The Australian Attorney General and a key Australian minister have published a memo
detailing the demand they plan on presenting to the next Five Eyes
surveillance alliance meeting, which will be held next week in Ottawa.
The Australian officials will demand that their surveillance partners
join with them in a plan to force “service providers to ensure
reasonable assistance is provided to law enforcement and security
agencies” when spies and police want to read messages that have been
encrypted.
The encryption technologies under description are widely implemented in
products and services that are often run by volunteer communities, or by
companies who operate entirely outside 5 Eyes borders, but whose
products can be used by anyone, anywhere in the world.
Working encryption is how we ensure that malicious parties don’t hack
our voting machines, pacemakers, home cameras, telephones, banking
systems, power grids, and other key systems. There is no way to make
working cryptography that can defend these applications against “bad
guys” but fail catastrophically the moment a police officer or spy needs
to defeat them.
The demand to ban working encryption dates back to the Clinton
administration and the Electronic Frontier Foundation’s groundbreaking
victory in Bernstein,
which ended the US ban on civilian access to working cryptography. The
delusion that authorities can ban working crypto and still secure their
national infrastructure persists, and is presently being mooted in Germany, and formed a key plank in Theresa May’s party platform in the disastrous UK election.
As a reminder, here’s what countries would lose, and what steps they
would have to take, to ensure that police and spies could decrypt any
communications they wanted to target:
It’s impossible to overstate how bonkers the idea of sabotaging
cryptography is to people who understand information security. If you
want to secure your sensitive data either at rest – on your hard drive,
in the cloud, on that phone you left on the train last week and never
saw again – or on the wire, when you’re sending it to your doctor or
your bank or to your work colleagues, you have to use good cryptography.
Use deliberately compromised cryptography, that has a back door that
only the “good guys” are supposed to have the keys to, and you have
effectively no security. You might as well skywrite it as encrypt it
with pre-broken, sabotaged encryption.
There are two reasons why this is so. First, there is the question of
whether encryption can be made secure while still maintaining a “master
key” for the authorities’ use. As lawyer/computer scientist Jonathan
Mayer explained,
adding the complexity of master keys to our technology will “introduce
unquantifiable security risks”. It’s hard enough getting the security
systems that protect our homes, finances, health and privacy to be
airtight – making them airtight except when the authorities don’t want
them to be is impossible.
What these leaders thinks they’re saying is, “We will command all the
software creators we can reach to introduce back-doors into their tools
for us.” There are enormous problems with this: there’s no back door
that only lets good guys go through it. If your Whatsapp or Google
Hangouts has a deliberately introduced flaw in it, then foreign spies,
criminals, crooked police (like those who fed sensitive information to
the tabloids who were implicated in the hacking scandal – and like the
high-level police who secretly worked for organised crime for years),
and criminals will eventually discover this vulnerability. They – and
not just the security services – will be able to use it to intercept
all of our communications. That includes things like the pictures of
your kids in your bath that you send to your parents to the trade
secrets you send to your co-workers.
But this is just for starters. These officials don’t understand
technology very well, so they doesn’t actually know what they’re asking
for.
For this proposal to work, they will need to stop Britons, Canadians,
Americans, Kiwis and Australians from installing software that comes
from software creators who are out of her jurisdiction. The very best in
secure communications are already free/open source projects, maintained
by thousands of independent programmers around the world. They are
widely available, and thanks to things like cryptographic signing, it is
possible to download these packages from any server in the world (not
just big ones like Github) and verify, with a very high degree of
confidence, that the software you’ve downloaded hasn’t been tampered
with.
Australia is not alone here. The regime they proposes is already in
place in countries like Syria, Russia, and Iran (for the record, none of
these countries have had much luck with it). There are two means by
which authoritarian governments have attempted to restrict the use of
secure technology: by network filtering and by technology mandates.
Australian governments have already shown that she believes she can
order the nation’s ISPs to block access to certain websites (again, for
the record, this hasn’t worked very well). The next step is to order
Chinese-style filtering using deep packet inspection, to try and
distinguish traffic and block forbidden programs. This is a formidable
technical challenge. Intrinsic to core Internet protocols like IPv4/6,
TCP and UDP is the potential to “tunnel” one protocol inside another.
This makes the project of figuring out whether a given packet is on the
white-list or the black-list transcendentally hard, especially if you
want to minimise the number of “good” sessions you accidentally
blackhole.
More ambitious is a mandate over which code operating systems in the 5
Eyes nations are allowed to execute. This is very hard. We do have, in
Apple’s Ios platform and various games consoles, a regime where a single
company uses countermeasures to ensure that only software it has
blessed can run on the devices it sells to us. These companies could,
indeed, be compelled (by an act of Parliament) to block secure software.
Even there, you’d have to contend with the fact that other states are
unlikely to follow suit, and that means that anyone who bought her
Iphone in Paris or Mexico could come to the 5 Eyes countries with all
their secure software intact and send messages “we cannot read.”
But there is the problem of more open platforms, like GNU/Linux
variants, BSD and other unixes, Mac OS X, and all the non-mobile
versions of Windows. All of these operating systems are already designed
to allow users to execute any code they want to run. The commercial
operators – Apple and Microsoft – might conceivably be compelled by
Parliament to change their operating systems to block secure software in
the future, but that doesn’t do anything to stop people from using all
the PCs now in existence to run code that the PM wants to ban.
More difficult is the world of free/open operating systems like
GNU/Linux and BSD. These operating systems are the gold standard for
servers, and widely used on desktop computers (especially by the
engineers and administrators who run the nation’s IT). There is no legal
or technical mechanism by which code that is designed to be modified by
its users can co-exist with a rule that says that code must treat its
users as adversaries and seek to prevent them from running prohibited
code.
This, then, is what the Australian AG is proposing:
* All 5 Eyes citizens’ communications must be easy for criminals, voyeurs and foreign spies to intercept
* Any firms within reach of a 5 Eyes government must be banned from producing secure software
* All major code repositories, such as Github and Sourceforge, must be blocked in the 5 Eyes
* Search engines must not answer queries about web-pages that carry secure software
* Virtually all academic security work in the 5 Eyes must cease –
security research must only take place in proprietary research
environments where there is no onus to publish one’s findings, such as
industry R&D and the security services
* All packets in and out of 5 Eyes countries, and within those
countries, must be subject to Chinese-style deep-packet inspection and
any packets that appear to originate from secure software must be
dropped
* Existing walled gardens (like Ios and games consoles) must be ordered to ban their users from installing secure software
* Anyone visiting a 5 Eyes country from abroad must have their smartphones held at the border until they leave
* Proprietary operating system vendors (Microsoft and Apple) must be
ordered to redesign their operating systems as walled gardens that only
allow users to run software from an app store, which will not sell or
give secure software to Britons
* Free/open source operating systems – that power the energy, banking,
ecommerce, and infrastructure sectors – must be banned outright
The Australian officials will say that she doesn’t want to do any of
this. They’ll say that they can implement weaker versions of it – say,
only blocking some “notorious” sites that carry secure software. But
anything less than the programme above will have no material effect on
the ability of criminals to carry on perfectly secret conversations that
“we cannot read”. If any commodity PC or jailbroken phone can run any
of the world’s most popular communications applications, then “bad guys”
will just use them. Jailbreaking an OS isn’t hard. Downloading an app
isn’t hard. Stopping people from running code they want to run is – and
what’s more, it puts the every 5 Eyes nation – individuals and
industry – in terrible jeopardy.
That’s a technical argument, and it’s a good one, but you don’t have to
be a cryptographer to understand the second problem with back doors: the
security services are really bad at overseeing their own behaviour.
Once these same people have a back door that gives them access to
everything that encryption protects, from the digital locks on your home
or office to the information needed to clean out your bank account or
read all your email, there will be lots more people who’ll want to
subvert the vast cohort that is authorised to use the back door, and the
incentives for betraying our trust will be much more lavish than
anything a tabloid reporter could afford.
If you want a preview of what a back door looks like, just look at the
US Transportation Security Administration’s “master keys” for the locks
on our luggage. Since 2003, the TSA has required all locked baggage
travelling within, or transiting through, the USA to be equipped with
Travelsentry locks, which have been designed to allow anyone with a
widely held master key to open them.
What happened after Travelsentry went into effect? Stuff started going
missing from bags. Lots and lots of stuff. A CNN investigation into
thefts from bags checked in US airports found thousands of incidents of
theft committed by TSA workers and baggage handlers. And though
“aggressive investigation work” has cut back on theft at some airports,
insider thieves are still operating with impunity throughout the
country, even managing to smuggle stolen goods off the airfield in
airports where all employees are searched on their way in and out of
their work areas.
The US system is rigged to create a halo of buck-passing
unaccountability. When my family picked up our bags from our Easter
holiday in the US, we discovered that the TSA had smashed the locks off
my nearly new, unlocked, Travelsentry-approved bag, taping it shut after
confirming it had nothing dangerous in it, and leaving it “completely
destroyed” in the words of the official BA damage report. British
Airways has sensibly declared the damage to be not their problem, as
they had nothing to do with destroying the bag. The TSA directed me to a
form that generated an illiterate reply from a government subcontractor,
sent from a do-not-reply email address, advising that “TSA is not
liable for any damage to locks or bags that are required to be opened by
force for security purposes” (the same note had an appendix warning me
that I should treat this communication as confidential). I’ve yet to
have any other communications from the TSA.
Making it possible for the state to open your locks in secret means that
anyone who works for the state, or anyone who can bribe or coerce
anyone who works for the state, can have the run of your life.
Cryptographic locks don’t just protect our mundane communications:
cryptography is the reason why thieves can’t impersonate your fob to
your car’s keyless ignition system; it’s the reason you can bank online;
and it’s the basis for all trust and security in the 21st century.
In her Dimbleby lecture, Martha Lane Fox recalled Aaron Swartz’s words:
“It’s not OK not to understand the internet anymore.” That goes double
for cryptography: any politician caught spouting off about back doors is
unfit for office anywhere but Hogwarts, which is also the only
educational institution whose computer science department believes in
“golden keys” that only let the right sort of people break your
encryption.
The Canadian Association of Journalists condemns the criminal charges brought against Aylmer Express publisher John Hueston and reporter/editor Brett Hueston.
“The OPP’s decision to charge a father and son team who run a community newspaper is a stunning and unacceptable assault on press freedom and the public’s right to know,” said CAJ President Karyn Pugliese. “We urge the OPP to immediately withdraw all charges against the journalists.”
On June 23, a car drove off a cliff at the South end of Springfield Road above Lake Erie. The following day, June 24, a Special Investigations Unit was brought in to determine if an OPP police vehicle had been in pursuit at the time of the crash. The death was ultimately determined to be a suicide, clearing the OPP.
On the 24th, while the investigation was ongoing, John and Brett Hueston drove past a road closed sign and arrived on the scene, which is not unusual for local reporters. A plain-clothed officer on the scene told journalists they could not take photos and needed to move their car. John Hueston asked for the officer’s identification, was referred to her superior, who after a short discussion ordered arrest of the two journalists. They were arrested, handcuffed and taken to jail at the Elgin OPP detachment where they were held for three hours until the crash scene had been cleared. Their cameras were also confiscated.
John Hueston, 67, and Brett, 33, now face charges of criminal obstruction of a peace officer.
A trial is set for Wednesday, June 27, 2018 at the Ontario Court of Justice. It is expected to be a one-day trial.
The two maintain they did not interfere with the investigation, never went closer than 50 metres to the site of the investigation and only spoke to officers to ask where they could park and take photos.
The CAJ is Canada’s largest national professional organization for journalists from all media, representing nearly 600 members across the country. The CAJ’s primary roles are to provide high-quality professional development for its members and public-interest advocacy.
I’m not seeing much information or outrage about Orlando Brown (outside of social media), a Black Canadian man who apparently was killed by Barrie Police Officers who tasered him to death.
These are the only articles I could find, none of which name him or make it explicitly clear that a black man was killed by the police:
Barrie police say the arrest took place at around 2:30 p.m. on Friday. Police have not confirmed the exact location of the ordeal.
They say the man was then taken to the Barrie Police station for processing where he went into “medical distress.” Paramedics provided first-aid at the station and transported him to Royal Victoria Regional Health Centre where he later died.
Family and friends have identified him as 32-year-old Orlando Brown.
A witness who captured video of the altercation on his cell phone later posted it on social media. The video has been viewed thousands of times.
The video appears to show the officers struggle with Brown while trying to arrest him near some trees between two buildings.
Throughout the video, the sound of a Taser being deployed could be heard before Brown is brought to the ground. An officer shouts “stop resisting” and “put your hands behind your back” while the others forcibly hold him on the ground.
Lance Freeman, who recorded the video, told CTV News Barrie that he watched the officers approach Brown while he was asleep near a bush.
“They asked him to see his ID and before he even had a chance to pull his ID out, the one guy just kicked him and the other started chasing him,” Freeman said.
He said he pulled out his cellphone when he saw one of the officers kick Brown “right in the temple.”
“Everybody was telling the cops to stop, that they were using force,” he said. “How do you expect someone to sit still when you’re Tasering him?”
Freeman claims he stopped recording when one of the officers pointed at him and said he was “next.”
Barbara South, Brown’s aunt, said her nephew was a generous and loving person who has “never been aggressive.”
“Yes he goes off the track a little bit… nobody’s perfect, but he doesn’t have a mean bone in his body,” she said.
South believes Brown would have never died after his arrest if he was white.
“They de-escalate and they find ways to get to calm a situation without any violence when the person is white. But when you’re black, your life has no value,” she said.
“My nephew was murdered… There’s no doubt about that.”
The mother of the victim’s 11-year-old child told CTV News Barrie that she’s beside herself with grief.
“She’s left without her dad,” Donna Dubois said via phone. “How do I explain this to her? How is she going to think that police officers are safe when this is what they did to her dad?”
Dubois said Brown was a “fantastic dad” who was always willing to help a friend in need. She said she believes Brown had “run-ins” with the law and had a warrant out for his arrest but intended on turning himself in.
“He did not deserve this whatsoever, not whatsoever,” she said. “I’m completely devastated I couldn’t even watch the video. I’m disgusted.”
BLACK LIVES MATTER.
#ORLANDOBROWN
This is why I never go up to Barrie. The cops there have the most disgusting attitudes. We always get stopped for “standard/random checks”. So tired of fucking country cops being overly aggressive, like your not a high crime area, you live in small pocket towns. Just because there aren’t many minorities up there doesnt mean that any there are “dangerous”.
Fuck Barrie, Port Credit and Innisfil. Those three areas suck ass if your a poc.
