FBI/AFP-Run Encrypted Phone

For three years, the Federal Bureau of Investigation and the Australian Federal Police owned and operated a commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything — I don’t even know if this qualifies as a backdoor. This week, the world’s police organizations announced 800 arrests based on text messages sent over the app. We’ve seen law enforcement take over encrypted apps before: for example, EncroChat. This operation, code-named Trojan Shield, is the first time law enforcement managed an app from the beginning.

If there is any moral to this, it’s one that all of my blog readers should already know: trust is essential to security. And the number of people you need to trust is larger than you might originally think. For an app to be secure, you need to trust the hardware, the operating system, the software, the update mechanism, the login mechanism, and on and on and on. If one of those is untrustworthy, the whole system is insecure.

It’s the same reason blockchain-based currencies are so insecure, even if the cryptography is sound.

Posted on June 11, 2021 at 6:32 AM48 Comments

Comments

echo June 11, 2021 8:24 AM

This kind of exercise is the natural end point of rote learned seat filler who have spent their entire lives working within a bureaucracy. It’s really neat way of turning public funds into a way to keep pen pushers occupied and operatives and managers and assorted hangers on. The fact it catches criminals is actually a good idea but incidental.

It’s probably something I would do if I were them but then I wouldn’t blab about it. I note these self-same law enforcement types go very tight lipped about operational methods when it suits them. I’m left trying to reconcile their sound touch “going dark” comments and their urge to parade their success to the point where they don’t just blow an operation or method but an entire strategy. Which one is it?

In the UK there has been police and government resistance to a more social policy led form of policing. There are many other faults including “no criming” which is both a way of fiddling police performance figures and getting out of doing work. The police themselves are alienating themselves from the very people and communities they are charged with protecting while losing out on a significant amount of high quality information which could put perpetrators of serious crime behind bars.

Right at the bottom of this are people who are impacted both by criminals and agents of the state making moral judgments. This is a hidden human rights crime.

All systems leak information. A testosterone fuelled system promoting emphatic square jawed duck and roll “Go! Go! Go!” attitudes and “going dark” woo woo is neglecting its biggest asset: ordinary decent people sometimes in situations they fell into perhaps because of state ignorance or community neglect. Put the same effort into egaging with them. Not corporate reputation washing or a made up on the hoof policy with nothing behind it. Something real. But that doesn’t fit with the fantasies of shouty thin skinned seat filler with a job title hating themselves for a stupifying job description and time served bung of a index linked pension for not rocking the boat.

I was actually in a situation once where I called the local UK police about an issue which had a cross-jurisdiction element. The dumb seat filler told me to contact the foreign police force. Pardon? I’m quite good on my law and knew it crossed the threshold but it never got a crime reference number. So how come this police officer wants me to do his job for him? Which one is it? Fast forward a few years and another cross-border issue pops up only this time it is both criminal with a potential terrorist element. So I call the FBI office at the US embassy in London. They cannot even be bothered to call me back to review the evidence and discuss the details. Well, they won’t. They are lazy seat filler who won’t lift a finger without the correct job title. I recall a third incident of this type but never made anything of it. Some years the very same types of people gained varying forms of power and took a match to the world and delighted in watching it burn.

Koeth June 11, 2021 8:35 AM

…then if “trust is essential to security” — full security is Impossible !

Because one can never objectively verify the security integrity of all the factors involved in practical electronic communication systems.

The concept of “Trust” seems much like the religious concept of “Faith” — some mystical idea of subjective belief in a hidden reality.

Winter June 11, 2021 8:40 AM

@Koeth
“full security is Impossible !”

And this is a surprise to you? I would say that is self evident.

Winter June 11, 2021 8:54 AM

PS
@Koeth
“The concept of “Trust” seems much like the religious concept of “Faith” ”

Not at all. Trust is a “condition” of humans like “love” is. It is needed for human life to be possible, but it does not have to be reciprocal nor does it have to be justified.

No Trust, No Society. Well described in “Trust: The Social Virtues and The Creation of Prosperity” by Francis Fukuyama.

Libertarians want to have a Mechanical Trust system that does away with humans altogether [1]. Blockchains are the technical embodiment of this dream. Bitcoin is a Libertarian’s Wet Dream.

But Mechanical Trust is just as ephemeral as Mechanical Love (another Libertarian/Technocrat dream).

[1] The USA obsession with getting laws to apply mechanically is another expression of this Mechanical Trust dream. It is at the root of the dysfunctional US legal system. See “The Death of Common Sense: How Law Is Suffocating America ” by Philip K. Howard.

When I am pushing books showing the craziness/silliness of Libertarianism, also see “A Libertarian Walks Into a Bear: The Utopian Plot to Liberate an American Town (and Some Bears)” by Matthew Hongoltz-Hetling.

metaschima June 11, 2021 9:36 AM

IMO Faith and Trust are similar, but there are key differences. They both take time to develop, but Faith is mainly one-sided, i.e. no visible/real effort is put in by one of the parties, perhaps only perceived effort on (mis)interpretation of certain events. They both can be broken rather quickly, but Faith may be more resilient, deeming the break to be for a reason, or part of a plan. Trust, unlike Faith is developed in a mutual way. Showing trust causes a return gesture of trust, as is often exploited by social engineers (con artists). Faith is indeed a religious concept because unlike Trust one party is not adequately authenticated and probably can never be.

Tatütata June 11, 2021 9:40 AM

So we now have an officially confirmed example of a possible ploy which I had suggested about Encrochat affair discussed last year. Quelle surprise!

There is an ongoing pattern. If you build crypto (Crypto AG, Pocket Telex, …) or run a service (Lavabit, Apple, …), the gubmint will twist your arm or feed you candy until you cry uncle.

Now, what if a TLA was to actually purchase/build communications application (Skype, Signal, Telegram, etc.) destined to the general public (and not particularly to “crooks”), would they be entitled to help themselves to the transmitted contents? Isn’t there something in the nature of common carrier services that prohibits this?

Speaking of police access, I am puzzled by the recently revealed subpoenas for the e-mails of WaPo and NYT journalists. The reports do not give any details about the targeted facilities. I naively believed that such large organisations would run all their e-mail from in-house servers, and outfit they journos with secure communications, which would complicate any such request. Which providers were served with these requests.

drus June 11, 2021 10:28 AM

So, “3.7 tonnes of drugs, 104 weapons and $45 million” any idea about the return on investment for this program? 45 million does not seem like a lot nor does 3.7 tonnes or 104 weapons. 104 weapons in a house the USA is someone’s right to bear arms.

wiredog June 11, 2021 10:43 AM

@echo
” I wouldn’t blab about it. ”
At least in the US (and, I think, AU) the police have to reveal the provenance of the evidence to defense counsel. So when charges are filed, they have to reveal the sources and methods otherwise the evidence gets tossed.

Clive Robinson June 11, 2021 11:10 AM

@ Bruce, ALL,

For an app to be secure, you need to trust the hardware, the operating system, the software, the update mechanism, the login mechanism, and on and on and on. If one of those is untrustworthy, the whole system is insecure.

Such is the price you pay for “convenience” on consumer devices.

They are not in anyway designed to be secure in fact on most places the standards and legislation/regulation requires them to be insecure in so many ways they can not be trusted ever.

But, should we care or even be bothered by it?

The simple answer is “NO” because,

Zero Trust does not mean unusable for secure uses.

Trust is a human concept in both the normal human and security mranings (which are nearly the opposit of each other). That is things do not hsve inolicit security or trust, you have to build it out of insecure parts.

Look at it this way, if you pick a stone up off of the ground it offers you no security however pick up enough and make a wall out of them then you have a seperator that offers a small degree of security, and is the start of a more secure part. Put four walls in a square and you have a very much increased measure of security inside of it. Keep adding insecure components in the right way and you end up with a secure system such as a fortress.

It’s true of all systems that,

All secure systems are made of insecure parts. It is the way you use them that gives security thus the potential for trust.

Thus it should be obvious by now that yes whilst such smart devices can not in any way be trusted they can nether the less be used as a part of a secure system in exactly the same way as secure messages were sent across ordinary broadcast radio systems in World War II, field telephones in World War I and for centuries before that by untrusted messengers and couriers and postal services.

The reason these criminals are suffering what are OpSec Failures are,

1, They do not understand non human to human communications security.
2, They have misplaced trust in other “sales” people.
3, They want convenience.

If they have read previous comments on this blog they would know how to set up a secure communications system between two parties. However to implement larger numbers of communicatong parties knowledge os the KeyMan processes are needed that have not realy been described[1] in depth.

Importantly some systems can be set up in such a way they have “full deniability of message content” from betrayal by the second or more parties, something some people might find usefull. I have briefly described this in the past along with how to make a secret message appear to be benign “chit chat” that can be sent over entirely unencrypted and totally insecure systems. Thus answer the “Prisoner Problem” raised by Gustavus Simmons back in 1994 with subliminal channels,

https://en.wikipedia.org/wiki/Subliminal_channel

The important point to note is that whilst he was talking about Digital Signitute Systems, what he was actually using was the entropy made available by “random” elements used in such systems. Thus it’s easy to see that any system that has “random elements” in it can impliment subliminal channels. As I’ve pointed out in the past ordinary communications such as emails generaly has a “format” such as salutations that can be selected randomly thus you have the means to implement a subliminal channel in plaintext. The hard part is making the channel secure against betrayal, but as I’ve described in the past this can be done with the same assurances or proof as that of the One Time Pad.

Such knowledge in part answers some of @echo’s points above. Basically the “seat fillers” are trying to fight a war they can not win against thoughtfully deployed communications.

[1] Key Managment (KeyMan) is a quite complicated process outside of a trivial number of communicating parties. However there have been various books and other litriture published on it. Menezes et al “Handbook of Applied Cryptography” has a whole chapter (§13) devoted to it and another chspter (§12) devoted to one part of it. It also has a set of refrences to other materials. Use of the titles of those refrences can be used to search for more current literature. As far as I’m aware there is still legitimate free downloads of the books chapters,

http://cacr.uwaterloo.ca/hac/

Similarly Ross J. Anderson’s “Security Engineering”,

https://www.cl.cam.ac.uk/~rja14/book.html

echo June 11, 2021 11:12 AM

@Wiredog

My knowledge of UK law with respect to disclosure is limited. Obtaining X from Y is where I would begin but I don’t see the need to blow an entire network.

A lot has changed in the past 20-30 years. One of the most pernicious is removing public interest defence from Official Secrets Act breaches. I’m not personally convined this is as solid as they would have you believe but you’ll need to take that up with legal deadweight.

There are special courts dealing with terrorist cases where for some issue the defendant may be is excluded from a hearing and the evidence is discussed between the lawyers and judge in a closed hearing. This is subject to judicial review but where it would reveal a source or blow an operation this can be turned down or at least very heavily redacted.

There’s a lot wrong with UK law and the legal system. There are times when executive decisions among many other things is questionable at best. I still remain to be convinced that blabbermouth by default is better than secrecy by default.

echo June 11, 2021 11:35 AM

https://www.msn.com/en-gb/news/uknews/records-of-priti-patel-e2-80-99s-contact-with-police-over-xr-protest-deleted-in-e2-80-98it-glitch-e2-80-99-court-hears/ar-AAKWpT6

Police records of Priti Patel’s contact with senior officers over an Extinction Rebellion protest were lost because of an “IT glitch”, a court has heard. Defence lawyers representing protesters charged over the blockade of a Rupert Murdoch-owned printing works in September argue they cannot have a fair trial because the extent of alleged political interference is unknown.

Hello?

Mr Hall said: “My phone has updated itself since that time and removed any messages or all records from this period.”

Mr Nicholls, who was the police gold commander for the protest operation, said in a statement read to the court that he had received a text from Ms Patel during the afternoon on 5 September.

He said it was a supportive message thanking police for their work, adding: “These texts to my work phone have been deleted … a number of work phones were erroneously reset to factory settings after an IT glitch.”

Since when has a phone update removed data? It’s amazing how an “IT glitch” leads to a factory reset with such impecable timing.

Ms Patel publicly condemned the demonstration at the time, calling it an “attack on our free press” and “completely unacceptable”, and dozens of activists have since been prosecuted.

Said the minister within a goverment blocking Levenson II and pushing all their mates into key executive positions withi the BBC, threatening Channel 4 with a review of their status, and pushing Paul Dacre to lead OFCOM.

echo June 11, 2021 11:47 AM

https://www.theguardian.com/media/2021/jun/11/rupert-murdoch-writes-down-value-of-sun-newspapers-to-zero

More than 80% of the Sun’s losses, about £164m, were one-off charges mostly related to phone hacking. They included £52m in fees and damages paid to civil claimants, double the £26m paid out in 2019, and a £26m in costs accounted for as “UK newspaper matters”.

It’s strange that a Home Secretary who allegedly takes security matters seriously would defend the likes of Murdoch.

Winter June 11, 2021 11:47 AM

@echo
Maybe look for a new home outside of the UK? With luck Scotland will leave the union and return to the EU. Then you could stay on the isles and have a better government.

echo June 11, 2021 12:20 PM

@Winter

Plans are stalled due to busybodies getting in the way but leaving the UK is a live option.

Pretty much every major allegation I’ve made in the past is being substantiated in one way or another. Not that this is necessarily a pleasant thing as I would rather see solutions to problems rather than yet more evidence of wrongdoing. I have more than enough to justify a move to the EU or an asylum claim in the EU and I know I am not the only one making travel plans. I know some UK people have already left for the same reasons.

As for Johnson’s comments at G7 you have to parse them extremely carefully to know what he is saying but none of it is any good and pretty much the complete opposite to what he wants people to think it means. He is as hard right as you can get without actually looking hard right.

Clive Robinson June 11, 2021 12:57 PM

@ echo,

He is as hard right as you can get without actually looking hard right.

What ever you do, do not make the mistake of thinking that.

I had to point out some years ago now that Donald Trump was not a Republican for the same reason.

The pair of them are similar in many ways they care not a jot for anyone other than themselves, thus they will ware a “Political coat” thst suits their aims and objectives and happily change that coat to suot a role etc.

The only party Boris is loyal to is “the party of Boris”, do not ever forget that, otherwise you will make an incorrect judgment call.

As for his “intentions” do not forget Boris was actually born on the United States, which means he could stand as U.S. President if he so chose. He is also extreamly fond of the so called “special relationship” that has almost always been a sacrificial one for the UK. Boris’ behaviour currently appears to be to try and make the UK like Hawaii or Puerto Rico. Whilst the US does not “currently” recognise any claims against Antarctica or surounding regions, that is only under the Jonnal notion of a treaty that will expire. At that point the Falklands Islands South Georgia and othet arras claimed by the UK will become of great importance due to the foisil fuels and mineral resources in the region. Boris is the sort of personality type who would quite happily sell out those in the Falklands if it gave him a shot at being US President…

J June 11, 2021 1:06 PM

It’s of questionable legality to surveil everybody using a certain phone or app, apparently without judicial oversight. Notice that no US citizens were charged.

Etienne June 11, 2021 1:33 PM

In the military we used secure communications with security measured in either days, or weeks.

We never expected the security to be any good after that. Not with State owned supercomputers inside nitrogen filled basements 🙂

So, think “tactical” when communicating. Don’t communicate anything that’s farther down the road than the device used. Encrypt codewords, not raw text.

Anything past that, use a diplomatic courier.

Decrypted Example: 323 701 400 + Signed Hash

Take that information and run to the bank; you will be rich!

AFAG June 11, 2021 2:09 PM

Advice from a glacier

Carve your own path
Go slow
Channel your strenghs
Smooth the way for others
Keep moving forward
Avoid meltdowns
Be cool

That’s that. You still get what you pay for so pay it forward.

MarkH June 11, 2021 2:38 PM

Re: Trust

[Note: there is excellent deep literature on trust by very smart people, including our host Mr Schneier.]

Here’s my simple framework for thinking about trust, whether in security engineering or daily life.

• trust is complex, varying in degree (how much do I trust) and domain (in which circumstances), among other factors

• don’t confuse trust and trustworthiness

• trust is a property of a person or agent, who places trust in some other person or agent

• the placing of trust is a decision (or policy)

• the placing of trust is often thoughtless (or reckless), but may result from a conscious or methodical evaluation

• every decision to place trust is based on necessarily incomplete and imperfect information, and so is always accompanied by risk that the decision is incorrect

• that trust does not (or cannot) exist is an absurdity; the placing of trust is a practical necessity

• placing too little trust in dependable persons or agents can be as costly — or indeed more costly — than placing too much trust in undependable ones

• successful management of trust can reasonably defined as good agreement between trust decisions and the actual trustworthiness of the trusted persons or agents

Re: Faith

By the usual conceptions of faith, it is supposed to be

• independent of evidence, and

• immutable.

By contrast, trust decisions are often made based on assessments of evidence, and revised based on fresh information.

echo June 11, 2021 3:24 PM

@clive

While I do agree with your general opinion of Johnson when you have someone like him (and Trump) throw people under the bus to curry favour with a “base” things are not so straightforward.

Most of my mental bandwidth has to go on writing up case material so I have little left over for anything else. I have some responses to Johnson and some links full of material ready to go but there’s a lot going on away from his attention seeking nonsense and people don’t always understand the material being shared. There are many who do otherwise I would have been able to obtain the material but it’s basically going nowhere in the UK or US and other right wing populist environments.

Jonhson is very good at word games and being duplicitous. I have no illusion about him or his biases. The dangers you hightlight are indeed real dangers in the hands of someone like him.

I think some in Europe have a measure of the danger and have not been slow in making moves to counter hostile forces. There are times when even your “own side” can be a hindrance as the Nazi’s couldn’t possibly mean them. There were Jews in the run up to the Holocaust who openly thought the same not long before they too were shipped off to the gas chambers hence the suitcases packed full of clothes for a week away plus the cutlery like they would be having fine dining? But like Saddam Hussein’s invitation to step outside for some there was no need to get their coat. The British don’t traditionally do gas chambers or hang people from meathooks but the message is the same.

The English have two madnesses. The English don’t know when to stop and the English are awkward and currenly there are no real breaks or pushback on this only what they can get away with. I also feel the feudal or regimental or tribalistic culture and polarisation of the voting system and Burkian doctrine of “the state” isn’t helping either.

David Leppik June 11, 2021 4:22 PM

So the FBI recruited a criminal to sell these phones in exchange for a lighter sentence. Criminals don’t trust private companies, so they don’t trust off-the-shelf phones. Their only choice is to trust other criminals. Also, they understand criminals so they feel more comfortable trusting them.

The best thing for them would be to trust Signal, which is trusted by security experts. That’s no guarantee that it’s actually trustworthy, but at some point you have to trust somebody. No level of software audit will give 100% confidence, especially when you need to continually upgrade to keep ahead of new exploits.

This is a difficult world for criminals to adapt to. They say con artists are the easiest marks. While they already knew they shouldn’t trust anyone, they can’t communicate at all if they can’t trust any device. I predict that the FBI is already working on the next criminal phone, and we can expect this story to repeat itself every decade or so.

JonKnowsNothing June 11, 2021 4:45 PM

@Clive

re: do not forget Boris was actually born on the United States, which means he could stand as U.S. President if he so chose.

iirc(badly) Boris renounced his USA Citizenship after the US IRS (Internal Revenue Service aka Tax Persons) sent him a whopping big tax demand for a house he sold in the UK. As a US citizen by birth, he was required to file US Taxes (which he did not do) and pay US Capital Gains Tax on his house (big surprise $$).

He had to come to USA (New York?) and met with a crew of folks from the IRS and State Department and when he left, his Capital Gains payment was satisfied (dunno if he paid any funds at all) and his US Citizenship was over, otherwise he would still be on the hook for US Taxes and US Capital Gains etc.

However, I am sure that should Boris decide to re-settle in the USA he will find the government much more welcoming than the UK Hostile Environment version, although we are pretty hostile now, needing many tranquilizers to sooth the irritable bowels of our society.

He might get his birth-right citizenship back, especially if Patti expels him from the UK to his “ancestral homeland == USA”.

If he doesn’t get the birth cert restored and becomes a Naturalized Citizen (our test is way easier than the UK or AU versions) he can still run for any other office in the USA, from local council to Senator. We have lots of folks from other countries that help us run ours.

His big dilemma is this: He has to apply at a US Embassy, Consulate etc BEFORE he leaves the UK.

If he just “arrives” with a Happy Face and Happy Hairdo he will be jettisoned as an Illegal Alien, and receive a life long ban on entry to the USA, wherein he can join the thousands who are piled up in Destitution Camps along our Northern and Southern Borders.

MarkH June 11, 2021 5:13 PM

@JonKnowsNothing, Clive:

It’s of purely academic interest that Article II does not specify that a natural born citizen must retain that citizenship in order to become president.

A literal-but-silly reading of the text might be that it’s sufficient for the person to have acquired citizenship at birth, without regard to present status.

Under present law, renunciation of U.S. citizenship by adults is irrevocable.

In any case, there is also a requirement of 14 years residency. Given the practicalities of immigration, the earliest election by which BoJo could satisfy this requirement would be 2040.

MikeMcMaster June 11, 2021 5:47 PM

@echo
It’s probably something I would do if I were them but then I wouldn’t blab about it.

They’ve advertised to the world: one secure messaging app was not so secure after all; what makes you think yours is any better?

I expect a lot of shady types will be turning a critical eye to their current mode of communication right about now. Wouldn’t take too much effort to shake them loose from otherwise secure apps by casting doubts on their provenance; the migration naturally to a system with a more positive reputation. And even if the move is to a platform not already infiltrated by authorities, the migration itself will lend itself to upheaval and mistakes that lead to information leakage.

Or maybe they’re just idiots.

Ismar June 11, 2021 8:29 PM

One aspect everyone seems to be missing here is the propensity of the criminals for risk taking. Namely, the criminals were more likely to use an application they new very little about because of the lure of doing something risky which brings with it a possibility of big financial rewards.
In addition, it might have helped that the app was recommended by one of their own as well as the convenience it offered over other more cumbersome (albeit more secure) methods of communication (fits well with the “get rich quick “ mentality).
Lastly, it would be good to know the statistics around how often the app was used by different individuals and how much trust each one of them placed in it as the time and number of usages increased, and compare this with usage of other encrypted apps used by wider population (not that this is widespread either)

godel June 11, 2021 8:45 PM

@ drus ‘So, “3.7 tonnes of drugs, 104 weapons and $45 million” any idea about the return on investment for this program?’

I believe those figure were just for Australia and further arrests and confiscations were expected. There were supposedly 100 deaths prevented (hits) and 21 of those in Australia.

There also would have been large scale disruption of drug trafficking networks world wide (for a month or two).

What amused me is that the crims paid $2000 USD to buy the modified phones and then had to pay a monthly subscription fee to the FBI to run them.

TED June 11, 2021 9:43 PM

@metaschima
Faith is indeed a religious concept because unlike Trust one party is not adequately authenticated and probably can never be.

In my view trust and faith is also very similar, as you mention. Besides “faith” which is a religious concept there is also “conviction” which is pretty much the same thing but applied in non-religious contexts.

For example we have had people who were convinced (not much hard evidence needed) from that a particular political system is the best approach. Take for example some people who believe in some “-ism”. Similarly there are people who are convinced that some particular economic system/approach is better than others. These are also often based on opinions rather than unanimously agreed hard data.

Clive Robinson June 11, 2021 10:46 PM

@ David Leppik,

they can’t communicate at all if they can’t trust any device.

Sorry that’s not true at all, as I’ve already explained above in,

https://www.schneier.com/blog/archives/2021/06/fbi-afp-run-encrypted-phone.html/#comment-381218

What they lack is knowledge or the desire to implement such a system effectively.

The ability to communicate securely across very insecure “broadcast transmitters” was very much in use more than four decades befor Cellular Phones and into seven decades before Smart Devices.

Doing it is not rocket science and it’s well documented in very many books especially a number of memoirs from the late 1970’s through 80’s much to the great anoyance of UK Prime Minister Margaret Thatcher, who repeatedly “Chucked the toys out the pram” via the legal system and got egg flying back in her face.

The problem is such secure communications is “tedious” and needs people to be “exacting”. So not “convenient” or “immediate” which does not suit some temperaments that tend toward a bullish nature, we see in financial traders as well, hence previous US SEC successes for insider trading etc.

Faustus June 12, 2021 10:02 AM

When smart people are so resistant to an idea it makes me sad. I don’t believe that Bruce is totally blind to the interesting aspects of cryptocurrency. Nothing anybody does, no amount of success or invention, can ever satisfy a closed mind. In this case I have to believe it is closed by politics or money (as if they are different).

As solely an idea, cryptocurrency and the distributed finance it enables are fascinating. It is an extended examination of the possibilities of trustless or near trustless finance. It has reacted to concerns about energy usage much more rapidly than any other industry as Proof of Stake blockchains are rolling out to replace Proof of Work or to allow the heavy lifting to be done in a more efficient environment.

It is amazing that bitcoin has operated for this long and with this volume and no major vulnerability has been discovered. All the chains are hackable or exploitable, as are the defi protocols, but unlike in the rest of the world of computers, the boundaries of security are well defined mathematically. Hacks/exploits can be detected early and quickly remediated.

Cryptography can be defeated through side channels and brute force. We don’t discard it. Money in all its forms can be laundered. We don’t abandon it. Why all this special pleading about crypto?

We live in a world where people find themselves unable to create. Too many screens have left people empty. The can’t flourish so they are hell bent on preventing others from flourishing. Their lives are one long complaint.

Crypto is a major aspect of resisting this cloying negativity. If you want a small life or a life of make believe virtues, have at it! It is your right. But your right does not in any way override ours or the rights of a massive world of people who can’t sit back and enjoy the privileges you have.

I have made great money with crypto and now I am using it to give third world people entree into finance on an equal level with the rest of the world. And no this isn’t some fake social entrepreneurship. I’m just giving it away.

I know: Evil like mine cannot be tolerated. It must be shut down so we can continued to be dominated by the same 1%.

Freezing_in_Brazil June 12, 2021 11:09 AM

@ MarkH

Ditto the sentiments.

@ echo

In today’s world, politics is not that hard. UK politics is crystal clear. It can (and is) be monitored from afar. Want to know what’s ignorance? People discussing Latin American politics.

Regards

MarkH June 12, 2021 2:36 PM

@Faustus:

Did Bruce say cryptocurrency should be “shut down?” I don’t recall that.

If he didn’t, you’ve offered a “straw man” argument … not good.

You wrote that we “live in a world where people find themselves unable to create.”

When in all human history has a greater proportion of people had opportunities for self-expression, or the creation of wealth?

echo June 12, 2021 4:46 PM

Freezing_in_Brazil

Want to know what’s ignorance? People discussing Latin American politics.

I have copies of and have read the reports written either by the people of those countries themselves or respected NGO’s. The Catholic church is up to its neck with far right aligned bad faith actors and it’s especially bad in Latin America. Their activity using various proxies has been detected in the UK and with great respect they can keep their nose out of our business. The EU is well aware of what the Catholic church are up to and are having none of it.

A signnificant number of very serious hate crimes are perpetrated by these self-same hard right aligned bad faith actors in Latin America. As I said, I have read the reports.

If a cow farts on the other side of the planet and it effects my interests I usually get to hear of it one way or another.

What has been happening in the UK had had series impacts around the world as right wing far right aligned bad faith actors have become emboldened. This includes terrorist activity in the EU and far right policies being pushed by US politicians egged on by US terrorists. Yes, this cohort does exist. I’ve read the reports.

And the last report you read was?

metaschima June 12, 2021 5:07 PM

@TED

“Take for example some people who believe in some “-ism”. Similarly there are people who are convinced that some particular economic system/approach is better than others. These are also often based on opinions rather than unanimously agreed hard data.”

Yes. “-ism”s are ideologies used to deceive the masses. They all boil down to oligarchy, every last one that has ever existed and probably will ever exist. The many ruled by the few, a one way deal. There are small differences between them in how they treat the many. Some are very harsh while others offer more opportunity.

Weather June 12, 2021 5:15 PM

@echo
Your extreme points would fit in well with a terriosit organization, I didn’t want to be another rung on the ladder, so can you change?

serverlessnomad June 13, 2021 4:30 AM

The last comment on cryptocurrency seems like a biased dig more than a reasoned argument. Certainly there are trust issues, which the ecosystem continues to try to address. Note by ecosystem I don’t just mean Bitcoin. However you don’t even attempt to juxtapose cryptocurrency with current fiat monetary systems that lack all manner of transparency. A system, at least in the US, that has been around longer than anyone reading this has been alive and has made zero attempts to become transparent and trustworthy.

Serverless Nomad June 13, 2021 4:32 AM

The last comment on cryptocurrency seems like a biased dig more than a reasoned argument. Certainly there are trust issues, which the ecosystem continues to try to address. Note by ecosystem I don’t just mean Bitcoin. However you don’t even attempt to juxtapose cryptocurrency with current fiat monetary systems that lack all manner of transparency. A system, at least in the US, that has been around longer than anyone reading this has been alive and has made zero attempts to become transparent and trustworthy.

David Leppik June 13, 2021 8:48 AM

@Clive:

If I understand correctly, you’re suggesting that they shouldn’t have dropped their operational security (e.g. speaking in coded language.) That’s a fair point. But it doesn’t change the underlying fact:

They were carrying around FBI-controlled, networked cameras & microphones.

The fact that the FBI didn’t bother enabling the microphones when they weren’t on a call is just a matter of convenience for the FBI.

Criminals used to swap out SIM cards or entire phones on a regular basis. They would use birth control pill clamshells to hold a month’s supply of synchronized SIM cards, with contact phone numbers pre-installed. Then cops got too good at the network analysis for tracking prepaid SIM cards. Or maybe phones stopped using the friend list on the SIM cards.

The level of paranoia required for modern criminals is beyond what’s humanly possible. What’s more, these phones were designed to lull the criminals into a false sense of security. If a criminal could be sufficiently operationally secure, they wouldn’t have the risk-taking personality required for the rest of their job, and would quickly get eliminated by a competitor.

Clive Robinson June 13, 2021 4:15 PM

@ David Leppik,

They were carrying around FBI-controlled, networked cameras & microphones.

The problem there is the “convenience” of “carrying around” that would have enabled their positions to be mapped. Which is a known and well documented OpSec fail and careless SOE radio operators learned the hard way during WWII that “being mapped” was “being captured” and all that went with it.

It’s been known widely for well over a decade and a half that due to “the spooks” infesting Standards Committees they had put remote microphone enables in all telecom phone standards on the excuse of “Health and Safety”. In fact if you can find the old UK GPO documents you will find it went in as part of “System X” digital phone design back in the 1960’s.

Criminals used to swap out SIM cards

Never been a good idea, because the phone sends it’s unique electronic identifier to the network as well as that of the SIM.

As for “swaping phones” the teen and pre-teen kids in “steaming gangs” worked out how to deal with that on their own quite some time ago.

The smarter Criminals know how to deal with it as I’ve mentioned before by setting up shops that buy and sell second hand phones from/to ordinary people.

The level of paranoia required for modern criminals is beyond what’s humanly possible.

Not at all, remember those spying on their own country for a foreign power have to be a lot more cautious, and generally they survive untill some “case officer” in the likes of the CIA screws things up.

If people are thinking about becoming spys for Western Nations certainly give the US agencies a miss they tend to fail rather more than most by trying to be “to high tech”.

As I’ve mentioned before, untill fairly recently “non-tech” well tried and long proved “field craft” was the way to go, because “resource issues” limited what anti-espionage agencies could do.

Sadly the price of tech has dropped to the point where “collect it all” now has a considerably “broader scope” than just “electronic communications”. In the UK now in London trains have recording CCTV in every carriage from multiple cameras, likewise stations and busses. Even bus stop areas are getting CCTV.

As the recent scandle with the owners of the areas around St Pancras showed with not just CCTV but face recognition and tracking software being in public is not a good idea.

Oh and now there is Amazon with it’s Ring giving full access to Law Enforcment so every Ring Front Door Bell spyes on the street.

All of this surveillance gets kept for an unknown length of time…

Thus becomes part of that “Information based Time Machine” that alows “backwards tracking” for atleast seven years and in some cases a couple of decades…

As search algorithms improve so the “time machine” will be able to not just “spot crime” but walk it backwards in time to find all the contacts. Which can then be run forwards again to provide contact mapping thus able to do “pre-crime” prediction.

Will that stop criminals? no. Will criminals get caught? the unlucky and stupid ones will. The smarter criminals will always out evolve law enforcment because they are motivated in a way law enforcment are not.

You here politicians make claims about falling crime figures. Well first you have to realise that in the UK certainly not all crimes are recorded and victims are actively discoraged from reporting crime.

This plays out nicely for both the politicians who claim their “Hard on Crime” policies work and the criminals who switch to crimes that don’t get recorded thus investigated.

So when a UK Home Office Minister trots out the usuall bovine excretion about “crime falling” it’s a compleat nonsense, because in fact it can be shown that actual real crime figures are up, way up…

Thus we now have not just “Smart Tec” for the authorities we now also have “Smart Crooks” that avoid the consequences of the Tec, by exploiting what are basically “resource and man power” limitations that set investigative bars…

The smartest of crooks however just use lobbyists to have their crooked activities kept legal…

Whilst others work out not just how to stay under investigative bars, but also off of the surveillance systems. The way they do this is interesting, but you’ll have to do your own research, in the past I’ve had comments I’ve made removed for saying what is not just common knowledge but actually published publically.

Throwaway1 June 14, 2021 6:57 PM

@Clive,

The problem we all are facing, especially academics, is this information warfare. It’s not in the interest of the advancement of science to delete your posts.

Fake June 15, 2021 8:00 PM

@Clive,

the ring door bell is dual use,

i use it to watch a semi-mobile store front.

‘ring bell for service’, or don’t not a big deal if i’m robbed and fairly useful in the event that i’m shot in the, er my line of service.

kropp June 17, 2021 8:57 AM

@JonKnowsNothing

He had to come to USA (New York?) and met with a crew of folks from
the IRS and State Department and when he left, his Capital Gains
payment was satisfied (dunno if he paid any funds at all) and his
US Citizenship was over

To renounce the US citizenship, one has to go to a US consulate or embassy.

echo June 17, 2021 5:29 PM

@JonKnowsNothing, kropp

Quarterly Publication of Individuals, Who Have Chosen To Expatriate, as Required by Section 6039G

A Notice by the Internal Revenue Service on 02/09/2017

https://www.federalregister.gov/documents/2017/02/09/2017-02699/quarterly-publication-of-individuals-who-have-chosen-to-expatriate-as-required-by-section-6039g

Alexander Boris Johnson is listed in here. Mind you Johnson has more ways of lying and going back on things than there are sand particles on the beach so I wouldn’t consider this final final.

SpaceLifeForm June 18, 2021 2:43 AM

@ Throwaway1, name.withheld.for.obvious.reasons

Your point is the point. It really is information warfare.

Fascists do not want people that have not joined their cult. The Fascists do not want The Outsiders, to communicate. The Fascists want everyone to join their club, to become a member of their enlightened cult. Fascists think that anyone (an Outsider) that does not agree with them, is wrong. Fascists really hate declining membership numbers. Fascists are sick, insane people, that need others to agree with their insanity. To give them support. It is a psychological problem that even illegal drugs can not help them with.

These people are so far gone, so insane, that the only way they can survive is to have more psychological support. So, if you don’t want to join their club, you must be the bogeyman. Because these kinds of insane people must always have a bogeyman. There must always be someone to blame. It’s never their fault.

Functioning Mirror neurons are a thing. Insane people do not have any.

The information war is simple: In their mind, their dogma is the true thing, anything else is false. You must believe. You must join their cult. If you have not joined their cult, you must not communicate.

See Q.

ADFGVX July 12, 2021 2:17 PM

commercial encrypted phone app, called AN0M, that was used by organized crime around the world. Of course, the police were able to read everything —

That is very unfortunate, especially in that the law enforcement agents, who were cognizant of and privy to the operations of organized crime networks, and presumably in a position to stop the criminal activity, did nothing of the sort, but instead found ways to benefit themselves by remaining complicit in serious organized crime networks, and at the same time even further entrenching themselves in government bureaucracy through government employee labor unions such as FBI Agents Association (FBIAA), Australian Federal Police Association (AFPA), International Association of Chiefs of Police (IACP), International Union of Police Associations (IUPA), and similar organizations of criminals who work law on the prosecutorial side.

Siegfried July 13, 2021 1:30 AM

There is no absolutes in a system of security. As for trust versus faith in the field of cryptography I don’t believe there is any need to go into such great depths defining trust and faith. The core point is that trust is conditional and requires certain qualifications to insure reliance. A security system can exist without trust and be effective (perhaps even more effective than a trusted system defined by vague conditions as all cryptographic security methods have an expiration date). The crucial difference between the two topics is that faith relies on a unconditional belief, a highly dangerous proposition under most circumstances since it results in a lack of oversight or questioning. To have genuine faith is to reduce questioning or doubting. The integrity of all systems can be compromised so having faith versus trust in a security mechanism is foolhardy. In doing so an individual or organization is inviting disaster and almost surely susceptible to oversights in crucial areas.

Siegfried July 13, 2021 1:32 AM

There is no absolutes in a system of security. As for trust versus faith in the field of cryptography I don’t believe there is any need to go into such great depths defining trust and faith. The core point is that trust is conditional and requires certain qualifications to insure reliance. A security system can exist without trust and be effective (perhaps even more effective than a trusted system defined by vague conditions as all cryptographic security methods have an expiration date). The crucial difference between the two topics is that faith relies on a unconditional belief, a highly dangerous proposition under most circumstances since it results in a lack of oversight or questioning. To have genuine faith is to reduce questioning or doubting. The integrity of all systems can be compromised so having faith versus trust in a security mechanism is foolhardy. In doing so an individual or organization is inviting disaster and almost surely susceptible to oversights in crucial areas.

Clive Robinson July 13, 2021 2:30 AM

@ Siegfried,

A security system can exist without trust and be effective (perhaps even more effective than a trusted system defined by vague conditions as all cryptographic security methods have an expiration date).

Err not true… But what you are trying to say is not incorrect.

This is because you are,using the wrong meaning of “trust”, and using it ambiguously.

You are actually talking about “human trust” which is a failure at the best of times. The “ICTsec trust” has almost the opposite meaning.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.