Entrepreneur, Law & Policy Analyst helping clients w/ strategic planning, communications interoperability, Software Developer, Scotch Enthusiast.
2751 stories
·
11 followers

Yet Another FBI Proposal for Insecure Communications

1 Share

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext:

Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime. For example, many instant-messaging services now encrypt messages by default. The prevent the police from reading those messages, even if an impartial judge approves their interception.

The problem is especially critical because electronic evidence is necessary for both the investigation of a cyber incident and the prosecution of the perpetrator. If we cannot access data even with lawful process, we are unable to do our job. Our ability to secure systems and prosecute criminals depends on our ability to gather evidence.

I encourage you to carefully consider your company's interests and how you can work cooperatively with us. Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.

Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption.

I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.

Responsible encryption is effective secure encryption, coupled with access capabilities. We know encryption can include safeguards. For example, there are systems that include central management of security keys and operating system updates; scanning of content, like your e-mails, for advertising purposes; simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a "backdoor." In fact, those very capabilities are marketed and sought out.

I do not believe that the government should mandate a specific means of ensuring access. The government does not need to micromanage the engineering.

The question is whether to require a particular goal: When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help. The government does not need to hold the key.

Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud. This is something we pointed out in our 2016 paper: "Don't Panic." But forcing companies to build an alternate means to access the plaintext that the user can't control is an enormous vulnerability.

Read the whole story
christophersw
7 days ago
reply
Baltimore, MD
Share this story
Delete

Meltdown and Spectre

5 Comments and 23 Shares
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.
Read the whole story
christophersw
11 days ago
reply
Baltimore, MD
satadru
12 days ago
reply
New York, NY
popular
13 days ago
reply
stefanetal
13 days ago
Rowhammer made me think that side channel attacks are not something to really worry about. If that's the best they can do....long speculative nonsense discussion at work today about QM as some version speculative execution. Now we just need a real model of that...
Share this story
Delete
5 public comments
reconbot
11 days ago
reply
hammer boom
New York City
taddevries
11 days ago
reply
Perfect!!!!!!
letssurf
12 days ago
reply
Awesome
Northampton, UK
cjheinz
13 days ago
reply
Install updates. By all means.
alt_text_bot
13 days ago
reply
New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.

[David Post] Trump v. Bannon et al.

1 Share

Back during the 2016 presidential campaign, I posted a short commentary on what I called Trump's "adhesion contract from hell" - the nondisclosure agreement that anyone volunteering to make calls on behalf of candidate Trump's campaign had to sign before they would be allowed to work on the campaign. It was a most peculiar document; as I wrote at the time, it is probably not "the silliest or most outrageous" nondisclosure agreement I've ever read," but it is definitely on the shortlist for that dubious honor.

In addition to some customary and seemingly reasonable provisions – e.g., a promise not to disclose any confidential information imparted in connection with the phone-calling activities, for instance – it also contained a promise by the volunteer not to "demean or disparage" (and to "prevent any employees" from demeaning or disparaging):

  • "The Trump Company, Mr. Trump, any affiliated Trump Company, any Family Member, or any asset [that] any of the foregoing own, or any product or service [that] any of the foregoing offer ..."
  • by means of "any means of expression, including but not limited to verbal, written, or visual, including audio recording of any type, written text, drawing, photograph, film, video, or electronic device, in any manner or form,including but not limited to any book, article, memoir, diary, letter, essay, speech, interview, panel or roundtable discussion, image, drawing, cartoon, radio broadcast, television broadcast, video, movie, theatrical production, Internet website, e-mail, Twitter tweet, Facebook page, or otherwise, ..."
  • "in any language"
  • "in any country or other jurisdiction"
  • forever ("during the term of your service and at all times thereafter")

Pretty ridiculous. Good lawyers should be ashamed of themselves for putting nonsense like this together. One can perhaps understand, and defend as reasonable, a political campaign's need to get a promise from volunteer phone-bankers not to "demean or disparage" the candidate himself while they are working, ostensibly on his behalf. But not to disparage any member of Trump's family?! Or any asset belonging to any Trump company or Trump family member ("Man, Trump Tower over there sure is one ugly monstrosity.")? And imposing an ongoing no-disparagement obligation continuing into the indefinite future? Seriously?

It is inconceivable that a court would enforce these contracts as written. There is a very well-developed body of law that establishes the principle that non-disclosure agreements have to be reasonable, and have to balance the employee's (or, in this case, the volunteer's) rights to express him/herself freely (and the public's right, and need, to obtain information on matters of public concern) with the hiring party's legitimate interest in protecting itself from harm, and it is difficult to imagine how Trump could defend the absurd scope of these non-disclosure provisions as reasonable. [Not to mention that the obligation to prevent your employees (if you have any) from demeaning or disparaging Trump (or a Trump asset!!) is not only absurd and unenforceable, it may well constitute a violation of US labor law.]

It was, to be sure, a very, very minor footnote in a campaign that turned on larger and more important questions. But it looks like the agreement is back in the news. On Wednesday, New York Magazine published excerpts from a book by journalist Michael Wolff which, to put it bluntly, paints a most unflattering portrait of Trump and the Trump campaign and includes several disparaging comments by former Trump campaign executive and chief strategist Steve Bannon — for example, Bannon refers to Trump's campaign as "the broke-dick campaign," and has some choice words regarding the now-notorious June 2016 meeting between Donald Jr., son-in-law Jared Kushner, then campaign chairman Paul Manafort, and Russian lawyer Natalia Veselnitskaya at Trump Tower in New York:

"Even if you thought that this was not treasonous, or unpatriotic, or bad shit, and I happen to think it's all of that, you should have called the FBI immediately."

Trump responded to Wolff's reporting with a pair of cease-and-desist letters from his attorneys (Harder Mirell & Abrams of Beverly Hills CA) — one to Bannon and one to Wolff and his publisher (Henry Holt & Co.) — claiming that Wolff's book "gives rise to numerous legal claims including defamation by libel and slander, and breach of [Bannon's] written confidentiality and non-disparagement agreement with our clients." The letter also demands that they "immediately cease and desist from any further publication, release or dissemination of the Book, the Article, or any excerpts or summaries of either of them," and that they "issue a full and complete retraction and apology to my client as to all statements made about him in the Book and Article that lack competent evidentiary support."

If you're not familiar with scorched-earth litigation tactics and the Art of Threatening a Lawsuit (of which Mr. Trump is such an expert practitioner), you should really read the entire letter. After a general outline of the kind of claims (defamation, libel, invasion of privacy, breach of contract) to which publication of the book, in Mr. Trump's view, gives rise, the letter goes on to declare that the recipient is now "on notice of the foregoing claims" and therefore has a "legal duty to affirmatively preserve, and not delete, destroy, hide or misplace, all documents, communications and materials ... that refer to or relate to in any way to the Book and any/all of its contents, the Article and any/all of its contents, Mr. Trump, any/all of his family members, and/all of their businesses, and/or the Donald J. Trump for President campaign." This is followed by six pages of detailed instructions about how this document preservation obligation is to be fulfilled. It makes for depressing reading.

And then: "Please also send immediately an electronic copy of the full text of the Book, in searchable form, and send via messenger a hard copy of the Book to my office address at the top of this letter, so that we can fully assess all of the statements in the Book." (emphasis in original). I like the chutzpah of that - immediately! But the "please" is a tip-off that even Trump's lawyers understand that they have no legal right to demand delivery of the full text of the book (in searchable form, no less), and have to rely on good old-fashioned professional courtesy. Ha!

The claims against Bannon are based on the assertion that "[his] communications with Mr. Wolff in connection with the Book violated several provisions of Mr. Bannon's written agreement with Donald J. Trump for President, Inc.," in particular those provisions "preventing Mr. Bannon from ... communicating with any members of the print or electronic media about Mr. Trump, or any of his family members, or any of their businesses, or the campaign [or] disparaging Mr. Trump, or any of his family members, or any of their businesses, or the campaign."

That nobody is particularly surprised by the news that our president is trying to prevent the publication of a book highly critical of him and his family is one sign (of many) of how far down into the depths Trump has been dragging us. Though I doubt it will actually materialize, a lawsuit between Messrs. Trump and Bannon would surely be one for the ages; one can only imagine the ratings that would be garnered by an episode or two devoted to the lawsuit in the hideous reality TV series ("Celebrity President") that we all seem, somehow, to have stepped into.

But as I said, I doubt it will come to that; even Trump is aware that such a suit will put the question of the truth or falsity of Bannon's accusations on the table, and one can hardly imagine that that will end happily for the president.

Two interesting things emerge from this, however. First, it appears that Bannon - just like Joe PhonebankGuy - had to sign and did sign that ridiculous non-disclosure agreement. It's pretty bizarre; presumably, Bannon paid as much attention to the terms of the Agreement as Mr. PhonebankGuy did, i.e., none at all.

And second, it appears to indicate that Mr. Trump, or at least his lawyers, think that its terms could actually be enforceable in a court of law. I don't see it; it's all smoke and bluster, as far as I can tell.

Read the whole story
christophersw
11 days ago
reply
Baltimore, MD
Share this story
Delete

[Ilya Somin] Public Ignorance and GMO Foods

1 Share

In a recent Washington Post op ed, Purdue University president and former Indiana Governor Mitch Daniels highlights the dangers of the campaign to ban or severely restrict genetically modified (GMO) foods:

Of the several claims of "anti-science" that clutter our national debates these days, none can be more flagrantly clear than the campaign against modern agricultural technology, most specifically the use of molecular techniques to create genetically modified organisms (GMOs). Here, there are no credibly conflicting studies, no arguments about the validity of computer models, no disruption of an ecosystem nor any adverse human health or even digestive problems, after 5 billion acres have been cultivated cumulatively and trillions of meals consumed....

Today, their scientific successors are giving birth to a new set of miracles in plant production and animal husbandry that cannot only feed the world's growing billions but do so in far more sustainable, environmentally friendly ways. And though the new technologies are awe-inspiring, they are just refinements of cruder techniques that have been used for centuries.

Given the emphatic or, as some like to say, "settled" nature of the science, one would expect a united effort to spread these life-saving, planet-sparing technologies as fast as possible to the poorer nations who will need them so urgently. Instead, we hear demands that developing countries forgo the products that offer them the best hope of joining the well-fed, affluent world....

For the rich and well-fed to deny Africans, Asians or South Americans the benefits of modern technology is not merely anti-scientific. It's cruel, it's heartless, it's inhumane — and it ought to be confronted on moral grounds that ordinary citizens, including those who have been conned into preferring non-GMO Cheerios, can understand.

Reason science writer Ron Bailey has some additional thoughts on Daniels' op ed and the enormous benefits of GMO foods here; see also this helpful review of the evidence by William Saletan of Slate. The point is not that all GMO foods are always good for you, but that there is no reason to treat GMO products as a class differently from more conventional food supplies.

As Bailey and Daniels note, the scientific consensus holding that GMO foods are no more dangerous than "natural" ones has not prevented large parts of the general public from concluding that GMO foods are somehow problematic, and should be either banned or severely restricted. Fear of GMO foods is part of the more general problem of widespread political and scientific ignorance. For example, surveys indicate that some 80 percent of Americans support the idea of mandatory labeling of "foods containing DNA," (see also here), even though DNA is the basic genetic building block of life, and is contained in nearly all foods. Not surprisingly, the percentage that believe DNA worthy of mandatory warnings is very similar to the percentage (84 percent) who endorse mandatory labeling of foods "produced with genetic engineering."

Much of what I said in my 2015 analysis of the DNA question is readily applicable to the ongoing debate over GMO foods:

The [DNA] survey result is probably an example of the intersection between scientific ignorance and political ignorance, both of which are widespread. The most obvious explanation for the data is that most of these people don't really understand what DNA is, and don't realize that it is contained in almost all food. When they read that a strange substance called "DNA" might be included in their food, they might suspect that this is some dangerous chemical inserted by greedy corporations for their own nefarious purposes.

Polls repeatedly show that much of the public is often ignorant of both basic scientific facts, and basic facts about government and public policy. Just before the 2014 elections, which determined control of Congress, only 38 percent realized that the Republicans controlled the House of Representatives before the election, and the same number knew that the Democrats control the Senate. The public's scientific knowledge isn't much better. A 2012 National Science Foundation survey even found that about 25% of Americans don't know that the Earth revolves around the sun rather than vice versa. Issues like food labeling bring together political and scientific knowledge, and it is not surprising that public opinion on these subjects is very poorly informed....

Political ignorance is not primarily the result of stupidity. For most people, it is a rational reaction to the enormous size and complexity of government and the reality that the chance that their vote will have an impact on electoral outcomes is extremely low. The same is true of much scientific ignorance. For many..., there is little benefit to understanding much about genetics or DNA. Most Americans can even go about their daily business perfectly well without knowing that the Earth revolves around the sun....

Unfortunately, this is a case where individually rational behavior leads to potentially dangerous collective outcomes. While it doesn't much matter whether any individual voter is ignorant about science or public policy, when a majority (or even a large minority) of the electorate is ignorant in these ways, it can lead to the adoption of dangerous and counterproductive government policies.

In this case, public ignorance can be exploited to promote efforts to ban or restrict GMO foods. For relatively affluent Americans and Europeans, that mainly means our food would be more expensive and less diverse than it could be otherwise. For many poor people in the developing world, it could mean worsening poverty, malnutrition, or even starvation. Even mere mandatory labeling of GMO foods can cause harm by increasing costs, misleading consumers, and exacerbating information overload.

In addition to simple ignorance, there is also a problem of bias in the evaluation of information. Both ordinary people and politicians have a strong tendency to overvalue any political information that fits their preconceptions, while downplaying or even rejecting anything that cuts against them. Some forms of policy-relevant scientific ignorance are particularly prevalent on the right, such as denial of the existence of global warming. Fear and suspicion of GMO foods, by contrast, is most common on the left. Both tendencies reflect the way in which these positions are congenial to adherents of particular ideologies. For example, fear of GMO foods dovetails with more general left-wing suspicion of corporate interests and with some strands of environmentalism.

Some might argue that voters should not defer to the views of experts on scientific questions such as GMO safety or global warming. After all, the experts might be biased or just simply wrong. While we should not just blindly defer to experts, there is good reason for a presumption in their favor in situations where the experts are opining on matters within their professional sphere, there is a broad expert consensus that cuts across ideological lines, and there is no good reason to believe that the experts (as a group) are somehow corrupt. I discussed the issue of when we should (and should not) defer to experts in more detail here and here.

Read the whole story
christophersw
16 days ago
reply
Baltimore, MD
Share this story
Delete

Op-Ed Contributors: The Failed War on Drugs

1 Share
Attacking rampant drug abuse by trying to shut off the supply has not worked. We need to try a new approach.

Read the whole story
christophersw
16 days ago
reply
Baltimore, MD
Share this story
Delete

Op-Ed Contributor: How Not to Impeach

1 Share
A billboard calling for the impeachment of President Trump was on display in Times Square in December.

Read the whole story
christophersw
16 days ago
reply
Baltimore, MD
Share this story
Delete
Next Page of Stories