Tiny Bytes: RSA
tldr RSA works by exploiting the fact we can’t easily factor 2 large prime numbers and group theory to make a trapdoor permutation, aka a function that turns x into y but y can’t easily be turned into x without a secret. However, implementing RSA gets tricky because there’s lots of subtle attacks.MathRSA takes advantage of the group Z^*_{n} (multiplicative group of integers modulo n). This is the non-negative integers less than n that have an inverse modulo n. 1 x 1 mod n = 1. 0 x int = 0 so ...
Tiny Bytes: Chilling
Hi, Just chilling tonight. Aiming to finish up chapter tomorrow. Night, Lucas
Tiny Bytes: Quickie
Hi, Did much more writing on RSA. Will finish soon. Bye, Lucas
Tiny Bytes: RSA
tldr RSA works by exploiting the fact we can’t easily factor 2 large prime numbers and group theory to make a trapdoor permutation, aka a function that turns x into y but y can’t easily be turned into x without a secret. However, implementing RSA gets tricky because there’s lots of subtle attacks.MathRSA takes advantage of the group Z^*_{n} (multiplicative group of integers modulo n). This is the non-negative integers less than n that have an inverse modulo n. 1 x 1 mod n = 1. 0 x int = 0 so ...
Tiny Bytes: Chilling
Hi, Just chilling tonight. Aiming to finish up chapter tomorrow. Night, Lucas
Tiny Bytes: Quickie
Hi, Did much more writing on RSA. Will finish soon. Bye, Lucas
Subscribe to ldnovak
Subscribe to ldnovak
Share Dialog
Share Dialog
<100 subscribers
<100 subscribers
Howdy,
Today I want to spend time framing privacy/security/surveillance problems as monitoring. As discussed on an earlier post, monitoring seems like a better word to describe privacy / surveillance issues (it’s not that I have trouble spelling surveillance I swear).
Governments are constantly trying to know as much as they can about EVERYONE. In some cases this is important. A strong government can enforce its borders. It knows how well its population. It knows threats, opportunities, where to allocate resources, etc.
Monitoring can help with this and monitoring can go overboard.
Threat monitoring I can understand: Monitoring who comes across the border
I get the idea of knowing who comes across your border. You don’t want people bringing in things illegally. I can understand customs. I can understand drones to check if people are crossing at points they are not supposed to.
(of course, this assumes the government is using this monitoring in an ethical and effective way).
Threat monitoring that I can’t understand: Monitoring what every single person says
I don’t like the idea of the government wanting to know every single conversation. Access to phones, microphones, texts, and movement of every single person seems excessive (to put it lightly) to me. I can’t imagine a system like this that leads to a significant amount of good outcomes that isn’t abused. This really feels like bringing in the bad parts of the digital world into the real world. People’s speech doesn’t need to be monitored 24/7. There may be some process we can agree on that leads to people’s speech being monitored -- but that is a tricky thing to figure out.
What I want is a good way to evaluate any system that is like this. What are the benefits? How can it be abused? What’s the harm?
Threat monitoring that I don’t like and feels grey, but I can kinda understand: tracking in large public areas
Howdy,
Today I want to spend time framing privacy/security/surveillance problems as monitoring. As discussed on an earlier post, monitoring seems like a better word to describe privacy / surveillance issues (it’s not that I have trouble spelling surveillance I swear).
Governments are constantly trying to know as much as they can about EVERYONE. In some cases this is important. A strong government can enforce its borders. It knows how well its population. It knows threats, opportunities, where to allocate resources, etc.
Monitoring can help with this and monitoring can go overboard.
Threat monitoring I can understand: Monitoring who comes across the border
I get the idea of knowing who comes across your border. You don’t want people bringing in things illegally. I can understand customs. I can understand drones to check if people are crossing at points they are not supposed to.
(of course, this assumes the government is using this monitoring in an ethical and effective way).
Threat monitoring that I can’t understand: Monitoring what every single person says
I don’t like the idea of the government wanting to know every single conversation. Access to phones, microphones, texts, and movement of every single person seems excessive (to put it lightly) to me. I can’t imagine a system like this that leads to a significant amount of good outcomes that isn’t abused. This really feels like bringing in the bad parts of the digital world into the real world. People’s speech doesn’t need to be monitored 24/7. There may be some process we can agree on that leads to people’s speech being monitored -- but that is a tricky thing to figure out.
What I want is a good way to evaluate any system that is like this. What are the benefits? How can it be abused? What’s the harm?
Threat monitoring that I don’t like and feels grey, but I can kinda understand: tracking in large public areas
I don’t like it but I get why people would want to know who is entering a shopping mall or who is speeding through red lights. I think the important thing to figure out is if monitoring is happening, what should be monitored and what is the benefit-harm breakdown. If I go to a shopping mall, how does the mall knowing I went there help them? There are benefits to not needing to keep a ticket to leave parking or a kid is missing. There are harms if this allows anyone with enough money to learn when I go shopping or watch me shop. Traffic cameras can help reduce the number of people that run red lights, which can decrease pedestrian related deaths. They can also be used to track people without a warrant.
It is vital for the people to be able to monitor the government’s actions. Especially in America, where the idea of checks and balances only works if those checks and balances can be properly enforced.
If the government is monitoring for public benefit, this monitoring should itself be monitored. It should be easy for people to understand what is being tracked and why. It should be possible for people to change their minds. Abuse should be caught. We should reap the positive benefits of using mass data collection while preventing the harm.
In my head, companies are easier to change. They (should be) beholden to law and I clearly understand their ultimate motivation (money). It makes me more worried about governments more as they help create the ecosystem for companies. In my view, often to create loop holes to get around privacy laws or technical limitations.
Still, a lot of what I typed above also applies to companies. There are types of monitoring that make a lot of sense (how well does an app work or my shipping processes), that are scary (I want to know every little thing about you), and grey (health and location data). Again, I want a lot of these tradeoffs to be clear. What is the benefit of monitoring. What are the harms?
I do feel like there are companies that want to be more privacy conscious. They just don’t know how (both technically and financially).
Something a little different than government is that companies invent new cool products. These products offer new avenues of surveillance. Some are clearly beneficial to government monitoring (location data everywhere). Some are less clear to governments but more clear to companies. Take sleep and heart monitoring. I do want my sleep and heart data to be collected. It could be used to identify problems and improve my health. (I also want to own this data BECAUSE it is mine. It is sensitive. It is valuable -- but data ownership is another rant). I feel uncomfortable about a company having that data. One bit is data ownership (don’t go off rn Lucas). Another aspect is that I don’t know what a company wants with this. Specifically, I don’t know how they’ll make money or their incentives. I’m not sure they know.
Could they collect this data diligently, not let anyone else but me access the data, provide me with insight, and eventually delete it? Yup.
Could they have lax security practices, realize that their insight business isn’t very good/profitable, and sell the data to make money. Yup yup.
If the data is leaked will everything be ok? Maybe. If the data is leaked could future companies use this to make me pay more? Probably.
The lack of clarity is alarming. And without proper privacy guarantees it is uncomfortable to have companies collect data about me.
With these fun thoughts good. night,
Lucas
I don’t like it but I get why people would want to know who is entering a shopping mall or who is speeding through red lights. I think the important thing to figure out is if monitoring is happening, what should be monitored and what is the benefit-harm breakdown. If I go to a shopping mall, how does the mall knowing I went there help them? There are benefits to not needing to keep a ticket to leave parking or a kid is missing. There are harms if this allows anyone with enough money to learn when I go shopping or watch me shop. Traffic cameras can help reduce the number of people that run red lights, which can decrease pedestrian related deaths. They can also be used to track people without a warrant.
It is vital for the people to be able to monitor the government’s actions. Especially in America, where the idea of checks and balances only works if those checks and balances can be properly enforced.
If the government is monitoring for public benefit, this monitoring should itself be monitored. It should be easy for people to understand what is being tracked and why. It should be possible for people to change their minds. Abuse should be caught. We should reap the positive benefits of using mass data collection while preventing the harm.
In my head, companies are easier to change. They (should be) beholden to law and I clearly understand their ultimate motivation (money). It makes me more worried about governments more as they help create the ecosystem for companies. In my view, often to create loop holes to get around privacy laws or technical limitations.
Still, a lot of what I typed above also applies to companies. There are types of monitoring that make a lot of sense (how well does an app work or my shipping processes), that are scary (I want to know every little thing about you), and grey (health and location data). Again, I want a lot of these tradeoffs to be clear. What is the benefit of monitoring. What are the harms?
I do feel like there are companies that want to be more privacy conscious. They just don’t know how (both technically and financially).
Something a little different than government is that companies invent new cool products. These products offer new avenues of surveillance. Some are clearly beneficial to government monitoring (location data everywhere). Some are less clear to governments but more clear to companies. Take sleep and heart monitoring. I do want my sleep and heart data to be collected. It could be used to identify problems and improve my health. (I also want to own this data BECAUSE it is mine. It is sensitive. It is valuable -- but data ownership is another rant). I feel uncomfortable about a company having that data. One bit is data ownership (don’t go off rn Lucas). Another aspect is that I don’t know what a company wants with this. Specifically, I don’t know how they’ll make money or their incentives. I’m not sure they know.
Could they collect this data diligently, not let anyone else but me access the data, provide me with insight, and eventually delete it? Yup.
Could they have lax security practices, realize that their insight business isn’t very good/profitable, and sell the data to make money. Yup yup.
If the data is leaked will everything be ok? Maybe. If the data is leaked could future companies use this to make me pay more? Probably.
The lack of clarity is alarming. And without proper privacy guarantees it is uncomfortable to have companies collect data about me.
With these fun thoughts good. night,
Lucas
No activity yet