Latest news and comment.
Comment: 2023/02/28 - Think of the children....
I find it remarkably interesting that Signal is attracting an awful lot of attention. Meredith Whittaker, president of The Signal Foundation, makes a number of very rational observations regarding the Online Safety Bill. These arguments have been reported with varying degrees of accuracy, but broadly pointing out the failings. Needless to say, there have been the usual "think of the children" responses - and indeed utter silence from The Daily Mail. It is important to note that whilst Signal is the focus of the articles, if the Online Safety Bill passes into law, this is likely to also lead to "back-doors" being inserted into WhatsApp, RCS, iMessage and Facebook Messenger as well as (potentially) TLS, GNU Privacy Guard and OpenPGP, BitLocker (and Bitlocker-to-go), EncFS and LUKS amongst others.
I tried having a rational discussion with an individual, but it is such an emotive subject, it means that people who have little grasp of the subject have an opinion. They believe the hype that somehow end-to-end encryption is evil and directly sustains the criminal abuse of children. The thing is, every day there are billions of financial transactions that can only happen because of that encryption to secure the transaction and to prove the identities of the parties involved. Every time you purchase something on-line, you are using end-to-end encryption. Do either of these things make those involved paedophiles? It doesn't - in exactly the same way that owning a hammer, a car or even a firearm doesn't make you a murderer. It's a tool.
The reason end-to-end encryption gets a bad press is that it permits one criminal abuser to send media to another criminal abuser after the event. For every individual who uses it for that, there are many millions who look to end-to-end encryption to maintain their freedom in oppressive states or to blow the whistle on corporate corruption. Many use it to protect themselves from criminals themselves. Even if a backdoor was placed in the back of encryption, surely the criminals would just move to another technology - such as putting a CD or memory stick in the post - which could easily be done in such a way as to completely anonymise the identity of the sender.
End-to-end encryption cannot even be said to make child abuse worse or perpetuate it, for what can make it worse after it has occurred in the first place, except to sustain the abuse itself. Where is the investment to support dysfunctional families and to train and employ professionals to recognise those at-risk and support child abuse victims? What about appropriate social care and childrens' panels? Those things are far more expensive and difficult to get right. It's far easier to demonise a necessary piece of technology that the government relies upon itself (and will always continue to do so), yet wants to seriously weaken for their citizens - almost like in China, one of the most state monitored societies in the world.
Even if you still think that the ends justify the means and you cannot break the link between encryption supporting criminal activity, then you must remember the fundamental principle of British criminal law: Innocent until proven guilty. Treating every individual as a potential criminal and trawling indiscriminately until you find evidence of their malicious activities turns this on its head. How long will it be before it's used to find evidence of other things the government of the time has decided should not be permitted?
The argument against end-to-end encryption is fundamentally flawed. Trying to use technology to solve a societal problem simply does not work - especially when that technology is not the source of the problem; just like the COVID contact tracing application that resulted in tens of thousands of healthy staff having to take time off work because they were told to by a flawed algorithm. At best, the Online Safety Bill and its impact on encryption is nothing to do about keeping our children safe from criminals, its about being seen to do something about one of the most abhorant crimes in society. At worse, it's about permitting state surveilance on the device that contains your most personal sensitive information.
I'm going to leave it to the brilliant Ross Anderson who highlights that "doing surveillance whilst respecting privacy is really hard".
Comment: 2023/02/11 - Flying in the face of convention.
Sometimes, no matter how good the forgery is, the forger doesn't account for an anomaly in societal norms. I found this fascinating. It shows that it was Dame Sally's dislike of meaningless platitudes that meant that a cyber-attack was thwarted. (And as somebody that intently dislikes courduroy having been forced into it as a small boy, I applaud her valiant efforts in that area too.) It is a shame it doesn't always work out like that.
Comment: 2023/02/04 - The Calcutta Cup.
In what was probably one of the best rugby matches I have ever seen, Scotland retained the Calcutta Cup for the third time in a row. I believe that they have never previously achieved this. It was a brilliant game, made all the better by both sides playing good rugby. England were a formidable side (look at the possession statistics), but in the end, Scotland managed to exploit the chinks in their opponents game and skew things in their favour. The day was made all the better by Ireland beating Wales (sorry!) - whilst my wife was at a family birthday party - in Ireland!
Comment: 2023/01/31 - Analysis of working for the dark side.
I find this quite interesting given the rumours that suggest the payback was quite worthwhile. Alternative report here. Original report here.
After a particularly stressful day, I used to have a flight of fancy on the trip home, imagining how much it would take for the bad guys to buy me. It was always in the millions, except for one day when it wasn't. The reports above highlight that even when I was pretty low, the bad guys wouldn't have paid the smaller amount, let alone the bigger one!
Comment: 2023/01/30 - Predicting the future.
A friend asked me to predict the future today. He didn't say how far into the future, just make some predictions... For fun, I thought it would be worth sharing here:-
Fundamentally, the future is Blade Runner where everything is run by The Tyrell Corporation, except in our future, it'll have a different name.
- The amount of data we produce on every aspect of our lives, should inform better decisions. The difficulty is that the sheer quantity of data means that we're actually making worse decisions. AI has an incredibly important role in reducing the amount of data we have to consume to more manageable levels so that we can make those better decisions.
- There is growing concern regarding autonomous "killer robots". What's the difference between a Terminator and a Tesla on autopilot? Both can kill, and may be required to make a judgement on "life worth" before doing so. How do you introduce proportionate regulations for each of these scenarios? I don't know, but perhaps the answer is to ban one, and provide an alternative for the other?
- The future car will not be powered solely by electricity. Instead it will be a combination of electric, hydrogen and synthetic fuel. There is insufficient capacity in the generation and grid to power electric vehicles, but they do have a niche role to play. A variety of power sources provides the best resilience and best potential for competition to reduce costs.
- There needs to be a beyond radical reset of car-ownership. In order to reduce carbon emissions, public transport needs improvement beyond all possibility and car ownership, for those that have access to it, needs to be discouraged. People should be encouraged to live closer to where they work. Carbon capture needs to become a thing.
- Climate change is only one issue. An equally human-ending problem is where we can't feed and provide affordable energy for the population of the world. The next third world will be in sink estates all over the world who are paid to consume four hours of electricity a day whilst the elites continue to waste their power allocation by scrolling through social media and providing their virtue signalling opinions for their fellow elites to consume; turning all of society into one beige fake viewpoint.
- Social media has given a voice to the inconsequential and the value of most of those options grossly exceeds its value to society. However, because people have been given a platform, most automatically believe they are right, important, have a valid, informed opinion and must be listened to. Some even conclude that they can abuse strangers or sexually harass them. Social media itself perpetuates the problem as it has to permit its "customers" to operate in this manner for it to monetise the results. It is not in the interests of these firms to encourage privacy, but in the future everybody will want privacy for 15 minutes.
- We, the people, vote for politicians. Once upon a time, the press used to hold them to account on our behalf, but the quality press is suffering. Why pay for independent journalism when you can consume so much opinion that portrays itself as that for free? It's concerning when even quality news sources rely on social media sound bytes to flesh out their own stories.
- Taking these two points to their natural conclusion: In order to show real worth to the greater good, social media needs to hold politicians to account; but that needs to be above abuse, nastiness and opinion. It needs to be independent, peer reviewed and ethical. Without this, society will continue to become more corrupt, self-serving and less human.
- It is not in the interests of social media firms to solve that one and it pains me to say this, but social media needs to replace politicians. Give everybody a button to allow them to vote on everything of consequence that goes through the world's parliaments. Get rid of politicians and return the power to the populace!
Don't have nightmares!
Comment: 2023/01/11 - Royal Mail suffering a cyber incident.
Oh dear. This is not good.
Being unable to send items internationally in the 21ST century is unacceptable. I was lamenting this morning: Remember when you used to get two deliveries a day? One very early in the morning, and another after lunch? I think we get about two deliveries a week at the minute. In the face of the ongoing strikes, this feels like the beginning of the end for the Royal Mail. And not just any mail, but the Royal Mail.
Comment: 2023/01/01 - Happy New Year!
Once again, we're back on the Isle of Lewis to mark the eleventh birthday of BladeSec IA. This marks the first visit of the new security cart-shed hound to the island. Many of the locals we have met are enamoured that we chose to call him Suilvan after the Stornoway / Ullapool ferry (and not the mountain) that used to go out in all weathers - just like his canine descendant. Suilly (as he is known) had his first trip to our favourite beach yesterday (and it's not the one that tourists will tell you about). The more time I spend with dogs, the more I realise I prefer them to people!
As usual here is our tongue in cheek look at the last twelve months:-
* Including Wikipedia, The Signal Foundation and for the first time this year, Mozilla.
- Average distance travelled to work: 16 miles.
- Distance to farthest job: 257 miles.
- Oddest manufacturer of tyres on vehicles owned by BladeSec IA staff: Nokian. (Odd because they used to be a subsidiary of Nokia in 1967).
- Value of donations to Wikipedia as a result of Travel Advice: £55.
- Value of donations made by BladeSec IA to support other good causes(*): £165.
- Amount of time donated by BladeSec IA staff pro-bono: 20 days.
- Number of pages printed on the office colour laser since the Magenta reported being empty: 59.
- Number of BladeSec IA e-mail addresses reported as being pwned: 157.
- Number of manufactured e-mail addresses, appearing on the same list: 155.
- Best film seen this year - in a poll of BladeSec IA staff: Top Gun: Maverick.
Happy New Year!
Click here for older News & Comment.