Living with the surveillance state [LWN.net]

By Jake Edge
October 29, 2013

The final day of LinuxCon Europe had some of the only content that was focused on the largely European audience at the conference. Mikko Hypponen, chief research officer at F-Secure, gave a talk about living in a surveillance state, with an unmistakable slant toward Europe and the rest of the world outside of the US. There is an imbalance in the surveillance being done, not just the imbalance of governments vs. the people, but also that of the US vs. the rest of the world.

Hypponen started with a little personal history. He is from Finland, "where it was snowing on Saturday", and started programming at 13, because he is a Finn and that is "what we do", he said with a chuckle. In 1991, when he was a bit older, he reverse-engineered boot-sector viruses, which was his introduction to the security world.

Cheap data

Over the last few years, we have started realizing that "data is cheap", he said. We don't have to decide what to keep and what not, we can just keep it all forever. It is the "biggest shift" in our thinking that has happened in that time frame, and it has enabled lots of great things. It also has enabled the storage of surveillance data for, essentially, ever.

What we are seeing today is "wholesale blanket surveillance", with the US National Security Agency (NSA) capturing who we talk to, what we search for, who we email with, and on and on. The laws in the US give the NSA the right to do that for "foreigners", which means 96% of the planet, Hypponen said. Everyone in the world uses US-based services "all the time"; from the cloud to web mail and beyond, all of the most popular services are US-based.

To store all of that information, the NSA is building its "infamous" data center in Utah. He could give the estimates for the amount of data it will hold, but thought it would work better with an analogy that can be more easily visualized. Think of the "largest IKEA you have ever seen", and the NSA's new data center is five times that size. Now think about the number of hard disks you can put into one of those IKEAs, he said.

We are more honest with the internet than we are with friends and family, he said. That means we give away a lot of information about ourselves when we use the internet. To illustrate that, his slide showed search autocompletes for various partial phrases such as "should I tell my girlfriend ...".

According to Hypponen, some surveillance is reasonable. For a school shooter, drug lord, or member of terrorist cell, for example, surveillance should be allowed and the authorities should have the technical means to do so. But first, there must be suspicion of the person in question and proper legal papers need to be filed.

That is not what is going on today. Instead, everyone is being surveilled, including many who are known to be innocent. While you may not worry about the current government misusing that information, the government could change at any time. Show me your search history, he said, and I can find something illegal or embarrassing easily.

"Defenses"

Various people will say that we already knew about this surveillance, that it's nothing new. "Don't listen to them", Hypponen said. We may have suspected this was going on, but now we have the facts. The leaks from Edward Snowden are nearly unique because they are "top secret" documents, which almost never leak. They are bigger than anything WikiLeaks has released or the leaks by Private Chelsea Manning, neither of which contained any top-secret information. For example, we did not know that the NSA was subverting cryptographic algorithms—making us all less secure so its job is easier—until the Snowden releases.

Another "defense" is that "all countries spy", but that is something of a red herring. There is a clear imbalance because of the popularity and prevalence of US-based services. Think of the number of Swedish government officials and business leaders who use US-based services or an operating system that comes from the US. Every single one does so every day, he said. Now think of the US equivalents who use Sweden-based services or operating systems: none. That is the imbalance.

There is also the argument made that this is a tool in the "war on terror". It is not, he said. There is an effort being made to find terrorists, but there is much more going on than that. The NSA is monitoring communications at the United Nations (UN) and European Union (EU) headquarters, but he doubts it is looking for terrorists there.

There are terrorists on the planet, Hypponen said, and we should fight them, but are terrorists truly an existential threat? Are we willing to do anything to stop them? Are we willing to throw away the US Constitution and Bill of Rights, the Universal Declaration of Human Rights, and freedom of the press to fight terrorism?

Nothing to hide

Another argument made is that "I have nothing to hide". If that's true, he said, he wants to know because that means he cannot trust you with his secrets. But it is a pervasive argument. For example, he posted a tweet about the PRISM program back in June, which was immediately greeted by "If you have nothing to hide, why does it matter? Sending naked pictures or something???". His response was that it was none of their business, and that it should be none of the government's business either. Think of what the Nixon administration would have done with the information generated from today's surveillance activities, he suggested.

In Finland in the 1970s, it was a crime to be gay, he said. With today's surveillance activities, it would have been easy to round up all of the gay people and put them in jail. Had that happened, it is likely that being gay would still be a crime in Finland today.

Hypponen quoted Dilma Rousseff, President of Brazil, who was making a complaint about the US surveillance regime at the UN: "In the absence of the right to privacy, there can be no true freedom of expression and opinion, and therefore no effective democracy." He also noted that Marcus Ranum, chief security officer at Tenable Network Security, has called the internet "a colony for the US". Hypponen said that those outside the US should note its colonization and start thinking of that country as their "masters".

Something else that we have learned through the Snowden leaks is the "three hop rule". When a target is identified for further analysis, it is not just those who the person is talking to that get looked at, but those who those people talk to, and one more hop beyond. That makes for an extremely wide net. Using the "#friendofafriendofafriend" hashtag, he also tweeted about that: "I'm scared of some of the people I'm three hops away. Actually, make that one hop."

There is a slide from the Snowden trove that lists dates when PRISM access was gained for various providers (like Facebook, Google, Microsoft, Apple, and so on). All of the providers deny giving that access, yet the slide contents have never been denied by the US government. Hypponen thinks we may finally have an explanation for the conflicting stories. More recent disclosures have shown an "Operation Socialist" that describes some "elite hacking units" of the NSA and its UK equivalent, GCHQ.

An effort by GCHQ to attack a Belgian telecom company for surveillance purposes is what is described in the slides. What is particularly galling is how casually this kind of attack is treated in the slides. The slides come with "cheesy" clip art (a stylized "success" for example). There is no mention of team building in a bar, but Hypponen is sure that happened as well. So maybe those dates correspond to when those companies were, sadly, compromised by their own government. It would explain the denials in the face of the "dates of access" slide, he said.

Blaming Snowden

There are a lot of people who are blaming Snowden, he said, which is a bit like blaming Al Gore for global warming. It is interesting to note how little support Snowden has gotten from the rest of the world, and Europe in particular. Hypponen asked the audience to imagine that Snowden had been Chinese and had leaked the same story. Imagine the uproar it would have caused if the Chinese government had charged him with treason—or an allied government destroyed the hard disks of a newspaper as the UK did at The Guardian. We haven't done a very good job of protecting Snowden, he said.

The internet turned out to be a perfect tool for surveillance, unfortunately, he said. Other countries should avoid using US-based services and operating systems to avoid the surveillance that seems to come with them. It is difficult to do, but the alternative is worse. He put up the famous (fake) picture of George Orwell's (of 1984 fame) home in the UK with a closed-circuit TV camera in front of it, noting that "we do have a solution" to loud applause. He continued: "In many ways, Orwell was an optimist."

Hypponen ended his talk with a suggestion. Everyone should be using open source software, which mitigates much of this threat. If every single country were to participate in the creation of open source alternatives to the US-based services that are so prevalent, they would help avoid the surveillance problem—while lifting the rest of us up as well.

The talk seemed to be quite well-received by the largely European audience that it was clearly targeting. Unfortunately for those who were not present, video is not available, evidently due to an audio problem. For those who were there, though, Hypponen gave a rousing talk that certainly proved thought-provoking—exactly the kind of keynote talk one would hope for.

[I would like to thank the Linux Foundation for travel assistance to Edinburgh for LinuxCon.]

Index entries for this article
Security	Surveillance
Conference	LinuxCon Europe/2013

to post comments

Living with the surveillance state

Posted Oct 29, 2013 14:54 UTC (Tue) by ms (subscriber, #41272) [Link] (70 responses)

"Hypponen ended his talk with a suggestion. Everyone should be using open source software, which mitigates much of this threat."

Huh? I use open source. Facebook uses open source. How does this have any impact on the NSA hacking Facebook and spying on me?

Living with the surveillance state

Posted Oct 29, 2013 16:06 UTC (Tue) by drag (guest, #31333) [Link] (68 responses)

mitigates threats != eliminates threats.

Closed source software like Skype, Adobe Flash, Facebook Android clients, and things of that nature are actively being used to spy on individuals.

And obviously online services use open source software, but they are not open source themselves. Using your own hosted services and P2P protocols that eliminate middle men services are also going to help a lot.

Living with the surveillance state

Posted Oct 29, 2013 16:17 UTC (Tue) by ms (subscriber, #41272) [Link] (67 responses)

The problem is that a great deal of the value proposition of these "services" exists precisely because of their monopoly and ubiquity. If you care about the type of interactions that facebook provides then there is no point being part of some open-source non-facebook because the absence of other users you care about means you can't take part in the interactions you want - the platform holds no value.

Equally, if facebook open sourced all its software today, I would bet it wouldn't make a blind bit of difference to the NSA.

The hacks that are always going to be available are hacks that rely on a combination of software, a combination of configurations and a combination of events that will always escape capture by mere "more eyes". Absolutely, we can talk about mitigation and stopping random unsponsored hackers making off with troves of data and supplying a black market. But realistically, the complexity of modern software (coupled with the utter lack of interest by 99.99999% (underestimate) of all programmers in proving correctness of their code) means for a well sponsored state-backed agency, there will *always* be ways in.

That really, is the core of it all.

Living with the surveillance state

Posted Oct 29, 2013 16:38 UTC (Tue) by drag (guest, #31333) [Link] (53 responses)

> The hacks that are always going to be available are hacks that rely on a combination of software, a combination of configurations and a combination of events that will always escape capture by mere "more eyes".

The NSA doesn't depend on hacks. It depends on blackmailing corporations and using legal threats to get what it wants. Along with that they work to undermine the use of secure encryption technologies whenever possible.

It _CAN_ and do use hacks and such, but that's not how they operate primarily. That's expensive and only going to be used with specific targets, I believe. NSA, and the equivalents are cooperating with your governments to undermine your security and safety. You don't need to rely on hacks when you have the support of the military, police, and the politicians.

Also security does not have to depend on everybody getting everything right 100% all of the time. Security is done by good design, layers, good protocols, good encryption, and good sense. You cannot eliminate the threat, but you can massively reduce it. You can make it so that it's difficult, if not impossible, to simply stick a pipe into a ISP or internet backbone and suck up all the email and online activities of users in one fell swoop.

> If you care about the type of interactions that facebook provides then there is no point being part of some open-source non-facebook because the absence of other users you care about means you can't take part in the interactions you want - the platform holds no value.

Facebook displaced MySpace. MySpace displaced LiveJournal. And newer online services are displacing Facebook.

Facebook isn't going to be around forever and, believe it or not, a great majority of the population has no desire to use Facebook at all and would happily jump ship if something better came along. It's not the be all and end all.

And, frankly, all these 'social media' services are built on a house of cards. Their modus operandi specifically revolves around gathering as much information on users as possible , packaging it, and selling demographic groups for the purposes of online advertising. Once the businesses that depend on these advertisements start realizing that the 'views', 'likes', 'clicks' and the rest of the metrics are all a complete fabrication then I expect to see a massive contraction in the industry.

So in case that opportunity arises then the Open Source/Free software community has to be there with already established and mature ways to not only put yourself out there to be found, but to be able to find and communicate with other people in a distributed and P2P fashion. The trick is that not only does it need to be open source, it needs to be better, easy to use, and gives uses the ability to not only decide, but directly control how much control they should have over their information.

Living with the surveillance state

Posted Oct 29, 2013 16:57 UTC (Tue) by hummassa (guest, #307) [Link] (10 responses)

> Once the businesses that depend on these advertisements start realizing that the 'views', 'likes', 'clicks' and the rest of the metrics are all a complete fabrication then I expect to see a massive contraction in the industry.

Care to elaborate on this? Calling all the metrics "a complete fabrication" is kind of incompatible (IMHO) with "businesses that depend on these advertisements"... or I didn't parse it right.

Living with the surveillance state

Posted Oct 29, 2013 18:43 UTC (Tue) by mathstuf (subscriber, #69389) [Link]

Their business model could really be "deceive ad agencies how useful our made up numbers really are".

Living with the surveillance state

Posted Nov 1, 2013 4:26 UTC (Fri) by drag (guest, #31333) [Link] (8 responses)

> Care to elaborate on this? Calling all the metrics "a complete fabrication" is kind of incompatible (IMHO) with "businesses that depend on these advertisements"... or I didn't parse it right.

Hrm.

'businesses that depend on these advertisements'. I mean like toilet paper companies, vacuum cleaner salesmen, car companies, movie producers, and other people that purchase ads online and provide the money that 'social' websites need to thrive off of. They depend on advertisements to sell their products. They give money to advertising agencies that then buy space on popular websites.

That's the money that pays for all the bandwidth, servers, etc that companies like facebook use to attract the demographics that the advertisers want.

One thing to always keep in mind with these companies is that the primary business of companies like Google or Facebook or Twitter or whatever isn't the online services they provide you. Their primary business is selling you, the user and every bit of personal info they can get their hands on, to the advertisers. Bundling you up and creating packages that the advertisers can pick and choose from.

I used to work for a company that did this sorts of stuff successfully pre-internet. They depended on mortgage companies selling your personal data. State governments selling your personal data. Drivers license info, credit card spending habits, and all that stuff for tracking people and carving them up into demographics and worked with the Post Office to make sure that they had accurate information on people living at various addresses. Used it for junk mail.

Now that information combined with your online habits and email history they can paint a much more complete picture of you and figure out how to bundle you with other people and sell you.

It seems likely to me that there is a widespread and epidemic practice of generating false metrics in order to drive up prices for advertisers. Not just by people like Google or whatever, although they are part of it, but all the people that get kick-backs from google. Youtube users, people advertising crap on facebook, people trying to drive traffic to their blogs, etc etc. It goes top to bottom. Ranging from small time BS, to organized crime and botnets.

Once the advertising agencies, or the companies that spend the money on the advertising agencies, figure out how to accurately gauge the effect of those advertisements on the buying habits of the public then I figure there will be a significant constriction in the online service industries.

Especially if at around the same time we enter into a new stage of 'recession' in the economy. As long as people have big budgets then sometimes the main problem is just figuring out how to spend it. However that can change if corporations start having to penny pinch.

Living with the surveillance state

Posted Nov 1, 2013 7:54 UTC (Fri) by klbrun (subscriber, #45083) [Link] (1 responses)

Traditionally, marketing departments always knew half of their expenditures were wasted; the problem was, they didn't know which half. It appears that the internet has not changed that aspect of the business.

Living with the surveillance state

Posted Nov 1, 2013 9:50 UTC (Fri) by khim (subscriber, #9252) [Link]

Of course. Was there any doubt? When Google just started effectiveness of ads on it's search pages was off-the-charts. It was ten or maybe hundred times more effective then TV ads (per dollar spent). Of course such thing brought marketing guys in droves, ads filled less and less relevant pages and effectiveness of ads went down. Guess what exactly limits said process? Right: other forms of advertisement. Internet spending grows till it starts wasting more or less the same percentage as other mediums.

This, again, shows how wrong drag is: short-term cheaters win, but medium-term mediums with better metrics win (and long-term we are all dead which makes this case not very interesting).

Living with the surveillance state

Posted Nov 1, 2013 9:43 UTC (Fri) by khim (subscriber, #9252) [Link] (5 responses)

It seems likely to me that there is a widespread and epidemic practice of generating false metrics in order to drive up prices for advertisers. Not just by people like Google or whatever, although they are part of it, but all the people that get kick-backs from google.

Google is not part of it. Not because they are all that “altruistic” or “fair”, but because all such shenanigans can only ever provide temporary boost and Google does not need temporary boost: it makes more then enough money short-term and it's goal is to convince advertisers to continue to spend money on them long-term. That means that when Google discover some large cheats it usually cracks on them and “miss the expectations” that quarter. Small cheaters can get away with their schemes for awhile, alas.

Once the advertising agencies, or the companies that spend the money on the advertising agencies, figure out how to accurately gauge the effect of those advertisements on the buying habits of the public then I figure there will be a significant constriction in the online service industries.

LOL. Nope. The effect will be the exact opposite. You think Google business is big? TV ads business dwarfs it by a huge margin. It's budgets are slowly moving to the Internet because it already easier to gauge the effect of the ads on the Internet. If someone will find even better way to more accurately measure effects of the ads on the Internet then Internet will get bigger slice of the advertisement fee.

Especially if at around the same time we enter into a new stage of 'recession' in the economy. As long as people have big budgets then sometimes the main problem is just figuring out how to spend it. However that can change if corporations start having to penny pinch.

Wrong again. We are not in the 'recession', we are in the first stages of extremely large depression (thing Great Depression… only bigger). All the corporations are hurting because buyers are just not there (and buyers are not there because they don't have money). What does it mean? If you'll start to “penny pinch” then you'll go under even faster. Which will probably mean that medium-term ads will become even more important. Long-term, yes, situation will be different (if all your competitors go bankrupt and you are left alone then you don't really need more ads, right?), but this stage is many years removed from today.

Living with the surveillance state

Posted Nov 1, 2013 22:02 UTC (Fri) by nix (subscriber, #2304) [Link] (4 responses)

we are in the first stages of extremely large depression (thing Great Depression… only bigger)

Do you have any evidence for this peculiar statement? I've never heard it anywhere else outside the sort of website that tells you to turn all your money into gold and beat it into gold-lined tinfoil hats to keep the chemtrails off. The US in particular is barely in recession at all any more, and many metrics (housebuilding starts, household debt ratios, etc) are rapidly improving. Even Europe is out of crisis, though hardly in ideal state yet.

Living with the surveillance state

Posted Nov 2, 2013 0:50 UTC (Sat) by khim (subscriber, #9252) [Link] (3 responses)

Do you have any evidence for this peculiar statement?

Do you need theory or evidence? Evidence is there if you look for it, situation with theory is much harder because last century was spent in building nice mathematical models which explained how you can achieve infinite growth on a finite planet. They apparently don't work, but we have no new ones just yet.

As for evidence… it's there if you know where to look.

The US in particular is barely in recession at all any more, and many metrics (housebuilding starts, household debt ratios, etc) are rapidly improving.

These are all smokes and mirrors. They are supposed to be “early indicators” for the future employment rates, but they no longer work that way. If you'll take a look on the the actual situation with the labor force then there are no improvement. Official explanation of difference between this rosy picture and the sad reality which non-easily-falsifiable metrics gives us is “oh, that's all about baby boomers, you know they are retiring and there are fewer young workers”, but if you'll visit the appropriate site you'll find out that number of workers above 65 was 64.54 million five years ago, 78.78 million year ago and 81.97 year today. IOW: these pesky baby boomers are not retiring, instead they work till they drop! What goes down instead are workers between 35 and 44 years. This basically means that this actually-not-so-rosy picture is completely artificial: government just writes off millions of people (they apparently like to live on subsidies). This four years after the end of recession, remember?

Even Europe is out of crisis, though hardly in ideal state yet.

Europe? Don't make me laugh. The only country which is in good shape is Germany and they don't have resources to bail everyone else out.

Living with the surveillance state

Posted Nov 3, 2013 11:37 UTC (Sun) by kleptog (subscriber, #1183) [Link] (2 responses)

Personally I think saying that we're in for something worse than the Great Depression really diminishes how bad the Great Depression really was. There world trade was cut in half and unemployment was 20-30% or more. Right now world trade is back where it was and unemployment is higher but not hugely so. If you didn't pay attention to the news you might not have noticed a recession going on at all.

However, I think your point is more to the long term. The thing is, our ability to produce things is indeed limited by a finite planet, but most of the economy (80%) is in services, not goods and there no particular limit to the number of services that can be provided. I can see production of goods stabilising (if it hasn't happened already).

That's not to say there aren't challenges. Fossil fuels will run out and we need to replace them with some other energy source and drastically improve efficiency. But I'm a glass half full kinda guy and there are signs of movement. Our economy is 20 years will look radically different, but hey it looked radically different 20 years ago too.

That said, I'm not entirely sure about the US. They have a serious problem at the political level and it's not clear they look far enough ahead to make the necessary adjustments for a smooth transition.

Living with the surveillance state

Posted Nov 3, 2013 14:51 UTC (Sun) by dlang (guest, #313) [Link] (1 responses)

> That said, I'm not entirely sure about the US. They have a serious problem at the political level and it's not clear they look far enough ahead to make the necessary adjustments for a smooth transition.

the government has surprisingly little influence on business in the US, especially on the direction of what businesses do.

Living with the surveillance state

Posted Nov 29, 2013 9:13 UTC (Fri) by jospoortvliet (guest, #33164) [Link]

Yeah, isn't it the other way around in the US, politics being owned by the (big) businesses?

Living with the surveillance state

Posted Oct 30, 2013 10:51 UTC (Wed) by NAR (subscriber, #1313) [Link] (41 responses)

a distributed and P2P fashion

I guess this implies lots of data upload which doesn't work that well with current asymmetric wired connections and would "needlessly" drain the battery of mobile devices. I mean for this to work, you have to also convince people to pay for keeping and serving other people's private data (which might be child porn for all we know) in exchange for having their private data stored by somebody else. Additionally, for a centralized community network to succeed, it "only" needs to have enough "friends" registered. For a distributed community network, not only friends are required, but enough well-connected (in this case, technically) friends. That's an additional hurdle to clear.

An other problem is that if we accept that some surveillance is reasonable, the government will want to have a backdoor and then we're back to square one - what if the three letter agencies abuse the backdoor?

In my opinion, this is a social problem, not a technical, so a social solution is needed, not a technical.

Living with the surveillance state

Posted Oct 30, 2013 11:04 UTC (Wed) by ms (subscriber, #41272) [Link] (33 responses)

I agree with your technical points. Also consider the amount of money that companies like Facebook and Google spend on their datacentres. If we all start hosting our own data is some distributed/p2p way then not only will mobile battery life start taking a hit but essentially we're paying for the hosting ourselves, in terms of bandwidth and electricity, and redundancy and so forth. And because it's being done by individuals, you operate at lower efficiency, don't get economies of scale etc. For much of the world where the cost of energy is not negligible, this could become significant.

And indeed, no doubt some surveillance is reasonable. Which means that ultimately we're back to requiring laws to stop people from doing things which they technically can do. Which I find very amusing as it's essentially the same sorts of laws as DMCA and DRM. The only difference is that here we want such laws to be passed in order to protect citizens rather than protect "rights holders". Which explains everything about the order in which such laws were passed...

Living with the surveillance state

Posted Oct 30, 2013 11:40 UTC (Wed) by HIGHGuY (subscriber, #62277) [Link] (32 responses)

[Which means that ultimately we're back to requiring laws to stop people from doing things which they technically can do.]

Usually, a technical solution is superior to any social solution.
There's always going to be someone crossing the line. The only way to stop that is by preventing it in the first place.

Also, technical solutions tend to be easier to solve than social solutions.
Unfortunately for this kind of problem, there aren't many technical solutions that do not carry a social impact as well, as the migrate-away-from-facebook example shows.

Living with the surveillance state

Posted Oct 30, 2013 15:14 UTC (Wed) by raven667 (guest, #5198) [Link] (31 responses)

> Usually, a technical solution is superior to any social solution.

Woah, strongly disagree. Technical solutions are by nature inflexible forcing people to circumvent them when their needs are outside the scope of the solution and you can't enumerate and prevent every kind of badness in the world, the effort of trying to do so is madness and leads to worse outcomes than the problems you are trying to prevent.

A strong audit capability, performed out in the open, is what works, and is what concepts like the warrant provide.

Also any proposal which begins with some variation of "If everyone would just ..." is dooooomed.

Living with the surveillance state

Posted Oct 30, 2013 17:06 UTC (Wed) by PaXTeam (guest, #24616) [Link] (28 responses)

> > Usually, a technical solution is superior to any social solution.

> Woah, strongly disagree.

do you carry a key chain and lock doors? if you don't then please post your home and office addresses along with where you park your car. you should not have a problem with this since you must have a social solution to this problem already ;).

Living with the surveillance state

Posted Oct 30, 2013 18:20 UTC (Wed) by mathstuf (subscriber, #69389) [Link] (5 responses)

Disagreeing with a universally qualified statement does not mean one disagrees with the existentially qualified variant…

Living with the surveillance state

Posted Oct 30, 2013 22:14 UTC (Wed) by PaXTeam (guest, #24616) [Link] (4 responses)

it's a logical contradiction to state that a subset doesn't have the properties of the set. you probably want to try this one again ;).

Living with the surveillance state

Posted Oct 30, 2013 22:24 UTC (Wed) by mathstuf (subscriber, #69389) [Link] (3 responses)

Well, I skimmed over the "usually" in the source quote actually, but I can say that *some* of a set has some property while also saying that *all* of a set does not (which is how I read it) without making a contradiction.

And in the general case, your statement is wrong since a subset of all numbers (uncountably infinite) can be countably infinite (integers) or finite (integers uniquely representable by a single Arabic digit).

Living with the surveillance state

Posted Oct 30, 2013 22:41 UTC (Wed) by PaXTeam (guest, #24616) [Link] (2 responses)

you don't even understand what you said ;). going with your numbers example, you said that a subset of numbers is not a number. IOW, we're talking about the property that defines the set which obviously means that members of any subset must have that same property as well. cardinality of subsets doesn't even come into play.

Living with the surveillance state

Posted Oct 31, 2013 1:21 UTC (Thu) by mathstuf (subscriber, #69389) [Link] (1 responses)

I feel like there's some language barrier here (possibly me being pedantic and too literal).

> state that a subset doesn't have the properties of the set

Did you mean to talk about *members* of the sets in question here?

What I was originally replying to is that ¬∀x.p(x) is not the same as ¬∃x.p(x). This is the conclusion you seem to have made given your reply here:

> > > Usually, a technical solution is superior to any social solution.
> > Woah, strongly disagree.
> do you carry a key chain and lock doors? if you don't then please post your home and office addresses along with where you park your car. you should not have a problem with this since you must have a social solution to this problem already ;).

Living with the surveillance state

Posted Nov 1, 2013 22:35 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> > state that a subset doesn't have the properties of the set

> Did you mean to talk about *members* of the sets in question here?

yes i was being sloppy but thought it would be clear from the context, sorry if that made you misunderstand me. as for what i pointed out, it's really not hard: if you disagree with the elements of a set, you also disagree with the elements of any subsets of the set, unlike what you stated.

Living with the surveillance state

Posted Oct 30, 2013 19:08 UTC (Wed) by nix (subscriber, #2304) [Link] (11 responses)

Even there, a social solution (that a reasonable man does not burgle others' houses, and reports burglars seen burgling others' houses, and that when called to a burglary in progress the police bother to turn up) does 99.9% of the work. Do you really think that a determined burglar can't easily get past a keychained door? Heck, even a drunk-or-drugged-out-of-his-mind burglar can do it: just break a window. It's not exactly subtle but it gets you inside in a handful of seconds.

No, what generally keeps everyone from getting robbed blind and society from collapsing is that in any system of this nature *cheating is rare* and there are systems in place to detect and punish cheaters to keep their numbers down: most of those systems are not technical but social and procedural. Among other things, just breaking a window is high-risk because there might well be someone inside who could hear you and send an alarm to a social cheater-deterrent system, to wit, the police. (Here I presume a police force consisting of thinking human beings, not a militarized horror like that in many parts of the US, which might well be considered by now a purely technical system without the ability to respond in a graduated or reasonable fashion!)

Of course, this doesn't mean that posting your home and office addresses and car location in response to a request to do so is sane: there is a low percentage of cheaters in any society, and one moderate-risk way of detecting potential targets might be to simply ask for relevant information while concealing your own identity. But just because a few cheaters exist, and that technical defences against those cheaters also exist, does not mean that the technical defences are the *primary* defences. Heck, on my street most of us have our front doors open most of the time during the summer days, sometimes even when nobody's home. Number of robberies: zero, despite the total absence of any technical measures against theft. We trust our neighbours to note any strange unshaven men leaving our houses bearing bags of swag, and any potential burglars realise this and don't try wandering in and nicking stuff. We happen to all know each other well enough that free-rider problems don't arise.

(I'm sure you've read Bruce Schneier's _Liars and Outliers_, in which he talks about all this at great length and much more clearly than you ever could. Perhaps you disagree with him?)

Living with the surveillance state

Posted Oct 30, 2013 19:08 UTC (Wed) by nix (subscriber, #2304) [Link]

Gah. I mean 'much more clearly than *I* ever could'.

Living with the surveillance state

Posted Oct 30, 2013 20:50 UTC (Wed) by khim (subscriber, #9252) [Link]

Even there, a social solution (that a reasonable man does not burgle others' houses, and reports burglars seen burgling others' houses, and that when called to a burglary in progress the police bother to turn up) does 99.9% of the work.

Bingo. IT world lived under different rules for so long it forgot how people interact with a real world. Think one recent hoopla. What happens if real world “security professional” (someone who tests keylocks for living) will pick a code of some Mom&Pop store (or, even worse, General Motor's HQ), visit it and make a copy of a couple of confidential documents? Just where exactly he'll be if he's not affiliate of said company? Sure, people do pick locks on safes and crack other systems regularly for different reasons—read Feynman's book, or Wozniak's one, but they absolutely do expect to see repercussions if caught. The fact that computer “security professionals” expect to see easy acceptance for such an acts is baffling to me: sure, if you want to study security precautions of some firm or a website then you need need to negotiate it in some form. It should not be advertised widely among the compnay employees or site visitors, but some people “at the top” must know about your efforts. If you go and crack different sites willy-nilly to collect information for your Phd.D. and you are caught… well, your Ph.D. will be postponed for couple of years, I guess.

The whole “technical problem” vs “social problem” is false dichotomy: few problems are purely social and few problems are purely technical. All the security measures in the world can not protect you if some government feels you house must be cracked… either NSA or MSS will crack it. And it'll not matter much how many locks and how complex you've attached to your door. But if something is perceived as totally socially unacceptable then some rare individuals will still try to do that and to repeal them you need things like keylocks.

Why computers should be any different? It's the same story.

Living with the surveillance state

Posted Oct 30, 2013 22:33 UTC (Wed) by PaXTeam (guest, #24616) [Link] (8 responses)

> [...] on my street most of us have our front doors open most of the time
> during the summer days, sometimes even when nobody's home. Number of
> robberies: zero, despite the total absence of any technical measures
> against theft.

yet you failed to post a single address. i think that fact alone speaks for itself (and against everything you said ;) quite well.

as for Schneier, i have over 2k rss feeds, his isn't among them. that you should tell you something.

Living with the surveillance state

Posted Oct 30, 2013 23:13 UTC (Wed) by khim (subscriber, #9252) [Link] (6 responses)

yet you failed to post a single address. i think that fact alone speaks for itself (and against everything you said ;) quite well.

Well, it says something, all right. It shows that people trust their anonymity (which is form of their social protection) more than they trust their locks (which is form of their technical protection). In what kind of world this information can be used as some sort of confirmation for your crazy position I just don't know.

Living with the surveillance state

Posted Oct 30, 2013 23:37 UTC (Wed) by PaXTeam (guest, #24616) [Link]

heh, khim, still butthurt from our last encounter? ;) tell me, what is my 'crazy position'? quote my words, don't make something up as you're so wont to do. (thing is, i have not stated my position yet, only pointed out some obvious contradictions between one's words and actual actions, but i'm sure you can concoct something in your crazy mind ;).

as for the topic itself, if one doesn't value technical measures and believes in the power of some 'strong audit capability, performed out in the open' (i trust you did read the post i replied to, didn't you?) then surely disclosing addresses protected by those pointless technical measures should be fine? also not disclosing addresses is not anonimity, it's fear of getting owned (broken into) despite all those so effective social measures.

Living with the surveillance state

Posted Nov 1, 2013 21:52 UTC (Fri) by nix (subscriber, #2304) [Link] (4 responses)

Quite. I trust that the set of local burglars is small enough that the low probability of any one of them attacking a close-knit community like mine is sufficient to ensure my safety. Posting my address here is tantamount to offering a challenge to the entire world of burglars, which has quite different effects: among other things, if something is hard to burgle it will then become *more* likely to be attacked.

I am not a moron and will not compromise my safety to prove something to an anonymous blowhard like PaXTeam. (I note that PaXTeam is trying to get me to post my address when his name and indeed number remains opaque. Hypocrite.)

Living with the surveillance state

Posted Nov 1, 2013 22:46 UTC (Fri) by PaXTeam (guest, #24616) [Link] (3 responses)

so much nasty ad hominem, i'm hurt! more seriously, why don't you get familiar with the dictionary and look up what a hypocrite is. then quote me back where you think i said something that makes me one ;). asking for your address while not publishing mine isn't it: i stated already that i do *not* believe in black&white measures (only this or only that), but in a mixture of them, so keeping information secret is perfectly fine for me, as is using locks. but if someone believes that technical measures are superflous because he lives in such a nice neighbourhood, go ahead and prove it. you have yet to back up your statement with actual action. IOW, you're just trolling as usual.

Living with the surveillance state

Posted Nov 1, 2013 23:11 UTC (Fri) by nix (subscriber, #2304) [Link] (2 responses)

i stated already that i do *not* believe in black&white measures (only this or only that), but in a mixture of them, so keeping information secret is perfectly fine for me, as is using locks.

In that case, please stop posting until you have the ability to express yourself in a fashion that does not cause complete misunderstanding by everyone involved. Your initial response in this thread strongly implied that you agreed with the grandparent poster, that

Usually, a technical solution is superior to any social solution.

This is the arrant insanity I disagree with. From your post, I thought you agreed with it. From other responses to you it seems that I am not the only person to think so.

Living with the surveillance state

Posted Nov 2, 2013 8:05 UTC (Sat) by HIGHGuY (subscriber, #62277) [Link] (1 responses)

____Usually, a technical solution is superior to any social solution.

Well, maybe this statement missed some necessary nuances to make it acceptable for most of you.

The first would presumably be that any technical solution must be backed by a supportive social "contract". If really everybody is fine with the NSA spying on them, then you should not instate cyptography that makes it hard(er).
If people have legitimate reasons for doing something, there can be no social contract and thus such a technical solution should be optional at best.

The second would be that ultimately the social solution (when followed by everyone) and the technical solution have the same effect.
If in the ideal world of the social solution nobody cracks cryptography, then the technical solution of using cryptography everywhere is superior because it actively enforces the social solution and makes offenders 'impossible'. (With the notion of course that cryptography is merely delaying it's cracking rather than outright preventing it).

This statement actually has its roots on the workfloor. When you worked out a procedure that people should follow to prevent breaking things for everyone then applying technical measures to guide/force them into that procedure is better than relying on education only.
Of course, some users should still be allowed to force other behavior, considering they know what they're doing in these very special cases.

My opinion is that the same thoughts can apply to society as well, in some cases.
When we're all in favor of banning spying, it's better to prevent it altogether through technical measures than to rely on the goodwill of the spooks. Of course, some users should still be allowed to "spy" (think og law enforcement with a warrant), considering they have a legitimate reason to do so in these very special cases.

In this last case you could say that this would mean that the cryptography in use should be strong enough to withstand mass cracking, but weak enough to allow case-by-case cracking. Which is a hard problem too, of course.

Living with the surveillance state

Posted Nov 12, 2013 21:29 UTC (Tue) by filteredperception (guest, #5692) [Link]

"In this last case you could say that this would mean that the cryptography in use should be strong enough to withstand mass cracking, but weak enough to allow case-by-case cracking. Which is a hard problem too, of course."

I was going to respond "not so hard, just traditional spying with picked locks and video or other bug capturing keys as and when they are used by the user". But that works onlysomuch when you have mathematically unbreakable crypto available, which is not a 100% for all time assumption one can make. So you are right, it is a hard problem. Because the first thought that comes to mind is that powers-that-be can (and I suspect do) try to solve it by making the methods of breaking the crypto a kind of orwellian 'unknowledge', that they will establish as such by truly any means necessary.

It's a jungle out there kids...

Living with the surveillance state

Posted Nov 1, 2013 21:49 UTC (Fri) by nix (subscriber, #2304) [Link]

It's nice to know you can't read. I explained quite clearly why posting addresses is foolish.

Living with the surveillance state

Posted Oct 30, 2013 19:31 UTC (Wed) by raven667 (guest, #5198) [Link] (9 responses)

Haha, I do! It's called the police. Opening a locked car door is trivial, kicking in a home door nearly so (or bypassing it through a window) such that I wouldn't call either an absolute technical measure, merely a marker for creating an unambiguous boundary between public and private spaces.

In any event the fanciness of your lock isn't what is keeping people out, it's the risk of social consequences which prevent bad actors from taking action much of the time. Having the ability to investigate incidents and increase the risk of consequences provides a ton of disincentive for bad actors.

There will still be incidents, you can't prevent that.

Living with the surveillance state

Posted Oct 30, 2013 22:23 UTC (Wed) by PaXTeam (guest, #24616) [Link] (8 responses)

let's make it simple: would your social measures (deterrents) have the same effect if you did *not* have the technical measures in place or not? yes/no?

and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.

as for what is an absolute technical measure, try to pick your own locks. i bet you can't. along with 99.9% (seems to be the random going measure here) of humanity. that makes locks an 'absolute' measure for 99.9% of humanity (including every single poster here ;). i wish we had anything close to that in other areas of life, computers or not.

Living with the surveillance state

Posted Oct 30, 2013 23:10 UTC (Wed) by khim (subscriber, #9252) [Link] (2 responses)

let's make it simple: would your social measures (deterrents) have the same effect if you did *not* have the technical measures in place or not? yes/no?

They have much better effect. The number one protection against burglar is privacy. If burglar knows where someone lives and knows that someone does not use two turns of key to lock the door every time (or, even better, if s/he knows that someone does not lock keys at all), well… this information is incredibly valuable for a burglar. THIS is why people don't publish it on websites.

as for what is an absolute technical measure, try to pick your own locks. i bet you can't.

What does it change? You don't need to pick a lock. To pick a lock is akin to high-level rootkit which is totally stealthy and invisible. If you just want to take something from the apartment then you only need to have a strong scredriver: insert it into a lock hole and turn it with excessive force. All done. Often you can use just a flat screwdriver to move bolt. I think 99.9% (seems to be the random going measure here) of humanity can do that.

and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.

Wow. Just wow. What kind of logic is that?

Let me repeat once more: in a world with reliable locks (where technical measures dominate) this information will be absolutely worthless. Lock can not be picked up anyway, so why not publish it's location? In our world where lock is just a side-show and social aspect is the primary one… of course one will not give up their primary form of protection so easily!

FWIW I've seen plenty of people who don't use large bolts on their doors and lock them only with a small latch. IOW: a lot of people are ready to neglect “technical measure of protection”. I've seen very few guys who post notes about their absence on a public website along with the address of apartment. On the contrary: a lot of guys arrange for the with neighbors pick of mail, periodic checking, etc to make sure it's not easy to notice that apartment is temporarily abandoned. IOW: they spent a lot of efforts on their “social measure of protection”. What does it say about relative merits of two approaches?

Living with the surveillance state

Posted Oct 30, 2013 23:52 UTC (Wed) by PaXTeam (guest, #24616) [Link]

> The number one protection against burglar is privacy.

and i thought you just said it was anonimity. make up your mind 'cos the two are different things. and never mind that it's also false as you clearly explain (and contradict yourself) in the rest of your sentence, good job ;).

as for picking a lock and whatnot, you clearly have zero experience with real life locks (and rootkits and other buzzwords, these things have about nothing in common) so maybe stay away from the topic, pretty please? ;)

as for the logic... it's really simple. if you state that you don't believe in technical measures yet you rely on them (=afraid of disclosing where exactly you do) then that's a clear case of hypocrisy, simple as that. my point is that the world isn't black and white where one or another measure dominates everything else, rather it's a careful balance that one has to adapt to his own circumstances (in different parts of the world you'll get away with a different mix of social/technical/etc measures).

Living with the surveillance state

Posted Nov 1, 2013 21:54 UTC (Fri) by nix (subscriber, #2304) [Link]

Let me repeat once more: in a world with reliable locks (where technical measures dominate) this information will be absolutely worthless. Lock can not be picked up anyway, so why not publish it's location? In our world where lock is just a side-show and social aspect is the primary one… of course one will not give up their primary form of protection so easily!

Again you were clearer than I. Exactly so.

Living with the surveillance state

Posted Oct 31, 2013 4:49 UTC (Thu) by raven667 (guest, #5198) [Link] (2 responses)

> let's make it simple: would your social measures (deterrents) have the same effect if you did *not* have the technical measures in place or not? yes/no?

I don't see people commonly going around testing doors, and when there are home invasions I don't see basic door locks being a factor.

> and i'm still waiting for those addresses, actions speak more than words do, you know... no addresses = you believe in technical measures, simple as that.

That's ridiculous, but whatever, I guess I'm too dumb to back down, whois raven667.org

> as for what is an absolute technical measure, try to pick your own locks. i bet you can't. along with 99.9% (seems to be the random going measure here) of humanity. that makes locks an 'absolute' measure for 99.9% of humanity (including every single poster here ;). i wish we had anything close to that in other areas of life, computers or not.

I don't see how that is relevant since 99.9% of people aren't commonly trying to break into my house. The risk can be increased if there are more people willing to transgress, if they are desperate for example, and if there is a failure of investigation and remediation, police don't come to your neighborhood for example, but that just makes my point that the strength of societies norms comes from the consequences of violating them, not from technical and authority systems which could prevent you from violating them if you desired to.

Living with the surveillance state

Posted Nov 1, 2013 22:56 UTC (Fri) by PaXTeam (guest, #24616) [Link] (1 responses)

see, you just proved my point once again: why did you post a pointer to some data (that number seems to be disconnected, is it obsolete/fake?) instead of the data itself? because you are actually afraid of it showing up on search engines forever (and i have the courtesy of not helping it myself exactly because unlike you, i understand that some information doesn't belong on the net, social measures and your beliefs in them notwithstanding). that said, you can still prove how dumb you are by actually posting the data ;).

Living with the surveillance state

Posted Nov 2, 2013 20:05 UTC (Sat) by raven667 (guest, #5198) [Link]

> you can still prove how dumb you are

Thanks man, I love you too. 8-)

> why did you post a pointer to some data

Because I know that information is out there if you have two brain cells to rub together to find it, you can also find out where I work, how much I am paid and what my house is worth among other things. I know that I'm not truly anonymous when I speak online unless I have gone to significant effort to create an anonymous identity separate from my "normal" identity which I have not done.

I think the root of the disagreement is in the perception of risk. You seem to believe that my risk of a home invasion, or something bad happening to me, has been materially changed in some way and I disagree with that assessment. I also don't think you are actually going to jump on a plane and steal my toaster, or that our local drug addled poor are just waiting to read the lwn.net comment section to figure out which houses to rob. You could of course try and pull some juvenile prank which might change my risk assessment slightly but that would also say more about you than me and I am presuming that you are an adult.

A risk assessment which includes means, impact, and most importantly likelihood is useful for everyday living and as humans we are naturally bad at it. All risks seem highly likely and greatly harmful when they are not.

Living with the surveillance state

Posted Oct 31, 2013 5:34 UTC (Thu) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

How about this - you publish your home address and your schedule. And give a blanket permission for anyone to enter and take whatever they want from your house.

Let's see if your locks are going to help you.

Living with the surveillance state

Posted Nov 1, 2013 22:48 UTC (Fri) by PaXTeam (guest, #24616) [Link]

> you publish your home address and your schedule.

why would i want to contradict myself?

Living with the surveillance state

Posted Oct 31, 2013 18:22 UTC (Thu) by HIGHGuY (subscriber, #62277) [Link] (1 responses)

Many people, when confronted with the scope of what the NSA is doing will say "shame on the NSA". That doesn't stop them from doing what they do.
On the other hand, when technological countermeasures are implemented to stop the ongoing spying it makes it impossible.

You are right that not all problems lend themselves well to being merely technological problems (with no social impact) and that sometimes what you're protecting against has legitimate use-cases (DRM, anyone?).

The point is that by making something illegal or socially unacceptable doesn't stop it from happening. That's why a technical solution is usually superior than a merely social solution.

Living with the surveillance state

Posted Oct 31, 2013 22:19 UTC (Thu) by hummassa (guest, #307) [Link]

> On the other hand, when technological countermeasures are implemented to stop the ongoing spying it makes it impossible.

A technical "solution" does not prevent it from happening or make it impossible, either. At most the technical measure would make it harder, but the NSA has infinitely more resources than the spied entity, and an infinite number of attack vectors to obtain the sought information.

> sometimes what you're protecting against has legitimate use-cases (DRM, anyone?).

DRM, as I have reiterated many times, is neither a legitimate cryptography application (because it seriously hinders protected-by-law Fair Use) NOR a technically or mathematically sound cryptography application (because B and E are the same person.

> The point is that by making something illegal or socially unacceptable doesn't stop it from happening. That's why a technical solution is usually superior than a merely social solution.

That's where IMNSHO you have it backwards: there is never a perfect technical solution, and that's why you MUST have a social solution if you want to have any chance of making the "something" happen less.

An analogy: we will NEVER have zero murders. Currently, there is no technical protection against being murdered, but even in a Dune-like future where you can't be murdered by projectile weapons, people will murder each other with knives and poisons, or just putting each other in the pool and removing the ladder. Now, if murder is socially acceptable, there is no reason NOT to murder the people in front of me in traffic. So we make murder socially unacceptable with the objective that we have less murders.

Living with the surveillance state

Posted Oct 30, 2013 15:04 UTC (Wed) by raven667 (guest, #5198) [Link]

> if we accept that some surveillance is reasonable, the government will want to have a backdoor

I think we should accept that some is reasonable but only with heavy public oversight, not in secret, that is what the whole concept of warrants is trying to achieve. Any kind of government intervention or surveillance should be done in the open as a matter of public record so that we can independently scrutinize it's justification and methods.

I don't think that should require devices or services to have a backdoor, there is no requirement to make it easy or convenient to perform surveillance, I think it should be exactly the opposite. I would prefer data retention rules to prevent service providers from storing un-redacted logs and encourage them to design systems where they don't have the capability to access private keys and decrypt customer data. Safety mechanisms which protect against insider attack or data breaches should also protect against lawful surveillance.

You can still search a persons stuff with a warrant, you can still follow them around with a microphone to see who they communicate with, without jimmying all the worlds technology with backdoors.

Living with the surveillance state

Posted Oct 30, 2013 16:04 UTC (Wed) by niner (guest, #26151) [Link] (2 responses)

We can share whole movies and TV series in a P2P fashion but would fail at some pictures? I don't buy it. It's starting to become trivial to add a USB hard drive to a wireless router and run Bittorrent on it or just buy a NAS and be done with it. Why would it be so hard to add some distributed social network software? The always on, always connected, distributed devices are already there. Protocols are there. Technically, this should not be that hard a problem. And even if we don't want to go the full P2P way, email is a great example for a distributed social service. Even though there are huge players in that market, they are far from the only ones and it's simple to find a small, trustworthy provider.

That leaves the social part which is also the hard part. Even with a perfectly distributed system like email, people like going to the big names.

Living with the surveillance state

Posted Oct 30, 2013 21:14 UTC (Wed) by NAR (subscriber, #1313) [Link] (1 responses)

Torrent is good for popular movies, but not that useful for rare stuff. The overwhelming majority of the things shared on facebook are (or should be) shared for a few people (i.e. "rare"), so I'm not sure a P2P system would scale for this kind of load...

The fact that it's trivial to add an USB hard drive to a wireless router does not mean that people would be willing to put up with its extra costs. For example my mother turns of her router when she turns off her laptop in order to save on the electricity bills.

Living with the surveillance state

Posted Oct 30, 2013 21:40 UTC (Wed) by nybble41 (subscriber, #55106) [Link]

> Torrent is ... not that useful for rare stuff. The overwhelming majority of the things shared on facebook are (or should be) shared for a few people (i.e. "rare"), so I'm not sure a P2P system would scale for this kind of load...

Not all P2P systems have the narrow focus of Bittorrent. In Bittorrent, peers sharing a particular file do not interact with peers sharing other files, which is why it's hard to torrent rare stuff. To expand this to handle data for something like Facebook, you would have to make sure peers have an incentive to hold and distribute data which they aren't directly interested in on behalf of other users (with the expectation that other users will do the same for them). That's closer to the FreeNet model, though as far as I know FreeNet lacks an incentive system similar to Bittorrent's tit-for-tat prioritization.

Perhaps Bitcoin could be leveraged to provide a more stable and universal form of incentive for participation, with the clients acting as autonomous agents. Users would keep data for each other because someone will be willing to pay to access it. I'm not sure even Bitcoin's fees (about two cents per transaction at the moment) are low enough to make that scalable, though.

Living with the surveillance state

Posted Nov 1, 2013 4:42 UTC (Fri) by drag (guest, #31333) [Link] (2 responses)

> I guess this implies lots of data upload which doesn't work that well with current asymmetric wired connections and would "needlessly" drain the battery of mobile devices.

The data is already being uploaded, no?

Also it does not need to be a all or nothing situation. If you don't care about controlling your information then you can use whatever service. Right now all the social media stuff is 'walled gardens'. If you do things P2P and open protocols then anybody can provide any service they like and users can use whatever software they like.

Also the amount of data that people like Facebook save in their 'big data' clusters is a hell of a lot more than people actually care about or want shared. If all you want shared is your posts or pictures or links to this or that then that really isn't a whole lot.

> For a distributed community network, not only friends are required, but enough well-connected (in this case, technically) friends. That's an additional hurdle to clear.

Yes. This is the big problem.

Needs to be something like Email, that is very distributed, but have a built in way to make sure the communication is always coming from the same person/persons.

The actual identity of the person controlling the account can be confirmed or discovered through side channels if that really matters to you and the person you are communicating with. Just have to make sure that the messages are unadulterated and whatnot.

> An other problem is that if we accept that some surveillance is reasonable, the government will want to have a backdoor and then we're back to square one - what if the three letter agencies abuse the backdoor?

Screw them. I don't think that surveillance is reasonable, but I do think it's unavoidable. As long as governments continue to give these bozos money they will continue to use it to undermine our security. But that's their problem. So let them figure out how to do their job. They don't need our or anybody else's help.

Living with the surveillance state

Posted Nov 1, 2013 4:48 UTC (Fri) by drag (guest, #31333) [Link] (1 responses)

Just thought of another thing. Another difference this imaginary distributed user/tracking and discovery protocol of mine from email is that it probably needs to be a 'pull' model rather than a 'push' model.

Email is all about 'push'. You don't know what you are getting until you get it.

If instead it's subscription services then you won't have all the same problems with spam and whatnot. A user will actually need to subscribe to companies or services in order to get information from them... that is have their server actively subscribe and pull the data from them. I figure this will go a long way to cut down on the shenanigans and be more in line with the way web services work.

maybe a more elaborate system based on something like:

https://bitmessage.org/wiki/Main_Page

I donno.

Living with the surveillance state

Posted Nov 1, 2013 16:50 UTC (Fri) by mathstuf (subscriber, #69389) [Link]

You might be interested in the project[1] that the Lavabit and Silent Circle people are working on. It looks like they want to replace SMTP (IMAP would presumably stay).

[1]http://arstechnica.com/business/2013/10/silent-circle-and...

Living with the surveillance state

Posted Oct 29, 2013 17:44 UTC (Tue) by khim (subscriber, #9252) [Link] (1 responses)

coupled with the utter lack of interest by 99.99999% (underestimate) of all programmers in proving correctness of their code

Do you imply that not even 100 such programmers exist in a whole world? I kind of understand you point, but you are way too pessimistic. 99.9% or may be 99.99% is probably more realistic estimate.

Living with the surveillance state

Posted Oct 29, 2013 17:54 UTC (Tue) by ms (subscriber, #41272) [Link]

> Do you imply that not even 100 such programmers exist in a whole world? I kind of understand you point, but you are way too pessimistic. 99.9% or may be 99.99% is probably more realistic estimate

I started with more 9s and then stopped and had a think. I suppose 1 in 1e7 is too low though finding how many programmers there are in the world is tricky. 1bn seems too high but 10 million seems too low but I've no idea why I think that. Maybe somewhere around 100million? I'd be surprised if there are 10000 programmers who regularly think about proving properties of their code. Which would give 99.99%. But I am pulling all these numbers out of my posterior, it's true.

Maybe I'm just naturally pessimistic ;)

Living with the surveillance state

Posted Oct 29, 2013 21:00 UTC (Tue) by k8to (guest, #15413) [Link] (9 responses)

I don't really believe there's such a thing as proving the correctness of code.

Yea, there are a lot of things where you can formally show that your code conforms to some formal description, but I know of no way of showing that the formal description is correct provably.

In practice, I am a person who makes small corrections to a large codebase. When I make such changes I try to imagine all the possible scenarios, and attack my change from all of those angles in both localized ans systemic fashion. If I find a problem, I either find a solution or give up on my change.

If I was starting a project from the beginning, I can definitely come up with a significant number of ways to do a better job than this, more likely to be correct and more demonstratively so, but in the constraints, I'm not sure how to do better than this.

I guess I'm part of the problem, but I don't believe there's another way from the place I'm given.

Living with the surveillance state

Posted Oct 30, 2013 10:44 UTC (Wed) by ms (subscriber, #41272) [Link] (4 responses)

> Yea, there are a lot of things where you can formally show that your code conforms to some formal description, but I know of no way of showing that the formal description is correct provably.

That's a good point I often fail to remember - at the end of the day, you're just trying to prove some form of equivalence between one model of your program and another.

That said, you can establish some useful properties, such as "it will never infinite loop", "it will never gobble all your RAM", "it will do 'the right thing' on all possible valid inputs". I'm not sure how far things have got in terms of the security context.

Living with the surveillance state

Posted Oct 30, 2013 18:40 UTC (Wed) by smoogen (subscriber, #97) [Link]

Actually even those proofs that you can do are limited by the vast assumptions one has to make. A lot of proven code (eg can never infinitely loop etc) rely on a perfectly working hardware and perfectly static data and various other things which rapidly change as soon you have the real world interacting with it.

Most security proofs I have seen always start out with "Assume that the environment is not hostile and that the user is not malicious." which is about 0% of the time when actually trying to defend against anything.

Living with the surveillance state

Posted Oct 30, 2013 18:51 UTC (Wed) by nix (subscriber, #2304) [Link] (1 responses)

That said, you can establish some useful properties, such as "it will never infinite loop", "it will never gobble all your RAM", "it will do 'the right thing' on all possible valid inputs".

You certainly can't establish any of those in the general case, and even doing it in special cases requires some severely stereotyped code. (e.g. in the latter property, the inputs need a grammar which permits only inputs up to some maximum length, probably a very short one. That rules out most useful programs. The problems with proving the other two in general cases are hopefully obvious to anyone reading this!)

Living with the surveillance state

Posted Oct 30, 2013 19:06 UTC (Wed) by ms (subscriber, #41272) [Link]

>> That said, you can establish some useful properties, such as "it will never infinite loop", "it will never gobble all your RAM", "it will do 'the right thing' on all possible valid inputs".

> You certainly can't establish any of those in the general case, and even doing it in special cases requires some severely stereotyped code. (e.g. in the latter property, the inputs need a grammar which permits only inputs up to some maximum length, probably a very short one. That rules out most useful programs. The problems with proving the other two in general cases are hopefully obvious to anyone reading this!)

"All possible valid inputs" is largely covered by type checking. It is possible to do static array bounds checking in many cases, though yes obviously not all.

Termination checkers are fairly well advanced, e.g. see Byron Cook's work, and arguably you can almost always happily work with a total language. Very rarely do you actually *need* unbounded recursion (though that's not to say it's easy to cope with total languages).

As ever with static analysis it's about how much you care about the "proofs" it offers, versus how much expression you're willing to give up.

Living with the surveillance state

Posted Nov 8, 2013 0:55 UTC (Fri) by Wol (subscriber, #4433) [Link]

> That's a good point I often fail to remember - at the end of the day, you're just trying to prove some form of equivalence between one model of your program and another.

And this is a perfect example of the trap I rail at quite often - THE MODEL IS NOT REALITY.

Just because it is proven that your software (a mathematical construct) is mathematically correct doesn't mean that it will actually work. I'll just quote two luminaries:

Knuth: "Beware of bugs in the above code; I have only proved it correct, not tried it."

Einstein: "As far as the laws of mathematics refer to reality, they are not certain, as far as they are certain, they do not refer to reality."

Cheers,
Wol

Living with the surveillance state

Posted Nov 4, 2013 11:31 UTC (Mon) by bakterie (guest, #37541) [Link] (3 responses)

> Yea, there are a lot of things where you can formally show that your code conforms to some formal description, but I know of no way of showing that the formal description is correct provably.

Typically the formal description lacks a lot of implementation details, and is on a more conceptual level. You strive for a formal description that is "obviously" correct to a human, and then prove the equivalence between the implementation and the specification.

You are correct in that you still don't know if the specification is provably correct (for some definition of correctness), but at least you have reduced the problem from convincing someone that the implementation (with all its gory details) is correct, to convincing a human being that a much simpler specification is correct.

Living with the surveillance state

Posted Nov 4, 2013 23:04 UTC (Mon) by Jandar (subscriber, #85683) [Link] (2 responses)

> You strive for a formal description that is "obviously" correct to a human,

Unfortunately '"obviously" correct' is in no way the same as really correct. '"obviously" correct' is akin to a secure implementation of cryptography: not yet broken.

Living with the surveillance state

Posted Nov 5, 2013 8:27 UTC (Tue) by k8to (guest, #15413) [Link] (1 responses)

Yeah, maybe I, as a purported software engineer, should learn more about this arena. When I last looked it seemed like a very large amount of effort for a fairly narrow improvement in reliability.

Of course we also put a lot of time and effort trying to make our code coverity-clean, and that seems to be also a fairly narrow band of improvement. I guess I suspect that for hundreds of thousands of lines of code that trying to make a provably correct model isn't likely to be worth the effort.

Living with the surveillance state

Posted Dec 8, 2013 17:43 UTC (Sun) by Jandar (subscriber, #85683) [Link]

Another case of "obviously" correct but actually buggy: http://lwn.net/Articles/575460/

Living with the surveillance state

Posted Oct 30, 2013 10:35 UTC (Wed) by eru (subscriber, #2753) [Link]

Equally, if facebook open sourced all its software today, I would bet it wouldn't make a blind bit of difference to the NSA.

I think Facebook is a bit poor example in this case, because its point is to seduce people into publishing data, and it makes its living from mining said data. From the privacy point of view, it is broken by design. (I use it a bit nowadays, but I never put anything there I would not mind having shouted from rooftops).

Email and other person-to-person channels are another matter and more important for privacy. It might be easier to implement changes there, judging by the way various mobile chat systems have started to supplant SMS, even though SMS is still the only system every user's handset is compatible with.

Living with the surveillance state

Posted Oct 31, 2013 1:10 UTC (Thu) by fuhchee (guest, #40059) [Link]

The mitigation claim could certainly use some amplification, in that the auditability of all the the software running on our devices should help keep them secure. However, even that does apprx. nothing for our data traversing outside networks, and our friends at the spy agencies and spying corporations love that.

Living with the surveillance state

Posted Oct 29, 2013 16:08 UTC (Tue) by hummassa (guest, #307) [Link] (2 responses)

The impression I have is that many, many USofAns choose to think of Snoden and Manning as traitors and Assange as the Red Menace. Which is, of course, absolutely preposterous. If I had the opportunity, I would greet the three of them as the heroes that I have no doubt they are.

Living with the surveillance state

Posted Oct 29, 2013 20:23 UTC (Tue) by k8to (guest, #15413) [Link] (1 responses)

I tend to hear comments from young security professionals talking about them being "irresponsible". I ask what their definitions of responsible is. I don't get very clear answers.

Living with the surveillance state

Posted Oct 31, 2013 1:58 UTC (Thu) by JoeBuck (subscriber, #2330) [Link]

Recent polls show that more Americans regard Snowden as a whistleblower than regard him as a traitor, though there are plenty in the latter category, and it appears that the more the revelations pile up, the more Americans feel that way.

But Europeans need to hold their own governments accountable. The British GCHQ is at least as aggressive as the NSA, and other European governments have been cooperating in the world surveillance state much more than they pretend. Those countries who denied airspace to the Bolivian president's plane, and the country that let him land and then violated diplomatic immunity to search him as if he were a criminal suspect have no room to be righteous.

Living with the surveillance state

Posted Oct 30, 2013 0:17 UTC (Wed) by marcH (subscriber, #57642) [Link] (2 responses)

> The final day of LinuxCon Europe had some of the only content that was focused on the largely European audience at the conference. Mikko Hypponen, chief research officer at F-Secure, gave a talk about living in a surveillance state, with an unmistakable slant toward Europe and the rest of the world outside of the US. There is an imbalance in the surveillance being done, not just the imbalance of governments vs. the people, but also that of the US vs. the rest of the world.

Jake, are you basically implying that most people in the US don't mind any imbalance as long as it's in US' favour?

I did not find the talk that slanted; maybe I was just too naïve.

Well, i guess that would at least put US people in sync with their government which from a purely democratic perspective is a success.

Living with the surveillance state

Posted Oct 30, 2013 14:54 UTC (Wed) by raven667 (guest, #5198) [Link] (1 responses)

> Jake, are you basically implying that most people in the US don't mind any imbalance as long as it's in US' favour?

That is largely true. In my experience most people just presume that this imbalance is the natural order of things, they are so used to the US being the only worlds superpower that they don't see the rest of the worlds countries or people as equals but as inferiors. Even people who are disagree with the government and are fighting these excesses often come from a position where the US has agency and the reset of the world are just quirky sidekicks. Jingoism is burned in pretty deep.

Living with the surveillance state

Posted Nov 1, 2013 2:53 UTC (Fri) by k8to (guest, #15413) [Link]

I tend to encounter an attitude not so much as "the US is the best part of the world, and that's as it should be". It's typically more an ill considered blend of two ideas.

Idea 1 is "the US is the best", which gets expressed in various ways. For example in school (ages 6-12) we were repeatedly told that our country was special because we are Free, as if personal freedom was an extremely rare thing in the world overall, with no clarification on what other parts of the world might have similar properties was really ever communicated. This idea that the US is "the best" is usually stated without any specific comparison to any other thing.

Idea 2 is "the US is separate/apart from the world". This kind of thing has cropped up in other powerful cultures from time to time, the most obvious being China's historical concept of being 'the Middle Kingdom', halfway between the earth and heaven. There is here, the US, and then vaguely.. there is everywhere else. This comes from size, from water boundaries, from historical political priorities and a lack of regional nearby powers.

Together they kind of thoughtlessly blend into a position of unconsidered privilege.

Living with the surveillance state

Posted Oct 30, 2013 0:21 UTC (Wed) by jwakely (subscriber, #60262) [Link]

> All of the providers deny giving that access, yet the slide contents have never been denied by the US government. Hypponen thinks we may finally have an explanation for the conflicting stories.

As Schneier has pointed out, the providers are probably just wording their denials quite carefully, in order to _appear_ to deny involvement:

> Someone needs to write an essay parsing all of the precisely worded denials. Apple has never heard the word "PRISM," but could have known of the program under a different name. Google maintained that there is no government "back door," but left open the possibility that the data could have been just handed over. Obama said that the government isn't "listening to your telephone calls," ignoring 1) the meta-data, 2) the fact that computers could be doing all of the listening, and 3) that text-to-speech results in phone calls being read and not listened to. And so on and on and on.

https://www.schneier.com/blog/archives/2013/06/government...

Missing video

Posted Oct 30, 2013 8:12 UTC (Wed) by tglx (subscriber, #31301) [Link] (3 responses)

> Unfortunately for those who were not present, video is not available,
> evidently due to an audio problem.

Is it just good old Murphy or something more sinister, which made the audio fail for this particular talk only?

Missing video

Posted Oct 31, 2013 8:55 UTC (Thu) by ncm (guest, #165) [Link] (2 responses)

The NSA must have a copy they could provide to post. Just ask!

Missing video

Posted Oct 31, 2013 22:33 UTC (Thu) by tglx (subscriber, #31301) [Link] (1 responses)

Tried that, but my personal Non Sensical Agent just told me: There is No Such Audio.

Missing video

Posted Nov 6, 2013 18:22 UTC (Wed) by rmayr (subscriber, #16880) [Link]

That made me grin - at least we can keep some of our humor ;-)

Living with the surveillance state

Posted Oct 30, 2013 15:16 UTC (Wed) by brouhaha (subscriber, #1698) [Link] (1 responses)

everyone is being surveilled, including many who are known to be innocent

That's not how the world works. No one is ever "known to be innocent". Everyone who hasn't already been found guilty is a suspect.

Living with the surveillance state

Posted Oct 30, 2013 16:19 UTC (Wed) by ndye (guest, #9947) [Link]

everyone is being surveilled, including many who are known to be innocent
That's not how the world works. No one is ever "known to be innocent". Everyone who hasn't already been found guilty is a suspect.

In my understanding , it's more than "Everyone . . . is [at least] a suspect":

In the U.S.A. of my culture (as opposed to the U.S.A. I grokked upon growing up), everyone is an equal who acknowledges that our conscience asserts guilt of some failure at some time after birth.

Thus a jury returns no better than "not guilty of this charge" because no man can declare another innocent.

Knowing that everyone is predisposed to abuse any acquired power, the governing are to display behavior *better* than the governed.

Anyone in power willing to hide their work is already demonstrating a moral lapse, and their qualification for public office is expired, and the remaining public servants should be shining a light on their former colleague to ferret out any possible crimes, demonstrating their equality with the governed.

Failing to turn these rats out of office demonstrates the corrupted priorities of the public at large.

Living with the surveillance state

Posted Oct 31, 2013 8:11 UTC (Thu) by kleptog (subscriber, #1183) [Link] (1 responses)

Thanks for the IKEA comparison, that makes it much clearer.

What I find most interesting about these revelations that so much is clearly about industrial espionage, spying on foreign companies. Which seems to imply that American companies are receiving this information from the NSA. Which implies they know where it comes from...

Living with the surveillance state

Posted Oct 31, 2013 14:36 UTC (Thu) by maderik (guest, #28840) [Link]

With the current apparatus there seems to be a difference between vacuuming up data and analyzing it. Why does the NSA gather so much? I suspect it's because they can and, like any hoarder, they think it will be useful one day. Why monitor companies? Well if the "3-hop" theory is correct, most companies will be no more than 3 hops away from an area of interest. With everything else they are trying to do, is the NSA going to bother sifting & sanitizing commercially valuable data? Probably not routinely. But perhaps it is problematic enough that they could.

Chelsea Manning?

Posted Nov 1, 2013 5:20 UTC (Fri) by alison (subscriber, #63752) [Link] (2 responses)

Bradley's sister, perhaps?

Chelsea Manning?

Posted Nov 1, 2013 5:46 UTC (Fri) by Cyberax (✭ supporter ✭, #52523) [Link] (1 responses)

No, it's Bradley - he has changed his gender.

Chelsea Manning?

Posted Nov 5, 2013 8:15 UTC (Tue) by Jessica_Lily (guest, #88137) [Link]

No, Bradley is now Chelsea, she changed her gender.

Living with the surveillance state

Posted Nov 4, 2013 14:52 UTC (Mon) by rnp (guest, #50691) [Link]

What is a terrorist ? And who defines who/what is a terrorist ?

These are very tricky questions. To me, the terrorists are the governments and the very small powerful group that controls them.

Living with the surveillance state

Posted Nov 4, 2013 21:25 UTC (Mon) by ibukanov (subscriber, #3942) [Link]

Although the storage became cheap the bandwidth is not. So the total surveillance comes to the end the moment everybody starts to send 3d video messages instead of emails.

Living with the surveillance state

Posted Nov 8, 2013 9:07 UTC (Fri) by Jannes (subscriber, #80396) [Link] (1 responses)

For anyone interested, this sounds like almost the same speech, minus the technical bits and the enthousiastic audience.

Living with the surveillance state

Posted Nov 8, 2013 9:09 UTC (Fri) by Jannes (subscriber, #80396) [Link]

Sorry.... this one:

http://www.youtube.com/watch?v=9CqVYUOjHLw

Living with the surveillance state

Posted Nov 9, 2013 0:19 UTC (Sat) by naptastic (guest, #60139) [Link]

+1 for referring to Chelsea by her correct name. <3 !

Living with the surveillance state

Posted Nov 9, 2013 5:57 UTC (Sat) by glaesera (guest, #91429) [Link]

The article does not mention the complementary view of the surveillance in progress. This is in my opinion, I said it several times already and want to repeat it in public now, that world-dominating companies like Google, Microsoft and Facebook need to be watched by the NSA actually.
They are pursuing extremely aggressive expansive policies and marketing-strategies, and because of this there would be an enormous inflation in the US. There is an enormous inflation of data already, because low-quality-data is cheap, as stated correctly in the article. But there would also be an enormous inflation of money, because this is what the whole big-data business-model is essentially about: turning data into money.
No idea about the rest of Europe, but here in Germany there are quite a lot of people who would like to offer asylum to Snowden actually, but the current government is against it, quite obviously because of the Snowden-documents and the NSA-affair they lost their majority and cannot continue with their coalition. The liberals are for the first time not represented in the next national parliament, because they missed the 5% hurdle. This is a historic precendence.
I hope there will be a center-left coalition.