Party like it's 1984

Update 5 June 2006

The FBI has again taken a shot at US technology companies for encrypting their data, all but declaring them the 'go to' tech for IS. There's just one catch, it isn't true. IS has confirmed that Apple products, at least, are not to be used.

The demands for front door access to bypass encryption have also resurfaced, despite the awkward fact that it may be impossible. Even if it was possible, as I've previously mentioned, a security hole for the NSA is a security hole for criminals, terrorists and foreign states. The FBIs renewed push on this front has coincided with the revelation that the US agency responsible for gathering data on federal employees and clearing them for security access (the Office of Personnel Affairs) has been hacked. Fingers are being pointed at both Russia and China, but whoever was responsible, it reiterates that security vulnerabilities are nothing but trouble.


Update 21 May 2015

A series of companies including Apple, Facebook and Google, and civil groups have all written to President Obama to protest US government efforts to require these companies to put 'back doors' into their services and products. What's interesting is that all these disparate groups were able to agree on a single letter. As I said in my original post of 6 February 2015:

Backdoors then wouldn’t just let government agencies in (under terms that would likely be secret themselves) they could also let in anyone who found them, criminals included.

Update 17 February 2015

The well known computer security software developer, Kaspersky,  has revealed that there are back doors into hard drives manufactured by Western Digital, Seagate, Toshiba, and more. Whilst they haven't attributed this action to any one country, they've linked it to Stuxnet, an NSA (National Security Agency) malware project that was reportedly used to attack Iran's nuclear programme. This analysis has been confirmed by a former NSA employee.


Update 7 February 2015

Yesterday the United Kingdom's Investigatory Powers Tribunal found that GCHQ's mass surveillance through the Upstream and Tempora systems had breached the European Human Rights Act. Specifically, they found that it had breached articles 8 and 10 which guarantee rights to privacy and freedom of expression respectively. The bizarre thing is that lawyers for the UK government refused to admit that Tempora even exists.


Original article below

The final toxic element in the hacking wars aren't another group of tin-pot anarchists, or corporate espionage hackers, they're governments and their agencies. There are all kinds of debates regarding freedom to be had, but this is more about raising of awareness of why greater access to our data for law enforcement and security agencies is also a technology problem.


The Commonest of Fallacies?

There's an argument that's often trotted out with respect to security: if you have nothing to hide then you have nothing to fear. If you search on that phrase, you might be interested in the range of people it throws up. With Apple's iOS 8 and the forthcoming Android L operating systems for mobile devices offering encryption of user data by default, it's  been brought out for another run. Take a look at some of these responses to Apple and Google:

On the losing end are the victims of crimes — from sexual assault to money laundering to robbery, kidnapping and homicide — many of whom undoubtedly are these companies’ own loyal customers.
— Cyrus R. Vance Jr., District Attorney, Manhattan:
Apple will become the phone of choice for the pedophile
— John J. Escalante, Chief of Detectives, Chicago Police Department:


Come on In!

State forces want open doors

State forces want open doors

Law enforcement and security agencies have had unfettered access to our accounts for a long time. PRISM collected user data from Apple and Google services, amongst others. Did law enforcement, security agencies and governments really think that two of the biggest technology companies in the world would just lay back and take it? Also, there's no reason to believe that the legal protection of meeting a burden of proof  to secure a warrant applies in all cases, as any data on United Kingdom citizens collected by foreign intelligence agencies can be collected without warrant by the UK's GCHQ.

Within a week of the attack on Charlie Hebdo, David Cameron and Barrack Obama said:

We won’t let the voice of freedom be muzzled.

Yet what followed almost straight away were statements that promised greater state access to information. Their preferred approach would most likely be what they've had for so long: unfettered access. However, perhaps recognising that trying to stop Apple and Google doing what they want on this issue would be difficult, Cameron and Obama have called for a backdoor to bypass encryption. That might sound reasonable, but bear in mind that the security of systems of all kinds is routinely tested by hackers. Some are doing it to try to find holes that need to be closed, but as I've discussed in How to Survive the Hacking Wars, many hacks are malign. Backdoors then wouldn't just let government agencies in (under terms that would likely be secret themselves) they could also let in anyone who found them, criminals included. Doesn't this then mean that Cameron and Obama are calling for more security holes in order to improve security? Don't forget that people who seek to test or exploit security holes, hackers, understand computer security far better than governments.

It's also worth considering that whilst for western nations this is a privacy issue, in some countries encryption could be a right to life issue. Western law enforcement might not care about your sexuality, but that freedom doesn't exist everywhere.


Step Away from the Burger

Law enforcement agencies want more and more

Law enforcement agencies want more and more

Having had unfettered access for so long, it's no wonder western governments and their agencies are complaining. They're like children who've been able to gorge on junk food every day for years, only for their supply to suddenly be threatened. If they'd been more moderate in their approach and not done stupid things like routinely access the webcams of Yahoo! users, maybe Apple and Google would be more inclined to reach a solution. And maybe, just maybe, the US government wouldn't have been sued by Yahoo!, Microsoft, Google, Facebook, LinkedIN, and many more.

Some balance needs to be reached between the need to access traffic in order to investigate crime and the right of citizens not to have people continually peering over their shoulder in the most unaccountable of ways.

Have security agencies and governments gone too far? You can tell me what you think in the comments.