from leaving the country
10. Activists say we are now seeing 'human rights violations not seen in decades' in China
11. Destroy houses of Worship and put up posters of Premiere Xi
12. Place millions in huge prisons camps
https://www.businessinsider.com/how-china-deals-with-dissent-threats-family-arrests-2018-8

Meanwhile in the West, Big-Data begins practicing threats and intimidation:
13: In England Facebook threatened Guardian Media Group. They received legal letter from Facebook day before Observer report on mass data harvesting by Cambridge Analytica
https://www.theguardian.com/news/2018/mar/23/facebook-says-warning-to-guardian-group-not-our-wisest-move

14: Facebook exec: media firms that don't work with us will end up 'in hospice'
The Australian also reported that Brown said that Facebook’s chief executive, Mark Zuckerberg, “doesn’t care about publishers but is giving me a lot of leeway and concessions to make these changes” https://www.theguardian.com/technology/2018/aug/13/facebook-news-media-campbell-brown-hospice

echoAugust 19, 2018 7:39 PM

@RG

When the neo-fascist Nigel Farage was boasting how Brexit couldn't have been achieved without Facebook and he was making a lot of none verbal signals thathe regarded Facebook (or perhaps Zuckerberg) as a friend of his cause Zuckerberg looked very uncomfortable. Rather than take a political or ethical position Zuckerberg looked very uncomfortable bordering on angry and robotically hid behind claiming Facebook was a neutral platform for free speech.

The legal position of speech in the EU (bother within UK common law and mainland European Civil, Law) is that speech is a qualified right.

I'm also a bit unhappy a German pharmaceutical company took a neutral position on their products being used to execute American prisoners.

Also this...

I don't believe the EU fully grasps how the UK circumvents its European Convention responsibilities. It is quite pernicious and very deliberate. I know this from personal experience havign both been on the receiving end and observing how the law is circumvented in practice.

https://www.theguardian.com/commentisfree/2018/aug/18/honeyed-words-do-nothing-to-curb-prejudice-against-the-disabled

It’s always been the case that changing language is a poor and easy substitute for changing the world. We should tackle prejudice and care for its victims. Britain is doing neither while pretending it is doing both. It prefers to play word games instead.

echoAugust 19, 2018 8:21 PM

There is a whole noxious culture of hatred feeding on hatred and innocent people of all colours and sexes are caught up in this. This as well as the prison issue is a massive failure of public policy.

Was the government "missing the point"? I do agree and have this uncomfortable sense I have witnessed this myself. There is a certain lack of "eyes on the job" across the whole system. As the article highlights there seems to be a lack of intelligence and understanding in the system. It's also quite alarming to think a charity has to train statutory authorities in issues when they have professional and legal obligations themselves.

After the way I was treated by the EHRC this past week I'm wondering if the lights are on...

https://www.independent.co.uk/news/uk/home-news/child-marriages-uk-girls-forced-wedding-summer-holiday-charity-a8475256.html
The number of girls being forced into marriage ahead of the summer holiday period has increased by more than a third in recent years, according to a leading charity which has accused the government of an abject failure to get to grips with the problem.

PeaceHeadAugust 19, 2018 10:38 PM

@ Mr. Bruce:

Thanks for the PDF about Existential Risk Resources (2015-08-24).
That is exactly the type of information I hope to study more effectively in the near future.
It's a very impressive compendium of writings.

@ Clive and Anura:

Yes, there's plenty of pseudoscience in every field of knowledge. It's not like there exists any field of knowledge where there is not or has not been pseudoscience and other forms of magical thinking or sloppy logic and sloppy reasoning.

However, there are some aspects to forensic science which have stable foundation within the other hard sciences. Even some of the applied forensic science when done correctly is stable within the sciences.

There are unqualified and/or abusive elements within every field, but I don't think it's fair to characterize the entire complex field of forensic investigation to be pseudoscience. Sure, if the only source of exposure to these ideas are via television, then of course it's mostly made up Hollywood nonsense. However, there are other resources which are more reliable.

Just because many of us prefer to reject fascism in any form, including police state tactics, doesn't mean that we need to trash the entire law enforcement compound fieldset.

I think it makes more sense to talk about specific instances when pointing fingers of blame. That way discussion or further study can lead somewhere deeper. I'm not against your claims, I'm just saying that the scope of the claim is not 100% ubiquitous and care ought to be taken. There are digital and non-digital forensics people who are not our enemies. I'd say that on a good day we have much more in common with them than not (if and when we care about facts and using tools responsibly to accomplish justice and protect lives and enhance safety).

If you disagree, that's alright. We can agree to disagree and I'll leave it at that.

AnuraAugust 19, 2018 11:48 PM

@PeaceHead

I don't have a problem with forensics as a concept, but in the way it is practiced. The biggest problem is that judges and juries aren't expected to understand these things, and so they are susceptible to manipulation. As Clive pointed out, the CSI effect means this manipulation heavily favors the state; people have been convicted off of partial DNA matches from databses alone that shouldn't be enough for probable cause (e.g. there is a one in a billion chance it will match any given person, but it is ran against a database of a million people leading to an unacceptably high probability of a false positive.

The second problem is the lack of transparency. When it comes to something like PhotoDNA, the algorithm is proprietary and there is no way to know how accurate it really is. Science itself requires independent confirmation of results; if you want to rely on something in court, you should have more than just the word of some agency or corporation. You also need more than just statistics; if you are going to study ballistic fingerprinting, you should understand how the "fingerprint" forms, so you are not just choosing markers that appear to independent at first glance but might not be.

WeatherAugust 20, 2018 12:05 AM

Personally I don't consciously use Facebook,but them and company like them are no longer a american company they are a UN world company, if they don't put in the legal framework, well I suppose bleed them dry to the company die.

AlejandroAugust 20, 2018 6:50 AM

I've been looking at the situation with home/business routers these days and it doesn't look good.
Apparently most all big name devices are cesspools of backdoors and exploits. None are safe. Here is a recent discussion on but one issue:

Router Vulnerability and the VPNFilter Botnet

https://www.schneier.com/blog/archives/2018/06/router_vulnerab.html

Everyone, at least here, knows you got to reset the default password on the router.
That's a bare minimum. But one thing that's pretty easy, while you are at it, is to reset the default router LAN address which is pretty easy too!

Go to LAN Setup and find the address of the router, usually something like 192.168.1.1 Netgear, or 10.0.0.1 ASUS, 192.168.1.254 D-Link, etc...and change it.
Likely everything will bang home after the router reboot, but go ahead and restart all your devices and modem anyway. It might help.

Thought: Maybe an after-market DDWRT/Tomato router might be a safer and better route. (Wireless range usually not as good as original if that's important.)

Clive RobinsonAugust 20, 2018 7:07 AM

@ echo,

All of a sudden the news starts getting serious again...

The MOJ thing is an expected result. It should be clear to most people by now that the likes of G4S, Serco and all those other barnacles on the UK economy are only in existance because of a political mantra that is akin to saying "anti-fouling is not a worthwhile activity". Thus Gov abdicates on it's duties to it's citizens and that "glorious free market" mantra creates gross ineficiences and overloads the workings causing early failure. But the mantra has to go on. A bit like the hand of a drowning man holding aloft a camels straw to wave like some great hope for recognition and being pulled to safe harbour.

Thus the summer news "silly season" that waxed so well starts to wane again. But before it goes too far your comment of,

mansplaining about evidence collection,

Caught my eye. Whilst you have my sympathies for the predicament you were in, you also have my admiration for resisting the urge to take the polish of your toe cap on the offending bum.

It's actually the invented words that are a kind of itch with me "splaning" is a word with atleast two hundred years of history in it and thus stands without the need for prefix, of which bro- sis- mo- nerd- elder- woman- and many more have been coupled to it since man- most have happened within a small handfull of years and almost all have had their meanings or intent changed atleast once.

In times past we have rightly criticized "managment speak", "Politically correct speak" and many more. George Orwell for all his other observations had great cynicism for such behaviour and it's attempts to not just divide society but actually fracture it thus making it easier to conquer by authoritarian behaviours.

But it also misses the point, many of these word couplets come into existance due to "hurt" and the "you just don't get it do you" feeling. Thus they start as linquistic "pull ups" then become weapons at the hands of others who then encorage them to become dividers for their gain.

What it says about the current state of society in WASP nations where it predominates I'm not entirely sure, but to me it does not feel at all healthy. Thus I see it as in effect a symptom of a deeper insult in society, which is most likely a threat to the wellbeing of society which inturn threatens societies security.

ThothAugust 20, 2018 10:47 AM

@all

re: FB Messenger Backdoor Request by Warhawk Govts

They have a Messenger API which can be leveraged to build your own crypto on top of it.

Of course the usual pains of Key Management and getting everyone to use the correct protocols and versions as well as to avoid FB or the Big Bros detection that you are encrypting over FB Messenger is unavoidable.

Crypter (linked below) is a good start since it has an Open Source Guthub source code but as usual, Browser/JS crypto ain't too assuring.

It uses AES but this can be improved by adding a ChaCha20 as an option for additional algorithm level security.

Links:
- https://developers.facebook.com/docs/messenger-platform/send-messages/
- https://crypter.co.uk

Bob PaddockAugust 20, 2018 1:23 PM

@Clive Robinson

Rest In Peace Professor Michael Persinger.

He was famous for his "God Helmet" experiments linking electromagnetics to brain state and influencing their experience.

https://www.sudbury.com/local-news/breaking-laurentian-professor-michael-persinger-most-famous-for-his-god-helmet-passes-away-1016204

Somewhat related:

The Mind Has No Firewall
TIMOTHY L. THOMAS

From Parameters, Spring 1998, pp. 84-92.

“It is completely clear that the state which is first to create such weapons will achieve incomparable superiority.” – Major I. Chernishev, Russian army

https://ssi.armywarcollege.edu/pubs/parameters/articles/98spring/thomas.htm

Then see some of the advances since the publication of that Army War College article here:

https://earthpulse.com/mind_brain_effects/

echoAugust 20, 2018 3:02 PM

@Clive

The way the UK constitition is organised is very feudal... I tend to agree with your discussion of etymology and society and security.

Tempting doesn't describe it. It's not how I wish to define myself plus it wouldn't make me feel good. Even my worst enemy is a human being. That said I got on the phone again to the EHRC and told them I was distressed and upset their policy had a wait of up to 20 days. I don't believe it's good enough that not only do they boudnary push and breach confidentiality and attempt to steal my stuff but cannot fix even the simplest of issues quickly and informally. If the EHRC are guilty of the same systemic abuse I have witnessed they can knock it off. I await whatever "We did nothing wrong" cut and paste response they have lined up. Full investigation? Staff held to account? This would be a first...

Actually, there's a case against the Ministry of Justice case I'm following. It will be interesting to see if the prosecuting lawyer who ripped me off uses my material. The reason she has a case in progress is she has bigger tits...

echoAugust 20, 2018 5:43 PM

Oh this could be so funny if hacked. Playing Mickey Mouse during the parade in Red Square, or in the middle of a tense battle flashing "Sponsored by Coke".

http://tass.com/defense/1017840
MOSCOW, August 20. /TASS/. Russia’s state-run hi-tech corporation Rostec will demonstrate stealth camouflaging for troops and military hardware at the Army-2018 international military and technical forum outside Moscow, Rostec CEO Sergei Chemezov told TASS on Monday.

The camouflage developed on order from Russia’s Defense Ministry changes its pattern and color depending on the environment and will be used as coating for military hardware and the soldiers’ outfits.

PhotonSmotonAugust 20, 2018 6:21 PM

@Bob Paddock

“It is completely clear that the state which is first to create such weapons will achieve incomparable superiority.” – Major I. Chernishev, Russian army

We're already there. The key is not to be found in classical electromagnetics at all - but instead it is in the domain of quantum entanglement - and that's what the general should have realized in light of many recent and not so recent developments.

The only efficient quantum (photon) detector in the human body is in its pair of eyes - and so that organ is where *most* of the action is going to be found in the short-term future. For there to be any hope of preserving at least a little bit of privacy, people will need to be able to keep foreign-sourced entangled photons out of their heads.

Quantum entanglement can be used as a tracking mechanism, and is slated to be efficient *far* beygond Google or smart phone threats.

Clive RobinsonAugust 20, 2018 6:42 PM

@ Bob Paddock,

As the Thomas article notes,

    According to Department of Defense Directive S-3600.1 of 9 December 1996, information warfare is defined as "an information operation conducted during time of crisis or conflict to achieve or promote specific objectives over a specific adversary or adversaries."

Is a fairly broad definition and thus it's scope is the bounds of the "information operation" which depending on how you view "information" and "operation" could be wider than many assume.

For instance I've discussed information on this blog several times in the past and said that for human interaction it has to be impressed or modulated onto energy or matter to be,

1, communicated.
2, Stored.
3, Processed.

The implication of this is that whilst the laws of the physical universe apply to energy and matter there is no requirment yet given for them to apply to information. But also there is the implication that the physical universe we live and interact with is infact a proper subset of an information universe.

With such a view of "information" the implication is "no bounds" for information and only the laws of physics as bounds on the energy and matter information gets impressed upon.

Thus the problem moves on to "What is information?" and this appears to be well neigh impossible to answer in a practical or engineering way.

As I've pointed out with "data shadows" information does not actually need to be there, it's absence is also information. For instance if you have a "listening post" you will scan the EM Spectrum looking for signals you can detect. Detecting a signal is present provides one bit of information, but conversely not detecting a signal provides the same bit of information but of opposit state.

However regardless of the state, the bit of information is insufficient. The detector can and will create false positives and negatives due not just to external noise but also due to internal issues such as metastability. That is our ability to measure information is far from perfect.

But it gets worse as I've pointed out a few times in the past complex modulation whilst determanistic in origin may appear to be either chaotic or random to a third party observer, who might well decide it is "burst noise" from as far away as celestial object behaviour or as close as devices in the detector, or background noise such as from thermal sources. This is the idea employed by "Low Probability of Intercept"(LPI) systems developed for military and intelligence communications systems and still continues to day with the likes of MIMO systems where multiple signals contain a fraction of the information and need to be received with the correct propagation path / time delays to produce a coherent and information compleate signal.

In effect this causes a "right time and place" effect for the receiver. Arguably everybody in range picks up the information from the multiple transmission sources but it is only coherant in a single place and time.

Combine that with the idea of data shadows, and you can quickly see that we may well be bathed entirely in information at all times but can only occasionally by luck be in the right time and place to be receptive to it. The more people / detectors there are in any given area the more likely the probability of detection and coherent reception...

We can not currently investigate let alone validate such apparently "off the wall" ideas, because ironically we lack the information to do so.

What we do know is that a neurons action potential is very small and requires tiny fractions of energy to become activated, further we have demonstrated both magnetic and voltage fields considerably external to the neuron causing it to be crudely activated.

So far all we have is a simple idea of what goes on with the idea that a neurons output can be defined by,

    f([N1...Nn])

Where N1...Nn is the inputs to the neuron that subjects them to some unknown function f.

Our Machine Learning so far is limited to simple linear additions of the input signals, however it is far more likely that the response will be to some power curve of each input signal.

We can say this from the simple observation that the input signals are effectively pulses of variable repetition rate and that for any given integration process there needs to be a discharge process to ensure stability. In nature such discharge processes are usually "constant percentage" or exponential in nature.

Thus all we can realy say is that our current ML models are unlikely a match for neuron behaviour but might at some point be broadly similar in performance, oh and we still have no clue as to why they produce the results they do, even though we can mathematically model them...

echoAugust 20, 2018 7:12 PM

@Clive

With such a view of "information" the implication is "no bounds" for information and only the laws of physics as bounds on the energy and matter information gets impressed upon. Thus the problem moves on to "What is information?" and this appears to be well neigh impossible to answer in a practical or engineering way.

Oh that's easy. One kilo!

Jean-Paul Sartre was working furiously on his second play, Les Mouches (The Flies), while finishing his major philosophy treatise, L’Être et le néant (Being and Nothingness). Jean Paulhan had convinced Gallimard to publish the 700-page essay even if the commercial prospects were extremely limited. However, three weeks after it came out in early August, sales took off. Gallimard was intrigued to see so many women buying L’Être et le néant. It turned out that since the book weighed exactly one kilogram, people were simply using it as a weight, as the usual copper weights had disappeared to be sold on the black market or melted down to make ammunition.

'Left Bank' by Agnès Poirier.

Wesley ParishAugust 21, 2018 2:42 AM

@usual suspects

Perhaps OT, but yet

Uri Avnery, 1923-2018, Veteran Israeli Peace Activist, Journalist, once a Knesset member, has died.

https://www.tikkun.org/nextgen/uri-avnery-leader-of-the-israeli-peace-movement-gush-shalom-1923-2018

Avnery devoted himself entirely to the struggle to achieve peace between the state of Israel and the Palestinian people in their independent state, as well as between Israel and the Arab and Muslim World. He did not get to the end of the road, did not live to see peace come about. We – the activists and supporters of Tikkun magazine, as well as the members of Gush Shalom as well as very many other people who were directly and indirectly influenced by him – will continue his mission and honor his memory.
I had thought to ask Noam Chomsky to nominate him for the Nobel Peace Prize for his unceasing effort to keep communication channels open between Israel and Palestine. But I left it too late. Asua bilong mi yet ya.

Clive RobinsonAugust 21, 2018 4:06 AM

@ echo,

Gallimard was intrigued to see so many women buying L’Être et le néant.

That sentence, caused me a "dred moment" as to what was going to be said next... You might not know it but it is fairly easy to make my ears turn pink, which I'm told is a "Social failing others derive merriment from"... So "A fifity shades of pink" moment ;-)

Clive RobinsonAugust 21, 2018 4:38 AM

@ Wesley Parish,

Uri Avnery was one of the very few, perhaps the only journalist in Israel to decry the actions of the IDF on "Bloody Monday" this year when the US President and others of ridiculous demeanor were cavorting around the new US Embassy.

Uri Avnery pointed out yet again the IDF lies and propaganda, that appears to be the only story allowed in Israel's MSM by the current leadership. Used to keep the Israeli citizens and residents in an Orwellian NewSpeak world of "glorious victory" afar.

But it is not afar an hour or twos drive at most to where the carnage was being created. It is unknown to the rest of the world just how many rounds of ammunition the IDF fired at unarmed protesters well away from the IDF imprisoned in what is a concentration camp created behind the fences and barricades the IDF have errected. All we know is that over a thousand struck and injured or killed those unarmed protesters.

So no "glorious victory" but a massacre and diplomatic protests from much of the world (but apparently not the US) flooded into Israeli embassies. The IDF were thus forced to end their sensless shootings, but not their violence.

God alone knows how many times this has happened and how many times it will have to happen again. Those who lead Israel currently are proving two points.

Firstly they are confirming Einstein's definition of madness, secondly they are yet again failing to learn histories lessons.

Uri Avnery knew this as much as any man, and spent his adult life trying to get the leaders of Israel to get off of the "wheel of pain" they have put the citizens of Israeli on for so many years.

Peace is only achived by the existance of equality of respect, opportunity, and trade between peoples that leads to both trust and peaceful coexistence. Something Uri Avnery tried to bring about right to the very end of his life.

May he and those he fought so hard for find ultimate peace.

echoAugust 21, 2018 11:18 AM

@Clive

That sentence, caused me a "dred moment" as to what was going to be said next... You might not know it but it is fairly easy to make my ears turn pink, which I'm told is a "Social failing others derive merriment from"... So "A fifity shades of pink" moment ;-)

It never crossed my mind until you said it. As for this week being a woman over 40 wearing a below the knee flared skirt I have become instantly invisible. It's like the invisible gorilla psychological illusion. All I need is to wear my earrings and choker necklace like Camilla Parker-Bowls and I will be a fully signed up member of the grinning idiot club. Your'e embarassed? I can tell you conversation becomes 50 shades of boring... At least I get better service in the shops.

echoAugust 21, 2018 6:51 PM

Lawsuit against Christopher Steele dismissed!!!! Yay!!!!!!!

While the UK is knowingly breaching the European Convention and in hot water with both the UN and EU best friends and sponsors of terrorism Saudi Arabia are executing a human rights activist for having an opinion. Boo hiss.

https://www.independent.co.uk/news/world/americas/us-politics/steele-dossier-lawsuit-trump-chrisopher-steele-alfa-bank-german-khan-a8501881.html
Lawsuit against anti-Trump ‘Steele dossier’ author dismissed in US court. Former MI6 agent Christopher Steele protected by First Amendment, judge says.

And

He added: “Advocacy on issues of public interest has the capacity to inform public debate “and thereby furthers the purposes of the First Amendment, regardless of the citizenship or residency of the speakers.”

https://www.independent.co.uk/news/world/middle-east/saudi-arabia-israa-alghomgham-execution-womens-rights-political-activist-qatif-a8501411.html

Human rights activists are campaigning to save the life of the first woman in Saudi Arabia to be sentenced to death over her political activism.

Clive RobinsonAugust 21, 2018 10:23 PM

@ echo,

I can tell you conversation becomes 50 shades of boring... At least I get better service in the shops.

Hmm there is an odd exception where you get both...

Late last year I had the misfortune to bend over to get a 2ltr bottle of fizzy spring water at one of the new chains of supermarket. I came too sprawled on the floor, with a shop assistant who was the store first aider kneeling beside me.

She informed me that an ambulance had been called and that I should remain laying on the floor, in front of what was the lower cost crisps / potato chips display... Which I was to find out was not a good place to by lying around.

Well what do you talk about after you have exchanged names? The old British stand by of the weather was soon exhausted. Meanwhile women with small children in tow were passing by, the children could see me but the women well, they just stepped over me to get at the crisps for their little bundles of stickiness (or worse).

Now whilst I am not quite the 600lb gorilla or elephant in the room I was definitely getting "the wall flower feeling". I had a sense of unreality I was getting less attention than the crisps were.

Time draged on and after an hour of laying there my conversation level had dropped way through the bottom of even the deepest of sunk barrels. There is a sort of artificial bright brittleness of tone you hear in the voices of people trying to sound chearfull and keeping their end up as it were, and you could hear it getting into both the first aiders and my voices. Worse I think the conversation had turned at that point to the merits of local primary schools, not that either of us had a need of such establishments... We were just compleatly out of place as people just wandered by with their trollies and off spring looking at the shelves around us as though we were in some alterative universe.

Then another member of shop staff appeared, she had just had some form of asthma attack and poor thing she had serious wheezing when breathing both in and out, and did not look at all well. The security gaurd went and found her a chair to sit on and some colour came back to her cheeks. So there the three of us were making a large island in the aisle with a steady stream of shopers passing by like waves lapping around a sea wall. There was a bright spot at this point when one of the other staff came to say that an ambulance was definitely on it's way... Well there was the first aider still on her knees talking to the other member of staff who nodded replys, so I at least could settle back on the now icy stone tile floor and start counting the ceiling tiles in my head and pretend I was not where I was.

It was around this point that one child pointed at me and said "mummy Santa Claus" and pointed at me... Well what do you say? I felt like I should leap up point back and declare in a low menacing base voice "You've just made the naughty list"... But no I just sighed and smiled resignedly whilst the mother draged the offending mite out of sight around a corner. But atleast we had a new conversation topic "What are you doing for Xmas"... Which we must have got a good fifteen minutes out of with the poor lass in the chair nodding along and gasping out the occassional answer. But there are only a handfull of ways to "stuff the turky" so that conversation petered out...

And so it went on, two hours had gone buy and I only half jokingly said that I'm supprised some one had not come around and stuck an over due parking ticket under my chin. The conversation had got that low. Anyway the girl in the chair was beginning to look almost normal and I was getting a nasty cramp in my back when finally the ambulance crew came around the corner and asked who the patient was. The first aider pointed at both of us and as a last ditch effort to raise my spirits, I said that we were a special offer two for the price of one, which atleast got a smile from the girl in the chair at last.

Well the medics started taking observations and asking the usuall questions and I spotted a worried look from the girl who was checking me to her colleague. So the got me up on the bed by a series of undignified posses and a second ambulance with a specialist appeared and some how I refreained from making the bus joke. Well the last I saw of the young lady in the chair she was being given oxygen as they wheeled me through the trollies at the checkout and out the door, again with hardly a look from the shoppers. I was definately getting that 1975 "Stepford wives" vibe.

In the ambulance they started the "big questions" such as "next of kin" and "Do you suffer from AF" at which point I knew I was not going to be going home for a week or so... So off we went on blues and twos to the hospital.

But the good news was the lady medic had a pink pig key ring and I asked if she had a name for it, and we got chatting about the merits of keeping pigs as pets, which was a lot of fun and brought some sense of normality back to me after the compleatly wierd and surreal experience of being invisable on the floor of a supermarket for two hours, as though I had a Douglas Adams "Somebody Elses Problem" field around me.

Then at the hospital hard reality hit me like a 2 by 4 to the pit of the stomach there were people waiting at the dock and they rushed me into "resuscitation" where the look on the triage nurses face said rather more than her words.

The on call consultant appeared like a genie from a bottle and the crash cart appeared under her hand and needles went in all over the place as she rapidly called things out. Then I started to feel deeply sea sick and out of breath, cold sweat poured out of every pour and my body wanted to evacuate every thing at the same time, I just wanted to get up before I disgraced myself. Then my hearing went and my eyes went out of focus and it went dark as atleast four people started doing things and I felt as though I was on fire, and all I could here was a distant voice saying "stay with us" as I was thrown flat on my back... Then out of the darkness the whining of a machine in distress came back to me voices calling out things and the eratic rapid beeping of another machine and a voice talking about inverting and then ketamine and I remember saying "I'm not a bl**dy horse" to which I got an amused "Welcome back" from the consultant. Apparently my blood preasure had just fallen through not just the floor but Hades as well. Anyway they got me something towards back to normal and I started to ask questions like why was my ecg rate on the monitor over 200 and dancing around like a flea on a hot griddle. I quickly got the feeling that I'd not dodged a bullet so much as taken a ride on one, and only just fallen off in time.

But all that aside I still renember more of lying on the supermarket floor for two hours trying to have a conversation with nothing to say not even small talk.

But I am left with an itch I can not scratch, I still have the urge to put that little mite on the naughty list for calling me Santa Claus...

WaelAugust 21, 2018 10:57 PM

@Clive Robinson,

We were just compleatly out of place as people just wandered by with their trollies

I have a story to share about that!

I quickly got the feeling that I'd not dodged a bullet so much as taken a ride on one, and only just fallen off in time.

Lucky us!

But I am left with an itch I can not scratch, I still have the urge to put that little mite on the naughty list for calling me Santa Claus...

I'll scratch it for you. Send me his/her description and consider it a done deal ;)

PeaceHeadAugust 22, 2018 12:22 AM

@Anura: thanks for the decent response. What you said makes sense and I tend to agree with your substantiations. We have similar concerns which are not mutually exclusive of my concerns against unfair treatment of law enforcers (and their associates and acquaintances, or anybody else for that matter).

Peace.

WaelAugust 22, 2018 12:25 AM

@Clive Robinson, @Anura,

I have a story to share about that!

There was this colleague some years ago who went to the UK for a job post. He took a lot of luggage with him since he was going to stay for six months or so. Upon landing at the airport, he asked one of the airport crew if he can help him find a dolly. The Englishman said: good God, man! A Dolly (#7 in the definition list)? You just landed! You must be pretty desperate... :)

WaelAugust 22, 2018 12:41 AM

Forgot to finish the rest. My colleague was puzzled by the response so after a while he said: I need a dolly for my luggage! The Englishman said: oh! You mean a trolly!

WhiskersInMenloAugust 22, 2018 12:42 AM

@Humdee • August 18, 2018 11:42 AM

http://reason.com/volokh/2018/08/17/opening-a-file-after-a-hash-was-made-and#comment

Nowhere is the intersection of technology and law fraught with more conceptual peril than it is with child pornography.
....

As others noted this is not purely a crypto hash but a special image matching technique.
https://www.microsoft.com/en-us/photodna
They call it an "image signature" not a hash function.

As for "illegal content access" this could be a clear violation or clearly enabled by terms and conditions of any
service that involves it. It seems like a way to monetize tools Microsoft assembled and designed to limit their own liability.

The false positive rate is undisclosed but asserted to be low.

Someone has to maintain a primary data set of "illegal" images. This might be any agency domestic or international, commercial or government. Those images need to have been obtained "legally" else the "image signature" that triggered the positive match.
Identification of the data input needs to be tracked exactly no different than DNA from a crime scene and DNA extracted from the "criminal". With DNA amplification a decade old sample could be multiplied and sprayed on a crime scene.

The behind the data bit is opaque and the the judge ruled on the surface of the service.

Next year AI tricks may discover more interesting tricks that can hide behind the API.
Updates to the methods behind the curtain without an external revision system. Such tools
are unlikely to be static so a versioning set of data points both in the code and system as well
as the exemplar data set and individual records in that set. Should the system change tomorrow that
might vacate the judges decision.

This is not unlike a lock skeleton key design (see TSA keys) once exposed could possibly be abused
with false positive triggering data.

Given the rumored volume of input data this is a big mess looking for a solution.
This is not a bad solution to the problem, today. Tomorrow is another day.

Interesting..

AnuraAugust 22, 2018 2:00 AM

My Mom's uncle, an American, met his wife in a class in England. She asked him if he had a rubber, and then after some chatting she gave him her address and asked him to knock her up.

MarkHAugust 22, 2018 3:01 AM

@Clive et al:

Because the discussion concerning file hashes mentions the word "search," I guess that it implicates the 4th amendment to the U.S. constitution.

The wording of the amendment says "probable cause," and the conventional interpretation in U.S. law is "more probable than not." In other words, 51% confidence is sufficient.

A search warrant is not a criminal conviction; it's a huge mistake to conflate them.

This point was completely missed (by some) in discussions of the Carter Page FISA warrants. Reference to the Steele reports, with their admittedly substantial likely error rate, is completely defensible (in combination with the other evidence) for a search warrant.

They would, I am confident, be inadmissible at trial, in which standards are much stricter.

Without weighing in on the merits and demerits of one hash or another, a small probability of false matches is presumably compatible with the standard of probable cause.

Clive RobinsonAugust 22, 2018 4:31 AM

@ echo, All,

Lawsuit against Christopher Steele dismissed!!!! Yay!!!!!!!

Unfortunately for Christopher Steele that is just one of many court cases he has to fight over the dossier.

For instance he has one pending in the UK where the courts are natoriously plaintiff friendly even after the 2013 act[1] and there is no right of free speech (there are however "public interest" and "National security" get outs along with "privileged speech").

Thus he has a number of hurdles to go befor being free and clear.

[1] For those that want a little intro to UK Defamation law,

http://kellywarnerlaw.com/uk-defamation-laws/

Clive RobinsonAugust 22, 2018 5:00 AM

@ Wael,

We have both dollies and trollies in the UK as a very rough rule of thumb a trolley has sides thus you put things "in it" a dolly does not and you put things "on it".

So you would use a trolley for shifting your shopping to your car and a dolly for moving a piano --or similar large akward object without wheels-- into your home etc.

But to make it worse the two words are combined to "trolley dolly" to refere to hostesses on plains and trains who bring drinks and other refreshments to your seat.

There are also words that are used in the UK and US for opposit reasons...

In a restaurant in the UK you would ask for the "bill" at the end of a meal and pay with a "cheque". I'm told in the US you used to ask for the "check" and pay with a "bill" prior to plastic and surveillance becoming king...

I think I've mentioned the "comfort station" story from my child hood befor.

WaelAugust 22, 2018 5:27 AM

@Clive Robinson,

There are also words that are used in the UK and US for opposit reasons...

There are many of these. Some deliberate pronouniation differences also.

and pay with a "bill" prior to plastic and surveillance becoming king...

You "pay the bill" or "foot the bill". Yes, you'd need to ask for the "check"!

Wesley ParishAugust 22, 2018 5:28 AM

@Clive Robinson

Re: little kid calling you Santa Claus

Shoulda said "I'm Santa Fangs!" - and snarled like a Wicked Wolf! :)

This might cheer you up! :)

Twas the Evening After Christmas in Invercargill: A Mystery
https://pandora.nla.gov.au/pan/10063/20130905-0223/www.antisf.com.au/the-stories/twas-the-evening-after-christmas-in-invercargill-a-mystery.html

Anastasia continued speaking to me, "I need a good keen man, Tom. I'm going to get to the bottom of this. I think Santa Claws is an Orc."

WaelAugust 22, 2018 5:37 AM

Speaking of hashes, long time ago we discussed the value of running 10,000 hashes on a piece of data to impede rainbow attacks. I always questioned the value of such technique. Now that GPUs and ASICs are capable of running hashes in the several Tera Hashes per second, I question the effectiveness of this technique even more. Seems the only barrier is the secrecy of the algorithm (how many hashes to run.) Whatever is left of the brain is a bit numb so I may not have expressed myself effectively...

Clive RobinsonAugust 22, 2018 7:11 AM

@ WhiskersInMenlo,

They call it an "image signature" not a hash function.

What Microsoft chose to call it does not realy effect what it is (ie Hoover or Vacuum cleaner) and does. From the information Microsoft supply

It is a function that takes a presumed image file of arbitary unbound size as it's input and optionally a key. It then breaks it down into smaller parts that are averagrd and uses those to build a number of a preditermined size that it then outputs to be used for comparison purposes. Because of the averaging process it is non reversable.

If you have a look at,

http://mathworld.wolfram.com/HashFunction.html

They define a hash function as,

    A hash function H projects a value from a set with many (or even an infinite number of) members to a value from a set with a fixed number of (fewer) members. Hash functions are not reversible.

Which when you line things up is saying the same thing. Likewise with the Wikipedia definition.

Thus aside from Microsoft wishing for marketing or other reasons to differentiate it, it is a hash, plain and simple.

With regards,

Someone has to maintain a primary data set of "illegal" images. This might be any agency domestic or international, commercial or government.

Err no. The issue is what is and is not illegal is not just quite complex and varies from juresdiction to juresdiction, it is always a "matter of opinion". That is it is "in the eye of the beholder" which like it or not is based on their "point of view" which is influanced by other things than just the image contents. Thus images are only technically illegal once a court has said it is. Which means the images in such a data set are in the main only questionable, and those alowed to form "opinion" is for various reasons quite limited and does not include Microsofts computers or I suspect the majority if not all of their front line staff.

There is also a secondary issue with the observers. Unsuprisingly what they judge to being illegal changes with time and the context it's presented in. Thus there is more than a small degree of variability in the judgments.

The whole system of judging images is a compleate mess and should be replaced with something better, is about the only common consensus point. But currently nobody has other options to suggest that are even close to being firm ideas let alone testable prototypes.

Part of the reason it is such a mess is that of Politics. Politicians want to stay in office, thus they tend to do what newspapers and other media outlets tell them to do. The MSM is strong on emotion, drum banging, rallying calls, and stiring up mod rule. Because that is what brings the cash through the door. Politicians wary of MSM power thus tend to vote for overly broad legislation such that they catch all the corner cases. In the process they frequently create a significant imbalance between the new and other existing legislation and moores of society. And as we know that also gets other people caught up in the broad scope dragnet of the new legislation.

For instance you take a selfie or similar holiday snap and instead of the old film camera you use a mobile phone. Many phones will upload those images without your real knowledge to "the cloud". Now ask your self the question "what's in the image of my beach photo?"...

That is what does not "offend public decency" on the beach such as children running around sans cloths, topless teens etc has by your unknowing photo become a serious criminal offence not just of making images but transmitting them as well...

Which brings us back to an earlier point you made,

As for "illegal content access" this could be a clear violation or clearly enabled by terms and conditions of any service that involves it. It seems like a way to monetize tools Microsoft assembled and designed to limit their own liability.

Because of the way major OS and App vendors are pushing the cloud any which way they can, often without the users consent or knowledge, it can and should be argued these companies are not in any way independent or impartial observers "accidently viewing" but actually derive a significant income from their activities.

In short they are actually involved in whole scale entrapment for gain... Which puts a whole different perspective on their place in the process and the conducting of an illegal search...

As I said the whole process is a poorly thought out and implemented knee jerk legislation driven by purely "profit motives", without impartial only paid observers, who do not accidently discover but whole sale search often not just without consent or knowledge of those it is being done to, but by deliberatly forcing it[1].

[1] The tech companies might try to hide the purpose of such behavious with "Telemetry", "Improving user experience" and a whole load of other misdirections, deceits, and legaly unenforceable terms of contract / service etc. But the real purpose is to knowingly take in any way possible users private data to make profit from it. They have even gone as far as making it impossible for users to disable such spying. Do you remember the out cry over CarrierIQ or what Lenovo did with the BIOS ROM in their consumer computers? Each time there was some public relations then it was back to business but hide it better. Now the likes of Microsoft, Google, and many more nolonger bother to hide it at all...

Clive RobinsonAugust 22, 2018 8:01 AM

@ MarkH,

The wording of the [4th] amendment says "probable cause," and the conventional interpretation in U.S. law is "more probable than not." In other words, 51% confidence is sufficient.

The subject is "illegal searches" which brings in a whole load of questions about how the "probable cause" was obtained and goes back to the,

    The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated...

As I've pointed out above the large corporations are frequently just "taking and searching" users data without their consent or even knowledge and in many cases you as a user can not stop them so it's the rquivalent of theft. Which I think most people would classify as being covered by "unreasonable" if not "illegal".

The European view is such taking let alone searching is an illegal act, which in part is also the US view when it comes to illegal searches.

As you note there is a difference between obtaining a warrant and obtaining a conviction, but when it comes to illegal searches or even entrapment, then in both cases the person giving afermation under oath is committing purjury and does not have the excuse of being "unknowing". Part of that is like the chain of custody on physical evidence, they have to know what they are receiving from Microsoft "follows the evidentiary rules" or it is tainted. This brings back the "beyond reasonable doubt" burden of proof.

Thus the question of if what Microsoft are doing A, follows the evidentiary rules, and B, is free from all other taint.

I would argue not. Microsoft has chosen for whatever reason not to supply "false positive/negative" data. Not just on their hash values but also on if an image is illegal or not (something they can not do due to it requiring "the opinion of an officer" qualified to do so in most juresdictions many of which have varying legislation).

Further Microsofts searches are not "accidental" or "impartial" as the are doing it for gain to every one which makes it the equivalent of a "general warrant" search. When you add in that often this search is done on data that may well have been taken "without consent or knowledge" of the user and it most certainly was not in "plain sight" then the act of moving it potentialy creats a crime thus it is hardly taint free.

Thus the question arises "If an officer knows this" then why are they involving themselves with such crimes as they will have to go on oath... And if they do not know why are they qualified to do the job?...

The questions build up and with each one the process from the get go becomes more and more questionable...

MarkHAugust 22, 2018 10:54 AM

@Clive:

Though I much regret your misadventure which began in the shop, I'm grateful that you so vividly related it to us.

I'm prone to faintness from time to time -- thankfully, not apparently related to any serious health matter. However, people have called the ambulance a couple of times. It was only too easy for me to place myself in the miserable plight you depicted with such experiential texture.

It called to mind my hearing American writer Stephen King in a radio interview, telling his life-changing experience of massive physical trauma when he was struck by a van while walking at the edge of a road.

The van threw him so far that he landed about 4 meters from the road, with his pelvis shattered (among other severe injuries).

During the long wait for the ambulance, as King lay in extreme pain, the van's driver stayed nearby, "commiserating" with King as though his reckless driving were some random misfortune of which they were equally victims.

The essence of how I remember it (certainly not King's actual words) was "I realized that this man who had just crushed my body, and was now amiably chatting away, was a character from one of my horror novels"

PS When I much younger, very fat, and wore a long beard, a small child looked at me and said "Santa". I understood it at the time ... but I still remember the sting.

echoAugust 22, 2018 11:03 AM

@Clive

I'm currently making a stand against instititional discrimination which isn't unlike Christopher Steele being up to his neck in it and the issue you later seperately described of countering unlawful survellience. The system is pretty broken and its a good way to lose friends. Nothing I'm saying is unreasonable and it's an open secret in some circles.

Given in this past month alone I have been threatened with criminal prosecution and an injunction, and a hamfisted unethical attempt to steal my intellectual property "rights stripping" for vested interest and covering up abuse behind closed doors is sadly a little too routine.

It's a big cognitive and emotional load to carry, and arguents can be complex. I'm not surpised he is keeping a low profile.

There is at least one establishment figure I am aware of guilty of the brutal rape of a politician. The journalists who know about the story told me the newspapers refuse to print the story because it involves the establishment. I myself have experienced mandatory investigations disappearing into a black hole after being sexually assaulted. I don't actually have evidence of this act but I do have hardcopy evidence of professional abuse indirectly referencing this act. I also have accumulated evidence UK police are deliberately covering up both professional abuse and sexual assaults including within their own ranks. Additionally, I have evidence of money laundering and corporate manslaughter being covered up by the same police and now a blind eye being turned to coercion into prostitition and sex trafficking both of which have a possible establishment connection.

Public interest and national security? Whose interest? Whose security?

echoAugust 22, 2018 11:12 AM

@Clive

Like yourself I question the legitimacy and reasons of Microsofts policy espeically given the context of oevrall nosiness and monitization, and covering of backsides. Microsoft have their own private police force. This may be a factor to insofaris it provides a cover of "legitimacy" for their actions.

https://en.wikipedia.org/wiki/Private_police_in_the_United_States

"The City" has its own private police force too. The City's charter was orginally granted to, essentially, allow the Ebglish finance industry and stateto develop a mutually beneficial relationship sometimes, some would say often, to the detriment of lower classes and the rest of the country, and even constititional arrangments of UK states. The same argument can be made today with equally unpleasant conclusions. Citizens resident in the City don't have a vote... Only the corporations have a vote.

https://en.wikipedia.org/wiki/City_of_London_Corporation

https://en.wikipedia.org/wiki/City_of_London_Police

echoAugust 22, 2018 11:43 AM

This will be an interesting test of the "Great Man" theory of history and, of course, the determination of "little women" among others.

https://www.theguardian.com/society/2018/aug/22/un-poverty-chief-calls-for-evidence-on-effects-of-austerity-in-uk

The eminent international human rights lawyer [Prof Philip Alston] called for submissions from anyone in the UK to establish “the most significant human rights violations experienced by people living in poverty and extreme poverty in the UK”. He is interested in the impact of austerity, universal credit, the advent of computer algorithms making decisions on welfare matters, and Brexit.

https://www.ohchr.org/EN/Issues/Poverty/Pages/CallforinputUK.aspx

Call for written submissions (scroll down) – Visit by the United Nations Special Rapporteur on extreme poverty and human rights to the United Kingdom of Great Britain and Northern Ireland from 5 to 16 November 2018

[...]

Aoife Nolan, a professor of international human rights law at the University of Nottingham, said: “The key issue he has to come and see is welfare reform, deliberate actions which have negatively impacted the enjoyment of human rights for disabled people and children in particular.”

The right to an adequate standard of living is enshrined in the UN convention on the rights of the child and, Nolan said, it is being breached because these rights were not being extended as they should and minimum thresholds are being breached.

PeaceHeadAugust 22, 2018 1:11 PM

@Bob Paddock:

Thanks for the very specific content. That field of knowledge and experimentation also worries me a lot. The files that were linked to are very helpful. It's really helpful to have scientific and historical and industry and military and intelligence (data) backup on these topics.

Staying mentally up to date on these topics is a partial form of self-defense. And I consider self-defense within the spectrum of security.

Most peculiarly yet honestly, I have unfortunately experienced being experimented upon without my consent in ways that I know are abusive. One of the websites you linked to has this quote:

"One can envision the development of electromagnetic energy sources, the output of which can be pulsed, shaped, and focused, that can couple with the human body in a fashion that will allow one to prevent voluntary muscular movements, control emotions (and thus actions), produce sleep, transmit suggestions, interfere with both short-term and long-term memory, produce an experience set, and delete an experience set. It would also appear possible to create high fidelity speech in the human body, raising the possibility of covert suggestion and psychological direction...Thus, it may be possible to 'talk' to selected adversaries in a fashion that would be most disturbing to them."

Strange but true, I have been victimised by experimentation and/or demonstration of all of those listed.

It's very serious. I know I'm not the only one victimised; there are many, in many different ways.

I've had the great misfortune of having to deal with those who, in spite of all publicly-available military and intelligence and academic informations on these topics (de-classified and non-classified), in spite of many varieties and sources of personal testimony, deny all possibility and reality of these experiments and demonstrations of abuse. Instead, they push people who complain deeper into the abuse networks and add to the list of physical, emotional, social, financial, and psychological damages.

It got bad enough and "normalised" enough, that finally I just got up and left that part of country. Interestingly and thankfully, ever since then, all of my physical and emotional and cognitive problems completely stopped long term. This proves that what I was experiencing was exogenous (originating from outside of my body and environmental) not endogenous (not originating from within my body). It wasn't the first time I had proved that.

Just by coincidence, right now I happened to stumble upon a book exploring related topics:

UNDER AN IONIZED SKY (by Elana Freeland, foreward by Clifford Carnicom) published by Feral House (c) 2018

This author is top notch. Please read the table of contents and preface if you can. I intend to read this book and all the other books by the author. This really ought to be MANDATORY READING.

There's another side to this stuff, but I can't really safely talk about it much at all. But it relates to how intelligence workers themselves and their families (and friends) are being damaged not just random disadvantaged civilians unfairly labeled as "conspiracy freaks". Sadly, I've witnessed an enormous quantity of lives conditioned to accept abuses as if they are normal and acceptable. No amount nor type of abuse is acceptable and none of it should be normal.

One thing I've learned over the years is that the people who tend to get abused the most in the most exotic ways tend to be living too close to or actually within military and intelligence establishments. The victims are too often co-opted by religious and pop-psychology and pharmaceutical manipulators and further damaged.

For anyone needing a big tip, here you go: If you're getting abused serepticiously, get the heck away from there and move as far away as possible and don't tell anyone when you're leaving nor where you are going. The old rules don't apply. Proximity does matter.

Anyways, thanks again for the info.

aikido
einheit
sankofa

heiwa

Alyer Babtu August 22, 2018 1:17 PM

@Clive Robinson @MarkH

re call me Santa

You should be glad, as you have assisted the progress of young minds as they move from recognizing the confused whole to discerning particulars and distinguishing particulars.

“And first small children call all men Santa ... and later they distinguish each one” Aristotle, Physics 184a21-184b14

EvilKiruAugust 22, 2018 3:28 PM

@Clive Robinson: That sounds even more unpleasant than what I went through recently, haven fallen at home (multiple times) during an apparent low blood sugar event and being found 2 days later.

The folks at work remarked that missing a day of work was so unlike me and sent someone over to my house to check on me Monday. Apparently I told the person I was fine when queried, so he went back to work and reported this. When I was still missing the following day, he stopped by again and refused to believe my response this time.

Fortunately the door was unlocked, allowing him to verify that I was laying on the floor, my face covered in an enormous bruise, showing that I was by no means fine. One ambulance ride, a week in critical care, and 3 weeks in a rehab hospital for physical, occupational, and speech therapy later, I was sent home to complete my recovery (I've now been home for nearly a month and easing my way back into work for close to 3 weeks, with full-time still being off in the future).

relevant?August 22, 2018 6:46 PM

re: PhotoDNA
https://www.lawfareblog.com/public-utilitys-recording-home-energy-consumption-every-15-minutes-search-seventh-circuit-rules

"Where … the Government uses a device that is not in general public use, to explore details of the home that would previously have been unknowable without physical intrusion, the surveillance is a 'search.'"
I wonder if the public utility would have been in the clear if they had contracted a third-party corporate to install and monitor the meters. I'd suppose it a difficult case to argue that PhotoDNA fell under the "in general public use" exemption.

Clive RobinsonAugust 22, 2018 11:05 PM

@ Wesley Parish,

Twas the Evening After Christmas in Invercargill

Have you been to Invercargill?

I was once told during a conversation about visiting the South Island on business, but also to take some time off to look around,

    You must visit Invercargill you'll love it, it's like Dunedin but without the students.

This was back in the days when there was still a running joke about "You get colour TV in the north" so I was of an age where "students" were still in my age range socially. But due to other circumstances I did not get the time off I wanted, so neither place got graced with my presence :-(

As for the idea of Santa as an Orc, like Terry Pratchett I have a soft spot for Orcs, but that is as they say a story for another day.

As is Auckland without power in early to mid 1998 which some wag christened "Auckland your Y2K Beta test site", the situation was shall we say "Mercurial" in origin, and from the news I gather nearly happened again in April this year...

Clive RobinsonAugust 23, 2018 12:08 AM

@ MarkH,

I'm prone to faintness from time to time -- thankfully, not apparently related to any serious health matter.

My advice, keep a close and watchful eye on it. In my case I've had "unexplained" episodes of passing out for over a decade. It happened once in hospital but due to the actions of an agency nurse, vital information was lost so things remained "unexplained". Which if the loss had not occured might have saved me the "busy doing nothing" on the shop floor.

As it was I got several invasive proceadures to insert "stents" around my heart. As with all things there are upsides and downsides. It's therefore possible that the stents have actually "kept me alive" during what are now assumed to have been AF attacks that caused my blood preasure to fall thus me to pass out (apparently your brain does not like low blood preasure, so it responds by making you lie down the fast way by blacking you out).

At such low blood preasures there is a considerable danger that the heart even in tempory AF could go to VF and crash which is usually fatal if you are not in an area of a hospital setup to deal with it. Also the lack of oxygen to the brain also means the same for the heart, so if you have partialy blocked blood vessels around it, you are way more likely to suffer parts of the heart being irreparably damaged or it stop functioning followed shortly there after by death...

I don't want to scare anyone but repeated unexplained events should be investigated as they might be early signs of something worse to come.

In the UK and I expect other places men are notorious for ignoring their health and not seeking help, it might account for why men die that much earlier than women on average.

Let's just say I've had it fairly forcefully pointed out to me by those close to me that I should have been on the Doctors case more frequently. It's not nice especially as they can now also say "I told you so"...

I'm also now facing the prospect of having a box of insecure electronics attached to my heart via electrodes. As I work from time to time with quite high power RF thus very high field strengths more than sufficient to block receivers and low voltage electronics it is not a prospect I am looking forward to. But worse as I point out on this blog from time to time, I know a number of implanted medical electronic devices are less secure than a tent with the flaps tied back...

MarkHAugust 23, 2018 1:14 AM

@Clive:

The medical suggestion you offer is sound and appropriate. On first impression, Atrial Fibrillation seems pretty benign compared to some other heart ailments ... but it's serious business all the same.

Oh the irony, that after your career devoted to the study of how security failures happen, and deep thought about ways to protect systems, you might get stuck with a device in the "please hack me" category.

The problem of working around powerful EM seems quite vexing -- at the wavelengths involved, might a conductive vest provide meaningful attenuation?

Or perhaps it's time to partner with a technician for in-close work, and do planning and analysis from a safe remove.

Probably you're past the days when you needed to tweak up a powered transmitter by twisting a "gimmick" of a picoFarad or so ...

For what it's worth, my mentor recalls accompanying her dad to work, and watching him fly across the room upon inadvertently touching plate voltage on a broadcast transmitter. They were lucky that day, no serious injury.

Clive RobinsonAugust 23, 2018 1:28 AM

@ echo,

The journalists who know about the story told me the newspapers refuse to print the story because it involves the establishment.

Sadly as I've said on this blog before this is all to common.

The example I've had close contact with is the UK "Operation Ore" which a friend had their life destroyed by simply because a well known supermarket with attached petrol stations alowed credit card details to be stolen and sent to the Far East where criminals were using pornographic sites to raise income through a US gateway, that processed the stolen credit card details.

The US authorities sent to the UK a long list of peoples details that coresponded with the credit cards used through the gateway along with "falsified data" about the gateway (just another reason to not trust US authorities).

The UK authorities under a disreputable person who had been involved with "Ronny Flanagan" and some quite illegal goings on during the NI "troubles" went on a crusade against the non establishment figures on the list, some of whom committed suicide. As part of that they did not hand over evidence in a timely fashion, thus with the help of another friend who obtained via Freedom of Information Requests the full list of names and thus other evidence.

On the list were not just establishment names but more importantly names of people very close to establishment names that were not investigated.

One was the boyfriend of a very prominent politician against whom the evidence was overwhellming.

This name was publically read out by my friend infront of journalists from all the major UK MSM organisations on a number of occasions. Not once has any of those journalists or their organisations investigated the politician or their boyfriend, even though there is other evidence against them.

I would dearly love to name the politician concerned because they are clearly a stain on the body politic in many more ways than one. However as I've pointed out there is no right of free speech in the UK that has any meaning and the defences available under the Defamation Act are narrow in scope.

I can however suggest people look up the list of names the US supplied to the UK --they were put up on a website-- and then cross check the names with the known boy friends of major political persons of the time.

My friends name was eventually cleared but the damage was by then long done...

But the person I would most like to see dealt with was the man incharge of Operation Ore, who was "rewarded" with yet another position of trust, and involvment with Microsoft. Who a decade later said,

    "I'm proud of Operation Ore today. And I'll be proud of it on the day I die."

It's not an opinion many in child protection services agree with, they point to the many harms and diversion of resources. Whilst others in compiter security and forensics point out the it has in no way diminished online pornography, but it has by alerting those involved with criminal acts how to go about protecting themselves and others so that they have in effect not just become stronger, but flourished.

It is the harms that Operation Ore caused that are rarely mentioned by the UK MSM and even where some of them are mentioned they tend to be down played. For instance you can see this in,

https://www.bbc.co.uk/news/magazine-20237564

Clive RobinsonAugust 23, 2018 2:09 AM

@ EvilKiru,

I've now been home for nearly a month and easing my way back into work for close to 3 weeks, with full-time still being off in the future

I wish a speedy and full recovery, and hope that you return to the things you enjoy doing as soon as you are comfortable with them.

But as for the things you don't enjoy, well sounds like you could ask for a "Santa's little helper" for those ;-)

Clive RobinsonAugust 23, 2018 2:55 AM

@ relevant?,

The interesting bit is,

    Under Kyllo, however, even an extremely invasive technology can evade the warrant requirement if it is "in general public use."

It has a weasle word statment in it that is problematic to say the least.

To see why ask yourself some questions about what "in general public use" realy means.

Cars for instance can be either privately or publically owned and operated for either private or public transport.

That is both the citizens and instututions/entities can,

1, own a car.
2, use a car for their private activities.
3, use a car for others private or public activities.

Most would agree incorrectly that a car was covered by "in general public use". Why incorrectly? Well because there are people who are not alowed to operate a car for various reasons or in some cases to own one, therefor it is only a subset of the general public.

But ask the same questions about a train for instance, then citizens owning and operating is some what different, and you would find not so many people would agree that they are "in general public use".

Now ask the same questions about the electricity meter that measures the power entering your property,

1, It is not owned by citizens.
2, It is not operated by citizens.
3, The data gathered is not available to citizens.

I could go on, but whilst power meters are certainly "ubiquitous", they are most definately not "in general public use". Because it is an institution/entity that owns it, installs it, holds all legal title over it, and owns the data produced by it. Citizens however have no choice but to be connected to a meter, they actually have no right of access even to their own readings as the bill is all they are entitled to receive. Nor do they have the right in many places to fit their own meter so they can contest a bill. As for getting access to other citizens meter readings, the best you can hope for is a court might grant it under very limited conditions.

Thus I suspect few would consider a utility meter of any kind to be "in general public use".

Which brings us to surveillance equipment such as drones currently like cars both citizens and institutions/entities can own and operate them (though that is starting to change). Just because the can be owned and operated by anyone would you argue that they were "in general public use" if that ment they could either hover outside your bedroom window looking in or use a telephoto lense camera from a distance to look in your bedroom window?

Because what the court is saying in reality is "yes they can" with their interpretation of "in general public use"...

It's playing around with such weasle words that alows the scope of legislation to be broadened way way beyond the drafters worst nightmares let alone intent.

Wesley ParishAugust 23, 2018 4:13 AM

@Clive Robinson

Do you have a New Zealand connection? And yes, I have been to Invercargill (I had a mighty chuckle the time I read one of HP Lovecraft's stories and he mentions Dunedin.) As a matter of fact one of my ancestors went down to Invercargill during the Otago Gold Rush, but I don't know just what he did down there - he's alleged to have been a jeweller, but the only jeweller I have read of who was in Invercargill in the years after it was founded, was a Frenchman. So I'm at a loss as to what he did down there. Maybe he was a bushranger?

@echo

Perhaps you should put your knowledge of the police and establishment corruption in the UK into a novel, or novels. Not mentioning any real names or dates or locations, but with all the details otherwise.

As for me, the local police have harassed me once too often. Without apology. I expect they won't like it when they provide the characters and crimes for a novel I've had on the back burner for far too long.

Why get mad, get even.

Clive RobinsonAugust 23, 2018 5:20 AM

@ MarkH,

Probably you're past the days when you needed to tweak up a powered transmitter by twisting a "gimmick" of a picoFarad or so ...

Although it's a small part of what keeps me from being idle, it's R&D activity. Which means you "have to get your hands dirty" both on the bench and in the field.

Some are probably wondering what the tie-up is between RF R&D and Computer Security. Well I take a broader view of information security which is not limited to information processing, but all forms of information storage as well, and all forms of information communication.

You could say I have the view of,

    Energy Energy everywhere but not a drop should link

I also used to design "security equipment" of all forms not just crypto type kit. The surveillance kit was the most fun and was quite often on the leading side of "the bleeding edge", and still is for some things.

But when it comes to "information leakage" via side channels you realy need to know the fundemntals from a solid practical basis and you also realy need to know how things fail in part or fully. The only "proffessional design" side that used to require that was for "safety systems" especially "Intrinsic Safety" used in hazardous environments or life critical environments. So I've also worked in the design of Industrial Control and Automation and the design of Medical electronics.

Which kind of brings us back to High Power Transmitters, few realise just what is inside the various types of body imaging equipment. When you describe it in all it's raw details tooth and claw people start to look uneasy.

But that is not as bad as the "Beauty Industry" there you realy are talking "load her up" "for maximum smoke". Those machines that remove unwanted hair near permanently, are realy quite dinky looking. But... they use a Medium Frequency power oscillator to drive a considerable RF current into the hair follicle, which heats up rapidly then explodes under the vapour preasure of the cells contents boiling. Sounds nasty, but then consider that for a current to flow it needs some form of circuit, thus you should ask where the current goes on leaving the cell. Well after going through a lot more cells some of which die as well it ends up using any good conductor such as blood, lymphatic and nerve systems to get to the other electrode that could be the chair you are sitting in or a strap on some convenient point like your wrist... At least with medical equipment used for surgury or physiotherapy they use a patch about the size of a sheet of A4 connected to places that draw the current away from internal organs etc.

But don't start me on the lasers, they realy are Dr Doom territory outside of medical labs and thearters. I get queasy when I hear about people "going on holiday" for laser eye surgery, tattoo removal or similar. Just remember the same basic laser can be used to cut out cancers in much the same way as a scalpel can but with less blood, the bigger ones have no trouble in amputation or reconstructive surgery.

But... if you Google "lasers in hip replacment surgery" you might get bombarded with lots and lots of adds and advertorial articles with lots of "Five things you should know..." all befor you start getting to "the meat of the subject". Yes you will find lasers being used in hip and other joint replacment surgery, but dig a little deeper to find out what they are realy being used for ;-)

One similar advertorial title that brings a wry smile is,

    Which treatment is best for piles, laser or stapler?

Which could bring a new meaning to "pass the stapler" or "put it on the laser"... I guess it's a slightly safer way than,

https://www.schneier.com/blog/archives/2009/09/ass_bomber.html#c393969

For some reason there is always a morbid curiosity with those performing DIY surgery... Possibly the most famous being Joe Mellen and wife Amanda Feilding both of whom drilled holes in their own heads to be creative (and neither appears to be crazy unlike some U-Tube types).

echoAugust 23, 2018 10:05 AM

@Wesley Parish

One woman within the system I was discussing things suggested I write a book. Oh, I don't know. I have some ideas. I mostly need a space to be creative and actually get on with it instead of talking about it.

Speaking of books I have been trying to donate a huge book collection. Everybody wants it but nobody wants to do the work of picking it up or cataloguing. Both the local prison and a library within walking distance said yes but... I even spent my own money on brand new double wall boxes to carry them in. At the end of the day the UK state sector like UK charities just want your money. They are also so bureaucratic. Because the "system" or "policy" or somebodies idea of it "says". I'm just going to end up putting them out for recycling as waste paper. This is at a time when all of the above are screaming they lack resources and complaining children lack educational opportunities and prisoners are bored and misbehaving, and the environment is being wrecked. Of course management and politicians are absent unless a scandal erupts or protests begin in the media then it's "Go! Go! Go!" and other nonsense.

I am utterly sick of the UK. It is not staffed by "solutions people".

echoAugust 23, 2018 10:14 AM

I tried one last charity. "Help the Aged". They had an unhelpful attitude too. They didn't escalate to management and tried to pass the buck to another of their charity shops in another town. That's it. I'm binning the lot. £4000 retail worth of books for the skip.

echoAugust 23, 2018 10:54 AM

I just got off the phone with the local council. The short version is more rote learned compartmentalisation. No escalation to senior management. No communication with another department. No ability to understand this logjam and place the issue in the hands of a city council employee who could. Nor could they understand this complaint other than "fill in a complaint form". This is typical UK state sector.

They won't even take the books for recycling because "the lorry doesn't have a big enough compartment".

Angry. Hurt. Disappointed. Powerless.

This is £4000 worth of book for the general garbage unless I pile them in the middle of the road and set fire to them. Oh, then they would collect them!

gordoAugust 23, 2018 5:00 PM

Good article...

How Google Made Android The World’s Most Ubiquitous Surveillance Platform
Fred Campbell Aug 21 2018 22 min read

Google succeeded in using its openness narrative to build support for Android with policymakers and the public while leveraging its private control over Android to exclude potential competitors from the mobile marketplace and cement its dominance of the digital advertising market. The result is a mobile monopoly that has avoided antitrust enforcement (at least in the United States) and minimized scrutiny of its reliance on surveillance capitalism.

https://medium.com/@fredbcampbelljr/how-google-made-android-the-worlds-most-ubiquitous-surveillance-platform-987cdae3d08f

CallMeLateForSupperAugust 24, 2018 12:55 PM

@echo
"Nor could they understand this complaint other than "fill in a complaint form". This is typical UK state sector."

So I am led to believe.

Brit civil official: Now if you'll just fill in the form...
Citizen: What for?
Official: "What FOR"? Because there is a form for filling IN! We have enough complaints about civil service wasted, without having forms un- filled in!
- The Goon Show (Hilarious Brit radio show last century)

Clive RobinsonAugust 24, 2018 2:55 PM

Unsuprisingly Intel are being prats

Do you remember the outcry when a senior Oracle person basicaly said on her blog that only Oracle had legal rights over benchmarking etc? She fairly soon took it down.

Well it appears Intel is trying the same trick but worse much worse, the implications are you can not even benchmark your own code on Intel CPUs if you install the microcode patch that supposadly fixes the balls up they made over Meltdown, Spector and later variants.

Bruce Perens has blogged about it,

https://perens.com/2018/08/22/new-intel-microcode-license-restriction-is-not-acceptable/

Unlike Bruce Perens I am in no way forgiving Intel. As I said some time ago they chose to do things the way they did to get a speed advantage, thus it was quite deliberate. And don't let any mealy mouthed spin Dr or Marketing / PR Droid try and convince you otherwise.

The fact the same issue occured on other CPUs is very much like those BWM rigged emissions tests, that suprise suprise also appeared in other manufacturers cars. People in the industry get their opponents products or design/manufacture data and go through them to see how they get better specs... Then in effect copy or come up with a slight variation for their own products.

This has been going on for a very long time so the Intel Xmas Gift will carry on giving for some time to come.

Oh and by the way Intel's restriction is illegal in atleast three places I can think of, so it probably won't be long before a Chinese or Russian web site publishes the information Intel are desperatly trying not just to not let out but avoid having class action level law suits over...

My guess based purely on this gaging order nonsense is that the performance hit will be closer to 15% than 5%, which means anything over 10%, and I'm thinking I am being a little conservative ;-)

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.