(cache)Five-Eyes Intelligence Services Choose Surveillance Over Security

Five-Eyes Intelligence Services Choose Surveillance Over Security

The Five Eyes -- the intelligence consortium of the rich English-speaking countries (the US, Canada, the UK, Australia, and New Zealand) -- have issued a "Statement of Principles on Access to Evidence and Encryption" where they claim their needs for surveillance outweigh everyone's needs for security and privacy.

...the increasing use and sophistication of certain encryption designs present challenges for nations in combatting serious crimes and threats to national and global security. Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution.
Privacy laws must prevent arbitrary or unlawful interference, but privacy is not absolute. It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards. The same principles have long permitted government authorities to search homes, vehicles, and personal effects with valid legal authority.

The increasing gap between the ability of law enforcement to lawfully access data and their ability to acquire and use the content of that data is a pressing international concern that requires urgent, sustained attention and informed discussion on the complexity of the issues and interests at stake. Otherwise, court decisions about legitimate access to data are increasingly rendered meaningless, threatening to undermine the systems of justice established in our democratic nations.

To put it bluntly, this is reckless and shortsighted. I've repeatedly written about why this can't be done technically, and why trying results in insecurity. But there's a greater principle at first: we need to decide, as nations and as society, to put defense first. We need a "defense dominant" strategy for securing the Internet and everything attached to it.

This is important. Our national security depends on the security of our technologies. Demanding that technology companies add backdoors to computers and communications systems puts us all at risk. We need to understand that these systems are too critical to our society and -- now that they can affect the world in a direct physical manner -- affect our lives and property as well.

This is what I just wrote, in Click Here to Kill Everybody:

There is simply no way to secure US networks while at the same time leaving foreign networks open to eavesdropping and attack. There's no way to secure our phones and computers from criminals and terrorists without also securing the phones and computers of those criminals and terrorists. On the generalized worldwide network that is the Internet, anything we do to secure its hardware and software secures it everywhere in the world. And everything we do to keep it insecure similarly affects the entire world.
This leaves us with a choice: either we secure our stuff, and as a side effect also secure their stuff; or we keep their stuff vulnerable, and as a side effect keep our own stuff vulnerable. It's actually not a hard choice. An analogy might bring this point home. Imagine that every house could be opened with a master key, and this was known to the criminals. Fixing those locks would also mean that criminals' safe houses would be more secure, but it's pretty clear that this downside would be worth the trade-off of protecting everyone's house. With the Internet+ increasing the risks from insecurity dramatically, the choice is even more obvious. We must secure the information systems used by our elected officials, our critical infrastructure providers, and our businesses.

Yes, increasing our security will make it harder for us to eavesdrop, and attack, our enemies in cyberspace. (It won't make it impossible for law enforcement to solve crimes; I'll get to that later in this chapter.) Regardless, it's worth it. If we are ever going to secure the Internet+, we need to prioritize defense over offense in all of its aspects. We've got more to lose through our Internet+ vulnerabilities than our adversaries do, and more to gain through Internet+ security. We need to recognize that the security benefits of a secure Internet+ greatly outweigh the security benefits of a vulnerable one.

We need to have this debate at the level of national security. Putting spy agencies in charge of this trade-off is wrong, and will result in bad decisions.

Cory Doctorow has a good reaction.

Slashdot post.

Tags: backdoors, eavesdropping, intelligence, national security policy, privacy, security policies, surveillance

Posted on September 6, 2018 at 6:41 AM • 75 Comments

Comments

Weather • September 6, 2018 7:17 AM

Motto, no computer evedecne should be emissable in court, only used by police to aid in getting physical evidence.
A picture needs a hash taken and tracked by people handing it to it gets to court,ditto with whole HDD,but before then or during how can you ever possibility verify the data,
What the person is a idiot so the data must be legit...

Being posting to much,going to take a break

Sandra • September 6, 2018 7:30 AM

Want to improve security?

Stop locking up the food, water, shelter, education. Stop forcing the masses to compete against each other needlessly, harming themselves and each other while making a small minority immorally wealthy and powerful.

that's the only way you're improving security in any meaningful way.

AlanS • September 6, 2018 7:54 AM

Brandeis in Olmstead dissent 1928:

Experience should teach us to be most on our guard to protect liberty when the Government's purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding.

And the governments in this instance have something of a record of purposes that one would often enough have trouble characterizing as beneficent.

Bill Marrs • September 6, 2018 8:59 AM

Thank you for fighting the good fight on this issue, Bruce. I truly see you as someone who just might save the world.

vas pup • September 6, 2018 9:01 AM

"Many of the same means of encryption that are being used to protect personal, commercial and government information are also being used by criminals, including child sex offenders, terrorists and organized crime groups to frustrate investigations and avoid detection and prosecution."
Bruce, could you clarify please: is strength of encryption tools spectrum OR same size fits all?
My humble guess that strength of encryption to protect personal information, commercial information and government information (even within government information: e.g. national security versus other government data)should be of different level. As result, criminals, sex offenders, terrorists and organized crime should and could utilize encryption tools which are not of the highest strength and as result could be breakable by LEOs by their means/professionals. Determination and the most important - available resources to break encryption, utilize other software/hardware vulnerabilities. So, state actors (e.g. China, Russia) may have resources to break personal, commercial information, but regarding government information - it should take so long time as information become obsolete/useless. Arm race is in place.

Parabarbarian • September 6, 2018 9:36 AM

Two observations.

First: The referenced statement was published by the Australian government and, frankly, from them it is no surprise. Have the other four countries issued similar statements?

Secondly: For well over a decade, Alex Jones has been predicting the five-eyes countries would go full on Stasi. Maybe I need to pay more attention to Infowars.

RSaunders • September 6, 2018 9:45 AM

The thing that politicians seem to miss, and Cory Doctorow doesn't mention until the second half of his post, is the absolute requirement to ban compilers to make this work.

Sure, most people can't write good encryption code. But, alas, most isn't good enough. As long as compilers exist, someone somewhere can pull a Satoshi Nakamoto and write a program. The source to a program can be written on paper. Paper can be photocopied and sent around the world in a zillion possible ways. Any politician who thinks they can keep a book from spreading, at least among professional spies or criminals, is simply wrong.

Anyone who gets a copy of that piece of paper and has access to a compiler can make software which does not comply with the backdoor requirement. The most elegant such code will exactly mimic the headers, labels, and indicators of a valid, approved encryption tool - except the backdoor key will produce gibberish.

Anyone who's worked in encryption knows that making gibberish is super-easy with any crypto, the tiniest mistakes have that as their first symptom. That means that to do good DPI, it will actually be necessary to decrypt all traffic, using the "super duper government access tool", just to check that it's not from the naughty paper's version of the program. This is beyond current computer production capacity, it's literally not possible.

David Rudling • September 6, 2018 9:50 AM

Technology security companies in the 5 eyes nations, if they are to be compelled to comply, must see this as the biggest piece of bad publicity for future sales of their products that it is possible to imagine. It says that their products will be guaranteed to come with that built-in button to be pressed to kill everybody. Would you buy such a product? Nations outside 5 eyes will no doubt step into the marketing breach created. There are fears that Chinese products may already have back doors but speaking personally I suspect I am insignificant to Chinese government agencies. If anyone has a back door in one of my products I am not sure that I wouldn't prefer it to be a backdoor for use by those with bigger fish to fry and where "private" corruption is likely to see perpetrators dealt with far more harshly than in a 5 eyes sub-contractor.

Bob • September 6, 2018 10:02 AM

The problem is that, to these people, surveillance *is* security. In their minds, they're the good guys, they're the only ones that can keep us safe, and the only way they can do it is through ever expanding surveillance. That's why nobody is ever going to get through to them.

K.S. • September 6, 2018 10:03 AM

Why are we so eager to turn Western Civilization into another Pakistan or Russia?

Scott • September 6, 2018 10:10 AM

"It is an established principle that appropriate government authorities should be able to seek access to otherwise private information when a court or independent authority has authorized such access based on established legal standards."

But it is __NOT__ an established principle that government authorities are able for force the parties involved to interpret and explain that private information. For example, if two people are emailing limericks to each other that may or may not contain a code that they're using to plan a crime, the U.S. government cannot force them to confess by forcing them to explain the meaning behind the limericks.

This leads to a slippery slope, if the government can force suspects to explain one kind of evidence, they can force suspects to explain the meaning of other types of evidence. "You're a suspect in the murder of Mr. X; explain how this knife ended up in his heart. If you refuse, or we don't believe you when you say you don't know, we'll throw you in jail for obstruction."

Give them got the ciphertext; make them provide the interpretation.

me • September 6, 2018 10:22 AM

@Bob
Maybe is what they think...

I think that my freedom is more important than my security.
i prefeer to live in a free but insecure world than in a perfeclty safe but not free world.

I'm happy with my free but imperfect world and i prefeer to risk a terrorism attack than to have mass surveillance*
(*Also because it doesn't stop terrorism attacks)

Same goes for apple vs android, i like security and i know apple is more secure, but i don't want that they decide what is better for me.
i want to be free to install whatever i want on my phone, even if this means that i can get a virus.
i accept the risk and i'm more than happy of it, freedom is much more important than security.

ROF • September 6, 2018 10:34 AM

Where this world is headed:

- Strong encryption for the Lords

- Weak encryption for the surfs.

Clive Robinson • September 6, 2018 10:53 AM

@ Bruce, All,

The Five Eyes -- the intelligence consortium of the rich English-speaking countries

It needs to be said again...

The Five-Eyes member organidations,that is the SigInt and IC agencies, see themselves as a single trans national entity ABOVE the elected officials of each sovereign nation.

That is they see themselves as the head that wags the tail that is the actuall executive and head of state of their member nations.

This is not a "Dark State Conspiracy Theory" but an actuality as New Zealand have found if the elected officials try to go against the decisions of the two original BRUSA (BRitish US Agreement) then they are ignored, side lined or worse.

They have dug themselves in worse than Lyme Disease infected ticks. And now they can not hide in the dark passively listening on unencrypted data, are going on what is a very public offensive that is mainly driven by FUD.

However they SigInt agencies know that they can not succeed against knowledgable opponents[1]. Thus it is more than abundantly clear the targets of interest for them are not "Hostile Nation States" or their various actors, or for that matter terrorists or criminals. No it's the 99.9% of nominally honest citizens who would be really horrified by what is being collected on them not just by the SigInt / IC entities but also by the corporations who have been shanghaied into "collect it all" for the US Gov.

Further as most readers hear should know or realise the big push is to get your information off of the devices --you don't own but use-- into their cloud where the notion of "Third party business records" means not only do they own all your information but kick it all back to the US IC one way or another.

Even companies that do not "kick back" it's fairly easy for the SigInt / IC entities to get hold of the private key half of a PK pair. Thus they just sit passively on the wire as they have done in the past "collecting it all"

As I've mentioned before there are ways to nullify these SigInt / IC entities simply by extending the securiry end point beyond the commubications end point they can reach by "going off device".

But for the majority of the 99.9% this will likely be to much effort.

And that is what the SigInt and IC entities know, which is why they are pushing so hard for behaviours they can exploit in the mostly honest 99.9% of the population.

I'm sure the likes of Moxie Marlinspike and other "secure app" developers are aware they are selling what is in effect "snake oil". Due to the lengths they goto to tie you to very insecure behaviours rather than making secure behaviours easier to implement and use.

Alejandro • September 6, 2018 11:13 AM

"To put it bluntly, this is reckless and shortsighted. I've repeatedly written about why this can't be done technically, and why trying results in insecurity." -Bruce Schneier

Well said!

I am very concerned that Five Eyes leaders meet regularity to further their agenda to disrupt the internet for their own purposes and aggrandizement. Certainly our current elected officials won't stand up to them, in the USA, and seems in other places authoritarian right wing governments support them entirely.

Acquiescence by the UK and Australia is especially concerning.

Between stuff like this and the today's news of a Trump coup in action the mind boggles completely.

vas pup • September 6, 2018 12:12 PM

NYT Trump column: Linguistic clues to White House insider?

https://www.bbc.com/news/world-us-canada-45435813

"We ran the text of the New York Times column through some writing enhancement software to identify the author's stylistic traits (more on those later).

The software we used hones in on certain characteristics of writing style, including how often the writer repeats words, when they use rare words, how often and where they use punctuation, how many characters they use in each word, and how long their sentences are.

Compared with most of the official statements and speeches we analysed, the New York Times column had a distinctive style (again, some of this could be down to the editing process)."

Is it possible to utilize AI, train it using input of particular person style previous articles/statements, then ask AI to generate column as if it was written by targeted person?

Winter • September 6, 2018 12:28 PM

This same principle allowed the manipulation of the 2016 US presidential election. In short, it allowed Russia to help their preferred candidate win.

In short, they want to spy on everyone to "protect" their "country" (or whatever they want to protect) and gave the keys to the White House to a Russian agent.

Hmm • September 6, 2018 1:41 PM

@Parabarian

"For well over a decade, Alex Jones has been predicting the five-eyes countries would go full on Stasi. Maybe I need to pay more attention to Infowars."

Lol, that's just... I'll be nice. Alex Jones is a broken clock without any numbers, all cuckoo.

These things have gone on for at least 5+ decades in various iterations.

https://en.wikipedia.org/wiki/UKUSA_Agreement

Nobody should be surprised by any of this nor should anyone believe Alex Jones had any hand in revealing ANYTHING credible or factual whatsoever. He's a blatherer. Who did?

Snowden. Assange. Greenwald. Drake. Binney. Stockwell. And many others.

These people made serious commitments and jeopardized their careers to advance the public debate with factual information about the (once-secret) data collection regime that we're talking about underpinning these backdoor/panopticon efforts. Alex Jones is a campfire storyteller trading ghost stories with idiots and telling them wrong anyway. There's no comparison. Respect the truth tellers and whistleblowers, not the blowhards.

Gweihir • September 6, 2018 1:54 PM

It is pretty clear by now that this is neither shortsighted nor stupid. Instead, these people view the general population as their primary enemy and hence that is who they want to spy on. The only other credible explanation is that these people are utterly demented and that would make them even more dangerous. I mean, the evidence is compelling, all reputable experts agree and still, the problems with this approach get ignored. The only plausible explanation is intent.

Jeremy • September 6, 2018 2:14 PM

@vas pup: Encryption is essentially one-size-fits-all. The "advanced encryption standard" (AES) that is approved by the US government to protect top secret information is also used in thousands of commercial products, and you can download free open-source versions on your personal computer right now.

You're also assuming that governments are BETTER at cracking encryption than criminals are. The biggest criminal botnet in the world has way more computational muscle than your local police department. There might be some potential security level that is out of reach of criminal hackers but that the government could theoretically break if national security depended on it, but there is NO level where it is breakable to a routine law-enforcement investigation but immune to professional criminals.

Even if such a level existed, it would move constantly as technology, economics, and mathematics evolve. And since making "secure" crypto is already challenging, asking people to make "precisely this level of secure" crypto is probably a fantasy.

And even if you could create the tech, you couldn't force the criminals to use it any more than you can force them to use your backdoored software. Such a regime is unenforceable without extreme police-state measures.

Billbo • September 6, 2018 2:16 PM

I think it is finally time to tell the security agencies to put up or shut up. The US has the NSA and the other countries have similar organizations all of whom are thought to have considerable expertise in this area. The tech industry and the academic community needs to make a joint statement that says "We don't know how to do what you want without severely compromising the security of practically everything. Why don't you have your experts come up with a concrete proposal which can be openly examined by everyone and we'll see what we can accomplish." Of course, they kind of tried that with the Clipper chip which went nowhere more or less because the system they came up with didn't work on multiple levels. I'm beginning to wonder if their internal experts are telling them the same thing that we are.

So you might ask, why do they keep pushing for it? I think it is all a variant of "security theatre" (i.e. covering their ass). At some point something akin to 911 is going to happen and they are going to be blamed for not knowing about it ahead of time. If they can point out that they had been pushing for years to get access to everything, they may figure they can shift the blame. But they also know that ANY system is going to have the kinds of problems that the public community points out and if the system put in place was one that they mandated then they will be blamed for those problems as well. If they can browbeat the tech industry into coming up with their own system, then they get the access they want while the tech industry gets the blame for the inevitable problems. I even understand their desire to cover their ass. It may very well not be fair to blame them when the disaster happens, but it is going to be human nature to do so anyway. (Or at least, I hope this is what is going on. If it isn't then it really makes me worry about their level of competence.)

Hmm • September 6, 2018 3:18 PM

The Congress (or Parliament, same) and the Courts decide where protections of individual rights exist and are enforceable in law. These are supposed to be checks against the unfettered power of one another. To that end in the US the highest court appoints lifetime membership to Supreme justices in the Congressional forum, and Congress votes to approve or reject their nominations. These people once confirmed to that role have 1/9th of an incredible sweeping power greater perhaps than any other in our system.

So it would be interesting to notice that during the confirmation process of this latest ideologue deliberately intended to stack the court with a rubber-stamp for unchecked executive powers, Congress and the Executive have conspired (colluded?) to withhold from the public and broad discussion in Congress some thousands and hundreds of thousands of documents which, under our laws, are the property and right of the people to know under the FOIA. These are government employees writing official opinions and legal pronouncements and findings of fact. All of that is publicly owned. A massive chunk of that was deliberately withheld to prevent Congress or the public from discussing serious questions about the suitability and views of this latest appointment.

Thankfully one Senator has challenged this and has put his career on the line to do so:
https://twitter.com/MelsLien/status/1037709448511455233/video/1

But the stark reality remains - if Congress and the courts can and do withhold public information FROM ITSELF for the purposes of ram-rodding rubber-stamp candidates into lifetime appointments at the highest levels of power in our system, there is precious little anyone under that legal umbrella can either do about it, and there should be no expectation of adequate, wise, judicious oversight that we've expected and relied upon historically in charge of these most serious and sweeping decisions that affect our lives and the future of human civilization as a whole.

If this perversion of our oversight process in open session on such BASIC FUNCTIONAL BUSINESS is possible or allowed, who can imagine what will be decided under the "secret" blanket of national security by this rather unwatched cabal that illegally(!) protects itself from oversight while deciding the limits of our basic human rights as citizens?

Our system is right at the edge of completely broken.

Clive Robinson • September 6, 2018 3:38 PM

@ Jeremy,

you can download free open-source versions [of AES] on your personal computer right now.

That may not be wise, unless you know a lot about it.

With hindsight it's fairly apparent the NSA fixed the NIST run AES, competition, in a quite evil way.

It is obvious that the NSA were aware of various time based side channels that could be inflicted on both software and hardware implementations of a crypto algorithm. They would also have been well aware that the easy way to break a crypto implementation is to leak the encryption key via a side channel especially a time based one.

But the evil bit is that they would have been aware that making the software run as fast as possible by the likes of loop unroling would maximise the likelyhood of side channel leakage. Likewise the most gaye efficient hardware designs.

Thus the ensured that the competition entrants would provide Open Source implementations maxamized for speed or efficiency. Knowing that they would quickly be incorporated into "code libraries" and the like.

This duely happened and it appears there are still badly implemented high leakage code out there still, just waiting for the unwary...

The NSA call it "finessing" a term they got from the Bletchley Park academics, who borrowed the term from the "bridge" card game, which was very popular at that time in war torn England.

As I noted many years ago on this blog the NSA priorities for in effect putting the fix in is,

1, Standards.
2, Protocols.
3, Plaintext.

Since then we have seen them repeatedly push defective standards. Likewise protocols and implementations. But the big bucks prize for them is easy access to plaintext which we have seen fairly often. After all why take the hard path to crack the crypro when you can break the implementations or better yet simply do an end run attack around the security end point to get directly to the plaintext at the user interface of an application or programme...

Sancho_P • September 6, 2018 3:38 PM

THEY HAVE LEGAL ACCESS!

I don’t understand what the discussion is about. What are they asking for?

Yes.

They have (hopefully legal) access to my “otherwise private information”.
I have no means to deny them access if it left my home.

But for my personal security this information is and will be encrypted.
If they want to read + understand they have to ask for.

Clearly, this is the purpose of a warrant:
To inform me that there is a suspicion against me, and that they are going to search my home, my private belongings.
Now I can take legal action to protect my property.

Again, they have access. What do they want?

Clandestine access also means clandestine write access in my privacy.
That would be the end of electronic business / communication.

mosstipkarma • September 6, 2018 3:53 PM

It is difficult to get a man to understand that which his salary depends upon him not understanding.

echo • September 6, 2018 4:19 PM

I agree with Bruce's call for a "defense dominant" strategy. I worked myself to this point even if it was by a different path.

I drafted a longer comment which had a go at rich white men foghorning from their media platfiorm and a lot of waffle about society and cultures and different priorities but none of this came over right.

tz • September 6, 2018 4:23 PM

This parallels the gun control debate.
Removing guns from the good guys doesn't stop the bad guys.
But you can see the fear and rhetoric. Swap crypto for guns in the stories from Parkland.

The choice is always between a slightly dangerous liberty, or trusting government made up of the same fallible, fallen humans, except they usuall are power hungry.

What if the police could violate privacy by decrypting anyone - Kapernick is taking a knee over brutality, not privacy, but would it be so different?

Jack • September 6, 2018 4:28 PM

@Billbo : What, you think the US embassy in Salafist-Arabia will once again issue visas to known salafist-terrorists so they can attend flightschool in the US, receive money from dodgy salafist-terrorist financers without anyone lifting an eyebrow and then fly the house of salafists home while everyone else is grounded ??
By God, we need week encryption to stop that from happening!

Hmm • September 6, 2018 5:14 PM

"Swap crypto for guns in the stories from Parkland."

The analogy fails on fundamental levels.

"What if the police could violate privacy by decrypting anyone"

They can, right now. If they order you to decrypt your files and you refuse, they can jail you.

This isn't even a choice, they are deciding without your input or ability to input.

Their decision is that in order to obtain the information they've decided they need to keep us safe, "all of it", they have the power to force manufacturers to build faulty crypto locks with skeleton keys that unlock all of them instantly. Bruce and others have pointed out this isn't going to work, that cheap locks aren't worth using, and that if we continue to build out society's infrastructure using that paradigm we are screwed.

It has nothing to do with kneeling or guns. Those are decided and strongly defended, comparatively.
What is being undermined is the US 4th Amendment, not 1st or 2nd.

Ismar • September 6, 2018 6:42 PM

“One Ring to rule them all,
One Ring to find them,
One Ring to bring them all
and in the darkness bind them.”

Australian • September 6, 2018 7:17 PM

I was surprised it hadn't been covered immediately on this blog, or at least by a commenter:

about a month ago Australia implemented laws - incredibly vague ones - that allow phone messages to be accessed, deleted, replaced - encryption bypassed on phones - and a whole lot more. all thats needed is 'reasonable cause' as I understand

Thoth • September 6, 2018 7:28 PM

@Clive Robinson, all

I guess we have been to the same topic multiple times (nation states vs. civilians) and so on. We have discussed C-v/&-P and the methods to mitigate.

I think I have been posting lesser despite the interesting topics.

Lots of work these days but I guess the same thing we have been warning can be tiring.

Rampant snake oils everywhere but few bother anyway.

For the rest, the best way to beat the 5Eyes is to not be online and revealing on personal details too often as usual and all modern Intel/AMD/ARM devices can be considered monitored and backdoored.

Also something off-topic for @Clive Robinson, I had a few close shave encounters with a few attempts to not pay and just take my IP rights for my products and designs right under my nose recently :) .

Clive Robinson • September 6, 2018 9:02 PM

@ Billbo, All,

It may very well not be fair to blame them when the disaster happens, but it is going to be human nature to do so anyway. (Or at least, I hope this is what is going on. If it isn't then it really makes me worry about their level of competence.)

Why would it be unfair?

And can you judge their competence if you do not know what their future plans are?

The SigInt agencies, and Inteligence Community in the US demand a huge slice of the tax pie. And as far as we can tell, deliver very poor value for money compared to traditional boots on the ground type HumInt. A point that @Bruce and others have pointed out.

Yes there will be more disasters as time goes on they are unavoidable, because you can not catch them all, that is the nature of probability.

But they will almost certainly become more frequent due to technology, that also is unavoidable. Because technology is an enabler that is agnostic to use. It is the mind behind the finger on the button/trigger/joy stick that decides how it is used. That should have been the big message from 9/11, but most appear not to have realised it. That is,

The more technology we develop the more people will turn it against us...

Unfortunately technology has reached a point where there is a "new player in town" it's very simple at it's lowest levels but it's complexity can and has taken it beyond human abilities in limited areas. We glibly call it Artificial Intelligence (AI) without the ability to understand it. For various reasons there are quite a few people who want to make "AI the mind behind the trigger".

As I mentioned yesterday on another thread, public transport companies want to increase fares in the UK at a rate much faster than inflation. However they also know that this will increase "fare dodging". Their "Holy Grail Technology" is a fully automated system that tracks each and every individual, not just through their transportation systems but before and after the individual enters. Thus identify any fare dodgers and prosecute them with minimum human involvment. This will more importantly enable them to have many multiple tarrifs where by the individual will be forced into "individual pricing" to maximize profit potential and minimize transport company costs by effectively minimizing peak loading etc.

It's a scary thought for most commuters when you tell them, and in general they do not want to believe it, but it's true enough.

Now imagine the same technology used to track you from before you put a foot on the public infrastructure untill after you have left it? This is already happening to some extent in the UK for motorists within 25-75miles from central london and further in a lot of cases for "road fund taxation", "congestion charging", and even "parking" in super market car parks. These systems are not yet interconnected but probably soon will be.

From a Police State view point "getting access and interconnection" would also enable a "Holy Grail" technology. With there being effectively no limit to the level of abuse that could be achived, due to the "Time Machine Effect" and peoples "self defence" to it.

To see why consider two stories in the news,

The first from the UK where two individuals have had their movments traced from steping off of a Russian airline across half the country and back twice pluss other movments untill they got back onto another aircraft. This apparently amazing feat was done by non interconected systems by human beings which has taken many months to happen. Now imagine what is going to happen when an AI system that tracks everyone is connected to all these currently not interconnected systems?

Secondly from the US it's been reported that "A reality TV individual has recorded every conversation they had or were party to in the heart of the US Government. The technology is there currently such that every thing the individual saw and heard could not just be recorded but also automaticaly analysed and turned into a compleat log of events that would be fully searchable. Now add an AI system that could recognise threads in such a log and link them together to produce not just time lines of events past but also projections into the future?

These represent the two ends of the surveillance capability curve the State/Corporate because they can and the individual for self defence.

Now imagine what would be the result if an Intelligence Agency could get their hands on both ends and all points inbetween and have AI link all the threads together?

Those are the stakes not just the SigInt agencies are playing for but all Intelligence Community and Law Enforcment Agencies as well as many corporates. The trick for the tax paid for surveillance organisations is getting their hands on the private sector data at as close to zero cost as possible.

Imagine for instance the equivalent of the "fitness bands" some employers now require you to wear for the compulsory medical insurance. As you can not take it off and keep your job, it is acting not just as a health monitor but lie detector and tracking device 24x365.25. There are many similar agnostic to use technologies already heamoraging "Intelligence" onto the Internet. All just waiting for an AI back end to connect them together. It's probably already happening at least experimentally in a covert way by corporates as the basic technology already exists, and such Intel has a ready market in the research end of the health care industry.

Do you want to wait for a future Ed Snowden to us in half a decade or so that the Government agencies have been doing the same? Or just work on the simple idea that if it's possible --which it is-- that it's already being done by them or at arms length for them by the likes of Alphabet or Amazon...

I don't know about you but that sort of world is not one I realy would want to be a part of, due to "The chilling effect on free will" that will have a catastrophic effect on society. Sadly it's probably less than a decade away the way things are currently going...

Clive Robinson • September 6, 2018 10:02 PM

@ Thoth,

I had a few close shave encounters with a few attempts to not pay and just take my IP rights for my products and designs right under my nose recently

It's hard to avoid, especially when you are seen as having "no power".

Take Amazon for instance, if you design a product and sell through them they can see what you are selling and to whom before you even get the order to forfill.

If your product looks like it is a success in the making as many small developers have discovered Amazon will develop an "in house" competitor and take any profit they can from you.

Worse Amazon do not care about their in house products, they have been seen to just cut support etc before the warranty expires, then the customers that could have been and would have been supported by the original small developer get a bad taste in their mouth about the technology, so Amazon kill the market.

There is only one thing a small company can do to stop this kind of abuse, and that is grow to the point where they have sufficient power, that sticking lawyers on the likes of major corporates is "just part of doing business" as was seen with Apple versus the likes of Samsung etc [1].

But the important question is how do you get from being a minnow to a shark?

Well one way is as ARM did and not to actually make product but licence it. But that does not work at the minnow stage except by pure chance, and then you are more likely to get swallowed whole by a shark (think what happens in the software industry with "MineCraft and Microsoft" for instance). Usually though such buy ups are for "disruptive technology", where it's less expensive for the shark to make an over the top offer than to develop competition.

Another way is guerilla product production, it uses a similar model to the Film Industry. In essence you build an IP Licencing company by setting up smaller independent marketing companies which in turn get product manufacture by other companies in China etc.

The whole point is to move profit up to the IP company and liability down to the marketing company. You make the marketing company very lean and have no assets only liabilities. Thus you come up with an idea setup a marketing company that gets another company to make the product. You push the product out through Amazon and similar and when they steal it you in effect kill the marketing company when the income drops or stops. Rinse wash and repeate.

In essence this is what is happening in the IoT market place. If a marketing company does turn into something a lot more successful you can sell it on, with you still getting a percentage back through IP Licencing. At this point you can then licence to other companies etc and grow the core ideas business.

It has one other advantage... If a marketing company fails it is their fault not the IP licencing companies fault. If however a marketing company succeeds then it can be seen as an IP licencing company product success.

The point is you know that initially you will have marketing companies fail because the likes of Amazon are probably going to kill them one way or another. Hence shed no tears over them and ensure you take no liability whilst keeping what is good for future use when you have the power to stop the likes of Amazon trying to kill your products.

There are other aspects such as having support companies that "buy out" customer support for products where the marketing companies have failed. There are several organisations that exist solely to make profit from this. They are similar if not the same as "Extended Warranty" companies. Some of which make "double money" by not only getting the extended warranty fee from the customer but also marketing their details, and these days in the IoT and similar market their data as well...

This is not the way most of us would wish the world to be but it is the "new econommics" of the IoT market place, and for some of us is a very major security concern...

[1] https://www.wired.co.uk/article/apple-samsung-iphone-patents

echo • September 6, 2018 11:44 PM

@CLive @Thoth

It's hard to avoid, especially when you are seen as having "no power".

This explains a lot. I don't what it is with people.

65535 • September 7, 2018 2:50 AM

What the Five-eyes needs is smaller budgets, less people with top security clearences and less Public Relations firms under contract bleating for more money [Cough, Facebook, Google and Cambridge Analytica]. The cold war is over. Go spy on some actual threat like the murders using nerve gas in the UK and not the average Jane or Joe.

George Best • September 7, 2018 3:00 AM

It seems to me that the more we advance in technology the more freedoms and liberties we give up, and our private life becomes less private.

Bong-Smoking Primitive Monkey-Brained Spook • September 7, 2018 3:22 AM

Privacy is an abstract concept; a figment. Expunge that word from your vocabulary or assign to it a meaningful, real-world definition.

Clive Robinson • September 7, 2018 4:16 AM

@ echo,

I don't what it is with people.

You are typing to fast and have left out the key word in the sentance. I'm guessing it's "know" before "what".

The answer is probably that like most of us you don't have a sufficient psychopathic trait, thus it's a quite alien view point.

One of lifes little tricks is to have the "voice of command" or "authority" that reaches past most peoples conscious directly to their autonomous mind which makes them effectivly leap to attention or bend neck or knee in supplication.

A friend who earnt their living and considerable respect by poking into peoples minds, pointed out a salient fact in life. A wife or long term girlfriend will practice to learn to say their other halfs name or nickname in such a way as to cause their shoulder blades to come together in mortal dred of what is in their immediate future. Apparently it's a learned response from when we are very small and our mothers need to verbaly restrain / remonstrate with us at a distance...

Clive Robinson • September 7, 2018 4:34 AM

@ BSPMBS,

Expunge that word from your vocabulary or assign to it a meaningful, real-world definition.

Whilst I would agree "privacy" is not a physical attribute such as "life". I would argue that unlike "liberty" or "freedom" privacy is not an abstract concept but an informational one.

That is it is a right to chose what others do and do not know about you without let or hinderance from others. It can be equated in part as the mental equivalent of the right not to suffer physical harm such as tourture.

Privacy is very much a social need without it, it has been found that humans suffer mental degredation such as a loss of sense of self identity and self worth. It's more obvious effects can rang from "group think" issues through to full on mental breakdowns some of which can be both sudden and very very violent. When both the group think and violence combine you end up with some of the worst forms of gang culture, which is very very far from abstract in it's effects on the rest of society.

Clive Robinson • September 7, 2018 5:58 AM

@ BSPMBS,

Oh and one further argument, US legislation like English legislation and many other juresdictions legislation derived from English law does recognise privacy. Not in a highly specific way but by it's opposit...

Legislation says there are things you must not do at any time or place such as murder, you can recognize such legislation by the fact it has no refrences to time or place. Some other legislation which deals with the likes of trespass and other property violations makes distinctions via ownership of property and recognises that the owner of a property has rights.

But there is other legislation that recognizes time for instance which often indirectly gives the right to a "home life". That is you are not alowed to make noise or carry out other activities outside a prescribed time such that people might get a nights rest.

But there is also a considerable body of legislation that says what is not permissible in "public". Whilst not prohibiting them in non public places. That is places that are "Private" where members of the public have no right to be at any time.

It's an argument those in authority and large corporations don't want to talk about, because it has consequences and implications that they realy do not want to be brought into the light of day.

Part of this is the equivalence of information to physical objects and places. But also supprisingly it's recognised as not equivalente. I won't go into details as you should be able to work them out for yourself.

Clive Robinson • September 7, 2018 7:13 AM

@ Moderator,

My above I posted in the wrong open page....

I have reposted it in the Friday Squid where it was ment for.

If you could delete this message and my 7:05 AM above it will keep things tidy.

Thanks in advance.

John Beattie • September 7, 2018 8:41 AM

The problem here is not whether it will work, it won't.

The problem is the amount of damage the proposal will do while society recognises that and works out how to reverse it.

Look at the case of Travelsentry, described in by Cory Doctorow. This is doing direct, definite harm to air-travellers in the US but it has continued since 2003. That is fifteen years and it's nowhere near to being reversed.

The risk here is that it will take that or longer to address this stupid proposal.

Gary Valan • September 7, 2018 10:32 AM

So how do we, as concerned citizens, outraged at the continuing assault on our private lives fight it? We knew the Government would continue to tighten control over us. We are a virtual police state with all the laws passed after 9/11.

The current government with a compliant congress are weaponizing these laws further.

The recent border arrests and "misplacing" of the separated minors and the bumbling by faceless security agencies and their paid private goons have demonstrated that no one will take responsibility and there is finger pointing at everyone else except the Government itself. Or they deny everything.

We have become an amoral state and with a small push could become authoritarian. While online discussion, commenting disseminate information, we need "boots on the ground" to stop these sorts of laws and in fact dismantle the ones we already have on our books. How do we do this other than passively support EFF, epic, write our Congresspeople etc? None of it seems to have any effect on the State.

CallMeLateForSupper • September 7, 2018 10:45 AM

@Parabarbarian
"Have the other four countries [Eyes] issued similar statements?"

Yes. As Bruce wrote (first sentence), The Five Eyes released essentially the same pablum and did it separately. I read the U.S. version yesterday on a .GOV site after being thwarted in all attempts to view the AU version in its entirety.

The homeaffairs.gov.au site coughs up the first three paragraphs of the Preamble and then ends. There is no scroll bar! I assume that the Aussies are not amused by my use of NoScript and PrivacyBadger.

Petre Peter • September 7, 2018 11:02 AM

Surveillance capitalism cannot exist without the eyes; the eyes cannot exist without the eyelids; the eyelids cannot be used without privacy; privacy cannot exist without property; property cannot exist in public. This is turning into Eyes Wide Shut reality.

HM • September 7, 2018 11:22 AM

@ RSaunders "requirement to ban compilers to make this work":

Not necessarily.

Expert/well-organized criminals can compile their own encryption, but this adds an extra layer of effort so less-expert people will not. For example look at how many people use encrypted email (not many because it's non-default) versus how many people use encrypted iMessage (everyone because it's on by default).

Now, I still agree with Bruce's objections to backdoor requests. The "serious organized national security threats" will still find good encryption, so the extra effort layer will only help against small-scale targets, not the national security threats we will be told this is needed for.

Certainly sophisticated criminals can find a compiler and use strong encryption. But not all criminals are smart or technology experts.

The real objection is still that there's no way to have a backdoor even for everyday criminals that's only used for valid reasons. Plus that even with encryption, law enforcement can still get normal call logs and/or documents on iCloud, so they are not completely dark.

Bong-Smoking Primitive Monkey-Brained Spook • September 7, 2018 12:17 PM

@Clive Robinson:

Whilst I would agree "privacy" is not a physical attribute such as "life".

Have you read this article, pointed to by a third-class linguistic acrobat?

Privacy = Concelment

There! That's the right definition.

albert • September 7, 2018 12:34 PM

@vas pup,

https://www.newyorker.com/humor/borowitz-report/nation-stunned-that-there-is-someone-in-white-house-capable-of-writing-an-editorial?mbid=nl_Humor%20090618&CNDID=29677039&utm_source=Silverpop&utm_medium=email&utm_campaign=Humor%20090618&utm_content=&spMailingID=14203630&spUserID=MTQxNzkzNjEwMzI3S0&spJobID=1480493017&spReportId=MTQ4MDQ5MzAxNwS2

@All,
Make no mistake about this. The purpose of the total surveillance programs is total control of the populace. Terrorism is only an excuse. The IC/LE wants to sit on their cushy chairs and have everything handed to them on a silver platters. The first steps have already been taken; no-fly lists for journalists and authors who investigate and/or criticise the gov't. Think about it. Why would Google and Fbook, -on their own-, ban or otherwise interfere with users in good standing? They wouldn't. It's bad for business. The only reason is fear of the establishment. Don't think for a minute that G & FB couldn't be squashed like bugs if the gov't wanted it done.

Even Elites have to tow the line.
. .. . .. --- ....

Wael • September 7, 2018 1:20 PM

@Bong-Smoking Primitive Monkey-Brained Spook,

pointed to by a third-class linguistic acrobat

Put the bong down or change the stuff you smoke. You need a lighter brand!

Privacy = Concelment

Privacy = Concealment

Clive Robinson • September 7, 2018 3:43 PM

@ BS PM BS,

Privacy = Concelment

Hmm, that is one of those "word replacment" definitions that is almost as meaningless as the word it replaces. Thus,

Privacy = Concelment = hide?
Privacy = Concelment = obscure?
Privacy = Concelment = withhold?
Privacy = Concelment = seclude?
Privacy = Concelment = seperate?
...
...
...
Privacy = Concelment = xxxx

Where xxxx is a synonym of the other words of which there are over fifty. Most of which actually say nothing by way of a definition they either point back in a closed loop to the original word, or the definition is effectively meaningless.

In the past on this blog I've asked @Wael and others for a not good but useful definition of,

Random

You end up with things like,

Random = nondetermanistic

Which is actually mainly usless as !determanistic is unbounded where as determanistic actually is bounded (see Cantor Diagonals for an argument on that).

But there is a social thus political asspect to synonyms.

Take the word "hide" to most people it has a negative connotation which is why we tend to use other words like "supprise" for "hiding" a party, prize or present from people.

Likewise "conceal" has a negative connotation to most, redolent of criminal activity.

Thus political and govetnment agency speach writers pick a synonym to convay not a meaning but an emotion. In effect a form of subliminal advertizing which like propaganda is supposadly illegal to use by US Government agrncies/entities.

But every time the SigInt Agencies put out their "backdoor" message, this is knowingly using illegal propaganda on the US citizens in an illegal subliminal way.

Unlike logical and linguistic "negatives" to illegal acts do not canncel out to make a positive act.

If people started calling out the SigInt agencies about these illegal acts each time they put out this known to be deliberatly false statments, maybe they would start to get the message. I guess the use of a howitzer to deliver an explosive message to Fort Meads front door is also illegal, but I think most can guess which would be prosecuted and which would not.

I still think that George Orwell's Animal Farm and 1984 should be compulsory reading for under 16 education. Likewise Machiavelli's the Prince and one or two similar books in prefrence to Religious dogma. Making the majority of the citizens aware of what New Speak and Spin realy are all about along with the moral coruption at the top of political, social and guard labour hierarchies, might make them less likely to accept the illegal activities those in Government committ on a more than daily basis.

Hmm • September 7, 2018 4:14 PM

"In effect a form of subliminal advertizing which like propaganda is supposadly illegal to use by US Government agrncies/entities."

A false or misleading statement is not defacto illegal, that's a misconception.

If it were you'd be locked up, so would a lot of people.

The President over 4000+ times already.

https://www.washingtonpost.com/news/fact-checker/wp/2018/08/01/president-trump-has-made-4229-false-or-misleading-claims-in-558-days/

But I agree they ought to err on the side of caution in making supported statements.

So ought we all.

Hmm • September 7, 2018 4:19 PM

Subliminal messaging is distinct from focus-grouped word selection.

"Clean air act" "Clear skies act" "Clean water act" -lowering standards on pollutants, etc.

Not illegal even when it's Orwell's newspeak directly. It maybe should be, but it isn't.

Clive Robinson • September 7, 2018 5:35 PM

@ RSaunders, HM, All,

... requirement to ban compilers to make this work

Compilers are not required to implement crypto algorithms. Simple interpreters and assembler on 8bit machines[1] will adequately give you solid reliable and above all secure implementations of many crypto algorithms.

To ban such things would be a stupid thing to do as it would critically damage most nations economies. As our host @Bruce has noted these days you do not by household items such as cookers, toastets, washing machines or even vehicals. You actually by a computer with the same old bits attached to it.

All that has happened is a mechanical, clockwork or relay ladder controler designed to do a specific job as a limited state machine, has been replaced with a general purpose computer chip and low power to higher power actuators to drive the same old bits.

Stopping the use of microcontroler development kits would wreck many industries in nearly all nations. Including those "home industries" that help third world status nations work their way from agrearian economies to mixed with light industrial which is a major step requirment to becoming a second world status nation.

Also contrary to the views of many you don't actually require computers for crypto either... Nearly all non mathmatical crypto algorithms can be implemented with strips of paper, look up tables, or packs of cards. Even the mathmatical algorithms can with care be done with a pocket calculator. The limits to such systems is usually time and bandwidth along with the usual human failings.

For some strange reason we appear to have forgoton that secrecy is older than mankinds ability to read and write, and early crypto has been around for atleast 2 millennia and probably more than four in one form or another.

It is actually quite simple with stream ciphers to make a simple lookup table or paper strip calculator to perform the mixing or addition function. The hard part is keeping your place in the key stream in use or generating the key stream.

I urge people to look into these sorts of non electronic crypto as it forces the SigInt agencies to do what they realy do not want to do. Which is tie up resources often human resources doing cryptanalysis.

The SigInt agencies are all hoping that we believe the hype of crypto-application developers. Whilst they may offer very strong encryption "over the wire" they also give plaintext at the user interface on the same device. Nearly all modern computing devices are not designed for anything even close to real security. Thus having the communications interface on the same device as the plaintext user interface is a guarenteed recipy for an "end run attack". Where the SigInt agency gets relatively easy access to the plaintext at the user interface from the communications interface via design defects in the device hardware and OS etc.

If you want to start having better security the first thing you need to do is get the plain text user interface off of the computing device that has the communications interface, and onto an entirely seperate device that is "energy gapped" from the computing device.

Thus using what is without doubt an insecure smart phone you read cipher text off of the screen and write it into the squares of a One Time Pad or other pencil and paper cipher. You then decrypt it on the paper read the plain text then burn the One Time Pad sheet you have just used. To reply you write the message plaintext into the boxes of the next sheet on the One Time Pad and encrypt it. You then type the encrypted text into the smart phones keyboard and hit the send button, then burn the used one time pad sheet.

If you want to give the government SigInt agencies a hard time, you could send and receive ciphertext in one of those near usless crypto apps. Because it does not matter a jot if the SigInt agency gets the ciphertext from the smart phone user interface or from a man in the middle type service as the strength of the ciphertext is dependent on the pencil and paper cipher and how you and the other party you are coresponding with use it.

There are also other tricks you can use to make a stream cipher used as though it is a One Time Pad [2] stronger. One such is to change the usage mode from the equivalent of "code book" to a form of chaining, this way the actuall ciphertext is not just a simple product of key and plaintext addition but the key stream effectively becomes message content dependent as well.

[1] You can by modern very low cost 8/16/24/32 bit microcontroler development boards, with LCD displays and USB programing ports that will run a BASIC or equivalent interpreter in a stand alone mode. Such microcontroler chips usually do not have RF communications hardware built in and will run off of flahlight batteries, thus either "air gapping" or "energy gapping" becomes considerably easier than with a smart phone / pad / tablet / laptop / desktop device.

[2] What you do is take a "crypto secure" cipher such as AES in a secure generator mode and print this out in exactly the same format as a true One Time Pad. You can write programs to do this in early Microsoft Basic given away free with early versions of DOS that ran on 8088/8086 CPU chips.

Bauke Jan Douma • September 7, 2018 5:47 PM

It's because the NSA's core business these days is politics.

Sancho_P • September 7, 2018 5:55 PM

@Wael, Bong-Smoking Primitive Monkey-Brained Spook, Clive Robinson

I think to reflect about what is our privacy is important and telling.
However, without solving the privacy puzzle, there is a different angle to view at our alertness:

Our intuitive caution regarding their urge to “access” our data.
Where does it come from?

First, I think, it is based on our knowledge of the existence of good and bad people.
This knowledge stems from personal experience as well as public information (e.g. news).

So we know there are bad people everywhere, in all cultures / groups, and, this is especially troubling, also in our own LE and government.

That means that abuse is inevitable.

But there is more.
Let’s naively assume there are no bad people out there, all friends.
Being experienced humans, we know that data / information / communication has to be evaluated in context.
We know misunderstandings from verbal communication, worse, and from (short) text.
How could it be explained if we were not asked for context, not even knew there is “something” (not someone) in our data?

To add insult to injury, they tell us these investigating super-lords may be machines, not always humans. AI will draw conclusions.
We have serious trouble to reach a human on the phone when something strange happened with our credit card or xyz account.

But how could we talk to AI if we don’t even know "it" was examining our “privacy” and reacting (No Fly List, …) based on bad information?

echo • September 7, 2018 6:19 PM

@Clive

The case I want to bring contains elements of privacy invasion and abuse of power the mechanisms of which you have noted. Being fully aware of this when it is happening and there is little to nothing you can do about it is nightmarish.
I have been treated worse than a criminal and asylum seeker. Telling the truth and rocking the boat doesn't go down well in the UK. I won't go on. The stealing information for personal gain or credit for things and shoot the messenger nonsense is frustrating and more than a little upsetting and exhausting at times.

When a manager who is fully aware of the abuse advises me to leave the UK because the same thing happened to a personal friend of theirs and claimed that the UK is too "backward" this just confirmed one option I had considered. This is why I am saving up to buy a passport and travel tickets and claim asylum in another EU country. It's a struggle but after the way the EHRC behaved I may have no choice.

Wael • September 7, 2018 7:58 PM

@Clive Robinson, @Sancho_P,

In the past on this blog I've asked @[...] and others for a not good but useful definition of, Random. You end up with things like, Random = nondetermanistic

Yes.I have a short answer and a question: firstly, the short answer: depends on context. Second, the question: if you possess perfect knowledge (omniscient,) would there be such a thing as "random"? Of course that's the extreme, and it shows that "randomness" is directly proportional to "knowledge". The less knowledge, the more random; the more knowledge, the more deterministic and predictable.

Our intuitive caution regarding their urge to “access” our data. Where does it come from?

All sorts of places ;)

So we know there are bad people everywhere, in all cultures / groups, and, this is especially troubling, also in our own LE and government.

"bad" is not a static quality. The quality changes based on interest. People that are bad yesterday could be categorized as good today or vice-versa, when interests change.

How could it be explained if we were not asked for context, not even knew there is “something” (not someone) in our data?

Excellent point! Likely, hardcoded, answer: AI will provide context. If you're liked, the context will save you. If not, well, then...

But how could we talk to AI if we don’t even know "it" was examining our “privacy” and reacting (No Fly List, …) based on bad information?

Happens all the time.

Clive Robinson • September 7, 2018 9:12 PM

@ Albert,

The article amused quite a bit.

But the funniest thing about the NewYorker article, was probably entirely unintentional by the editors, which was the warning in red at the top of the page it was satire...

The implication, that the Editors thought there might be one or two American readers who might not work out it was satire, made me think...

Just who did they realy put it there for?

We will know it didn't work if they get a 3AM twitter denouncing them as Witch hunters ;-)

echo • September 7, 2018 9:16 PM

@Wael

Clive's commented on weighted systems applies to standards and organisations. Randomness is a factor and in some organsiations gravitate towards good cop, bad cop behaviour or when navigating the system a flip flop behaviour. From keyboard input to larger structures people are very pseudo random.

I read up again on randomness. Oh, my head hurts.

Wael • September 7, 2018 10:11 PM

@echo,

I read up again on randomness. Oh, my head hurts.

This is still my belief

nd it shows that "randomness" is directly proportional to "knowledge".

I don't know what I was thinking. I meant inversely proportional! Multi-tasking is a ...

pup socket • September 7, 2018 10:31 PM

@Wael,

The less knowledge, the more random; the more knowledge, the more deterministic and predictable.

Foreknowledge (a.k.a. the ability to predict), surely?

Multi-tasking is a ...

كلبة (or in my case, just أم).

Wael • September 7, 2018 10:44 PM

@pup socket,

Foreknowledge (a.k.a. the ability to predict), surely?

Knowledge. Perfect knowledge is a superset -- a proper superset -- of foreknowledge.

كلبة (or in my case, just أم).

Exactly! You're kind of scary. You read my mind.

Clive Robinson • September 7, 2018 10:54 PM

@ echo, Wael,

I read up again on randomness. Oh, my head hurts.

These days when I read about "Stochastic Sources" for some strange reason I think of 1600 Pennsylvania Avenue[1]...

The thing to remember is informaly you could say that "it is not made to make sense". Which is a concept that can be difficult to get your head around.

Untill of course there you are doing a bit of research onr day into an unexplained problem and you come across[2],

A fast and efficient stochastic method is introduced to model the unsteady turbulent sound sources in the slat-cove of a high-lift airfoil. It is based on the spatial convolution of spatiotemporal white-noise and can reproduce target distributions of turbulence kinetic energy and length scales, such as that provided by a RANS computation of the time-averaged turbulent flow problem. The computational method yields a perfectly solenoidal velocity field. For homogeneous isotropic turbulence, the complete second-order two-point velocity correlation tensor is realized exactly. Two RANS turbulence models are applied to the slat noise problem to study how sensitive the aeroacoustics predictions depend on turbulence kinetic energy predictions. Results for the sound generation at the slat are given for a Menter SST turbulence model with and without Kato–Launder modification. The aeroacoustic simulations yield a characteristic narrow band spectrum that compares very well with the experimental data.

Contrary to what many would think it actually is not the engineering equivalent of "Managment Speak"...

[1] The NW 20500 one not the SE 20003 one.

[2] It's from a genuine paper and it actually does make sense, especially when you are looking at why an air flow you are taking energy from produces noise that is narrow band but not actually a resonance effect. Oh and high lift aerofoils are not just found stuck on the sides of aircraft. But supprisingly quite wierdly half a decade or so later I realised the underlying issue has applicability in other apparently totally unrelated domains such as AI.

pup socket • September 7, 2018 11:01 PM

@Wael,

Perfect knowledge is a superset -- a proper superset -- of foreknowledge.

zero knowledge ⇒ X randomness
total knowledge regarding the past ⇒ (i.e., no foreknowledge) Y randomness
total knowledge (including foreknowledge) ⇒ Z randomness

My contention is that X = Y ≠ Z, and the salient point is then foreknowledge. Changing the level of other knowledge doesn’t change randomness. Am I barking up the wrong tree?

Wael • September 7, 2018 11:19 PM

@Clive Robinson, @echo,

A fast and efficient stochastic method...

Should be perfectly readable by someone skilled in the art. It looks like hieroglyphics to me (I can read a symbol or two.) Strange that the word "manifold" was not there ;)

I actually thought this was an except from a paper you directed me to a few years ago. I can't find the link! The only keywords I remember is "So he just added another level of indirection". Can't remember anything else... oh, well.

Wael • September 7, 2018 11:34 PM

@pup socket,

total knowledge [...] Am I barking up the wrong tree?

Perfect (not total) knowledge is not bound by time or space.
To someone with perfect knowledge, the future has already happened and the past is happening. Past = Present = Future... no time dependency... all events are observable at the same time (alluding to omnipresence, in a way.)

level of other knowledge doesn’t change randomness.

But "randomness" is a perception! If I perceive Event_x to be random, does that necessarily imply every other observer will perceive Event_x to be a random event? I think not.

echo • September 8, 2018 3:37 AM

@Clive

The thing to remember is informaly you could say that "it is not made to make sense". Which is a concept that can be difficult to get your head around.

Oh, I do get this. Both from my run ins with the beaurocracy and having expert knowledge of various domains with eye boggling crossover.

This makes some things very difficult to explain including to lawyers and I paid approximately £700 to obtain an opinion from an accredited expert in the relevant fields which says this too. The fact some people's heiarchial status and revenues depend on them being the "professional expert" makes things go very unprofessional and shouty very fast.

I think we all get what "random" is. "RANDOM" is something else. I'm like yeah whatever. As long as it fools me well enough not to know or be affected by my ignorance I don't care.

Clive Robinson • September 8, 2018 5:37 AM

@ pup socket, Wael,

zero knowledge... total knowledge

Without limitations you have not expressed neither can be said to exist to an observer in our universe[1], and it can be shown as such within the limits of our existing knowledge.

So firstly if you have an information source of any kind, fundamentally it can be in one of two states, working or not working. Thus a single bit of information exists for it. There are several other single bit observations of this type all of which are information.

Secondly we assume we are in a finite but expanding universe[2], the implication of which means there is a finite amount of energy and matter onto which information can be modulated or impressed[3], even though entropy is increasing.

The simplest but wrong implication is that the total information set is not infinite, though in our observable universe it must be.

The next and most likely implication is that our physical universe is from the information perspective a proper subset of the total information set which is known to be atleast infinite.

That is we know there is always going to be one or more pieces of information that we can not know.

What this observation can not tell you is what is in the proper superset. This is what you would actually expect when you consider the implications of the big bang.

That is, as fundemental axioms we have both causality and the speed of light in our universe that together puts a bound on what can be known not just in the past but in the future as well due to the speed of light forming a time cone on each causes effects.

Further causality is metaphysically prior to notions of time and space. Thus whilst we can form a hypothesis about what causes gave rise to the big bang effect, by definition it occured not just outside of our universes light cone, but prior to our universes time and space. Thus we have nothing to measure inside our universe. Thus any one of many hypotheses could be valid, which gives rise to notions such as the many universes and other models.

[1] It rather depends on how you define "universe". It could be an all encomoassing "all that exists," or more interestingly as "all we can measure". If the former then by definition, there can be only one universe. But if the latter then we have the possability that many universes possibly infinite may exist. The cosmological view these days is tending to the latter and with good reason. Put simply we know our measurments are not just limited but bounded but in ways that suggests there is much more to know (look up Cosmic Inflation, Dark Energy, or Dark Matter to see part of the reason).

[2] In the current cosmological thinking we now have "Dark Energy" and "Dark Matter" and as a result proposals for several different cosmos models... One recent one is the "chaotic universe model",

https://www.nature.com/articles/s41598-017-18681-4

Where the universe oscillates in time with chaotic dynamics but importantly without repeating itself.

Thus some of our fundemental assumptions may be 'Standing with feet of clay on shifting sands, where only the illusion of time will tell'...

[3] By observation it can be seen that information it's self has no physical form or exerts any kind of force on energy or matter. Our interaction with information is possible because it can be impressed or modulated onto matter or energy that we can then use in one of three basic ways,

1, To communicate information.
2, To store information.
3, To Process information.

CallMeLateForSupper • September 8, 2018 10:57 AM

@albert
Your link:
https://www.newyorker.com/humor/borowitz-report/nation-stunned-that-there-is-someone-in-white-house-capable-of-writing-an-editorial?mbid=nl_Humor%20090618&CNDID=29677039&utm_source=Silverpop&utm_medium=email&utm_campaign=Humor%20090618&utm_content=&spMailingID=14203630&spUserID=MTQxNzkzNjEwMzI3S0&spJobID=1480493017&spReportId=MTQ4MDQ5MzAxNwS2

This does the same thing:
https://www.newyorker.com/humor/borowitz-report/nation-stunned-that-there-is-someone-in-white-house-capable-of-writing-an-editorial

(Is your slip showing?) ;-)

CallMeLateForSupper • September 8, 2018 11:38 AM

@Clive Re: The Atlantic's Borowitz Report

The "Satire from The Borowitz Report", in red ink, at the top of the article, is standard.

I've been a fan of Borowitz since forever. I share certain of his "reports" with particular individuals when when I know that the subject is that person's "cup of tea". For example, a sister and I "get off" on press photos of Rump in which he looks ... um, very "Precedential"(1). Anyway, I really should be more attentive to prefacing such shares with "Alarm! Satire" because some correspondents still fail to make the Borowitz/satire connection.

(1) https://www.newyorker.com/humor/borowitz-report/trump-furious-that-woodwards-book-is-written-at-seventh-grade-reading-level

pup socket • September 8, 2018 11:55 AM

@Wael,

Perfect (not total) knowledge is not bound by time or space.

(The dictionary says “omniscient” means “having total knowledge” and someone back there equated being omniscient and having perfect knowledge …)

Yes, knowing all means knowing all there is to know, which means everything. I get that. But that doesn’t mean I can’t talk about a subset of everything, such as the empty set or the set of all facts not concerning the future.

To someone with perfect knowledge, the future has already happened and the past is happening. Past = Present = Future... no time dependency... all events are observable at the same time (alluding to omnipresence, in a way.)

Deepak, can you put Wael back on, please? ;-)

But "randomness" is a perception! If I perceive Event_x to be random, does that necessarily imply every other observer will perceive Event_x to be a random event? I think not.

Damn it, Deepak, cut it out! ;-)

I don’t see how perception factors into it. It’s about (not) knowing what the outcome of an event will be before the event occurs. Once the event happens, randomness is gone, independent of perception, observers, etc. (You can pretend the event hasn’t occurred and “predict” the unknown —to you— outcome. Not really the same thing, is it?)

Anyway, been nice yappin’, but I got bongs—I mean, bones to gnawn. I’ll be seein’ ya ’round, mista.

Clive Robinson • September 8, 2018 2:06 PM

@ Sancho_P,

Where does it come from?

I suspect it starts in the school play yard when around five or six.

You tell someone something about yourself and the next thing you know it's got twissted and you are being taunted or bullied in some way because of it.

Thus you start to associate the telling of certain things with the pain of the taunting and bullying. Thus to avoid the pain you learn, to not just keep things private, but also have a "public face" to show to the world.

When I was an active cyclist I used to do fifty to a hundred miles a day. Often I got caught up in static traffic at lights or during the rush hour etc. On of the things I used to see was people sitting alone in their cars with their "non public face" on. It could be quite shocking or down right weird. I've actually seen people shouting incohearently with specks of spital flying, hitting not just their fists but sometimes their heads against the stearing wheel... Others performing what looked liked the hand and some of the body movments to Wilson Kepple and Betties Sand Dance[1]. The simple fact is they forget that the inside of their car is not realy the private place they assume.

I can only assume they also have a tendency to behave that way in the privacy of their homes. After all think back to the original Wii Fit Girl, she was not realy doing anything shocking or shameful or even embarrassing, and I'm fairly sure many others were doing the same.

But the video clip went viral and millions watched it, likewise the number of newspapers that sell on what is realy unimportant tittle-tattle and gossip and photos of people that might have had a slice or two more of turkey or an extra roastie or two over the winter festivities, or have not shifted the baby bump.

Thus perhaps we should instead ask what makes others so morbidly curious about other peoples private lives and what they plan to do with the information gained...

[1] https://www.youtube.com/watch%3Fv%3Dbq7DGvfnr3U

Wael • September 8, 2018 2:15 PM

@pup socket, @Clive Robinson,

Yes, knowing all means knowing all there is to know, which means everything. I get that. But that doesn’t mean I can’t talk about a subset of everything, such as the empty set or the set of all facts not concerning the future.

You can talk about anything you like. You're right, it's getting to be too philosophical, and getting outside the domain of cryptography.

Without limitations you have not expressed neither can be said to exist to an observer in our universe[1]

That's even a longer discussion. Another day...

Clive Robinson • September 8, 2018 2:58 PM

@ echo,

Being fully aware of this when it is happening and there is little to nothing you can do about it is nightmarish.

A friend who's job was to find and root out certain types of soft corruption in the likes of the UK Police forces and other public facing bodies had a series of quite effective standard tactics based on a simple observation

How do you deal with herd mentality when you are an apex preditor?

The answer is to not just seperate the prey from the herd, but also to get the herd to close ranks on the prey, which ensures the prey get slaughtered not the rest of the herd.

In more human terms you get the idiot out on their own and ensure that the organisation they worked for disownes them. They in turn generally do not require much prompting to turn on the organisation giving up superiors etc to show it was organisational policy they were required to follow.

Having seen my friend in action and reducing a director of one of the major mobile network providers to an almost gibbering mess. I can see how the technique works. The hard part is getting through to the idiot you've selected that it is a forgone conclusion that they will be hung out to dry by their colleagues and importantly you can not be stopped or bought off repeating frequently that they need to obtain proffessional help from a legal entity.

I've tried the technique out on a supposed "medical" organisations actuall employer and went through the courts and won. The result was every contact I've had since you can hear the sound of carefull feet on egg shells. However I suspect that I'm going to have to go scarry on them again at next contact just to ensure they keep the warning notice at the front of my file.

A variation on the technique is the "psycho-friend" acting as your representative. They usually get the message that being nice to you stops your friend going all psycho on them and verbally keel hauling them and the most senior managers.

Some organisations bluster but when named individuals get "14 days notice before action" letters they often capitulate. If they don't then sending out witness summons that include notice that they will have to supply full financial statments generally gets them to talk to a competent legal representitive who will frequently point out that it's time to negotiate and fast as the very expensive clock is running against not just their job but their home. Your best stratagy then is to listen and reject any offer, stressing that you prefere the "My day in Court to put things on the public record" option even if it is "mutually assured destruction" generally shakes the tree quite hard. However some idiots in the likes of the South Yorkshire Constabulary don't get the hint. It's thus nice to know that if your intended victim is over fifty in the UK you can go after their pension pot, hence going for the seniors and not the juniors is another tactic you can openly advertise to them. The prospect of no job, no pension and a charge on their home tends to make people want to make problems go away. And the best way to prevent them trying that out on you is to be effectively "in a legaly impecunious state".

Name (required):

E-mail Address:

URL:

Remember personal info?

Fill in the blank: the name of this blog is Schneier on ___________ (required):

Comments:

Allowed HTML: <a href="URL"> • <cite> • • • <ul> <ol> <li> • <blockquote> <pre>

← Using a Smartphone's Microphone and Speakers to Eavesdrop on Passwords Reddit AMA →

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.

Five-Eyes Intelligence Services Choose Surveillance Over Security

Comments

Leave a comment