The three-day conference, which took place behind closed doors and under strict rules about confidentiality, was aimed at debating the line between privacy and security.
Among an extraordinary list of attendees were a host of current or former heads from spy agencies such as the CIA and British electronic surveillance agency Government Communications Headquarters, or GCHQ. Other current or former top spooks from Australia, Canada, France, Germany and Sweden were also in attendance. Google, Apple, and telecommunications company Vodafone sent some of their senior policy and legal staff to the discussions. And a handful of academics and journalists were also present.
According to an event program obtained by The Intercept, questions on the agenda included: “Are we being misled by the term ‘mass surveillance’?” “Is spying on allies/friends/potential adversaries inevitable if there is a perceived national security interest?” “Who should authorize intrusive intelligence operations such as interception?” “What should be the nature of the security relationship between intelligence agencies and private sector providers, especially when they may in any case be cooperating against cyber threats in general?” And, “How much should the press disclose about intelligence activity?”
The most disturbing part of this is the number of journalists present.
Congratulations! You just bought a new Chevy, GMC, or Cadillac. You really like driving it. And it’s purchased, not leased, and all paid off with no liens, so it’s all yours isn’t it? Well, no, actually: according to GM, it’s still theirs. You just have a license to use it. At least, that’s what an attorney for GM said at a hearing this week, Autoblog reports. Specifically, attorney Harry Lightsey said, “It is [GM’s] position the software in the vehicle is licensed by the owner of the vehicle.”...
...The U.S. Copyright Office is currently holding a series of hearings on whether or not anyone other than the manufacturer of a car has a right to tinker with that car’s copyrighted software. And with the way modern design goes, that basically means with the car, at all.
The DSGL contains detailed technical specifications. Very roughly, it covers encryption above a certain “strength” level, as measured by technical parameters such as “key length” or “field size”.
The practical question is how high the bar is set: how powerful must encryption be in order to be classified as dual-use?
The bar is currently set low. For instance, software engineers debate whether they should use 2,048 or 4,096 bits for the RSA algorithm. But the DSGL classifies anything over 512 bits as dual-use. In reality, the only cryptography not covered by the DSGL is cryptography so weak that it would be imprudent to use.
Moreover, the DSGL doesn’t just cover encryption software: it also covers systems, electronics and equipment used to implement, develop, produce or test it.
In short, the DSGL casts an extremely wide net, potentially catching open source privacy software, information security research and education, and the entire computer security industry in its snare.
Most ridiculous, though, are some badly flawed technicalities. As I have argued before, the specifications are so imprecise that they potentially include a little algorithm you learned at primary school called division. If so, then division has become a potential weapon, and your calculator (or smartphone, computer, or any electronic device) is a potential delivery system for it.
Outsouring over time starts to create its own bureaucracy bloat. It’s the modern corporate version of one of the observations of C. Northcote Parkinson: “Officials make work for each other.” As Clive describes, the first response to the problems resulting from outsourcing is to try to bury them, since outsourcing is a corporate religion and thus cannot be reversed even when the evidence comes in against it. And then when those costs start becoming more visible, the response is to try to manage them, which means more work (more managerial cost!) and/or hiring more outside specialists (another transfer to highly-paid individuals).
The unnoticed rewriting of a key clause of the Computer Misuse Act has exempted law enforcement officials from the prohibition on breaking into other people’s laptops, databases, mobile phones or digital systems. It came into force in May.
The amended clause 10, entitled somewhat misleadingly “Savings”, is designed to prevent officers from committing a crime when they remotely access computers of suspected criminals. It is not known what category of offences are covered.
I would love to know how much malware is government sponsored.
The one day you'd sell your soul for something, souls are a glut.