[QUOTE=retina;231507]Well why not. Any well funded group (your government adversary example) that is seriously intending to do great harm is not going to use public infrastructure to communicate. And if they did use public infrastructure without taking any precautions then they are just stupid and deserve to be caught/annexed/whatever. So it is no great loss of intel at all. Other techniques like infiltrators, bugs etc. have been used for a long time.[/QUOTE]I asked about COMSEC (and meant COMINT :redface:), not public infrastructure.

The other techniques you mention are a red herring. I did not ask whether they should be discontinued, I intended to asked whether COMINT should be.

I said nothing at all about "terrorrists", the buzzword of the decade. There are other groups which may, or may not, deserve monitoring.


Paul

The government rules about requiring public communication channels to have back doors and/or weak encryption is what I was referring to in the first post.

If someone wants to communicate sensitive information using public channels (i.e. an average Joe Blogger (JB) wants to make a business deal) then these spying rules put this information at risk. So JB decides to use encryption and finds the communication is blocked. Now what? How can JB be sure to send the information without the spies grabbing it and selling to a competitor? Therein lies the problem. Must JB resort to using steganography? The only solution I currently know of is to board and aircraft and waste an extra three days for something should not take any longer than a few hours.

[size=1]In case anyone hasn't worked it out yet, I face this problem right now.[/size] :sad:

[QUOTE=retina;231561]Must JB resort to using steganography?[/QUOTE]

Sure, why not?

You don't even need to go very far. Just encrypt something with gpg or your favorite tool and send the message through usual channels. If that won't work, devise your own word -> bit pattern lookup scheme and send strings of nonsense/chatspeek words that contain your message.

I can see a reasonably strong auditing argument for rejecting encrypted messages: a company might well want to be able to read everything that goes in and out, if only so that it can stand up in court and help demonstrate that nobody sent any emails about the Adobe takeover during the six-hour period before the offer became public in which Adobe shares rose by 25%

Yes, the prosecution will then ask for the protocols against non-official mobile phone usage and provide three witnesses that traders were routinely using their personal phones on the trading floor, but if you can't say that the emails are all logged then you've lost even earlier

If you're in a country so screwed that the local intelligence agencies are officially involved in private industrial espionage (that is, that providing evidence of the involvement causes the relevant authorities to take no action), you're already doomed. I don't think it makes sense to go to any lengths at all to keep commercial emails within the US out of the hands of the NSA.

If GCHQ made a habit of reading corporate emails and reselling them to competitors, it would probably bring down the government; I can just about see them intervening in something like the Westland helicopters case (which did bring down Michael Heseltine), but that's military procurement which is always special and tends to have its own particularly tedious information-exchange rules.

[QUOTE=CRGreathouse;231563]... devise your own word -> bit pattern lookup scheme and send strings of nonsense/chatspeek words that contain your message.[/QUOTE]This is not a simple one paragraph message, these are large documents with scanned drawings and whatnot.[QUOTE=fivemack;231610]If you're in a country so screwed that the local intelligence agencies are officially involved in private industrial espionage (that is, that providing evidence of the involvement causes the relevant authorities to take no action), you're already doomed. I don't think it makes sense to go to any lengths at all to keep commercial emails within the US out of the hands of the NSA.[/QUOTE]Remember there are two ends to each communication. In my source country I have no issues, and can send and receive anything without any difficulty. But for some of my contacts on other countries things operate somewhat differently.

So now the US doesn't want to be left out in the cold:

[url]http://www.physorg.com/news204798687.html[/url][quote]The newspaper said the White House plans to submit a bill next year that would [b]require all online services that enable communications to be technically equipped to comply with a wiretap order[/b]. That would include providers of encrypted e-mail, such as [b]BlackBerry[/b], networking sites like [b]Facebook[/b] and direct communication services like [b]Skype[/b].[/quote]And they played the terrorist card:[quote]Federal law enforcement and national security officials say new the regulations are needed because terrorists and criminals are increasingly giving up their phones to communicate online.[/quote]And they want everything:[quote]-Any service that provides encrypted messages must be capable of unscrambling them.

-Any foreign communications providers that do business in the U.S. would have to have an office in the United States that's capable of providing intercepts.

-[b]Software developers[/b] of peer-to-peer communications services would be [b]required[/b] to redesign their products [b]to allow interception[/b].[/quote]When encryption is outlawed only outlaws will use encryption.

[QUOTE=fivemack;231610]If you're in a country so screwed that the local intelligence agencies are officially involved in private industrial espionage (that is, that providing evidence of the involvement causes the relevant authorities to take no action), you're already doomed. I don't think it makes sense to go to any lengths at all to keep commercial emails within the US out of the hands of the NSA.

If GCHQ made a habit of reading corporate emails and reselling them to competitors, it would probably bring down the government; I can just about see them intervening in something like the Westland helicopters case (which did bring down Michael Heseltine), but that's military procurement which is always special and tends to have its own particularly tedious information-exchange rules.[/QUOTE]


The NSA is [b]FORBIDDEN[/b] by law to intercept domestic US communications. And there are congressional oversight committees who
enforce this. And they are serious in doing so.

Of course anything going out of the U.S. or coming in is fair game.

[QUOTE=R.D. Silverman;231634]The NSA is [b]FORBIDDEN[/b] by law to intercept domestic US communications. And there are congressional oversight committees who
enforce this. And they are serious in doing so.[/QUOTE]

You must be looking at some other law than I am aware of:

[url]http://en.wikipedia.org/wiki/NSA_warrantless_surveillance_controversy[/url]

Oh, and look, even though there are legal restrictions on such surveillance, the government simply ignored them as it pleased in the name of "national security" and "fighting terrorism". Imagine that! Bob, don't you realize by now that "laws are for the little people"?

If you give the government the means to do something, it is inevitable both that it *will* use them, and that it will abuse them, often on a massive scale. NSA-built "secret rooms" installed next to communication pipes at all the major telecom providers ... sound familiar?

[QUOTE=retina;231611]This is not a simple one paragraph message, these are large documents with scanned drawings and whatnot.[/QUOTE]

Right, thus my suggestion of coding the bits as words. 10010111 -> "d00d", 10011000 -> "and", 10011001 -> "1ee7"... just find a suitable corpus and find an appropriate number of distinct words.

Edit: In case of further confusion, my suggestion is:
1. Compress data.
2. Encrypt compressed data.
3. Code in the above manner.
4. Possibly compress data a second time, since the coding enlarges the file maybe ~5x.

Edit: There's a theorem that says that as long as you do 2 before 3, you retain security. I don't recall the name, let alone the citation... sorry.

[QUOTE=R.D. Silverman;231634]The NSA is [b]FORBIDDEN[/b] by law to intercept domestic US communications. And there are congressional oversight committees who
enforce this. And they are [COLOR="Red"]un[/COLOR]serious in doing so.[/QUOTE]

Fixed that for you. Unless you have a vastly different view of the SSCI and HPSCI than the rest of us...