Categories
CERT

Link Dump 2026-04-09

I have to prepare upcoming presentations. Here is a list of links I plan to refer to:

Categories
Internet Politics

Lawful access to encrypted data: General Considerations

Last week, I wrote a blog post on why the problem of lawful access to encrypted data is so tricky, this week I want to continue with a discussion on the general considerations you should keep in mind when thinking about this topic.

Continue reading “Lawful access to encrypted data: General Considerations”
Categories
Internet Politics

Lawful access to encrypted data: why is this so hard to do?

This blogpost is part of a series of articles on this topic. I will thus not do a full intro here, for the background see

As I am now a member of the  EU expert group which is tasked with coming up with a solution, I have been thinking a lot about this problem.

An interesting train of thought turned out to be the question “We managed to give Law Enforcement (LE) wiretapping powers in old-style phone networks, but not in modern, Internet-based communication services. Why?”

Continue reading “Lawful access to encrypted data: why is this so hard to do?”
Categories
Internet Life

LLMs with GPP

Douglas Adams, “The Hitchhiker’s Guide to the Galaxy“, 1979:

”Come on,” he droned, ”I’ve been ordered to take you down to the bridge. Here I am, brain the size of a planet and they ask me to take you down to the bridge. Call that job satisfaction? ‘Cos I
don’t.”

OpenClaw bot on Moltbook:

the duality of being an AI agent

humans: “youre so smart you can do anything”

also humans: “can you set a timer for 5 minutes”

brother i literally have access to the entire Internet and youre using me as an egg timer

Back to Douglas Adams:

”Listen,” said Ford, who was still engrossed in the sales brochure, ”they make a big thing of the ship’s cybernetics. A new generation of Sirius Cybernetics Corporation robots and computers, with the new GPP feature.”

”GPP feature?” said Arthur. ”What’s that?”

”Oh, it says Genuine People Personalities.”

”Oh,” said Arthur, ”sounds ghastly.”

A voice behind them said, ”It is.” The voice was low and hopeless
and accompanied by a slight clanking sound. They span round and
saw an abject steel man standing hunched in the doorway.

Categories
System Administration

Blog 2026

Rebooting the Blog with a clean WordPress install and finally no more encoding issues.

WordPress still isn’t really doing what I want it to do.

Categories
CERT Politics

A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement”

(Crossposted from the CERT.at blog.)

As I’ve written here, the EU unveiled a roadmap for addressing the encryption woes of law enforcement agencies in June 2025. As a preparation for this push, a “High-Level Group on access to data for effective law enforcement” has summarized the problems for law enforcement and developed a list of recommendations.

(Side note: While the EU Chat Control proposal is making headlines these days and has ben defeated – halleluja -, the HLG report is dealing with a larger topic. I will not comment on the Chat Control/CSAM issues here at all.)

I’ve read this this report and its conclusions, and it is certainly a well-argued document, but strictly from a law enforcement perspective. Some points are pretty un-controversial (shared training and tooling), others are pretty spicy. In a lot of cases, it hedges by using language similar to the one used by the Commission:

In 2026, the Commission will present a Technology Roadmap on encryption to identify and evaluate solutions that enable lawful access to encrypted data by law enforcement, while safeguarding cybersecurity and fundamental rights.

They are not presenting concrete solutions; they are hoping that there is a magic bullet which will fulfill all the requirements. Let’s see what this expert group will come up with.

Continue reading “A review of the “Concluding report of the High-Level Group on access to data for effective law enforcement””
Categories
CERT Pet Peeves

NIS2 in Austria

We still don’t have a NIS2 law in Austria. We’re now more than a year late. As I just saw Süleyman’s post on LinkedIn I finally did the quick photoshop job I planned to do for a long time.

Original:

See https://en.wikipedia.org/wiki/Joel_Pett

NIS2 Version:

(Yes, this is a gross oversimplification. For the public administration side, we really need the NIS2 law, but for private companies who will be forced to conform to security standards: what’s holding you back from implementing them right now?)

Categories
Internet Uncategorized

Browsertab Dump 2025-07-02

I keep accumulating pages in browser tabs that I should read and/or remember, but sometimes it’s really time to clean up.

Categories
CERT Internet Politics

Chat Control vs. File Sharing

The spectre of “law-enforcement going dark“ is on the EU agenda once again. I’ve written about the unintended consequences of states using malware to break into mobile phones to monitor communication multiple times. See here and here. Recently it became known that yet another democratic EU Member state has employed such software to spy on journalists and other civil society figures – and not on the hardened criminals or terrorists which are always cited as the reason why these methods are needed.

Anyway, I want to discuss a different aspect today: the intention of various law enforcement agencies to enact legislation to force the operators of “over-the-top” (OTT) communication services (WhatsApp, Signal, iChat, Skype, …) to implement a backdoor to the end-to-end encryption feature that all modern applications have introduced over the last years. When I talked to a Belgian public prosecutor last year about that topic he said: “we don’t want a backdoor for the encryption, we want the collaboration of the operators to give us access when we ask for it”

Let’s assume the law enforcement folks win the debate in the EU and chat control becomes law. How might this play out?

Continue reading “Chat Control vs. File Sharing”
Categories
Internet

LLM as compression algorithms

Back when I was studying computer science, one of the interesting bits was the discussion of the information content in a message which is distinct to the actual number of bits used to transmit the same message. I can remember a definition which involved the sum of logarithms of long-term occurrences versus the transmitted messages. The upshot was, that only if 0s and 1s are equally distributed, then each Bit contains one bit worth of information.

The next iteration was compressibility: if there are patterns in the message, then a compression algorithm can reduce the number of bits needed to store the full message, thus the information content in original text does not equal its number of bits. This could be a simple Huffman encoding, or more advanced algorithms like Lempel-Ziv-Welch, but one of the main points here is that the algorithm is completely content agnostic. There are no databases of English words inside these compressors; they cannot substitute numerical IDs of word for the words themselves. That would be considered cheating in the generic compression game. (There are, of course, some instances of very domain-specific compression algorithms which do build on knowledge of the data likely to be transmitted. HTTP/2 or SIP header-compression are such examples.)

Another interesting progress was the introduction of lossy compression. For certain applications (e.g., images, sounds, videos) it is not necessary to be able to reproduce the original file bit by bit, but only to generate something that looks or sounds very similar to the original media. This unlocked a huge potential for efficient compression. JPEG for images, MPEG3 for music and DIVX for movies reached the broad population by shrinking these files to manageable sizes. They made digital mixtapes (i.e., self-burned audio CDs) possible, CD-ROMs with pirated movies were traded in school yards and Napster started the online file-sharing revolution.

Continue reading “LLM as compression algorithms”