[Cryptography] Comey: targeted ads => plaintext access
peter at m-o-o-t.org
Sun Sep 13 20:55:54 EDT 2015
hmmm - looking at the title, "targeted ads => plaintext access", I
initially thought of peeping on the Google targeted adserver traffic and
looking for ads for eg dynamite.
But apparently it's not about that.
On 13/09/15 21:42, Henry Baker wrote:
> at 39:26 James Comey, FBI
Ah, he's FBI not NSA - FBI prolly haven't thought of looking for
dynamite ads yet.
> When I hear people talk about the crypto wars, it throws me because
> wars are fought between people with different values I think we all
> share the same values here.
No, Mr Comey, we  do not share the same values.
You are a nosy snooping peeping tom, and in general we try to protect
people and their traffic from nosy snooping peeping toms like as you.
 mostly. I hesitate to speak for the open crypto community as "us",
and I guess we have our share of nosy snooping peeping toms too.
> We all care about safety and security on the Internet, and I'm a big
> fan of strong encryption, we all care about public safety, and the
> problem we have here is those are in tension, and a whole lot of our
> work increasingly in counter-terrorism and criminal work and
> counter-intelligence work and given that we care about the same
> things, I hope we can all agree that we ought to come together to try
> and solve that problem.
That's not clear, but maybe the problem is partly your reliance on
peeping on internet traffic in order to do your job; and partly your
wish to peep at all internet traffic, including traffic where you have
no reason to suspect the people making the traffic.
Would we accept some peeping, on a targeted level, for a good cause -
probably. That seems to be the majority opinion - a little peeping is OK
if it is in a good cause.
The power of peeping is such that I personally believe that it cannot be
effectively controlled, and thus all peeping should be outlawed - but
not all agree.
So the secondary question - how much peeping?
US 4th amendment sounds about right - internet traffic and papers are
not very different. A warrant, and show cause, in each and every case.
Anything less in the way of control? No.
Capability and intent - capability to peep, and reason for peeping - are
Because some people (NSA?) want to peep a lot, the public in the form of
tech companies are introducing technological measures to stop
These measures are generally aimed at mass peeping, not targeted
peeping, but they also stop targeted peeping.
I do not see this trend towards the technological prevention of targeted
peeping decreasing, in fact I think it may accelerate.
More, the more widespread introduction of end-to-end encryption. which
will stop all  peeping, may reach a tipping point, to where almost
all comms are encrypted end-to-end - and the real bad guys, will of
course be early adopters.
 the brits have a "show us the keys/plaintext or go to jail" law -
but that would be unconstitutional in the US, and is very probably
against EU human rights legislation as well.
It is applied very sparingly, less than 10 times per year on average,
probably in order to avoid a EU case: and there are technological
measures which, if taken, pretty much reduce its effectiveness to zero
> Because they strongly encrypt in transit, and they decrypt when it
> crosses their networks, so they can read our emails so they can send
> us ads.
> I've never heard anybody say those companies are fundamentally
> insecure and fatally flawed from a security perspective.
Wow, you can't have looked hard. Or in the right places, eg here. Or
possibly at all.
-- Peter Fairbrother
More information about the cryptography