Saturday, 31 January 2015

Afraid of being caught?

What do the government really want?

Apologies in advance for this being a tad long and rambling. But one way to try and work on debating this sort of thing with the government is to try and put yourself in their shoes for a moment and understand why they are asking for this. So I am going to give it a try, but it may be hard.

I have tried to break down some of the basic challenges with managing society so that it works.

Bad things!

A fundamental idea is that some things are unacceptable to society, they are bad things and as such we should try and stop them happening. What exactly is a bad thing will vary over time as society changes, though some are pretty ingrained such as "murder" and "theft". It is a lot less obvious when when you get to things like "copying the CD I purchased to an MP3 so I can play it on my iPod on the train". The very definition of bad things is a matter for ongoing and rational debate.

Deterring people from doing bad things

The basic principle that surrounds most law is the idea that punishing those that do bad things should result in the anyone planning to do a bad thing deciding it is not worth the risk. That anyone considering doing a bad thing may reasonably expect that they could be caught and punished. It is basic human nature to avoid pain, to remember pain, and to predict pain - it is how we learn, and even how animals learn. We need people to be so afraid of being caught that they do not do the crime. For that to be realistic, we don't just need laws, and punishments, we also need very efficient means to detect crimes and identify the criminal that cause them.

What about people pulling the strings?

There is, of course, an issue that some people are smart enough to arrange for bad things to happen but themselves not actually do them. So if the crime is detected and the criminals identified, they can step back and try again with some other mugs doing the dirty work for them. To allow for this you have to then have offences for helping someone do a bad thing. This comes under conspiracy to commit, aiding and abetting, and so on.

What about catching people that are going to do a bad thing?

This is where it starts to get complicated. If the bad thing has not happened, you are looking at punishing people for something that has not happened. You really have to be sure that it would happen, and that is tricky as it is predicting the future.

I was thinking of a possible example here - if a few of us were caught with detailed plans for how we could rob a bank, then there would be an assumption that we actually were planning to rob a bank. But what if we had a half finished on-line game called Bank-Heist or something, and these details were simply research for a computer game? Then suddenly there is no realistic risk that the bad thing of robbing a bank would actually happen. Indeed there are other good reasons for having plans to do a bad thing, and that is where people are trying to devise ways to protect and defend against such things. Of course, a smart gang of bank robbers would hire a s/w engineer that thinks he is in fact making an on-line game so that they would have that defence :-)

The problem is that punishing people for something that they might do is a very dangerous game, a slippery slope in to thought crime. What if two office workers were upset with their boss and discussed how they wished he would be hit by a bus? What if he is hit by a bus? What if all communications is logged in a police state and someone finds that conversation? Thought crimes!

What about security?

The police will investigate crimes and find evidence to identify and convict a criminal, but that is generally after the fact, the idea being that convicting criminals deters other criminals.

But there are situations where that does not work. There are special types of criminals, typically terrorists, that feel that what they are doing is "right" and so much so that it overrides they fear of being caught or punished. Indeed, in the case of suicide bombers this overrides one of the most basic fears of all - fear of death. There are plenty of other risks where fear of being caught and punished is remote, such as cyber attacks from foreign countries.

So we have to consider the idea of the security services, who are trying to keep us safe from threats like that. They cannot use the traditional "fear of being caught" to deter people, so they need other means.

What they would ultimately like (one assumes) is a way to find people plotting to do a bad thing, and take some action against them before they do it. As I say, we are well and truly in to thought crimes here and we have to consider this only makes any sense for really serious bad things and where we are really sure that they would in fact do the bad things they are plotting.

In their ideal world they would have surveillance on everyone, all the time, audio, video, logs of everything they type and say, and the vast computing power to sift and sort that to find any hint of people doing bad things.

One of the difficulties here is that it if they had that, it would not stop at thwarting terrorist plots, like someone threatening to blow up and airport and saying so on twitter. No, once they have that power it would apply to office workers "plotting to kill their boss", or any number of minor things. So many laws make everyone a criminal already. A complete police state like this would be unacceptable to the general public.

What can we do?

Trying to be in their shoes - we know they would like a total surveillance police state, obviously. It is the only way to be sure that people are safe. You probably need to restrict people's movements and communications as well, just to be sure.

But we know that will never fly, we are in some sort of a democracy (though the way some Lords are behaving this week, you would not know it). Going that far would amount to civil war, or at the very least losing the next election.

So the real question is where you draw the line - how far can you go before what you are doing is impractical or unacceptable. That is their problem.

So what would I do?

I think what we had was not that bad, but as it was the status quo, I am conditioned to find it acceptable. In some ways it already goes too far.

But I have some ideas of tests for this - to decide how far I could go:
  • Is what you are asking for causing people and companies to do more than they would normally do? After all, getting telephone records was only possible when BT started itemising bills and so had the data - they were not asked to do any more than they already did, just check something on the data they already kept for commercial reasons. In think you may have gone too far if you are expecting people and companies to police other people and companies - to seek out and collect and retain data they would not normally need to. Making people police their neighbours is a very old system of government and will always cause suspicion and resentment.
  • Is what you are asking for targetted? This is important as otherwise you are essentially treating the population as criminals in the first place. This is also an issue with lines that have already been draw - human rights conventions and the EU Court of Justice where it is clear that surveillance has to be targetted. It is one thing to say "You have these phone/email records, can we see those for this person who is a suspect?" and another to say "Collect all this extra personal data for us for everyone just in case we want it later".
  • Are you invading privacy? This is a complicated one. Reading someone's private communications is clearly an invasion of privacy, and only really justifiable as a targetted action against a suspect with proper oversight on the process. Again, this is enshrined in human rights conventions. Now, if such action is to be targetted you should not be expecting everyone else to give up their right to privacy. This is tricky with encryption, which is now common. You would have to pick individuals who are suspects and say that they alone are not allowed encryption and hence privacy for a period of time. Everyone else should be allowed proper security and encryption as they are not suspects. Such a move is not practical in many cases.
  • Is what you are asking practical? This is another important concern. There are many cases where the wishes of the security services are not actually practical. I have a video [here] that shows step by step how to send truly secret messages with no more than pen, paper and dice. Banning something that simple is like banning someone picking their nose, it is a nonsense. But even if you are asking ISPs to do something, it has to be something they can do, and also something that will not compromise the integrity of their network.
  • Is what you are spending value for money? This question comes back to the fundamental roles of security services. Terrorism is a serious threat but not one that is actually should be a high priority for effort and expenditure as it causes so little harm and death compared to so many other areas which could be improved. If we are spending public money it should be a good return on investment. Even preventing an horrific crime killing thousands of people is only really sensible when compared to reducing accidental road deaths by that many. In the US, more people die from slipping in the bath than from terrorist attacks. So, yes, spend money stopping terrorists but only where it is value for money compared to other places on which it could be spent.
I think you will find that the snooper's charter, and even the DRIPA, fail on several of those simple tests already. This does not mean that there are not further steps which could be taken that are sensible when considering those test, and they should indeed be considered.

Genie is out of the bottle

A huge problem though is that the genie is out of the bottle - private, secret, communications is fundamentally possible. Even with seriously oppressive governments in the world, journalists, whistle blowers, spies and government agents, manage to communicate without being caught.

This means that, ultimately, a terrorist cell can communicate and plot something, and even the most extreme police state could not spot that in advance. It is also the case that one nutter could just decide one day to walking in to a school and shoot everyone (if guns are not handy, as we are not in the US, poison everyone using household chemicals). Sadly, we will always have some nutters, and some awful things like this could happen. The only answer to that is upgrade us all to cybermen.

So, please, let's make laws that are fair, rational, practical, value for money, evidence based, targetted, not invading privacy or treating everyone as a criminal, but are still some help to security services.

Thursday, 29 January 2015

Video editing

I thought I would try something that was not a rant for a change - it happens.

We have purchased a copy of "Final Cut Pro" for the 5k iMac. This was based on a recommendation from my colleague Alex. It is not cheap, a couple of hundred quid.

I have never done video editing before, and am still learning, but I have to say that so far it is looking promising and could be fun. I have not had to refer to the manual and needed only a few pointers from Alex. It is very responsive even though it is juggling gigabytes of data.

For the latest video [here] that I created, I used my Canon 1Dx to record full HD with a 24-70 lens in low compression mode. It looks like around half a gigabyte a minute in that mode but you generally want the best quality source for editing if you can. I also have a good stereo audio recorder which I put on the camera pointing at me. I recorded my monologue and then a separate sequence of close-up writing on the paper.

I then told Final Cut Pro to make the audio and the camera in to a multi-cam clip, which it did. The clever bit is it synced the iffy camera audio (I did not connect a separate mic) and the good quality audio recording perfectly and allowed me to turn off the camera audio.

I then cut in segments from the close-up shots with cross fades. It actually took me a while to cut in a still (of a cat) as it confused the issue being not 1920x1080. Next time I'll size the image to fit and not confuse it!

I was able to publish to youtube in a couple of clicks, and a few minutes encoding.

It is noddy stuff I know, and to be honest I should have got some proper lighting for the shot as well, a shirt clip mic, and maybe written a script :-) I have much to learn.

I do think that next time I'll add more cameras, even a wide angle with a go-pro or such, to cut the video about a bit and not look quite so much a talking head to camera.

So much to learn in script, performance, lighting, audio, editing and everything. Maybe the start of a new hobby.

Update: It is worth mentioning subtitles - youtube just does these for you, and if you have clean audio and speak clearly they really are very good. Even with my jabbering on it was still pretty good. They make it very easy to edit as well, so worth doing if you upload any video.

Helping terrorists?

I have posted a lot on privacy, encryption, snooping and the like, but I think it may be worth explaining that I am not trying to help terrorists here. I doubt anyone would get that impression, but I was surprised at one "dislike" on one of my videos.

There are lots of ways in which the authorities can catch criminals, and a key part of that is targeted surveillance. For terrorists, it seems to me the most obvious weak link is the people, and that infiltrating terrorists groups is the best way to get information. If you are in the group, none of this privacy and encryption matters as you are at the "plain text" end of the communications anyway. Even if you have suspects, then surveillance of those suspects directly is a key step. It is not as if the authorities have no tools available. In the Paris attacks the authorities had exactly the powers they are asking for already, and it did not help.

There are some key issues with trying to get more powers to track terrorists, some of which I have touched on. One of the main ones is the negative impact of those extra powers on law abiding citizens. The other is the fact that everything that is proposed can be bypassed by someone that is not law abiding (my videos on pen/paper encryption show this). These two together mean anti-terror laws only serve to hinder normal people and fail to serve to stop terrorists.

To give you an idea - if we had a law proposing road blocks and vehicle searches on every motorway exit - that could be argued that it would reduce terrorism. People would find it difficult to move guns or explosives around the country.

Obviously that would be crazy - it would be a massive imposition on the normal law abiding public and a step too far. It would also not be able to cover every road or every means of transport so a determined terrorist could get past it.

Opposing such a law is not "encouraging terrorism", it is explaining reality and trying to strike a reasonable balance of safety and liberty.

Oddly, even though the above does seem crazy we have accepted these steps for travelling around the world, with great inconvenience at airports.

It is also not proportionate to impose new measures. Whist terrorism is an important issue, it pales in to insignificance compared to so many other preventable harm and deaths in society such as road safety. We should spend money and resources where they will do the most good.

Another issue is that whatever powers the authorities get, having just that bit more power would be helpful until you end up in a total police state with thought crimes.

What I think is a step too far is blanket surveillance on the public, and this is the same position taken by the EU court of justice. We have to draw a line and stop freedoms being taken away or else the terrorists have won.

God save the queen

Having explained the basic process of how you might send secret messages using nothing more than pen and paper (and dice to make the keys) [here], I have made a further video which explains how one might comply with future legislation that requires a "back door entry" to be added.

See the video [here].

The basic change to the process is as follows. After composing the message and encoding it and sending it, but before destroying the evidence...

  • Write down a benign message alone side the coded message.
  • This benign message could be anything, my video uses "GOD SAVE THE QUEEN", but you could put anything. Ideally something that looks like it should be private but is not incriminating - perhaps something about a planned sexual encounter :-)
  • You write it in the same way you would your covert message, so as per my previous instructions you put 4 spaces at the start to allow the key to be identified.
  • You then use the calculator to subtract each letter in the benign message from the coded message, continuing to the end of the sheet.
  • This gives a sequence of gibberish, as you would expect.
  • You then write that sequence on a separate sheet, and put the date and time of your message sending.
  • Now, destroy the original key sheet and message.
  • You then send this new sheet as the "Key used to send message at date/time" to the key escrow trusted third party to which you have been required to deposit keys (the only logical "back door entry" for a one time pad system)

This means that if ever the powers that be want to check what you sent, they can get this "key" from the key escrow trusted third party with an appropriate court order or whatever, and use it to decode your intercepted message. The problem is that when they decode the message, all they get is your benign message "GOD SAVE THE QUEEN" or whatever. They do not see the real message and have no evidence that any other message exists.

The whole point of a one time pad is that every possible message is equally likely. A key could be provided to decode the coded message to any plain text message you like!

A further step would be to pre-agree the benign message (have it on the key sheets you originally share) so that the recipient can do the same. That way if they ask either end for copies of keys later, you have keys to hand over and they will actually agree.

An interesting point on all of this is that I know of at least one person who has had great fun coding this all in C since my last blog on this. Making a million keys and putting on a USB stick, and making tools to allow coding and decoding messages. Obviously these tools could do this extra step as well, overwriting the original key on the USB stick with the new benign message key. He is not a programmer normally, and is using this to help learn more C coding, but he is the end user in this - not a "tech company" or someone that can easily be identified and targeted with some requirement to add a back door. He is running software that he did not even download from the Internet, but made from scratch. The best bit is that he could be seen to be apparently complying with requirements for a "back door entry" by key escrow or a requirement to retain keys and still have private messages!

Wednesday, 28 January 2015

Reach Recruitment Services Ltd

How dumb can you be?
  1. Unlawfully junk mail me to my personal (individual subscriber) email address.
  2. Ignore my notice before action replying that I obviously have too much time on my hands
  3. Get sued by me for £200
  4. Ignore that and get judgement against by default
  5. Ignore that and get bailiffs knocking on the door
  6. Pay a total of £295 including court and bailiff fees
  7. Then... Get this... JUNK MAIL ME AGAIN to same email address
That is just special.

Anti-Terror laws are like antibiotics

Antibiotics are great - they kill almost all bacteria, and this means that they have saved a lot of lives that would have been lost to serious illnesses.

However, as most people know, not all bacteria are killed off. Some strains are resistant to the antibiotics. This is because of random mutations, but the resistant strains did not originally have any sort of competitive advantage in their environment so there were not many of them.

The problem is that when you use antibiotics a lot you find that all you are left with is resistant strains. These now have a competitive advantage in their new antibiotic rich environment.

In many ways anti-terror laws are the same - there will be people in society that want to commit some serious crime or terrorist act - they are the bacteria of our society.

Now, suppose you make laws that make it easy to track communications and spot terrorist plots. There will be some terrorists that are not so dumb as to just make normal mobile phone calls to their conspirators to plot something. A few will be smarter. The new laws will, of course, catch the dumb ones, and everyone will get a pat on the back for thwarting another terrorist plot, but that leaves you with the smart ones.

There have been examples of this. I have read that those plotting 11th Sep bombings put messages in draft on a dummy mail account, and someone else logs in, reads and deletes the draft. When I heard this I was impressed at how simple and clever it was - because draft messages are not the sort of thing that we monitored - only actually sent messages. Oddly the new Counter Terrorism bill going through now does not address that flaw even 13 years later - why? But what it does show is that there will be some that are smart enough to bypass the anti-terror laws.

Unfortunately, just like antibiotic resistant bacteria, it only takes one new strain to cause an epidemic.

This means that apart from all of the other collateral damage caused by anti-terror laws, and the progressive stripping away of freedoms from law abiding citizens, you also breed a new generation of smarter terrorists that are even harder to track down - and as I say - it only takes one.

Ultimately we have to be a lot more cautious and targeted with our anti-terror laws and surveillance powers or we risk making it really impossible to track what anyone does even when that is fair and proportionate.

Tuesday, 27 January 2015

SnoopersCharter is already out of date

Watching the debate yesterday did raise a few interesting points. One is that it is taking a long time to get in to place something to fill a supposed "gap" in logging of communications data (hence the proposed amendment to re-introduce the Data Communications Bill). Another is that a key problem with the snoopers charter is that it tries to be far too broad in order to allow for new technology without having to keep making new laws. This means far too much ends up in scope.

However, being in technology, I (and many others) can see that even with such wide scope it is already out of date!

It relies on some basic concepts which are changing, and have changed in some cases :-

That there is a communications provider, and one that is in the UK

The bill takes steps to impose conditions on communications providers. It would be impractical to try and impose these on every end user, and would also defeat the point if those end users are the very people you are trying to monitor.

The problem is that there are increasingly not a communications provider at all. In most cases there is, at a low level (copper wires, radio waves) a provider, but they are not providing the communications that you want to monitor. It is a bit like modems - the only communications data for any Internet access back then would be that you called your ISP for X minutes. Well, the Internet is the medium by which we communicate now, and you can use layers and layers. A communication (a message) may be sent as part of the content of something done on a web site, so all you log is that someone accessed the web site, and not that using that web site they sent a message to someone else. In that case the web site operator is a communications provider of a sort, but may not be in the UK. Things like TOR complicate the matter even more - its is a "network" with no providers.

But there are things where there is no communications provider even at the low level - mesh networks. With so many people owning wifi equipment it becomes possible to create networks that work via your neighbours wifi and create a whole Internet with no actual "provider" involved.

So making laws that impact communications providers only really works whilst they exist at the level you wish to monitor.

That there is a sender and a recipient

This is a pretty fundamental assumption in the legislation, and already is not always the case. A tweet is public, and whilst people may follow some people, they can just see tweets anyway and search for them anyway. If I post a tweet, who is the recipient? Do we try to work out who it was aimed at in some way, or just say it was sent to 1000 people (my followers). What if it is then retweeted to a million people - who sent the "message" and who was it to?

That the communication is a message

Again, this is ingrained in the legislation - but a communication could perhaps be clicking "like" on a FaceBook post. Again, who is that communicating to, and what is the message?

That you can separate envelope from content

This is also fundamental as the government quite rightly feel that snooping on everyone's content (opening everyone's letters) would not be acceptable.

The problem is that it is no longer easy or even possible to tell the content from the addressing information. What is the "content" of clicking "like"? What if I tweet and include the string @xkcd in that "message"? Is that "content", being within my tweet, or is it the address, being that it would be shown to Randall if he ever logged in to twitter.

There is legislation saying, for example, that no part of the content of an email shall be logged, but they want logging of the addressing. So if I included in the content of the email my email address does that then stop that address being logged, as it is also a part of the content?

Even talking of "weblogs" they are specifically talking of URL up to first slash (which is entertaining as that is "http:/") but they basically mean logging the hostname part. That is fine until you realise that lots of web sites are in fact, or, so you are not in fact logging the "site" being visited. Future changes to https may ensure that even the hostname cannot be logged.

So, I suggest that even now, the snooper's charter is already out of date for its stated purpose (as well as being technically impossible and immoral)

Update: The four horsemen (I mean Lords) are trying again