Domain: guptaoption.com
Stories and comments across the archive that link to guptaoption.com.
Comments · 8
-
Moglen's tactics are dumb
Alienating reporters is a sure-fire way of getting your cause, no matter how good, totally disrespected. Even if they understand you, they never forgive.
In the long run, there are softer vectors to attack than social networking. A lot of these fears would apply equally well to private social platforms which were not encrypted, just the NSA etc. would have to scrape the data off the wires rather than having nice databases to mine. But the paydirt is still VISA and tax records and face recognition tied to passport databases. I bet social network data, when you get right down to it, is just a nice-to-have compared to the passport biometrics database combined with pen registers etc. for communications.
You might find http://guptaoption.com/cheapid interesting from this perspective: it's a proposed biometric ID card standard which blinds governments to the biometrics of their population except under special circumstances, and enforces this arrangement with strong cryptography. The passport and driving license databases are key, and this is one way to get rid of them.
-
The use case: Scientology
Lots and lots of new users are coming on to the internet. How are they to know that Darwin was right and Hubbard was wrong, if John Travolta, who they've seen in movies, tells them in a nice video presentation about how everybody in the world is wrong and him and his people know the truth.
Really, fundamentally, you can see the fear that TBL has here.
On the other hand, although I agree about the problem, this isn't the solution.
http://www.guptaoption.com/5.open_source_development.php - see the final item, "The Primer" for my approach to this problem, which involves big, stable organizations (in this case the USG but anybody coudl do it) publishing basic overviews of reality for newly connected populations to help inoculate them against bullshit.
-
Couple of essays on this kind of approach
not from a charitable approach, but from a foreign policy approach.
http://www.guptaoption.com/2.long_peace.php - Winning the Long Peace
http://www.guptaoption.com/5.open_source_development.php - Saving the World through Open Source
(also relevant: http://appropedia.org/
Basically, if governments or foundations pay for open source innovation in key areas, like solar cookers and efficient cooking stoves, rural water purification technologies - hell, basic sanitation - they can get a very great deal of leverage on the fundamental problems of the world for only a tiny fraction of the money it would take to try and solve them directly.
It's like Linux or Apache - even counting corporate funding, not that much money went into these things, but the value created in the developing world is *huge*. Can you imagine trying to run the IT infrastructure of the developing world, where techs are rare and expensive, on Windows?
Well, we could do the same for infrastructure in general.
More at http://hexayurt.com/ - click on the infrastructure links. -
Couple of essays on this kind of approach
not from a charitable approach, but from a foreign policy approach.
http://www.guptaoption.com/2.long_peace.php - Winning the Long Peace
http://www.guptaoption.com/5.open_source_development.php - Saving the World through Open Source
(also relevant: http://appropedia.org/
Basically, if governments or foundations pay for open source innovation in key areas, like solar cookers and efficient cooking stoves, rural water purification technologies - hell, basic sanitation - they can get a very great deal of leverage on the fundamental problems of the world for only a tiny fraction of the money it would take to try and solve them directly.
It's like Linux or Apache - even counting corporate funding, not that much money went into these things, but the value created in the developing world is *huge*. Can you imagine trying to run the IT infrastructure of the developing world, where techs are rare and expensive, on Windows?
Well, we could do the same for infrastructure in general.
More at http://hexayurt.com/ - click on the infrastructure links. -
We built it. They came.
Look, once you have the ability to use DNA fingerprinting, it's more or less inevitable that authoritarian groups will mount a long-term plan to use it. And for every group like the Innocence Project which is using it to exonerate people, there's five groups that go out after a political protest with mops and buckets to grab DNA samples of people who were there to run through the Federal Crime Database.
I'm not *for* this, I'm simply noting that once the science is there, trying to stop it being used in obvious ways which have some tangible social benefits (rape becomes very, very much harder to get away with) is very hard, even if the social costs (political protests become hard to get away with too) are also very real.
I have a partial solution to this problem.
http://guptaoption.com/4.SIAB-ISA.php
It's a proposal - done on a DoD grant - for using strong cryptography and division of powers to separate the biometric database from the identity database, so that all the metadata about a DNA sample - name, for example - is encrypted in a way which requires court orders to retrieve and - *critically* - stored by a separate agency so that it requires three separate groups to work together to bind a name to a DNA sample.
* the DNA database must run the sample
* the Court must agree to decrypt the name information when it is presented
* the Identity database must agree to provide the encrypted data to the court
This approach gives excellent security to the individual, and acknowledges the simple reality that we can't make DNA analysis and other biometric technologies go away. We have to use other technologies to counterbalance them (strong crypto) rather than hoping to turn back the clock. -
CheapID- A Secure, Open Src, Private, Biometric ID
There is an open alternative to this kind of biometric snooping: CheapID. It's a digital identity standard, and a protocol for having a court order be required before the police, or other government agencies, could run a biometric search on the Big Database. It enforces that standard by moving the Big Database to an international level, but encrypting the metadata attached to each record - including fields like name - in a way which means the people with access to the database can't *do* anything with it, because there is no information about *people* in the database (like names,) only information about their physical bodies. Data stripped of metadata is largely worthless, and to unstrip an item needs a court decrypt from a national government.
From http://guptaoption.com/4.SIAB-ISA.php
This paper shows how we can manage large scale biometrics databases and increase the amount of privacy we have from government snooping while still having a secure society.
The basic crux of this paper is that you can separate the biometrics database, which simply identifies your physical body, and isn't necessarily any more intrusive than Flickr or any other online photo sharing site, and the reputation database, which stores things like your credit rating, any criminal record, and the suspicions of various government agencies about your intentions.
So when you do something like rent a car, you give them a token which has your face on it. They match your face to the token, and say "ok, this token is valid." But the token doesn't have your name, or your SSN, or anything else on it: it's totally sterile. But if you steal the car, they take the token to court, as well as the proof you gave it to them, and the court uses the token to get your name, SSN and other details.
If all that FBI or other government biometrics database stored was tokens, and it required a court order to go from a match in the biometrics database to a name and street address, I think we'd have a fair balance between civil liberties and security. A database of pictures of faces or fingerprints is not the intrusive part: it's the connecting of your face or your fingerprint to your background that is the intrusion, and we can separate the two databases and require a court order (and a crypto key) to reconnect them.
Cheap DNA scanners are coming. We've have to fix how we handle biometric data as a society before they arrive. -
We do need to redefine privacy - with cryptography
At the end of the day, you can't use somebody else's computer, and expect privacy. You can't use somebody else's network, and expect privacy. If I jack into your ethernet hub, you're going to have the possibility of reading my traffic unless I use HTTPS / SSH / GPG etc.
That's our real relationship with Comcast, with AT&T and so on. They're snoopy sysadmins on a gigantic scale, and we should treat them like snoopy sysadmins of any other kind: encrypt and tunnel all traffic, and push back technically as hard as we can. P2P has led the way on this, but it's really time we stopped dinking around and started defaulting to HTTPS even on sites like Slashdot.
On the broader level, I did some work on this (ironically, the first draft of the work was done for the USG.)
http://guptaoption.com/4.SIAB-ISA.php
It's a system - built on open source software for the most part (and the remaining stuff could be built) - which provides for a rock solid personal identity card which has three critical properties:
* all your personal data is encrypted, and only a court can decrypt it
* the card has no unique identifiers on it, and you have dozens of cards (that you leave with institutions like your bank to "anchor" your account)
* it's dirt cheap and secure enough to entrust with biometric data like DNA fingerprints.
Concerted effort to produce an open alternative which offers strong security *AND* strong privacy by carrying the debate to a higher technical level than schemes like RealID is long past due.
Phil Zimmerman settled the encryption issue for most of a generation with PGP. It's time for us to consider doing the same for general communications snooping, and then moving out into areas like the poor protection of identity in systems like the Social Security Number-based credit reporting system.
We can do better, and we must. -
Re:Hexayurts
Ah! Yes, I'm so close to it I forget that people are seeing it for the first time!
I'm going to be overhauling and reorganizing the web sites soon, make things like http://disastr.org/ and http://cheapid.guptaoption.com/ more visible.
Will bear this in mind then!