[Cryptography] Comey: targeted ads => plaintext access

Peter Fairbrother peter at m-o-o-t.org
Sun Sep 13 20:55:54 EDT 2015


hmmm - looking at the title, "targeted ads => plaintext access", I
initially thought of peeping on the Google targeted adserver traffic and 
looking for ads for eg dynamite.

But apparently it's not about that.


On 13/09/15 21:42, Henry Baker wrote:

> https://www.youtube.com/watch?v=Q3aG0CtZbU4
>
> at 39:26  James Comey, FBI

Ah, he's FBI not NSA - FBI prolly haven't thought of looking for 
dynamite ads yet.

[..]
>
> When I hear people talk about the crypto wars, it throws me because
> wars are fought between people with different values I think we all
> share the same values here.

No, Mr Comey, we [1] do not share the same values.

You are a nosy snooping peeping tom, and in general we try to protect 
people and their traffic from nosy snooping peeping toms like as you.


[1] mostly. I hesitate to speak for the open crypto community as "us", 
and I guess we have our share of nosy snooping peeping toms too.


> We all care about safety and security on the Internet, and I'm a big
> fan of strong encryption, we all care about public safety, and the
> problem we have here is those are in tension, and a whole lot of our
> work increasingly in counter-terrorism and criminal work and
> counter-intelligence work and given that we care about the same
> things, I hope we can all agree that we ought to come together to try
> and solve that problem.

That's not clear, but maybe the problem is partly your reliance on 
peeping on internet traffic in order to do your job; and partly your 
wish to peep at all internet traffic, including traffic where you have 
no reason to suspect the people making the traffic.



Would we accept some peeping, on a targeted level, for a good cause - 
probably. That seems to be the majority opinion - a little peeping is OK 
if it is in a good cause.

The power of peeping is such that I personally believe that it cannot be 
effectively controlled, and thus all peeping should be outlawed - but 
not all agree.


So the secondary question - how much peeping?

US 4th amendment sounds about right - internet traffic and papers are 
not very different. A warrant, and show cause, in each and every case.

Anything less in the way of control? No.





Capability and intent - capability to peep, and reason for peeping - are 
intertwined nowadays.

Because some people (NSA?) want to peep a lot, the public in the form of 
tech companies are introducing technological measures to stop 
indiscriminate peeping.

These measures are generally aimed at mass peeping, not targeted 
peeping, but they also stop targeted peeping.

I do not see this trend towards the technological prevention of targeted 
peeping decreasing, in fact I think it may accelerate.

More, the more widespread introduction of end-to-end encryption. which 
will stop all [2] peeping, may reach a tipping point, to where almost 
all comms are encrypted end-to-end - and the real bad guys, will of 
course be early adopters.



[2] the brits have a "show us the keys/plaintext or go to jail" law - 
but that would be unconstitutional in the US, and is very probably 
against EU human rights legislation as well.

It is applied very sparingly, less than 10 times per year on average, 
probably in order to avoid a EU case: and there are technological 
measures which, if taken, pretty much reduce its effectiveness to zero 
anyway.

[..]
> Because they strongly encrypt in transit, and they decrypt when it
> crosses their networks, so they can read our emails so they can send
> us ads.
>
> I've never heard anybody say those companies are fundamentally
> insecure and fatally flawed from a security perspective.

Wow, you can't have looked hard. Or in the right places, eg here. Or 
possibly at all.



-- Peter Fairbrother


More information about the cryptography mailing list