Moving The Encryption Debate Forward

Mike Masnick at techdirt just published a story that gave me some hope of a little possible sanity in the debate about law enforcement having the right or ability to disrupt encryption as we know it. As he frames it, “You have people who understand encryption who keep pointing out that what is being asked of them is impossible to do without jeopardizing some fairly fundamental security principles, and then a bunch of folks who respond with ‘well, just nerd harder.'”

My god that framing is perfect. People, even one’s who should know far better, tend to make the argument of authority, not of possibility. In his book The Four, NYU proff. Scott Galloway argues that apple could have built a backdoor into the iOS encryption of the San Bernardino shooter. His statement “It’s just a small door” was possibly the dumbest thing I’ve ever read written by someone I think of as smart.

The Carnegie Endowment assembled a group of real experts with a variety of viewpoints to find some sort of consensus and maybe move this conversation forward. The group says they

“reject two straw men—absolutist positions not actually held by serious participants, but sometimes used as caricatures of opponents—(1) that we should stop seeking approaches to enable access to encrypted information; or (2) that law enforcement will be unable to protect the public unless it can obtain access to all encrypted data through lawful process. We believe it is time to abandon these and other such straw men.”

No knowledgeable person from John McAfee, to Brian Krebs , holds those positions. Law enforcement have more data now with access to basically every communication possible, with plenty of tools and ways to get information. Some info may stay encrypted. Because encrypted means protection for everyone. You, me, and governments. Security flaws, like the one project zero disclosed of the iPhone, hurt everyone.

We are tracked, and targeted in every possible way, if an ad tech company knows it, law enforcement can get it.. People this week had to write post explains how Facebook knows what freaking period tracking apps know. The idea that some data, should stay encrypted, without building backdoors that hackers will exploit is a fundamental idea that tech folks need to stick to our guns about. It’s bad when a company leaks millions of records they left unencrypted. It’s way worse, when no encryption is safe from hackers.

The Carnegie Endowment group listed a framework of how to weigh costs and benefits. They provided many use cases which all proposal should be tested against. Good! That’s a start but stupid people including those on the NYtimes best selling list with respected jobs, need to stop muddying the damn waters.

Encryption, must be built to work 100% of the time, otherwise it will end up working 0% of the time. Despite best efforts flaws have been found in every human system. Making encryption weeker is an analogy akin to making locks suck, because sometimes police have a warrant and need in. A lock, even the best safe will fail in some way, same with encryption. Why should we start out with the idea of making the lock fail fast. A backdoor, is just a way to make security fail fast for everyone.

Some added crap, ICE Cellebrite And the death of privacy. U.S. Immigration and Customs Enforcement is paying at least 3$0 million Cellebrite for tools to bypass smartphone security.

News Anchor Suing Facebook, Reddit And Others For Hosting Her Image

Karen Hepp, a female news anchor for Fox 29 in Philadelphia, is claiming that an image of her has been sexualized and used in advertisements without her permission, and is suing websites including FaceBook and Reddit for damages in excess of $ 10 million. She also seeks a court order to force all sites listed in the lawsuit to immediately remove the photo.

The lawsuit however may not be winnable. According to Adi Robertson of The Verge, under Section 230 of the Communications Decency Act, websites like this aren’t generally responsible for content that’s posted by their users. The post on Reddit, are clearly user-generated. Hepp could possibly sue the person user who posted the photo, but she couldn’t extend that liability to Reddit.

Hepp, who lives in Merion Station, says in the lawsuit she only learned her image was being used on these various websites after her co-workers at Fox 29 alerted her. She is suing the listed companies for breaking a Pennsylvania “right of publicity” law. This isn’t and cannot be a copyright lawsuit, as she didn’t take the photo. However the Pennsylvania law gives folks control of commercial use of their names and likenesses.

Hepp says in the suit that she’s not sure where the photo in question came from, but the suit suggests it was taken by security cameras in an unknown convenience store in New York,NY. The suit alleges that the photo was taken without her permission, but the website Legal Beagle says in New York, you may videotape a subject without consent, unless they have some reasonable expectation of privacy.

A convenience store checkout area with or without a posted sign warning of video recording, is not an area, such as a bathroom or changing room that would give users a legally defensible expectation of privacy.

Writing for Internet News Flash Mason Pelt says “I have done online reputation management for clients in the past, and in my experience this lawsuit will just cause the image to be far more widely disseminated than it ever otherwise would have been. I speak from personal experience when I say lawsuits are expensive and stressful. As stated, I’m not a lawyer, but Hepp is very unlikely to win a dime from any of the companies she is suing, based on Section 230 of the CDA and the fact that at least one of the companies named is based outside of the U.S.”
Online reputation management refers to influencing and changing a individual or group’s reputation on the internet. It’s a combination of public relations term, social media, SEO and other activities. That help improve a person’s reputation on the internet.

Sometimes this uses a process like creating new content and optimisation of that content. If someone was doing SEO for the city of Dallas they would perhaps try to hide bad content like crime rates, and talk about good things like art galleries.

For a person like Hepp online reputation management would be using the position as a news anchor to create a lot of positive content. It may not be a good strategy to get a lot of news about the photo you’re trying to hide. Because many news sites will publish the image online in a way that is clearly protected by copyright and shield laws. Meaning it will become more prominent.