Blog – Page 77 – Andrea Monti

February 22, 2016February 22, 2016

Iphone-as-a-weapon: back to 1991 (or: why you can’t trust commercial grade security)

The Iphone vs FBI quarrel about the “need” of Apple’s support to hack into an Iphone switches back the clock to 1991, when Phil Zimmermann gave PGP to the rest of the world, infringing the US veto on encryption export. So, this Apple vs FBI thing is actually nothing new since the position of the supporter for the two arguments is still the same.

But there is a new perspective, though, that worth to be considered and that wasn’t that spread at Zimmermann’s time: the role of non-for-profit, personal encryption.

A company, like Apple, sooner or later will comply with the disclose/hack support order by a court. It is just matter of finding a way to minimize the sales impact of such compliance.

Open-source, NGO, non-for-profit created encryption, on the contrary, has neither an “owner” nor a “CEO” who can be ordered to do something “nasty”. Furthermore, open-source based encryption already gives “the good guys” all the information they need to break the ciphers that endanger their investigation.

The point, though, is another: the FBI didn’t ask for the Iphone security’s blueprints. They just wanted a “tool” to exploit the gimmick, with no actual need to understand how would it works. And to me this is a nightmare scenario. I might trust a forensic expert who does his job in a lab, but I have some “problem” acknowledging the fact that every single law enforcement agent, with no actual competence, might have such a powerful tool to be used without actual supervision.

Again, we go back in time: who will watch the watchers?

February 18, 2016February 19, 2016

Sir Clive Sinclair’s ZX Spectrum Vega Plus: Are You Ready To Go Back to Skool?

As many (now old) kids of the eighties I was part of the ZX Spectrum tribe (are you still there, Commodore folks???) and if now I do what I do for living, I have to thanks Sir Clive Sinclair‘s genius that through his glorious microcomputer showed me literally a brave new world.

Now he’s back with the ZX Spectrum Vega project: a crowdfunded project to manufacture a console with a thousand of original “old time” games.

I hope that the project will raise enough money to actually release the Vega Plus, but even if it doesn’t, offering support (as I just did) is a way to say “thank you Sir Clive!”

February 17, 2016

Is The IPhone Criminals’ Weapon of Choice?

According to NBC, Apple has been ordered by a federal judge to support the FBI in decrypting the Iphone used by the people accused of having slaughtered 14 people in San Bernardino, California, last December, 2, 2015. The court order has been necessary since Apple refused to voluntarily provide such support.

These are the bare facts, that have been turned into a horse of different colours by? bad-faith anti and pro encryption activist. The former sang the usual song “Strong Encryption Smooths Criminals”(FBI Records), while the latter waged the old flag “Weak Encryption Affects Civil Rights”.

The federal court neither asked for a backdoor nor for the enforcement? of a weaker Iphone security, but just said Apple to support the after-crime investigation. This court order doesn’t hampers people’s legal right to strong encryption, because the justice said something like “you have the right to own a strong safe, but the State has the right to try to open it whatever the mean in case of a criminal investigation”. In this context, then, the fact that Apple has been ordered to provide support to the FBI is not constitutionally illegal.

I still support strong encryption for the masses (and for companies too), but I don’t think that making a case out of this court order might help the civil right cause. It only works as as a (maybe unintended) advertising stunt for Apple that can portray itself as a “privacy shield”.

February 16, 2016

Staying Under the (Mainstream) Radar

Staying under mainstream radar while releasing meaningful and original contents is a good way to attract people actually interested in your activity, thus making easier – as Seth Godin said – turning strangers into friends and friends into customers.

An empirical look at the way people and companies use profiling and stats suggest that to get more traffic (i.e. pay-for-click ads) contents are shaped just to attract people rather than to provide actual information.

Think of the usual effects of looking at your analytics: you take note of the queries made by users and you shape your content accordingly, to be sure to attract people who use these words. The price you pay for being that “smart” is that you’re not the one who controls the content of your website because you let the users (or, better, Google) do it on your behalf.The result is that all websites are made equal and turned into some sort of digital brochure. In other words, is the tail that is wagging the dog.

Personally, I’m more at ease with Henry Ford’s quote

If I had asked people what they wanted, they would have said ?faster horses.?

February 11, 2016February 11, 2016

Upcoming Data Protection Regulation to Hampers Genetic and Pharmaceutical Research

The privacy hysteria that since twenty or so years affects policy makers and data protection authorities, reached a new peak with the upcoming data protection regulation whose text has been published last Dec, 18, 2015.

While, thanks God, the text clearly states that “biosample” as such aren’t “personal data”

genetic data should be defined as personal data relating to the genetic characteristics of an individual which have been inherited or acquired as they result from an analysis of a biological sample from the individual in question, in particular by chromosomal, deoxyribonucleic acid (DNA) or ribonucleic acid (RNA) analysis or analysis of any other element enabling equivalent information to be obtained

Nevertheless there is no clear reference to the fact that genetic (and, in general, health-related) researches can’t be pre-emptively limited to specific processing since scientists work with microscopes and not with crystal balls.

The result is that every research project that deals with patient (and patient’s relatives) records might face enormous bureaucratic burdens every time a new path of study emerges from the current one.

Furthermore, the regulation says that:

Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or health data

In other words, then, we will likely face a flood of local regulation that will make harder to perform researches that save human life.

Sure, there will always be the possibility to challenge in court the letter of the law, claiming that no provision can be interpreted in such a way to endanger human life and that data protection, in constitutional terms, is a “lesser right” when compared to the right to health. But this takes time, money and an open-minded court.

In the meantime, scientists will either slow down their activities or risk to be taken in court.

Does it make sense?