Archive for the 'Politics' Category

Hacking, by Royal Command?

[link] Tuesday, December 16th, 2014

The Intercept has just published an intriguing PowerPoint deck from the Snowden trove. It gives some details of the hacking of the Belgian mobile phone operator, Belgacom, (probably using Regin).

Slide 5 shows two distinguished visitors being given a briefing, presumably on this operation (otherwise why is the picture in this deck?)

Charlie_and_Camilla

Slide 9 makes it clear what this is all about:

OP_Socialist_slide9

So my question is this: Did Prince Charles know about the hacking of Belgacom?

Q: Who let this happen? A: We did.

[link] Sunday, December 14th, 2014

This morning’s Observer column.

The relevant extract from the [FISA] court transcript reads:

Justice Arnold: “Well, if this order is enforced, and it’s secret, how can you be hurt? The people don’t know that – that they’re being monitored in some way. How can you be harmed by it? I mean, what’s… what’s your… what’s the damage to your consumer?”

Ponder that for a moment. It’s extraordinarily revealing because it captures the essence of the mindset of the people who now rule our democracies. It’s a variant on the “if you have nothing to hide then you have nothing to fear” mantra. And it begs the question: who gave these people the right to think and act like this?

The long answer goes back a long way – to Thomas Hobbes, John Locke and maybe Rousseau. The short answer is that we did. We elected these holders of high office – the home and foreign secretaries who ostensibly control MI5, MI6 and GCHQ, the MPs who cluelessly voted through laws such as Ripa (Regulation of Investigatory Powers Act), Drip (Data Retention and Investigatory Powers) and will do likewise for whatever loose statutes will be proposed after the next terrorist/paedophilia/cyber crime panic arrives…

Read on

GCHQ launches new code-making app

[link] Saturday, December 13th, 2014

Well, well. This from the new, cuddly GCHQ.

Cryptoy is a fun, free, educational app about cryptography, designed by GCHQ for use by secondary school students and their teachers.

The app enables users to understand basic encryption techniques, learn about their history and then have a go at creating their own encoded messages. These can then be shared with friends via social media or more traditional means and the recipients can use the app to try to decipher the messages.

Cryptoy is mainly directed at Key Stage 4 students but can be used by anyone with an interest in learning about or teaching cryptography.

The app was designed by students on an industrial year placement at GCHQ. It was created as part of a project to demonstrate encryption techniques at the Cheltenham Science Festival, and has since been used at several other outreach events. The app was a hit, and GCHQ received interest from teachers who wanted to use it as a teaching aid. Therefore it was decided to make it publicly available.

GCHQ is committed to helping to increase the uptake of STEM (Science, Technology, Engineering and Maths) subjects at schools through its outreach programme and its work with industry and academia. It is also critical that the UK builds a knowledge base of cyber security skills. Learning about encryption and the associated academic disciplines are key parts of both of these.

Android only (for now anyway). Presumably not available to Belgians and officials of the European Commission.

The Torture Report

[link] Saturday, December 13th, 2014

Very good roundup on Quartz by Gideon Lichfield.

From outside the US, the Senate intelligence committee’s 528-page report on CIA torture techniques—merely the abridged, non-secret version of the 6,700-page original—seems like America at its best. Harshly critical of an agency that did evil things to produce dubious intelligence while lying to its overlords, it seems to embody the country’s best traditions of transparency and honest self-examination.

But inside the US, the report is a sullied, discredited thing. This was no grave, bipartisan effort like the report of the 9/11 Commission, but—as critics would have it, and not entirely wrongly—a labor of ass-covering spite, produced solely by the committee’s majority Democrats and crafted to shield their own complicity. Republicans have attacked it; former CIA chiefs have risen up (paywall) to defend themselves. And Democrats are worrying about what will happen when, a few years hence, their rivals expose the current administration’s enthusiastic use of drone strikes to the same merciless sunlight.

That is a shame, for the report, though flawed, is truly damning. But, one might shrug, so what? If partisan politics is what it takes to have a national debate about the ethics of warfare, so be it; democracy is messy, and it should take what transparency it can get.

However, this national debate is not like those about race, guns, or the banking system. There, the winners and losers from a policy all have votes or campaign funds with which to sway the outcome. In warfare, the losers—the tortured suspects, the people with relatives blown to bits by drones—are foreigners, with no say. However indignantly liberals may protest the bad things done in their name, when the call comes to “keep America safe,” how many of them will dare challenge it?

For neoliberalism, poverty and inequality are features, not bugs

[link] Friday, December 12th, 2014

The thing about neoliberalism is that the poverty and inequality that it produces are not regrettable side-effects of a basically sound engine, but the whole purpose of the exercise. In programming terms, they are features, not bugs. This point is nicely made by Benjamin Selwyn in a blog post in Le Monde diplomatique – English edition.

In his film Inequality for All, Robert Reich, who was Bill Clinton’s labour secretary between 1993 and 1997, documents the collapse of US wages over the last four decades. In the late 1970s the typical male US worker was earning $48,000 a year (inflation adjusted). By 2010, the average wage had fallen to $33,000 a year. Over the same period the average annual income of someone in the top 1% of US society rose from $390,000 to $1,100,000.
Neoliberal policies aim to reduce wages to the bare minimum and to maximize the returns to capital and management. They also aim to demobilise workers’ organisations and reduce workers to carriers of labour power — a commodity to be bought and sold on the market for its lowest price. Neoliberalism is about re-shaping society so that there is no input by workers’ organisations into democratic or economic decision-making. Crises and austerity may not be intentionally sought by most state leaders and central bank governors, but they do contribute significantly towards pursuing such ends. Consequently, these politicians and leaders of the economy do not strive to put in place new structures or policies that will reduce the recurrence of crisis.

HT to Julia Powles for spotting it.

US Congress quietly bolsters NSA surveillance

[link] Friday, December 12th, 2014

No changes there, then.

December 11, 2014 Congress this week quietly passed a bill that may give unprecedented legal authority to the government’s warrantless surveillance powers, despite a last-minute effort by Rep. Justin Amash to kill the bill.

Amash staged an aggressive eleventh-hour rally Wednesday night to block passage of the Intelligence Authorization Act, which will fund intelligence agencies for the next fiscal year. The Michigan Republican sounded alarms over recently amended language in the package that he said will for the first time give congressional backing to a controversial Reagan-era decree granting broad surveillance authority to the president.

The 47-page intelligence bill was headed toward a voice vote when Amash rose to the House floor to ask for a roll call. Despite his efforts—which included a “Dear Colleague” letter sent to all members of the House urging a no vote—the bill passed 325-100, with 55 Democrats and 45 Republicans opposing.

The provision in question is “one of the most egregious sections of law I’ve encountered during my time as a representative,” Amash wrote on his Facebook page. The tea-party libertarian, who teamed up with Rep. John Conyers in an almost-successful bid to defund the National Security Agency in the wake of the Snowden revelations, warned that the provision “grants the executive branch virtually unlimited access to the communications of every American.”

Source.

So what will it take to wake people up?

[link] Thursday, December 11th, 2014

At dinner last night I had a long talk with one of my Masters students who is as baffled as I am about why people seem to be so complacent about online surveillance. This morning a colleague sent me a link to this TEDx talk by Mikko Hypponen, a well known Finnish security expert. It’s a terrific lecture, but one part of it stood out especially for me in the context of last night’s conversation. It concerned an experiment Hypponen and his colleagues ran in London, where they set up a free wi-fi hot-spot that anyone could use after they had clicked to accept the terms & conditions under which the service was offered. One of the terms was this:

First_born_child_EULA

Every user — every user! — clicked ‘Accept’.

Why ‘cybersecurity’ is such a flawed term

[link] Monday, December 8th, 2014

In a sentence: it lumps three very different things — crime, espionage and warfare — under a single heading. And, as I tried to point out in yesterday’s Observer column, instead of making cyberspace more secure many of the activities classified as ‘cyber security’ make it less so.

Bruce Schneier has a thoughtful essay on the subject.

Last week we learned about a striking piece of malware called Regin that has been infecting computer networks worldwide since 2008. It’s more sophisticated than any known criminal malware, and everyone believes a government is behind it. No country has taken credit for Regin, but there’s substantial evidence that it was built and operated by the United States.

This isn’t the first government malware discovered. GhostNet is believed to be Chinese. Red October and Turla are believed to be Russian. The Mask is probably Spanish. Stuxnet and Flame are probably from the U.S. All these were discovered in the past five years, and named by researchers who inferred their creators from clues such as who the malware targeted.

I dislike the “cyberwar” metaphor for espionage and hacking, but there is a war of sorts going on in cyberspace. Countries are using these weapons against each other. This affects all of us not just because we might be citizens of one of these countries, but because we are all potentially collateral damage. Most of the varieties of malware listed above have been used against nongovernment targets, such as national infrastructure, corporations, and NGOs. Sometimes these attacks are accidental, but often they are deliberate.

For their defense, civilian networks must rely on commercial security products and services. We largely rely on antivirus products from companies such as Symantec, Kaspersky, and F-Secure. These products continuously scan our computers, looking for malware, deleting it, and alerting us as they find it. We expect these companies to act in our interests, and never deliberately fail to protect us from a known threat.

This is why the recent disclosure of Regin is so disquieting. The first public announcement of Regin was from Symantec, on November 23. The company said that its researchers had been studying it for about a year, and announced its existence because they knew of another source that was going to announce it. That source was a news site, the Intercept, which described Regin and its U.S. connections the following day. Both Kaspersky and F-Secure soon published their own findings. Both stated that they had been tracking Regin for years. All three of the antivirus companies were able to find samples of it in their files since 2008 or 2009.

Yep. Remember that the ostensible mission of these companies is to make cyberspace more secure. By keeping quiet about the Regin threat they did exactly the opposite. So, as Schneier concludes,

Right now, antivirus companies are probably sitting on incomplete stories about a dozen more varieties of government-grade malware. But they shouldn’t. We want, and need, our antivirus companies to tell us everything they can about these threats as soon as they know them, and not wait until the release of a political story makes it impossible for them to remain silent.

Forget North Korea – the real rogue cyber operator is closer to home

[link] Sunday, December 7th, 2014

This morning’s Observer column.

The company [Symantec] goes on to speculate that developing Regin took “months, if not years” and concludes that “capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state”.

Ah, but which nation states? Step forward the UK and the US and their fraternal Sigint agencies GCHQ and NSA. A while back, Edward Snowden revealed that the agencies had mounted hacking attacks on Belgacom, a Belgian phone and internet services provider, and on EU computer systems, but he did not say what kind of software was used in the attacks. Now we know: it was Regin, malware that disguises itself as legitimate Microsoft software and steals data from infected systems, which makes it an invaluable tool for intelligence agencies that wish to penetrate foreigners’ computer networks.

Quite right too, you may say. After all, the reason we have GCHQ is to spy on nasty foreigners. The agency was, don’t forget, originally an offshoot of Bletchley Park, whose mission was to spy on the Germans. So perhaps the news that the Belgians, despite the best efforts of Monty Python, are our friends – or that the UK is a member of the EU – had not yet reached Cheltenham?

Read on

The Imitation travesty

[link] Friday, December 5th, 2014

We went to see The Imitation game last night. It’s a well-made, entertaining travesty, distinguished by a terrific performance by Benedict Cumberbatch as somebody’s weird idea of Alan Turing, and marred by a few howlers — some malicious (like the idea that Turing was suspected of being a Soviet spy both in Bletchley Park and afterwards in Manchester), some merely absurd (like the idea that he christened the first Bombe ‘Christopher’ after the dead boy he idolised when they were at school in Sherborne), and some completely implausible (like the scenes in which the codebreakers have a map of the north Atlantic with paper markers setting out the positions of ships in a convoy).

Cumberbatch is clearly a great actor, and his performance is memorable. But the unsubtle, autistic Turing he portrays is substantially at odds with the Turing who, for example, was entrusted by the British government with the task of hoodwinking the American codebreaking community into thinking that the British were way behind them in breaking German ciphers.

What the film does convey powerfully, though, is the cruelty of Britain’s homophobic laws. Walking home afterwards, I was reminded of the courage of the MP Leo Abse and the hereditary peer Lord Arran, the first Parliamentarians to publicly accept the recommendations of the Wolfenden Report, and of Roy Jenkins, the only liberal (small-l) Home Secretary in living memory, who ensured that the Sexual Offences Act 1967 made it onto the statute book.

Ironically, we saw the film the day after the Chancellor, George Osborne, announced that the £42m Turing Centre would be located at the British Library next to King’s Cross.