Friday Squid Blogging: Squid-Focused Menus in Croatia

This is almost over:

From 1 December 2018 -- 6 January 2019, Days of Adriatic squid will take place at restaurants all over north-west Istria. Restaurants will be offering affordable full-course menus based on Adriatic squid, combined with quality local olive oil and fine wines.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Posted on December 28, 2018 at 4:04 PM • 107 Comments

Comments

VinnyGDecember 28, 2018 6:34 PM

@Clive Robinson might find this report about UK "concerns" regarding Huawei interesting, given how well it appears to mesh with his speculation in the 12/14 Squid on the motivation for the kidnapping of the Huawei executive and apparent efforts to marginalise Huawei's contributions to the 5G standards...

UK defence secretary voices ‘grave, very deep concerns’ on Huawei:
https://www.scmp.com/tech/tech-leaders-and-founders/article/2179754/britains-defence-secretary-echoes-us-grave-very-deep

Clive's OP:
https://www.schneier.com/blog/archives/2018/12/friday_squid_bl_654.html#c6786425

ZedDecember 28, 2018 11:18 PM

That arresting an officer of a company that ignores subpoenas is "kidnapping" is about as laughable as Clive's ideas of attribution and plausibility.

Major MephisophelesDecember 29, 2018 12:41 AM

Zed

What are Clives ideas of attribution and plausibility? Can you explain them to us?
Genuine query

ALDecember 29, 2018 12:50 AM

On the Huawei executive matter, I think that due to Trump's position that he would intervene in the matter if it influenced trade negotiations, as far as Canada is concerned, they ought to conclude that their prisoner is a political prisoner, with an indictment designed to give the U.S. an improved negotiating position in trade talks.

I'll leave it to the Canucks to decide what they should do. But, I think due to Trump's remarks that it is entirely reasonable to conclude that the indictment against the Huawei executive is political.
https://www.independent.co.uk/news/world/americas/us-politics/meng-wanzhou-huawei-arrest-trump-china-trade-war-deal-iran-sanctions-canada-court-a8679376.html

FaustusDecember 29, 2018 9:57 AM

@ Zed

Come on Zed, think! Would we honor the subpoena if China subpoenaed the CEO of IBM? Trans jurisdiction subpoenas are only valid by prior treaty and then normally have to pass court review in the country where the subject is located.

Would we allow China to dictate who we trade with?

Clive RobinsonDecember 29, 2018 10:00 AM

@ Anders, ALL,

The Sun (less than affectionately called "The Scum" in the UK by many) article appears to be a "sensationalized re-boiling" of an NYT pirce most missed,

https://www.nytimes.com/2018/12/18/technology/facebook-privacy.html

Yandex etc is mentioned in the NYT piece but not very prominently. Not I suspect for sinister reasons but simply because they tried to pack a lot in.

The UKs BBC also has something to say on the matter,

https://www.bbc.co.uk/news/technology-46618582

And you can see that they say that the NYT had over 150pages of information that they had chosen not to share with other news organisations at the time.

When you read it all you are left with two feelings,

1, I wished I hadn't.
2, Why am I not surprised.

There is as certain inevitability about Facebook and personal data misuse under Mark Zuckerburg. Kind of like you would expect with a psychopathic serial killer.

He is alwaus going to be "the least truthfull" he can be and it is almost inevitable that he will be found out...

But he's got hundreds of millions of users hooked on his "crack candy" and like any dealer in recreational harmfull substances he is determined to squeeze every last drop of profit he can out of them.

He is in fact in the "Class A" of "American Dream" candidates, be like him and you to could be Nouveau riche and finding you only have a social life that money can buy...

FaustusDecember 29, 2018 10:50 AM

@ Clive

At this point using Facebook is like insisting on knocking on the door of the local well known serial killer. Rather than not knocking on the door, people keep knocking, all the while demanding more regulation on doors.

I resent having my freedom restricted because people won't control their own actions.

What if Facebook insisted you send them the ear of a human baby in order to join? Would people still chop babies' ears off while demanding that Congress outlaw chopping babies' ears off?

At this point Facebook is a social psych experiment like Stanley Milgrim's https://en.m.wikipedia.org/wiki/Milgram_experiment or some sort of art project. I am beginning to support Facebook out of perverse interest at how far people are willing to go, how much they will accept, before they simply quit.

Clive RobinsonDecember 29, 2018 1:07 PM

@ Faustus,

out of perverse interest at how far people are willing to go, how much they will accept, before they simply quit.

Do smokers quit when cigarettes are given to them? Do drunks stop drinking when bottles of it are put in front of them? How about drug addicts?

In a way for a certain percentage of the population Facebook or what ever social media is their poison of choice is in effect hard wired into their pleasure centers...

They are like any other addict, hooked not just by the poison but by the social circle around it...

Only we don't know how to break the addiction.

As I've indicated before "food addiction" is one of the hardest to conquer. Not because it hits the pleasure centers with overwhelming force. No because you can not stop eating. Most other addictions you can go "cold turkey" and make a clean break. That's not possible with food, you have to eat two or three times a day or die after a little while.

What many don't realise is that a computer or phone have in effect become "necessities" in the Western world. You try telling someone you have "No phone, email or IM" you are looked at like you are a down and out, people actually telly you how you can get a phone or email. You tell them you have no need of them, and they immediately say "how do you keep in contact" if you say "I write letters and post them" they immediatly try to think up some emergency where you absolutly must have a mobile phone...

Because of this social preasure your Facebook or other social networking addict, can not get away. It's like food addiction there is no escape. Even employers are requiring employees to have social media...

As an experiment, it's worse than Stanley Milgram's little wheeze, it's like a mad drag race with a huge ravine at the quater mile post, you just know it's not going to end well...

As a friend who used to help with rehab near where I live pointed out every time when training new people,

    The problem with drugs is we all know we are not going to get hooked, then we all know we can beat it when we want. We allways know it's not a problem as the bailif knocks down the door, and it's still not a problem when they nail the lid down over our sightless eyes. The real problem is "we all know it's never going to happen to us", because "We all know we are better than everyone else". When you see your first clients remember they are the lucky ones who have figured out "they don't know s4it" and are trying to unlearn "What we all know".

It used to shock a few people but as he would chearfully tell you "If that shocks you, then have you got a surprise coming your way, maybe it's a good time for you to step out of the way".

We need the same attitude to these little boxes we carry around or have on our desks, they are dangerous in ways we have yet to realise, and the lucky ones will be those who figure that out before the lid gets nailed down...

MikeADecember 29, 2018 1:51 PM

@Clive, @Faustus

In re "social media addiction:

Shut up, be happy. Obey all orders without question. The happiness you have demanded is now mandatory.

-- Jello Biafra, 1987

ZedDecember 29, 2018 2:35 PM

@Faust

"Would we honor the subpoena if China subpoenaed the CEO of IBM?"

Would we ignore it, then send the CFO through Chinese jurisdiction expecting nothing done?

Retarded.

FaustusDecember 29, 2018 2:46 PM

@ Clive

You conflate Facebook with email and the phone and it confuses the issue.

Some access to a phone, although it could be a dumb phone, or a landline with an answering machine, is necessary unless you are a hermit. Email is probably necessary if you are in a tech related field. But I have thrived without Facebook, Twitter, Instagram, Snapchat, or whatever. I do have a basic presence on LinkedIn for business purposes but haven't logged on in a year.

I stick my foot in the waters every couple of years to see if I am being an idiot not using these tools or to try to understand a social phenomenon.

Facebook controls what you see, even your own stuff. I dislike it immediately. And they obviously don't respect your privacy at all and are full of b.s. about it.

Twitter is even worse: I'd summarize it as smart people saying dumb things loudly. And I could feel the neural draw of waiting for those likes to come in. It was beyond disturbing and I stopped.

I simply would not work for an employer who insisted I use social media. When employers offend me I happily quit and never fail to get myself a nice raise in the next job.

We are an addiction prone animal. Drugs are addictive, the drugs they give you for drugs are addictive, even antidepressants can be nastily addictive.

But addiction does not make choice impossible. Most addicts eventually stop. People like to blame addiction for actions that they choose that are socially unpopular. When people really want to stop they usually can. The 12 steps are a pretty effective approach for stopping addictions when you really want to.

The addiction rhetoric makes me uncomfortable. I think it validates an unnecessary powerlessness. But this is my opinion. I just erased several paragraphs realizing that I might cause hurt to people who are already suffering. So I'll stop here.

Sherman JerroldDecember 29, 2018 3:06 PM

For years we have been advocates of objective assessment of personal participation in the social media circus sites. We have 2003 motorola dumb phones that we only use for critical communication. Some of the views expressed on our Heroic Heretic site will no doubt upset/anger some, but there is an animated gif on the left with a white background that was put there years ago that explains our position:

url broken for security sake:
ht tp://www.omnigma.org/heroic/heroic2.htm

Responsibly (and now vulnerably) yours Sherman Jerrold

bttbDecember 29, 2018 4:14 PM

From the start of "Exclusive: Russian Ex-Spy Pressured Manafort Over Debts to an Oligarch", http://time.com/5490169/paul-manafort-victor-boyarkin-debts/ :

"When the U.S. government put out its latest sanctions list on Dec. 19, the man named at the top did not seem especially important. Described in the document as a former Russian intelligence officer, he was accused of handling money and negotiations on behalf of a powerful Russian oligarch. The document did not mention that the man, Victor Boyarkin, had links to the 2016 campaign of President Donald Trump.

A months-long investigation by TIME, however, found that Boyarkin, a former arms dealer with a high forehead and a very low profile, was a key link between a senior member of the Trump campaign and a powerful ally of Russian President Vladimir Putin.

In his only interview with the media about those connections, Boyarkin told TIME this fall that he was in touch with Trump’s then-campaign chairman, Paul Manafort, in the heat of the presidential race on behalf of the Russian oligarch. “He owed us a lot of money,” Boyarkin says. “And he was offering ways to pay it back.”"

FaustusDecember 29, 2018 5:11 PM

@ MikeA

I'm sorry I posted this as you originally. @Moderator, sorry to waste your time, but your magic wand on the first post if you have a chance, please.

Jello! In a special fair use tribute to the copyright authoritarians of the EU:

Zen fascists will control you
Hundred percent natural
You will jog for the master race
And always wear the happy face
Close your eyes, can't happen here
Big Bro' on white horse is near
The hippies won't come back you say
Mellow out or you will pay
Mellow out or you will pay

California (or Brussels) Uber Alles

WaelDecember 29, 2018 5:33 PM

@Faustus,

Nice, +1 :)

Mellow out or you will pay
Mellow out or you will pay

Suggestion because I dislike repetition:

Mellow out, we would say
Simmer down, or you shall pay

Clive RobinsonDecember 29, 2018 5:36 PM

@ Faustus,

You conflate Facebook with email and the phone and it confuses the issue.

Only a little, and not as much as many people do...

The point I'm making is that it is increasingly difficult not to play, the Internet connected computer and mobile phone game not just socially but professionally as well...

I don't do social media, I don't do email and I don't answer the mobile when it rings unless I know the number because I have hearing issues. Thus I don't tell people I have a mobile because it's often off or on silent, so there is no point telling them. Those that I think need to know how to get hold of me can.

Apparently this makes me "difficult to get hold of" or "puts my life in danger" or... a long list of other reasons. Even when you tell people you are not going to pay for something you are not going to use you get "but you can get pre-pay and that...". You should see the look of horror when I say to people, oh send me a letter you've got my address...

There is some kind of sick perversion that has arissen in society over the past few years for being "always reachable". The simple questions are "Why?" and "Who does it serve?" certainly not me.

When you get to the bottom of it, it appears to be an excuse for people to not be reliable or think in a sensible way. After all why take the effort to be on time when you can phone ahead to say you will be late. Or when making an appointment not have fall back opptions.

Doing these things used to be normal and sensible and taught a degree of self reliance, the same as being able to read a map, look up a train or bus time in a paper time table, or even read a newspaper. And still stand you in good stead when the power goes out due to lack of maintainance, or the phone network gets blocked or out of range, or somebody loses it and ends up under a train as happend just a couple of weeks ago bringing most of a railway network to a compleate stand still.

It's no wonder people are stressed out all the time because their lack of responsibility to do a little forward thinking and planing has made a rod for their own back.

But that still does not account for the obsessive "must have ego stroked now" behaviour of a goodly percentage of the population, who must instantly respond the moment they hear a ring, like the alleged response of Pavlov's dogs. Usually over something not just completely inane but frequently presented in a bostful way.

How do I put it, I don't need to know you are in a swanky restaurant, I don't need to know what you think of the fixtures, fittings and other persons there. And I most certainly don't need to see a photograph of the plate of food you are about to eat. Unless of course you want me to text back,

    On the top left, is that a leg of a cockroach I see?

And guess what I realy don't feel the need to share a photo of my smoked salmon sandwich with lettuce and hand made lemon mayonnaise I'm about to make, even though it will be made tastefully with the crusts removed and a little light green salad with a sweet balsamic vinaigrette and a little sprig of parsley on top. Because I'm sure you can imagine the look, taste and smell of it for yourself... Oh and I must not forget to add the little fan of sliced avocado around the cherry tomato and garnish it with a sweet and crunchy deep fried locust.

FaustusDecember 29, 2018 5:54 PM

@ Wael

Good edit! And cross-connection!

@ Clive

It seems we largely agree. I believe it was Nicholas Taleb, rogue wall street trader, philosopher and a contrarian I think you would enjoy, who observed:

If you are always available you are a slave

(Very approximate, by memory. His phrasing was probably more pleasing. If it was him.)

We are all either lotus eaters or locust eaters. Bon appetit!

WaelDecember 29, 2018 7:54 PM

@Faustus, CC: @Rach El,

Good edit! And cross-connection!

Strange. Sounds like "Auld Lang Syne", which I was thinking of doing!

Clive RobinsonDecember 29, 2018 8:05 PM

@ Faustus,

As I collect quotes/saws/sayings for fun[1] I thought I would Google the slave saying...

Well if Google is anything to go by you can now claim those words as your own quotable quote ;-)

But in amongst the results was this,

https://www.vox.com/science-and-health/2018/3/27/17085282/technology-facebook-social-media-sherry-turkle

I'll let others work out the odds... It does however have a certain ironic quality, not lost on the author as the interview was carried out across Skype...

[1] I also collect "oddities" that is things that fill the "exception that proves the rule" etc. Well today I was reminded that as I often say "English is a lazy language" (which is why it's hard to learn ;-) but it occasionaly has exceptions to trip over...

As "a rule of thumb" English words are "gender neutral" only, that is English tends not to have gramatical gender even though a sizable chunk is derived from French. So we don't have "female manliness", or even male spoons and female forks (which must have been fun to decide what gender a spork is ;-) But what of "parvenu/parvenue" that extra "e" is on the female gender of the word...

Oh a note on spelling which I am occasionaly accused of abusing from both sides of the pond... It's actually an "American thing" started by some bloke called "Noah Webster" who through his "simplified spelling movement" caused no end of problems in an attempt at "vive la difference" on the assumption other people would care. Problems such as removing silent letters (colour/color) reversing some letters (center/centre), Oh and the classic replacing double letters with single but not in Native American words (but he's not responsible for S -v- Z). Oh and ironically with some three hundred odd revisions of his simplified spelling list, nobody was spelling anything correctly as they could not keep up ;-) But if we look at English historically nobody realy gave a fig about spelling even William Shakespeare would spell the same word two or more ways on a page, even his own name has been spelt differently. So my defence in future is "Doing it the bard's way" or more snootily with the de rigueur plummy voice "In England, it's traditional, and tradition is important!" :-)

@Wael please add this to your link list, I may need it in future, should I survive 0:)

WaelDecember 29, 2018 8:27 PM

@Clive Robinson,

please add this to your link list, I may need it in future, should I survive 0:)

It's a binary search tree, chief! Keywords committed to memory.: "Noah Webster", "spork", "gender". We're good to go. Hopefully you'll survive for a long time, before you see the grim reaper[1]

[1] It's said that the dying person sees the death angel, and (the scary part) you see him taking your sole out. Your eyes follow it, too. Perhaps the reason the eyes roll up at death time (one of my favor subjects.) ;-) Oh, he doesn't look pleasant, btw. Ever wonder how the "grim reaper" dies? I know ;)

Oh, wait a second! You don't believe in that stuff! Lol :)

Clive RobinsonDecember 29, 2018 8:56 PM

@ Anders,

Sorry, but this is also a security issue ;)

Whilst cold injuries are a serious issue[1] the British Army does have a saying,

    Any fool can be cold and uncomfortable, it takes a wise man to be comfortable in all conditions.

Which a few survivalists with their "go bags" recomendations realy realy should sit down and think about[2]. Tweey little lite weight walkers bags stuffed with high carb high fat food will not keep you warm. Decent socks and gloves[1] can if your other gear is right especially the boots (and remember the waterproof boot polish).

[1] If you suffer from one as I do where it slows healing a lot you tend to be carefull, it's why I used to carry five pairs of different gloves and three sets of socks. Oh and don't wear cotton socks you are asking for trouble. Wool, silk and synthetics are generaly fine as they don't bobble up or hold moisture in the way cotton does which can lead to nasty blisters or "trench foot". Oh and wear the socks inside out, that is with the seams turned outside, and remember the light dusting of baby powder every day as it takes 2-3weeks of solid walking for your feet to toughen up.

[2] In the US the "Alice Pack" used to be the "go to" back pack along with webbing. These days it's the "MOLLE pack" unless you are out in the bush for less than a couple of days. I still use my SAS/Para pack these days as it's got the extension for the radio kit. It's OK for a week or more in temprate but the larger MOLLE is one I'm looking at for more serious outings for when 0 or below is to be expected or the norm.

Clive RobinsonDecember 29, 2018 9:57 PM

@ Wael,

Oh, wait a second! You don't believe in that stuff! Lol :)

I don't believe in deities, but we have a multitude of life on this planet we don't yet have a reason to think we are unique[0]. That said whilst religious belief is optional in life death is not (so far).

I don't happen to believe in an "arfter life" as Christians and many other faiths portray one. Because it is neither logicaly consistant or alows for the normal human traits.

What I am quite curious about is the change between living and dead and what we call conciousness.

If we accept that the simplest piece of information the bit needs a minimum amount of energy then the cessation of thought would potentialy involve a loss of energy. What that energy is and how it is lost is open to debate.

Which means that what you consider the soul could be that energy. We also know that strange things happen in the brain when it is under stress, also the optic nerves are quite sensitive to other stimulus[1]. So it's more than possible there is some basis to the "Angle of Death" and "Going into the light". As for "crossing over" that notion as far as we can tell predates even deities. For various reasons I think it may be the case that our physical universe is a subset of an information universe, which as a consequence allows the likes of multiple if not infinite physical universe images etc[2]. But also alows for rather more than infinite amounts of information[3].

[0] On the hypothesis their is "a creator" you quickly run into a problem. Time as far as we know it started with our universe. Therefor such "a creator" existed befor our time. We know of no way to look back before the begining of our time, thus from our perspective we can never interact with an entity that is "a creator". So the existance of "a creator" is somewhat moot.

[1] This is easily denonstrated and has been used by fake messiahs and cult leaders to give people "visions". If you close your eyes and apply gental preasure you will see checkerboard patterns and more in eerie light, that can after a moment or two build up into a Dr Who type "time tunnel" visual effect. The fake messiah implies that the supplicant is starting on a journy to meet a deity etc, but does not get there because of the supplicants will etc etc put $100 in the plate as you go out the door...

[2] It's actually quite easy to see that our finite physical universe can only hold a finite amount of information as any one moment. Thus the issue of making and destroying information arises which conflicts with other views of the physical universe. Thus the question occurs that whilst matter and energy is --assumed-- bounded in our physical universe, the same is not of necesity true of information, which could just flow from one physical universe to another much as current does through individual components in a circuit getting changed as it does (as an inadequate analogy).

[3] Mathematicians in principle have shown that there is an infinity of infinities and more besides, hence there is plenty of room for information.

ThothDecember 30, 2018 2:27 AM

@Wael, Clive Robinson

Wael said: "you see him taking your sole out."

Ouch ... so upon dying we must endure mutilation of our feets by some unseen creatures ?

This is horrible.

ThothDecember 30, 2018 2:35 AM

@Clive Robinson, all

Any recommendations on chip architecture that can be used as alternatives to the current trinity of Intel, AMD and ARM based architectures that are currently in active production for use in a general purpose standalone chip architecture ?

I was thinking the following that are still in production:
- AVR32
- PowerPC (NXP based)

Some ideas include building a general purpose personal computing device with user interface, windowing and networking ability on probably a stripped down Linux ?

I see so many so-called security enhanced smartphones which are still using the dreaded ARM architecture with it's (Un)TrustZone Security and they simply take a Linux or Android and do some software changes and call it a secure smartphone.

I was looking at NXP's 64-bit PowerPC chipsets and they all have some form of ARM (Un)TZ inside these days and it's not going to be fun to have a "Management Engine" or "Ultimate Root" in a hardware chip that listens to everything.

Maybe the only choice left is AVR32 and deal with the slower 32-bit speed say for a general purpose device built for lightweight usage ?

rechercheDecember 30, 2018 3:07 AM

An event that's happened in the last couple of days, that's
perhaps tangentially related to Australia's Really Bad
Recent Encryption-Backdoor Law:

Gentlemen, I have at least a partial answer to the question
of what's "Un-Australian":

URL: https://mobile.abc.net.au/news/2018-12-29/neil-prakash-stripped-of-australian-citizenship/10672806

Partial Text:

The Australian Government has stripped Neil Prakash of his citizenship for his affiliation with the Islamic State (IS) group.

Prakash is currently in jail in Turkey, where he faces multiple charges related to being a member of IS.

[...]

The 27-year-old becomes the 12th dual citizen from Australia to have their citizenship ceased for actions contrary to their allegiance to Australia.

Prakash — who was born in Melbourne — had his Australian passport revoked and the Government has previously attempted to extradite him to Australia from Turkey.

Deputy Leader of the House Darren Chester said the Coalition made no apologies "for being tough on terrorists".

"I think the Australian public would expect the Government to revoke Australian citizenship rights of people who act contrary to that," Mr Chester said.

"Australian citizenship gives you rights but responsibilities. Responsibilities around allegiance to Australia and not consorting with terrorists organisations."

Victorian Police minister Lisa Neville welcomed the move by the Federal Government: "This is an individual that Victoria Police have been very, very keen to see extradited back to Australia to face the charges, and to face the community of Victoria.

[...]

According to senior counter-terrorism officials, Prakash was a pivotal figure inspiring and encouraging terrorist plots in Australia.

He appeared in IS propaganda urging attacks in Australia and has been linked by the FBI to a failed plot to attack the Statue of Liberty in New York.

Prakash is the subject of an Australian Federal Police arrest warrant for "membership of a terrorist organisation", "advocating terrorism", "providing support to a terrorist organisation" and "incursions into foreign countries with the intention of engaging in hostile activities".

Remember, boys and girls: The Government needs to have "backdoored" encryption (or perhaps some functional equivalent, like being able to selectively install malware/keylogger on target machines) as a core part of its' shiny-new Encryption Law.

Funny how even without the law being passed, an individual of considerable interest, such as Prakash, seems to have been identified, tracked and captured. (FBI seems to have helped, too! Imagine!)

Now that any machine can be secretly subverted (according to the new law), be more careful in what you type, what websites you visit, who you engage in chat with, etc. etc. etc.

You just might end up finding yourself stripped of your citizenship, including all rights conferred by that status.

You have been warned.

-- recherche

mesrikDecember 30, 2018 3:41 AM

FYI,

Daniel J. Bernstein (djb) and Tanja Lange gave talk on Friday (28.12.2018) titled
The year in post-quantum crypto at the ccc.de - 35C3 Refreshing Memories
congress. It's a nice review what's happening that field.

The video for those interested.

:-) riku

--

WaelDecember 30, 2018 4:37 AM

@Thoth, @Clive Robinson,

feets

Clever!

Hmm: foot, feet, feets (more than one set of feet.)

And it may get hit by a plane during its ascension, if the person is unlucky. Soul-shattering event, too -- unless the person has flat feet

have some form of ARM (Un)TZ

I don't see TZ to be particularly concerning. I think it's a good thing!

FADecember 30, 2018 5:02 AM

@Wael

> I don't see TZ to be particularly concerning. I think it's a good thing!

I agree. Contrary to what @Thoth seems to imply in all his posts, it's very different from things like Intel's ME, and it is well documented.
A basic ARM processor boots into trusted mode, so you actually have access to it, and you can use it to your advantage. The only problem occurs when you have a SOC with a built-in boot loader that switches to normal mode before loading your own
code.


Alyer BabtuDecember 30, 2018 5:52 AM

@Clive Robinson, @Wael et al

you quickly run into a problem

May I recommend (again) for all those considering questions of the existence of God, the soul, matter, form, infinity etc. the book Joseph Owens, An Elementary Christian Metaphysics (recent reprint edition ISBN-13: 978-0268009168). It is a philosophical investigation, of questions in the science of being, following Aristotle and Aquinas. (The “Christian” in the title is there because the philosophical issues discussed are of particular interest to Christians; the discussion is not “faith based”.)

Clive RobinsonDecember 30, 2018 8:29 AM

@ Thoth,

I was looking ... 64bit... chipsets and they all have some form of ARM (Un)TZ inside these days and it's not going to be fun to have a "Management Engine" or "Ultimate Root" in a hardware chip that listens to everything.

Even assuming that the extra CPU's inside are benign, you don't know if they are, can not show if they are, or prevent them becoming active against you in some way in the future. Put simply if they are not 100% under your control and provably so, then they are a security threat that has to be mittigated.

Thus the question is "How?".

The simplest and first way to consider is by not using them in the first place. The second is to find some way to fully issolate them such that an attacker can get nothing into them or out of them, this can be problematic not just in aranging but using The third way is by issolation with mandated and instrumented data flows into and out of them, this can be even more problematic arranging than the second method, but is more aligned with general usage. The fourth way is to not mitigate the machine but the information which is a subject that would fill a few books by it's self.

My advice generally flips between them all depending on your foreseable requirments.

But lets look at a simple user who wants to write letters, do a few spread sheets and read and perhaps use documents sent to them by others. All of that was quite happily done on an Apple ][ with an 8bit 6502 CPU clocked at 1MHz and as little as 32K of memory (more was needed if you wanted to use floppy drives)... Thus the question arises as to why do we need 64bit CPUs running at 2GHz clock speeds with more L1 cache than the Apple ][ had maximum memory, and upto hundreds of gigabytes of RAM and tens of terabytes of solid state storage?

To take it a step further the PDP11 was a 16bit CPU with a hundred K or two of RAM and could run several OS's one of which was a multi-tasking operating system that could suppprt 16 terminals and is still around today which is Unix, and at the command line it realy has not changed very much.

I have at home locked up out of harms way a "portable computer" from the mid 1980s. It is basically the same sort of user spec as the Apple ][ but the CPU is internaly 16bit and runs over four times as fast, there is ten times the usable RAM and the floppy disks are not just smaller they are faster and hold around four times the data. But in use it actually feels slugish compared to the Apple ][... Oh and software wise it's certainly buggier. However I get more of a "screen oriented" rather than "line oriented" display that can almost be a WYSIWYG interface in some programs, a spell checker and quite a few more commands and features I neither need nor use.

I could go on through other computers but the trends are there a richer look and feel and features you neither use or want at the expense of less reliability... That ultimately is what that honking great monster of a CPU, RAM and SSD gives you...

As I've mentioned before you can buy for around $1 a 32bit microcontroler with inbuilt RAM, ROM and I/O that will give you better performance than a Micro-Vax, run a later version of Unix than the Micro-Vax, directly support 4users on terminals, can be networked with a little extra hardware and can suppprt several SPI based memory cards, and even a USB interface... If you felt like putting it together then it could be made to fit in a box around the size of a box of "Cooks Matches" though getting all the connectors on might be a tads difficult.

Thus my advise for the first option is ditch the mobile phone / pad / laptop / workstation / server CPUs and look how you would do "Microcontroler" based computing.

The point being currently they don't have those second CPUs as they are not seen as "user CPUs" just "hardware controlers" for your car, washing machine, microwave and even steam iron to replace old mechanical switches and relays, so nothing of interest to the Spooks. Also they are generally to price sensitive to waste chip area on such nonsense.

For the second option I've talked about "energy gapping" and "using old hardware" a number of times in the past. The problem is some CPU and motherboard chips getting on for a decade and a half old had some of these second hidden CPUs etc in them. Thus unless you know what you are doing with a Dremell drill or craft knife the chances are good there will be RF hardware on there which makes "energy gapping" a right royal pain, in that you need to build a cage to sit in...

Worse there is now more than enough malware code around to show that your work flow is either going to be very very limited, or at risk from removable media etc.

Which brings us to the third option which is as problematic physically as the second but trys to find ways to have safe energy gap crossing techniques. I've talked about "Paper Paper never data" and it's implications before. Put simply for a very limited bandwidth you can print out text on the unsafe side of the gap, carry it to a scanner and using OCR software and a scanner get the printed text back as data, it does however tend to have a high error rate compared to other methods but it does the job more effectively than "copy touch-typing" for most people. Importantly it alows a human "to see" what is being transfered thus effectively putting them in the loop.

Other methods involve building data-diodes, data-pumps and data-sluices, and instrumenting them in various ways to mandate a data transfer policy to reduce --but not eliminate-- the potential for data leakage / malware in channel or out of channel. These subjects have been discussed before, and having built some of my own with off the shelf microcontroler development kits it's a job for someone with a mixture of above normal engineering skills to get right.

Obviously avoid the "hobby / Maker boards" as these often use ARM chips these days. They will also be the first microcontrolers targeted should governments get more paranoid / authoritarian.

As for the fourth option I see this "in addition to" the other three mitigations not "instead of". But often you may have no choice and it's choice the PC / mobile industry is loosing, to the benifit of authoritarians of all stripes... Ultimately it is this mitigation that will kill "general surveilance" as you can ultimately do some of the foirth mitigation techniques without the use of technology that can be "back doored".

Clive RobinsonDecember 30, 2018 9:10 AM

@ Anders,

AN/GRC-109

No for the same reasons the US Army stopped using them over a quater of a century ago.

Morse might be fun for some, but it's oh so slow, worse it's bandwidth and power inefficient compared to modern specialised data modes that can have upto a 36db advantage on it (think around 1/4000th of the transmit power to work the same link).

Have a look at something like FT-8

Way back in the 1980's data comms had switched from morse to the likes of the UK's Diplomatic Wireless Service "picolo" 6tone system. As I've mentioned in the past I was involved in the design of such a system using a Z80 CPU.

Things have definitely moved on a long long way from the half century or so ago of the "Swinging Sixties".

Which reminds me next year is the 50th anniversary of the first moon landings, having watched it on TV live, it kind of makes me feel old and creeky as I stomp along on my crutches and think about which will be my next mountain[1] :-)

I've heard a rumour that they are talking about doing an Earth-Moon-Earth (EME) transmission out of the radio telescope at Bocham in Germany. It would be nice if they did as it means others can join in the fun as antennas are the thing that stops most interested in trying EME, the Bocham dish would give a much better than normal ERP at the moon so an easier signal to pick up. After all they've already done Earth-Venus-Earth...

[1] For health reasons (blood clotting issues) I'm not suppsed to go more than 3-4000ft ASL so I have to pick with care.

So are we more secure?December 30, 2018 9:27 AM

NSA seems to be quite open about domestic surveillance, on this page from their Domestic Surveillance Directorate.

Under the section "Our Partners" the text says:

Domestic Surveillance is a team sport. Our success depends upon our partnership with other federal, state, and local agencies. The USA PATRIOT Act was passed in 2001 for the purpose of "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism". This far-reaching law gave us a wide range of new tools to detect and prevent terrorism. Our partners transmit a steady flow of intelligence information 24-hours a day from across the nation. The incoming data is indexed, stored, and shared throughout the Intelligence Community on our massive cloud computing network.

The screen shot below above text lists the following companies under "NSA Strategic Partnerships":
- AT&T
- CISCO
- EDS
- H-P
- IBM
- Intel
- Microsoft
- Motorola
- Oracle
- Qualcomm
- Qwest
- Verizon

Further down the page talks about the National Counterterrorism Center (NCTC) and describes it as a partnership of more than 16 organizations including the CIA, FBI, State Department, Defense Department, Homeland Security; and other agencies that provide unique expertise such as the Departments of Energy, Treasury, Agriculture, Transportation, and Health and Human Services.

About the NCTC the text then says that:

The NCTC is the primary organization for analyzing and integrating all foreign and domestic terrorism-related intelligence possessed or acquired by the United States. It was also recently given the authority to examine the government files of U.S. citizens for possible criminal behavior, even if there is no reason to suspect them.

WaelDecember 30, 2018 9:28 AM

@Alyer Babtu, cc: @Clive Robinson,

you quickly run into a problem

I don't run into any problems; ymmv. It's quite the to the contrary: to explain the existence of the universe and mankind without a creator is quite problematic. No one has suggested any viable alternative theory. As for the book, I have an unmanageable list on my stack that I haven't had the chance to finish. Perhaps I'll book-mark your recommendation for a later time - thanks.

(The “Christian” in the title is there because the philosophical issues discussed are of particular interest to Christians; the discussion is not “faith based”.)

I am not a Christian, and that will not stop me from reading Christian literature. I probably read more Christian literature than the average Christian. I've also made some Christian' books recommendations in the past.

TatütataDecember 30, 2018 9:43 AM

To take it a step further the PDP11 was a 16bit CPU with a hundred K or two of RAM

PDP11/23: maximum 224kB, the rest of the 18 bit address space being reserved for I/O.

and could run several OS's one of which was a multi-tasking operating system that could suppprt 16 terminals and is still around today which is Unix, and at the command line it realy has not changed very much.

Another option was "TSX-Plus", a third party extension which runs as an application running atop DEC's own RT-11. According to the link above, like Unix, it is also still around today.

TSX was somewhat flaky, and crashed more often than not, happily corrupting a user's private disk space allocation, which was implemented as a container file on the host RT-11 (there was no notion of directories in the host OS, IIRC). I was popular at retrieving these with a sector editor, doing octal address math and RAD50 file names conversions.

One could be literally spoiled with the MACRO-11 assembly language. I had at that point experience with the 6502 and Z80, and naively thought all 16 bit processors were as regular, logical and just beautiful as the PDP-11. Alas, I hadn't been acquainted yet with the 8086 and its derivatives. :-(

All of that was quite happily done on an Apple ][ with an 8bit 6502 CPU clocked at 1MHz and as little as 32K of memory (more was needed if you wanted to use floppy drives)...

You mentioned on another week that 6502s are still running as embedded cores on chips. The notion of a 6502 potentially running at 10 or 100s of MHz kind of boggles my mind, although there was a Matsushita derivative with additional instructions that also ran somewhat faster. I wonder whether the cores you mentioned try to reproduce the quirks of the Mostek instruction decoding ROM (providing undocumented opcodes)

albertDecember 30, 2018 9:56 AM

@Clive,

A spork is transgender. It less efficient than either a male(fork) or a female(spoon).

OT(as if this topic isn't already OT): I've noticed non-French speaking Canadians deliberately mispronouncing French words, like dee-bris for debris and sabatahj for sabotage.

A humourous but well done SR-71 story(video not required to enjoy):

ht tps://youtu.be/Lg73GKm7GgI

Cheers,
. .. . .. --- ....

WaelDecember 30, 2018 9:57 AM

@FA, @Thoth, @Clive Robinson.

I agree. Contrary to what @Thoth seems to imply in all his posts, it's very different from things like Intel's ME, and it is well documented.

Very true, at least as far as I currently know!

A basic ARM processor boots into trusted mode, so you actually have access to it

Sometimes. Not always the case. I am aware of some Phone manufacturers that have opened the TZ interface to the general development community. I am not in a position to name names, you can do the search -- it's public information.. You're apparently aware of it. Some other OS providers have done the same, to some extent.

and you can use it to your advantage.

It's been done. There are several options: eSE, TZ, TPM, Cloud storage of credentials plus device authentication (currently weak authentication, in most implementations I've reviewed.)

The only problem occurs when you have a SOC with a built-in boot loader that switches to normal mode before loading your own code.

Without further elaboration, I'd say: it's one of the problems

Like @Clive Robinson mentioned: the only viable protection (in the hands of the average non-technical user) is "isolation"; he calls it "energy gap", which is an appropriate term -- better than "air-gap". Also, I'm not a fan of using older HW. Had that extended discussion with @Nick P and @Clive Robinson back in the day. Then how will one be able to tell if the older HW is really manufactured at the claimed date? Easy to make new chips and mark them as older ones. Or is the suggestion to get the hardware out of older computers? Impractical, at best. Then again, what kind of stuff am I working on to require this level of paranoia? Don't get me wrong: I wear a straitjacket 7 days a week, but there is paranoia, and there is paranoia (boogie boogie!) Some wear tinfoil hat and others that crossed the paranoia line wear Depleted Uranium hats ;)

TatütataDecember 30, 2018 10:11 AM

And of course there's mandatory image to loo at : "Refueling G-43 Generator"

This object was called "la gégène" in the French army from the 1930s on. "Gégène", which is sometimes used as a diminutive for "Eugène", is a cutesy word for "générateur", but which eventually took a more apropos meaning, as the suffix "gêne" also means "discomfort". It became (in)famous in the period of the Algerian events, sorry, war, for its use in torture.

A generator of this type can clearly be recognised in a certain scene of the "The Battle of Algiers, although it wasn't the only model employed.

Pontecorvo's 1966 film was shown to US officers in the preparation of Gulf War II. Is it really such a surprise that NCOs could/would come up with similar ideas at Abu Ghraib?

Another MouseDecember 30, 2018 10:30 AM

@zed
Thats why the rest of the world loves the yanks for their world police attitude.
Come on wtf its like kindergarten...

There's just a handful of countries with sanctions on iran in place but no one is trading with them coz of fear of our big role model in the west...

Sick world

roberts robot doubleDecember 30, 2018 12:36 PM

@Clive

>> I don't happen to believe in an "arfter life" as Christians and many other faiths portray one. Because it is neither logicaly consistant or alows for the normal human traits.

Here is the logical consistency: every interaction we have with the Earth and each other has an evaluation function that returns positive or negative or zero. This evaluation is based upon the degree to which we are compassionate (+) or selfish (-). Over the course of our lives we are responsible for expanding our understanding of this in-built karmic system and thus making better choices (for we certainly have free will). When we do wrong to others, the zero-sum result is a transfer of karmic degrees; OTOH, positive actions are not zero-sum and are thus bounded only by our opportunity, means and will to carry them out. As well, performing self-evolving spiritual practices results in positive degrees for they enable us to level-up our moral compass and the choices that result.

[And, yes, we are moral creatures for it is not only intrinsically understood that, e.g., punching every stranger we meet in the face is *wrong*, but we understand that a person who doesn't have such an understanding (or fails to admit it) has a pathology that is destructive to society. Yes, there are certainly a great deal of moral grey areas, but our ability to communicate abstract concepts, learn new ones and then implement new behaviors by improving our ideals thusly is related to our individual responsibility to perfect our moral compass.]

The entire purpose of religion (and there are many forms of the baseline Religion of Universal Compassion and Service) is to (1) perfect the morality of the individual, and then to (2) perfect the human society within which we necessarily live. The purpose of this purpose is for *ALL* human beings to have the luxury of enjoying this magnificent creation, whether it is at the level of human physical enjoyment or in the arts or science or abstract mathematics or toolmaking. They key is that we need to live in communities to survive and that we must be mindful of each other's happiness and the effects we have upon the Earth itself, being compassionate for our future generations. (Note that pleasure and enjoyment are two different (if usually intertwined) things, where, e.g., there is the ability to take perverse pleasure in the selfish oppression of another person's body. That is not enjoyment but merely dark pleasure. See Charles P. Pierce for his explanation of this current regime's m.o. with regards to this concept.)

Of course, refusing to accept that we are judged for the totality of our life's deeds will lead to erroneously concluding that the lack of 'instant karma' means that there is no Law of Karma whatsoever; or, as you put it, not having logical consistency. Your current lack of understanding of the reality of the Law of Karma is no different than a classical physicist denying the advanced ideas of Boltzmann or Einstein. Note that well over 90% of current human beings, whether they claim to be religious or not, have self-selected themselves into this group of talented mammals. To be truly human, one *must* embrace universal compassion and self-evolution by connecting within to our Creator via the mechanisms extant in this universe for doing so. Sure, we each have the free will to choose to ignore the dictates of the spiritual path (that comes in many forms) but the personal and societal consequences for those choices are penultimate in our lives (although "there's still time to change the road you're on").

[And, no, Jesus or Muhammed cannot forgive a person on Judgement Day, for we are judged by what we do with our physical bodies while we live. Such false teachings are the work of the enemy of man, who ever works in the hearts and minds of mankind to sow hatred, enmity and destruction between people and upon the Earth, itself. Just like the misbelief in reincarnation, the devil's first strategy is to prevent people from self-evolving in concert with our Creator. The easiest path to achieve that goal is to tell people that our life doesn't matter. This is why so many so-called religious people fail to overcome their hypocrisies and enmities, their greeds and lusts. When one has no connection to our Creator, one will believe any lie, whether it comes from the mouths of our fellow human beings or from within in our own inner voice.]

As to "normal human traits", we each have both potential for selfless, positive human virtue and selfish, negative human vice. The key is that we each have the choice to break free of our tendencies to vice and transmute them to their corresponding virtue (there are 19 such pairs). Which vices we are personally susceptible to is a part of both our personal make-up ("original sin[ning nature]") and the values inculcated by the societies we grow up within.

All forms of religion can lead a person to personal and societal moral perfection when implemented within the person's heart for the purpose of self-evolution into becoming consumed by compassion to the point that no harm, physical, mental or emotional, results from their actions. This is the most subtle aspect of our reality and is only manifest at the human level. Note that the Law of Karma is the source of each person's happiness and unhappiness, which serves as a basic feedback mechanism to nudge us towards cooperation and away from competition, towards humanity and away from animalism, either the mammalian or lizardine (is that even a word?). This explains the unfulfilment and unease of the person who has not yet entered the spiritual path. As most people are poor, they misattribute these feelings to their struggle, but the well-off never find happiness except in the rare circumstance that they create happiness for others via the virtue of generosity.

Note that, because everything in creation is created with polarity, there are negative spiritual practices that enhance the vices of the heart and suppress the virtues. The direction of the Earth's governments and their policies supports the idea that our leaders are nearly all people who have actively worked to become more ruthlessly competitive. That the abject liars such as Trump can fool so many people is a testament to the perceptual ignorance of the vast populace who treat religion merely as pack membership. Without the spiritual path, the person is stuck below humanity within their mammalian physicality (if not lower, e.g. Weinstein), and leaves them vulnerable to deceipt and oppression. Of course, the so-called religious have likely been taught by ignorant, self-serving (but charismatic) false teachers. Regardless, our cut-throat, broken political fight to nowhere here in America can be seen for what it is only through this lens of truth.

>> On the hypothesis their is "a creator" you quickly run into a problem. Time as far as we know it started with our universe. Therefor such "a creator" existed befor our time. We know of no way to look back before the begining of our time, thus from our perspective we can never interact with an entity that is "a creator". So the existance of "a creator" is somewhat moot.

[I'm sorry this is so long already, but "The Meaning of Human Life" won't fit in a tweet ;-)]

The only problem with understanding the universe and its Creator is hubris. The first understanding *must be* that there is much to Its Nature that is Unfathomable. As you said, there is a threshold after the Big Bang before which we simply cannot comprehend; and, certainly, before the Big Bang is off-limits, not that time has any meaning "then".

Part of being truly human is understanding our limits. We are a part of creation -- a beautiful, magnificent, inherently flawed yet perfectable pinnacle of creation, but a creature nonetheless. So, expecting that everything about the Creator -- of time, space, dimension, matter, energy and the mathematically-precise laws that interrelate them within the perhaps two trillion galaxies of it -- would be understandable should be in the dictionary definition of the word 'hubris'.

What is important -- and, more importantly, *knowable* -- is that we can comprehend the laws that govern this universe, from the quantum realm up to and including the karmic realm that only we human beings exist under. The system that maintains Karma is no less automatic in the universe than General Relativity; it just works at a vastly subtler level, and is only accessible to people who are willing to open their mind and heart to this subtle knowledge, for our free will is the greatest gift and is absolutely honored in our lifetimes, whether we are Stalin or Gandhi.

It cannot be argued that the vast majority of this world's peoples are currently thrashing around without having any kind of clue as to how we should move forward, and that in doing so are allowing the corrupt and powerful to destroy the Earth, itself. It also cannot be argued that here in America, we have never seen a greater leader than Dr. Martin Luther King, Jr. in terms of the ideals he taught. That he, JFK and RFK were brutally murdered teaches us a poignant fact about the power structure in America. That no political group has embraced and extended (but not in the Microsoft way ;-) his dream and put forth a vision that could be planned and actioned is most certainly not because of any weakness or failing of Dr. King's wisdom. No, this is a failure of society to pay more than lip service to the ideals he put forth under great duress and at ultimate cost. That failure is due to disregarding the Source of Dr. King's wisdom, which is nothing less than the Spiritual Path to Universal Compassion and Service.

The Way goes in. --Rumi

AmonynousDecember 30, 2018 2:09 PM

@albert

"A spork is transgender. It less efficient than either a male(fork) or a female(spoon)."

It's actually much more efficient. Also your attempt to link sporks and transgender people is as stupid as anything we should expect from an old ignorant like yourself.


David WalshDecember 30, 2018 4:09 PM

Wael

Then how will one be able to tell if the older HW is really manufactured at the claimed date? Easy to make new chips and mark them as older ones

This is a really good observation

reminds me of the story about Switzerland. Had a whole pile of gold at the end of WWII. It's provenance was not desirable. Solution?
Mint a whole stack of gold coins. Date stamp them 1938. put these nicy shiny unused coins into circulation. easy :-)

FaustusDecember 30, 2018 4:35 PM

@ roberts robot double

I sense your sincerity. And that is a nice Rumi quote.

But your post seems to have warring perspectives: On one hand, we all know what we should do and there is a precise "karma function". On the other hand there is much that is unknowable and we are limited yet perfect.

Together, although contradictory, they point at the non-duality of things, which is the underlying truth, I believe.

I really don't believe things have a specific "good-bad" karmic value. I don't think things are good or bad. If you pay attention, from something bad arises something good, and from something good arises something bad. "Good-bad" is more like a quantum superposition than a single valued function.

Only inorganic things are perfect. If everything were perfect there would be no story of our lives. Struggle and crisis make the story. Nobody goes to see a story (for example) of perfect people having a smooth wonderful relationship. It would be boring.

Alan Watts suggested that original oneness chose to divide itself and mar its perfection in order to allow the story to arise.

"There is a crack in everything (there is a crack in everything)
That's how the light gets in"

- Leonard Cohen


ConjugateDecember 30, 2018 4:50 PM

Isn’t there a browser add-on which automatically clicks on every ad?

Yummy Scarlett Johansson Deep Fake quote:
“The fact is that trying to protect yourself from the Internet and its depravity is basically a lost cause. . . The Internet is a vast wormhole of darkness that eats itself.”


nymag - How Much of the Internet Is Fake? Turns Out, a Lot of It, Actually.
Bots are “faking clicks, mouse movements, and social network login information to masquerade as engaged human consumers.”

The Inversion
In 2013, the Times reported this year, a full half of YouTube traffic was “bots masquerading as people,” a portion so high that employees feared an inflection point after which YouTube’s systems for detecting fraudulent traffic would begin to regard bot traffic as real and human traffic as fake. They called this hypothetical event “the Inversion.”
The results are:
The metrics are fake
The people are fake
The businesses are fake
The content is fake
Our politics are fake
We ourselves are fake

Everywhere I went online this year, I was asked to prove I’m a human. Can you retype this distorted word? Can you transcribe this house number? Can you select the images that contain a motorcycle? I found myself prostrate daily at the feet of robot bouncers...

What’s gone from the internet, after all, isn’t “truth,” but trust: the sense that the people and things we encounter are what they represent themselves to be. Years of metrics-driven growth, lucrative manipulative systems, and unregulated platform marketplaces, have created an environment where it makes more sense to be fake online — to be disingenuous and cynical, to lie and cheat, to misrepresent and distort — than it does to be real. Fixing that would require cultural and political reform in Silicon Valley and around the world, but it’s our only choice. Otherwise we’ll all end up on the bot internet of fake people, fake clicks, fake sites, and fake computers, where the only real thing is the ads.”
http://nymag.com/intelligencer/2018/12/how-much-of-the-internet-is-fake.html

Great article. Similar articles are being published about the g technology controlling stock markets and The World’s economies.

The Case for Open Source AI
The root issue is AI is not being used for The Good of Society. Rather proprietary AI purpose is to maximize shareholder value.
Why not follow the EU’s lead and make it illegal to take data given for one purpose then reuse it for another (without the authors permission).

WaelDecember 30, 2018 5:14 PM

@David Walsh,

Date stamp them 1938. put these nicy shiny unused coins into circulation. easy :-)

It takes teams of competent Hardware and Software engineers (both applications and systems,) Mathematicians, Testers,... to verify the functionality of complex Microprocessors with billons of transistors. And we expect the layman to judge the book by it's cover. Naive view in my book. And still, that ignores other weaknesses, such as genuine bugs in older hardware that have security ramifications. Surely older HW was not bug-free!

SUN Microsystems long ago (I think it stood for Stanford University Network) made the observation that computers aren't that useful if they're not connected. Once you're connected to the grid you're exposed. Some information has to leak, no matter what. Some call it meta-data. The approach to recommend is sensitive material needs to processed on an isolated machine. If the paranoia is high, then put it in a Faraday cage. If that's not enough, then use your own isolated power supply, and "energy-gap" the device (which is not doable, btw)

If you stick to older hardware, say a 466-DX 33: what in the world are you going to do with it? What operating system are you going to run on it, OS2 Warp? WordStar and Lotus 123? Let's say you believe that Open source Operating systems are the way to go, are you going to verify each line of code yourself?

Then there are suggestions to build our own microprocessors from transistors, or manufacture our own transistors! Give me a break!

Sancho_PDecember 30, 2018 5:49 PM

@recherche re Un-Australian

What I find scary here is the upcoming ideology of the top brass, backed by “I think the Australian public …” (what sadly may be true).

It’s the combination of naZZionality and the satisfaction gained by a barbaric, public retaliation.

It’s not that the public must be protected because the guy is a dangerous idiot, simply a mentally ill criminal, so lock him down, case closed.

No, it is the ultimate punishment for any menace to be deprived of Australian citizenship rights, because:

We are pure and fine (Australian) naZZionals, blond, blue eyed, wear brown shirts, but can’t be terrorists.

Hei … sorry, Hallelujah!

Sancho_PDecember 30, 2018 6:00 PM

@Thoth, Clive Robinson, Wael, …

”… say for a general purpose device …”, like a Swiss Champ with integrated password manager and credit card function, but compatible with security? ;-)

I think the main issue is not the HW, until you can stick to machine code / assembler with that CPU.
But the “general purpose”, respectively the use of any multitasking OS, compiled or interpreted standard SW is off limits, as is browsing or third party SW.

And likely there are harsh limits in functionality of that device because of the immense manpower needed to write fancy functionality without a toolchain (copy/paste).

So what we demand (and are used to have) in functionality is limiting device security.
The only way I see is energy gap of useful workstation(s) and manual data transfer via a trusted, simple encryptor.

I prefer the term “energy gap” because it emphasizes the separation more than the common word “isolated” would. However, the world is analog, so I agree that there is a scale from 0 to 100% between laziness and paranoia.

roberts robot doubleDecember 30, 2018 7:10 PM

@Faustus

>> On the other hand there is much that is unknowable and we are limited yet perfect.

Yes, our design is perfect, but that design encompasses both initial moral imperfection and the potential to attain spiritual/moral perfection through persistence of effort and honesty of self-reflection. This is the end result of living The Greatest Commandment as brought forth by Jesus (and paraphrased by myself):

"To love God with all your being, and then to love your neighbor as yourself. Upon this all of the Law and the Prophets rest."

All commands are, by definition, able to be achieved and once the person has become consumed by love, the person has abandoned selfishness forever and has become a pure light upon the Earth. Rumi achieved this perfection and speaks most beautifully about this (and only this) in his writing. This perfection is also spoken of by this beatitude:

"Blessed are the pure of heart, for they shall see God."

Of course, most people are trapped in the devil's lie that human perfection cannot be achieved, thus they never try. The same can be said about software engineering, but I know for a fact that perfect software can be created ~ it just takes a fanatical, brutal devotion to design, coding and testing ;-) This is the same approach we must take with ourselves if we are to reach the perfection we are capable of.

As far as unknowability, it is mostly our Creator that has Unknowability. We human beings are faced with infinities of unknowns (and thus contain unknowables simply because the network of questions cannot be fully traversed within our finite lives, not because anything in this universe is intrinsically unknowable) but those are explorable to some extent within our finite lives because once fully consumed by love we have gained 'superuser' query-response access to the universe's information system (we are the ultimate information processors created within an informatic universe, after all; our brains being the tuner that selects which 'bands' of thought to be engaged with). Once again, Rumi makes mention of this level (and once again, my paraphrase):

"How wonderful it is to be in a constant conversation with You."

To say we are born perfect is in a sense correct, but it is *not* correct in the moral sense. To morally perfect oneself and one's society is the sole purpose of religion.

>> On one hand, we all know what we should do

I don't agree. We have three streams of influences upon our inner worlds: (1) our own internal dialog, developed over the course of our life's inertia, (2) the influence of the Spirit, our conscience, which is the angel on our shoulder, and (3) the influence of our soul's vices, as encouraged by the enemy of man, who plays the part of that other shoulder's devil.

To "know what we should do" is to have the proper understanding of what virtue and vice are and then be able to discern the proper course of action in real-time. That takes not only deep study but spiritual practices to cleanse and purify one's soul in order to develop one's discernment by lessening the ability to be influenced by negativity. This *IS* the spiritual path. Sure, one can learn the simpler cases of right and wrong and then choose the more virtuous path (e.g. to not backbite others or covet their wife), but to truly change one's inner world requires physical changes to our being in order to transmute our soul's heart's vices into their corresponding virtues, thus purifying the conduit from its initial ability to carry an effective (and, really, 'affective') negative signal.

This means that spiritual development engenders physical changes that have a trajectory just as our physical development has a common pattern of progression; the difference is that spiritual change must be self-actualized by hearing The Message and then using our free will to go within and ask our Creator with all our heart to help us to become consumed by love. After that, study and persistence must prevail to traverse the fullness of the path. This is the Sufi Way, and there are Sufis within all forms of religion, in all cultures and all ages of mankind.

Part of that physical change is the sharpening of our subtle abilities to see, hear and understand; only after developing those higher functions of our being's intuition can we truly be said to "know what we should do", although it is true that we are all born with a spirit that counsels us against doing wrong. Note that the universe itself provides the inner turmoil/discomfort in feedback to our wrong deeds as a way of steering us towards the spiritual path.

>> they point at the non-duality of things, which is the underlying truth, I believe.

From one perspective, the truth is that we are all connected in an interrelated "oneness", for sure, as that is the nature of creation as a whole. But every aspect of creation is created in pairs, or with polarity, if you will.

As far as human behavior is concerned, only a fool has the attitude that "it's all good". No, we are moral creatures who must not only manifest morality personally within our lives, but must work to create moral societies for only a moral society can implement justice and peace among all people. Only a moral society forgoes immediate gratifications in order to preserve the wealth, health and beauty of the Earth for future generations to enjoy. Only a moral society can be secure for true righeousness and humble goodness is the greatest power.

This is the paradox of America, whose ideals stand above all others in their theory, yet whose practice has been utterly abhorrent since its inception, with its cruel slavery, then legalized racism, and general ever-present capitalist oppression of the poor and ruination of the environment. Note that hypocrisy is but one of the 19 vices of the human soul.

>> I really don't believe things have a specific "good-bad" karmic value. I don't think things are good or bad. If you pay attention, from something bad arises something good, and from something good arises something bad.

[Just to be clear, I take "things" to mean "human actions".]

No one lives apart from others as no one is self-sufficient, for we are born utterly dependent upon some society, not to mention that our Mother Earth suckles us for the length of our lives. In that context, and the fact that we are intrinsically moral creatures, it is a logical conclusion to understand that our every action is a moral action for they are butterfly wingbeats contributing to greater effects downwind. As such, no one is ever in spiritual stasis, we are either struggling towards perfection or we are contentedly enjoying our station as it exists, and I promise you that the current status quo on Earth is not something anyone should be contented with. Put more simply, we are either ascending or descending, each second of every day, every day of our lives.

And note that nothing bad ever comes of good. Good is an example and is pure in and of itself, but that doesn't mean that the recipient of a good deed will do good with it. For example, you can give $20 to a homeless person, but you are not responsible if they spend it on vodka. No, that is their own responsibility (though we should take care not to foster self-destructive behaviors in others, addiction being one of the other 19 vices of the soul).

You are correct, however, in that good does come of bad. That is because the recipient of an evil deed gains the karmic degrees that the perpetrator loses. When bad happens first, it is a zero-sum game. That is why the lowest level of acceptable response is "eye for an eye", i.e. you are not allowed to overstep the wrong done to you. But "eye for an eye" is the lowest level and is not for people on the spiritual path.

For those of us on the spiritual path, the second level of response comes into play: to "turn the other cheek". That means to not respond negatively to bad behavior. This is important for it is the only effective way of preventing escalation, but it is only for the neophyte.

The third, and highest, level of response is to "love your enemies". Here, the greatest teaching is exemplified, where the conquering force of love is able to shock the wrongdoer by its power and incongruence with our natural reflexive responses.

Beyond the level of teaching correct behavior, these three levels also correspond directly to the karmic equations involved. In level one, "eye for an eye", the wrongdoer (A) gives X karmic degrees to person B, and then B is allowed to give X right back to person A. In level two, A still gives X to B, but B simply keeps his X and goes on his way. In level three, however, not only does B gain X karmic degrees from A but then proceeds to gain Y more karmic degrees by showing love to person A. It is the highest level because it is not only the best karmically for person B, but is also best for society at large. Note also that person A will eventually feel unhappy from their misdeed and person B will feel happier (eventually, even though they certainly didn't like being treated badly), especially if they have the spiritual level to manifest love in the situation.

The key understanding is that the karmic system is not just for the hereafter; it is for immediate feedback to maximize our happiness while we live, while minimizing both our individual and societal unhappiness. It is inarguable that a society that truly adopted Jesus' basic teachings would manifest a happy society, but few people are willing to look in the mirror and self-evolve; most are content to just do enough to claim pack membership and then (wrongly) look down upon others, while believing the lie that their prophet will forgive them on the Judgement Day. This is precisely why Rumi also says:

"You have no idea how little we care about what people say."

>> Alan Watts suggested that original oneness chose to divide itself and mar its perfection in order to allow the story to arise.

I, too, used to believe that theory, but I have since learned that Creator and creation are simply not mixed, so nothing in creation mars our Creator. We are a part of an informatic creation and are constructed to interact with that information, for we are required to seek and use wisdom to perfect ourselves and our societies, in order to help as many people happily explore this wonderful human life and creation in peace.

But you are correct that our story does have a antagonist who is devious and as influential as people allow themselves to also become antagonists by taking part in its negative, selfish, divisive, misery-causing endeavors. We are each choosing sides, each day, as to which part we will play in this grand story of humanity (currently steeped in much inhumanity, humanity the quality being thin on the ground, indeed).

The protagonists are humble yet striving, compassionate yet stern and live their lives to see "On Earth as it is in Heaven" manifested for one and all human beings, irrespective of form of religion (including none at all), ethnicity, sexual identity or preference -- our only beef being with the oppressors of this world who harm others. It is up to each and every one of us to connect within to our Creator in order to align ourselves with It to use our fantastic technology to free people from misery and forge a future that does not destroy the Earth for our future generations.

Thank you for this opportunity to serve you, and thank you, Mr. Schneier, for allowing me to share this essential brick in our future's foundation. In the truest sense, an altruistic human heart and mind are the only foundation for security as it is only 'bad actors' that we have to secure our systems and premises from. And, as our continuing security debacles demonstrate, we not only need very clear minds to design our systems but we need pure, honest hearts that can understand our enemies' motives, intentions and methods.

One of my recent, deeper understandings as to the meaning of this world's general denial of these truths is that until a person accepts the truth of and then begins the spiritual path, they are simply incapable of understanding that there are negative spiritual practices that can make a person more negative, even if those practices consist of just a lifetime of, e.g., taking pleasure at the power they have over others and the discomfiture that results.

The nature of the woman who runs DHS vis a vis their horrifically evil child separation policy reminds me of the Robin Williams joke about some prescription drug's claim that explosive diarrhea is a side-effect of its use.

"It's not a side-effect, it's an *EFFECT*."

Thousands of children holed-up in tent cities in the middle of the chapparal is not a side-effect of this administration, it's an effect.

As moral creatures in a world of so many confused, selfish human beings with their own free wills, we must tune ourselves to justice and compassion and band together across all divisions to create a secure world society that promotes lasting peace and happiness for *ALL* human beings. Our happiness depends upon it, and its achievement depends upon each and every one of us having clear minds and compassionate hearts.

Bruce SchneierDecember 30, 2018 7:41 PM

I'm not going to delete the comments, but can we please draw a line here and end the epistemological and metaphysical discussions.

Surely there are better places for that on the Internet.

Thank you all.

Rach ElDecember 30, 2018 7:52 PM

Wael

nice sober commentary on user of older hardware, made me laugh!
however BSD is the option, if one writes ones own drivers [most of the time).

Rach ElDecember 30, 2018 7:55 PM


'NSA seems to be quite open about domestic surveillance'


and, for legal reasons, the population of the entire world are deemed Americans .
it was the easiest workaround ;-)

WaelDecember 30, 2018 8:14 PM

@Rach El,

nice sober commentary on user of older hardware, made me laugh! however BSD is the option, if one writes ones own drivers [most of the time).

Yes! BSD is my choice. FreeBSD, that is. I like it. Was just installing FreeBSD 12, and I trashed a couple of partitions, and I am in the process of rebuilding them. One of them is not trivial to build on an AMD *ahem* machine. But luckily I have the latest version of Carbon Copy and cloned a couple of drives before the upgrade. The EFI partition and Clover configuration are what's left to finish, but I can't focus for some reason.

if one writes ones own drivers [most of the time).

Back in the good old days, when men were men, and women were ribs1 and people just wrote their own device drivers.

[1] Please don't talk to me about "epistemological and metaphysical" things. I don't want @Bruce to b*tch slap me at the end of the year.

Sherman JerroldDecember 30, 2018 9:31 PM

Regarding old hardware and the BSD operating system mentioned by Wael and @Rach El,
Based on my experience and the excellent info from the commenters on this blog I firmly believe that no hardware is fully secure. And certainly no operating system is fully secure. However, as many of you may already know, at distrowatch.org, you can find a wealth of alternative operating systems avail for almost any architecture and purpose you can imagine. The FOSS community and the Linux/BSD/etc. communities have tens (maybe hundreds) of thousands of people writing and keeping a eye out for insecure code and bugs. There are many 'distros' there for safety, security and forensic testing, as well as 'live' versions that I have run from CD or DVD which makes them read only. And even though I know that the hardware and IP address can be tracked, VPNs and non-fixed IP addresses help. I don't know how many malefactors there are out there that can read the CPU serial number and identify a machine, but I do have a couple of old laptops that allow me to 'turn off' allowing access to the serial number and they can run Linux live from a CD. Using that technique, I can save any 'data' on a USB drive that can be scanned for malware and then I 'air/energy-gap' it.

Here's hoping for a safer and more vigilant (if not secure) 2019 for us all.

Sherman Jerrold,
fellow of the Royal Society for the Preservation and Rejuvenation of Antiquated Computers

Rach ElDecember 30, 2018 11:59 PM

Wael Wayback Machine
Sherman Jerrold RSPRAC

Thankyou.
What are your thoughts on Knoppix Live distro from a 'less insecure' perspective?

gordoDecember 31, 2018 1:08 AM

I like the below idea of "algorithmic data representative", but as Cory Doctorow reminds us at the second link, below, "we'll need the rule of law".

It’s time for a Bill of Data Rights
As the US Senate debates a new bill, a data-governance expert presents a plan to protect liberty and freedom in the digital age.
by Martin Tisney December 14, 2018

Now consider Rachel’s dilemma in a world with stronger data-rights protections. She agrees to the liver-function study, but as she scans its terms and conditions, an algorithmic data representative flags the issue, somewhat the way algorithmic gatekeepers protect against computer viruses and spam. After the issue is flagged, it is referred to a team of auditors who report to the local data-rights board (in this hypothetical future). The team examines the algorithm used by the study and discovers the link to the employment profiling. The board determines that Rachel has been profiled and that, thanks to a newly established interpretation of the Employment Equalities Act and the Data Protection Bill (passed in 2022), such profiling is clearly illegal. Rachel doesn’t have to take action herself—the board sanctions the researchers for abusive data practices.

https://www.technologyreview.com/s/612588/its-time-for-a-bill-of-data-rights/

---

"Owning your data" will not save you from data capitalism
Cory Doctorow / Dec 17, 2018

Tisney proposes three starting rules: "The right of the people to be secure against unreasonable surveillance shall not be violated"; "No person shall have his or her behavior surreptitiously manipulated"; and "No person shall be unfairly discriminated against on the basis of data."


Of course, to make those rules stick, we'll need the rule of law: this isn't a problem that technology can solve, it's a problem that we need accountable, legitimate governments that are not in thrall to that same handful of corporations to oversee.

https://boingboing.net/2018/12/17/sui-generis-regimes.html

---

On a separate note, though not mentioned in the above articles, I do think that in the U.S., with respect to Fourth Amendment considerations, so long as the third-party doctrine stands, the question of "data ownership" or "property interests" remains.
. . .
American Constitution Society
2017-2018 ACS Supreme Court Review
November 28, 2018

Carpenter Fails to Cabin Katz as Miller Grinds to a Halt: Digital Privacy and the Roberts Court
Marc Rotenberg

Surveillance unbounded from space and time is different from a physical search that exists at a moment in time. But that does not diminish the constitutional claim. It amplifies it. And perhaps the right of the people should inhere in their persons. It has always seemed odd to me that the Fourth Amendment, alone among the amendments, ascribes personal rights to property interests. Perhaps this was the Framers’ best understanding of one’s persona in the eighteenth century. We are those things we keep in homes, those papers we choose to possess, the daily activities we record in our journals and our business records. And as against the government, to be secure in our private lives, we must ensure oversight. But in the twenty-first century, we are now also the places we visit, the texts we send, the people we are with, the things we seek—the ephemeral now made permanent in our digital age. Although it is correct that the cell-cite location information concerning Mr. Carpenter resided with third parties, those records could not exist but for the activities of Mr. Carpenter that caused the records to be created. And that is true for all cell-phone users in the United States. Those records exist because of us; and if companies choose to retain them, we should have some say over how they are used and when they are disclosed to others.

I doubt the framers would disagree.
[p. 238 / PDF p. 240]

https://www.acslaw.org/wp-content/uploads/2018/11/ACS-Supreme-Court-Review-2018-Final.pdf
[Essay is pp. 211-240 / PDF pp. 213-242]

https://www.acslaw.org/journal/2018-acs-supreme-court-review/

WaelDecember 31, 2018 2:49 AM

@Rach El, @Sherman Jerrold,

What are your thoughts on Knoppix Live distro from a 'less insecure' perspective?

I haven't looked at it so I wouldn't know how it fairs against other live distribution OS's. Actually, I never looked at any of them; I take the virtual machines rout.

WaelDecember 31, 2018 4:52 AM

I love the Scottish accent. Seems it has words that are very close to German...

Happy new year, everybodyI...

Learn the lyrics so so you don't mumble your way through it ..

Be told arcane gaps never caught.
Forever blew your mind

Be told arcane gaps never caught
Stellar Tor brought to light?

Ignore code sign, while here
More bold pad line

Conceal you schmuck a mindless threat
Your ways are old thang, swine

Deal was rerun a root dah phrase
And put the trojans inline

But we’ve won that very eerie bet
Since days of auld lang syne

And eve was speckled in the bun
From morning sun till dine

But keys between us, forbade their code
Today we shall use Skein.

Behold, cLang inline right here
Foretold your a** is mine. ****

We’ve snuck a bump o blindness net
For days of auld lang syne

And Securely we’ll see your byte snoop
And surely I’ll be fine

And we'll mock a cup o' slyness het
Lore auld gang line.

And errs a rand, my rusty gear!
And freeze your hand o' spine!

And we'll tak a right guid willy waught,
For auld lang syne.

For auld lang syne, my dear
For auld lang syne

we'll tak a cup o' kindness yet,
For days of auld lang syne

For auld lang syne, my dear
For auld lang syne

we'll tak a cup o' kindness yet,
For days of auld lang syne

Sorry @Faustus... It was not easy to remove duplicates.

[1] Benny Hill would say "every bloody", but I have class!

65535December 31, 2018 5:08 AM

@ gordo

‘I like the below idea of "algorithmic data representative", but as Cory Doctorow reminds us at the second link, below, "we'll need the rule of law"’ –gordo

I like the idea also. Good.

But, I see some stepping-back to “can’t do much of any thing” in the links. I don’t know what to make of that.

We really need a fresh insights into the exact capibilites of the NSA/GCHQ/FBI/ down to local police from new source[s].

On balance we have had some wins and some losses slow. It’s probably a draw between NSA/GCHQ/Corporate Data miners –Verses- Human rights and privacy advocates both legal and technical - as 2018 comes to an end.

I see the EFF has made some slow but sure progress as a human rights and Privacy organization. The big wins seem to be mostly in California. I guess USA laws flow from west to east… But, wins none the less. Also, the EFF supported General Data Protection Regulation and cases around the world. Hopfully the EFF and ACLU and their EU counter parts will give us more upbeat news in 2019. Here are some Winners in 2018:

[I don’t want to over-state the EFF but I do support them and will rapid fire their wins or draws]

EFF state wins in USA:

“Increased Transparency into Local Law Enforcement, Thanks to the passage of S.B. 978, California police departments and sheriff’s offices must post their policies and training materials online. Californians also now have new rights to access recordings from police-worn body cameras, with the passage of A.B. 748, which EFF supported. Starting in July 2019, the public will be able to access this important transparency resource…

“Better Privacy Protections, California law already limits bars from sharing information collected by swiping your ID. But some companies and police departments believed they could bypass this safeguard as long as IDs were “scanned” rather than “swiped.” A.B. 2769, which EFF supported, closed this loophole, so now state law provides the same privacy protections whether someone is swiping or scanning your card….

“Protecting Youth Rights DNA information reveals a tremendous amount about a person, and handing over a sample to law enforcement has long-lasting consequences. Unfortunately, at least one police agency has demanded DNA from youths in circumstances that are confusing and coercive. EFF wrote a letter supporting A.B. 1584, a new law that makes sure kids will have a supportive adult in the room to explain the implications of handing over a DNA sample…

“Open Access to Government-funded Research, A.B. 2192 was a huge victory, giving everyone access to scholarly and scientific research that’s been funded by the government…

“Fought Bad Bills, Too, S.B. 1424, a bill EFF opposed and Gov. Jerry Brown vetoed, was not the way to do it. The bill would have created a state advisory committee to recommend ways to “mitigate” the spread of “fake news.” This committee was all too likely to promote new laws to restrict the First Amendment rights...cheers for Electronic Frontiers Georgia, one of the members of the Electronic Frontier Alliance, for its key role in defending the rights of independent security researchers and tech users in Georgia. S.B. 315 would have both criminalized most computer security research in Georgia...

https://www.eff.org/deeplinks/2018/12/victories-state-legislatures-2018-review

EFF USA Federal Wins:

[Some long running wins and draws]

“EFF Helps Protect Against Location Tracking, Carpenter v. United States: When the United States Supreme Court quotes you in upholding privacy, that’s a big win. The Supreme Court cited EFF’s amicus brief in its landmark Carpenter decision in June, holding that that the Fourth Amendment protects cell phone location information. In an opinion by Chief Justice Roberts, the Court recognized that location information, collected by cell providers like Sprint, AT&T, and Verizon, creates a “detailed chronicle of a person’s physical presence compiled every day, every moment over years.” ...Other location privacy wins: Neal v. Fairfax Cty. Police...

“EFF Defends Innovation and Transparency in Patents, Personal Audio: After five years, EFF achieved final victory in defending the rights of podcasters nationwide from a wrongly-issued patent. In 2013, EFF filed an inter partes review petition with the USPTO, challenging claims in patent US 8,112,504. Personal Audio, the patent-holder, claimed that the patent covered effectively all podcasting technology...

“EFF Helps Protect Against Device Searches at the Border, Alasaad v. Duke: EFF has long recognized that the Constitution must extend to the U.S. border, especially since the devices we travel with now carry our most intimate information. In September 2017, we filed a lawsuit along with our co-counsel the ACLU, challenging border device searches on First and Fourth Amendment grounds...

EFF Protects Your Right to Free Speech in Domain Names, Fucknazis.us: The “seven dirty words” should not be a censorship list for domain names. EFF represented the owner of the website fucknazis.us, which had been suspended by the .us domain name registrar, because the domain name, fucknazis.us, contained a “dirty” word…

EFF Helps Protect Fair Use Online… Lenz v. Universal: After more than 11 years, EFF and Universal Music Publishing Group reached a favorable settlement in 2018 in what was often known as the “Dancing Baby” case. In 2007, YouTube removed a 29-second video posted by Stephanie Lenz of her young son dancing, with “Let’s Go Crazy,” by Prince, playing in the background. This video was an obvious fair use. Representing Lenz, EFF filed a lawsuit against Universal, to set a precedent that copyright holders cannot use the Digital Millennium Copyright Act (DMCA) to quickly remove such fair uses.Other Copyright Victories:
•Playboy v. Boingboing
•DMCA Rulemaking
•MMA/CLASSICS Act
•Canadian “FairPlay” Proposal...

“EFF Helps Free the Law, ASTM v. Public Resource: We believe that the laws that we all must follow should be available for all to know. EFF represented Public.Resource.Org (“PRO”) against several organizations which had created technical standards which were incorporated into state laws. When PRO wanted to publish the text of those standards, which had become binding state law, those organizations got an injunction against PRO...In July, the Court of Appeals for the D.C. Circuit dissolved the injunction against PRO...

EFF Helps Fight Overbroad Use of Computer Crimes Laws, Oracle v. Rimini: Violating a website’s terms of use alone shouldn’t be a crime. As extremely long terms of use govern every aspect of the websites we all use daily, making their violation a crime would criminalize simple acts like password sharing, or using a fictitious name...when a website permits users to download content manually, the use of scraping in violation of the website’s terms of use does not violate either California’s or Nevada’s computer crime laws...

Defending the Fourth Amendment, Naperville Smart Meter Assoc. v. Naperville: Smart energy meters record a home’s energy usage with far more precision than traditional meters. While this leads to increased energy efficiency, it also lets whoever has access to that data unprecedented power to understand what is happening inside your home. EFF filed an amicus brief in Naperville Smart Meter Assoc. v. Naperville, arguing that the government’s collection of smart meter data is a search, and thus subject to Fourth Amendment protections. The Seventh Circuit agreed...

FOIA/Government Transparency, The Stranger Unsealing Case: The United States government routinely asks courts for electronic surveillance warrants and other orders under seal. Although custom and the First Amendment general require judicial records and proceedings to be open to the public, these materials are kept secret… we filed a petition to unseal some of these secret surveillance materials on behalf of Pulitzer Prize-winning alternative weekly newspaper The Stranger. Because of our challenge, the U.S. Attorney’s Office and the Clerk of the Court in Seattle agreed to create new standards for docketing and unsealing these types of surveillance orders. This gives us the opportunity to understand how many sealed requests the government is making and ask for other documents to be unsealed. Other Government Transparency Victories:
•Hemisphere
•Government DNA Collection (Rapid DNA)

EFF Helps Create Governmental Accountability with Digital Data, Law Enforcement Fake Facebook Profiles: Since Facebook has decided that users must use a real or “authentic” name “to create a safe environment where people and trust and hold one another accountable,” it is critical that this policy applies to everyone, including the police. Undercover police officers from many departments create accounts with fake names and information for surveillance purposes. After EFF raised this issue, Facebook sent a warning to the Memphis Police Department, which had been revealed in a lawsuit to have used fake profiles to spy on activists… Other Government Accountability Victories: •CA DoJ Database misuse reporting ...

[and]

Hearing Thursday: EFF Asks Court to Require FBI Disclosure of National Security Letter Recipients Who've Been Released From Gag Orders, Bureau Is Improperly Withholding Information in FOIA Case December 19, 2018... Francisco, California—On Thursday, December 20, at 10 am, the Electronic Frontier Foundation (EFF) will urge a federal judge to order the FBI to release the names of national security letter (NSLs) recipients that are no longer under a bureau gag order blocking them from speaking out… hearing is in EFF’s Freedom of Information (FOIA) lawsuit against the Justice Department seeking records that will shed light on whether the FBI is complying with a federal law mandating that it review and lift NSL gag orders that are no longer needed. NSLs are secret, warrantless demands for customer information that gag telecom and Internet providers from telling anyone—customers, the public, or employees—that they have turned over to the government their customers’ personal information, such as phone and email records. Recipients of these highly intrusive demands should not be gagged forever and should be able to talk about their experiences. After EFF challenged the constitutionality of NSL gag orders in court, Congress included in the 2015 USA Freedom Act reforms requiring the FBI to periodically review and terminate gag orders if secrecy is no longer warranted. Documents EFF has obtained in the FOIA lawsuit show that the FBI has determined that gag orders could be lifted in at least 700 cases without jeopardizing national security or harming ongoing investigations. Indeed, several providers have published NSLs they received [partial sucessful -ed]…

The Year of the GDPR: 2018’s Most Famous Privacy Regulation in Review December 28, 2018, To the extent that 260-page regulations can ever be said to be “famous,” Europe’s General Data Protection Regulation (GDPR) certainly had its moment in limelight in 2018. When it came into force on May 25... [Draw: Yet to be seen is effects on 5-eye countries]

https://www.eff.org/deeplinks/2018/12/victories-2018-legal-wins


https://www.eff.org/deeplinks/2018/12/2018-review


Not super good but not bad either.

Note I get a bad certificate error on some EFF links.

[Please excuse all the mistakes. I just banged this out]

Clive RobinsonDecember 31, 2018 9:21 AM

@ Rach El, (Wael),

I still think the best quote for when people cut device drivers with their teeth and chewing gum is,

    In those days spirits were brave, the stakes were high, men were real men, women were real women and small furry creatures from Alpha Centauri were real small furry creatures from Alpha Centauri.

And having so done, the problems I remember was not writing the device driver code as such, but testing it. But... then there was what I call a "Mongo moment" when you realise that "ioctl" has just arived in your life...

For those that do not know, hardware devices are at best "inconvenient" in that they don't fit into any Computer Scientists nice model of the way the world should be, either willingly or easily... Which is why there are reasons hardware engineers have instruments on their desks and work benches that would fit right in in an acient tourture chamber, or modern operating theater[1].

So you do three things,

1, Decide what functions you are going to suppprt and importantly in what way.

2, Write the basic device driver.

3, Try to put the rest of the things that might need to be twiddled with by a "human" into ioctl.

Oh and don't forget the fourth step, after all it's almost implicit. The oh so secret step of "don't document your ioctl interface because it only encourages them".

If the man with the cheque book insists then like navigators of old draw up a chart with "here be dragons" and "all who enter here arrgh doohmed"[2] all over it. Also it can't hurt to name things like "CPU_Dth_Swtch", "Pk_to_Brn", "Mk_PSU_Expld". But not "Init_WW3" that would only encorrage them as MS found with "NSA_Key".

Oh and if you still need persuading you are not a "small furry creature from Alpha Centauri" just read this helpfull little guide,

https://en.m.wikipedia.org/wiki/Ioctl

Then look at all the OMG fun in,

http://man7.org/linux/man-pages/man2/ioctl.2.html

And you thought I was joking...

[1] There I was the other day lying back uncomfortably on the operating table whilst they were busy making holes in me shoving wires and other bits and bobs in as you do. And it's kind of awkward, so you try to make a little small talk. You have to remember that also there is this blue light weight cloth partially across your face that is part of a big square with a whole in the middle with sticky back edges they put over for not just infection control but to catch itty bitty little fiddly stuff, they want to make sure stays out of you. After all you don't want to be paying rent on a pair of forceps or some such, hospital administrators can be so petty over such things. So there I am when I hear an all to familiar noise of wire cutters being used to cut to length and strip back insulation. So I mention it's a noise I'm familliar with, and we chat a bit and I say to the Dr "I bet when you were first training to be a Dr you did not think wire striping would be a necessary skill?" and I got an ammused "no" back.

[2] Yes I know I still can not write "pirate speak".

WaelDecember 31, 2018 9:48 AM

@Clive Robinson, @Rach El,

And having so done, the problems I remember was not writing the device driver code as such, but testing it.

I did both on DOS, OS2, and Windows NT. Windows NT had the most elegant model. Far superior to *NIX. I don't know how much the NT model changed, been at least 15 years since I've done that sort of work.

Then look at all the OMG fun in,

The only thing I thought amusing was:

It's traditionally char *argp (from the days before void * was valid C), and will be so named for this discussion.

Couldn't detect anything else... the brain is in Lala land now.

FaustusDecember 31, 2018 9:52 AM

@ Bruce

I hear you concerning the metaphysical discussions. Thank you for your patience.

This is an amazing place for discussion and it would be great to understand why this site is so successful in being civil and interesting, while others fail.

I have worked five years on a general AI. It is reaching fruition and I can watch it as it reproduces human cognitive errors, and does the kinds of things people consider signs of "evil algorithms". It also solves problems that I have no solution to and creates results that beat my best efforts on my metric of efficiency, as well as results using novel techniques.

I find this blog stimulating and I work through ideas here. Somebody posted a journal article about making a matrix of data structures on two axes and filling in the data structures that we use and then asking the terrific question: What about the options we don't use? What are they good for? What do they do?

That, in addition to watching my AI discover approaches that I would never think of using, has led me to look for the invisible alternatives in social policy. We talk social policy here a lot and the answers tend to clump in the "coerce and kill and imprison" boxes of the hypothetical matrix. So I wonder, are there options I don't see? Can something like an AI help us identify promising social options that are counter-intuitive to our genetic programming?

I wonder who these Russian hackers are. Dumb kids in a basement? I was a dumb kid once. Do they go to work in an office building like I used to? A punitive approach to hacking is pretty ineffective and socially expensive. I wonder if there is a way to bring these adversaries into a game that benefits us all. (Why is game theory the way we currently understand it largely the study of cheating?)

I am not gainsaying you. I am metaphysically talked out anyhow. But there is a thread of thought that connects these apparent digressions back to the topic of security, thought that might lead to more socially useful solutions to computer crime.

Clive RobinsonDecember 31, 2018 10:28 AM

@ Wael,

I take the virtual machines rout.

Hmm not sure if it was a clever joke or your Harsh Mistress at work.

Then you typed,

Couldn't detect anything else... the brain is in Lala land now.

Maybe you should miss seeing in the New Year and get some sleep

Oh and atleast you will be spared making any New Year resolutions on the spur of the moment, that you are only going to break just like 99% or there abouts of other people ;-)

WaelDecember 31, 2018 11:15 AM

@Clive Robinson,

Hmm not sure if it was a clever joke or your Harsh Mistress at work.

Typo caused by her, I guess. Then I looked up the meaning and it turned out to fit the theme. No, unfortunately I'm not that clever. This's your domain! And I bow down to your authority there.

Maybe you should miss seeing in the New Year and get some sleep

It's a meaningless event for me. I still need to fix my partition tables and boot options.

that you are only going to break just like 99%

I'm one of the 99%.

Sherman JerroldDecember 31, 2018 12:34 PM

Reply to Rach El RE: Knoppix,
While Knoppix is not specifically security oriented, it is Debian based which means the 'app' repository has a lot of great security focused items like TOR, etc. I just tried the Knoppix 8.2 full live DVD. While it is very large: 4+GBytes, it has a polished interface, all the vital functions are there, good WiFi detection, good system utilities, Media player, etc. I tried it on a 2004 Dell w/2GB RAM and on a newer Lenovo Thinkcentre celeron w/2GB RAM. It was quite stable and responsive on both. Of course, it will be much quicker if installed to a HDD. Most of the Linux distributions (distros) can easily be burned to a live CD or DVD and tried without any changes to your harddrive. Backbox is what I'm using right now and it has a lot of privacy and security features. It is about 2GB in size and is debian/ubuntu based so it is easy to run live, install and enhance. It runs quicker than Win7 on this machine and has Firefox. I would NEVER touch any O/S that uses anything google/chrome because of all the spying and tracking they do. While not perfect, I clear Firefox's history 'clear everything' after each browser session. And then I use bleachbit which finds and clears a lot more. Bleachbit is built into Backbox and available for most distros and helps a lot.

If I can be of more help, please contact me at RSPRAC with the E-mail address shermanjerrold-AT-croswind.com. (that way we won't be abusing Bruce's blog)

bttbDecember 31, 2018 4:39 PM

1) Regarding Knoppix 8.1, boot prompt: knoppix toram [Knoppix cheatcodes]; requires 6-8 Gig (iirc 6 "works")
2) https://www.consumerreports.org/smartphones/21-hidden-smartphone-superpowers/
3) From https://www.wired.com/story/the-future-of-crime-fighting-is-family-tree-forensics/ :
"In April, a citizen scientist named Barbara Rae-Venter used a little-known genealogy website called GEDMatch to help investigators find a man they’d been looking for for nearly 40 years: The Golden State Killer. In the months since, law enforcement agencies across the country have flocked to the technique, arresting a flurry of more than 20 people tied to some of the most notorious cold cases of the last five decades. Far from being a forensic anomaly, genetic genealogy is quickly on its way to becoming a routine police procedure. At least one company has begun offering a full-service genetic genealogy shop to law enforcement clients. And Rae-Venter’s skills are in such high demand that she’s started teaching her secrets to some of the biggest police forces in the US, including the Federal Bureau of Investigation.

[...]

Currently, there aren’t any laws that regulate how law enforcement employs long-range familial searching, which hobbyists and do-gooders have turned to for years to find the biological families of adoptees. But some legal experts argue its use in criminal cases raises grave privacy concerns. They expect to see a legal challenge at some point, ..."

gordoDecember 31, 2018 7:33 PM

@ 65535,

I don’t want to over-state the EFF

EFF is the pre-eminent digital rights group on the planet who've for over a quarter of a century since their inception proved their mettle time and again. That's not bad company to keep.

But, I see some stepping-back to “can’t do much of any thing” in the links. I don’t know what to make of that.

These things take time. This article, also from EFF, on "information fiduciaries", is one piece of an approach which in my mind, taken together with what Doctorow writes about data ownership, takes the notion of property as a possession or something we own and flips it to one of property as an attribute or something we are. It's about changing minds and extending frameworks. "We hold these truths to be self-evident," etc.

I see that EFF has today put up another couple of "2018 Year in Review" articles, but what especially caught my eye was this, in the inaugural post on the "2018 In Review" series to which you linked:

When we were discussing what events we’d cover in this series of blog posts, there were so many moments when someone shrieked, “That was this year?” It’s true: 2018 has been an exhausting year. But every victory we’ve had has re-energized us and redoubled our commitment to protecting your rights online.

As our host and EFF Board Member has been wont to say, "Carry on."

Cheers and a Happy New Year to everyone!

65535December 31, 2018 11:25 PM

@ gordo

“EFF is the pre-eminent digital rights group on the planet who've for over a quarter of a century since their inception proved their mettle time and again.”-gordo

Yes, it is. It sure looks like the EFF is doing the heavy lifting. Your other links on information fiduciaries are good.

And, “about data ownership, takes the notion of property as a possession or something we own” –gordo

I hear you. We are being turned into the product in many instances.

Also, on stepping back, “These things take time.”-gordo

I do realize it takes time to change such a large problem. I am with you on that one.

“…many moments when someone shrieked, “That was this year?” It’s true: 2018 has been an exhausting year.”- EFF

I agree. This was one of the most hard fought, and battle-scarred year. The Feds are really putting the screws to us. I am glad the EFF is there to help.

‘…As our host and EFF Board Member has been wont to say, "Carry on."’-gordo

Cheer to you also gordo.

Have a happy new year.

And, that extends to all of the contributors to this blog.

Wesley ParishJanuary 1, 2019 3:00 AM

@Bruce and the usual suspects

I was wondering if I could get your opinions on these two questions/thoughts/whatever.

A few nights ago New Zealand - the entire two islands, believe it or not - had a country-wide electrical storm. I got to thinking about the security effects of equipment compromised by electrical storms, and it struck me that in at least some cases/situations, security could be considered a boundary condition between two nominally secure states, the secure because untried/unexamined, and the secure because it is now fixed.

Is this a useful insight?

Secondly, it's a truism that sports is a little war, to take the meaning of the name baggataway, which became lacrosse upon being adopted by Canucks and later by the Rest of the World ... physical competition that on one hand, prepares one for the physical exertions of battle, and on the other hand, allows one to channel safely one's aggression in a socially acceptable manner ...

I have been wondering if my intuition that the offside rule plays a role in the way security solutions are proposed and implemented, is correct. Some competitive team sports have a rule called the offside rule, which does not allow play ahead of the ball or puck. Others don't. I've noticed in some cases I've read about in books on wars, that nations that play a sport without an offside rule tend to succeed in locations where there is no clear boundaries - Vietnam being a prime example: the US insisted in setting up large bases, and effectively got stuck in them; the Australians didn't, and fought much more effectively. The national US football code is American Football, which turned the Rugby Union Football offside rule into a phalanx of blockers and a couple of specialists; one of the major Australian football codes is Australian Football, which has no offside rule, and has a very large playing field besides.

The reason why I bring this up - which would ordinarily be of interest only to players of such codes - is that it strikes me that a good lot of the attitudes towards computer security seem to be governed by the America Football concept of a big group of big blockers, and anything else goes behind them. I prefer the attitude engendered by a good hard game of Aussie Rules - that attacks can come from anywhere, it's not a crime to be alert, instead it's the game-saver.

Does anyone else find this a valuable insight?

(And Happy New Year, folks!)

JimmyJanuary 1, 2019 6:19 AM

@Clive Robinson wrote, "How do I put it, I don't need to know you are in a swanky restaurant, I don't need to know what you think of the fixtures, fittings and other persons there. And I most certainly don't need to see a photograph of the plate of food you are about to eat. Unless of course you want me to text back,"

this is all about trying to understand a population systematically. it's very much like the conversion from analog to digital, and digital for the sheer purpose of scale. we've been taught and incentivized to digitize not only our identities and relationships but also our every deemed behavior.

JimmyJanuary 1, 2019 6:21 AM

as an example of big data at work, be taking a look at alibaba's massive pig farms

bttbJanuary 1, 2019 4:55 PM

From https://www.emptywheel.net/2018/12/31/hal-martin-manages-to-obtain-a-better-legal-outcome-than-reality-winner-but-it-likely-doesnt-matter/ :

"I’d like to comment on what I understand happened in a Hal Martin order issued earlier this month. In it, Judge Richard Bennett denied two requests from Martin to throw out the warrants for the search of his house and cell site tracking on his location, but granted an effort to throw out his FBI interrogation conducted the day they raided his house.

Hal Martin did not tweet to Shadow Brokers

The filing has received a bit of attention because of a redaction that reveals how the government focused on Martin so quickly: a Tweet (apparently a DM) he had sent hours before the Shadow Brokers files were first dropped on August 13, 2016.

[...]
[Replies]

ken melvin says:
December 31, 2018 at 3:43 pm

Had to look up:

Harold Thomas Martin III (born November 1964) is a former contractor for Booz Allen Hamilton who has been accused of stealing approximately 50 terabytes of data from the National Security Agency (NSA).[4][5]"...

Clive RobinsonJanuary 1, 2019 7:23 PM

@ bttb,

Had to look up: Harold Thomas Martin III

Yes people are forgetting about him which is just what the FBI wants (you might also want to look up Marcus Hutchins as well another one the FBI want you to forget).

In short the FBI has scr3w3d up yet again (as if that is any suprise for an out of control Federal agency).

In short from the little we know there is no evidence to show that Mr Martin gave anything to anybody, and certainly not the Shadow Brokers. In fact there was increasing evidence to show that whilst he was "high functioning" he probably has a mental "compulsive" disorder.

Because the FBI has failed --for what ever reason-- to find the Shadow Brokers, they have adopted the old "we have a suspect in custody" ploy.

You can see this from the laughable presentations in court.

The FBI with a SWAT team smashed their way into his house under very dubious circumstances, they threw in a quite dangerous[1] explosive device then rushed in kicked him and his partner to the floor, hand cuffed him and kept guns pointed at him whilst NSA staff rampaged through his house. He was screamed at and otherwise abused including his legal rights.

Now the FBI claim Mr Martin was not under arrest and thus he could have left at any time. Because the FBI forgot to read him his rights...

And it would appear the judge is quite happy to swallow this FBI nonsense...

Worse they appear to have tromped over Mr Martins other rights with regards access to impartial legal advice and having a timely trial. From the little known it appears hhe is being kept under "special administrative measures" as he is too dangerous to be alowed normal on remand conditions. So he is, in effect already imprisoned in solitary confinement that the FBI show every intent of dragging out longer than any prison sentence he might otherwise serve.

At some point people in the US will wake up and realise that when it comes to "information crimes" the FBI are compleatly incompetent and lying to magistrates is just part and parcel of what they think is appropriate behaviour...

In most other parts of the civilised world people associate the FBI's behaviour to that of a third world Banana Republic or tyrannical dictatorship with Secret Police and Show Trials.

Then there are questions about south american refuge children being starved to death by the US boarder authorities, forcing others to sign documents they can not read etc...

The there is the latest nonsense with having a Chinese Woman Arrested in Canada on what appears to be trumped up charges to push a trade deal, does not help the world view of the US either...

The world view of the US currently is realy not at all good, "out of control" is one of the lesser ways of putting it. With politicians too busy infighting to actually do the jobs they are paid to do. Is this the way people in the US want their country to be seen on the world stage?

[1] The "flash bang" is a hand grenade (M84) that explodes with very loud percussive force and metal burning at several thousand degrees and generates toxic fumes (from the flare material). Such devices are actually quite dangerous not only can they do people physical harm in terms of deafness, blindness and burns etc they have killed and blow body parts off. They can also cause mental trauma that can be not just debilitating but life long. They also can cause fires and other damage to property. Importantly people harmed by these devices are incapable of looking after themselves or others by taking fire fighting or first aid medical or similar action which in the past has resulted in several deaths.

FaustusJanuary 2, 2019 8:41 AM

Boing boing offers us some good news about new works entering the public domain, tempered by teasing us with what we would be enjoying if not for the Silly (Sonny) Bozo (Bono) Copyright Extension of 1984 (1998).

https://boingboing.net/2018/12/31/thanks-justin.html

Frankly I was beginning to think that nothing new would ever enter public domain! Not that the EU will even let you put work into the creative commons. Your work is yours! As long as you are a big corporation that had nothing to do with creating it.

Canada is continuing its regression into a comma next to the EU's leaky boat. Saw them off and let them sink with the Continent, old chap! England is struggling to remain afloat by tossing ballast. EU administrators overboard!! Wait, that anchor chain is around the economy's leg!! Better toss the surveillance cameras too!!

Will England rejoin the revolution it inspired or will it just be another Cuba? Only Meeghan Markle knows. England is lucky to get some new genetic material before inbreeding finishes turning aristocratic faces inside out.

bttbJanuary 2, 2019 4:26 PM

About 25 "2018 Retrospective Blog Posts" at the bottom of https://www.eff.org/deeplinks/2018/12/2018-review :

"When we were discussing what events we’d cover in this series of blog posts, there were so many moments when someone shrieked, “That was this year?” It’s true: 2018 has been an exhausting year. But every victory we’ve had has re-energized us and redoubled our commitment to protecting your rights online."

FaustusJanuary 2, 2019 6:38 PM

Does anybody know of George Dyson? His body of work seems to be the repetition without elaboration of one idea: That computer code is like biological organisms.

https://www.edge.org/conversation/george_dyson-childhoods-end

To me it seems to be a weak metaphor in search of a host. His writing obscures rather than elucidates. There are no details or good examples, probably because they don't exist.

He doesn't seem to be a programmer but he has a lot of ideas about code that really sound like radioactivity in a 50s movie: code as a malevolent force breeding monsters beyond human control.

I feel sorry for non technical folk that go to him to learn something.

He is proposing self replicating code as a looming human problem. To me he misses the mark. Are there other opinions?

ThomasJanuary 4, 2019 5:11 AM

@Clive Robinson
"Yes people are forgetting about him which is just what the FBI wants"

We do know that TSB had disappeared after the arrests of HTM3 and that other vietnamese american.

ThomasJanuary 4, 2019 5:13 AM

@Clive Robinson
"Yes people are forgetting about him which is just what the FBI wants"

We can all see that TSB had disappeared after the arrests of HTM3 and that other vietnamese american. That's a fact.

FaustusJanuary 4, 2019 10:39 AM

@ Clive et al

Mr. Hutchins apparently had 50 TB of NSA material stashed in his house. Is this in question?

I'm sure the NSA constantly reminds people not to do this. He really should have known better. It appears that mental illness and drug problems were involved, so maybe that is a quasi explanation.

It may very well be that he did nothing with this material except hoard it, but just exfiltrating it was begging to see the dark side of the NSA, or am I missing something?

The US is crazy, yes, but England and the Continent and Canada really are no better in my view. Am I missing something here?

I do prefer less "developed" countries to all of these, ones free of government intrusion and ones that actually respect the privacy of the home, one's thoughts and personal papers. I am lucky to be in one of these countries right now.

FaustusJanuary 4, 2019 11:29 AM

@ bttb

I am more concerned about whether he took the 50 TB of data from the NSA than the legal minutia.

Nothing that happened afterwards can retroactively justify it if he did it.

I am not calling for his head, or even that he should be convicted after the ensuing shenanigans. I am interested in whether he got the ball rolling by exfiltrating all that data. And why? And why didn't he realize he was dealing with very dangerous people?

bttbJanuary 4, 2019 11:33 AM

Elections and WhatsApp from https://www.democracynow.org/2019/1/2/as_brazils_bolsonaro_takes_office_opponents :

"...AMY GOODMAN: Bolsonaro calls media in Brazil fake news, just like President Trump calls the media here in this country. What impact do you think Facebook had on the election? Facebook owns WhatsApp, the popular message site that was widely used to distribute false news leading up to the election.

FERNANDO HADDAD [Bolsonaro's opponent in Brazil's second round]: [translated] WhatsApp in Brazil played a crucial role, a decisive role, in the elections. We have a two-round election in Brazil because we have many political parties. And so, there are two rounds for the presidential election. Until one week before the first round, all of the polls said that I would be winning in the projections for the second round. The polls said not only would I go to the second round, but that I would likely win in the second round. Now, that ended in just a week, with a massive triggering of false messages that did not use Twitter or Facebook but did use WhatsApp. And it was very difficult in the second round to turn back or to undo the damage done in the last week of the first-round election, leading up to the first-round election. And we don’t know what was behind all of this, the resources behind this, who are those who financed these actions.

And these occur not only in Brazil. There are several specialists in the United States, as well, who have said that Brazil, Brexit, Trump, Salvini in Italy are all part of a single process that might now occur in Western Europe. So, the elections in Western Europe in the coming year and issues such as climate, European Union, all of that is up for discussion, multilateralism. These are several issues that will be debated of the utmost importance. And for those who would like to see a plural world in which there is no hegemony of one power or another, but rather spaces for people to organize more freely and to act democratically as citizens, well, the dark actions of unknown groups is very worrisome, groups which, based on money, operate in the social networks..."

Also:
https://www.nytimes.com/2018/10/19/technology/whatsapp-brazil-presidential-election.html

https://www.reuters.com/article/us-brazil-election-facebook/brazil-election-battle-rages-over-facebooks-whatsapp-idUSKCN1MT2WP

https://www.bloomberg.com/news/articles/2018-10-19/whatsapp-bans-more-than-100-000-accounts-in-brazil-election

https://www.reuters.com/article/us-brazil-election-whatsapp-explainer/facebooks-whatsapp-flooded-with-fake-news-in-brazil-election-idUSKCN1MU0UP

bttbJanuary 4, 2019 11:53 AM

@Faustus

ianal, but I assume that any NSA stuff/evidence found in the raid could be used in a criminal trial or plea bargain.

afaik, from above ""I’d [emptywheel] like to comment on what I understand happened in a Hal Martin order issued earlier this month. In it, Judge Richard Bennett denied two requests from Martin to throw out the warrants for the search of his house and cell site tracking on his location, but granted an effort to throw out his FBI interrogation conducted the day they raided his house."

JohnJanuary 5, 2019 5:37 AM

@bttb,

I don't believe filtering of "fake news" from social media is censorship by necessity.

The mainstream media bombards us with filtered messages and targeted information/advertisements daily. It is up to every lay man and woman to choose for themselves, because we've already been accustomed to do so.

bttbJanuary 5, 2019 11:12 AM

"Facebook is not equipped to stop the spread of authoritarianism
Whether by accident or design, Facebook makes it easy for even low-tech governments to silence dissent" from https://techcrunch.com/2018/12/24/facebook-government-silence-dissent-authoritarianism/ :

"...Bangladesh is far from alone. Government harassment to silence dissent on social media has occurred across the region, and in other regions as well — and it often comes hand-in-hand with governments filing takedown requests with Facebook and requesting data on users.

Facebook has removed posts critical of the prime minister in Cambodia and reportedly “agreed to coordinate in the monitoring and removal of content” in Vietnam. Facebook was criticized for not stopping the repression of Rohingya Muslims in Myanmar, where military personnel created fake accounts to spread propaganda, which human rights groups say fueled violence and forced displacement. Facebook has since undertaken a human rights impact assessment in Myanmar, and it also took down coordinated inauthentic accounts in the country..."

Also, regarding Brazil above,

"First France, Now Brazil Unveils Plan to Empower the Government to Censor the Internet in the Name of Stopping “Fake News”" (Jan. 18) https://theintercept.com/2018/01/10/first-france-now-brazil-unveils-plans-to-empower-the-government-to-censure-the-internet-in-the-name-of-stopping-fake-news/

Clive RobinsonJanuary 5, 2019 2:38 PM

@ Faustus,

Mr. Hutchins apparently had 50 TB of NSA material stashed in his house. Is this in question?

Yes because it was Mr Martin...

Hal Martin III had been collecting stuff from his work place for years and was hording it (mental disorder?) not sending it out any where.

He was raided not because there was any knowledge that he had the data but because the FBI were embarrassment over the Shadow Brokers. They were searching social media and any where else they could. It turns out they found something unrelated to either the Shadow Brokers or --at the time-- unknown stash of data. This was thrn used incorrectly and probably illwgaly to get a warrant to search Mr Martin's home.

Thus his home was raided by the FBI preceaded by a SWAT team who put the lives of Mr & Mrs Martin's lives at risk. All based on lies submitted to a magistrate by the FBI. The FBI then abused not just Mr Martin but his rights as well, threatened and mentally tourtured him. By which method they extracted information from him. The FBI are now saying that Mr Martin was there of his own free will, that is he was not under arrest and thus could have left... because they did not carry out basic procedure and arrest him and read him his rights. Further they have kept Mr Martin in "Special Administrative Measures" for months, which is a locked down social issolation condition used as extrajudicial punishment amounting to tourture, simply to abuse his rights still further. The excuse is he might endanger National Security by being a target for what might be in his head. Thus all his very limited communications even those supposed to be privileged are when alowed monitored and recorded and no doubt scanned through by the FBI who arr seaking further ways to bring charges against him.

@ Thomas,

We can all see that TSB had disappeared after the arrests of HTM3 and that other vietnamese american. That's a fact.

Whilst it might be a fact it's a fairly meaningless one even if acurate.

Trying to argue a cause from an effect is not just "unscientific" it's highly dubious as simple reasoning.

So the Shadow Brokers have "disappeared" from their previous posting methods. As we do not have any idea who they are as nobody has said so --publically-- we can not ask them what their reason was for disappearing.

All we do know is that the Shadow Brokers stated intention of gaining financial renumeration for not releasing the information they had was not working.

It is quite possible then that they have decided that as the USG is not going to pay ever, but the USG might still be detered by further releases of even more interesting stuff... Thus in effect the Shadow Brokers might have mildly changed their tactics from blackmail-financial-extortion to blackmail-dead-mans-switch.

Even if they are caught I suspect we will not find out what their real reason to change was.

However as far as I'm aware there has been no evidence shown that Mr Martin actually communicated secrets of any kind to anybody let alone the Shadow brokers. Further basic analysis shows it's likely to be the case that Mr Martin has not communicated it to anyone.

Whilst I have no idea what is in the entirety of the 50TB Mr Martin is aledged to have had, nor I suspect does Mr Martin it strikes me as odd. That is I find it doubtful that what the Shadow Brokers released was comprable to what is likely to be the choicest parts of 50Tbytes you could randomly get out of the NSA.

The reason I'm skeptical about the 50Tbytes is it jibes with what has been reported as in his possession. The average paperback in ASCII text form would fit on a single old style floppy disk[1] but it was alledged that a lot of the data was as "print outs", trust me when I say you could not count the number of A4 sheets that 50Tbytes would cover in your life time (~12,000,000,000). Even hard drives is pushing it, because he's been supposadly collecting this data over something like two decades. Well back in the late 1990's consumer hard drives were still down in the 100Mbyte to 500Mbyte range, which would give you 100+ hard drives which would be quite a stack and quite a bit of money to buy.

If Mr Martin was collecting data for espionage he certainly would not have had it just "hanging around the place" as he allegedly did. Especially the amount he supposadly had in his car...

Thus I'm guessing that somebody on an official position has "over egged the pudding" and will keep up the pretence as long as possible. Which is maybe why the number of charges is so small.

It's also why I'm thinking Mr Martin has a mental disorder, rather than being a spy or blackmailer.

[1] Arthur C. Clark actually once said he sent books to his publishers on 5 1/4 inch floppies. But a quick check of a paperback I've got handy gives 450pages 35lines per page and 45chars per line = 708750 chars / book, which kind of matches. So 50Tbyte ~77.5million paperbacks which is more than anybody could read in oh about three thousand life times.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.