Everyone Wants You To Have Security, But Not from Them

In December, Google's Executive Chairman Eric Schmidt was interviewed at the CATO Institute Surveillance Conference. One of the things he said, after talking about some of the security measures his company has put in place post-Snowden, was: "If you have important information, the safest place to keep it is in Google. And I can assure you that the safest place to not keep it is anywhere else."

The surprised me, because Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place.

I was reminded of this last week when I appeared on Glenn Beck's show along with cryptography pioneer Whitfield Diffie. Diffie said:

You can't have privacy without security, and I think we have glaring failures in computer security in problems that we've been working on for 40 years. You really should not live in fear of opening an attachment to a message. It ought to be confined; your computer ought to be able to handle it. And the fact that we have persisted for decades without solving these problems is partly because they're very difficult, but partly because there are lots of people who want you to be secure against everyone but them. And that includes all of the major computer manufacturers who, roughly speaking, want to manage your computer for you. The trouble is, I'm not sure of any practical alternative.

That neatly explains Google. Eric Schmidt does want your data to be secure. He wants Google to be the safest place for your data ­ as long as you don't mind the fact that Google has access to your data. Facebook wants the same thing: to protect your data from everyone except Facebook. Hardware companies are no different. Last week, we learned that Lenovo computers shipped with a piece of adware called Superfish that broke users' security to spy on them for advertising purposes.

Governments are no different. The FBI wants people to have strong encryption, but it wants backdoor access so it can get at your data. UK Prime Minister David Cameron wants you to have good security, just as long as it's not so strong as to keep the UK government out. And, of course, the NSA spends a lot of money ensuring that there's no security it can't break.

Corporations want access to your data for profit; governments want it for security purposes, be they benevolent or malevolent. But Diffie makes an even stronger point: we give lots of companies access to our data because it makes our lives easier.

I wrote about this in my latest book, Data and Goliath:

Convenience is the other reason we willingly give highly personal data to corporate interests, and put up with becoming objects of their surveillance. As I keep saying, surveillance-based services are useful and valuable. We like it when we can access our address book, calendar, photographs, documents, and everything else on any device we happen to be near. We like services like Siri and Google Now, which work best when they know tons about you. Social networking apps make it easier to hang out with our friends. Cell phone apps like Google Maps, Yelp, Weather, and Uber work better and faster when they know our location. Letting apps like Pocket or Instapaper know what we're reading feels like a small price to pay for getting everything we want to read in one convenient place. We even like it when ads are targeted to exactly what we're interested in. The benefits of surveillance in these and other applications are real, and significant.

Like Diffie, I'm not sure there is any practical alternative. The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it. We want strong security, but we also want companies to have access to our computers, smart devices, and data. We want someone else to manage our computers and smart phones, organize our e-mail and photos, and help us move data between our various devices.

Those "someones" will necessarily be able to violate our privacy, either by deliberately peeking at our data or by having such lax security that they're vulnerable to national intelligence agencies, cybercriminals, or both. Last week, we learned that the NSA broke into the Dutch company Gemalto and stole the encryption keys for billions ­ yes, billions ­ of cell phones worldwide. That was possible because we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers. We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

We'll never solve these security problems as long as we're our own worst enemy. That's why I believe that any long-term security solution will not only be technological, but political as well. We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws. We need laws that require those entrusted with our data to protect our data. Yes, we need better security technologies, but we also need laws mandating the use of those technologies.

This essay previously appeared on Forbes.com.

EDITED TO ADD: French translation.

Posted on February 26, 2015 at 6:47 AM • 70 Comments

Comments

AlanSFebruary 26, 2015 8:08 AM

The problem with the legal solution is how do we get the laws we want? The NSA is good at getting the laws it wants or subverting existing law to its own ends. The law isn't a barrier to surveillance; it's a means of legitimating it.

DavidFebruary 26, 2015 8:16 AM

I have to take issue with your use of "WE"... as in "WE like services like Siri
and Google Now..." and "WE want someone else to manage our computers..."

This kind of language is very common in blogs/articles talking about this topic.

And it drives me nuts.

I don't want ANYONE else monitoring or managing my computer or data.

The problem I have is that to do many of things I want/need to do in the
modern world I have a choice of [at best] a couple of monopolistic services
to choose from, all of which want to track me and sell my data to advertisers
[ect].

There are a whole bunch of services I don't/wont use because of this;
Facebook [any social networking site/service]
Any and all smart phones/tablets
...

I don't WANT to use services that force me to give up my privacy
I WONT use such services if possible/not too inconvenient
I HATE not being able to use services that would be useful because they cannot
be trusted, and hate having to use some services because it's too impractical
not to.

And thus it's irritating when every article I read treats the ambivalence of the
majority like it's a universal human trait that everyone shares including me, and
everyone else like me.

I realise that there may not be a simple or easy language alternative, but this
is the 5th article/post I have read just today that has irritated me for the exact
same reason.

I look forward to reading your new book, I have it on pre-order, and I agree
with your arguments... It's just that seeing every article say 'WE' have given up
on privacy is like fingers on a chalk board to me. I haven't, and I want my privacy
back without having to become a hermit to do it.

I appreciate the work you do to help achieve that.

FirefoxFebruary 26, 2015 8:33 AM

we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers.

This isn't about the phones, it's about the SIM cards that Gemalto produced. SIM cards come from the phone service provider, not the phone manufacturer. The keys on the SIM card are for security over the network, not security within the phone.

"We consumers" have never had the option to generate our own keys and set up our own security. Even if we did have the option, many of us probably wouldn't take it if we're honest enough to admit that we don't have the knowledge or expertise.

Network operators sell phone service. They build the network and the towers, and set up systems to take calls from phones that meet a given standard. That includes security, which is (or should be) integral to the service. Customers aren't expected to create the GSM standard, or build the towers, or make the phones. They shouldn't be expected to manage the security either.

Don't blame the customers because Gemalto screwed up. Blame Gemalto.

vas pupFebruary 26, 2015 8:37 AM

@David. Any reasonable person with no brain damage will agree with all your wants and do not wants. I do.
@Bruce:"We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws. We need laws that require those entrusted with our data to protect our data. Yes, we need better security technologies, but we also need laws mandating the use of those technologies." Dear Bruce, in order to have such laws you need crowd of lawyers and legislators who understand technology. Most of aid to Senators/Representative (and incumbents as well) may have law degree, but their first degree is humanitarian as well (like political science). Until you get folks with deep theoretical and practical skills in both areas your suggestion will generate just 'ugly child' as a law with more harm than usefulness. Law is always behind technology - that is the nature. The only solution as I see it is set in law general principles (for God sake, can US finally get deductive not inductive/precedent approach) that will apply for future technologies as well (like Technology Consumer Bill of Rights). People rest.

SamFebruary 26, 2015 8:54 AM

> We want our data to be secure, but we want someone to be able to recover it all when we forget our password.

> Yes, we need better security technologies, but we also need laws mandating the use of those technologies.

We need better security technologies and *users* who will bother to use these technologies. Outsourcing security is always going to be a risk.

VolkerFebruary 26, 2015 8:55 AM

I am not so sure about the missing alternatives as either self-hosted, e.g. ownCloud versus iCloud and full peer 2 peer implementatione exist, e.g. bittorrent sync versus Dropbox.

I'm using both examples mentioned for my private sync services and they both offer an end to end encryption between devices and nodes that I own (if I host the ownCloud server myself - a not too difficult task).

Given we address (solvable) connectivity issues, why do we need company driven servers? The basic idea of the internet is that of interconnected equal nodes. For an example implementation, I currently watch maidsafe.net, it seems to be a workable approach.

I also do not see why a peer 2 peer implementation could not deliver exactly the same benefits that facebook delivers but without the facebook.com server farm and its attached spying and emotion-controlling algorithms.

Would love to hear your 2 cents on these.
If you know anyone working in that direction, i'd love to get in touch.

Thank you for keeping up the writing and for the time it must take you to make complex things understandeable for guys like me.

PS: when does your book hit the german iTunes store? (duh!)

MukundFebruary 26, 2015 9:14 AM

Sorry Bruce, I can't get past the part where you said you were on Glenn Beck's show...

wiredogFebruary 26, 2015 9:32 AM

So how much am I worth to FaceBook, Google, etc. How much would I have to pay, monthly, to get full privacy/security in exchange? That is, how much would it cost me to duplicate those services? My own email server and cloud storage, all securely encrypted, and with high accessibility and availability is do-able. Expensive, but do-able. But what about web search? How much would a "private" web search service cost?

lol no.February 26, 2015 9:34 AM

we give lots of companies access to our data because it makes our lives easier.

[referring to]
I'm not sure there is any practical alternative.

Root cause... traced to the root, must be hardware? If so, then the solution is there.

Why don't we have email servers and the secure isolated hardware for them on our motherboards?
Like we had a phone and an answering machine. The requirements were just that it was plugged in.(with advances today, we would only need "plugged in" to happen simultaneously, at one time) Is there really any reason that hardware can't evolve, I don't think so. I also think it's where the root issue is. If your web browser was used to access your mail from anywhere, the user wouldn't care if the mail was on his server or googles. If pointed out, they would probably prefer to have it in their possession, it would be auto-backed-up to another location/s if required anyway. What would the home user hardware equivalent to facebook look like?

qbFebruary 26, 2015 9:34 AM

Eric Schmidt, an interesting guy. He was known to say, not necessarily in this order, that:

  • "Privacy is dead, get over it";
  • "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place";
  • people who don't like their homes captured on Google Street View should just move;
  • private usage of flying drones must be prohibited because they allow spying on neighbors across a fence;
  • he requested his estate blurred on google maps.

Naivete or hypocrisy?

JD BertronFebruary 26, 2015 9:34 AM

The problem of privacy security is ultimately only about aggression, specificaly aggression from the state. The real reason people don't care if Google knows their religion or their sexual preference is because the only action Google can take with that information is to annoy you. That information in the hands of the State can kill you. In other words, suggesting more laws to deal with this is absolutely the wrong thing to advocate.

mike~ackerFebruary 26, 2015 9:59 AM

="That was possible because we consumers don't want to do the work of securely generating those keys and setting up our own security when we get our phones; we want it done automatically by the phone manufacturers. "

I beg to offer an alternate view: we have been trained to accept the notion that security ought to be provided for us by our services.

the weakness in this offering is becoming apparent to everyone as reports of "security" falling apart are becoming a daily regular on the evening news.

recovery will depend on a general shift to secure operating software -- where as Mr. Hellman noted -- an application program cannot compromise the operating software. application programs should run with restrictions: Named Spaces, or App-armor. Everyone's PC or netbook or tablet should come with PGP/Desktop or Gnu/Privacy Guard and part of setting up your User ID would included generating your key pair. Critical apps such as tax software should submit pgp signed documents. Credit Unions and the like should be recruited to help authenticate keys for everyone .

GastonFebruary 26, 2015 10:08 AM

I resent the hypocrisy of the technical "elite". Bill Gates is extremely protective of the privacy of his children. Eric Schmidt as mentioned above seeks privacy (to the point of covering up sordid romance gone wrong), yet tells the World "Privacy is dead, get over it". NSA analysts peruse personal records and receive the most minimal reprimand.

Private citizens should have a greater right to privacy that Public figures and Public Servants. Until personal details of these elites get painted large to the World this will continue. The recent citizens activism to post and share data on bad cops is a step in the right direction.

BoppingAroundFebruary 26, 2015 10:35 AM

> governments want it security purposes
Control purposes rather.

> The reason the Internet is a worldwide mass-market phenomenon is that all the technological details are hidden from view. Someone else is taking care of it.
I'll leave this here: http://mako.cc/talks/20080618-revealing_errors/talk_notes.html
I admit it's somewhat tangential. Nonetheless it gives an insight as to why these shadows may contain danger.

> but we also want companies to have access to our computers, smart devices, and data.
'We' do? It's more like giving them access is a mild[0] inconvenience in the equation of reaping and being reaped to me. I am not sure people really love being reaped.

> We want our data to be secure, but we want someone to be able to recover it all when we forget our password.
In other words, 'we' are like a horny freshman college girl that cannot come to know whether to spread her legs or not. 'We' don't know what 'we' want. I think that's a serious security problem there. It has to be dealt with ASAP — otherwise, even a looming tower on a desolate island won't help.

Maybe the solution needs not be only technological or political. Maybe it has to arise within each person first. And probably we'll have to go all-out, without sticking to a particular route.

David, I share your sentiment.

-----------------------------------

[0] Seems it is not inconvenient enough to make people stop moaning and look for alternatives that do not reap you. Should such alternative arise, we'll see something interesting.

Bob S.February 26, 2015 10:37 AM

Re: "We need laws that will protect our privacy..." ~Bruce S.

We have those. Some are contained in the Bill of Rights, others in various Federal and State laws, not to mention international treaties and long standing international law.

However, certain corporate and state actors willfully choose to ignore those laws, falsely claim exemption, or simply deem themselves entitled to do as they please while daring anyone to stop them.

What we need is accountability, transparency and above all tenacious, fierce enforcement of the law.

Of course, it's mostly the enforcers who have chosen not to look in the mirror.

Georg KokteFebruary 26, 2015 10:47 AM

@wiredog
IIRC the latest data on Facebook's average revenue per user (ARPU) estimates it at around $5.2/quarter for US and Canada and around half that sum for Europe. It's a measly sum for an individual but on the aggregate you make billions. I'd be glad to pay 10 bucks yearly to FB in exchange for the promise not to collect my data, and it'd be nice if they offered that possibility but if they made it compulsory most people would not pay. We're spoiled in that we expect everything on the internet to be free ("as in beer"); There's even a strenous resistance in paying for whatsapp messaging around here.

@qb
reminds me of that story about Zuckenberg buying the entire block around his house so that he could be left alone...

MFebruary 26, 2015 10:57 AM

@wiredog A quick search shows 2 trillion google searches and around 60 billion USD advertising revenue per year. A VERY inaccurate calculation (more of a theoretical speculation since exact numbers are hard to come by) is to simply divide the revenue by the number of searches, in which case a single search would cost around 3 US cents. This calculation is of course overly simplified since not all advertising is done in search (for instance, Forbes estimates around 8% from youtube). Even reducing it by half at 1.5 Cents per search, with just 100 searches per month (another figure plucked out of the internet) you are looking at 18$ per user per year. This might not sound like much but this is assuming that all (1 billion+ unique per month) users are prepared to pay this: if less users pay, the others would have to make up for the short in demand by paying more. If an overly optimistic 10% of google users were to pay, the amount required to make up for advertising revenue is already at 180$ or 15c per search. All this assuming that people would then not start being more careful with their searches: any decrease in the number of searches means an increase in the cost per search. In the hypothetical world where google became a paid-for search engine they would probably charge in a monthly subscription not per search, but they would have to make similar (but far more accurate) calculations to ensure no drop in revenue.

65535February 26, 2015 11:13 AM

“…Google collects all of your information to show you more targeted advertising. Surveillance is the business model of the Internet, and Google is one of the most successful companies at that. To claim that Google protects your privacy better than anyone else is to profoundly misunderstand why Google stores your data for free in the first place…” – Bruce S.

Yes, I agree.

Giggle has to decrypt your email and let a bot or a human to read it to place ads on your account to sell you products [for their advertisers].

Let's turn it around and ask a different question.

What actual email service does Eric Schmidt uses when he wants to talk to Admiral Rogers? Is it NSANET or SIPRNET? I doubt it is plain “Gmail” which the average Joe uses.

What actual email system Eric Schmidt uses when he want to talk to investment bankers or brokers for mergers and acquisitions – I doubt it is Gmail. If it is Gmail that account must have extra security features from "Regular Gmail" to keep his foes out [no decryption for advertisers].

What actual email communications system does Eric Schmidt use when he wants to talk to his lawyers? Again, I doubt it is plain Gmail.

We could ask those same questions about Bill Gates and other high tech leaders. Those leaders must use some sort of secure email system – not Gmail, Yahoo, or outlook[dot]com which the average Joe uses.

If we can find the answers to those questions it would be very revealing. What is the exact email system that keeps these Big Wigs in power?

CallMeLateForSupperFebruary 26, 2015 1:53 PM

@Bruce
First, I line up with the several others in this thread who disclaim affiliation with your "we". While I think it very likely that your "we" is actually "editorial we" - i.e. a convenient mechanism for embracing your community of readers/listeners - using it repeatedly, unencumbered anywhere by "editorial", strongly implies (to be kind) that the message(s) apply to everyone. Clearly, they do not.

Second, characterizing a modus as "convenient", full stop, when that modus carries risk, squanders the opportunity to *inform* about that risk. "Folks sometimes do X because it's convenient." Yeah, easy. So I'm not the only one? Cool. "Folks sometimes do X because they think it's convenient, and they totally miss the fact that it's dangerous, because...." Oh. Really? I didn't know that.

Convenience is over-rated and often falsely claimed. Eons ago, a friend and I clammored over the perimeter fence of the Air Force base where we lived, to inflate a bicycle tire with the pump at a gas station directly across the highway. So near, yet so far away. Security scooped us up before we hit the highway, demanded ID, called parents. My father asked, "The main gate is one block further. Why did you climb the fence?" Easier. "Well, son, sometimes convenience is absolutely not justification."

summakorFebruary 26, 2015 1:53 PM

We could make it super-easy for people to run their own services at home and teach them how. Computing power is cheaper and more energy-efficient than ever before. A Raspberry Pi makes a great little personal web and email server.

For $35 and a few watts you can run your own personal secure website, email server and password-protected photo gallery at home. That's what I'm doing with a Raspberry Pi. I'm new to Linux, so it took me a few weeks of work to set that up. It could be made much easier for people who don't want to learn the details. Occasionally I apt-get update or upgrade and reboot the thing. So far so good. It's been up probably 99.9% of the last year and a half.

Simple websites with photo galleries are easy. Email with webmail and calendar syncs can be done with Citadel or other free open-source packages. The hardware costs $35. The remaining obstacle for most people will be the linux terminal prompt and having to learn arcane text commands to install and configure the required packages. That obstacle could be removed.

vas pupFebruary 26, 2015 1:56 PM

@lol no. • February 26, 2015 9:34 AM. I guess for the same "reason" voice mail is stored not on your own smart phone, but on provider's server, and for the same "reason" you have caller ID service from your provider rather than as (800) numbers have their own ANI (automatic number identifier) which is kind of immune for all those spoofed information on your regular caller id. The answer is paradigm established when business/gov interest is always going first, but your - second.

CallMeLateForSupperFebruary 26, 2015 2:15 PM

Erich Schmidt: If you have important information, the safest place to keep it is in Google.
NSA: (snigger-snigger) That's what *you* think.

Now let us bow our heads and replay the words of Brandon Downey, one of Mr. Schmidt's engineers, when he learned NSA was all over Google's unencrypted servers like white on rice. (Look it up. "Google is your friend" ;-) )

Round 1: NSA
Round 2 (coming soon, probably).

Dr. I. Needtob AtheFebruary 26, 2015 2:49 PM

I'm with "Mukund." Reading that you were on Glenn Beck's show was like reading that my #1 sports hero took a bribe to lose the game.

mmairsFebruary 26, 2015 2:58 PM

@qb - Scott McNealy said -Privacy is dead, get over it.

@Bruce - As I'm sure you are aware, fundamental definitions of security refer to the avoidance of harm in some way. Therefore -security purposes, be they benevolent or malevolent, is half meaningless. There is literally no such thing as malevolent security, and allowing that level of debasement of discourse can only lead to confusion. I understand that you are indulging in common usage here, but you might want to consider whether you really want to do that considering your status as an expert. There is plenty of malevolence posing as security, but it is up to us to recognize it as such and use our terminology correctly.

lol no.February 26, 2015 3:06 PM

@vas pup


I guess for the same "reason" voice mail is stored not on your own smart phone,

[Ref to past phone/message recorder]


That was just the constraints of an evolution(message record) due to the evolution of other tech(phone capabilities. You could record the message on a computer with HD, well before the phone had evolved enough tech to be able to record audio on it.

All the hardware is like that. It's so dependent on other hardware, like a city building depends on the rest of the city. You have multiple technologies evolving at the same but at different paces. (I still await a vector based video camera)

Back to that "why sms/voicemail stored on others servers"... It's just the way it is because it evolved that way. If the ram market was a few years more advanced in 1995 and sim cards were filled with lots of ram... phones had more storage by default and it would be the easiest way to store messages by only storing them on phones.

I agree with your overall premise of why a lot want your data. They want your data, your data is a commodity, it makes them money.

Nick PFebruary 26, 2015 3:16 PM

@ summakor

The best thing might be a commercially-supported, open source product similar to Nitix using cheap hardware. It was the UNIX/Linux answer to AS/400's original premise: one box that integrates everything the business needs, is straightforward to configure, easy to maintain, and is reliable. IBM acquired them and integrated it into their Lotus line. Should be easier than ever to build a similar product given all the ease of use, package management, and polishing modern NIX systems received since then.

One could also do a Xen-based solution to leverage Linux driver support while making application OS arbitrary. Then, there could be community backed hardware ports and application VM's similar to eg VMWare marketplace. This approach lets you reduce the TCB of or add security features to the application VM's. Users can pick the level of features, assurance, and so on they want. Interface for setting up the hardware or adding VM's is unified across the devices.

Edit before post: Turns out Net Integrators themselves made a small version before they were bought out.

TerryFebruary 26, 2015 3:51 PM

Whitfield Diffie is wrong.

The problem of e.g. email attachments is trivial to resolve. You just have to be willing to delay starting to render the contents of an email message until after you have validated the MIME container.

This makes email seem slower than it would appear were you to, as Microsoft Outlook has historically done, start immediately interpreting the container contents *as if* they were trustworthy, rather than untrusted.

This is one of those cases where the tradeoff between security and convenience is being (wrongheadedly) made in favor of convenience.

But it's a solved problem, if we are willing to make the trade the other way.

albertFebruary 26, 2015 3:51 PM

@wiredog
It's not that simple. Advertisers pay Google, et. al. for customer data. An 'opt out' will maintain the cash flow, but advertisers don't give a rats ass about Google, they don't want the opt-out money; they want our data. They will pay the cheapest, most accurate, most effective data provider. There's your billion-dollar business model.
.
A pay-as-you-go search provider would be great, but I don't think the market is there....yet. Non-profit ISPs would be a good thing, too, especially if their books are wide open for all to view.
.
As Volker said, there's no reason why we can't have peer-to-peer 'social' networks; no technical reason, that is. The NSA wouldn't like it, but they could deal with it. Advertisers would hate it. IF they became really popular, well, you know what would happen...
.
We don't more laws, we need fewer laws. Poorly-written, vague and confusing laws simply make it easier for the courts to prosecute anyone for anything they decide is illegal. Forget about 'enforcement', it's not ever going to happen.
.
Really, some of the ideas here expressed are pipe dreams. The gov't feels free to piss on any law they don't like, and the corporatocracy pays the have custom laws passed to suit their own needs. Congress will pass anything (barring clearly unconstitutional things, which bring a lot of grief from annoying troublemakers like the ACLU, EFF, etc.), if the price is right.
.
The more the gov't gets involved, the more FUBARd the digital machine will get. It's gonna take a ground-up, grassroots movement the get things started.
...

BoppingAroundFebruary 26, 2015 5:00 PM

[re: Zuckerberg] Georg Kokte,
Glenn Greenwald mentioned that in his TED talk. If anyone's interested:


This same division can be seen with the CEO of Facebook, Mark Zuckerberg, who in an infamous interview in 2010 pronounced that privacy is no longer a "social norm." Last year, Mark Zuckerberg and his new wife purchased not only their own house but also all four adjacent houses in Palo Alto for a total of 30 million dollars in order to ensure that they enjoyed a zone of privacy that prevented other people from monitoring what they do in their personal lives.

65535,
> What actual email service does Eric Schmidt uses when he wants to talk to Admiral Rogers? Is it NSANET or SIPRNET? I doubt it is plain “Gmail” which the average Joe uses.

I recall this being discussed several moons ago in a story about 'Google CEO and NSA Director being on a first-name basis', save Rogers for Alexander. The screenshots mentioned Brin's e-mail at google.com which, I quote, 'I don't really check' he writes. He then mentions another address that is blanked out.

Why wouldn't they use @google.com or @gmail.com? They own it, after all.
I agree that it might be 'on steroids'.

[re: Scott McNealy] mmairs,
Has anybody ever doxed him? I'm curious about his reaction. Schmidt's was quite predictable (you can find out about it from the link above).

Asking the ObviousFebruary 26, 2015 6:09 PM

You went on Beck's show? Did you have to go through decontamination and shower afterwards?

steve37February 26, 2015 6:20 PM

Capitol police arrested lawyer and activist Shahid Buttar after a Senate hearing featuring Director of National Intelligence James Clapper had ended, stopping him from asking question of the nation’s top intelligence official. Asking why the former NSA head felt he was “above the law” and could get away with lying to Congress about the government’s mass surveillance practices, Buttar was forcefully removed from the chamber as attendees filed out.

https://www.youtube.com/watch?v=pkw1gl5rgPg

Nick PFebruary 26, 2015 7:02 PM

@ Terry

You don't even need to do that: just run the risky components in a dedicated partition on a microkernel architecture. It's one of my oldest recommendations as there was so much work in security and separation kernel architectures. Example. The TUDOS team at TU-Dresden showed whole VM's could be spawned at a rate of about 1 a second with little overhead. The app's rendering and processing systems would similarly be in a VM whose output was a graphic the system prints in a specific window. Compromises are contained.

The signature checking might even run as a background process.

Siri from SiriaFebruary 26, 2015 7:06 PM

Eric Schmidt looks innocent enough, with his watercolor blue eyes and his tiny office full of toys and his Google campus stocked with volleyball courts and unlocked bikes and wheat-grass shots and cereal dispensers and Haribo Gummi Bears and heated toilet seats and herb gardens and parking lots with cords hanging to plug in electric cars.

NateFebruary 26, 2015 7:09 PM

@Dylan: I agree. As far as I can tell, any cloud compute node immediately and permanently exposes all data processed on it, to the operator of the cloud network. This situation is much WORSE than cloud storage, where you have the option of securely encrypting the data before it leaves your local host.

In the cloud compute model, there's very little you can do with encrypted data without also giving the compute node the private key to decrypt that data for processing. As soon as you've done that, game over. You can encrypt the virtual disk volume, but since both the encrypted data and the encryption key remain inside the cloud operator's total control, that's just an exercise in security theatre to a room of one (yourself).

For an extra monthly fee, you can even (let's assume securely) host one or two private keys in a Hardware Security Module. Now what? That HSM can encrypt or decrypt a data stream, fine. It can even send the cleartext data stream through an SSL tunnel to... your EC2 node. Whose RAM is fully exposed to the cloud operator. What was the point of using an HSM at all?

Remember, in a hypervisor environment, the cloud operator is God. Not only can they invisibly and seamlessly copy your RAM, they can clone your entire VM image at any time, turn time back and restart your program, and connect it to an entire fake Internet. So there are a whole raft of new attack techniques that aren't practical on a physical machine which might become trivial to script and automate in bulk in the cloud. Scripting and automation _is_ the point of the cloud, after all.

A very, very simple cloud attack to script (which I would be VERY suprised if the major public cloud operators aren't already doing at the request of law enforcement or intelligence) would be to simply search unencrypted filesystems for certificate files and harvest all known locations of private keys.

A slightly more complicated attack but very doable in bulk would be to have the hypervisor monitor known Windows and Linux encryption APIs, processes or RAM blocks associated with private keys. As soon as the Windows crypto API call happens, grab the key material and quietly store it out of band. The virtual CPU and OS will never know the access occurred because it's the hypervisor doing it, not the virtual process.

Low-size and high value targets would include: Windows login credentials, private keys in the Windows or Java certificate store, and decryption keys for encrypted cloud volumes and filesystems. These would be very easy to grab in bulk so that on request, the cloud operator could decrypt your filesystem or access your corporate networks.

A more outlandish attack, assuming you've got some really weird homebrew binary-blob security process which deletes itself or sends your pager a ping after invalid access attempts... would be to isolate the network, clone the RAM, guess a password, revert the RAM on failure, and so on. But I'm not sure even this would ever be needed since your keys still have to be somewhere in RAM. Just read it all and figure it out offline.

There is no such thing as 'secure erase' of either RAM or disk in a cloud environment. The cloud provider may *say* they erase RAM and for the purposes of other tenants, that's true. But you can never hide your RAM or disk from the hypervisor. If the cloud operator wishes, they could snapshot your entire RAM every second. The only limit to what data could be exfiltrated and how long it can be stored is how much the cloud operator cares, and how much storage/network capacity they want to burn on stalking you. And this could be adjusted on a whim on a minute-by-minute basis from 'no observation' to 'capture an audit log of every CPU instruction' if they happen to like terabyte-sized log files (but a terabyte is cheap nowadays).

I would imagine there are already automated 'selectors' for 'virtual machines of interest' in the Amazon cloud drawn up by the US intelligence community (and note that Amazon is deeply embedded with the DoD as a contractor, so they have every reason to comply with DoD requests or lose their business -- http://www.theatlantic.com/technology/archive/2014/07/the-details-about-the-cias-deal-with-amazon/374632/ )

If there aren't such selectors and processes for harvesting them, it must surely be a matter of time, because if this is trivially obvious to me, it must be a lot more obvious to the people running the clouds.

An easy example that many people would support: imagine ISIS is running an EC2 Linux server hosting a web forum showing videos of beheadings. This would be a logical thing for a terrorist group to do since you can get an EC2 node for free for a year with just a stolen credit card. You think it wouldn't be of interest for NSA/CIA to sample all the network traffic / disk storage / key material on that node? So if they're not really dumb, they're already doing it and have been for a few years.

A more controversial example: perhaps you are a new Internet startup with the potential to compete in a domain that Amazon or Jeff Bezos currently competes in. Perhaps e-books, perhaps mail order retail, perhaps aerospace. You're running your entire company servers on EC2, EBS and S3. All your financial data is on there, all your product plans. You have the potential to disrupt a large chunk of Amazon's business and perhaps kill their revenue stream. Are they really going to sit and watch you do it and sell you the computing time to take them down while remaining stoic Boy Scouts? They're never going to exercise a silent, invisible option to look over your shoulder which could never be proven in court?

The same applies to Microsoft, IBM or any other public cloud provider. What's their incentive not to peek? Enlightened self-interest because their customers would scream contract violation if found out? Well that didn't stop Lenovo or Gemalto, did it?

Of course, most people, most of the time, won't be interesting enough for a cloud operator to bother to harvest their clients for data. Probably. But do we really want to make it so tempting and consequence-free?


Ole JuulFebruary 26, 2015 8:00 PM

When we talk of technology and convenience, we often forget what actual technology is in play. I would say that the "technology" in question is more along the lines of grammar and basic organizational skills, perhaps mixed with a little dose of confidence.

Commercial services that suck and lock people in, are often just game-like versions of "services" that already exist in the basic grammar of the utilities we've had for our operating systems since the beginning of networking. The reason people don't use these functions is probably because they're overshadowed by the shiny commercial offerings and often (in places like this blog) put down, yes put down, as being technological. They're not. They're just part of the basic language of computers, and not significantly different from other languages like English. It is sad that the practical use of computers is not treated as the basic language issue that it is.

So what kind of "language" am I talking about? We could start with FTP for file transfer. In fact, we should probably start with a file and what one might want to do with it in the context of communicating with others. Even the basic idea of copying a file within a single computer is commonly spoken of negatively as "technology". It's not. If we treated the English language in the same way, we'd all be buying greeting cards and loosing our ability to compose a sentence - something, by the way, which already appears to be happening in the same way as people are using siloed internet services in order to avoid taking control for themselves.

The problems we have with computer security these days stems directly from the commercial mono culture worship that that sprung out of strong and persistent propaganda to effectively convinced people that they have no control, that their computer is not theirs to own, and that the language of computers is completely different from the language they already know.

BuckFebruary 26, 2015 8:32 PM

@Ole Juul

Indeed! Various forms of media have been hard at work for decades now in an attempt to portray the programmer as an anti-social, geeky, weirdo - unfortunately, with some measure of success...

In truth, we all program our lives through language. I'm pretty sure that plenty of doctors, judges, lawyers, priests, and salesmen are already very much aware of this!

FarlandFebruary 26, 2015 8:52 PM

1. The Government and powerful adversaries do not like Dr Martin Luther King

2. Dr Martin Luther King needs to plan coordinate and communicate securely and privately with strong Confidentiality Integrity Availability and Authenticity

Ole JuulFebruary 26, 2015 9:17 PM

@Buck
My point is that this is not a matter of programming or anything so-called geeky or technological. It is simply plain language. Copy this file there, is English and works on a computer. Making your own directory hierarchy is a matter of natural language and elementary organizational skills. We don't need to have some sales droid tell us where we want to put our photos or how we're supposed to search a file for an address. Someone who does it their way is no more a "programmer" than someone who writes a grocery list is a doctor. People need to take control of their own lives. Buy what they want. Use what they want. And do it their way. Why don't a lot of people understand files, directories, and directory hierarchy? Because they've been told they don't! They use those concepts in their every day lives and language.

I understand the draw of things like Google and Facebook, they offer easy to use features and community opt-in. However, apart from free resources, they are mostly offering a service made up of basic protocols and utilities which are available to everybody. And you don't have to be a programmer or technologist to use them. Getting back to basics and diversity of methodology is where we're going to get our privacy and security. Letting go and letting salesmen and lawmakers look after us is never going to work. The seeming simplicity of complete surrender is simply leading to a more difficult language to learn, and one where one really does need to be a programmer, doctor, or (the most useful skill set in that world) a lawyer.

tyrFebruary 26, 2015 10:06 PM


Nice catch on the fact "we" is not as all inclusive as it
seems.

Rumours have it that Zuckerburg got his funding from CIA
so they could stop working and let his network collect
for them.

Schmidt seems to be in bed with Foggy Bottom which seems
like a heaven made match, the clueless prancing through
a flower field to the sound of music.

In yee olde dayes you were served packets by providers
anything else you wanted to do had to be done by your
own machine at the endpoint. Once the mad rush to turn
it into a commodified advertisement selling machine we
wound up with the current version. It has a problem in
that no one is paying you for your attention span, they
are stealing it and blithely crapping on about how you
agreed to it by being fool enough to make them rich and
famous.

When was the last time you checked the credentials
of a politician for his technical level, until you elect
someone who has a minimal grasp of the subject you won't
get any decent laws?

In the meantime we have people who apparently lack basic
grasp of history, can't read a map. and think analyses
is a substitute for historical study busy running the
world into the ground to squeeze the last drop of blood
out of the poor on a worldwide basis.

Security has to be for everybody or it is for nobody.
Make the world you want to live in. Start with Eben
Moglens Snowden and the future lectures and pick a
side to be on. I'd rather have 65000 newsgroups than
make Zuckerberg a dime...: ^ )

BuckFebruary 26, 2015 10:57 PM

@Ole Juul

My point exactly! Your 'average joe' has been led to believe that basic computing (and science in general) is too complex to understand, and simple trust towards the 'experts' is their only option. I'm not entirely sure whether the advertising/marketing folks understand the difference between causation and correlation, but the artists and authors? Ahhh, they are captive to far fewer frameworks of older language... ;-)

65535February 27, 2015 12:06 AM

@ summakor

“We could make it super-easy for people to run their own services at home and teach them how. Computing power is cheaper and more energy-efficient than ever before. A Raspberry Pi makes a great little personal web and email server. For $35 and a few watts you can run your own personal secure website, email server and password-protected photo gallery at home. That's what I'm doing with a Raspberry Pi. I'm new to Linux, so it took me a few weeks of work to set that up.” – summakor

That is true. People can setup there own email server with encryption.

Many moons ago when I was in school every student had to set up an Exchange 2003 email server upon a Sever 2003 box [Active directory integrated]. The software was a free - but time-out version. I just happened to let my box run all semester and transfer emails between students on the local lan.

I recently had a friend in college who setup a *nix based email system. It took some networking skills [MX record and a hosting service]. But, it can be done. You have done so on a low cost r-pi. Good work.

@ Nick P

That Net Integrator Micro II is an interesting full featured little box.

My feeling about home email servers is that Gmail, Yahoo, and outlook will try to swash you. You will become their competitors.

There will be road blocks and disparaging comments about “spammers from home email servers” and the like [road blocks will include being denied access to the major services, black lists, blocked IPs and ports and possible a lack of email forwarders]. But, there are people who run their own email servers.

65535February 27, 2015 12:14 AM

@ BoppingAround


"> What actual email service does Eric Schmidt uses when he wants to talk to Admiral Rogers? Is it NSANET or SIPRNET? I doubt it is plain “Gmail” which the average Joe uses.

"I recall this being discussed several moons ago in a story about 'Google CEO and NSA Director being on a first-name basis', save Rogers for Alexander. The screenshots mentioned Brin's e-mail at google.com which, I quote, 'I don't really check' he writes. He then mentions another address that is blanked out.Why wouldn't they use @google.com or @gmail.com? They own it, after all.I agree that it might be 'on steroids'." -BoppingAround

Good point.

I do remember that. I got the impression that Brin just checked his email for a hint to check his “secure” email – which he may or may not have done.

I am sure it is possible to set up filters or flags in Gmail that prevent decryption by advertisers and bots [and to use very strong encryption].

DelanyFebruary 27, 2015 12:27 AM

"We need laws that require those entrusted with our data to protect our data."

I think you've missed the essential point about trust. Think faith / ethics.

WaelFebruary 27, 2015 12:35 AM

@65535,

Many moons ago when I was in school every student had to set up an Exchange 2003 email server upon a Sever 2003 box [Active directory integrated].

Hmm! That's in the neighborhood of 4100 moons :)
That's back in the day when things were a lot cheaper, and and a suitable work factor for RSA key cost about 12 bits. Crypto inflation, I guess! Nowadays the same work factor will cost you 4096 bits!

DecadeFebruary 27, 2015 4:30 AM

@Volker,

The major problem with peer-to-peer communications on the Internet is that your computer is not a full peer. Most of the machines on the Internet have non-routable IP addresses, and their routers provide Network Address Translation services to make the Internet accessible to them. This breaks end-to-end communication, because NAT allows outbound connections, but not inbound connections, and you need inbound connections for P2P.

As long as IPv6 is uncommon, then man-in-the-middle services are required for communications. I perceived this problem 17 years ago when experimenting with a ZRTP predecessor. The depressing part is that it is now 4 years after the IANA supply of IPv4 addresses was depleted, and more than 2½ years after World IPv6 Launch, and I still have to justify IPv6 to small business operators. Even ones who work in technology. When people decide that they don't need to learn a subject anymore, they just become so frustratingly closed-minded.

Clive RobinsonFebruary 27, 2015 7:05 AM

@ Decade,

The major problem with peer-to-peer communications on the Internet is that your computer is not a full peer

It's actually a bit more complex than being just a "full peer" for P2P to work, they need also to be "static" as well.

Back when VoIP was first being talked about I said it's future was limited unless it could replace the current mobile phone and be cheaper and hopefully more secure.

IPv6 will not solve the problem of both ends of a P2P service being mobile and secure, because you need a directory service that has your current routing information so that you can be found. Neither IPv4 or IPv6 can deal with this firstly due to the weight of update traffic that would dwarf even the spam traffic, secondly the syn/ack protocols like TCP that most people insist on to negotiate firewalls provide the meta data to track you even if you do use content encryption. Protocols that can only be forwarded do not alow for error correction but can still be tracked by an adversary with enough monitoring points.

Whilst there are ways to solve this problem they are fraught with difficulties and problematic / insecure implementation details.

@ mmairs,

There is literally no such thing as malevolent security, and allowing that level of debasement of discourse can only lead to confusion. I understand that you are indulging in common usage here...

Err what you call "common usage" is correct, "security" like "safety" consists of "Policy + Implementation" without either part you do not have security or safety. Whilst the implementation method like nearly all tangible tools is agnostic to use, the policy rarely is. Policy is nearly always "two or more party" and seeks to constrain, and thus has penalties specified by the first party to ensure compliance by the other parties, this makes it adverserial in nature, and thus has elements of malevolence by definition.

Bob TFebruary 27, 2015 9:24 AM

I think the first step is to realize that no one is going to provide you with security but yourself, and those closest to you personally. Governments, corporations and human nature aren't going to change. I'll go along with using their services with the understanding that I'm not secure with them and never will be. When the time comes which may or may not be in my lifetime, I'll want for me or my loved ones to remember these words...

“And how we burned in the camps later, thinking: What would things have been like if every security operative, when he went out at night to make an arrest, had been uncertain whether he would return alive and had to say good-bye to his family? Or if, during periods of mass arrests, as for example in Leningrad, when they arrested a quarter of the entire city, people had not simply sat there in their lairs, paling with terror at every bang of the downstairs door and at every step on the staircase, but had understood they had nothing left to lose and had boldly set up in the downstairs hall an ambush of half a dozen people with axes, hammers, pokers, or whatever else was at hand? After all, you knew ahead of time that those bluecaps were out at night for no good purpose. And you could be sure ahead of time that you’d be cracking the skull of a cutthroat.”
― Aleksandr Solzhenitsyn, The Gulag Archipelago 1918-1956

TomFebruary 27, 2015 11:30 AM

Your post makes it clear that we cannot treat corporate surveillance as a technology problem. We have to approach it from the sociological point of view. To my knowledge, only Astra Taylor has really tackled this head on in her book last year: "The People's Platform".

The internet economy is built on advertising, which is a regressive, opaque, inefficient sales tax. The forces of this economy are restructuring our lives and institutions. I actually don't like the look of it.

You may like it when ads are tailored to your preferences. How about news, for example? News headlines you see are selected for you based on your preferences and biases and the revenue of each potential click. I can't say I like the sound of this.

albertFebruary 27, 2015 1:45 PM

@Tom
While I agree with you in general, two points:
.
1. "...The internet economy is built on advertising...". Yes, if you define the 'internet economy' as such. There are other economic aspects of the internet that don't depend on advertising. Manufacturers depend on the web for providing documentation for their products, as well as downloads for firmware, updates, etc. They save a fortune doing this. Online ordering, banking, and customer support also fall into this category. There are a very large number of websites, blogs, and mailing lists that promote every kind of hobby and avocation imaginable. Most are advertising-free. Then there are organizations, like EFF, ACLU, etc. which support efforts for the public good. Even .gov websites are extremely useful. (WE pay for those. Try http://www.weather.gov/)
.
2. "...News headlines you see are selected for you based on your preferences...". ...Well...those headlines from the MSM are already preselected by the gov/mil/corp Elite, so it doesn't really matter which ones you see.
...

DanielFebruary 27, 2015 2:05 PM

If everyone wants me to trust them and not the other guy the following question arises--to what extent can this truth be used to play off the various actors against one another so that the individual entrusts different information to different actors in such a way that no one has the complete picture? It seems to me that the real threat is the ability of any one party to have a "God's eye" view--the panopticon. Perhaps a feudal internet is a more secure internet?

CodyFebruary 27, 2015 3:38 PM

@albert, Tom
1. "...The internet economy is built on advertising...". Yes, if you define the 'internet economy' as such. There are other economic aspects of the internet that don't depend on advertising. Manufacturers depend on the web for providing documentation for their products, as well as downloads for firmware, updates, etc. They save a fortune doing this.

Internet a perfect advertising medium because it provides immediate feedback for effectiveness scoring. It's a totalitarian government's wet dream come true because not only does it allow pushing feeds it also fish impressions.

FlorianFebruary 27, 2015 11:53 PM

How can Eric Schidt say that our data is most secure at Google - a company that does not even implement an automated session timeout? That is really far away from security best practice.

NameFebruary 28, 2015 5:48 AM

@Bruce

On Glenn Beck's show you say ...

“A bunch of organizations have looked at these metadata programs. The metadata, again, is data about data. It’s the social networks, the traffic analysis. It’s not the content, but who’s talking to who, every time you look at this, it is not valuable. … It doesn’t stop terrorist attacks. So why is it being done? That’s an interesting question. It seems like it’s an insurance policy.”

Could you elaborate on what you mean by "insurance policy" ?

Thank you.

Clive RobinsonFebruary 28, 2015 8:41 AM

@ name,

Could you elaborate on what you mean by "insurance policy" ?

I cann't say what was in Bruce's mind at the time, but there is an oft repeated refrain of "Political CYA" when discussions are in this area.

Effectivly politicians have to be seen to,

1, Act decisively.
2, Not be blaimed / held as a fool.

The result of this is knee jerk actions and no critical thinking which results in a one way effect.

Look at it this way,

Something bad happens, and the press and talking heads whip it up --as per their job descriptions-- at some point somebody is going to demand heads roll. To stop the process before a political head bounces into the crowd and it becomes an fashionable activity as it once did in Paris, the Churchillian "Action This Day" kicks in. It matters not what the action is, the purpose is to kick the problem into the long grass, unfortunatly some things are so bad the political posturing of "action" has to realy become not just "policy" but enacted. If the politico gets lucky the enacted action appears or can be made to appear effective, even if in reality it's an "anti-tiger rock". In the process an empire starts to be built and resources are thrown at various people and places to grease wheels and stop them squeaking and thus drawing attention. The problem is you have to keep greasing the wheel or it does not just squeak, it might sing like a canary. And with each application of grease it requires a larger amount of grease and the empire continues to grow untill it's a monster with an apparent life of it's own with the sole purpose of devouring resources to rearange deck chairs, not launch life rafts. So why does some one not just cut the supply of grease and pork off? Well there are a couple of reasons, the first is that people will ask where did all the resources go, this however is usually politically managable "by blaiming the other lot". The second and unmanagable problem is, if you as a politician cut the resources and a similar bad happens again, you know that irrespective of the utility of the cut measure you will be blaimed regardless of logic or reason. Hence your best policy is to not cut resources but "transform methods" thus if something bad happens you are covered because you can blaim those implementing the change in methods for being to slow or not understanding etc etc. Either way as long as you keep giving out resources you have the insurance of "others to blaim"...

NotOneOfThemEitherFebruary 28, 2015 9:09 AM

@David

I have to take issue with your use of "WE"... as in "WE like services like Siri
and Google Now..." and "WE want someone else to manage our computers..."
Are you saying you're not one of US??? ;-)

MattFebruary 28, 2015 7:50 PM

I'm with "Mukund." Reading that you were on Glenn Beck's show was like reading that my #1 sports hero took a bribe to lose the game.

Believe it or not, there's a lot of conservative and libertarian supporters of privacy and freedom from government overreach. And there's plenty of people with (D) by their name who aren't.

Say what you will about Beck's style (or sanity), he's Greenwaldian in his insistence on consistency and his willingness to take putative members of his side to the woodshed when they betray their principles, which include deep skepticism of government surveillance power.

Thanks Bruce for realizing this.

BuckFebruary 28, 2015 9:47 PM

@Ole Juul

Here's a good one!

Poets, priests and poiticians; have words to thank for their positions - words that scream for your submission. And no one's jamming their transmission... Cuz when their eloquence escapes you - their logic ties you up and wraps you!

http://www.youtube.com/watch?v=7v2GDbEmjGE

JardaMarch 1, 2015 1:13 AM

"We need laws that will protect our privacy from those who obey the laws, and to punish those who break the laws."

Last time I checked the NSA and others don't obey laws, break laws, lie and do whatever they please, they just don't tell anybody and nobody really controls them.

Dirk PraetMarch 1, 2015 7:39 PM

Yes, we need better security technologies, but we also need laws mandating the use of those technologies.

Yes we do, but I doubt it is ever going to happen as long as individuals and companies alike keep buying the "terrorist apocalypse" and "nothing to hide" fallacies. Translating that to the (extended) OSI model, changes in layers 8 (individual) and 9 (company) will be prerequisites for anything at level 10 (politics) to change. Only when there is sufficient awareness and understanding by the general public of the dangers of uncontrolled corporate and state spying is there going to be any push to change the laws surrounding our current use of digital technologies.

Meanwhile, we're pretty much stuck with what we've got. But you can make your voice heard by supporting initiatives that denounce mass surveillance. You can dump the companies, products and services that don't give a flying f*ck about either your privacy or security. And last but not least, you can educate others about it.

@ Bob T

Great Solzhenitsyn quote!


ChrisMarch 2, 2015 3:22 AM

Mega uses client-side crypto - they store your data, but do not have access to it. Not *everyone* is the same as Google.

GRockmoMarch 4, 2015 2:06 PM

One of the many points that Mr. Cameron misses is that if the Government has back doors to crypto, then more people will likely start to roll their own, or products will appear that allow users to use 'customized' crypto parameters on demand.

Even bad crypto schemes will increase the workload on those agencies tasked with cryptanalysis.

For example, with less than 150 lines of code, one can write an effective util to encrypt native data against say two or three repeatable PRNGs in parallel or in series. Very fast, quite effective, and fairly easy for anyone with basic coding skills.

Sure, this is a symmetric stream cipher, but combining several PRNGs helps to break frequency analysis and predictability.

Worried that onboard PRNGs may still too easily fail? It's fairly easy to munge the PRNG results once they are in a byte array.

Still concerned that this isn't random enough? Merge 3rd party PRNGs.

Still not good enough? (since NSA has them all documented).

Pass the PRNGs through one of the crypto algorithms provided by MS Crypto Services (the APIs are fairly easy to work with) or even throw a random string through MSCS and work with the raw bytes as the PRNGs.

These methods (using repeatable PRNGs) allow using short cipher keys (such as passwords and parameters) that are very easy to transmit.

How secure is such a system likely to be against sophisticated cryptanalysis? Probably quite secure for a given time period. Is it perfect? Nothing is, especially against very serious attack over extended time.

But, if one is a bad actor, such as the type that concerns Mr. Cameron, one may only need security for several months (and this is certainly possible). In which case, the Government having backdoor access to various commercial encryption is pointless.

Additionally, the resource drain on cryptanalysis agencies, suddenly presented with significantly more algorithms and a multitude of parameters would likely be detrimental to said agency's efficiency overall.

Gary

Adrian LopezMarch 5, 2015 12:13 PM

The problem with such laws is that they'd raise the cost of operating websites that collect information from their users. Having complex laws or requiring lots of red tape would make it difficult or even impossible to operate a website on a modest budget. New services would have a harder time getting off the ground unless backed by large corporations. Innovation would suffer. Even something as essential to online freedom as being able to build a platform where people can communicate would be implicated.

Let's not create one problem by trying to fix another. Aren't there better ways to address online security than to prescribe security by law?

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.