The Datagate and the Risk of Outlawing Encryption

November 7th, 2013

A side-effect generated by the Datagate scandal is the privacy hysteria exploitation to sell encryption-based services. Taking apart some
obvious exceptions (business transactions, health information, judiciary data) these services are useless, ineffective and dangerous for the
citizen an such and for the society.

They’re useless because they made the daily use of a computer an harder task. As a consequence, after a while, the users will switch back to the
“normality”, maybe cursing the day they decided to use this “security” features. Just look at the issues related to the (widely available)
encrypted file systems for all the available operating system. The end of the story is that you must keep a non-encrypted copy of your data
because you can’t afford the risk of losing access to it, by fault of a software incompatibility, password loss, or lack of support by new OS
release.

They’re ineffective because the “security workflow” would require to boot from a live OS – CD, working in RAM only, encrypting the file
before storing on a physical medium, and securing that no information last in RAM. Security is binary: either you enforce it or not. Simply
put, this (or a similar) workflow is unthinkable but for a limited data subset.

Furthermore, by using closed-source products, there is no actual guarantee of security because the reality of the software market shows
that much too often these “security” tools are plagued by bug and programming errors.

They’re dangerous because they feed a distorted culture of privacy that will lead – paradoxically – to its endangering.
Our daily life is grossly non-interesting for the (western) public powers, while it actually matters for corporations and
serial-(marketing)profilers, i.e. the very same entities that complain about the government snooping into “their” data. In other words, it
seems that these companies want to maintain for themselves only the right of intruding into users’ private life.

Finally, by spreading the use of encryption in every part of the human activity, what is going to happens when a law enforcement agency will
claim (no matter if it is a fake) that it is no more possible to catch pedophiles and terrorists, charging the “security” companies for that?
Well this “security” companies will answer by signing “safe snooping” agreements while politicians and legal “scholars” – maybe to make the
media stay quiet – will ask for the encryption to be outlawed.

So the pendulum between privacy and control starts swinging back to this latter side.

And the history starst again, because the datagate is just another iteration of the Echelon scandal (1988) or of the Clipper Chip
controversy (1993). But above all is the direct heir of Black Chambers’ founder, Herbert Yardley, the first NSA.
When, back in twenties of last century, US president Hoover discovered what Yardley and his associates were actually doing, reacted by
withdrawing the funds to this structure declaring “gentlemen don’t read each other mails”. But president Hoover and all of his successors lately
changed mind – or the definition of “gentlemen”. Thus being morally justified when intruding into the private life of those that don’t fit
with the definition.

But following this line of thought one might think that, at the end of the day, NSA is right in running Prism and Prism-like activities. If
those snooping facilities exist since decades and no citizen has been rendered to Alaska or “etero-suicided”, than we can trust the Power.
This would be a wrong conclusion driven by a false argument.

The governments are made by person, and person act on their moral standard – “do the right thing” – instead of the legal one.
It is, thus, simply stupid to think that the Powers will stop collecting information about everybody or that some regulations will prevent those
who have the power and resources to intrude into somebody else’s private life.

The only way to keep a secret is to keep it secret. As La Rochefoucauld said, back in the XVII century: how can we ask somebody to protect our
secrets if we, first, are not capable to do it?

The freedom of being a stone-age man or I don’t want to live “smart”

September 24th, 2013

One of the most revealing books I’ve read (that I translated into Italian for local publisher) is Alan Cooper‘s The Inmates are Running the Asylum. Is a book about programming and the fact that core decisions come from a bunch of geeks working down below the basement of the company’s building, while marketing and PR guys occupy the fancy upper floors (have you seen the British sit-com “The IT Crowd“?)

Inmates is not a book that will last in our history, nevertheless suggested some thinking about who actually runs our (tech) life. Once we enter into the digital landscape we’re all turned into digital sheep. As soon as the shepherd (or his dogs) waves a stick we all move accordingly. And the point is that we are run by the shepherd and not (necessarily) by the landlord (a rather disturbing perspective, anyway.) What does it means?

Electronic devices are made by geeks for geeks. Hard to use, hard to repair, hard to handle. Look at what is labeled as the most “user friendly” company, Apple: you are free to do whatever you want as soon as you want what Apple wants (like the famous quote by Henry Ford about the alternatives given to the consumers in re: choosing the preferred colour of their brand new T-Model:

Any customer can have a car painted any colour that he wants so long as it is black…

On the other side, “free” technologies such as GNU-based software are way to much obscure and exoteric to be of actual benefit. It is not viable to turn the whole population into software engineers to achieve freedom (in that, I do agree with Schneier’s proposition.)  NSA, GHCQ and other State-sponsored spooks sneak in into this framework: we, ourselves, have contributed to give the spooks the power to weaken our rights. If back in the days we actually had fought against Microsoft bad software, by forcing the company to release good code, or pushed the governments to adopt a true FOIA-equivalent legislation but – on top – if we had been properly concerned citizens (talking about Italy, here) maybe we wouldn’t have reached this point.

Bruce Schneier argued that the the solution to this problem is political.  I’m not sure that this is entirely correct. We do live in a State that is Kantian in theory and Hobbesian in practice. This means that the State has its own agenda and that citizens are a non avoidable collateral annoyance to be disposed of at will to protect the “greates interest” (wathever it means.) So, as in the street-fighting world, whatever
works, works, and so long “civil” rights.

I don’t want to imply that the solution is fighting back with the same attitude (the State is the Enemy.) This would be the start of a civil war.But what is possible to do is to consciously limit the way we use those geek-created gimmicks. Leaving our houses, meeting real people in real place do things as humans used to do before the raising of The Matrix: coming back – as much as possible – to the stone age.

When the first hints of Echelon (Prism’s godgrandfather) existence surfaced, an high level Italian bureaucrat told the press something like “we’re not in danger. Our networks are so primitive that we have almost nothing to fear”. But we’ve lost the “privilege” of being stone-age men, having turned into “smart”-people. So smart that we walk carrying a locked and loaded gun aimed at our temple, with our finger on the trigger.

No, I don’t want to be THAT smart.

The Browsers’ War. Again?

May 21st, 2012

Browser WWII is coming? The struggle between Apple attempt to let IOS a closed ecosystem and the push of its competitor is leading to a new version of the “browser war”. Google, in fact, is pushing to have an Ipad version of Chrome, while Apple is trying to avoid it. Is this the re-issue of the Microsoft vs Mozilla and rest of the world battle? Microsoft lost it, and Explorer is no longer the only Internet navigator available for its operating system. If history means something, I do doubt that Apple succeed in preventing Chrome to be installed on IOS devices.

About Apple vs Samsung tablet legal quarrell

May 31st, 2011

I’m diddling since a couple of weeks with the new Samsung Galaxy Pad 10.1v, equipped with Android 3.0 Honeycomb.

The whole thing is crappy.

There is no support for OS X, no information on how to factory reset the machine when hangs on boot (the only option, as I sadly discovered, is to send the tablet back to Samsung even for a trivial hard-reset), no native file-manager, no native (working) multimedia player, no native task killer. The internal disk is painfully slow and Android crashes more often that it should be supposed to do. Working MP4-econded videos streamed from a DLNA server don’t play when copied locally.

If I were Apple, I wouldn’t care about Samsung Galaxy tablets. They’re far, far, far away from becoming a viable Ipad alternative

Computer search and seizure. An odd law is coming…

March 9th, 2011

The Italian center-left wing has proposed a bill (currently passed in Senate, and now to be examined in the other chamber) that allows the law enforcement to obtain the use of computer seized during computer-crime related investigation, early before the final judgement comes to an end.

The “idea” backing the proposal (that will likely become a full-force law in a few time) is that there is no harm for the defendant if the police uses his computer waiting for the trial. At the end of the day, if the defendant will be acquitted – says the accompaining text to the draft law – he will get his computer back, and will start using it as if nothing happened. The reason for this law – this is clearly stated – is to give the brand new computers used for criminal purposes to the law enforcement agencies that still use old and crappy technology at no cost.

This is the very same approach adopted for houses and vehicles used by drug dealers and mafia mobs so in principle there shouldn’t be a particular concern for this new law.

Personally I disagree from this statement, since a computer is something different than a car or some other premises. It stores information often unrelated to the investigated crime, and/or information related to innocent third parties.

Why should these people be exposed to a mass infringement of their personal life?

Italy, Wikileaks and the disappearing journalism

November 28th, 2010

As every country with “something to hide”, Italy (better, the Italian government) is concerned of what might be soon disclosed on Wikileaks.

As a preemptive strike against possible Wikileaks’ fallback yesterday an official press-release said – without explicitly mentioning Assanges’ website – that “the forthcoming pubblication of confidential reports about the USA politics, with possible negative side effects on Italy tooo – imposes a though determination to defend the Italian reputation as well the protection of economic and political interests of the country” (the translation is mine, I apologize for any mistake.)

I bet my ten cents that when the Italian File will be disclosed the first reaction will be to call for a new law to control the flow of information that endanger “national security” or whatever they name it.

Another interesting issue to remark is the (non)role of the Italian journalists in the whole story. It is, at least, odd that a remote-located website news service, with no apparent connection with the country, is able to get sensitive information about the Italian government, while the local journalists – and especially those who write about politics – don’t.

This is a bad blow to the role of the press as powers’ watchdog.

EU:a State-approved professional to connect a router to a socket? Italy already got it

November 26th, 2010

The “discovery” that Italy is going to enforce the EU directive 2008/63/CE by imposing that only a State-approved professional can connect a router to a socket has generated some sort of  hype among those who’re not familiar with the Italian legal system. Since 1992, in fact,  the decree of the Ministry of communication n.314 already establish such burden (and sanction those who don’t comply.)

The true news is that – should the government actually revise the old regulation – things can only get worse…

Amazon.it to infringe Italian data protection law?

November 22nd, 2010

I’m an old Amazon.com customer and I’m very happy that the Company finally landed in Italy.
It is odd, nevertheless, that Amazon.it’s data protection policy (informativa sul trattamento dei dati personali) is not fully compliance with the Italian Data Protection Code, since mandatory information are missed:
- the identity of the data controller (responsabile del trattamento)
- how long will Amazon handle the personal data
- what will happen when the data handling is no more necessary
- the rights belonging to the data subject (diritti dell’interessato) under sect. 7-13 of the Italian Data Protection Code
Further more Amazon.it’s privacy procedure fails to collect the explicit consent of the data subject for the data processing and didn’t collect the specific consent to handle the sensitive data (those related to customers who purchase political, philosophical, and/or healt-related books.)
This situation, then, poses an interesting question: is Amazon.it actually infringing its customer personal privacy rights?
Strictly speaking, the answer is yes because the law has been breached. Nevertheless I’ll keep purchasing books through Amazon services since I feel more protected by Amazon ethical commitment than by a bunch of legal lingo.
Fact is that bureaucracy asks for its lamb to be sacrificed.
:)

Late night thought on the notion of “privacy”

October 10th, 2010

The more I think about, the more I’m convinced that if we continue to think of privacy as a concept unrelated to other ideas we face the old problem: if an unbreakable wall is a wall that cannot be broken and an unstoppable projectile is a projectile that cannot bestopped, what happens when an unstoppable projectile hits an unbreakable wall? This is not to justify a softer approach in defending privacy, rather to ask whether “trust” plays a role in defining (and not only supporting) privacy.

In other words: if each of us lived in a separate island then privacy would be at its best, but could we still think of privacy if nobody else is around?

If this is correct, than the privacy in itself should include the idea of (breaching the) trust. As soon as we enter into a relationship with somebody else, we need to surrend a part of our privacy. This means that privacy is co-defined by our counterpart’s ethical commitment to recognize it as a “value”.

Odds, although intriguing.

Net-neutrality, Trojan Horses

September 18th, 2010

In Italy the Codice delle comunicazioni elettroniche legally bind ISPs to guarantee the functionality and security of the network (both from a physical and logical perspective). This means that if traffic shaping is needed to handle traffic overload this can be done with no specific provision.
Every proposal of nailing down traffic shaping options is a trojan horse because – for instance – copyright lobbies might whistleblow that P2P is creating an international emergency thus forcing ISPs to violate the net neutrality “for security sake”.