Day: 2 August 2017

Decrypting Amber Rudd ar.al

Aran Balkan (via Toob Design):

What Amber Rudd wants will not make you safer. It will not protect you from terrorists. What it will do is make it easier for governments to spy on activists and on minority groups. What it will do is make all of less safe and lead to chilling effects that will destroy what little democracy we have left. It will result in a surveillance state and a global panopticon the likes of which humanity has never seen.

As for the companies that are part of the Global Internet Forum to Counter Terrorism – Facebook, Microsoft, Twitter and YouTube (Google/Alphabet, Inc.) – only a fool would trust a single word that comes out of their mouths about end-to-end encryption on their platforms or about the privacy features of their apps. Given what Rudd has said, consider that any end-to-end encryption they say they have today may be disabled and compromised, without your knowledge, during any app update at any time in the future.

I doubt many people really trust what Facebook and Google say about privacy anyway, but their participation in these confidential talks is not confidence-inspiring. Of note, Snap and Justpaste.it are now participants in the Global Internet Forum as well.

The iPad’s Comeback Tour leancrew.com

Dr. Drang points to two key figures in Apple’s latest earnings, with regard to the iPad: its 15% increase in unit sales, and its 2% growth in revenue,1 both compared to last year’s third quarter:

A real, live, honest-to-goodness, actual rise of 15% in year-over-year unit sales led to an upturn in the four-quarter moving average, the first since the end of 2013. No one needs to root for Apple to make more money, but this is the kind of news that might encourage developers to support the iPad and make it a better product for all of us.

More new iPads being sold combined with this autumn’s iOS update — which, unlike last year, actually has features for the iPad — should mean a healthier ecosystem. But the 2% revenue growth implies that the vast majority of growth in the iPads sold this quarter occurred because of the new entry-level model, which doesn’t have the power, features, or price of the recently-updated Pro models. Drang says that this might indicate that developers of higher-end apps might not find this price-conscious shopping very encouraging, but I think there might be a longer-term halo effect created by the entry-level model. It doesn’t have the performance or features of the Pro models, but I think its refinement together with the features in iOS 11 might drive people to exploring higher-end options.

  1. For comparison (PDF), the iPhone grew 2% in units but 3% in revenue compared to this time last year, and the Mac grew just 1% in units, but 7% in revenue. ↥︎

Amber Rudd’s Ruddy Dumb Case Against Encryption

The Telegraph on Monday published an op-ed by Amber Rudd, the U.K.’s present Home Secretary, making the case for a way for investigators to be able to see encrypted data without somehow breaking the fundamental principles of encrypted data. It’s behind a paywall, but I’ll quote the salient paragraphs. And, after setting the stage with a couple-hundred words about terrorism, we get to the titular topic:

Encryption plays a fundamental role in protecting us all online. It is key to growing the digital economy, and delivering public services online. But, like many powerful technologies, encrypted services are used and abused by a small minority of people. The particular challenge is around so called “end-to-end” encryption, where even the service provider cannot see the content of a communication.

Rudd admits that it’s a very small minority who lean upon encryption to mask their criminal deeds. But that’s the case for lots of different technologies: a small minority of people use a telephone to plan a crime and, even though GCHQ was able to record all phone traffic, their overbearing surveillance was found to be illegal. A small minority of people burn physical evidence of a crime, but fire isn’t outlawed.

To be very clear – Government supports strong encryption and has no intention of banning end-to-end encryption.

That isn’t what Rudd has been threatening for months.

But the inability to gain access to encrypted data in specific and targeted instances – even with a warrant signed by a Secretary of State and a senior judge – is right now severely limiting our agencies’ ability to stop terrorist attacks and bring criminals to justice.

Again, there have always been ways for enterprising criminals to get around the interception of their communications: they can meet in person, or use coded phrases.

I know some will argue that it’s impossible to have both – that if a system is end-to-end encrypted then it’s impossible ever to access the communication. That might be true in theory.

No, that’s true in fact.

This is where things really start to break down for Rudd. She’s arguing here that providers of encrypted communications software can, somehow, intercept communications in a human-readable way without compromising the security of the system overall. Quite simply, that’s completely bunk.

But the reality is different. Real people often prefer ease of use and a multitude of features to perfect, unbreakable security.

Why not have both? User experience and platform security are completely different fields and, generally, do not compete, so much as work together.

So this is not about asking the companies to break encryption or create so called “back doors”.

Yes it is. That’s exactly what Rudd is asking for — a way for authorized users to eavesdrop on encrypted communications without creating a security vulnerability:

So, there are options. But they rely on mature conversations between the tech companies and Government 
– and they must be confidential. The key point is that this is not about compromising wider security. It is about working together so we can find a way for our intelligence services, in very specific circumstances, to get more information on what serious criminals and terrorists are doing online.

Rudd, like so many others in similar positions, is going up against math and physics with hopes and dreams of back doors in encryption. It isn’t going to happen.

The responsibility for tackling this threat at every level lies with both governments and with industry. And we have a shared interest: we want to protect our citizens and we don’t want platforms being used to plan ways to do them harm.

But Rudd is okay with introducing vulnerabilities in different software packages used by billions of people around the world, including users in authoritarian regimes with leaders who are more interested in controlling the citizens they rule instead of protecting them. Creating a still-mythical way for a government to peer into a WhatsApp or iMessage conversation is inviting harm upon billions of people who rely upon reliably secured and encrypted communications — including Britons.

Ostensibly Anonymous Browsing Data Can Be Easily Exposed theguardian.com

Alex Hern, the Guardian (via Dave Pell):

“What would you think,” asked Svea Eckert, “if somebody showed up at your door saying: ‘Hey, I have your complete browsing history – every day, every hour, every minute, every click you did on the web for the last month’? How would you think we got it: some shady hacker? No. It was much easier: you can just buy it.”

Eckert, a journalist, paired up with data scientist Andreas Dewes to acquire personal user data and see what they could glean from it.

Presenting their findings at the Def Con hacking conference in Las Vegas, the pair revealed how they secured a database containing 3bn URLs from three million German users, spread over 9m different sites. Some were sparse users, with just a couple of dozen of sites visited in the 30-day period they examined, while others had tens of thousands of data points: the full record of their online lives.

While many have been worried about intrusive government surveillance — and rightfully so — private companies have also been sweeping up and sharing browsing data and purchasing history, with little practical oversight. The scale of the so-called “marketing technology landscape” has quietly but dramatically grown over the past seven years; I worry about how little most people outside the tech bubble seem to know about its growing tracking capabilities, and how hard it is to opt out of it.

Fact Checking Snopes on Its Own Claims of Being ‘Held Hostage’ by ‘A Vendor’ techdirt.com

Mike Masnick, Techdirt:

Last week, I (like probably many of you) saw the news that the famous (or infamous, depending on your viewpoint) fact checking website “Snopes” was crowdfunding on GoFundMe, saying that it needed to raise money as soon as possible, because “a vendor” refused to recognize that Snopes had terminated a contract and was holding the site “hostage.”

We had previously contracted with an outside vendor to provide certain services for Snopes.com. That contractual relationship ended earlier this year, but the vendor will not acknowledge the change in contractual status and continues to essentially hold the Snopes.com web site hostage. Although we maintain editorial control (for now), the vendor will not relinquish the site’s hosting to our control, so we cannot modify the site, develop it, or — most crucially — place advertising on it. The vendor continues to insert their own ads and has been withholding the advertising revenue from us.

[…]

The reality is that the story is hellishly complicated. Like, really, really complicated and messy. The paragraph above that Snopes used to describe the situation leaves out an awful lot of details necessary to understand what’s actually happening.

This is a fascinating and well-researched document of what, exactly, is going on with Snopes. One day, this saga will make for a terrific made-for-Netflix B-movie.