Proofreading, adding references

2 files changed, 154 insertions, 69 deletions

diff --git a/paper.ms b/paper.ms
index c1ea682..0d16103 100644
--- a/paper.ms
+++ b/paper.ms
@@ -3,7 +3,7 @@ short-label D.y
 sort
 .R2
 .TL
-Cryptography, crime, terror, and surveillance
+\f[B]Cryptography, crime, terror, and surveillance
 .AU
 \f[R]Mohit Agarwal
 .AI
@@ -15,7 +15,7 @@ decrypted without the necessary keys, with algorithms such as RSA where security
 is ensured by the large primes involved and the current intractability
 of prime factorisation. This allows for communication that is
 practically guaranteed to be private; a relatively new phenomenon in
-communications. In the past this has been seen with the one-time pad
+communications. In the past, this has been seen with the one-time pad
 {Rijmenants} which was cryptographically secure and used by both
 the KGB and NSA, well beyond the use of the Enigma and Lorentz
 machines by the Nazis which were both decrypted through
@@ -33,9 +33,9 @@ Modern Sigint initiatives have become rather complex and
 sophisticated and have grown greatly alongside the popular adoption of
 information technology.
 Part of government interest in Sigint is a direct response
-to perceived threads, such as the PATRIOT Act in the US which followed
+to perceived threats, such as the PATRIOT Act in the US which followed
 the 2001 terrorist attacks with the objective of strengthening
-national security (cite). Later, the FISA Amendments Act of 2008
+national security {PATRIOT ACT Congress}. Later, the FISA Amendments Act of 2008
 further increased the powers of law enforcement to access
 information, such as allowing the Attorney General and Director of
 National Intelligence to gather information about individuals outside
@@ -57,7 +57,7 @@ prevalence of electronic communication methods. Successful
 Sigint and cryptanalysis by government agencies can 
 respond to modern threats of crime and terror. A failure of
 responsible governance, however, may not only threaten the privacy of
-individuals unnecessarily, but also fail to respond to the ways in
+individuals unnecessarily but also fail to respond to the ways in
 which criminals and terrorists are using encryption, existing thereby
 only as a tool of authoritarian control.
 
@@ -65,7 +65,7 @@ An argument is often made against allowing widespread use of
 encryption and generally against widespread effective operations
 security (OPSEC) in the public sector in the interest of
 national security and the prevention of terror. With access to
-communications and usage history governments can gather significant
+communications and usage history, governments can gather significant
 information on terrorists and use this intelligence against
 terrorists. It is clear that intelligence and surveillance play a significant role in
 counterterrorism. The 9/11 terrorist attacks are seen potentially as a
@@ -76,7 +76,7 @@ September 2001 (chapter 8). The report details institutional failures
 and also emphasised the difficulty and importance of intelligence in
 counterterrorism {intelligence and national security}. Graham{#CTC
 terrorists} explores the use of encryption by terrorists which is
-often cited in a reason for giving governments access to unencrypted
+often cited as a reason for giving governments access to unencrypted
 Internet communications so that suspicious activity can be flagged and
 investigated in order to prevent a terror attack or in order to better
 respond in the case of an attack. Graham describes the extensive use
@@ -90,7 +90,7 @@ of encryption by terrorists, including a program that built a wrapper
 around the popular, secure, and open source PGP called \fIMujahedeen
 Secrets\fR by al-Qaeda. Although now terrorists and criminals use widely
 available, popular, and user-friendly software such as the Tails
-operating system or Telegram (Graham citation 28), terrorists
+operating system or Telegram (Graham citation 28), terrorist
 organisations have shown an ability to make use of more obscure and
 complicated systems, as well as to use publicly available source code in
 order to construct software for operatives to use.
@@ -104,15 +104,15 @@ end-to-end encryption in industry, we will not be able to prevent
 those attempting to evade the law from doing so, as shown in the case
 of terrorist organisations who have used more obscure software in the
 past and also in the case of the abundance of illegal activity that
-occurs on the so called \[oq]dark web\[cq] in the form of the trade of drugs and
-child pornography among others {gulati deep web}. Instead the
+occurs on the so-called \[oq]dark web\[cq] in the form of the trade of drugs and
+child pornography among others {gulati deep web}. Instead, the
 limitation of use of encryption on popular software will only decrease
 the privacy of those uninterested in criminal activity and instead
 using more popular software without regard for its security features
 or lack thereof. The information exposed by Edward
 Snowden in 2013 demonstrates that the US government has processed and
 collected vast amounts of unencrypted data and possibly
-continues to do so. In the case of unencrypted communication the
+continues to do so. In the case of unencrypted communication, the
 problem remains and preventing end-to-end encryption will simply allow
 governments to maintain the status quo of being able to intercept and
 read all communications between their citizens and individuals outside
@@ -136,16 +136,16 @@ in the GDR it was closer to one informant or officer for every 63
 citizens. Those living in the GDR often had experiences involving
 investigation by the Stasi and there was clearly an understanding
 amongst citizens that one had to be wary of an
-informant or agent listening in {funder}. In modern Western society
+informant or agent listening in {funder}. In modern Western society,
 there is a similar collective understanding that governments
 carry out surveillance on a massive scale on their own
 citizens. A key distinction today, however, is that 
 this work is not carried out by a vast network of informants,
 there are no kilometres of paper, and there are no
-collections of film and photograph {The Federal Archives} documenting and aiding the
+collections of film and photographs {The Federal Archives} documenting and aiding the
 surveillance of the authorities. Instead, the level of surveillance
 that large, secretive groups of individuals once had to carry out in
-order to enable a surveillance state can be performed instead through
+order to enable a surveillance state can be performed through
 bureaucracies and technological methods. In modern times, governments
 can operate with a very limited number of operatives \[oq]on the
 ground\[cq] and instead focus attention on the giant amounts of data
@@ -165,12 +165,12 @@ Yet encryption presents unique challenges to
 lawmakers. Not only will encryption be difficult to regulate due to
 its rapid development, but perhaps expressly due to its decentralised
 nature, where a government cannot prevent the existence of software
-that enables encryption which is open source and reproducible
+that enables encryption that is open source and reproducible
 internationally. Just as media piracy through torrents and access to
 hidden services over Tor are able to evade regulation, regulation of
 encryption may prove impossible. An arguably useful tool to the
 authorities does exist in the hardware and infrastructure that users
-of the Internet rely on. In the West a small number of companies (such
+of the Internet rely on. In the West, a small number of companies (such
 as Intel, Nvidia, Arm and Apple) design and produce the majority of
 hardware in a proprietary and closed source manner.
 
@@ -178,7 +178,7 @@ Concerns have already been expressed with regard to
 the Intel Management Engine {Intel Management portnoy} that exists on
 modern processors produced by Intel.
 Arguments have been made that the Intel Management Engine already acts
-as a backdoor for government agencies (cite), and the potential is
+as a backdoor for government agencies {TechRepublic backdoor}, and the potential is
 clearly there for US government interests in mass data collection and
 Sigint following 9/11 to lead to the introduction of backdoors in
 popular technology. We are aware that in the case of the Intel
@@ -192,32 +192,33 @@ software \[en] use, leaving them open to exploitation from either
 state or private actors. Furthermore, there is a visible interest in
 increasing the presence of technologies on the hardware level,
 including the aforementioned Intel Management Engine, the Trusted
-Platform Module (cite), and recently Microsoft's Pluton (cite)
-subsystem which will be present on hardware sold in the future. This
+Platform Module {TPM Verge}, and recently Microsoft's Pluton {pluton
+goodin} subsystem which will be present on hardware sold in the future. This
 variety of hardware within a single computer is a rather interesting
 and potentially worrying development, particularly with the clear
-level influence, interest, and competitiveness both the US {US House
+level of influence, interest, and competitiveness both the US {US House
 chip manufacturing bill} and Chinese governments have in their
 respective national
 chip manufacturing industries. In light of potential issues with
 hardware, there have been developments in \[oq]open hardware\[cq].
 
 RISC-V is an instruction set for processors from the University of
-California at Berkeley; opposed to Arm, Intel, and AMD processors,
+California at Berkeley; as opposed to Arm, Intel, and AMD processors,
 RISC-V is an open standard for CPU design {case for RISC-V}. This allows for open
 source CPU implementations, such as those designed at UC Berkeley, as
 well as those from other parties, such as Alibaba Group {chen risc}. A
 significant amount of existing software has been ported to the RISC-V
 platform and alongside the Alibaba implementation for data centres,
 the standard has been used by Google for a security module in the
-\[oq]Pixel 6\[cq] smartphone (cite). This attention and interest
+\[oq]Pixel 6\[cq] smartphone {Pixel 6 Security Blog}. This attention and interest
 potentially signals a shift towards increased demand for and utility
 in open hardware for privacy, security or economic reasons. Another
 poignant example of open hardware is the laptop created by the
 manufacturer Framework Computer Inc, which is designed to be more
 expandable, serviceable and repairable than other laptops available on
 the market. The company and laptop gained significant media coverage
-(cite) showing an interest from the public in open hardware. An
+{Financial Times right to repair}{Wirecutter Framework} showing an
+interest from the public in open hardware. An
 argument can be made that such projects are for niche interest groups
 only and that such solutions will never see the commercial success
 seen by the larger, non-open manufacturers.
@@ -237,7 +238,7 @@ preventing such investigation to occur. For governments, this is
 arguably the result of such heavy surveillance in the first place.
 It is clear that knowledge such as the 2013 Snowden leaks had an impact
 on the public and people are thereby more interested in
-their privacy and preventing surveillance. Around the world
+their privacy and preventing surveillance. Around the world,
 individuals use tools to increase their privacy and anonymity when
 using the Internet as well as to overcome censorship of information
 by governments. A major exception to the availability of the free
@@ -249,17 +250,17 @@ users to circumvent measures put in place by the government
 {firewall}{talbot tor china}{winter china tor}. Measures in China have
 enabled the government to tightly control and monitor the flow of
 information via the Internet; ensuring that citizens can only access
-that which the ruling part should allow. Whether such draconian
+that which the ruling party should allow. Whether such draconian
 measures could even be implemented in the more democratic West is
 questionable, but the opportunity clearly exists for governments to
-undermine the digital privacy of its citizens. Any such measures,
+undermine the digital privacy of their citizens. Any such measures,
 however, will face scrutiny from the media and public in Western
 society and thereby open software such as Tor is used to freely share
 significant amounts of information away from the observation of law
 enforcement, allowing illegal activity to occur {gulati}. The reduced
 ability for law enforcement to investigate crime will clearly have an
 impact by allowing criminals to act with additional impunity. In
-particular, the sharing child sexual abuse material, trafficking and
+particular, the sharing of child sexual abuse material, trafficking and
 other such crimes that are enabled by the Internet present reason for
 concern.
 
@@ -284,11 +285,11 @@ The rate of development in unconventional computing
 methods is increasing rapidly. Effective quantum computing will
 result in existing popular cryptographic algorithms such as RSA, which
 is used for communications and digital signatures, no longer being
-secure {Lily Chen quantum}. 
+secure {Lily Chen quantum 2016}. 
 Significant research in recent years has shown
 feasibility in current ideas surrounding quantum computing and
 promising results in development towards quantum supremacy and the
-future the breakdown of current cryptographic methods.
+future breakdown of current cryptographic methods.
 Indeed, both in the US at Google {google supremacy nature} and in China
 at a major university
 {china quantum advantage}{science photons quantum advantage},
@@ -323,14 +324,15 @@ governments has arguably prompted more independent development in the
 public sphere:
 the US National
 Institute of Standards and Technology (NIST) made a public request for
-nominations of post-quantum cryptographic algorithms (cite), leading
+nominations of post-quantum cryptographic algorithms {call for
+proposals}, leading
 to standards that will clearly influence future lawmaking.
 This adoption of open processes and the
 open auditing and implementation of future cryptographic standards is
 most striking when compared with the \fIDual_EC_DRBG\fR algorithm.
 This algorithm, which contained a vulnerability, was included in NIST
 standards. The vulnerability allowed the NSA to potentially decrypt
-Internet traffic such as e-mails (cite). The NSA also allegedly paid
+Internet traffic such as e-mails. The NSA also allegedly paid
 the firm RSA Security in order to implement the algorithm with its
 backdoor in their
 popular security products {menn nsa contract} and although the NSA
@@ -345,9 +347,9 @@ development of technology that enables strong encryption and overcomes
 state surveillance. Measures taken by governments to prevent this
 development will doubtless be limited unless extreme actions such as
 those seen in China are taken. Otherwise, development will continue to
-occur in both free and non free societies in support of individual
-freedoms. The assertion of \[oq]Linus' law\[cq] that , \[lq]given enough eyeballs,
-all bugs are shallow\[rq] (cite - CathBaz) creates a serious inability
+occur in both free and non-free societies in support of individual
+freedoms. The assertion of \[oq]Linus' law\[cq] that, \[lq]given enough eyeballs,
+all bugs are shallow\[rq] creates a serious inability
 for actors such as governments to engineer backdoors into software as
 the NSA previously has or to prevent the development of
 software altogether. On the other hand, the vast
@@ -360,36 +362,37 @@ courts and law enforcement alongside their replies online (cite).
 Demonstrating their respect for user privacy and that they are unable
 to release data as they do not collect it is perhaps something that
 users are finding more appealing. Indeed, when Apple refused to unlock
-a phone for the FBI following a terrorist attack (cite) it gained
-significant media attention and demonstrated that the defence of users
+a phone for the FBI following a terrorist attack it gained
+significant media attention and demonstrated that the defence of users'
 privacy was a virtue for modern businesses, regardless of the fact
 that the FBI was able to unlock the phone independently, which was
-rather overlooked. To users today, both to those with experience and
+rather overlooked {Cook 2016}{FBI encryption Apple Guardian}. To
+users today, both those with experience and
 ability in technology and to the general public, privacy is
-seemingly becoming a major selling point and significant factor in the
+seemingly becoming a major selling point and a significant factor in the
 way individuals chose to use technology.
 
 Modern cryptographic algorithms are theoretically secure; the
 underlying concepts mean that breaking the encryption to
 intercept a communication is not possible in a reasonable amount of time
 with current computational limits
-and is therefore, due to the nature of the algorithm, secure. This
+and is, therefore, due to the nature of the algorithm, secure. This,
 however, does not consider implementational flaws. Indeed,
 implementational flaws are the ways in which modern exploits of
-algorithms such as RSA (cite) occur, and methods such as timing
-attacks (cite) and voltage level analysis attacks, as well as memory
-attacks (cold boot, rubber hose ...) (do some light explaining) (cite
-all) have the potential to overcome any level of theoretical sophistication that
+algorithms such as RSA occur, and methods such as timing
+attacks and voltage level analysis attacks, as well as memory
+attacks {Wong Timing attacks}{Barenghi Low Voltage}{RSA Key Cache} have
+the potential to overcome any level of theoretical sophistication that
 cryptographic algorithms may have, and simply give away information
-such as keys (research, cite). In addition to this, there can be
+such as keys. In addition to this, there can be
 implementational issues in hardware, such as the recent Spectre
 vulnerability which was discovered in 2018; revealing data to
-an attacker due to flaws speculative execution which speeds up processing in
+an attacker due to flaws in speculative execution which speeds up processing in
 modern processors. The vulnerability allowed for the attack of
 cryptographic implementations such as GPG. This is potentially even
 more concerning given that processor implementations are proprietary.
-This flaw affects practically every modern processor and
-indicates the vulnerability in computer hardware, which could be
+This flaw, which affects practically every modern processor and
+indicates the potential for vulnerability in computer hardware, could be
 exploited by any party with sufficient resources. Intel has released
 multiple patches for Spectre, however, there remain concerns that
 there is a potential for attacks in modern processors including new
@@ -407,19 +410,19 @@ funding received by the NSA, and quite possibly the level of
 surveillance carried out by the NSA. Thus, 
 discussions in public or private spheres are unlikely to
 influence decisions made inside already secretive agencies where
-governments are ready to except that sacrifices must be made for the
+governments are ready to accept that sacrifices must be made for the
 greater good. Of course, the issue arises when surveillance exists
 that does not exist simply to protect a nation, but instead mass,
 indiscriminate surveillance is carried out on citizens not suspected
 of any criminal or terrorist activity such as the Tempora
-program in the United Kingdom {guardian fibre-optic},
+programme in the United Kingdom {guardian fibre-optic},
 however governments nonetheless
 prove willing to fund the activities of surveillance agencies and will
 seemingly continue to do so regardless of public opinion.
 
 .HLINE
 
-The executive summary to the 9/11 Commission Report {#9/11 commission
+The executive summary of the 9/11 Commission Report {#9/11 commission
 report} describes the September 2001 terrorist attacks as \[oq]a shock,
 not a surprise\[cq]. In a similar light, the release of information
 relating to mass surveillance and mishandling of data such as the 2013
@@ -436,7 +439,7 @@ arguably has moved itself towards encrypted standards. Open source
 initiatives have pioneered free implementations of secure
 cryptographic standards, allowing any user to use these tools directly
 in order to send information, such as the popular PGP
-implementation GPG. Additionally the open implementation of
+implementation GPG. Additionally, the open implementation of
 cryptographic tools enables developers to integrate secure versions of
 these tools into new programs, allowing for the easy development of
 programs that allow encrypted communications. The demand for
@@ -456,10 +459,10 @@ communications and state sponsored espionage. Governments maintain up
 to date cryptographic systems in order to keep their own
 secure, yet fight hard against encryption in the name
 of national security. In some ways this is a valid
-argument: availability of cryptography arguably lowers the
+argument: the availability of cryptography arguably lowers the
 barrier to entry for terror or crime and reduces the ability law
 enforcement has to deal with it. Nonetheless, it seems that reducing
-the availability of encryption to the pubic would not decrease the
+the availability of encryption to the public would not decrease the
 opportunity for criminals or terrorists to do harm.
 
 Often we see two possible future realities: one with a perfect
@@ -477,9 +480,9 @@ highly invasive state surveillance. Yet media coverage of criminals
 and terrorists using technology and encryption, particularly following
 events of terror; media and government discussing the risks of
 technology; and the coverage of law enforcement using surveillance
-tools to stop criminals shape our view of the latter scenario. I feel
+tools to stop criminals shape our view of the latter scenario. I feel,
 however, that this is a fallacious dichotomy that we have collectively
-created. In the West it seems that we have come to far for complete
+created. In the West, it seems that we have come too far for complete
 surveillance to be effectively implemented, as the tools to overcome
 such a regime already exist and there is a widespread sentiment of
 resistance amongst the public and in governments and courts against
@@ -514,17 +517,3 @@ difficult to access for the public.
 
 .nr HY 0
 .ad l
-IME/Pluton -- backdoors
-    https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
-    https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/
-
-Government
-    https://rules.house.gov/bill/117/hr-4521 .
-
-https://ooni.org/post/2021-italy-blocks-gutenberg-book-publishing-website/#findings
-https://ooni.org/post/2021-how-signal-private-messenger-blocked-around-the-world/
-https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/
-https://ooni.org/post/2021-russia-blocks-tor/ .
-
-Todo:
-    program -> programme
diff --git a/refer b/refer
index a9a3638..dd94550 100644
--- a/refer
+++ b/refer
@@ -139,6 +139,10 @@ Accessed 3rd February 2022
 %T 110th Congress (2007-2008): FISA Amendments Act of 2008
 %D 2008
 
+%A H.R.3162
+%T 107th Congress (2001-2002): Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001
+%D 2001
+
 -- Intel management engine
 
 %T Intel's Management Engine is a security hazard, and users need a way to disable it
@@ -360,3 +364,95 @@ Accessed 5 March 2022
 %D April 2018
 %A Larry Downes
 %J Harvard Business Review
+
+%T Is the Intel Management Engine a backdoor? 
+%A Jack Wallen
+%D July 2016
+%J TechRepublic
+%O https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
+Accessed 25 March 2022
+
+%T Why Windows 11 is forcing everyone to use TPM chips
+%J The Verge
+%A Tom Warren
+%D June 2021
+%O https://www.theverge.com/2021/6/25/22550376/microsoft-windows-11-tpm-chips-requirement-security Accessed 25 March 2022
+
+%T Coming to a laptop near you: A new type of security chip from Microsoft
+%A Dan Goodin
+%D January 2022
+%J Ars Technica
+%O Accessed online 25 March 2022
+%K pluton
+
+%T Pixel 6: Setting a new standard for mobile security
+%A Dave Kleidermacher
+%A Jesse Seed
+%A Brandon Barbello
+%A Stephan Somogyi
+%J Google Security Blog
+%D October 2021
+%O https://security.googleblog.com/2021/10/pixel-6-setting-new-standard-for-mobile.html
+Accessed 25 March 2022
+
+%T Why Big Tech should embrace the ‘right to repair’ revolution
+%J Financial Times
+%A Dave Lee
+%D August 2021
+%O Accessed online on 25 March 2022
+
+%T A Notebook You Can Repair
+%J New York Times Wirecutter
+%A Thorin Klosowski
+%D October 2021
+%O https://www.nytimes.com/wirecutter/reviews/framework-laptop/
+Accessed 25 March 2022
+
+%T Post-Quantum Cryptography, Call for Proposals
+%D 2017
+%J National Institute of Standards and Technology Computer Security Resource Center
+%A Lily Chen
+%A Dustin Moody
+%A Yi-Kai Liu
+%O https://csrc.nist.gov/Projects/post-quantum-cryptography/post-quantum-cryptography-standardization/Call-for-Proposals
+Accessed 25 March 2022
+
+%A Alessandro Barenghi
+%A G.M. Bertoni
+%A Emanuele Parrinello
+%A Gerardo Pelosi
+%D September 2009
+%J Conference: Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009
+%T Low Voltage Fault Attacks on the RSA Cryptosystem
+%O DOI: 10.1109/FDTC.2009.30
+
+
+%T Timing Attacks on RSA: Revealing Your Secrets through the Fourth Dimension
+%D n.d.
+%A Wing H. Wong
+%O https://www.cs.sjsu.edu/faculty/stamp/students/article.html
+Accessed 25 March 2022
+
+%T Cache-Timing Attacks on RSA Key Generation
+%D 2019
+%J IACR Transactions on Cryptographic Hardware and Embedded Systems
+%V 2019:4
+%P 213–242
+%O DOI: 10.13154/tches.v2019.i4.213-242
+%A Alejandro Cabrera Aldaya 
+%A Cesar Pereida García 
+%A Luis Manuel Alvarez 
+%A Billy Bob Brumley 
+
+%A Tim Cook
+%D February 2016
+%O https://www.apple.com/customer-letter/
+Accessed 25 March 2022
+
+%T Inside the FBI's encryption battle with Apple
+%A Danny Yadron
+%A Spencer Ackerman 
+%A Sam Thielman
+%J The Guardian
+%O Accessed online on 25 March 2022
+%D Feb 2016