Follow Slashdot stories on Twitter


Forgot your password?

Comment: Re:But power corrupts (even if unintentionally) (Score 4, Interesting) 373

Interesting story. One of the things I find most reassuring about the police service* in the UK is that they have long maintained, great consistency and at almost any rank, that good community relations are the heart of good policing. Officers who go out on patrol** have consistently and overwhelmingly said they do not want to routinely carry firearms, because that goes against the basic principle of policing by consent, and instead they tend to assume that the solution to local problems often starts with trying to improve those relations if they are failing. Concerns are also raised often by the police themselves about the balance between having officers patrolling in vehicles for rapid response and having officers literally walking the beat and actually making contact with the public. I get the feeling that police officers in certain other parts of the world have a very, very different attitude to their relationship with the public.

*I remember well that when the local police schools liaison officer visited us, he made a point of saying he didn't like the term "police force" because it had the wrong connotations before you even started to look at what the police did.

**It's curious how often police officers and politicians in some places refer to officers "on the front line", this being about as overt a military metaphor as I can think of (short of being "on the front line in the war against $ABSTRACT_NOUN" I suppose).

Comment: Re:Security is a yes/no question (Score 1) 373

The key point from an ethical/legal point of view might be the warrant. The key safeguard from a practical point of view is that to plant those bugs someone has to actually visit the site and do something. This requires time, effort, and a risk of getting caught, which means it's potentially an option if you really do have a good reason to consider a specific individual to be a threat but it's prohibitively expensive to spy on everyone all of the time. As far as defending democracy is concerned, that is a much healthier balance than mass surveillance of the many by the few.

Comment: Re:Security is a process ... (Score 2) 46

There will -always- be flaws. However, part of a company selling security is how they respond to issues, and here, BlackPhone has performed quite well. There was a problem, they fixed it, and that is what matters.

I agree that how a company handles incident response is important and the BlackPhone guys have apparently handled this well.

However, there are several things that are troubling about this story which lead me to not trust BlackPhone and question the security experience of the people designing it.

The first thing we notice about this exploit is that the library in question appears to be written in C, even though it's newly written code that is parsing complex data structures straight off the wire from people who might be attackers. What is this, 1976? These guys aren't programming smartcard chips without an OS, they're writing a text messaging app that runs on phones in which the OS is written in Java. Why the hell is the core of their secure messaging protocol written in C?

The second thing we notice is that the bug occurs due to a type confusion attack whilst parsing JSON. JSON?! Yup, SCIMP messages apparently contain binary signatures which are base 64 encoded, wrapped in JSON, and then base64 encoded again. A more bizarre or error-prone format is difficult to imagine. They manage to combine the efficiency of double-base64 encoding binary data with the tightness and simplicity of a text based format inspired by a scripting language which has, for example, only one kind of number (floating point). They get the joy of handling many different kinds of whitespace, escaping bugs, etc. And to repeat, they are parsing this mess of unneeded complexity .... in C.

Compare this to TextSecure, an app that does the same thing as the BlackPhone SMS app. TextSecure is written by Moxie Marlinspike, a man who Knows What He Is Doing(tm). TextSecure uses protocol buffers, a very simple and efficient binary format with a schema language and compiler. There is minimal scope for type confusion. Moreover, the entire app is written in Java, so there is no possibility of memory management errors whilst trying to read messages crafted by an attacker. By doing things this way they eliminate entire categories of bugs in one fell swoop.

So yes, whilst the BlackPhone team should be commended for getting a patch out to their users, this whole incident just raises deep questions about their design decisions and development processes. The fact that such a bug could occur should have been mind-blowingly obvious from the moment they wrote their first line of code.

Comment: Re:When everyone is guilty... (Score 1) 373

All agreed, though I am increasingly of the view that systemic bias in favour of the accused is not sufficient. Merely being dragged through the legal system even if ultimately found not guilty is sure to be stressful, time-consuming, and possibly costly in more ways than one. People who have committed even quite serious crimes are sometimes released immediately after conviction on the basis that they've already served as much or more time than their sentence -- but of course, someone who was entirely innocent and not convicted in court also served that time. Right now you're unlikely to get much financial compensation for any of that, and even less any obligation for those who caused the damage to do anything else to set the record straight or otherwise make things right as much as possible.

The more I've thought about these kinds of issues as I get older, the more I think our modern "justice" systems are no longer fit for purpose, if indeed they ever were. In particular, they take an absurd amount of time and resources to deal with trivial infractions, sometimes at a cost to all involved that is far greater than any damage done by the alleged act itself. For major cases, the court proceedings can cost millions and drag on for years, and by the time they are finally over the result is no longer relevant anyway.

I think we would probably do much better if we built on the kinds of distinction we already make about severity: misdemeanour vs. felony in the US, magistrates vs. crown courts here in the UK, small claims courts with less formal procedures for minor civil disputes, and so on. For example, I don't see why any very minor offence can't be fully tried and a judgement made within a single court session and within a matter of days after the alleged infraction. Either there is clear evidence to convict, or you acquit. If you convict in a fast track procedure, you have strict limits on the level of penalty that can be imposed.

Then for repeated minor offences within some defined time period or for more serious crimes (probably anything including violence that allegedly caused significant injury and/or damage needing repairs exceeding a certain cost, for example) you can extend the timescales involved to a degree to allow for more careful preparation of the case, perhaps increase the degree of scrutiny in terms of magistrates vs. judge and jury and allow the use of expert witnesses, and so on.

Crucial to all of this, in my ideal world, would be the idea that there was also proper compensation for anyone brought through the system at any given level but not ultimately found guilty, making it not cost effective to bring cases in the first place without a reasonable expectation of a conviction. No doubt experienced lawyers could come up with much better ideas for the specific details of any such system, but I think the idea of having more well-defined tiers with strict limits on applicability and proportionate compensation arrangements is basically a sound one.

Comment: But power corrupts (even if unintentionally) (Score 2) 373

I agree with your basic point about the need for balance. Of course there are bad people in the world and of course we need police and courts and the like.

I think the problem today is that many in our current political class don't recognise that need for balance so much as they see "them and us" and even start to forget whose side they are supposed to be on. The truly evil part of the situation is that this result seems almost inevitable. The people calling the shots are exactly the people who necessarily deal with the worst of humanity as part of their job. How could this not affect their perspective? They naturally want to trust their allies, who are the people who would be empowered under all these proposed security measures and aided by restrictions on the privacy and security of others. And of course being influential figures within the government, it is highly unlikely that they will personally ever find themselves on the wrong side of a government screw-up and unable to get the problem fixed very quickly.

I don't think these people are evil. On the contrary, I suspect most people in government, including their agents in the police and security services, are probably just normal people who have a job to do and who genuinely want to do the right thing. As with any large group, there will eventually be a few bad actors included as well and it is necessary to identify and contain them, but that isn't usually the main problem.

However, I do think we're talking about people who are heavily biased, even paranoid, because it would take a superhuman level of detachment not to be when you look at the kind of people they have to deal with at times. I also think in most cases they are ignorant about the technologies they are dealing with, and therefore unable to make rational, objective judgements about the likely effects of the technical measures they propose as policy. Finally, I think that the more senior these figures get within the government and its agencies, the more detached they tend to be from reality for average citizens and the more ignorant or dismissive they can become of how things tend to play out for innocent people in less privileged positions who are nevertheless caught up by the measures the politicians propose.

As the saying goes, power corrupts. It doesn't necessarily have to be malicious or intentional. Obviously in some cases it has been, but often I think the corruption is more of a slow but almost inevitable change in perspective caused by the situations you find yourself in when you have power to wield.

And so it is necessary for those who are looking from outside, those who don't spend disproportionate amounts of their time dealing with a particularly nasty minority of the human race, those who understand the technical issues, to speak out about what is happening and where it could lead. As with any issue of civilised government, in the long run you're going to get much further by educating people about relevant issues and promoting intelligent discourse than you are with wildly exaggerated rhetoric and extreme positions backed by intimidation and ultimately violence. The latter are seductive, and often appear quite effective in the short term, but I doubt they've ever truly solved much.

Comment: Re:Security is a yes/no question (Score 1) 373

Notice that I very carefully said secure against a certain attack in my previous post. You are talking about something different to breaking the encryption technically: the xkcd attack, which any large organisation with weapons can apply, but not covertly and not without consequences if they try to apply it systematically against innocent people.

Comment: When everyone is guilty... (Score 5, Insightful) 373

There used to be a saying, something about it being better to let ten guilty men go free than to imprison one innocent one.

Tragically, in today's culture of politics dominated by fear, it almost seems like everyone is presumed to be guilty of something. That means the idea that it might be necessary to protect someone who might actually be innocent, or simply to leave them alone to live their lives without interference, is not given a lot of thought.

Comment: Security is a yes/no question (Score 5, Insightful) 373

Your position seems reasonable enough from an ethical/moral standpoint. Unfortunately, in reality, a device or communication channel is either secure against a certain attack or it isn't. There is not and never can be a middle ground of being secure against a certain attack unless that attack has been lawfully authorised by a competent court.

In short, if the government wants access to your encrypted information, even with appropriate oversight, then it must require your information to be insecure and therefore vulnerable to other parties accessing it as well. If the government wants to encourage security in communications, then it must accept that covert interception of those communications will no longer be possible. You can't eat your cake and have it.

Comment: Re:grandmother reference (Score 1) 456

I suspect that in fact we probably agree on most of this issue then. The difficulty in this sort of case is that merely having a copy of software or other digital work (and thus fitting in just fine with traditional copyright law) is not sufficient to make that work useful if it has been artificially crippled with some sort of phone home functionality.

By its nature, that functionality might depend on a third party. That third party might have had nothing to do with the original sale to the person using the software/digital work. They may or may not want to make the software/work usable by the purchaser for commercial reasons. Most importantly at present, they may have no actual legal obligation to make the work useful even if every other deal in the process has been completely above board.

This creates a potential problem of abuse with DRM schemes, leading to the sort of case we've been discussing. It's also a real liability in terms of lots of things breaking if the authorising system is taken off-line and potentially its owning organisation isn't even there any more to be held responsible and make amends.

Sadly, I suspect there are about three elected representatives in the universe who are even close to understanding these issues. They have nowhere near enough influence to raise this issue at high levels within their legislative bodies alone, and even if they did, they'd be up against Big Software and Big Media concerned about copyright infringement and bribing other officials with substantial contributions to look that way first.

Comment: Re:grandmother reference (Score 1) 456

You're falling into the trap of confusing ethics and the law. Whatever you -- or I, since I expect we'd agree -- think of the ethics of the situation, so far I haven't seen anything to suggest their actions in not respecting keys used other than under the conditions they were sold with is actually illegal. The law with respect to digital purchases, DRM, and remote access/activation schemes may be some anachronistic dinosaur, but if it's the law right now then complaining about the action on a forum like Slashdot isn't going to change that.

Comment: Re:grandmother reference (Score 1) 456

Maybe, but for better or worse, the situation today is that Ubisoft is effectively empowered to "confiscate" keys acquired through illegitimate channels in violation of whatever terms of sale or licensing agreements those keys came with.

Now, you might argue that the law should be updated to address the rights of customers buying digital products in a more even-handed way. If you did, I'd be the first to agree. But even then, it's hard to see why those rights would or should protect someone with the digital equivalent of stolen property. If you wanted to legitimise reselling keys across borders as a matter of policy then you'd probably also need an explicit change so that DRM schemes attempting to prevent cross-border trade were prohibited and anyone operating them on a commercial basis was required to honour otherwise valid keys for any sort of activation or customer support purposes.

Comment: Re:grandmother reference (Score 1) 456

In that case, perhaps it's more closely analogous to paying someone abroad to buy something cheap and ship it to you, but then complaining when your delivery arrives that you got charged the import taxes your oh-so-honest supplier didn't pay.

Sometimes things that look too good to be true really are, but usually there's a catch. Seeing a deal that good and not checking thoroughly for the catch is just asking for trouble.

Whom the gods would destroy, they first teach BASIC.