Saturday, November 19, 2005

Freedom Summit: Technological FUD

Sunday morning's first session was by Stuart Krone, billed as a computer security expert working at Intel. Krone, wearing a National Security Agency t-shirt, of a type sold at the National Cryptologic Museum outside Ft. Meade, spoke on the subject "Technology: Why We're Screwed." This was a fear-mongering presentation on technological developments that are infringing on freedom, mostly through invasion of privacy. The talk was a mix of fact, error, and alarmism. While the vast majority of what Krone talked about was real, a significant number of details were distorted or erroneous. In each case of distortion or error, the distortions enhanced the threat to individual privacy or the malice behind it, and attributed unrealistic near-omniscience and near-omnipotence to government agencies. I found his claim that the NSA had gigahertz processors twenty years before they were developed commercially to be unbelievable, for example. He also tended to omit available defenses--for instance, he bemoaned grocery store loyalty programs which track purchases and recommended against using them, while failing to note that most stores don't check the validity of signup information and there are campaigns to trade such cards to protect privacy.

Krone began by giving rather imprecise definitions for three terms: convenience, freedom, and technology. For convenience, he said it is something that is "easy to do," freedom is either "lack of coercion" or "privacy," and technology is "not the same as science" but is "building cool toys using scientific knowledge." While one could quibble about these definitions, I think they're pretty well on track, and that a lack of society intrusion into private affairs is a valuable aspect of freedom.

Krone then said that the thesis of his talk is to discuss ways in which technology is interfering with freedom, while noting that technology is not inherently good or evil, only its uses are.

He began with examples of advancements in audio surveillance, by saying that private corporations have been forced to do government's dirty work to avoid Freedom of Information Act issues, giving as an example CALEA (Communications Assistance for Law Enforcement Act) wiretaps. He stated that CALEA costs are added as a charge on your phone bill, so you're paying to have yourself wiretapped. He said that CALEA now applies to Voice Over IP (VOIP), including Skype and Vonage, and that the government is now tapping all of those, too. Actually, what he's referring to is that the FCC issued a ruling on August 5, 2005 on how CALEA impacts VOIP which requires providers of broadband and VOIP services which connect to the public telephone network to provide law enforcement wiretap capability within 18 months. There is no requirement for VOIP providers which don't connect to the public telephone network, so the peer-to-peer portion of Skype is not covered (but SkypeIn and SkypeOut are). This capability doesn't exist in most VOIP providers' networks, and there is strong argument that the FCC doesn't have statutory authority to make this ruling, which is inconsistent with past court cases--most telecom providers are strongly opposing this rule. The Electronic Frontier Foundation has an excellent site of information about CALEA.

Krone next talked about the ability to conduct audio surveillance on the inside of the home using 30-100 GHz microwaves to measure vibrations inside the home. This is real technology for which there was a recent patent application.

He raised the issue of cell phone tracking, as is being planned to use for monitoring traffic in Kansas City (though he spoke as though this was already in place--this was a common thread in his talk, to speak of planned or possible uses of technology as though they are already in place).
(This is actually currently being used in Baltimore, MD, the first place in the U.S. to use it.)

He spoke very briefly about Bluetooth, which he said was invented by Intel and other companies (it was invented by Ericsson, but Intel is a promoter member of the Bluetooth Special Interest Group along with Agere, Ericsson, IBM, Microsoft, Motorola, Nokia, and Toshiba). He stated that it is completely insecure, that others can turn on your phone and listen to your phone's microphone, get your address book, and put information onto your phone. While he's quite right that Bluetooth in general has major security issues, which specific issues you may have depend on your model of phone and whether you use available methods to secure or disable Bluetooth features. Personally, I won't purchase any Bluetooth product unless and until it is securable--except perhaps a device to scan with.

Next, Krone turned to video surveillance, stating that in addition to cameras being all over the place, there are now cameras that can see through walls via microwave, that can be used by law enforcement without a search warrant, which hasn't been fully decided by the courts yet. I haven't found anything about microwave cameras that can see through walls, but this sounds very much like thermal imaging, which the Supreme Court has addressed. In Kyllo v. U.S. (533 U.S. 27, 2001) it was ruled that the use of a thermal imaging device to "look through walls" constituted a search under the Fourth Amendment and thus requires a search warrant. Scalia, Souter, Thomas, Ginsburg, and Breyer ruled with the majority; Stevens, Rehnquist, O'Connor, and Kennedy dissented.

Krone briefly mentioned the use of "see through your clothes" X-ray scanners, stating that six airports are using them today. This technology exists and is in TSA trials, and was actually tested at a Florida airport back in 2002. A newer, even more impressive technology is the new Tadar system unveiled in Germany in mid-October 2005.

He addressed RFIDs, and specifically RFIDs being added to U.S. passports in 2006, and some of the risks this may create (such as facilitating an electronic "American detector"). This is a real threat that has been partially addressed by adding a radio shielding to the passport to prevent the RFID from being read except when the passport is open. As Bruce Schneier notes, this is not a complete safeguard. Krone also stated that there is a California bill to put RFIDs in cars, with no commercial justification, just to "know where everyone is and what they have with them at all times." I'm not aware of the bill he is referring to, but the use of transponders in cars for billing purposes for toll roads is a possible commercial justification.

He spoke about the laser printer codes that uniquely identify all documents printed by certain laser printers, which have been in place for the last decade and were recently exposed by the Electronic Frontier Foundation and reported in this blog (Krone mistakenly called it the "Electronic Freedom Foundation," a common mistake). He also briefly alluded to steganography, which he wrongly described as "the art of hiding information in a picture." While hiding a message in a picture is one form of steganography, what is characteristic of steganography is that it is hiding a message in such a way as to disguise the fact that a message is even present.

He then went on to talk about Intel's AMT product--"Advanced Management Technology." This is a technology that allows computers to be remotely rebooted, have the console redirected, obtain various information out of NVRAM about what software is installed, and to load software updates remotely, even if the system is so messed up that the operating system won't boot. This is a technology that will be extremely useful for large corporations with a geographically dispersed work force and a small IT staff; there is similar technology from Sun Microsystems in their Sun Fire v20z and v40z servers which allows remote access via SSH to the server independent of the operating system, which allows console port and keyboard access, power cycling of the server, etc. This is technology with perfectly legitimate uses, allowing the owner of the machine to remotely deal with issues that would previously have required either physically going to the box or the expense of additional hardware such as a console server.

Krone described AMT in such a way as to omit all of the legitimate uses, portraying it as a technology that would be present on all new computers sold whether you like it or not, which would allow the government to turn your computer on remotely, bypass all operating system security software including a PC firewall, and take an image of your hard drive without your being able to do anything about it. This is essentially nonsensical fear-mongering--this technology is specifically designed for the owner of the system, not for the government, and there are plenty of mechanisms which could and should be used by anyone deploying such systems to prevent unauthorized parties from accessing their systems via such an out-of-band mechanism, including access control measures built into the mechanisms and hardware firewalls.

He then went on to talk about Digital Rights Management (DRM), a subject which has been in the news lately as a result of Sony BMG's DRM foibles. Krone stated that DRM is being applied to videos, files, etc., and stated that if he were to write a subversive document that the government wanted to suppress, it would be able to use DRM to shut off all access to that file. This has DRM backwards--DRM is used by intellectual property owners to restrict the use of their property in order to maximize the potential paying customer base. The DRM technologies for documents designed to shut off access are intended for functions such as allowing corporations to be able to guarantee electronic document destruction in accordance with their policies. This function is a protection of privacy, not an infringement upon it. Perhaps Krone intended to spell out a possible future like that feared by Autodesk founder John Walker in his paper "The Digital Imprimatur," where he worries that future technology will require documents published online to be certified by some authority that would have the power to revoke it (or revoke one's license to publish). While this is a potential long-term concern, the infrastructure that would allow such restrictions does not exist today. On the contrary, the Internet of today makes it virtually impossible to restrict the publication of undesired content.

Krone spoke about a large number of other topics, including Havenco, Echelon, Carnivore/DCS1000, web bugs and cookies, breathalyzers, fingerprints, DNA evidence, and so on. With regard to web bugs, cookies, and malware, he stated that his defense is not to use Windows, and to rely on open source software, because he can verify that the content and function of the software is legitimate. While I hate to add to the fear-mongering, this was a rare instance where Krone doesn't go far enough in his worrying. The widespread availability of source code doesn't actually guarantee the lack of backdoors in software for two reasons. First, the mere availability of eyeballs doesn't help secure software unless the eyeballs know what to look for. There have been numerous instances of major security holes persisting in actively maintained open source software for many years (wu-ftpd being a prime example). Second, and more significantly, as Ken Thompson showed in his classic paper "Reflections On Trusting Trust" (the possibility of which was first mentioned in Paul Karger and Roger Schell's "Multics Security Evaluation" paper), it is possible to build code into a compiler that will insert a backdoor into code whenever a certain sequence is found in the source. Further, because compilers are typically written in the same language that they compile, one can do this in such a way that it is bootstrapped into the compiler and is not visible in the compiler's source code, yet will always be inserted into any future compilers which are compiled with that compiler or its descendants. Once your compiler has been compromised, you can have backdoors that are inserted into your code without being directly in any source code.

Of the numerous other topics that Krone discussed or made reference to, there are three more instances I'd like to comment on: MRIs used as lie detectors at airport security checkpoints, FinCen's monitoring of financial transactions, and a presentation on Cisco security flaws at the DefCon hacker conference. In each case, Krone said things that were inaccurate.

Regarding MRIs, Krone spoke of the use of MRIs as lie detectors at airport security checkpoints as though they were already in place. The use of fMRI as a lie detection measure is something being studied at Temple University, but is not deployed anywhere--and it's hard to see how it would be practical as an airport security measure. Infoseek founder and Propel CEO Steve Kirsch proposed in 2001 using a brainscan recognition system to identify potential terrorists, but this doesn't seem to have been taken seriously. There is a voice-stress analyzer being tested as an airport security "lie detector" in Israel, but everything I've read about voice stress analysis is that it is even less reliable than polygraphs (which themselves are so unreliable that they are inadmissible as evidence in U.S. courts). (More interesting is a "stomach grumbling" lie detector...) (UPDATE March 27, 2006: Stu Krone says in the comments on this post that he never said that MRIs were being used as lie detectors at airport security checkpoints. I've verified from a recording of his talk that this is my mistake--he spoke only of fMRI as a tool in interrogation.)

Regarding FinCen, the U.S. Financial Crimes Enforcement Network, Krone made the claim that "FinCen monitors all transactions" and "keeps a complete database of all transactions," and that for purchases made with cash, law enforcement can issue a National Security Letter, including purchases of automobiles. This is a little bit confused--National Security Letters have nothing specifically to do with financial transactions per se, but are a controversial USA PATRIOT Act invention designed to give the FBI the ability to subpoena information without court approval. I support the ACLU's fight against National Security Letters, but they don't have anything to do with FinCen. Krone was probably confused by the fact that the USA PATRIOT Act also expanded the requirement that companies whose customers make large cash purchases (more than $10,000 in one transaction or in two or more related transactions) fill out a Form 8300 and file it with the IRS. Form 8300 data goes into FinCen's databases and is available to law enforcement, as I noted in my description of F/Sgt. Charles Cohen's presentation at the Economic Crime Summit I attended. It's simply not the case that FinCen maintains a database of all financial transactions.

Finally, Krone spoke of a presentation at the DefCon hacker conference in Las Vegas about Cisco router security. He said that he heard from a friend that another friend was to give a talk on this subject at DefCon, and that she (the speaker) had to be kept in hiding to avoid arrest from law enforcement in order to successfully give the talk. This is a highly distorted account of Michael Lynn's talk at the Black Hat Briefings which precede DefCon. Lynn, who was an employee of Internet Security Systems, found a remotely exploitable heap overflow vulnerability in the IOS software that runs on Cisco routers as part of his work at ISS. ISS had cold feet about the presentation, and told Lynn that he would be fired if he gave the talk, and Cisco also threatened him with legal action. He quit his job and delivered the talk anyway, and ended up being hired by Juniper Networks, a Cisco competitor. As of late July, Lynn was being investigated by the FBI regarding this issue, but he was not arrested nor in hiding prior to his talk, nor is he female.

I found Krone's talk to be quite a disappointment. Not only was it filled with careless inaccuracies, it presented nothing about how to defend one's privacy. He's right to point out that there are numerous threats to privacy and liberty that are based on technology, but there are also some amazing defensive mechanisms. Strong encryption products can be used to enhance privacy, the EFF's TOR onion routing mechanism is a way of preserving anonymity, the Free Network Project has built mechanisms for preventing censorship (though which are also subject to abuse).

11 comments:

skrone said...

Greetings,

I noticed you have a very interesting post on my speech for the FreedomSummit 2005. Unfortunately, you misunderstood or misconstrued most of what I said. In addition, you accuse me of saying things that I never said. I am glad you liked my T shirt. I had thought the subtlety of the joke was lost. I am glad it wasn't. The T shirt was a present from a friend.

I would like to point out a few of the items where I was misquoted or where you are simply wrong. It is well known and documented that the NSA had gigahertz chips 20 years ahead of the private sector. That is easily verified, despite the fact that you don't believe it.

I did not spend a lot of time covering defenses against the threats I was discussing, even where a defense is available. This was done to save time. It was not my intent to teach a course on information security. It was my intent to outline the threats so the audience would have something to think about and could then investigate the defenses. Where appropriate, I did in fact mention some defenses. I have specifically recommended signing up for supermarket affinity programs under a different name.

Your understanding of the security of VOIP is limited. Despite the fact that the equipment to intercept VOIP hasn't been implemented by all carriers yet, there are still ways of intercepting VOIP communications. Indeed, the fact that Skype to Skype transmission is immune to CALEA really doesn't help since it is subject to normal monitoring and is not in widespread use when compared to our phone systems.

Cell phone tracking was widely deployed in Zurich, Switzerland before it was considered here. That makes the technology a serious threat. It's lack of implementation does not mean that it will not or can not be implemented. Remember my intent is to specify the threats we are currently facing as well as future threats.

When I said there were microwave cameras capable of seeing through walls, I meant exactly what I said. You misconstrued this to mean thermal imaging. You are incorrect. The Supreme Court has not yet addressed this technology when used on a residence.

I won't nitpick over the definition of steganography. Yes, it is the art / science of hiding a message in another message. The most common implementation is to hide the message in a picture. Given the diverse nature of the audience, there is little point in getting too specific, unless you merely wish to split hairs.

I did not omit the legitimate uses of AMT. I specifically discussed the value of the technology. You have misconstrued what I said despite the fact that the legitimate uses of the technology I was discussing was largely beyond the scope of my speech. Your claim that this technology can not be subverted is unfortunately incorrect.

I do not have DRM backwards. You are failing to see it's potential for misuse. This is a common foible amongst those that don't have a security background. You are only looking at the stated uses of the technology. You aren't looking beyond the stated or obvious uses to see the potential.

I never said MRI machines are being used as lie detectors at airports. You completely misquoted me. I did discus the use of fMRI as a lie detector, but never said they were deployed. You are incorrect about the admissibility of polygraphs. Polygraphs are not completely inadmissible in court, although I think they should be.

You claim that I gave a "highly distorted account of Michael Lynn's talk at the Black Hat Briefings." I never gave an account of Michael Lynn's talk at the Black Hat Briefings. I don't know Michael Lynn. I never said any such thing. I gave an account of a friend of mine, who had to hide a friend of his. She had information on a Cisco security flaw that DHS did not want released.

The purpose of my talk was to present the state of the art in security threats to U.S. citizens and residents. A secondary goal was to cover threats that would affect those overseas. Discussing the positive uses of technology and defenses to the threats I describe are out of scope for my talks. Some of the solutions that you propose such as strong encryption are naive at best. At worst, they can be dangerous for those that listen to you. I stand by the accuracy of my assessment of the security risks that we face. I also stand behind my predictions. You have confused the current state of the threat with my future predictions. You have criticized things that I didn't say. I hope you will find some way to contribute to freedom other than by splitting hairs in a blog somewhere. I challenge you to do something useful! I would even be happy to debate you in a public forum. Anytime, anywhere.

Thank you,

Stu Krone

Jim Lippard said...

Stu:

You've given a long series of assertions, but largely without providing evidence to support your positions. I would be interested in seeing references on NSA gigahertz chips, microwave camera technology, and the alleged DefCon Cisco security flaw presentation DHS tried to suppress (but was somehow not covered by the press like Flynn's talk) story.

My description was based on extensive notes I took during your talk, and I stand behind its accuracy in reporting the content of what you said.

You say "your understanding of the security of VOIP is limited" without explaining why or how, and say "there are still ways of intercepting VOIP communications" without describing a specific threat or program that's in place. My point wasn't that it's not *possible*, my point was that you portrayed it as though it's happening right now, as part of a fully implemented program of interception, and that's not the case. (Where there is a fully implemented program of interception is in the TDM world, which we now know is augmented by things such as data mining of AT&T's Daytona call detail record database, which doesn't include call content.)

You say that Skype to Skype transmission is "subject to normal monitoring." What do you mean by "normal monitoring" in this context? What percentage of Skype peer-to-peer communications--which are encrypted--do you think is actively being intercepted by U.S. government agencies, and how do you think they are recovering or intercepting the unencrypted signal?

Your comment about cell phone tracking doesn't address my complaint--you say now that it's a future threat, but you presented it as something already in place.

Regarding AMT, it was not until the question-and-answer session that you explained the legitimate reasons for such technology--you portrayed it as though the primary purpose was to give up control of home systems to the government, which is false. You say that it can "be subverted"--has this been published anywhere? Isn't this an issue your employer should be very interested in addressing?

I stand behind my comments on DRM--I pointed out its negatives and explained why I thought you had it backwards. You are concerned about the currently nonexistent threat of the ability of third parties to use DRM to delete your content (though I als cited the cogent remarks about the future possibility of such a threat by John Walker), when the real issue is its prevention of fair use by consumers who pay for the content.

I didn't quote you about MRI, so I couldn't have misquoted you. I'll have to check my notes (or perhaps obtain a copy of the recording of your talk), but I certainly got the impression you were saying that MRI was being deployed for lie detection as an airport security mechanism.

You are correct about polygraph evidence--the U.S. Supreme Court opened the door to jurisdictions making their own decisions about the admissibility of polygraph evidence in 1998 in United States v. Scheffer; there are 18 states (including Arizona) which will admit it by stipulation, 31 states which have either rejected it, even by stipulation, or have failed to address the issue, and 1 state (New Mexico) which will admit it without stipulation by the parties, with some restrictions. I agree with you that its admissibility should be rejected across the board.

You say that the use of strong encryption is "naive" and that this or other recommendations of mine can be "dangerous for those who listen to you." What do you mean?

Despite the length of your comment, I don't think you've provided much clarity. That's pretty much the same problem I had with your original talk.

I welcome you to comment further with more specifics. I'll be happy to admit and retract any errors you demonstrate that I've made, as I did with the polygraph issue.

skrone said...

Yes, I did indeed give a long series of assertions. I don't have time in a 45 minute speech to give sources for the information I present. Frankly, most of what I said could easily be checked on Google with a little digging. Some, although not much of the information I give comes from confidential sources. This I can not and will not discuss. I really don't care if anyone likes that or not, but that's the way it is. Also, I can't comment on what the press chooses to cover, or what you happen to read or not read.

My talk discusses present and future threats. As long as you concede it is possible to intercept VOIP, I would consider that a potential threat. That fact that laws are being enacted to make tapping VOIP even easier, makes the threat that much greater. Since it is possible, it is a potential threat. I don't understand your quibbling over that.

Skype moves over TCP/IP. the fact that it is encrypted doesn't help if one or both of the end points are compromised. That is a current and future threat.

My comments on cell phone tracking were very clear. Cell phones have been used to track peoples movements. They are currently being used in places in the US to track peoples movements. This is a current threat. It is also a future threat in that it can expand to other areas that aren't currently doing cell phone tracking. I don't understand why this isn't clear, it's pretty simple.

I never said AMT was developed for evil uses. The beneficial uses of technology are out of scope for my speech. I've explained this several times already. I am only covering current and potential threats. Beneficial uses and possible defenses are way to complicated to discuss in a 45 minute speech. There's also no value to including beneficial uses of the technology. Everyone knows the beneficial uses of cell phones. That doesn't diminish the threat in any way.

The potential threat to AMT has not been published. My source is confidential. You can disregard the information if you wish, I really don't care. It is a viable threat. BTW, Wake on LAN has already been compromised on certain motherboards.

Yes, I am sure you stand by your comments on DRM. That still doesn't make them irrelevant. Yes, I know why DRM was developed and what it is supposed to do. Again, it's out of scope for my speech. I've explained that several times already. My speech covers only the threats posed by technology.

O.K., you didn't misquote me on fMRI's. You grossly misrepresented what I said to the point of fabricating things that I never said. Is that better?

The belief that strong encryption can't be circumvented is naive. Again, if either endpoint is compromised, the encryption is irrelevant. In addition, a court can order you to turn over the key and hold you in contempt if you don't. It's what we call "rubber hose" cryptography.

I hope this explains my points. Your primary misunderstanding seems to be with the scope of my speach. Remember my intent is to explain the threats to our freedom. The benefits of technology, the motivation behind the invention and the possible counter measures are beyond the scope of my lecture. It is also not possible to teach an entire course in infosec in 45 minutes, nor in a blog entry.

Take this as a starting point. Learn more about information security. Study the threat. I think after a while you'll see the light.

Jim Lippard said...

Stu:

Once again, you've not provided any of the requested evidence.

A security professional should present evidence about the likelihood, as well as the mere possibility of threats, in order to help people arrive at cost-effective solutions that reduce risk. Merely creating fear, uncertainty, and doubt is not productive. The constraints of time are not a reasonable excuse for misrepresenting the landscape of threats by presenting future threats as current threats or unlikely threats as omnipresent, nor for failing to substantiate claims you've specifically been asked to substantiate.

You're right that endpoint compromise is a serious issue, and that it can be a mechanism for defeating strong encryption (along with "rubber hose cryptography," keystroke loggers, and grabbing passphrases from memory or swap). If you're now suggesting that the U.S. government has a widescale program of intercepting Skype calls by making use of compromised systems, that's quite different from your initial suggestion that all VOIP calls are being intercepted through CALEA mechanisms. The latter is not the case, and the former is unlikely. But endpoint compromises occur all the time.

The issue of endpoint compromise is largely driven by the economics of online criminal activity (e.g., spamming, phishing, botnets), and it's noteworthy that government enforcement actions against this activity have to date been relatively few--it's a problem that is still being grappled with. I think you greatly overestimate the ability of government to monitor and intercept, and would benefit from reading this Schneier post on "data mining for terrorists": http://www.schneier.com/blog/archives/2006/03/data_mining_for.html

BTW, your concluding remark is misplaced--I'm not a beginner to information security or telecommunications, I'm employed in a senior position in information security for a global telecommunications provider which carries most of its voice traffic over IP.

Einzige said...

Frankly, most of what I said could easily be checked on Google with a little digging. Some, although not much of the information I give comes from confidential sources. This I can not and will not discuss. I really don't care if anyone likes that or not, but that's the way it is. Also, I can't comment on what the press chooses to cover, or what you happen to read or not read.

You make a speech with a number of bold claims but you don't care whether your audience believes it or not???

If you don't care to back up your assertions then when we call them literally incredible you can't really get pissed at us, can you?

And, btw, a little google searching can uncover lots of information on how to get rich quick, how to make cold fusion, and how to make a perpetual motion machine. What does that prove?

skrone said...

Hi Jim,

You're not getting the scope. My goal is to present the threats and only the threats. Fore the most part, you can look up the references on Google if you want them. Countermeasures open a huge can of worms. I could spend 45 minutes talking about countermeasures to any one of the technologies I described. I can't present all the information you requested in 45 minutes, it can't be done. I would be interested in seeing if you are willing to come out from behind your blog and give speeches. I welcome you to show me how to cover all of this in 45 minutes!

Don't confuse my speech with a security assessment. My goal is to give people a starting point. Calling my speech FUD is completely unfair and unwarranted. The threats are real. The fact that you don’t like what I chose to omit from my speech, doesn’t change that.

I did not present future threats as current threats. I was clear as to the technology that is available and where it is going. That was my primary goal. Where possible I also gave an indication as to how widespread the threat is and where it is expanding to. Once again, you are misrepresenting what I said. I also notice despite your offer to rescind inaccurate statements you have not done so. I repeat, I never said fMRIs were in use in airports.

I never said all VOIP calls were being intercepted. That is a future threat, not a current threat. The technology to intercept VOIP calls does exist. The threat is expanding. Given your association to the industry, I now understand your sensitivity to the issue. You should have disclosed that up front. VOIP is not as secure as many in the industry like to claim it is. I understand your objection to that, but that’s the way it is!

If you truly have a background in infosec, then you should do more to protect people’s freedoms. Get out and give speeches. Debate in a public forum, teach others to protect themselves. I’m presenting the threats to freedom so people can see what is happening. Every threat I described, every technology I spoke about was described in a manner that was 100% accurate. If you would like to describe countermeasures, or why the technology was created in the first place, then do it!

skrone said...

Einzige,

Of course I want people to believe what I said. Otherwise I wouldn't bother saying it. Jim grossly misrepresented what I said and I certainly don’t want people to confuse his interpretation with what I presented.

Again your comment is directed at the scope of my speech. I don’t have time to present cites in a 45 minute speech. If you look up reference material on the web and in various journals the information is available. If you go out to the web and can’t distinguish between a scientific journal and the national enquirer, then I really can’t help you.

Jim Lippard said...

Stu:

Your statement that you did not present future threats as current threats is contrary to what I and others heard you say, what I recorded in my notes, and how people responded in the Q&A. Perhaps you did not intend to convey that impression, but you did. If nothing else, take it as constructive criticism for future presentations.

I'll accept your statement that you didn't say fMRI were being used in airports and update the original post to record your position on the matter.

You say that you didn't say that all VOIP calls are being intercepted. What you said was that because CALEA now applies to VOIP, VOIP and Skype are now being tapped as well. The impression I got was that you were saying not only had a ruling been passed by the FCC, but it was already in effect and implemented--which is not the case.

It is unfair of you to attempt to dismiss my opinions as biased on the grounds of my position--I have no interest in underestimating threats. On the contrary, I think a responsible presentation should accurately describe the threat landscape, which I don't believe your talk did. It's also ironic that you question whether I "truly have a background in infosec" and wonder whether I ever speak publicly, while pointing me to Google to provide documentation for your claims. My background and record of public speaking can be easily found with Google, in contrast to your background or sources. Are you employed by Intel in an information security position?

Einzige said...

Again your comment is directed at the scope of my speech. I don’t have time to present cites in a 45 minute speech. If you look up reference material on the web and in various journals the information is available.

Actually, my comment was directed at the litany of bald assertions you posted here in response to Jim's critique of your speech. It seems to me that, in this context, providing supporting evidence and persuasive argument is the appropriate thing to do--if you want people to take your positions seriously. That's not, however, what you did. You simply said, in effect, "You're wrong and you don't know what you're talking about. Go look it up!" What kind of response do you expect from that?

I am sympathetic to your complaint about time-constraints at speaking engagements. However, a simple and low-cost solution to that problem is a hand-out that consists of a bibliography of reference materials. I hope you'll take the suggestion under consideration for future presentations.

skrone said...

Hi Jim,

Well… I don’t know that I can control how you interpret what I said. What I said in my speech was factually correct. If you read into what I was saying, maybe you were listening in a slightly biased way? In all fairness to me, we have already established that your notes on my speech are not 100% accurate.

That said, I am interested in providing an accurate assessment of the threats. Despite your claims of FUD, I was as accurate as I could possibly be given my time limits. If I had known that I had access to a projector, I would have included much more information on slides. I do like the idea of offering handouts. I also like the idea of creating a webpage that explains the threats and offers counter measures. This would give me the ability to explain the threats in detail; offer cites and offer possible controls.

Now that we have boiled your comments down to constructive criticism, I would like to make sure that no one else walks away with erroneous information or impressions. I did Google you, although I didn’t search through all the pages. I didn’t find any of your public speaking engagements. I did find your webpage where you have some pretty good information.

Sooo…. Fair enough. I think I successfully defended myself against unfair accusations  I am motivated to make sure that a more complete picture is conveyed in the future. I am particularly interested in offering solutions to the threats that we face.

Hopefully you will enjoy my next speech even more.

Stu

Jim Lippard said...

In my original post I wrote: "Second, and more significantly, as Ken Thompson showed in his classic paper "Reflections On Trusting Trust" (the possibility of which was first mentioned in Paul Karger and Roger Schell's "Multics Security Evaluation" paper), it is possible to build code into a compiler that will insert a backdoor into code whenever a certain sequence is found in the source. Further, because compilers are typically written in the same language that they compile, one can do this in such a way that it is bootstrapped into the compiler and is not visible in the compiler's source code, yet will always be inserted into any future compilers which are compiled with that compiler or its descendants. Once your compiler has been compromised, you can have backdoors that are inserted into your code without being directly in any source code."

There is now a countermeasure for this, the details of which have been worked out by David A. Wheeler in a paper titled "Countering Trusting Trust Through Diverse Double-Compiling."

The paper and additional comments can be found here: http://www.dwheeler.com/trusting-trust/

Whew.