Quotulatiousness

December 7, 2018

Australian parliament votes to weaken encryption

Filed under: Australia, Government, Law, Liberty, Technology — Tags: , , — Nicholas @ 03:00

Scott Shackford reports on the latest bit of oddness from the southern hemisphere:

Pretty much every single person in the tech industry, human rights circles, and academia warned the Australian government that forcing online platforms to weaken encryption would lead to disastrous results. Nonetheless, lawmakers are pushing forward — and it’s not just Australians who will suffer as a result.

Last night, Australia’s parliament rushed through the Assistance and Access Bill of 2018 right as their session was coming to a close. The bill gives various government agencies the authority to demand that tech and communication platforms provide them secret bypass routes around encrypted messages.

This is what is known as an encryption “backdoor,” and it’s a bad idea. Governments insist such tools are needed to fight crime and terrorism. The problem is that an encryption backdoor doesn’t care who uses it: If there’s a mechanism to bypass privacy security on a communication system, it can be exploited by anybody who knows how. That includes hackers, thieves, officials from authoritarian governments, and all sorts of dangerous people (including, of course, the very government people who insist they’re trying to protect us). That’s why tech companies have spent years fighting against the idea.

Weak encryption is a threat to the health of any tech platform that involves transferring data, and governments know that. So they insist they’re not demanding encryption backdoors while attempting to enact policies that pretty much demand them.

The Assistance and Access Bill won’t just grant the Australian government the power to demand that everybody from Facebook to Whatsapp help them bypass security to access private communications. The bill will let officials order companies, through “technical capability notices,” to alter their programming to facilitate snooping. And it gives the government the authority to force the tech employees who implement the changes to keep them secret. Break that secrecy, and the employees can face up to five years in jail.

July 22, 2018

Austro-Hungarian Artillery – Choctaw Code Talkers I OUT OF THE TRENCHES

Filed under: Europe, History, Military, USA, WW1 — Tags: , , , , , , — Nicholas @ 04:00

The Great War
Published on 21 Jul 2018

July 20, 2018

Fiat currency and the impact of cryptocurrencies

Filed under: Economics, Government, Technology — Tags: , , , , — Nicholas @ 03:00

At Catallaxy Files, Sinclair Davidson explains some of the advantages and disadvantages of both fiat (government-issued) and private currency:

As George Selgin, Larry White and others have shown, many historical societies had systems of private money — free banking — where the institution of money was provided by the market.

But for the most part, private monies have been displaced by fiat currencies, and live on as a historical curiosity.

We can explain this with an ‘institutional possibility frontier’; a framework developed first by Harvard economist Andrei Shleifer and his various co-authors. Shleifer and colleagues array social institutions according to how they trade-off the risks of disorder (that is, private fraud and theft) against the risk of dictatorship (that is, government expropriation, oppression, etc.) along the frontier.

As the graph shows, for money these risks are counterfeiting (disorder) and unexpected inflation (dictatorship). The free banking era taught us that private currencies are vulnerable to counterfeiting, but due to competitive market pressure, minimise the risk of inflation.

By contrast, fiat currencies are less susceptible to counterfeiting. Governments are a trusted third party that aggressively prosecutes currency fraud. The tradeoff though is that governments get the power of inflating the currency.

The fact that fiat currencies seem to be widely preferred in the world isn’t only because of fiat currency laws. It’s that citizens seem to be relatively happy with this tradeoff. They would prefer to take the risk of inflation over the risk of counterfeiting.

One reason why this might be the case is because they can both diversify and hedge against the likelihood of inflation by holding assets such as gold, or foreign currency.

The dictatorship costs of fiat currency are apparently not as high as ‘hard money’ theorists imagine.

Introducing cryptocurrencies

Cryptocurrencies significantly change this dynamic.

Cryptocurrencies are a form of private money that substantially, if not entirely, eliminate the risk of counterfeiting. Blockchains underpin cryptocurrency tokens as a secure, decentralised digital asset.

They’re not just an asset to diversify away from inflationary fiat currency, or a hedge to protect against unwanted dictatorship. Cryptocurrencies are a (near — and increasing) substitute for fiat currency.

This means that the disorder costs of private money drop dramatically.

In fact, the counterfeiting risk for mature cryptocurrencies like Bitcoin is currently less than fiat currency. Fiat currency can still be counterfeited. A stable and secure blockchain eliminates the risk of counterfeiting entirely.

July 12, 2018

Great Blunders of WWII: Japan’s Mistakes at Midway

Filed under: History, Japan, Military, Pacific, USA, WW2 — Tags: , , , — Nicholas @ 02:00

Anthony Coleman
Published on 3 Nov 2016

From the History Channel DVD series “Great Blunders of WWII”

October 14, 2017

BAHFest East 2017 – Jerry Wang: BLANKIE: Baby LAb for iNfant-Kindled innovatIon and Exploration

Filed under: Humour, Technology — Tags: , , , — Nicholas @ 02:00

BAHFest
Published on Sep 24, 2017

Watch Jerry propose an ambitious research program to “make big science with tiny people.” By leveraging the unique morphological and neurological capabilities of babies, he aims to advance the frontiers of science and engineering with giant baby steps.

BAHFest is the Festival of Bad Ad Hoc Hypotheses, a celebration of well-researched, logically explained, and clearly wrong evolutionary theory. Additional information is available at http://bahfest.com/

August 12, 2017

Why The Government Shouldn’t Break WhatsApp

Filed under: Britain, Government, Law, Liberty, Technology — Tags: , , , — Nicholas @ 02:00

Published on 3 Jul 2017

Encryption backdoors – breaking WhatsApp and iMessage’s security to let the government stop Bad Things – sounds like a reasonable idea. Here’s why it isn’t.

A transcript of this video’s available here: https://www.facebook.com/notes/tom-scott/why-the-government-shouldnt-break-whatsapp/1378434365572557/

July 1, 2017

Hunting the Bismarck – III: A Chance to Strike – Extra History

Filed under: Britain, Germany, History, Military, WW2 — Tags: , , , — Nicholas @ 02:00

Published on May 25, 2017

Sponsored by Wargaming! New players: Download World of Warships and use the code EXTRA1 for free goodies! http://cpm.wargaming.net/i3v7c6uu/?pu…

The order went out: Sink the Bismarck. Ships converged from all over the Atlantic to hunt down the pride of the German navy, and Swordfish planes launched from the aircraft carrier Ark Royal raced to harry the great warship.

June 7, 2017

“Hey, Joey, ‘splain me public key cryptography!”

Filed under: Technology — Tags: , , — Nicholas @ 10:20

Joey deVilla explains public key cryptography for non-geeks:

Have you ever tried to explain public-key cryptography (a.k.a. asymmetric cryptography) or the concept of public and private keys and what they’re for to non-techies? It’s tough, and I’ve spent the last little while trying to come up with an analogy that’s layperson-friendly and memorable.

It turns out that it already exists, and Panayotis Vryonis […], came up with it. Go over to his blog and check out the article titled Public-key cryptography for non-geeks. Whenever I have to explain what private keys and public keys are for to someone who’s new to cryptography, I use Vryonis’ “box with special lock and special keys” analogy. Not only does the explanation work, but it’s so good that the people I’ve used it on have used it themselves to explain public-key crypto to others.

I’ve recently used Vryonis’ analogy in a couple of presentations and thought I’d share images from my slides. Enjoy!

May 16, 2017

The Virtual Lorenz machine

Filed under: Germany, History, Military, Technology, WW2 — Tags: — Nicholas @ 03:00

At The Register, Gareth Corfield discusses the new virtual coding device simulating the WW2 German Lorenz cipher machine:

The National Museum of Computing has put an emulation of an “unbreakable” Second World War German cipher machine online for world+dog to admire.

The Virtual Lorenz machine has been launched in honour of WW2 codebreaker Bill Tutte, the man who broke the crypto used in the twelve-rotor cipher machine.

As The National Museum of Computing (TNMOC) puts it, Tutte’s work “shortened the conflict” – even though he had never even seen the cipher machine or its crypto scheme, the breaking of which the museum added was “the greatest intellectual feat of the war”.

TNMOC unveiled the Virtual Lorenz today to celebrate Tutte’s 100th birthday. Built by computing chap Martin Gillow, the simulation accurately reproduces the whirring of the cipher wheels (you might want to turn it down as the “background whirr” is a little too realistic).

The BBC profiled the “gifted mathematician” a few years ago, highlighting how the Lorenz machine whose secrets Tutte cracked was “several degrees more advanced than Enigma”, the cipher famously cracked by Tutte’s colleague Alan Turing. Tutte cracked the Lorenz in about six months, reverse-engineering its workings by reading intercepted Lorenz messages. When the Allies wanted to fool Hitler into believing the D-Day landings would take place in a false location, our ability to read Lorenz was critical for confirming that the ruse had worked – saving thousands of soldiers, sailors and airmen’s lives.

[…]

The Virtual Lorenz can be found here. Word to the wise – it’s not on an HTTPS site, so if you’re hoping to use it to thwart GCHQ, you might want to think again.

January 16, 2017

100 years ago today

Filed under: Americas, Britain, Europe, Germany, History, Military, USA, WW1 — Tags: , , — Nicholas @ 09:26

From the Facebook page of The Great War:

On this day 100 years ago, a coded telegram was sent by German foreign secretary Arthur Zimmermann to German Ambassador to Mexico, Heinrich von Eckardt. In this telegram, Zimmermann instructed von Eckardt to offer Mexico a military alliance and financial support against the United States should they not remain neutral. This was a possibility since Germany was about to unleash unrestricted submarine warfare by February 1, 1917.

To understand this telegram, it is important to understand that talks about military cooperation and even a military alliance between Mexico and the German Empire had been going on since 1915 already.

The telegram was sent via the American undersea cable since the German cable was interrupted by the British when the war broke out. US President Woodrow Wilson had offered the Germans to use their cable for diplomatic correspondence. What neither Wilson nor the Germans knew: The cable was monitored by the British intelligence at a relay station in England. Furthermore, the British codebreakers of Room 40 had already cracked the German encryption.

The biggest challenge for the British now was to reveal the content of this telegram without admitting that they were monitoring the cable while ensuring it had the desired impact.

March 20, 2016

Apple software engineers threaten to quit rather than crack encryption for the government

Filed under: Business, Government, Liberty, Technology, USA — Tags: , , , , — Nicholas @ 02:00

It’s only a rumour rather than a definite stand, but it is a hopeful one for civil liberties:

The spirit of anarchy and anti-establishment still runs strong at Apple. Rather than comply with the government’s requests to develop a so-called “GovtOS” to unlock the iPhone 5c of San Bernardino shooter Syed Rizwan Farook, The New York Times‘ half-dozen sources say that some software engineers may quit instead. “It’s an independent culture and a rebellious one,” former Apple engineering manager Jean-Louis Gassée tells NYT. “If the government tries to compel testimony or action from these engineers, good luck with that.”

Former senior product manager for Apple’s security and privacy division Window Snyder agrees. “If someone attempts to force them to work on something that’s outside their personal values, they can expect to find a position that’s a better fit somewhere else.”

In another instance of Apple’s company culture clashing with what the federal government demands, the development teams are apparently relatively siloed off from one another. It isn’t until a product gets closer to release that disparate teams like hardware and software engineers come together for finalizing a given gizmo. NYT notes that the team of six to 10 engineers needed to develop the back door doesn’t currently exist and that forcing any sort of collaboration would be incredibly difficult, again, due to how Apple works internally.

January 31, 2016

“To be honest, the spooks love PGP”

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 03:00

If nothing else, it’s a needle in their acres of data haystacks. Use of any kind of encryption doesn’t necessarily let CSIS and their foreign friends read your communications, but it alerts them that you think you’ve got something to say that they shouldn’t read:

Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto.

To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies’ dashboards. Agents and analysts don’t even have to see the contents of the communications – the metadata is enough for g-men to start making your life difficult.

“To be honest, the spooks love PGP,” Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. “It’s really chatty and it gives them a lot of metadata and communication records. PGP is the NSA’s friend.”

Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data.

Given that the NSA has taps on almost all of the internet’s major trunk routes, the PGP records can be incredibly useful. It’s a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities.

Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata – since almost anyone using it identified themselves as a potential terrorist.

“It’s brilliant!” enthused Weaver. “Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus.”

October 29, 2015

Free HTTPS certificates coming soon

Filed under: Technology — Tags: , , , — Nicholas @ 02:00

At Ars Technica, Dan Goodin discussed the imminent availability of free HTTPS certificates to all registered domain owners:

lets-encrypt

A nonprofit effort aimed at encrypting the entire Web has reached an important milestone: its HTTPS certificates are now trusted by all major browsers.

The service, which is backed by the Electronic Frontier Foundation, Mozilla, Cisco Systems, and Akamai, is known as Let’s Encrypt. As Ars reported last year, the group will offer free HTTPS certificates to anyone who owns a domain name. Let’s Encrypt promises to provide open source tools that automate processes for both applying for and receiving the credential and configuring a website to use it securely.

HTTPS uses the transport layer security or secure sockets layer protocols to secure websites in two important ways. First, it encrypts communications passing between visitors and the Web server so they can’t be read or modified by anyone who may be monitoring the connection. Second, in the case of bare bones certificates, it cryptographically proves that a server belongs to the same organization or person with control over the domain, rather than an imposter posing as that organization. (Extended validation certificates go a step beyond by authenticating the identity of the organization or individual.)

October 26, 2015

Going price for a working Enigma machine – $365,000

Filed under: Europe, History, Military, Technology, WW2 — Tags: , , — Nicholas @ 03:00

Lester Haines reports on a recent record auction price for an Enigma machine:

A fully-functioning four-rotor M4 Enigma WW2 cipher machine has sold at auction for $365,000.

Enigma machine

The German encryption device, as used by the U-Boat fleet and described as “one of the rarest of all the Enigma machines”, went under the hammer at Bonham’s in New York last night as part of the “Conflicts of the 20th Century” sale.

The M4 was adopted by the German Navy, the Kriegsmarine, in early 1942 following the capture of U-570 in August 1941*. Although the crew of U-570 had destroyed their three-rotor Enigma, the British found aboard written material which compromised the security of the machine.

The traffic to and from the replacement machines was dubbed “Shark” by codebreakers at Bletchley Park. Decryption proved troublesome, due in part to an initial lack of “cribs” (identified or suspected plaintext in an encrypted message) for the new device, but by December 1942, the British were regularly cracking M4 messages.

I recently read David O’Keefe’s One Day in August, which seems to explain the otherwise inexplicable launch of “Operation Jubilee”, the Dieppe raid … in his reading, the raid was actually a cover-up operation while British intelligence operatives tried to snatch one or more of the new Enigma machines (like the one shown above) without tipping off the Germans that that was the actual goal. Joel Ralph reviewed the book when it was released:

One Day in August, by David O’Keefe, takes a completely different approach to the Dieppe landing. With significant new evidence in hand, O’Keefe seeks to reframe the entire raid within the context of the secret naval intelligence war being fought against Nazi Germany.

On February 1, 1942, German U-boats operating in the Atlantic Ocean switched from using a three-rotor Enigma code machine to a new four-rotor machine. Britain’s Naval Intelligence Division, which had broken the three-rotor code and was regularly reading German coded messages, was suddenly left entirely in the dark as to the positions and intentions of enemy submarines. By the summer of 1942, the Battle of the Atlantic had reached a state of crisis and was threatening to cut off Britain from the resources needed to carry on with the war.

O’Keefe spends nearly two hundred pages documenting the secret war against Germany and the growth of the Naval Intelligence Division. What ties this to Dieppe and sparked O’Keefe’s research was the development of a unique naval intelligence commando unit tasked with retrieving vital code-breaking material. As O’Keefe’s research reveals, the origins of this unit were at Dieppe, on an almost suicidal mission to gather intelligence they hoped would crack the four-rotor Enigma machine.

O’Keefe has uncovered new documents and first-hand accounts that provide evidence for the existence of such a mission. But he takes it one step further and argues that these secret commandos were not simply along for the ride at Dieppe. Instead, he claims, the entire Dieppe raid was cover for their important task.

It’s easy to dismiss O’Keefe’s argument as too incredible (Zuehlke does so quickly in his brief conclusion [in his book Operation Jubilee, August 19, 1942]). But O’Keefe would argue that just about everything associated with combined operations defied conventional military logic, from Operation Ruthless, a planned but never executed James Bond-style mission, to the successful raid on the French port of St. Nazaire only months before Dieppe.

Clearly this commando operation was an important part of the Dieppe raid. But, while the circumstantial evidence is robust, there is no single clear document that directly lays out the Dieppe raid as cover for a secret “pinch by design” operation to steal German code books and Enigma material.

July 17, 2015

The case for encryption – “Encryption should be enabled for everything by default”

Filed under: Liberty, Technology — Tags: , , — Nicholas @ 03:00

Bruce Schneier explains why you should care (a lot) about having your data encrypted:

Encryption protects our data. It protects our data when it’s sitting on our computers and in data centers, and it protects it when it’s being transmitted around the Internet. It protects our conversations, whether video, voice, or text. It protects our privacy. It protects our anonymity. And sometimes, it protects our lives.

This protection is important for everyone. It’s easy to see how encryption protects journalists, human rights defenders, and political activists in authoritarian countries. But encryption protects the rest of us as well. It protects our data from criminals. It protects it from competitors, neighbors, and family members. It protects it from malicious attackers, and it protects it from accidents.

Encryption works best if it’s ubiquitous and automatic. The two forms of encryption you use most often — https URLs on your browser, and the handset-to-tower link for your cell phone calls — work so well because you don’t even know they’re there.

Encryption should be enabled for everything by default, not a feature you turn on only if you’re doing something you consider worth protecting.

This is important. If we only use encryption when we’re working with important data, then encryption signals that data’s importance. If only dissidents use encryption in a country, that country’s authorities have an easy way of identifying them. But if everyone uses it all of the time, encryption ceases to be a signal. No one can distinguish simple chatting from deeply private conversation. The government can’t tell the dissidents from the rest of the population. Every time you use encryption, you’re protecting someone who needs to use it to stay alive.

« Newer PostsOlder Posts »

Powered by WordPress