Tuesday, February 09, 2016

panic, moi?

So there's this great new report from the Berkman about the worries various governments have that the technology we are starting finally to make use of to protect our privacy may also mean that "bad guys" can get away without being caught.

It is deeply ironic that there's precious little evidence that having untramelled access to everyone's Internet data for the last 20 years has done a single thing to prevent one terrorist death. It is also ironic that when there was access to encrypted data, during WWII, from Station X (Bletchley, breaking the code, the Enigma and its variations etc etc), it was not used to prevent Atlantic shipping from being sunk by U-boats as that would have given away the fact the allies knew where the subs were (i.e. had likely broken all the codes). It was finally "used" to know that the germans did not know about where the D-Day landings were to be. This was to prove useful (although not necessarily decisive) in winning/ending the second world war.

However, note interestingly that spotter planes could often see U-Boats surface, and it was the location of the sub when it sent an encrypted report (aka "meta-data") that let the Turing folks break the code the 2nd time. There's no evidence that the NSA have known about Al Quaeda before 9/11 or that the Spanish, UK and French had any idea about the Madrid, London or Paris terrorists ahead of time. If they did, and didn't say because it would "reveal" their capability, in a post Snowden era, this is just plain stupid, actually criminal. Given several events have happened after Snowden, and there's precious little evidence the bad guys used much more than basic comms (SMS, instant messaging) then, it is evidence that the security apparatus is not fit-for-purpose.

Thus, the report above is right about meta-data (what's sometimes called communications data, as opposed to content, or "control" as opposed to "data").

Interestingly, was talking to some lay folks recently about what the police do if they find someone unconscious (or worse) with no id, but a smart phone, and that smart phone is locked (and, in modern iphone or android, encrypted). So
1/ If you have an ICE ("In Case of Emergency") configured, it can be called from a locked screen on an iPhone, and you can configure android the same if you want.
2/ The phone company can workout what the IMEI and number of the phone is from the location, and from that, could give the police a list of caller and callee IDs so they could try a few til they get someone...plus the account information would likely give name/address/bank info.
3/ If the phone is backed up in the iCloud, its quite likely the back up isn't encrypted

All of this could also be done with someone "of interest" who is perfectly conscious, but unaware:-)

So there. Fire the NSA and GCHQ and get someone in who has a clue.

No comments:

Blog Archive

About Me

My photo
misery me, there is a floccipaucinihilipilification (*) of chronsynclastic infundibuli in these parts and I must therefore refer you to frank zappa instead, and go home