Encryption can be circumvented. It's hard, but doable for a state, when it targets one high-value suspect. But if everything is encrypted, they can't go "big data" on it and collect everything about everyone: if proper encryption is generalized, spying doesn't scale anymore.
Big companies' ability to break the encryption between them an you is irrelevant: if they're the legitimate receiver of the communication, they can offer the plain text directly to governments.
The ability for a third party to break the secrecy between two individuals has a pretty good solution though, and that solution is local encryption + open source. It makes it very difficult for states to compromise the scheme, and every time they use this ability, they're at risk of having their exploit discovered, and going blind again. They'd only use information gathered that way for legitimate national security reasons, and will never show it in a court for instance. A discovered 0-day exploit in OpenSSL or GPG isn't as easily replaced as one in Flash player.
The biggest potential impact of Snowden's revelations is that now, any security scheme relying on trusting a third party companies has to be considered unacceptably weak, at least if you mind governments--or companies sponsoring politicians--reading everything you exchange.
TL;DR: encryption isn't the absolute weapon against illegal spying by governments, but it helps making it extremely difficult, expensive and unscalable. Which is good enough a reason to promote it in addition to political action.
I think the take-away from this article is that the political/legal environment is part of implementation detail you need to consider when considering a "private" communication mechanism.
No crypto-system is truly secure unless BOTH sides can be trusted. If either one is even remotely possible to compromise, then that willhappen. In the case where one of those parties is well-known and has something to lose, you can be certain that the powers-that-be will focus their attention on that party. (nb: Skype)
SO yeah, crypto en masse will make casual collection harder, but it's not even halfway towards what is needed. There has to be an awareness of the downside to reduced privacy that can be tangibly grasped by the populace otherwise we're all pissing in the wind. Any crypto-system that requires anything approaching trade-craft on the part of the user is probably going to fail miserably.
I was fresh out of the military when the USG was proposing the widespread deployment of the "Clipper" chip that included key-escrow as a fundamental feature for LEA access to keys. That failed, but I would not be surprised to hear that we got it anyway through quiet "arrangements" with major crypto-system equipment/software providers.
Have YOU inspected your CPU/Firmware/OS/Applications for backdoors? Even with the full source code?
It's a hard problem and requires a lot more than just neat technology to solve. In fact, it probably can't be solved with technology at all.
Completely agree. Anybody recall the TPM? Security is pretty much turtles all the way down.
Encryption isn't going to help stop a guy with a stick from beating the information out of you. A functional state, however, can help prevent such things from happening.
Not to mention backdoors in routers/cable modems and god knows what else. Every carrier is preloading in spyware to SIM cards now too, wait for that big revelation soon. They can already track you with their program that responds to type 0 sms and now they can OTA update your SIM to run voice capture, sms capture, store accelerometer data for decryption use, turn on the mic and listen in or turn on the camera.
Exactly. There was revelation in a recent court case that the feds had the ability to turn on and listen in on conversations from your cell phone that you thought was off.
Or consider "secure" to mean that your identity remains private if you so wish. One could certainly create a crypto system that binds an actor to an act without any end-points learning the identity of the actor, but still allowing the actor to take credit if they so wish.
Of course we have a form of Clipper through such agreements. Lotus Notes had a secret key escrow mechanism that was discovered in the '90s. It is very unlikely that Notes was the only supposedly secure product with secret arrangements with law enforcement and/or intelligence services, and it is even less likely that the pace and intensity of such arrangements has declined since then.
On the other hand, Edward Snowden thinks he can secure information effectively from attempts to crack it. He probably had practical knowledge of the day-to-day capabilities of the NSA when he worked there. There is no reason that most everything that you and I store and transmit can't be equally well-protected.
Snowden also admitted if they are personally targeting you it's game over unless you're a master of tradecraft and encryption. If you have an unencrypted bootloader then they can break into your hotel room while you're either sleeping (or drugged) or not around and evil maid attack. They did this in Dubai already to a Ukrainian fraudster they were after.
They could also just plant bugs/cameras and watch you type in passwords, or rent the room beside you and set up Van Eck/TEMPEST equipment. They could mess with the power socket in the wall to do encryption analysis as well or replace your powerbar with an evil bar.
You would need guards to watch your room, a SICP tent and TEMPEST proof NATO standards laptop, OpenBSD to softraid encrypt the discs leaving no bootloader (or carry around the bootloader on a usb or CD), and you would have to custom manufacture the equipment yourself in Taiwan to ensure no backdoors and pick it up in person, or manually solder in hardware firewalls to block signals from leaking out of proprietary blobs.
Half the article is talking about scalable attacks on encryption. For example: "To an intelligence agency, a well-thought-out weakness can easily be worth a cover identity and five years of salary to a top-notch programmer. Anybody who puts in five good years on an open source project can get away with inserting a patch that 'on further inspection might not be optimal.'"
I agree we should continue this arms race but I'm a little less confident than I was before reading this article.
It's true they can't reveal exploits in court, but that matters less and less. If they decide they don't like you there are all sorts of other ways they can screw with you.
> a well-thought-out weakness can easily be worth [a lot]
Indeed, but my point is, in addition to be worth a lot, it's difficult to implement, and it's very fragile. Every time they use it, they gamble its secrecy, hence its effectiveness. So they won't use it for petty reasons, only for genuine national security matters.
The problem isn't that NSA works on ensuring national security: it's that the scope of what they consider national security, and thus justifies extra-legal measures in their eyes, grows unreasonably, becoming a threat to the robustness of democracy.
A spy agency's ideal environment is totalitarian, not democratic. For a starter, they're scared of free speech and accountability. There must be counter-powers, cancelling their natural tendency to push towards totalitarianism (this is in no way specific to the USA).
> If they decide they don't like you there are all sorts of other ways [than courts] they can screw with you.
Yes, but those ways don't scale. You can screw with a couple of people you dislike, but not with hundreds or thousands of people simultaneously.
The problem isn't NSA. It's the President(s) and Congress who define the scope. Call me naive, but I think that most of the folks at NSA, even many of the leaders, are patriots who believe that they are protecting their country.
If you believe that politicians control the bureaucracy rather than the other way around, then I respectfully disagree.
Bureaucrats have expertize, inertia, the ability to sabotage many things, long term stable positions, and care about how things actually are, rather than how they look to the average voter. In many cases, including this one IMO, politicians have the appearance of control, but very little actual latitude in practice.
For better or worse, I'm intimately familiar with the strange working of bureaucracies. Obama's presidency is a textbook example of a politician being consumed by intertia.
That said, politically originated policy turned the FISA Court into a Star Chamber making Supreme Court type decisions, and broadened the scope of NSA's role from spying on the Russians to spying on humanity.
Politicians can curtail those activities as well, either by making explicit policy changes, or by defunding things strategically. It requires courage.
> "To an intelligence agency, a well-thought-out weakness can easily be worth a cover identity and five years of salary to a top-notch programmer. Anybody who puts in five good years on an open source project can get away with inserting a patch that 'on further inspection might not be optimal.'"
That is true, but it's true for every attacker, not just the government, which changes the situation quite a bit. There is a very strong incentive for security experts to look very carefully at every patch to, say, OpenSSL. Few things are better marketing for a security firm than revealing a critical hole in security infrastructure.
In fact, the high price of such an exploit on the black market works in our favour as well. Tons of black-hats are looking for holes, and when they find and sell one, the subsequent exploitation is bound to raise some red flags and eventually point white-hats in the right direction.
Basically, "You can fool all the people some of the time, and some of the people all the time, but you cannot fool all the people all the time"
"To an intelligence agency, a well-thought-out weakness can easily be worth a cover identity and five years of salary to a top-notch programmer. Anybody who puts in five good years on an open source project can get away with inserting a patch that 'on further inspection might not be optimal.'"
Suddenly, Dijkstra's insistence on developing the proof together with the program and providing it to any interested person doesn't seem to be the ridiculous idea that some people consider it to be, does it?
> Encryption can be circumvented. It's hard, but doable for a state, when it targets one high-value suspect. But if everything is encrypted, they can't go "big data" on it and collect everything about everyone
That's what they (NSA) actually are doing/trying to do right now, collecting everything about everyone and decrypting it later when/if needed.
I don't quite believe that the NSA can reliably perform a ciphertext-only attack on RSA or even AES.
As far as we know, integer factorization is still hard, so RSA is still secure, given large enough keys. There's Shors Algorithm for quantum computers but these are still very much experimental things and subject to research. Besides, building, maintaining and running one is incredibly expensive. I might underestimate the NSA here though.
AES has been broken in theory but the results have no real repercussions. A "break" is anything faster than brute-force, no matter whether it actually makes the process computationally feasible or not. In the real world it doesn't currently matter whether we search through 2^256 keys or have a complexity of 2^254.4. Both are vastly out of the reach of current computers. AES has been rated as "suitable for top secret". There is reasons to believe that the NSA uses AES themselves. Knowing about a ciphertext-only attack would put their very own secrets at risk. If such an attack exists, it will only be a matter of time until somebody else finds it.
There are other weaknesses in both these systems though, most of which are due to implementation and physical realities. Side-channel attacks are known for both RSA and AES as well as for SSL.
So yes, they might very well collect everything right now but unless they are many decades ahead of the rest of the world in terms of cryptanalysis, they can't do anything with the data for now.
I wonder how big a jump it would be to have some mandated service running on every machine, to sidestep increased encrypted Internet traffic? Still seems unlikely but I've been so surprised by the level of apathy by most to this that I can almost imagine it
Big companies' ability to break the encryption between them an you is irrelevant: if they're the legitimate receiver of the communication, they can offer the plain text directly to governments.
The ability for a third party to break the secrecy between two individuals has a pretty good solution though, and that solution is local encryption + open source. It makes it very difficult for states to compromise the scheme, and every time they use this ability, they're at risk of having their exploit discovered, and going blind again. They'd only use information gathered that way for legitimate national security reasons, and will never show it in a court for instance. A discovered 0-day exploit in OpenSSL or GPG isn't as easily replaced as one in Flash player.
The biggest potential impact of Snowden's revelations is that now, any security scheme relying on trusting a third party companies has to be considered unacceptably weak, at least if you mind governments--or companies sponsoring politicians--reading everything you exchange.
TL;DR: encryption isn't the absolute weapon against illegal spying by governments, but it helps making it extremely difficult, expensive and unscalable. Which is good enough a reason to promote it in addition to political action.