SoylentNews is people
SoylentNews
I once read Schneier pretty regularly - at least once a month. Somehow, I've gotten away from his site. William Barr made his "I'm a dummy" speech on encryption in July - https://techcrunch.com/2019/07/23/william-barr-consumers-security-risks-backdoors/
Schneier has made comments on that speech twice now.
https://www.schneier.com/essays/archives/2019/08/the_myth_of_consumer.html
The thing is, that distinction between military and consumer products largely doesn't exist. All of those "consumer products" Barr wants access to are used by government officials—heads of state, legislators, judges, military commanders and everyone else—worldwide. They're used by election officials, police at all levels, nuclear power plant operators, CEOs and human rights activists. They're critical to national security as well as personal security.
This wasn't true during much of the Cold War. Before the internet revolution, military-grade electronics were different from consumer-grade. Military contracts drove innovation in many areas, and those sectors got the cool new stuff first. That started to change in the 1980s, when consumer electronics started to become the place where innovation happened. The military responded by creating a category of military hardware called COTS: commercial off-the-shelf technology. More consumer products became approved for military applications. Today, pretty much everything that doesn't have to be hardened for battle is COTS and is the exact same product purchased by consumers. And a lot of battle-hardened technologies are the same computer hardware and software products as the commercial items, but in sturdier packaging.
https://www.schneier.com/essays/archives/2019/07/attorney_general_wil.html
Barr also says:
Further, the burden is not as onerous as some make it out to be. I served for many years as the general counsel of a large telecommunications concern. During my tenure, we dealt with these issues and lived through the passage and implementation of CALEA the Communications Assistance for Law Enforcement Act. CALEA imposes a statutory duty on telecommunications carriers to maintain the capability to provide lawful access to communications over their facilities. Companies bear the cost of compliance but have some flexibility in how they achieve it, and the system has by and large worked. I therefore reserve a heavy dose of skepticism for those who claim that maintaining a mechanism for lawful access would impose an unreasonable burden on tech firms especially the big ones. It is absurd to think that we would preserve lawful access by mandating that physical telecommunications facilities be accessible to law enforcement for the purpose of obtaining content, while allowing tech providers to block law enforcement from obtaining that very content.
That telecommunications company was GTE—which became Verizon. Barr conveniently ignores that CALEA-enabled phone switches were used to spy on government officials in Greece in 2003—which seems to have been a National Security Agency operation—and on a variety of people in Italy in 2006. Moreover, in 2012 every CALEA-enabled switch sold to the Defense Department had security vulnerabilities. (I wrote about all this, and more, in 2013.)
The final thing I noticed about the speech is that it is not about iPhones and data at rest. It is about communications—data in transit. The "going dark" debate has bounced back and forth between those two aspects for decades. It seems to be bouncing once again.
This 2016 essay 'The Value of Encryption' needs to be touched on if anyone doubts the necessity of encryption - https://www.schneier.com/essays/archives/2016/04/the_value_of_encrypt.html
And, finally, another 2016 blog that I'd like to see updated soon - https://www.schneier.com/blog/archives/2016/02/worldwide_encry.html
The findings of this survey identified 619 entities that sell encryption products. Of those 412, or two-thirds, are outside the U.S.-calling into question the efficacy of any US mandates forcing backdoors for law-enforcement access. It also showed that anyone who wants to avoid US surveillance has over 567 competing products to choose from. These foreign products offer a wide variety of secure applications -- voice encryption, text message encryption, file encryption, network-traffic encryption, anonymous currency -- providing the same levels of security as US products do today.
Details:
There are at least 865 hardware or software products incorporating encryption from 55 different countries. This includes 546 encryption products from outside the US, representing two-thirds of the total.
The most common non-US country for encryption products is Germany, with 112 products. This is followed by the United Kingdom, Canada, France, and Sweden, in that order.
The five most common countries for encryption products -- including the US -- account for two-thirds of the total. But smaller countries like Algeria, Argentina, Belize, the British Virgin Islands, Chile, Cyprus, Estonia, Iraq, Malaysia, St. Kitts and Nevis, Tanzania, and Thailand each produce at least one encryption product.
Of the 546 foreign encryption products we found, 56% are available for sale and 44% are free. 66% are proprietary, and 34% are open source. Some for-sale products also have a free version.
At least 587 entities -- primarily companies -- either sell or give away encryption products. Of those, 374, or about two-thirds, are outside the US.
Of the 546 foreign encryption products, 47 are file encryption products, 68 e-mail encryption products, 104 message encryption products, 35 voice encryption products, and 61 virtual private networking products.
The report is here, here, and here. The data, in Excel form, is here.Press articles are starting to come in. (Here are the previous blog posts on the effort.)
I know the database is incomplete, and I know there are errors. I welcome both additions and corrections, and will be releasing a 1.1 version of this survey in a few weeks.
I know there are those who believe that only the government should have access to ̶g̶u̶n̶s̶ encryption.
(Score: 1, Flamebait) by Runaway1956 on Tuesday October 01 2019, @02:14PM (1 child)
Exactly. That whole business of "evolving", whether humans, or society, or government? Hogwash. We really aren't much different from the first city builders 6000, 10000, or 100000 years ago. And, governments aren't really different either. Society? Today's society may be new and unique. But, maybe not. I'm sure there was something comparable to Democrats all those years ago, and something else comparable to Republicans, and someone made money by selling arrowheads and stone hatchets.
Abortion is the number one killed of children in the United States.
(Score: 2) by JNCF on Tuesday October 01 2019, @04:18PM
100,000 might be a long shot for city builders, if we're talking about permanent settlements with crafted structures. Some people would pick bones about 10,000, but I'm crazy enough to pretty much give you that one.
It's not clear to me how long humans will keep humaning, though. We could kill ourselves, or replace ourselves with a centralised AI that doesn't have these sorts of organizational issues. I feel like there's a decent chance of us doing either of those in the next century, but in the mean time it would be clever to have a plan for what happens if we do keep humaning.
I don't think you'll agree with everything in this piece of writing, but if you've never read Meditations on Moloch you might enjoy it: https://slatestarcodex.com/2014/07/30/meditations-on-moloch/ [slatestarcodex.com]
I don't consider myself alt-right (or any sort of right, for that matter) but this is my favorite piece of alt-right writing. I have a couple disagreements, but I think his basic thesis about the two ways we can go is correct; I'm just on the other side.