46 comments

[ 1.7 ms ] story [ 106 ms ] thread
(comment deleted)
Whenever I read "in my new book", I realize I've been tricked into reading advertising.
It's not a very good self-recoomendation, either, if it is full of more stuff like this:

" Anonymous browsers like Tor, which allow you to browse the internet without giving away your location, are growing in popularity, with 2.5 million daily users at the last count. These are also used to access the 'hidden services' - an encrypted network of sites using a non-standard internet protocol which makes it close to impossible for their users to be tracked."

What is your objection to that? Isn't that a pretty good description of Tor?

If you're trying to say that tor doesn't replace the IP in TCP/IP, well that's true, but I think the author used internet protocol in the wider sense of the meaning.

There are at least two large errors: First, Tor isn't a browser. The Tor project provides Tor packaged with a browser, but the Tor project is more than that, while the Tor onion router is something completely different from a browser. Second, "non-standard" is a terribly misleading way to describe Tor. That's in the "not even wrong" category of being off the mark. Anyone not familiar with Tor reading that will be worse off than uninformed.
I agree and at the same time believe it might not always be the case.

Supposing I've become an expert on flying model airplanes, I've blogged, spoken, done demos, it is my biggest hobby. I end up writing a book, of course I might reference it in the future, but I would never consider it advertising. Just a continuation of my fun and what I've ended up being able to also have an income off of.

I don't think I'd feel tricked in that case. I go to this persons site for their material, they talk about their book too.

The fact that it can't be done is no reason for clueless politicians to try to achieve it.

Internet control implies that it has become worthless as a medium for commerce or discourse and that would lead to it being replaced by something else.

Governments had it easy when all they had to deal with was one state owned telecommunications provider. The explosion in connectivity options and the associated increase in traffic far outstrips that capacity of any intelligence agency in the world to accurately monitor and process.

The result of that is that the real data falls right through the cracks when at the same time innocents the world over have their 'profiles' built up in ridiculous detail (maybe on the off chance that they will commit some future crime).

It's security theatre, just like what you get when you go about your daily business at an airport, lots of hassle for extremely little - if any - gain. Some believe even the smallest amount of gain is worth an incredible amount of discomfort and should require giving up any semblance of privacy.

But it's a ridiculous stance, in the end the terrorists (or whatever the bogeyman is called this year) will simply up their game to disappear even further into the background noise.

A terrorist is a person with a problem of the mind, education and spreading the worlds wealth more evenly will do more to combat it than any amount of legislation to forbid encryption and dragnet surveillance will ever achieve.

If terrorists really wanted to blow up commercial airliners they could do so with impunity, I can think of several ways in which they could achieve this and none of those would require communication via the internet or the telephone.

So my conclusion is that the terrorists aren't really the target here.

It would be a grave mistake to think politicians are clueless, lacking on the technical understandings maybe but they're far from clueless. It could be said that they didn't see it coming but it's here now and they do understand threats to their established power and how they can leverage this medium to push forward an agenda.

It's a long know fact that child pornography and terrorism are the story told to justify the lawmaking process trying to get a grip on the internet.

In the UK it seems that politicians are guilty participants in the world of child pornography.
> none of those would require communication via the internet

I know! It's as though they're discussing it on Facebook/IRC, and ordering their bomb ingredients from Amazon or eBay.

Restricting encryption isn't going to help either. It's not like they're going to obey an encryption law while having no issue with killing multiple innocents.

> It's not like they're going to obey an encryption law while having no issue with killing multiple innocents.

That's kind of the idea. No investigation needs to be conducted, simply listening to internet traffic for encrypted information is enough to prove a crime (or terrorism).

Yet in a strange quirk of British manners, nobody ever seems to have a good word to say about [intelligence agencies], despite their remarkable record. It is as if they, not bigoted murderous fundamentalists or powerful autocratic governments, are the real threat to liberty.

I don't think it is just British manners, especially since it is not constrained to Britain. At the end he concludes:

In the end - and maybe this is the biggest change of all - we all have to accept that perfect safety is illusory. [...] But I think any democracy worthy of the name can live with that, because it’s the price of freedom.

The reason we are more afraid of agencies like the NSA or the GCHQ than murderous fundamentalists or autocratic governments is that they have shown us that they are violently unwilling to accept the illusory nature of perfect security. In their fevered race to gain control over the cyberspace they have violated our freedom--in this realm anyway--far worse ways than any other attacker to date. We've had all of our worst digital security nightmares confirmed. And the perpetrators are our own "protectors."

Earlier he says this:

More than ever, we will need a strong and capable intelligence agency to keep our society safe.

In light of what we know now I have no doubts about the strength or capability of our intelligence agencies. I worry mostly that they aren't particularly interested in keeping us safe, let alone free.

The reason we are more afraid of agencies like the NSA or the GCHQ than murderous fundamentalists or autocratic governments is that they have shown us that they are violently unwilling to accept the illusory nature of perfect security. In their fevered race to gain control over the cyberspace they have violated our freedom--in this realm anyway--far worse ways than any other attacker to date. We've had all of our worst digital security nightmares confirmed. And the perpetrators are our own "protectors."

I really think you've overstating this. It's naive to think that security agencies are 'unwilling to accept the illusory nature of perfect security' – in fact, they're almost certainly the most acutely aware of it.

Let's be blunt—security agencies want access to all of our communication not so that we can be 'terrorised' or 'have our freedom violated', but because they consider it an effective tool to achieve their ends. That's typically things like preventing international crime and terrorism, though there's no doubt that such a power is also abused for less justifiable ends.

Much more effective than cliché complaints about security services 'perpetration' of 'violation of our freedom' would be the honest realisation that security services want such a power because they believe–I think fairly rationally—that it would benefit them. It's the job of the rest of society to push back against that, and to make it clear that it is not an acceptable compromise to make, and that we are willing to constrain them.

I just can't help but feel that painting such agencies as fools is an ineffective approach to doing that.

> It's the job of the rest of society to push back against that, and to make it clear that it is not an acceptable compromise to make, and that we are willing to constrain them.

+1

> I just can't help but feel that painting such agencies as fools is an ineffective approach to doing that.

No, but such a tactic could will help to dissuade young people from pursuing careers in those agencies, which could lead to their long-term atrophy and therefore become fools. Especially if the young people instead work against such agencies by learning and implementing strong end-to-end cryptography.

They are fools because they are neglecting their real duties whilst wasting enormous efforts and funds on the chaff. You don't find more needles by exponentially increasing the size of the haystack in the presence of a fixed number of needles.
And what makes you think they don't realize that?
> You can't control the internet

However you can control how the internet gets into your country, and you can control the ISPs which distribute the internet within your country, and you can control the businesses which use the internet in your country.

It's a difference without distinction, particularly since there are lots of companies and big thinkers who are dedicated towards helping others control the internet.

We (proponents of an open web) are fighting a losing battle; we're postponing the inevitable. Our generation will not be the dominant power in government for another generation or two, and those who are interested in a career in politics are too busy sanitizing their footprints to have strong opinions about the value of having an open internet.

We have been able to avoid the elephant for quite some time, but it's stomping across our playground now, and the scars of that stomping will affect our use of (and behavior on) that playground for the rest of its existence.

If the internet becomes disconnected islands of countries separated by 'great firewalls' it will simply cease to be the internet and something else that is harder to control and censor will take its place.

The economic impact of that is such that I don't think it stands a chance of becoming a reality.

> something else that is harder to control and censor will take its place

I'd be curious what you envision such a thing to be, that doesn't rely on the infrastructure and tacit support of governments to exist.

Wireless mesh networks operated with regular wifi routers are already popular in some cities. 5GHz WiFi can supposedly bridge 50km with the right antenna, which enables low-cost connections between cities and over borders. If the entire infrastructure was decentralized this way it would be near impossible to censor or control.
Wireless mesh may indeed be the future, but scaling mesh networks beyond a few hundred nodes requires a lot of coordinated work, and there has to be quite a bit of work done in the routing protocols before it can be made to work properly.

As for censoring a mesh network, there are many methods to do this, such as prohibiting the use of the frequencies with more than a certain amount of power (thus limiting the reach of any given network). Or the disruption of a few key nodes. Or a malicious actor participating in the network in order to disrupt communications. Or, perhaps the simplest method of all, adding enough noise by way of simple jammers to make reliable, fast communication impossible.

The Government regulates the use of the RF bands; they do this at our behest because radio frequencies are a finite resource. To use Ham radio as an example - which has access to the frequencies a citizen can use to reach the furthest - they must operate within the restrictions outlined by the FCC within the US (and their counterparts in other countries).

Specific to the problem of using RF as a replacement for the internet: ham radio operators can not do anything commercially, nor can they use encryption for which the key is not readily available. This necessarily limits what can be done to build out a long distance communications network without the government's tacit approval.

>You can't control the internet.

I don't think this true at all, and by telling ourselves it is we will be complacent when it happens.

I'm wondering. Do these spy agencies actually achieve anything?
This is THE question.

Why the comments above bother to debate any other aspect is beyond me. It lends legitimacy to absolute non-sense.

And this BS about the world being different...the reality is that most crime is exactly the same as it's always been. And when your car gets stolen and you go to the police station to file a report (because they won't come to the scene of the crime to investigate), they'll still tell you they can't take the report because it's some other stations responsibility...

Is terrorism a new thing?

>Why the comments above bother to debate any other aspect is beyond me

Because for some of us that question is hardly relevant. In a constitutional democracy the means don't justify the ends. Even if they were achieving a lot what they are doing would still be wrong.

The main role of the UK's intelligence services is to help secure overseas contracts for british businesses, which means exactly what it sounds like it means.
Well their focus to find intelligence is credible if you need a war. If their focus is to find emotional intelligence, which means sense and logic together, their apathy may still objectify objectives.
I was thinking there are probably a few good examples of highly developed 1st world western countries (lets say with better GDP, education, and so on, stats than the US or Britain) which have little in the way of secret police or spy agencies. And are also not being overrun by terrorist plots. Though they are certainly involved in less wars and oppress their own populations less so the threat would be lower.
Stepping to one side of the actual content, I'm genuinely surprised at the number of typographical errors:

    'The endless debate on security versus online
     privacy feels a little bit stuck of late. On
     one side, civil liberties groups demanding
     more privacy for the many and more transparency
     from the few." '
Where has that stray quotation mark come from?

I assume that

    "My owrry is that ..."
       ^^^^^^^
should be

    "My worry is that ..."
       ^^^^^^^
and that:

    "... more ‘old-fashioned’ intelligence
     work - te stuff of the movies."
           ^^^^
should be:

    "... more ‘old-fashioned’ intelligence
     work - the stuff of the movies."
           ^^^^^
These last two would have been caught by a spell-checker.

Irrelevant, I suppose.

Why tell us? Tell the Telegraph.
I've been noticing that in pretty much every other article mainstream media publicizes. It's as if the occupation of an editor somehow completely disappeared.
You "computers cientists" are such pedants.
Well grammar causes pain if set different than integral to your determination. Irrelevant, if strictured.
It's not about pedophiles or catching terrorists. It's about the state having power.
... my comments are US-centric despite this being a UK-oriented article...

> We demand a perfect security which is getting ever harder to achieve.

In the US we claim to be "land of the free; home of the brave". I don't think the public lives up to the bravery aspect. That involves accepting some level of risk, in exchange for freedom. Humans have free will and theoretically that's the root of evil. So unless we're going to lose our humanity we need to stop worrying about irrational or rare possibilities.

The other things the author mentions I guess I agree with but I think it's naive. Yes, better crypto and some help from the vendors and cloud providers will improve things.

But ultimately any device can be bugged, any chip can be backdoored, and I think we're a ways from securely printing our own computers. Satellites can zoom in anywhere. Microphones like ShotSpotter can listen. To some extent the people need to be brave about this surveillance too and not go paranoid.

But we also need to lay down some justice for those who broke the Constitution. The leaders of these bureaucracies should be tried in capital cases for treason, war crimes, or espionage. That would clearly establish right and wrong in society for some years to come. And for all the lower level LEOs knowingly sharing in NSA data or doing parallel reconstruction, they should be tried for their crimes too. We need to clean house.

The states also need an new Constitutional mandate for provide oversight to Congress. For some reason the checks and balances have completely broken down and D.C. needs the power inverted on them.

After all that's done, then tell me about better encryption. But until then, none of the tech matters except for making the intel agencies' lives slightly harder. But in reality all we've done is give the 5-eyes an edge on the rest of the world's intel by raising the difficulty mode to expert.

> To some extent the people need to be brave about this surveillance too and not go paranoid.

I don't think that surveillance is a problem per se. The problem is the law enforcement agencies that use surveillance to actually jail people. As long as they keep charging pregnant women that trip and fall, arresting to people based on tweets [1], or treating kids as sex offenders [2], they shouldn't be trusted with wielding so much power.

[1] http://www.dailymail.co.uk/news/article-2093796/Emily-Buntin...

[2] http://www.dailymail.co.uk/news/article-2093796/Emily-Buntin...

> For some reason the checks and balances have completely broken down and D.C.

A - What makes you think the states are any better or different.

But more importantly

B - They clearly haven't. Just because you have an issue with this topic, doesn't mean everyone does. Congress has something like a 95% incumbency rate. The ultimate in checks and balances, sending someone else if you don't like them, send them right back to continue doing what they're doing. People don't care about this and they want the government to protect them from terrorists.

Extensive gerrymandering, equating money with free speech, and the two party system has made voting a waste of time in the US.
After reading this article, why again do we want to make the Internet a public utility? Do we really think that the government won't use the new power they will have to control the Internet?
Don't they already? And if not, is the private ownership of ISPs really the impediment to achieving that?