From 505a542168c42964d8ad47d227cb5d0bf6e4a2d4 Mon Sep 17 00:00:00 2001 From: root Date: Thu, 10 Feb 2022 00:00:22 +0000 Subject: Remove old introduction. Implementation of encryption. 2000 words. --- Makefile | 12 ++- formatting.ms | 6 +- paper | 266 ---------------------------------------------------------- paper.ms | 259 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 270 insertions(+), 273 deletions(-) delete mode 100644 paper create mode 100644 paper.ms diff --git a/Makefile b/Makefile index acb49fa..85dca22 100644 --- a/Makefile +++ b/Makefile @@ -1,12 +1,16 @@ default: pdf build: ls -1 | grep target || mkdir target - wc paper - cat paper|\ + wc paper.ms + cat paper.ms|\ sed "s/^{/.[\n/g" |\ sed "s/}{/\n.]\n.[\n/g" |\ sed "s/{/\n.[\n/g" | sed "s/\}\ /\n.]\n/g" | sed "s/\}/\n.]\n/g" |\ - refer -Ss -p refer | tr "^" " "> target/temp + refer -C -Ss -p refer |\ + tr "^" " "> target/temp + #sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\n.pdfhref W -D \"\2\" -A -- \2\n|g" |\ + #sed -E "s|([^\"\'\>=])(http[s]?://[^[:space:]]*)|\1\n.pdfhref W \2\n|g" |\ + pdf: build cat formatting.ms target/temp |\ groff -ket -Tpdf -ms -P-pa4 > target/paper.pdf @@ -16,6 +20,8 @@ html: build groff -Tascii -c -ms |\ sed "1,2d" | ansi2html -piml >> target/paper.html echo "" >> target/paper.html +read: + zathura target/paper.pdf& clean: rm -rf target install: pdf html diff --git a/formatting.ms b/formatting.ms index dd372f5..45471ae 100644 --- a/formatting.ms +++ b/formatting.ms @@ -1,7 +1,5 @@ -.\" text width -.nr LL 5.25i -.\" left margin -.nr PO 1.525i +.nr LL 5.00i +.nr PO 1.65i .\" top margin .nr HM 1.0i .\" bottom margin diff --git a/paper b/paper deleted file mode 100644 index 19a249a..0000000 --- a/paper +++ /dev/null @@ -1,266 +0,0 @@ -.R1 -short-label D.y -sort spec -.R2 -.TL -Title -.AU -Mohit Agarwal -.AI -February 2022 -.LP -A problem (instability), a solution - -is this a fair question to argue - -What does the future hold for encryption? - -topic sentences? - -Ars technica: seek alternate source - -Symbol, slogan, surprise, salient (sticks out), story - -The Internet offers an arguably Utopian communication method. The -nature of computers and the information stored on them means that data -such as a book or film can be duplicated practically instantly. When -sharing information on the Internet, the physical limitations of -traditional methods do not apply. To give someone a book is either to -lose the copy yourself or to obtain or to produce another physical -copy of that book. With the Internet, however, information can exist -in a more absolute state, separated entirely from any physical media. -Millions of people can download a single book as easily as one person -could, and the traditional limitations that lead us to 'own' -individual property no longer exist. In this way, the Internet -eliminates the ownership of information in whatever forms it -perpetuated through the attachment of information to media such as -books or celluloid film, and the copying of information can take place -in its purest state: of literal information, and then being stored as -pure information, although on a physical media such as a hard drive, -for all meaningful reasons (due to the large capacities and low cost -of modern drives) unattached to anything physical whatsoever. Although -this was true for other methods of sharing information, such as -through radio broadcasts, information received via the Internet can be -easily stored, processed, and accessed at any time, as well as giving -anyone the ability to broadcast their own information rather than -receive it, as usage of broadcasting towers was and remains limited, -whereas the internet may be used to present new information by anyone. -A key example of this might be Wikipedia. Wikipedia allows individuals -to contribute to entries that form a vast encyclopedia. - -The way we respond to encryption as a society will clearly be -significant, and the success of government responses to encryption in -relation to issues such as terror and crime are rather significant. A -failure of effective response could allow terrorism to occur in ways -previously unseen, however an overreaction threatens people's civil -liberties and could easily be exploited for reasons other than -prevention of crime and terror. The successes and failures of -government responses can be judged in various ways. - -.IP i. 5 -To what extent does encryption enable either crime or terror? -.IP ii. 5 -Does the increased mainstream adoption of encryption better enable -crime or terror? -.IP iii. 5 -Is combatting encryption an effective way to combat crime/terror? -.LP - -An argument is often made against digital privacy in the interest of -national security. With access to communications and usage history law -enforcement and government can quickly discover large amounts of -information useful in a criminal investigation or in preventing -criminal activity. Graham{#CTC terrorists} explores the use of -encryption by terrorists which is often cited in a reason for giving -governments access to unencrypted Internet communications so that -suspicious activity can be flagged and investigated in order to -prevent a terror attack or in order to better respond in the case of -an attack. Graham describes the extensive use of end to end encryption -used by terrorists in order to avoid interception by the authorities. -Due to US usage of intercepted communications to uncover and prevent a -number of al-Qa'ida plots, the terrorist organisation and other -terrorist groups have increasingly used encrypted communications (read -citation from Graham). An significant factor is the use of -non-mainstreams software in early use of encryption by terrorists, -including a program that built a wrapper around the popular, secure, -and open source PGP called \fIMujahedeen secrets\fR. Although now -terrorists and criminals use widely available, popular, and -user-friendly software such as the Tails operating system or Telegram -(Graham citation 28), terrorists organisations have shown an ability -to make use of more obscure and complicated systems, as well as use -publicly available source code in order to construct software for -operatives to use. - -Although the issue of popular messaging technologies and their support -for 'end-to-end encryption' is often discussed, the argument that the -introduction of end-to-end encryption by large companies such as -Facebook gives an advantage to criminals {conversation Facebook}{home -office} is arguably an entirely invalid one. By preventing the usage -of true end-to-end encryption in industry, we will not be able to -prevent those attempting to evade the law from doing so, as shown in -the case of terrorist organisations who have used more obscure -software in the past and also in the case of the abundance of illegal -activity that occurs on the so called dark web in the form of the -trade of drugs and child pornography among others (cite). Instead the -limitation of use of encryption on popular software will only decrease -the privacy of those uninterested in criminal activity and instead -using technology to communicate. In the case of platforms such as -Instagram (which is owned by Facebook) it is quite clear that the vast -majority of communications (cite) will not contain anything illegal -(reword) and that it is these conversations that will suffer from a -lack of encryption. The information exposed by Edward Snowden in 2013 -demonstrates that the US government has processed and collected vast -amounts of unencrypted data (cite) and likely continues to do so. In -the case of unencrypted messaging the problem remains and preventing -end to end encryption will simply allow governments to maintain the -status quo of being able to intercept and read all communications -between its citizens and individuals outside of their jurisdictions. - -In order to conduct the vast amounts of surveillance they did in the -GDR (German Democratic Republic) in support of the ruling party -{Jarausch}, the Stasi gathered information from a vast network of -informants who greatly outnumbered Stasi agents {Bruce 2014}. Whilst -in Nazi Germany there may have been around one Gestapo agent for every -2300 citizens, in the GDR it was closer to one informant or officer for -every 63 citizens. Those living in the GDR often had experiences -involving investigation by the Stasi and there was clearly an -understanding amongst citizens {funder} of the GDR that one had to be -wary of an informant or agent listening in. In modern western society -there is a similar collective understanding that governments -attempting to carry out surveillance on a massive scale on their own -citizens. A key distinction, however, is that in societies such as the -UK, this work is not carried out by a vast network of informants, -there are no gargantuan gargantuan stores of paper, and there are no -hundreds of miles of film (cite all) documenting and aiding the -surveillance of the authorities. Instead, the level of surveillance -that large, secretive groups of individuals once had to carry out in -order to enable a surveillance state can be performed instead through -bureaucracies and technological methods. In modern times, governments -can operate with a very limited number of operatives `on the ground`, -and instead focus attention on the giant amounts of data they have for -processing in order to make the findings they intend to: be it crime, -terrorism, or - as was the case with the Gestapo and Stasi - descent. - -As with any technology, regulation has followed behind development in -an attempt to control its limits. Much as automotive regulation -followed the increase in popularity of cars in areas such as the UK -and US, regulation will no doubt follow the newfound popularity of -heavy encryption. There are however, difference in the case of -encryption when compared to cars. The rate of change with modern -technology is far greater. There are already discussions about quantum -computers and their potential to overcome current encryption methods. -In the case of encryption regulation will continuously struggle to -control encryption methods due in part to how quickly they change, but -perhaps moreso due to their decentralised nature, where a government -cannot prevent the existence of software that enables encryption which -is open source and reproducible internationally. Just as media privacy -through torrents and access to hidden services over tor are possible -without significant regulation, regulation of encryption may prove -impossible. An arguably useful tool to the authorities does exist in -the hardware and infrastructure that users of the internet rely on. -Firstly, the vast majority (cite) of users in the foreseeable future -will continue to use the highly popular CPUs designed by Intel. -Concerns have already been expressed {Intel Management portnoy} with regard to -the Intel Management Engine that exists on modern processors produced -by Intel. Should governments chose that backdoor access is essential, -then this presence in hardware around the world alongside an influence -over Intel (a US based company) to give access to governments may -provide them with the ability to access information directly from the -target's hardware rather than having to intercept information in -transit. This would go for other hardware vendors such as AMD or ARM -also. Whether or not companies such as Intel would open backdoors to -governments is up for debate, however we are aware that in the case of -the Intel Management there was potentially an ability for it to be -disabled by US government authorities such as the NSA, demonstrating a -level of leverage the US government potentially has over organisations -including but not limited to Intel {register kill switch}{intel me -bleepingcomputer}. -Regardless of the level of influence governments might or -might not hold over private corporations, the potential exists for -systems built into non-open hardware which most people, even those -using open software use, leaving them more open to exploitation from -either state or private actors. Furthermore, there is a visible -interest in increasing the presence of technologies on the hardware -level, including the aforementioned Intel Management Engine, the -Trusted Platform Module (cite), and recently Microsoft's Pluton (cite) -subsystem, which will be present on hardware sold in the future. This -variety of hardware within a single computer is a rather interesting -and potentially worrying development, particularly with the clear -level influence, interest, and competitiveness both the US {US House -chip manufacturing bill} and Chinese governments (cite) are -respectively showing (the US and China are the two largest chip -manufacturers (cite, reword)). - -Is discussion on this useful? -Individuals around the world have clearly expressed interest in -matters of privacy and encryption (cite) and open source software -allows those with the technical skills to become involved in the -development of technology that enables strong encryption and avoids -state surveillance. Measures taken by governments to prevent this -development will doubtless be limited unless extreme actions such as -those seen in China are taken. Otherwise, development will continue to -occur in both free and non free societies in support of individual -freedoms. The assertion of `Linus' law` that "given enough eyeballs, -all bugs are shallow" (cite - CathBaz) creates a serious inability -for actors such as governments to engineer backdoors into software as -the NSA previously has (cite) or to prevent the development of -software altogether (find example). On the other hand, a significant -amount of the software and hardware - -The discussion of encryption and related technologies has arguably -limited impact. State actors such as the NSA will continue to act -against individual freedoms and attempt to find or introduce backdoors -in technology that is widely used as part of its actions purportedly -in the interest of `national security`. Although public reactions to -information such as the 2013 Edward Snowden releases have been very -strong, they have not had significant effects on legislature, the -funding received by the NSA, and quite possibly the level of -surveillance carried out by the NSA (cite all). Thus, from recent -history, discussions in public or private spheres are unlikely to -influence decisions made inside already secretive agencies where -governments are ready to except that sacrifices must be made for the -greater good. Of course, the issue arises when surveillance exists -that does not exist simply to protect a nation, but instead mass, -indiscriminate surveillance is carried out on citizens not suspected -of any criminal or terrorist activity such as the Optic Nerve -program in the United Kingdom (cite), however governments nonetheless -prove willing to fund the activities of surveillance agencies. -Furthermore, there are options available to authorities that are -regularly made use of. (Give example from Graham) - -Spectre and Meltdown (disucss speculative execution) - https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html - https://www.nytimes.com/2018/01/03/business/computer-flaws.html - https://support.apple.com/en-us/HT208394 - https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/ - https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ - -- Speculative execution? - -IME/Pluton -- backdoors - https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ - https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/ - Disabled on new ThinkPads: https://www.theregister.com/2022/01/20/microsoft_amd_pluton_lenovo/ - -Heatbleed (2014) (occured in open source software) - -RISC V - -Government - https://rules.house.gov/bill/117/hr-4521 - - https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo - https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html - https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption - https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html - !! https://wikiless.org/wiki/Dual_EC_DRBG - -- > https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 - https://web.archive.org/web/20131223121638/http://blogs.rsa.com/news-media-2/rsa-response/ - https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ - https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html - - Leahy Law - -{firewall} - -.nr HY 0 -.ad l diff --git a/paper.ms b/paper.ms new file mode 100644 index 0000000..ce6b01f --- /dev/null +++ b/paper.ms @@ -0,0 +1,259 @@ +.R1 +short-label D.y +sort spec +.R2 +.TL +Title +.AU +Mohit Agarwal +.AI +February 2022 +.LP +Encryption offers a level of security and confidence for communications +that has not previously been seen. This offers individuals with the +ability to communicate with each other in a way that is practically +immune from eavesdropping of any sort. Naturally, this does mean that +malicious actors such as criminals and terrorists be able to use +encryption in order to commit crimes or enable acts of terror. In +response to the threats of encryption and communications technology +generally, governments have often engaged in signals intelligence +(SIGINT) such as phone line tapping. Modern SIGINT initiatives have +become incredibly complex and sophisticated and have grown greatly as +popular adoption of technology has grown. Part of government interest +in SIGINT is a direct response to percieved threads, such as the +Patriot Act in the US which followed the 2001 terrorist attacks with +the objective of strengthening national security (cite). State +sponsored SIGINT programmes aim to respond to encryption and other +technological developments with the primary interest of overcoming it +in order to prevent terror and crime. These measures have, however, +had arguably limited efffectiveness and have violated the privacy of +individuals who are not suspected of being a threat to national +security. The way we respond to encryption as a society will clearly +be significant, and the success of government responses to encryption +in relation to issues such as terror and crime are rather significant. +A failure of effective response could allow terrorism to occur in ways +previously unseen, however an overreaction threatens people's civil +liberties and could easily be exploited for reasons other than +prevention of crime and terror. The successes and failures of +government responses can be judged in various ways. + +.IP i. 5 +To what extent does encryption enable either crime or terror? +.IP ii. 5 +Does the increased mainstream adoption of encryption better enable +crime or terror? +.IP iii. 5 +Is combatting encryption an effective way to combat crime/terror? +.LP + +An argument is often made against digital privacy in the interest of +national security. With access to communications and usage history law +enforcement and government can quickly discover large amounts of +information useful in a criminal investigation or in preventing +criminal activity. Graham{#CTC terrorists} explores the use of +encryption by terrorists which is often cited in a reason for giving +governments access to unencrypted Internet communications so that +suspicious activity can be flagged and investigated in order to +prevent a terror attack or in order to better respond in the case of +an attack. Graham describes the extensive use of end to end encryption +used by terrorists in order to avoid interception by the authorities. +Due to US usage of intercepted communications to uncover and prevent a +number of al-Qa'ida plots, the terrorist organisation and other +terrorist groups have increasingly used encrypted communications (read +citation from Graham). An significant factor is the use of +non-mainstreams software in early use of encryption by terrorists, +including a program that built a wrapper around the popular, secure, +and open source PGP called \fIMujahedeen secrets\fR. Although now +terrorists and criminals use widely available, popular, and +user-friendly software such as the Tails operating system or Telegram +(Graham citation 28), terrorists organisations have shown an ability +to make use of more obscure and complicated systems, as well as use +publicly available source code in order to construct software for +operatives to use. + +Although the issue of popular messaging technologies and their support +for 'end-to-end encryption' is often discussed, the argument that the +introduction of end-to-end encryption by large companies such as +Facebook gives an advantage to criminals {conversation Facebook}{home +office} is arguably an entirely invalid one. By preventing the usage +of true end-to-end encryption in industry, we will not be able to +prevent those attempting to evade the law from doing so, as shown in +the case of terrorist organisations who have used more obscure +software in the past and also in the case of the abundance of illegal +activity that occurs on the so called dark web in the form of the +trade of drugs and child pornography among others (cite). Instead the +limitation of use of encryption on popular software will only decrease +the privacy of those uninterested in criminal activity and instead +using technology to communicate. In the case of platforms such as +Instagram (which is owned by Facebook) it is quite clear that the vast +majority of communications (cite) will not contain anything illegal +(reword) and that it is these conversations that will suffer from a +lack of encryption. The information exposed by Edward Snowden in 2013 +demonstrates that the US government has processed and collected vast +amounts of unencrypted data (cite) and likely continues to do so. In +the case of unencrypted messaging the problem remains and preventing +end to end encryption will simply allow governments to maintain the +status quo of being able to intercept and read all communications +between its citizens and individuals outside of their jurisdictions. + +In order to conduct the vast amounts of surveillance they did in the +GDR (German Democratic Republic) in support of the ruling party +{Jarausch}, the Stasi gathered information from a vast network of +informants who greatly outnumbered Stasi agents {Bruce 2014}. Whilst +in Nazi Germany there may have been around one Gestapo agent for every +2300 citizens, in the GDR it was closer to one informant or officer for +every 63 citizens. Those living in the GDR often had experiences +involving investigation by the Stasi and there was clearly an +understanding amongst citizens {funder} of the GDR that one had to be +wary of an informant or agent listening in. In modern western society +there is a similar collective understanding that governments +attempting to carry out surveillance on a massive scale on their own +citizens. A key distinction, however, is that in societies such as the +UK, this work is not carried out by a vast network of informants, +there are no gargantuan gargantuan stores of paper, and there are no +hundreds of miles of film (cite all) documenting and aiding the +surveillance of the authorities. Instead, the level of surveillance +that large, secretive groups of individuals once had to carry out in +order to enable a surveillance state can be performed instead through +bureaucracies and technological methods. In modern times, governments +can operate with a very limited number of operatives `on the ground`, +and instead focus attention on the giant amounts of data they have for +processing in order to make the findings they intend to: be it crime, +terrorism, or - as was the case with the Gestapo and Stasi - descent. + +As with any technology, regulation has followed behind development in +an attempt to control its limits. Much as automotive regulation +followed the increase in popularity of cars in areas such as the UK +and US, regulation will no doubt follow the newfound popularity of +heavy encryption. There are however, difference in the case of +encryption when compared to cars. The rate of change with modern +technology is far greater. There are already discussions about quantum +computers and their potential to overcome current encryption methods. +In the case of encryption regulation will continuously struggle to +control encryption methods due in part to how quickly they change, but +perhaps moreso due to their decentralised nature, where a government +cannot prevent the existence of software that enables encryption which +is open source and reproducible internationally. Just as media privacy +through torrents and access to hidden services over tor are possible +without significant regulation, regulation of encryption may prove +impossible. An arguably useful tool to the authorities does exist in +the hardware and infrastructure that users of the internet rely on. +Firstly, the vast majority (cite) of users in the foreseeable future +will continue to use the highly popular CPUs designed by Intel. +Concerns have already been expressed {Intel Management portnoy} with regard to +the Intel Management Engine that exists on modern processors produced +by Intel. Should governments chose that backdoor access is essential, +then this presence in hardware around the world alongside an influence +over Intel (a US based company) to give access to governments may +provide them with the ability to access information directly from the +target's hardware rather than having to intercept information in +transit. This would go for other hardware vendors such as AMD or ARM +also. Whether or not companies such as Intel would open backdoors to +governments is up for debate, however we are aware that in the case of +the Intel Management there was potentially an ability for it to be +disabled by US government authorities such as the NSA, demonstrating a +level of leverage the US government potentially has over organisations +including but not limited to Intel {register kill switch}{intel me +bleepingcomputer}. +Regardless of the level of influence governments might or +might not hold over private corporations, the potential exists for +systems built into non-open hardware which most people, even those +using open software use, leaving them more open to exploitation from +either state or private actors. Furthermore, there is a visible +interest in increasing the presence of technologies on the hardware +level, including the aforementioned Intel Management Engine, the +Trusted Platform Module (cite), and recently Microsoft's Pluton (cite) +subsystem, which will be present on hardware sold in the future. This +variety of hardware within a single computer is a rather interesting +and potentially worrying development, particularly with the clear +level influence, interest, and competitiveness both the US {US House +chip manufacturing bill} and Chinese governments (cite) are +respectively showing (the US and China are the two largest chip +manufacturers (cite, reword)). + +Is discussion on this useful? +Individuals around the world have clearly expressed interest in +matters of privacy and encryption (cite) and open source software +allows those with the technical skills to become involved in the +development of technology that enables strong encryption and avoids +state surveillance. Measures taken by governments to prevent this +development will doubtless be limited unless extreme actions such as +those seen in China are taken. Otherwise, development will continue to +occur in both free and non free societies in support of individual +freedoms. The assertion of `Linus' law` that "given enough eyeballs, +all bugs are shallow" (cite - CathBaz) creates a serious inability +for actors such as governments to engineer backdoors into software as +the NSA previously has (cite) or to prevent the development of +software altogether (find example). On the other hand, a significant +amount of the software and hardware + +The discussion of encryption and related technologies has arguably +limited impact. State actors such as the NSA will continue to act +against individual freedoms and attempt to find or introduce backdoors +in technology that is widely used as part of its actions purportedly +in the interest of `national security`. Although public reactions to +information such as the 2013 Edward Snowden releases have been very +strong, they have not had significant effects on legislature, the +funding received by the NSA, and quite possibly the level of +surveillance carried out by the NSA (cite all). Thus, from recent +history, discussions in public or private spheres are unlikely to +influence decisions made inside already secretive agencies where +governments are ready to except that sacrifices must be made for the +greater good. Of course, the issue arises when surveillance exists +that does not exist simply to protect a nation, but instead mass, +indiscriminate surveillance is carried out on citizens not suspected +of any criminal or terrorist activity such as the Optic Nerve +program in the United Kingdom (cite), however governments nonetheless +prove willing to fund the activities of surveillance agencies. +Furthermore, there are options available to authorities that are +regularly made use of. (Give example from Graham) + +Modern cryptographic algorithms are `cryptographically secure`; the +underlying theoretical concepts mean that breaking the encryption to +intercept a communication is possible only through a brute-force +attack and is therefore, due to the nature of the algorithm. This +however, does not consider implementational flaws. + +.nr HY 0 +.ad l +Intro + Foreign Intelligence Surveillance Act of 1978 Amendments Act of 2008 + +Cryptography + https://wikiless.org/wiki/Kerckhoffs%27s_principle?lang=en + Timing Attacks + RSA + +Spectre and Meltdown (disucss speculative execution) + https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html + https://www.nytimes.com/2018/01/03/business/computer-flaws.html + https://support.apple.com/en-us/HT208394 + https://www.ibm.com/blogs/psirt/potential-cpu-security-issue/ + https://www.ibm.com/blogs/psirt/potential-impact-processors-power-family/ + -- Speculative execution? + +IME/Pluton -- backdoors + https://www.techrepublic.com/article/is-the-intel-management-engine-a-backdoor/ + https://www.techrepublic.com/article/why-the-nsa-may-not-need-backdoors/ + Disabled on new ThinkPads: https://www.theregister.com/2022/01/20/microsoft_amd_pluton_lenovo/ + +Heatbleed (2014) (occured in open source software) + +RISC V + +Government + https://rules.house.gov/bill/117/hr-4521 + + https://www.theguardian.com/world/2014/feb/27/gchq-nsa-webcam-images-internet-yahoo + https://archive.nytimes.com/www.nytimes.com/interactive/2013/09/05/us/documents-reveal-nsa-campaign-against-encryption.html + https://www.propublica.org/article/the-nsas-secret-campaign-to-crack-undermine-internet-encryption + https://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html + !! https://wikiless.org/wiki/Dual_EC_DRBG + https://www.reuters.com/article/us-usa-security-rsa-idUSBRE9BJ1C220131220 + https://web.archive.org/web/20131223121638/http://blogs.rsa.com/news-media-2/rsa-response/ + https://www.technologyreview.com/2012/04/04/186902/how-china-blocks-the-tor-anonymity-network/ + https://www.nytimes.com/2016/09/03/technology/nso-group-how-spy-tech-firms-let-governments-see-everything-on-a-smartphone.html + + Leahy Law + +{firewall} -- cgit v1.2.3