Napoleon’s telegraph

Napoleon used every tool at his disposal to maintain his power over France, including telecommunications.

I hadn’t known about it either, till I read James Gleick’s The Information. He tells the story of the télégraphe in 19th-century France, devised by the Chappe brothers. It was similar to the “clacks” in Terry Pratchett’s Discworld novels, a system of towers for sending encoded messages visually over long distances. At its height, the system stretched to every corner of France. It used some remarkably modern communication concepts.

The encoding system permitted 98 values by the positioning of beams and arms. Six of them were reserved for “control characters,” as we might call them today, such as start, stop, acknowledgement, and failure. After taking power in 1799, Napoleon used the system to send the message to Lyon, Brest, and Strasbourg: “Paris est tranquille et les bon citoyens sont contents.”

Transmission of messages was very slow and error-prone. Each relay station had to be within sight of the next, and each one could introduce errors or lose the whole message. In warm weather one message in three was lost, and in winter only one message in three arrived. At night no transmission was possible.

Napoleon banned using the system for non-governmental purposes. After his time, an 1837 law criminalized unauthorized télégraphe communication. Just a few years later, though, it was a relic of the past, replaced by the electric telegraph. Governments lost their stranglehold on communication, and people could send fast long-distance messages for business or personal reasons.

This week in Techno-Liberty (March 21)

Learning digital security: A new project, the Digital Security Exchange, is dedicated to “helping the U.S. digital security community be more responsive to the needs of civil society groups and high-risk communities.” The introductory article, by Josh Levy, states that “digital security is largely a human problem, not a technical one.” It’s hard for people without much technical knowledge to understand. It will talk with high-risk groups and match trainers up with communities.
Continue reading This week in Techno-Liberty (March 21)

Should the Internet of Things Be Regulated?

There’s a big problem with little devices on the Internet. A lot of them have really sloppy security. They have default passwords which require extra effort to change. Some have their own Web servers for no fathomable reason, and others have unsecured Wi-Fi connections. People install them with very little thought and no configuration.

These devices are vulnerable to attacks that take them over remotely, incorporating them into botnets. The October 21 attack on Dyn’s DNS servers made many websites unreachable for a large part of the day. The attack came from thermostats, refrigerators, security cameras, and light bulbs. It’s like an episode of The Twilight Zone.
Continue reading Should the Internet of Things Be Regulated?

The week in techno-liberty

Varying things a little again, here’s a digest of the top events of the past week in techno-liberty. These will be more substantial pieces than the “newsbits” I tried earlier, but not as extensive as full articles. If it works out, I’ll alternate these with essays. Let me know what you think.
Continue reading The week in techno-liberty

A bumpy week in government surveillance

William Binney (Wikimedia)It’s been quite a week. It may well be true that Trump was wiretapped, even if he was making it up. NSA whistleblower Bill Binney said, “I think the president is absolutely right. His phone calls, everything he did electronically, was being monitored.” Contrary to Trump’s charge, there’s no evidence Obama had anything to do with it. The intelligence agencies are a power of their own, apart from what any administration tells them to do.

Meanwhile, WikiLeaks claims that “the CIA lost control of the majority of its hacking arsenal.”

WikiLeaks says the archive appears to have been circulated among former government hackers and contractors, one of whom provided WikiLeaks with portions of it. The website says the CIA hacking division involved “more than 5,000 registered users and had produced more than a thousand hacking systems, trojans, viruses, and other ‘weaponized’ malware.”

These reports confirm the impression that not much changes in the intelligence world, regardless of who is in office. The “Deep State” goes on. It provides stability, but it creates power centers that no one can do much about. Whether the intelligence agencies barge ahead independent of executive control or Trump replaces the leadership of the intelligence agencies with people loyal to him, it’s bad.

The reports tells us that the intelligence agencies need to resort to exploiting security holes to get information. That’s good news, in a way. It confirms that they don’t have widely usable backdoors into systems. Encrypted applications such as Signal and WhatsApp are still secure, as far as I can tell.

It’s clear that the CIA has its own security problems. We should be glad it doesn’t have backdoor code, or there’s no telling who’d have it by now.

This breach just adds to the reasons to take security seriously. Whether it’s the CIA or some free-lance crook trying to get into your devices, you want to keep them out. This means the usual array of precautions: Use strong passwords, don’t run suspicious attachments, use security software, beware of USB sticks in the mail, set up a firewall, etc. There’s no reason to have high tech just for its own sake, especially considering how many “Internet of Things” devices have utterly sloppy security.

When doing anything on the Internet, remember the words of Barty Crouch, Jr., in Harry Potter and the Goblet of Fire: “CONSTANT VIGILANCE!” Especially against Barty Crouch, Jr.

GPG, encryption, and signatures

A useful feature of this blog, at least for me, is getting me to do the things I should be doing. I’d let my GPG software slip to the point that it didn’t work with my current version of Thunderbird. This past weekend I got it back up to date. Since my PGP key was five years old and not strong enough by current standards, I revoked it and created a new key.

GnuPG logoAt the same time, I updated my Enigmail add-on for Thunderbird, which is what lets it encrypt and sign messages and decrypt and verify incoming ones. From now on, I’ll sign many of my messages. You’ll need to have some kind of PGP / GPG software on your end to verify the signatures; if you don’t, you’ll just see some meaningless-looking characters at the end, so it’s harmless.
Continue reading GPG, encryption, and signatures

The real problem exposed by the Cloudflare leak

The reporting about the Cloudflare leak had me puzzled. Apparently reliable reports said that its parser bug had leaked customer sites’ HTTPS data, including passwords. My immediate reaction was to wonder how this was even possible. You can’t pull data out of someone else’s HTTPS transactions without their private key. I asked about this in a comment on a Dreamwidth post that raised the matter, and was told I was being “belligerant” by asking. Hmm … At least one IT person doesn’t want me asking. Something interesting must be going on.
Continue reading The real problem exposed by the Cloudflare leak