2015-01-31

Afraid of being caught?

What do the government really want?

Apologies in advance for this being a tad long and rambling. But one way to try and work on debating this sort of thing with the government is to try and put yourself in their shoes for a moment and understand why they are asking for this. So I am going to give it a try, but it may be hard.

I have tried to break down some of the basic challenges with managing society so that it works.

Bad things!

A fundamental idea is that some things are unacceptable to society, they are bad things and as such we should try and stop them happening. What exactly is a bad thing will vary over time as society changes, though some are pretty ingrained such as "murder" and "theft". It is a lot less obvious when when you get to things like "copying the CD I purchased to an MP3 so I can play it on my iPod on the train". The very definition of bad things is a matter for ongoing and rational debate.

Deterring people from doing bad things

The basic principle that surrounds most law is the idea that punishing those that do bad things should result in the anyone planning to do a bad thing deciding it is not worth the risk. That anyone considering doing a bad thing may reasonably expect that they could be caught and punished. It is basic human nature to avoid pain, to remember pain, and to predict pain - it is how we learn, and even how animals learn. We need people to be so afraid of being caught that they do not do the crime. For that to be realistic, we don't just need laws, and punishments, we also need very efficient means to detect crimes and identify the criminal that cause them.

What about people pulling the strings?

There is, of course, an issue that some people are smart enough to arrange for bad things to happen but themselves not actually do them. So if the crime is detected and the criminals identified, they can step back and try again with some other mugs doing the dirty work for them. To allow for this you have to then have offences for helping someone do a bad thing. This comes under conspiracy to commit, aiding and abetting, and so on.

What about catching people that are going to do a bad thing?

This is where it starts to get complicated. If the bad thing has not happened, you are looking at punishing people for something that has not happened. You really have to be sure that it would happen, and that is tricky as it is predicting the future.

I was thinking of a possible example here - if a few of us were caught with detailed plans for how we could rob a bank, then there would be an assumption that we actually were planning to rob a bank. But what if we had a half finished on-line game called Bank-Heist or something, and these details were simply research for a computer game? Then suddenly there is no realistic risk that the bad thing of robbing a bank would actually happen. Indeed there are other good reasons for having plans to do a bad thing, and that is where people are trying to devise ways to protect and defend against such things. Of course, a smart gang of bank robbers would hire a s/w engineer that thinks he is in fact making an on-line game so that they would have that defence :-)

The problem is that punishing people for something that they might do is a very dangerous game, a slippery slope in to thought crime. What if two office workers were upset with their boss and discussed how they wished he would be hit by a bus? What if he is hit by a bus? What if all communications is logged in a police state and someone finds that conversation? Thought crimes!

What about security?

The police will investigate crimes and find evidence to identify and convict a criminal, but that is generally after the fact, the idea being that convicting criminals deters other criminals.

But there are situations where that does not work. There are special types of criminals, typically terrorists, that feel that what they are doing is "right" and so much so that it overrides they fear of being caught or punished. Indeed, in the case of suicide bombers this overrides one of the most basic fears of all - fear of death. There are plenty of other risks where fear of being caught and punished is remote, such as cyber attacks from foreign countries.

So we have to consider the idea of the security services, who are trying to keep us safe from threats like that. They cannot use the traditional "fear of being caught" to deter people, so they need other means.

What they would ultimately like (one assumes) is a way to find people plotting to do a bad thing, and take some action against them before they do it. As I say, we are well and truly in to thought crimes here and we have to consider this only makes any sense for really serious bad things and where we are really sure that they would in fact do the bad things they are plotting.

In their ideal world they would have surveillance on everyone, all the time, audio, video, logs of everything they type and say, and the vast computing power to sift and sort that to find any hint of people doing bad things.

One of the difficulties here is that it if they had that, it would not stop at thwarting terrorist plots, like someone threatening to blow up and airport and saying so on twitter. No, once they have that power it would apply to office workers "plotting to kill their boss", or any number of minor things. So many laws make everyone a criminal already. A complete police state like this would be unacceptable to the general public.

What can we do?

Trying to be in their shoes - we know they would like a total surveillance police state, obviously. It is the only way to be sure that people are safe. You probably need to restrict people's movements and communications as well, just to be sure.

But we know that will never fly, we are in some sort of a democracy (though the way some Lords are behaving this week, you would not know it). Going that far would amount to civil war, or at the very least losing the next election.

So the real question is where you draw the line - how far can you go before what you are doing is impractical or unacceptable. That is their problem.

So what would I do?

I think what we had was not that bad, but as it was the status quo, I am conditioned to find it acceptable. In some ways it already goes too far.

But I have some ideas of tests for this - to decide how far I could go:
  • Is what you are asking for causing people and companies to do more than they would normally do? After all, getting telephone records was only possible when BT started itemising bills and so had the data - they were not asked to do any more than they already did, just check something on the data they already kept for commercial reasons. In think you may have gone too far if you are expecting people and companies to police other people and companies - to seek out and collect and retain data they would not normally need to. Making people police their neighbours is a very old system of government and will always cause suspicion and resentment.
  • Is what you are asking for targetted? This is important as otherwise you are essentially treating the population as criminals in the first place. This is also an issue with lines that have already been draw - human rights conventions and the EU Court of Justice where it is clear that surveillance has to be targetted. It is one thing to say "You have these phone/email records, can we see those for this person who is a suspect?" and another to say "Collect all this extra personal data for us for everyone just in case we want it later".
  • Are you invading privacy? This is a complicated one. Reading someone's private communications is clearly an invasion of privacy, and only really justifiable as a targetted action against a suspect with proper oversight on the process. Again, this is enshrined in human rights conventions. Now, if such action is to be targetted you should not be expecting everyone else to give up their right to privacy. This is tricky with encryption, which is now common. You would have to pick individuals who are suspects and say that they alone are not allowed encryption and hence privacy for a period of time. Everyone else should be allowed proper security and encryption as they are not suspects. Such a move is not practical in many cases.
  • Is what you are asking practical? This is another important concern. There are many cases where the wishes of the security services are not actually practical. I have a video [here] that shows step by step how to send truly secret messages with no more than pen, paper and dice. Banning something that simple is like banning someone picking their nose, it is a nonsense. But even if you are asking ISPs to do something, it has to be something they can do, and also something that will not compromise the integrity of their network.
  • Is what you are spending value for money? This question comes back to the fundamental roles of security services. Terrorism is a serious threat but not one that should be such a high priority for effort and expenditure as it causes so little harm and death compared to so many other areas which could be improved. If we are spending public money it should be a good return on investment. Even preventing an horrific crime killing thousands of people is only really sensible when compared to reducing accidental road deaths by that many. In the US, more people die from slipping in the bath than from terrorist attacks. So, yes, spend money stopping terrorists but only where it is value for money compared to other places on which it could be spent.
I think you will find that the snooper's charter, and even the DRIPA, fail on several of those simple tests already. This does not mean that there are not further steps which could be taken even when considering those tests.

Genie is out of the bottle

A huge problem though is that the genie is out of the bottle - private, secret, communications is fundamentally possible. Even with seriously oppressive governments in the world, journalists, whistle blowers, spies and government agents, manage to communicate without being caught.

This means that, ultimately, a terrorist cell can communicate and plot something, and even the most extreme police state could not spot that in advance. It is also the case that one nutter could just decide one day to walk in to a school and shoot everyone (if guns are not handy, as we are not in the US, poison everyone using household chemicals). Sadly, we will always have some nutters, and some awful things like this could happen. The only answer to that is upgrade us all to cybermen.

So, please, let's make laws that are fair, rational, practical, value for money, evidence based, targetted, not invading privacy or treating everyone as a criminal, but are still some help to security services.

2015-01-29

Video editing

I thought I would try something that was not a rant for a change - it happens.

We have purchased a copy of "Final Cut Pro" for the 5k iMac. This was based on a recommendation from my colleague Alex. It is not cheap, a couple of hundred quid.

I have never done video editing before, and am still learning, but I have to say that so far it is looking promising and could be fun. I have not had to refer to the manual and needed only a few pointers from Alex. It is very responsive even though it is juggling gigabytes of data.

For the latest video [here] that I created, I used my Canon 1Dx to record full HD with a 24-70 lens in low compression mode. It looks like around half a gigabyte a minute in that mode but you generally want the best quality source for editing if you can. I also have a good stereo audio recorder which I put on the camera pointing at me. I recorded my monologue and then a separate sequence of close-up writing on the paper.

I then told Final Cut Pro to make the audio and the camera in to a multi-cam clip, which it did. The clever bit is it synced the iffy camera audio (I did not connect a separate mic) and the good quality audio recording perfectly and allowed me to turn off the camera audio.

I then cut in segments from the close-up shots with cross fades. It actually took me a while to cut in a still (of a cat) as it confused the issue being not 1920x1080. Next time I'll size the image to fit and not confuse it!

I was able to publish to youtube in a couple of clicks, and a few minutes encoding.

It is noddy stuff I know, and to be honest I should have got some proper lighting for the shot as well, a shirt clip mic, and maybe written a script :-) I have much to learn.

I do think that next time I'll add more cameras, even a wide angle with a go-pro or such, to cut the video about a bit and not look quite so much a talking head to camera.

So much to learn in script, performance, lighting, audio, editing and everything. Maybe the start of a new hobby.

Update: It is worth mentioning subtitles - youtube just does these for you, and if you have clean audio and speak clearly they really are very good. Even with my jabbering on it was still pretty good. They make it very easy to edit as well, so worth doing if you upload any video.

Helping terrorists?

I have posted a lot on privacy, encryption, snooping and the like, but I think it may be worth explaining that I am not trying to help terrorists here. I doubt anyone would get that impression, but I was surprised at one "dislike" on one of my videos.

There are lots of ways in which the authorities can catch criminals, and a key part of that is targeted surveillance. For terrorists, it seems to me the most obvious weak link is the people, and that infiltrating terrorists groups is the best way to get information. If you are in the group, none of this privacy and encryption matters as you are at the "plain text" end of the communications anyway. Even if you have suspects, then surveillance of those suspects directly is a key step. It is not as if the authorities have no tools available. In the Paris attacks the authorities had exactly the powers they are asking for already, and it did not help.

There are some key issues with trying to get more powers to track terrorists, some of which I have touched on. One of the main ones is the negative impact of those extra powers on law abiding citizens. The other is the fact that everything that is proposed can be bypassed by someone that is not law abiding (my videos on pen/paper encryption show this). These two together mean anti-terror laws only serve to hinder normal people and fail to serve to stop terrorists.

To give you an idea - if we had a law proposing road blocks and vehicle searches on every motorway exit - that could be argued that it would reduce terrorism. People would find it difficult to move guns or explosives around the country.

Obviously that would be crazy - it would be a massive imposition on the normal law abiding public and a step too far. It would also not be able to cover every road or every means of transport so a determined terrorist could get past it.

Opposing such a law is not "encouraging terrorism", it is explaining reality and trying to strike a reasonable balance of safety and liberty.

Oddly, even though the above does seem crazy we have accepted these steps for travelling around the world, with great inconvenience at airports.

It is also not proportionate to impose new measures. Whist terrorism is an important issue, it pales in to insignificance compared to so many other preventable harm and deaths in society such as road safety. We should spend money and resources where they will do the most good.

Another issue is that whatever powers the authorities get, having just that bit more power would be helpful until you end up in a total police state with thought crimes.

What I think is a step too far is blanket surveillance on the public, and this is the same position taken by the EU court of justice. We have to draw a line and stop freedoms being taken away or else the terrorists have won.

God save the queen

Having explained the basic process of how you might send secret messages using nothing more than pen and paper (and dice to make the keys) [here], I have made a further video which explains how one might comply with future legislation that requires a "back door entry" to be added.

See the video [here].

The basic change to the process is as follows. After composing the message and encoding it and sending it, but before destroying the evidence...

  • Write down a benign message alone side the coded message.
  • This benign message could be anything, my video uses "GOD SAVE THE QUEEN", but you could put anything. Ideally something that looks like it should be private but is not incriminating - perhaps something about a planned sexual encounter :-)
  • You write it in the same way you would your covert message, so as per my previous instructions you put 4 spaces at the start to allow the key to be identified.
  • You then use the calculator to subtract each letter in the benign message from the coded message, continuing to the end of the sheet.
  • This gives a sequence of gibberish, as you would expect.
  • You then write that sequence on a separate sheet, and put the date and time of your message sending.
  • Now, destroy the original key sheet and message.
  • You then send this new sheet as the "Key used to send message at date/time" to the key escrow trusted third party to which you have been required to deposit keys (the only logical "back door entry" for a one time pad system)

This means that if ever the powers that be want to check what you sent, they can get this "key" from the key escrow trusted third party with an appropriate court order or whatever, and use it to decode your intercepted message. The problem is that when they decode the message, all they get is your benign message "GOD SAVE THE QUEEN" or whatever. They do not see the real message and have no evidence that any other message exists.

The whole point of a one time pad is that every possible message is equally likely. A key could be provided to decode the coded message to any plain text message you like!

A further step would be to pre-agree the benign message (have it on the key sheets you originally share) so that the recipient can do the same. That way if they ask either end for copies of keys later, you have keys to hand over and they will actually agree.

An interesting point on all of this is that I know of at least one person who has had great fun coding this all in C since my last blog on this. Making a million keys and putting on a USB stick, and making tools to allow coding and decoding messages. Obviously these tools could do this extra step as well, overwriting the original key on the USB stick with the new benign message key. He is not a programmer normally, and is using this to help learn more C coding, but he is the end user in this - not a "tech company" or someone that can easily be identified and targeted with some requirement to add a back door. He is running software that he did not even download from the Internet, but made from scratch. The best bit is that he could be seen to be apparently complying with requirements for a "back door entry" by key escrow or a requirement to retain keys and still have private messages!

2015-01-28

Reach Recruitment Services Ltd

How dumb can you be?
  1. Unlawfully junk mail me to my personal (individual subscriber) email address.
  2. Ignore my notice before action replying that I obviously have too much time on my hands
  3. Get sued by me for £200
  4. Ignore that and get judgement against by default
  5. Ignore that and get bailiffs knocking on the door
  6. Pay a total of £295 including court and bailiff fees
  7. Then... Get this... JUNK MAIL ME AGAIN to same email address
That is just special.

Anti-Terror laws are like antibiotics

Antibiotics are great - they kill almost all bacteria, and this means that they have saved a lot of lives that would have been lost to serious illnesses.

However, as most people know, not all bacteria are killed off. Some strains are resistant to the antibiotics. This is because of random mutations, but the resistant strains did not originally have any sort of competitive advantage in their environment so there were not many of them.

The problem is that when you use antibiotics a lot you find that all you are left with is resistant strains. These now have a competitive advantage in their new antibiotic rich environment.

In many ways anti-terror laws are the same - there will be people in society that want to commit some serious crime or terrorist act - they are the bacteria of our society.

Now, suppose you make laws that make it easy to track communications and spot terrorist plots. There will be some terrorists that are not so dumb as to just make normal mobile phone calls to their conspirators to plot something. A few will be smarter. The new laws will, of course, catch the dumb ones, and everyone will get a pat on the back for thwarting another terrorist plot, but that leaves you with the smart ones.

There have been examples of this. I have read that those plotting 11th Sep bombings put messages in draft on a dummy mail account, and someone else logs in, reads and deletes the draft. When I heard this I was impressed at how simple and clever it was - because draft messages are not the sort of thing that we monitored - only actually sent messages. Oddly the new Counter Terrorism bill going through now does not address that flaw even 13 years later - why? But what it does show is that there will be some that are smart enough to bypass the anti-terror laws.

Unfortunately, just like antibiotic resistant bacteria, it only takes one new strain to cause an epidemic.

This means that apart from all of the other collateral damage caused by anti-terror laws, and the progressive stripping away of freedoms from law abiding citizens, you also breed a new generation of smarter terrorists that are even harder to track down - and as I say - it only takes one.

Ultimately we have to be a lot more cautious and targeted with our anti-terror laws and surveillance powers or we risk making it really impossible to track what anyone does even when that is fair and proportionate.

2015-01-27

SnoopersCharter is already out of date

Watching the debate yesterday did raise a few interesting points. One is that it is taking a long time to get in to place something to fill a supposed "gap" in logging of communications data (hence the proposed amendment to re-introduce the Data Communications Bill). Another is that a key problem with the snoopers charter is that it tries to be far too broad in order to allow for new technology without having to keep making new laws. This means far too much ends up in scope.

However, being in technology, I (and many others) can see that even with such wide scope it is already out of date!

It relies on some basic concepts which are changing, and have changed in some cases :-

That there is a communications provider, and one that is in the UK

The bill takes steps to impose conditions on communications providers. It would be impractical to try and impose these on every end user, and would also defeat the point if those end users are the very people you are trying to monitor.

The problem is that there are increasingly not a communications provider at all. In most cases there is, at a low level (copper wires, radio waves) a provider, but they are not providing the communications that you want to monitor. It is a bit like modems - the only communications data for any Internet access back then would be that you called your ISP for X minutes. Well, the Internet is the medium by which we communicate now, and you can use layers and layers. A communication (a message) may be sent as part of the content of something done on a web site, so all you log is that someone accessed the web site, and not that using that web site they sent a message to someone else. In that case the web site operator is a communications provider of a sort, but may not be in the UK. Things like TOR complicate the matter even more - its is a "network" with no providers.

But there are things where there is no communications provider even at the low level - mesh networks. With so many people owning wifi equipment it becomes possible to create networks that work via your neighbours wifi and create a whole Internet with no actual "provider" involved.

So making laws that impact communications providers only really works whilst they exist at the level you wish to monitor.

That there is a sender and a recipient

This is a pretty fundamental assumption in the legislation, and already is not always the case. A tweet is public, and whilst people may follow some people, they can just see tweets anyway and search for them anyway. If I post a tweet, who is the recipient? Do we try to work out who it was aimed at in some way, or just say it was sent to 1000 people (my followers). What if it is then retweeted to a million people - who sent the "message" and who was it to?

That the communication is a message

Again, this is ingrained in the legislation - but a communication could perhaps be clicking "like" on a FaceBook post. Again, who is that communicating to, and what is the message?

That you can separate envelope from content

This is also fundamental as the government quite rightly feel that snooping on everyone's content (opening everyone's letters) would not be acceptable.

The problem is that it is no longer easy or even possible to tell the content from the addressing information. What is the "content" of clicking "like"? What if I tweet and include the string @xkcd in that "message"? Is that "content", being within my tweet, or is it the address, being that it would be shown to Randall if he ever logged in to twitter.

There is legislation saying, for example, that no part of the content of an email shall be logged, but they want logging of the addressing. So if I included in the content of the email my email address does that then stop that address being logged, as it is also a part of the content?

Even talking of "weblogs" they are specifically talking of URL up to first slash (which is entertaining as that is "http:/") but they basically mean logging the hostname part. That is fine until you realise that lots of web sites are in fact Facebook.com/somecompany, or someproxy.com/realwebsite, so you are not in fact logging the "site" being visited. Future changes to https may ensure that even the hostname cannot be logged.

So, I suggest that even now, the snooper's charter is already out of date for its stated purpose (as well as being technically impossible and immoral)

Update: The four horsemen (I mean Lords) are trying again http://www.bbc.co.uk/news/uk-politics-31062757

2015-01-26

Watching the government do its work

For the first time I have been watching, and engaging with, live coverage of legislation happening.

The debate in The Lords on the Counter Terrorism and Security bill.

They have added the whole of the Communications Data Bill as an amendment at a late stage in the Lords.

The debate was horrid to watch. I was screaming at the screen!

There are an amazing set of comments. Almost all are without any technical clue as to the serious implications. There are emotive statements like "talking to police after 7/7" - well that applies to any police on any motorway accident. So let's look at how many people terrorists kill. Fuck all!

There seemed to be no attempt to try and determine objective tests for any of this, and then apply them - it was nearly all "we feel this is a good/bad idea".

Good points on the fact that the French had the data as proposed, and did nothing. Others using the French incident to justify this amendment. Some suggest that UK would have noticed if it had happened here. Even if they would, this is data to which the UK already has access with no need for new laws.

Several points on tracking locations of mobile phones, something which we have now, and is covered by existing laws, does not need these amendments let alone this new bill, and is unlikely to go away for any reason. Indeed LTE (4G) improves this. Why these points were raised is unclear.

The fact that there is a sunset clause was mention, but they admitted that realistically it would just be extended. The fact that the work involved in setting up all of this extra monitoring and providing access would probably take until the sunset clause, was not raised.

It was amusing that someone sensibly questioned the meaning of "communication" and "message", asking if a "tinder match" counted as a message! A later comment from someone else thanks someone for explaining tinder to her during the debate, with some amusement. This is, however, a very important point, and shows that differentiating the envelope from the content is really not easy.

A few of the Lords and Ladies have clue and should be commended. Many are clueless. So many empty seats, it is scary. Making a list of "sane" Lords and Ladies is good though. I need to have dinner with them some time. Stras, Lane-Fox and Jones are on my "nice list". Some others too.

I am not sure how to conclude this post - but I am unsure that the way we run the country is actually sensible, sorry.

The fact that the steaming was iffy is a clue how important this is...

What gets me is how the hell should I need to be watching this - something is wrong if I cannot trust the powers that be to do the right thing!

We won this one, finally. Of course, this is the problem - to preserve freedoms we have to win every such stupid debate. To lose freedoms we only have to lose one debate and a law gets passed.

Do watch it. Scary...

Video [here] and debate on this starts 15:09. (thanks Dave)
Transcript [here].

Cool gadget

This looks cool, Philips InSight Wireless IP Camera. I just ordered one to play with from eBuyer. I may post some details of what I think about it.

But, bugger, chilling effect. I am already thinking should I get this?

After all, based on what David Cameron says, it could be illegal soon, and I may have to hand it in to the police station when they do an amnesty day on illegal crypto products.

After all, it says "Encrypted direct networking for secure connection" in the description.

I wonder if Sale of Goods legislation covers a product "becoming illegal" during its lifetime...

Let's make a law, that will fix it

Sadly we see this a lot, at UK and EU level. The cookie law was one example of totally stupid knee jerk reaction - it has not, in fact, stopped people being tracked at all - what it has done is cause constant annoyance to everyone visiting a new web page and being plastered with "cookie policy, click to agree" banners, and then having a cookie to record that they disagreed (or not being allowed to use the site). Even the ICO were non compliant on their web site when the law came in to force and many sites are not now. It did nothing and we all said it would do nothing.

Human rights

There are laws you cannot make - top level things that would break international treaties, breach human rights, or just lead to civil war. I nearly did not put this category in this post, but then realised that a right to privacy is one of those human rights things... Hmmm

Laws that cannot be detected to be enforced

You can't sensibly make something illegal that is impossible to detect and so enforce. In some ways the laws that existed against being gay are a bit like that - essentially the only proof was something done in the private, so only by admission or catching someone in the act would you catch some. It is a stupid law for moral reasons, but also for purely practical reasons of being hard to enforce.

Outlawing something everyone wants

Another good example is laws that try to outlaw something that is, by human nature or common practice, something people want to do. A good example is banning alcohol in the US. When you make a law like that you don't stop people doing it, but you drive it underground, making it hard to detect. You also create a huge problem that people become criminals anyway, so they have something to hide. People with something to hide get sucked in to more criminal behaviour and can be blackmailed. Before you know it you have the mob. Regulating such things so that you allow most people to do what they want within limits and still be legal is much more likely to succeed and make the criminal element unprofitable. The same is true for copyright violation - allowing people to easily and cheaply and legally access material is the way to stop the unwanted behaviour, not laws making something simple and wanted actually illegal.

Making everyone a criminal

Another big problem is that it is easy to make everyone a criminal with a stupid law. This has all sorts of problems. Much like the above, you could create an underground market of some sort, but if you really make something we all do every day illegal you end up with a law that is largely ignored. There is simply no way to enforce such laws. This is where banning use of any means of communications that cannot be read under an order from the Home Secretary (something David Cameron is calling for) would be silly. Everyone that uses FaceBook, iMessage, online banking, the conservative party web site, or even a cash machine, would be a criminal.

Making everyone a criminal causes all sorts of issues. You have people that try to comply, but can't so they take their business or themselves out of the UK. You have the problem with people with "something to hide" so can be blackmailed. You also create a convenient "We can arrest anyone we like" logic for police, as they just have to arrest you for having an iPhone. It is unworkable.

When can you make a law?

A law has to do some good and meet an actual requirement. It has to be proportionate - the cost of complying and enforcing the law has to reflect the benefit gained (questionable for many anti-terror related laws). It has to be detectable and enforceable. It also has to be something the public are happy with, as, after all, the government do work for the people!

Obviously a law does not have to be 100% - some people with evade detection. For most laws this is a simple matter of economics - a trade off for effort to catch every last transgressor compared to the cost/damage caused by them. However, for anti-terror laws, this is not the case. We are making anti-terror laws when there have been tiny numbers of terrorist attacks. Allowing one terrorists cell to evade the law would be unacceptable, if we are to believe the rhetoric of politicians. For an anti-terror law to be justified in the first place you have to make it one that can be 100% enforced as it only takes one nutter with a small nuke to ruin your whole day.

2015-01-25

Can we use David Cameron's super powers for good?

On a Radio 5 interview, Professor Glees, who advises the government said, "The government can require, by law, that software allows a back door entry in to it, that's a fact"

I have just realised that this must mean David Cameron has super powers, and we never knew it.

Please can "The government require, by law, that software is not a computer virus"?

That would be really useful. Tacking computer viruses is a big issue, but I never knew the government had a magic wand until now. Let's use it for good.

2015-01-24

Radio 5 interview shows stupidity

There is an excellent radio 5 interview on the whole issue of banning encryption, well worth a listen.


There is a lovely quote in it from the so called expert that advises the government, Professor Glees.

"The government can require by law that software allows a back door entry in to it, that's a fact"

I actually laughed out loud at that, really. It is so funny, but somehow, it seems he was not joking.

Firstly, as Professor Glees may not understand it, I'll explain that software is just a set of instructions that a computer follows.

A lot of the software used for encryption is open source. It is published openly and it is written, reviewed ,and maintained by volunteers all over the world for no money. It means there is no person or company that the law can apply to. There is no door the police (in any country) can bash down and demand the software is changed or not distributed. There is no person you can lock up or fine. It is free, open, and has copies everywhere on the Internet. It means that the set of instructions are out there and exist and can be used by anyone with a computer. This software is secure by design and does not have any "back door entry in it".

But let's bring it back to basics. There are things called "books" which are something of which Professor Glees may have heard. These too can contain instructions which can be followed. They could be instructions one can put in to a computer, but there are instructions which don't even need a computer. There is a book published in 1882 on the subject for use with telegraphs, so this is not new.

I have a simple video showing how you can use one of the simplest but most secure means to send secrets [here], do watch. This involves following instructions, the very thing computers do. I wrote out a set of instructions in my blog post [here]. Both the video and my blog, and countless other books, web page, videos, and even university courses, count, in a way, as "software", a set of instructions you could, if you wanted, put in to a computer.

Now, in order to "require, by law, that software allows a back door entry in to it" as specified by Professor Glees he would have to require my blog and that video are changed to add instructions like "Now you have made two copies of the key, one for the sender and one for the recipient, you have to make a third, and post it to GCHQ at this address". Indeed, every copy of every book and every web page explaining encryption is in effect "software" and they would all have to be found and need instructions like that added, or access blocked somehow. I suspect, for books, the only real way to get close to this involves piling books up outside libraries and burning them - that'll work!

Of course, if I was following that 1882 book, or my blog, or that video, and I came to the bit that says "send your keys to GCHQ", I could ignore that bit! When putting these instructions in to the computer, I could leave those bits out. Nobody would know. The encrypted messages would still pass around just like ones with the "back door entry". Remember, that these systems have to interwork with normal systems outside the UK (unless UK is to be disconnect from the Internet), so the presence of the "back door entry" is not something you can detect on the wire somehow. Only if someone actually wanted to spy on me, and tried to use this "back door entry", demanded copies of keys or whatever, would they find that I had not included one as required by law, but otherwise I would be fine.

This means that law abiding citizens and companies and engineers would have to follow these rules, or be committing a crime.

For criminals, ignoring these extra instructions, or loading software that does not have a "back door entry" will just be committing one more crime and only visible if/when they are caught. Of course, as proper encryption is legal everywhere else in the world, getting such software would be easy.

As explained on the Interview, you'd need a special weak version of iPhones and Windows and OS X in the UK. Indeed, somehow, you'd need a special weak version of Linux and FreeBSD and other open operating systems. When I download some crypto app for linux, somehow you have to stop me editing it to remove the "back door entry". Just as it would be hard to catch every iPhone as visitors come through customs it would be hard to catch every download of linux or other operating system, app, patch, library, source code, that could be loaded to bypass these mad laws. You would need special weak versions of cisco, juniper and FireBrick routers for use in the UK. You'd need to stop people downloading loads of standard apps from the Apple app store, and from Android stores, and somehow have Androids that are "locked down" that they cannot download any of these secure apps if someone does get a copy. You'd have to make Windows and iMac somehow locked down so that people could not download apps of their choice, and somehow do the same with linux and BSD. Heck, you'd even need a special version of the telephone I have on my desk as it can do encryption if I ask it to, and it is an outdated model that is no longer supported. Somehow you need special versions of code for equipment made by companies that do not exist any more. Even your TV would need a software upgrade to a special version.

And once you have that special code and special versions of iPhones, which the criminals can just ignore, you then need to somehow make it so that criminals don't crack this "back door entry" which has been added, even though it has somehow been added to open source code, and so can be seen and understood (makes cracking it just slightly easier if you have the source code). And when (not if) this back door is cracked you have to have some secure way to update every single device in the country from desk phones, mobile phones, apps on computers and TV sets and everything to the new version with the better back door that has not been cracked yet, while you cross your fingers for a week or so until it is hacked again.

Of course, even if not cracked for a long time, all confidence in any UK based security would be lost by the rest of the world. It would be against card payment processing rules for anyone to accept cards from any of the UK browsers because they would be known to have this "back door entry", so no card payments on-line would be possible from any UK law abiding citizen (criminals would not have that problem, obviously, as they can just run old/safe versions of browsers and access via TOR/VPNs).

Now, remember, Internet Explorer 6 (IE6) which dates to 2001, that is 14 yeas ago. That has in it secure(ish) encryption code. If it has taken 14 years for Microsoft to get people to stop using IE6 when there are good reasons for people to upgrade. How long would it take to get everyone to upgrade their browsers to include the government mandated back door? And that is just one app on one type of device (PC).

Finance would have to leave the UK, probably in order to comply with security requirements by law in other countries if not simply due to lack of confidence from any customers who find they deal with the UK.

And with all of that, you still have the fact that a child with pen, paper and some dice could send secret messages if they want, even if that means ignoring the extra line of instructions to send a copy of the key to GCHQ. You can make that illegal, just like you could make farting illegal, and probably with about as much chance of it being implemented.

And who the hell pays for all of these changes to every computer, every app, every browser, every telephone and device?

Sorry for repeating myself here - just trying to find ways to explain the scale of the problem to people like Professor Glees, who clearly has no fucking clue, much like Theresa May and David Cameron. Somehow we need to get the message across.

2015-01-23

Call for Apple to "do the right thing"

The EU are joining the madness now [here] asking "region's leaders to force technology companies into sharing encryption keys with national authorities". So not quite saying "ban encryption", but still missing the point.

We are doing all of this to protect our freedoms.

If we have to give up those freedoms, our right to privacy, in the name of terrorism then the terrorists have won. Draw the line here.

A system that is secure by design will not allow anyone else to read messages.

Not the government, nor criminals. But change that, and make a back door, whether keeping copies of messages or handing over keys or whatever, and you create a system that is not secure and is a target for criminals and terrorists to collect personal information and exploit it.

Asking technology companies to hand over keys makes no sense.
  • There are companies in countries that respect privacy. They have no reason to comply. (see below re Apple).
  • There are systems designed such that the "technology company" does not have the keys to hand over, so could not comply. You would have to ban their systems.
  • There are open source messaging systems where there is no "technology company".
  • There are ways to send messages without "technology" even [video]
  • Criminals and terrorists have no reason to use any of the systems where keys have been handed over, even if illegal to, as it means just breaking one more law - but non terrorists will have to comply with such laws - we lose, terrorists win!

So, where does Apple come in here?

iMessage is secure. Apple don't have the keys. They could change iMessage so that it is not secure. That would be a massive backwards step for them and lose them reputation. Obviously anyone concerned over privacy (including terrorists) could use secure open source messaging apps on an android, so Apple doing this would lose them business worldwide.

But if Apple say no? Will the UK government really ban iPhones in the UK, and take them off visitors at customs? Would they go that far? And if they did - would they ever win an election again? I really think Apple is big enough to stand their ground and JUST SAY NO!

2015-01-22

No way to run the country!

I am no expert on this, and to be honest, I seriously think they need to teach this in school a lot more. It matters, and affects us all.

It seems there is a bill, the Counter Terrorism and Security bill. This goes through a process to make it a law.

Like many bills, this goes through a load of stages, in this case starting in the commons with our elected officials considering it and proposing amendments. Several "readings" and a "committee" stage and a "report" stage and further reading.

Then the bill goes through the Lords, again, several "readings" and a "committee" stage.

But at this eighth stage in the process, after our elected representatives have had their say, and it has been considered twice by the house of Lords, we have an amendment.

The problem is that this amendment actually contains 18 pages of stuff which is identical in almost all respects to another bill, the Communications Data Bill (aka The Snoopers' Charter). This is a bill that failed, quite conclusively for a lot of reasons. These were not just the cost to the taxpayer (£1.8 billion) which was probably a massive underestimate, but significant human rights issues. It is not even the first time this type of bill has failed.

This is an attempt to "paperclip" this old, dead, and wrong, bill to the one going through, at the last minute. If it goes through it will not have had any of the normal stages of review by the commons (by those that we have elected) and very few of the stages of the Lords. It is just like The Simpsons episode with something paper clipped to another bill.

The people doing this should be ashamed,  LORD KING OF BRIDGWATER, LORD BLAIR OF BOUGHTON, LORD WEST OF SPITHEAD, LORD CARLILE OF BERRIEW. It is shameful and you should apologise publicly for this.

I hope this is quashed, and please - tweet a lord/lady in the house of Lords or write to your MP on this now.

This is acting like Bart Simpson, paper clipping something to a bill at the last second to push it through, and you know it is wrong else you would not be so underhand with it. You should resign, and renounce your peerage and leave as a Lord, and leave now. This is deceit and underhand in so many ways and you are unfit to be making laws for us.

The Open Right Group have more info [here].

This is no way to run the country and it will not be tolerated by real people.

2015-01-21

Please buy numbers in conservation areas

There are areas in the UK which have fewer telephone numbers available, and are called conservation areas. One could renumber, like so many areas for so many decades (I recall when Peopleton exchange renumbered from three digit numbers). But no, OFCOM have a new tack, and that is to charge for numbers in conservation areas. Some are challenging the legality of this, and we hope they win. We are having to pay, under duress.

The problem is the scheme they have created is cack-handed to such an extent that it is now in our interests to sell more numbers in these areas.

The scheme is that....
  • There is a minimum size block we can get allocated, 1000 numbers
  • We have to pay for all numbers allocated even if we do not have customers
  • If we have a number that is ported out to someone else, we get a discount, and that is more than we pay for the number, and the company that it is ported to pays nothing.
It would not be so bad if we only paid for numbers that are live and for which we have paying customers. But no, we pay for all numbers we have allocated less discount for those ported out.

So, what do we do (in the best interests of our shareholders, as required by the Companies Act)?

I created a separate company (not part of the same group of companies) and set up a porting agreement, and a commercial contract for VoIP.

All customers, for over a year now, buying or having numbers in these areas agree on sign-up to port the number to the new provider. We then have a commercial arrangement with the new provider to deliver the calls for that number. This means for live numbers we save more than the cost of a dormant number in these areas. We have done this for the first year and proved it meets OFCOM rules and received the discount.

So now we have to try and encourage as many customers as possible to get numbers live in these areas so that they can be ported out and save us money.

This is a trial of 30 areas codes. If it goes nationwide we may have to shut down doing VoIP at all, as it would not be commercial viable for any small VoIP provider. Let's hope the trial fails and they stop charging, or the legal challenges work and they have to refund.

So, for now, we ask people to take numbers in these conservation areas, please. We can "reserve" numbers for 10p/month now, and that counts. We may actually do some commercial incentives, perhaps even free numbers or some silly low price to get people to take large blocks in these areas. That is the way for us to save the most money.

The big issue is that, until now, there was no reason for any telco to hand back a number block to OFCOM as there were free. Even going bust, another telco would take over the blocks. But now there is a cost for such blocks, so it may not happen. If blocks are handed back, even ported-out numbers will stop working and consumers will suffer when their numbers stop even through no fault of the company from which they buy the (ported) number. Clever idea OFCOM to expose the problems with porting by doing this.

Clever scheme OFCOM, well done making it in our commercial interests to sell more numbers in areas that are short of numbers. Excellent work there.

Long term - let's talk OFCOM - about DNS based number allocation. Make it work per number. Happy to discuss and solve these problems, as ever. Really long terms, "numbers" are so 20th Century and obsolete.

Update: Just to be clear here - two key issues even if you accept that charging for numbers is a way to reduce take up (a) only charge for the numbers that are in use, and this is no less admin than asking how many ported out, and (b) Surely only charge for new blocks from now, as existing telcos with any live numbers can't really give back blocks, so you are not impacting take up any more by charging for blocks already allocated or just new blocks.

Update: Current conservation area codes 01202  01206 01223 01224 01253 01273 01274 01276 01332 01382 01384 01452 01482 01483 01582 01603 01604 01642 01702 01752 01753 01772 01782 01792 01793 01865 01902 01908 01924 01925

Passwords

Pondering best practice here. We have some of this in place on some systems, but I wonder what people think of this. We may try to work towards this for all systems in due course.

Basically, when someone new comes along and "signs up" for something we create an account ID of some sort, and a password. Traditionally the normal practice was to email the password.

There is a simple alternative which is to allow people to pick a password at signup, but, whilst this can be "secure" via https, it causes problems in that it allows people to pick passwords - and people are basically stupid when it comes to picking passwords. People pick easy ones, and the same one multiple sites. So you end up with stupid and annoying passwords "rules" which piss everyone off.

So, the plan is this...

On creating an account, we run the "reset password" process. The account has no password (i.e. cannot log in) at this point, but we email a link to an https page which is one time use and short lived. If apathy rules, then the link times out and the account will have no valid password, needing a "password reset" requiring the email address and some key data such as postcode.

The link offers a password visible on screen (which we warn about with the link). Now, this is a password we have picked, ideally using a TRNG and along the lines XKCD 936, i.e one that is really easy to remember. We have a button to get a new password if the first is offensive (a tad hard to avoid with random words) or was overlooked, etc. And we have some subtle means to allow manual entry of the password which you have to find by doing some research or asking staff (made hard deliberately). Again, relying on apathy to mean people get good passwords. However, the manual password does allow anything.

All of that is via https to avoid snooping, and we immediately store a hash of the password so we do not have a record of it. Obviously we log that the change took place, and the IP address, and we log if it was the first choice offered, a re-picked one, or a manually set one. If ever there is hacking we can say "you must have set a weak password" if it was manual. I am tempted to log how long it was too but not sure if that is sensible. I may allow posting of an SHA256 hash or some such so we don't, at that point, know the password at all (though we would know when you later log in, if we want, so maybe pointless).

A couple of extra tricks would be for the user to be able to load a public key at signup or any time later, and so for the password reset emails to be PGP encrypted as well.

The process relies on the fact that apathy rules. People will have no password (if they don't care) or will have one we picked sensibly, as a default. No password ever actually sent by plain text.

Have I missed anything obvious here, or is this the way things should be done?

Update: Thanks for all the feedback. We are instigating a system wide password library which provides password generation of defined sizes and entropy for users (XKCD style where possible), password hash generation and password hash checking. The checking can, and does, upgrade the hash checked to a later hash function if an old one is being used on next correct login. This allows existing hashes to be upgraded, and allows any future policy change on chosen salted hashing function to be applied in one place. We are also reviewing how we advise customer of passwords when creating accounts and logins.

2015-01-20

Is over blocking legal?

One of the concerns with ISP filtering (e.g. porn, etc) is the risk of over blocking. One question is whether that is legal. For example, if an ISP's porn filtering setting blocked access to this blog, could I do anything about it, legally?

The best candidate I can see for this appears to be the the Computer Misuse Act 1990 (as modified to include DoS attacks).

Section 3 appears to be the relevant part. The first part (1) says that someone is guilty of an offence if they do any unauthorised act in relation to a computer, knowing it is unauthorised, and part (2) or (3) apply. (2)(b) is to prevent or hinder access to any program or data held in any computer. Part (3) covers being reckless as to such things.

It seems to me that a block on a web site is clearly within (2)(b) as the whole objective is to prevent or hinder access to data on a web site (i.e. held in a computer). So that is pretty clear.

The issue seems to me to hinge on whether the action was unauthorised or not. Clearly, the person setting up the filters had authorisation to do so on the "computers" that run the filters. But the action was in relation to a different computer - it is in relation to the web site in question as that is the computer to which access has been hindered.

Thankfully section 17 comes to the rescue, and says An act done in relation to a computer is unauthorised if the person doing the act (or causing it to be done) is not himself a person who has responsibility for the computer and is entitled to determine whether the act may be done; and does not have consent to the act from any such person.

Now, this means that the person doing the filtering to stop access to a web site would have to have responsibility for that web site. Clearly, someone in an ISP somewhere setting filters up does not have responsibility for the computers hosting the web sites to which those filters relate.

Someone with proper legal training - tell me where my loop hole is in reading this?

Otherwise it seems that not only is over blocking illegal (reckless) but the blocking in the first place, and even pirate bay blocks, are criminal under section 3 of the Computer Misuse Act 1990.

Thinking about it - this legislation is trying to catch a DoS attack, where someone does something to hinder access to, say, a web site, by flooding traffic or some such. It is hard to see how a filter on access is not logically just the same as a DoS attack really, and how you would word a law to allow one and not the other. Essentially, in DoS or filtering, the computer to which you are hindering access is not one for which you are responsible - so the same! I suppose a carefully worded exception specifically covering this sort of web filtering at the request of the end user could work - but even so, that would possibly leave over blocking as illegal.

2015-01-19

What's in a name?

FaceBook are being a pain - they want my "authentic name".

Many people think this is simple, but it turns out that a "name" is far from a simple matter.
  • Some countries have the concept of an "official name" - one name that you have officially that the state recognises, and anything else is a nickname or false name of some sort.
  • Some countries even have a list of approved first names, one of which you must use when naming your child!
  • Some countries allow a name to be just one word.
  • But in England it is not so simple.
In England your name is simply what you are known as. There is no "official name". Indeed, a large proportion of the population use a different name than they had at birth, largely due to the common practice of women (and some men) changing surname on marriage.

Changing your name in England is also surprisingly simple - you make a deed poll - a simple declaration saying you will use a new name now. It is not an "official" document, as there is not a government office that issues it - you issue it yourself. You don't register the deed poll anywhere either, you just tell everyone that has your name and use it as evidence of that name change. Sadly, you typically need something that looks official to convince a bank, etc, as they don't understand how it works. There is a really good web site that will make an official looking deed poll for you for free www.freedeedpoll.org.uk

You can, of course, find all of this with a bit of googling. If you are thinking of changing your name, do not get ripped off - it is not something you have to pay for (though some bodies such as passport office may charge to issue a new document in your new name).

There are some caveats, but the main one is that your name change must not be to commit fraud. It is not a way to hide from your creditors. Interestingly that web site says you have to have at least two names (i.e. first name and surname), which disagrees with some people.

One thing I have failed to find while googling is whether there is any legal reason not to have more than one name. Even a passport can have also known as names on the observations page. Indeed, the passport guidelines reference the possibility of a woman that uses her husband's name and her maiden name rather than using one name for all purposes which seems to suggest that the concept of someone that does use more than one name is legally valid. It seems to me that some people are known by one name in some circles and another name in other circles and both are equally "valid". If anyone has any references, do let me know.

My issue is that I am known as "Thrall Horde" to thousands of people on FaceBook, and have been for years. I don't hide that I am known as Adrian Kennard in other circles, and there is no fraud. But FaceBook are now insisting that is not an "authentic name". I am probably known as "Thrall Horde" by more people than known me as "Adrian Kennard" as FaceBook has quite some reach.

So, I am pondering what to do. I am reluctant to just give in and put Adrian Kennard - not really my nature is it :-) FaceBook say they can accept some non-government ID documents, such two different documents from a list. Many of the items on that list I can get with any name I like with no fraud involved - i.e. I can declare that I am using that name to my employer and have business cards issued in that name (and if I like I can then declare that I am using Adrian Kennard again).

If it is legal to have more than one name concurrently if not fraudulently, I am happy to make a declaration that I am known as Thrall Horde as well as Adrian Kennard, but I think the usual wording on a deed poll is that I stop using the old name. Would be nice to know if there is case law on this. I could certainly apply to have Thrall Horde on the observations page of my passport with no problem (i.e. as a stage name).

I could, perhaps, do a deed poll, get a new driving licence, and then send to FaceBook. And then just do another deed poll changing my name back, get a new driving licence, and not tell FaceBook. Maybe I'll try a company ID card and some mail or something first...

By the way, before anyone says I agreed to these terms so why am I whinging - I did not actually make the FaceBook account. Someone else did, and gave me the login details. I never read or agreed FaceBook's terms anyway. Not that it is likely to make much difference. Indeed, the "real name" thing is something I only recently heard of when the same happened to a friend of mine.

I could just ditch FaceBook I guess, though I have spent nearly £2000 on advertising with them over the years, so I think it is their loss if I do.

But I wonder, can I legally have two different names?

Update: I may give in for now - I have to put a name in so I can cancel the paid promotion of my privacy post - not going to spend any more with FaceBook after this fiasco.

P.S. This is what a deed poll looks like

2015-01-15

z226etuo57q9m6brbblz6ztkpea5ct23rmex0vlv3ik*0m3rw

Please do watch the video [here]. Tweet #dontbanprivacy. I may have nothing to hide but I still expect to be allowed a private conversation.

Theresa May has said that there must not be a safe place for terrorists to communicate. David Cameron has gone further and said that we cannot allow any means of communications which cannot be read, [telegraph article] and so presumably means that the 64 million of us in the UK that are not in fact terrorists are not allowed to communicate privately either. Sadly Obama has joined in [here].

I was horrified, really, that our servants, the government, are really saying that we cannot talk privately any more. That is just police state gone mad.

I was also horrified at the heckling and stupid answer that Julian Huppert got when he asked Theresa May about this. It shows that the people in government, who run this country, really have no clue what these statements actually mean.

Obviously, the people I deal with immediately think of how stupid this is in light of the technology we use every day. We understand the usage of encryption (keeping secrets) done by computer systems in our daily lives. Each and every one of us use secret communications that the security services cannot see when we access FaceBook, or Google, or even The Conservative Party Website! We are doing exactly what David Cameron has stated, in no uncertain terms, must not be allowed for any of us (not just terrorists) to do. We also know that any attempts to achieve what they are saying, no matter how stupid, would not actually stop criminals and terrorists. It is like passing a law that says "If you are a terrorist, you must send a copy of all your plans and communications to secretsquirrel@gov.uk". It is stupid. It is us, the ones that are not terrorists, that stand to be impacted by this stupidity. Terrorists won't care.

But I want to try and take technology out of this debate and explain just how stupid this is in terms that anyone can understand. I have made a video [here], and I explain below, a means of communications that anyone (including terrorists) can easily use; a method of communication that cannot be read; something that is absolutely what Theresa May and David Cameron say must not be allowed. I am not being extremest here - every one of you does far more complex stuff every time you visit FaceBook, remember that!

The system is called a one time pad, and it is uncrackable. This may look like child's play, but I can assure you that if the NSA or GCHQ intercepted your communications using this then they could not crack it as long as you have done what I say and made sure the keys are secret and safe. I'd be surprised if this is not millennia old, but the concept was first published in 1882 relating to secure telegraph.

This is not difficult - and it is fun for all the family - why not try it with your kids? If could teach them important tools they may need if this government have their way.

Let's take is step by step...
  1. Before you start you need keys. In my video I have made each key a separate sheet of paper and printed with blank boxes by each character. In the spirit of SMS I have made the keys 160 characters long. You will need a set of keys for future messages, with each key twice, one kept by the sender and one by the recipient. I made the keys using a computer program, and you could get from a web site [here] but that means the web site operator may have your key, so not safe (unless you are just doing this for a bit of fun). Running the software yourself is better, but you can just use a pair of dice! You do not need a computer. A couple of dice and some squared paper and a pencil, that is all.
  2. You need to make sure the sender has a set of keys and the recipient has the same set of keys, and that nobody else has seen the keys or has a copy or has access. Each of you should keep them safe, perhaps in an actual safe even. This does mean meeting up face to face at some point, but this can set up secure communications for the future. You may want to agree a way to tell each other that your keys have been accessed, some suitable message like "my keys have been seen by someone else" in a text! NEVER LET ANYONE ELSE SEE THE KEYS!
  3. When you want to send some critical message, such as the date and time of an attack you are planning (don't attack people, that is not legal), you pick one of the key sheets. You can pick it at random, as it happens, and I'll explain how the recipient knows which you used.
  4. You write your message over the key letters on the sheet, but start with say 4 spaces. (We didn't do this on the video) Make sure you don't have other paper below as it could leave an impression when you write (a mistake we make on the video)
  5. For each letter in your message you also have a key letter. Using a simple addition table or wheel you add the two letters together. You look up the message letter on one side, and the key letter on the other, and find where the lines cross to get the output (coded) letter and write that down.
  6. For this purpose I have created a sheet with an alphabet of 36 characters in total, being A-Z, 1-9 and a space. To avoid misreading multiple spaces we are treating a space as a * in the final message sent, and to avoid confusion as well as making it a nice number to use with two dice, we have made O and 0 the same. A simple addition sheet can be found here. You could make different decisions on the alphabet to use and so on.
  7. For convenience, in my addition sheet, the space (or *) is added as a zero value, and so does not change the other letter (unlike the video). That means any spaces in your message you just write the key letter down unchanged - this saves time, but it also means your final message starts with 4 key letters as per the sheet. You should also have spaces on the end, so also writing the key letters again, either a random extra number of spaces, or perhaps all the way to the end of the 160 characters every time. This hides the length of your true message.
  8. You send the code letters to the recipient. This could be by text, but remember, this coded message is not secret - so you could just tweet it, or write it on a post-it note, or graffiti it on the side of a building (don't do that, it is not legal either). As long as the recipient knows where to look for the message that is fine.
  9. The sender now destroys the sheet, destroying your message and the key. NEVER EVER USE THE SAME KEY SHEET TWICE.
  10. The recipient can use the first 4 letters to work out which key sheet applies as they were coded as spaces. When making the key sheets you may want to avoid duplicates in the first 4 letters.
  11. The recipient writes the coded message on the sheet, and then works through the characters. This time, you find the key letter row, and follow it along to the coded letter, then go up/down to the letter at the end of the column and that will be the original message letter. Write that down on the sheet. You will see spaces easily as they have the coded letter the same as the key letter and so the padding spaces at the end are simple to spot and ignore.
  12. At the end you will see the original message on the sheet. Read it and understand it.
  13. The the recipient destroys the sheet, destroying the message and the key.
If, later, the police or security services, having seen this coded message, come to you and demand the key you used to decode the message (as allowed by law), you can honestly tell them that it was destroyed, and so not handing over the key would not be illegal. We think you have no legal obligation to hand over the keys that are not yet used and you can keep them in the safe, but if you do have to, just tweet that your keys are taken so no more message are sent or you indicate in some more subtle way if ordered not to, or if you are a terrorist and don't care about following the law!

The one time pad does have some issues. The main benefit is the simplicity and total security it offers, but the down sides are that you have to pre-exchange some keys, you have to be sure the keys really are random, and you have to be sure to keep the keys totally safe. If you can do that, then you have a means to safely communicate privately (even if you are not a terrorist).

Now, computers can do a lot more, and have ways to avoid the sharing of keys like this, but authenticity of sender and recipient are always issues in any system. Using computers it is even possible to actually hide the fact that the message is coded in some way, so you are not looking suspicious by sending gibberish texts. However, I hope this shows how simple it is to do what David Cameron and Theresa May actually want to ban, and how pointless any such ban would be. The damaging effects of any sort of measures they take could be massive though, and that is why we have to stop this proposal at the start and make them understand that:-
  • we have a right to communicate privately,
  • we have the technology (pen and paper) to communicate privately, and
  • we will communicate privately (and so might terrorists).
Please do watch the video [here]. And share our A&A FaceBook post and tweet under #dontbanprivacy. I want this to get back to David Cameron and Theresa May and everyone else that heckled Julian in parliament. He seems the only one with clue and I'd even move to his constituency if I could.

Meta spam

FFS, just got junk mail trying to sell me a course on junk mailing people, with things like "What the legal implications really are" as the first key point in the agenda!

I think this one will get a notice in the post as well as email this time.

The same bunch sent emails before so have had the standard email reply from me - that zaps any excuse of having taken reasonable measures to avoid breaking the law as they actually knew my email address was that of an individual subscriber when they sent this one. In fact they have emailed 9 times since July 2013 and had my standard reply each time. I hope they agree to settle, as I'll then use that as basis for claims for the previous 8 times.

Update: Grrr. Letter sent but it is a mailing address in London and nothing on the email or web site actually says who they are as a legal entity. So, for now, reported to trading standards for that.

Update: Arrrg, Trading Standards web site says the trading standards email address for Westminster, but the email address does not work and bounces. So I have ended up writing to trading standards. This means I have spent an hour today, two letters with attachments, one of which is recorded delivery, two emails. Is it any wonder I am asking for £200 for this spam in the first place?!

Update: I did think of registering for the course, and then cancelling for a refund. They say they allow a refund up to 14 days before the course. That would allow me to follow the money to work out who they are. But, of course, none of the courses they list are for which I can book are more than 14 days in the future! It is tempting to book someone on a course and send with hidden camera though.

2015-01-14

Keeping secrets

Cameron has raised awareness of privacy, the Streisand effect at work. If certain apps are banned, the criminals will know exactly which apps are safe to use. So I am working out what we can do to help customers that are concerned over security.

Andrews & Arnold and PGP

A&A have always supported use of PGP/GPG and customers can (and do) send encrypted emails. We sign emails we send from the accounts system. Staff have GPG installed and have keys signed by the company key which I control. Sadly few customers use this, and so staff are perhaps less on-the-ball than they could be, but we are working on improving that too.

I think we can do more though. What I am trying to work on now is a way for customers to tell us that they want encrypted emails from us. We would use the https access to the accounts system to manage this which has some degree of traceable trust but it would mean uploading a public key to us (or perhaps referencing a key server). We'd need to make this simple, and perhaps even have an API, as some people may wish to issue new keys every day and delete old ones in order to thwart the RIPA requirement to hand over keys if you have them.

The challenge I then face is how we manage that preference as we have various systems that send emails as well as staff that could send emails directly. We would need some way for every system to know to use encryption and which key to use. Now, for staff sending emails we can almost certainly integrate this in with the ticketing system as a "direct" email is relatively rare, but that is not ideal. I suspect that it will take some time to ensure every system and every script that sends emails understands this, unless we run an intermediate outgoing mail server for it.

I am interested in the best practice way of managing this though. I am sure this cannot be an uncommon problem. Should we run a key server? Should we put keys in shared SQL databases? We are only talking public keys so not a huge security issue. Maybe some combination of the two. Any advice welcome.

FireBrick and IPsec

The FireBrick products already support IPsec, and any day now we expect to have the EAP elements that will allow things like iPhones and Androids to remote connect to a FireBrick and allow VPN access to your office, etc. Once that is done we will progress on to TL, https and ssh, obviously.

One of the key features of the FireBrick, and one of the main reasons it has taken so long to get these features in place, is that this is written from scratch.*

What this means is that we know there are no back doors in the code. Almost any small router that does https or even IPsec has bought in the code or used open source. It is large and complex and may even be a "binary blob" so it is hard to be sure that it has no back doors. Open source is generally safer as it can be reviewed, and people do, but how do you know the code you downloaded is that reviewed and correct code exactly unless you check it yourself? Well, in our case, we know because it has been written in-house. There is not even a third party operating system below it, we wrote that too. We even use a processor with no hidden boot ROM code and no binary blob device drivers for peripherals (both of which are quite common these days in some types of processor). We even make the FireBricks in the UK and load the code in to them ourselves. All code is signed by us, and our boot loader checks the signature to ensure no rogue code can be issued with back doors added.**

I think it is incredibly rare for any manufacturer to be able to say that. And if some UK law is passed that could compel us to add back doors we would stop.***

Even so, suggestions welcome.

* Some of you may have heard the long standing truth that one should never try and design an encryption system yourself or behind closed doors. They have to be one subject to wide scrutiny to be any good. This is true, but is not the same an implementing these algorithms, which can be done behind closed doors, and the standards provide lots of good test data for doing just that.

** Technically, with physical access and a JTAG interface someone could load other code, but that is highly unlikely and would require that physical access to the FireBrick.

*** In practice we would probably set up in a saner country and make and ship from there, or possibly just emigrate there as the UK really would have lost the plot by then.

2015-01-12

Sorry David Cameron but we have a right to privacy!

David Cameron stating that we cannot allow a means of communications where the government cannot read that communication. [video]

Sorry, but no! This is not acceptable.

His statement is reported as relating to snapchat, but how would he make it so that all communications can be read by the government? If I access a bank that is not in the UK using https then this government cannot read that, which is as it should be.

He would have to ban encryption to achieve what he is saying and that is madness.

1. There are means which can be used to communicate in a way which cannot be read by the government, or anyone else - that is a fact and no amount of laws will change that fact. This is called encryption. Encryption is used every day by most people - Facebook defaults to using encryption, and of course on-line banking uses it.

2. There are means which can be used to communicate where it cannot be proved that any additional message exists if you of not have the key. This is called steganography. It means that one can send private message with no way to prove that you have done so, and so no way to prove you have broken some "no encryption" law.

Making laws against private communications is totally pointless as it does not stop private communications between criminals or suspects. What it does do is impact otherwise law abiding citizens and commerce and our right to a private life.

This issue surrounding David Cameron's statement that he believes that the government should be able to see/hear/read any communication in this country if necessary. He does go on about "in extremis" and how this needs to be signed off by Home Secretary, but even with the controls he mentions, in order to do this he needs it to be technically possible.

Think about that for a second - it means laws in the UK that make it possible for communication between two people to be listened in to by a third party even if those two people do not want that to happen. For the warrant from the Home Secretary to work, that has to be technically possible in the first place for all communication in the UK!

That is a huge thing to say - because if it is technically possible for the government to "listen in" then it is technically possible for criminals and terrorists to do so. What ever the legislation is, its job is to weaken what we do to the extent that the government can snoop. That means is possible, and those criminals will not need a sign off from the Home Secretary. That sort of change would make Britain a laughing stock and ensure nobody does anything sensitive with the UK. Indeed, it is hard to say how such weakening of communications could be consistent to Data Protection laws. In fact, it would mean NO COMPANY DEALING WITH UK CUSTOMERS COULD TAKE CREDIT CARDS ON-LINE as such weakened communications would be against the strict rules imposed and enforced by the card companies.

I have not actually read 1984, but is David Cameron quoting from it?

If you take what he has said literally it would mean whispering to your partner in bed would be illegal in case the government planted microphone could not pick up what you said.

Getting started with PGP.

Remember, Mr Cameron, you work for us, not the other way around. This sort of rhetoric shows you have no clue about basic rights or technology and really should not be running anything.

Update: Loads of responses on twitter along the lines of "Already UK law in RIPA, you have to hand over keys". ONLY IF YOU HAVE THE KEY! That does not help for transient keys. I mean, if you are asked to hand over the transient https key used on your last access to FaceBook so they can decode the TCP traffic they captured - you cannot. Similarly, I can simply make a key, send the public key to someone, receive from them a message, read it, and delete it and the key, then nothing to hand over. I think some chat apps do that inherently with transient keys in memory only, deleted after reading. It is not complex technology and perfectly legal not to have the key - only illegal not to hand it over on demand if you do have it.

Update: Another good blog post on this [Steve's blog].

Update: I have written to my [Conservative] MP.

Missing unix/linux/posix file open option

What I would like is a file open option for "create replacement file". The idea is that this makes a new inode in the same mount p...