Why There Can Be No Solution To Preventing Communication Systems Abuse (John Young)

Here is a list of arguments by John Young (@Cryptomeorg) on why there can be no solution to preventing communication systems abuse (adapted from source):

  1. Due to the technology of cellphone systems, like the Internet, there is not likely to be a means to prevent geolocation and user data from being accessed by unauthorized parties.
  2. At best there will be legal protections which cannot be technologically fulfilled.
  3. It has become common for legal programs and promises of digital data protection and privacy to mislead about technological capabilities.
  4. Operators of communication systems are aware of the impossibility of technological protection to fulfill legal requirements but join in the deception in order to assure customers, officials and watchdogs that protection is possible.
  5. Operators of communication systems work in concert with governments to allow access beyond what is legislated, in accord with long-standing practices worldwide. [Also see James Bamford talk at 31c3: A century of secret deals between the NSA and the telecom industry]
  6. Operators of communication systems also permit access to the systems by third parties under contract provisions which are customarily revealed only in part to users, and in some cases only in part to officials.
  7. Most communications systems are privately owned and ran for profit, even those ostensibly owned by governments. Information about these systems is closely guarded against outside parties learning about the systems’ capabilities, including governments, and in many cases, third parties who may not know in full how their participation is used by the system operators.
  8. Deception about communication systems is fundamental to guarding information about the systems from competitors, governments, third parties, rogue employees, spies and criminals, many of who work in concert.
  9. Every communication system is a spying system. Digital systems are far easier to penetrate than analogue systems and thus much easier to use for spying.
  10. Deception about digital systems is fundamental to their carefully guarded operation.
  11. Every manufacturer of communication systems equipment is capable of being penetrated, corrupted and bribed. Undiscovered covert attacks are most lethal to the manufacturer’s survival; discovered attacks are most often concealed, denies, lied about, used against competitors, secretly sold as products by the manufacturer, by their rogue employees, by inside spies of competitors. Deception about successful attacks is fundamental to the systems’ operation.
  12. The only protection against communication systems is to avoid their use. Protections of promises of encryption, proxy use, Tor-like anonymity and “military-grade” comsec technology are magic acts — ELINT, SIGINT and COMINT always prevail over comsec. The most widely trusted and promoted systems are the most likely to be penetrated, exploited, spied upon, successfully attacked, covertly compromised with faults hidden by promoters, operators, competitors, compromisers and attackers all of whom warn against the others while mutually benefiting from continuous alarms about security and privacy.
  13. Avoidance of communication systems does not eliminate the exploitation of data already collected, manufacture of false data, targeting of those who avoid the systems, planting concealed tracking devices on a person, using others to track a person.

Some good thinking points.


Leave a Reply

Your email address will not be published. Required fields are marked *