Hillary Clinton's Staff Recognize She Doesn't Understand Encryption And Is Supporting 'The Impossible'
from the that's-at-least-marginally-reassuring dept
Hillary Clinton's position on encryption -- like so much of her tech policy -- has been kind of vague and wishy-washy. Saying things that possibly sound good, but could easily turn out to be bad depending on what is really meant. It's sort of the classical politician's answer on things, trying to appease multiple sides of an issue without getting fully pinned down on something that might come back to bite you later.
It started back in November of 2015, when Clinton gave a speech, which put her firmly into the "but Silicon Valley should nerd harder to figure out a backdoor" camp. A few weeks later, she doubled down on the "nerd harder" response in an interview with George Stephanopoulos:
Now, with the release of the hacked emails from Clinton campaign manager John Podesta, we get to find out that Clinton's staff basically agreed with us that her statements on encryption were ridiculous, and felt that she should not support any effort to backdoor encryption. It started with an internal discussion in response to an inbound request from Politico, where some of her staffers sought to avoid answering the question on backdooring encryption, while admitting internally the reality. Here were the "boiled down" talking points, presented by Ben Scott (a former State Dept official who also ran Free Press for a few years):
The second email comes right after that "Manhattan Project" comment at the debate in the middle of December, and there her staffers discuss what a terrible analogy it is and how they should tell the tech industry that Hillary won't support backdoors, but instead supports using hacking/malware to spy on terrorists (which is a better solution all around, though it raises some other issues).
The email thread starts off with lawyer and Clinton (and former Obama) advisor Sara Solow first highlighting the flip-floppy nature of Clinton's comments, and then followed it up by noting that the "flop" side of (supporting backdooring encryption) is "impossible":
It started back in November of 2015, when Clinton gave a speech, which put her firmly into the "but Silicon Valley should nerd harder to figure out a backdoor" camp. A few weeks later, she doubled down on the "nerd harder" response in an interview with George Stephanopoulos:
STEPHANOPOULOS: How about Apple? No more encryption?A few weeks after that, she went even further, calling for a "Manhattan Project" on backdooring encryption. As we noted at the time, that made no sense and suggested a complete cluelessness about encryption and the issues related to it.
CLINTON: This is something I've said for a long time, George. I have to believe that the best minds in the private sector, in the public sector could come together to help us deal with this evolving threat. And you know, I know what the argument is from our friends in the industry. I respect that. Nobody wants to be feeling like their privacy is invaded.
But I also know what the argument is on the other side from law enforcement and security professionals. So, please, let's get together and try to figure out the best way forward.
Now, with the release of the hacked emails from Clinton campaign manager John Podesta, we get to find out that Clinton's staff basically agreed with us that her statements on encryption were ridiculous, and felt that she should not support any effort to backdoor encryption. It started with an internal discussion in response to an inbound request from Politico, where some of her staffers sought to avoid answering the question on backdooring encryption, while admitting internally the reality. Here were the "boiled down" talking points, presented by Ben Scott (a former State Dept official who also ran Free Press for a few years):
1-The bad guys could already get crypto -- we helped the good guys get it.Those are good points. I wish she'd actually said that, rather than what eventually came out.
2-The Internet Freedom investments in these technologies were strongly bipartisan (and remain so).
The second email comes right after that "Manhattan Project" comment at the debate in the middle of December, and there her staffers discuss what a terrible analogy it is and how they should tell the tech industry that Hillary won't support backdoors, but instead supports using hacking/malware to spy on terrorists (which is a better solution all around, though it raises some other issues).
The email thread starts off with lawyer and Clinton (and former Obama) advisor Sara Solow first highlighting the flip-floppy nature of Clinton's comments, and then followed it up by noting that the "flop" side of (supporting backdooring encryption) is "impossible":
She basically said no mandatory back doors last night ("I would not want to go to that point"). In the next paragraph she then said some not-so-great stuff -- about there having to be "some way" to "break into" encrypted content-- but then she again said "a backdoor may be the wrong door."Teddy Goff, a political strategist and the digital director for Obama for America during the 2012 campaign, responds, calling it "a solid B/B+" and suggests that someone tell Clinton never to use the Manhattan Project line again. He also highlights the point that Ben Scott had raised a month earlier, and that it was clear that Clinton did not understand, that there is open source encryption out there that anyone can use already, and any attempt to backdoor proprietary encryption won't stop anyone from using those other solutions. Finally, he suggests that having "pledged not to mandate backdoors" will be useful going forward.
Please let us know what you hear from your folks. I would think they would be happy -- she's certainly NOT calling for the backdoor now -- although she does then appear to believe there is "some way" to do the impossible.
i think it was fine, a solid B/B+. john tells me that he has actually heard nice things from friends of ours in SV, which is rare! i do think that "i would not want to go to that point" got overshadowed in some circles by the "some way to break in" thing -- which does seem to portend some sort of mandate or other anti-encryption policy, and also reinforces the the ideological gap -- and then, more atmospherically, by the manhattan project analogy (which we truly, truly should not make ever again -- can we work on pressing that point somehow?) and the cringe-y "i don't understand all the technology" line, which i also think does not help and we should avoid saying going forward.Finally, Solow responds to Goff agreeing that the "some way in" line implies undermining encryption, but suggests that they quietly let the tech world know that they don't mean backdoors, but just mean hacking/malware:
speaking of not understanding the technology, there is a critical technical point which our current language around encryption makes plain she isn't aware of. open-source unencrypted messaging technologies are in the public domain. there is literally no way to put that genie back in the bottle. so we can try to compel a whatsapp to unencrypt, but that may only have the effect of pushing terrorists onto emergent encrypted platforms.
i do think going forward it will be helpful to be able to refer to her having pledged not to mandate a backdoor as president. but we've got to iron out the rest of the message. i actually do believe there is a way to thread the needle here, which i am happy to discuss; it requires us to quickly pivot from encryption to the broader issue of working with tech companies to detect and stop these people, and not getting into the weeds of which app they happen to use and that sort of thing.
That she says no backdoor, which is good, but then says we need a way in, and then the bad line about not understanding technology. The latter two points make the first one seem vulnerable.There are some obvious concerns with the hacking/malware stuff, but it's at a very different level than breaking encryption. While it's still ridiculous that Clinton won't just come out and say that backdooring encryption gives us both less security and less privacy, it does appear that she has people on her team who get the basics here. That's at least moderately encouraging. It would be better if there were some stronger indication that Clinton is actually listening to them.
But in terms of wanting a way to break in - couldn't we tell tech off the record that she had in mind the malware/key strokes idea (insert malware into a device that you know is a target, to capture keystrokes before they are encrypted). Or that she had in mind really super code breaking by the NSA. But not the backdoor per se?
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re:
Remind Hillary that a digital key to her property, unlike a physical key, can be stolen over the internet by the same kind of people who hacked the DNC.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
What you do is stick a proxy email server in front of it that is configured to (a) queue and hold inbound traffic and (b) accept and transmit outbound traffic. Periodically, you write the inbound queue on media, transport it to the air-gapped email server, and flush it into the delivery mechanism on that server. Then you reverse the process, carrying the outbound queue over and flushing it.
This of course has its drawbacks, notably the delays involved, but since email isn't instant messaging and isn't supposed to be, that's not much of an issue. (And it can be mitigated by doing the process more frequently.) And since the air-gapped email server can't access DNS across the Internet, it's necessary to configure it to accept all outbound traffic without first checking to see if the domain part of the address is valid, e.g., it has to accept mail to example.com even if example.com doesn't exist, because it has no way to know that. Of course this mistake will be noticed eventually, once the outbound attempt to send fails, but that does impose a time delay.
And so on. It's really that hard to do this is you use open-source tools like Unix or Linux, sendmail or postfix.
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re:
A "simple" technique is available with a cell phone.
"Researchers Hack Air-Gapped Computer With Simple Cell Phone"
https://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone
Other methods exist that have been reported to crack PCs that are completely airgapped, and are in another room from a networked PC.
Bit whisper is one that uses thermal emission.
https://www.helpnetsecurity.com/2015/03/24/hack-air-gapped-computers-using-heat/
Audio techniques have also been employed, as well as interpreting fan speed changes. Undoubtedly many more.
As far as encryption goes, even the old standby of one time pads have been cracked on occasion.
If you think your smart phone is safe if it never leaves your hands, think again. Celebrite makes devices that can directly read everything on your smartphone without physical contact, or invading your personal space (just your smartphone.)
[ reply to this | link to this | view in chronology ]
Re: Re:
Sure, but this still requires physical proximity.
How do you mean?
A true OTP (where the pad is not reused and is the same length as the message) can't be brute-forced. The problem is that the pad has to be transmitted somehow, and we're back at the starting point: how do you transmit a message without it being observed in transmission? That's why OTP is, in the vast majority of all cases, impractical; if you have a secure way of transmitting the pad, why do you need it in the first place?
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
Given the capacity of easily concealed media, like microSD cards, a one time pad cab be practical if you have a good random noise source, and can either meet up with your correspondents occasionally, or have a trusted courier. Given modern capacities, it may only need one key exchange to encrypt all messages you will ever want to exchange with a person. When the key was printed on paper, then key exchange was a real problem, but that problem had largely disappeared after CD were invented.
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
will power elite players be able to trust ANY email that won't be ultimately 'hacked' OR released by insiders (EVEN encrypted emails) ? ? ?
(please note: decent encryption done right *MAY* be unhackable given the current state of the art (maybe), but what about a year or ten from now ? further, in the case of insider leaks, they presumably already have access/encryption keys, no hacking required...)
if so, will that create a changed communication strategy, one where emails are simply pollyanna-ish bullshit which says all the right shit, but belies their actual thoughts and plans ? ? ?
will evil minions be limited to face-to-face meetings and coded communications ? ? ? will email ever be the same again ? ? ?
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
And while it's not applicable to OTP, the quality/randomness of the primes is an important related issue that we're seeing some problems with right now.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re:
But digital keys, unlike physical keys, can be copied by hackers, over the network, without taking the original copy. (Do you hear that RIAA / MPAA?)
Given the recent news stories of hacking, would Hillary really want her own property protected by a system where the government had an unknown number of copies of keys to her property, and the key holders were unknown, and it might go completely unnoticed if hackers made off with copies of those keys.
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Accusations of Mike being pro Trump in 3, 2, 1...
Ahem.
[ reply to this | link to this | view in chronology ]
Re: Accusations of Mike being pro Trump in 3, 2, 1...
[ reply to this | link to this | view in chronology ]
Past reminder about digital cluelessness
Hillary said that Wikileaks should 'return' the stolen digital documents. And, IIRC, it was Mike who pointed out "that's not how digital works". (Hear that MPAA / RIAA?)
[ reply to this | link to this | view in chronology ]
Re: Past reminder about digital cluelessness
http://27bslash6.com/overdue.html
[ reply to this | link to this | view in chronology ]
They want to be able to search anything, at anytime, and it whatever way they deem best suites their need. Part of a politicians job is to keep those people in check, rather than help them to establish a police state. Until politicians can be convinced to do their jobs, things will only get worse.
[ reply to this | link to this | view in chronology ]
HRC fails the Turing Test
Misunderstanding the *undecidability* of most questions about computer codes fails the most fundamental of Turing Tests.
Turing tried his best to "nerd harder", and look what happened to him.
In short, until you understand undecidability, STFU about backdoors and encryption.
[ reply to this | link to this | view in chronology ]
Re: HRC fails the Turing Test
[ reply to this | link to this | view in chronology ]
Re: Re: HRC fails the Turing Test
[ reply to this | link to this | view in chronology ]
Re: Re: Re: HRC fails the Turing Test
GLaDOS 2020: 'Don't worry, we disconnected the nerve gas this time.'
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
Bill is still banging bimbos, the press has never carried so much water as they do for HRC and Chelsea is a spoiled brat that drives the handlers bonkers...
Truly some circus... and there seems to be some bread left?
Funny to see the email etiquette of Podesta and the likes
[ reply to this | link to this | view in chronology ]
Re:
Or...
... maybe she was wading hip deep in Middle East issues, Western European issues, South China Seas issues, international trade issues, human rights issues, UN issues, NATO issues, maybe even Democratic Party issues, and what not -- and her attention was on those matters (which were her actual job and responsibility), while she left the "techie" details to her support staff (which was their actual job and responsibility), and didn't think much about the "computer technology" issues any more than she could help, except when the aggravation of dealing with them were distracting from her actual job.
Or... maybe her secret hobby involves setting up raspberry pi mesh networks and compiling custom linux kernels during boring boring State Dept. meetings. I mean, who knows right? Anything is possible.
[ reply to this | link to this | view in chronology ]
Another data point that shows an unsettling trend
If she is going to hire smart, capable experts only to use as props and not to actually set her policy, that bodes poorly for an HRC White House.
I already wasn't going to vote for her because of this exact reason. I appreciate having more evidence reinforcing my decision.
[ reply to this | link to this | view in chronology ]
I agree with you that this is the picture we're getting here. However, on many other policy issues, she has shown herself willing to consult with and listen to experts. Examples: economics, employment, climate, terrorism, policing, civil rights, education, and medicine. Given that, I suspect that tech is just a blind spot, and I hope that once she takes office, she'll be more inclined to remedy that.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
Not that every other politician doesn't do the same.
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
Probably the best example is climate. She's not a climatologist, but her grasp of the issues meshes extremely well with what experts are saying and publishing. And it's evolved -- which is a good thing, because our understanding is evolving too.
You can like or dislike Clinton, but one thing you have to admit is that she's a policy wonk. She studies. Even on the issues where I think she's wrong, I have to concede that she has a superb grasp of the facts.
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re:
What a pity she can't seem to listen to experts when the issues involved don't result in incredulous sums being deposited to her accounts.
[ reply to this | link to this | view in chronology ]
Re:
Yes, indeedey!
Take that speed, so you can get through the next debate without falling over.
Then after Nov. 8, please spend two months recuperating in Warm Springs with your muse Eleanor, so you'll have the strength to hold you hand up Jan. 20 for a few moments.
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
Re:
Just a few truly trivial methods.
http://www.wikihow.com/Open-a-Locked-Door
[ reply to this | link to this | view in chronology ]
Re: Re:
Because properly designed, properly deployed encryption really is unbreakable (at least, given current technology -- if quantum computing becomes viable, then all bets are off). There's a reason that most modern attacks focus on circumventing encryption, not breaking it. (Man-in-the-middle attacks, malware, phishing, etc.)
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
Properly implemented "one-time pad" encryption -- used by the Soviets since WWII -- is provably unbreakable even by a quantum computer.
The few breaks of Soviet WWII encryption -- e.g., the Cambridge group, Julius Rosenberg -- were due to flawed implementation (violations of the "one-time" property of the random numbers). Google Venona.
However, man-in-the-middle (MITM) can still be used against one-time pad encryption, so establishing trust becomes the major problem.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re:
There are cases where OTP is useful -- say, where the purpose of encryption is to disseminate a message that only needs to be a secret until the pad is released, at which time it doesn't matter if everybody knows it; or if you're dispatching two messengers and one has the ciphertext and the other has the pad and this decreases the chance of both messengers being captured -- but they're pretty specific and rare.
It's not a useful means of encrypting instantaneous communications.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re:
B.S.!
Agent takes 128GByte flash drive full of one-time pad random numbers.
Control keeps copy.
Agent can encrypt decades of SMS messages sent to Control.
One-time pads (although not using flash drives) were used by the U.S. in Vietnam.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: Re: Re:
[ reply to this | link to this | view in chronology ]
Re: Re: Re:
Strong encryption is not making their jobs impossible, but rather requires the police and security services to actual make and maintain real contacts with people. The real problem here is that law enforcement and the security services have come to believe that they are entitled to capture every bit of recorded information, and trwl through it to find out what people are doing. However the people they should be going after, like the puppet masters controlling terrorists, and high level criminals know how to keep their conversation private, by playing a round of golf, or other such activities that make listening in to their conversations difficult.
Certainly as far as law enforcement is concerned, strong encryption is likely to have a direct benefit to society, force law enforcement to engage with the community, rather than treating them as the enemy, as without that engagement they will really be in the dark.
[ reply to this | link to this | view in chronology ]
Re:
I'm all for strong, unbreakable encryption, but it isn't a silver bullet for all security woes.
[ reply to this | link to this | view in chronology ]
"Doubling down?"
1. meet with technologists
2. ?
3. safety
[ reply to this | link to this | view in chronology ]
Re: "Doubling down?"
4. PROFIT!!!11!
[ reply to this | link to this | view in chronology ]
HRC: Can't we all just get along?
Until the law extends to all Americans, we remain unobliged.
--Sincerely,
--The tech sector.
[ reply to this | link to this | view in chronology ]
[ reply to this | link to this | view in chronology ]
BEHAVIORAL UNCERTAINTY
.
When governments begin discussing "BETTER SECURITY" on the Net, "FOUR POINTS" are usually missed! And these are... evil people want ACCESS, and evil people want PRIVACY; and non-evil people want ACCESS, and non-evil people want PRIVACY! Conclusion:... SECURITY, IS NOT SIMPLY ABOUT PRIVACY VERSUS ACCESS!... I-T-'-S A-B-O-U-T F-O-U-R S-E-C-U-R-I-T-Y E-L-E-M-E-N-T-S!
.
NON-EVIL PEOPLE NEED BOTH ACCESS AND PRIVACY! AND EVIL PEOPLE SHOULDN'T HAVE ACCESS!... OR!... PRIVACY! BUT, IF YOU DENY THE WRONG PEOPLE ACCESS AND PRIVACY (I.E., NON-EVIL PEOPLE!), AND ALLOW THE WRONG PEOPLE ACCESS AND PRIVACY (I.E., EVIL PEOPLE!), YOU HARM SECURITY!... AND, IN THE CASE OF NON-EVIL PEOPLE, ACCESS AND PRIVACY DENIALS WILL ADVERSELY IMPACT ON MANY OTHER DIGITAL... AND HUMAN!... RIGHTS! AND IF YOU DON'T KNOW WHICH IS WHICH (I.E., WHO IS EVIL, AND WHO IS NOT!)... WELL... YOU D*MN WELL BETTER FIGURE IT OUT!
.
SIMPLY STATED!... LIFE IS NOT GUARANTEED TO BE EASY!... OR WITHOUT THORNS!
.
What if... in response to the terrorist attacks in Paris, Brussels, or cybersecurity attacks on companies and government agencies!... the FBI had come to the American people, and said: "In order to keep you safe, we need you to remove all the locks on your doors and windows... and replace them with weaker ones! And... because!... if you are a terrorist, we need to get access to your house!... and your locks might slow us down!... or block us!... entirely! So... Americans!... remove your locks! And American companies!... stop making good locks!"
.
Well... I'm guessing!... most Americans would reject this as a bad idea! And... inasmuch!... as they would see this as making them vulnerable! And... not just to terrorists!... but to ordinary thieves, and bad guys! Americans-- for the most part!-- would reject having their daily security undermined, in favor of a VAGUE PROMISE, that law enforcement would be quick!... easy!... and GUARANTEED SECURE! Most Americans would say to the FBI:... "STOP!... RIGHT THERE!... WE NEED M-O-R-E S-E-C-U-R-I-T-Y IN THE WAKE OF THESE ATTACKS!... NOT L-E-S-S!"
.
Yet!... that same tradeoff is similar to what's being asked of Americans in the ATTACKS ON STRONG ENCRYPTION! The FBI, isn't-- TECHNICALLY!-- asking for NO LOCKS!... it's asking for WEAKENED ONES!... so that it can break any lock that Americans buy, or use! But!... the end result, is the same!... I.E.... AMERICANS ARE LEFT M-O-R-E V-U-L-N-E-R-A-B-L-E! As with the locks on doors, digital locks can't be made to ALLOW ONLY ACCESS TO ALL THE GOOD GUYS!... and!... to DISALLOW ACCESS TO ONLY THE BAD GUYS (i.e., AT LEAST, NOT YET!)! THE LOCK CAN'T TELL THE DIFFERENCE!... and!... even more vulnerabilities are created, by building complicated processes for storing digital keys (as demonstrated by a recent MIT report!... see, http://www.technologyreview.com/view/543566/dont-blame-encryption-for-isis-attacks/... and... in an open letter to David Cameron... see, https://medium.com/message/dear-prime-minister-cameron-20th-century-solutions-wont-help-21st-century -surveillance-ff2d7a3d300c#.ium2wu3n5, by Harvard Professor, and EFF Board member, Jonathan Zittrain)!
.
Right now, the FBI's strategy is focused on putting pressure on companies like Apple, Microsoft and Google to prevent Americans from ever getting access to good locks in the first place! Yet!... if the FBI was publicly calling for home builders and locksmiths to stop offering Americans the strongest possible home or office security systems, Americans would see the folly of their strategy!... OUTRIGHT!
.
The EFF (see, https://www.eff.org/deeplinks/2014/09/nine-epic-failures-regulating-cryptography) and many others (see, http://www.nytimes.com/2015/11/18/opinion/mass-surveillance-isnt-the-answer-to-fighting-terrorism.ht ml?_r=0) have long demonstrated that limiting Americans' access to strong encryption, is a bad idea! But... somehow!... and, maybe, because the way these locks work is more hidden from users in the context of digital networks and tools!... the argument continues to be raised by Agencies and politicians, who should know better!... and e.g., the FBI, and Hillary Clinton (see, http://www.bbc.com/news/world-us-canada-12475829)!
.
The response to insecure networks and digital technologies must be to make them-- IN PART!-- STRONGER! And yet!... this basic message is not only LOST on those who call for encryption controls, but it has also been UNDERMINED by the cybersecurity approach of the CISA (see, https://www.eff.org/deeplinks/2015/10/eff-strongly-oppose-cisa-cyber-surveillance-bill-and-cfaa-amen dment)... which!... instead of encouraging better security by those who store information, pushes companies to increase the risks Americans already face (by "SHARING" more data belonging to Americans, with the government)! Of course, the lapses in government security are already well documented (see, https://www.eff.org/deeplinks/2015/07/we-told-you-so-opm-data-breach-reveals-not-only-lame-data-secu rity-weak-legal)! The same wrongheaded approach is on display when the US Congress fails to reform the Computer Fraud and Abuse Act to protect the security researchers whose work results in better protections for Americans! And, instead, pushes for a worse version of the law!... with a still broader scope!... and harsher penalties (see, https://www.eff.org/deeplinks/2015/11/
some-good-news-about-cisa-it-doesnt-include-dangerous-computer -fraud-and-abuse)!
.
Unlocking everyone's doors isn't the answer to global crime!... or terrorism! Nor!... is simply facilitating stronger encryption! Building, and supporting, STRONGER SECURITY is a VIABLE SOLUTION AGAINST ATTACKS!... however!... failing to allow for ACCESS to the "bad guys" is to-- LIKEWISE!-- D-E-N-Y O-U-R S-E-C-U-R-I-T-Y!
.
Nevertheless!... and the foregoing notwithstanding, this issue of Internet Security is compounded by the current reality, that Steganographic approaches are even eclipsing that of conventional encryption (not to mention, Quantum Steganography... see, Why Quantum Steganography Can Be Stronger Than Classical Steganography!)!... see, http://www.infosectoday.com/Articles/digitalstego.htm!
.
The advantage of Steganography over encryption is that law enforcement authorities readily recognize encrypted files and are willing to dedicate resources to attempt decryption!... while, with Steganography, police are unlikely even to realize that a hidden file exists! [See, COUNTERING THE USE OF THE INTERNET FOR TERRORIST PURPOSES: LEGAL AND TECHNICAL ASPECTS, MAY, 2011, "Working Group on Countering the Use of Internet for Terrorist Purposes", "United Nations, Counter-Terrorism Implementation Task Force (CTITF)"]
.
The United Nations Global Counter-Terrorism Strategy... which brings together into one coherent framework decades of United Nations counter-terrorism policy and legal responses emanating from the General Assembly, and the Security Council and relevant United Nations specialized agencies... has been the focus of the work of CTITF since its adoption by the General Assembly in September 2006 (General Assembly resolution 60/ 288)!
.
The Strategy sets out a plan of action for the international community based on four pillars:
.
• Measures to address the "CONDITIONS CONDUCIVE TO THE SPREAD OF TERRORISM";
.
• Measures to PREVENT AND COMBAT TERRORISM;
.
• Measures to BUILD STATES' CAPACITY TO PREVENT AND COMBAT TERRORIM and to STRENGTHEN THE ROLE OF THE UNITED NATIONS SYSTEM IN THIS REGARD;
.
• Measures to ENSURE RESPECT FOR HUMAN RIGHTS FOR ALL AND THE RULE OF LAW... as the F-U-N-D-A-M-E-N-T-A-L B-A-S-I-S OF THE FIGHT AGAINST TERRORISM (and I'll add here... DIGITAL HUMAN RIGHTS!)!
.
In accordance with "the Strategy"... which welcomes the institutionalization of CTITF within the United Nations Secretariat... the Secretary-General in 2009 established a CTITF Office within the Department of Political Affairs to provide support for the work of CTITF! Via the CTITF Office, with the help of a number of thematic initiatives and working groups, and under the policy guidance of Member States through the General Assembly, CTITF aims to coordinate United Nations system-wide support for the implementation of the Strategy and catalyse... system-wide!... value-added initiatives to support Member State efforts to implement the Strategy in all its aspects! CTITF also seeks to foster constructive engagement between the United Nations system, international and regional organizations, the private sector, and civil society on the implementation of the Strategy!
.
To close... it would appear-- to me!... that many "Security Professionals"-- and "lay commentators"!-- are woefully stupid/ ignorant of the "Uncertainty Principle" in Quantum Mechanics! AND... IF UTILIZED (LET ALONE, ACKNOWLEDGED!)!... COULD VIRTUALLY SOLVE THE PRIVACY VERSUS ACCESS DILEMMA!... OVERNIGHT! In other words, the Global Security Community has got to begin to incorporate the Uncertainty Principle/ within Hardware, if it ever hopes to find a solution to the PRIVACY VERSUS ACCESS DILEMMA!
.
Conclusion... and a suggestion!... what is needed is GLOBAL ATTENTION on research into the Application of the "Uncertainty Principle" in Quantum Mechanics, to Cyber Security!... and, on the implications of Steganography-- yea, Quantum Steganography (to B-O-T-H ACCESS and PRIVACY re B-O-T-H the "good guys" and the "bad guys"!)-- in Cyber Security! The benefit of QUANTUM STEGANOGRAPHY being, the power of the "Uncertainty Principle" can then be applied to the I-D-E-N-T-I-F-I-C-A-T-I-O-N O-F B-O-T-H T-H-E B-A-D G-U-Y A-N-D T-H-E G-O-O-D G-U-Y R-E-C-E-I-V-I-N-G A-N-D/ O-R S-E-N-D-I-N-G A-N-Y F-O-R-M O-F S-T-E-G-A-N-O-G-R-A-P-H-I-C M-E-S-S-A-G-E!... as, it is I-M-P-O-S-S-I-B-L-E T-O H-I-D-E T-H-E I-N-T-E-N-T-I-O-N (Q-U-A-N-T-U-M F-L-U-X!) O-F T-H-E S-E-N-D-E-R O-R R-E-C-E-I-V-E-R! In other words... AND AT THE QUANTUM LEVEL!... T-H-E I-N-T-E-N-T-I-O-N O-F A-H-U-M-A-N S-O-U-L C-A-N B-E-- HOW SHALL I PUT IT!-- "Q-U-A-N-T-I-F-I-E-D (M-E-A-S-U-R-E-D!... ALBEIT, INDIRECTLY!)"!
.
Therefore!... the sooner the Global Cyber Security community-- yea, the world of Cyber Security stakeholders!-- begins to acknowledge, and then implement the powers vested within the "Uncertainty Principle" within Quantum Mechanics, the sooner 100% Cyber Security will be assured for users!
.
However!... and to use God as an analogy here!... just because GOD knows how completely wretched we actually are, doesn't mean he is desiring to destroy us at every turn, due to every OVERT SIN we make! And so!... likewise!... just because "CERTAIN" will have the power to know the QUANTUM DYNAMICS OF THE INTENTION of whoever is sending and/ or receiving a message, what will ensure us of the REAL WORLD INTENTION of the persons "manning the new Cyber Security ICT"!
.
The "Uncertainty Principle" may do its job!... but, will "CERTAIN INTERESTS" O-V-E-R-R-I-D-E the "Uncertainty Principle", in order to delude us into a false sense of security! Will "CERTAIN" manning our new Cyber Security ICT know when to show M-E-R-C-Y in their disclosure of the INTENTION of a sender or receiver of information!... and, will "CERTAIN" manning our new Cyber Security ICT C-R-I-M-I-N-A-L-L-Y D-I-S-R-E-G-A-R-D the safety of Netizens (physical, and spiritual!) in what these allow to be excused, in their manning of our new Cyber Security ICT!
.
Simply put!... just because I now know the "QUANTUM GOOD INTENTION" of information sent and/ or received over the Net, doesn't mean that I desire to allow the sender and/ or receiver to get away with "ruling my world"! And conversely!... just because I now know the "QUANTUM BAD INTENTION" of information sent and/ or received over the Net, doesn't mean that I desire to deny the sender and/ or receiver the opportunity to "rule my world"! And!... there is also the matter of the "SANCTIONED DEFINITION" of the A-C-T-U-A-L I-N-T-E-N-T-I-O-N T-R-I-P-W-I-R-E P-A-R-A-M-E-T-E-R-S E-M-B-E-D-D-E-D W-I-T-H-I-N I-C-T H-A-R-D-W-A-R-E! Who will "SANCTION" whatever definition will be used within such new Cyber Security ICT, that becomes the "STANDARD" for determining who the bad guy is, and who the good guy is?
.
Folks!... ladies and gents!... boys and girls!... this A-L-L comes down to behavior! And!... it's all the more reason why S-O-C-I-E-T-Y must F-U-N-D-A-M-E-N-T-A-L-L-Y "rethink" its PRIORITIES in the classroom! Behavior, behavior, behavior!... and as Dr. Edwin Fuller Torrey said in his work, The Death of Psychiatry!... and to paraphrase:... "INTRAPERSONAL AND INTERPERSONAL INTELLIGENCE, IS THE MISSING 'FOURTH WHEEL' ON EDUCATION'S SCHOOL BUS"! But!... in my view!... T-H-E W-H-O-L-E O-F E-D-U-C-A-T-I-O-N S-H-O-U-L-D B-E B-R-O-U-G-H-T U-N-D-E-R A G-L-O-B-A-L H-E-A-L-T-H M-O-D-E-L!
.
Please!... no emails!
[ reply to this | link to this | view in chronology ]
Are the financial houses willing to go along with weakened encryption when literally trillions of dollars are at stake? Now trillions may not mean much to the US government, but I can't imagine a brokerage house being willing to use "bump key" breakable encryption.
[ reply to this | link to this | view in chronology ]
Re:
[ reply to this | link to this | view in chronology ]
Re: Re:
[ reply to this | link to this | view in chronology ]
Techdirt already said it best...
[ reply to this | link to this | view in chronology ]
Re: believe there is "some way" to do the impossible.
And since she's perfect, and the master of the rainbow she lives on she can completely contradict herself any time she wants. The universe will align to make her right, and everybody else is just supposed to know that, and make it so.
It is unsurprising that her staff disagrees with her all the time. There is a difference between asking what is hard and asking what is impossible. A leader does some vetting before making huge demands. A sadistic narc doesn't.
From the worker standpoint the behaviors SEEM the same, but they aren't. The worker never sees the vetting.
The problem shows up once a few people know what kind of person she is. All you have to do is appeal to her ego. What your offering doesn't have to make sense, because making sense is not a prerequisite for motivating a person like this.
This means they do irrational shit frequently. It is incredibly destructive to have a person like this around any organization that intends to be productive. Most managers have experienced this at some point.
Yes she can spin a great tail. Yes, she can politically destroy people who disagree with her. But she can't build anything. She's always spinning, because she is ungrounded in any practical discipline.
BTDT. I cannot in good faith support a person like this. I've seen the damage they can do.
[ reply to this | link to this | view in chronology ]
Re: Re: believe there is "some way" to do the impossible.
I am glad that I live in a state where the winner is foreordained. I can write in a brief "candidate" of total expressing total disgust. Not that it means anything, but at least I don't have to vote for either one.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: believe there is "some way" to do the impossible.
There are more than two players, in this here poker game.
[ reply to this | link to this | view in chronology ]
Re: Re: Re: Re: believe there is "some way" to do the impossible.
I'm this close to writing in Hartnell, and it's not clear that Hartnell has any position on any issue.
[ reply to this | link to this | view in chronology ]
So, according to Hillary CLINTON, privacy and security is a threat because [insert bullshit here].
[ reply to this | link to this | view in chronology ]
Add Your Comment