Category Archives: Encryption

Gangsters with Blackberry’s & the Upsurge in “Intelligence Led” Busts

A sensational story about the criminal use of encryption appeared across social media this week like it was a scoop. It wasn’t. But that’s the way it was portrayed.

For the uninformed it played directly into the narrative that encryption is bad and overwhelmingly used by those withquestionable motives or downright evil intentions.

So What Happened?

The headlines varied but basically Vincent Ramos the boss of Phantom Secure, a company whose website declares that it supplies “THE WORLDS MOST TRUSTED COMMUNICATION SERVICE” was arrested in California.

The company supplies or supplied a modded and allegedly zero knowledge handset which is or was it claimed “Simple, effective and easy to use while highly secure, … recognized by government agencies and cyber experts as “Uncrackable” “.

All utter rubbish of course but if you are selling a high performance sports car to a guy who struggles with a gear change on a bicycle then who is to contradict you?

Imagine! Organised crime were using encrypted phones to communicate and those encrypted phones were being supplied by commercial outfits who knew.

Scoop? No.

“Buyer Beware” — What Did Phantom Secure Sell?

Phantom

The sales bumf declared that the “Classic Phantom Secure Encrypted BlackBerry Device”, apparently proven “year after year”, (by whom is unstated) was light weight and easy to use and provided end to end encrypted messaging, in theory. The package included:

  1. Modified and Locked Down Device
  2. Secure Encrypted Device to Device Encrypted Messaging
  3. Anonymous Communication
  4. International Roaming
  5. 6 months Subscription Included

The “Phantom Secure Android Edition” made the laughable statement that it provided unmatched secure enterprise mobility from BlackBerry and the “best at rest” security on an Android KNOX device, which communicated over the Phantom Secure service.

Summarising, the company promised “totally anonymous, device-to-device encrypted communications, brought to you by a globally trusted and recognized secure communications service.

The problem with that is that it was not brought to the companies customers by anything approaching a globally trusted and recognized secure communications service because it was hosted on Blackberry Enterprise Service servers.

Blackberry executive chairman and chief executive officer John Chen recently said “Today’s encryption has got to the point where it’s rather difficult, even for ourselves, to break it, to break our own encryption… it’s not an easily breakable thing. We will only attempt to do that if we have the right court order. The fact that we will honor the court order doesn’t imply we could actually get it done.

This Phantom Secure Android version included:

  1. Modified and Locked Down Device
  2. Secure Encrypted Device to Device Encrypted Messaging
  3. Anonymous Communication
  4. KNOX hardware and software integrated device security
  5. Prive Encrypted Chat
  6. Compatible messaging with BB7 Devices
  7. International Roaming
  8. 6 months Subscription Included

Worthless Disclaimers & Hollow Promises

Phantom Secure, and many like them, take care to make various disclaimers which they seem to think are a get out of jail freecard and state in their “Legal Compliance” section that:

We are a law-abiding company that is permitted to deliver encrypted communication services to our clients in order for them to protect their communications, without having the ability to decrypt their communications.”

The statement in no way ensures that these kind of suppliers cannot be indicted on charges. What it does do is give the impression to prospective customers that the company can in some way guarantee that even in the face of a warrant they do not possess the ability to compromise the historic or future communications of their customer base either intentionally or unintentionally.

But in the case of Blackberry that is just not true. It is public knowledge since 2016 that Operation Clemenza by the RCMP allowed Canadian investigators to access consumer-grade phones from Blackberry where the decryption key is in the company’s (RIM) possession.

BlackBerry, however, also offers the option to run their BlackBerry Enterprise Server (BES) which allows clients to run their own network of phones, and keep possession of their own decryption key. And this is what Phantom Secure were doing but as far back as January 2016 Dutch police said that they were able to read encrypted messages sent on the custom, security-focused BlackBerry devices.

Also in December 2015 in the article “The Encryption Debate: a Way Forward,” on the official Blackberry blog INSIDE Blackberry the company wrote that “privacy and security form the crux of everything we do. However,our privacy commitmentdoes not extend to criminals.”

But isn’t criminality established after due process has taken place? Warrants do not prove criminality even if there is probable cause? Are RIM Blackberry qualified to make the distinctions?

Regardless they sold their BES products based on the claim that they would never be called upon to make the distinction because they had designed a product that was totally secure.

There are products which can guarantee this and even in the face of warrants are unable to provide logs, metadata, or encryption keys. But BES cannot. There lies one of the many significant problems that Mr. Ramos faces.

The disclaimer continues …

“Our service does not require personal information and has no back doors. In providing such a service we do understand that there will be a very small number of people that may use our service to do activities we do not support. We do not condone the use of our service for any type of illegal activities and if known we will terminate the use of our service without notice.”

“Considering this, requests for the contents of communications may arise from government agencies, which would require a valid search warrant from an agency with proper jurisdiction over Phantom Secure.”

“However, our response to such requests will be the content and identity of our clients are not stored on our server and that the content is encrypted data, which is indecipherable.”

“Our company was founded as a means to provide businesses and people the opportunity to communicate in private in this modern technological age. Unfortunately there will be people that will use this technology for acts we do not condone but this should not be the reason why our universal human right to privacy should be taken away.

Mr. Ramos & Explaining the Unexplainable

The very unlucky or very silly Mr. Ramos, depending on which way you look at it, has now been charged with racketeering activity involving gambling, money laundering, and drug trafficking. I hope Mr. Ramos enjoyed the spoils while he could because he is in a very tight spot now, one way or the other.

US authorities have argued that Phantom Secure operated explicitly to enable organised crime groups to evade detection while planning major crimes. Phantom allegedly built an international client base of criminals by taking BlackBerry devices, stripping out the camera, microphone, GPS navigation and other features, and installing encryption software, making them difficult for law enforcement to crack. He was arrested in California, amid claims that his firms products’ were allegedly linked to Australian murders and drug trafficking.” [This extract is from “Phantom Secure boss arrested in US, amid products’ suspected links to Australian murders” By Dan Oakes, ABC Australia, Monday 12th March 2018]

Think about that statement “Making them difficult for law enforcement to crack.”. Hmmmm. If Mr. Ramos makes bail I predict that one of the first questions that he will be asked by some of his more colourful customers is how exactly does that statement sit with the claims the company made on their website. At best he over-promised and under-delivered. [For posterity I have preserved the Phantom Secure website before it inevitably goes dark.]

These dog and bones went for between USD1500–USD2000 a piece with 6 months shelf life and Phantom Secure had 20k subscribers. Do the figures! If you lost one then you had to buy a new one, no discounts.

Isn’t it amazing that a market segment of normally paranoid individuals are willing to buy an expensive technology that they do not understand from a supplier that they do not know and then proceed to drop all normal “opsec”, if you could call it that, and openly plan the spectaculars that led to these arrests.

The Recent Upsurge in Success for “Intelligence Led” Operations

In the fullness of time it will be very interesting to see how the evidence to construct this indictment was acquired, what paper trail was left by the company showing their modus operandi, the promises versus the actual reality of what the company claimed it could deliver, and whether these claims as and of themselves are seen by the Courts as a marketing tool solely intended to appeal specifically to a certain base, namely those with criminal intentions, and how that can be proven.

The story also raises interesting questions on a topic that I have been researching now for some time – parallel construction. Over the last three years there has been a staggering increase in seizures of drug shipments and the foiling of multiple gangland assassinations attributed to “intelligence led” operations.

Since the late noughties Blackberry handsets have been the comms weapon of choice for organised crime even though they have been widely discredited. There is a school of thought that outfits such as Phantom Secure have been tolerated and let exist by law enforcement because they were such a rich source of warrantless intel.

But now that even the most clueless crims are moving away from the platform it seems that it has been decided that it is time to bring in all the “CEO’s” of these secure comms companies. Their usefulness has been exhausted.

Some of the coverage in recent days has claimed that Ramos is co-operating. My guess is that LE wish to use his arrest to turn him into a “co-operating witness” and as such provide them with what looks like legal access to the Phantom Secureservers.

In that way all of that juicy warrantless surveillance can be seen to have been legitimately obtained intelligence and the clientbase, big fish and small, can be hoovered up en-masse or turned into assets.

As for the stuff that has gone before — well, it didn’t become an issue at the trials so no need to revisit that. It was credited to HUMINT in the shape of informants who could not be named in order to protect their identity.

The Inevitability of Licensing

I have no particular insight into the innocence or guilt of Mr. Ramos in this case. I do not know whether he overtly solicited criminal clients in the full knowledge of their business and their need for secure comms in order to evade detection in a criminal enterprise.

What I do know is that if you are legally recorded saying:

“Hey man, I sell these phones that are bullet proof and can’t be hacked or eavesdropped (“even though that is not the case”) and I know you value your security and privacy because your foe is law enforcement and your trade is illegal and I can sell you these phones for $$$$’s and you can ply your trade without fear of discovery

….. then you are nicked mate.

Mr. Ramos is damned if he does and damned if he doesn’t. He is finished every which way he turns.

The movie Layer Cake has a rich seam of relevant content to illustrate my point. In that movie Colm Meaney explains to Daniel Craig’s character XXXX his Cornelian dilemma as a result of being present during an incident:

“Listen, son. Let me explain something to you. Freddie’s in intensive care with a bit of a brain haemorrhage. You were there at the scene. That’s called joint venture. Now, if Freddie dies, you’re either in the dock with Morty… …or you’re in the witness box putting him away. Think about that.

The outcome of this matter is likely to produce significant and wider repercussions for the providers of secure communications solutions in general.

This case and those to follow are a preparatory step for compulsory licensing for purveyors of private encryption systems. They offer an antidote to the privacy objections about backdoors and present a far more pragmatic solution to giving law enforcement access to encrypted communications than systems that are “thoughtfully design” as was recently and ridiculously suggested by FBI Director, Christopher Wray.

The provision of private secure comms solutions will evolve to the same standard of licensing as is applied to firearms sales. Such companies will be required to be licensed before offering the service and when selling licenses I guess that pre-qualification checks on the purchaser will be required too. Purchasing a license will probably be enough to claim “probable cause” under FISA rules in the US. It takes little enough justification to eavesdrop as it stands.

Undermining the Argument for Un-Compromised Encryption

The arguments in support of generally available un-compromised encryption services are devalued by the incorrect parallels that the opponents of encryption make between them and the Phantom Secure case.

It plays directly into the narrative that the host of encryption luddites in law enforcement, government, and the intelligence community peddle daily as they seek to justify back-dooring or banning encryption products.

Those who oppose encryption use illogical extrapolations when making their arguments — “the bad guy used encryption … therefore the crime was committed because of encryption”. They use the special case to undermine the general case.

The Phantom Secure case will be used as another example of why encryption is bad. But the Phantom Secure case is not about privacy or encryption rights or freedom of speech.

If there is even the slightest question that the provider of hardware, software, and any other “wares” knowingly supplies them for assisting the commission of an offence or even suspects that they will be used in one then it is aiding and abetting and all the other bits and pieces that have been included on Mr. Ramos’s much publicised indictment.

References and Bibliography

  1. https://www.justice.gov/usao-sdca/pr/chief-executive-and-four-associates-indicted-conspiring-global-drug-traffickers
  2. https://motherboard.vice.com/amp/en_us/article/a34b7b/phantom-secure-sinaloa-drug-cartel-encrypted-blackberry?__twitter_impression=true
  3. https://motherboard.vice.com/en_us/article/bme5w3/customer-data-from-encrypted-phone-company-ciphr-has-been-dumped-online
  4. http://www.bbc.com/news/technology-43425333
  5. https://motherboard.vice.com/en_us/article/mbpyea/encrochat-secure-phone-hacking-video
  6. https://www.eff.org/nsa-spying/state-secrets-privilege
  7. https://www.peerlyst.com/posts/the-rogues-gallery-of-encryption-luddites-graham-penrose
  8. https://www.peerlyst.com/posts/peertalk-tm-privacy-vs-national-security-panel-questions-for-session-1-graham-penrose
  9. https://www.peerlyst.com/posts/all-blackberry-messages-can-be-decrypted-using-global-encryption-key-valery-marchuk
  10. https://www.peerlyst.com/posts/would-you-hire-a-locksmith-you-dont-trust
  11. https://www.peerlyst.com/posts/boss-of-a-company-that-supplied-encrypted-phones-arrested-andrew-commons
  12. https://www.hrw.org/report/2018/01/09/dark-side/secret-origins-evidence-us-criminal-cases
  13. https://www.peerlyst.com/posts/canadian-law-enforcement-obtained-blackberry-global-encryption-key-hega-geoffroy
  14. https://www.peerlyst.com/posts/android-blackberry-spyware-used-in-india-attacks-or-securityweek-com-hega-geoffroy
  15. https://nakedsecurity.sophos.com/2016/01/13/police-say-they-can-crack-blackberry-pgp-encrypted-email/
  16. https://www.theregister.co.uk/2016/01/13/blackbery_pgp_riddle/
  17. https://www.v3.co.uk/v3-uk/news/2441666/blackberry-pgp-handsets-cracked-by-dutch-cyber-cops
  18. https://www.makeuseof.com/tag/one-reason-get-blackberry-2016-security/
  19. https://nakedsecurity.sophos.com/2016/04/26/police-seize-network-behind-encrypted-blackberry-pgp-devices/
  20. https://www.itgovernance.co.uk/blog/phone-evidence-remotely-wiped-in-police-stations/
  21. http://www.zdnet.com/article/police-hack-pgp-server-with-3-6-million-messages-from-organized-crime-blackberrys/
  22. https://www.techdirt.com/articles/20160118/07441433368/blackberry-which-said-it-wouldnt-protect-criminals-assures-criminals-phones-are-still-secure.shtml
  23. https://www.smh.com.au/national/nsw/are-encrypted-phones-allowing-criminals-to-get-away-with-murder-20150523-gh82gv.html
  24. http://www.cbc.ca/news/technology/criminals-love-the-blackberry-s-wiretap-proof-ways-police-1.815031
  25. https://www.dailyrecord.co.uk/news/crime/cops-struggling-crack-encrypted-phones-6962815
  26. https://www.thedailybeast.com/meet-danny-the-guy-selling-encrypted-phones-to-organized-crime
  27. https://www.gizmodo.com.au/2018/03/the-fbi-busts-phantom-secure-ceo-for-allegedly-selling-encrypted-phones-to-gangs-drug-cartels/
  28. https://www.dailyrecord.co.uk/news/crime/cops-struggling-crack-encrypted-phones-6962815
  29. http://uk.businessinsider.com/methods-that-police-use-to-catch-deep-web-drug-dealers-2016-8?r=UK&IR=T
  30. https://www.theguardian.com/uk/2011/oct/30/metropolitan-police-mobile-phone-surveillance
  31. http://www.bbc.co.uk/news/uk-38183819
  32. https://www.techrepublic.com/article/fbi-nabs-ceo-of-encrypted-phone-company-for-sales-to-cartels-gangs/
  33. https://motherboard.vice.com/en_us/article/nz7e3z/decrypted-pgp-blackberry-messages-helped-convict-uk-gun-smugglers
  34. https://arstechnica.com/tech-policy/2018/03/fbi-again-calls-for-magical-solution-to-break-into-encrypted-phones/
  35. http://scholars.wlu.ca/etd/1758/
  36. https://www.digitaltrends.com/mobile/phantom-secure-ceo-arrested/?utm_source=dlvr.it&utm_medium=twitter

ENDS.

“A Song for the Deaf” (and the Blind)

Songs for the Deaf, released on August 27 2002, was the third studio album by Queens of the Stone Age. There is a track on there called “A Song for the Deaf” with a line in the lyrics:

No talk will cure what’s lost, or save what’s left

That line does just fine at summing up my attitude to the long term prospects for the privacy of our data and our privacy rights as individuals. The multiplicity of additional data points that will become available with the mainstream adoption of wearables, AR, and VR squares the circle by adding kinematic fingerprinting and emotion detection to the digital surveillance arsenal.

The concerted effort by “authority” to normalise the invasion of our privacy as citizens of democracies will succeed. It is worth noting at this point that the historic permission to look at our (non-US citizens) data is for the most part secretively mandated or just plain illegal.

In the interim I simply see it as my hobby to be a contrarian and frankly I do not give one iota what that looks like to prospective employers, clients, or colleagues. Too many people look at you sideways these days when you seek to insist that we are throwing away our rights in favour of some US manufactured bogey-man fear figure.

But despite the ever increasing powers granted there are far too many people gainfully employed in law enforcement, the intelligence community, and the cottage industries and corporates that serve them to hope that one day their combined efforts might actually result in an improvement in the threat landscape.

Narrowing the Debate

One of the methods often used to divert attention from the overall issues that present themselves with respect to mass surveillance is to seek to narrow the debate. Some people will say that debating each element in isolation is enough. It is not.

The police-intelcom barrier or rather the lack of a barrier between police organizations and intelligence organizations or the illegal overriding of such barriers is one of the reasons why. Too many blurred lines exist. Mass surveillance data acquired for national security purposes now routinely ends up in the hands of local law enforcement investigating matters unrelated to national security.

The opacity of US laws and SIGINT collection methods is potentially an abuse of the rights of every defendant that comes in front of their Courts. Increasingly, that is just about anybody that they can lay their hands on, from anywhere. The US position on most of these matters is ephemeral. [Max Schrems maintains the main protections provided by the US for data privacy rights of EU citizens have no statutory basis and “could be altered tomorrow”]

To suggest that one can compartmentalise each different element of the mass surveillance equation and debate each piece of legislation on its own merits, to the exclusion of the others, is a fallacy.

They all add up to the same thing in the hands of the governments or organisations that possess the resources, access, and “authority” (normally self granted) to mine the data.

This post was prompted by Chris Gebhardt‍ and the article he penned on Peerlyst‍ titled “The US Government Should Have Access to All Encrypted Devices of US Citizens“.

I commented “I utterly disagree with your thesis on every level. I disagree with you on the basis that I do not accept your segmentation of rights and protections in statute that govern legacy personal freedoms, due process, habeas corpus, et al. and the stratagem that you have employed to roll them up into an argument for weakened privacy (encryption). I believe that your reliance on these legacy instruments makes the flawed assumption that they were correct. In my view, they were not.

Chris was keen to keep the debate focussed on the US. So I asked:

Maybe we can circumvent the specifics of either geography and focus the discussion on a universal question which is capable of also addressing the specifics of your argument. The US does not respect digital borders and engages in frequent – and as policyillegal searches and seizures in a clandestine manner for non natsec matters and “ordinary” criminal matters. Now the US having weathered the outrage storm is legislating vigourously for the normalisation of these abnormalities which were in fact illegal under traditional law also.

The debate between us therefore could be something like – to date have existing laws and the application and oversight of the powers granted by those laws served us well and if so are they also suited for export to the digital domain. If not, then why should those who currently enjoy freedoms in the digital domain subject themselves to laws that they disagreed with in the real world context or were shown to have been widely abused, and more specifically how can a body of agencies who gladly engaged in widespread illegal activities expect people to surrender to their request?

Chris replied:

That is fine but I believe it is a separate post. Perhaps you should start one. I started this one to specifically target the US privacy issue under Constitutional authority. International expectations are a completely different matter.

So here it is.

Image: Screen grab from the QOTSA video “Go With The Flow

ENDS

Lyrics for a Surveillance Society – The Hacking Suite for Governmental Interception

Lyrics by Hacking Team. Music by Azerbaijan, Bahrain, Egypt, Ethiopia, Kazakhstan, Morocco, Nigeria, Oman, Saudi Arabia, Sudan, and several United States agencies including the DEA, FBI and Department of Defense.

Criminals and terrorists rely on mobile phones, tablets, lap tops and computers equipped with universal end-to-end encryption to hide their activity. Their secret communications and encrypted files can be critical to investigating, preventing and prosecuting crime. Hacking Team provides law enforcement an effective, easy-to-use solution. Law enforcement and intelligence communities worldwide rely on Hacking Team in their mission to keep citizens safe. The job has never been more challenging or more important.

You have new challenges today

Sensitive data is transmitted over encrypted channels

Often the information you want is not transmitted at all

Your target may be outside your monitoring domain

Is passive monitoring enough?

You need more ….

You want to look through your target’s eyes

You have to hack your target

While your target is …. Browsing the web, Exchanging documents, Receiving SMS, Crossing the borders

You have to hit many different platforms – Windows, OS X, Linux, Android, iOS, Blackberry, Windows Phone, Symbian

You have to overcome encryption and capture relevant data – Skype & Voice Calls, Social Media, Target Location, Messaging, Relationship, Audio & Video

Being stealth and untraceable

Immune to protection systems

Hidden collection infrastructure

Deployed all over your country

Up to hundreds of thousands of targets

All managed from a single place

Exactly what we do

Remote Control System – Galileo – The Hacking Suite for Governmental Interception

Hacking Team – Rely On Us

ENDS

Does anyone have experience of “KAYMERA MOBILE THREAT DEFENSE SUITE”

We are looking at this platform in parallel with the SaltDNA app which I previously posted about.

Kaymera has a pre-installed secured Android OS with integrated high-end security components to detect, prevent and protect against all mobile security threats without compromising on functionality or usability. A contextual, risk-based app uses a range of indicators to identify a risk in real-time and apply the right security measure so mitigation is performed only when needed and appropriate. Their Cyber Command Centre framework manages and enforces organization-specific permissions, security protocols and device policies. Monitors risk level, threat activities and security posture per device and deploys countermeasures.

Any thoughts welcome.

ENDS.

The Holistic Z: Selective Encryption gives way to “At-Rest” & “In-Flight” Data Protection with Pervasive Encryption

IBM Z encryption moves the market from a selective encryption model to one that is pervasive. This represents a significant modification in the basic structure of computing and its effect on security will, in my opinion, have a major disruptive effect.

The overall concept is to not introduce a decision layer that says what will or will not be encrypted. Instead, it will be possible to have encryption be part of normal processing. The removal of the decision for selective encryption is a further saving in the overall cost and a reduction in the difficulty in using encryption in the current market.

The Holistic Z

The new IBM Z provides a bullet-proof platform for digital transformation, a base for strong cloud infrastructure (fortified clouds, which can be open, private, public, and hybrid), and allows back-end services to be securely exposed through secure APIs.

IBM have put security at the core of the new platform with “Pervasive Encryption as the new standardAnalytics & Machine Learning for Continuous Intelligence Across the Enterprise, and Open Enterprise Cloud to Extend, Connect and Innovate”.

The Z is arguably more powerful, more open, and more secure than any other commercial offering and makes serious moves in the rapidly evolving domains of Machine Learning, Cloud and Blockchain.

Positive Disruption with Pervasive Encryption 

But for me the focus of my interest comes back to Pervasive Encryption. The Z (“Zero Downtime“) appeals to many, on many different levels but for me it is Pervasive Encryption that piques my interest.

It is a seismic shift and legitimately makes the z14 the go-to platform for organisations who can afford their own and the Cloud platform of choice for those who cannot. The z14 mainframe has a tried-and-true architecture and excels with security features that are built into the hardware, firmware, and operating systems.

PervasiveEncryption3

True Cost & Performance Mitigation 

The largest barrier to doing full-scale encryption has been the cost of the encryption and the performance load that such activity puts on the computing platform.

Bolted-on solutions that are being deployed have caused system capacity to grow such that there are loads of up to 61% of the system load that is being consumed by security processes. This translates into significant infrastructure costs and performance drags.

Even without the newest advances the Z architecture delivered encryption (selective encryption) more efficiently and with a lower resource expenditure than other platforms.

It delivers over 8.5 times the security protection, at 93% less cost in overall expenditure, and with 81% less effort. The full impact of the faster encryption engine and the ability to encrypt information in bulk on the z14 creates a fully pervasive solution that runs more than 18.4 times faster and at only 5% of the cost of other solutions.

The Threat Landscape & GDPR Compliance 

IBM Z pervasive encryption provides the comprehensive data protection that organizations, customers, and the threat landscape demand.

Here are some stats on that threat landscape:

  1. Nearly 5.5 million records are stolen per day, 230,367 per hour and 3,839 per minute (Source:http://breachlevelindex.com/);
  2. Of the 9 Billion records breached since 2013 only 4% were encrypted (Source: http://breachlevelindex.com/);
  3. 26% is the likelihood of an organization having a data breach in the next 24 months(Source: https://www.ibm.com/security/infographics/data-breach/) ;
  4. The greatest security mistake organizations make is failing to protect their networks and data from internal threats. (Source:https://digitalguardian.com/blog/expert-guide-securing-sensitive-data-34-experts-reveal-biggest-mistakes-companies-make-data)

By placing the security controls on the data itself, the IBM solution creates an envelope of protection around the data on Z.

ENDS

Extracts, Source Material, References, & Acknowledgements to IBM Z Systems, IBM Security, IBM Systems, IBM Systems Social Program, and Solitaire Interglobal Limited.  

The Laurel & Hardy of Cybersecurity

When Turnbull and Brandis shuffle off to some home for the bewildered in a few years it is all of us that will be left with the legacy of their carry-on.

Here are some of the victories that these two beauties have presided over, and they don’t even know how it works, not even a little bit:

In an effort to drag the continent out from under the “stupid boy” stereotype, the Lowy Institute for International Policy, has just attempted to polish a turd by proposing that despite everything “Australia might be on the right encryption-cracking track” after all.

“From a cyber security perspective, as Patrick Gray has pointed out, sufficient safeguards could be placed around these ‘updates’ to ensure that they couldn’t be reverse engineered – they wouldn’t need to be a ‘backdoor,’ open to abuse. And by focusing on a device rather than a specific app, the displacement effect, so obvious in focusing government efforts on just What’s App or Telegram, would not apply.

In theory then, this model appears promising. How closely it aligns with the legislation promised by Turnbull and George Brandis last week remains to be seen. But whichever legislative model Australia pursues, its progress will be watched closely by governments across the world. And of course, by a whole host of technology and communications companies.

Recent developments suggest that underneath the techno-babble, political point scoring and counter-terrorism blame game, governments the world over are faced by a very real policy problem. Australia may prove to be the test case for a policy solution that has far reaching consequences for privacy, technological development and the future of law enforcement operations.”

Try again gents.

ENDS

Australia Is A Proxy War for the Five Eyes & Also Hogwarts

The Aussie government is pushing a Five Eyes agenda. Australia seems to have become a proxy war in the ongoing assault on privacy. They are to the Surveillance Wars what Yemen is to the Saudi-Iran ideological conflict. It is always a good idea to vary the cast but in reality they are May acolytes. A testing ground.

The amount of nonsense emanating from the encryption debate Down Under though is astonishing. If you have not been keeping up to speed with some of the recent comments down under then here is a quick recap for you:

  1. The George Brandis metadata interview;
  2. George again (36th Attorney-General for Australia) and the summary of his “over a cuppa” conversation with the GCHQ chappie on the feasibility of reading messages sent by platforms implementing end to end encryption such as WhatsApp and Signal – “Last Wednesday I met with the chief cryptographer at GCHQ … And he assured me that this was feasible.”;
  3. Malcolm Turnbull (the Prime Minister) and his alternative theory on the exceptional laws that govern Australian reality “Well, the laws of Australia prevail in Australia, I can assure you of that. The laws of mathematics are very commendable but the only laws that applies in Australia is the law of Australia”;
  4. And a much more eloquent articulation by Troy Hunt of the whole phenomenon “Firstly, a quick apology from Australia: we’re sorry. Look, our Prime Minister and Attorney General didn’t try to launch us onto the World Encryption Comedy Stage but unfortunately, here we are.

In an effort to find something of the same equivalence on the stupidity index as 1-3 above I chose to google “Harry Potter and places where the laws of mathematics do not apply, excluding Australia and Hogwarts”.

One of the things that I found in the search results was the perfectly reasonably comment by a HP fan on a Reddit forum that “Gamp’s Laws of Transfiguration and the Fundamental Laws of Magic spring to mind, they’re pretty much what you can and can’t do with magic. They’re a lot like Newton’s Laws in that they both deal with nature.

This guy really meant it and so did the other guys he was chatting with. They all really, really believed or rather really, really wanted to believe that it was all real and true and factual.

Just like Brandis and Turnbull believe.

Totally lost in a universe of their own creation where mathematics and people work differently.

And then I found a scholarly dissertation by Shevaun Donelli O’Connell of Indiana University of Pennsylvania titled “Harry Potter and the Order of the Metatext: A Study of Nonfiction Fan Compositions and Disciplinary Writing

” which said on P.24 that “I already knew that Harry Potter was an important part of my relationships with my family and friends, but increasingly I realized that Harry Potter metaphors and analogies were working their way into my thinking and teaching about writing.“.

And there it was. The struggle is real. It seems many, many people are having trouble distinguishing fantasy from reality.

Christ help us when VRSNs arrive on the scene.

ENDS