diff options
| -rw-r--r-- | formatting.ms | 4 | ||||
| -rw-r--r-- | macros | 13 | ||||
| -rwxr-xr-x | make | 12 | ||||
| -rw-r--r-- | paper.ms | 225 |
4 files changed, 123 insertions, 131 deletions
diff --git a/formatting.ms b/formatting.ms index 818cbf7..c6c6590 100644 --- a/formatting.ms +++ b/formatting.ms @@ -3,7 +3,7 @@ .\" top margin .nr HM 1.25i .\" bottom margin -.nr FM 1.25i +.nr FM 1i .\" header/footer width .nr LT \n[LL] .\" point size @@ -30,7 +30,7 @@ .rm CH .ds CF % .ds FAM SabonU -.fzoom CR 750 +.fzoom CR 1200 .fzoom CB 900 .rm CH .nr HY 0 @@ -0,0 +1,13 @@ +.\" **** Custom macro definitions ********************************* +.\" * Super/subscript +.\" (https://lists.gnu.org/archive/html/groff/2012-07/msg00046.html) +.ds { \v'-0.3m'\\s[\\n[.s]*9u/12u] +.ds } \s0\v'0.3m' +.ds < \v'0.3m'\s[\\n[.s]*9u/12u] +.ds > \s0\v'-0.3m' +.\" * Horizontal line +.de HLINE +.ce +\fC~~~~~~~~~~~~~~~~~~~~\fR +.ec +.. @@ -2,8 +2,8 @@ ls -1 | grep target || mkdir target wc paper.ms cat paper.ms|\ - sed "s/}\./}\REMOVEME./g" |\ - sed "s/}\,/}\REMOVEME,/g" |\ + sed "s/}\./}\REMOVEME.\n/g" |\ + sed "s/}\,/}\REMOVEME,\n/g" |\ sed "s/^{/.[\n/g" |\ sed "s/}{/\n.]\n.[\n/g" |\ sed "s/{/\n.[\n/g" | sed "s/\}\ /\n.]\n/g" | sed "s/\}/\n.]\n/g" |\ @@ -11,9 +11,11 @@ cat paper.ms|\ grep -v "^\.lf" |\ sed "s/\ \ (/ (/g"|\ sed "s/)(?!.*\.)/) /g" |\ - grep -v "^REMOVEME" |\ - tr "^" " "> target/temp - #perl -0pe 's/\nREMOVEME//g' |\ + grep -v "^REMOVEME\n" |\ + tr "^" " " |\ + sed "s/^ //" |\ + perl -0pe 's/\nREMOVEME//g' | + cat macros - > target/temp cat formatting.ms target/temp |\ groff -Eket -Tpdf -ms -P-pa4 > target/paper.pdf groff -Eket -Thtml -ms target/temp |\ @@ -97,38 +97,48 @@ Although the issue of popular messaging technologies and their support for 'end-to-end encryption' is often discussed, the argument that the introduction of end-to-end encryption by large companies such as Facebook gives an advantage to criminals {conversation Facebook}{home -office} is arguably an entirely invalid one. By preventing the usage -of true end-to-end encryption in industry, we will not be able to -prevent those attempting to evade the law from doing so, as shown in -the case of terrorist organisations who have used more obscure -software in the past and also in the case of the abundance of illegal -activity that occurs on the so called dark web in the form of the -trade of drugs and child pornography among others {gulati deep web}. Instead the +office} is arguably an invalid one. By preventing the usage of true +end-to-end encryption in industry, we will not be able to prevent +those attempting to evade the law from doing so, as shown in the case +of terrorist organisations who have used more obscure software in the +past and also in the case of the abundance of illegal activity that +occurs on the so called dark web in the form of the trade of drugs and +child pornography among others {gulati deep web}. Instead the limitation of use of encryption on popular software will only decrease the privacy of those uninterested in criminal activity and instead -using technology to communicate. -The information exposed by Edward Snowden in 2013 -demonstrates that the US government has processed and collected vast -amounts of unencrypted data (cite) and possibly continues to do so. In -the case of unencrypted communication the problem remains and preventing -end to end encryption will simply allow governments to maintain the -status quo of being able to intercept and read all communications -between its citizens and individuals outside of their jurisdictions. +using more popular software without regard for its security features +or lack thereof. The information exposed by Edward +Snowden in 2013 demonstrates that the US government has processed and +collected vast amounts of unencrypted data (cite) and possibly +continues to do so. In the case of unencrypted communication the +problem remains and preventing end to end encryption will simply allow +governments to maintain the status quo of being able to intercept and +read all communications between its citizens and individuals outside +of their jurisdictions. Indeed, should end-to-end encryption continue, +perchance, to be opposed by governments both in the West and in +countries like China, it will arguably a method of allowing a +government to practise surveillance and of perpetuating a surveillance +state. -In order to conduct the vast amounts of surveillance they did in the -GDR (German Democratic Republic) in support of the ruling party -{Jarausch}, the Stasi gathered information from a vast network of -informants who greatly outnumbered Stasi agents {Bruce 2014}. Whilst -in Nazi Germany there may have been around one Gestapo agent for every -2300 citizens, in the GDR it was closer to one informant or officer for -every 63 citizens. Those living in the GDR often had experiences -involving investigation by the Stasi and there was clearly an -understanding amongst citizens {funder} of the GDR that one had to be -wary of an informant or agent listening in. In modern western society +In the GDR (German Democratic Republic, also known as \[oq]East +Germany\[cq]), in order to conduct surveillance on behalf of the +rulling party {Jarausch}, the Stasi (\fIMinisterium für +Staatssicherheit\fR, or \[lq]Ministry for State Security\[rq]) relied +on a sprawling network of informants and agents. In particular, +informants \[en] who greatly outnumbered agents {Bruce 2014} \[en] +formed large parts of this network by integration into the fabric of +society. This contributed to a far more complete surveillance state +and an atmosphere of terror amongst the people. Whilst in Nazi Germany +there may have been around one Gestapo agent for every 2300 citizens, +in the GDR it was closer to one informant or officer for every 63 +citizens. Those living in the GDR often had experiences involving +investigation by the Stasi and there was clearly an understanding +amongst citizens that one had to be wary of an +informant or agent listening in {funder}. In modern western society there is a similar collective understanding that governments attempting to carry out surveillance on a massive scale on their own -citizens. A key distinction, however, is that in societies such as the -UK, this work is not carried out by a vast network of informants, +citizens. A key distinction today, however, is that +this work is not carried out by a vast network of informants, there are no gargantuan gargantuan stores of paper, and there are no hundreds of miles of film (cite all) documenting and aiding the surveillance of the authorities. Instead, the level of surveillance @@ -138,86 +148,83 @@ bureaucracies and technological methods. In modern times, governments can operate with a very limited number of operatives 'on the ground', and instead focus attention on the giant amounts of data they have for processing in order to make the findings they intend to: be it crime, -terrorism, or - as was the case with the Gestapo and Stasi - descent. +terrorism, or \[en] as was the case with the Gestapo and Stasi - descent. -As with any technology, regulation has followed behind technological -development. Just as automotive regulation -followed the increase in popularity of cars in areas such as the UK -and US, regulation will no doubt follow the newfound popularity of -The rate of change with modern -technology, particularly encryption, is far greater than has been seen -in the past. Not only will encryption be difficult to regulate due to -its rapid development, but -perhaps moreso due to its decentralised nature, where a government -cannot prevent the existence of software that enables encryption which -is open source and reproducible internationally. Just as media piracy -through torrents and access to hidden services over Tor are able to -evade regulation, regulation of encryption may prove -impossible. An arguably useful tool to the authorities does exist in -the hardware and infrastructure that users of the internet rely on. -The vast majority (cite) of users in the foreseeable future -will continue to use the highly popular CPUs designed by Intel in the -personal computer space. +.HLINE + +.LP +As has occurred with technological developments in the past, +legislation will continue to follow developments relating to +information technology, such as the General Data Protection Regulation +in the European Union which has had significant influence in the +technology industry. Yet encryption presents unique challenges to +lawmakers. Not only will encryption be difficult to regulate due to +its rapid development, but perhaps moreso due to its decentralised +nature, where a government cannot prevent the existence of software +that enables encryption which is open source and reproducible +internationally. Just as media piracy through torrents and access to +hidden services over Tor are able to evade regulation, regulation of +encryption may prove impossible. An arguably useful tool to the +authorities does exist in the hardware and infrastructure that users +of the internet rely on. In the West a small number of companies (such +as Intel, Nvidia, Arm and Apple) design and produce the majority of +hardware in a proprietary and closed source manner. Concerns have already been expressed with regard to the Intel Management Engine {Intel Management portnoy} that exists on modern processors produced by Intel. -Arguemnts have been made that the Intel Management Engine already acts +Arguments have been made that the Intel Management Engine already acts as a backdoor for government agencies (cite), and the potential is clearly there for US government interests in mass data collection and SIGINT following 9/11 to lead to the introduction of backdoors in -popular technology. -We are aware that in the case of -the Intel Management there was potentially an ability for it to be -disabled by US government authorities such as the NSA, demonstrating a -level of leverage the US government potentially has over organisations +popular technology. We are aware that in the case of the Intel +Management a switch for disabling functionality is present for use by +US government authorities such as the NSA, demonstrating a level of +leverage the US government potentially has over organisations including but not limited to Intel {register kill switch}{intel me -bleepingcomputer}. - -Regardless of the level of influence governments might or -might not hold over private corporations, the potential exists for -systems built into non-open hardware which most people, even those -using open software, leaving them more open to exploitation from -either state or private actors. Furthermore, there is a visible -interest in increasing the presence of technologies on the hardware -level, including the aforementioned Intel Management Engine, the -Trusted Platform Module (cite), and recently Microsoft's Pluton (cite) +bleepingcomputer}. The potential exists for such systems to be built +into non-open hardware which most people \[en] even those using open +software \[en] use, leaving them more open to exploitation from either +state or private actors. Furthermore, there is a visible interest in +increasing the presence of technologies on the hardware level, +including the aforementioned Intel Management Engine, the Trusted +Platform Module (cite), and recently Microsoft's Pluton (cite) subsystem, which will be present on hardware sold in the future. This variety of hardware within a single computer is a rather interesting and potentially worrying development, particularly with the clear level influence, interest, and competitiveness both the US {US House -chip manufacturing bill} and Chinese governments (cite) are -respectively showing. In light of potential issues with -hardware in a privacy sense, there have been developments in `open -hardware'. +chip manufacturing bill} and Chinese governments (cite) have in the +chip manufacturing industry. In light of potential issues with +hardware, there have been developments in \[oq]open hardware\[cq]. RISC-V is an instruction set for processors from the University of -California at Berkeley; opposed to ARM, Intel, and AMD, RISC-V is an open -standard {case for RISC-V}. This allows for open source CPU -implementations, such as -those designed at UC Berkeley, as well as those from other parties, -such as Alibaba Group {chen risc}. A significant amount of existing -software has been ported to the RISC-V platform (cite) and alongisde -the Alibaba implementation for data centres the standard has been used -by Google for a security -module in the 'Pixel 6' smartphone (cite). This attention and interest -in the technology potentially indicates a shift in attitude and want -for more open hardware and a general concern for the source of -computing equipment. Examples, such as a laptop created by the -manufacturer Frame Work Inc which aims to be more expandable, -serviceable and repairable then existing laptops, gaining significant -media coverage (cite) further show an interest from the public in open -hardware. An argument can be made that such projects are for niche -interest groups only, and that such solutions will never see the -commercial success seen by the larger, non-open manufacturers such as -Intel and ARM, however clear adoption of standards such as RISC-V by -large institutions (cite) as well as the clear interest the public -have demonstrated in commercially available open solutions (research, -cite) demonstrate quite the opposite: that open hardware will continue -to become increasingly prevalent and that currently popular hardware -with its susceptibility to surveillance will possibly start to -disappear. - +California at Berkeley; opposed to ARM, Intel, and AMD processors, +RISC-V is an open standard for CPU design {case for RISC-V}. This allows for open +source CPU implementations, such as those designed at UC Berkeley, as +well as those from other parties, such as Alibaba Group {chen risc}. A +significant amount of existing software has been ported to the RISC-V +platform (cite) and alongisde the Alibaba implementation for data +centres, the standard has been used by Google for a security module in +the \[oq]Pixel 6\[cq] smartphone (cite). +This attention and interest potentially signals a shift towards +increased demand for and utility in open hardware for privacy, +security or economic reasons. +Another poignant example of open hardware is the laptop created by the +manufacturer Framework Computer Inc, which is designed to be more +more expandable, serviceable and repairable than other laptops +available on the market. +The company and laptop gained significant media coverage +(cite) showing an interest from the public in open hardware. An +argument can be made that such projects are for niche interest groups +only, and that such solutions will never see the commercial success +seen by the larger, non-open manufacturers such as Intel and ARM, +however clear adoption of standards such as RISC-V by large +institutions (cite) as well as the clear interest the public have +demonstrated in commercially available open solutions (research, cite) +demonstrate quite the opposite: that open hardware will continue to +become increasingly prevalent and that currently popular hardware with +its susceptibility to surveillance will possibly start to disappear. +.PP A shift toward open standards reveals a problem for law enforcement agencies and counterterrorism forces. The tools of mass surveillance that once enabled investigation into crime or terror such as reading @@ -371,6 +378,8 @@ there is a potential for attacks in modern processors including new processors made after 2018, and are therefore potentially a real threat to security {kocher spectre} +.HLINE + The executive summary to the 9/11 Commission Report {#9/11 commission report} describes the September 2001 terrorist attacks as \[oq]a shock, not a surprise\[cq]. In a similar light, the release of information @@ -421,14 +430,6 @@ Cryptography Timing Attacks RSA -Spectre and Meltdown (disucss speculative execution) - https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html - https://www.nytimes.com/2018/01/03/business/computer-flaws.html - https://support.apple.com/en-us/HT208394 - https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/ - https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ - -- Speculative execution? - IME/Pluton -- backdoors https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/ @@ -439,34 +440,13 @@ Heatbleed (2014) (occured in open source software) Government https://rules.house.gov/bill/117/hr-4521 - https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo - https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html - https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption - https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html - - https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ - https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html - Leahy Law - DeadHand and MonsterMind Privacy Apple and App Tracking Transparency https://www.flurry.com/blog/ios-14-5-opt-in-rate-att-restricted-app-tracking-transparency-worldwide-us-daily-latest-update/ https://www.bloomberg.com/news/articles/2021-07-14/facebook-fb-advertisers-impacted-by-apple-aapl-privacy-ios-14-changes -Quantum computing - https://sci-hub.se/10.1007/978-3-540-88702-7_1 - https://aapt.scitation.org/doi/abs/10.1119/1.1891170 - https://ieeexplore.ieee.org/abstract/document/8490169 - https://digitalcommons.dartmouth.edu/senior_theses/23/ - https://www.sciencedirect.com/science/article/abs/pii/S1361372317300519 - https://arxiv.org/abs/1804.00200 - -Surveillance - https://www.nytimes.com/2022/02/10/us/politics/cia-data-privacy.html - https://www.eff.org/deeplinks/2022/02/we-need-answers-about-cias-mass-surveillance - crowd supply boosts open hardware: linux magazine https://ooni.org/post/2021-italy-blocks-gutenberg-book-publishing-website/#findings @@ -475,8 +455,5 @@ https://ooni.org/post/2021-russia-blocks-tor/ https://www.openrightsgroup.org/ -\[oq]go\[cq] -\[lq]How Terrorists Use Encryption,\[rq] - TODO : recite bulletin https://www.ghi-dc.org/publication/stasi-at-home-and-abroad-domestic-order-and-foreign-intelligence |