The DoJ's Secret Legal Arguments to Break Cryptography

Earlier this year, the US Department of Justice made a series of legal arguments as to why Facebook should be forced to help the government wiretap Facebook Messenger. Those arguments are still sealed. The ACLU is suing to make them public.

Posted on December 3, 2018 at 6:37 AM • 68 Comments

Comments

SimonDecember 3, 2018 6:51 AM

A worthwhile cause. Have we hit peak irony yet? That the DoJ wants to keep the reasoning secret on why they should be permitted to force companies to open access to the people's data? Incredible.

Denton ScratchDecember 3, 2018 8:03 AM

I don't see how Facebook can enable the USG to tap encrypted Messenger traffic without removing or disabling Signal. I suppose that could be done by sneaking in an update to Messenger in which Signal is disabled, but appears to be enabled. That could perhaps be done on a per-phone basis.

It says the judge denied the demand; but since we don't know what was demanded, it could be that he permitted something. Otherwise, I can't see what the point is in keeping both the application and the judgement sealed.

The AT article also says the gang members in question are all in custody. Do they get to use FB Messenger in jail? Are the feds planning to release them, and tap their phones on the outside? Wouldn't the smart gangster abandon Messenger on hearing this news, and switch to some other channel?

Odd.

TimHDecember 3, 2018 9:02 AM

I suspect the DoJ included situations where FB and/or others have helped DoJ recently. Neither DoJ nor others would want that cooperation revealed.

RealFakeNewsDecember 3, 2018 9:26 AM

There was a case recently in the UK, and discussed on this blog, where a man was held "on suspicion" of kidnap. The Police claimed they couldn't access his FB Messages while also claiming it "held vital evidence".

You don't need to think too hard to realize they already knew the contents.

TimHDecember 3, 2018 9:40 AM

@RealFakeNews: The lesson that people will have to learn is to never agree or admit even the most basic facts to any investigator. The investigator may not want to disclose how and when the investigation got those facts independently, and an admission renders that moot.

This is a different to the James Duane argument that innocent people provide the circumstantial evidence to help convict themselves. In other words, if you admit that you peed against a tree (as a 6 year old), it is easier to convince a jury that you exposed yourself in public last Thursday.

David Allen WilsonDecember 3, 2018 11:31 AM

Excuse me, but fill me in here -- since when have we been assuming that communication via Facebook would be "secure"?

vas pupDecember 3, 2018 12:35 PM

@TimH: Good point!
The truth is that investigators ask you about what they don't know, but rather what they already know from other sources (reliable or not). If you decided to talk, then you put yourself in perjury trap meaning it up to court to decide who provided truthful statement. Because Title 18 of US Code paragraph 1001 has subjective component: 'knowingly and willfully' it (unfortunately recently) provides opportunity to switch burden of proof de facto to the suspect/defendant, but should stay on investigators
and prosecutors. Can you provide false information due to lack of memory?
If criminal justice reform is going to happened and not going to make cosmetic changes only, then all those 'collateral'/accordion-type crimes including contempt of court, obstruction of justice, etc. should be described in details in the Law excluding any ambiguity to avoid making criminals out of law abiding citizens. Plea bargain required total new face of even abandoned altogether.

Clive RobinsonDecember 3, 2018 1:27 PM

@ Denton Scratch,

I don't see how Facebook can enable the USG to tap encrypted Messenger traffic without removing or disabling Signal.

Why bother futzing with Signal?

Signal is not secure, anyone who thinks it is should draw a little diagram and draw in the security end points...

Signal may have secure communications across the Internet, but so what when the plaintext is available on the HCI side of the app? On mobile devices the security end point is in the app, the network opperator or others can relatively easly do an "end run attack" from the network to the plaintext side of the application with on heck of a lot less effort...

If you want even a smidgen of security you need to take the securiry end point "off decice" to some other protected system.

Not being funny you would probably be more secure using post WWII Crypto machines than you would Signal, simply because of the ease of doing an on smart device end run attack...

SteveDecember 3, 2018 1:44 PM

Given the pernicous influence Facebook has had, one is tempted to say any anything which damages it in any way is a net benefit.

That goes double for Twitter.

That said, if you want to keep a secret, keep it to yourself.

Clive RobinsonDecember 3, 2018 1:58 PM

@ All,

The reason for keeping it secret is probably not hard to guess.

You could start with what happend when they tried it on with Apple, the publicity has shown there is a high probability both the FBI and DoJ representatives lied to the magistrate (judge), to try and get a favourable piece of case law they could then go and beat other companies over the head with.

You have to remember that these FBI and DoJ representatives are happy to commit such crimes, probably because they have certain incurable mental defectivness (look up sociopath / pyschpath behavioirs).

Their longterm goal is to destroy any kind of privacy they can irrespective of the strongest and most cherished of US law.

As they so rarely get a setback and then even rarer get any kind of real punishment, and they are working on the US Tax dollar, there is no disincentive for them to keep chipping away via what is in effect a backdoor attack on the legislative process.

If they want a change in law they should do it the open and honest way, but then the FBI and DoJ have repeatedly repeated they are neither honest or open...

As I've explained so many times in the past, there is noway the FBI or DoJ can stop "going dark" against even a moderatly informed person. Thus the only real reason for their behaviour is an attack on every honest US citizen.

When you understand this you understand just why the FBI and DoJ employ and repeatedly promote peole who have a mental deficiency that enables them to break the law, behave against their oath and all the honest people in the US...

If you doubt this go read up on the illegal behaviour of the first FBI Director (J Edgar Hoover) and ask if since then there have been any honest people promoted up to senior levels... Then go and look at FBI Director Louis J Freeh, then go and look at, oh just throw a dart in the list...

IsmarDecember 3, 2018 2:42 PM

Government agencies (and anybody else with enough money to spend) should be (and most probably are) capable of intercepting messages on most (if not all) of the targeted endpoints already without a need to break any in- transit encryption.
The only reason I can see then for pushing for weakening of encryption is to be able to leave no trace of interceptions- something that is much harder to do at the endpoints themselves. This would enable them to operate in their favourite mode of plausible deniability should anything go wrong as it does from time to time.

SrwDecember 3, 2018 3:44 PM

@Clive

What in the world is an "end run" attack? It sounds like gibberish aimed at sounding smart.

JG4December 3, 2018 4:41 PM


@Srw - You might sound smarter if you used your computer. The math of cryptography can be rock solid. Rather than breaking encryption, which is quite difficult, most devices that are commercially available have a series of hardware and software backdoors. The term of art that Clive is using is well described here:

End run
https://en.wikipedia.org/wiki/End_run
A run around right end
In gridiron football, an end run is a running play in which the player carrying the ball tries to avoid being tackled by running outside the end (or flank) of the offensive line.
...
Colloquially, and in a metaphorical sense it has come to mean an attempt to avoid a difficult situation by dodging it without confronting it directly, or to attempt to circumvent someone's authority by appealing to a different authority.[3]
...

He not only sounds smart, he is smart.

Jesse ThompsonDecember 3, 2018 4:47 PM

@Srw

I'm pretty sure Clive means introducing malware onto the device, or exploiting that which may already lurk in the variant of Android or carrier bloatware or drivers required to interface with carrier network even if you root the device.

@Clive feel free to correct me if you were aiming somewhere else? :)

Also:

> Signal is not secure, anyone who thinks it is should draw a little diagram and draw in the security end points...

Isn't @Bruce pro-Signal?

I really wouldn't mind seeing a friendly Clive v. Bruce debate on the merits of the app, as I know little about it specifically myself. :)

Al FredoDecember 3, 2018 6:44 PM

The DOJ is a problem.

What is going on with them?

Did Russian agents take over or what?

I'm serious, they are in need of a redo.

SrwDecember 3, 2018 6:46 PM

@JG4

He was shitting on Signal while making proclamations that an "end run attack" makes the chat program and its encryption worthless.

Confident claiming it's worthless because it doesn't protect against a threat model it was never designed to protect against is incredibly stupid and makes me question Clive's motivations or credentials.

echoDecember 3, 2018 7:15 PM

The UK governmetn was forced by law passed by parliament to release its Brexit legal advice in full. The government refused and was in contempt of parliament which was heading for another vote. In the end the UK government caved in. The excuse the government used was that releasing legal advice would impede the functioning of government much like Bruce's earlier argument over citizens ability to function requiring privacy rights.

I don't wholly buy this. As has already been commented on when it comes to passing new law unless there is openess about the facts and legal argument a proper democratic discussion cannot be had.

There are so many avenues of judicial review against the government to halt Brexit it's not funny. I suspect this is why, in part, the government pulled a "hustle" by sneaking through a law placing a time limit on proceedings.

@Srw

Clive has a fetish about end run attacks simply because no matter how secure the protocols modern computational devices are Swiss cheese at every level. People and politicians and even experts can be lulled into a shared hallucination or narrative which hides or lacks anything which invites scruting when in actual fact the reality is very different. Any corporate lawyer familiar with the term "breaking the veil" knows what this means in practice as do many lawyers dealing with public law or discrimination not to mention abuse victims dismissed as "fruitcakes" and "liars". A lot of this can be explained away by thuggery and greed and stupidity not necessarily a thumb twiddling masterplan but where weakness exists there are those who will exploit it. Every single "zero day" is proof of concept.

I personally believe a decent society is the best defence as this is what organisations and individuals and all the policy and implementations which flow from this are dependant upon.

I'm not personally much concerned about computer security in practice more the jerk sitting in front of me.

echoDecember 3, 2018 7:21 PM

@Clive

Not being funny you would probably be more secure using post WWII Crypto machines than you would Signal, simply because of the ease of doing an on smart device end run attack...

This is whatI wondered when glancing through a few pages of WWII and post WWII era crypto machines for inspiration. Were they made obsolute because of cyrptology flaws or simply that solid state and IC devices had other advantages such as small size and speed and more adaptable interfaces?

John SmithDecember 3, 2018 7:35 PM

Since Srw raised the topic of questioning motivation and credentials:

"What in the world is an "end run" attack? It sounds like gibberish.."

"..because it doesn't protect against a threat model it was never designed to protect against..."

From someone posing as a neophyte, to someone familiar with the jargon. Oops, klunk.

And in both cases, an aggressive comment aimed at someone with more knowledge, experience, and influence than most. That, plus the inconsistent persona, ain't gonna fly. Not here.

Men in BlackDecember 3, 2018 8:01 PM

@John Smith, Al Fredo

DOJ wants an easy path for parallel construction, and doesn't want to discuss domestic spying programs. Hence the secrecy.


The DOJ is a problem.

What is going on with them?

Did Russian agents take over or what?

I'm serious, they are in need of a redo.

They already got quite a "redo" when Jefferson Sessions fired some 43 attorneys general, and then was fired himself. But that barely scratched the surface of the entrenched government bureaucracy, because there are certain things like the opinions of former attorneys such as Eric Holder, still in effect.

https://www.federalregister.gov/documents/2014/01/07/2014-00039/amended-definition-of-adjudicated-as-a-mental-defective-and-committed-to-a-mental-institution

The parallel construction is an obstruction of justice if that could ever be proven and prosecuted. What is the true probable cause, sworn under penalty of perjury before a judge who issues a warrant based on that oath?

The cops initially learned about some alleged crime by some unconstitutional privacy-invasive means, but they're making up some other grounds for the warrant for oath in court before a judge?

We're not stupid. Crime whixh the cops know about cannot be allowed to go on unhindered and unpunished, but there is then a duty to warn. The cops lost the opportunity to do a bust when they failed probable cause. That is the obstruction of justice.

They knew the the system, and they played it perversely against the Fourth Amendment.

echoDecember 3, 2018 8:24 PM

The UK position is somewhat different from the US position but there are points of similarity enough to fudge things. An analysis of both may inspire useful lines of discussion which can them be used to formulate specific arguments.

The UK Attorney General is in hot water. Apparently, there is a contempt motion against him (and a government minister) in parliament. Parliamentarians want to know his full reasoning and it appears from his comments under scrutiny that he hasn't been completely open. I'm not sure if the minister will pull the "sovereign decision making" excuse the former Foreign Secretary Jack Straw pulled but this is another avenue those with power use to try to wriggle out of accountability.

The Prime Ministers argument supporting a claim the government has a mandate is rubbish. The reason the government keep pushing this is because under UK constititional law parliament has no authority without a mandate. In fact not havign a mandate gives politicians the heebeejeebees which is why they will use any desperate trick to avoid discussions circling around "mandate" because they know their policies and authority will be sucked down this plughole.

https://www.theguardian.com/politics/2018/dec/03/cabinet-minister-suspension-brexit-legal-advice-deal

Jonathan WilsonDecember 3, 2018 10:39 PM

They are trying to pass these encryption-busting laws here in Australia. Thankfully the opposition party has refused to rush the laws through without proper scrutiny although what happens next is anyone's guess given the state of the parliament right now...

I am surprised someone like Islamic State hasn't found some software developers somewhere to work for their cause and produce encryption software (both for communication and storage) that is both as secure as possible (including end-to-end encryption) AND where none of the entities connected to the software are in any jurisdiction where they could be in any way forced to weaken said software or help western authorities crack into it.

Its clear that if laws get passed or lawsuits are won and encryption backdoors become a thing, the groups these things are intended to target (terrorists, organized crime, criminal gags etc) will stop using anything that could potentially be intercepted by the good guys.

Someone needs to show those who are pushing for this crap just how easy it is to find and use encryption that can't be made open to law enforcement or intelligence agencies no matter what legislation, regulations or court orders say about it.

Jonathan WilsonDecember 4, 2018 2:26 AM

I am disgusted that the ALP is ignoring all the statements from all these security gurus and experts about how bad these laws are (both in terms of the harm they cause to people who aren't bad guys AND the fact that they wont actually stop the people they are intended to stop) and are bowing down to the demands from the LNP that these laws be rushed through.

SrwDecember 4, 2018 4:13 AM

@John Smith

I have never heard of attacking endpoints referred to as "end run attacks" before. It's a very limited utility phrase and it is too vague on the mechanism of compromise for me to see it as useful descriptor of an attack.

I also stand by my criticism of Clive. He denigrates Signal because it doesn't protect against a threat it was never designed to protect against. This implies ignorance, malice, and/or selective apathy on Clive's part.

Clive RobinsonDecember 4, 2018 5:08 AM

@ Swr,

Another new handle...

What in the world is an "end run" attack? It sounds like gibberish..

It comes from a standard US sporting reference, so should not sound like "gibberish". If you take 30secs to ask Google to define "End Run" you get,

    end run Noun : an attempt by the ball carrier to run around the end of the defensive line. Verb : evade; circumvent.

Which I would have thought would have made it obvious...

Which brings us to your statment,

I have never heard of attacking endpoints referred to as "end run attacks" before.

It should now be clear you are not attacking the security end point (the Signal App in this case) simply "going around it". Which makes it a "class of attack method" not an "instance of an attack method", which makes it like "Phishing attack", "DDoS attack" and a veritable legion of other names of classes of attack.

As for your pretend world nonsense about what Signal claims or does not claim to be, it is very specifically designed to run in a Smart Phone environment which are known amongst some security practicioners to be totaly insecure, and totally fails to address those insecurities. Thus ordinary users are gulled into believing they have end to end security whilst it's only secure from part of the app to part of the remote end app. If Moxie does not know this then he should get wise to the actuall state of affairs in the real world were we actually live.

Look at it this way if you only "half build a roof, it ain't storm proof" and people would call you a fool for claiming so.

So I say as I have for some considerable time,

    No Smart Phone Messenger Apps can be secure when the security end point is on the communications device under the current way the devices are built.

If you do not like this statment of fact well get your thumb out and design a properly secure Smart Phone or secure system[1] using such insecure devices, otherwise stop living in some pretend world, where you say the only point an attacker is alowed to attack is the one point you dictate...

[1] I've repeatedly outlined how to do this on this blog so you could use it as a template...

Clive RobinsonDecember 4, 2018 5:48 AM

@ echo,

Were they made obsolute because of cyrptology flaws or simply that solid state and IC devices had other advantages such as small size and speed and more adaptable interfaces?

They had got to an evolutionary end point. Gordon Welchman tried to design a "joint replacment" for the US Sigaba device that the US for various mistaken reasons believed had "secret sauce". The US techs took one look at Gordon's RM-26 design and said there was no way it would be reliable[1]... What we don't know is what Gordon's real intent was, as he was a "wheels within wheels" type thinker and importantly his design included the "secret sauce" the US were worried about... My guess is it was a backdoor way to pointing out to the US that there was no "secret sauce" and they might as well share...

I guess though that the move to electronics was firstly "reduced cost" which can be seen even in a monster like the BID610. Secondly a change in thinking about just how secure links would be used. The one thing Germany got right was "secure comms everywhere" WWII had changed war in major ways and there is now no way major powers will fight a war without secure comms everywhere. Secondly WWII showed that the reality of life is that "relative levels of security" is unwise. That is every link is secure and to the same high level or they are not secure to avoid the "General in a plane" problem.

It would not be practical or an efficient use of resourses to make mechanical crypto kit that would weigh in around 100lb to be used with every radio. KeyMat handling alone would be a compleate nightmare, not to mention "operator error" and "trust". Electronics for instance makes "secure fill guns" easy which means in turn the operator never gets to have any contact with the KeyMat thus can not betray it by copying it in some way.

The list gets very long when you start thinking "organisational" rather than "individual" crypto.

[1] It was also massive and impossibly heavy for all but a very few uses, which is just as well because destroying it in an emergancy would have been difficult as it was also dam near bomb proof as well...

Denton ScratchDecember 4, 2018 5:48 AM

@Clive "Why bother futzing with Signal?"

You describe a procedure whereby the feds could obtain plaintext by attacking the endpoint device. But surely, to attack the device, you would need the cooperation not of Facebook, but of the mobile provider?

FWIW, I thought ther Signal protocol was supposed to be secure.

I know little about these matters; I have a mobile phone, but I rarely carry it around with me, it is frequently fully-discharged, and I avoid giving the number to people. It runs Cyanogenmod, and a handful of apps that are far from fancy. I have never had a Facebook account.

It's still not clear to me why the feds and the DOJ have dragged Facebook into court. That's why I mentioned Signal. What are Facebook supposed to be able to do, other than disable the encryption?

Jon (fD)December 4, 2018 6:16 AM

We Don't Trust You Anymore Because You Do Not Punish Those Who Betray That Trust.

Let that be the maxim for anyone who asks us to just 'trust us'. Jon (fD)

Clive RobinsonDecember 4, 2018 7:58 AM

@ ,

Yes and no.

Back in 2006 when Bruce was working at CounterPoint, he had a conversation with Marcus Ramun, in it he said,

    I've met users, and they're not fluent in security. They might be fluent in spreadsheets, eBay, or sending jokes over e-mail, but they're not technologists, let alone security people. Of course, they're making all sorts of security mistakes. I too have tried educating users, and I agree that it's largely futile.

And,

    I don't see a failure of education; I see a failure of technology. It shouldn't have been possible for those users to run that CD, or for a random program stuffed into a banking computer to "phone home" across the Internet.

Along with the acid point of,

    Technology moves too fast these days; there's no time for any generation to become fluent in anything.

After 12 years I don't realy see that anything much has changed for the better, Marcus does not think so and I suspect Bruce does not either.

In many ways Bruce is more of a pragmatist than I am, and can see the faintest of grey next to the white and know that if you keep scribling the pencil long enough then eventually you will get closer and closer to black.

As Marcus has noted in his last post[1] what is happening is managment are responding to shareholders to cut costs and are going about it in entirely the wrong way. In the original face-off with Bruce he noted that shareholders and others were "lawyering up" rather than sort security out.

Thus is corporate managment "don't get it" what hope the rest of the non Technorati?

We appear to have entered a Red Queen's Race, where everyone --except the attackers-- are runing just as hard as they can to stay where they are with the "everything is software" paradigm. I'm an engineer by training and know the real cost in terms of blood, guts, disablement, death and large holes in the ground if I make mistakes... Something Developers appear congenitaly incapable of understanding[2] worse managment are weeding out those who do in prefrence to Developer Run Everything, which can only lead to year upon year of sorrows.

Hence my more absolutist Black or White viewpoint on security. Either it is secure or people die and large holes in the ground start appearing...

The problem is that I want all the links in the chain to be strong before it's used. Bruce is I suspect of the viewpoint "Rome was not built in a day" thus secure the weakest links first and work onwards bit by bit to strengthn all links over time.

Ignoring other messaging applications Signal has strengthend one of the many links in the communication chain right where it hides the dark places the SigInt Agencies try to hide out of sight, thus forcing them out from under their stone. However there are three other player groups that have to be addressed as well,

1, Foreign supply chain attackers.
2, Law Enforcment sociopaths.
3, Rapidly evolving criminals.

The first two are going to be doing the end run attacks, whilst the third will work where the ROI gives them the best return on not just difficulty but risk.

Whilst the US and other short sighted governments are fully responsible for gifting the supply chain to hostiles thus there is little that can be done short term about the first group. The second group there is things we can do to stop still open to us. They are also of more danger to the average individual than the SigInt agencies ever were or are likely to be in the future (provided they lock the bl@@dy tool shed).

Thus my viewpoint is rather than the softly softly approach which LEO's will kill long before it gets there, we take the much more brutal approach, show every one especially legislators they have no security nor will they ever have with the softly softly aproach and an industry thay actually is in bed with the LEO's (Yes I do mean Facebook and Alphabet et al who prey on user data). Thus make as widely possible secure systems and methods, in the process hold up to shame those that are not secure.

The big point people are not getting is that this "going dark" specter is a childs fear of what might be hiding under the bed. It's the sort of nonsense parents use to get very very small children to do what they are told, which tells you a lot about how the LEO's regard the citizens... LEO's have had the same "existential fears" wailing since long before the word was invented and with every technical advancment that benifits mankind in general. The reasons are almost always the same, they create FUD then hold out their hands for bigger empires... As always they will squander or misuse anything they get to mankinds detriment in general, then fall back on the same old techniques they have always used. The real problems LEO's have are "scaling methods" and "getting other LEO cooperation" especialy across juresdictional boarders (which surprise surprise the FBI were set up to solve and have instead turned into a parasite on humanity from virtually day one).

Thus my view is if you stop their empire building by providing properly secure systems before they have got their "we need more" game going then they will just move onto a different empire building set of FUD and holding the hand out for something else.

The sensible solution though would be to treat such LEO individuals like the incurable socio / psychopaths they are and lock them up away from society and throw away the key. But that is not going to happen as long as the "we are the good guys" excuse for all excesses is repeatedly swallowed by society...

[1] https://searchsecurity.techtarget.com/opinion/Marcus-Ranum-Systems-administration-is-in-the-crosshairs#dd-tab1

[2] I've explained in the past why this is not entirely true, or in all cases, but as a general first order observation it is hard to argue against.

Clive RobinsonDecember 4, 2018 8:19 AM

Opps,

My above was for "Jesse Thompson" with regards,

Isn't @Bruce pro-Signal?

Moral to self, try to do only a few things at the same time...

SwrDecember 4, 2018 9:41 AM

@Clive

By "attacking the endpoint" I was referring to the smart phone, not the app.

And again you trash Signal for not protecting against a threat it was never designed to protect against.

Why?

It is meant to protect against passive telecom-level surveillance. It is meant to protect against mass surveillance. That's the big security promise for Signal.

Clive RobinsonDecember 4, 2018 9:49 AM

@ Denton Scratch,

But surely, to attack the device, you would need the cooperation not of Facebook, but of the mobile provider?

Unlike the SigInt agencies that want to be as covert as possible including hiding from all users and suppliers of services, the LEO's just waltz in with an NSL where they can, or use some other legislation. In theory the LEOs could use the Communications Assistance for Law Enforcment Act (CALEA) to just get the access to the "human interface" but it's not certain how that would play out in court. So the FBI and DoJ are looking for other older legislation they can use existing case law on and push it a bit. They tried it on with Apple expecting them to let the case law be pushed. What they did not expect in their psycopathic view of the world was that Apple would take a very large bite out of them instead. Not only did it start going against the FBI/DoJ it was publically humiliating, and becoming clear to all they were lying to the court... Thus they jumped and pulled the rip cord to keep what little left they could in tack...

FWIW, I thought the Signal protocol was supposed to be secure.

The "protocol" may well be so, though there are doubts about parts of it, but those questions hang over everything new or insufficiently real world tested. But the "protocol" is only a fraction of the application design, not the implementation or the environment the designer has forced the application to run in. Which is a big big difference. It's not alone in this respect, AES for instance is as far as we know a secure algorithm, however we know that many of the original implementations were very far from secure. It's why you have to know what is secure and what around it is not or may not be. Which is why you can build a totally insecure "system" entirely out of secure component parts... Many technical journalists don't understand this thus their readers who rely on what they say get misled...

Moxie forced his implementation of the "protocol" to run in what is known to be a totaly insecure environment of Smart Mobile Phones, and he has fought long and hard to keep it in that insecure environment, knowing that it makes his application insecure... His choice of behaviours and actions not mine, the result the application can currently not be regarded as secure irrespective of the protocol. I'm not going to hide it from people just to make them feel better.

As I've indicated in the past, as an engineer I made an oath about my proffessional deportment, it's not something I did for fun. Apparently software engineers don't get asked to make such a commitment to their art...


It's still not clear to me why the feds and the DOJ have dragged Facebook into court. That's why I mentioned Signal. What are Facebook supposed to be able to do, other than disable the encryption?

Because they are trying to see if this time they can get case law. They tried it on with Apple and got a smack on the nose for it. Tim Cook was aware that security was an important part of Apples very high priced image, thus had to come out fighting, and fought well. Facebook however have repeatedly demonstrated they care not one iota for user privacy, in fact the exact opposite. Thus I'm guessing this time they will not get much in the way of pushback thus will get their case law "stick" to use on others. It's the way of a psychopath, first get your weapon of choice, then go and use it with as much force as you can till everybody does what you want. Their view "nails have to be hammered down", "the bigger the hammer the better"...

IOBSDecember 4, 2018 10:04 AM

"This implies ignorance, malice, and/or selective apathy on Clive's part."

Despite long-winded protestations to the contrary, Clive is a flawed human being like you.
He makes mistakes, he's opinionated, wrong, foolish, disgusting, as egotistical as anyone.
Don't treat him like some sort of all-wise Guru unless you enjoy being disappointed.

He's just another bloke who thinks he knows everything and can't accept otherwise.
Holding him to a higher standard is unfair to each of you.

Clive RobinsonDecember 4, 2018 12:08 PM

@ Swr,

And again you trash Signal for not protecting against a threat it was never designed to protect against.

As I've already said,

    Moxie forced his implementation of the "protocol" to run in what is known to be a totaly insecure environment of Smart Mobile Phones, and he has fought long and hard to keep it in that insecure environment, knowing that it makes his application insecure... His choice of behaviours and actions not mine, the result the application can currently not be regarded as secure irrespective of the protocol. I'm not going to hide it from people just to make them feel better.

Now if you can not understand that then I suggest you are either an unthinking "Signal fawnboi" or "troll" either way it's not going to make Signal secure for the user to use in it's designers intended environment on an insecure device...

However unlike you I have previously given ways users can get the required level of security with any messenger app be it encrypted or not, and you can go and look them up on this blog. The fact you have not and carry on like a cracked record says a lot more about you than me.

However as it's the season of good will, just enjoy your life with some one who cares for your blind devotion, if that's what it is.

Clive RobinsonDecember 4, 2018 1:41 PM

@ IOBS,

Yet another new handle.

But even less constructive than an Alukah.

echoDecember 4, 2018 6:06 PM

Parliament voted the UK government in contempt. The Attorney General's claim of withholding legal advice from publication in the public interest did not wash.

TõnisDecember 4, 2018 7:54 PM

Were I to need secure instant messaging, I would use BBM Enterprise.


http://help.blackberry.com/en/bbm-protected-security/latest/bbm-protected-security-pdf/BBM-Enterprise-latest-Security-Note-en.pdf

http://help.blackberry.com/en/bbm-protected-security/latest/bbm-protected-security/awi1410183785242.html

https://www.blackberry.com/us/en/products/communication/bbm-enterprise


I use ordinary consumer BBM. It's not encrypted-secure, rather it's more like "scrambled" in the sense that, as I understand it, everyone uses the same keys. It's the one everyone always points to when saying BlackBerry isn't secure or BlackBerry caved in and gave up the keys during UK riots or to some Middle East government that demanded it. But BlackBerry didn't give up anything that competent/qualified attackers couldn't get anyway (i.e. access to scrambled, not encrypted, communications). I use BBM (that free consumer grade option) because I love its features, and it keeps Google, facebook, Microsoft/Skype, random developers, etc. out of my private IM conversations. Also, on BlackBerry 10 devices it's ad-free, but on iOS and Android (even BlackBerry Android) there might be ads (not sure about that though). But as for security, BlackBerry enterprise grade messaging is and always has been secure. If I were to need security, that's what I'd use.

I suppose it comes down to whether one trusts BlackBerry. I do.

echoDecember 4, 2018 7:57 PM

@Clive

Forcing Signal to be a smartphone centred app only (which includes the Chrome Browser only Signal desktop application which works via the smartphone app) does limit things a lot. It seems daft to restrict a platform in this way not to mention adding a vendor specific layer of lock-in.

Actually, another niggle I discovered is smartphones which don't work without a network sim being present.

We now know of Bitlocker defaulting to allowing SSD sometimes useless "full disc encryption" to take over plus Veracrypt for dogmatic reasons not allowing "TPM" usagenot to mention tugs of war over file systems meanin that getting a genuine cross-platform FDE solution to work is between a nightmare to impossible.

I get the idea of "false assurance" but also dogmatism and biases in technical reasoning. The problem with systems design to prevent "stupid" is when the system itself enforces "stupid" or assumes the user is "stupid" things can fall apart. I have rarely if ever discovered any "controlling entity" being receptive to discussion or publishing and working to a set of sound readable guidelines to mitigate this and apportion risk and responsibility adequately.

echoDecember 4, 2018 8:01 PM

@Toni

I suppose it comes down to whether one trusts BlackBerry. I do.

"Trust" is a big topic worthy of its own discussion. I won't comment further because I don't believe it will be helpful or respectful given I'm too lazy to give the topic of trust proper treatment.

SwrDecember 4, 2018 8:38 PM

@Clive

You: It wasn't designed to fix to fix endpoint security therefore it is next to worthless for security

Me: It was never designed to fix endpoint security. It was designed to prevent passive surveillance of content and limit the information intermediary services have available to hand off to law enforcement. Why do you judge it based on a threat it was never designed to stop?

You: Because it must have purposefully been designed with poor client security. Moxie has resisted attempts to change the unsecurable client in unnamed ways to improve security.

Me: Again, that wasn't the threat model Signal was designed for. Focusing on a different threat model is going to predictably give disappointing results as, again, it isn't the threat model Signal was designed to stop.

Andy FDecember 4, 2018 9:01 PM

@srw
"I have never heard of attacking endpoints referred to as "end run attacks"
before. It's a very limited utility phrase and it is too vague on the
mechanism of compromise for me to see it as useful descriptor of an attack.

I also stand by my criticism of Clive. He denigrates Signal because it
doesn't protect against a threat it was never designed to protect against.
This implies ignorance, malice, and/or selective apathy on Clive's part".

SRW, I really think that you need to consider the users of Signal around the world. Many of them are in places where the local authorities[1] are more than happy to plant Trojans and other malware onto the endpoints (AKA smartphones), The 5$ wrench can also be a consideration[2]. Signal is generally regarded as being technically secure but these endpoints are anything but secure and in many cases don't even need physical access to compromise them.

You can only use iPhones/Android devices for secure communications against capable adversaries if the plaintext (your message) does not come into contact with the device itself. This means that you have to encrypt/decrypt the message externally to the device, either by hand or using another device which is kept offline and is free of tampering. Both these approaches have potential issues if you are physically detained and can be hard to explain away.

If you just want to keep things secure from relatives, boyfriend/girlfriend then Signal on an Android phone is fine provided they never physically touch it as they could add a keylogger. Also just pray that one of them isn't a technically competent geek.

Clive thoroughly understands all these issues and your posting merely shows your lack of understating of the security landscape.

Andy

[1] Many criminals do this too in the hope of obtaining personal information for blackmail or fraud.

[2] XKCD 538

TõnisDecember 4, 2018 9:40 PM

A bit of off-topic -- I have a small disussion forum/community. As admin, I can see users' IP addresses. Perhaps someone knowledgeable could explain why one member's IP address shows up as such:

10.129.176.27

When I look it up on the whois site, it says that:

"These addresses are in use by many millions of independently operated networks, which might be as small as a single computer connected to a home gateway, and are automatically configured in hundreds of millions of devices. They are only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address."

If that is in fact the case, why is this member's IP address showing up a such?


https://www.whois.com/whois/10.129.176.27

TIA,

Tõnis

echoDecember 4, 2018 9:41 PM

@Andy F

This is why I bought a portable safe to add an extra layer of security against casual snooping or adding keyloggers. I have gone as far as researching statistical probabilities of numbers being chosen and how long it will take to achieve a successful attack in theory and practice. It's sufficient to stop a smart idiot. I know it won't stop a threat such as a government or heavy criminal but this isn't why I bought it.

I find some men will assume I'm a dufus. This can be annoying but also a tactical advantage.

SwrDecember 4, 2018 9:53 PM

@Andy F

I know enough about the security landscape to know that people expecting a tool not meant to secure endpoints to secure endpoints are going to be disappointed and that it doesn't invalidate the security benefit for the overwhelming majority of its userbase.

SwrDecember 4, 2018 9:57 PM

@Tõnis

Because it's a private network address. It's what the IP of the device on the internal network is referred to but it isn't what the Internet sees.

If you want to know the public IP (which is possibly shared by everyone on your network), have that computer Google the phrase "what is my IP".

TõnisDecember 4, 2018 10:13 PM

Thanks, @Swr. I can't really find out anything else about it, because it's only someone else's IP I see in the list of users. But it's the only one I've ever seen like it. Are you saying it's like a private (unlisted) telephone number? If so, how is this guy doing this? (I don't think he's doing it himself -- he doesn't seem especially savvy -- but it's showing up like that from one of his devices. I mean, might it be some VPN?)

SwrDecember 4, 2018 10:21 PM

@Tõnis

It's not like an unlisted number.

Think of it more like a room in a residential house. When you're sending mail out of the house, you don't put in the Return Address field the room of the house it goes back to. You just have the house address.

As for how he's doing it - it's often done automatically.

It's very possible that IP address belongs to a VPN application installed on that computer. Not a guarantee, but it's possible.

TõnisDecember 4, 2018 10:30 PM

Thanks again, @Swr. That makes sense. I just don't get how he's displaying that (the "room address") instead of a normal IP ("house address") on the net. Again, I don't think he's personally doing anything -- perhaps the device is just configured that way -- because I doubt he even knows what an IP address is or has ever given the subject any thought... (It's not a tech forum.)

SwrDecember 4, 2018 10:33 PM

The public Internet would never see that address.

My guess is that your computer on the same network has an IP address that starts with 192.168. or starting with 10. as either are common beginnings of private network addresses.

The vast majority of residential homes and businesses in the U.S. have IP addresses that begin with one of those.

tDecember 4, 2018 10:45 PM

@Swr, "The public Internet would never see that address."

That's just it. He's displaying that address on the public internet. I know this because I'm the admin, and I can see it. For example, Bruce can probably look in his admin panel and see my IP address which would be my "house" address from my router, ISP assigned. He wouldn't see that "room address" like this guy is displaying on the net. I look up many of the IP's I see, and there's always info on the address, ISP, country, etc., but this is the only one I've ever seen show up like this.

SwrDecember 4, 2018 11:15 PM

@t

Just because you can see the address does not mean any random computer on the Internet can see the address.

ISP routers refuse to route it. Major routing protocols on the Internet's backbone will not accommodate private network addresses in the destination field.

Even if your user did somehow have it directly exposed to the Internet (extremely unlikely), traffic wouldn't reach it. Instead, it is being dynamically translated into a public IP address via NAT.

Clive RobinsonDecember 5, 2018 5:49 AM

@ echo,

The problem with systems design to prevent "stupid" is when the system itself enforces "stupid" or assumes the user is "stupid" things can fall apart.

The problem with developers is that in the general case they do not think like users... Thus they make assumptions that say more about them than it does the users ;-)

There is a saying they realy should get to know,

    The only trouble with "fool proof" is there is never a fool to use it...

As our genial host @Bruce has pointed out in the past, users by and large are not daft or malicious they just want to get their jobs done to meet targets to keep their job.

If managment think only in the very short term --ie next couple of quaters-- and pay at best lip service to security, can we realy expect the users they set targets for to think anything other than short term as well?

Developers are usually just as bad if not worse than the average user for thinking short term, and will go to quite extream lengths to "save time" why they should think the users would be any different beats me (and I suspect more experienced devs who just keep their heads down when managment pronounce know the users don't).

As long as managment pit users against security, security will loose, and so in the end will managment. But even if you tell managment that you are not going to get heard, after all they know best and manage by dictat not example because they are exceptional...

Thus the wheel turns and we relive history again and again and... Somebody named it "The hamster wheel of pain", trust me when I say hamsters have it lucky they only live oh about three years the way things are going we've got twenty times that atleast in our "cubicles". Dante realy had no idea of what hell is realy all about, toasting your neither regions on a barbeque would be a joy compared to some places I've worked.

Clive RobinsonDecember 5, 2018 6:13 AM

@ t,

That's just it. He's displaying that address on the public internet.

It might not be as "public" as you think.

Some years ago the UK Government National Health Service (NHS) set up a UK wide private network for the NHS unsurprisingly called NHS-Net.

It was a bit of a dogs dinner to put it politely for a whole set of reasons.

Just one major issue is some hospitals had their own valid IP address range that connected to the Internet proper. However they also had to connect to the NHS-net that used all those "private" IP address ranges in a whole manner of mind bending ways...

As a small part of my many other duties was to admin a server that had direct connections not just to NHS-Net, the Internet and the UK Joint Academic Network (JANET) and was supposed to alow users to log on and use "local services" which included going through proxies for other services.

Way more by luck than judgment it all hung in there, yes I got probs and I was on first name terms with many of their third line support and managment, we used to joke about getting our own "support group" in a luxury private hospital...

You will see the strangest of things pop up especially with a "trace route" you'd see one set of info the user would see another, and you over time built a spread sheet with what the addresses realy ment. I think at one point that spread sheet was more valuable than me, the way people used to phone up and ask for a "translation".

But to managment "oh that little side project you do"...

JG4December 5, 2018 6:15 AM


@Swr - It might be helpful to spell out those threat models. My standard threat model is having my "data" hijacked by liars, thieves and murderers. It really doesn't matter who their employers are, because, with only narrow exceptions, their interests diverge from mine. They will conjure up corner cases where the interests are aligned, because "It's for the children." Or to stop the ever-present terrorists. Who kill a lot less people than die from sitting on their asses listening to assholes on television lie about pretty much everything.

I had a disturbing thought this morning as a result of Bruce's recent mention of the rampant SIM card fraud. We are close to the point where a passable voice recognition/synthesis system ("chatbot") could hold a conversation with 911 dispatch. I won't spell out the implications, but there are threat models to invidividuals and threat models to the system. The arrogant assholes who run the system have painted themselves and everyone else into a corner with the pathetic security in banking, PCs, phones and infrastructure. For phones with accelerometers, it might be possible to discern between a phone held by a hysterical person and one laying on a desk connected to a computer. Of course, all of that can be spoofed in the next epicycle.

echoDecember 5, 2018 7:04 AM

@Clive

The problem with developers is that in the general case they do not think like users... Thus they make assumptions that say more about them than it does the users ;-)

I always tried to develop software or anything else really from a point of view which accomodated users/customers/etc which didn't always go down well with management. Yes, I have done stupid things too but properly accomodating users was/is one of my key goals. Like you say many who manage or administer such systems often aren't the ones using them. As a user of systems myself this irks me more than a little.

I like simple but powerful systems (which can lead to taking on more than is sensible with some projects) and unfortunately caught the "design for 20 years minimum" meme off industrial software developers.

I won't make claims to be a guru but bulletproofing inputs was something I got a pat on the head at college for and this stuck.

And then there was the time a bug an early version of a database server lost all the indexes on a weeks worth of input data... Ouch. That was embarassing. I utterly loathed coding around bugs (especially flaws in graphics API implementations) because it can encourage vendors to not bother fixing problems and undermine standards. I'm guessing this is partly why I don't like service providers using vendor specific browsers because it takes away intelligently developing a standard. Open standards was another thing drilled into my skull by one of the old school lecturers and after the penny dropped this stuck too. Of course, it helps if the standard isn't junk.

I know it's easy to criticise but why is deviation from mediocrity punished so severely?

Clive RobinsonDecember 5, 2018 11:09 AM

@ echo,

I know it's easy to criticise but why is deviation from mediocrity punished so severely?

Do you remember Banking Crisis One "The Sub-Prime affair"?

Well it turns out that the "city slickers" are not so slick, they basically played a game of "follow my leader" and as you may remember "lost big". Well one trader "bucked the trend" and hit his targets and well beyond by not following the herd.

Guess who was the first to get "The Grand Order of the Boot"? Yup the bloke who had made money by not being a team player...

Which shows what the grubby core is all about, if they all do the same thing then they all swim together or they all sink togethet, but there is no differentiator to judge them by. So if they all failed it must have been due to some unknown, unforeseeable "Hidden Variable" in the market...

But if some win and some loose, then it shows either the loosers were stupid or the market is no more predictable than chance, thus they are just gamblers "coin flipping" with other peoples money. So in no way worth any of the massive fees they charge...

So it appears a "Bank Licence" is either a "licence to be a con artist" or a "stay out of jail card", maybe both. Because if you or I did what they did then we would be spending many years inside at Her Maj's pleasure.

bttbDecember 5, 2018 1:44 PM

@Clive Robinson, Denton Scratch, Srw, JG4, echo, John Smith, Andy F

Re: “end point” or “end run” attacks

afaik, here may be a relevant current event example: https://www.washingtonpost.com/world/middle_east/khashoggi-friend-sues-israeli-firm-over-hacking-he-says-contributed-to-the-journalists-murder/2018/12/03/ddcb28ee-f708-11e8-8642-c9718a256cbd_story.html

“JERUSALEM — A Canada-based Saudi activist filed suit this week against an Israeli cybersecurity firm, alleging that the Saudi government used the firm’s spyware to hack his cellphone and access sensitive conversations [including WhatsApp] he conducted with slain Saudi journalist Jamal Khashoggi. 

Attorneys for Omar Abdulaziz, 27, who is based in Montreal, lodged a civil case against the NSO Group in Tel Aviv on Sunday, legal papers show. The opposition activist has said he learned that his phone had been hacked in August, some two months after he clicked on an infected link.

The Citizen Lab, a University of Toronto project that investigates digital espionage aimed at civil society, concluded with “high confidence” that the Saudi government targeted his cellphone using Pegasus spyware created by NSO.

[…]

The legal filing argues that the Israeli software provided the Saudis with knowledge of conversations between Abdulaziz and Khashoggi about projects they were working on. The sophisticated software enables the operator to access all information stored on a target’s phone and to secretly film or record audio. 

“The details of this collaboration were known to the authorities in the Kingdom through the Pegasus system,” the court papers say. 

The filing says Abdulaziz will argue that use of Pegasus spyware to expose his communications with Khashoggi contributed to the decision to murder him.”

SwrDecember 5, 2018 4:46 PM

@Tõnis

Looking back at your original post, I am a bit perplexed. If the forum is reporting the user's IP like that, then there's bad logic being used in the forum's code.

TõnisDecember 5, 2018 5:44 PM

@Swr, yes the forum software shows me all users' IP addresses. They are all normal IP's for members, guests, etc.; I look them up all the time. All except for this one user's IP. He's from the UK (Scotland or Wales, I think.) His always shows up one of those 10.xxx.xxx.xx IP's from a private (internal) network. I think it's an android device. Very strange.

TõnisDecember 5, 2018 6:04 PM

@Clive Robinson, that makes a whole lot of sense. The user is in the UK. He doesn't seem computer savvy. I don't think it's anything sinister; it's probably just some work environment network. I just found it very strange that what the whois site says, how that IP is "only intended for use within a private context and traffic that needs to cross the Internet will need to use a different, unique address," makes it seems like what's happening should be impossible, but I can see how it could happen with complex ways these organizations' networks might be set up.

Rach ElDecember 6, 2018 1:45 AM

JG4

@Swr - It might be helpful to spell out those threat models....et cetera

hi friend. This is the sort of thing Wael would say or at least pick up on:
This post attributed to you above doesn't read like you. I deduce notable divergence from your normal style. Just felt it was worth mentioning


Australia Leading On ThisDecember 6, 2018 3:09 AM

End-runs no longer limited to cricket. They are now law in Australia.

https://www.theguardian.com/australia-news/live/2018/dec/06/government-morrison-nauru-energy-encryption-politics-live-shorten-labor-liberal

The half-amended encryption access laws rammed through the Senate are better than the original, but serious concerns remain.

"We now have a situation where unprecedented powers to access encrypted communications are now law, even though parliament knows serious problems exist.

"This is what happens when you compromise a committee process and allow the work of parliament to be rushed and politicised.

"Next year, as well as passing the remaining amendments, the intelligence and security committee needs to be brought back into the frame to get these laws right.

"The committee can ensure there are no unintended consequences, which could be to the detriment of us all.

"We support the object of these laws in order to keep us safe, but we cannot weaken the rule of law in the process."

WeatherDecember 6, 2018 1:00 PM

Tõnis
As a admin I'm guessing you are checking the access logs from a lan computer, the software is detection of You accessing the access logs

JG4December 6, 2018 5:51 PM


@Rach El - It's me. I was cranky because there are so many idiots, psychotics, criminals and psychopaths loose on your planet. Worse, many of them are at the controls. Between mineral supplements, which I've open-sourced, the running, a little more fish and carbs, I've been a mind on fire.

The main reason that I've been quiet, other than extensive windshield therapy, is that I got a Chromebook from Spookwerks West. It's got a tiny screen, a bunch of ads, and the sessions come back with all of the open tabs. I like the TOR machine better for writing long and tedious rants. The Chromebook boots and connects a lot quicker. Hat tip Clive for pointing me to a secure platform available cheap. How much does it cost? $169 and all of your privacy.

https://www.nakedcapitalism.com/2018/12/links-12-6-18.html
...

[shades of the road to Niniveh]

These ants decorate their homes with the heads of their enemies National Geographic
...

Facebook’s Very Bad Month Just Got Worse The New Yorker. “The documents also reveal that, in 2015, a permissions update for Android devices, which users were required to accept, included a feature that continuously uploaded text messages and call logs to Facebook.” Holy moley. That’s some feature.

Wells Fargo computer glitch blamed as hundreds lose their homes CBS
...

[system evolution, conspiracy trigger alert]

Italian Police Make Major Arrests Linked to Sicilian Mob Courthouse News
...

[gain medium with spontaneous emergence of order in non-equilibrium thermodynamic system]

New study explains creation of deadly California ‘firenado’ AP (DL). Original.
...

[some fascinating history, conspiracy trigger warning]

Imperial Collapse Watch

The Dirty Secrets of George Bush Rolling Stone. From 1988, still germane.
...

VinnyGDecember 9, 2018 7:40 AM

@Men in Black re: DOJ redos - As I suspect you already are aware, the culture of the DOJ (goes for virtually every other large FedGov agency, as well) rests almost entirely upon the ranks of the "faceless bureaucrats" in its employ, not the appointed agency figurehead. Changing the AG may change rhetoric, might alter a few top-level prosecutions, but will little change day-to-day conduct, or the attitudes on which that conduct rests. At the apex of his or her influence, an AG might start some dynamic that will ultimately slightly alter the agency culture at some future point, most likely after his or her term expires, and then only in the unlikely event that effort is not countermanded by a successor (snail's pace propagation of change is a "feature" of bureaucracy.) Toward the end of the regime of Bush I, there was an initiative within his administration toward abolishing BATF, because of large-scale redundancy between its activities and those of other DOJ agencies. As a result, BATF management undertook to conduct some high-profile exercises that would garner massive public attention, and make it difficult for any politician to advocate for or advance its abolition. The results were the siege and killing of the Weavers at Ruby Ridge, Idaho, and (more critically) that of the Branch Davidians at Mt Carmel, Texas (popularly known as the Waco Siege) resulting in the deaths of 76 men, women and children. Most tactics by the rank and file to thwart any internal or external reform of an agency that will result in a reduction of employment, or lessening of the compensation and/or prestige associated with that employment, are much less dramatic, but largely equally effective.

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.