Snowden tells tech bigwigs: It's up to you to thwart mass surveillance In a quietly arranged Q&A session at South by Southwest (SXSW) on Sunday morning, Edward Snowden told about thirty influential people from the tech world that the onus for thwarting mass surveillance was falling to them. Snowden had previously spoken at SXSW with the American Civil Liberties Union, explaining to attendees the …
I trust the maths.
The software less so.
The govt , not really much. Not because of malign intent (though there is certainly some of it), but due to the general competence of large organisations.
If everything was encrypted and law enforcement were forced to use their brains and legal means(not the current illegal shortcuts), perhaps the orgy of human rights abuse would be stemmed a bit. I would hope anyway....
And further to the maths point, RSA is not provably difficult, just no demonstrated algorithm has been discovered.
As with all things in science, solving a problem in one area may lead to the solution in another...
P.
Speaking at the Chaos Computer Congress late last year, Jacob Appelbaum confirmed that the contents of PGP and GnuPG encrypted email, the standard end-to-end encryption tools and basis for the above plug-ins, remain secure from dragnet capture.
Alas, it shows sender, recipient, and subject line, all in clear text - for protecting meta data (you know, the stuff that shows relationships and that can be collected in many countries without any court order) PGP/GPG sucks. For protecting content it's excellent.
Mass surveillance seldom improves security for long. Most people who regard themselves as law-abiding don't care much one way or another (and will not be sending any information that helps security), and the people who know that they are or will be breaking their government's laws quickly find ways to circumvent the surveillance after hearing about a few arrests/disappearances.
Meanwhile, increased surveillance means increased amounts of data, and because the "bad" guys take steps to avoid detection, an increased percentage of false positives - due to the fact that lots of apparent correlations are going to pop up by sheer chance once you get above a certain amount of *completely untargeted* data. Eventually so much manpower is expended chasing the false trails that most of the threats that are flagged up are ignored - leading to very bad press when one of the ignored threats turns out to be real, and the headlines scream that MI5 knew about the threat all along but did nothing.
CCTV is great for detecting parking offences and drunken weekend punch-ups, but the serious criminals have long learned how to avoid being caught by it.
CCTV is great for detecting parking offences and drunken weekend punch-ups, but the serious criminals have long learned how to avoid being caught by it.
You'd think so, but you'd be wrong. Fingerprints have been widely known about for what... 100 years? And yet the police still identify millions of criminals each year based on having left their prints behind at a crime scene. Most criminals are dumb as a box of frogs and have all the forward planning skills of a politician in search of a soundbite.
Even if we didn't have the sigint agencies to worry about, we would need better security of all kinds (encryption, traffic analysis and monitoring, device features, firmware/software design, user education), because various black hats seem to be ripping off the personal data of thousands or millions of users at a time.
However, the sigint agencies activities just make this more vital. They are basically in a state of somewhat limited cyberwarfare with the tech industry. I mean, what else would you call their penetration of security standards, telecoms cables, security-related databases, IT products of most kinds and spoofing of information/online services for phishing ill-defined intelligence targets? The tech industry and IT professionals in your local IT department need to fight back if they are to protect their business and their customers' and users business and information.
So I feel somewhat bad for the former chief of MI6, but he failed to maintain proportionality in the activities of Britain's spooks (Gemalto being a great example), and having scared the Hell out of many techies he is left wondering why they won't cooperate with what he represents.
"So I feel somewhat bad for the former chief of MI6, but he failed to maintain proportionality in the activities of Britain's spooks"
In a democracy successful policing means policing by consent. And if you won't own up to what you want to do you have no means to ask for consent.
I don't feel bad for the fuckers at all. It's rape. What the spooks want is -at the end of the day- unrealistic...they want an overview of our *private* lives; while simultaneously preventing other spook agencies/countries that same overview.
Software and comms are either secure or they aren't. You can't have partially porous software and comms because sooner or later (my money's on sooner) the unfriendlies and blackhats will work out their own keys to any backdoors.
Let's not forget both that the spook outfits have been enacting what amounts to war on their own side (without the courtesy of announcing said war) and also that many of the things we are in danger from were fucking started in the first place by our own governments and allies.
"All of us, you and me here tonight, are more at risk from terrorism and cyber-attack. And why? Mainly because technology companies has [sic] scaled back their previous quiet co-operation with intelligence agencies meddled in the domestic afffairs of foreign powers, supporting insurgents with whom we wished to negotiate favourable trade deals for oil and other resources, who then turn the very weapons and tactics we provided against us when we tried to meddle even more into their domestic affairs."
Whilest not being the AC above, for me Snowden breaks down like this....
Negatives:
Its harder to detect terrorism - logically this must be true, because like the rest of us, terrorists are also now aware of just how extensive state monitoring is and will go to additional effort to conceal their communications and operations.
Positives:
Well, we know all those spy movies were basically right, if a little understated.
He ignited debate. Whichever side of the Snowden fence you sit, the debate around privacy vs state snooping has to be a positive thing. People who do the most to stiffle debate around their beliefs are those most often found to have opinions with the shakiest of foundations.
You asked a simple question to which I would venture there is no simple answer.
I'm not sure if Snowden should win a Nobel prize for his actions or not, mostly because I've not put a lot of thought into it (hey, at least I'm honest)....
I do think we should have a Snowden prize for: Transparency; Digital activism; and Privacy. These to be awarded annually to those making the greatest contribution. All I need now is to find some squillionaire to back the play.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
