• Snowden

    by  • July 3, 2013 • Everything Else • 16 Comments

    jobs-big-brother

    Come to the Stacktivism conference in London, July 13, to discuss infrastructure and political control.

    The history

    We all knew this was happening.

    Anybody who worked in computer security looked at the NSA’s budget and the falling cost of hardware and simply said “they’re storing everything.”

    There had been evidence before. The secret rooms in the telecom company data centers which piped data straight to the NSA, for example. But something about Ed Snowden’s presentation, the straight-from-the-horse’s-mouth documents, the banality-of-evil Powerpoint presentations, completely with their dreadful graphics and strange codenames, then the international circus as Snowden scoots across the map of America’s enemies before getting parked in Limbo in a Russian airport where he could spend months (or decades.)

    Whatever it is, something in the drama caught the public imagination. Even with D-Notices and the usual American news blackout, the centre of gravity of the internet has shifted.

    America are no longer even slightly plausibly the good guys. They’re using the internet against everybody – their own citizens, their allies, the European parliament. They’re storing everything. Snowden’s video describes how they could go back over years of your activity, your email and phone calls, and find something, anything to prosecute you for if they chose to.

    Lest we underestimate the severity of this threat, consider the history of COINTELPRO, a blatantly illegal FBI program to suppress a wide variety of groups of poltical radicals in the 1960s, including the American Indian Movement, the Black Panthers and the Peace Movement. We will never know the full extend of the damage done by COINTELPRO, but many lives were shattered. If you would like to think this is all a shadow of times past, consider the current scandal of UK police officers fathering children with activists while in “deep cover” identities to spy on them. Governments which are abusing their power in these ways, without providing any realistic framework of political accountability when due bounds are exceeded, simply cannot be trusted with the kind of power that the new NSA/GCHQ toolkit puts into their hands. If you need evidence of that, consider the murky networks that snared Anonymous and Pentagon risk management for large scale economic collapse.

    All this used to be conspiracy theory. It is now a matter of public record. Although given the NSA’s tendency to lie under oath to Congress what is really going on is anybody’s guess.

    Lawyers, Doctors and Accountants

    I want to draw attention to one very specific area of impact: the role of pervasive government surveillance in the lives of professionals who require client confidentiality in their work. The three most obvious examples are lawyers, doctors and accountants. In most nations, communications between the professions and their clients are legally protected: attorney-client privilege, medical confidentiality, and accountant-client privilege.

    Here’s the problem. In the UK and Europe, any email communication can be rationally expected to be monitored by the American government. Can professionals be secure in their relationships with their patients with a foreign power reading their email? If – if – the surveillance was being carried out by the government of the country the communication was conducted in, perhaps it would be possible to claim that the privilege of confidential communication had simply been withdrawn from the professions. But Germany has 500+ million emails spied on each month by the USA, completely violating its sovereignty and the basic rights of German citizens.

    Are German doctors, lawyers and accountants simply to stop using electronic communication because it is no longer confidential? Surely this is a situation for the Pirate Party to pick up?

    People like Mark Zuckerberg say that “privacy is dead” but try telling that to lawyers, doctors and accountants. Our society cannot function without professional confidentiality, and having foreign powers be presumed to intercept all communications is simply the end of these professions as we have known them. There’s no trusted advisor to consult with when it’s all ending up in the Utah data centre to be consulted in future decades under administrations with unknown political agendas.

    hague

    Looking forwards

    Were we ruled over by benevolent intelligences flooded by wisdom and compassion, overflowing with the milk of human kindness, these powers would be corrupting. But we are ruled over by organizations which have maintained Guantanamo Bay and the Black Sites, which have engaged in campaigns of political assassination by robot airstrikes to prosecute their wars, and who have wrought havoc on the world with a series of ill-dignified wars.

    I had hoped that America would recover after 9/11 and slowly rebuild its Constitution in government by closing Guantanamo bay, pushing the intelligence services back within constitutional bounds, and returning to the richly-deserved peace which came after the Cold War ended. Instead it is clear that the inmates are running the asylum, and even a President with the best of intentions can be co-opted by the logic-of-necessity into complete complacent collaboration with blatantly unconsitiutional action on a vast scale.

    The language used to justify these actions is the language of fascism.

    If you are a law-abiding citizen of this country going about your business and your personal life you have nothing to fear about the British state or the intelligence services listening to your phone calls or anything like that. – William Hague

    To this I have only one reply: the Assange Doctrine is simple.

    If you are a law-abiding government of this country, faithfully representing the people, you have nothing to fear from leaks or anything like that.

    How does that seem to sit with government these days? Poorly, because the leaks and the surveillance are two halves of a whole: leaks are how citizens spy on their government, and the NSA/GCHQ are how governments spy on their citizens.

    This is a brutally destructive equilibrium. It cannot be allowed to continue.

    This is simply insanity: the culture of distrust cultivated by constant surveillance and constant leaking is simply a 21st century Police State with a looks-both-ways Panopticon. It’s a total mess.

    Instead of rule of law, with reasonable transparency and oversight by courts which take the law seriously, depriving leakers of legitimate grievance, we have what amounts of a covert surveillance battle between the state and the people over the basic right of the people to understand what their government is doing. To have both sides, government and people, making a mockery of the rule of law in the name of the rule of law is not the answer. The rule of law alone stands.

    The whole point of this edifice is to maintain the fundamental bones of our civilization, the rule of law, and the supremacy of the courts over the political personalities of the day. If the USG had the NSA operating within due constitutional bounds there would have been nothing for Snowden to leak, and any leak he made would have been an indefensible breach of national security, unjustifiable by any argument as in the public interest. Snowden would likely have been a competent public servant for all of his tenure.

    As it is, the revelation of blatantly illegal action on a huge scale is a simple proof that intelligence services without reasonable oversight simply drift further and further into insane and cannibalistic action: Nixon and Hoover have proven beyond all reasonable doubt that every level of the American government requires continual oversight to function within Constitutional bounds.

    Shifting alliances

    I don’t know what happens next. Snowden has shone a lot of light into a very, very dark corner, but there are vastly worse corners which are still in darkness.

    There are three main factions of response to the new reality in which we operate. They are

    1. Germany pushes back using international law against US intrusion into its sovereignty. The US likewise.
    2. Civil Libertarians push back within the court system in America and the UK asking for answers, real oversight, and civil rights.
    3. Cipherpunks now push end-to-end encryption of all messages as a basic civic duty by which we attempt to protect each-other from the State gone wrong.

    The hardest part of all of this is going to be keeping all of these groups cooperating and moving in the right direction. The Germans, of course, want data retention and the right to spy on their own citizens, as most EU countries do. They will be quite unhappy with the cipherpunks. The civil libertarians are quite distrusting of encryption as an end-run around the legal system, a technical implementation of a civil right that could be over-turned by superior technology: a worthy argument, but let them change the law to comply with the Constitution then complain about crypto. Finally, the non-state wing of the cipherpunks view international and national action as a distraction: the system cannot be fixed, the guilty cannot be punished, and the only available approach is to remove the power of the State to do what we do not wish it to: a digital insurrection.

    The desperate need right now is for orientation to the new reality that Snowden’s actions have exposed. The old map of superpower alliances may be toast, with China, the EU and Russia allied against the US in at least basic security concerns. The black-clad paranoids of the hackerspaces are now fully vindicated, and preparing GPG and OTR for mass adoption is now an urgent step. Finally, the ACLU & co are now, without a doubt, completely vindicated – but can they actually close with their targets, or will they be intimidated and fobbed off by corrupt courts?

    It is all to play for, but discard your old map and do the analysis from scratch. There is much more going on than the old models predicted. Gods help all of us as we reorient and reintegrate, and take action to survive.

    Disorientation is normal. Go about your day, citizen!

    flattr this!

    About

    Vinay Gupta is a consultant on disaster relief and risk management.

    http://hexayurt.com/plan

    16 Responses to Snowden

    1. Michael Garcia
      July 3, 2013 at 3:41 pm
    2. zac
      July 3, 2013 at 4:29 pm

      this is one of those weird zizekian situations where everyone pretty much knew what the nsa and the surveillance state in general were doing, but it was tolerable, as long as they didn’t just admit they were doing it, and we could pretend that we didn’t know. now that the average person can’t pretend they don’t know, and the media and politicians are forced to just say ” yeah, you’re a bunch of dupes and cretins and you sold out your liberty for some dubious security, you already knew this, shut the fuck up.” but no one really wants to admit that’s how it was and is, so it creates a very volatile social climate. making the invisible visible is a very risky proposition.

      same on the international relations level. every state knew this was going on, and were probably engaged in it themselves, to whatever level they could manage. but maintaining norms of diplomacy and somewhat stable relation requires everyone to pretend they don’t know. forcing all these state actors into a position of openly acknowledging what they were trying hard to pretend they didn’t know ( for the sake of what threadbare global political equilibrium there was), is also very dangerous. dropping the mask of civility is often a prelude to war.

      I admire snowden’s conviction, of course, but his naivety in this situation is shocking. he wasn’t revealing secrets so much as shining a light on everyone’s moral and psychological degradation. it’s like going on tv and announcing that everyone’s parents have been sexually abusing them. everybody already knew it, and almost nobody was willing to admit it, or assimilate the ramifications. but what happens when you tear the rug out on what precious illusions were holding society in place, even if those illusions were morally depraved? dangerous situation.

    3. Pingback: More Scary Shit from Vinay Gupta « chris @ hive13

    4. July 4, 2013 at 7:58 pm

      Vinay, spectacular analysis as to what the stakes are. Really, very nicely done.

      Your solutions on the other hand are weak, sorely lacking in fact.

      Direct action and dual power (including agorism) are the most promising strategies for restoring a rule of law.

      Germany may protect itself from US spying but it can still spy on its own people and on those of other nations, as you mentioned.

      Lawyers can sue until they are blue in the face but when the people you are suing have monopoly control over the courts, that will only get you so far.

      Encryption is huge but it is just an arms race and a delaying tactic – an inconvenient one to boot. Alone, it is simple a defensive tool that aims to stem the tide.

      With direct action and dual power, we build countervailing centers of power right now to solve our most pressing problems ourselves with the longer-term strategy of growing more powerful than the bad guys out there.

      Please consider it seriously.

    5. Pingback: Enemy of the State? Privacy? | Island in the Net

    6. July 5, 2013 at 10:40 am

      George, I’m not proposing solutions. I’m simply observing what I think people are going to do, not recommending.

      On Agorism, I’m going to quote Stalin on this one: “The Pope? How many divisions has he got?” http://www.goodreads.com/quotes/715297-the-pope-how-many-divisions-has-he-got

      Right now, it’s not at all clear to me that

      1) Agorists are substantially distinct from the cipherpunk community

      2) They have a real plan for dealing with this

      Idealism is dangerous. The experiments are vital, any one of them could suddenly spark a massive cultural change, in the manner of Rosa Parks. But equally well it could amount to nothing at all in the long run.

      Mixed strategy. The big social power blocs do what they can, the agorists do what they can, we hope *something* works. But I’m still not comitted to a path of action here, I do not think I have identified a viable strategy for myself yet. I’m waiting.

    7. July 5, 2013 at 12:24 pm

      This is one of the first genuinely honest summations of the post-PRISM world I’ve seen thus far. Perhaps the only honest one. We are in a new world, and anyone who claims they know how this plays out is full of shit.

      Yes, those of us “black-clad” cryptogeeks had known all this stuff all along, and screamed ’till hoarse that it was a serious threat. We all failed, spectacularly so, to get anyone to care – well, maybe we somehow collectively convinced Snowden (and Glenn Greenwald), and that did the trick. Whatever the case, the fact that we knew these things were going on wasn’t directly impactful.

      Then Snowden hit, and hit hard.

      Right now, those of us who have lived under the threat of massive state surveillance – because we’re members of minority groups subject to officially-sanctioned harassment, persecution, and violence – are in an uniquely good place to provide guidance on how it feels to be in the crosshairs of a vastly powerful antagonist with unlimited resources, the “law” at its bendable beck and call, and an unpredictable, diabolical enjoyment in hurting others.

      Now, we’re all – metaphorically speaking – part of a persecuted minority. Those of us who have survived that experience already, and indeed learned to fight back against it, are useful purveyors of local knowledge (as Geertz might have said).

      I will avoid deploying the blue/red pill symbolism… mostly because it’s so obviously applicable that there’s no need to cite it overtly. We’ve all been force-fed the red one, and those of us who got that pill shoved down our throats years ago – or a lifetime ago – can empathize. Mostly. Because, actually, if you grew up in a persecuted minority and always knew that “they” hated you and wanted to do you harm, you simply grew up taking those truths as self-evident: all (normal) men are created equal… but those of us who aren’t normal are created to be targeted by everyone else. If you always knew that was true, it never seemed surprising to find out the target was you.

      But the rest of you… how it must feel strange. You thought the state was on “your side,” that the “rule of law” protected you from systemic abuse and dragnet surveillance. You throught you were safe, basically. But you’re not. None of us are – we’re all in the same boat, and the boat’s taking heavy fire from a massive aircraft carrier with ammo to burn. It’s an unsettling role to find oneself in, eh? Welcome to the SS Target.

      This is now best characterised as a guerilla struggle. The state – the State – is its own power nexus. It has its own interests, and pursues its own agenda. Everyone else splinters into a fractal penumbra of communities, clans, cliques, and blocs. Some of us will continue to work towards self-sustaining, buffered détente with the State and all its erratically-applied power – we’ll mould and sustain our own Temporary Autonomous Zones within the context of this no-context of ubiquitous State surveillance: Sauron’s burning eye, always and forever watching everything.

      Except Sauron has blind spots. Some really important ones – fatal ones, perhaps. It’s the persecuted targets who understand those blind spots best, because they’ve always served as our TAZs – they are where we survive and thrive.

      Collectively, put enough TAZs into motion – inhabit enough blind spots – and the all-seeing eye spins itself into a frantic, fatal downspiral of blind omnipotence: it can see everything, but it’s the nothings that matter… and the nothings all add up to something, if there’s enough of them. That’s the meta side of things: the more we all splinter and decohere from the monopolistic socio-cultural construct of Modern Western Capital-Democracy-Ism, the less there is to server as (cheap) fodder for the spy machine’s gluttony.

      So, I predict this: there isn’t one “response” to the post-PRISM reality. There’s an infinitude of them. How they integrate, collectively, into a meta-systemic evolution is something no human mind can claim to have the computational – and/or mathematical – howerpower to predict. What we can do is do our best to make good local decisions, and steer towards local decisions that seem likely to weaken Sauron at the margin. Reverse the first differential, and perhaps the volume under the graph is enough to tip the all-seeing eye over… or perhaps just leave it blind to everything that matters and merely staring endlessly at itself in the mirror.

      We told you so, and it it brings none of us glee to say so. We feel no genuine schadenfreude in watching Normal folks struggle to make sense of how they went from privileged insiders to suspicious targets – it hits too close to home to see all of you struggle with that shift in perspective. We know it too well, ourselves.

      One binary dichotomy does seem clear: there will be a self-binning that occurs, separating those who sit passively and allow themselves to be surveilled into a permanent panopticon, and those of us who fight – dodge, weave, subvert, disinform, dissent, distract, detune, denature – the newly-exposed surveillance machine. The self-selected victims will shamble peacefully into the abbatoir’s dark mysteries… indeed, they welcome the warm embrace of total submission to absolute, unyielding power. The rest of us, we’ll do what we’ve always done: outsmart the juggernaut, outwit the dinosaurs, out-create the sterile destroyers.

      Because it was the quick little cooperative social rodents that survived the cataclysms that brought the powerful and well-entrenched dinosaurs to oblivion. The rodents that couldn’t ever face the dinosaurs in direct conflict, but could sure as hell make it expensive and frustrating and ultimately futile to CATCH them.

      We’re the modern rodents, and we’re already well along the path towards a state of #UnPRISM. Some will see the path we’re uncovering, and some will help us expand and extend that path… the rest will sit helplessly and feel the shackles tighten – permanently – around their necks. Bless their impotent little hearts, they’re not even smart enough to know they’ve been outsmarted.

      The rest of us… we’re already on the move.

    8. July 5, 2013 at 5:42 pm

      Nicely written, and a very good statement of the case from that perspective.

      Never forget how large the NSA budget is. Crypto AG, and the sale of Enigma machines to Commonwealth countries after WW2 are extremely important indicators of how the game is played – the best encryption is the encryption your target believes to be secure, but which (in fact) is not.

      The implication is that general adoption of civilian cryptography along current lines is probably not helpful: I very much doubt it actually blinds high level investigations, and when paired with insecure endpoints (your computer is not _that_ secure) does not make you truly safe.

      We are going to have to start from scratch with capability-based operating systems to produce computers which are capable of resisting persistent attack. There is no reasonble way to secure Unix: a bug in any program that talks to the network can result in an identity leak, and there are far too many untrusted and unaccountable contributors. Security review procedures are lax: it is not in any way, shape or form ready for the challenge.

      Simple devices running secure operating systems which are used for encrypted communications are the way to go. General purpose computers with flexible, powerful operating systems cannot be meaningfully secured.

      Pass it on.

      PS: let me also add this old post on Hakim Bey which I think you will find very relevant, Doug.

    9. July 6, 2013 at 9:28 am

      I’d counter that the best cryptography is that which is publicly published, publicly researched, and entirely open. For an awful lot of nontechnical folks, there’s a temptation to assume that all crypto tools must be helpless in the face of NSA capabilities. It’s a “common sense” assumption that doesn’t track to the way the math works, and unfortunately it’s an assumption that can have some pretty serious negative consequences nowadays.

      Rather than re-hash those issues, I’d recommend a read of Bamford’s excellent Wired piece (http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/), which includes commentary from Binney on the progress the NSA is making in brute-forcing various crypto algorithms. To wit:

      “Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. “We questioned it one time,” says another source, a senior intelligence manager who was also involved with the planning. “Why were we building this NSA facility? And, boy, they rolled out all the old guys—the crypto guys.” According to the official, these experts told then-director of national intelligence Dennis Blair, “You’ve got to build this thing because we just don’t have the capability of doing the code-breaking.” It was a candid admission. In the long war between the code breakers and the code makers—the tens of thousands of cryptographers in the worldwide computer security industry—the code breakers were admitting defeat.

      So the agency had one major ingredient—a massive data storage facility—under way. Meanwhile, across the country in Tennessee, the government was working in utmost secrecy on the other vital element: the most powerful computer the world has ever known…”

      Anyway, he goes on and the story is worth reading.

      As to the power of open cryptographic algorithms and the difficult in intentionally backdooring them, I’m just going to defer to genuine experts such as Bruce Schneier (http://schneier.com), and Matthew Green (http://blog.cryptographyengineering.com/). Executive summary: properly implemented and with proper keylength, they work. Caveat: if/when the NSA gets quantum computers up and running and points them at prime number factoring, all bets are off. This is not a trivial caveat, but the details are beyond the scope of this little comment, alas.

      More generically, I’d point out that doing dragnet surveillance on encrypted comms streams is qualitatively more complex and expensive than doing so on plaintext. This should be self-evident, but is worth reminding. if Alexander the Geek throws 1000 PhD penetration specialists at your iMac and it’s VPN connection, then you’re probably in trouble (especially if Apple is giving 0days to the NSA in advance, like Microsoft). However, the NSA’s current budget cannot support doing that for a few hundred mullion folks simultaneously – or even a million. In fact, it’s not possible to scale that to any degree whatsoever.

      It’s about the ability to scale.

      As to the backstory on Bey… yes, familiar with that. I’m simplistic enough to believe that the _motivations_ for a writer’s work are not synonymous with the value of said work. Is it interesting to know the former? Yep, I do think so – illuminating, even. However, perhaps there’s too much technologist in me – were we to find some clever code that had been written by someone to do evil, but which can be quite viably be used to make good things happen… it’s not really a subject of debate whether it would be “right” to use the code. Ontology is not morality.

      That said…

      In the anti-surveillance profession, we routinely make use of techniques developed by all manner of targeted populations in their efforts to evade persecution. Definitionally, those are the folks who think long and hard about evasion – and whose lives, in many cases, depend on whether the techniques work. For example, anyone who works in OpSec and doesn’t study IRA OpSec procedures for preventing infiltration by hostile forces is either an amateur or a fool. Or both. Does that mean we’re signing on to the IRA’s political position, or strategic choices, or moral considerations? Nope. (nor does it mean we’re not) Obviously, right?

      I choose to learn from the best places to glean knowledge. And, yes, I’ve learned some very useful bits of wisdom from some really dark people – some whilst in prison, some on the outside. Some were “genuine” criminals, and some were badge-carrying members of law enforcement. It’s the nasty ones who are often most clever – sad, but true. In my experience.

      Finally, as to whether one choose to recognize a particular minority population as “legitimate” or not… that’s such an arbitrary – and unstable – categorization, if we look back historically. Fifty years ago, every organ of western culture agreed that gay folks were sodomites, monsters, sick, depraved… this was not controversial, this was “fact.” Anyone who spoke of the “gay community” would have been transgressing all sorts of extreme cultural boundaries. There is no such thing! The sodomites are a menace and must be stomped out. Any writer identified as such was ostracized, harassed, blacklisted. This was “right” because, of course, gay folks weren’t part of a “legitimate” minority group.

      Now they are.

      At what point in that narrative did the categorization shift? Who made the decision? Did we apologize to the folks who were treated as sick monsters for being gay – but who are now members of a protected, legitimate minority now? Who would make such an apology?

      That’s important because, for every group whose actions cause actual measurable harm to actual sentient beings (like active pedophiles, or like managers in factory farms), there’s a dozen more groups who are persecuted for nothing tangible apart from the fact that they’re persecuted. See also: Roma, for example. The rule is the latter; the exceptions are the former, where real harm is well-documented and beyond substantive debate.

      Back in the Inquisition (or the three separate Inquisitions, more accurately), large swaths of the human population in Europe were at risk of being branded as minority sects worthy of torture and death. Some were sexual minorities (gays, or zoophiles, or basically anyone outside the heterosexual bubble), some were political minorities, some were religious minorities whose putative heresies were so abstruce as to seem, from our perspective, impossible to understand. Which of these groups “deserved” to be persecuted or tortured or murdered? Which were “legitimate,” and which were not? These questions don’t have such clean answers.

      My own read of the historical literature leads me to conclude that mainstream social hegemony has a really bad record of choosing the “right” minority populations to persecute. That some such persecutions are defensible is true; however, the rate of false positives is terrifyingly high. And yes, being myself a member of a minority group that is in the amorphous liminal zone between being officially persecuted and officially accepted as “legitimate,” my own view on this is likely coloured by my place in the world. That colouring might make my opinions suspect… or perhaps they make them particularly salient.

      Because, as I’ve said before, now everyone is part of a “minority population” subject to persecution by the State. And it’s not just us “approved” targets that get the special treatment… it’s everyone else, too. It was fine when only “people like me” were targeted by aggressive surveillance (irrespective of actual harm, or not; per above) – now it’s not so fine, when the category has grown asymptotically.

      You won’t find anti-surveillance expertise by chatting with white, middle class, protestant, straight, boring Americans. They might be wonderful folks… but they don’t know shit about how to protect themselves from the NSA. Those who think they can stick with the white-gloves crowd and still manage to protect themselves against PRISM and other such dragnet surveillance are in for an ugly wake-up call.

      Thanks for the discussion; it’s been fascinating, informative, and – astonishingly, for “someone like me” – respectful thus far.

    10. July 6, 2013 at 1:44 pm

      Yes. I mean, your reputation puts you *clearly* “beyond the pale” but, frankly, I’m sure you’re right in your own mind, and it’s given you the same kind of intellectual honesty as Hakim Bey has: you’re living this stuff because you’re a dissident of a kind that may never be accepted. I can respect that, while extremely clealry not endorsing it. No further discussion of the context needed.

      I don’t doubt that at least some of the crypto algorithms are currently secure. The problem is that we don’t know which ones, and the best of them may well not be public. For every blunder like the backdoored random number generator there may be four that aren’t detected. But that’s not where the real action is. Even if we assume those algorithms are often secure, it’s not the same as having secure channels.

      The real action is endpoint security. Microsoft’s been leaking zero-days to the NSA. Apple’s likely reached a similar arrangment, or has holes that haven’t been fixed. Linux likely leaks like a sieve – half a dozen well-placed subtle bugs could ensure access for years, and there are multiple examples of rootable bugs remaining undetected for years. Take a static analysis tool like MAYHEM and imagine what the NSA’s version looks like?

      The conclusion I draw from that is that any keypair kept on a network-connected device should be presumed compromised until proven otherwise. I do not think there’s any reasonable way around that conclusion for persons-of-interest, although the general public might argue that their boxes, while insecure, probably haven’t been rooted yet.

      But how much work would it be, really, to simply robo-compromise every machine generating GPG-encrypted traffic and lift the keys? Assange tells Schmidt that end point security is their biggest problem.

      I don’t think anybody should presume their endpoints are secure. If Wikileaks couldn’t manage it… who can?

    11. July 6, 2013 at 1:53 pm

      GODS HELP US INDEED! AND INDEED THEY DO!

    12. Pingback: Links 4/7/2013: Release of Fedora 19, Drone Strikes Resume | Techrights

    13. Pingback: The banality-of-evil Powerpoint presentations — Unità di Crisi

    14. July 17, 2013 at 10:48 am

      There’s a quantitative/qualitative issue here.

      Endpoint security is imperfect, that’s true. With sufficient resources, an attacker can punch a way into almost any network-connected device. Almost.

      However, that’s _qualitatively_ different from the low-friction hoovering up of trillions of records of unencrypted/plaintext data, as PRISM does. That massive-scale data collection works because each bit is essentially free to capture and store.

      There’s no such thing as point and click attacks on endpoints. Some automated tools will be able to hit common vulns (see Metasploit – and assume the NSA has a badass version of something similar)… but there’s a stochastic mix of stuff on every endpoint machine: OS, network stack, apps, physical adapters, etc. It’s not automate-able fully, and never will be. Too much variability.

      A decent tech – or even a skiddie – can sit at a monitor and click through alot of it… but coding an expert system to do that would be an unprecedented challenge at the Comp Sci level – and a moving target, of course. That’s not practical. What is practical is throwing bodies at this: “offensive” specialists, which the NSA is indeed hiring and/or training by the thousands (as are the Chinese, Russians, Mossad, etc. – everyone). But…

      Even ten thousand offensive specialists – overgrown skiddies with NSA toolsets at their disposal – are a drop of piss in the ocean of endpoints out there, which numbers in the billions nowadays. So full coverage is impossible. Even 1% coverage is a pipe dream. So the offensive guys go after selected targets – and they are good at it.

      The winnowing to “selective targets” is the key step. That’s not dragnet, That’s more a Hoover-style blacklist. We know about that stuff – it’s not new. Dragnet, mass surveillance is new, and unprecedented. Those are qualitatively different.

      And as much as we might hand-wring about secret *nix ECC backdoors, here’s the brass tacks: Julian can protect his endpoints against anyone. It takes some work, and Julian’s an old-time coder himself… but give him the tools and access to repositories, and he can build an endpoint that doesn’t break. As I can. As can anyone with a certain level of competence – and motivation. And it’s asymmetric: Julian spending a week building a tight little Linux distro on some cheap hardware would take a team of dozens of uber-genius NSA offensive specialists to even have a hope of sneaking into successfully. It become asymptotically infeasible – impractical, or outright unlikely to work.

      What’s funny is the huge gap between an open OS with basic security tools installed, and a Windows machine – that’s a multiple-order-of-magnitude jump in baseline endpoint security. The former might still get pwned, perhaps… but the latter is an open door. Close the open doors, that’s all – and that changes the cost/benefit metrics enormously.

      Anyone who thinks automating attacks on multi-platform endpoints is trivially easy likely hasn’t done much scripting. The one thing mammalian brains do alot better than binary processors is deal with wide variability, uncertainty, and novel combinations. And endpoints have all that.

      That said, there’s a sad dearth of commercially-available hardware/software endpoint combos – “secure computers” – that a non-geek could buy and use. Geeks can build our own, but everyone else is left with not much in the way of options. That’s dumb, and must change. I worked on a project to build & configure secure PCs back in 2007… but nobody bought them. I suspect the world has changed in that regard, although it’s not PCs any more: it’s smartphones & tablets.

      Which is, in fact. http://cleanphone.is – not much publicly yet, but under the waterline he’s paddling furiously…

    15. July 22, 2013 at 6:19 am

      Schneier says succinctly what I was trying to say, above, with way more words:

      “On the other hand, the two adversaries can be very different. The NSA has to process a ginormous amount of traffic. It’s the “drinking from a fire hose” problem; they cannot afford to devote a lot of time to decrypting everything, because they simply don’t have the computing resources. There’s just too much data to collect. In these situations, even a modest level of encryption is enough — until you are specifically targeted. This is why the NSA saves all encrypted data it encounters; it might want to devote cryptanalysis resources to it at some later time.”

      (cite: http://www.schneier.com/crypto-gram-1307.html)

    16. Pingback: The banality-of-evil Powerpoint presentations — Unità di Crisi

    Leave a Reply

    Your email address will not be published. Required fields are marked *