Freitag, 26. Februar 2016

The delete-all password

Lockpicking Tools
Recent discussions revolve around the encryption of phone data and about security features [Bruce Schneiers article]. What comes up is the amount of time needed to decrypt the data by using brute force or more efficient approaches (like using dictionaries). Apple built in a 80 ms delay between two trys and by imposing a maximum number of trys after which all the data is deleted (or at least the part of the key which is stored on the phone).

I'd suggest an additional security feature which is, the "delete-all" password. Instead of only choosing the one password to decrypt the device, I'd like to have offered the possibility to create another password which --- if entered --- forces the data to be deleted (all keys erased).

It would even be possible to define (additionally) automatically many passwords which cause the deletion of the data. Of course, these passwords should be chosen, such that they are not likely to be entered if just a digit of the correct password is missed or a number is turned around.

At a brute-force attack it is then likely, that one of the delete-all-passwords is entered before the correct password. Even with a password with poor security (e.g. 4 digits, only numbers) it would be very probable, that the attacker deleted the data, before encountering the correct key.



Creative Commons License
The delete-all password by Peter Speckmayer is licensed under a Creative Commons Attribution 4.0 International License.

Samstag, 12. September 2015

The undervalued virtue of being lazy

"Laziness is a sin." 

"Socialism promotes laziness, capitalism promotes ingenuity"


Laziness is a virtue


I argue, that --- on the contrary --- laziness is a virtue. It is the origin of invention, ingenuity, and creativity. It is the main driver of the increase of productivity we've experienced in the last centuries.

Productivity


You are employed to perform a certain task. A task which is one of many which lead to the production of a product. You do the task once, you do it twice, you do it three times. At the end of th day you did it a thousand of times. The next day as well. And so follow the days. Every day the same thousand tasks, one equal to the next. Of course your hands get faster, you stop thinking about the task. You increase your productivity. After a month you already do one hundred tasks more a day than in the beginning. But there is a limit. At some point you are not able to perform the task faster. But your manager to the rescue. He knows how to augment your productivity. You just have to work longer. Hence, you work longer. But there is a limit, because each day does just have so many hours a day has. Well, the manager is not out of ideas yet. He is interested in maximizing the productivity per dollar spent. Since he cannot increase your workload any more and more training wouldn't make you any faster as well, he has to reduce your salary. This is the main principle of capitalism. And nothing would change that if it were not because of the lazy people.

The disliked lazy people

A lazy person wants to reduce the energy and time spent per unit she produces and by task she performs. The manager doesn't like her, because she's not fully committed to her boring workload and she is not fully committed to increasing the productivity of the company and the shareholder value and --- not to forget --- indirectly the salary of the manager by just being f***ing more productive. The manager pays for her time and for her suffering. If she isn't bored enough or struggling enough or suffering enough, he has the feeling that the money is not spent efficiently on her. And

Lazy people to the rescue

But the lazy person doesn't aim for not doing her job. She just wants to do it the smart way instead of the hard way. Of course this is difficult to grasp for the manager who is the equivalent of the man hitting the drums in a galley forcing the oarsmen to row to his rhythm. The lazy person cannot stand doing the same simple and stupid task a thousand of times per day. Her brain doesn't let her doing it something a thousand of times if she could invent a machine which does the thousand of tasks in her stead. That's where the spore of change starts to grow.

She invents a machine which does her job. The invention takes time. That's many tasks not performed. That's the manager freaking out because her lack of performance. But once built, the machine does ten thousand tasks a day. Productivity is increased ten-fold, not just by ten percent.

She writes a program which controls the machine and many more machines, thus increasing productivity (for this product) one-hundred-fold.

Lazyness is the root


Laziness is the root of creativity. Creativity is (in this context) the process of conceiving how to be able to spend less energy creating something without ceasing to create it, or improving the product by maintaining the same energy expenditure.

Laziness is the root of ingenuity. Ingenuity is the process of transforming the creative idea into a real plan, a true idea. Something from which a machine can be built, a program can be written, an algorithm which can be executed.

Laziness is the root of invention. Transforming the creative idea into a machine/program/workflow using ones ingenuity is---finally---invention.


Summary


The root of all progress we see is laziness. If it were not for laziness, there would not have been the industrial revolution, there would not have been the invention of computers, or mobile phones or robots or anything else we relate with progress.







Donnerstag, 4. Juni 2015

Anti-GMO is not anti-science - or - why sound science doesn't validate all its applications

Ab food 06

Sometimes an article pops up in my social media streams which basically equates an Anti-GMO stance with being anti-science in general. (like this one The psychology of why so many people are anti-GMO ). And I am Anti-GMO in a certain sense. 

Being a scientist by training and by heart, I obviously don't like being accused of being ignorant or stupid which is the main conclusion of these articles --- although being dressed in somewhat less insulting words. 

I feel obliged to respond what I am against, what I am in favor and why I think that these articles all argue into a complete irrelevant direction. 

I think that advances in biotechnology are great! The ability to genetically modify organisms is an immense achievement. For example the production of insulin from E.coli. bacteria or yeast is a prime example of the value of the biotechnological advance and the benefits it can bring to humans.

Hence, I'm all impressed by biotechnology and it's methods. In general at least.



What's my issue with GMO


You could think that given my strong admiration for biotechnology I must be a strong proponent of the use of GMOs everywhere. Like really everywhere. On the fields, in my backyard, in Africa, USA, Europe, whereever there are people planting something. But I am not. 

In my opinion GMO as it is used now is a means. It is a means to control farmers, to make them dependent and rip them off. Not only farmers are being ripped off, but as well us consumers. Big seed producers (of seeds on GMO basis) are imposing a kind of tax on each ton of food which is produced, worldwide. Not that farmers --- especially in the developing world and especially small scale farmers --- are not ripped off without GMO, but I argue that GMO makes it easier to rip them off. 

It is not the science that is the problem, it is the application


The issue is not the scientific basis, but rather the way how GMOs are used. They pave the way for non-diverse monoculture. Of course, monocultures are existing already, but GMOs cement that. One can see this in the USA where monocultures are the main way of farming. And each and every voice which argues against such things is suppressed by large multinationals. It frankly doesn't matter if some genetic modification seems safe in a lab experiment because A) if it doesn't, try to get the study published, you'll encounter a lot of resistance from these big multinationals and you will be wiped from the scientific landscape (see Seralini et al.: instead of addressing and maybe refuting arguments and ---whohooo making studies which contradict Seralini's results --- there was immediately a concerted, mostly non-scientific (i.e. ad hominem), attack and B) you have to extrapolate to large scale monocultures. Sorry, the often brought up argument that "because we think that GMO is completely safe, we don't have to produce studies which show that it is safe" it is not a valid argument, it is just a cirular argument. 

The economic incentives rig the scientific process


Whilst I'm a firm believer in science in general and in the scientific process, I don't see the scientific process working in the field of biotechnology. The issue is similar to pharmacological research. It's nearly impossible to publish a study which doesn't show what has been the desired outcome. And if you by chance succeed in doing so, you'll be stomped upon.

Another issue is patents. If all GMOs were patent free and thus independent from the big multinationals and they wouldn't have to squeeze every penny out of these patents in a time as short as possible, one could assess the positives and negatives in a less biased manner. But due to the system which is in place currently all this assessment ist completely rigged. 

The great possibilities of GMO which are never realized (because there is no money to grab)


Then, biotechnologists are always talking about the great possibilites like golden rice and producing stronger roots which help the plant survive in regions where people couldn't plant anything so far. All great, but nothing of these ideas exceed the preliminary trial stage. Why you may ask? Because there is no money in there for multinationals. What do they care if people can feed themselves or not. They rather want them not to be able to feed themselves. 

And then there are many measures which would lead to similar outcomes than GMO, but with a much improved biodiversity. Imagine not planting large monocultures, but to plant many smaller fields with varying crops and rotating these crops yearly. And planting rows of bushes and trees between these fields to attract the natural enemies of insects etc. You'd increase biodiversity and you'd be in general much better protected against all possible insects and fungi and so on. Of course, it is a tad more involved for the farmer and -- whooohoo -- big multinationals wouldn't make such a large profit, because farmers would probably need less herbicides and pesticides. 

GMOs are not really needed, not even in large scale farming

As we can see, GMOs are not planted in the EU (except in trials) and may not be sold there as food for humans. Still, the EU feeds its 450 million people. How is this possible if feeding so many people is argued to be impossible without GMOs?

The "let's talk only about the science, not about the application"-argument


Often in the discussions about GMO, the flawed argument comes up that one shouldn't judge GMOs by its applications, because the science is sound. But science can never be separated from the application. Think of nuclear reactions. It's truly great science. And it's sound science. It's understood science. But you're still not allowed to build your own nuclear bomb. Why? Hey, the science is well understood. It is, but that doesen't validate all it's applications. And the same is true for GMOs. The science might be well understood and "under control", but that doesn't validate or even mandate it's use in all circumstances and on a large scale. And especially it doesn't validate its use against the will of the people even if they are not biologists with a specialty in genetic modifications. 

Look for example at neonicotinoids. We are fairly certain, that they are the culprits of bee colony collapse disorder. But reducing their usage faces immense resistance from the producers. 

Look at how EPA is being starved from funding, because it takes care of the rules made to protect environment, humans and animals. 

Look at climate change. It is clear that we humans are warming the world and acidify the oceans. But supposedly because of economic arguments by big multinationals we are not allowed to modify how our science and technology is applied. Hence, the application or non-application of science depends on economic interests. 

Conclusions


Anti-GMO is not so much a distrust in the science and the scientific process as a whole, but a distrust in the working of the scientific process in this specific field and a distrust in the big drivers (large multinationals) behind the applications of the results of this scientific process. Not every application can be applied and should be applied --- or on the other hand should not be applied --- just because the science behind is settled.


Creative Commons License
Anti-GMO is not anti-science - or - why sound science doesn't validate all its applications by Peter Speckmayer is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Donnerstag, 7. Mai 2015

The Platinum Tax-payer card

We people pay money.


  1. We people pay money if we are forced to do so. We pay our taxes, we pay fees.
  2. We people pay money for items we need. We pay for food, we pay for cloths, we pay for housing. 
  3. We people pay money for items we like. We pay for a new TV, a smart phone, going to a restaurant, going on vacations.
  4. We people pay money to show off our status, or to feign a status. We buy brand name clothing, brand name cars and travel to hip locations. Sometimes we do that because we enjoy the holiday destination or we like the feel of a certain shoe or the look of a certain T-shirt, but often we do it to pretend. 

Whether it's poor people, average people or rich people, there is no difference in that behavior. Except maybe, that rich people are more avaricious, because that's one ingredient to becoming rich in the first place --- apart from inheriting wealth.

Taxes


For a wealthy Person there is no immediate gain in paying taxes. They gain more if all the other citizens pay their dues and s/he does not. Someone with a lot of money has also more possibilities to avoid paying taxes. Just pay a little to an advisor who knows how to circumvent taxes and jump through loopholes to drastically reduce the large tax payment. 


People have to WANT to pay taxes


That sounds ridiculous, because who ever wants to pay taxes. I personally understand the need for me to pay taxes and the need for everyone to pay taxes. Still the deduction of the taxes from my salary hurts a bit.
Of all the reasons to pay money we only exploit the reason number 1). We are forced.

We probably will never like paying taxes for we don't get the immediate return of investment we get if we buy new shoes.

But what if we exploited reason 4)? What if paying taxes meant that people could show off their status?


The platinum tax-payer-card


The pay-more-premium based on this premise is all around us. We can see it with credit cards, we can see it with the "miles" in flying. It is nothing new to provide a bit of status which makes people feel more special to those who pay a lot with their credit cards. They get "gold member cards" or "platinum cards" and they are happy to pay more, just so that other people can see that card and can assume wealth and status. For all the "Senators" with loads of miles can just skip the long lines of common people waiting to be checked and go through the special entrance where they are patted down a little bit less humiliating and then sit down in the VIP lounge where they are invited to pay double prices just to sit in the fake leather chairs and to feel special. 

I propose to create a very visible tax payer status. Someone who pays 1 Million Euros or Dollars in taxes a year should be given the opportunity to show this to all the people around her/him. If it's more than 10 Million the sign should be more special. And for someone who paid 100 Million Dollars of taxes in his lifetime there could be the platinum tax payer card.

Invite them to a very special dinner to those who reached the status this year the first time or again. Give them a valuable pin reflecting his contributions. Provide them with incentives honoring their contribution for society.

And then ask everyone who claims to be rich: "Hey, aren't you supposed to be rich? Didn't you claim to have a status? If so, why don't you have at least gold-tax-payer-status?" and "hey look over there, he's a platinum-tax-payer. Whoooa!" Everyone can see it at the big charity event, because the bit tax payer got his pin and his card.

This --- at least that's my thinking --- provides an incentive to wealthy people to not dodge their tax payments because of peer pressure within the group of wealthy people.




Creative Commons License
The platinum tax-payer card by Peter Speckmayer is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Montag, 2. Februar 2015

MiniMetaMessenger, Concept of a meta-data-minimizing communication platform

Mini-Meta-Messenger


Meta-Data 

Intelligence agencies grab our data, and they grab our meta-data. Data is what we write and what we read, meta-data is who is writing it, who reads it and when. From that meta-data one can derive graphs of who is connected with whom and analyse the structure of a certain group, for example people with a differing political opinion. Having this information one can now take out the most important nodes of this graph (i.e. the most important people of the group) and thus destroy it.

In a sense meta-data is even more important to intelligence agencies than the data itself. Because the data that --- for instance --- two people meet to have a cup of coffee is not very meaningful by itself, but if one of the two people were known to be part of a group which threatens the current establishment and the other one a journalist, this message might indeed be of importance. At least it would show a potentially important connection.

Collecting communication data and meta-data threatens democracy. Because if people who speak out against current politics are by default under surveillance --- because everyone is under surveillance --- they will often refrain from speaking out. Surveillance stifles free speech.


Minimizing Meta-data and Data


I want to sketch out a concept of how a messenger could be produced which removes much of the meta-data: the Mini-Meta-Messenger.

Imagine a large dashboard on some server in the internet. Imagine if everyone posted her/his messages to other people on the board. Everyone could just read them. Obviously we don't want everyone to be able to read every message. That's why all these messages would be encrypted with the private key of the sender and the public key of the receiver.

To retrieve the messages for a particular user, this user just has to download all the messages and try to decrypt them with his private key. This will succeed for all the messages which have been encrypted with her/his public key. Hence, s/he would "receive" all messages which belong to her/him.

The remaining data and meta-data is, that a particular person uploaded a message (which cannot be read easily) by the intelligence agencies and many persons downloaded *all* the messages at some later time. There is no exploitable correlation between the two persons who send messages to each other, given that they are not the only ones using the service. Further more, the messages are encrypted, hence as well the data cannot be read by a third party. The only meta-data which would be left is: when is a person writing, how many messages does s/he write and on the other hand who is reading messages and how often.

Of course there is freenet which can do dezentralized full encryption of many services. But it requires effort and skill and time to get started and many people will not find stuff there which matters to them. That's why I think that maybe a simpler approach which is also easier for the people might attract more.


Details


Each person would --- upon assigning to this service --- upload her/his public key. Like that each participant could in principle send messages to every other participant.

Whilst everyone has to download every message (for the sake of hiding the meta-data), one could choose to decrypt only those messages which come from a certain group of persons. Although providing the information of who has sent which message may reveal already too much information.

Probably instead of always decrypting the whole messages, a shorter header could be encrypted separately. A message has been addressed to a particular person if this person succeeds in decrypting the message-header.

A lot of messages are created in a service like facebook etc. A "read all messages" approach doesn't scale well with the number of people. This can be mitigated somewhat by every person posting into a specific channel. Each reader listens to a couple of channels. That way, not all of the members are mixed (and thus the number of messages to read explodes), but still may are mixed and the extraction of meta-data is severely limited.


You are very welcome to leave your comments! Let me know what you think.
Creative Commons License MiniMetaMessenger, Concept of a meta-data-minimizing communication platform by Peter Speckmayer is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.



Freitag, 27. Juni 2014

A C++ Variant type using type_info

Many computer languages don't use strict typing at all or they do have variant types which can take any type from POD types like int and double to containers or self defined classes. In C++ there is no variant type. But does one need a variant type at all? I certainly know which types I will transport (by value, by reference or by pointer) over my interfaces. While this is usually true for a well designed project, sometimes situations come up where variants would be helpful. I try to sketch out one possible way of programming a variant in C++.

Suppose you have a couple of classes derived from the same interface. Each of the classes contains potentially different variable types. Some contain an integer and a string, another one contains a vector of int a third one contains a different combination thereof.
struct Interface  
{  
  Interface () {}   
};  
   
struct A : public Interface  
{  
  A () : Interface () {}  
   
  int length;  
  std::string name;  
};  
    
struct B : public Interface  
{  
  B () : Interface () {}  
    
  int length;  
  std::vector ages;  
};  
   
struct C : public Interface  
{  
  C () : Interface () {}  
    
  std::string name;  
  std::vector ages;  
};  


In your code you've created a container of pointers to the interface.
int main (int)
{
  std::vector myContainer;
  myContainer.push_back (new A ());
  myContainer.push_back (new B ());
  myContainer.push_back (new C ());
  myContainer.push_back (new B ());
}
For some reason you want to collect all the values of all the classes A, B and C which are stored in the container. One use case is logging. You want to extract the values of all of your objects and put them into a list, a diagram or maybe an xml file. You don't want to implement all the formatting options into the classes A, B or C, neither do you want to implement it in the interface. Maybe you plan on extending the logging feature with other views which you haven't defined yet. Obviously you want just to fetch the values and do the formatting in your logging code. Hence, the task is to be able to fetch all the different types of all the objects, preferably in an easy manner.

What are the options?

  • You could write a getter function for each variable type. This is a lot of work and everytime a new variable is added, the getter function has to be added in all classes (=more work). Some of the getter functions would not have useful values to return for some of the classes if the variable is not present in this particular class. 
  • You could try to cast the the interface to all the available classes. Once the cast succeeds, the specific getters could be used. 
  • Template getters? Templates and virtual functions don't mix well. 
  • Create a variant type which can hold all the necessary variables. 

Of all the mentioned ways, creating a variant type is the most convenient way to handle the situation. But how could we write such a variant type? 
Using a variant type the solution could look like this:
enum EnumDataKey
{
  eLength,
  eName,
  eAges
};

 
struct Interface
{
  Interface () {}  
  virtual Variant getData (EnumDataKey eKey) const = 0;
};
where the virtual getData function has to be implemented specifically for each of the derived classes. The enums serve to denote which data the function shall return. It could encode simply the data type (int, double, string, etc.) or---as in this case---serve to name a specific variable (e.g. length, name, ages).

But we don't have a variant type yet. 

We don't, and as written earlier, there is no such generic type in C++. There are several possibilities to achieve such a behaviour.
  • The first possibility would be to have a class which contains a member variable for each of the types which the classes might give back. This technique works, but it's not very elegant, because we'd have to carry around a fat data structure always. If we wanted to give back a new data type we'd have to amend the fat data structure by this new type. This is not flexible and error prone.
  • The second possibility is to try to store the variables as void pointers and use type_info to encode the type information. Then on the receiver side, the type has to be built again and filled with the data from the void*. I will explore this option in the following.
Copy constructor and assignment operator of type_info are private. No copying possible. But within the execution of a program, the command typeid returns for the same types always the reference to the same type_info object (see: type_info ). I want to exploit this. 

How to build a variant type?

We can program a variant type for C++ using two classes. A class which serves to carry the data and the corresponding type_info and another (templated) class which unwraps the carried data once it is needed again. I like the feature, that the middle man (the interface) doesn't have to know anything about which types might be wrapped. The type has to be known at the time of wrapping (obviously) and then by the receiver which un-wraps it. This technique is used in the boost::any type. Since boost is not available in every project, it's good to know the techniques to be able to self-implement it. I tried to add the explanation as comments to the code.
#ifndef  __WRAP_H__
#define  __WRAP_H__

#include <typeinfo>

class IsNullException {};
class IsIncompatibleException {};

// this class wraps an arbitrary data type and can be 
// transported over virtual member functions
class Wrap
{
public:
    // c'tor 
    Wrap () 
    : pValue (0)
    , pType (&typeid(void))
    , bDoDelete(false) 
    {}

    // c'tor for an arbitrary type
    // store the variable as non-const void* in pValue
    // remember the type information in pType
    template <typename T>
    Wrap (const T& value) 
    : pValue (static_cast(const_cast(new T(value)))) 
    , pType (&typeid(T)) // store the type info in pType
    , bDoDelete(true)  // we've done "new T", remember to delete afterwards
    {}

    // assignment operator to assign an arbitrarily 
    // typed variable to the wrapper 
    // store the variable as non-const void* in pValue
    // store the type info in pType
    // we've done "new T", remember that we have to delete it afterwards
    template <typename T>
    Wrap& operator= (const T& value) 
    {
        pValue = static_cast(const_cast(new T(value)));
        pType = &typeid(T);
        bDoDelete = true;
        return *this;
    }

    // get the pointer
    inline const void* getPointer () const { return pValue; }

    // get the type info
    inline const std::type_info& getTypeInfo () const { return *pType; }

    // if no variable has been set, the wrapper is empty
    inline bool empty () const { return pValue == NULL; }

    // do we have to delete it?
    inline bool doDelete() const { return bDoDelete; }

private:
    void*                 pValue;  // value information
    const std::type_info* pType;   // type information 
    bool                  bDoDelete; // has to be deleted
};
#include <typeinfo>
template <typename T>
class UnWrap
{
public:
    typedef T value_type;

    // c'tor which takes a wrapped value
    UnWrap (Wrap wrap) : pValue(0)
    {
        // check if the type of T corresponds to the type of the
        // wrapped object
        if (typeid(T) != wrap.getTypeInfo())  // if not
            throw IsIncompatibleException (); // throw an exception
        if (!wrap.getPointer()) // check that something has been wrapped
            throw IsNullException ();
        // cast the void* back to the desired type
        pValue = const_cast(static_cast(wrap.getPointer ()));
        // in case a clone has been created at wrapping
        // the UnWrap-type has the duty to delete the value
        // and thus free the memory
        bDoDelete = wrap.doDelete ();
    }

    // free the memory if UnWrap is the owner
    ~UnWrap() { if (bDoDelete) delete pValue; }

    // cast operator; enables UnWrap<anytype> to be casted to anytype
    // where anytype is the type provided to UnWrap
    // which has to be the same type as the one which 
    // has been wrapped. 
    operator const T& () const
    { 
        if (pValue==NULL) // just to be secure 
            throw IsNullException(); 
        return *pValue; // only const value is provided
    }

private:
    T* pValue;
    bool bDoDelete;
};
We can now use the variant type as sketched out in the following. In the printData function for each of the possible types it is tested if it can be unwrapped. If not, a exception is thrown, if yes, the value is unwrapped and then copied into a local variable and subsequently printed.
#include 
#include 
#include "wrap.h"

void printData (const Interface* data)
{
    // unwrap "eName" (a std::string)
    try
    {
        UnWrap<std::string> unWrapName (data->getData (eName));
        const std::string& name = unWrapName;
        // can do some formatting here
        std::cout << "name= " << name << std::endl;
    }
    catch (...)
    {
        // can do something in the case the data doesn't
        // contain eName
    }

    // unwrap "eLength" (an integer)
    try
    {
        UnWrap<int> unWrapLength (data->getData (eLength));
        const int& length = unWrapLength;
        std::cout << "length= " << length << std::endl;
    }
    catch (...)
    {
    }

    // unwrap "eAges" (a std::vector<int>)
    try
    {
        UnWrap<std::vector<int> > unWrapAges (data->getData (eAges));
        const std::vector<intT>& ages = unWrapAges;
        for (std::vector<intT>::const_iterator it = ages.begin (), 
             itEnd = ages.end (); it != itEnd; ++it)
        {
             std::cout << "age= " << (*it) << std::endl;
        }
    }
    catch (...)
    {
    }
}
The main function for testing this type prepares some data and calls the printData function. It is shown in the following.
int main (int)
{
  std::vector myContainer;
  myContainer.push_back (new A ());
  myContainer.push_back (new B ());
  myContainer.push_back (new C ());
  myContainer.push_back (new B ());
  
  //doSomethingWith (myContainer);

  // loop over all the data in the container 
  // (or whichever data structure is holding the data)
  for (std::vector::const_iterator it = myContainer.begin (), 
    itEnd = myContainer.end (); it != itEnd; ++it)
  {
      printData (*it);
  }
}
I hope this code helps you and you can adapt it to your own needs. This blog posting has been written with C++03 in mind. With C++11 features like declspec and auto as well as move semantics this variant type can be improved. Check out as well the implementations of variant-like types in boost (e.g. boost::any, boost::variant) if they fit your need. If you can use boost in your project, you might be saved from implementing such types by yourself.
You are very welcome to leave your comments! Let me know what you think.
Creative Commons License A C++ Variant type using type_info by Peter Speckmayer is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Dienstag, 10. September 2013

Countering the surveillance

The extent of the recently exposed world wide surveillance by the USA and the UK --- and probably by all the other nations as well --- is not very surprising to those who do have a certain technical knowledge. But it seemed to have surprised those who lack this knowledge. And to be honest, the extent to which we are all snooped on did surprise me somewhat.

OK, there we are now, we're watched for, we're terrorists until proven otherwise. What can we do about that?


Image of a Cataract by Rakesh Ahuja, MD, CC BY SA


Snooping

I'll first cover the necessities to be successful with snooping, then I'll go into what we could do to mitigate the snooping power of big multi-billion-dollar agencies like the NSA or the GCHQ.
Anyone and any agency who/which snoops relies on basic properties of the data and assumptions about the data. These basic properties and assumptions are:
  • Technical assumptions
    • the data can be retrieved
    • the data can be read and its information can be extracted
    • the signal in the data can be separated from noise
    • all this can be done with the available capacities 
  • Legal properties
    • either there exists the legal permission to do the snooping
    • or there is no entity which has the power to check and enforce the compliance 


Data retrieval

Data retrieval seems to be well under control by NSA and GCHQ and their befriended intelligence agencies. Data is gathered directly from the providers and from submarine cables as well as from satellites. This should cover most of the data especially if the most important hubs are controlled. 

Reading and extracting the information

The requirements to be able do this are, that data (or at least parts of it, such as metadata) are not encrypted or can be decrypted. Nowadays most of the data is not encrypted and the the few data which is encrypted might potentially be decrypted by NSA etc. (nobody knows if there exist non-published attack vectors against the usual encryption techniques and tools). We can assume here, that except in very special circumstances where persons want to explicitly keep information secret the intelligence agencies can read the data and gather the information.


Separation of signal from noise


What is the signal?

Of all the data which is collected it is the signal which is of major interest. And typically each piece of signal is hidden within vast amounts of noise. The first question to ask is "what is the signal?". Whilst in official statements it is always insisted on the signal being terrorists, there is very much reason to doubt this. Why that? Because the first thing in data analysis is to search for signal in data sets where it is likely to find signal in. But most of the data sets in which intelligence acencies are snooping is citizens' and companies interactions, countries which are "friends" and "allies" (I put these words in parenthesis, because friends and allies would normally not be spied on), politicians of trade "partners", the UN, the EU. These are all places where it is highly unlikely to find terrorists. That leads to the question of why are the mentioned data sources used? Well, governments and institutions like the UN and the EU are targeted most likely to commit industrial espionage, and to have a leading edge in negotiations of treaties like the currently negotiated ones (TPP etc.). The citizens are snooped on to discover people with dissenting opinions. If within all the data and analysis some terrorists are found then be it, but I'd reckon, that this happens mostly by accident and is not at all the top priority.

What is the difference between signal and noise?

Once it has been established what the signal is, the data analyst can go on searching for the differences between signal and noise. Let's for a moment assume, that signal is "dissenting voices". If all those people would use a site like dissentingvoices.com (I made this up) for chatting, emailing, videoconferencing etc., then it would be easy as long the site is publicly accessible. Just take all these people and snoop on them. Then crack down on these people and you've eliminated the opposition. But real life is not that easy. Services like facebook and google are used by all types of people. Within them some which might have opposing views. All together the separation of signal and noise will probably be based on what sites you've visited, what comments you've written, what sites you're looking at, what sites you are posting and what your friends are doing. If some of your friends are visiting football sites frequently, you might be into football as well. If friends send around a party invitation, you might go to this party as well. If some of your friends oppose fracking and pipelines, you might oppose fracking and pipelines as well. If you are, then you are signal. If you actually are not opposed fracking and pipelines, you are noise from the point of view of data analysis. You might be flagged as signal, but actually you are not. You are a false positive. Obviously there are true positives (opposition in our example), then there are true negatives (people you've identified as not dissenting and who are wholeheartly in favor of fracking and pipelines) but there are as well false positives (people who your data analysis would put into the "opposition" bin, but which are not there) and false negatives (people who oppose these things, but which your algorithm didn't catch). And often there's not just true and false, but there will be a lot of gray area. You might be against fracking, but only if it is near your house.

Signal efficiency and purity

If you'd like to catch all the signal you just say, that every communication is "signal" and you, for sure, get all the signal. But you're swamped with data which you --- even with big data centers --- cannot dig through and you certainly cannot follow up on all the data because there you are limited by manpower. I presume, that take all the data they can work on with their available capacity and try to get this data as pure as possible. Still, the NSA (and their befriended snooping services) will get false positives (communications flagged as suspicious, but which in reality isn't) and false negatives (communications which are flagged as OK, but which should be signal).


What can be done to counter snooping

Encryption

Encrypting all the signal (chat, email, web-surfing, voice, etc.) by anyone would an obvious response that worked. Encryption can be done on the service provider level and/or on a personal level.

    Encryption on the provider level

Encryption on the provider level can be organized to be reasonably convenient for the user, just as more secure authentication methods like two way authentic authentication are not at all difficult to use and are barely noticed once set up. Encryption on a provider level is for sure a good thing, but whilst it helps against petty criminals it has been shown that it doesn't help against government backed snooping. It has made their quest for snooping more difficult, but it certainly hasn't stopped it. The service providers are either bought, coerced or forced into cooperating with the intelligence agencies. With the encryption happening on the providers' side all the data will find its way to the snooping agencies.

    Encryption on the personal level

Encryption on a personal level is less convenient. A major hurdle for encryption is the adaption rate. As long as only the a couple of geeks use encryption it is practically useless except to keep very specific data secret. To any person without public key one cannot send encrypted emails. That's it with encryption to spoil surveillance. But *if* we all did use encryption and *if* the NSA could decrypt at least some encryption techniques (which is probable), their computers still would have to work more on each message. Working more means more computing time spent and the results would be obtained more slowly. This is like hitting the breaks of the NSA. Yes, they wouldn't be stopped completely, but they could not analyse so much data. 


Be noisy

The snooping analysis can be screwed up by adding noise to the data. This makes distinguishing signal from background harder. More data has to be sifted through and less of the valuable data is found.

Adding noise means transforming ordinary messages from ones which are analyzed thoroughly by the NSA into messages which have to be analyzed, thus "stealing" the NSAs computing time. An easy way is to just add a couple of keywords to each email, maybe just put it into the signature. Something like

"Dear NSA, This email is important! That's why I want you to read this carefully:
Exposure to so much knowledge over social media is infectious–one of life's great joys. I am so enriched."
This page helps you to pick nice phrases: http://nsa.motherboard.tv/

Adding noise means adding random connections and communications. Imagine for every email you'd send another email with a suspicious message (containing probable NSA keywords) to a random email-address around the globe. The NSA would have to dig through double the amount of emails and they would have to filter out all these messages. They couldn't just throw them out, because there would be all the keywords in there which they are searching for. They would have to add and analyze tons of new connections between people which do not have any real connection.

It would even better to add non-random noise. If all the messages would have senders and receivers which would follow a bigger pattern (i.e. look like a network of people exchanging suspicious messages) it would be even more difficult for the NSA to filter that out and not take it for the real thing.

Of course nobody will do the hassle and send random emails to random people. But imagine if there were a computer virus which did that. Instead of sending spam advertising for crappy products the virus would send suspicious emails from imaginary people to imaginary people.

No email left behind

My emails are important. Period. My fear is, that the importance of my emails (e.g. "Hey Tom, how about cinema tonight?") is underrated by the NSA and thus this email is thrown out instantly and never gets to see a decent data analyst. I think this is deeply unfair. Maybe the importance could be enhanced (further to adding keywords) by sending the email directly (BCC or CC) to the indendet recipients at the NSA or the politicians which are in favor of snooping. I mean, if they wouldn't want to read my emails, they would oppose total surveillance. Hence, they want to read the emails and that's they should read my emails. The nice side effect of this is, that if I were a bad person (translation: identified target of the NSA because of some reason) I'd add a connection to the politician or NSA worker. If the NSA goes two to three layers of separation deep, they would find this person now already in the first layer. Great! 
Politicians probably get a lot of email and therefore the politicians are probably soon taken out of the equation. The same is true for the NSA boss. But NSA employees (and GCHQ employees or those of any other of the implicated snooping agencies) would add a nice angle into the agency itself. And it would be very justified, because my emails should be seen by a human data analyst. It's disrespectful if my emails are seen by software alone. 

"Encrypt" the data for computers, not for people


The NSA can filter emails and messages if they are easily readable by a computer. If there were a plugin for the email program which would transform the text you just wrote into a jpeg-image with a nice flower background, your recipient still could read the email. But the NSA could not. A single analyst could, and they could employ OCR programs to read the text, but they can't do that for all the emails because it would cost them too much computing time. The drawback would be, that you couldn't search in your emails for text and your email program couldn't do intelligent filtering by the message. That makes emails less convenient. But on the other hand, your less snooped on.


Use surveillance against politicians


What if all the surveillance capacity would be used to track politicians and discover corrupt behavior. If we'd track where the 1000 most important politicians of a country, whom they are talking to, what they are talking, what emails they are writing, what websites they are watching, whom they are talking by telephone, etc. Well then, we could ensure that none of their behavior is related to corruption. It is certainly easier and cheaper to watch the steps of politicians than to watch the steps of all the people of the world. And I presume, that it would be much more efficient in order to maintain freedom of the people and democracy. We could even include the 1000 most wealthy persons of a country into the mandatory surveillance list.

If such laws would be enacted, imagine how fast politicians would work on crippling the snooping capability of the NSA and other intelligence agencies. I predict that within four weeks, there would be laws and an efficient oversight entity which would limit the NSAs reach and data retention.



You are very welcome to leave your comments! Let me know what you think.


Creative Commons License
Countering the surveillance by Peter Speckmayer is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License.