I'm afraid that is also not correct. Dunning-Kruger is defined as people with low ability in a domain overestimating their own ability in that domain – it does not require someone to be really good in another domain.
It's definitely a dilemma. I guess the sweet spot would be security systems that are well understood in house but built on existing, well understood and studied standards and theory.
A starting point might be to use battle-tested open source systems but subject them to detailed in-house analysis and audit.
That sounds like it would be a big win for law enforcement. If you can force your opponent to avoid some modern ways to communicate, you can put a big dent in their efficiency.
It's possible that paranoia might lead to criminals avoiding even technology that they could be using safely, further slowing them down.
An old fashioned system also seems like it would require more people, opening up more opportunities for human intelligence operations targeting the network.
Properly installed (F-Droid) on off-the-shelf phones with fresh prepaid sims and OS updates disabled, it can be considered secure software against all but the most sophisticated adversaries.
Then, simply verify the handshake key for your contacts, and you can be sure there is no man in the middle attack. Rotate phone+sim every 2 months, while keeping the same "outside" number, say, a landline you control.
There are attacks against this too, but they are very noisy (modify all Signal binaries delivered to a certain area) or typically exceed the technical capabilities of run-of-the-mill agencies (exploit an OS zero day).
The easier way to attack this is by instituting a know your customer law for phone systems including prepaid SIMs, combined with accomplice charges for anyone who's SIM is used in connection with criminal acts.
People are too free with their phones. Just walk into a bar and say you're too drunk to drive and could the bartender call my wife to pick me up? Not knowing its actually picking up $60M worth of coke instead of picking up me.
Or pull off to the side of the road, walk in well dressed, wave a dead iphone in front of them, ask the receptionist "hey my car broke down and my battery is dead, could you call this number and tell them my car broke down?" Or bonus points if the cops arrive because you're blocking traffic, ask the cop to call on their phone.
(edited I got the best idea that most anyone would fall for: Slip a kid $20 to ask an adult to call his mommie because he got lost...)
This is all well and good for communicating a single, pre-planned operation, but you're going to need to communicate a lot more in order to actually do all that pre-planning for it.
And how would you address the issue of people being good sams --- making calls on behalf of someone else when they ask, in good faith.
See for example RMS:
When I need to call someone, I ask someone nearby to let me make a call. If I use someone else's cell phone, that doesn't give Big Brother any information about me.
> What specifically in this comment would you penalise?
One comment up from that I said:
> The easier way to attack this is by instituting a know your customer law for phone systems including prepaid SIMs, combined with accomplice charges for anyone who's SIM is used in connection with criminal acts.
~~~~~~~~~~~~~~~~
> And how would you address the issue of people being good sams --- making calls on behalf of someone else when they ask, in good faith.
Prosecutorial discretion.
And to be clear I'm not pushing for these laws; I think they're awful. I just see it as a clear direction that .gov is going to go if they feel the need to that's easier than maintaining zero days for general law enforcement. The ability to actually tie phones to personal identity in a way good enough for a court room.
> Penalisation under a "KYC" law would have to be extreme.
Yep. It would have to be enacted in the kind of furvor like existed around 9/11. But, the PATRIOT act had been floating around DC for years before 9/11 too.
> And I suspect there'd be all kinds of challenges to such a requirement.
> Again, the Good Sam loophole is huge.
In the US, it really isn't. It's a patchwork of state and local laws that could absolutely be invalidated by the feds in the case of a global communications medium like the phone network, since that implies interstate commerce.
By "huge" I mean that the plausible set of circumstances in which someone loaned out a phone for a call is large.
It's one thing to put leverage on the already marginal. Another to haul upstanding citizens off for offering a stranger a phone call. Resistance would be huge. No matter how weak any perceived legal shield would be.
That doesn't really work in practice. All it does is raise the price of black market sims by a fixed, low dollar amount, that is irrelevant for criminal operations willing to spend thousands of dollars for secure coms.
Think about it: unless you distribute SIMs at the local police station, your last mile enforcement officer is just some guy in a kiosk making minimal wage. Assuming he is motivated by law to do his job right, and photocopy IDs etc., he's still untrained to spot fake ones, unwilling to make a ruckus if the customer face does not really match the ID etc.
All it takes is one rogue distributor or some homeless guy, and you will have thousands of SIMS that can't be traced. Then you have anonymous roaming sims for people willing to pay the data roaming fees.
> Properly installed (F-Droid) on off-the-shelf phones with fresh prepaid sims and OS updates disabled, it can be considered secure software against all but the most sophisticated adversaries.
You can easily identify the phone of the target by physical surveillance coupled with Stingray type of cell traps. No need to bother with IMEI, plain cell number which you will then intercept with operator support.
So you will prove the target uses a phone, and that phone connects to Signal servers or some offshore VPN. That's not very useful.
The quest is to access communication contents, or map out a criminal network that can then then lead to identifying other physical locations of terminals and unknown members of the ring.
This whole potential problem is one of the reasons the particular example isn't that great. It's overhyped in Java-land where some people treat naked strings like lepers but in places like Clojure-land you'd get a lot of people saying "Just use a keyword" for both places. The keyword's name is its value. It's immutable. An IDE should be able to find all uses of it, or there's always 'ag'. If you really want that coupling behavior, change the interface of the thing you're calling to require conformance to a schema. The simplest way in Java is probably just by taking an enum instead of a string, but there are richer ways (especially outside of Java) worth looking into if you're needing a string value eventually in the implementation since you'll run into the other Java-ism of making a complicated enum class instead of just using enums like keywords with their string value being their actual name value.
I've been using graphql recently and I have found it very productive.
Providing a lot of flexibility to the client when querying the server eliminates a lot of server side work that would normally be required in order to implement new user stories.
It does require a bit of a mindset change so I am often having to force myself to try doing things in a different way to my first assumption.
If I want to get all levels of an arbitrarily nested tree, I just query for all of the objects that are in the tree in a flat array and then reconstruct the tree on the client side using the parent/child Ids.
This is similar to what I would have to do server side if I were using SQL to get the data and then processing it to return a tree in JSON.
If I know how deep the tree will be (and it is only two or three levels) I query it directly with graphql
