Schneier on Security

Clive Robinson • December 26, 2009 10:47 AM

@ hiding under the couch,

“Can this be fixed? I just want peace.”

Do you want the short answer or the long answer?

The short answer :- is after you type any of your details into an internet connected machine you might as well assume you have broadcast them to the world forever, so no there is nothing you can do about what you have already typed.

The Long answer :- Is to disasociate the various parts of your life from each other and treat them in the same way you do “old school friends”, “past friends”, “ex girlfriends”, “current work colleagues”, “past work colleagues”, “past church life”, “current church life”, etc etc.

That is treat the various non-core parts of your life as seperate roles, that each has an independent identity from each other that is fully disposable at a moments notice.

Outside of your “core life” each role has it’s own nickname email address, VoIP & mobile number, disposable pre-charge payment card and even postal address as required.

For your core life (tax banking etc) do not use the Internet or anything other than good old fashioned “snail mail”. Effectivly use two seperate PC’s one for offline “core life” activities the other for “role based personas”.

Be paranoid and assume they are out to get you as they genuinaly are. The more details an entity can build up about you the more valuable the information becomes not just to identity fraudsters but marketers and others you have had good reason to break ties with.

Never ever use your “core-life” real address telephone number etc on line ever. Organisations you have supplied those details to never do business with online.

Monetary transactions should be by cash, that is don’t transfere money from your core-life bank account to pay bills or pre-charge a payment card. Never use a role based persona across roles, that is if you are fred123 don’t use the VoIP number for jim234. Likewise don’t use mobile phones (even with different SIMs) for different roles. Old mobile phones can be bought for next to nothing. Never ever down grade your core or role phones down to another role. When you want to get a new mobile clean up the old one take out the SIM and any Memory card and flog it via the offline second hand market. Always buy role based phones on that personas pre pay card.

All this is because at some point the data sets will cross over and it will be corelated (you cannot anonymise data with any level of utility sufficiently to prevent re-identification).

Oh and to clear up your current state, it’s time to move your core life away from where you live (if you can) and offline permanently.

Two PC’s sounds expensive but actually it’s not. You have one good quality machine for your core life and another older machine with no hard disk plenty of RAM and a memory stick for each persona. Run the system of a CD-ROM (not re-writable) based OS. If you cannot hack Unix then look at how to put MS onto CD-ROM there are toolkits out there, but I’d advise against it MS puts lots of machine based metadata into OS and user files including network card MAC addressess and CPU ID tags etc etc.

Have a hunt around on the Internet (from a cafe etc) for various advice documents for NGO’s working in hostile countries they go into various uses of anonymous services like TOR and re-mailers etc. DON’T put the document onto your hard drive, print it out and then securly delet it from a USB memory stick.

If you think this sounds paranoid a few years ago it would have been, these days it’s being moderatly cautious, in a couple of years time you and many others will wish you had and a few after that it will be normal behaviour for most sensible people.

Clive Robinson • April 13, 2012 5:25 AM

@ s1Ty$zpp,

You, sir, are a prophet

It is kind of you to say so, sadly though the reality is more a “prophet of doom”, due to the all to predictable nature of those given both power and wealth, who also chose not to acknowledge the harm they do. Harm not just to society but also as a consequence of their actions to themselves and their loved ones (assuming they have any).

Clive Robinson • January 3, 2013 3:10 AM

@ Mark Harder,

Seems to me that frightening criminals from engaging in their activities online is counterproductive for law enforcement in that the perps…

It depends on the viewpoint, contrary to what most people think, LEAs are not paid to just catch criminals. In todays “cost efficient policing” it’s all about numbers which in the main means “get the low hanging fruit” as this provides best numbers for seniors to wave around at politicos etc.

There are exceptions which are crimes that are newsworthy for some reason. When one of these types of crime happens LEA seniors apply resorces disproportionate to the norm in order to control public opinion as dictated by politicos and journalists.

Thus as you would expect the types of criminal that will be targeted under normal circumstances will be those that are not particularly clever/knowledgeable or just don’t care if they are caught for whatever reason.

But there is a secondary effect which is for the LEAs and others to talk up crimes and make them appear to be much worse than they realy are.

There are several reasons for this and it’s all to do with the “numbers”.

As has been said often there is a calculation performed as to the value of the crime compared to the resources applied. Put simply there is a bar or hurdle, if the value of the crime is below the bar then the crime gets minimal resources, if it’s above the first bar then it clears that hurdle and gets an increased level of resources. So onwards up the scale of bars/hurdles.

If an investigating officer can show quickly that a new crime is in someway linked to other similar crimes then the aggregated value is used to decide if more resources are required.

So the individual LEOs have an incentive to link crimes together to get the resources to ensure some crimes actually get investigated.

It also means that it changes their own individual targets so that catching one individual who has committed lots of litttle crimes is worth a lot more than catching criminals that do infrequent crimes.

A side effect of this is to “load up” a criminal. That is if a criminal is caught for one crime, their value is small to an officers individual targets. However connect the criminal with a lot of crimes and suddenly they become quite valuable to the individual officers, as the officers individual targets are related to crimes committed not criminals convicted. But there is a quirk in the system in that criminals get to do prison sentances concurrantly not consecutively. Thus the time served is realy only related to the most serious crime. So deppending on the jurisdiction the officer has either the discretion to talk to the judge to get the sentance for that crime reduced or the officer can use a plea barganing route to reduce the severity of the crime. Thus perversly it’s sometimes to a criminals advantage to plead guilty to lots of minnor crimes they have not committed as it reduces their actuall time served for a more serious crime they have committed…

It’s win-win for the officer and criminal, it’s also win-win for the LEA and politicos because it makes the clear up rate look good. But society loses because the real criminal for those crimes goes unpunished.

Whilst you can argue away “loading up” as a necessary evil of LEAs having to do impossible “efficiency” increases it however turns the LEAs into criminals themselves (knowingly presennting false information to a court is perjury).

Once they have crossed that line the next line is easier to cross which is “fitting up”. This is where the LEA has a newsworthy or politicaly sensitive crime to deal with where results are required. What the LEOs on the case do is arrrest an individual who looks most likely then build a case to make them guilty. That is the LEOs only look for information to associate the arrested person to the crime, not for evidence that dissociates the arrested person with the crime. Whilst this might start as a “group think” issue for a small team that is under preasure, it can quickly get worse with the witholding of evidence from the defence or worse still from destroying evidence that would clear the person to the very deliberate fraud of fabrication of evidence against the person to ensure conviction.

But of more recent times there is a new game in town of inventing crimes and arresting suspects prior to the supposed crime and prosecuting them for “conspiracy to comit…” or similar. We have seen this with Terrorist cases and it will spread out to other areas with time. In essence it’s a ‘he says she says’ argument that gave rise to the notion of “thought crime”.

But “thought crime” has actually been around with us for hundreds if not thousands of years one way or another. Most notably with the sayings attributed to Cardinal Richelieu,

If one would give me six lines written by the hand of the most honest man, I would find something within them to have him hanged.

However another saying attributed to the Cardinal,

Harshness towards individuals who flout the laws and commands of state is for the public good; no greater crime against the public interest is possible than to show leniency to those who violate it.

Can be seen as the basis not just for excusing all the above behaviours but in actually fostering new crimes.

What we are seeing is new laws being put on the statute books that are now so broad in definition that it is difficult to see how a normal person can defend themselves against being found guilty.

So now all an LEA has to do to meet it’s numbers is randomly select people to be classified as criminals and then have them convicted.

Which brings me back to your point,

… in that the perps will be forced to develop ever-subtler and more secure means of communication to evade the snoops, leaving the rest of us vulnerable to all sorts of snooping we are prohibited from knowing about.

In the UK this has certainly been the case. People have been accused of being terrorists but have not been allowed to see the evidence against them as it would reveal “methods and sources” of the security forces. Because some judges have told the prosecution “put up or shut up” some alledged terrorists have been put in a kind of limbo wheere they have been arressted charged and detained but have not been brought to trial or deported from the country. A case brought to the European Court of Human Rights (ECHR) declared this policy to be illegal thus the alledged terrorists were released under what is in effect “house arrest”. No doubt there will be further submissions to the ECHR over time, but the UK government appears determined to continue the cat and mouse game, if for no other reason that of Political Face Saving.

Clive Robinson • January 9, 2017 10:06 PM

@ Snapshooter2017,

Clive Robinson – visionary, indeed!

Sadly I was to optimistic in my view point, at the time.

As you are aware things have got worse considerably worse.

Whilst at one time Tor was sufficiently secure, we now know that it is deficient in a whole manner of ways. Pre Snowden trove documentation, upto around 2008 it was only the likes of the Five-Eyes that could make inroads on Tor.

Now as we know the likes of the FBI have paid very large sums of money to certain Universities. Where some of the brightest and best have utilised various deficiencies that I and others had been highlighting as needing fixing.

What was not clear then was why the Tor Foundation avoided fixing these deficiencies. There have been various reasons suggested by several people, but still the deficiencies are there a decade later, with apparently no effort made to fix them.

Thus if you look on other threds of this blog, I urge people to use Tor with some considerable caution and care.

My old point about moving security end points remains true. However the likes of Intel and AMD have in effect backdoored systems not just with their “Managment Engines” but also with built in radio networking etc.

Thus my advice has changed from “air gapped” to “energy gapped” and now I tell people to consider “Pencil and Paper” cryptography to “take the security end point off of all computers”.

I also offer other thoughts on how to avoid security “end runs” to protect from other sensors such as hidden CCTV in home appliances and likewise hidden microphones in these new Siri like sysyems that send all audio back across the Internet, in ways that we have no way of knowing are at all secure. Thus it’s wise to assume that the Signals Agencies can listen in…

Then there is what in effect is Doppler Radar using the likes of Wifi to image through walls, supposadly with sufficient resolution that hand movments can be worked out. Thus combined with other methods such as various types of microphone, what you write on a piece of paper might be worked out.

In the past I have described what you need to do to take apparently benign household objects to make your own temporary Sensitive Compartmented Information Facility (SCIF, pronounced “skiff”). Such that it can be put together and taken down very quickly.

There is an obvious problem with this which is individuals are impatient, and SiG Int organisations very patient. Thus they will catch and use any mistake in OpSec you might make.

Whilst it is still possible for individuals to get privacy through security / OpSec it is getting more and more difficult. But whilst you may be secure at your end, it’s others that you have no control over who will do what they please and often without thought (think of all those “Driving Under the Influence” convictions to see why).