June 2013


Economy and Free software and Politics17 Jun 2013 at 11:02 by Jean-Marc Liotier

On the 13th June, Fleur Pellerin (French Minister Delegate for Small and Medium Enterprises, Innovation, and the Digital Economy) gave a vibrant speech during the inauguration of the Mozilla Foundation’s new office in Paris.

I don’t recall any French politician at minister level so plainly taking side with free software :

Free software is a crucial asset for our economy, in more than one way. First, it enables the struggle against technological dependance upon actors who own our everyday computing tools – it is therefore a true guarantee of digital sovereignty. Furthermore, as we see today and contrary to popular myth, free and open source create jobs. Original business models have been invented and they are important factors in productivity and competitiveness for both private and public sectors who can in this way better control their holdings and concentrate their efforts on their specific value additions. Finally, free software undermines rent-seeking behaviours adverse to innovation, and therefore aids in the emergence of new economic champions.

Will the bold ideas instantly translate into action ? No one expects magic – but with policy laid out so clearly, there is reason to believe that the French government is headed in the right direction.

Let’s take note of those good intentions, keep an eye on the actions that should follow, spread the word that free software is a crucial economic asset and vote for those who understand that !

Networking & telecommunications and Politics and Security17 Jun 2013 at 0:37 by Jean-Marc Liotier

I took the EFF and Tor stickers as corroborating material in support of Snowden’s appearances of good character, but not everyone saw them that way… Interviewed by Time’s Andrew Katz, former security clearance investigator Nicole Smith explains that sympathy for online rights activists is a sign that a candidate may not be fit for Top Secret clearance:

In a photograph posted online after Snowden revealed himself, his laptop displays a sticker touting the Electronic Frontier Foundation, a longstanding advocate for online rights and staunch opponent of government surveillance. That would have been enough of a warning sign to make it into his file, Smith says, but investigators wouldn’t have come across it because clearance interviews aren’t performed at their homes: “You’re not around that person’s personal belongings to make any other additional observations about that person’s characters”

Self doubt ? Ethical questioning ? Interest in social issues ? Affinities for dissenting viewpoints ? No – that is not useful nor even compatible with secret work… Better fill the ranks with yes-men who will follow superior orders to the bitter end – that worked so well in the past

Anyway, thanks to Smith, the authorities now know what to watch for – open display of affinities with the EFF is enough of a warning sign to make it to file. Take this NSA agent for example, performing devious agitprop in official EFF attire :

Uh – hello General Alexander ! Doesn’t the Director of the National Security Agency look swell in that T-shirt ? Better in my opinion than in his stiff official portrait… But that warning sign shall certainly cost him an entry in his file – he’ll have some serious explaining to do when his clearances come up for review ! Maybe he should have just ordered an EFF sticker for his home laptop instead.

Military and Security and Systems administration15 Jun 2013 at 9:28 by Jean-Marc Liotier

In a message I got through Glyn Moody, Mikko Hypponen noticed this claim from German intelligence agencies :

Ist die eingesetzte Technik auch in der Lage, verschlüsselte Kommunikation (etwa per SSH oder PGP) zumindest teilweise zu entschlüsseln und/oder auszuwerten?“

„Ja, die eingesetzte Technik ist grundsätzlich hierzu in der Lage, je nach Art und Qualität der Verschlüsselung

My rough translation of these sentences of the article he linked :

„Are the current techniques capable of at least partially deciphering encrypted communications such as SSH or PGP ?“

„Yes, the current techniques are basically capable of that, depending on the type and quality of the encryption“

Of course, the weakness of weak keys is not exactly news… But it is always interesting when major threats brag about it openly – so this is nevertheless a pretty good refresher to remind users to choose the most current algorithms at decent key length and expire old keys in due time.

It is also a reminder that today’s cyphers will be broken tomorrow: encryption is ephemeral protection… Secret communications require forward secrecy & anonymity – for example, XMPP chat may use a server available as a Tor hidden service, with the clients using Off The Record messaging.

Military and Politics and Security14 Jun 2013 at 11:11 by Jean-Marc Liotier

Main Core is the code name of a database maintained since the 1980s by the federal government of the United States. Main Core contains personal and financial data of millions of U.S. citizens believed to be threats to national security.

The existence of the database was first reported on in May 2008 :

According to a senior government official… ”There exists a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived ‘enemies of the state’ almost instantaneously” … One knowledgeable source claims that 8 million Americans are now listed in Main Core as potentially suspect.

Putting this level of paranoia in perspective, Stalin’s Great Purge hit 1% of the population. 8 million is 2.5% of the USA’s population – or about 3% if you exclude children under 15 year old. If you think that 3% of the adult population may be out to get you, then you should probably be very carefully considering the possibility that the problem is actually you.

Dating back to the 1980s and known to government insiders as “Main Core”, the database reportedly collects and stores — without warrants or court orders — the names and detailed data of Americans considered to be threats to national security.

One former intelligence official described Main Core as “an emergency internal security database system” designed for use by the military in the event of a national catastrophe, a suspension of the Constitution or the imposition of martial law.

Putting aside the question of what actions are appropriate in catastrophic circumstances, should anyone believe that such a database will never be misused ? Secrecy trebles the probability of abuse.

Since 2008, no news has surfaced about Main Core – there is no reason to believe that it is not still maintained, probably under a new code name.

Military and Politics13 Jun 2013 at 17:00 by Jean-Marc Liotier

Remember Eisenhower’s 1961 warning against the military–industrial complex in his farewell speech ?

“In the councils of government, we must guard against the acquisition of unwarranted influence, whether sought or unsought, by the military-industrial complex. The potential for the disastrous rise of misplaced power exists and will persist”

It is still valid today – and in current news in the guise of the  intelligence-contractors complex where the consequences of financial corruption also go much beyond mere massive waste of public funds.

The challenge that faces us is not an arms race in communications privacy – hardening helps but it is a tactical countermeasure that does not address the problem systemically.

The way forward is political : democratic control must be reasserted over those entrusted with exceptional means. It is easier said than done, considering the entrenched interests that will obstruct the path ahead – but ignoring the political nature of the challenge will only ensure the continuation of a state of information warfare between the people and the state that used to represent them. A better way exists !

Marketing and Networking & telecommunications and Security and Social networking and The media and The Web12 Jun 2013 at 11:11 by Jean-Marc Liotier

A few reflections from my notes of public reaction to last weekend’s events.

Advertising is the main source of revenue for publishers on the Web, including the lords of sharecropping empires such as Facebook and Google. Revenue from advertising varies hugely with how well the message targets the audience. Targeting requires getting to know the target – which is the business that Facebook and Google are in : getting the user to find them useful and trust them so that he willingly provides them with their raw material.

I used to enjoy giving the publishers a lot of data in return for personalization and services – even considering the risks. Yes, we knew the risks – but they are the sort of risks that we are notoriously bad at evaluating. Most of us have probably read at least a dozen different tales of Orwellian dystopias – yet our productive relationship with service providers let us convince ourselves that betrayal won’t happen. We were so complacent that it might be argued that we asked for this.

So why are we surprised ? The surprise is in the scale of the abuse. Corruption always exists at the margins of any system that is sufficiently slack to let alternative ways thrive and supply the mainstream with fresh ideas. A society with no deviance at its margins is totalitarian – so we live with that some antisocial behaviour as a cost of doing business in a society that values individual freedom.

But today we find that the extent of corruption is not restricted to the margins – we find that most of what goes on there among people we entrusted with extreme power at the core of the state entirely escapes oversight and drifts into mass surveillance which is known to asphyxiate societies. That much corruption was a risk that we were warned against, but seeing it realized is still a nasty surprise.

Again, this is not about lawful surveillance under democratic oversight, which is as acceptable as ever – this is about the dangerous nature of massive untargeted surveillance outside of democratic control. But public opinion reeling from the shock will probably be blind to the difference – it is now likely to be wary of anything that even remotely smells of surveillance.

Of course, not everyone has yet realized the tradeoffs that modern communications entail and that they have always been making, even if unwittingly – public awareness of privacy issues is not going to arise without continued evangelism anytime soon. But a host of users has awoken to realize that they were sleepwalking naked on Main Street. What will they do now ?

Considering how mainstream audiences have long happily kept gobbling up toxic information from the mass media, I am not holding my breath for a violent phase transition – but a new generation of privacy militants might just have been given birth and I wonder how much they will nudge the information industry’s trajectory. In any case, they will not make the Internet more welcoming to it.

Politics10 Jun 2013 at 11:23 by Jean-Marc Liotier

Back in 2007, Obama said he would not want to run an administration that was “Bush-Cheney lite” He doesn’t have to worry. With prisoners denied due process at Gitmo starving themselves, with the C.I.A. not always aware who it’s killing with drones, with an overzealous approach to leaks, and with the government’s secret domestic spy business swelling, there’s nothing lite about it“.

Maureen Dowd, New York Times, 8th June 2008

Via John Naughton’s Memex 1.1

Networking & telecommunications and Politics10 Jun 2013 at 10:02 by Jean-Marc Liotier

Do you remember who said this ?

“This Administration also puts forward a false choice between the liberties we cherish and the security we demand. I will provide our intelligence and law enforcement agencies with the tools they need to track and take out the terrorists without undermining our Constitution and our freedom.

That means no more illegal wire-tapping of American citizens. No more national security letters to spy on citizens who are not suspected of a crime. No more tracking citizens who do nothing more than protest a misguided war. No more ignoring the law when it is inconvenient. That is not who we are. And it is not what is necessary to defeat the terrorists”.

Hint – it was in August 2007. Yes, he may have changed his mind since then…

Yes we (probably) can ! (your mileage may vary; this message does not reflect the thoughts or opinions of either myself, my company, my friends, or alter ego; terms are subject to change without notice; this message has not been safety tested for children under the age of 3; any resemblance to actual persons, living or dead, is unintentional and purely coincidental; do not remove this disclaimer under penalty of law; for a limited time only; this message is void where prohibited, taxed, or otherwise restricted; message is provided “as is” without any warranties; reader assumes full responsibility; if any defects are discovered, do not attempt to read them yourself, but return to an authorized service center; read at your own risk; text may contain explicit materials some readers may find objectionable, parental guidance is advised; keep away from pets and small children; some assembly required; not liable for damages arising from use or misuse; may cause random outbursts of extreme violence, or epileptic seizures; actual message may differ from illustration on box; other rules may apply; past performance does not predict future results; see store for details).

Networking & telecommunications and Politics and Social networking and The media and Uncategorized09 Jun 2013 at 22:49 by Jean-Marc Liotier

In the wake of the Prism debacle, Google CEO Larry Page and Facebook CEO Mark Zuckerberg, among others, published reactions full of outrage, strong denials of specific allegations (“direct access”, “back doors”) and technically correct truth… But ridiculously inadequate in the face of the awesome shitstorm that Edward Snowden kicked up, as they won’t admit willful cooperation or even awareness of possible abuse of privileges lightheartedly granted to the NSA.

Meanwhile, the Director of National Intelligence issued a fact sheet stating that PRISM was conducted “under court supervision, as authorized by Section 702 of the Foreign Intelligence Surveillance Act (FISA) (50 U.S.C. § 1881a)”. Among other things, that fact sheet states that :

Under Section 702 of FISA, the United States Government does not unilaterally obtain information from the servers of U.S. electronic communication service providers. All such information is obtained with FISA Court approval and with the knowledge of the provider based upon a written directive from the Attorney General and the Director of National Intelligence.

Above emphasis is mine – “not unilaterally” and “with knowledge of the provider”. Hello, Larry ? Zuck ? Feeling lonely there ? Have you just been hung out to dry by your friend the DNI ?

Military and Networking & telecommunications and Politics and Social networking06 Jun 2013 at 22:40 by Jean-Marc Liotier

By now you are probably already participating in the fireworks triggered by the leak of a secret court order requiring Verizon to hand over all call data to the NSA. Mass surveillance was a well known threat – but now we have proof that the USA do it… Will that be the wake-up call for increased political awareness ? I’m not holding my breath…

US Senators don’t seem to have realized the extent of public outrage – witness comments such as “This is nothing particularly new… Every member of the United States Senate has been advised of this”… Mass surveillance ? Yes we can ! All that would not have happened if Obama had been elected.

Anyway, a couple of months ago, Frank La Rue, the United Nations Special Rapporteur on Freedom of Expression and Opinion, has reported  to the UN Human Rights Council, making a connection between surveillance and free expression. It establishes the principle that countries that engage in bulk, warrantless Internet surveillance are violating their human rights obligations to ensure freedom of expression. Was that report prescient ? Is it part of a new trend at the UN ? Here are a few choice morsels from the conclusions of this extensive piece of research:

79. States cannot ensure that individuals are able to freely seek and receive information or express themselves without respecting, protecting and promoting their right to privacy. Privacy and freedom of expression are interlinked and mutually dependent; an infringement upon one can be both the cause and consequence of an infringement upon the other.

80. In order to meet their human rights obligations, States must ensure that the rights to freedom of expression and privacy are at the heart of their communications surveillance frameworks.

81. Communications surveillance should be regarded as a highly intrusive act that potentially interferes with the rights to freedom of expression and privacy and threatens the foundations of a democratic society.

Clear enough for y’all ? The report was in no way aiming at the US of A but today’s revelations makes it difficult to read it without thinking about them…

Mass surveillance is like searching every single home in the whole country because some of them might hide something illegal. With such massive indiscriminate intrusion in private lives,  secrecy isn’t kept to avoid “tipping off the target” – it is about avoiding legitimate public outrage at misguided actions outside of any effective control, that undermine the very foundations of what we strive for.