Some people are fans of medieval torture, and who can blame them. There’s just something about the sadistic treatment of people that makes us both want to watch with a bowl of popcorn in our hands, yet at the same time turn away in disgust and discomfort.

How else do you explain the popularity of shows like Saw?

I personally am a fan of the Iron Maiden, which before it became a name of rock band, was a evil torture device designed to impale its victims with spikes, but meticilously avoid crucial organs thereby prolonging the agony, letting the victim slowly bleed to death rather than die from something boring like heart failure or liver damage.

There’s a list on Wikipedia, that has all the gory details of medieval torture techniques, including keel-hauling (which I always though was some pirate term) and Scaphism, which is  a Persian specialty where the victims dies of Diarrhea.

It’s a whole new level when the victim dies of Diarrhea—Diarrhea!! (and the smart-ass know it all types probably are thinking that Persia wasn’t in the medieval period–yes, I know and I don’t care)

[*Steve in the comments points out that Scaphism didn’t really die from diarrhea but from insects feasting on them. Which doesn’t exactly make it sound any better ]

Fortunately, we live in a modern world, where such barbarism is consigned to history classes rather than current affair shows, and trust me while water boarding is torture, it’s probably a couple of rungs lower on the cruelty scale than an Iron Maiden or Scaphism.

It’s good to view out past just to figure our far along we’ve come along as a species, to take stock in the great progress we’ve made in civil liberties. Torture is a fine example of such progress, but take for example the what 16th century English had to deal with, when they were sent to the Star Chamber!

People think of the media as the powerful behemoth that’s capable of swaying public perception.

On the contrary, I think public perception sways the media.

Companies like Facebook, Google and even Amazon, have gone all-in on the confirmation bias, the idea that people like and prefer information that confirms their existing ideas and biases. No one likes being told their wrong about religion, climate change or even smoke, you can a great Ted Talk by Eli Pariser here.

On April 2nd, 1917, the President of the United States of America addressed an extraordinary session in congress, asking them to authorize America to declare war against the central powers in World War 1.

Across the Atlantic, the European continent had been devastated by nearly 3 years of bloody conflict. Regardless of who started the war, President Wilson was sure the war was at it’s tail end and he knew that if America stayed a neutral observer any longer, it might not get a seat at the table to discuss peace terms.

President Wilson had an agenda to setup the League of nations, to ensure that such wars would never be waged again, and this would truly be the war to end all wars.

Sadly, with hindsight we know the truth, that America would reject the League of Nations, and the peace treaty at Versailles would act more as a 20 year armistice than an indication of true lasting peace.

America was a pale shadow of what is it today. Britain was the richest country on earth and had the biggest Navy while Germany had the best industry and the biggest army. America was a sleeping giant, but one awoken by WW1 and one that has never slumbered since.

But what made her go to war?

What compelled this great nation, whose on founding fathers warned would never go abroad in search of monsters to destroy, to take up arms and cross an ocean to wage war?

Many think it was Lusitania, some suggest the Zimmerman telegrams, but those were merely side distractions to the true cause of America’s involvement. The true reason for her involvement and ultimate victory is found in one sentence from the speech of President Wilson on that fateful day–The world must be made safe for democracy.

It wasn’t that America was trying to impose democracy on Europe or Asia, rather it was merely making it safe for democratic principles to thrive in the face of despotic monarch and militaristic dictators. Contemporary American foreign policy fails to distinguish between making the world safe for democracy and imposing democracy.

America can never please her critics, get too involved and she’s accused of meddling in affairs, while staying neutral and distant invites the critic of indifference to human suffering.

But not all dangers to democracy come in the form of dictators with armies at their disposal, and in one sense America continues to make the world safe–while the rest of us remain blissfully unaware of her efforts.

Nobody really knows how the FBI is hacking into iPhones.

Well nobody, except Cellebrite and the FBI themselves.

We can safely assume that the underlying crypto wasn’t hacked–that would be truly catastrophic for everyone’s security, and way above the pay grade of a company like Cellebrite.

So we have to conclude that somehow the FBI has managed to trick the iPhone into giving up it’s encryption keys, or bypassed the Passcode protections on the phone. Apparently the hack doesn’t work on iPhone 5S and higher devices,  and obviously this can’t be a software bypass (because all iOS devices literally run the software), so it has to be a hardware limitation, one that probably affects the key storage.

What happens when a government agency tasked with providing cybersecurity “guidance” and “expertise” gives you advice like “avoid uploading pictures of yourself to avoid the threat of black magic”?

And then goes into damage-control claiming that it “was just a casual remark and did not represent the federal agency’s official position on the matter”,  only to follow-up with more ridiculous advice like “passwords should be changed constantly to prevent identity theft and hacking”.

Sometimes I sigh so often my wife gets worried—or annoyed, maybe both :)

First-off you know my view on black magic, and for an agency under MOSTI to make such an anti-science remark is just appalling. Secondly, from a security point of view, changing passwords regularly doesn’t help, and they cause more harm than good by encouraging users to use easy to remember passwords that they transform after every iteration. Think superman123, then superman456…etc.

In fact, research from Microsoft suggest changing your passwords regularly isn’t worth the effort, and the best one can do is use a password manager that would allow you to have passwords that are both unique and hard to remember across all online services you use.

The fact, that the head of cybersecurity Malaysia is giving advice that most people in the security community consider obsolete doesn’t exactly calms your nerves.

In the online world, surveillance and censorship are two sides of the same coin, you can’t have one without the other.

When the government moots a ‘blogger registration’ act , we automatically infer it to be part of a wider censorship initiative, an attempt to control the narrative by subtlety telling bloggers “we know who you are, so watch what you say”.

We intuitively get that putting a whole community under surveillance is a bid to control expression within that community, and if someone was even ‘potentially’ watching you–your behavior would change.

But the internet has made the connection between surveillance and censorship work in reverse, not only does surveillance lead to censorship,  but censorship leads to surveillance as well.

Every now an again, I brush off the dust from an old laptop I have in the corner, and boot-up a couple of forgotten python scripts.

One of those scripts would scrap the DOE Malaysia website for API readings in Malaysia, unfortunately, those damn fools at the DOE now only publish 7-day data, and completely wipe off anything older–for some unknown reason.

I even contacted my ‘insider’ over at MDEC to help out, since she’s leading the open data initiative, but I’ve not had any response. So I’ve stopped work on the collating Malaysian API readings–for now. I suppose I could create a schedule job to scrape the website on a frequent basis, but that’s not something I’m interested in at the moment.

A public service announcement from our good friends at the FBI, warns that motor vehicles are increasingly vulnerable to remote exploits, which in the wake of the bad-ass research from Chris Valasek and Charlie Miller shouldn’t be shocking.

What struck me, is that the security advice the FBI is offering drivers was identical to the advice cybersecurity experts have been giving to–well just about everyone. As more of your car intertwines with software to provide things like automatic wipers, ABS and even bluetooth audio, the more it becomes susceptible to cyber attacks we traditionally associated with software on servers rather four-wheeled auto-mobiles.

You don’t have a right to freedom of speech.

Obviously true if you’re Malaysian, but even Americans only enjoy a liberty in freedom of speech and not an absolute right.

The difference is clear, liberties are protections you have from the government, while rights are something you have from everyone.

So if someone threatened your right to live, the government is obligated to intervene and protect that right, because your right to live is a protection you have from everyone, whether it be a common criminal, abusive husband or Ayotollah Khomeini.

On the other hand you only have a liberty in freedom of speech (at least in an American context), which means that the government can’t prevent you from speaking, or penalize you for something you said.

However, the government is under no obligation to ensure your speech gets equal ‘air-time’, a newspaper may decline to publish your article, an auditorium may elect to deny you their roster, and online platforms like Facebook may choose to remove your post–all of which do not violate your freedom of speech, because freedom of speech is protection only from the government (state actors) and not from private entities.

And like all liberties and rights, freedom speech is not absolute. Under strict conditions even the US government can impose limits to what they’re citizens can say, or penalize them for things they have said.

In the case of freedom of speech, a liberty defined in their first amendment, those strict conditions are very strict indeed. In order for the government to infringe on the freedom of speech, it must demonstrate a imminent danger that will result in a serious effect.

In other words the government must be able to prove that if the speech were given freedom, there would be an imminent threat of something serious. Both the imminence and seriousness must be proven, failing which the government cannot infringe on that speech. This is indeed a very tall hurdle to climb, and based on my cursory research no case has ever reached this limit.

The Apple vs. FBI story has evolved so much in the past weeks, I thought I needed to write a separate post just on the updates. Admittedly, the story is far more complex and nuanced that I initially presumed, and everyone wants to be part of the conversation.

On one side, we have the silicon valley tech geeks, who seem to be unanimously in the corner of Tim Cook and Apple, while on the other  we have the Washington D.C policy makers, who are equally supportive of James Comey and the FBI whom he directs.

But to understand this issue from a fair and balanced perspective, we need to frame the correct question, not just what the issue about, but who is the  issue really focused on.

This isn't just about the FBI or Apple

The FBI is just a part of the The Government, specifically the part tasked with investigating federal crimes.James Comey, FBI director, is genuinely trying to do his job when he uses the All Writs Act to compel Apple to create a version of iOS that would allow them to brute-force the PIN code.

But there are other parts of The Government, like the NSA, who have the wholly different task of national security. To them, if a smartphone, is genuinely secured from FBI, then it’s secured from Russian Cybercriminals and Chinese State Sponsored actors too (probably!).

And because so much data are on smartphones, including the smartphones of federal government employees, the national security interest of America is better protected by having phones that are completely unbreakable, rather than ones the provide exceptional access to law-enforcement. Exceptional being defined as, no one has access except for law enforcement, and perhaps TSA agents, maybe border patrol and coast guard–you can see how slippery a slope ’exceptional’ can be. Oh and by the way, exceptional doesn’t exist in end-to-end encryption.

Former NSA director, Michael Hayden, has openly said “I disagree with Jim Comey. I actually think end-to-end encryption is good for America”. So it appears the NSA has an interest of national security that competes with the FBIs interest of investigating crimes.

The Government isn’t a single entity with just one interest, rather it is a collection of agencies with sometimes competing objectives, even though they all ultimately serve their citizens.  Experts believe the NSA has the capability to crack the iPhone encryption easily, but are refusing to indulge the FBI, because–well it’s hard to guess why the NSA don’t like the FBI.

testimony to House Judiciary Committee. Both methods involved complicated forensics tools, but would cost a few hundred thousand dollars (cheap!) , and wouldn’t require Apple to write a weakened version of iOS. If the goverment can get into the phone for $100,000 , that would mean it couldn’t compel Apple under the All Writs Act (AWA).

Remember, the FBI buy their spyware from the lowlifes at hacking team, which means they’re about as competent as the MACC and Malaysian PMO, but if Comey and Co. can afford $775,000 on shit from Hacking Team, I’m guessing $100,000 for a proper computer forensics expert isn’t a problem.

But maybe there’s an ulterior motive here, at the very recently concluded Brooklyn iPhone case, Magistrate Judge Orenstein noted that necessity was a pre-requisite for any request made under AWA, and if the FBI have an alternative for a reasonable price, then Apple’s support was not necessary, and hence outside the ambit of the AWA. So maybe the NSA isn’t providing the support to necessitate the NSA.

An this isn’t singularly about the FBI either. The New York A-G is waiting for this case to set precedent before he makes request for the 175 iPhones he’s hoping to unlock for cases that aren’t related to terrorism or ISIS. You can bet he’s not the only A-G waiting for the outcome, and it’s highly unlikely for the Judge to make her ruling so specific that nobody except the FBI could use it as precedent.

But it’s also not just about Apple. The legal precedent set by this case would apply not just to every other iPhone, but possibly every other smartphone, laptop, car or anything else we could squeeze into the definition of a computer. This is about more than Apple, and that’s why the tech companies are lining up in support of Mr. Cook, 32  such companies the last I checked.

But now that we’ve framed the ‘who’ , let’s frame the ‘what’.