Monthly Archives: November 2013

Another week, another easy internet censorship solution

Last week had the blocks on internet searches in Google and Bing, and my piece on that ended on the question of whether this wasn’t getting a bit close to censorship already. Also, it seemed like a simplistic media-attention grabbing solution that didn’t address the real problem.

Move on a week, and guess what. Now the government is going to counter extremist thought by blocking extremist websites. Of course I had to write a follow-up piece on this, which appeared yesterday at The Conversation: Blocking extremist sites is not the same as fighting child porn. This time there is no question in my mind about whether the internet censorship goes too far. And once again it won’t bother the savvy baddies much. I don’t tend to go for “it drives them underground” arguments, but in this case you might even wonder whether hiding basic communications using VPNs, ToR, and crypto is a first learning step for the development of future cyber terrorists. (That’s a blog post rather than comment piece type of idea.)

I find it very useful to run the initial ideas for these pieces past colleagues in the Cyber Security Centre. This time, Robin Mackenzie of the Kent Law School provided encouragement, and Magali Barnoux of the Forensic Psychology Group gave some useful feedback – thanks!

Snowden revelations: a moral responsibility of the informal media?

In each comment piece I have written recently I found myself mentioning Edward Snowden’s revelations one way or another. In one sense it’s no surprise whatsoever: it’s just a big thing for the security world. Ross Anderson talked about the revelations about backdoors being a “9/11 moment for the [crypto] community“. No wonder we talk about it if it’s on all our minds a lot of the time.

There is another aspect to this, though. As I said in a post to our local cyber security enthusiasts’ facebook group: “I feel we need to make sure these stories keep getting shared online – as beyond the Guardian, UK media have been successfully intimidated into keeping quiet through a DA-notice.” A useful description of the story around that is here. As such notices are voluntary to start with, and they didn’t send the University of Kent one as far as I know, I don’t feel in the least bit naughty for mentioning that DA-notice when it’s usually kept quiet about.

I think to show our appreciation of the way in which Edward Snowden, Glenn Greenwald, and friends have opened our eyes – to (respectively) huge and significant detriment in their personal lives (David Miranda!) – we have to keep hammering on about this. Of the “formal” media, The Guardian have been standing mostly alone in this in the UK, not even getting much defence from others when their press freedom is under attack from Cameron and his cronies. When our network of UK cryptographers made a fuss about NSA backdoors, the Times declined our letter, only the Guardian reported on it. Least I can do is return the favour.

Another reason to keep at it in the informal media is that some stories do not even make it into the UK press. I don’t think the Belgacom revelations (GCHQ/NSA snooping on the EU’s ISP) have made it fully into the UK press yet. I’ve refered to a Spiegel piece on NSA smartphone attacks that I haven’t seen elsewhere. It was a pleasure to see the Dutch newspaper NRC join in with Snowden stories last weekend, with their recent story about 50,000 dormant NSA-infected networks also a novelty. (And, like with the Spiegel story, conveniently published in English.) Funny they were being apologetic on Twitter already today for not coming out faster with more stories.

There has been a welcome change in the UK in the last week or so though. The BBC, usually appearing painstakingly conformant, appear to have changed policy. They covered the NRC story, and now also report a story from Huffington Post on the NSA using porn internet histories for blackmail. Who knows the Daily Mail may eventually end up standing alone defending Cameron’s attack on Snowden and the Guardian.

On Internet search filters

Published yesterday on The Conversation (and likely to spread from there on previous experience): “Blocks just move child porn under the counter“. Cheeky comment self-censored out: if they’re so good at deciding which search queries relate to child porn, why don’t GCHQ apply these techniques to their stash of mass surveillance metadata?

This note profited from useful comments from David Chadwick (who suggested “under the counter” instead of my original “on the top shelf”) and Robin Mackenzie.



A security lesson from 1687

A week of firsts it is then. This blog was created a few months ago, today finally a first real post. The reason to create the blog was to have a space for short comment pieces which didn’t make it into external sites, I’ll add posts later pointing at the pieces that did get published elsewhere, of which there have been a fair few recently,

The other “first” was that I was advised to open a Twitter account for the Kent Cyber Security Research Centre to publicize our activities. I’d searched Twitter occasionally in the past, but now I’ve also opened an account @KentCyberSec. This needed a “profile picture” which couldn’t be me, couldn’t be the non-existent logo of the centre (suggestions welcome!), and I didn’t want it to be one of the standard images such as this. Instead I used the image below. No one has asked yet why, but this blog post is dedicated to answering anyway!

2013-11-01 11.45.25

On my recent visit to Hyderabad (Andhra Pradesh, India), I visited the ancient and well-known Golconda Fort, a Unesco world heritage site. It was started in the 13th century, and heavily fortified from the 16th century onwards. The picture above shows a water pipe from that era, part of the extensive system to ensure that in case of a siege the fort’s inhabitants would not run out of water. Several reservoirs like the one pictured below would be pumped full by camels driving pumps at the ground level.

2013-11-01 11.56.34

In 1687, the Muslim king Abul Hasan Qutb Shah ruled the Golconda fort, and the Mughal emperor Aurangzeb besieged the fort. The fort held out for 8 months, thanks to its food supplies, water supply infrastructure, and extensive fortifications. The fall of the fort after 8 months was because the officer Sarandaz Khan in the Qutb Shahi’s army was bribed and opened a secret door.

The security lesson from 1687 is thus a very familiar one, about weakest links and insider attacks …