Detaining David Miranda

Last Sunday, David Miranda was detained while changing planes at London Heathrow Airport by British authorities for nine hours under a controversial British law -- the maximum time allowable without making an arrest. There has been much made of the fact that he's the partner of Glenn Greenwald, the Guardian reporter whom Edward Snowden trusted with many of his NSA documents and the most prolific reporter of the surveillance abuses disclosed in those documents. There's less discussion of what I feel was the real reason for Miranda's detention. He was ferrying documents between Greenwald and Laura Poitras, a filmmaker and his co-reporter on Snowden and his information. These document were on several USB memory sticks he had with him. He had already carried documents from Greenwald in Rio de Janeiro to Poitras in Berlin, and was on his way back with different documents when he was detained.

The memory sticks were encrypted, of course, and Miranda did not know the key. This didn't stop the British authorities from repeatedly asking for the key, and from confiscating the memory sticks along with his other electronics.

The incident prompted a major outcry in the UK. The UK's Terrorist Act has always been controversial, and this clear misuse -- it was intended to give authorities the right to detain and question suspected terrorists -- is prompting new calls for its review. Certainly the UK. police will be more reluctant to misuse the law again in this manner.

I have to admit this story has me puzzled. Why would the British do something like this? What did they hope to gain, and why did they think it worth the cost? And -- of course -- were the British acting on their own under the Official Secrets Act, or were they acting on behalf of the United States? (My initial assumption was that they were acting on behalf of the US, but after the bizarre story of the British GCHQ demanding the destruction of Guardian computers last month, I'm not sure anymore.)

We do know the British were waiting for Miranda. It's reasonable to assume they knew his itinerary, and had good reason to suspect that he was ferrying documents back and forth between Greenwald and Poitras. These documents could be source documents provided by Snowden, new documents that the two were working on either separately or together, or both. That being said, it's inconceivable that the memory sticks would contain the only copies of these documents. Poitras retained copies of everything she gave Miranda. So the British authorities couldn't possibly destroy the documents; the best they could hope for is that they would be able to read them.

Is it truly possible that the NSA doesn't already know what Snowden has? They claim they don't, but after Snowden's name became public, the NSA would have conducted the mother of all audits. It would try to figure out what computer systems Snowden had access to, and therefore what documents he could have accessed. Hopefully, the audit information would give more detail, such as which documents he downloaded. I have a hard time believing that its internal auditing systems would be so bad that it wouldn't be able to discover this.

So if the NSA knows what Snowden has, or what he could have, then the most it could learn from the USB sticks is what Greenwald and Poitras are currently working on, or thinking about working on. But presumably the things the two of them are working on are the things they're going to publish next. Did the intelligence agencies really do all this simply for a few weeks' heads-up on what was coming? Given how ham-handedly the NSA has handled PR as each document was exposed, it seems implausible that it wanted advance knowledge so it could work on a response. It's been two months since the first Snowden revelation, and it still doesn't have a decent PR story.

Furthermore, the UK authorities must have known that the data would be encrypted. Greenwald might have been a crypto newbie at the start of the Snowden affair, but Poitras is known to be good at security. The two have been communicating securely by e-mail when they do communicate. Maybe the UK authorities thought there was a good chance that one of them would make a security mistake, or that Miranda would be carrying paper documents.

Another possibility is that this was just intimidation. If so, it's misguided. Anyone who regularly reads Greenwald could have told them that he would not have been intimidated -- and, in fact, he expressed the exact opposite sentiment -- and anyone who follows Poitras knows that she is even more strident in her views. Going after the loved ones of state enemies is a typically thuggish tactic, but it's not a very good one in this case. The Snowden documents will get released. There's no way to put this cat back in the bag, not even by killing the principal players.

It could possibly have been intended to intimidate others who are helping Greenwald and Poitras, or the Guardian and its advertisers. This will have some effect. Lavabit, Silent Circle, and now Groklaw have all been successfully intimidated. Certainly others have as well. But public opinion is shifting against the intelligence community. I don't think it will intimidate future whistleblowers. If the treatment of Chelsea Manning didn't discourage them, nothing will.

This leaves one last possible explanation -- those in power were angry and impulsively acted on that anger. They're lashing out: sending a message and demonstrating that they're not to be messed with -- that the normal rules of polite conduct don't apply to people who screw with them. That's probably the scariest explanation of all. Both the US and UK intelligence apparatuses have enormous money and power, and they have already demonstrated that they are willing to ignore their own laws. Once they start wielding that power unthinkingly, it could get really bad for everyone.

And it's not going to be good for them, either. They seem to want Snowden so badly that that they'll burn the world down to get him. But every time they act impulsively aggressive -- convincing the governments of Portugal and France to block the plane carrying the Bolivian president because they thought Snowden was on it is another example -- they lose a small amount of moral authority around the world, and some ability to act in the same way again. The more pressure Snowden feels, the more likely he is to give up on releasing the documents slowly and responsibly, and publish all of them at once -- the same way that WikiLeaks published the US State Department cables.

Just this week, the Wall Street Journal reported on some new NSA secret programs that are spying on Americans. It got the information from "interviews with current and former intelligence and government officials and people from companies that help build or operate the systems, or provide data," not from Snowden. This is only the beginning. The media will not be intimidated. I will not be intimidated. But it scares me that the NSA is so blind that it doesn't see it.

This essay previously appeared on TheAtlantic.com.

EDITED TO ADD: I've been thinking about it, and there's a good chance that the NSA doesn't know what Snowden has. He was a sysadmin. He had access. Most of the audits and controls protect against normal users; someone with root access is going to be able to bypass a lot of them. And he had the technical chops to cover his tracks when he couldn't just evade the auditing systems.

The AP makes an excellent point about this:

The disclosure undermines the Obama administration's assurances to Congress and the public that the NSA surveillance programs can't be abused because its spying systems are so aggressively monitored and audited for oversight purposes: If Snowden could defeat the NSA's own tripwires and internal burglar alarms, how many other employees or contractors could do the same?

And, to be clear, I didn't mean to say that intimidation wasn't the government's motive. I believe it was, and that it was poorly thought out intimidation: lashing out in anger, rather than from some Machiavellian strategy. (Here's a similar view.) If they wanted Miranda's electronics, they could have confiscated them and sent him on his way in fifteen minutes. Holding him for nine hours -- the absolute maximum they could under the current law -- was intimidation.

I am reminded of the phone call the Guardian received from British government. The exact quote reported was: "You've had your fun. Now we want the stuff back." That's something you would tell your child. And that's the power dynamic that's going on here.

EDITED TO ADD (8/27): Jay Rosen has an excellent essay on this.

EDITED TO ADD (9/12): Other editors react.

Posted on August 27, 2013 at 6:39 AM • 77 Comments

Comments

Mike ScottAugust 27, 2013 7:04 AM

I think it's a mistake to refer to "The British" as a monolithic entity where the left and right hands always know and approve of what the other hand is doing. The decision to detail Miranda appears to have been made by the Metropolitan Police, and there's no particular need to believe that it was part of any long-term political strategy.

PetterAugust 27, 2013 7:07 AM

The Editor in chiefs of the Nordic countries largest newspapers slam UK for going after the freedom of press.

http://www.theguardian.com/theobserver/2013/aug/24/cameron-press-freedom-security-miranda

http://www.theguardian.com/world/2013/aug/24/david-miranda-detention-greenwald-press-editors


It's scary when self proclaimed freedom loving countries like US/UK are going after some of the core foundations to freedom and democracy. It's borders going from blue to black - all in the name of the so called 'freedom'. :/

This only accelerate the need for and move towards anonymised and secure communications for the people.

Question is when darknets and encrypted-anon coms will be outlawed.

LoganAugust 27, 2013 7:08 AM

There's often a presumption that intelligence agencies are intelligent in their exercising of agency.

BogwitchAugust 27, 2013 7:13 AM

Having worked on (UK) Intelligence systems, I can attest to the fact that auditing is NOT considered and often is not desired. Plausible deniability.

BogwitchAugust 27, 2013 7:14 AM

@Mike Scott
It would appear that the Home Secretary was aware that Miranda was going to be detained. I'm sure the Intelligence apparatus war all kept in the loop.

Rob KentAugust 27, 2013 7:21 AM

One thing I find curious is that both Greenwald and the Guardian have been writing about the abuse of these detention powers since 2011. The Guardian explicitly wrote about how you can be stopped during a 'port stop' not just a 'port entry'. Why did they together choose to send Miranda via Heathrow when there were other connections available?

Greenwald 2011: http://www.salon.com/2012/04/08/u_s_filmmaker_repeatedly_detained_at_border/

Guardian 2012 http://www.theguardian.com/uk/2012/sep/13/stop-detain-counter-terrorism-scaled-back

Also, given the sensitivity of the documents, their knowledge that the US and UK would know his movements, and the fact that he is not a journalist, why did they expose him to the risk?

It all seems a bit odd to me, although I totally agree with your article.

EricAugust 27, 2013 7:31 AM

I prefer Jay Rosen's explanation of this detention on his blog.

The government may simply make things more difficult for Greenwals and friends, making it increasingly difficult to communicate. Electronic communication is already difficult. Now, thumb drives become difficult, or at least they will need to avoid some countries.

This also (poorly) explains the use of the Terrorist Act: the same tactics has been applied to terrorists, with some success. Not sure that the same tactics can be applies to journalists, though.

TomAugust 27, 2013 7:32 AM

I think you need to remember that most Western intelligence agencies are founded in the cold war. They are used to fighting an opponent who could and would do almost anything except go public. The phone call, "You've had your fun, now we want the stuff back;" calling around and smashing up hard drives; detaining someone's 'agent' at the border for nine hours; these all smell like the tit-for-tat tactics of the cold war. They make good sense against a foreign intelligence agency; the message is, "We know what you're up to, we know where you keep your stuff, we know when your agents are travelling and we can reach out and touch them whenever we want. So back off."

If these actions were taken against a Soviet or Soviet-like intelligence agency, we'd all think it was rather an exciting insight into the world of espionage. Except we'd never know it had happened because the KGB and the Stasi would never have reacted by writing a newspaper article about what had happened. I wonder if the agencies involved are simply struggling to figure out how to deal with an opponent whose best weapon is publicity?

You might argue that, over twenty years since the cold war ended, these agencies should have come to grips with the world as it is. But they clearly are still used to operating in the shadows, and in fact we probably like it that way so long as we can trust them to act in our best interests. And we should never underestimate the power of organisational inertia; 20 years is not very long for some, particularly public sector, organisations to change tack.

I'm not offering a justification for what's happened, just an explanation. We tend to picture our intelligence agencies as small, agile, flat-structured organisations such as the MI6 of James Bond - 007 reports to M, M reports to the Home Secretary or the PM, and that's the extent of the structure. The PM speaks and two hours later 007 is on a plane to the ends of the Earth, probably killing a few fellow-passengers on the way. Of course it's not really like that. Any organisation the size of our intelligence agencies has quite a large structure and that structure necessarily brings about inertia. We shouldn't be surprised, then, if those agencies respond to new situations in the same way they've responded to other situations in the past.

Claus HoumannAugust 27, 2013 7:33 AM

Hi Bruce

Very nice blogpost, I'm very happy that you're backing freedom of speech so powerfully!

aaaaAugust 27, 2013 7:35 AM

@Rob Kent Another curious think is why do they physically transfer data? They could have just put on encrypted torrent if they are too big.

Am I missing something?

JWAugust 27, 2013 7:44 AM

I think you're missing the possibility that this is Greenwald goading the governments into actions that he can then use to make them look as bad as possible. If you think about it, why would Miranda even be carrying data on a USB stick? There are much more secure methods of data transfer available and that are already clearly in use by the parties in question.

So, no reason for Miranda to have data anyway,
No reason for him to fly through the UK,
No apparent reason for such a big reaction.

I call "it was a trap".

Poster of Brucedom Currently Being Tracked by the NSAAugust 27, 2013 7:46 AM

When and if this all blows over, I'd love to see Greenwald write an article called "What I've Learned About Encryption".

Also, could someone knowledge give me an idea of the damage the NSA could do if they have compromised the major certificate authorities? As I understand it CAs do not know the private keys of an entity they issue a cert for - they just promise the entity and the public key belong together.

But if the NSA could inject themselves in the middle of secure transmissions I guess they could swap out a third party's public key with theirs... and they would...? be able to listen to half a conversation??? This is where it gets all hazy for me.

I guess I should have paid more attention to those stories about compromised CAs...

Also, I just realized Bruce has https here!

Layer_8August 27, 2013 7:47 AM

But presumably the things the two of them are working on are the things they're going to publish next.

I think that's the point. If you know special non-public words out of formerly secret documents you could configure the filters to detect communication streams and map them easier to find more in depth involved people. This would be useful before the next public story and it could be after it.

ClogTheTlaAugust 27, 2013 7:54 AM

Someone with money, please ship thousands of micro SD cards to Glenn Greenwald.

With instructions that she should disseminate them randomly while walking, or give tens of them to volunteers travelling abroad.
I will volunteer to be such a traveller.

Some may contain a Readme.txt file with the address of Laura Poitras, and some may containt encrypted documents.

Following all of them will be a nightmare for the TLA.

cryptostorm_darknetAugust 27, 2013 7:59 AM

We'd already floated this trial balloon in a (pending) Disqus comment over at theatlantic.com, but with all due apologies here's a crosspost:

What if this was a tactic by Glenn to feed disinformation to his opponents?

Generate some documents intended to obfuscate. Encrypt them... but make a "mistake" or two in doing so (not enough key entropy - something that looks like a amateur-credible error, basically). Plan the trip... knowing the spooks are going to be closely monitoring for such things. Goad them into acting.

Let them do their whole thug routine. Obviously, they seize the files, physically. Scream bloody murder about the (utterly) unjustifiable abuse of the whole episode.

...then, sit back, let them "crack" the encryption, and watch them suck up all that disinformation and promptly chase their tails in circles. Cost? Not much - the price of a plane ticket. Downside? Not much - worst-case is they ignore the provocation, don't take the bait, and the meeting in Germany is just... a meeting.

This would require, of course, that Glenn is clever and creative and well-steeped in such matters as structured disinformation. Hmmm - not exactly far-fetched conjectures, those.

If I were in his shoes, that's what I'd be doing: disinformation. One can only do so much to hide one's activities, when under intensive surveillance by a heavily-resourced opponent. However, by sowing a bit of targeted disinformation one can send one's opponent literally in circles - at almost zero cost.

So, there's our hypothesis. Because, in the end, there's a dozen ways to transmit files electronically that avoid the whole fracas of travelling with USB sticks. It doesn't pass the smell test, for those of us who live and die based on secure comms. Hence, the positing of alternative hypotheses.

Given previously-cited bureaucratic inertia, it seems all the more likely that nobody in the spook shops is going to be on the lookout for this kind of agile, quick-implemented, improvised, fluid disinformation feeding mechanism. Spook shops are trained in the examples of the old feeds of bad data in WWII - dump a body in the Channel with some ginned-up papers & hope it ends up in credulous German hands. And all that.

Do they have classes for NSA spooks to teach them to be on the lookout for disinfo generated by sharp-edged journo-activists with a background as constitutional trial attorneys... getting advice from younger-generation crypto-anarchist paranoid geeks?

Seems unlikely such classes exist. Yet.

aaaaAugust 27, 2013 8:05 AM

@JW Since we are speaking about Greenwald making traps:

I did not missed that he writes an article with sort of disputable accusations (say metadata). Then he let the administration talk and explain that only metadata are collected. Then he writes another article where he shows he knows about more then just metadata and the administration is lying.

Next he waits for what administration says and proves them wrong without revealing what else he knows.

Next round follows.

I would understand government wanting to know what he is going to write the next. It is hard to lie effectively if you do not know what the other guy knows.

cryptostorm_darknetAugust 27, 2013 8:09 AM

wrt "Clog's comment above - a bit of "Thomas Crowne Affair" style tomfoolery, eh? ;-)

wrt CAs and subverting encryption - CAs are only relevant for ssl/tls, really. Folks using peer-to-peer public key tools can choose what keyservers they'd like to use to exchange & validate the public sides of their respective keys... or they can use DH and do it themselves. There's no intrinsic need for a CA, at all.

The whole idea of a CA is to take the "hassle" out of manual key verification by having some big company "vouch" for this or that secure connection being with the party it claims to be. "Yeah, that's google - for reals - you have our word on that!" Which, obviously, means that CAs up the chain are prime targets for a nice visit by the NSA men with big smiles and big budgets...

Which is one of many reasons why, for all practical purposes, the CA model - and hence TLS, is functionally broken. It's too easy to subvert, for governmental entities in particular. Moxie explains it really well here: http://www.youtube.com/watch?v=Z7Wl2FW2TcA

The need for out-of-band verification of keys, and other OpSec basics, is certainly well-understood by Glenn and crew by this point in time. For a target who has that level of functional literacy with these crypto tools, it's not a trivial exercise to subvert them and gain access to plaintext... irrespective of operational budget and resources thrown at the issue. Indeed, it quickly becomes intractable.

MasakageAugust 27, 2013 8:16 AM

@JW

That seems to be my impression also; every time I look at Theresa May in the context of this whole affair I see Admiral Akbar's furrowed brow in the background.

It is hard to believe Greenwald would not have anticipated Miranda being detained which is one of the reasons why he was so lavishly equipped with portable media. What really must put as smile on Greenwald's face is the realisation that the Home Office had to detain Miranda on reflex alone. He left the authorities no choice but to unwittingly wade into this publicity disaster.

On a wider note - when I worked in my first security admin role we were test driving SIEM solutions and packet inspection solutions. My manager back then was adamant that there is only a certain type and amount of information we want to collect about users in the organisation and that it is, frankly, deeply unethical to allow our mandate to creep merely because technology is there. She couldn't emphasize it enough that it is never right to collect information about all of users' activity "just in case" or because it might "come in handy" one day. That was for a public organisation, no less. I wish there were more infosec managers in public service like her.

Peter GalbavyAugust 27, 2013 8:18 AM

I wrote to my (Conservative) MP deploring the misuse of the law to hold Miranda. I have yet to receive the expected "think of the children!" boilerplate reply.

Democracy. The right to chose who screws you.

Kevin LydaAugust 27, 2013 8:25 AM

"Certainly the UK. police will be more reluctant to misuse the law again in this manner."

Really? I don't think they learned that at all.

Kevin LydaAugust 27, 2013 8:30 AM

The US says they didn't tell the UK to do this. If the UK acted on it's own, doesn't that mean a foreign government possibly has it's hands on US intelligence data?

Weird that the US hasn't demanded that the UK hand over all this data.

Anonymous Commenter #16349832August 27, 2013 8:31 AM

Three comments:

1. Any intimidation probably wasn't aimed at Greenwald or Poitras, or even Miranda. I'm sure they have dozens of friends, associates, coworkers, etc. who are providing some assistance or moral support, but who aren't committed enough to want to risk turning international travel into an ordeal forever (Jacob Appelbaum style). It's like Wikileaks, which previously had an unlimited supply of idealistic young hackers eager to help, but doesn't now that helping looks much riskier. The truly committed don't care, but life is much easier for them when a lot of less committed people are willing to help.

2. There has always been an implicit blackmail threat that Snowden has lots of really important documents which would actually harm the US if released, but that he will release them only if he feels threatened. If he ends up in court, I imagine he'll argue that he carefully released only the harmless files for which there was a public need to know. Even if the NSA knows exactly which files Snowden has (which seems unlikely), they may want to establish what he has given to Greenwald and Poitras. This could help them internally to understand Snowden's actions and motivations, and it's even possible that it could lead to evidence useful for prosecuting Snowden (although that's more questionable).

3. More generally, this could be useful in other ways in a court case. I'm not a lawyer, so perhaps this theory is ridiculous, but maybe the interrogation and confiscated electronic devices could help prove that Miranda was knowingly transporting stolen goods. This could add him to the list of who might be prosecuted, in a way that would be difficult otherwise (due to his lack of other public involvement in the case). If the government's goal is to prosecute everyone involved, then this alone could be a success.

Mike BAugust 27, 2013 8:39 AM

They could just be collecting evidence to later charge him with a crime. Regarding the 9 hours if you can hold someone who is acting like a complete dick towards the organization you are working for why not hold him for 9 hours? You piss off a cop in the United States you'll be lucky to get out after 9 hours especially after they find drugs in your car.

Motive speculationAugust 27, 2013 8:42 AM

There's been reports that the US agencies have been monitoring their own allies - perhaps the British haven't trusted what the US has told them it has or hasn't collected, thus (part of) the reason for the stop was the British were hoping to capture some info independently (the docs Miranda was carrying) to maybe learn what data/info the US has gathered in the past on them?

AlanSAugust 27, 2013 8:44 AM

@Bruce

You wrote "there's a good chance that the NSA doesn't know what Snowden has..."

See http://investigations.nbcnews.com/_news/2013/08/26/20197183-how-snowden-did-it

“It’s 2013 and the NSA is stuck in 2003 technology,” said an intelligence official. Jason Healey, a former cyber-security official in the Bush Administration, said the Defense Department and the NSA have “frittered away years” trying to catch up to the security technology and practices used in private industry. “The DoD and especially NSA are known for awesome cyber security, but this seems somewhat misplaced,” said Healey, now a cyber expert at the Atlantic Council. “They are great at some sophisticated tasks but oddly bad at many of the simplest.”

The authors make the point that given the weak controls in place, number of sysadmins and contractors, this was an event waiting to happen.

You have to wonder if internal controls lost out in the rush to capitalize on post-9/11 anxieties. Presumably those internal controls would have slowed down or inhibited the massive expansion of facilities and employees. So the lack of trust for anyone on the outside drove excessive trust for everyone on the inside and the surveillance state undermines itself because it fails to surveil itself.


RSaundersAugust 27, 2013 8:51 AM

How is this any different than in the US, where DHS can stop anyone at the border and hoover up any data in their possession? At least in the UK, you get let out after 9 hours.

What could Miranda have had?

1) How about Greenwald's (or Snowden's) public key. That would make an excellent piece of intel if someone had the world's biggest snooping machine and wanted to know which emails to toss into the "hyper-Cray super decrypter machine", out of their total recording of all emails that may or may not exist.

2) If he had a copy of not yet public Snowden-leak files, then you get a preview of what's to come.

genesis p.orridge August 27, 2013 8:55 AM

Snowden seems to have purposely set out to be a leaker, so I don't think they can go back to 2003 and audit every system he touched since from day 1 he was covering his tracks. He also took plenty of internal NSA courses open to contractors on how to do this.

I'm not surprised at all that suspension of rights laws for suspected terriblists were abused. That's why most of our countries have rights and controls on state power to prevent this because if those protections arent there somebody will abuse it for political blackmail and harassment

paulAugust 27, 2013 8:56 AM

I think we've been here before. A lot of times. And someone in MI-whatever should have had this conversation.

William Roper: So, now you give the Devil the benefit of law!

Sir Thomas More: Yes! What would you do? Cut a great road through the law to get after the Devil?

William Roper: Yes, I'd cut down every law in England to do that!

Sir Thomas More: Oh? And when the last law was down, and the Devil turned 'round on you, where would you hide, Roper, the laws all being flat? This country is planted thick with laws, from coast to coast, Man's laws, not God's! And if you cut them down, and you're just the man to do it, do you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of law, for my own safety's sake!

PetterAugust 27, 2013 8:56 AM

Why physically move data when it can be distributed over darknets via torrents. Or just encrypted with 4k bit blowfish in plain sight.

Honey trap for the surveillance state to get stuck in?

squarkAugust 27, 2013 9:00 AM


The UK stopping and clearly harassing Miranda made very little sense to me too, initially. I suspect the reason was more along the lines of preventing key exchanges than capturing documents.

cryptostorm_darknetAugust 27, 2013 9:03 AM

Public keys are, definitionally, public - easily obtained & verified by anyone who so desires. So there's no need to lift such from a courier, physically. Having a secret public key is a bit like "making love" for virginity, fighting to end war, and all the other classic oxymorons. If one goes to efforts to keep a public key secret, one has essentially defaulted to a symmetric key scenario - which is fine, but obviates the very benefits public key crypto is designed to provide: confirmation that a message sent from someone, encrypted, was in fact sent from a specific person and could only have been sent from that specific person - without any prior exchange of shared secrets previously.

Conversely, sniffing about for a private key would be possible, but the probability of a competent OpSec practitioner holding such - in plaintext - whilst travelling asymptotically approaches zero...

René BastienAugust 27, 2013 9:37 AM

I do not understand how Snowden, or any sysadmin at the NSA, would have access to sensitive information in the clear. The need to compartmentalize information should have led the NSA to A) encrypt that data and B) not share the key with anyone that does not have a need to know. And sysadmins do not have a need to know. By the way, this is PCI DSS 101.

Now, a tongue in cheek comment. Did the UK just re-write the Miranda warning???

DannyAugust 27, 2013 9:42 AM

Hi Bruce,
I think one other possibility here you, and all my above esteem commentators also, forget is that that fact of this was exactly for the purpose of said public outcry. The UK's Terrorist Act is a sister of the US's Patriot Act that was somehow imposed by the Big Brother to Little Brother and, as already noted by the 1st comment, the UK gov. is not a monolith. It seems that a big chunk of it it's against and want a public outcry in order to render it useless at least. Let's also remember the UK vs. US approach regarding UFO. While the US gov. has only two lines: "No comment" and "There is no evidence and our gov. does not have any knowledge of extraterrestrial eactivity", the UK had a very different one. They did a 4 years investigation under Nick Pope, a journalist (sic!) and their official statement is along the lines: "we acknowledge there are unexplained events but we terminated this because we concluded there is no threat to UK security". Zbang! Open and more PR in this way. I suspect is the same here, UK gov. likes to be popular (unlike US gov. who simply don't care) so for them Terrorist Act is a big stone on their chest and they want it out without getting hot with their partner from the other side of the pond.

Eugeniu PatrascuAugust 27, 2013 9:58 AM

There is a real possibility that they don't know what he stole. It's not like NSA has a single file server with folders and files on it with long descriptions of what they actually contain (at least I hope so).

Secondly, what no one wants to say is that the "government" are just another bunch people that for some reason think of themselves that they are better than others and can do whatever they want without consequences.

Snowden is not chased by a robot called NSA/GCHQ/CIA/etc, is chased by other people that did something bad and now they want to limit the damage as much as possible.

If they have nothing to hide, there is nothing to be afraid of, no ? Isn't this what the police usually says to (other) people ?

Michael BradyAugust 27, 2013 10:01 AM

Bruce

"Never attribute to malice that which is adequately explained by stupidity."

Not that there isn't plenty of malice to go around, but most days it's swamped by the stupid.

Jake EakleAugust 27, 2013 10:48 AM

This is a good piece, but why on Earth are you referring to Chelsea Manning as "Bradley"? It's offensive and distracting - instead of referring to her by her name, you've chosen to go out of your way to pick the name she least wants to be known by, the one that carries the painful associations not just of dysphoria but also of the world's hate.

It's totally off topic and inappropriate for an article like this one, and I don't understand why you feel the need to take random jabs below the belt at someone you seem at worst neutral towards.

GweihirAugust 27, 2013 10:55 AM

My first thought after the news spread was that this had to be a communication glitch or that a terminally stupid low-ranking subordinate made a terrible mistake. But I think by now I find myself in agreement:

This is aggression by people that have a lot of power but not a lot of smarts or understanding of people with intact personal ethics. Would be no surprise if it came from David Cameron himself, in a typical aggressive, incompetent and infantile "executive decision" that ignores reality. The whole action is just so unbelievably stupid.

Intimidation of individuals is historically a tried-and-true tactics. It may just fail this time, as those targeted can now easily tell the world. That was basically impossible before. And one rule is to never, ever go after the loved ones of people that can actually defend them and themselves. That makes it personal and the gloves come off. An the rest of the world rightfully regards you as scum.

As to the NSA not knowing what was stolen, that would not surprise me. The built this surveillance-monster in the least possible amount of time and so expertise- and manpower-starved that they had to use a lot of external contractors. Full audit logging is difficult to implement for system administrators as you have to go really deep into the internals of the system used. My guess is that they simply did not have the time and resources to implement it yet or that they have it but found out that it does not tell them enough.

That again would raise the question why we should trust them with anything.

CallMeLateForSupperAugust 27, 2013 11:50 AM

@ RSaunders
"How is this any different than in the US, where DHS can stop anyone at the border and hoover up any data in their possession?"

That's bad enough, for sure, but it ain't only *at* a U.S. border that this can be done; it can be done anywhere WITHIN 100 MILES of a U.S. border.

Brits, just imagine if the same held true in UK. Is there ANY scrap of UK that is NOT within 100 miles of a UK border??

nycmanAugust 27, 2013 12:23 PM

The use of USB sticks to exchange data is possibly due to their opsec. If you're using good opsec, you're using air gapped computers that never touch the internet, or share electronic media that has touched other computers that have touched the internet. So lets say they were working on documents on their offline computer. Great infosec minds on this board, how does one securely exchange info between two offline computers? Remember, any online computer can be considered compromised, as well as media you've stuck into those online computers. Just wiping, encrypting, etc is not enough as your adversary is the NSA, who has the capability to write malcode at the microcode level. Once used on an online computer, you have no assurance that the USB stick is safe. It's compromised. Same problem on the receiving end.

That being said, if you're using encryption, why not throw in deniability as well, ala truecrypt style?

Petréa MitchellAugust 27, 2013 12:29 PM

Jake Eakle:

The article was published at The Atlantic on August 22, the same day as the Chelsea Manning's statement about her identity, and therefore Bruce could not have known when he wrote it.

markAugust 27, 2013 1:07 PM

Another motivation for the stop could be to learn what documents he had in order to seek a court injunction to prevent their publication in the UK. That wouldn't stop publication abroad though.

LisaAugust 27, 2013 1:09 PM

@Jake...

I wonder if Bradley/Chelsea Manning recent declaration of wanting to undergo gender reassignment is the result of the significant physiological torture that he/she was subjected to for years, while in solitary with brutal bogus suicide prevention techniques? I find the timing of Manning's recent declaration immediately after sentencing, to be suspicious.

This could be an effective way to discourage future male whistle blowers. No wonder Snowden fled, he would look horrible in a dress.

dsf43August 27, 2013 1:27 PM

I fear that those who say that this is some kind of cunning trap sprung by Greenwald may be rather overestimating his technical competence in these matters. I have my doubts about the quality of the Guardian's opsec - after all between them Guardian and Wikileaks managed to get the unredacted cablegate data leaked too.
Also, does anyone really think that Greenwald would knowingly allow his partner to be subjected to this kind of treatment?

scottjAugust 27, 2013 1:44 PM

Bruce,

You list several possible explanations for Miranda's detention and the confiscation of his electronics.

There's another possibility: to find (or claim to find) something incriminating.

(Of course, that would never happen, right?)

The neat thing about this one is that it's not exclusive of any of the other explanations.

Petréa MitchellAugust 27, 2013 2:06 PM

"I wonder if Bradley/Chelsea Manning recent declaration of wanting to undergo gender reassignment is the result of the significant physiological torture that he/she was subjected to for years, while in solitary with brutal bogus suicide prevention techniques?"

It's been documented that Manning was questioning her official gender before she ever decided to contact WikiLeaks. And while solitary confinement and other forms of torture are known to have many deleterious effects, gender dysphoria is not among them.

SamAugust 27, 2013 2:07 PM

I think one of the reasons for David Miranda's detention was to provide a plausible reason for false documents to "leak" to other reporters, these documents can later be discredited, allowing doubt to be cast on any of the leaks. The message can then go from "If you have nothing to hide ..." to ".. some of those documents were revealed to be fake, but I cannot reveal exactly which ones because to do so would risk our national security."

At least that is what I thought when I read the following article :

http://www.theguardian.com/commentisfree/2013/aug/23/uk-government-independent-military-base

GaborAugust 27, 2013 3:46 PM


It think it is quite possible that the US indeed does not know what documents were lifted by Snowden. Their auditing process may be designed to be "editable" due to the theoretical possibility of real judicial audit. Snowden may have known these editing procedures. In this case getting the USB drives, even in encrypted form, is perfectly logical if not straight out inevitable along with other black-bag jobs we don't know about.

NobodyspecialAugust 27, 2013 3:47 PM

@RSaunders the difference with DHS is that he did not enter the country - he was in transit.
Outside the US you can change planes without leaving the secure side of the airport, without re-entering security and without being able to contact anybody else who has not been through security.
You don't need to have a visa or permission to enter the country you are changing planes in - and until 'anti-terrorsim' - you weren't prevented from carrying anything or subject to search.

Ironically in this case since he had missed his last flight this terrorist suspect was then allowed into the country to wait until the next fligth.

aaaaAugust 27, 2013 3:55 PM

@nycman Sending end: Burn encrypted data on cd using the offline computer. Put cd into insecure on-line computer and place the torrent. Destroy the cd or whatever so it can not go back to offline computer.

But, you got me with the receiving end. I do not see a way there.

AnonyAugust 27, 2013 4:17 PM

++ Michael Brady

I concur. That was my analysis as well, though I also like to factor in the overly-bureaucratic extensive middle-management layers of ludicrously stupid people where one (or more) decides to act maliciously in the hopes of somehow improving his career. All too frequently by passing the blame and throwing someone else under the bus thereby removing a rival. It's all very petty and sociopathic and common as dirt.

I do/did question why David was carrying so many electronic devices. I like to travel light myself.

As for intercepting data... Seems like the smart play would have been to carry a one-time-pad of random data. With that, anything could have been sent back and forth with total security over the net. Plus now our beloved security organizations are going to spend ungodly resources trying to "crack" the random numbers...

AlexTAugust 27, 2013 4:46 PM

As others I am really surprised by the choice of transiting via Heathrow. The cheapest & fastest option is via Portugal. Amsterdam, Paris & Frankfurt are other possibilities. It would be really interesting the hear the Guardian about this odd choice (as they where apparently footing the bill).

akfAugust 27, 2013 5:18 PM

One theory I read about was, that he was detained for so long, because they wanted the press to write about it. The theory is, they wanted to spread the awareness that Greenwald was gay, so the opinions would shift because of homophobia they hoped. Luckily it didn't work that way.

NobodySpecialAugust 27, 2013 6:29 PM

This is the same agency that went to court to ban people importing a tedious espionage biography on the grounds of national security - that they could buy on the streets of Moscow.

Oddly it's also the country that had "real bombs on the streets" terrorism for nearly 100years without having to play bad cop with random journalists.

Although it did used to imprison people for 25years on the grounds of being Irish it did at least have a trial first.

Harry JohnstonAugust 27, 2013 7:39 PM

The Snowden documents were obtained illegally, right? (Justifiably, but nonetheless illegally.)

It seems odd that there was no legal way to detain Miranda on that basis, particularly since it has since been acknowledged that he was in fact carrying copies of the "stolen" files.

Dirk PraetAugust 27, 2013 9:11 PM

There are a number of plausible theories:

1) Hanlon's razor, or "never attribute to malice that which is adequately explained by stupidity". The local Baldrick at 10 Downing Street or the Home Office came up with a cunning, but poorly executed plan to grill David Miranda about anything he knew - whether in his head or electronic devices-, confident that domestic and international backlash would be limited. Everybody agreed for lack of better ideas and it was a simple way to once again divert attention from the real story to the people reporting it.

2) A sting operation set up by Greenwald & Poitras to expose the surveillance state for the bullies they are, in the process feeding them bogus data to keep them busy. That sounds more like a cypherpunk thing coming from a person like Julian Assange than from a lawyer turned journalist and who until recently knew next to nothing about cryptography or subverting the enemy, for that matter. I think it was more likely that Greenwald & Co. totally underestimated the resolve of their opponents to get at them.

3) As put forward by Bruce and Barry Eisler: sending a clear message of intimidation to journalists everywhere and attacking secondary means of communication to make their efforts harder, slower and less secure. It makes perfect sense, and I actually think that this is exactly what they want everybody to believe. If this was indeed the primary goal of the operation, than it does however beg two questions:

- Why detain and harass under the already very controversial Schedule 7 of the Terrorist Act a subject who happens to be the spouse of a high-profile journalist and risk jeopardising future usage thereof because of possible public, parliamentary and media backlash. To make things worse, the "documents that can aid terrorists" justification given by the likes of Home Secretary Theresa May and former Met police commissioner Ian Blair is a reasonably novel interpretation that probably doesn't even pass the laugh test with the people that wrote the act. To me, it feels a bit like potentially sacrificing a knight for a pawn in a game of chess. After all, there are easier and legally more sound options to intimidate folks, as proven by the GCHQ raid on The Guardian.

- Intimidation not always yields the desired effect, but quite often does just the contrary, i.e. strenghten the beliefs and the resolve of those you are trying to intimidate. Does anyone actually believe that a person like Greenwald is going to call it quits over the Heathrow affair and turn to more pressing events of concern like Miley Cyrus' performance at the VMA's ? And especially when the man is sitting on a stash of documents with a kill-switch that are probably holding much darker secrets than whatever thas been published so far ?

4) However hypothetical it may sound to many, let's assume for a moment that everybody involved in the Miranda operation knew exactly what they were doing and had carefully reviewed all options and possible outcomes. If I were in the driving chair, and based on the risks explained above, I would never have approved of the operation unless I had good reasons to believe that Mr. Miranda was carrying (retrievable) information the value of which far outweighed the possible blowback.

We don't know whether or not the NSA has shared with the UK the full list of documents copied by Snowden, or that they even have it, but it does stand to reason that any self-respecting spy would never fully trust any information obtained from another spy, even if they are on the same side. I believe the UK today either doesn't know what Snowden took or doesn't entirely trust the information the US has shared with them. If this was indeed the primary motive disguised as an intimidation tactic, I would have signed off on the risk assessment and given a green light.

5) A fifth theory I haven't seen anywhere just yet is that the Miranda detainment was a psyop to turn him to the dark side. It cannot be precluded that he has been worked on for the full nine hours with whatever they had on him and possibly had himself and/or his family threatened in an effort to turn him into a mole. I believe it would be good opsec for Glenn Greenwald to keep his spouse out of the loop of anything he and his partners are currently working on. As well as destroying or putting on eBay any electronic devices they get back.

francAugust 27, 2013 9:37 PM

I've stopped considering organisations such as the NSA and GCHQ less as entities of a government security apparatus and more as an occupying force. The US is indeed starting to look like it is an occupied state, invaded by stealth, and now controlled by the hydra of what is called the "security industrial complex". I would imagine that this intimidation extends rather deeply to all federal politicians in the US. They may protest the criminality that is going on - just not to loudly and as long as they don't threaten to cut the purse strings. The extent of this apparatus is actually frightening - the estimates from Washington Post's Top Secret America come close to matching the 2% of the population that comprise the Inner Party in Orwell's 1984. I think we have passed the point of no return.

Chilling EffectAugust 27, 2013 10:25 PM

I think you're right about "sending a message." The spooks who run the security apparatus are furious at the breach of the secrecy that they prize above all, because it gives them power above and beyond any legal or constitutional constraints. They're furious, and they want VENGEANCE against the traitors who breached their Precious Precious Secrecy and exposed activities that they know full well are outside the law (but of course are all necessary for reasons of National Security that we must not know, but must only trust that they are).

They don't care about PR. They don't care what the American public thinks, or what anyone in other countries think. They hold themselves above the law and don't have to answer to anyone but themselves (which includes their private kangaroo court that makes the secret rulings that secretly legitimize their authority to secretly place themselves above any other laws).

They're having tantrums, hissy fits, and conniptions, lashing out any way they can, desperate to wreak vengeance on an enemy that, in their eyes, is an order of magnitude worse than any of the terrorists they are ostensibly fighting. If it damages America's moral authority, image, and even its fundamental identity, that's irrelevant (and may even be a Good Thing, since creating enemies provides more justification for expanding their power). All that matters is vengeance, and sending a message that the security apparatus will stop at nothing to have their vengeance against anyone who even thinks of challenging them. Bradley/Chelsea Manning is their prime poster child, who received vengeance rather than justice.

Very dangerous. But it reflects the "security mindset." And the only thing that protects us from that "security mindset," as found in the KGB, SAVAK, DINA, and Stasi, is a constitution and legal infrastructure of checks and balances. Unfortunately, it seems that President Obama and his Homeland Security bureaucracy consider the constitution and legal infrastructure of checks and balances an unacceptable vulnerability that must be eliminated in order to keep the Homeland secure.

Chilling EffectAugust 27, 2013 10:40 PM

Another possibility is that the Brits were acting under American pressure, but not cooperating as eagerly as they were supposed to. Unlike American Homeland Security officials, who believe that National Security empowers them to ignore any laws that get in their way, the Brits followed their laws and released Miranda after the nine-hour statutory maximum. They surely could have found some excuse, bogus or otherwise, to detain him longer. But they didn't.

I would not be surprised if the Americans asked the Brits to detain Miranda until a representative of the appropriate contractor could pick him up, load him into an unmarked plane bound for their classified private detention facility in an undisclosed location, where he would undergo a classified enhanced interrogation regime that is not torture. But the Brits politely declined the request.

name.withheld.for.obvious.reasonsAugust 28, 2013 1:04 AM

@ Dirk Praet

When you talking about a cunning plan, is there a character named Baldrick or Blackadder involved? I think I've been to a couple of their meetings.

Stephen de VriesAugust 28, 2013 1:19 AM

Bear in mind that encryption is no defence in the UK since 2000, because under the RIPA act if you don't hand over encryption keys when asked then you could face up to 2 years in jail.

aaaaAugust 28, 2013 1:48 AM

@Chilling Effect They did not followed the law, because Miranda was not involved in terrorist investigation. The law allows detention only in case of "terrorist" investigation. He could have rob a bank and they still would not have the right to use this law to detain him.

peterxyzAugust 28, 2013 8:16 AM

re: burn down the world

The original quote is pertinent:

A Man for All Seasons (1960)
Roper: So now you'd give the Devil benefit of law!
More: Yes. What would you do? Cut a great road through the law to get after the Devil?
Roper: I'd cut down every law in England to do that!
More: Oh? And when the last law was down, and the Devil turned round on you — where would you hide, Roper, the laws all being flat? This country's planted thick with laws from coast to coast — man's laws, not God's — and if you cut them down — and you're just the man to do it — d'you really think you could stand upright in the winds that would blow then? Yes, I'd give the Devil benefit of law, for my own safety's sake.

Dirk PraetAugust 28, 2013 11:17 AM

@ Harry Johnston

It seems odd that there was no legal way to detain Miranda on that basis

I believe Sections 4 and 5 of the 1989 Official Secrets Act could have been invoked for that purpose, but which would have required Mr. Miranda to be on UK soil instead of in the airport transit zone. Which left them no other option than to detain him under a very novel interpretation of Schedule 7 of the Terrorism Act 2000.

DaveAugust 28, 2013 11:50 AM

@aaaa

Read the text of the law. It only allows detaining toward the end of finding out if he is involved in terrorism, but it *explicitly does not require suspicion that this is the case.* So they were working hard to make sure he wasn't a terrorist *because they wanted to inconvenience and intimidate him*, and this is legal.

Clive RobinsonAugust 28, 2013 1:21 PM

@ Dirk,

Having looked through Sched 7 of TA2000 it requires the person to fall under section 40, which refers back to various other sections relating to "offences". Of those only section 16 --Use and Possession-- appears even remotely relevant and that is at best very nebulous,

16 Use and possession.
16(1) A person commits an offence if he uses money or other property for the purposes of terrorism
16(2) A person commits an offence if he—
16(2)(a) possesses money or other property, and
16(2)(b) intends that it should be used, or has reasonable cause to suspect that it may be used, for the purposes of terrorism.

DaveAugust 28, 2013 2:43 PM

@Clive:

It's "for the purposes of determining whether" they fall under section 40. That isn't a requirement that they do - in fact, it specifically says they do *not* need grounds to suspect it...

davidAugust 28, 2013 5:11 PM

There has been much legal commentary on what happened @ London Heathrow, when David Miranda was subject of a Sch.7 stop and detention. I think there is value in looking at the incident from a police procedural aspect.

I expect the Met's Ports Unit @ Heathrow had several hours warning of Miranda's arrival and intention to transit to Brazil. It is conceivable that the warning was far longer, assuming the ticket was pre-booked.

Ports Officer's "bread & butter" is Sch.7, so their only response would be to use their standard operating procedure. It is quite clear that the Met kept the Home Office and even the Prime Minister informed once the detention began.

When did the government's lawyers get involved? I suspect it was only after the detention began, more likely once it ended and after the discovery Miranda was reportedly carrying thousands of secret encrypted documents.

Once Sch.7 was used no-one in the government, let alone the Met Police, would concede a mistake was made.

Using another criminal law, the Official Secrets Act comes to the fore, would have been far better and it appears - from discussions elsewhere - legal. Ports Units are not expected to use that power "on the hoof", they had at least three hours before Miranda arrived to get expertise or at a minimum read the Act itself. Note Ports Units are not used to having to deal with defence legal advisers in their encounters with detained persons.

All round not a very impressive performance by those involved.

Clive RobinsonAugust 29, 2013 6:19 AM

@ Dave,

The part you are refering to is the UK Gov legislators "winging it", it's in contrevention of a number of treaties the UK Gov is signitory to which means with a high degree of probability it is unlawfull.

Who ever was daft enough to pull this particular stunt may well have provided the straw to break Section 7.

If Mr Miranda decides (or the Guardian on his behalf) decide to chalenge Mr Miranda's detention in the ECHR one of the questions will arise "as to why Mr Miranda was detained for questioning" the UK Gov will have to give "reason". Because even though "transit areas" are (supposedly) not within the countries jurestiction, they are not lawless places, they are protected by international law by way of treaty, which normaly trumps domestic legislation.

The problem the UK Gov will have is convincing the ECHR that whatthey did was necessary and proportionate and that they did not know the contents of the documents he was supposadly carrying, the fact they released him before they had access to these supposed documents and did not arrest him kicks away the "terrorist" document argument.

If the ECHR make a ruling the same was as they have previously in other "UK Rights Stripping" behaviour then various parts of the TA2000 will be ruled unlawful...

The problem both the UK and US have with the Snowden and similar "Official Secret papers" is that other juresdictions don't see them as "secret" and thus only covered by copyright if at all which is civil not criminal, and as they are not being used directly for gain but only for reference in another "work" of journalism it kicks out related crimes.

It's all a bit messy and frustrating for those that fauxly consider themselves to be "authorative" in such areas and having their supposed "writ" shown to be mainly bark not bite.

Speaking of which the UK Home Secretary, obviously has plans on being the next woman PM. I've spoken to people who have met her in the past and in some cases "had to associate" with her. Their opinions of here mental abilities and personality are to put it polietly far from favourable. with words like "spitefull", "venal", "psychotic", "ignorant", "stupid", "mad" and many others that portray her in a far from favourable light. One comment involved both "psychotic" and "baboon" along with the expected "undesirable features" you would get from a comparison with primate climbing abilities and rising within an organisation all in one short sentance...

Lin LinAugust 29, 2013 5:29 PM

Bruce:


The memory sticks were encrypted, of course, and Miranda did not know the key. This didn't stop the British authorities from repeatedly asking for the key, and from confiscating the memory sticks along with his other electronics.

Considering that Yahoo, Google, Microsoft, and others have provided government a backdoor to encrypted used data...

...would it not be likely that memory stick makers such as Lexar have done the same?

Wesley ParishAugust 29, 2013 10:00 PM

@Clive Robinson

@ Dirk,

( snip )
16 Use and possession.
16(1) A person commits an offence if he uses money or other property for the purposes of terrorism
16(2) A person commits an offence if he—
16(2)(a) possesses money or other property, and
16(2)(b) intends that it should be used, or has reasonable cause to suspect that it may be used, for the purposes of terrorism.

There's just that little detail about something called Domestic State Terrorism that 10 Downing St's Own Baldrick hasn't thought about. I mean, Domestic State Terrorism was the big thing we were fighting the Reds Under the Beds about, during the Cold War. We couldn't possibly be guilty of committing it ourselves, could we? I mean, that invokes the Great Collapsing Hrung Disaster!

Intimidation - if it looks like a duck, it's obviously a pig or a wolf - is just one of those steps on the Primrose Path down to full-blown Domestic State Terrorism.

And in that case, citizens' arrest applies to the spooks. They are after all committing an offense when they 16(2)(a) possesses money or other property, and
16(2)(b) intends that it should be used, or has reasonable cause to suspect that it may be used, for the purposes of terrorism.
, particularly when the property they possess happens to be that of a victim, in this case David Miranda's.

Clive RobinsonAugust 30, 2013 3:32 PM

@ Lin Lin,

    ...would it not be likely that memory stick makers such as Lexar have done the same?

What would it achieve if the encryption is not actually done on the memory stick or as part of the memory stick driver they supply?

There are three basic places that data sent to long term memory media can be encrypted,

1, On the computer.
2, On an Inline Media Encryptor (IME).
3, On the media device.

For various reasons it's generaly considered in security circles that encrypted data is only secure at rest. Further that neither a computer (due to virus/malware/side channels) or media device (due to data reminence/persistence/side channels) are secure.

NSA et al design IME's from the ground up to avoid the problems that plague computers and media devices, and thus with certain caviets are the prefered solution in high security systems.

As a very loose rule of thumb if you encrypt data on a properly air gapped computer at the application level and then write to removable media via only the OS supplied drivers and don't alow an adversary access to the computer or KeyMat then there is little chance they can decrypt the data. (However all bets are off if at anytime either malware or manufacture supplied executable code gets on the computer).

Unfortunatly it is possible for either the OS or driver to muck things up if the application is not written correctly. Basicaly due to memory managment issues routed in "efficiency" KeyMat stored in the computer memory could due to the way malloc/brk and friends work end up being copied to media either from OS housekeeping activities or due to buffer issues.

Some years ago Sun Micro Systems had a rather alarming bug reported from a customer, apparently a standard Unix utility was writing part of the password file on the end of files written to disk. The problem was diagnosed as one revolving around using buffers allocated by malloc and was solved temporarily by changing the use of malloc to calloc in one line of code.

Writing application code to the required security levels required on some modern major consumer OSs is not an easy task and needs to be checked with every OS or major application patch. Also it can be assumed from various evidential pointers that the NSA have "got at" atleast one major commercial OS supplier.

Which further re-enforces the belief that IMEs from reputable sources are the way to go, if and only if reputable has some real verifiable meaning...

JusticeAugust 31, 2013 6:39 PM

" they lose a small amount of moral authority around the world, "

You can't lose something you never had.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..