James A. Donald: >> > Cops just don't put that much work in. > > On 2013-05-22 5:41 PM, Jacob Appelbaum wrote: >> Yes, yes they do: >> >> > http://www.scmagazine.com/finfisher-command-and-control-hubs-turn-up-in-11-new-countries/article/291252/ > > > That governments attempt to spy on people is not evidence that they any > good at it. >
Of course. They are quite good at it. Their successes are well documented: https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/ https://citizenlab.org/2013/03/you-only-click-twice-finfishers-global-proliferation-2/ > If they were half way competent, it would not be possible to detect > these hubs. You keep saying that and they're still compromising people. They only have to be slightly competent and the evidence shows that they are competent enough. > >> While I generally understand your arguments, I think you underestimate > the capabilities of even local police officers. >> There are point and click tools, custom tools and everything in between. > > Local police can no more do this stuff than your mother can, and the FBI > is not a whole lot better. Wow. First of all, I'm not sure why you use such sexist comparisons - what is the implication about my mother exactly? That the government is hardly half way competent and in that, they're just slightly better than my mother? Classy. You're also wrong about the FBI and the police - they are quite good at it. Defense is a hard problem and overall, we're losing this battle every day. > > Consider for example, the boston bombing. Interested parties threw away > Tsarnaev's laptop, indicating he had been doing interesting things on > the internet. Despite the fact that the FBI had been told by the > Russian intelligence service Tsarnaev was a terrorist, they had failed > to collect any interesting internet communications. > Hardly. Furthermore, we've heard that we're not even getting the full picture: http://www.guardian.co.uk/commentisfree/2013/may/04/telephone-calls-recorded-fbi-boston You suggest that because we haven't seen it - it isn't happening. We know that this spying happens and that it is rarely openly discussed. >> Customized solutions are the standard operating procedure. I encourage >> you to read this: >> >> >> http://www.gpo.gov/fdsys/pkg/CHRG-112hhrg64581/html/CHRG-112hhrg64581.htm > > > Upon reading it, I find the unsurprising information: "Simply stated, > the technical capabilities of law enforcement agencies have not kept > pace with the dazzling array of new communication devices and other > technologies that are now widely available in the marketplace." > > This tells me that not that the police are super terrific hackers who > produced customized malware for each person's computer, but that they > are your mother. Look at the wiretap statistics - the FBI had no trouble with cryptography in interception. They're playing both sides of the game and they're doing quite well. Zero cases stopped by crypto, how do you suppose that happens? Do you think they can break all the crypto? Or do you suppose that perhaps they're better at malware? > > >> >> =============== >> >> Ms. Caproni. Thank you for that question. There will always be >> criminals, terrorists, and spies who use very sophisticated means of >> communications that are going to create very specific problems for law >> enforcement. We understand that there are times when you need to design >> an individual solution for an individual target, and that is what >> those targets present. >> We are looking for a better solution for most of our >> targets, and the reality is, I think, sometimes we want to >> think that criminals are a lot smarter than they really are. >> Criminals tend to be somewhat lazy, and a lot of times, they >> will resort to what is easy. >> And so, long as we have a solution that will get us the >> bulk of our targets, the bulk of criminals, the bulk of >> terrorists, the bulk of spies, we will be ahead of the game. We >> can't have individual--have to design individualized solutions >> as though they were a very sophisticated target who was self- >> encrypting and putting a very difficult encryption algorithm on >> for every target we confront because not every target is using >> such sophisticated communications. > > This tells us that they would like to have customized solutions, that > they aspire to have customized solutions, but that instead of customized > solutions they rely on Google and Microsoft vacuuming everything up and > handing it to them on a platter tied up with a pink ribbon. This report was from a few years ago. They're getting that data from the companies, from malware, from surveillance both targeted and strategic; it is really weird to say that they're not having their needs met. We've known that Green Lantern, the FBI malware, was designed, built and deployed in the 1990s. All the best, Jacob _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography