Crypto-Gram Newsletter

August 15, 2013

by Bruce Schneier
BT Security Futurologist
schneier@schneier.com
http://www.schneier.com

A free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise.

For back issues, or to subscribe, visit <http://www.schneier.com/crypto-gram.html>.

You can read this issue on the web at <http://www.schneier.com/crypto-gram-1308.html>. These same essays and news items appear in the "Schneier on Security" blog at <http://www.schneier.com/blog>, along with a lively and intelligent comment section. An RSS feed is available.


In this issue:


The Public/Private Surveillance Partnership

Imagine the government passed a law requiring all citizens to carry a tracking device. Such a law would immediately be found unconstitutional. Yet we all carry mobile phones.

If the National Security Agency required us to notify it whenever we made a new friend, the nation would rebel. Yet we notify Facebook. If the Federal Bureau of Investigation demanded copies of all our conversations and correspondence, it would be laughed at. Yet we provide copies of our e-mail to Google, Microsoft or whoever our mail host is; we provide copies of our text messages to Verizon, AT&T and Sprint; and we provide copies of other conversations to Twitter, Facebook, LinkedIn, or whatever other site is hosting them.

The primary business model of the Internet is built on mass surveillance, and our government's intelligence-gathering agencies have become addicted to that data. Understanding how we got here is critical to understanding how we undo the damage.

Computers and networks inherently produce data, and our constant interactions with them allow corporations to collect an enormous amount of intensely personal data about us as we go about our daily lives. Sometimes we produce this data inadvertently simply by using our phones, credit cards, computers and other devices. Sometimes we give corporations this data directly on Google, Facebook, Apple Inc.'s iCloud and so on in exchange for whatever free or cheap service we receive from the Internet in return.

The NSA is also in the business of spying on everyone, and it has realized it's far easier to collect all the data from these corporations rather than from us directly. In some cases, the NSA asks for this data nicely. In other cases, it makes use of subtle threats or overt pressure. If that doesn't work, it uses tools like national security letters.

The result is a corporate-government surveillance partnership, one that allows both the government and corporations to get away with things they couldn't otherwise.

There are two types of laws in the U.S., each designed to constrain a different type of power: constitutional law, which places limitations on government, and regulatory law, which constrains corporations. Historically, these two areas have largely remained separate, but today each group has learned how to use the other's laws to bypass their own restrictions. The government uses corporations to get around its limits, and corporations use the government to get around their limits.

This partnership manifests itself in various ways. The government uses corporations to circumvent its prohibitions against eavesdropping domestically on its citizens. Corporations rely on the government to ensure that they have unfettered use of the data they collect.

Here's an example: It would be reasonable for our government to debate the circumstances under which corporations can collect and use our data, and to provide for protections against misuse. But if the government is using that very data for its own surveillance purposes, it has an incentive to oppose any laws to limit data collection. And because corporations see no need to give consumers any choice in this matter -- because it would only reduce their profits -- the market isn't going to protect consumers, either.

Our elected officials are often supported, endorsed and funded by these corporations as well, setting up an incestuous relationship between corporations, lawmakers and the intelligence community.

The losers are us, the people, who are left with no one to stand up for our interests. Our elected government, which is supposed to be responsible to us, is not. And corporations, which in a market economy are supposed to be responsive to our needs, are not. What we have now is death to privacy -- and that's very dangerous to democracy and liberty.

The simple answer is to blame consumers, who shouldn't use mobile phones, credit cards, banks or the Internet if they don't want to be tracked. But that argument deliberately ignores the reality of today's world. Everything we do involves computers, even if we're not using them directly. And by their nature, computers produce tracking data. We can't go back to a world where we don't use computers, the Internet or social networking. We have no choice but to share our personal information with these corporations, because that's how our world works today.

Curbing the power of the corporate-private surveillance partnership requires limitations on both what corporations can do with the data we choose to give them and restrictions on how and when the government can demand access to that data. Because both of these changes go against the interests of corporations and the government, we have to demand them as citizens and voters. We can lobby our government to operate more transparently -- disclosing the opinions of the Foreign Intelligence Surveillance Court would be a good start -- and hold our lawmakers accountable when it doesn't. But it's not going to be easy. There are strong interests doing their best to ensure that the steady stream of data keeps flowing.

This essay originally appeared on Bloomberg.com.
http://www.bloomberg.com/news/2013-07-31/...

Corporations collecting data:
http://www.schneier.com/essay-324.html
http://www.schneier.com/essay-423.html
http://www.nationaljournal.com/magazine/...

Corporations cooperating with the NSA:
http://news.cnet.com/8301-13578_3-57593538-38/...
http://news.cnet.com/8301-13578_3-57595202-38/...
http://www.newyorker.com/online/blogs/elements/2013/...
http://news.cnet.com/8301-13578_3-57595529-38/...

How the partnership manifests itself:
http://www.bloomberg.com/news/2013-06-28/...
http://www.bloomberg.com/news/2013-06-30/...

Congress attempt to rein in NSA:
http://www.nytimes.com/2013/07/25/us/politics/...

The death of privacy:
https://www.schneier.com/essay-418.html

Disclosing FISA opinions:
http://www.bloomberg.com/news/2013-07-09/...


The NSA is Commandeering the Internet

It turns out that the NSA's domestic and world-wide surveillance apparatus is even more extensive than we thought. Bluntly: The government has commandeered the Internet. Most of the largest Internet companies provide information to the NSA, betraying their users. Some, as we've learned, fight and lose. Others cooperate, either out of patriotism or because they believe it's easier that way.

I have one message to the executives of those companies: fight.

Do you remember those old spy movies, when the higher ups in government decide that the mission is more important than the spy's life? It's going to be the same way with you. You might think that your friendly relationship with the government means that they're going to protect you, but they won't. The NSA doesn't care about you or your customers, and will burn you the moment it's convenient to do so.

We're already starting to see that. Google, Yahoo, Microsoft and others are pleading with the government to allow them to explain details of what information they provided in response to National Security Letters and other government demands. They've lost the trust of their customers, and explaining what they do -- and don't do -- is how to get it back. The government has refused; they don't care.

It will be the same with you. There are lots more high-tech companies who have cooperated with the government. Most of those company names are somewhere in the thousands of documents that Edward Snowden took with him, and sooner or later they'll be released to the public. The NSA probably told you that your cooperation would forever remain secret, but they're sloppy. They'll put your company name on presentations delivered to thousands of people: government employees, contractors, probably even foreign nationals. If Snowden doesn't have a copy, the next whistleblower will.

This is why you have to fight. When it becomes public that the NSA has been hoovering up all of your users' communications and personal files, what's going to save you in the eyes of those users is whether or not you fought. Fighting will cost you money in the short term, but capitulating will cost you more in the long term.

Already companies are taking their data and communications out of the US.

The extreme case of fighting is shutting down entirely. The secure e-mail service Lavabit did that last week, abruptly. Ladar Levison, that site's owner, wrote on his homepage: "I have been forced to make a difficult decision: to become complicit in crimes against the American people or walk away from nearly ten years of hard work by shutting down Lavabit. After significant soul searching, I have decided to suspend operations. I wish that I could legally share with you the events that led to my decision."

The same day, Silent Circle followed suit, shutting down their e-mail service in advance of any government strong-arm tactics: "We see the writing the wall, and we have decided that it is best for us to shut down Silent Mail now. We have not received subpoenas, warrants, security letters, or anything else by any government, and this is why we are acting now." I realize that this is extreme. Both of those companies can do it because they're small. Google or Facebook couldn't possibly shut themselves off rather than cooperate with the government. They're too large; they're public. They have to do what's economically rational, not what's moral.

But they can fight. You, an executive in one of those companies, can fight. You'll probably lose, but you need to take the stand. And you might win. It's time we called the government's actions what they really are: commandeering. Commandeering is a practice we're used to in wartime, where commercial ships are taken for military use, or production lines are converted to military production. But now it's happening in peacetime. Vast swaths of the Internet are being commandeered to support this surveillance state.

If this is happening to your company, do what you can to isolate the actions. Do you have employees with security clearances who can't tell you what they're doing? Cut off all automatic lines of communication with them, and make sure that only specific, required, authorized acts are being taken on behalf of government. Only then can you look your customers and the public in the face and say that you don't know what is going on -- that your company has been commandeered.

Journalism professor Jeff Jarvis recently wrote in the "Guardian": "Technology companies: now is the moment when you must answer for us, your users, whether you are collaborators in the US government's efforts to 'collect it all' -- our every move on the internet -- or whether you, too, are victims of its overreach."

So while I'm sure it's cool to have a secret White House meeting with President Obama -- I'm talking to you, Google, Apple, AT&T, and whoever else was in the room -- resist. Attend the meeting, but fight the secrecy. Whose side are you on?

The NSA isn't going to remain above the law forever. Already public opinion is changing, against the government and their corporate collaborators. If you want to keep your users' trust, demonstrate that you were on their side.

This essay originally appeared on TheAtlantic.com.
http://www.theatlantic.com/technology/archive/2013/...

Corporations and the NSA surveillance apparatus:
http://www.schneier.com/blog/archives/2013/08/...
http://www.schneier.com/essay-436.html
http://www.theatlanticwire.com/technology/2013/06/...
http://www.wired.com/threatlevel/2013/04/...
http://news.cnet.com/8301-13578_3-57593538-38/...
http://www.newyorker.com/online/blogs/elements/2013/...

Companies wanting more disclosure:
http://business.time.com/2013/07/18/...

Whistleblowing as civil disobedience:
http://www.zephoria.org/thoughts/archives/2013/07/...

Cooperating with NSA surveillance costs companies money:
http://boingboing.net/2013/08/08/...

Lavabit:
http://www.schneier.com/blog/archives/2013/08/...
http://boingboing.net/2013/08/08/...
http://lavabit.com/
http://www.forbes.com/sites/kashmirhill/2013/08/09/...

Silent Circle:
http://silentcircle.wordpress.com/2013/08/09/...

Jarvis essay:
http://www.theguardian.com/commentisfree/2013/aug/...

Tech companies meet with Obama:
http://www.huffingtonpost.com/2013/08/09/...

NSA is a criminal organization:
http://www.nytimes.com/2013/06/28/opinion/...

Regaining trust:
http://www.schneier.com/essay-435.html

Slashdot thread:
http://news.slashdot.org/story/13/08/12/1850229/...


Restoring Trust in Government and the Internet

In July 2012, responding to allegations that the video-chat service Skype -- owned by Microsoft -- was changing its protocols to make it possible for the government to eavesdrop on users, Corporate Vice President Mark Gillett took to the company's blog to deny it.

Turns out that wasn't quite true.

Or at least he -- or the company's lawyers -- carefully crafted a statement that could be defended as true while completely deceiving the reader. You see, Skype wasn't changing its protocols to make it possible for the government to eavesdrop on users, because the government was already able to eavesdrop on users.

At a Senate hearing in March, Director of National Intelligence James Clapper assured the committee that his agency didn't collect data on hundreds of millions of Americans. He was lying, too. He later defended his lie by inventing a new definition of the word "collect," an excuse that didn't even pass the laugh test.

As Edward Snowden's documents reveal more about the NSA's activities, it's becoming clear that we can't trust anything anyone official says about these programs.

Google and Facebook insist that the NSA has no "direct access" to their servers. Of course not; the smart way for the NSA to get all the data is through sniffers.

Apple says it's never heard of PRISM. Of course not; that's the internal name of the NSA database. Companies are publishing reports purporting to show how few requests for customer-data access they've received, a meaningless number when a single Verizon request can cover all of their customers. The Guardian reported that Microsoft secretly worked with the NSA to subvert the security of Outlook, something it carefully denies. Even President Obama's justifications and denials are phrased with the intent that the listener will take his words very literally and not wonder what they really mean.

NSA Director Gen. Keith Alexander has claimed that the NSA's massive surveillance and data mining programs have helped stop more than 50 terrorist plots, 10 inside the U.S. Do you believe him? I think it depends on your definition of "helped." We're not told whether these programs were instrumental in foiling the plots or whether they just happened to be of minor help because the data was there. It also depends on your definition of "terrorist plots." An examination of plots that that FBI claims to have foiled since 9/11 reveals that would-be terrorists have commonly been delusional, and most have been egged on by FBI undercover agents or informants.

Left alone, few were likely to have accomplished much of anything.

Both government agencies and corporations have cloaked themselves in so much secrecy that it's impossible to verify anything they say; revelation after revelation demonstrates that they've been lying to us regularly and tell the truth only when there's no alternative.

There's much more to come. Right now, the press has published only a tiny percentage of the documents Snowden took with him. And Snowden's files are only a tiny percentage of the number of secrets our government is keeping, awaiting the next whistle-blower.

Ronald Reagan once said "trust but verify." That works only if we can verify. In a world where everyone lies to us all the time, we have no choice but to trust blindly, and we have no reason to believe that anyone is worthy of blind trust. It's no wonder that most people are ignoring the story; it's just too much cognitive dissonance to try to cope with it.

This sort of thing can destroy our country. Trust is essential in our society. And if we can't trust either our government or the corporations that have intimate access into so much of our lives, society suffers. Study after study demonstrates the value of living in a high-trust society and the costs of living in a low-trust one.

Rebuilding trust is not easy, as anyone who has betrayed or been betrayed by a friend or lover knows, but the path involves transparency, oversight and accountability. Transparency first involves coming clean. Not a little bit at a time, not only when you have to, but complete disclosure about everything. Then it involves continuing disclosure. No more secret rulings by secret courts about secret laws. No more secret programs whose costs and benefits remain hidden.

Oversight involves meaningful constraints on the NSA, the FBI and others. This will be a combination of things: a court system that acts as a third-party advocate for the rule of law rather than a rubber-stamp organization, a legislature that understands what these organizations are doing and regularly debates requests for increased power, and vibrant public-sector watchdog groups that analyze and debate the government's actions.

Accountability means that those who break the law, lie to Congress or deceive the American people are held accountable. The NSA has gone rogue, and while it's probably not possible to prosecute people for what they did under the enormous veil of secrecy it currently enjoys, we need to make it clear that this behavior will not be tolerated in the future. Accountability also means voting, which means voters need to know what our leaders are doing in our name.

This is the only way we can restore trust. A market economy doesn't work unless consumers can make intelligent buying decisions based on accurate product information. That's why we have agencies like the FDA, truth-in-packaging laws and prohibitions against false advertising.

In the same way, democracy can't work unless voters know what the government is doing in their name. That's why we have open-government laws. Secret courts making secret rulings on secret laws, and companies flagrantly lying to consumers about the insecurity of their products and services, undermine the very foundations of our society.

Since the Snowden documents became public, I have been receiving e-mails from people seeking advice on whom to trust. As a security and privacy expert, I'm expected to know which companies protect their users' privacy and which encryption programs the NSA can't break. The truth is, I have no idea. No one outside the classified government world does. I tell people that they have no choice but to decide whom they trust and to then trust them as a matter of faith. It's a lousy answer, but until our government starts down the path of regaining our trust, it's the only thing we can do.

This essay originally appeared on CNN.com.
http://www.cnn.com/2013/07/31/opinion/...

Skype story:
http://blogs.skype.com/2012/07/26/...
http://www.bbc.co.uk/news/technology-19012415
http://www.nytimes.com/2013/06/20/technology/...
http://www.slate.com/blogs/future_tense/2013/07/12/...

Clapper story:
http://nymag.com/daily/intelligencer/2013/06/...
http://www.eff.org/deeplinks/2013/06/...

Government lies:
http://www.eff.org/nsa-spying/wordgames

How NSA sniffers actually work:
http://fabiusmaximus.com/2013/06/11/...

Published reports of NSA surveillance requests:
https://www.schneier.com/blog/archives/2013/06/...
http://www.wired.com/threatlevel/2013/06/nsa-numbers

Microsoft Outlook story:
http://www.guardian.co.uk/world/2013/jul/11/...
http://blogs.technet.com/b/microsoft_on_the_issues/...

General Alexander's justification:
http://www.washingtonpost.com/blogs/post-politics/...

Examining terrorist plots:
http://politicalscience.osu.edu/faculty/jmueller/...

The value of trust:
http://www.schneier.com/essay-412.html
http://www.worldvaluessurvey.org

Two more links describing how the US government lies about NSA surveillance.
http://www.slate.com/articles/news_and_politics/...
https://projects.propublica.org/graphics/nsa-claims


News

A problem with the US Privacy and Civil Liberties Oversight Board:
http://www.schneier.com/blog/archives/2013/07/...

Interesting essay on the impossibility of being entirely lawful all the time, the balance that results from the difficulty of law enforcement, and the societal value of being able to break the law. It is very much like my notion of "outliers" in my book "Liars and Outliers."
http://www.thoughtcrime.org/blog/...

Good article on the longstanding practice of secretly tapping undersea cables.
http://www.theatlantic.com/international/archive/...
This is news right now because of a new Snowden document.
http://www.washingtonpost.com/business/economy/...

An amazing e-mail from the DHS, instructing its employees not to read Snowden's documents when they appear in the press.
http://www.schneier.com/blog/archives/2013/07/...

Edward Snowden has set up a dead man's switch. He's distributed encrypted copies of his document trove to various people, and has set up some sort of automatic system to distribute the key, should something happen to him. Dead man's switches have a long history, both for safety (the machinery automatically stops if the operator's hand goes slack) and security reasons. WikiLeaks did the same thing with the State Department cables. I'm not sure he's thought this through, though. I would be more worried that someone would kill me in order to get the documents released than I would be that someone would kill me to prevent the documents from being released. Any real-world situation involves multiple adversaries, and it's important to keep all of them in mind when designing a security system.
http://www.wired.com/threatlevel/2013/07/...

For a change, here's a good idea by the TSA:
http://www.schneier.com/blog/archives/2013/07/...

Violence as a source of trust in criminal societies:
http://themonkeycage.org/2013/07/11/...
http://rss.sagepub.com/content/25/3/263.abstract

I generally don't like stories about Snowden as a person, because they distract from the real story of the NSA surveillance programs, but this article on the costs and benefits of the US government prosecuting Edward Snowden is worth reading.
http://www.lawfareblog.com/2013/07/...
Related is this article on whether Snowden can manage to avoid arrest. Here's the ending:
http://www.cnn.com/2013/07/12/us/...

Marc Rotenberg of EPIC explains why he is suing the NSA in the Supreme Court.
http://www.cnn.com/2013/07/17/opinion/...
And "USA Today" has a back and forth on the topic.
http://www.usatoday.com/story/opinion/2013/07/18/...
http://www.usatoday.com/story/opinion/2013/07/18/...

This is a succinct explanation of how the secrecy of the FISA court undermines trust.
http://www.schneier.com/blog/archives/2013/07/...

In an effort to lock the barn door after the horse has escaped, the NSA is implementing two-man control for sysadmins.
http://www.cbsnews.com/8301-250_162-57594486/...
This kind of thing has happened before. After USN Chief Warrant Officer John Walker sold encryption keys to the Soviets, the Navy implemented two-man control for key material. It's an effective, if expensive, security measure -- and an easy one for the NSA to implement while it figures out what it really has to do to secure information from IT insiders.

The story of people who poach and collect rare eggs, and the people who hunt them down.
http://www.newyorker.com/reporting/2013/07/22/...
Securing wildlife against poachers is a difficult problem, especially when the defenders are poor countries with not a lot of resources.

We're starting to see Internet companies talk about the mechanics of how the US government spies on their users. Here, a Utah ISP owner describes his experiences with NSA eavesdropping:
http://www.buzzfeed.com/justinesharrock/...
Declan McCullagh explains how the NSA coerces companies to cooperate with its surveillance efforts. Basically, they want to avoid what happened with the Utah ISP.
http://news.cnet.com/8301-13578_3-57593538-38/...
And Brewster Kahle of the Internet Archive explains how he successfully fought a National Security Letter.
http://www.newyorker.com/online/blogs/elements/2013/...

Secret information is more trusted:
http://www.nytimes.com/2013/06/30/opinion/sunday/...
Original paper abstract:
http://onlinelibrary.wiley.com/doi/10.1111/...

NSA cracked the Kryptos Sculpture (parts one, two, and three) years before the CIA did.
http://www.wired.com/threatlevel/2013/07/...
The fourth part is still uncracked.
http://www.schneier.com/blog/archives/2013/06/...
http://www.schneier.com/blog/archives/2006/04/...

The Obama Administration has a comprehensive "insider threat" program to detect leakers from within government. This is pre-Snowden. Not surprisingly, the combination of profiling and "see something, say something" is unlikely to work.
http://www.mcclatchydc.com/2013/06/20/194513/...
http://www.mcclatchydc.com/2013/07/09/196211/...
http://www.theatlantic.com/politics/archive/2013/07/...

This is a really clever social engineering attack against a bank-card holder.
http://www.guardian.co.uk/money/blog/2013/jul/29/...

Research on why some neighborhoods feel safer.
http://www.theatlanticcities.com/neighborhoods/2013/...
http://www.plosone.org/article/...
I've written about the feeling and reality of security, and how they're different.
https://www.schneier.com/essay-213.html
https://www.schneier.com/essay-170.html
That's also the subject of this TEDx talk.
http://www.ted.com/talks/bruce_schneier.html
Yes, it's security theater: things that make a neighborhood *feel* safer rather than actually safer. But when the neighborhood is actually safer than people think it is, this sort of security theater has value.
https://www.schneier.com/blog/archives/2007/01/...
Two related links:
http://www.economist.com/news/briefing/...
http://blogsofwar.com/2013/05/01/...

This is what happens when you're a security writer and you piss off the wrong people: they conspire to have heroin mailed to you, and then to tip off the police. And that's after they've called in a fake hostage situation.
https://krebsonsecurity.com/2013/07/...

The UK has banned researchers from revealing details of security vulnerabilities in car locks. In 2008, Phillips brought a similar suit against researchers who broke the Mifare chip. That time, they lost. This time, Volkswagen sued and won.
http://www.guardian.co.uk/technology/2013/jul/26/...
http://www.telegraph.co.uk/technology/10205983/...
http://www.bbc.co.uk/news/technology-23487928
http://news.techworld.com/security/3461155/...
http://www.bailii.org/ew/cases/EWHC/Ch/2013/1832.html
This is bad news for security researchers. (Remember back in 2001 when security researcher Ed Felten sued the RIAA in the US to be able to publish his research results?) We're not going to improve security unless we're allowed to publish our results. And we can't start suppressing scientific results, just because a big corporation doesn't like what it does to their reputation.

Richard Bejtlich and Thomas Rid (author of the excellent book "Cyber War Will Not Take Place") debate the cyberwar threat on "The Economist" website.
http://www.economist.com/debate/overview/256

There was a story about how searching for a pressure cooker and backpacks got one family investigated by the police. It was initially reported as NSA eavesdropping, but it wasn't. And as more of the facts came out, it seemed pretty reasonable overall.
http://www.schneier.com/blog/archives/2013/08/...

The "Guardian" discusses a new secret NSA program: XKeyscore. It's the desktop system that allows NSA agents to spy on anyone over the Internet in real time. It searches existing NSA databases -- presumably including PRISM -- and can create fingerprints to search for all future data collections from systems like TRAFFIC THIEF. This seems to be what Edward Snowden meant when he said that he had the ability to spy on any American, in real time, from his deck.
http://www.theguardian.com/world/2013/jul/31/...

There's speculation that the FBI is responsible for an exploit that compromised the Tor anonymity service. Note that Tor Browser Bundles installed or updated after June 26 are secure.
http://www.wired.com/threatlevel/2013/08/...
https://openwatch.net/i/200/...
http://www.twitlonger.com/show/n_1rlo0uu
http://www.bbc.co.uk/go/em/fr/-/news/...
http://www.metafilter.com/130629/...
https://blog.torproject.org/blog/...

The further Kip Hawley has gotten from running the TSA, the more sense he has started to make. This is pretty good.
http://www.cnn.com/2013/08/06/opinion/hawley-tsa/...

Twitter just rolled out a pretty nice two-factor authentication system using your smart phone as the second factor.
http://www.wired.com/threatlevel/2013/08/...

Latest movie-plot threat: explosive-dipped clothing. It's being reported, although there's no indication of where this rumor is coming from or what it's based on. I can see the trailer now. "In a world where your very clothes might explode at any moment, Bruce Willis is, Bruce Willis in a Michael Bay film: BLOW UP! Co-starring Lindsay Lohan..." I guess there's nothing to be done but to force everyone to fly naked.
http://abcnews.go.com/Blotter/...

Lots of sports stadiums have instituted draconian new rules. Here are the rules for St. Louis Rams games.
http://blog.stlouisrams.com/2013/06/13/...
Of course, you're supposed to think this is about terrorism. My guess is that this is to help protect the security of the profits at the concession stands.

General Keith Alexander thinks he can improve security by automating sysadmin duties such that 90% of them can be fired. Does anyone know a sysadmin anywhere who believes it's possible to automate 90% of his job? Or who thinks any such automation will actually improve security? He's stuck. Computerized systems require trusted people to administer them. And any agency with all that computing power is going to need thousands of sysadmins. Some of them are going to be whistleblowers.
http://www.businessinsider.com/...
Leaking secret information is the civil disobedience of our age. Alexander has to get used to it.
http://www.zephoria.org/thoughts/archives/2013/07/...

The 2013 Cryptologic History Symposium, sponsored by the NSA, will be held at Johns Hopkins University this October.
http://www.nsa.gov/about/cryptologic_heritage/...

Rangzen looks like a really interesting ad hoc mesh networking system to circumvent government-imposed communications blackouts. I am particularly interested in how it uses reputation to determine who can be trusted, while maintaining some level of anonymity.
http://rangzen.denovogroup.org/wp/
http://www.eecs.berkeley.edu/Pubs/TechRpts/2013/...
This is exactly the sort of thing I was thinking about in this essay.
https://www.schneier.com/essay-420.html

This essay is filled with historical MI5 stories -- often bizarre, sometimes amusing.
http://www.bbc.co.uk/blogs/adamcurtis/posts/BUGGER


Book Review: "Rise of the Warrior Cop"

"Rise of the Warrior Cop: The Militarization of America's Police Forces," by Radley Balko, PublicAffairs, 2013, 400 pages.

War as a rhetorical concept is firmly embedded in American culture. Over the past several decades, federal and local law enforcement has been enlisted in a war on crime, a war on drugs and a war on terror. These wars are more than just metaphors designed to rally public support and secure budget appropriations. They change the way we think about what the police do. Wars mean shooting first and asking questions later. Wars require military tactics and weaponry. Wars mean civilian casualties.

Over the decades, the war metaphor has resulted in drastic changes in the way the police operate. At both federal and state levels, the formerly hard line between police and military has blurred. Police are increasingly using military weaponry, employing military tactics and framing their mission using military terminology. Right now, there is a Third Amendment case -- that's the one about quartering soldiers in private homes without consent -- making its way through the courts. It involves someone who refused to allow the police to occupy his home in order to gain a "tactical advantage" against the house next-door. The police returned later, broke down his door, forced him to the floor and then arrested him for obstructing an officer. They also shot his dog with pepperball rounds. It's hard to argue with the premise of this case; police officers are acting so much like soldiers that it can be hard to tell the difference.

In "Rise of the Warrior Cop," Radley Balko chronicles the steady militarization of the police in the U.S. A detailed history of a dangerous trend, Mr. Balko's book tracks police militarization over the past 50 years, a period that not coincidentally corresponds with the rise of SWAT teams. First established in response to the armed riots of the late 1960s, they were originally exclusive to big cities and deployed only against heavily armed and dangerous criminals. Today SWAT teams are nothing special. They've multiplied like mushrooms. Every city has a SWAT team; 80% of towns between 25,000 and 50,000 people do as well. These teams are busy; in 2005 there were between 50,000 and 60,000 SWAT raids in the U.S. The tactics are pretty much what you would expect -- breaking down doors, rushing in with military weaponry, tear gas -- but the targets aren't. SWAT teams are routinely deployed against illegal poker games, businesses suspected of employing illegal immigrants and barbershops with unlicensed hair stylists.

In Prince George's County, MD, alone, SWAT teams were deployed about once a day in 2009, overwhelmingly to serve search or arrest warrants, and half of those warrants were for "misdemeanors and nonserious felonies." Much of Mr. Balko's data is approximate, because police departments don't publish data, and they uniformly oppose any attempts at transparency or oversight. But he has good Maryland data from 2009 on, because after the mayor of Berwyn Heights was mistakenly attacked and terrorized in his home by a SWAT team in 2008, the state passed a law requiring police to report quarterly on their use of SWAT teams: how many times, for what purposes and whether any shots were fired during the raids.

Besides documenting policy decisions at the federal and state levels, the author examines the influence of military contractors who have looked to expand into new markets. And he tells some pretty horrific stories of SWAT raids gone wrong. A lot of dogs get shot in the book. Most interesting are the changing attitudes of police. As the stories progress from the 1960s to the 2000s, we see police shift from being uncomfortable with military weapons and tactics -- and deploying them only as the very last resort in the most extreme circumstances -- to accepting and even embracing their routine use.

This development coincides with the rhetorical use of the word "war." To the police, civilians are citizens to protect. To the military, we are a population to be subdued. Wars can temporarily override the Constitution. When the Justice Department walks into Congress with requests for money and new laws to fight a war, it is going to get a different response than if it came in with a story about fighting crime. Maybe the most chilling quotation in the book is from William French Smith, President Reagan's first attorney general: "The Justice Department is not a domestic agency. It is the internal arm of national defense." Today we see that attitude in the war on terror. Because it's a war, we can arrest and imprison Americans indefinitely without charges. We can eavesdrop on the communications of all Americans without probable cause. We can assassinate American citizens without due process. We can have secret courts issuing secret rulings about secret laws. The militarization of the police is just one aspect of an increasing militarization of government.

Mr. Balko saves his prescriptions for reform until the last chapter. Two of his fixes, transparency and accountability, are good remedies for all governmental overreach. Specific to police departments, he also recommends halting mission creep, changing police culture and embracing community policing. These are far easier said than done. His final fix is ending the war on drugs, the source of much police violence. To this I would add ending the war on terror, another rhetorical war that costs us hundreds of billions of dollars, gives law enforcement powers directly prohibited by the Constitution and leaves us no safer.

This essay originally appeared in the "Wall Street Journal."
http://online.wsj.com/article/...

http://www.amazon.com/...

Related essay.
http://www.newyorker.com/online/blogs/comment/2013/...


Schneier News

My blog has made the "Time" magazine "25 Best Bloggers 2013 Edition" list.
http://techland.time.com/2013/08/05/...

Good review of the strengths and weaknesses of "Cryptography Engineering" and "Applied Cryptography." Best -- at least to me -- is the list of things missing, which we'll have to address if we do another edition.
http://sockpuppet.org/blog/2013/07/22/...

Mikko Hypponen and I answered questions about PRISM on the TED website.
http://blog.ted.com/2013/07/17/...


Michael Hayden on the Effects of Snowden's Whistleblowing

Former NSA director Michael Hayden lists three effects of the Snowden documents:

* "...the undeniable operational effect of informing adversaries of American intelligence's tactics, techniques and procedures."

* "...the undeniable economic punishment that will be inflicted on American businesses for simply complying with American law."

* "...the erosion of confidence in the ability of the United States to do *anything* discreetly or keep *anything* secret."

It's an interesting list, and one that you'd expect from a NSA person. Actually, the whole essay is about what you'd expect from a former NSA person.

My reactions:

* This, I agree, is actual damage. From what I can tell, Snowden has done his best to minimize it. And both the Guardian and the Washington Post refused to publish materials he provided, out of concern for US national security. Hayden believes that both the Chinese and the Russians have Snowden's entire trove of documents, but I'm less convinced. Everyone is acting under the assumption that the NSA has compromised everything, which is probably a good assumption.

* Hayden has it backwards -- this is good. I hope that companies that have cooperated with the NSA are penalized in the market. If we are to expect the market to solve any of this, we need the cost of cooperating to be greater than the cost of fighting. If we as consumers punish companies that have complied with the NSA, they'll be less likely to roll over next time.

* In the long run, this might turn out to be a good thing, too. In the Internet age, secrecy is a lot harder to maintain. The countries that figure this out first will be the countries that do well in the coming decades.

And, of course, Hayden lists his "costs" without discussing the benefits. Exposing secret government overreach, a secret agency gone rogue, and a secret court that's failing in its duties are enormously beneficial. Snowden has blown a whistle that long needed blowing -- it's the only way can ever hope to fix this. And Hayden completely ignores the very real question as to whether these enormous NSA data-collection programs provide any real benefits.

I'm also tired of this argument: "But it takes a special kind of arrogance for this young man to believe that his moral judgment on the dilemma suddenly trumps that of two (incredibly different) presidents, both houses of the U.S. Congress, both political parties, the U.S. court system and more than 30,000 of his co-workers."

It's like President Obama claiming that the NSA programs are "transparent" because they were cleared by a secret court that only ever sees one side of the argument, or that Congress has provided oversight because a few legislators were allowed to know some of what was going on but forbidden from talking to *anyone* about it.

http://www.cnn.com/2013/07/19/opinion/...

The NSA has gone rogue:
http://www.nytimes.com/2013/06/28/opinion/...

NSA surveillance cost/benefits:
https://chronicle.com/blogs/conversation/2013/06/13/...

Obama's comments on NSA transparency:
http://www.usatoday.com/story/theoval/2013/06/18/...


Counterterrorism Mission Creep

One of the assurances I keep hearing about the U.S. government's spying on American citizens is that it's only used in cases of terrorism. Terrorism is, of course, an extraordinary crime, and its horrific nature is supposed to justify permitting all sorts of excesses to prevent it. But there's a problem with this line of reasoning: mission creep. The definitions of "terrorism" and "weapon of mass destruction" are broadening, and these extraordinary powers are being used, and will continue to be used, for crimes other than terrorism.

Back in 2002, the Patriot Act greatly broadened the definition of terrorism to include all sorts of "normal" violent acts as well as non-violent protests. The term "terrorist" is surprisingly broad; since the terrorist attacks of 9/11, it has been applied to people you wouldn't normally consider terrorists.

The most egregious example of this are the three anti-nuclear pacifists, including an 82-year-old nun, who cut through a chain-link fence at the Oak Ridge nuclear-weapons-production facility in 2012. While they were originally arrested on a misdemeanor trespassing charge, the government kept increasing their charges as the facility's security lapses became more embarrassing. Now the protestors have been convicted of violent crimes of terrorism -- and remain in jail.

Meanwhile, a Tennessee government official claimed that complaining about water quality could be considered an act of terrorism. To the government's credit, he was subsequently demoted for those remarks.

The notion of making a terrorist threat is older than the current spate of anti-terrorism craziness. It basically means threatening people in order to terrorize them, and can include things like pointing a fake gun at someone, threatening to set off a bomb, and so on. A Texas high-school student recently spent five months in jail for writing the following on Facebook: "I think I'ma shoot up a kindergarten. And watch the blood of the innocent rain down. And eat the beating heart of one of them." Last year, two Irish tourists were denied entry at the Los Angeles Airport because of some misunderstood tweets.

Another term that's expanded in meaning is "weapon of mass destruction." The law is surprisingly broad, and includes anything that explodes, leading political scientist and terrorism-fear skeptic John Mueller to comment:

As I understand it, not only is a grenade a weapon of mass destruction, but so is a maliciously-designed child's rocket even if it doesn't have a warhead. On the other hand, although a missile-propelled firecracker would be considered a weapon of mass destruction if its designers had wanted to think of it as a weapon, it would not be so considered if it had previously been designed for use as a weapon and then redesigned for pyrotechnic use or if it was surplus and had been sold, loaned, or given to you (under certain circumstances) by the secretary of the army ....
All artillery, and virtually every muzzle-loading military long arm for that matter, legally qualifies as a WMD. It does make the bombardment of Ft. Sumter all the more sinister. To say nothing of the revelation that The Star Spangled Banner is in fact an account of a WMD attack on American shores.

After the Boston Marathon bombings, one commentator described our use of the term this way: "What the United States means by terrorist violence is, in large part, 'public violence some weirdo had the gall to carry out using a weapon other than a gun.' ... Mass murderers who strike with guns (and who don't happen to be Muslim) are typically read as psychopaths disconnected from the larger political sphere." Sadly, there's a lot of truth to that.

Even as the definition of terrorism broadens, we have to ask how far we will extend that arbitrary line. Already, we're using these surveillance systems in other areas. A raft of secret court rulings has recently expanded the NSA's eavesdropping powers to include "people possibly involved in nuclear proliferation, espionage and cyberattacks." A "little-noticed provision" in a 2008 law expanded the definition of "foreign intelligence" to include "weapons of mass destruction," which, as we've just seen, is surprisingly broad.

A recent "Atlantic" essay asks, somewhat facetiously, "If PRISM is so good, why stop with terrorism?" The author's point was to discuss the value of the Fourth Amendment, even if it makes the police less efficient. But it's actually a very good question. Once the NSA's ubiquitous surveillance of all Americans is complete -- once it has the ability to collect and process all of our emails, phone calls, text messages, Facebook posts, location data, physical mail, financial transactions, and who knows what else -- why limit its use to cases of terrorism? I can easily imagine a public groundswell of support to use to help solve some other heinous crime, like a kidnapping. Or maybe a child-pornography case. From there, it's an easy step to enlist NSA surveillance in the continuing war on drugs; that's certainly important enough to warrant regular access to the NSA's databases. Or maybe to identify illegal immigrants. After all, we've already invested in this system, we might as well get as much out of it as we possibly can. Then it's a short jump to the trivial examples suggested in the "Atlantic" essay: speeding and illegal downloading. This "slippery slope" argument is largely speculative, but we've already started down that incline.

Criminal defendants are starting to demand access to the NSA data that they believe will exonerate themselves. How can a moral government refuse this request?

More humorously, the NSA might have created the best backup system ever.

Technology changes slowly, but political intentions can change very quickly. In 2000, I wrote in my book "Secrets and Lies" about police surveillance technologies: "Once the technology is in place, there will always be the temptation to use it. And it is poor civic hygiene to install technologies that could someday facilitate a police state." Today we're installing technologies of ubiquitous surveillance, and the temptation to use them will be overwhelming.

This essay originally appeared in TheAtlantic.com.
http://www.theatlantic.com/politics/archive/2013/07/...

The definition of terrorism has broadened:
http://www.aclu.org/national-security/...

The anti-nuclear pacifists:
http://www.commondreams.org/view/2013/05/15-7

Tennessee official story:
http://www.huffingtonpost.com/2013/06/22/...
http://www.memphisdailynews.com/news/2013/jul/4/...

Texas high-school student story:
http://www.nydailynews.com/news/national/...

Irish tourist story:
http://www.bbc.co.uk/news/technology-16810312

"Weapon of mass destruction" story:
http://www.law.cornell.edu/uscode/text/18/2332a

Mueller comment:
http://www.schneier.com/blog/archives/2009/04/...

Quote about what a terrorist is:
http://www.salon.com/2013/04/28/...

Secret court rulings on NSA power:
https://www.nytimes.com/2013/07/07/us/...

Atlantic article:
http://www.theatlantic.com/politics/archive/2013/07/...

Other agencies are already asking to use the NSA data: "Agencies working to curb drug trafficking, cyberattacks, money laundering, counterfeiting and even copyright infringement complain that their attempts to exploit the security agency’s vast resources have often been turned down because their own investigations are not considered a high enough priority, current and former government officials say."
http://www.nytimes.com/2013/08/04/us/...

The Drug Enforcement Agency is already using this data, and lying about it:
http://www.reuters.com/article/2013/08/05/...

Defendants demanding NSA data:
http://www.nbcnews.com/technology/...
http://rt.com/usa/nsa-surveillance-judge-records-900/

NSA as a backup system:
http://nesaranews.blogspot.com/2013/07/...

Ubiquitous surveillance:
https://www.schneier.com/essay-418.html


Since 1998, CRYPTO-GRAM has been a free monthly newsletter providing summaries, analyses, insights, and commentaries on security: computer and otherwise. You can subscribe, unsubscribe, or change your address on the Web at <http://www.schneier.com/crypto-gram.html>. Back issues are also available at that URL.

Please feel free to forward CRYPTO-GRAM, in whole or in part, to colleagues and friends who will find it valuable. Permission is also granted to reprint CRYPTO-GRAM, as long as it is reprinted in its entirety.

CRYPTO-GRAM is written by Bruce Schneier. Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books -- including "Liars and Outliers: Enabling the Trust Society Needs to Survive" -- as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and his blog "Schneier on Security" are read by over 250,000 people. He has testified before Congress, is a frequent guest on television and radio, has served on several government committees, and is regularly quoted in the press. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, an Advisory Board Member of the Electronic Privacy Information Center, and the Security Futurologist for BT -- formerly British Telecom. See <http://www.schneier.com>.

Crypto-Gram is a personal newsletter. Opinions expressed are not necessarily those of BT.

Copyright (c) 2013 by Bruce Schneier.



later issue
earlier issue
back to Crypto-Gram index

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..