From 84102b68aabaec8755612be5619057eb36ad5dce Mon Sep 17 00:00:00 2001 From: root Date: Sat, 19 Feb 2022 16:18:54 +0000 Subject: Discussing terror, 9/11 Commission Report --- paper.ms | 51 ++++++++++++++++++++++++++++----------------------- refer | 12 ++++++++++++ 2 files changed, 40 insertions(+), 23 deletions(-) diff --git a/paper.ms b/paper.ms index 8630579..b79f1d0 100644 --- a/paper.ms +++ b/paper.ms @@ -63,29 +63,34 @@ encryption existing thereby only as a tool of authoritarian control. An argument is often made against allowing widespread use of encryption and generally against widespread effective operations security (OPSEC) in the public sector in the interest of -national security. With access to communications and usage history law -enforcement and government can quickly discover large amounts of -information useful in a criminal investigation or in preventing -criminal activity. Graham{#CTC terrorists} explores the use of -encryption by terrorists which is often cited in a reason for giving -governments access to unencrypted Internet communications so that -suspicious activity can be flagged and investigated in order to -prevent a terror attack or in order to better respond in the case of -an attack. Graham describes the extensive use of end to end encryption -used by terrorists in order to avoid interception by the authorities. -Due to U.S. usage of intercepted communications to uncover and prevent a -number of al-Qa'ida plots, the terrorist organisation and other -terrorist groups have increasingly used encrypted communications (read -citation from Graham). An significant factor is the use of -non-mainstreams software in early use of encryption by terrorists, -including a program that built a wrapper around the popular, secure, -and open source PGP called \fIMujahedeen secrets\fR. Although now -terrorists and criminals use widely available, popular, and -user-friendly software such as the Tails operating system or Telegram -(Graham citation 28), terrorists organisations have shown an ability -to make use of more obscure and complicated systems, as well as use -publicly available source code in order to construct software for -operatives to use. +national security, and the prevention of terror. With access to +communications and usage history governments can gather significant +information on terrorists and use this intelligence against +terrorists. It is clear that intelligence plays a significant role in +counterterrorism. The 9/11 terrorist attacks are seen potentially as a +phenomenal failure of intelligence as detailed in The 9/11 Commission +report {#9/11 commission report}, which detailed institutional failures +and also emphasised the difficulty and importance of intelligence in +counterterrorism {intelligence and national security}. Graham{#CTC +terrorists} explores the use of encryption by terrorists which is +often cited in a reason for giving governments access to unencrypted +Internet communications so that suspicious activity can be flagged and +investigated in order to prevent a terror attack or in order to better +respond in the case of an attack. Graham describes the extensive use +of end to end encryption used by terrorists in order to avoid +interception by the authorities. Due to U.S. usage of intercepted +communications to uncover and prevent a number of al-Qa'ida plots, the +terrorist organisation and other terrorist groups have increasingly +used encrypted communications (read citation from Graham). An +significant factor is the use of non-mainstreams software in early use +of encryption by terrorists, including a program that built a wrapper +around the popular, secure, and open source PGP called \fIMujahedeen +secrets\fR. Although now terrorists and criminals use widely +available, popular, and user-friendly software such as the Tails +operating system or Telegram (Graham citation 28), terrorists +organisations have shown an ability to make use of more obscure and +complicated systems, as well as use publicly available source code in +order to construct software for operatives to use. Although the issue of popular messaging technologies and their support for 'end-to-end encryption' is often discussed, the argument that the diff --git a/refer b/refer index 4abb107..a760478 100644 --- a/refer +++ b/refer @@ -51,6 +51,18 @@ %J CTC Sentinel %O https://ctc.usma.edu/how-terrorists-use-encryption/ (Accessed 22 January 2022) +%T The 9/11 Commission Report: Final Report of the National Commission on Terrorist Attacks Upon the United States (9/11 Report) +%A National^Commission^on^Terrorist^Attacks^Upon^the^United^States +%D July 2004 + +%A Daniel Byman +%D 2014 +%T The Intelligence War on Terrorism +%J Intelligence and National Security +%V 29:6 +%P 837-863 +%G DOI: 10.1080/02684527.2013.851876 + %T International statement: End-to-end encryption and public safety %A Home^Office %D Oct 2020 -- cgit v1.2.3 From 2ed2b386d8348b735d7233cc2fc83e8224c53a1b Mon Sep 17 00:00:00 2001 From: root Date: Sat, 19 Feb 2022 22:24:48 +0000 Subject: Changes in hardware section. Starting a conclusion. --- formatting.ms | 2 +- paper.ms | 96 ++++++++++++++++++++++++++++++++++------------------------- refer | 4 +++ 3 files changed, 60 insertions(+), 42 deletions(-) diff --git a/formatting.ms b/formatting.ms index 45471ae..55532a0 100644 --- a/formatting.ms +++ b/formatting.ms @@ -33,4 +33,4 @@ .fzoom CR 750 .fzoom CB 900 .rm CH -.nr HY 14 +.nr HY 0 diff --git a/paper.ms b/paper.ms index 01a2a89..3f107ac 100644 --- a/paper.ms +++ b/paper.ms @@ -39,7 +39,7 @@ the objective of strengthening national security (cite). Later, the FISA Amendments Act of 2008 further increased increased the powers of law enforcement to access information, such as allowing the Attorney General and Director of National Intelligence to provide information -about individuals outside the United States {House bill FISA}. It was, +about individuals outside the United States {H.R. FISA congress}. It was, however, the PATRIOT Act and FISA Amendments Act that was the justification for large scale surveillance including the records of phone calls of customers of the Verizon network, including calls from @@ -69,7 +69,9 @@ information on terrorists and use this intelligence against terrorists. It is clear that intelligence plays a significant role in counterterrorism. The 9/11 terrorist attacks are seen potentially as a phenomenal failure of intelligence as detailed in The 9/11 Commission -report {#9/11 commission report}, which detailed institutional failures +report {#9/11 commission report}. The report explores the fact that +there was potentially knowledge to indicate a terrorist attack before +September 2001 (chapter 8). The report detailed institutional failures and also emphasised the difficulty and importance of intelligence in counterterrorism {intelligence and national security}. Graham{#CTC terrorists} explores the use of encryption by terrorists which is @@ -142,43 +144,44 @@ and instead focus attention on the giant amounts of data they have for processing in order to make the findings they intend to: be it crime, terrorism, or - as was the case with the Gestapo and Stasi - descent. -As with any technology, regulation has followed behind development in -an attempt to control its limits. Much as automotive regulation +As with any technology, regulation has followed behind technological +development. Just as automotive regulation followed the increase in popularity of cars in areas such as the UK and US, regulation will no doubt follow the newfound popularity of -heavy encryption. There are however, difference in the case of -encryption when compared to cars. The rate of change with modern -technology is far greater. -In the case of encryption regulation will continuously struggle to -control encryption methods due in part to how quickly they change, but -perhaps moreso due to their decentralised nature, where a government +The rate of change with modern +technology, particularly encryption, is far greater than has been seen +in the past. Not only will encryption be difficult to regulate due to +its rapid development, but +perhaps moreso due to its decentralised nature, where a government cannot prevent the existence of software that enables encryption which -is open source and reproducible internationally. Just as media privacy -through torrents and access to hidden services over tor are possible -without significant regulation, regulation of encryption may prove +is open source and reproducible internationally. Just as media piracy +through torrents and access to hidden services over Tor are able to +evade regulation, regulation of encryption may prove impossible. An arguably useful tool to the authorities does exist in the hardware and infrastructure that users of the internet rely on. -Firstly, the vast majority (cite) of users in the foreseeable future -will continue to use the highly popular CPUs designed by Intel. -Concerns have already been expressed {Intel Management portnoy} with regard to -the Intel Management Engine that exists on modern processors produced -by Intel. Should governments chose that backdoor access is essential, -then this presence in hardware around the world alongside an influence -over Intel (a US based company) to give access to governments may -provide them with the ability to access information directly from the -target's hardware rather than having to intercept information in -transit. This would go for other hardware vendors such as AMD or ARM -also. Whether or not companies such as Intel would open backdoors to -governments is up for debate, however we are aware that in the case of +The vast majority (cite) of users in the foreseeable future +will continue to use the highly popular CPUs designed by Intel in the +personal computer space. + +Concerns have already been expressed with regard to +the Intel Management Engine {Intel Management portnoy} that exists on +modern processors produced by Intel. +Arguemnts have been made that the Intel Management Engine already acts +as a backdoor for government agencies (cite), and the potential is +clearly there for US government interests in mass data collection and +SIGINT following 9/11 to lead to the introduction of backdoors in +popular technology. +We are aware that in the case of the Intel Management there was potentially an ability for it to be disabled by US government authorities such as the NSA, demonstrating a level of leverage the US government potentially has over organisations including but not limited to Intel {register kill switch}{intel me bleepingcomputer}. + Regardless of the level of influence governments might or might not hold over private corporations, the potential exists for systems built into non-open hardware which most people, even those -using open software use, leaving them more open to exploitation from +using open software, leaving them more open to exploitation from either state or private actors. Furthermore, there is a visible interest in increasing the presence of technologies on the hardware level, including the aforementioned Intel Management Engine, the @@ -191,10 +194,11 @@ chip manufacturing bill} and Chinese governments (cite) are respectively showing (the US and China are the two largest chip manufacturers (cite, reword)). In light of potential issues with hardware in a privacy sense, there have been developments in `open -hardware'. RISC V is an instruction set for processors, that, opposed -to ARM, Intel, and AMD which are developed in secret, RISC V is an open -standard originating from the University of California, Berkeley (UC -Berkeley). This therefore allows for open source CPU designs, such as +hardware'. + +RISC V is an instruction set for processors from the University of +California, Berkeley; opposed to ARM, Intel, and AMD, RISC V is an open +standard. This allows for open source CPU designs, such as those designed at UC Berkeley, as well as those from other parties, such as Alibaba Group (cite all). A significant amount of existing software has been ported to the RISC V platform (cite) and been @@ -258,19 +262,19 @@ change will take place naturally and many have already started to consider methods for `post-quantum cryptography' (cite). The significant factor however will be regulatory responses to post-quantum cryptographic methods. - - https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet - https://csrc.nist.gov/Projects/post-quantum-cryptography - https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 - https://universitypress.unisob.na.it/ojs/index.php/ejplt/index - https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ + + https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet + https://csrc.nist.gov/Projects/post-quantum-cryptography + https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 + https://universitypress.unisob.na.it/ojs/index.php/ejplt/index + https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ . Once more, the significant research is occurring as aforementioned in the US and in China {quantum research in china}. Both in the US at Google {google supremacy nature} and in China {china quantum advantage}{science photons quantum advantage}. -Is discussion on this useful? +(Is discussion on this useful?) Individuals around the world have clearly expressed interest in matters of privacy and encryption (cite) and open source software allows those with the technical skills to become involved in the @@ -307,10 +311,11 @@ prove willing to fund the activities of surveillance agencies. Furthermore, there are options available to authorities that are regularly made use of. (Give example from Graham) -Modern cryptographic algorithms are `cryptographically secure`; the -underlying theoretical concepts mean that breaking the encryption to -intercept a communication is possible only through a brute-force -attack and is therefore, due to the nature of the algorithm. This +Modern cryptographic algorithms are theoretically secure; the +underlying concepts mean that breaking the encryption to +intercept a communication not possible in a reasonable amount of time +with current computational limits +and is therefore, due to the nature of the algorithm, secure. This however, does not consider implementational flaws. Indeed, implementational flaws are the ways in which modern breaks of algorithms such as RSA (cite) occur, and methods such as timing @@ -320,6 +325,15 @@ all) have the potential to overcome any level of sophistication that cryptographic algorithms may have, and simply give away information such as keys (research, cite). +The executive summary to the 9/11 Commission Report {#9/11 commission +report} describes the September 2001 terrorist attacks as 'a shock, +not a surprise'. In a similar light, the release of information +relating to mass surveillance and mishandling of data such as the 2013 +Edward Snowden releases and the 2018 Facebook-Cambridge Analytica +scandal ought to also be potentially considered a shock, not a +surprise given the level of data that both governments and private +organisations have access to and responsibility for. + .nr HY 0 .ad l Intro diff --git a/refer b/refer index a760478..c8ab15c 100644 --- a/refer +++ b/refer @@ -141,6 +141,10 @@ %O https://www.theregister.com/2022/02/05/us_house_passes_america_competes/ (Accessed 6th February 2022) +%A H.R.3773 +%T 110th Congress (2007-2008): FISA Amendments Act of 2008 +%D (2008) + -- Intel management engine %T Intel's Management Engine is a security hazard, and users need a way to disable it -- cgit v1.2.3 From ad2671533a35746193445fb676862f1d92719f55 Mon Sep 17 00:00:00 2001 From: root Date: Sat, 26 Feb 2022 15:44:39 +0000 Subject: Todos and citations. --- formatting.ms | 10 +++++----- header.html | 3 ++- make | 4 ++-- paper.ms | 27 +++++++++++++++++++-------- refer | 46 +++++++++++++++++++++++++++++++++------------- 5 files changed, 61 insertions(+), 29 deletions(-) diff --git a/formatting.ms b/formatting.ms index 55532a0..201ddf6 100644 --- a/formatting.ms +++ b/formatting.ms @@ -1,15 +1,15 @@ -.nr LL 5.00i -.nr PO 1.65i +.nr LL 5.15i +.nr PO 1.60i .\" top margin -.nr HM 1.0i +.nr HM 1.25i .\" bottom margin -.nr FM 1.0i +.nr FM 1.25i .\" header/footer width .nr LT \n[LL] .\" point size .nr PS 11pt .\" line height -.nr VS 14p +.nr VS 15p .\" paragraph indent .\" .nr PI 0m .\" interparagraph space diff --git a/header.html b/header.html index 2aa6d9b..52234c4 100644 --- a/header.html +++ b/header.html @@ -4,9 +4,10 @@ html { line-height: 1.5; font-family: serif; + font-size: 1.1rem; color: #1a1a1a; background-color: #fdfdfd; - max-width: 70ch; + max-width: 80ch; margin: auto; } body{margin-top:10%} diff --git a/make b/make index b898fff..15b35d4 100755 --- a/make +++ b/make @@ -18,9 +18,9 @@ cat paper.ms|\ # awk '{printf "%s%s", $0, (/)$/ ? "" : ORS)}' |\ cat formatting.ms target/temp |\ groff -Eket -Tpdf -ms -P-pa4 > target/paper.pdf -groff -E -Thtml -ms target/temp |\ +groff -Eket -Thtml -ms target/temp |\ sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\2|g" |\ sed -E "s|^(http[s]?://[^[:space:]]*)|\1|g" |\ sed "1,6d" > target/temp2 cat header.html target/temp2 |\ - sed -E '35 i See this document as a pdf
'> target/paper.html + sed -E '36 i See this document as a pdf
'> target/paper.html diff --git a/paper.ms b/paper.ms index 3f107ac..73af97c 100644 --- a/paper.ms +++ b/paper.ms @@ -15,7 +15,7 @@ decrypted without the necessary keys, which in the case of RSA is ensured by the large primes involved and the current intractability of large prime factorisation. This allows for communication that is practically guaranteed to be private: a relatively new phenomenon in -communications, seen with inventions such as the one-tme pad (cite) +communications, seen with inventions such as the one-tme pad {Rijmenants} (cite) which was cryptographically secure and used by the both the KGB and NSA (cite), beyond the use of the Enigma and Lorentz machines by the Nazis which were both of which were decrypted by cryptanalysis methods @@ -104,7 +104,7 @@ prevent those attempting to evade the law from doing so, as shown in the case of terrorist organisations who have used more obscure software in the past and also in the case of the abundance of illegal activity that occurs on the so called dark web in the form of the -trade of drugs and child pornography among others (cite). Instead the +trade of drugs and child pornography among others {gulati deep web}. Instead the limitation of use of encryption on popular software will only decrease the privacy of those uninterested in criminal activity and instead using technology to communicate. In the case of platforms such as @@ -113,8 +113,8 @@ majority of communications (cite) will not contain anything illegal (reword) and that it is these conversations that will suffer from a lack of encryption. The information exposed by Edward Snowden in 2013 demonstrates that the US government has processed and collected vast -amounts of unencrypted data (cite) and likely continues to do so. In -the case of unencrypted messaging the problem remains and preventing +amounts of unencrypted data (cite) and possibly continues to do so. In +the case of unencrypted communication the problem remains and preventing end to end encryption will simply allow governments to maintain the status quo of being able to intercept and read all communications between its citizens and individuals outside of their jurisdictions. @@ -235,8 +235,15 @@ been in China, where the government has unparalleled control over the flow of information over the internet. This has allowed the filtering of content, prevention from accessing sites, and the blocking of the anonymity network Tor which would allow users to circumvent measures -put in place by the government {firewall} (cite for Tor). (research?: -would such measures even work in western world?) +put in place by the government {firewall}{talbot tor china}{winter +china tor} Whether such draconian measures could even be implemented +in the more democratic West is questionable, but the opportunity +clearly exists for governments to undermine the digital privacy of its +citizens. Any such measures, however, will face scrutiny from the +media and public in Western society and thereby open software such as +Tor is used to share significant amounts of information away from the +observation of law enforcement, allowing illegal activity to occur +{gulati}. In addition, the rate of development in unconventional computing methods is increasing rapidly. Effective quantum computing will @@ -274,7 +281,9 @@ the US and in China {quantum research in china}. Both in the US at Google {google supremacy nature} and in China {china quantum advantage}{science photons quantum advantage}. -(Is discussion on this useful?) +The question must be asked as to whether the discussion of encryption +and surveillance is necessary. + Individuals around the world have clearly expressed interest in matters of privacy and encryption (cite) and open source software allows those with the technical skills to become involved in the @@ -332,7 +341,9 @@ relating to mass surveillance and mishandling of data such as the 2013 Edward Snowden releases and the 2018 Facebook-Cambridge Analytica scandal ought to also be potentially considered a shock, not a surprise given the level of data that both governments and private -organisations have access to and responsibility for. +organisations have access to and responsibility for. Encryption +enables people to trust that their data that they wish to be private +truly is and allows .nr HY 0 .ad l diff --git a/refer b/refer index c8ab15c..e4e418c 100644 --- a/refer +++ b/refer @@ -74,16 +74,12 @@ %D 2014 %J Bulletin of the German Historical Institute %C German Historical Institute Washington DC -%O https://www.ghi-dc.org/fileadmin/publications/Bulletin_Supplement/Supplement_9/supp9.pdf -(Accessed 3rd January 2022) %T Participatory Repression? Reflections on Popular Involvement with the Stasi %A Gary Bruce %D 2014 %J Bulletin of the German Historical Institute %C German Historical Institute Washington DC -%O https://www.ghi-dc.org/fileadmin/publications/Bulletin_Supplement/Supplement_9/supp9.pdf -(Accessed 3rd January 2022) %T N.S.A. Able to Foil Basic Safeguards of Privacy on Web %J The New York Times @@ -114,23 +110,20 @@ %A Peter Baker %D June 2013 %J The New York Times -%O https://www.nytimes.com/2013/06/07/us/nsa-verizon-calls.html -(Accessed 17th February 2022) +%O Accessed online on 17th February 2022 %T NSA collecting phone records of millions of Verizon customers daily %A Glenn Greenwald %D June 2013 %J The Guardian -%O https://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order -(Accessed 17th February 2022) +%O Accessed online on 17th February 2022 %T Anger swells after NSA phone records court order revelations %J The Guardian %D June 2013 %A Dan Roberts %A Spencer Ackerman -%O https://www.theguardian.com/world/2013/jun/06/obama-administration-nsa-verizon-records -(Accessed 17th February 2022) +%O Accessed online on 17th February 2022 -- lawmaking @@ -138,8 +131,7 @@ %J The Register %D Feb 2022 %A Agam Shah -%O https://www.theregister.com/2022/02/05/us_house_passes_america_competes/ -(Accessed 6th February 2022) +%O Accessed online on 6th February 2022 %A H.R.3773 %T 110th Congress (2007-2008): FISA Amendments Act of 2008 @@ -177,6 +169,12 @@ %O https://www.nytimes.com/2018/01/03/business/computer-flaws.html (Accessed 7th February 2022) +%T One-time Pad +%A Dirk Rijmenants +%D date unknown +%O https://www.ciphermachinesandcryptology.com/en/onetimepad.htm +(Accessed 26th February 2022) + -- quantum %T Report on Post-Quantum Cryptography @@ -219,7 +217,7 @@ %T Quantum computational advantage using photons %A Han-Sen Zhong^et^al %D 2020 -%G DOI: 10.1126/science.abe8770 +%O DOI: 10.1126/science.abe8770 %T Google Claims To Achieve Quantum Supremacy — IBM Pushes Back %J NPR @@ -227,3 +225,25 @@ %A Paolo Zialcita %O https://www.npr.org/2019/10/23/772710977/google-claims-to-achieve-quantum-supremacy-ibm-pushes-back . + +%T The Hidden Truth Anonymity in Cyberspace: Deep Web +%D 2018 +%A Saksham Gulati +%A Shilpi Sharma +%A Garima Agarwal +%J Advances in Intelligent Systems and Computing +%V 673 +%P 719–730 +%O DOI: 10.1007/978-981-10-7245-1_70 + +%T China Cracks Down on Tor Anonymity Network +%A David Talbot +%D Oct 2009 +%J MIT Technology Review + +%T How China Is Blocking Tor +%A Philipp Winter +%A Stefan Lindskog +%J Karlstad University +%G arXiv:1204.0447 [cs.CR] +%D Apr 2012 -- cgit v1.2.3 From 48894535390d21794c5232b416759a02c0f4f1d2 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Feb 2022 13:04:04 +0000 Subject: Changes is intro, doing todos/citations --- make | 4 +-- paper.ms | 116 +++++++++++++++++++++++++++++++-------------------------------- refer | 14 ++++++++ 3 files changed, 74 insertions(+), 60 deletions(-) diff --git a/make b/make index 15b35d4..439460f 100755 --- a/make +++ b/make @@ -19,8 +19,8 @@ cat paper.ms|\ cat formatting.ms target/temp |\ groff -Eket -Tpdf -ms -P-pa4 > target/paper.pdf groff -Eket -Thtml -ms target/temp |\ - sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\2|g" |\ - sed -E "s|^(http[s]?://[^[:space:]]*)|\1|g" |\ + sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1Available online|g" |\ + sed -E "s|^(http[s]?://[^[:space:]]*)|Available online|g" |\ sed "1,6d" > target/temp2 cat header.html target/temp2 |\ sed -E '36 i See this document as a pdf
'> target/paper.html diff --git a/paper.ms b/paper.ms index 73af97c..232e75b 100644 --- a/paper.ms +++ b/paper.ms @@ -11,54 +11,53 @@ February 2022 .LP Modern encryption methods allow a level of privacy in communication that has not before been seen: information that is encrypted cannot be -decrypted without the necessary keys, which in the case of RSA is -ensured by the large primes involved and the current intractability of -large prime factorisation. This allows for communication that is +decrypted without the necessary keys, such as with RSA where security +is ensured by the large primes involved and the current intractability +of prime factorisation. This allows for communication that is practically guaranteed to be private: a relatively new phenomenon in -communications, seen with inventions such as the one-tme pad {Rijmenants} (cite) -which was cryptographically secure and used by the both the KGB and -NSA (cite), beyond the use of the Enigma and Lorentz machines by the -Nazis which were both of which were decrypted by cryptanalysis methods -during the Second World War. Today, secure cryptographic methods are -used not only by government backed agencies in preventing or -practising espionage, but by individual citizens who are interested in -their privacy, security, or are simply using a program that happens to -encrypt their communications. Naturally, current availability of -cryptography potentially allows for malicious actors such as criminals -or terrorists to use encryption in order to commit crimes or acts of -terror. -In -response to the threats of encryption and communications technology -generally, governments have often engaged in signals intelligence -(SIGINT) such as phone line tapping. Modern SIGINT initiatives have -become incredibly complex and sophisticated and have grown greatly as -popular adoption of technology has grown. Part of government interest -in SIGINT is a direct response to perceived threads, such as the -PATRIOT Act in the US which followed the 2001 terrorist attacks with -the objective of strengthening national security (cite). Later, the -FISA Amendments Act of 2008 further increased increased the powers of -law enforcement to access information, such as allowing the Attorney -General and Director of National Intelligence to provide information -about individuals outside the United States {H.R. FISA congress}. It was, -however, the PATRIOT Act and FISA Amendments Act that was the -justification for large scale surveillance including the records of -phone calls of customers of the Verizon network, including calls from -the US to other states as well as calls localised entirely within the -US {guardian greenwald verizon}{guardian NSA roberts}{times savage -2013}. State sponsored SIGINT programmes such as that in the US aims -to respond to encryption and other technological developments with the -primary interest of overcoming it in order to prevent terror and -crime. These measures have, however, had arguably limited -effectiveness and have violated the privacy of individuals who are -not suspected of being a threat to national security. Responses to -encryption domestically and internationally will have significant -consequences, given the potential importance of the information being -communicated. Successful SIGINT and cryptanalysis by government -agencies can successfully respond to modern threats of crime and -terror. A failure of responsible governance, however may not only -threaten the privacy of individuals unnecessarily, but also fail to -respond to the ways in which criminals and terrorists are using -encryption existing thereby only as a tool of authoritarian control. +communications, seen with inventions such as the one-tme pad +{Rijmenants} which was cryptographically secure and used by the both +the KGB and NSA (cite), beyond the use of the Enigma and Lorentz +machines by the Nazis which were both of which were decrypted by +cryptanalysis methods during the Second World War. Today, secure +cryptographic methods are used not only by government backed agencies +in preventing or practising espionage, but by individual citizens who +are interested in their privacy, security, or are simply using a +program that happens to encrypt their communications. Naturally, +current availability of cryptography potentially allows malicious +actors such as criminals or terrorists to use encryption in order to +commit crimes or acts of terror. In response to the threats of +encryption and communications technology generally, governments have +engaged in signals intelligence (SIGINT) such as phone line tapping. +Modern SIGINT initiatives have become incredibly complex and +sophisticated and have grown greatly as popular adoption of technology +has grown. Part of government interest in SIGINT is a direct response +to perceived threads, such as the PATRIOT Act in the US which followed +the 2001 terrorist attacks with the objective of strengthening +national security (cite). Later, the FISA Amendments Act of 2008 +further increased increased the powers of law enforcement to access +information, such as allowing the Attorney General and Director of +National Intelligence to gather information about individuals outside +the United States {H.R. FISA congress}. It was, however, the PATRIOT +Act and FISA Amendments Act that was the justification for large scale +surveillance including the government access of phone calls records of +customers of the Verizon network, including calls from the US to other +states as well as calls localised entirely within the US {guardian +greenwald verizon}{guardian NSA roberts}{times savage 2013}. State +sponsored SIGINT programs such as that in the US aims to respond to +encryption and other technological developments with the primary +interest of overcoming it in order to prevent terror and crime. These +measures have, however, had arguably limited effectiveness and have +violated the privacy of individuals who are not suspected of being a +threat to national security. Responses to encryption domestically and +internationally will have significant consequences, given the +potential importance of the information being communicated. Successful +SIGINT and cryptanalysis by government agencies can successfully +respond to modern threats of crime and terror. A failure of +responsible governance, however may not only threaten the privacy of +individuals unnecessarily, but also fail to respond to the ways in +which criminals and terrorists are using encryption existing thereby +only as a tool of authoritarian control. An argument is often made against allowing widespread use of encryption and generally against widespread effective operations @@ -191,19 +190,20 @@ variety of hardware within a single computer is a rather interesting and potentially worrying development, particularly with the clear level influence, interest, and competitiveness both the US {US House chip manufacturing bill} and Chinese governments (cite) are -respectively showing (the US and China are the two largest chip -manufacturers (cite, reword)). In light of potential issues with +respectively showing. In light of potential issues with hardware in a privacy sense, there have been developments in `open hardware'. -RISC V is an instruction set for processors from the University of -California, Berkeley; opposed to ARM, Intel, and AMD, RISC V is an open -standard. This allows for open source CPU designs, such as +RISC-V is an instruction set for processors from the University of +California at Berkeley; opposed to ARM, Intel, and AMD, RISC-V is an open +standard {case for RISC-V}. This allows for open source CPU +implementatios, such as those designed at UC Berkeley, as well as those from other parties, -such as Alibaba Group (cite all). A significant amount of existing -software has been ported to the RISC V platform (cite) and been -implemented commercially by companies such as Google, for a security -module in the `Pixel 6' smartphone (cite). This attention and interest +such as Alibaba Group {chen risc}. A significant amount of existing +software has been ported to the RISC-V platform (cite) and alongisde +the Alibaba implementation for data centres the standard has been used +by Google for a security +module in the 'Pixel 6' smartphone (cite). This attention and interest in the technology potentially indicates a shift in attitude and want for more open hardware and a general concern for the source of computing equipment. Examples, such as a laptop created by the @@ -213,7 +213,7 @@ media coverage (cite) further show an interest from the public in open hardware. An argument can be made that such projects are for niche interest groups only, and that such solutions will never see the commercial success seen by the larger, non-open manufacturers such as -Intel and ARM, however clear adoption of standards such as RISC V by +Intel and ARM, however clear adoption of standards such as RISC-V by large institutions (cite) as well as the clear interest the public have demonstrated in commercially available open solutions (research, cite) demonstrate quite the opposite: that open hardware will continue @@ -292,7 +292,7 @@ state surveillance. Measures taken by governments to prevent this development will doubtless be limited unless extreme actions such as those seen in China are taken. Otherwise, development will continue to occur in both free and non free societies in support of individual -freedoms. The assertion of `Linus' law` that "given enough eyeballs, +freedoms. The assertion of "Linus' law" that , "given enough eyeballs, all bugs are shallow" (cite - CathBaz) creates a serious inability for actors such as governments to engineer backdoors into software as the NSA previously has (cite) or to prevent the development of diff --git a/refer b/refer index e4e418c..fbe658e 100644 --- a/refer +++ b/refer @@ -247,3 +247,17 @@ %J Karlstad University %G arXiv:1204.0447 [cs.CR] %D Apr 2012 + +%A Chen Chen^et^al +%T Xuantie-910: A Commercial Multi-Core 12-Stage Pipeline Out-of-Order 64-bit High Performance RISC-V Processor with Vector Extension +%D 2020 +%J ACM/IEEE 47th Annual International Symposium on Computer Architecture (ISCA) +%O DOI: 10.1109/isca45697.2020.00016 + +%T Instruction Sets Should Be Free: The Case For RISC-V +%A Krste Asanović +%A David A. Patterson +%J Electrical Engineering and Computer Sciences +%C University of California at Berkeley +%R UCB/EECS-2014-146 +%D Aug 2014 -- cgit v1.2.3 From 5b9185cf3fb178999fdec96d1d6e012afa0790b1 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 27 Feb 2022 21:28:08 +0000 Subject: Todos: quantum --- paper.ms | 21 ++++++++------------- refer | 19 +++++++++++++++++++ 2 files changed, 27 insertions(+), 13 deletions(-) diff --git a/paper.ms b/paper.ms index 232e75b..d326b73 100644 --- a/paper.ms +++ b/paper.ms @@ -247,31 +247,26 @@ observation of law enforcement, allowing illegal activity to occur In addition, the rate of development in unconventional computing methods is increasing rapidly. Effective quantum computing will -mean that existing popular cryptographic algorithms such as RSA will -no longer be secure due to the potential for computations that would -take unreasonable amounts of time on classical computers to be solved -quickly (reword) such as prime factorisation on which RSA encryption -relies {lily chen quantum}. RSA encryption is currently in use for -applications such as private communications and digital signatures. +mean that existing popular cryptographic algorithms such as RSA, which +is used for communications and digital signatures, would no longer be +secure {lily chen quantum}. Significant research such as at IBM in recent years (cite) has shown feasibility in current ideas surrounding quantum computing and promising results in development towards quantum supremacy and in the future the breakdown of current cryptographic methods. -Indeed, there -have already been claims to quantum supremacy in recent years (recent -years -- overused phrase), suggesting that quantum computers will soon +Indeed, there have been recent claims to quantum supremacy, +suggesting that quantum computers will soon become powerful enough to start making current encryption methods -obselete. Although this will be no overnight transformation, changes +obselete. Although this will not be an overnight transformation, changes will be made by those implementing cryptography, both in the open source space and in industry, as well as in government where government agencies must act in order to protect their data. This change will take place naturally and many have already started to -consider methods for `post-quantum cryptography' (cite). The +consider methods for `post-quantum cryptography' {nist alagic}. The significant factor however will be regulatory responses to -post-quantum cryptographic methods. +post-quantum cryptographic methods. https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet - https://csrc.nist.gov/Projects/post-quantum-cryptography https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 https://universitypress.unisob.na.it/ojs/index.php/ejplt/index https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ . diff --git a/refer b/refer index fbe658e..55383ed 100644 --- a/refer +++ b/refer @@ -225,6 +225,25 @@ %A Paolo Zialcita %O https://www.npr.org/2019/10/23/772710977/google-claims-to-achieve-quantum-supremacy-ibm-pushes-back . +%T Status Report on the Second Round of the NIST Post-Quantum Cryptography Standardization Process +%D July 2020 +%J National Institute of Standards and Technology +%R NISTIR 8309 +%O DOI: 10.6028/NIST.IR.8309 +%A Gorjan Alagic +%A Jacob Alperin-Sheriff +%A Daniel Apon +%A David Cooper +%A Quynh Dang +%A John Kelsey +%A Yi-Kai Liu +%A Carl Miller +%A Dustin Moody +%A Rene Peralta +%A Ray Perlner +%A Angela Robinson +%A Daniel Smith-Tone + %T The Hidden Truth Anonymity in Cyberspace: Deep Web %D 2018 -- cgit v1.2.3 From 9bd5954621df161652a8ea63fad8d8cf216ea543 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Mar 2022 00:00:30 +0000 Subject: Adding on quantum. Editing. 3500 words. --- formatting.ms | 2 +- make | 3 --- paper.ms | 86 ++++++++++++++++++++++++++++++++++++++++++----------------- refer | 30 +++++++++++++++++++++ 4 files changed, 93 insertions(+), 28 deletions(-) diff --git a/formatting.ms b/formatting.ms index 201ddf6..f19df16 100644 --- a/formatting.ms +++ b/formatting.ms @@ -33,4 +33,4 @@ .fzoom CR 750 .fzoom CB 900 .rm CH -.nr HY 0 +.nr HY 14 diff --git a/make b/make index 439460f..234ceee 100755 --- a/make +++ b/make @@ -13,9 +13,6 @@ cat paper.ms|\ sed "s/)(?!.*\.)/) /g" |\ perl -0pe 's/\nREMOVEME//g' |\ tr "^" " "> target/temp -#sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\n.pdfhref W -D \"\2\" -A -- \2\n|g" |\ -#sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\n.pdfhref W \2\n|g" -# awk '{printf "%s%s", $0, (/)$/ ? "" : ORS)}' |\ cat formatting.ms target/temp |\ groff -Eket -Tpdf -ms -P-pa4 > target/paper.pdf groff -Eket -Thtml -ms target/temp |\ diff --git a/paper.ms b/paper.ms index d326b73..1824926 100644 --- a/paper.ms +++ b/paper.ms @@ -106,11 +106,8 @@ activity that occurs on the so called dark web in the form of the trade of drugs and child pornography among others {gulati deep web}. Instead the limitation of use of encryption on popular software will only decrease the privacy of those uninterested in criminal activity and instead -using technology to communicate. In the case of platforms such as -Instagram (which is owned by Facebook) it is quite clear that the vast -majority of communications (cite) will not contain anything illegal -(reword) and that it is these conversations that will suffer from a -lack of encryption. The information exposed by Edward Snowden in 2013 +using technology to communicate. +The information exposed by Edward Snowden in 2013 demonstrates that the US government has processed and collected vast amounts of unencrypted data (cite) and possibly continues to do so. In the case of unencrypted communication the problem remains and preventing @@ -229,14 +226,21 @@ metadata (cite?) may no longer be effective, thereby potentially preventing such investigation to occur. For governments, this is arguably the result of such heavy surveillance in the first place. It is clear that knowledge such as the 2013 Snowden leaks had an impact -on the public (cite), and that people are therby more interested in -their privacy and preventing surveillance. The exception to this has -been in China, where the government has unparalleled control over the +on the public (cite), and people are therby more interested in +their privacy and preventing surveillance. Around the world +individuals use tools to increase their privacy and anonymity when +using the internet, as well as to overcome censorship of information +by governments. A major exception to the availability of the free +Internet has been +China, where the government has unparalleled control over the flow of information over the internet. This has allowed the filtering of content, prevention from accessing sites, and the blocking of the anonymity network Tor which would allow users to circumvent measures put in place by the government {firewall}{talbot tor china}{winter -china tor} Whether such draconian measures could even be implemented +china tor}. Measures in China have enabled the government to tightly +control and monitor the flow of information via the Internet; ensuring +that citizens can only access that which the ruling part should allow. +Whether such draconian measures could even be implemented in the more democratic West is questionable, but the opportunity clearly exists for governments to undermine the digital privacy of its citizens. Any such measures, however, will face scrutiny from the @@ -247,8 +251,8 @@ observation of law enforcement, allowing illegal activity to occur In addition, the rate of development in unconventional computing methods is increasing rapidly. Effective quantum computing will -mean that existing popular cryptographic algorithms such as RSA, which -is used for communications and digital signatures, would no longer be +result in existing popular cryptographic algorithms such as IRSA, which +is used for communications and digital signatures, no longer being secure {lily chen quantum}. Significant research such as at IBM in recent years (cite) has shown feasibility in current ideas surrounding quantum computing and @@ -262,19 +266,49 @@ will be made by those implementing cryptography, both in the open source space and in industry, as well as in government where government agencies must act in order to protect their data. This change will take place naturally and many have already started to -consider methods for `post-quantum cryptography' {nist alagic}. The -significant factor however will be regulatory responses to -post-quantum cryptographic methods. +consider methods for post-quantum cryptography {nist alagic}. +Regulatory considerations about post-quantum cryptography are already +being made and arguments can be made that regulation should be written +that institutes standards and requirements in order to prepare for a +future with effective quantum computing {bruno post quantum}. Once +more, however an issue reveals itself with the speed of regulatory +change and the progress of technology. Changes will likely be made by +open software in order to maintain secure encryption, such as those +used by the open source web servers to encrypt Interet traffic, as +well as by large corporations such as Microsoft which provides +software used by many businesses and individuals. An issue may exist +in software that is less popular and legacy software which may not be +open to the scrutiny of open software and may lead to +vulnerabilities. Furthermore, the usage of post-quantum cryptography +by the public and the potential that it may help terrorists and +criminals to communicate might not be addressed in a significant way. +The issue of regulation being insufficient may further be realised by +post-quantum cryptography due to its open nature: the US National +Institute of Standards and Technology (NIST) made a public request for +nominations of post-quantum cryptographic algorithms (cite), leading +to standards that will clearly influence future lawmaking (cite). +(reword last few sentences) This adoption of open processes and the +open auditing and implementation of future cryptographic standards is +most striking when compared with the \fIDual_EC_DRBG\fR algorithm. +This algorithm, which contained a vulnerability was included in NIST +standards. This vulnerability allowed the NSA to potentially decrypt +Internet traffic such as emails (cite). The NSA also allegedly paid +the firm RSA Security in order to implement the algorith with backdoor in its +popular security products {menn nsa contract} and although the NSA +denies wrongdoing there was clearly NSA involvement with the company +that remains significant in the enterprise security space {goodin rsa +denial}{perlroth government}. - https://www.natlawreview.com/article/preparing-post-quantum-migration-race-to-save-internet - https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/download/1225/665 - https://universitypress.unisob.na.it/ojs/index.php/ejplt/index - https://www.meritalk.com/articles/reps-khanna-mace-developing-quantum-computing-bill-to-secure-fed-data/ . +Dual EC DRBG + !! https://wikiless.org/wiki/Dual_EC_DRBG + https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 + https://web.archive.org/web/20131223121638/http://blogs.rsa.com/news-media-2/rsa-response/ -Once more, the significant research is occurring as aforementioned in +Significant research is occurring as aforementioned in the US and in China {quantum research in china}. Both in the US at Google {google supremacy nature} and in China {china quantum -advantage}{science photons quantum advantage}. +advantage}{science photons quantum advantage} at a university claims +of `quantum supremacy' have been made. The question must be asked as to whether the discussion of encryption and surveillance is necessary. @@ -373,9 +407,8 @@ Government https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html - !! https://wikiless.org/wiki/Dual_EC_DRBG - https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 - https://web.archive.org/web/20131223121638/http://blogs.rsa.com/news-media-2/rsa-response/ + + https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html Leahy Law @@ -404,4 +437,9 @@ Surveillance crowd supply boosts open hardware: linux magazine -{firewall} +https://ooni.org/post/2021-italy-blocks-gutenberg-book-publishing-website/#findings +https://ooni.org/post/2021-how-signal-private-messenger-blocked-around-the-world/ +https://ooni.org/post/2021-russia-blocks-tor/ + +https://www.openrightsgroup.org/ + diff --git a/refer b/refer index 55383ed..fc3a797 100644 --- a/refer +++ b/refer @@ -244,6 +244,14 @@ %A Angela Robinson %A Daniel Smith-Tone +%J European Journal of Privacy Law & Technologies +%D 2021 +%N 1 +%T Post-quantum encryption and privacy regulation: Can the law keep pace with technology? +%A Luigi Bruno +%A Isabella Spano +%O https://universitypress.unisob.na.it/ojs/index.php/ejplt/article/view/1225 + %T The Hidden Truth Anonymity in Cyberspace: Deep Web %D 2018 @@ -280,3 +288,25 @@ %C University of California at Berkeley %R UCB/EECS-2014-146 %D Aug 2014 + + +%T Exclusive: Secret contract tied NSA and security industry pioneer +%A Joseph Menn +%J Reuters +%D Dec 2013 +%O https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 +(Accessed 5 March 2022) + +%T RSA issues non-denying denial of NSA deal to favor flawed crypto code +%J Ars Technica +%A Dan Goodin +%D Dec 2013 +%O https://arstechnica.com/information-technology/2013/12/rsa-issues-non-denying-denial-of-nsa-deal-to-favor-flawed-crypto-code/ +(Accessed 5 March 2022) + +%T Government Announces Steps to Restore Confidence on Encryption Standards +%A Nicole Perlroth +%D September 2013 +%J The New York Times +%O https://bits.blogs.nytimes.com/2013/09/10/government-announces-steps-to-restore-confidence-on-encryption-standards/ +(Accessed 5 March 2022) -- cgit v1.2.3 From 83e343d039a9bd3b92f1ba50d2630228761de330 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Mar 2022 20:49:30 +0000 Subject: Adding to conclusion. --- paper.ms | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/paper.ms b/paper.ms index 1824926..76d6d5d 100644 --- a/paper.ms +++ b/paper.ms @@ -367,12 +367,22 @@ The executive summary to the 9/11 Commission Report {#9/11 commission report} describes the September 2001 terrorist attacks as 'a shock, not a surprise'. In a similar light, the release of information relating to mass surveillance and mishandling of data such as the 2013 -Edward Snowden releases and the 2018 Facebook-Cambridge Analytica -scandal ought to also be potentially considered a shock, not a -surprise given the level of data that both governments and private -organisations have access to and responsibility for. Encryption -enables people to trust that their data that they wish to be private -truly is and allows +Edward Snowden releases ought to also be potentially considered a +shock, not a surprise given the level of data that both governments +and private organisations have access to and responsibility for. +Encryption enables people to trust that their data that they wish to +be private truly is and allows companies to handle communications +such as e-mails without having to consider secure storage or giving +data to law enforcement due to the fact the company itself is unable +to read the data if it is end-to-end encrypted. The free market +arguably has moved itself towards encrypted standards. Open source +initiatives have pioneered free implementations of secure +cryptographic standards, allowing any user to use these tools directly +in order to send information, as occurs with the popular PGP +implementation GPG. Additionaly the open implementation of +cryptographic tools enables developers to integrate secure versions of +these tools into new programs, allowing for the easy development of +programs that allow encrypted communications. .nr HY 0 .ad l -- cgit v1.2.3 From 7f1ae8896a11ce13972ad48ea04951a5c4a95627 Mon Sep 17 00:00:00 2001 From: root Date: Sun, 6 Mar 2022 23:04:21 +0000 Subject: Adding to conclusion. 3800 words. --- formatting.ms | 2 +- paper.ms | 24 +++++++++++++++++++++++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/formatting.ms b/formatting.ms index f19df16..7be9eda 100644 --- a/formatting.ms +++ b/formatting.ms @@ -1,5 +1,5 @@ .nr LL 5.15i -.nr PO 1.60i +.nr PO 1.55i .\" top margin .nr HM 1.25i .\" bottom margin diff --git a/paper.ms b/paper.ms index 76d6d5d..ba567af 100644 --- a/paper.ms +++ b/paper.ms @@ -382,7 +382,29 @@ in order to send information, as occurs with the popular PGP implementation GPG. Additionaly the open implementation of cryptographic tools enables developers to integrate secure versions of these tools into new programs, allowing for the easy development of -programs that allow encrypted communications. +programs that allow encrypted communications. The demand for +cryptography in less popular open source applications is arguably +expected, yet there is nonetheless widespread adoption in more popular +software and proprietry software. Companies such as Facebook have +pushed for end to end encryption in their products and the software +industry at large has adopted encrypted standards such as HTTPS. There +are seemingly two sources of resistance to fully encryted +communications. The first of these is the largest, which is government +intervention. Government positions around the world which are opposed +to encryption seemingly have double standards. Just as the Enigma and +Lorentz machines were critical to the Nazi war effort in order to +conduct critical communications and the breaking of those ciphers were +critical to the Allies, encryption remains critical to government +communications and state sponsored espionage. Governments maintain up +to date cryptographic systems in order to keep their own +communications secure, yet fight hard against encryption in the name +of national security and to fight crime. In some ways this is a valid +argument: wide availability to cryptography arguably lowers the +barrier to entry for terror or cime and reduces the ability law +enforcement has to deal with it. Nonetheless, it seems that reducing +the availability of encryption to the pubic would not decrease the +opportunity for criminals or terrorists to do harm (todo - discuss +earlier). .nr HY 0 .ad l -- cgit v1.2.3