Posted on 01/27/2016 5:44:27 PM PST by dayglored
It lights you up like a Vegas casino, says compsci boffin
Usenix Enigma Although the cops and Feds wont stop banging on and on about encryption - the spies have a different take on the use of crypto.
To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't even have to see the contents of the communications - the metadata is enough for g-men to start making your life difficult.
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."
Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data.
Given that the NSA has taps on almost all of the internet's major trunk routes, the PGP records can be incredibly useful. It's a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities.
Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata - since almost anyone using it identified themselves as a potential terrorist.
"It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus."
Given all the tools available to the intelligence agencies there's really no need for an encryption backdoor, he explained. With the NSA's toolkit of zero-day exploits, and old-day exploits, it's much easier to root a target's computer after identifying them from metadata traffic.
With all these tools it's not hard to see why the intelligence community isn't pushing hard for an encryption backdoor, or actively opposing it. Last week, the NSA boss Mike Rogers came out against plans to bork encryption for the police:
"Encryption is foundational to the future, so spending time arguing about, 'Hey, encryption is bad and we ought to do away with it,' that's a waste of time to me," he said. "Encryption is foundational to the future, so what we've got to ask ourselves is, given that foundation, what's the best way for us to deal with it?"
Ya gotta love it. Or something like that....
Hence the importance of deeply embedding strong encryption in all communications, as Apple is doing. Normalize the usage such that simply using it isn’t sufficient grounds for inferring anything about the user.
There are some who use Mixmaster or Cyberpunk. The NSA may know where the mail originates, but they don’t know where it is going or who reads it.
I believe Apple is doing the same, correct, thing in that regard.
Thus the need to put it everywhere by default or at least widespread. Not that I’m hoping terrorists should be able to hide (except that the Feral goobermint considers anyone normal a terrorist), but privacy is a basic human right, Robert Bork be damned.
Article awhile back mentioned something about Tor having been taken over by the feds?
Poetic justice -- after all, they invented it. No, they didn't "take it over", they just figured ways to make it less than perfectly secure.
But yeah, they set up a few false exit nodes and played games.
TOR is still pretty solid for most uses people put it to.
Ah.
Not the feds, and just a Tor node. Previous thread here:
http://www.freerepublic.com/focus/f-chat/3219311/posts
I thought that was a different compromise. I think I recall reading that our spooks had set up one or more false exit nodes; don't recall if they were injecting malware for spying or not.
But I've been confused before... :-)
The feds have been using fake Tor nodes (and fake cellphone towers) for some time now, thanks for the reminder.
Two different themes. One was a site deliberately injecting malware through a fake Tor node, the other a history of fedgov-controlled fake Tor nodes over the years for the purposes of spying and trackin. Neither validates any claims that Tor itself is compromised.
M4L TOR
what exactly is wrong with PGP?
please e specific.
don’t just say it sucks, or has a backdoor.
my understanding is that the
PGP sourcecode was open,
or maybe that was a long time ago.
The theory, if my memory of 20 years ago is still good, was that encryption use should be universally adopted specifically to keep use of encryption from flagging someone as suspicious.
As it is, it’s the digital equivalent of driving a candy-apple red Ferrari; whether you speed or not, every cop’s eyes are on you. (BTW green Ninjas work the same way at a somewhat lesser cost).
I'm assuming if this is being made public that the bad guys already know... Shame... it's a great system allowing people to self identify as terrorists - or people with 'something to hide'...
It's odd then that Edward Snowden insisted on communicating with the Guardian's Glenn Greenwald using PGP. Link goes to Huffington Post.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.