Remove old introduction. Implementation of encryption. 2000 words.

1 files changed, 259 insertions, 0 deletions

diff --git a/paper.ms b/paper.ms
new file mode 100644
index 0000000..ce6b01f
--- /dev/null
+++ b/paper.ms
@@ -0,0 +1,259 @@
+.R1
+short-label D.y
+sort spec
+.R2
+.TL
+Title
+.AU
+Mohit Agarwal
+.AI
+February 2022
+.LP
+Encryption offers a level of security and confidence for communications
+that has not previously been seen. This offers individuals with the
+ability to communicate with each other in a way that is practically
+immune from eavesdropping of any sort. Naturally, this does mean that
+malicious actors such as criminals and terrorists be able to use
+encryption in order to commit crimes or enable acts of terror. In
+response to the threats of encryption and communications technology
+generally, governments have often engaged in signals intelligence
+(SIGINT) such as phone line tapping. Modern SIGINT initiatives have
+become incredibly complex and sophisticated and have grown greatly as
+popular adoption of technology has grown. Part of government interest
+in SIGINT is a direct response to percieved threads, such as the
+Patriot Act in the US which followed the 2001 terrorist attacks with
+the objective of strengthening national security (cite). State
+sponsored SIGINT programmes aim to respond to encryption and other
+technological developments with the primary interest of overcoming it
+in order to prevent terror and crime. These measures have, however,
+had arguably limited efffectiveness and have violated the privacy of
+individuals who are not suspected of being a threat to national
+security. The way we respond to encryption as a society will clearly
+be significant, and the success of government responses to encryption
+in relation to issues such as terror and crime are rather significant.
+A failure of effective response could allow terrorism to occur in ways
+previously unseen, however an overreaction threatens people's civil
+liberties and could easily be exploited for reasons other than
+prevention of crime and terror. The successes and failures of
+government responses can be judged in various ways.
+
+.IP i. 5
+To what extent does encryption enable either crime or terror?
+.IP ii. 5
+Does the increased mainstream adoption of encryption better enable
+crime or terror?
+.IP iii. 5
+Is combatting encryption an effective way to combat crime/terror?
+.LP
+
+An argument is often made against digital privacy in the interest of
+national security. With access to communications and usage history law
+enforcement and government can quickly discover large amounts of
+information useful in a criminal investigation or in preventing
+criminal activity. Graham{#CTC terrorists} explores the use of
+encryption by terrorists which is often cited in a reason for giving
+governments access to unencrypted Internet communications so that
+suspicious activity can be flagged and investigated in order to
+prevent a terror attack or in order to better respond in the case of
+an attack. Graham describes the extensive use of end to end encryption
+used by terrorists in order to avoid interception by the authorities.
+Due to US usage of intercepted communications to uncover and prevent a
+number of al-Qa'ida plots, the terrorist organisation and other
+terrorist groups have increasingly used encrypted communications (read
+citation from Graham). An significant factor is the use of
+non-mainstreams software in early use of encryption by terrorists,
+including a program that built a wrapper around the popular, secure,
+and open source PGP called \fIMujahedeen secrets\fR. Although now
+terrorists and criminals use widely available, popular, and
+user-friendly software such as the Tails operating system or Telegram
+(Graham citation 28), terrorists organisations have shown an ability
+to make use of more obscure and complicated systems, as well as use
+publicly available source code in order to construct software for
+operatives to use.
+
+Although the issue of popular messaging technologies and their support
+for 'end-to-end encryption' is often discussed, the argument that the
+introduction of end-to-end encryption by large companies such as
+Facebook gives an advantage to criminals {conversation Facebook}{home
+office} is arguably an entirely invalid one. By preventing the usage
+of true end-to-end encryption in industry, we will not be able to
+prevent those attempting to evade the law from doing so, as shown in
+the case of terrorist organisations who have used more obscure
+software in the past and also in the case of the abundance of illegal
+activity that occurs on the so called dark web in the form of the
+trade of drugs and child pornography among others (cite). Instead the
+limitation of use of encryption on popular software will only decrease
+the privacy of those uninterested in criminal activity and instead
+using technology to communicate. In the case of platforms such as
+Instagram (which is owned by Facebook) it is quite clear that the vast
+majority of communications (cite) will not contain anything illegal
+(reword) and that it is these conversations that will suffer from a
+lack of encryption. The information exposed by Edward Snowden in 2013
+demonstrates that the US government has processed and collected vast
+amounts of unencrypted data (cite) and likely continues to do so. In
+the case of unencrypted messaging the problem remains and preventing
+end to end encryption will simply allow governments to maintain the
+status quo of being able to intercept and read all communications
+between its citizens and individuals outside of their jurisdictions.
+
+In order to conduct the vast amounts of surveillance they did in the
+GDR (German Democratic Republic) in support of the ruling party
+{Jarausch}, the Stasi gathered information from a vast network of
+informants who greatly outnumbered Stasi agents {Bruce 2014}. Whilst
+in Nazi Germany there may have been around one Gestapo agent for every
+2300 citizens, in the GDR it was closer to one informant or officer for
+every 63 citizens. Those living in the GDR often had experiences
+involving investigation by the Stasi and there was clearly an
+understanding amongst citizens {funder} of the GDR that one had to be
+wary of an informant or agent listening in. In modern western society
+there is a similar collective understanding that governments
+attempting to carry out surveillance on a massive scale on their own
+citizens. A key distinction, however, is that in societies such as the
+UK, this work is not carried out by a vast network of informants,
+there are no gargantuan gargantuan stores of paper, and there are no
+hundreds of miles of film (cite all) documenting and aiding the
+surveillance of the authorities. Instead, the level of surveillance
+that large, secretive groups of individuals once had to carry out in
+order to enable a surveillance state can be performed instead through
+bureaucracies and technological methods. In modern times, governments
+can operate with a very limited number of operatives `on the ground`,
+and instead focus attention on the giant amounts of data they have for
+processing in order to make the findings they intend to: be it crime,
+terrorism, or - as was the case with the Gestapo and Stasi - descent.
+
+As with any technology, regulation has followed behind development in
+an attempt to control its limits. Much as automotive regulation
+followed the increase in popularity of cars in areas such as the UK
+and US, regulation will no doubt follow the newfound popularity of
+heavy encryption. There are however, difference in the case of
+encryption when compared to cars. The rate of change with modern
+technology is far greater. There are already discussions about quantum
+computers and their potential to overcome current encryption methods.
+In the case of encryption regulation will continuously struggle to
+control encryption methods due in part to how quickly they change, but
+perhaps moreso due to their decentralised nature, where a government
+cannot prevent the existence of software that enables encryption which
+is open source and reproducible internationally. Just as media privacy
+through torrents and access to hidden services over tor are possible
+without significant regulation, regulation of encryption may prove
+impossible. An arguably useful tool to the authorities does exist in
+the hardware and infrastructure that users of the internet rely on.
+Firstly, the vast majority (cite) of users in the foreseeable future
+will continue to use the highly popular CPUs designed by Intel. 
+Concerns have already been expressed {Intel Management portnoy} with regard to
+the Intel Management Engine that exists on modern processors produced
+by Intel. Should governments chose that backdoor access is essential,
+then this presence in hardware around the world alongside an influence
+over Intel (a US based company) to give access to governments may
+provide them with the ability to access information directly from the
+target's hardware rather than having to intercept information in
+transit. This would go for other hardware vendors such as AMD or ARM
+also. Whether or not companies such as Intel would open backdoors to
+governments is up for debate, however we are aware that in the case of
+the Intel Management there was potentially an ability for it to be
+disabled by US government authorities such as the NSA, demonstrating a
+level of leverage the US government potentially has over organisations
+including but not limited to Intel {register kill switch}{intel me
+bleepingcomputer}.
+Regardless of the level of influence governments might or
+might not hold over private corporations, the potential exists for
+systems built into non-open hardware which most people, even those
+using open software use, leaving them more open to exploitation from
+either state or private actors. Furthermore, there is a visible
+interest in increasing the presence of technologies on the hardware
+level, including the aforementioned Intel Management Engine, the
+Trusted Platform Module (cite), and recently Microsoft's Pluton (cite)
+subsystem, which will be present on hardware sold in the future. This
+variety of hardware within a single computer is a rather interesting
+and potentially worrying development, particularly with the clear
+level influence, interest, and competitiveness both the US {US House
+chip manufacturing bill} and Chinese governments (cite) are
+respectively showing (the US and China are the two largest chip
+manufacturers (cite, reword)).
+
+Is discussion on this useful?
+Individuals around the world have clearly expressed interest in
+matters of privacy and encryption (cite) and open source software
+allows those with the technical skills to become involved in the
+development of technology that enables strong encryption and avoids
+state surveillance. Measures taken by governments to prevent this
+development will doubtless be limited unless extreme actions such as
+those seen in China are taken. Otherwise, development will continue to
+occur in both free and non free societies in support of individual
+freedoms. The assertion of `Linus' law` that "given enough eyeballs,
+all bugs are shallow" (cite - CathBaz) creates a serious inability
+for actors such as governments to engineer backdoors into software as
+the NSA previously has (cite) or to prevent the development of
+software altogether (find example). On the other hand, a significant
+amount of the software and hardware 
+
+The discussion of encryption and related technologies has arguably
+limited impact. State actors such as the NSA will continue to act
+against individual freedoms and attempt to find or introduce backdoors
+in technology that is widely used as part of its actions purportedly
+in the interest of `national security`. Although public reactions to
+information such as the 2013 Edward Snowden releases have been very
+strong, they have not had significant effects on legislature, the
+funding received by the NSA, and quite possibly the level of
+surveillance carried out by the NSA (cite all). Thus, from recent
+history, discussions in public or private spheres are unlikely to
+influence decisions made inside already secretive agencies where
+governments are ready to except that sacrifices must be made for the
+greater good. Of course, the issue arises when surveillance exists
+that does not exist simply to protect a nation, but instead mass,
+indiscriminate surveillance is carried out on citizens not suspected
+of any criminal or terrorist activity such as the Optic Nerve
+program in the United Kingdom (cite), however governments nonetheless
+prove willing to fund the activities of surveillance agencies.
+Furthermore, there are options available to authorities that are
+regularly made use of. (Give example from Graham)
+
+Modern cryptographic algorithms are `cryptographically secure`; the
+underlying theoretical concepts mean that breaking the encryption to
+intercept a communication is possible only through a brute-force
+attack and is therefore, due to the nature of the algorithm. This
+however, does not consider implementational flaws.
+
+.nr HY 0
+.ad l
+Intro
+    Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008
+
+Cryptography
+    https://wikiless.org/wiki/Kerckhoffs%27s_principle?lang=en
+    Timing Attacks
+        RSA
+
+Spectre and Meltdown (disucss speculative execution)
+    https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
+    https://www.nytimes.com/2018/01/03/business/computer-flaws.html
+    https://support.apple.com/en-us/HT208394
+    https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/
+    https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/
+     -- Speculative execution?
+
+IME/Pluton -- backdoors
+    https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/
+    https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/
+    Disabled on new ThinkPads: https://www.theregister.com/2022/01/20/microsoft_amd_pluton_lenovo/
+
+Heatbleed (2014) (occured in open source software)
+
+RISC V
+    
+Government
+    https://rules.house.gov/bill/117/hr-4521
+
+    https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo
+    https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html
+    https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption
+    https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html
+    !! https://wikiless.org/wiki/Dual_EC_DRBG
+    https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220
+    https://web.archive.org/web/20131223121638/http://blogs.rsa.com/news-media-2/rsa-response/
+    https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/
+    https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html
+
+    Leahy Law
+
+{firewall}