Later On

A blog written for those whose interests more or less match mine.

Archive for the ‘Obama administration’ Category

US drone strikes kills two innocents, but this time they’re not brown, so this time Obama apologizes

leave a comment »

Apparently, it’s a much bigger deal when a drone strike kills an innocent American or Italian rather than an innocent Pakistani or Yemeni. President Obama has apologized to the families of these two (but not to any other families). I wonder if the families will get the usual $2000 payment to compensate them for their loss. Peter Baker and Julie Davis report in the NY Times:

President Obama on Thursday offered an emotional apology for the accidental killing of two hostages held by Al Qaeda, one of them American, in a United States government counterterrorism operation in January, saying he takes “full responsibility” for their deaths.

“As president and as commander in chief, I take full responsibility for all our counterterrorism operations,” including the one that inadvertently took the lives of the two captives, a grim-faced Mr. Obama said in a statement to reporters in the White House briefing room.

“I profoundly regret what happened,” he added. “On behalf of the U.S. government, I offer our deepest apologies to the families.”

Mr. Obama’s remarks came shortly after the White House released an extraordinary statement revealing that intelligence officials had confirmed that Warren Weinstein, an American held by Al Qaeda since 2011, and Giovanni Lo Porto, an Italian held since 2012, died during the operation. . .

Continue reading.

Written by LeisureGuy

23 April 2015 at 10:32 am

Continuing lies from VA

leave a comment »

The first priority of a bureaucracy: Protect the bureaucracy. Bureaucrats with power use that power to protect themselves—and also for other things, of course. But self-defense and organizational survival are by no means neglected. Dave Philipps reports for the NY Times:

The nationwide scandal last spring over manipulated wait times atDepartment of Veterans Affairs hospitals led to the ouster of the secretary of veterans affairs and vows from the new leadership that people would be held accountable.

Then in February, the new secretary, Robert A. McDonald, asserted in a nationally televised interview that the department had fired 60 people involved in manipulating wait times to make it appear that veterans were receiving care faster than they were. In fact, the department quickly clarified after that interview, only 14 people had been removed from their jobs, while about 60 others had received lesser punishments.

Now, new internal documents show that the real number of people removed from their jobs is much smaller still: at most, three.

The documents given this month to the House Committee on Veterans Affairs, which provided them to The New York Times, show that the department punished a total of eight of its 280,000 employees for involvement in the scandal. One was fired, one retired in lieu of termination, one’s termination is pending, and five were reprimanded or suspended for up to two months.

The only person fired was the director of the Phoenix hospital, Sharon Helman, who technically was removed not for her role in the manipulation of waiting lists but for receiving “inappropriate gifts,” according to the department.

In a statement released Wednesday night, the department did not dispute the numbers released by the committee, but said that more than 100 other employees were facing disciplinary action.

“V.A. is committed to holding employees accountable for misconduct,” the statement said.

But the documents drew expressions of outrage from congressional Republicans and prompted Representative Jeff Miller, Republican of Florida and chairman of the House Veterans Affairs Committee, to say he will introduce legislation on Thursday to speed the firing process.

“Rather than disciplining bad employees, V.A. often just transfers them to other V.A. facilities or puts them on paid leave for months on end,” Mr. Miller said in a statement.

His measure, called the V.A. Accountability Act, would sharply cut the time allowed for employees to appeal terminations to less than 30 days. The existing rules allow employees facing termination to collect pay while they appeal to the Merit Systems Protection Board for federal employees — a process that can last up to two years.

The measure would also lengthen probationary periods for new employees and increase oversight of labor unions in the department. . .

Continue reading.

I wish the Obama Administration did a better job. One of the comments to the story:

Midwest 13 minutes ago

I worked in the VA a number of years ago. The biggest problem in the VA system was the incompetent management and its impact on staff morale and patient satisfaction. Management within the VA created an unnecessarily authoritarian environment. This authoritarian approach to leadership resulted in a lot of mediocre managers hiding behind their title and lording power, rather than creating effective work environments. A narrow focus on “productivity” blinded unimaginative leaders to the nature of genuinely effective and innovative work settings, which is what the VA desperately needs. Staff were unhappy and over-worked, and this was evident to vets who were coming to the VA for their care, surely seeking a healthy environment in which to receive that care. I can honestly say now that I would leave my profession of 25 years before I would return to the VA. While I loved the vets, the VA was a place I found impossible to adjust to. I miss the vets every day, but never the VA.

Written by LeisureGuy

22 April 2015 at 8:41 pm

One guy trading at home caused the flash crash? Really?

leave a comment »

Here’s the Bloomberg View report by Matt Levine:

Hey look, they caught the guy who caused the flash crash of 2010! His name is Navinder Singh Sarao, and he lives in London and in 2009 he asked someone to help him build a spoofing robot:

On or about June 12, 2009, SARAO sent an email to a representative of his FCM in which he explained that he “need[ed] to get in touch with a [] technician [at the company that provided his trading software (“Trading Software Company #1″)] that will be able to programme for me extra features on [the software],” namely, “a cancel if close function, so that an order is canceled if the market gets close.”

Sarao was trading E-mini S&P 500 futures contracts, but he wanted a more convenient way to not trade them, so he e-mailed his FCM (futures commission merchant, i.e. broker) for help automating that. The idea is that he would put in a big order to sell a whole bunch of futures at a price a few ticks higher than the best offer. So probably he wouldn’t sell any futures, since he wasn’t offering the best price. But he had to keep constantly updating his orders to keep them a few ticks higher than the best offer, to make sure that he didn’t accidentally sell any futures as the market moved. And that’s a bit of a pain, so he programmed an algorithm to do it for him. Though he also seems to have done similar things manually, to support the algorithm’s efforts, or to stave off boredom while the algorithm did its thing.

The point of this — according to the federal prosecutors, the Federal Bureau of Investigation and the Commodity Futures Trading Commission, who are not happy with Sarao — is that by placing all these fake sell orders, Sarao would artificially drive down the price of the E-mini futures. It’s classic spoofing: He’d place a lot of big orders to sell, everyone else would say, “Ooh look at all those big sell orders, I’d better sell too,” they’d sell, the market would go down, he’d buy, he’d turn off his algorithm, everyone else would say, “Oh hey never mind, things are great again, there are no more big sell orders,” they’d buy, the price would go back up, and Sarao would sell the futures he’d bought at a lower price a moment ago. We’ve talked about spoofing before, and I’ve always been a little troubled that it works, but what can I say, it works.

On May 6, 2010, according to the authorities, it worked a little too well: Sarao did such a good job of driving down the price of the E-mini future that he caused a flash crash in which “investors saw nearly $1 trillion of value erased from U.S. stocks in just minutes.” I’ll put some more details downstairs but honestly they are boring details. Sarao traded a ton of E-mini futures during the flash crash — “62,077 E-mini S&P contracts with a notional value of $3.5 billion” — and made “approximately $879,018 in net profits” that day, or a profit of about 2.5 basis points on the notional amount, which I guess isn’t bad for one day’s work. He did this by, basically, putting in orders to sell thousands of contracts away from the best offer. Those orders were never executed, or intended to be executed, but they tricked people into thinking that there was a lot more selling interest than there actually was. That combined with a collapse in buying interest — at one point Sarao’s fake sell orders alone “were almost equal to the entire buyside of the Order Book” — to create a collapse in prices. He profited from those collapsing prices by selling high and buying back lower. It’s a pretty straightforward spoofing story.

So straightforward that one of the biggest puzzles here is why it took so long — and the help of a whistleblower — for regulators to figure it out. They came tantalizingly close:

As reflected in correspondence with both SARAO and an FCM he used, the CME observed that, between September 2008 and October 2009, SARAO had engaged in pre-opening activity — specifically, entering orders and then canceling them — that “appeared to have a significant impact on the Indicative Opening Price.” The CME contacted SARAO about this activity in March 2009 and notified him, via correspondence dated May 6, 2010, that “all orders entered on Globex during the pre-opening are expected to be entered in good faith for the purpose of executing bona fide transactions.” The CME provided a copy of the latter correspondence to SARAO’s FCM, which suggested to SARAO in an email that he call the FCM’s compliance department if he had any questions. In a responsive email dated May 25, 2010, SARAO wrote to his FCM that he had “just called” the CME “and told em to kiss my ass.”

Emphasis added because come on: The futures exchange wrote to Sarao on the day of the flash crash, telling him to stop spoofing, and he called them back “and told em to kiss my ass.” And then regulators pondered that reply for five years before deciding that they’d prefer tohave him arrested in London and extradited to face criminal spoofing charges. One conclusion here might be that rudeness to regulators really works.

Even odder, Sarao didn’t just retire to a supervillain lair after the flash crash. The CFTC lists “at least” 12 days on which he allegedly manipulated the futures market; eight of them came after the flash crash, and he allegedly continued to manipulate the futures market more or less up to the moment he was arrested. The CFTC claims that Sarao basically started his spoofing career by causing the flash crash, and then went ahead and kept spoofing for another five years without much interruption. I guess he got more subtle at it? Not very subtle though; he was a consistently large trader, “placing, repeatedly modifying, and ultimately canceling multiple 200-, 250-, 300-, 400-, 500-, 550-, 600-, and 900-lot sell orders,” versus an average order size of seven contracts. He also seems to have had some patterns (like putting in orders for exactly 188 or 289 contracts that never executed) that you’d think would make him easier for regulators or exchanges to spot. If regulators think that Sarao’s behavior on May 6, 2010, caused the flash crash, and if they think he continued that behavior for much of the subsequent five years, and if that behavior was screamingly obvious, maybe they should have stopped him a little earlier?

Also, I mean, if his behavior on May 6, 2010, caused the flash crash, and if he continued it for much of the subsequent five years, why didn’t he cause, you know, a dozen flash crashes?

So I mean … maybe he didn’t cause the flash crash? There’s a jointCFTC and Securities and Exchange Commission report that came out a few months after the flash crash that blames it on an effort by Waddell & Reed to sell some E-mini futures with an inept algorithm; lots of people have long had their doubts about that theory, and now the CFTC itself seems to have abandoned it in favor of the new one-guy-in-London theory. You could maintain a skeptical attitude about the one-guy-in-London theory too though. The CFTC says that Sarao’s “Layering Algorithm” was turned on between 11:17 a.m. and 1:40 p.m. Central time, and that “the Layering Algorithm caused the price in the E-mini S&P contract to be temporarily artificially depressed while the Layering Algorithm was active. Once the Layering Algorithm was turned off and the orders were canceled, the market price typically rebounded.” But the CFTC also describes the flash crash this way:

Between 1:41 and 1:44 p.m. CT, the E-mini S&P market price suffered a sharp decline of 3%. Then, at 1:45 p.m. CT, in a matter of 15 seconds, the E-mini S&P market price declined another 1.7%. The price crash in the E-mini S&P market quickly spread to major U.S. equities indices which suffered precipitous declines in value of approximately 5 to 6%, with some individual equities suffering much larger declines.

Get that? The flash crash happened when Sarao’s algorithm had been turned off, and the price should have been rebounding: . . .

Continue reading.

And in Wall Street on Parade, Pam Martens is similarly skeptical:

The U.S. Justice Department is relying on Americans’ gullibility with its arrest of a 36-year old in the U.K., charging him as a key culprit in the Flash Crash of the stock market on May 6, 2010. London newspapers report the young man trades from his bedroom in his parents’ middle class row house.

The arrest came on the same day that news broke that Loretta Lynch was speeding toward a confirmation vote in the U.S. Senate as the next U.S. Attorney General, meaning that current U.S. Attorney General Eric Holder is making his last hurrah after failing to prosecute any bigwigs on Wall Street throughout his tenure, notwithstanding their insidious role in the greatest financial collapse since the Great Depression.

The first problem with the Justice Department’s complaint against the bedroom spoofer is that the complaint has gone missing. What was released to the public consists of a one-pager stating that there is a complaint, followed by an affidavit from an FBI agent and a one-page Exhibit A which shows trading prices on an S&P 500 futures contract from 11:00 to 11:12 – far removed from when the Flash Crash occurred in the afternoon.

The press release issued by the Justice Department tells us that “Navinder Singh Sarao, 36, of Hounslow, United Kingdom, was arrested today in the United Kingdom, and the United States is requesting his extradition.  Sarao was charged in a federal criminal complaint in the Northern District of Illinois on Feb. 11, 2015, with one count of wire fraud, 10 counts of commodities fraud, 10 counts of commodities manipulation, and one count of ‘spoofing,’ a practice of bidding or offering with the intent to cancel the bid or offer before execution.”

However, the actual complaint that would provide specifics of these counts is missing from what was released by the U.S. Justice Department.

Another problem in this case is that the FBI agent, Gregory Laberta, appears to be getting the bulk of his theories and trading analysis from “representatives of an economic consulting group retained in connection with this investigation who have reviewed relevant trading and order book data.” Both the names of the representatives and the name of the consulting group are withheld.

The crux of the allegations is that Sarao put downward pressure on market prices via the E-Mini Standard and Poor’s 500 futures contract. The FBI agent’s affidavit states: “Between 12:33 p.m. and 1:45 p.m., SARAO placed 135 sell orders consisting of either 188 or 289 lots, for a total of 32,046 contracts.”

Just as the original finger pointing at the mutual fund company Waddell and Reed made no sense, neither do these allegations. As we reported in 2010:

“The so-called Flash Crash report was the product of the Commodity Futures Trading Commission (CFTC) and Securities and Exchange Commission (SEC) and consists of 104 pages of data that is unintelligible to most Americans, including the media that are so confidently reporting on it.  It names no names, including the firm it is fingering as the key culprit in setting off the crash.  Earlier media reports say the firm is the mutual fund manager, Waddell and Reed, and Waddell has conceded that it made a large trade that day to hedge its positions in its mutual funds which total $70 billion according to its web site.

“As the official report goes, Waddell set off a computerized algorithm to sell 75,000 contracts of the E-mini futures contract that is based on the Standard and Poor’s 500 stock index and trades at the Chicago Mercantile Exchange.  At roughly $55,000 per contract, the total amount Waddell was seeking to sell to hedge its mutual fund stock positions was $4.125 billion.

“But here’s where the official theory comes apart: fourteen days after the Flash Crash, Terrence Duffy, the Executive Chairman of the CME Group which owns the Chicago Mercantile Exchange testified before the U.S. Senate’s Subcommittee on Securities, Insurance, and Investment of the Committee on Banking, Housing and Urban affairs that “Total volume in the June E-mini S&P futures on May 6th was 5.7 million contracts, with approximately 1.6 million or 28 per cent transacted during the period from 1 p.m. to 2 p.m. Central Time.”  In other words, the government investigators are suggesting that a trade that represented 1 per cent of the day’s volume in a futures contract in Chicago and less than 5 per cent of contracts traded in the pivotal 1 to 2 p.m. time frame in Chicago (2 to 3 p.m. in New York) caused stocks in the cash market to plunge to a penny.”

If no charges were brought against Waddell and Reed for their 75,000 contracts, why are charges being brought against the bedroom trader for his 32,046 contracts?

The official reports in 2010 focused heavy suspicions on two trading firms that went unnamed, other than Waddell and Reed. We filed a Freedom of Information Act request for the names of those firms and our request was denied. There’s your smoking gun.

From the 2010 report: . . .

Continue reading.

So this poor schlemiel is going to be fr0g-marched off to jail to protect two big Wall Street firms—that seems about par for the course for Eric Holder, past and future Wall Street lawyer.

Written by LeisureGuy

22 April 2015 at 8:10 pm

Even NSA acknowledges need for discussion of cyberwarfare

leave a comment »

Dan Froomkin reports at The Intercept:

A whole new and very dangerous field of warfare has been developed by the Obama administration, in secret, using untested legal justifications, and without even the faintest whiff of oversight.

So kudos to Patrick Tucker, technology editor for Defense One, who took advantage of a recent moment with National Security Agency chief Michael Rogers to ask him: Is there a way to discuss publicly what the future of cyberwar operations will look like?

Rogers said, dismissively, that the public should trust that the U.S. will follow the international laws of conflict and that its use of cyberwarfare would “be proportional” and “in line with the broader set of norms that we’ve created over time.”

But he also acknowledged the need, at some point, for the public to have some sort of a say.

Rogers likened cyberattacks to the development of mass firepower in the 1800s. “Cyber represents change, a different technical application to attempt to achieve some of the exact same effects, just do it in a different way,” he said.

“Like those other effects, I think, over time, we’ll have a broad discussion in terms of our sense of awareness, both in terms of capabilities as well as limitations.”

Over time?

That discussion is long overdue.

The almost always-wrong Washington Post editorial board had it exactly right when it wrote “now that the United States is going beyond defense, expanding forces for offensive attack, there’s a crying need for more openness. So far, forces exist almost entirely in the shadows.”

The editorial continued:

What concerns us is not the growth of forces but the way it is happening behind the scenes. The U.S. Cyber Command is a military unit, but its chief, Gen. Keith Alexander, is also director of the National Security Agency, which is part of the intelligence community. So far, operations and deployments are being handled almost entirely in secret.

Aside from a line in a speech last fall by Defense Secretary Leon Panetta, and some vague language in a 2011 strategy paper, the missions, purpose and scope of conflict have yet to be satisfactorily revealed. One large missing piece is a declaratory policy similar to that used for nuclear weapons in the Cold War, when nuclear policy was openly debated without divulging important secrets. There’s also little public information about rules of engagement for forces or about chain of command and authority to use them. The nature of the threat should also be exposed to a generous dose of sunlight. If conflict in cyberspace is underway, then it is important to sustain support for the resources and decisions to fight it, and that will require more candor.

You may have gathered by the reference to Alexander and Panetta that this was not a recent editorial. In fact, it came out two years ago. The response: *crickets*.

David Sanger’s 2012 book Confront and Conceal: Obama’s Secret Wars and Surprising Use of American Power, described the Obama administration’s previously secret cyberwar campaign against Iran, and raised the very excellent question: “What is the difference between attacking a country’s weapon-making machinery through a laptop computer or through bunker-busters?”

No answer was forthcoming.

The thing of it is that history has shown time and again that secrecy and bad decisions go hand in hand.

As Chase Madar, an attorney and the author of The Passion of Bradley Manning: The Story Behind the WikiLeaks Whistleblower, wrote in 2013: . . .

Continue reading.

Written by LeisureGuy

22 April 2015 at 2:04 pm

Eric Holder’s DoJ always backs police in excessive-force cases

leave a comment »

Even while the DoJ investigates police departments that have shown grievous excessive force, they will back the police in court. Read this dispiriting article by Matt Apuzzo and Adam Liptak in the NY Times. From the article:

At the Supreme Court, where the limits of police power are established, Mr. Holder’s Justice Department has supported police officers every time an excessive-force case has made its way to arguments. Even as it has opened more than 20 civil rights investigations into local law enforcement practices, the Justice Department has staked out positions that make it harder for people to sue the police and that give officers more discretion about when to fire their guns. . . .

When police abuse cases make it to the Supreme Court, even if they have nothing to do with federal agents, the Justice Department often weighs in. Last year, the department sided with police officers in West Memphis, Ark., who shot a driver and passenger 15 times, killing them at the end of a chase.

John F. Bash, a Justice Department lawyer in that case, told the justicesthat “there is some level of reckless driving in response to a police pursuit that authorizes the use of deadly force.” What was certain, he added, was that the officers were entitled to qualified immunity, which shields them from civil rights lawsuits. The Supreme Court unanimously agreed.

Every such victory makes it harder for citizens to prevail when they believe they have been mistreated by police officers. It also adds obstacles for the Justice Department’s own civil rights investigators when alleging police misconduct. That has led to some tense debates inside the department, current and former officials say, as the government’s civil rights and appellate lawyers discussed when the department should weigh in, and on which side. Those debates have led the Justice Department to take more nuanced positions than government lawyers might have otherwise, the officials said. . . .

Private civil rights lawyers, though, have been frustrated that the Justice Department’s aggressive stance in civil rights reports does not extend to its positions before the Supreme Court. “A report can have an impact on a department for a time,” said Gary Smith, the lawyer for the driver in the Arkansas case. “But case law touches every officer in every department in the country.”

Eventually, he predicted, police departments facing civil rights investigations will challenge the Justice Department on its apparently contradictory positions. “You’re telling the Supreme Court it’s O.K., and you’re doing this to us?” Mr. Smith said.

When Justice Department lawyers argue before the Supreme Court, they typically draw fine distinctions and avoid outright contradictions. But such cases can send seemingly mixed messages. For example, the civil rights division said in December that police officers in Cleveland were too quick to use force against mentally ill people. For support, it cited the federal appeals court decision in the case of the mentally ill woman in San Francisco — the same decision that Justice Department lawyers would argue against a few months later.

Similarly, the Justice Department criticized the Sheriff’s Office in Franklin County, Ohio, in 2010 for using stun guns on inmates while they were handcuffed and posed no threat, or when they committed minor rule violations. In a Supreme Court case to be heard this month, the Justice Department has sided with Wisconsin jail officials who used a stun gun on an inmate after he was handcuffed and taken from his cell for refusing to remove a piece of paper covering a light fixture in his cell. . . .

The Department of Justice seems more interested in protecting police who use excessive force than it is in protecting citizens who are victims of that force.

Written by LeisureGuy

21 April 2015 at 6:13 pm

A possibility that makes sense of many observations: The FBI is simply stupid

with 3 comments

Look at the earlier posts today on the FBI’s forensic “science” mess. Look at how the FBI pays criminals to encourage feeble-minded mopes to try for a terrorist attack, then provides plans and materials (so that the FBI can get credit for stopping its own plot). And now consider how the FBI seems unable to grasp the basic elementary facts of encryption. How do you explain all those? Occam’s Razor suggests the simplest answer: The FBI, as an organization, is stupid. I am not happy about that. We would all be better off if the FBI, as an organization, were intelligent. But it is a highly authoritarian organization, and highly authoritarian organizations generally wander off in the direction of stupidity since such organizations tend to choke off constructive feedback (which often points out organizational error, and authoritarian organizations will not admit error).

Jason Koebler reports for Motherboard:

​It has now been six months since FBI Director James Comey said that ” encryption threatens to lead all of us to a very dark place.” Since then, the FBI, Department of Ju​stice, President Oba​ma, and ​NSA have all taken potshots at encryption, each of them suggesting that the risk of criminals using the technology to hide from law enforcement outweighs the benefits of ordinary people wanting to keep their data and communications private.

The frustrating thing about all of this is how little the conversation has changed in the last six months. Comey and his counterparts at the NSA keep saying that they want lawful, technologically sound ways to access encrypted data if they are given permission to do so by a judge. People who understand the technology keep telling them that such a system is not possible.

Let’s just reiterate that for a moment. In order to create alternate ways of accessing encrypted data, necessarily you must create a security hole or a backdoor into that data. When you purposefully create security holes, those holes can be exploited by others (i.e. not the FBI or the NSA). Therefore, is it really still encryption anymore?

“The notion that electronic devices and communications could never be unlocked or unencrypted—even when a judge has decided that the public interest requires accessing this data to find evidence—is troubling,” FBI Executive Assistant Director Amy Hess ​wrote in a Wall Street Journal editorial. “It may be time to ask: Is that a cost we, as a society, are prepared to pay?”

She said the move to “ubiquitous encryption” will usher in an era in which criminals will run free after hiding incriminating evidence “without fear of discovery by the police.”

It’s time for the FBI and NSA to tell us what they really want. Because for the last six months, both agencies have been repeatedly asking for something that is simply technologically impossible. When confronted with that fact, the agencies resort to the sort of rhetoric that shows up in Hess’s editorial and in Comey’s speeches. They favor “robust encryption as a key tool to strengthen cybersecurity,” but what does that mean? Who can have encryption, and what kind of encryption can they have?

It’s worth noting that, until recently, the ​FBI recommended that you encrypt your phone. It’s also worth noting that the ​man who wrote the Patriot Act thinks you should be allowed to use encryption.

NSA Administrator Michael Rogers has propos​ed what is known as a “split key” system—one in which a phone manufacturer would create an extra encryption key and then distribute its “parts” to different entities. It’s kind of like escrow—someone holds the key to unlock your phone or your email or whatever. If the NSA or FBI gets a warrant to decrypt the data, it’ll go to that escrow holder and get the key, and then have access to all of your data.

The problems with this suggestion are numerous. Who holds the key? Who can you trust with the key? Joseph Lorenzo Hall, chief technologist with the Center for Democracy and Technology, calls it “not a ​serious proposal,” for lots of reasons. The FBI and NSA act as though the United States is the only country in the world that wants access to encrypted data. It’s not.American companies are overwhelmingly dominant globally, and companies like Apple, Google, Facebook, and Twitter make heaps of cash overseas. Facebook and Twitter both have a history of caving to the demands of autocratic governments when faced with the possibility of being shut down. So, if the US gets its “golden key” for WhatsApp users, does Turkey get ​one too? Does P​akistan? Doe​s China? D​oes Russia? How are you going to make all these keys and keep them separate? What happens if someone gets ahold of them?

And what happens to those American companies who are shipping products globally with built-in backdoors allowing US law enforcement to access user data? Such a provision doesn’t seem likely to go over well in, say, Germany.

This conundrum is the exact same one that the US ran into back in 1997, Hall wrote:

We demonstrated [in 1997] that there would be no provable secure way to communicate using split key key escrow systems, so certain types of sensitive transactions involving health information, financial information, and intimate information would be more vulnerable to interception in the case of a flaw, compromise, or abuse of the system. Also, securing repositories of keying material, validating requests for keys, and distributing keys would be exceedingly complex, and likely much more complex than the underlying encryption itself.

This is costly to say the least, but it can also be dangerous in that adding complexity to a system will inevitably lead to additional methods to undermine it and find vulnerabilities that can be used to attack it.

This is also the exact same conclusion reached by Matthew D. Green, a security researcher at Johns Hopkins University. Here is the pre​mise of a recent blog post he wrote: “Let’s pretend that encryption backdoors are a great idea. From a purely technical point of view, what do we need to do to implement them, and how achievable is it?”

Green’s entire blog post is worth reading, because he does outline several ways in which such a system could be implemented. Each of those backdoors essentially amount to attacks on encryption that would A) not work, B) be ridiculously expensive and difficult to implement, or C) create unnecessary and exploitable vulnerabilities. Green is widely seen as one of the best in the business when it comes to this stuff. He is at the top of his field and is widely respected. Basically, he knows his shit.

And here is the conclusion he reaches:

If this post has been more questions than answers, that’s because there really are no answers right now. A serious debate is happening in an environment that’s almost devoid of technical input, at least from technical people who aren’t part of the intelligence establishment.

The Washington Post notes in an artic​le outlining the split key idea that both the NSA and the FBI won’t or can’t name one single instance in which they were unable to thwart a terrorist or punish a criminal because they couldn’t break encryption. Likewise, the NSA and the FBI are plugging their ears and screaming about “bad guys” and “darkness” when it comes to encryption. They are not offering technical solutions, they are not offering alternatives, they are fear mongering.

So, what does the intelligence community want? . . .

Continue reading.

Written by LeisureGuy

21 April 2015 at 2:11 pm

Obama’s pledges are totally worthless

leave a comment »

Yet another example in a very long series of pledges made and ignored: the LA Times reports:

White House officials have told Armenian American activists that President Obama will not use the word “genocide” to describe the killings of more than 1 million Armenians at the hands of Ottoman Turks when he commemorates the deaths  Friday, the 100th anniversary of the massacres.

The decision backs down from a previous White House pledge and sparked anger from Armenian American activists.

Continue reading.

It’s difficult to respect a man who so cavalierly ignores pledges he has made—and does so repeatedly. I am glad he worked to get some reform in healthcare, but I cannot respect him for his terrible record on human rights, civil rights, persecution of whistleblowers (after pledging to protect them), intense secrecy (after pledging an open administration), refusal to investigated and prosecute those responsible for systematic torture and other war crimes (after pledging to uphold the law). Overall, I have to rate his performance as president as shoddy. I do recognize the obstacles he faced in the (almost literally) insane opposition from the GOP, but his refusal to honor his own pledges is very much to his discredit.

Written by LeisureGuy

21 April 2015 at 1:56 pm


Get every new post delivered to your Inbox.

Join 1,793 other followers

%d bloggers like this: