Reply from Alok Sharma on #IPbill #Snooperscharter

26 November 2015

Here is the reply from my MP to my previous post. My response follows



Investigatory Powers Bill

21 November 2015

One of the problems in our political system is that most of the members of parliament, and their advisor’s, pundits, and the politically active population have little knowledge or understanding of the technical infrastructure that runs our world. A combination of the lack of interest in politics by technical people, and the lack of education in scientific disciplines of our politicians.

We on the technical side, dare I call us geeks, now need to get involved in the political discussion. The second round of the crypto wars s upon us with the combination of people saying they don’t care about interception, and the week voice of those of us who do understand and care in speaking up, if we don’t speak up we will loose.

Can I urge all of you out there to write to your MP! It is not hard, but if we all do it, we can start to reclaim the internet for the good of the future.

Here is what I have sent, awaiting a reply.

Re: Investigatory Powers Bill
Dear Alock Sharma

I am very concerned about this new bill and the massive encroachment into the public right to privacy it enshrines. This has rightly earned the nickname “The Snoopers Charter”

If you want access to my data Get A Warrant!

The bill seems to retrospectively enshrine into law the massive, and probably illegal, interception of the internet by GCHQ. Prevent any disclosure of the extent of that interception and prevent anyone leaking information about that from using a public interest defence.

The only reason we know anything about these activities is because of whistle-blowers, who have endured political witch-hunts as a result of revealing these illegal activities.

The “Going Dark” argument, that the Police are unable to investigate crimes because of the improvements in security of the internet is a very spurious one. It implies that there has been total surveillance of the population in the past (and present) and this needs to continue.

If the police need access to end-to-end encrypted communication that can get a warrant and cease the device, view the decrypted messages.

The idea that a law can ban end-to-end encryption is as ridiculous as the claim from David Cameron to ban encryption, or mandate back-doors in all systems. The security profession has told you many times that inserting back doors safely into encryption software is imposable. (see Keys under dormats)

If you want access to my data Get A Warrant!

Banning end-to-end encryption will not stop the bad guys using it. How to do this, and the programs to do it are all publicly available and open source. All you will do is hamper UK law abiding citizens in using these, and kill the security software industry in this country.

There are also the sections allowing the Police, and GCHQ to break the Computer Misuse act, by hacking into any computer or device they wish. There is no justification for allowing this extreme power. The government should be working to improve our security not undermining it.

What we want from an investigatory powers bill is something like:

1. Full disclosure of all interception programs, and the number of cases involved
2. Disclosure after a reasonable amount of time that my data has been intercepted.
3. Independent oversight of All cases by someone like the RIPA Interception Commissioner
4. All cases to be authorised by an individual warrant authorised by a judicial person.

What we want is the law as it applies to everything else, should apply to the internet. Searching my data should be the same as searching my house, or searching my person. It is the same amount of intrusion, it should have the same controls.

I trust that you will NOT vote for this bill and will argue against it in the House.

Yours Sincerely

Stuart Ward

Cracking the Hacking Team

6 July 2015

The somewhat notorious Hacking Team seem to have been subject to an attack of using their own tools. This points to the use of poor passwords, and reusing password on multiple systems.

The other lesson here is to have tools looking for ex-filtration of data, at least to detect when something has gone wrong.

We should be able to learn something here…

“Hacking Team appears to have committed two of the classic mistakes in security: Never use simple passwords and never reuse passwords. For a security company that’s this high profile, there’s no excuse for these sins. We don’t know yet how the attackers got into HT’s systems, but given the poor passwords that have been revealed in the documents, it could have been as simple as brute-forcing the passwords on a few system,” Martin McKeay, Akamai senior security advocate, commented for Help Net Security.

“The other major mistake made by HT was not noticing that 400Gb of data was leaving their systems. Extrusion detection for an organization that specializes in malware and monitoring should be one of the defenses they concentrate on, because it’s what other people would use to detect their tools. Expect your tools to be used against you is a basic warfare tenet.”

And I have now fallen into the trap of the miss use of the word “Hacking” in a negative context.

The upside-down quad-copter build

3 June 2015

Back in January we had the first rLab quad-copter build party. And here is my effort.

Original Quad-copter build

Original Quad-copter build

This has flown well, and I have slowly learnt how to fly these things. This learning process has involved quite a few crashes, with varying degrees of damage. I think I have replaced the arms about 8 times now, and recently the body frame was so broken that I needed a total rebuild the machine. I decided to try and rebuild it with the body hanging down and all the control stuff inside the body of the copter. Here is the result of my efforts.

Upside-down quad-copter

Upside-down quad-copter

This seems to be a an improvement. The flight is more stable and easier to control. Take-off and landing are easier as there is a bit more space under the props. The control unit is harder to get at but this has not proved much of a problem. Overall a great improvement.

An expression of Elegance; Base 3 math

27 May 2015

I have been playing around with the Balanced Ternary number system. I gave a talk at DC4420 on Monday night on this, and I am posting the presentation slides up here for anyone interested.

Presentation (pdf)

The further reading links on the last slide are:

Wikipedia Page

Paper by Brian Hayes

Hackaday Project

Paper on a Balanced Ternary adder circuit design (pdf)

More evidence that bulk snooping dosent work

27 April 2015

But little came of the Stellarwind tips. In 2004, the F.B.I. looked at a sampling of all the tips to see how many had made a “significant contribution” to identifying a terrorist, deporting a terrorism suspect, or developing a confidential informant about terrorists.

Just 1.2 percent of the tips from 2001 to 2004 had made such a contribution. Two years later, the F.B.I. reviewed all the leads from the warrantless wiretapping part of Stellarwind between August 2004 and January 2006. None had proved useful.

Article on IMSI Catchers and Stingrays

24 April 2015

I have been helping a proper journalist, Brady Dale, write a article on the use and abuse of Stingrays and other IMSI catchers. It turned out quite well. It is up on Motherboard.