Fwd: [Cryptography] stego mechanism used in real life (presumably), then outed

grarpamp grarpamp at gmail.com
Thu Jun 8 12:14:02 PDT 2017 

---------- Forwarded message ----------
From: iang <iang at iang.org>
Date: Thu, Jun 8, 2017 at 3:10 AM
Subject: Re: [Cryptography] stego mechanism used in real life
(presumably), then outed
To: cryptography at metzdowd.com


On 07/06/2017 12:21, Jerry Leichter wrote:

> There's an interesting and significant sidelight to the previous discussion of watermarking, and the message a couple of days ago from "M373" concerning the Seaglass project at U of Washington, which is developing means for detecting IMSI catchers at city-wide scale.  In both cases - and there are others - we have legitimate research devoted entirely to discovering, publicly explaining, and perhaps effectively neutralizing, mechanisms that LE has put in place.  As far as I can tell, this has little historical precedent.  Criminals/revolutionaries/freedom fighters - it all depends on you viewpoint in particular situations - have long conducted exactly this kind of research.  But it's been clandestine, done in support of their own activities, and passed around as secret tradecraft.  (Of course, state actors have also long targeted each other this way.)
>
> We've crossed a threshold when entitled members of society feel the need to work to subvert their own society's enforcement mechanisms.  (No, university faculty members and EFF researchers and such - while hardly among the big movers in shakers - cannot reasonably be considered the downtrodden in any Western society.)


I agree with the observation of the shift, but I take issue with the
notion of "society's own enforcement mechanisms".  As far as I can
see, it isn't society that is putting in wholesale enforcement
mechanisms, it's a small subset that are working outside the bounds of
society.

In long-standing principle, societies have more or less accepted the
need for spying on *foreign* enemies but drawn the line at spying on
own citizens.  This is well tested in history.  For local spying you
need an investigation, a warrant, a court, a process.  The barrier is
high.  Things like yellow dots, the equity ratio of 10:1 offence to
defence at NSA, also the 19 agencies secret sharing and deception to
courts, show that the historical defences of civil society are being
subverted.

And, it is more or less worse in other countries.  It used to be the
notion in pre-1990s times that the agencies spying on own people was
reserved for the evil enemy - the Stazi, McCarthy, KGB, Hoover.  But
now it seems to be trotted out with regularity that if the terrorists
are achieving, of course we'll undermine society to fix that.  C.f.,
May's recent comments about willingness to reduce fundamental rights
of 60 million in exchange for 6.

So I would prefer to say, what we are seeing is a shift towards
society protecting itself against the attacks of agencies that are now
out of control of the democratic population.

That's just me.  I'm not society.  But neither am I content when
entitled members of society in agencies think society is right and
it's ok to go local because we're the good guys.

General society didn't need end to end encryption until this shift
happened.  40 bit CA-mediated crypto did the job for credit cards
nicely enough.  Nice to have, but there was no serious privacy threat
on the tubes.  Now there is a big shift happening - those that are
listening are using the information.  It's not there yet, but if the
trend for open intel sharing continues, society will need end to end
encryption just to survive.

iang


_______________________________________________
The cryptography mailing list
cryptography at metzdowd.com
http://www.metzdowd.com/mailman/listinfo/cryptography

More information about the cypherpunks mailing list