[sillysaurus3]

Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.

In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.

But this time, our fates are all linked. Once shipping backdoors becomes mainstream, it might be impossible to go back.

We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.

Could we reverse engineer the political forces at play? We could try to think of the most effective thing we could do, and then focus on that.

[gumby]

> Members of our government are so indoctrinated about stopping "terrorism" that they have lost all sense of perspective.

> In this case, it might be better to assume malice rather than incompetence.

I really want to consider you paranoid, but sadly I strongly agree. This is hardly the first time engineered paranoia has gripped the country, but living through it is horrible.

I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously. Even when I took classes on strategic deterrence and the like in college I considered them light entertainment I was paying for to give me a break from the serious classes.

Now we have the emperor's new suicide vest.

[miles]

This is hardly the first time engineered paranoia has gripped the country ... I was a kid during the mid-to-late Cold War (post "duck and cover") and somehow I was never able to take it seriously.

Unfortunately, the threat was (and still very much is) real:

Stanislav Petrov: The man who may have saved the world http://www.bbc.com/news/world-europe-24280831

Thank you Vasili Arkhipov, the man who stopped nuclear war https://www.theguardian.com/commentisfree/2012/oct/27/vasili...

Not that paranoia is a particularly useful response, but it did not require much engineering.

[cryptarch]

I first got the impression you meant something like "the Red Menace", but I take it you meant:

Engineered paranoia is still very real and a danger to our societies because of its reality-distorting effects that can result in violent overreactions.

Did I get that right?

[gumby]

Yes, that is precisely what I meant.

[cryptarch]

Thank you!

[nkrisc]

Those events, while very real dangers, were effects of the Cold War and the associated tension and paranoia, not the cause of it.

[grandalf]

> We should try to think of some concrete steps to resist this. It feels like we have to try, since there's so much at stake.

Great point. One idea I had recently is to start an organization in the same spirit as Open AI called OpenSurveillance that builds and releases all sorts of useful tools for thwarting surveillance efforts or acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world).

I think it would entail a combination of social/operational and technological tools, and would be useful for defensive and offensive efforts.

When OpenAI releases a state of the art facial recognition algorithm, it becomes obvious how the technology might be used for good or for evil. The same goal would apply.

Perhaps one utility conducts an analysis of public social media data to determine the best strategy for bribing or compromising an adversary. Another could explain how to use a HackRF YARDStick One to track the movement of an adversary via tire air pressure sensors. Another might utilize an infra-red camera to determine which entrances and exits of a building are slow to close and could offer time to sneak in.

Still other tools might be a user-friendly rootkit installer for easy installation on a spouse or boss's device, etc., or maybe a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.

The basic idea would be to highlight enough about reality so that the security (and privacy) implications of the policies can be weighed accurately by the public. By putting all the tools in one place and releasing polished, thoughtful products, the organization would help the public understand the privacy/security tradeoffs much better.

Basically a modern Anarchist's Cookbook for the surveillance age.

Disclaimer: It is not the intent of this post to discourage people to break laws, simply to use their vote and influence to peacefully change laws.

[cryptarch]

Do you think such an organization could exist in the light?

I've been considering a comparable project, but more focussed on opsec/infosec in a file sharing context. However, I've felt chilled by the possible legal consequences to me and my family if I enter this arena.

Bootstrapping myself to have great opsec seems like a really tough task. I feel like I'd have to repeatedly burn hardware, houses and identities if I want to stand a chance to reach "opsec heaven" where I can freely persue projects such as the Spook's Cookbook or the Pirate's Cookbook.

[grandalf]

> Do you think such an organization could exist in the light?

I think it could but it would need good legal support and PR support to prevent its actions from being mischaracterized.

> Bootstrapping myself to have great opsec seems like a really tough task

I think it would be incredibly difficult if not impossible in today's world. So I think that an "in the light" approach is much less vulnerable.

[ComodoHacker]

>acting as an adversary to an entity with pervasive surveillance power (generally speaking, corrupt regimes around the world)

>a user-friendly rootkit installer for easy installation >a program that trains a fleet of drones to follow a person all day, causes vehicle engine failure, etc.

I'm afraid corrupt regimes would be the ones who benefit the most from such tools.

[grandalf]

> I'm afraid corrupt regimes would be the ones who benefit the most from such tools.

They already do. But since the tools are under the radar there is not all that much pressure on technology firms to follow best practices.

For example, why don't we have fully auditable filesystems?

[ComodoHacker]

What do you mean by "fully auditable filesystem"?

[mlindner]

Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all. Apple showed this pretty obviously, but I think many companies would have most of their software engineers quit before accepting such a request, even if it was a direct order. The government cannot order you personally to write software, that's blatant first amendment violations, even if they figure out a way to order a company to do so. When politicians see one of their largest corporations disappearing over night, and the associated loss of world power and tax revenue, from engineers quitting vs a police force trying to force things like this... I think there will be some reconsidering that would happen.

[HappyTypist]

And then you look at how many people who works for Facebook.

[mlindner]

If enough of the core developers quit that puts a pretty huge dent in the company.

[grandalf]

> Most people I've met who work in security at large companies would rather lose their job than participate in the erasure of security for all.

While I think (and hope) this is correct, I'm not sure it matters.

For example, it would not be necessary for most of the engineers to be aware of a backdoor or other known vulnerability. There have been examples from open source crypto where malicious code has weakened it significantly and still nobody noticed.

There's also the very real possibility of baking the backdoor/vulnerability into a custom ASIC design. Chances are the government has a lot of expertise in this area and could simply tell Apple that it would provide one of the parts for all iPhones and the part would behave to spec (but would contain other undocumented behavior).

I think it's also realistic that other governments do this. Unless a chip is manufactured using the latest microprocessor-level miniaturization, it could contain all sorts of undocumented circuitry. I'm not sure about the economics of this sort of attack, but surely it makes sense once in a while.

[QuantumGravy]

They can take the high road because they currently have money and social status to leverage. If they were easily replaceable and earning an average middle-class income, the first amendment wouldn't mean crap next to their continued employment. That could actually be a novel argument against anything that would suppress their wages and salaries; their paycheck may be the last line of defense against a dystopian future.

[icantdrive55]

I have found people like to claim they would do the ethical/moral thing, but from what I have seen; it's maybe 1 out of a thousand that will walk, especially when it comes to their job/career.

There's this weird denial that takes place. I see it in all professions.

[grandalf]

I think people are reluctant to believe this, but practical evidence shows it to be true. Unethical behavior by groups is very common.

[bobcostas55]

>In this case, it might be better to assume malice rather than incompetence. In the 1950's it was s/terrorist/communist/, but it was a remarkably effective political tool. We might be in the same situation.

Eh, communism was way more of a threat. People in extremely high positions were communist traitors (eg Harry Dexter White who negotiated Bretton Woods/the creation of IMF for the US, or Alger Hiss who was involved in the creation of the UN, or a gazillion people in the British intelligence services).

If the government today was filled with people loyal to ISIS or AQ, then you could draw such a parallel.