The Null Device
2016/12/14
Terrible reports from Aleppo as the forces of the tyrant Assad, backed by Russia, take the last pockets of resistance and exact a terrible vengeance on the resisting population. Mass executions of civilians (or, in the official parlance, “terrorists”) ensue, some shot by firing squads, some burnt alive. (The executed “terrorists” include terrorist children, but as the Bolshevik who bayoneted the Romanovs reportedly said, “nits grow up to be lice”.) On Twitter, accounts that have posted from the besieged, bombed city send their desperate last dispatches. If you ever wondered what it would have been like had they had social media during, say, the Warsaw Ghetto uprising, it'd probably have been something like this.
Meanwhile, in the West, we look on, appalled but not surprised, and then, bummed out by the constant torrent of misery coming from those parts of the world, change the channel. How about that Kanye West, right? What a legend/card/asshole/(insert your own assessment).
Here in the liberal-democratic world, with its ideals of universal human rights and general tolerance, we are aghast; not in our name, we say. Though this very world seems to be in the process of being swept away, replaced by something more brutish and atavistically Hobbesian. From 20 January, the massacre of Aleppo, and any similar actions which follow, will have been in our name. The United States will officially approve of Assad's ancient right as sovereign to crush rebellions, and to lay waste to their cities, making examples of entire populations that harbour rebels to deter future rebellions (mercifully preventing more bloodshed in the future!). And as satellites of the Trumpreich, so will the UK (which increasingly rejects the idea of human rights) and Australia (with its own gulag system for brown and/or Islamic refugees) and others. France will almost certainly join the new consensus after the election of their next President, who is tipped to be either an actual fascist or a Catholic reactionary aching to roll back the Enlightenment, but in either case a follower of Putin's ideology of strength. They will join Hungary, Turkey and Poland, already in the growing post-liberal consensus. And so, as the world starts to look more like Russia at any point in history, a place where life is cheap, power is all, and any words that contradict this are lies, the relative stability of what came before (roughly the world from the years after World War 2 to 2016) will recede into myth; part fantastically bright Star Trek utopia, part naïve Weimar-style idealism, and part decadent lie that deserved to die. Indeed, the last citadel of liberalism and human rights may well be Germany, having had totalitarianism and genocide sufficiently close in its past, and sufficient memorials to its terrible toll, to resist desperately.
2016/11/14
As the US counts down the days to the inauguration of President Trump, some voices in the technology industry are calling for the industry to start scrubbing user data, before the new government's surveillance apparatus lays claim to it.
Currently, the NSA can tap into a broad range of communications, but have no means to compel communications to be in a form they can monitor. This is likely to change; after all, they will need to be able to hunt down those involved in, or providing support to, terrorist groups like Black Lives Matter and Friends Of The Earth, not to mention the President's extensive list of enemies. As such, it is quite likely that, at some point during Trump's first year, end-to-end encrypted messaging systems will be required to provide real-time plaintext to the security services. (Things have already been moving slowly in this direction, and will only accelerate under a president who has expressed admiration for autocrats and a brutishly Hobbesian view of how power works.)
Similar laws are already in force in more established autocracies such as Russia and Turkey. The difference is that American companies, subject to American law, provide many of the communications systems used worldwide, such as Apple iMessage, WhatsApp and Signal. These are likely to be compelled to provide the US homeland-security authorities with the plaintext of all messages coming through them, in real time, and to make whatever changes are necessary to their architecture to achieve this.
With iMessage, this would be theoretically easy to do. iMessage messages are encrypted from end to end, so Apple have no means of reading them, but each message is encrypted several times with the public keys of each of the recipients' devices (i.e., if you're sending one to someone with an iPhone and an iPad, your iMessage client will encrypt it with the public keys of both of their devices). Once they are legally compelled to do so, Apple could just quietly add an extra key, whose private key is held by the NSA iMessage ingestion gateway. Given that the entire iMessage system is closed-source and completely under Apple's control, Apple could push this to all users, without worrying about rogue clients that feed the NSA junk.
WhatsApp, Facebook Messenger Google Allo and so on are also proprietary systems, and could be made compliant in a similar fashion. Granted, WhatsApp and Messenger use the open-source Signal protocol for end-to-end-encrypted messages, but this algorithm sits entirely embedded within the app; there is no guarantee that the app actually uses it, or that it doesn't send a carbon copy of the message to a machine in Utah, in compliance with the law. The fine print could be amended on the website to not actually promise that your message is secret from everyone, including the authorities.
The Signal app itself appears to be a somewhat tougher nut to crack in practice; it's open-source and publicly documented, to the point where any third party could download the source code, examine it minutely, and then, once satisfied, build their own client and use that to communicate securely. However, the creator, Open Whisper Systems is a US company, subject to US laws. Legally, Giuliani or Arpaio or whoever ends up in charge of Homeland Security could billet a team of NSA engineers at their office, with the authority to dictate changes to code and architecture, all covered by a blanket gag order. The question now is how they could go about this:
- By making changes to the publicly visible source code; this would mean that any downloaded self-built versions would be surveillance-compliant. Of course, doing this in a way that is not detectable by code inspection would be the tricky part; perhaps the NSA have a toolkit of obfuscated tricks, exploiting secrets (presumably) only the NSA know about the inner architecture of commercially-available CPUs. Or perhaps the change could be slipped in within a complete rewrite, ostensibly in the name of “technical debt elimination”, making it harder to compare against the old code.
- By obliging Open Whisper Systems, under penalty of material-support-for-terrorism charges, to keep two sets of books, as it were, or two code repositories: the public one, for view, and the one that goes into the production builds. The server code (run by OWS, and under the jurisdiction of US law) could be modified to detect subtle differences between the two and degrade the connections of the former just enough to make it too flaky to use.
- To shut down Signal altogether (with OWS having the option of replacing it with an incompatible, compliant app).
Were Open Whisper Systems to preemptively move abroad to a more privacy-friendly jurisdiction (and Germany is a good one, for obvious reasons) before Trump's inauguration, it may complicate things more. Forcing an established app with a large user-base out of the App Store would be a lot harder than forcing an underground fork of an app out. This would involve all officers involved in running the company moving out of US jurisdiction, and potentially avoiding flights going to the US, UK or Russia.