Categories
Links Writing

Another Bad Proposal to Globally Weaken Security

federica-galli-449563-unsplash
Photo by Federica Galli on Unsplash

Steven Levy has an article out in Wired this week in which he, vis-a-vis the persons he interviewed, proclaims that the ‘going dark’ solution has been solved to the satisfaction of (American) government agencies and (unnamed and not quoted) ‘privacy purists’.1 Per the advocates of the so-called-solution, should the proposed technical standard be advanced and developed then (American) government agencies could access encrypted materials and (American) users will enjoy the same degrees of strong encryption as they do today. This would ‘solve’ the problem of (American) agencies’ investigations being stymied by suspects’ adoption of encrypted communications systems and personal devices.

Unfortunately Levy got played: the proposal he dedicates his article to is just another attempt to advance a ‘solution’ that doesn’t address the real technical or policy problems associated with developing a global backdoor system to our most personal electronic devices. Specifically the architect of the solution overestimates the existent security characteristics of contemporary devices,2 overestimates the ability of companies to successfully manage a sophisticated and globe-spanning key management system,3 fails to address international policy issues about why other governments couldn’t or wouldn’t demand similar kinds of access (think Russia, China, Iran, etc),4 fails to contemplate an adequate key revocation system, and fails to adequately explain why why the exceptional access system he envisions is genuinely needed. With regards to that last point, government agencies have access to more data than ever before in history and, yet, because they don’t have access to all of the data in existence the agencies are claiming they are somehow being ‘blinded’.

As I’ve written in a draft book chapter, for inclusion in a book published later this year or early next, the idea that government agencies are somehow worse off than in the past is pure nonsense. Consider that,

[a]s we have embraced the digital era in our personal and professional lives, [Law Enforcement and Security Agencies] LESAs have also developed new techniques and gained additional powers in order to keep pace as our memories have shifted from personal journals and filing cabinets to blogs, social media, and cloud hosting providers. LESAs now subscribe to services designed to monitor social media services for intelligence purposes, they collect bulk data from telecommunications providers in so-called ‘tower dumps’ of all the information stored by cellular towers, establish their own fake cellular towers to collect data from all parties proximate to such devices, use malware to intrude into either personal endpoint devices (e.g. mobile phones or laptops) or networking equipment (e.g. routers), and can even retroactively re-create our daily online activities with assistance from Canada’s signals intelligence agency. In the past, each of these kinds of activities would have required dozens or hundreds or thousands of government officials to painstakingly follow persons — many of whom might not be specifically suspected of engaging in a criminal activity or activity detrimental to the national security of Canada — and gain lawful entry to their personal safes, install cameras in their homes and offices, access and copy the contents of filing cabinets, and listen in on conversations that would otherwise have been private. So much of our lives have become digital that entirely new investigative opportunities have arisen which were previously restricted to the imaginations of science fiction authors both insofar as it is easier to access information but, also, because we generate and leave behind more information about our activities vis-a-vis our digital exhaust than was even possible in a world dominated by analog technologies.

In effect: the ‘solution’ covered by Levy doesn’t clearly articulate what problem must be solved and it would end up generating more problems than it solves by significantly diminishing the security properties of devices while, simultaneously, raising international policy issues of which countries’ authorities, and under what conditions, could lawfully obtain decryption keys. Furthermore, companies and their decryption keys will suddenly become even more targeted by advanced adversaries than they are today. Instead of even attempting to realistically account for these realities of developing and implementing secure systems, the proposed ‘solution’ depends on a magical pixie dust assumption that you can undermine the security of globally distributed products and have no bad things happen.5

The article as written by Levy (and the proposed solution at the root of the article) is exactly the kind of writing and proposal that gives law enforcement agencies the energy to drive a narrative that backdooring all secure systems is possible and that the academic, policy, and technical communities are merely ideologically opposed to doing so. As has become somewhat common to say, while we can land a person on the moon, that doesn’t mean we can also land a person on the sun; while we can build (somewhat) secure systems we cannot build (somewhat) secure systems that include deliberately inserted backdoors. Ultimately, it’s not the case that ‘privacy purists’ oppose such solutions to undermine the security of all devices on ideological grounds: they’re opposed based on decades of experience, training, and expertise that lets them recognize such solutions as the charades that they are.

Footnotes

  1. I am unaware of a single person in the American or international privacy advocacy space who was interviewed for the article, let alone espouses positions that would be pacified by the proposed solution.
  2. Consider that there is currently a way of bypassing the existing tamper-resistant chip in Apple’s iPhone, which is specifically designed to ‘short out’ the iPhone if someone attempts to enter an incorrect password too many times. A similar mechanism would ‘protect’ the master key that would be accessible to law enforcement and security agencies.
  3. Consider that Microsoft has, in the past, lost its master key that is used to validate copies of Windows as legitimate Microsoft-assured products and, also, that Apple managed to lose key parts of its iOS codebase and reportedly its signing key.
  4. Consider that foreign governments look at the laws promulgated by Western nations as justification for their own abusive and human rights-violating legislation and activities.
  5. Some of the more unhelpful security researchers just argue that if Apple et al. don’t want to help foreign governments open up locked devices they should just suspend all service into those jurisdictions. I’m not of the opinion that protectionism and nationalism are ways of advancing international human rights or of raising the qualities of life of all persons around the world; it’s not morally right to just cast the citizens of Russia, Ethiopia, China, India, Pakistan, or Mexico (and others!) to the wolves of their own oftentimes overzealous or rights abusing government agencies.
Categories
Photography

The State of Instagram

(Rise Up! by Christopher Parsons)

I owe a lot to Instagram. Starting in January 1, 2017 until October 2017 I began a project of uploading a photo a day (or thereabouts) and, in the process, I learned an awful lot about how to use my cameras, shots that I tend to prefer taking, and the cool stuff you could do by looking at other photographers’ shots.

It was pretty great.

But for reasons I’ve previously written about I’ve drifted away from regular postings to Instagram or even taking photographs with the regularity of the last year. Specifically, I wrote:

… something is changing in how I approach photography itself, at least right now: I don’t want as many amber memories, and instead want to enjoy the development and unfolding of certain memories, and feel more comfortable in the knowledge that the ‘final’ memories I’ll have will be even more subjective than those associated with photographs. Some will even vanish in their entirety.

In fact, from November 2017 – April 2018 I didn’t post a single photo to Instagram and only logged in once or twice.1 But my not uploading photos has been nagging me because I know that part of why I was taking shots — and getting good ones! — was because I had been actively trying to upload stuff on a regular basis. Instagram was a method for pushing me to practice my own skills and, occasionally, receiving feedback on the shots I was getting.

So I dipped my toe back in, with a fresh upload, and then started to browse my feed. As usual, there were great photographs from the photographers that I follow.2 But there were also a lot of ads. I mean, every 5-7 images was another ad. That really, really, really sucked because it made the platform a lot less enjoyable to browse and look at; it was less a network of people, and more an ad network that was interspersed with real people’s photographs.

So what I’m going to do is upload a photo a week, or so, to Instagram because I’d like to keep my profile alive. But I’m not going to invest the time in the platform that I did in the past. And, instead, I’m going to reflect on where I want to put my content, why I want it there, and with what regularity I want to upload photos to the public Internet. That’s part of an activity I’ve been undertaking over the past year but I’d honestly thought that Instagram might remain a fun place to interact with people. Sadly, it looks like that might not be the case after all.

  1. I was, however, taking photos during that period though not with daily-regularity.
  2. I don’t tend to follow people, including friends and family, unless they take shots I find aesthetically pleasing. So there aren’t a lot of family photos, breakfast shots, or other site such material that make their way onto my feed very often.
Categories
Aside

2018.4.23

It’s heartbreaking to know that someone has decided to harm, and potentially have killed, so many people who were just minding their business in my city.

Categories
Aside Links

2018.4.21

On the one hand I feel foolish for not realizing until now that A Perfect Circle is fronted by Maynard James Keenan (Tool’s frontman). On the other hand it explains why I’ve always enjoyed A Perfect Circle’s albums so much.

Related: Eat the Elephant is a really terrific album that I’ve been listening to almost non-stop since it came out on Friday.

Categories
Aside

2018.4.20

The decision to do full copy edits (to the exclusion of all other tasks) on two separate 70,000+ word projects in a single week was a bad one.

Categories
Links Photography Roundup Writing

The Roundup for April 14-20, 2018 Edition

Walkways by Christopher Parsons

Earlier this year, I suggested that the current concerns around Facebook data being accessed by unauthorized third parties wouldn’t result in users leaving the social network in droves. Not just because people would be disinclined to actually leave the social network but because so many services use Facebook.

Specifically, one of the points that I raised was:

3. Facebook is required to log into a lot of third party services. I’m thinking of services from my barber to Tinder. Deleting Facebook means it’s a lot harder to get a haircut and impossible to use something like Tinder.

At least one company, Bumble, is changing its profile confirmation methods: whereas previously all Bumble users linked their Facebook information to their Bumble account for account identification, the company is now developing their own verification system. Should a significant number of companies end up following Bumble’s model then this could have a significant impact on Facebook’s popularity, as some of the ‘stickiness’ of the service would be diminished.1

I think that people moving away from Facebook is a good thing. But it’s important to recognize that the company doesn’t just provide social connectivity: Facebook has also made it easier for businesses to secure login credential and (in others cases) ‘verify’ identity.2 In effect one of the trickiest parts of on boarding customers has been done by a third party that was well resourced to both collect and secure the data from formal data breaches. As smaller companies assume these responsibilities, without the equivalent to Facebook’s security staff, they are going to have to get very good, very fast, at protecting their customers’ information from data breaches. While it’s certainly not impossible for smaller companies to rise to the challenge, it won’t be a cost free endeavour, either.

It will be interesting to see if more companies move over to Bumble’s approach or if, instead, businesses and consumers alike merely shake their heads angrily at Facebook’s and continue to use the service despite its failings. For what it’s worth, I continue to think that people will just shake their heads angrily and little will actually come of the Cambridge Analytica story in terms of affecting the behaviours and desires of most Facebook users, unless there are continued rapid and sustained violations of Facebook users’ trust. But hope springs eternal and so I genuinely do hope that people shift away from Facebook and towards more open, self-owned, and interesting communications and networking platforms.

Thoughtful Quotation of the Week

The brands themselves aren’t the problem, though: we all need some stuff, so we rely on brands to create the things we need. The problem arises when we feel external pressure to acquire as if new trinkets are a shortcut to a more complete life. That external pressure shouldn’t be a sign to consume. If anything, it’s a sign to pause and ask, “Who am I buying this for?”

Great Photography Shots

I was really stunned by Zsolt Hlinka’s architectural photography, which was featured on My Modern MET.

Music I’m Digging

Neat Podcast Episodes

Good Reads for the Week

Cool Things

Footnotes

  1. I think that the other reasons I listed in my earlier post will still hold. Those points were:

    1. Few people vote. And so they aren’t going to care that some shady company was trying to affect voting patterns.
    2. Lots of people rely on Facebook to keep passive track of the people in their lives. Unless communities, not individuals, quit there will be immense pressure to remain part of the network.

  2. I’m aware that it’s easy to establish a fake Facebook account and that such activity is pretty common. Nevertheless, an awful lot of people use their ‘real’ Facebook accounts that has real verification information, such as email addresses and phone numbers.
Categories
Aside

2018.4.19

It’s an unpopular position, I’m sure, but I’m genuinely enjoying Starbucks’ reserve coffees that are made using their in-house Clover machines. To date, I think that the Nicaraguan, La Laguna, is the tastiest of the reserve coffees that I’d had *and* it’s cheaper to buy coffee at Starbuck than at some of the other coffee shops in my work area. (At home, of course, I buy beans from local roasters, temperature control my water and weigh bean portions, and an Aeropress. But I just can’t have that kind of control over coffee making at work for a reasonable price.)

Categories
Aside

2018.4.13

Clearly 11pm is coffee o’clock ☕️

Categories
Aside

2018.4.13

I always forget what a chore it is to finish proofing large projects (in this case 70K+ word report) and how much I catch when I print them out and do paper-based edits after months of screen-based editorial. These ’last round’ edits are taking way longer than anticipated!

Categories
Links Quotations Roundup Writing

The Roundup for April 7-13, 2018 Edition

Love, Locked by Christopher Parsons

In my ongoing efforts to better understand myself, I’ve been listening to some of the early episodes of Gary Dunn’s podcast, Bad With Money. These episodes tend to focus on the narratives around money that have guided how she lives her life, where she learned them from, and how to overcome them, and have entailed conversations between her and her parents, her boyfriend, and with a financial psychologist and her sister.

What she’s learned, and how information is presented, has often resonated with my own experiences growing up in a family that went from middle-class, of upper-lower class, and then has split along a series of different lines as I’ve grown older. A lot of the conversations focus on how what her parents did with money while she was growing up subtly informed how Gaby, herself, has approached money as a result. And it’s gotten me thinking about the money narratives that I learned from my dad (generally really bad) and my mom (not super-terrific).

Of course, listening to some podcasts isn’t going to correct the narratives that have built up in my own head over the past several decades (e.g. debt is normal to have and carry, retirement savings are almost impossible, you should enjoy the benefits of your work now instead of later) but they do help to make explicit some of the challenges I know I need to overcome. Some of the conversations she’s had with her guests have been more or less insightful but, in aggregate, they’re useful because she uses such natural language to approach financial questions and issues that pervade many people’s daily lives. This natural language matters because it makes very clear that the show isn’t about an expert from on high explaining reality but, instead, involves the self-discovery of Gaby (and through her some discovery of the precise questions I need to ask myself). Her narratives and my own are not the same but the questions, on their own, are sufficient to jumpstart internal introspection.

The interviews she conducts are also helpful because so few people talk about financial mindsets in public that it’s hard to hear, let alone understand, the money narratives that different people hold. Through that act of listening I can better identify and situate my own narratives and ascertain what is normal, abnormal, and what needs to be corrected or remain the same. Dunn’s podcast is definitely only an early starting point but, regardless, it’s super helpful for people who don’t want to invest money but, instead, want to invest in themselves and their personal development.

On the same track of ‘podcasts I’ve listened to’ over the course of the past week, Dear Sugars has had a really good (if hard) series of episodes on consent in sexual relationships. The women who are submitting the questions are incredibly brave for presenting their experiences, and the hosts of the show are incredibly kind and nuanced in their analyses of what has taken place in their own pasts and in the lives of their letter writers. I care deeply about ensuring that all relationships — sexual or not — are consensual and these podcasts have given me insights to the challenges facing women that I may never have fully appreciated before listening to this series of episodes.

Insightful Quotation

One of the defining things about the nature of ideas is just how fragile they are: when you’re not sure whether some-thing is going to work, the idea is vulnerable. Part of protecting the idea is to be careful about who you show it to; premature criticism can shut something down that perhaps deserves more of a chance.

Great Photography Shots

I was really impressed by the water-inspired smartphone photos posted to Mobiography.

Untitled‘ by Christine Mignon
Boundaries‘ by Laurence Bouchard
Hardy Falls – Mt Magazine – AR‘ by Becky Foster

Music I’m Digging

Neat Podcast Episodes

Good Reads for the Week

Cool Things