From 3333798c75f587b6445156d3597c6d181e52b1ad Mon Sep 17 00:00:00 2001 From: root Date: Fri, 1 Apr 2022 19:55:55 +0100 Subject: Proofreadin --- formatting.ms | 2 +- paper.ms | 40 ++++++++++++++++++++++------------------ 2 files changed, 23 insertions(+), 19 deletions(-) diff --git a/formatting.ms b/formatting.ms index 06eb11a..48e2f41 100644 --- a/formatting.ms +++ b/formatting.ms @@ -1,7 +1,7 @@ .nr LL 5.15i .nr PO 1.55i .\" top margin -.nr HM 1.25i +.nr HM 1.00i .\" bottom margin .nr FM 1i .\" header/footer width diff --git a/paper.ms b/paper.ms index f882d18..17a6a46 100644 --- a/paper.ms +++ b/paper.ms @@ -336,9 +336,9 @@ that remains significant in the enterprise security space {goodin rsa denial}{perlroth government}. Individuals around the world have clearly expressed interest in -matters of privacy and encryption (cite) and open source software +matters of privacy and encryption and open source software allows those with the technical skills to become involved in the -development of technology that enables strong encryption and avoids +development of technology that enables strong encryption and overcomes state surveillance. Measures taken by governments to prevent this development will doubtless be limited unless extreme actions such as those seen in China are taken. Otherwise, development will continue to @@ -349,18 +349,30 @@ for actors such as governments to engineer backdoors into software as the NSA previously has (cite) or to prevent the development of software altogether (find example). On the other hand, the vast majority of the software and hardware used by the general public is -proprietary. +proprietary. For many, this will continue to be the norm. Yet, the +pressure from increasing popular open source software will continue to +mount. The open source messaging platform \[oq]Signal\[cq] offers a +security oriented product and publishes requests they receive from +courts and law enforcement alongside their replies online (cite). +Demonstrating their respect for user privacy and that they are unable +to release data as they do not collect it is perhaps something that +users are finding more appealing. Indeed, when Apple refused to unlock +a phone for the FBI following a terrorist attack (cite) it gained +significant media attention and demonstrated that the defence of users +privacy was a virtue for modern businesses, regardless of the fact +that the FBI was able to unlock the phone independently which is +rather overlooked. The discussion of encryption and related technologies has arguably limited impact. State actors such as the NSA will continue to act against individual freedoms and attempt to find or introduce backdoors in technology that is widely used as part of its actions purportedly -in the interest of `national security`. Although public reactions to +in the interest of national security. Although public reactions to information such as the 2013 Edward Snowden releases have been very strong, they have not had significant effects on legislature, the funding received by the NSA, and quite possibly the level of -surveillance carried out by the NSA (cite all). Thus, from recent -history, discussions in public or private spheres are unlikely to +surveillance carried out by the NSA. Thus, +discussions in public or private spheres are unlikely to influence decisions made inside already secretive agencies where governments are ready to except that sacrifices must be made for the greater good. Of course, the issue arises when surveillance exists @@ -369,12 +381,10 @@ indiscriminate surveillance is carried out on citizens not suspected of any criminal or terrorist activity such as the Optic Nerve program in the United Kingdom (cite), however governments nonetheless prove willing to fund the activities of surveillance agencies. -Furthermore, there are options available to authorities that are -regularly made use of. (Give example from Graham) Modern cryptographic algorithms are theoretically secure; the underlying concepts mean that breaking the encryption to -intercept a communication not possible in a reasonable amount of time +intercept a communication is not possible in a reasonable amount of time with current computational limits and is therefore, due to the nature of the algorithm, secure. This however, does not consider implementational flaws. Indeed, @@ -382,11 +392,11 @@ implementational flaws are the ways in which modern breaks of algorithms such as RSA (cite) occur, and methods such as timing attacks (cite) and voltage level analysis attacks, as well as memory attacks (cold boot, rubber hose ...) (do some light explaining) (cite -all) have the potential to overcome any level of sophistication that +all) have the potential to overcome any level of theoretical sophistication that cryptographic algorithms may have, and simply give away information such as keys (research, cite). In addition to this, there can be implementational issues in hardware, such as the recent Spectre -vulnerability which was discovered in 2018 and which revealed data to +vulnerability which was discovered in 2018; revealing data to an attacker due to speculative execution which speeds up processing in modern processors. The vulnerability allowed for the attack of cryptographic implementations such as GPG. This is potentially even @@ -447,11 +457,6 @@ earlier). .nr HY 0 .ad l -Cryptography - https://wikiless.org/wiki/Kerckhoffs%27s_principle?lang=en - Timing Attacks - RSA - IME/Pluton -- backdoors https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/ @@ -462,8 +467,6 @@ Heatbleed (2014) (occured in open source software) Government https://rules.house.gov/bill/117/hr-4521 . - https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ . - Privacy Apple and App Tracking Transparency https://www.flurry.com/blog/ios-14-5-opt-in-rate-att-restricted-app-tracking-transparency-worldwide-us-daily-latest-update/ @@ -473,6 +476,7 @@ crowd supply boosts open hardware: linux magazine https://ooni.org/post/2021-italy-blocks-gutenberg-book-publishing-website/#findings https://ooni.org/post/2021-how-signal-private-messenger-blocked-around-the-world/ +https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ https://ooni.org/post/2021-russia-blocks-tor/ . https://www.openrightsgroup.org/ -- cgit v1.2.3