From 185b30a2b70471422fcf26e8fb433458c691e1d4 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 19 Feb 2022 22:24:48 +0000 Subject: Changes in hardware section. Starting a conclusion. --- formatting.ms | 2 +- paper.ms | 96 ++++++++++++++++++++++++++++++++++------------------------- refer | 4 +++ 3 files changed, 60 insertions(+), 42 deletions(-) diff --git a/formatting.ms b/formatting.ms index 45471ae..55532a0 100644 --- a/formatting.ms +++ b/formatting.ms @@ -33,4 +33,4 @@ .fzoom CR 750 .fzoom CB 900 .rm CH -.nr HY 14 +.nr HY 0 diff --git a/paper.ms b/paper.ms index 01a2a89..3f107ac 100644 --- a/paper.ms +++ b/paper.ms @@ -39,7 +39,7 @@ the objective of strengthening national security (cite). Later, the FISA Amendments Act of 2008 further increased increased the powers of law enforcement to access information, such as allowing the Attorney General and Director of National Intelligence to provide information -about individuals outside the United States {House bill FISA}. It was, +about individuals outside the United States {H.R. FISA congress}. It was, however, the PATRIOT Act and FISA Amendments Act that was the justification for large scale surveillance including the records of phone calls of customers of the Verizon network, including calls from @@ -69,7 +69,9 @@ information on terrorists and use this intelligence against terrorists. It is clear that intelligence plays a significant role in counterterrorism. The 9/11 terrorist attacks are seen potentially as a phenomenal failure of intelligence as detailed in The 9/11 Commission -report {#9/11 commission report}, which detailed institutional failures +report {#9/11 commission report}. The report explores the fact that +there was potentially knowledge to indicate a terrorist attack before +September 2001 (chapter 8). The report detailed institutional failures and also emphasised the difficulty and importance of intelligence in counterterrorism {intelligence and national security}. Graham{#CTC terrorists} explores the use of encryption by terrorists which is @@ -142,43 +144,44 @@ and instead focus attention on the giant amounts of data they have for processing in order to make the findings they intend to: be it crime, terrorism, or - as was the case with the Gestapo and Stasi - descent. -As with any technology, regulation has followed behind development in -an attempt to control its limits. Much as automotive regulation +As with any technology, regulation has followed behind technological +development. Just as automotive regulation followed the increase in popularity of cars in areas such as the UK and US, regulation will no doubt follow the newfound popularity of -heavy encryption. There are however, difference in the case of -encryption when compared to cars. The rate of change with modern -technology is far greater. -In the case of encryption regulation will continuously struggle to -control encryption methods due in part to how quickly they change, but -perhaps moreso due to their decentralised nature, where a government +The rate of change with modern +technology, particularly encryption, is far greater than has been seen +in the past. Not only will encryption be difficult to regulate due to +its rapid development, but +perhaps moreso due to its decentralised nature, where a government cannot prevent the existence of software that enables encryption which -is open source and reproducible internationally. Just as media privacy -through torrents and access to hidden services over tor are possible -without significant regulation, regulation of encryption may prove +is open source and reproducible internationally. Just as media piracy +through torrents and access to hidden services over Tor are able to +evade regulation, regulation of encryption may prove impossible. An arguably useful tool to the authorities does exist in the hardware and infrastructure that users of the internet rely on. -Firstly, the vast majority (cite) of users in the foreseeable future -will continue to use the highly popular CPUs designed by Intel. -Concerns have already been expressed {Intel Management portnoy} with regard to -the Intel Management Engine that exists on modern processors produced -by Intel. Should governments chose that backdoor access is essential, -then this presence in hardware around the world alongside an influence -over Intel (a US based company) to give access to governments may -provide them with the ability to access information directly from the -target's hardware rather than having to intercept information in -transit. This would go for other hardware vendors such as AMD or ARM -also. Whether or not companies such as Intel would open backdoors to -governments is up for debate, however we are aware that in the case of +The vast majority (cite) of users in the foreseeable future +will continue to use the highly popular CPUs designed by Intel in the +personal computer space. + +Concerns have already been expressed with regard to +the Intel Management Engine {Intel Management portnoy} that exists on +modern processors produced by Intel. +Arguemnts have been made that the Intel Management Engine already acts +as a backdoor for government agencies (cite), and the potential is +clearly there for US government interests in mass data collection and +SIGINT following 9/11 to lead to the introduction of backdoors in +popular technology. +We are aware that in the case of the Intel Management there was potentially an ability for it to be disabled by US government authorities such as the NSA, demonstrating a level of leverage the US government potentially has over organisations including but not limited to Intel {register kill switch}{intel me bleepingcomputer}. + Regardless of the level of influence governments might or might not hold over private corporations, the potential exists for systems built into non-open hardware which most people, even those -using open software use, leaving them more open to exploitation from +using open software, leaving them more open to exploitation from either state or private actors. Furthermore, there is a visible interest in increasing the presence of technologies on the hardware level, including the aforementioned Intel Management Engine, the @@ -191,10 +194,11 @@ chip manufacturing bill} and Chinese governments (cite) are respectively showing (the US and China are the two largest chip manufacturers (cite, reword)). In light of potential issues with hardware in a privacy sense, there have been developments in `open -hardware'. RISC V is an instruction set for processors, that, opposed -to ARM, Intel, and AMD which are developed in secret, RISC V is an open -standard originating from the University of California, Berkeley (UC -Berkeley). This therefore allows for open source CPU designs, such as +hardware'. + +RISC V is an instruction set for processors from the University of +California, Berkeley; opposed to ARM, Intel, and AMD, RISC V is an open +standard. This allows for open source CPU designs, such as those designed at UC Berkeley, as well as those from other parties, such as Alibaba Group (cite all). A significant amount of existing software has been ported to the RISC V platform (cite) and been @@ -258,19 +262,19 @@ change will take place naturally and many have already started to consider methods for `post-quantum cryptography' (cite). The significant factor however will be regulatory responses to post-quantum cryptographic methods. - - https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet - https://csrc.nist.gov/Projects/post-quantum-cryptography - https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 - https://universitypress.unisob.na.it/ojs/index.php/ejplt/index - https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ + + https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet + https://csrc.nist.gov/Projects/post-quantum-cryptography + https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 + https://universitypress.unisob.na.it/ojs/index.php/ejplt/index + https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ . Once more, the significant research is occurring as aforementioned in the US and in China {quantum research in china}. Both in the US at Google {google supremacy nature} and in China {china quantum advantage}{science photons quantum advantage}. -Is discussion on this useful? +(Is discussion on this useful?) Individuals around the world have clearly expressed interest in matters of privacy and encryption (cite) and open source software allows those with the technical skills to become involved in the @@ -307,10 +311,11 @@ prove willing to fund the activities of surveillance agencies. Furthermore, there are options available to authorities that are regularly made use of. (Give example from Graham) -Modern cryptographic algorithms are `cryptographically secure`; the -underlying theoretical concepts mean that breaking the encryption to -intercept a communication is possible only through a brute-force -attack and is therefore, due to the nature of the algorithm. This +Modern cryptographic algorithms are theoretically secure; the +underlying concepts mean that breaking the encryption to +intercept a communication not possible in a reasonable amount of time +with current computational limits +and is therefore, due to the nature of the algorithm, secure. This however, does not consider implementational flaws. Indeed, implementational flaws are the ways in which modern breaks of algorithms such as RSA (cite) occur, and methods such as timing @@ -320,6 +325,15 @@ all) have the potential to overcome any level of sophistication that cryptographic algorithms may have, and simply give away information such as keys (research, cite). +The executive summary to the 9/11 Commission Report {#9/11 commission +report} describes the September 2001 terrorist attacks as 'a shock, +not a surprise'. In a similar light, the release of information +relating to mass surveillance and mishandling of data such as the 2013 +Edward Snowden releases and the 2018 Facebook-Cambridge Analytica +scandal ought to also be potentially considered a shock, not a +surprise given the level of data that both governments and private +organisations have access to and responsibility for. + .nr HY 0 .ad l Intro diff --git a/refer b/refer index a760478..c8ab15c 100644 --- a/refer +++ b/refer @@ -141,6 +141,10 @@ %O https://www.theregister.com/2022/02/05/us_house_passes_america_competes/ (Accessed 6th February 2022) +%A H.R.3773 +%T 110th Congress (2007-2008): FISA Amendments Act of 2008 +%D (2008) + -- Intel management engine %T Intel's Management Engine is a security hazard, and users need a way to disable it -- cgit v1.2.3