Government snooping, backdoors and #necessaryhashtags

[ewmayer]

Update: Breaking from The Guardian, which broke the original story and which now reveals the identity of the NSA whistleblower who leaked the Verizon domestic-surveillance-reauthorization document:

Edward Snowden: the whistleblower behind the NSA surveillance revelations: The 29-year-old source behind the biggest intelligence leak in the NSA's history explains his motives, his uncertain future and why he never intended on hiding in the shadows

Quote:

The individual responsible for one of the most significant leaks in US political history is Edward Snowden, a 29-year-old former technical assistant for the CIA and current employee of the defence contractor Booz Allen Hamilton. Snowden has been working at the National Security Agency for the last four years as an employee of various outside contractors, including Booz Allen and Dell.

The Guardian, after several days of interviews, is revealing his identity at his request. From the moment he decided to disclose numerous top-secret documents to the public, he was determined not to opt for the protection of anonymity. "I have no intention of hiding who I am because I know I have done nothing wrong," he said.

Snowden will go down in history as one of America's most consequential whistleblowers, alongside Daniel Ellsberg and Bradley Manning. He is responsible for handing over material from one of the world's most secretive organisations – the NSA.

In a note accompanying the first set of documents he provided, he wrote: "I understand that I will be made to suffer for my actions," but "I will be satisfied if the federation of secret law, unequal pardon and irresistible executive powers that rule the world that I love are revealed even for an instant."
...
Having watched the Obama administration prosecute whistleblowers at a historically unprecedented rate, he fully expects the US government to attempt to use all its weight to punish him. "I am not afraid," he said calmly, "because this is the choice I've made."

He predicts the government will launch an investigation and "say I have broken the Espionage Act and helped our enemies, but that can be used against anyone who points out how massive and invasive the system has become".
...
He left the CIA in 2009 in order to take his first job working for a private contractor that assigned him to a functioning NSA facility, stationed on a military base in Japan. It was then, he said, that he "watched as Obama advanced the very policies that I thought would be reined in", and as a result, "I got hardened."
...
Over the next three years, he learned just how all-consuming the NSA's surveillance activities were, claiming "they are intent on making every conversation and every form of behaviour in the world known to them".

He described how he once viewed the internet as "the most important invention in all of human history". As an adolescent, he spent days at a time "speaking to people with all sorts of views that I would never have encountered on my own".

But he believed that the value of the internet, along with basic privacy, is being rapidly destroyed by ubiquitous surveillance. "I don't see myself as a hero," he said, "because what I'm doing is self-interested: I don't want to live in a world where there's no privacy and therefore no room for intellectual exploration and creativity."

Once he reached the conclusion that the NSA's surveillance net would soon be irrevocable, he said it was just a matter of time before he chose to act. "What they're doing" poses "an existential threat to democracy", he said.

Perhaps the most interesting snip for me as an American is this:

On May 20, he boarded a flight to Hong Kong, where he has remained ever since. He chose the city because "they have a spirited commitment to free speech and the right of political dissent", and because he believed that it was one of the few places in the world that both could and would resist the dictates of the US government.

[rogue]

McCaleb: Why 2013 seems a lot like 1984

Quote:

The following obituary crossed my desk late last week.

I didn’t know what else to do with it, so I thought I might as well share it here.

U.S. Privacy

Born: July 4, 1776

Died: Somewhere between 2006 and 2013

WASHINGTON, D.C. – Ulysses “U.S” Privacy, about 230 years old, originally from Philadelphia, Pa., died in seclusion at some point over the past seven years of a debilitating disease known as Orwellianoceania Voterapathasia.

Born at the dawn of the American era to several Founding Fathers and a humble yet beautiful mother named Lady Liberty, U.S. Privacy was an heir to the estate of his wealthy and articulate uncle, Bill O’Rights, and the protector of his uncle’s precious Fourth Amendment.

So proud of his Uncle Bill and honored to be selected to watch over this Fourth Amendment, Mr. Privacy dedicated his entire life to preserving its motto:

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

For two centuries, Mr. Privacy fulfilled his life’s purpose admirably, if not perfectly. The citizenry who the Amendment was written to protect went about its collective life as intended, without the unnecessary intrusion of Big Brother monitoring its every action.

But beginning about Sept. 11, 2001, when the unholy scourge known as International Terrorism struck Mr. Privacy’s homeland, his fortitude began to weaken.

Worried that International Terrorism might spread like a disease across the land, the descendants of the Founding Fathers developed two antidotes – Patriot Actosia and, simply, FISA – that they said would help keep the scourge at bay.

As payment for the antidotes, however, the citizenry unwittingly agreed to take its own medicine. This medicine was introduced into our homes, and our computers, and our cellphones.

Not to worry, though, the prescribing doctor said. The citizenry wouldn’t even notice, and the technicians, who worked for an agency called the NSA, wouldn’t do anything untoward with the data. The NSA isn’t the IRS, after all.

The important thing is that the citizenry would be safe.

That’s all that mattered.

But as the medicine seemed to be doing its job fighting the spread of International Terrorism inside the homeland’s borders, it had the opposite effect on Mr. Privacy. His strength began to deteriorate, and he eventually disappeared from the public eye.

Satisfied with their affluence and content that International Terrorism was all but beaten at home, the citizenry quickly forgot about Mr. Privacy.

It wasn’t until a report last week from across the pond, from a media outlet from Mother England, did the electorate realize that Mr. Privacy had long since passed. Passing with him was part of his Uncle Bill’s long-lost estate – the Fourth Amendment.

And as the citizenry tapped away on its keyboards, and jabbered away on its cellphones, and avoided its polling places like the plague, it remained content that it was safe.

Mr. Privacy has since faded from memory. The only reminder of his legacy is a tombstone, on which are enscribed these words:

“Privacy is dead, the victim of a complacent citizenry.

But the populace is safe, so all must be well.”

• • •

OK, all kidding aside, what the #%&#????

We’re supposed to trust that our federal government is using the data it collects from sweeping our phone calls and Internet visits only if it thinks national security is at risk?

And we’re also supposed to trust that politics doesn’t guide the IRS when it decides whether a tax audit is warranted?

President Obama, Congress, and anyone else who’s monitoring as I type this on my computer, stay out of my business!

If the federal government can play so fast and loose with the Fourth Amendment, maybe we should be worrying about the First, the Second and the entirety of the Bill of Rights.

George Orwell’s prescience is amazing. He was just about 30 years off.

[chappy]

This always bugs me, what is described is not Orwellian. It is much more like Brave New World, we do it to ourselves.

[chalsall]

Quote:

Originally Posted by garo

Off-topic posts from cheesehead, chalsall and Ernst moved to the "Infamous" thread. I am going to show zero-tolerance on off-topic crap on this thread for once.

Help! Help! I'm being repressed!!!

(Sorry... That was meant to be amusing....)

[ewmayer]

Quote:

Originally Posted by rogue

McCaleb: Why 2013 seems a lot like 1984

“The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.”

As Norman Solomon put it to accompany the text of the amendment in his open letter to Dianne Feinstein above, "the Constitution doesn’t get any better than this". Which is why the amendment in question had to die, obviously.

Quote:

Originally Posted by chappy

This always bugs me, what is described is not Orwellian. It is much more like Brave New World, we do it to ourselves.

I don't think it should be cast as an either/or issue - the current dire trajectory of civilization contains strong elements of both works: The all-encompassing, relentlessly intrusive State maintaining/manufacturing a perpetual state of emergency and going so far as to even redefine basic language to serve its ends, and the dumbed-down, self-medicated population saying in effect "do for me, O Mighty State, just so long as you promise to keep me safe and not interrupt my cable feed".

"Self-inflicted Orwellianness", perhaps.

[A refresher is precisely why I mention ordering a fresh copy of 1984 in the neighboring MET2013 thread.]

[xilman]

Quote:

Originally Posted by ewmayer

On the "how quickly people forget" theme - Any of our readers remember Room 641A

I just re-read that link and the target of Wired link contained within it. The latter contains this text

Quote:

According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: “Everybody’s a target; everybody with communication is a target.”

"Also many average computer users" nails down the target space significantly. AES, ECC and RSA spring immediately to mind though there are doubtless others.

I first read that one a while back. Much more recently I was browsing around and came across a paper by Antoine Jouxin which a L(1/4) algorithm for solving the DLP in fields of small characteristic. A L(1/4) algorithm has markedly better asymptotic behaviour that the previous front-runners in index calculus attacks and the current front-runner in integer factorization which have L(1/3) behaviour.

A wild speculation: a L(1/4) algorithm for integer factorization or ECM-DLP could reasonably be described as "an enormous breakthrough" if the storage requirements, computational overheads and the o(1) term hidden within the L(1/4) expression could be overcome. If anyone could overcome them, NSA would be the obvious candidates.

[cheesehead]

[OT]
It's getting more and more too-late for privacy preservation:

"Face of the Future: How Facial-Recognition Tech Will Change Everything"
http://www.livescience.com/37304-goo...cognition.html

Quote:

A world filled with mobile devices capable of instantly recognizing anyone's face can seem both empowering and scary. It's empowering because ordinary consumers can expect to eventually wield such power in their handheld and wearable devices; it's scary because the government, corporations and strangers on the street could use the same devices.

The merest hint of such a future prompted eight members of the U.S. Congress to help pressure Google into blocking facial-recognition technology on its "Google Glass" smart glasses. But for years, the technology has already helped law enforcement and casinos to identify wanted — or unwanted — individuals captured on surveillance cameras. Facial-recognition capability has also begun appearing on the smartphones of police officers and even ordinary consumers.

"On the low end, laptops can provide a face unlock feature, similar to what is done with smartphones," said Joshua Klontz, a research scientist at Michigan State University. "On the opposite end, full server racks can be used to conduct searches against millions of face images, as I suspect will be the case when the FBI's NGI (Next Generation Identification) system becomes operational."

. . .

Facing problems a different way

Sunglasses ... can frustrate even the best facial-recognition software ...

. . .

In the end, facial recognition on smartphones or smart glasses may simply represent the latest step in the evolution of modern life from private to public. Billions of people already share photos and intimate information about their lives on Facebook, Twitter and other online services to an extent that would have seemed crazy just 10 years ago, Li said. She suggested that privacy issues surrounding facial recognition represent big but solvable concerns.


"As the technology further evolves, and also the adoption of new tech increases, these concerns of privacy could eventually go away or be very well mitigated," Li said.

Kids, don't forget your sunscreen and eyescreens.

[xilman]

Quote:

Originally Posted by cheesehead

[OT]
It's getting more and more too-late for privacy preservation

I strongly disagree. It is very much on topic.

[ewmayer]

o The response from Washington is sadly predictable: "Don't focus on our own serial-lawbreaking - it's those who reported it that are the real criminals here:"

Spy agency seeks criminal probe into leaks: (Reuters) - A U.S. intelligence agency requested a criminal probe on Saturday into the leak of highly classified information about secret surveillance programs run by the National Security Agency, a spokesman for the intelligence chief's office said.

Attorney general under pressure to open more leak inquiries: (Reuters) - Attorney General Eric Holder appears to have little choice but to launch a new round of investigations into media leaks, the very issue that consumed him for the last month and led to renewed calls for his resignation.

Now I want to see Mr. Holder resign for his criminal failure to prosecute massive Big Finance fraud - but I admit my priorities are way, way "out there".


o Daniel Ellsberg (those under 50 may want to read that wikipage) has an op-ed in today's Guardian:

Edward Snowden: saving us from the United Stasi of America: Snowden's whistleblowing gives us a chance to roll back what is tantamount to an 'executive coup' against the US constitution

Quote:

Since 9/11, there has been, at first secretly but increasingly openly, a revocation of the bill of rights for which this country fought over 200 years ago. In particular, the fourth and fifth amendments of the US constitution, which safeguard citizens from unwarranted intrusion by the government into their private lives, have been virtually suspended.

The government claims it has a court warrant under Fisa – but that unconstitutionally sweeping warrant is from a secret court, shielded from effective oversight, almost totally deferential to executive requests. As Russell Tice, a former National Security Agency analyst, put it: "It is a kangaroo court with a rubber stamp."

For the president then to say that there is judicial oversight is nonsense – as is the alleged oversight function of the intelligence committees in Congress. Not for the first time – as with issues of torture, kidnapping, detention, assassination by drones and death squads –they have shown themselves to be thoroughly co-opted by the agencies they supposedly monitor. They are also black holes for information that the public needs to know.

The fact that congressional leaders were "briefed" on this and went along with it, without any open debate, hearings, staff analysis, or any real chance for effective dissent, only shows how broken the system of checks and balances is in this country.

o XKCD provides some much-needed levity on the issue:

[ewmayer]

Quote:

Originally Posted by xilman

I just re-read that link and the target of Wired link contained within it. The latter contains this text
[snip]

Thanks for that, Paul - very interesting. I have long believed that common "weak" crypto protocols like PGP are trivially breakable by the NSA, but of course had no real evidence of this.

Now, given the level of direct access of the NSA to the datastreams feeding directly in and out of "Big Web's" servers which has been alleged - quite credibly, despite the carefully-worded denials of the companies in question (here is a link to a Google-cached copy of that article, as most pages on the SFC site are subscription-only), something even more alarming occurs to me - but not being a "crypto guy" I wanted to run it by those more knowledgeable in that area:

Namely, what percentage of "encrypted communications" would you estimate is encrypted not at the point of origin but at the server end of things? Because if a non-negligible fraction of data is being encrypted at the server end, the (believed) safety level of the encryption algorithms being used becomes entirely immaterial, as the NSA would simply be intercepting the plaintext data streams before they even get encrypted. Use high-volume datastream splitters in room-641A-style facilities to split incoming data stream, user's data get sent on to and processed as intended by user via one outgoing feed, copy of raw data feed goes to the NSA.

Let's just say I really, really hope the consensus answer to the above question is "zero", and verifiably so. (Let's face it, when you use most standardized crypto scheme you are "taking their word for it" as to what is happening to your data behind the scenes.)

[kladner]

HTTPS would be meaningless and a waste of effort (cycles) if it did not take place at the origin. I am sure that Chalsall can provide far more authoritative and detailed information.

EDIT: Whether HTTPS is meaningful in light of massive decryption capability is another issue altogether.