A note on the NSA, the future and fixing mistakes

Readers of this blog will know this has been an interesting couple of days for me. I have very mixed feelings about all this. On the one hand, it’s brought this blog a handful of new readers who might not have discovered it otherwise. On the other hand, it’s made me a part of the story in a way I don’t deserve to be.

After speaking with my colleagues and (most importantly) with my wife, I thought I might use the last few seconds of my inadvertent notoriety to make some of highly non-technical points about the recent NSA revelations and my decision to blog about them.

I believe my first point should be self-evident: the NSA has made a number of terrible mistakes. These range from policy decisions to technical direction, to matters of their own internal security. There may have been a time when these mistakes could have been mitigated or avoided, but that time has passed. Personally I believe it passed even before Edward Snowden made his first contact with the press. But the disclosures of classified documents have set those decisions in stone.

Given these mistakes, we’re now faced with the job of cleaning up the mess. To that end there are two sets of questions: public policy questions — who should the NSA be spying on and how far should they be allowed to go in pursuit of that goal? And a second set of more technical questions: how do we repair the technological blowback from these decisions?

There are many bright people — quite a few in Congress — who are tending to the first debate. While I have my opinions about this, they’re (mostly) not the subject of this blog. Even if they were, I would probably be the wrong person to discuss them.

So my concern is the technical question. And I stress that while I label this ‘technical‘, it isn’t a question of equations and logic gates. The tech sector is one of the fastest growing and most innovative areas of the US economy. I believe the NSA’s actions have caused long-term damage to our credibility, in a manner that threatens our economic viability as well as, ironically, our national security.

The interesting question to me — as an American and as someone who cares about the integrity of speech — is how we restore faith in our technology. I don’t have the answers to this question right now. Unfortunately this is a long-term problem that will consume the output of researchers and technologists far more talented than I. I only hope to be involved in the process.

So while I know there are people at NSA who must be cursing Edward Snowden’s name and wishing we’d all stop talking about this. Too late. I hope that they understand the game we’re playing now. Their interests as well as mine now depend on repairing the damage. Downplaying the extent of the damage, or trying to restrict access to (formerly) classified documents does nobody any good.

It’s time to start fixing things.

59 thoughts on “A note on the NSA, the future and fixing mistakes

  1. The USA has to fix a lot now otherwise US companies will get bankrupt because nobody trust products “Made in USA” anymore.
    I sold my latest Android smartphone and will never again use this OS or any other closed source OS made in the US.

    SElinux is thankfully not included in Debian based distributions. I don't trust the USA. Don't play poker with them as they will always try to cheat.

    Good luck over there in the US.
    Greetings from South Africa.

  2. Same here in Europe, trust is at bottom level because the US government is treating non-Americans as 2nd class humans. The USA are not the only country which has a constitution to protect citizens. Lots of people are protected by a constitution like that. Furthermore there is the Universal declaration of Human Rights and the European Convention of Human Rights that protects the privacy of all humans, protects humans from surveillance like that, and which ensures a fair trial. The USA is terribly wrong to not feel the need to respect such laws.

    Europeans will be avoiding hardware products from the USA because the industry creates (willingly or not) vulnerable hardware. We will be avoiding Operating systems like Microsoft Windows, Apple iOS and Google Android. We will be avoiding Software and Internet services from the USA.

    I guess the only solution for the IT industry is open hardware, open software, open standards for communication and encryption. Thanks to the NSA we have to restart basically from point zero.

    To be clear: the damage was done by the actions taken by the NSA, not by Edward Snowden who only revealed the wrong doings to the public.

  3. I'm curious why the previous 2 comments talk about Android as a closed OS…
    I agree with their feelings though – I too am more skeptical of US technology now.

  4. It saddens me a lot what the internet has become. Once a wonderful opportunity to communicate and create new businesses, connecting people. Now its a surveillance trap, bloggers get harassed for expressing their ideas and feelings and LAWYERS are hunting you.

  5. >>I guess the only solution for the IT industry is open hardware, open software, open standards for communication and encryption. Thanks to the NSA we have to restart basically from point zero. >>

    True, Richard Stallman must be laughing at the fools and crooks who opposed him. The only solution is keeping everything, hardware software and every standards open.

    Building trust will take a lot of time.

  6. You are correct, you have gained a number of new readers because of current events and many thanks for your blog. To play wack-a-mole at both of your points at once, both the public policy and technical questions should be brought out entirely into the open for national discussion. In other words, I do not share your faith in the US Congress. There is an ongoing breakdown in trust between the US Federal Government and the American people. In the short term the NSA has done great damage to both the US Government and the American people. In the long term, what the NSA has done is a good thing. This will necessitate us( world community) to start over. All standards, software, and hardware should be open source. There can be no bugs with millions of eyeballs.

    To the point: Constitutional republic forms of government and governmental secrecy cannot co-exist. This is almost axiomatic.

  7. I had never bothered to think about TLS MITM vulnerability in specific or even SSL much in general. My experience in cryptography has been mostly in implementing the SRP protocol for system access control and AES session key generation.

    The NSA apparently has capability to attach MITM taps into TLS network connections almost anywhere by having both the private keys to the servers it wants to compromise and programmatic access to the routers to spoof their traffic sources.

    I don't think there is going to be a general solution to the TLS MITM weakness. The NSA claims to exploit this weakness in cross-border international traffick which seems to me to be legal and lawfull. The ability for a lesser adversary to compromise a single router and a single server with an MITM attack of their own is troubling enough to keep me thinking.

  8. Indeed, I think these revelations have damaged the States' reputation as a provider of IT and as an IT innovator. I have to say I am disgusted by the NSA's actions, and have absolutely no trust anymore in any of the technologies I use to communicate online. The whole thing makes me think of that expression: “you're not paranoid; people really ARE out to get you.” In light of the stories that have emerged in response to Snowden's disclosures, I have closed down my icloud account and switched from Gmail to Hushmail. I also closed down my Facebook account and then created a new one that is entirely public and contains almost no personal info. As a Canadian, I am particularly perturbed by the fact that anyone outside US borders doesn't count – we can't compel the NSA to stop spying on us, the Rest of the World. Having said that, I am sure my own government is as bad as the NSA, so it might not matter!

  9. Sadly, European governments are most likely doing the same thing as the NSA – it's just the scale that may be smaller. The same with Canada, and certainly Russia and China would have huge spy apparatuses. The difference is that America's program has been revealed to the world – now we need Snowdens from other spy agencies in other countries to step forward and tell the rest of the story.

  10. One solution to the TLS MITM vulnerability relies on the security of the client's private key. The client's public key is uploaded to the server during a registration process. TLS has a flavor of this called strong authentication, which uses certificates.

    Users must create their own strong private key, and this can become a vulnerability with a weak generator that doesn't uniformly distribute keys across the universe of users.

  11. I have already emailed the D.N.I. expressing my loss of confidence in US cloud providers and will be migrating to a European or Asian service. We're just a small company, but given enough outraged small foreign companies moving away from US companies, it will negatively impact your economy.

    I am not an engineer so I don't know how you can “fix” the technical problems. But it would have to be significant to earn back my confidence.

  12. At the level of spying that the NSA is doing, scale does matter. My third world government can't even afford all the fancy wiretapping stuff your local police have, and don't have enough technical people to use it effectively. So I have more to fear a far-off spy agency that reads all foreign communications than my own government.

  13. There is a need to educate those who seem disinterested and/or uninterested in the problems surrounding mass, suspicionless surveillance, in addition to the need to start fixing these problems.

    As a European and software developer I am disheartened by a magnificent ignorance: I interact with plenty of people wanting to discuss confidential matters over gmail or skype and people who are quite willing to collect personal details from their customers (scanned passport images for example) and store them in US based cloud services.

    Mr Snowden's concern that nothing would change seems particularly astute and it's right and proper that we're having the conversations prompted by such blog posts as Mr Green's.

    So thank you.

  14. I agree that we need to address the political problem of the U.S. government that has acquired over the years unrestricted access to all of the hardware that makes up the internet. They have nearly unrestricted ability to generate MITM attachments to all TLS connections.

    Perhaps a world-wide database hosted by each and every country that cares to participate of users' client certificates is needed. These database copies could be audited against one another to demonstrate consistency, and would obviate the need to register with servers one-by-one.

  15. They can begin “fixing” the situation by:

    #1 impeaching Obama (Nixon quit over much less). Impeaching of Obama would send a very strong message to all future presidents that trying to recreate the surveillance state will be unacceptable. If Obama gets away with it, you can bet that maybe not the next one, but the next one after him will try again.

    #2 firing Clapper, Alexander, and others involved at the top (Holder?), and possibly even putting them in prison over lying to Congress (we can't just have rogue agencies doing anything they want like that)

    #3 overhauling the entire Intelligence Committee, perhaps with the exception of Wyden and Udall, who have been trying to warn us about all of this (but didn't use their immunity to actually tell us the truth).

    #4 Reducing the NSA by say, I don't know – 90 percent? (clearly they have too much money to crack everyone's computers, tap all the cables, and launch hundreds of offensive actions, against who knows who). They should say thanks for not being shut down for good. Spy agencies like NSA, especially rogue ones, have no place in transparent and democratic societies.

    #5 Repealing the Surveillance State (http://holt.house.gov/index.php?option=com_content&task=view&id=1200&Itemid=18). Clearly all of these laws have been passed with no real debate. Get rid of them, and start the debate from scratch.

    #6 Forget about NIST. Form a new international body for security standards. Have no trust in anyone working with the government, or who worked in the recent past for the government

    #7 Fight to get everyone on open source firmware. We can never trust hardware vendors again until their firmware is open source, and we can audit it. This goes not just for American companies, but companies like Huawei and others who try to do business in US or EU, and so on. Open source firmware is going to be vital in the future, to establish trust

    Let's call all of those the “starting steps” that are needed to recreate a trusting environment again in technology. Anything less will be a mockery, and will mean nothing has been solved, just swept under the rug, waiting to be exposed a few years later.

  16. I think there's also an interesting opportunity for the US government and US companies here. While the stories (and their associated reactions) are obviously US focused, it seems reasonable to assume that there will be an increased overall interest in security issues. And because of the US-centric nature of the current discussion, the US government and US companies are in a unique position (and uniquely motivated) to focus on improving confidence and security in terms of technical, legal and policy solutions.

    While non-US companies are likely to get some mileage out of “we're outside US jurisdiction”, the smart person asks what's going on in the jurisdiction they ARE subject to. If you're moving your data away from US services to somewhere else because you're afraid of the NSA, I would imagine most people would want some sort of assurance that they're also protected from the local equivalent. And that's a lot harder assurance to provide.

  17. I would like to be able to purchase a cheap laptop just for surfing the net via my Ethernet cable. It would use Tor automatically. It would only read content on the internet but there would be no capacity to download files or malicious software. It would have speakers but no mic or cam. It would have zero wireless function. The operating system would be set in stone and could not be updated/altered in any way.

    Is it possible to create such a device which has some basic functionality but is impossible to hack since no changes can be made to the device?

  18. There are ways, however, by making it impossible to be altered/updated this also reasons that the moment an exploitable bug is discovered you're done. You have to throw it out and buy a new device that is updated. It's pretty clear that such an implementation quickly becomes a pain.

  19. It could have a cheap removable cassette hard drive. I purchase the updated disc from the trusted hardware company and plug it in??????

  20. I'm not clear on what you're suggesting.

    If we take trust in your own gov't as a given, there'd still be no way to avoid, “obviate”, registering with gov't servers one by one. No gov't would trust the other, unless you're suggesting we maintain one list that each gov't individually audits for their citizens – a massive task only feasible for very large countries.

    Either way, we're no better off.

  21. If I'm not mistaken, this is the idea of using signed (by the service provider) public keys (your public key) for authentication? – the resulting certificate being generated during the first transaction/registration. This would then allow the provider to authenticate you and also let you challenge/authenticate the service provider themselves, then being able create a secure connection. (I may be mistaken on a few pts, looked at a corresponding credit card implementation some years back).

    I remember thinking that this would be a solid idea for certain transactions such as with credit cards (you can append the certificate with the dollar amount, and sign it to build a certificate chain as it passes through different banks/financial institutions).

    However, for daily online communications wouldn't this still rely on that initial transaction being secure? ie. you'd still have to acquire the service provider's key uncompromising which isn't feasible without a secondary way of authenticating any key you receive over the wire, at least for normal usage.

  22. We're not talking a small number of times, see: http://www.cvedetails.com/product/17153/Microsoft-Windows-7.html?vendor_id=26

    Not to mention, these days gov'ts and others no doubt stockpile zero days just like any conventional weapon.

    To return to your idea give an applied example: a lot of people (this blog incl., if I recall) suggest banking on a live cd which isn't a bad idea if you're using a Windows box (not getting into if Windows is less secure by design argument, just most commonly used) that is likely infected with ROUTINE keyloggers/spyware/whathaveyou. This will for the most part prevent logging of your banking credentials because the majority of such programs a)won't spread to CDs, b)won't run on linux distros even if they do, c)won't remain beneath the OS, or d)even if you acquire CDs independently, very few target linux.

    Live CDs, however, are not as useful if someone is actively snooping on your network (I'm looking at you SMBs) because, depending on when you get/make them & how often the devs update the .iso, the distro or software (webbrowser, etc) isn't updated and may be vulnerable to the pt. where it makes you no safer.

    All this is besides the pt. really; no system is going to be completely immune to exploitation and all the additional trouble you'd be putting yourself through in your example wouldn't make you any safe.

  23. We're in process of delivering such a device based on “smartphone” hardware with http://cleanphone.is – doing so is the least-bad way to protect against endpoint vulns.

    Yes, this means the hardware itself becomes “obsolete” when new OS builds or versions are necessary. In practice, that means the hardware comes back to our company, we hard wipe all memory storage, and we reinstall the new rev – making it a completely “new” phone rather than any kind of conventional upgrade.

    Nowadays hardware is cheap – very much so. It's not the bottleneck. That's not an excuse to throw hardware away carelessly, as there's still a sizeable environmental footprint created by the entire supply chain. But it does mean that the model of “sell folks hardware and then they upgrade that prized possession with software over time” really isn't applicable any longer. Now, it's “sell them the expertise in configuring software that's stable and secure – on whatever hardware is handy to do the job for the time being.”

    If one seeks to deliver actual end to end security confidence to nontechnical customers, the above is at present the only way to do so. Leaving a bunch of applications – not to mention the OS – with dangling hooks to accept updates, and expecting nontechnical customers to wade through which updates are genuine and so forth, is simply not feasible if one seeks an end configuration that's even vaguely TAO-hardened.

    It's interesting, because we've been working on the “Cleanphone project” for nearly three years. Until several months ago, bringing up “endpoint hardening” was enough to make anyone's eyes glaze over – nobody wanted to hear that paranoid blather. Heck, back in 2008 via a predecessor company we tried building & delivering “security hardened” laptops via this model (operating as Baneki Privacy Technology, now evolved to Baneki Privacy Labs at http://baneki.nu). We sold only a handful – nobody wanted to have limits on what Windows gadgets they could grab from “free” download sites, basically. What people wanted was some program that made them “secure” (which of course was dependent on secure endpoints, which of course were and are quite scarce).

    Hence was born the “consumer VPN industry” as our work evolved, in turn, into Cryptocloud VPN… which itself has been shut down to make way for the cryptostorm darknet.

    And now, more than five years later and thanks to Snowden's courage and the NSA' perfidy, folks are much more aware of endpoint security – and asking security technologists to provide systems which can at least partially meet that challenge.

    It's a new world, post-Snowden.

  24. I really wish you the best of luck with your projects Pattern_Juggled! I'm just an average Jo, as you can gather from my post requesting a secure laptop but if I'm prepared to pay a few hundred dollars for hardware like that I'm sure millions of other will be coming online soon as the reality of the post-Snowden world sets it.

    I will send another 'internet dummy' post soon about a suggestion I have for Big Father Dot Com security service website. I's love to hear what you have to say.

  25. I'm an 'internet dummy' so please excuse me if this suggestion is not technically feasible. It occurs to me that us little endpoint users battling the NSA, China, Russia, Identity thieves etc. is like ants fighting elephants.

    Could we all band together and send funds to Big Father dot Com providers. As an internet user I would send all my searchers, via strong encryption, to a company whose sole purpose is to keep me and my searches and activity anonymous. They decode the encrypted request visit the website and send me back the info in encrypted form. If I have my secure laptop (see above)then 'she'll be right mate'?????

    This same Big Father company could also let me know about various attacks with a detailed report which I may be able to use in court if necessary.

    This would make a mess of Google Analytics as most IPs will be coming from Big Fathers (elephants) rather than private sites (ants).

    If it is the sole purpose of Big Father websites to protect privacy then they will go bankrupt overnight if discovered to be infiltrated by the NSA or other groups.

  26. Android deployed on a phone is customized by a company that builds phones. Customized version is almost always closed source.

  27. Opensource might help you go some of the way. But it sure as hell won't get you all the way.

    How many people understand openssl codebase? And of that set, how many of them understand cryptography beyond “are we behaving upto the spec”?

    Oh, and who says that linux kernel itself doesn't contain backdoors? Think you would spot all of them? All the time? Think you wouldn't slip them past Linus? What if Linus was bought/threatened/whatever?

    On a related thought: assume Linux is pwned, then all of Android (and Google, for that matter) is pwned. And Apple's closed source, so there you go.

    Thanks NSA; will definitely sleep better now that you're “protecting” us.

  28. The list is of public keys for all users so that the individual servers can obtain them reliably during TLS negotiations. Every list would be exactly the same as every other list thus it wouldn't matter which list server the TLS server contacted. Since there are less than 8 billion users at this point, less than 32 TB of data for the entire world.

    The purpose of the audit is to expose hacking of the list.

  29. I'm proposing using something very simililar to TLS strong authentication, where each party challenges the other to prove they have the private key to the public key.

    Instead of having to pre-register each user's public key with each server, a world-wide public key list would be maintained in multiple locations. That the list contains the correct public key for each user is something that each user can verify themselves, or governments can audit.

  30. Wow, i never thought USA could become the next German Democratic Republic with NSA=Stasi 2.0! You americans must live in utter fear

  31. Actually, almost all Americans don't have recent experience living under something like the German Democratic Republic like you over there do, and therefore about half of them simply don't realize that they SHOULD be living in utter fear… The other half realize that something's actually wrong, but most are still helpless to do anything about it… That's my opinion anyway.

  32. This is exactly right. Open source / open hardware / open standards does not automatically make ANYTHING secure AT ALL. It only means that it has the POSSIBILITY of maybe being secure… not that it is.

    But how can this be true? you might ask… After all, if everyone can see it, surely billions of eyeballs are vetting it, right? Err.. no. It only means that billions of eyeballs CAN vet it, not that they actually do. See the difference?

    One primary way to keep the number of eyeballs down, and therefore purposefully keep an open source project insecure, is to write obfuscated, difficult to read and understand code. This happens all the time.

    A prime example is the OpenSSL codebase, a rant about which Matthew Green linked in his previous blog post: http://www.peereboom.us/assl/assl/html/openssl.html

    Any time you see a rant like that about how awful a codebase is, you should be very wary of that code. It is generally pretty easy to purposefully hide a backdoor in such terrible code and make it appear like an accident. It must be rewritten. And it must be rewritten by smart experts in the field. Experts who care about it. People who take pride in making their code as easy and obvious as possible to maintain and follow and reuse. People who enjoy working on it, and tinkering with it, and making it better, etc… NOT by some dude trying to learn C or Bignum division or whatever.

    Here's another prime example: http://eprint.iacr.org/2006/086.pdf The Linux Random Number Generator (LRNG). Pay special attention to section 1.1 here's a quote:

    “LRNG is not well documented and there is no clear description of the implemented algorithm. The LRNG is composed of about 2500 lines of code, and in addition, hundreds of code patches were applied to the code during the last five years (and consequently, the available documentation does not always reflect the current code). One example of the complexity of the LRNG code is the fact that for 17 months the LRNG code included a bug in which entropy addition used a vector of size 4 × n instead of n. We also note that throughout our analysis we were not helped by any of the LRNG authors.”

    Any weakness in a random number generator makes everything else on that system vulnerable. Basic things like that must be done really well. And just being open source is not enough, it must be GOOD open source.

    Good open source takes effort and hard work, and the right kind of community to develop around it. The exact formula for that kind of community is a bit magical, and doesn't happen everywhere for many reasons. But hopefully a good thing that will come out of this NSA scandal is that more of these communities will spring up. I sure hope so.

  33. I sould have mentioned that bad code is not necessarily written nefariously, at least, not initially. Usually it's done out of ignorance. But the result is the same: Bad code can be co-opted by a nefarious party to purposefully hide something evil in it.

    That's why we must strive for good code, because good code is like turning on a light, and makes such errors much more easy to spot. It also encourages more peer review, because nobody wants to spend tons of time pulling their hair out, they run away from that. Whereas good code is enticing, and naturally invites people to read it, and people will enjoy doing it.

  34. I have been following your blog for a while. I specifically enjoyed your posts on cryptocat and the one last week. Today, gravity pulled me again to this blog, but this time not entirely to satisfy my crypto or infosec cravings.

    In this post you attempted to separate the issue at hand into one of a public policy viewpoint and another of a technical matter. Did you ever consider that the same conundrum might have existed within the NSA since its inception? Influenced Snowden's actions and motivations? After all, the NSA is nothing more than a large gathering of mathematicians and hackers led and commanded by a military general that was appointed by policymakers. NSA, as a whole, does not, cannot and must not have an ability to make or influence public policy. For good reasons! After all, the NSA is a government agency and more realistically a wing of the military, that answers to policymakers who in turn answer to citizens. Today, the divide only exists as a direct result of conflicting interests between citizen and policymaker.

    Technically speaking, widely-used public cryptographic systems were never designed to protect against advanced persistent threats such as SIGINT agencies, especially one as big as the NSA. The more pertinent question is: should the technical community pursue solutions for public crypto that include the NSA in a threat model? Especially considering that doing so, would fundamentally connote an acceptance of a new norm where trust between governed and government is abandoned! Where every citizen must rely on crypto to protect his rights rather than the rule of law. Will the community opt to kick the bucket forward by exponentially reinforcing current crypto systems only to come back to the same question in a decade? Be forced into a TRNG-OTP-XOR-Steg corner and tin-foil hats? Say “enough is enough, we don't want to live in such a society”? Or perhaps simply say nothing!

    Who knows?! One thing is for sure, attempts to intimidate and silence a professor do not establish trust.

  35. I came here two days ago from Süddeutsche Zeitung. Being a dedicated hobbyist I understand only the basic principles of internet, cryptography and IT-security, no technical details. But what I know until now, makes me scared and I'm afraid of getting paranoid. All electronic communication and the online storage data from our citizens, here in EU and at you in US, are automatically scanned. Actually only for terrorism, but who knows, why, when and by whom the search algorithms are switched to politics, sexuality, illnesses … ?? Being a (west-)German I know from our history books about the systematic surveillance in 3rd Reich (68 y ago) and GDR (24 y ago): Spying one on each other, and putting all results in one central database, and this MUST BE AVOIDED UNDER ANY CIRCUMSTANCES!!! To understand our strange people better: We had dictatorship and war in our own country. Directly after 9/11 my grandmother, who survived 2nd world war in Germany, was really scared about the coming 3rd world war.
    Last evening I prepared myself for online searching (greetings to Gamma International Ltd.) and moved some data from my desktop to an encrypted separate disk, which I simply don't want to know potential online searchers. During decrypting my separate disk I really thought about the possibility of being under real time surveillance and now “they” get my password. Where the hell are we going to? As many others I hope that I am not a person of interest, because I've got really nothing to hide than my privacy. But that is very important to me and many others here.
    And I learned during the last months, that there are no more chances for us than to secure our computers and to encrypt as much communication as possible. When the NSA stops scanning/storing/analysing, the BND, HNA, KGB, MSS China and many others will continue. In doubt no government can or wants to help us, because they can only act on their own territory, and not in this new beautiful cycberspace.
    Best regards, much success for your work, and take care!

  36. If public cryptographic systems really were never designed for this, then they should be. Because many country leaderships ARE very much against their own citizens, even slaughtering them all off and everything. They're only going to be emboldened at the immorality and abandoning of human rights in the USA, who has for ages had the arrogance to boast of itself as the world's moral police.

    Trust between governed and government is already violated, and it no longer exists. We have to start using technical means to protect ourselves from our oppressive government, just as surely as if we all lived in the worst dictatorship. Because that's going to be a far faster and more efficient route. Laws and policies take forever to change. Technology only takes a few short months to a couple years.

    That doesn't mean we shouldn't also fix the policies and laws of course, just that we cannot only depend on that for the next several years while that slowly churns through the system.

  37. You mentioned, “When the NSA stops scanning/storing/analysing, the BND, HNA, KGB, MSS China and many others will continue.” THIS is exactly why we MUST fix the technical means to protect privacy, and not just pursue fixing the NSA alone. We must make it free and open, and simple, and obvious, easy to use, easy to maintain, easy to verify that it's working correctly, easy to read the code, and it needs to be ubiquitous, etc…

  38. You are totally right. I actually even do not use mail encryption due to my lazyness, but also due to the effort. I am still waiting for my webmail provider (I need to trust them …) to offer PGP, because I use 3 different computers, Linux and Win7, to access my mail. But if e. g. Win7 would be compromised by default, what is realistic, compare the hacks of the young OSs Android and iPhone, this would still be useless.
    Proposal: We need an own open source project for save, encrypted internet communication, focus on maximum paranoia and ! trustworthiness !. The base must be elaborated by experts. I personally can write simple code in VB and C, but that's all. I could download e. g. the OpenSSL codebase, but have no chance to understand the program itself or the maths behind. Same with the Linux Kernel. I do not understand one of the 15 Mio. lines, how should I search for backdoors?
    At least I could contribute financially or by testing the usability of such a program.
    ==> Ideas are welcome.

  39. There is only one possible fix for this situation:
    Do not trade with the USA!

    As long as they are able to finance this surveilance monster, they will. As long as they can afford to fire hellfires at innocent children, they will. They do not care about opinions from the rest of the world. They do not care about morale or human rights – they don't even grant them themselves! They got their land by slaughtering the indigenous people! They get their resources the same way and maintain puppet states and a global net of lies to protect this status quo…

    They can not play fair. Even if they would want to, they just can't. They are too greedy to not taking the chance to cheat or intrigue. They do not just want enough to be able to live a good life. They want everything!

    Anonymous over TOR _and_ Proxies (hope that suffices to evade the eternal greed)

  40. The NSA has done major harm to American businesses and credibility. Microsoft, Google, Facebook, banks and others will be paying the price for years to come.

    Finally, has NSA effectively killed the Internet?

  41. Once the implications of Snowden's revelations sink in around the world there will be a backlash against closed source software. Entities connected to the internet and telephony networks (which interlink anyway) will stampede toward open source operating systems and servers (e.g. open source Linux), will eschew proprietary cryptographic tools and look with great suspicion on any closed source software intended to run on open source platforms (after all if an operating system can host back doors so can any program running on it). Also, they will demand that devices such as smart phones have open source operating systems; that would take no skin off the noses of the hardware manufactures; however, those packaging them for sale, like Apple, would have to rely on the supposed superiority of the hardware they commission rather than on what its software does.

    The entities concerned are everything from corporate giants, non-US government departments and public services, down to home computer users. Each has information that is at least confidential (e.g. accounts, medical records, and student profiles). It might not matter too much if it fell into the hands of “friendly power” security agencies. Yet given that back doors and such like can be discovered and exploited by criminals the possibility of confidential information being misused is worrying. Many of the entities hold information they would regard as top secret: commercial plans, R&D data, and, of course, some dodgy information they wish withheld from, say, tax authorities.

    Sell your shares in companies reliant on producing/vending closed source software. Many of the behemoths will collapse, their business models have been taken away. Some companies will thrive by selling added value (e.g. consultancy, implementation skills, staff training and emergency trouble-shooting services) to open source software users, in the Linux world SUSE provides enterprise “solutions”.

    Software development will become a cottage industry. High quality open source software will not only be open to scrutiny but also be subject to bug fixes, vulnerability closure and improvement at a pace the behemoths cannot manage because most of the work will be done by a community of skilled enthusiasts. Lest anyone imagine that open source and free to use means inferiority they need look only at the vast pool of high quality Linux/Unix open source material; this covers everything from office suites to arcane mathematical, scientific and engineering tools; it is generally at least as good as commercial offerings and usually better; what it sometimes lacks is a pretty GUI but that is being remedied.

    This will mean that software will, except for lose restrictions concerning attribution, cease to be intellectual property. The advantages to all far outweigh the loss of revenue to those that would patent algorithms and obscure the code in their products. Computers are tools that nowadays everyone depends upon. Pulling the plug on commercial secrecy and nefarious activities sponsored by governments may bring about an intellectual renaissance.

    [Please excuse typos. No spell check on my device.]

    I am known a “pragmtist” in the Daily Telegraph (UK).

  42. We all know how corrupted all federal agencies in the United States' regime has gotten, specially in the last 30 years after every corrupted Dictator-President placed, not elected. Since the 1980's I believed the Anglo Saxon countries had an unwritten agreement to spy on each other citizens. Now we know that my assumption is now fact. We all now know, thanks to Edward Snowden's leaks, that at the helm of electronic spying on their citizens as well as all citizens in the world is the corrupted and criminal US regime. Yahoo CEO might complained that she and CIA's side-spy agency, Facebook, are intimidated by the very agency they work for, but they should have read the US Constitution. The very laws of the land these criminals parasites in control of the Peoples government will face someday soon.

  43. Please guys, don't miss that:

    Even in the case of an hypothetical scenario were those kind of actions were accepted around the world as the only way to protect us against terrorists (Please, stop thinking it's just NSA/USA how spies people. ALL the governments do it, try to do it or wish to do it too).
    Even if Constitution were modified at every country as well as human rights.
    How shall we be sure of right security controls were put in place to assure that unauthorized access or just authorized people with bad intentions couldn't leak or alter sensitive information?
    Snowden is just an ethical man who helped opening the eyes of most part of the world but he is also an outsider and that's more relevant than people seems to have realized.

    Employees for external companies have their own contexts and those contexts are totally independent from the context of security Agencies and governments. What i mean is that outsiders have their particular training, oversight, motivations, policies and even salaries. Governments cannot control their engagement or commitment as if they were their own employees.

    Bond or Bourne are fictitious. Yes. I know it. They don't exist and they won't, but all we expect and deserve that people responsible of our protection and security were well skilled, trained and in totally commitment with their duties and our rights.

    What if just now there are any others “Snowdens” leaking relevant information to the bad guys jus now? How could NSA detect it?

    As you said, Matthew, NSA has made a number of terrible mistakes.
    Outsourcing for classified duties is another one.

  44. You are very right to worry about the fate of our craft in the public perception.

    Basically, we risk running into the same problem as atomic power, which died because some relatively superficial mistakes totally gainsaid everything the entire atomic power industry had ever told or sold to the public.

    This is not quite a TMI kind of watershed event, where the entire public looses confidence in an entire industry in a matter of days, but it won't take too much more to turn it into that kind of event.

    There is no way to (re)gain confidence, but to be trustworthy, and if there is anything the IT-industry, as a whole, isn't, then it is trustworthy.

    Look at the average EULA or product specification to see what I mean.

    I seriously doubt that's going to change.

    As an industry where are even more arrogant that the atomic power industry was and we are even more resistant to learning from mistakes than they were.

    Poul-Henning Kamp

  45. The only kind of software that can be trusted would seem to be open source, heavily commented & documented. While NSA's evil deeds have been exposed (at least some of them) recall that apparently many other governments are behaving similarly. We can trust crypto algorithms, but must design assuming MITM and MITB might be going on, and will need to figure for example whose elliptic curves we might be able to trust. I put a few hints on http://www.gce.com awhile back, before the extent of all this came out. A point to make is that one can add in access controls and use crypto to defend the abstraction. It is also possible to defend MITM if a second channel allows one to hand compare DH key hashes (one can compare just a few digits to do this adequately) so that a bogus MITM channel will show up. Unfortunately this kind of thing has to be planned for everywhere now. While some in the public may believe the distortions & worse of govt folks, most of those in the know are quickly understanding that we will NOT escape being watched. We have to design tools to work anyway.
    (I wonder if some form of oblivious transfer could be used even with a MITM channel to confirm keys? Note that DH is supposed to work right even if
    there is MITM to get a key. If you have a channel set up that is being MITM caught, might one not run a second DH exchange over that to get something a simple MITM attack might miss? And so on…make it at least difficult for an intercept to tell when it could stop faking connections?)

    I will suggest that we might need to have, everyone, some cheap box to use
    to run some crypto ops on that will act like a token, and not be attached to any network, to build some resistant auth protocols on. Cheaping out by trying to fake “tokens” in software, connected to networks, is just too open to attacks and has been made to fail commercially already. Air gaps work too, not just math.

  46. I have a couple of suggestions but since my post was apparently too long for this blog i put it on Pastebin, this is the link if you are interested:

    Also, please forgive me for my bad grammar as i don't speak English natively.

  47. I have thought that one could so limited encryption via the keyboard/touch screen controllers, which is encrypt and sign keystrokes, and decode messages to overlay on the screen, basically bypassing the host cpu and OS.

    At least the advantage there is the code size would be very small, so understandable and not modifiable by the host OS. At the very least you're protected against unauthorized hackers working from the margins.

  48. That would be a solution in the perfect world. In current world as it is, nobody has an authority to do any real change. That's what happens when you create rogue-like departments with virtually unlimited power and responsible to no-one.

  49. Anonymous, that technique is generally referred to as TOFU (Trust on First Use). It is perfectly OK to use *if* you are able to verify some other way that the server you are connecting to the first time is legitimate.

    This is similar to what add-ons like Certificate Patrol do. It will assume the first time the certificate is correct, but if the cert changes at any time in the future, it alerts the user. This is also sort of how the ZRTP protocol (secure telephony) works — once you verify your contact's key the first time, you don't have to do it again.

    All of that aside, it obvious that NSA has been getting away with large-scale MITM attacks for a few years now. And since it fairly easy to be detected during *active* MITM attacks, this implies they have more sophisticated passive techniques. I think there's five of possibilities:

    1) They have individually stolen the private keys of the server in question (Google, Yahoo, Faceboook). Get this key and it's game over. You can MITM to your heart's content without ever worrying about being discovered.

    2) They have backdoored sourcecode (OpenSSL) and/or hardware (the documents mention they were working on making various crypto chips “exploitable”). So software and hardware tampering seem not just plausible, but likely.

    3) They have stolen or made copies of the CA's root certificates. This would achieve perfect passive eavesdropping without any fear of being caught. If you have a perfect copy of the key used to sign the certificate of the website you are spying on, you cannot be detected. Such keys can either be stolen from the CA, or in the case of American CA's, forced by NSL's. This attack is better than #1 because it doesn't require you to steal as many keys (you can also MITM a lot of other websites with the same key).

    4) They found some flaw with the SSL protocol, key-exchange, cipher modes, etc. You know, things like BEAST or CRIME. This seems unlikely to work for long unless it is a *very* subtle flaw that none of the other thousands of eyeballs in the public world have found.

    5) They have fundamentally broken public-key crypto via cryptanalysis. This is the most unlikely scenario (though certainly possible as NSA has been saying since the 1990's that ECC is “almost certainly” more secure than RSA. I read this in one of their declassified “Cryptologic” articles from 1994). If you consider the real possibility that NSA is probably 5-10 years ahead of the public in factoring algorithms, then it might be possible. But I doubt it. If they can break the ciphers with reasonable computational efficiency, why bother with any of that other stuff? The documents make it clear they are stealing keys and subverting software. This doesn't seem like they have a good cryptanalytic attack on anything.

  50. It would be naive in the extreme to believe that only the NSA is engaged in the practices exposed by Snowden. Boys and girls, EVERYBODY IS DOING IT.
    I argue that NOT doing it is a culpable failure, and would probably end up being fatal to the nation state that abstained.

  51. After telling the world not to buy Chinese things because they are compromised. Telling people that China censors their internet. Telling people that Russia is a threat to world peace. It looks now like the real axis of Evil is the USA.

    Boycott US products.

    Also since Stuxnet was made in USA / Isreal, did the US start the cyberwar ?

Comments are closed.