---------- Forwarded message ---------- From: iang <iang@iang.org> Date: Thu, Jun 8, 2017 at 3:10 AM Subject: Re: [Cryptography] stego mechanism used in real life (presumably), then outed To: cryptography@metzdowd.com On 07/06/2017 12:21, Jerry Leichter wrote:
There's an interesting and significant sidelight to the previous discussion of watermarking, and the message a couple of days ago from "M373" concerning the Seaglass project at U of Washington, which is developing means for detecting IMSI catchers at city-wide scale. In both cases - and there are others - we have legitimate research devoted entirely to discovering, publicly explaining, and perhaps effectively neutralizing, mechanisms that LE has put in place. As far as I can tell, this has little historical precedent. Criminals/revolutionaries/freedom fighters - it all depends on you viewpoint in particular situations - have long conducted exactly this kind of research. But it's been clandestine, done in support of their own activities, and passed around as secret tradecraft. (Of course, state actors have also long targeted each other this way.)
We've crossed a threshold when entitled members of society feel the need to work to subvert their own society's enforcement mechanisms. (No, university faculty members and EFF researchers and such - while hardly among the big movers in shakers - cannot reasonably be considered the downtrodden in any Western society.)
I agree with the observation of the shift, but I take issue with the notion of "society's own enforcement mechanisms". As far as I can see, it isn't society that is putting in wholesale enforcement mechanisms, it's a small subset that are working outside the bounds of society. In long-standing principle, societies have more or less accepted the need for spying on *foreign* enemies but drawn the line at spying on own citizens. This is well tested in history. For local spying you need an investigation, a warrant, a court, a process. The barrier is high. Things like yellow dots, the equity ratio of 10:1 offence to defence at NSA, also the 19 agencies secret sharing and deception to courts, show that the historical defences of civil society are being subverted. And, it is more or less worse in other countries. It used to be the notion in pre-1990s times that the agencies spying on own people was reserved for the evil enemy - the Stazi, McCarthy, KGB, Hoover. But now it seems to be trotted out with regularity that if the terrorists are achieving, of course we'll undermine society to fix that. C.f., May's recent comments about willingness to reduce fundamental rights of 60 million in exchange for 6. So I would prefer to say, what we are seeing is a shift towards society protecting itself against the attacks of agencies that are now out of control of the democratic population. That's just me. I'm not society. But neither am I content when entitled members of society in agencies think society is right and it's ok to go local because we're the good guys. General society didn't need end to end encryption until this shift happened. 40 bit CA-mediated crypto did the job for credit cards nicely enough. Nice to have, but there was no serious privacy threat on the tubes. Now there is a big shift happening - those that are listening are using the information. It's not there yet, but if the trend for open intel sharing continues, society will need end to end encryption just to survive. iang _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography