[Cryptography] stego mechanism used in real life (presumably), then outed
iang
iang at iang.org
Thu Jun 8 03:10:37 EDT 2017
On 07/06/2017 12:21, Jerry Leichter wrote:
> There's an interesting and significant sidelight to the previous discussion of watermarking, and the message a couple of days ago from "M373" concerning the Seaglass project at U of Washington, which is developing means for detecting IMSI catchers at city-wide scale. In both cases - and there are others - we have legitimate research devoted entirely to discovering, publicly explaining, and perhaps effectively neutralizing, mechanisms that LE has put in place. As far as I can tell, this has little historical precedent. Criminals/revolutionaries/freedom fighters - it all depends on you viewpoint in particular situations - have long conducted exactly this kind of research. But it's been clandestine, done in support of their own activities, and passed around as secret tradecraft. (Of course, state actors have also long targeted each other this way.)
>
> We've crossed a threshold when entitled members of society feel the need to work to subvert their own society's enforcement mechanisms. (No, university faculty members and EFF researchers and such - while hardly among the big movers in shakers - cannot reasonably be considered the downtrodden in any Western society.)
I agree with the observation of the shift, but I take issue with the
notion of "society's own enforcement mechanisms". As far as I can see,
it isn't society that is putting in wholesale enforcement mechanisms,
it's a small subset that are working outside the bounds of society.
In long-standing principle, societies have more or less accepted the
need for spying on *foreign* enemies but drawn the line at spying on own
citizens. This is well tested in history. For local spying you need an
investigation, a warrant, a court, a process. The barrier is high.
Things like yellow dots, the equity ratio of 10:1 offence to defence at
NSA, also the 19 agencies secret sharing and deception to courts, show
that the historical defences of civil society are being subverted.
And, it is more or less worse in other countries. It used to be the
notion in pre-1990s times that the agencies spying on own people was
reserved for the evil enemy - the Stazi, McCarthy, KGB, Hoover. But now
it seems to be trotted out with regularity that if the terrorists are
achieving, of course we'll undermine society to fix that. C.f., May's
recent comments about willingness to reduce fundamental rights of 60
million in exchange for 6.
So I would prefer to say, what we are seeing is a shift towards society
protecting itself against the attacks of agencies that are now out of
control of the democratic population.
That's just me. I'm not society. But neither am I content when
entitled members of society in agencies think society is right and it's
ok to go local because we're the good guys.
General society didn't need end to end encryption until this shift
happened. 40 bit CA-mediated crypto did the job for credit cards nicely
enough. Nice to have, but there was no serious privacy threat on the
tubes. Now there is a big shift happening - those that are listening
are using the information. It's not there yet, but if the trend for
open intel sharing continues, society will need end to end encryption
just to survive.
iang
More information about the cryptography
mailing list