Search Mailing List Archives

Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] Privacy, data protection questions

Rich Kulawiec rsk at
Tue Mar 26 16:12:41 PDT 2013

On Mon, Mar 25, 2013 at 10:57:10AM -0700, Brian Conley wrote:
> Mostly I'm taking issue with your nonconstructive demeanor.

Clearly you have no idea how I write when I'm being "nonconstructive". ;-)

Think equal proportions Kingsfield[1], Vader, Snape.  Season to taste with
HST and Mencken, serve at full boil.

> I've not seen you take the Guardian Project to task for trying to
> solve some of the same problems. I've not seen you take Tor project or
> Whisper Systems to task.

(a) There aren't enough hours in the day to provide extensive (security
or other) critiques of everything that comes across here.   And there
are other people whose expertise in certain areas dwarfs mine, so
until/unless I close the gap, I'll defer to them.  Also I think I should
occasionally STFU and listen.

So I respond on-list when I feel that I have something useful to say,
*usually* (but not always) when I think that has applicability beyond the
particular topic-of-the-moment.  Hence my comments in re Silent Circle,
which are far more about the inherent insecurity of closed source
software than about the specifics of Silent Circle itself -- most of
which I didn't pay any attention to because I think they're irrelevant.
And speaking of applicability beyond the topic-of-the-moment:

(b) If you read my message carefully you'll notice that I did in fact
explicitly point out that while I was using this particular project as
an example, it's by no means the only one facing the exact same issue.
"Building a secure smartphone app" is presently equivalent to "trying
to put the roof on a house whose foundation is sinking into quicksand
and whose main floor is on fire".

So what "constructive" thing could I possibly say?  The entire smartphone
ecosystem is rotten to the core: the OS vendors care far more about
advertising than privacy and security [2].  Well, and they care a lot
about paying attorneys so that they can all sue each other. [3]  The app
markets are loaded with malware, spyware, adware, and crap.  And more
crap.  Also: still more crap.  Users will download and run any shiny thing
they see, doubly so if it purports to enhance their "social experience" --
much to the delight of the scammers and spammers running those operations.
Telcos are happy to turn user tracking/surveillance/etc. into profit
centers.  Governments want every scrap of data they can get from carriers
and there's now an entire subindustry for software that extracts data
from locked phones.

D'ya think if I asked them very nicely and politely they'd all stop?


There is NOTHING "constructive" to be done here.  It's not a fixable
situation at the moment or for the forseeable future.  The *only* thing
to do, as far as I can tell, is to stop pretending it's otherwise and
stop laboring under the delusion that smartphone apps have a chance in
hell of being secure in mass deployment scenarios.

(c) So to re-emphasize the more general point: no smartphone apps,
UNLESS you can produce a viable, workable, scalable, defensible plan
to keep the phones secure in the field.  Otherwise your app, whatever
it does, and however nifty it is, is probably going to be undercut from
the moment it's installed...or very soon thereafter, as soon as one or
two governments your users are annoying decide to deploy countermeasures.
(I think it's fair to say that, to a first approximation, the tempo
and scale of their response will be proportional to the adoption
rate and annoyance level.  Thus: the better your app and the more people
that use it, the sooner you should expect the backlash.)

And they don't *have* to crack your app if they 0wn the phones it runs on.

(I sure wouldn't.  Too much work.  Very tedious.  Better to just hijack the
phone, install a keystroke logger, and compromise *all* the apps.)

(d) I don't think you [generic you] can come up with that plan (above)
and execute it.  I think you have no shot whatsoever.  But if you want
to take a crack at proving me wrong: be my guest.  I will be very surprised
but happy if you succeed.  I may even buy you beers.  Good beers.

(e) I *know* this is real unhappy news.  Sorry.  I didn't write the
cruddy smartphone software.  I didn't write the malware.  I didn't create
the situation.  I'm just pointing it out.  And yes, I know it would be
much nicer to just go on creating app after app and rolling them out
and pretending this problem doesn't exist, but ermmm...I think far more
unpleasant things than mere words on a screen will happen if lots of
people start betting their freedom and/or their lives on the security of
their smartphones/apps.

(f) And on that point ("pretending"), let me share with you one of the most
valuable pieces of guidance that I've ever read.  I have it printed out
and taped above where I'm working right now.  I think for many of the
projects and initiatives discussed here, it's terrific advice.  So even
if you think my analysis here isn't worth a load of fetid dingo's kidneys,
well, at least there's this:

	"The first step is to measure whatever can be easily measured.
	That is okay as far as it goes.

	The second step is to disregard that which can't be measured
	or give it an arbitrary quantitative value.  This is artificial
	and misleading.

	The third step is to presume that what can't be measured easily
	really isn't very important.  This is blindness.

	The fourth step is to say that what can't be easily measured
	doesn't exist.  This is suicide."

	--- social scientist Daniel Yankelovich describes the "McNamara
	Fallacy"; quoted by Jay Harris, former publisher of the San Jose
	Mercury News, in a speech explaining why he resigned his post.

(g) So do you wanna spend your time trying to convince me to change my
writing style (hint: success probability == low) OR would you like to
focus on the substance of my remarks -- because *if* I'm right, then
Bad Things are going to ensue as soon as various governments figure out
that exploiting smartphones is a cheap, effective and scalable tactic for
undermining communication among their opponents.  Morever, they will be
Bad Things that are (largely) independent of the cleverness of apps and
their supporting infrastructure, i.e. they're not going to be fixable
by the developers.  Which means years of work and piles of money spent
developing OverthrowYourDictator v1.2 will be rendered moot and, worse,
people running it may well face unhappy fates.

This may have already happened.


[1] I suspect some of you who are younger may not get the reference.
Therefore, let me introduce you to Professor Kingsfield:

[2] For example:

[3] Mike Masnick has a brilliant illustration of this:

More information about the liberationtech mailing list