PRIMA PAGINA New York Times di Oggi martedì, 10 dicembre 2024

Megumi knows exactly who Suguru is and gets a real kick out of triggering Satoru’s cPTSD. And for Satoru, it’s a double whammy because his kid looks exactly like Toji, too.

Man can’t get a break. He’s confronted by the face of his killer wearing the fit of his ex - on the day he was dumped, no less - on the daily.

I bet Satoru was a normal and healthy individual, but Megumi drove him to insanity.

It seems like Iran intercepted nearly every 'Israeli' attack on Iran.

China hacked Verizon, AT&T and Lumen using the FBI’s backdoor

On OCTOBER 23 at 7PM, I'll be in DECATUR, presenting my novel THE BEZZLE at EAGLE EYE BOOKS.

State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish:

https://www.wsj.com/tech/cybersecurity/u-s-wiretap-systems-targeted-in-china-linked-hack-327fc63b?st=C5ywbp&reflink=desktopwebshare_permalink

In 1994, Bill Clinton signed CALEA into law. The Communications Assistance for Law Enforcement Act requires every US telecommunications network to be designed around facilitating access to law-enforcement wiretaps. Prior to CALEA, telecoms operators were often at pains to design their networks to resist infiltration and interception. Even if a telco didn't go that far, they were at the very least indifferent to the needs of law enforcement, and attuned instead to building efficient, robust networks.

Predictably, CALEA met stiff opposition from powerful telecoms companies as it worked its way through Congress, but the Clinton administration bought them off with hundreds of millions of dollars in subsidies to acquire wiretap-facilitation technologies. Immediately, a new industry sprang into being; companies that promised to help the carriers hack themselves, punching back doors into their networks. The pioneers of this dirty business were overwhelmingly founded by ex-Israeli signals intelligence personnel, though they often poached senior American military and intelligence officials to serve as the face of their operations and liase with their former colleagues in law enforcement and intelligence.

Telcos weren't the only opponents of CALEA, of course. Security experts – those who weren't hoping to cash in on government pork, anyways – warned that there was no way to make a back door that was only useful to the "good guys" but would keep the "bad guys" out.

These experts were – then as now – dismissed as neurotic worriers who simultaneously failed to understand the need to facilitate mass surveillance in order to keep the nation safe, and who lacked appropriate faith in American ingenuity. If we can put a man on the moon, surely we can build a security system that selectively fails when a cop needs it to, but stands up to every crook, bully, corporate snoop and foreign government. In other words: "We have faith in you! NERD HARDER!"

NERD HARDER! has been the answer ever since CALEA – and related Clinton-era initiatives, like the failed Clipper Chip program, which would have put a spy chip in every computer, and, eventually, every phone and gadget:

https://en.wikipedia.org/wiki/Clipper_chip

America may have invented NERD HARDER! but plenty of other countries have taken up the cause. The all-time champion is former Australian Prime Minister Malcolm Turnbull, who, when informed that the laws of mathematics dictate that it is impossible to make an encryption scheme that only protects good secrets and not bad ones, replied, "The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia":

https://www.zdnet.com/article/the-laws-of-australia-will-trump-the-laws-of-mathematics-turnbull/

CALEA forced a redesign of the foundational, physical layer of the internet. Thankfully, encryption at the protocol layer – in the programs we use – partially counters this deliberately introduced brittleness in the security of all our communications. CALEA can be used to intercept your communications, but mostly what an attacker gets is "metadata" ("so-and-so sent a message of X bytes to such and such") because the data is scrambled and they can't unscramble it, because cryptography actually works, unlike back doors. Of course, that's why governments in the EU, the US, the UK and all over the world are still trying to ban working encryption, insisting that the back doors they'll install will only let the good guys in:

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

Any back door can be exploited by your adversaries. The Chinese sponsored hacking group know as Salt Typhoon intercepted the communications of hundreds of millions of American residents, businesses, and institutions. From that position, they could do NSA-style metadata-analysis, malware injection, and interception of unencrypted traffic. And they didn't have to hack anything, because the US government insists that all networking gear ship pre-hacked so that cops can get into it.

This isn't even the first time that CALEA back doors have been exploited by a hostile foreign power as a matter of geopolitical skullduggery. In 2004-2005, Greece's telecommunications were under mass surveillance by US spy agencies who wiretapped Greek officials, all the way up to the Prime Minister, in order to mess with the Greek Olympic bid:

https://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%9305

This is a wild story in so many ways. For one thing, CALEA isn't law in Greece! You can totally sell working, secure networking gear in Greece, and in many other countries around the world where they have not passed a stupid CALEA-style law. However the US telecoms market is so fucking huge that all the manufacturers build CALEA back doors into their gear, no matter where it's destined for. So the US has effectively exported this deliberate insecurity to the whole planet – and used it to screw around with Olympic bids, the most penny-ante bullshit imaginable.

Now Chinese-sponsored hackers with cool names like "Salt Typhoon" are traipsing around inside US telecoms infrastructure, using the back doors the FBI insisted would be safe.

Tor Books as just published two new, free LITTLE BROTHER stories: VIGILANT, about creepy surveillance in distance education; and SPILL, about oil pipelines and indigenous landback.

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/10/07/foreseeable-outcomes/#calea

Image: Kris Duda, modified https://www.flickr.com/photos/ahorcado/5433669707/

CC BY 2.0 https://creativecommons.org/licenses/by/2.0/

So, how fired, on a scale from one to ten, is Wit for losing: The only two Bondsmiths in the world aka the queen and king of Urithiru, the five year old heir of Alethkar, the Kholin Highprincess, the Kholin spare, and his boyfriend?

??? 😭

Two examples of the F-4C Phantom II as assigned to the 57th Fighter Intercept Squadron (FIS) based at Keflavik, Iceland. One in Air Defense Command 'grey blue', the other in SE Asia camouflage, both carrying the distinctive 'checkerboard'. The upper bird sporting a 'kill' from a few years before on the other side of the world.

Look all I'm saying is that Viktor is the undercity, jinx is in the undercity, arrangements need to be made.

GOLD RUSH✨✨

did you guys know its really really bad to have prolonged exposure to sulfur. anyways heres kurt wearing a gas mask so he doesnt fuck up his throat + eyes

Needed to get some Lego out of my system, after getting back into Space Engineers. Probably done a variant of this build a dozen times over, not sure how many of them made it to the posting stage. Thinking of doing a whole blue theme fleet.

---

The Howl class frigate was the backbone of the infamous, short lived Rost Defense Fleet. With the capture of the Highmoon shipyards above Rost, the newly minted Free Rost Republic sought to move beyond the converted mercantile, cargo, and utility ships that formed its ragtag space combatants. The Howl class was intended to be a highly maneuverable, opportunistic platform that would ride the coat tails of better armored assault ships. The entire super structure was built around supported the alternating fire of the two bow mounted heavy railguns, and was intended to be so nimble as to be able to over fly a target, only to rapidly flip on a dime to fire into the enemy's less armored rear. History would prove that such lofty aspirations worked better on the drawing board than in reality, and with only two PDGs and light armor paneling the Howl class would mostly not survive the colonies future conflicts with the Solar Union and Ijad, forcing the remnants of the free colonist forces to rely more heavily on the converted civilian hulls the class was meant to replace after being displaced from Rost.

silly comic abt date night being cancelled because of some alien eggs and two teenagers who can't do what they're told ever

Every internet fight is a speech fight

THIS WEEKEND (November 8-10), I'll be in TUCSON, AZ: I'm the GUEST OF HONOR at the TUSCON SCIENCE FICTION CONVENTION.

My latest Locus Magazine column is "Hard (Sovereignty) Cases Make Bad (Internet) Law," an attempt to cut through the knots we tie ourselves in when speech and national sovereignty collide online:

https://locusmag.com/2024/11/cory-doctorow-hard-sovereignty-cases-make-bad-internet-law/

This happens all the time. Indeed, the precipitating incident for my writing this column was someone commenting on the short-lived Brazilian court order blocking Twitter, opining that this was purely a matter of national sovereignty, with no speech dimension.

This is just profoundly wrong. Of course any rules about blocking a communications medium will have a free-speech dimension – how could it not? And of course any dispute relating to globe-spanning medium will have a national sovereignty dimension.

How could it not?

So if every internet fight is a speech fight and a sovereignty fight, which side should we root for? Here's my proposal: we should root for human rights.

In 2013, Edward Snowden revealed that the US government was illegally wiretapping the whole world. They were able to do this because the world is dominated by US-based tech giants and they shipped all their data stateside for processing. These tech giants secretly colluded with the NSA to help them effect this illegal surveillance (the "Prism" program) – and then the NSA stabbed them in the back by running another program ("Upstream") where they spied on the tech giants without their knowledge.

After the Snowden revelations, countries around the world enacted "data localization" rules that required any company doing business within their borders to keep their residents' data on domestic servers. Obviously, this has a human rights dimension: keeping your people's data out of the hands of US spy agencies is an important way to defend their privacy rights. which are crucial to their speech rights (you can't speak freely if you're being spied on).

So when the EU, a largely democratic bloc, enacted data localization rules, they were harnessing national soveriegnty in service to human rights.

But the EU isn't the only place that enacted data-localization rules. Russia did the same thing. Once again, there's a strong national sovereignty case for doing this. Even in the 2010s, the US and Russia were hostile toward one another, and that hostility has only ramped up since. Russia didn't want its data stored on NSA-accessible servers for the same reason the USA wouldn't want all its' people's data stored in GRU-accessible servers.

But Russia has a significantly poorer human rights record than either the EU or the USA (note that none of these are paragons of respect for human rights). Russia's data-localization policy was motivated by a combination of legitimate national sovereignty concerns and the illegitimate desire to conduct domestic surveillance in order to identify and harass, jail, torture and murder dissidents.

When you put it this way, it's obvious that national sovereignty is important, but not as important as human rights, and when they come into conflict, we should side with human rights over sovereignty.

Some more examples: Thailand's lesse majeste rules prohibit criticism of their corrupt monarchy. Foreigners who help Thai people circumvent blocks on reportage of royal corruption are violating Thailand's national sovereignty, but they're upholding human rights:

https://www.vox.com/2020/1/24/21075149/king-thailand-maha-vajiralongkorn-facebook-video-tattoos

Saudi law prohibits criticism of the royal family; when foreigners help Saudi women's rights activists evade these prohibitions, we violate Saudi sovereignty, but uphold human rights:

https://www.bbc.com/news/world-middle-east-55467414

In other words, "sovereignty, yes; but human rights even moreso."

Which brings me back to the precipitating incidents for the Locus column: the arrest of billionaire Telegram owner Pavel Durov in France, and the blocking of billionaire Elon Musk's Twitter in Brazil.

How do we make sense of these? Let's start with Durov. We still don't know exactly why the French government arrested him (legal systems descended from the Napoleonic Code are weird). But the arrest was at least partially motivated by a demand that Telegram conform with a French law requiring businesses to have a domestic agent to receive and act on takedown demands.

Not every takedown demand is good. When a lawyer for the Sackler family demanded that I take down criticism of his mass-murdering clients, that was illegitimate. But there is such a thing as a legitimate takedown: leaked financial information, child sex abuse material, nonconsensual pornography, true threats, etc, are all legitimate targets for takedown orders. Of course, it's not that simple. Even if we broadly agree that this stuff shouldn't be online, we don't necessarily agree whether something fits into one of these categories.

This is true even in categories with the brightest lines, like child sex abuse material:

https://www.theguardian.com/technology/2016/sep/09/facebook-reinstates-napalm-girl-photo

And the other categories are far blurrier, like doxing:

https://www.kenklippenstein.com/p/trump-camp-worked-with-musks-x-to

But just because not every takedown is a just one, it doesn't follow that every takedown is unjust. The idea that companies should have domestic agents in the countries where they operate isn't necessarily oppressive. If people who sell hamburgers from a street-corner have to register a designated contact with a regulator, why not someone who operates a telecoms network with 900m global users?

Of course, requirements to have a domestic contact can also be used as a prelude to human rights abuses. Countries that insist on a domestic rep are also implicitly demanding that the company place one of its employees or agents within reach of its police-force.

Just as data localization can be a way to improve human rights (by keeping data out of the hands of another country's lawless spy agencies) or to erode them (by keeping data within reach of your own country's lawless spy agencies), so can a requirement for a local agent be a way to preserve the rule of law (by establishing a conduit for legitimate takedowns) or a way to subvert it (by giving the government hostages they can use as leverage against companies who stick up for their users' rights).

In the case of Durov and Telegram, these issues are especially muddy. Telegram bills itself as an encrypted messaging app, but that's only sort of true. Telegram does not encrypt its group-chats, and even the encryption in its person-to-person messaging facility is hard to use and of dubious quality.

This is relevant because France – among many other governments – has waged a decades-long war against encrypted messaging, which is a wholly illegitimate goal. There is no way to make an encrypted messaging tool that works against bad guys (identity thieves, stalkers, corporate and foreign spies) but not against good guys (cops with legitimate warrants). Any effort to weaken end-to-end encrypted messaging creates broad, significant danger for every user of the affected service, all over the world. What's more, bans on end-to-end encrypted messaging tools can't stand on their own – they also have to include blocks of much of the useful internet, mandatory spyware on computers and mobile devices, and even more app-store-like control over which software you can install:

https://pluralistic.net/2023/03/05/theyre-still-trying-to-ban-cryptography/

So when the French state seizes Durov's person and demands that he establish the (pretty reasonable) minimum national presence needed to coordinate takedown requests, it can seem like this is a case where national sovereignty and human rights are broadly in accord.

But when you consider that Durov operates a (nominally) encrypted messaging tool that bears some resemblance to the kinds of messaging tools the French state has been trying to sabotage for decades, and continues to rail against, the human rights picture gets rather dim.

That is only slightly mitigated by the fact that Telegram's encryption is suspect, difficult to use, and not applied to the vast majority of the communications it serves. So where do we net out on this? In the Locus column, I sum things up this way:

Telegram should have a mechanism to comply with lawful takedown orders; and

those orders should respect human rights and the rule of law; and

Telegram should not backdoor its encryption, even if

the sovereign French state orders it to do so.

Sovereignty, sure, but human rights even moreso.

What about Musk? As with Durov in France, the Brazilian government demanded that Musk appoint a Brazilian representative to handle official takedown requests. Despite a recent bout of democratic backsliding under the previous regime, Brazil's current government is broadly favorable to human rights. There's no indication that Brazil would use an in-country representative as a hostage, and there's nothing intrinsically wrong with requiring foreign firms doing business in your country to have domestic representatives.

Musk's response was typical: a lawless, arrogant attack on the judge who issued the blocking order, including thinly veiled incitements to violence.

The Brazilian state's response was multi-pronged. There was a national blocking order, and a threat to penalize Brazilians who used VPNs to circumvent the block. Both measures have obvious human rights implications. For one thing, the vast majority of Brazilians who use Twitter are engaged in the legitimate exercise of speech, and they were collateral damage in the dispute between Musk and Brazil.

More serious is the prohibition on VPNs, which represents a broad attack on privacy-enhancing technology with implications far beyond the Twitter matter. Worse still, a VPN ban can only be enforced with extremely invasive network surveillance and blocking orders to app stores and ISPs to restrict access to VPN tools. This is wholly disproportionate and illegitimate.

But that wasn't the only tactic the Brazilian state used. Brazilian corporate law is markedly different from US law, with fewer protections for limited liability for business owners. The Brazilian state claimed the right to fine Musk's other companies for Twitter's failure to comply with orders to nominate a domestic representative. Faced with fines against Spacex and Tesla, Musk caved.

In other words, Brazil had a legitimate national sovereignty interest in ordering Twitter to nominate a domestic agent, and they used a mix of somewhat illegitimate tactics (blocking orders), extremely illegitimate tactics (threats against VPN users) and totally legitimate tactics (fining Musk's other companies) to achieve these goals.

As I put it in the column:

Twitter should have a mechanism to comply with lawful takedown orders; and

those orders should respect human rights and the rule of law; and

banning Twitter is bad for the free speech rights of Twitter users in Brazil; and

banning VPNs is bad for all Brazilian internet users; and

it’s hard to see how a Twitter ban will be effective without bans on VPNs.

There's no such thing as an internet policy fight that isn't about national sovereignty and speech, and when the two collide, we should side with human rights over sovereignty. Sovereignty isn't a good unto itself – it's only a good to the extent that is used to promote human rights.

In other words: "Sovereignty, sure, but human rights even moreso."

If you'd like an essay-formatted version of this post to read or share, here's a link to it on pluralistic.net, my surveillance-free, ad-free, tracker-free blog:

https://pluralistic.net/2024/11/06/brazilian-blowout/#sovereignty-sure-but-human-rights-even-moreso

Image: © Tomas Castelazo, www.tomascastelazo.com (modified) https://commons.wikimedia.org/wiki/File:Border_Wall_at_Tijuana_and_San_Diego_Border.jpg

CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0/

Meteor Shower V2

The ISS Burning Horizon is a collaborative research and anomaly investigation ship funded by Piory Technologies and The Pursuit of Complete and Unchallenged Knowledge, managed (predominantly) by humans and slugcats respectively. Two renowned scientists, Dr. Irene Mosley and Yamara "Six-Times-Triumphant," argue about the possible causes of an irregularity on a pre-FTL planet they've been assigned to monitor. Behind them stands Bodie, an adolescent Scavenger apprentice who only got the job because of the stereotype that Scavengers and Slugcats are by default educated on each other's cultures due to their shared home planet (they're not). He brought the piece of information that caused the argument and now the scientists are too distracted to notice him, but as a rule of etiquette he is not allowed to leave until dismissed.

i am so genuinely fascinated by the struggles in the connection between rose and lindsey. they've played together forever, and been friends forever, but when you put them on the pitch together it's like they've never even played pass. for two consistent and important parts of the midfield, i do not understand how they aren't clicking.