Joe on Mobile Crypto

The Saudi and UAE governments are thinking of banning certain services on BlackBerry phones, as theyare encrypted and communicate to foreign systems.
Joe reminds us that while encrypted communications can be used for nefarious purposes, they can also be used for good. Phil Zimmermann, inventor of the common encryption software PGP feels the same way.
Indeed, they are used for good far more than for evil, and their use is almost ubiquitous: essentially any site that deals with personal or financial information is SSL-encrypted. Gmail uses SSL by default, and now even Google Search is available over SSL. Most instant-messaging clients use SSL between the client and server, and Skype uses transparent, end-to-end encryption for all voice, video, and chat messages, as well as file transfers.
In a way, crypto is not unlike firearms (( Even the government considers certain cryptosystems to be munitions, and restricts their export, although the restrictions have been considerably lessened in my lifetime.)) : it can be used by bad guys plotting dastardly deeds, but its benefits to society are considerably greater than its drawbacks.
In fact, I consider strong crypto to go hand-in-hand with free speech: being able to speak privately (and, on a related note, anonymously) is one of the strongest foundations of liberty. I hold this believe so strongly that I regularly use and encourage others to use strong crypto in their everyday lives. For those wishing to contact me securely, my PGP key is available here. One can also send me an S/MIME-signed message and I will reply with a signed+encrypted message.

Mixed Feelings

I’ve got mixed feelings on Wikileaks, particularly when it comes to ongoing military action.
On one hand, Wikileaks seeks to bring unethical behavior by governments and corporations to light. I respect and support this.
On the other hand, there’s some information that should not be published, such as information detailing or identifying sources, as it can put people at great risk. I think that such information should have been redacted to protect the innocent. In addition, there’s the ethical issue of the whistleblower breaking an oath to reveal classified information to the public. Where does one draw the line?
Hopefully he made the right choice, and innocent people are not harmed as a result. I can only hope that I never face such a dilemma.

On Openness

Last night I had the pleasure of having dinner with several members of the local free unix group. While the conversation was interesting, stimulating, and extraordinarily geeky, a particular exchange struck a chord with me.
We were discussing opportunistic encryption and how, despite its shortcomings, it’s still better than nothing (( For example, STARTTLS for SMTP offers no protection from a man-in-the-middle attack, as certificates are not checked against a list of trusted authorities. However, this is no different than if the message was sent over an unencrypted link, but STARTTLS offers protection against passive wiretapping. )). Several of us lamented that implementing strong security is often hard, and usually beyond the abilities of most average users. Thus, having opportunistic encryption on the server end (e.g. having webmail, IMAP, POP, SMTP, etc. connections use SSL by default) can often add security to an otherwise insecure connection without needing any action on the user’s part.
One of the other folks at the meeting mentioned that if we had a completely open, transparent society, then we wouldn’t need to worry about such security, as there’d be no secrets to protect.
An interesting concept, to be sure, but not one I can really see taking off; people have too many secrets.
Perhaps it’s not secrets on the scale of nuclear weapon schematics, orders of battle, or other secrets of that magnitude, but most people have information that they either wish to keep to themselves or share with a limited number of people without that information being known to the general public: medical records, business plans, love letters, financial information, etc. Most people have a reasonable belief and expectation that their phone calls and emails are private, even though such communications are almost always insecure. This, I think, needs to change — private citizens need more control over their personal information, particularly when their information is stored and transmitted by third parties.
Take, for example, Facebook: people post an enormous amount of personal information to Facebook on a daily basis, and feel comfortable doing this because Facebook allows various degrees of control over who can access that information (( Of course, that information can always be re-published by users who are authorized to see it, or through security breaches and other nefarious methods.)). Whether or not they should feel comfortable posting personal information online is an entirely different matter, but users do have some degree of control over their information and they can choose to not post their information in the first place.
On the other hand, look at ChoicePoint. They gather information from a huge variety of services, collect it, and sell it. The amount of data they store is staggering. There’s a lot of issues with ChoicePoint which, to me, relate to control of information: private citizens are not ChoicePoint’s customers, and have no leverage or ability to change the information collected or stored by the company. Once the company has the information, they’re unlikely to let it go.
As a personal example, I recently moved from Tucson to another city in Arizona to live with my wife. I filled out the change-of-address form with the USPS. She filled out the forms with various government agencies to change her last name after the wedding. Suddenly, we’re bombarded with mail saying, in general, “Welcome to the neighborhood, [last_name] family! Here’s [various_commercial_offers] for new residents!” She’s lived at that address for years. We don’t want this crap, nor did we sign up for it, yet our names and addresses have become public record by the simple act of changing my address and her changing her last name. At the very least, there should be a means of preemptively opting-out from the disclosure of this information to entities outside the post office and government. Same thing with voting records — evidently voter registration information is public, including one’s name, address, and telephone number (I’m not sure about political affiliation, but I wouldn’t be surprised if it were public.). Every election cycle, we get bombarded with?political?mailings and phone calls, with no means of opting-out from them.
My wife and I have no problem with certain information being used for legitimate purposes. For example, the post office needs to know my new address so they can forward mail. This is fine. The Social Security Administration and Motor Vehicles Department need to know that my wife changed her last name. That’s also fine. We even understand that credit and insurance companies need to have some means of evaluating how much of a risk a potential customer might be, and that some information must be shared (( Though it’d be nice if information-sharing was prohibited by default, and that one would need to authorize an individual company before they’d have access to the information. Of course, a creditor would rightly refuse to offer credit to someone unless the individual authorized that company, but right now that data is basically free-for-all.). But we do have major problems with a lack of control over personal information.
In short, the default state for information relating to private citizens should be “private”, and individuals should have the ability to control the distribution of their personal information. Basically, it’d be nice to have Fourth Amendment-type protections against corporations, as well as government. Cryptography only goes so far, but it can help.
Public companies and governments, on the other hand, are a completely different matter. With certain limitations (trade secrets, legitimate national security interests, etc.), I think that information should be open and transparent to the public, particularly when an organization interacts with private citizens or their personal information.

Running Interference

One nice thing about the recent Arizona immigration law is that it’s running remarkably good interference for the permitless carry law in Arizona.
Sure, the permitless carry law isn’t really a big deal in Arizona, but what little drama that could be stirred up against it has been replaced with ire for the immigration law and I haven’t heard a peep against the carry law in any media recently.

Government Humor

The government recently released a report with recommendations for planning a response to a nuclear weapon being detonated in a US city.
On page 20, they describe the “no-go” zone — the region most directly affected by the nuclear blast and radiation — as follows: “The [no-go] zone might be depicted as a large concrete rubble area (with a very large hole in the middle)”
Seems like a pretty apt description to me…


The Arizona House of Representatives just voted to approve SB 1108, the “Constitutional Carry” measure that was up for voting.
Now, it goes to the governor. If she signs it (or it passes without her signature), Arizonans will be able to carry firearms concealed without a permit (e.g. Alaska/Vermont-style carry). I’m pretty sure the governor will sign the measure.
Big day indeed.

One Step Closer to Permitless Concealed Carry in AZ


SB 1108, the Senate version of the AzCDL-requested Constitutional Carry bill, passed in the Senate Third Read, by a 20-10 vote, on Monday, March 29, 2010.
From here, SB 1108 will be sent over to the House.? Since the House has already voted for an identical bill, HB 2347, during their Committee of the Whole (COW) debate, we are expecting SB 1108 to be substituted for HB 2347 during the House Third Read.? We are also expecting the House Third Read vote to be as early as Tuesday, March 30, 2010.? This will be “the” final vote on Constitutional Carry to determine if it will be sent to the Governor!

Things are moving quick on this.
Of course, I think it’s rather silly that so much legislative time (even as fast as things are going) is spent to make it legal for people to untuck their shirts while carrying (permitless open carry is already legal here) while people could carry without a permit so long as their shirt is tucked in. Permitless concealed carry should be a no-brainer.

ASUA Public Forum After Action Report

Here’s a video of the proceedings from the ASUA meeting tonight.
Sorry for the poor quality video and audio — I recorded it with my cellphone video camera, which is clearly not the best recording tool. Such is life.
I’ll go through the videos and add annotations/captions in the future.

At several points, I wanted to say to the pro-gun people, “Stop it. You’re not helping.” — we’re not talking about the Second Amendment, nor guns in parking lots, nor anything else. We’re talking about whether the ASUA, the University of Arizona student government, should support or oppose a state senate bill that would allow faculty with valid CCW permits to carry concealed firearms on campus. Your efforts basically confirm every negative stereotype, though most of the pro-gun females who spoke were clear, articulate, and made some good points. This is a matter of giving responsible adults — professors, specifically — the choice to carry a firearm on campus if they wish.
The ASUA is holding a voting meeting tomorrow in the Ventana Room at the Student Union at 5:00pm. They’ll allow a brief period of public discussion on the topics (the gun issue is the first thing on the schedule, so show up promptly), but then the ASUA Senate will have their own discussions and vote on the matter. I highly encourage decent public speakers (i.e. not like those who spoke tonight) to attend and speak tomorrow. If we get good public speakers, particularly those who don’t fit into classic stereotypes of gun owners (e.g. women, disabled, professors, etc.), that could go a long way toward getting the ASUA to support this measure.

PA State Firearm?

A state senator in Pennsylvania wants to pass legislation naming the Pennsylvania Long Rifle as the state’s official firearm. Report here.
While I think that such legislation is silly, I otherwise don’t have any objection to it. Some, however, do:

[O]opponents say the idea of designating a state firearm is unthinkable, especially since Pennsylvania cities are scarred by gun-related crimes.

Said opponents are not named in the article, nor is their reasoning — such as it is — explained. How does naming a historical, blackpowder, single-shot, longer-than-four-feet-long rifle as the state’s official firearm have anything to do with violent crime? Whoever these opponents are, they need to unbunch their panties.