Yet Another FBI Proposal for Insecure Communications

Deputy Attorney General Rosenstein has given talks where he proposes that tech companies decrease their communications and device security for the benefit of the FBI. In a recent talk, his idea is that tech companies just save a copy of the plaintext:

Law enforcement can also partner with private industry to address a problem we call "Going Dark." Technology increasingly frustrates traditional law enforcement efforts to collect evidence needed to protect public safety and solve crime. For example, many instant-messaging services now encrypt messages by default. The prevent the police from reading those messages, even if an impartial judge approves their interception.

The problem is especially critical because electronic evidence is necessary for both the investigation of a cyber incident and the prosecution of the perpetrator. If we cannot access data even with lawful process, we are unable to do our job. Our ability to secure systems and prosecute criminals depends on our ability to gather evidence.

I encourage you to carefully consider your company's interests and how you can work cooperatively with us. Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data.

Encryption serves a valuable purpose. It is a foundational element of data security and essential to safeguarding data against cyber-attacks. It is critical to the growth and flourishing of the digital economy, and we support it. I support strong and responsible encryption.

I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so.

Responsible encryption is effective secure encryption, coupled with access capabilities. We know encryption can include safeguards. For example, there are systems that include central management of security keys and operating system updates; scanning of content, like your e-mails, for advertising purposes; simulcast of messages to multiple destinations at once; and key recovery when a user forgets the password to decrypt a laptop. No one calls any of those functions a "backdoor." In fact, those very capabilities are marketed and sought out.

I do not believe that the government should mandate a specific means of ensuring access. The government does not need to micromanage the engineering.

The question is whether to require a particular goal: When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help. The government does not need to hold the key.

Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud. This is something we pointed out in our 2016 paper: "Don't Panic." But forcing companies to build an alternate means to access the plaintext that the user can't control is an enormous vulnerability.

Posted on January 11, 2018 at 7:05 AM • 74 Comments

Comments

Rick LobrechtJanuary 11, 2018 7:23 AM

"Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data."

Ha - classic.

I also find it more than a bit ludicrous that people would seek out targeted advertising based on email content.

MikeJanuary 11, 2018 7:49 AM

The term "responsible encryption" is nonsense. Either you encrypt or you don't.

Rosenstein obviously has no idea of what encryption is or how it works. However, he has many people he can call on who do understand encryption and they'll all tell him that what he is asking for is to make encryption worthless.

I wonder if he sits in these briefings with his eyes shut and his fingers in his ears shouting "La, La, La, I can't hear you!".

Ollie JonesJanuary 11, 2018 8:05 AM

The extent to which government executives can be modeled using memoryless entities is very interesting. It seems like we're doomed, like the movie Groundhog Day, endlessly to repeat this conversation about the dangers of crypto master keys.

But this is important: all secrets leak. Not even state actors with unlimited infosec budgets can prevent secrets from getting into unintended hands. In particular, USA state actors have accumulated a negative track record on this topic in the past few years.

A vastly important part of preventing disaster when secrets leak is to make the secrets have limited value. For resilience, the secrets' value necessarily must be limited both in time and in scope. Crypto master keys (or schemes for generating them in response to instructions from "impartial judges") don't meet those criteria.

echoJanuary 11, 2018 8:24 AM

Law enforcement have metadata and time on their side. I wonder if this demand for backdoors is really laziness on their part i.e. them expecting confessions and communities to provide leads and backdoors are just a means to this end.

If the state sector more readily admitted mistakes and was less prone to expanding makework headcount I would have more sympathy.

I think the GCHQ annual report was interesting insofar as they said the boss people around approach no longer worked.

What are these "cyber incidents" and in what way would a backdoor help?

DenisJanuary 11, 2018 8:28 AM

This is not an "FBI proposal", this is a Deputy Attorney General speech. The FBI is mentioned in his speech only once - as a source of statistical data.
He's a senior government official, sure. But framing his opinion as an "FBI proposal" is too far-fetched (unless you're peddling conspiracy theories).

LisaJanuary 11, 2018 8:40 AM

FBI henchmen are also complaining about the going dark problem.

quote: The human brain imposes a high degree of complexity, effectively encrypting any information it stores. In the past we were able to beat confessions out of suspects to overcome this. But now anti-torture policies are resulting in a going-dark problem for law enforcement, as we can no longer easily get confessions out of suspects' encrypted brains. This has resulted in the unfortunate consequences of law enforcement being required do actual police investigations which require far more effort and resources then beating confessions out of suspects.

Computers are tools for our brains, so police also want means to be able to get info from there too, regardless of privacy and other human rights.

In the end, the fact is that law enforcement is always supportive of police state policies, since it makes their jobs that much easier. But it is up to civil society to resist this, so that human rights are supported in addition to criminal law.

fredJanuary 11, 2018 9:16 AM

No one calls any of those functions a "backdoor."

that is correct. only law enforcement calls them backdoors. the rest of the of the world calls them exploits.

In the age of information warfare, more access is not what we need. We need less people being sheep.

Clive RobinsonJanuary 11, 2018 10:02 AM

So we get the "You shall be our slaves and vassals" quip,

When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help.

No the company "shall not be forced into indentured service", they espouse a free market system then they should live or die by it. Either they pay what independent consultants ask or they should grow their own talent, either they are uterly and moronically stupid or they have ulterior motives. Whilst it would be nice to think it's the former I would bet on the latter. There is a plan you can be certain but this is just one steping stone not the end game, and as has been pointed out "The price of freedom is eternal vigilance". These people are not going to give up they have been at it one way or another since before we ever heard of the Clipper chip. Like disease ridden mosquitoes, it does not matter how much you wave your hands they will keep coming back to put the bite on the population to rend them low, mad or both with their infective agent. As with mosquitoes you need to drain the swamp and poison every last place they might hide as well as using a powerfull deterant they can not get through[1].

But there is a darker side to these warrents. In the past when it was your papers, they had to present them to you or your agent. Thus you were given due notice, and you could use other legislation designed to give "equity at arms" to help defend yourself. With electronic communications they can keep looking and searching untill they find something, anything by which they can bankrupt you or in other ways strip you of your rights.

It is obvious by the many motions filed that part of their game plan is "rights stripping" that is to force you into a position where they can and will ruin you or drive you to your death. They have done it before, they are still doing it and they will step it up. Remember guilt or innocence is of absolutly no interest to them, getting press is what careers are made with... Thus when the knock comes you are already guilty or dead, you just don't know it and you won't be alowed to find out the who and the why of it...

@ echo,

Law enforcement have metadata and time on their side. I wonder if this demand for backdoors is really laziness on their part i.e. them expecting confessions and communities to provide leads and backdoors are just a means to this end.

As I indicated above part of it is "rights stripping" other parts would be "parallel construction" oh and in the UK "entrapment" would be high on the list as would be "placing" of agent provocateur's for "incitement" purposes. Then there is the "passing on" of surveillance to commerial organisations like Sony, etc etc so that lawful protesters could have civil injunctions taken out against them by the commercial entities. The Met Police have been some what "ham fisted" about all of the above and the information has leaked. It is known that both MI5 and GCHQ have been involed upto their necks in it, the question is thus what have the Secret "Service" (MI6) been upto at home and abroad. Maggie Thatcher gave them handouts above inflation and they all still do rather well out of the UK tax payer... So they are "Pleasing, teasing or blackmailing" those who hold the purse strings. One such person they very much had under their thumb at her tenure in the Home Office is our current Prime Minister, whilst ordinary policing got the chop new fairly usless intek agencies got the cash instead, which realy does not bode well for UK citizens...

@ Denis,

This is not an "FBI proposal", this is a Deputy Attorney General speech

The FBI have been upto this "going dark" nonsense for a very long time now. Back long ago "the screach" was giving private briefings in Europe about it and ironicaly it leaked out. We only know a very tiny fraction of what Edgar J. Hover got upto because those acolytes he had covered it up, but they almost certainly carried on as "true believers" always do. As they were in positions of power they could select train and promote other acolytes to "Maintain the Faith". It is this legacy thinking you see behind both the FBI and DoJ behaviour to twist and warp and bend the law to their chosing. They have been at it a long time and the failing of their case against Apple was just an unexpected bump in their track, it did not derail anything just shook things up a little. They will do it again with some organisation less able to fight back untill they have the judgment they want as president to go back and take Apple or similar giant down. Thus have an example to beat others with. It's exactly the same sort of game that gave the US the war on terror. Official US policy is beat up on the weak to set an example to the rest. Nations, corporations, citizens or even innocents abroad, that is the policy if Psyco Uncle Sam sees hesitation to jump to the whims the Puppet has. The real question is the "follow the money" one of "Who benifits" and pulls the puppets strings, it is sure bot the average US citizen. But when a US President warns the people of the MIC is he mad or giving due warning?


[1] I've talked about powerfull deterants they can not get through before, but nearly all of us are our own worst enemy due to "ease of use" it destroys OpSec and that is just one reason why they know they will win if they go softly softly and close the net around the entire population.

EvanJanuary 11, 2018 10:39 AM

When a court issues a search warrant or wiretap order to collect evidence of crime, the company should be able to help.

Why, though? The company is helping by complying with the warrant or order, and they should not be expected to alter their business just because it makes the FBI's job harder occasionally otherwise.

RhysJanuary 11, 2018 10:46 AM

It is unclear to me what public service of 'domestic tranquility' the FBI & civilian police intend to secure for the citizenry as a whole.

I enjoyed Fred's reminder that what is being asked for are exploit kits. Like the one that was recently stolen- don't these kits eventually get subverted to the use of the criminals? How does one secure an exploit tool or kit, too?

The FBI & law enforcement always bristle at the appointment of civilian review boards. Oversight & accountability appears to be a monopoly they would retain unto themselves.

The "us" vs "them" fractionalization serves whom?

Why would anyone "trust" a value proposition that starts with ...trust 'us' to find & prosecute those who you shouldn't trust?

CallMeLateForSupperJanuary 11, 2018 11:01 AM

"Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data."

Wait.... data that has been encrypted is secure, no? I mean, anyone who gains access to encrypted data gets only gobbledegook, not "actionable" secrets. Sounds to me like encrypted data is protected data. If my encrypted data is protected, what protection value-add does law enforcement think it lends to my data? (rhetorical)

-----------

Comey and Rosenstein and their ilk can lobby for "responsible encryption" 'til the cows come home, but I lost patience with that flat-Earth argument many moons ago. My ears are closed to it; I will never give it credence.

The world changed for the worse when we learned of IC's undiscriminating upstream dragnet; "unwitting" collecting on U.S. persons; swiss cheese policy on "data minimization"; declaration of free-fire snarfing of anything and everything encrypted, regardless of the nationality of sender or recipient. And then we learned that FBI has access to IC's massive data pot. Because security. Because pedophile. Because drug dealer. I don't swallow that whole, because the greater bulk of the corpus smells bad. How can any U.S. person *not* feel targeted by their own government?!

Douglas CoulterJanuary 11, 2018 11:13 AM

@Clive !!!
And in the end, when they just force it on us - or make things they can't break illegal, amounting to the same thing and making it even easier for them - they'll say "well, we asked nicely, over and over..."

Isn't there a current example of a tinpot corrupt dictator who has declared it a crime to have encryption on your device right now? I think he looks a bit like Gollum or something? Maybe we need to point out who uses such techniques on their own populace more. It's not like we are short of easy examples.

Yes NoJanuary 11, 2018 11:39 AM

@Mike:
reI wonder if he sits in these briefings with his eyes shut and his fingers in his ears shouting "La, La, La, I can't hear you!".

More likely not, since he will be told only what he wants to hear. It takes courage (and a failure plan) to speak truth to power.

CallMeLateForSupperJanuary 11, 2018 11:58 AM

Right on cue:
"FBI chief calls unbreakable encryption 'urgent public safety issue'"
https://www.reuters.com/article/us-usa-cyber-fbi/fbi-chief-calls-unbreakable-encryption-urgent-public-safety-issue-idUSKBN1EY1S7
Oh-h-h-h and he never gives up
And he never gives in
He just sings the name line.


And who say FBI is humorless?!
"An FBI forensic expert lambasted Apple for making iPhones hard to hack into."
https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones

fooJanuary 11, 2018 12:19 PM

@Rick Lobrecht

I also find it more than a bit ludicrous that people would seek out targeted advertising based on email content.

People don't seek out the feature of being targeted advertised to, companies seek out the feature of being able to targeted advertise to you. You are the product, companies are the customers. FBI guy just confuses the two intentionally to make an invalid point sound valid. He's not moronically stupid, it's all ulterior motives.

@Bruce

Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud.

Along the same vein, people actually don't want the feature of being targeted advertised to, nor the feature of having their stuff stored insecurely to enable that. That's why people have been leaving Gmail for offshore services like Protonmail. FBI guy is just basically proposing that the US economy further tanks, as even more people turn to offshore services. (until it's all made illegal and we descend into a total dictatorship)

hmmJanuary 11, 2018 12:25 PM

"only law enforcement calls them backdoors. the rest of the of the world calls them exploits."

The difference between backdoor and exploit is the backdoor is planned in advance by the vendor.

Exploit = cutting a new secret door in. Backdoor = constructing a secret door at production time.

FWIW it has nothing to do with law enforcement terminology.

GrauhutJanuary 11, 2018 12:31 PM

"I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so."

I simply maintain Mr. Rosenstein forgets that these companies do not own my data, so they can not legally transfer them to a third party if secured.

DMCA, my copyright, breaking encryption strictly forbidden! :)


"Rosenstein is right that many services like Gmail naturally keep plaintext in the cloud."

Nope, Gmail only sees what i allow them to see, its easy to use them with mail encryption switched on.

hmmJanuary 11, 2018 12:42 PM

"Isn't there a current example of a tinpot corrupt dictator who has declared it a crime to have encryption on your device right now?"

http://www.truth-out.org/news/item/42020-us-provides-military-assistance-to-73-percent-of-world-s-dictatorships

73 % of the worlds dictatorships get US MILITARY assistance, some sub/superset of that get powerful network tools to strip out encryption, MITM and track people on a massive scale - so they can be disappeared, tortured and killed with simple low-tech hand weapons.

If the US wants to be the world's policeman it might stop being the world's #1 arms exporter.
If it wants to be a bastion of freedom and rights it might stop selling tools of authoritarianism
TO WELL KNOWN AUTHORITARIAN REGIMES THAT ABUSE IT IN PLAIN SIGHT.

The truth is there isn't enough of a US constituency that gives a crap about the qualities of lives and basic freedoms in other countries, or even really their own. It's not a majority and it's not close. There's no outrage about US allies committing genocide, even.

In that environment backdoors in US products should be fully expected even where fully denied.
They get paid to do it. Money uber alles.

vas pupJanuary 11, 2018 12:49 PM

@all and @Lisa in particular.
Power corrupt, absolute power corrupts absolutely.
I don't see any mechanism (if suggestion of Deputy AG implemented) to really control how they use the power/cooperation. Theoretically I could accept such powers (with strong safeguards to be developed) in the cases related to treason/terrorism(real national security issues - then NSA should help, not private business) or Federal offences with possibility of capital punishment only. In latter similar should be done as with IPhone hacking case on FBI request. It was done by independent private contractor, not by Apple.
Regarding FBI versus DOJ. FBI have two tasks: (1)prevent/interfere with immediate criminal act in progress with danger of death/injury, real threat to national Security. For that purpose wider set of technical and investigative tools should be available. In that case the most important to balance prevention versus future prosecution;(2) collect evidence on Federal offences which let DOJ support prosecution in the court. For that purpose set of tools dictates by Rules of Criminal Procedure. Meaning DOJ and FBI are on the same page only on (2), but concept of parallel construction let FBI utilize information obtained using criminal intelligence tools to collect other evidence acceptable by DOJ for prosecution.
Suggestion: may be like with safe deposit box (or like ICBM launch) it should two keys applied simultaneously to decrypt/open/launch(two buttons pressed)and independently. Only one key should be in possession of the business.
I agree with Lisa that trust LEOs is to (bleep) yourself, but any stable society needs them as wolves as sanitary force in the forest. There no viable alternative to them - just chaos or law of jungles. The whole idea and I agree with Clive is to keep them under control of society not vice versa.

hmmJanuary 11, 2018 12:49 PM

https://motherboard.vice.com/en_us/article/59wkkk/fbi-hacker-says-apple-are-jerks-and-evil-geniuses-for-encrypting-iphones

-Encryption = jerks

"'House votes on controversial FISA ACT today.' This is the act that may have been used, with the help of the discredited and phony Dossier, to so badly surveil and abuse the Trump Campaign by the previous administration and others?" Trump tweeted.

-Does he even realize he's bigly helping to get it re-authorized I wonder?

MercyJanuary 11, 2018 12:54 PM

"Gmail only sees what i allow them to see, its easy to use them with mail encryption switched on."

You're comforting yourself with how it ought to be. You don't actually believe that do you?

Clive RobinsonJanuary 11, 2018 1:10 PM

@ hmm,

FWIW it has nothing to do with law enforcement terminology.

Who cares that's boring, the other version is so much more fun style wise.

But it also gets the no such thing as NOBUS across to the ordinary bod on the street, which is the important thing.

Any way the FBI tried foisting "Golden Key" and "Frontdoor" make it sound nice names on us under that loony Comey and it panned for them. Thus it's our turn to force "exploit", "crime hole" "Arse end entry", "Draws Dropper" and anything else that sounds bad or derogatory on them. It is after all only fair ;-)

It's a war of words and meaning, I'd call it illegal propaganda by the FBI but then they get all upset when justifiably accused of committing crimes, which makes their trigger fingers itch at the very least as various FBI extra judicial executions have shown.

hmmJanuary 11, 2018 1:15 PM

"Golden Key" and "Frontdoor"

Orwell is more prescient every passing day.

"Arse end entry" = that's the one they convert to obscure acronyms. "The AEE program"

Cheers

echoJanuary 11, 2018 1:58 PM

@ Clive

I know what you mean with your graphic examples. With one eye on Susan Landau's work and more everyday abuses of power I believe the issues are pervasive even if they are minor and petty.

Last week one of the UK newspapers reported that during the "short sharp shock" period under Thatcher (promoted and organised by Willie Whitelaw) young boys in detention centres were subject to physical beatings and for those with longer memories sexual abuse. The sexual abusers were prosecuted some years ago along with their equivalents in other organisations. This new case being brought by lawyers is about the institutional brutalising and knock on effects.

All systems leak information. Every time an agency acts or opens its mouth or interacts it leaks information. People talk. The truth gets out eventually.

If an agency abused its eavesdropping power to neuter an investigation or complaints would they be caught? Could this happen, or is this very unlikely and sufficent safeguards exist to prevent this?

neillJanuary 11, 2018 1:58 PM

instead of breaking encryption -

could e.g. google just backup unencrypted email data onto (LTO etc) tapes, then once filled up, remove those (hence take them offline), then place them inside a vault inside a secure datacenter, then shred them after a required retain period (3 yrs, 5yrs, ...)?

online data would be still encrypted, but 3 letter agencies can request certain tapes - they just have to figure out exactly what time period they need, that should be possible via metadata.

Protect my fhqwhgadsJanuary 11, 2018 2:04 PM

'your' data? who is 'you'?

I've a funny feeling about the current meaning of 'Collect', not search or discover, but Collect. Almost like they already know exactly what's there, they just need to go collect it in a non-poisoned fruit kind of way.

hmmJanuary 11, 2018 2:35 PM


Do they even need to weaken actual encryption except to get at unsent stationary data faster?

If they want something all they have to do is wait until it comes in or goes out.
If it doesn't, how important or necessary or dangerous could that data actually be?
Lock them up on contempt (as they do) and wait. Nobody else has to be compromised.

The convenience factor for LEO is becoming more important than the law itself. It's a ridiculous precedent no matter what is on these phones, bomb plans or even treason itself simply can't compare to willingly dissolving the Constitution by fiat.

Legal protections from domestic spying? Easily sorted with momentary extra-national routing.
You'd never notice. They own hops along the way, they log the key-ex's no doubt, certs, etc.
Without proving you are damaged nobody can sue to stop it, or even know it happens.

What, laws? We've got companies with NDA's signed by law enforcement, flouting them right now.
Nobody will care about unintended ends when they have the means to justify anything at all.

hmmJanuary 11, 2018 2:43 PM

@ Neill

"online data would be still encrypted"

Exactly, another perfectly simple semantic loophole. "The data is still encrypted, see?"
Just no longer individually encrypted as the user expected when they sent it.

"But it's encrypted! Nobody without the key can get at it." -WHICH KEY? Their key.

Clive RobinsonJanuary 11, 2018 3:00 PM

@ Doug,

And in the end, when they just force it on us - or make things they can't break illegal, amounting to the same thing and making it even easier for them - they'll say "well, we asked nicely, over and over..."

There are things you can do that have been common knowledge for over a century that you can still do today as long as they alow you a communications path at some level.

Let's say I send you,

    You up for a drink Friday usuall place and time?

What does it actually mean?

If I sent you,

    When the seagulls follow the trawler, it's because they think sardines will be thrown into the sea.

You might be suspicious unless of course I'm Eric Cantona.

The point is with care "One Time Phrase" codes do work. Some will also work if used repeatedly quite innocently but then used at a pre agreed time where their meaning changes. Likewise their place in a conversation.

Such systems came most obviously to the fore in WWII with the BBC transmitting "And now some messages for our friends" followed by half a different sentances. Some were One Time Phrases others were "nulls" used to pad out to the same number of messages to avoid traffic analysis.

Such systems hide in plain sight to some degree but they are neither simple codes or stegonography that can be found by various simple analysis techniques. They do have the same strengths as One Time Pads but not the same flexability, but they don't stand out under simple analysis as One Time Pads do.

Thus the FBI have a problem, the One Time Phrase can be sent under their noses without them being able to say they are a code, or even recognising them as such. Further implanting spyware into the user device will not gain any advantage as it's the human mind that extends the security end point beyond the comnunications end point.

neillJanuary 11, 2018 3:29 PM

@hmm

this was just a quick thought, to give lawmen access to the backup vaults, though not in realtime - w/o breaking encryption for all of mankind

implementation would be hell complicated, i know, esp with in-memory-encr., but somewhere at some point you need to decrypt in order to process the data (sql, email whatever) - so right there you gotta grab what you can and write to the tape archive

since those would reside only offline in a datacenter i would not mind 3 letter agents living there to have access to it. not the best and fastest method, but you can fulfill the request for access!

hmmJanuary 11, 2018 3:52 PM

" access to the backup vaults, though not in realtime "

What would preclude that? They make the backups instantly right?

" since those would reside only offline in a datacenter "

I tend to doubt that too. They have systems in place to access DMZ's within each platform.
Why even pretend it has to be offline, what would force that? The law doesn't AFAIK.

Clive RobinsonJanuary 11, 2018 4:31 PM

@ neill, hmm,

but somewhere at some point you need to decrypt in order to process the data (sql, email whatever) - so right there you gotta grab what you can and write to the tape archive

How is the plaibtext getting to the vault?

If you remember Google made the mistake of having a strongly encrypted entry portal. But... The backhaul from one site to another was plaintext so the NSA simply parasited the backhaul --supposadly-- without Googles knowledge.

The big problem is encryption is expensive, especially if you do it at an adequate KeyMat protection level. A single point to point link looks easy, but when you potentially have a thousand or so from all over a continent things start getting more than a tads interesting. Which is why plaintext was often the default on high capacity backhauls...

The IC are like roaches, once they have found a way in extermination becomes close to impossible. They just drop something on the Flash ROM in some SoC in a 4 line LCD status display and that computer is forever owned breeding little nasties to go forth and re-multiply...

Sometimes the only solution is like that with termites "burn the house down and walk away"...

Coyne TibbetsJanuary 11, 2018 5:31 PM

"I encourage you to carefully consider your company's interests and how you can work cooperatively with us."

Talk about thinly veiled threats...

echoJanuary 11, 2018 5:42 PM

Partly by chance I watched Youtube documentaries on the spy satellite program and the construction of NORAD. Most of the content was the usual. What interested me was the psychology of post WWII people driven to prevent another war versus the paranoia of the mob whipped up by Stalin.

I have also read books by Joe Navarro and FBI interrigation guidance. This is very interesting too.

One point the satellite show made was satellites were the cheapest verification solution. Joe says he found buying a beer and a packet of cigarettes worked.

I guess if "they" are collecting everything directly or indirectly an encryption backdoor makes economic sense as the cost to the FBI is effectively free. This is an intractible problem. Rather than confronting this head on I wonder if social policy and equality help more and whether this argument would help political paymasters reconsider allowing assualts on privacy?

MarkJanuary 11, 2018 5:42 PM

Fantastic. More American rubbish driving insecurity for the rest of us. Hopefully we can get away from the big American tech companies.

Bruce, when are you going to write the article that needs to be written? Your country is directly responsible for insecure products, services, and poor digital privacy. This is both driven through your country's push of capitalism throughout the world and your pointless "national security" arguments.

I'm tired of it. Boycott all American products and services.

WaelJanuary 11, 2018 6:00 PM

@Ratio,

When I said "Devices are marked", I was aluding to techiques like the ones described in this thread. Tell me something: can‌‌‍‍‍‍‍‍‍ you‌‍‌‌‌‌ read‍‌‌‍‍‌‍‍‍‍ between‌‌‍‌‌‍‍‌‌ the‌‍‌‍‍‍‍‍‍‍‍‍‍‌‍ words?

Here is a pregnant hint, using military-strength encoding that beats your industry strength one from last year! Tick-tock, Coitarice...

hmmJanuary 11, 2018 6:50 PM

"I'm tired of it. Boycott all American products and services."

Isn't that a bit of an overreach coming from one of the 5 eyeballs as you are though, Mark?
I don't disagree with the sentiment or the underlying point though, you're not wrong.
This stuff has to have limits, I'm not sure they exist yet.

Douglas CoulterJanuary 11, 2018 7:17 PM

@Clive
I've done up a bit of "toy" crypto for fun.
The real problem in my eyes is key exchange - and your method above is similar to what I had planned (my G+ pals are already playing with it online).

For that matter, you could just agree that the bits starting after some number in say, a kitten video you send the link to, are the one time key till updated. Your keyphrase is then just the number you begin at, using it in similar fashion to a one time pad after that - perhaps whitening it a bit to make it a little less obvious.

Obviously, no one's actually going around breaking good crypto - it's all side and back channel stuff in all but perhaps a rare and extreme case.

You could also (and I note in an interview with Snowden and Bruce this was quickly subject-changed) layer a few types of encryption, perhaps designing it so that a little garbage plaintext would show up if one layer got broken successfully. This would of course drive human analysts crazy with false positives - a little jihad and alan's snackbar followed by more "just random white bits". You could have all manner of fun using crap crypto that never the less takes a lot of cycles to crack, well known bad random number generators...and at some layer, some really good stuff that's near-impossible to brute force. And of course, order the layers by using some of the bits of the hash of the pass phrase so it's not the same every time.

But it's all fantasy, the problem is that when they grab that level of control over everyone, you're had, secrets kept or not. The current regime is just fine to for example, catch on very fast if more than a few people start to look like they are organizing to resist - they can be nipped in the bud before it'd be a big public splash....and that's all that's needed to keep a police state advancing.

But then...
You have all these "white noise" files on your system, or other issues they can decide not to like you about. Truth is, once "they" decide to not like you - you're had, whether you did anything or not, or have crypto or not (ask Erdogan's victims, or...it's a long list as you know).

neillJanuary 11, 2018 7:23 PM

@Clive Robinson, hmm

how exactly this could be implemented in hard/software needs to be discussed. i assume that 3 letter guys can get into most internet traffic anyways, so instead of compromising encryption worldwide we can just give them some space in a datacenter (-tapearchive) to go wild. AFAIK at&t had some small locked rooms available for them at their COs in the past. let's just discuss this publicly, instead of 'cat&mouse' games. maybe someone has good ideas with hypervisor trickery and dual links etc to get data in&out encrypted to WAN and plain to TAR. maybe we need silicone changes, too, for that separation (they are needed anyways after spectre/meltdown). and would someone convince intel please to take out the IME, i would not miss that thing a bit ...

Douglas CoulterJanuary 11, 2018 7:23 PM

@hmmm
Re the US meddling.
We agree for once. Trying to "control the narrative" with violence, in person or in proxy, implies some real hubris that you can and know what's best, or some real serious psychological problems or just plain evil intent if you don't care what's best for all - just you, and at that, only in the short term.
Yet we don't seem to be able to stop. Money talks, and the MIC, as we were warned, needs enemies to scare us with so we'll buy their stuff and spend our blood.

I found this an interesting intellectual journey, even though I don't agree with all this guy's sayings or politics. AI is here, and despite the twin jokes - one that it's going to become real smart and take over, and the other that it's real dumb and already has - well...that last one is closer to true in his world. Very interesting and I think worth the time.

https://www.youtube.com/watch?v=RmIgJ64z6Y4

"Hey, you broke the future" - corporations as the real AI threat.

hmmJanuary 11, 2018 9:05 PM

@ Doug

I'm enjoying the video, it wastes no time to provoke some thoughts. Thanks

I'd tend to believe most anyone visiting this blog and reading Bruce's insights and those of the interested community, they and I see more eye to eye than not - We all probably realize on some level we're the boiling frogs right now and we've only got minutes to fix it.

None of our inventions is without flaws and the tools we have are well beyond the comprehension of 99%+ of the population. We're already dependent on things we cannot recreate. AI could be well beyond 100%, if we achieve it. Who would be in a position to program it, argue with it? A VERY select few, like ministers in the king's court. Would it not at some point rule us outright as we cede full dependence to it? Should we? Questions we ought to ask before plugging it in, dropping it on Nagasaki.

Intelligence is knowing what can be done and how, wisdom is knowing what to do and what not to do. Everything is a tradeoff. If we decouple one from the other the future will not include us. We have a ridiculously bad track record as a collective cognizance, and putting blind faith in man-made AI to solve these world problems to me is no different from a religion: Faith required, details are sketchy, you can't really test it - and you'd better start praying now.

https://www.youtube.com/watch?v=15YgdrhrCM8

hmmJanuary 11, 2018 9:59 PM

@ Doug

Is that you out there with the microwave ion sources and xray cameras and whatnot? Looks like fun.

Clive RobinsonJanuary 12, 2018 3:02 AM

@ echo,

One point the satellite show made was satellites were the cheapest verification solution. Joe says he found buying a beer and a packet of cigarettes worked.

Actually the reason the US stopped using HumInt and the likes of the U2 is their "two faced" attitude.

They had made the CCCP (USSR) out to be some evil hiding under the bed etc they had run thenselves into a propaganda cul de sac. That is they wanted to occupie the moral high ground over spying. Unfortunatly the CCCP were rather better at the propaganda. Thus having a U2 pilot paraded infront of cameras etc and the problem with US citizens doing an "OMG get him home from that evil at any cost" was a major political not fiscal cost issue.

So the US politicos decided to go down the HighTech route and put "spys in the skys" that did not have tear jerk humans on board, nor could be --at that time-- shot down.

It in turn caused other major political problems. Due to a senior US person having large investments in the aircraft manufacturing orgsnisations Curtis LeMay was using for his nuclear deterant, missile/rocket solutions were effectively nixed. Thus the German rocket scientists the US had got via Operation Paperclip were sitting worse than idle on a US airforce base in some backwater. The bleeb bleep bleep of Sputnik at the top of the HF band which could be heard by any Ham Operator including many schools made it major major news. That was first called a fake by the US then when publicly confirmed beyond dispute via work in the UK (Jodrell bank) it became a major political disaster for the US. Witn the result being the start of the Space Race that the CCCP had a major advantage at (they only had to show successes unlike the US).

It's a story that fills quite a number of books but it makes a fascinating and frankly enjoyable read.

SarahJanuary 12, 2018 3:15 AM

It doesn't mean diddly squat if gmail saves the plaintext, if one encrypt the text outside the browser, and then plops it into gmail.

echoJanuary 12, 2018 8:11 AM

@Douglas Coulter

Thanks for the link. It was fun listening to this while I was crashed out drooling face down on my sofa.

@Clive

The videos I watched had some bias. The better of the two alluded to what you said. Thanks for backfilling to round the story out. These other perspectives are often forgotten or not given prominence.

While Kennedy reigned in his more aggressive military leaders which is well documented on good books on the history of game theory which played a significant role in the Cold War I quite like Khrushchev. He at least acknowledged Stalinistic militarisation as took food out of peoples mouths and facilitated de-escalation. I guess, credit is due too to much lesser known "humans in the loop" who helped avert crisis on both sides.

Clive RobinsonJanuary 12, 2018 8:46 AM

@ Doug,

As others are likely to be reading along I'm going to be a little more formal to stop them making assumptions that could hurt them.

So,

The real problem in my eyes is key exchange

Key Managment (KeyMan) is a way way more complicated process than most can even hazzard a guess at. Ignoring all the KeyGen, storage, distribution, audit and secure disposal issues you have the "turtles all the way down" issue of getting to the point of "Secuerly and covertly transfering the first/master key/seed/secret".

Whilst the use of asymmetric PubKey can --maybe-- give you a secure channel, it's use in most occasions is not at all covert. Thus you need another layer of secure covert rendezvous protocols which means... yet another turtle. That's why an in person meeting is what traditionaly it has boiled down to.

In some past cases a OTP typed on cigarette paper thats been washed in permangenate in a "brush by" in the street or similar using age old school field craft is the solution, but not "dead letter boxes" as the chain of KeyMat custody would be broken which is a major no no for KeyMan.

It's an issue the open crypto community has been avoiding addressing for years, in part because Diffie-Hellmen was seen as a "good enough" solution to what may well turn out to be an intractable problem of "Holy Grail" proportions.

Which brings us around to the master secret issue. As you say,

For that matter, you could just agree that the bits starting after some number in say, a kitten video you send the link to, are the one time key till updated. Your keyphrase is then just the number you begin at, using it in similar fashion to a one time pad after that - perhaps whitening it a bit to make it a little less obvious.

Is fine for fun / experimentation, but as we now know the larger SigInt agencies that straddle communications choke points have a "Collect it all" policy with a "forever" clause on what might constitute crypto (including plain text that might be KeyMat). Stream ciphers which the OTP method is, using a public text makes it a week "Book Cipher" which are extreamly vulnerable to "Similar/Guesed Key" attacks. Put simply you do a trial run on part of a suspect "book cipher" and check the statistics of the output. Whilst incredibly dull work if done by hand it can be easily automated and increadibly fast these days with the entire top 100 alltime best sellers being fully checked for probables in mear seconds.

Which often gives rise to a thought process...

    If you have an assumed secure cipher like AES256 and a secure mode to use it in on a public text how secure is the output, and can that be sufficiently secure to use as a practically secure One Time Pad with a little post encryption touch up[1]?

The answer is that it turns out to be likely to be less secure than using AES in CTR mode, due to the "reuse" issues inherant in plaintext. It's thus actually more secure to use a seeded counter as the input to a block cipher and the plain text as extra whitening in a chain cipher[2].

The important point to note though is that you can not just use parts of a "book" such as a publicly available kitten video, you have not already used.

Which brings us around to the "Security and Communications end point" issue,

Obviously, no one's actually going around breaking good crypto - it's all side and back channel stuff in all but perhaps a rare and extreme case.

As always the SigInt agencies will go for the "easy route" where they can. However that may be a different approach depending on if it is a "targeted attack" rather than the prefered "hover it up" attack".

If the security end point is before the communications end point they may just go directly to an "end run attack" at the HCI level as this will in most cases be valid plaintext. Thus the likes of the Signal protocol will not protect a user who has WhatSapp on a mobile phone. Because the likes of CarrierIQ and similar "tech support" software just logs not just the ciphertext comming in but likewise the plaintext displayed to the user, and sends it off to some server on the Internet where noboubt the SigInt agencies have "tee'd" the first upstream router to send them a copy of every users messages and plaintext at the HCI. Even if such software is not already on a smart phone the use of various Over The Air protocols will get it on there. Similar applies to connected desktops, laptops, netbooks, pads and PIMs. The clear message is "They own your device not you and they can do anything they please".

Thus even is Apple goes to bat for you in one area they have no choice in others. Thus Cloud backups are not yours they are the Corporates and thus third party business records not even requiring a warrant from a judge, just an NSL at most...

To be secure the security end point not only has to be off the communicatiins device, it also has to be in effect "side channel" free to stop the hidden onwards comms channel. Thus the ciphertext must not be random uninteligable charecters, but an easily read apparently plaintext string that the human mind can easily remember. Without these properties it's game over. So whilst the One Time Pad --cipher-- "sounds cool" it's a bit of a nightmare to use, thus the One Time Phrase --code-- trumps it in many ways, providing you have sufficient fore knowledge to make a suitable code. Because a user can just look at the phrase and either immediately know what it means from memory, or can put the phone down and do other things untill they can surreptitiously slip of and look it up in the code book.

When it comes to OpSec "simplicity and ease of use" trump just about everything else almost every time.

But in addition also making an attackers life hard for little effort is almost always a good thing. Which brings us around to,

You could also (and I note in an interview with Snowden and Bruce this was quickly subject-changed) layer a few types of encryption, perhaps designing it so that a little garbage plaintext would show up if one layer got broken successfully. This would of course drive human analysts crazy with false positives

I've no idea why either Bruce or Ed would shy away from this area it's a fairly standard thing and has been for so long its beard is longer than both mine and Methuselah's combined.

If you look at a successfull hand cipher they rarely encrypt plaintext directly, they either compress or precode it before ciphering. This is the first level of making life harder for an analyst and something that must always be done with a stream cipher, which includes the One Time Pad[3]. If you look up the VIC cipher[4] you will see it has a simple method of changing the plaintext from a 26 member alphabet to a 10member alphabet using a "Straddling Checkerboard", and as part of the process flattens the statistics quite a bit.

Most people do not think about using the straddling checkerboard or other compression system in reverse to change the "give away" near flat statistics of the One Time Pad into something with statistics that make it look like a simple non polyalphabetic cipher.

There is also the notions of "Russian coupling" and "Indicator embedding" to consider. You can obviously "plaintext embbed" as well.

That is you take your ciphertext output from the OTP break it at some point and move the first part to last. You then at the correct point put the indicator in, which is the normal procedure. Then decomoress it to change the statistics You then add random plaintext encrypted with a non polyalphabetic cipher and add it in using the equivalent of a grill method. This also has the ability to act as "nulls" to padout messages to a fixed size. Yes it makes the final message quite a bit longer but the old "minimum on air time" rule[5] does not apply to digital communications networks.

As I've said these techniques are not exactly new, they have been suspected to be in use with the likes of Numbers Stations and other "Home Station" broadcasts all through the cold war, and they have recently shown a resurgence of use, with North Korea supposadly putting more into service in the HF bands with skip down in most of the US and Europe. Also apparently causing interferance and jamming to existing services in South Korea[6] via NVIS antenna radiation which is difficult to DF beyond the ground wave (a mode I happen to like as well ;-)

The problem is injudicious use of crypto which makes,

But it's all fantasy, the problem is that when they grab that level of control over everyone, you're had, secrets kept or not.

A point of concern.

It's why the use of sensible One Time Phrases and effectively OffLine usage via the human mind is where it will end up as long as some method of communication is alowed. And I suspect there is way way to much invested in "Social Networking" for it to be stamped out. Whilst Governments can be powerfull they are far from onipotent, and it's a quater to a third of a century to late to put Social Networking back in Pandora's box. For instance it is known that even North Korea's do Social Networking via Smart Phones on mobile phone networks in China. The cost of trying to stamp this out is too great compared to monitoring it. Thus the trick as normal is "looking innocent" and "staying under the radar"

There is a problem with TRNG derived One Time Pads that you note,

But then... You have all these "white noise" files on your system, or other issues they can decide not to like you about.

It's why the question about AES256 or similar in CTR mode arises. As has been noted the RC4 stream generator was sufficiently simple that it could be memorised and coded in five minutes by even an average programer. There was also the Perl implementation of a crypto algorithm that was printed on a tee shirt that could also be memorised. We are bringing into this world a whole new generation of programmers who use Python which has certain advantages as most interpreters do. The thing is that we need crypto in many forms otherwise the first world economy will grind to a halt rapidly. In times past there were arguments about 40bit Crypto for Export but alowing full size hash algorithms to be exported. It takes very little in the way of brains to look memorise a Horst Feistel round structure and see how a hash function could replace the one way structures in the Feistel round. Likewise memorising a Key Expansion scheme using a hash function is very easy as is turning a hash function into a keyed stream generator. Writing the Python code to do this fron memory whilst not quite trivial is more than possible for quite a few people.

Thus writing a program to generate One Time Pad sheets to a printer or just typing the crypto/plain text in to get plain/crypto text out is more than possible if not easy with a little practice. Thus booting a disconected PC from a CD/DVD run from RAM distro and typing in the code into the python interpreter is a possability that gets around the use of TRNG derived "White Noise" files.

Whilst I'm not suggesting people do any of this, it will give then ideas they can work on such that if ever the need arises they have a position to fall back to.

As for "being selected" there is nothing you can do about that once it starts, it has to run it's corse irrespective of anything you do. There are still people who lived through Senator McCathy's "Unamerican Behaviour" witch trials, where people were more than happy to lie under oath about other people to either try and save their own necks or for the fame of being a star witness, or strut around being "A big man" in a snazzy uniform with lots of badges and medals. The US citizens sat there night after night watching it like a spectator sport and did nothing but sit and watch. This is a fairly common human failing and history shows it happening with regular monotony.

Put simply there are Authoritarian leaders, who can only maintain their position due to mindless authoritarian followers or chancers, and they only maintain their position because the rest of the citizens let them one way or another... As long as humanity does this then your chance of being selected is just pot luck, because of the "I'm alright jack" attitude untill it's their turn for the "midnight knock"...

Like death it's one of the few certainties in life. It's what the various documents the founding fathers and others drew up to stop it happening. In all honesty do you think the authoritarian in the DoJ / FBI / NSA / CIA care one jot to the oath they swore to the Constirution? Nope me neither, how about their had selected authoritarian follows? Nope me neither. How about good old Joe public? Is his head out of the sporting pages? The Romans used Bread and Circuses, the West Beer and Sport. Mind you back in Ceasers day they were for free, these days theres a bunch of rent seekers holding their hands out to fleece you to the core.

Sorry to end on a grim note, but realy that's the way of the Western world today and I doubt it's going to be any better tommorow or the day after... It's a get down --on your knees-- or get out --of town-- culture. You atleast have taken some steps away from it and I sure wish more than a few others would to.


[1] I won't go into the details again, but genuine unbounded output from a TRNG is not suitable for making an OTP due to Run Length issues without having adjustments made to reduce plaintext leakage by changes in the output statistics. Nor for that matter is output from AES256 regardless of the modes you might use it in for the same reasons.

[2] Chain ciphers like 3DES whilst conceptually simple have a few issues that can be looked up. But if you think about it with 3DES if you use a seeded counter as the primary input you have three non output chain points you can add XOR type whitening. As long as one of the ciphers is keyed, you can use crypto hashes for other positions in the chain after whitening.

[3] People misunderstand how a stream cipher and in particular the OTP work and what their security promise is. They do not guarentee to make a message undecipherable, only to make all possible plaintexts equally probable. It's one reason why an incorrectly made OTP can leak plain text and book ciphers can be broken by the sawbuck method. The way to limit this is to change the statistics of the plaintext first. That way the real plaintext looks like random gibberish and does not make it out of a simple fast statistical checking process as a "probable".

[4] https://en.m.wikipedia.org/wiki/VIC_cipher

[5] Early "Spy Sets" are truly appaling in many respects, I've one or two in my collection along with Mil comms gear. WWII kit was "morse code" and was in effect a "keyed power oscillator" and a "Direct Conversion" converter to get side tone and reception. Often they would use a single crystal for frequency control and back in WWII these were not those tiny welded "relay can" HCU devices but bakalite containers the size of a matchbox with two bannana plugs 1/2inch appart at one end and a rubber gasket and screw down lid at the other with internal spring clips and plates to hold the natural quartz resonator. It realy did not matter if the key was down or not, it leaked signals from the oscillator all the time it was on and the German radio service were known to be able to Direction Find from upto ten miles away. Which made the life expectancy of all but a light traffic radio operator quite short unless they were very cautious and clever about their OpSec.

[6] http://nationalinterest.org/blog/the-buzz/north-korea-broadcasts-really-strange-messages-new-nuclear-20183

Petre PeterJanuary 12, 2018 9:47 AM

Remember! GAK (government access to keys) and maybe we'll soon have a section here for it. It's hard not to panic.

emailJanuary 12, 2018 10:27 AM

Okay. Government can have our keys. In exchange we get freedom of information laws which mean something and data storage of official documents which doesn't go walkies? I also propose in exhcange for an always monitored chasless society every state official who uses the phrase "because of national security" receives an increasingly powerful electric shock.

PuppyJanuary 12, 2018 11:08 AM

If everyone reading this blog would write their Reps and President via snail mail...it might make them wary of changing things.

Demand they get Wray fired. Demand they demote encryption foes. Threat works.

Allowing the courts to do the lifting on issues like this is dangerous. Courts are agents of government, and they are too easily hijacked by government for use against the citizenry.


No pile of letters threatening action? They'll just run over encryption. This idea that they'll stop without force from the public is just delusional. Insane.


We need a million ex military with locked and encrypted phones to cross our border while absolutely refusing to provide unlock codes. Big fights are dangerous...but those would help too. No one backs down without force.

65535January 12, 2018 1:31 PM

@ Rick Lobrecht, Mike, Clive and many others

"Although encryption can help secure your data, it may also prevent law enforcement agencies from protecting your data." ‘Ha - classic.’ –Rick lobrecht

I agree that statement from Deputy Attorney General Rosenstein is a humorous logical fallacy. It is another reason to read your personal communications without a search warrant.

“The term "responsible encryption" is nonsense. Either you encrypt or you don't.”-Mike

You hit the nail on the head and there is nothing more to be said.

“It is unclear to me what public service of 'domestic tranquility' the FBI & civilian police intend to secure for the citizenry as a whole.”-Rhys

The answer is none.

The FBI and police want to go on a huge fishing expedition with little or no cost to them. The FBI has rarely stopped any crime with so called “high tech” methods. The FBI and the police use dubious methods and informants to get a conviction after a crime has occurred.

Look, no one ever said law enforcement was easy - it is hard and has been throughout the ages. Police work requires getting out of an overstuffed desk chair a doing hard grinding investigative work. If Rosenstein doesn’t like it he should not have joined the Bureau.

I think Rosenstein is a lazy over-paid bureaucrat who doesn't want to leave his lavish office to catch criminals. The hardest task he has performed in the last few years is making a speech.

He wants push-button law enforcement with no regard to people’s rights. He wants dossiers on everyone but himself and never ending list of movements on all Americans at a press of a button from his custom Smartphone. He probably thinks routine police work is too strenuous to do. The Fourth Amendment are too inconvenient to follow.

But, it is a different story with his personal privacy. Try getting metadata on movements of Rosenstein personal/business cell phone and you will stopped cold.

He wants to create a one-way mirror so he can watch Americans while hiding his own prosecution activities however parallel constructed. His tutor, the NSA has to redact their definition of "meta-data" due to "National Security" which what he does. This shift of power to bureaucrats from the very citizens who pay salaries said bureaucrats is a stinks to high heaven.

He should stick to well known investigative tactics – not ordering internet providers to live stream their customer's conversation to J. Edgar Hoover Building in DC.

I suggest Rosenstein stick to real investigative tactics using proper search warrants or leave the Justice Department.

Ooragnak January 12, 2018 1:34 PM

Encrypt responsibly. Never drink and encrypt. Buzzed encryption is drunk encryption. Think of the children.

emailJanuary 13, 2018 12:01 AM

"The FBI and police want to go on a huge fishing expedition with little or no cost to them."

It's true but given the 'do more with less' mantra can you blame them?

65535January 13, 2018 2:02 AM

@ email

“It's true but given the 'do more with less' mantra can you blame them?”- email

Yes, I can.

The whole Justice Department is mainly over-paid lazy lawyers or corrupt cops that made into the J. Edgar Hoover Building by greasy political connections. They want convictions or plea bargains given them on a silver platters with little or no actual work.

I have had the unfortunate experience of working with a few. They are the bureaucrat's version of military brat on steroids. They leak money like the Titanic. They need less money and more actual backbone and brain power.

Cut their budget by 35 percent. No more stingrays or Bat-mobiles stuffed with cell tower suckers and automatic license plate readers. I say the less money to them the better.

JacquesJanuary 13, 2018 2:18 PM

>> Rosenstein is right that many services like Gmail naturally keep
>> plaintext in the cloud.
>
> Along the same vein, people actually don't want the feature of being
> targeted advertised to, nor the feature of having their stuff stored
> insecurely to enable that. That's why people have been leaving Gmail
> for offshore services like Protonmail.

Exactly.

More and more people realise that Gmail is simply a massive surveillance system, and it was so from the beginning:
https://www.alternet.org/media/google-using-gmail-build-psychological-profiles-hundreds-millions-people

I'd also say that Gmail is actually *not* keeping plaintext *naturally*.
They could be dropping it, at least at request from its users, but they are keeping it as long as they wish. They percasive scanning and analysing emails' contents of people who don't use Gmail (they are just contacting others who do) and didn't even sign they abusive "privacy policy", which I consider unethical.

Clive RobinsonJanuary 13, 2018 3:00 PM

@ Jacques, All,

More and more people realise that Gmail is simply a massive surveillance system, and it was so from the beginning:

Whilst the more savvy users have caught on, there are a whole host of users that even though they are clued up they have no choice. Some are considered our most vulnerable ie school children/students where there academic career is on various google storage center mass storage, which also means with high probability the NSA and other US IC entities have it as well.

Put simply schools, collages universities have been pushed by those like Deans who have their fingers firmly in the institutions till into Googles various offerings. Thus neither the the academics, the children/students or their parents have any choice, they get told "Use or be Failed/Expelled"...

It is as they say "Utter Madness" but those institutions that have now effectively become "Hedge Funds" have an insatiable desire for the students loan monies, but offer less and less in return. It's now not at all unknown for a student to be taught/mentored and in effect supervised by older students, who are often paid way way less than they should be.

It is a disaster in not just the US Education system, and it does not bode well. The view of a number of --cash grabbing-- "advisors" is "AI will replace the need for not just unskilled labour but all the way up to researcher assistants, technicians and engineers"... The trouble is they appear incapable of "joining the dots" in their arguments... This sort of thinking was around in the "money men" back it the Thatcher/Reagan era, with bold but stupid statments such as in the UK "We will only need a service industry" well we know how that played out several Banking Crisis and Recessions later, with "Quantative Easing" and it's like robbing the bottom 99% of the population over and over for the massive benifit of the 1% of the 1%...

65535January 14, 2018 3:32 PM

@ Clive Robinson

“…most vulnerable ie school children/students where there academic career is on various google storage center mass storage, which also means with high probability the NSA and other US IC entities have it as well. Put simply schools, collages universities have been pushed by those like Deans who have their fingers firmly in the institutions till into Googles various offerings.”-Clive R.

That is exactly the problem.

I take continuing Ed courses for various degrees and certificates at a college. The college forces all students to use Gmail internally. This is a huge leak of data.

Will say certain professors have heard about the NSA tapping into Google un-encrypted data lines between data centers, which is supposedly now encrypted, and they are using outside email providers, but the data at rest is not encrypted. I am betting Google sells it. I also think this google deal is entrenched into the medical industry. This is a travesty.

DavidJanuary 16, 2018 7:07 AM

"Responsible encryption is effective secure encryption, coupled with access capabilities."

It's thirteen o'clock, freedom is slavery, ciphertext is plaintext.

INGSOC wants you to be responsible. Don't worry, you are not a slave who must remain completely transparent to INGSOC. You have rights, you are free, and Big Brother loves you.

SnakeJanuary 16, 2018 4:51 PM

"I encourage you to carefully consider your company's interests and how you can work cooperatively with us"


Comply, or else...

justina colmenaJanuary 18, 2018 4:58 PM

... he proposes that tech companies decrease their communications and device security for the benefit of the FBI.

By making such a proposal as an official pronouncement of the U.S. Department of Justice, Rosenstein is guilty of a war crime known in German as Wehrkraftzersetzung, or hindering the war effort, in this case the war effort of the United States, that is, the continual and general efforts of U.S. citizens, businesses, and military forces to maintain preparedness for war, which is ever imminent in this day and age of terrorism and nation-state nuclear threats.

Rosenstein's proposal is to the benefit of organized crime cartels, and certainly not at all helpful to FBI in its official duty to fight crime.

lurker2018January 19, 2018 3:38 AM

"I simply maintain that companies should retain the capability to provide the government unencrypted copies of communications and data stored on devices, when a court orders them to do so."

This is misdirection, he really means "companies should be forced to provide...". All companies already "retain the capability to provide...", they just choose not to.

If Microsoft, Google, Apple, etc. wanted to keep plain-text copies they could simply stick something on line 1232034 of the EULA stating:

"When you click the 'encrypt' button on our product, a plain-text copy is forwarded to our cloud prior to encryption".

What Rosenstein is doing is typical government double-speak for something they want to force companies to do but make it look like it was their idea to volunteer.

RatioJanuary 21, 2018 9:00 PM

@Wael,

Tell me something: can‌‌‍‍‍‍‍‍‍ you‌‍‌‌‌‌ read‍‌‌‍‍‌‍‍‍‍ between‌‌‍‌‌‍‍‌‌ the‌‍‌‍‍‍‍‍‍‍‍‍‍‌‍ words?

Hmm… I‍‌‍‍‍‌‍‌‍‍ think‍‍‍‍‌‌‍‌‌‌‌‌‌‌‍‌‍‍‍ you‌‍‍‍‌‍‌‍‌‌‌‌‍‍‍ know‌‌‌‌‌‍‌‍‍‍‍‍ the‌‍‌‍‌‌‌‌‍‍‍ answer‌‌‌‌‍ to‌‍‍‍‍‍‍‍‍‌‍ that‍‌‌‍‍‍‍‍‌‌‌‌‍‍ one. Or most of it, anyway. :-)

RatioJanuary 22, 2018 1:01 AM

@Wael, exactly.  : -)   I need to finish this one so I can move on to the other one…

WaelJanuary 22, 2018 1:38 AM

@Ratio,

Forget about the Morse code one. The decoder isn't very accurate (unless you know of an audio decoder of Morse code.) And I messed up the delimiters between letters anyway. I encoded dashes and dots but forgot the delimiter so the messsge is ambiguous. Even I forgot what I typed. Lol

The poem one is sufficient -- I verified it several times.. Only one step left (the key is very easy to find -- you only need a white belt in Google-Fu to find it.)

The limerick is wrapped in AES, OpenSSL is a loosing bet With a 256-bit key -- no less! Decrypt with https://aesencryption.net

You can do it! Don't forget the address ;)
Speaking of poetry... here is a poem for you read by a child, the recording is old I think. Impress me and tell me two mistakes he makes. Impress me more and tell me the true story behind the poem -- no time limit on this one.

WaelJanuary 22, 2018 2:00 AM

@Ratio,

no time limit on this one.

The story of the poem isn't far off from the theme of this blog. It has to do with measures and counter-measures: how clever people can achieve what they want.

RatioJanuary 22, 2018 4:00 AM

@Wael,

Forget about the Morse code one. [...] I encoded dashes and dots but forgot the delimiter so the messsge is ambiguous.

You preserved word boundaries, though. I solved part of it by hand and will just brute-force the missing bits.

The poem one is sufficient [...]

I thought I had the key, but after your comments I have more than one candidate. We’ll see.

here is a poem for you read by a child
TODO += that

I take it you didn’t solve my Morse code? (I used the exact same scheme you used.)

WaelJanuary 22, 2018 5:10 AM

@Ratio,

You preserved word boundaries, though.

I did? Lemme look at it in the morning. I was trying to decode the Morse code by ear, but I discovered I need more practice. Got rusty, I guess.

I thought I had the key, but after your comments I have more than one candidate. We’ll see.

I can't help you with the key, and there is only one way to know the key you have is correct! It changed gibberish into world-class literature! This is the simplest part of the fecodng process!

I take it you didn’t solve my Morse code? (I used the exact same scheme you used.)

I know you did (fire with fire) and I, didn't solve it. Still recovering in bed.

WaelJanuary 22, 2018 11:35 AM

@Ratio,

I didn't solve it

It's impossibly long to decipher (my own puzzle!) I found a decoder that decodes morse code without spaces. My only other choice was to use an audio decoder to decode the message (I think it was the same.) But the audio decoder doesn't work very well -- you may have better luck. Next time I won't forget the delimiters, which will be hard to do in a stealthy manner since we only have two invisible symbols to work with. If there is a third one it would be a lot easier. I think we can get around this as well by spelling out "dit", "dot" explicitly, but that's very inefficient. Here is some few commands / "scripts" to help you with similar things...


Scan a page:
curl https://www.schneier.com/blog/archives/2016/06/friday_squid_bl_530.html#c6768390 > scan.txt

ZJWN to Binary:
perl -pe 's/‍/0/g;s/‌/1/g' < scan.txt > bin.txt

Strip spaces:
perl -pe 's/ //g' < bin..txt > stripped.txt

I'll give up on this -- but the idea was demonstrated, nonetheless.

WaelJanuary 22, 2018 11:57 AM

@Ratio,

Dang! Not playing with a full deck today... the parser ate the ">" signs and I am tool tired to map them for proper rendering...

perl -pe 's/\x{E2}\x{80}\x{8D}/0/g;s/\x{E2}\x{80}\x{8C}/1/g' < scan.txt > out.txt

The above is for text that was copied into vi. you can do similar things for text that was obtained using "curl", but have to replace the hex codes with ZWJ/ZWNJ ...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.