On Touch ID

A room within a room
A door behind a door
Touch, where do you lead?
I need something more
Paul Williams, "Touch"

Naturally, Touch ID was defeated (By the CCC, yay Germany!) only in a matter of hours after the iPhone 5S was available. And people are all over it. Bottom line: This end-user product doesn’t provide military-grade security. No shit.

See!? Using biometric for security doesn’t make sense!

Duh, of course it’s hackable, but it’s better than nothing, and pin codes are a pain in the ass!

But it’s so easy!

Only if you’re the FBI!

Or a private eye!

Dude, nobody’s saying it’s perfect, but it’s better than a pin code nobody is using!

A level of security that is annoying and therefore not used is weaker than weak security, got it? Apparently not:

For those who continue to use Touch ID, Graham suggested a simple step for minimizing the success of Starbug’s attack: use only pinky or ring fingers to unlock your device.

No offense, but somebody’s in need of a reality check here.

Spending quite some time in university libraries, I see people leaving their laptops unattended, user accounts logged in and sure as hell with all their passwords (pardon: the one password) readily available in Chrome’s preferences.

Considering that, I can’t believe we’re having a discussion about somebody going to the lengths of obtaining and forging your finger print. I can’t remember where I‘ve read it, but: If you’re facing that, you have way more to worry about than your phone’s contents.

Naivité, Security and Surveillance

“NSA does not have the ability to do that”

Why wasn’t there an outrage about the NSA and their domestic spying just over a year ago, in early 2012? Hard to say. I mean, there was this:

All of this is credible journalism by Laura Poitras, published by the New York Times, with William Binney as a competent and credible source. To learn more about Poitras’ key role in the Snowden part of all this, check out theexcellent portrait of Julian Assange in Vanity Fair.

Back to 2012. From the Wired story on the NSA’s activities and the datacenter in Utah:

it chose to put the wiretapping rooms at key junction points throughout the country—large, windowless buildings known as switches—thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US

These domestic activities were readily denied by General Keith Alexander, head of the NSA:

Alexander said “No,” adding that the “NSA does not have the ability to do that in the United States.” Elaborating, Alexander added: “We don’t have the technical insights in the United States. In other words, you have to have […] some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We’re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.”

This was, now so very obviously, not true. But who cares about a government official lying to the Congress? Only naive people, I guess. More on that in a bit.

However: Since Snowden, there are more details out there. We know about the UK’s GCHQ doing the same or even more than the NSA and over all of Europe. There is no denying anymore, by anyone.

“You’re naive”

Some people, like Matt Gemmell, say that “any sane person had already assumed” this was happening.

Better yet, objecting to the lack of privacy, specifically NSA’s direct access to the major tech companies’ data is supposed to be (quoting Gemmell again) “incredibly naive”. Worse yet: It’s not only naive, it’s also unjustified, because we shouldn’t change anything:

So what do we do about it? Probably not a lot, if we don’t want to sacrifice effective national security.

This attitude, to me, is just as dangerous as the NSA’s actions itself. Effectiveness is conservatism’s favourite justification for excessive and invasive actions of the executive branch since forever. Don’t get me wrong: I do want government agencies and the police and all of that to protect me from… yes, a bomb maybe, or some big assault somewhere in the public transportation system of say… Hamburg or whatever by “evil people”. And still, effectiveness is such a non-argument. Nobody argues that more data for the NSA gives them more of a free hand. But if effectiveness was the only variable in this game, there wouldn’t be a discussion.

It’s not called “naiveté”, it’s called “democracy”

It’s just that the “naive” people disagree with the current imbalance of security and privacy.

Only because everything can be intercepted doesn’t mean that’s what should be done. However that’s exactly what made Edward Snowden leak these documents, the sheer blanket eavesdropping, on everything. He had hoped things would change with the Obama administration, but they got even worse, he told the Guardian in the second video interview that was published (from 06:20) – thanks, Obama!

Eben Moglen, in 2012, relating to the Utah datacenter:

It’s more than just the permanence of data. It’s the relentlessness of living after the end of forgetting. Nothing ever goes away anymore. What isn’t understood today will be understood tomorrow. The encrypted traffic you use today in relative security is simply waiting until theres enough of it for the cryptoanalysis to work, for the breakers to succeed in breaking it. We are going to have to redo all of our security, all the time, forever, because no encrypted packet is ever lost again.

Everything. Surveilling on a scale like this (well, there’s no scale anymore) is by definition not a justifiable action the executive branch can take. Not here and not in the US. I know that it is possible – but that doesn’t mean it should be done or is allowed to be done. The Economist sums it up:

Having once spied on a small number of specific targets, [the NSA] now conducts online surveillance on a vast scale. It has spied on drug dealers, tax evaders and foreign firms, none of which pose a threat to national security. NSA employees have used its systems to spy on their former lovers.

It seems like General Alexander is in need of a reality check. If it is necessary to establish a system with tremendous staff and judges and courts and whatnot to give out warrants that don’t violate the Constitution, then you have to do so. It’s as simple as that. Just because with digital communication, you can access a backbone and tap in on everything, very easily, it doesn’t mean you’re allowed to.
However, according to a recent piece in Foreign Policy, this is exactly what Keith Alexander disagrees with:

“He said at one point that a lot of things aren’t clearly legal, but that doesn’t make them illegal,” says a former military intelligence officer who served under Alexander at INSCOM.

Later on, Alexander is even called naive himself (whoop!):

“But I think he has a little bit of naiveté about this controversy. He thinks, ‘What’s the problem? I wouldn’t abuse this power. Aren’t we all honorable people?’ People get into these insular worlds out there at NSA. I think Keith fits right in.”

What could possibly go wrong?

It’s not just that FP found one or two people within the NSA who were willing to discredit Alexander here. Michael Hayden, Alexander’s predecessor as head of the NSA, officially complained about Alexander’s craving for raw data before his superior, according to the same FP article.

And there’s more. A cryptography professor was asked to pull a blog post from his university’s servers, a scandal in itself. Anyway, he had posted thoughts about the recent revelation that the NSA had sabotaged the consolidation of encryption protocols:

Not only does the worst possible hypothetical I discussed appear to be true, but it’s true on a scale I couldn’t even imagine. I’m no longer the crank. I wasn’t even close to cranky enough. […] The one reason I would have ruled it out a few days ago is because it seems so obviously immoral if not illegal, and moreover a huge threat to the checks and balances that the NSA allegedly has to satisfy in order to access specific users’ data via programs such as PRISM.

What’s left to say? I guess this cryptography expert professor guy was just too damn naive as well.

Lessons from history

Not only is it simply wrong, as shown above (if that’s possible). I also find the naiveté accusations extremely disturbing in the light of what we’re talking about. Think about what it meant if this attitude really was naive? That stateside surveillance only serves the greater good? That abuse is impossible? That more intense surveillance means greater security?
If one truly believes that, then you have to ask: Have you heard of this thing called history? I’m not die-hard left wing, I’m not protesting on the streets every other week for this or against that, but I cannot accept any authority pursuing totalitarian tendencies. And I wouldn’t have thought this counted as naive or idealistic. On a side note: Being a realist doesn’t mean accepting everything as it is or inventing justifications for the status quo.

Anyway: I am German and I kinda have to know this, but I thought Nazi Germany and the other totalitarian regime in Eastern Germany with the Stasi and all of that weren’t unheard of in the US. There’s also novels like 1984, they even made one or two movies from that. So there’s not really an excuse not to have heard of the downside of an all-too powerful government. Despite all this, it seems like Jacob Appelbaum was right when he said that Germans need to be the history teacher in this affair (great statement by Edward Snowden he reads out, you should watch the whole thing).

In more recent history, the detention of David Miranda at London Heathrow shows that competencies will be abused.
Looking into it, I can’t believe that schedule 7 of that anti terrorism law – eliminating the right to remain silent, and in Miranda’s case being blatantly abused (despite the lack of a link to terrorist activities), was actually passed in the UK.

What now?

Here I am, a German citizen living in Germany complaining about the NSA’s domestic activities. Well, the GCHQ’s activites as well as all the government agencies’ cooperation with German agencies demands a holistic approach to this. As Matt Gemmell points out correctly, we can’t allow government agencies to circumvent civil rights by doing domestic spying for each other.

We need to have a global discussion about what privacy means to us, and how it can be maintained in this digital day and age, that is just not compatible with the concept of borders.
The first step, however, has to be that domestic surveillance in the US goes back to a level that is reconcilable with their Constitution.

Thanks to Matt Gemmell, whose post was the trigger I needed to write this.


“I’m walking to the bridge,” begins a Golden Gate Bridge suicide note […] “If one person smiles at me on the way, I will not jump.”

Suicide is fascinating to me. On the one hand, I feel like we should respect somebody’s decision or assumption that, overall, they won’t come out of their life “ahead”. A line from an Editors song comes to mind:

In the end all you can hope for // Is the love you felt to equal the pain you’ve gone through

I mean, who are you to tell somebody “No, no. You have to suffer at least 30 more years before I allow you to die”?

On the other hand, it’s not as simple as that. Suicide can’t really be looked at isolated from depression or mental illness in general. I also ask myself if – aside from people who are terminally ill and don’t want to suffer anymore – every person commiting suicide is by defintion mentally ill.

Anyway, this piece on the dramatic surge of suicides is well worth a read:

Around the world, in 2010 self-harm took more lives than war, murder, and natural disasters combined, stealing more than 36 million years of healthy life across all ages. In more advanced countries, only three diseases on the planet do more harm.

Light Pollution

I live on the 4th floor, and at night I can directly see the light sources of all the road lights outside my window. There’s just no way this is necessary. And then there’s the glowing sky over Hamburg’s busy port. And all the shop windows at night. And so on.

This excellent piece in The New Yorker from 2007 points out all the serious effects of light pollution: It is disturbing sleep, causes health issues, benefits crime, costs a ton of money, wastes energy and endangers animal populations.

Most people don’t notice bad nighttime lighting; if you do, it can make you slightly crazed. When I’m driving at night, my wife has to tell me to watch the road instead of looking back over my shoulder at a yard whose trees have floodlights in their branches, or at an empty parking lot so bright that you could deliver babies in it

via kottke.org

#notatort CW 35 – "Primer"

It’s true what they say. The first time you watch Primer, you don’t understand what’s happening.

It is amazing what Shane Carruth pulled off there. And not in a “it’s cool cause it’s complicated” way, but just because the movie really sucks you into its world with its unique atmosphere and way of storytelling. And once you have your own opinion about what happened, you can start an edit war on Wikipedia.

I just wanted to watch this movie so I can listen to the time travel episode of The Incomparable. Can’t wait to listen to Siracusa ramble about 12 Monkeys, Looper and Primer.

Kevin Spacey on the future of TV

Yes. Kevin Spacey on TV, the future of TV, pilots and House of Cards. I talk about Netflix and how House of Cards is special in this article.
Thanks to Timo for linking the video to me.


Thx to Timo for linking this to me before everybody on the Internet did.