[Cryptography] stego mechanism used in real life (presumably), then outed

iang iang at iang.org
Thu Jun 8 03:10:37 EDT 2017 

On 07/06/2017 12:21, Jerry Leichter wrote:

> There's an interesting and significant sidelight to the previous discussion of watermarking, and the message a couple of days ago from "M373" concerning the Seaglass project at U of Washington, which is developing means for detecting IMSI catchers at city-wide scale.  In both cases - and there are others - we have legitimate research devoted entirely to discovering, publicly explaining, and perhaps effectively neutralizing, mechanisms that LE has put in place.  As far as I can tell, this has little historical precedent.  Criminals/revolutionaries/freedom fighters - it all depends on you viewpoint in particular situations - have long conducted exactly this kind of research.  But it's been clandestine, done in support of their own activities, and passed around as secret tradecraft.  (Of course, state actors have also long targeted each other this way.)
>
> We've crossed a threshold when entitled members of society feel the need to work to subvert their own society's enforcement mechanisms.  (No, university faculty members and EFF researchers and such - while hardly among the big movers in shakers - cannot reasonably be considered the downtrodden in any Western society.)

I agree with the observation of the shift, but I take issue with the 
notion of "society's own enforcement mechanisms".  As far as I can see, 
it isn't society that is putting in wholesale enforcement mechanisms, 
it's a small subset that are working outside the bounds of society.

In long-standing principle, societies have more or less accepted the 
need for spying on *foreign* enemies but drawn the line at spying on own 
citizens.  This is well tested in history.  For local spying you need an 
investigation, a warrant, a court, a process.  The barrier is high.  
Things like yellow dots, the equity ratio of 10:1 offence to defence at 
NSA, also the 19 agencies secret sharing and deception to courts, show 
that the historical defences of civil society are being subverted.

And, it is more or less worse in other countries.  It used to be the 
notion in pre-1990s times that the agencies spying on own people was 
reserved for the evil enemy - the Stazi, McCarthy, KGB, Hoover.  But now 
it seems to be trotted out with regularity that if the terrorists are 
achieving, of course we'll undermine society to fix that.  C.f., May's 
recent comments about willingness to reduce fundamental rights of 60 
million in exchange for 6.

So I would prefer to say, what we are seeing is a shift towards society 
protecting itself against the attacks of agencies that are now out of 
control of the democratic population.

That's just me.  I'm not society.  But neither am I content when 
entitled members of society in agencies think society is right and it's 
ok to go local because we're the good guys.

General society didn't need end to end encryption until this shift 
happened.  40 bit CA-mediated crypto did the job for credit cards nicely 
enough.  Nice to have, but there was no serious privacy threat on the 
tubes.  Now there is a big shift happening - those that are listening 
are using the information.  It's not there yet, but if the trend for 
open intel sharing continues, society will need end to end encryption 
just to survive.

iang

More information about the cryptography mailing list