SoylentNews is people
SoylentNews
I once read Schneier pretty regularly - at least once a month. Somehow, I've gotten away from his site. William Barr made his "I'm a dummy" speech on encryption in July - https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/
Schneier has made comments on that speech twice now.
https://www.schneier.com/essays/archives/2019/08/the_myth_of_consumer.html
The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.
This wasn't true during much of the Cold War. Before the internet revolution, military-grade electronics were different from consumer-grade. Military contracts drove innovation in many areas, and those sectors got the cool new stuff first. That started to change in the 1980s, when consumer electronics started to become the place where innovation happened. The military responded by creating a category of military hardware called COTS: commercial off-the-shelf technology. More consumer products became approved for military applications. Today, pretty much everything that doesn't have to be hardened for battle is COTS and is the exact same product purchased by consumers. And a lot of battle-hardened technologies are the same computer hardware and software products as the commercial items, but in sturdier packaging.
https://www.schneier.com/essays/archives/2019/07/attorney_general_wil.html
Barr also says:
Further, the burden is not as onerous as some make it out to be. I served for many years as the general counsel of a large telecommunications concern. During my tenure, we dealt with these issues and lived through the passage and implementation of CALEA the Communications Assistance for Law Enforcement Act. CALEA imposes a statutory duty on telecommunications carriers to maintain the capability to provide lawful access to communications over their facilities. Companies bear the cost of compliance but have some flexibility in how they achieve it, and the system has by and large worked. I therefore reserve a heavy dose of skepticism for those who claim that maintaining a mechanism for lawful access would impose an unreasonable burden on tech firms especially the big ones. It is absurd to think that we would preserve lawful access by mandating that physical telecommunications facilities be accessible to law enforcement for the purpose of obtaining content, while allowing tech providers to block law enforcement from obtaining that very content.
That telecommunications company was GTE—which became Verizon. Barr conveniently ignores that CALEA-enabled phone switches were used to spy on government officials in Greece in 2003—which seems to have been a National Security Agency operation—and on a variety of people in Italy in 2006. Moreover, in 2012 every CALEA-enabled switch sold to the Defense Department had security vulnerabilities. (I wrote about all this, and more, in 2013.)
The final thing I noticed about the speech is that it is not about iPhones and data at rest. It is about communications—data in transit. The "going dark" debate has bounced back and forth between those two aspects for decades. It seems to be bouncing once again.
This 2016 essay 'The Value of Encryption' needs to be touched on if anyone doubts the necessity of encryption - https://www.schneier.com/essays/archives/2016/04/the_value_of_encrypt.html
And, finally, another 2016 blog that I'd like to see updated soon - https://www.schneier.com/blog/archives/2016/02/worldwide_encry.html
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications -- voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency -- providing the same levels of security as US products do today.
Details:
There are at least 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total.
The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.
The five most common countries for encryption products -- including the US -- account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.
Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.
At least 587 entities -- primarily companies -- either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.
The report is here, here, and here. The data, in Excel form, is here.Press articles are starting to come in. (Here are the previous blog posts on the effort.)
I know the database is incomplete, and I know there are errors. I welcome both additions and corrections, and will be releasing a 1.1 version of this survey in a few weeks.
I know there are those who believe that only the government should have access to ̶g̶u̶n̶s̶ encryption.
(Score: 0) by Anonymous Coward on Monday September 30 2019, @10:49PM (2 children)
No, the local armories are locally controlled not federal gov.
If they had such a coordinated attack you're already shit out of luck because they have databases identifying those people who would cause problems and target them first. That scenario happening means no private group of badass preppers will survive armed conflict.
Such ridiculous scenarios that don't match the actual reality are what turn people OFF to your message. If my general ideas were implemented you would have enough ammo between you and your friends to take over the armory, and again, if the military actually got involved then there is little you could do.
If shit hits the fan you would have enough time to get to the armory. These imagined scenarios have to be based in reality or you just look silly. Compromise is a must, and the 2nd amendment includes a "well regulated militia." So form your own militia, host your own armory, and make sure the nutters of your group are unable to go on a killing spree. There are so many opportunities for compromise that make things safer while not infringing on your ability to enjoy your guns, but yall refuse to budge an inch.
Don't blame me when society finally turns on you and says enough is enough.
(Score: 1, Funny) by Anonymous Coward on Monday September 30 2019, @11:31PM
I am a one man militia. I will hoard all the guns and ammo I feel like hoarding, and acquire or create my own "assault weapons" if they are taken off the market. I refuse any background checks or screenings. However, I am willing to compromise, by noncontractually agreeing to not randomly shoot people. I'm glad we could come to an agreement on this issue.
(Score: 2) by JNCF on Monday September 30 2019, @11:57PM
If you're putting up a pretense of caring about the intent of the founders (which I, personally, don't -- fuck those slave-owning assholes) then I'm sure you're aware that the Militia Act of 1792 defined a militia as consisting of every able bodied white male citizen within a pretty wide age range (I'm forgetting the deets). You were expected to bring your own musket. Not exactly "well regulated" in the sense we'd imagine circa 2019.
If the feds know where the guns are stashed, they can secure the spot (or in the worst case scenario launch Hellfire at it) on day one. Centralised arms stockpiles that the government knows about are a non-starter. Given how long Bin Laden made it, I think that loosely connected cells of people will have a better chance of evading detection than pre-registered stockpiles will.
Yes, the government could kill us all with missles. No, they don't want to. They don't even want to kill every Iraqi; it would be a political shitstorm of international proportions if they wiped out a whole country. You know what they couldn't do to Iraq? Keep boots on the ground without sustaining casualties. That's the whole goal of a guerilla war, from the standpoint of the flea: make the dog bleed.
There has already been far too much compromise on this issue, but I'm sure there will be more. My only solace is in the fact that modern firearm manufacturing technology is rapidly becoming more democratised, and unless the government makes surveillance-proofing a structure illegal your only real option will be to regulate the bullets instead of the guns. It's an issue, but not an insurmountable one.