Backdooring major services may lead to the mass adoption of encrypted systems. Not immediately, of course, but after the leaks start. Who'd use a backdoored Google Drive for proprietary information when they could use SpiderOak?
The FBI is asking for backdoors on the client side of secure communication systems. Did you think they forgot about the 90s?
The difference today is this: lots of people are buying restricted computers (tablets, smartphones, even some laptops), and it would not be hard for the government to push backdoors into software distributed via the "app store model." This time there is actually a chance of the Justice Department getting their way.
Unless you create your own raspberry pi to used as a (sanctioned from you) mitm proxy that encrypts the paintext on any communication you send to the online services. So basically google get already encrypted mail that only the receiver can decrypt.
So it will go like this - I write hi on the IM client, the Pi intercepts the protocol unpacks the hi encrypts it with the private key, sends some base64 to the server who then translates it to the receiver that has similar device installed which does the decryption.
It is not perfect but it can be done. And I am sure Mr Schneier can think of something much better in its sleep.
Every Web 2.0 service has been "backdoored" (i.e. storing data in the clear on the servers) all along and very few people have complained. Perhaps inventing a scary term for an existing practice will catalyze some kind of change, but I doubt it.
"Backdoor" is the term that we used in the 1990s in connection with proposed anti-encryption measures, and particularly systems like Clipper where encryption was present but had been modified to allow government access ("key escrow" and "key recovery"). In this prototypical case, a potentially otherwise secure design was modified specifically to allow the government to break it. There are still engineering efforts today to do analogous things, including work at ETSI with regard to GSM voice encryption.
As a coauthor of the original post, I think the term is still reasonable and useful.
I agree that the applicability of "backdoor" to the cases you mention is less clear, and sometimes absent. Often, the main reasons that users don't get to control their own crypto keys may have to do with a service provider's business model and engineering decisions. If facilitating surveillance wasn't one of the main design goals, I can see where "backdoor" feels much less appropriate. (I think I'd argue that it's still an appropriate term if the architectural decisions about encryption are directly influenced by pressure from the government. Legislation to ban certain designs for communications systems should put us squarely in that category.)
I'd also like to find ways to encourage users to value end-to-end encryption, but I don't think that was meant to be the point of using the term "backdoor". We are actually talking about legislation here, supposedly meant to change how services are engineered, likely including services and software that are already in use.
I actually feel much worse with the fact that large corporations with no oversight, who knows what kind of security, no counter-intelligence and little if any background checks on employees, have a front-door entrance to my data. Think about this: how hard would it be for a crime organization to put some Google employees on their payroll and use them to get personal information on just about anyone. How hard would it be for them to threaten a Google employee to provide them with information? So now the government wants in? Join the party.
I'd actually be happy, though, if the government put in place some/more regulation on companies that collect so much personal data.
It is difficult to get traceable user information at companies like Google. In my experience startups do little or nothing to protect this data. They also would be the ones likely to put a vulnerable backdoor in a product just to meet some government mandate.
So you'd be happy that the government establishes their own rules by themselves about when they spy on your data? Rules shouldn't be made BY the government in the first place, since they have a vested interest in watching over everything we do.
For those who are skeptical about these conspiracy theories, I've tried to explain why large vendors accede in a previous post and got great skeptical questions: https://news.ycombinator.com/item?id=5706695
tl;dr -- Most large public services you use (Skype, Exchange, likely Gmail, etc) have backdoors.
Large vendors believe they have to respond to subpoenas or face public obstruction or co-conspiracy charges. As a result, they place these backdoors to avoid the PR or believe they are required to play by the US govt's rules. They may not be realtime backdoors, and they may require a bunch of processing, but it is possible to read most messages sent through large, popular systems (both voice and text like email, sms, chat). I think everyone is waiting for a major court ruling or congressional bill to clarify what's what.
snippet of previous post to explain the vendor's mentality:
> The govt comes by with a subpoena (secret, classified, or public) and requires Microsoft or the customer company to produce communication records that exist in a form that may be used as evidence. Failure to do so is best contempt of court and worst obstruction of justice. No 5th amendment privilege for other people's crimes [and prior to last year's ruling, it was assumed that passwords (or private keys) could be compelled for any reason in the US, and systems were built with that assumption]. So everyone who chooses to store or process messages makes it so the encryption is reversible and they can honor court requests. Nothing is private as a result.
> There is not yet a way to build a messaging service that has both features [content-aware features like URL detection, spell-checkers, web browsing for dumb clients, targeted ads to fund free services, etc] AND [pure] privacy [in the US].
> The govt comes by with a subpoena (secret, classified, or public) and requires Microsoft or the customer company to produce communication records that exist in a form that may be used as evidence. Failure to do so is best contempt of court and worst obstruction of justice.
This assertion seems dubious - IIRC the law (court order or subpoena or whatever) cannot compel a company to disclose information which they do not have in their possession. What are your sources (and/or credentials) supporting this opinion?
[EDIT] While we're at it, could you please also substantiate the following claim of yours? It doesn't look right either - if this were so, then emails would be retained indefinitely whereas we know for a fact that they are routinely and aggressively purged, except when explicitly held for discovery.
>There is a prevailing theory that companies are responsible for employee actions, and failing to log is seen as unacceptable.
I recall some court rulings here in the US that a company could be required to install new software to write log data to disk, once the court found out that it was available in memory. This is only a special case of "information which they [do] have in their possession", but shows that that rule goes further than one might think.
I am concerned about another scenario. I'm working on a site where people can exchange messages they've encrypted at the endpoints, such that the participants alone have the decryption ability and the server does not (assuming drawkbox is mistaken in some of his claims). Will it be illegal to launch this in the US if the requested law is passed first?
Sometimes in tax law, courts have held that because Congress was considering a bill, the taxpayer was on notice that something was going to be illegal, and then the taxpayer was unable to rely on it, even though it was legal when he did it. Besides, USG in recent years has proved to be unrestrained by legal barriers to anything it has demanded.
I think it's best to look for a lawyer to get specific advice.
Black-and-white statements like "USG in recent years has proved to be unrestrained by legal barriers to anything it has demanded" only serve to cloud your judgement and blind you to the intricacies of the situation and your available options. You know it's not true.
(I'm one of the guys that was talking with you in that link)
To be clear, I think that vendors make their services "backdoorable" because they want to extract revenue from them and attract consumers. Once they have the capability, the government can then capable of compelling them to comply. I don't think the government is compelling them to build the capability in the first place.
To use a concrete example, Bitlocker is presumably not backdoored by Microsoft and I don't believe that the government has any (public) laws that would allow them to compel Microsoft to modify Bitlocker in such a way. Microsoft's refusal to backdoor Bitlocker could not get them into any sort of official trouble. If Microsoft had Bitlocker backdoored already for whatever reason (say, customer service data recovery), then the government could compel them to comply them to unlock drives.
I don't think we really disagree on anything substantial.
To be clear, I think that vendors make their services "backdoorable" because they want to extract revenue from them and attract consumers.
I disagree. Most are "backdoorable" because it is easier to build a service that way.
For instance consider gmail. The hard requirement is that a person armed with a user name and password can login from a browser and get access to that email. The common requirement is that a person armed with the right cookie can get that email. Now in theory you could encrypt all of the emails on the server, but now your operations costs went through the roof. However if you store them in plain text then you can use smart indexing, and your operations costs are much more manageable.
However once you've decided to have plain text files on your server, EVEN IF you aren't doing anything with them other than storing/sending them to the user, you're now able to backdoor those files, and hence can be compared to by a court.
There have been many email systems out there. Open source (qmail, sendmail, etc), proprietary (Exchange, Dovecot, etc), hosted in the cloud (Hotmail, Gmail, etc), hosted at your company (Exim, Oracle Communications Messaging Server, etc), built on top of platforms not meant to do email (Lotus Notes being a prime example) and so on.
Every single one of the ones I named and many, many, more stored data in plain text and legal discovery could be compelled on them. Simply because that was the easiest way to build them. There are exceptions, but they are exceptions because they were meant to be. Hushmail comes to mind. However even there, even when it was designed to store data in encrypted format, if the government can find a way to force you to extract data, they will push you to do so. (See http://en.wikipedia.org/wiki/Hushmail for a description of the way in which the government got Hushmail to capture plain text, even though the data was stored in plain text.)
The moral? Often the government has access not because evil profit-mongering corporations did wrong, but simply because obvious technical decisions leave them able to do so. And this can be true even when those corporations made a good faith effort to make that impossible.
> Most are "backdoorable" because it is easier to build a service that way.
Okay sure, I can go with that. My point is that the reason is not "because the government makes them do it that way." I agree with all of what you are saying.
Tying into the original conversation, my beef with skype isn't so much that they were backdoorable but that they were backdoorable when they have been claiming for years that they are not.
This is well said. The thing is, though, that it was the non-Java version of Hushmail that was exploited by the Feds. The fact that it could be exploited shouldn't cast the end-to-end secure version in a negative light.
So who at Google is going to code an encrypted Gmail in their 20% time? Paid, of course, because the server won't know what ads to show. (You could put that intelligence in the client, but it seems a privacy-sensitive clientele wouldn't like even that info to leak.)
I'm sure Google already has an encrypted version of their Gmail service, but why would they shoot themselves in the foot and loose all that Ad revenue?
You could put that intelligence in the client, but there is only so much analysis you do do using JavaScript, I'm sure the computing power they have available on their servers is phenomenal, and add to that a huge databank of information they have available to be able to better match those ads to you. And you've already mentioned the privacy issue...
Google would choose to lose "all that ad revenue" if they could replace it with sufficient, and probably more lucrative, non-ad revenue through paying customers.
Yep, there is no public or secret law that would require Microsoft to backdoor Bitlocker.
What's worth remembering, though, is that such a proposal came reasonably close to becoming federal law in the 1990s. It was backed by the FBI and was approved by a House of Representatives committee, which I mention here:
http://news.cnet.com/8301-13578_3-10024163-38.html
An excerpt from that article: "In the 1990s, [now-VP Joe] Biden was chairman of the Judiciary Committee and introduced a bill called the Comprehensive Counter-Terrorism Act, which the EFF says he was "persuaded" to do by the FBI. A second Biden bill was called the Violent Crime Control Act. Both were staunchly anti-encryption, with this identical language:
It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law...
While neither of Biden's pair of bills became law, they did foreshadow the FBI's pro-wiretapping, anti-encryption legislative strategy that followed -- and demonstrated that the Delaware senator was willing to be a reliable ally of law enforcement on the topic. (They also previewed the FBI's legislative proposal later that decade for banning encryption products such as SSH or PGP without government backdoors, which was approved by one House of Representatives committee but never came to a vote in the Senate.)"
And I hope it's clear I like and respect your questions -- people like you are the key reasons I keep coming back here.
About bitlocker, I agree with you that there likely isn't a backdoor built into the service beyond breaking crypto (likely still hard, though crypto export laws still apply and influence overall strength). What I would point out is that the data recovery 'backdoor' (where private keys get stored in central servers, either in AD or your Microsoft Account) is turned on by default. It's most likely for user convenience, but I imagine those that want ediscovery would be happy.
> Most large public services you use (Skype, Exchange, likely Gmail, etc) have backdoors.
Google gave up Paula Broadwell's joint Gmail account with David Petraeus to the FBI after receiving a subpoena. Gmail isn't secure unless you log in through Tor, compose your message on a separate editor (to avoid autosaving of plaintext) and then copy and paste a PGP encrypted message before you send it.
Now, you might think that this is a ridiculous and impractical thing to do, especially if you are not guilty of any crimes. But Paula Broadwell wasn't guilty of any crimes (or at least wasn't charged with any crimes) before Google happily violated her privacy by giving away her information without a warrant.
It would have been a search warrant from the FBI, not a subpoena. The FBI was notified about the Broadwell "harassment" in mid-2012, and by then Google had nationalized Warshak and was requiring a search warrant for the contents of email communications.
You're right. The FBI did have a warrant to monitor her email accounts [ǣ] (it's too late to edit my previous comment).
The troubling thing about the Broadwell story was the FBI's preferential treatment of Kelley because she knew members of the agency. It shows how easy it is to get the FBI to investigate your enemies if you have connections; otherwise it is difficult to get the FBI to care about your case, especially if no one was physically hurt and no monetary damage was caused.
The parent post says companies "believe they have to respond to subpoenas or face public obstruction or co-conspiracy charges." This is simply not true. Google fought a DOJ subpoena for search terms in court (while Yahoo, AOL, and Microsoft did not):
http://news.cnet.com/FAQ-What-does-the-Google-subpoena-mean/...
Twitter successfully fought for the ability to notify the Wikileaks crew of a DOJ (d) order it received, who then fought it in court with the help of EFF and ACLU:
http://news.cnet.com/8301-31921_3-20027893-281.html
And, perhaps most importantly, Google is currently challenging a secret NSL it received from the FBI in federal court in San Francisco, making it the first large Internet company to do so.
In other words, the thesis of the parent's post -- that "contempt of court" is likely -- has been disproven by recent history. That said, I think it's fair to say that AT&T, Verizon, and the other telcos have a much closer relationship with law enforcement and are less likely to take privacy-protective steps via litigation. Look at AT&T's warrantless wiretapping for the NSA. And in the case of the recently-publicized DOJ subpoena to Verizon for the AP's phone records, Verizon could have notified the affected journalists, but chose not to do so.
> There is not yet a way to build a messaging service that has both features [content-aware features like URL detection, spell-checkers, web browsing for dumb clients, targeted ads to fund free services, etc] AND [pure] privacy [in the US].
If you did it on the client, and not on the server, you could provide those features without reading messages, or breaking end-to-end encryption.
Boiling frog. As long as digital freedoms remain unlegislated, government will circumscribe ever-shrinking boundaries with and without the help of industry. It will continue forever until and unless the freedoms are enshrined into law.
>Ironically, one of the groups working hardest to enable and promote end-to-end secure communications technology is NIST, ie, "the Government."
I don't see the irony. It's just the nature of government. The government isn't one person, it's competing factions with conflicting interests.
The ideal in cryptography is to minimize the attack surface and eliminate vulnerabilities. If NIST adopts poor cryptographic standards which fail in that regard then they lose face and risk having their dominion over those matters reduced. Their incentives therefore align well with those of the general public.
On the other hand, the FBI's job is to put humans in prison. Security vulnerabilities are their friend because they're often legally allowed to exploit them. And as a bonus, the bad guys can exploit them too -- more bad guys (real or imaginary) means larger law enforcement and defense budgets.
Agreed, this was what I was pointing out. Government is a complex and multifaceted enterprise, but people often treat it as a monolith, especially in conspiracy theories.
There's a great line in "What Chinese Hackers Get Wrong About Washington:"
This is the most pervasive of of all Washington legends: that politicians in Washington are ceaselessly, ruthlessly, effectively scheming. That everything that happens fits into somebody’s plan. It doesn’t. Maybe it started out with a scheme, but soon enough everyone is, at best, reacting, and at worst, failing to react, and always, always they’re doing it with less information than they need.
That’s been a key lesson I’ve learned working as a reporter and political observer in Washington: No one can carry out complicated plans. All parties and groups are fractious and bumbling. But everyone always thinks everyone else is efficiently and ruthlessly implementing long-term schemes.
You know, part of me wants this to happen. It will force a lot of high profile technology companies (and spawn new ones) to adopt end to end asymmetric encryption. Of course, this is idealistic, but there could be some good to be gleaned from it.
Huh, I had the opposite interpretation. If you have end-to-end crypto then you'd have to add a backdoor, but if you have weak or no crypto then your system will need little or no change.
I agree crypto on personal and business communication by default would be great, but it won't do much to truly protect the data from national security.
If using NSA approved crypto they'd love that such as RSA.
It's newer algorithms like PGP in the 90's that actually protect (or did) or extreme military grade encryption. Trapdoors and algos that can be broken by the NSA are more preferred and don't get the Zimmerman treatment because of that. If I were the NSA I'd do the same thing, it is their job.
There really is no way to fully encrypt that isn't undoable by the NSA. As long as it is only the NSA and not some other competitor spying on business ideas and private communications. Trapdoors for national security are typically in the software or a known flaw that makes it easier to decrypt and recover this information, obtain keys or enter the system to trigger and get the needed information to reverse. There are ways to trigger these modes within the software, software to be used by the NSA has to be approved by them. There is a reason you are subject to all sorts of scrutiny if you don't use approved algos/software wherever you do encryption/decryption (even when you upload a new app you are asked this and can cause problems if you aren't using the system crypto libraries).
If you want to test this, simply make your own crypto lib and send some comms to a bad place in current geopolitics (I don't recommend it). Soon you will get a visit from the FBI and you may get the Phil Zimmerman treatment. Again, can't fault them, it is their job, but understand nothing is truly secure from national security. Yes it might be impossible for other businesses to read it or individuals but not the organization that employs the greatest cryptographers of all time.
Where do you get the claim that NSA can reverse cryto that is generally believed unbreakable? Maybe you meant to refer to DSA, which is deprecated, in this line: "If using NSA approved crypto they'd love that such as RSA". RSA is used today for SSH keys.
How about links supporting the claims about NSA? I don't doubt they're trying to break any encryption as far as possible, but the statement that they definitely can break anything needs some evidence.
The algorithms may be secure, the software isn't always, much like backdoors in software so to can the libraries that do the encryption even outside the software (Windows even had an NSA backdoor in the 90's - http://slashdot.org/story/99/09/03/0940241/nsa-backdoor-crea...). They confirm nor deny this but I ask you if you were a national security cryptography agency what would you be doing?
The last real non NSA approved system was PGP in early 1990's, look up Phil Zimmerman and understand that if you create a system that the NSA has trouble peering into if needed (sometimes with considerable processing power) you will be contacted.
"As the premier cryptographic government agency, the NSA has huge financial and computer resources and employs a host of cryptographers. Developments in cryptography achieved at the NSA are not made public; this secrecy has led to many rumors about the NSA's ability to break popular cryptosystems like DES (see Section 3.2), as well as rumors that the NSA has secretly placed weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These rumors have never been proved or disproved. Also the criteria used by the NSA in selecting cryptography standards have never been made public."
There would never be definitive evidence and if so it would cause huge problems, for most communications including fast SSL/HTTPS exchanges for business or regular private communications this is not a worry. Most encryption is good enough for that level of communication, there is a reason though the military for sensitive information is using much greater levels and systems for crypto than consumer grade. Just don't be naive to think the NSA can't right now read all of your communications encrypted or not through many avenues trapdoors, backdoors in libraries, taking over computers to get private keys (all keys are stored somewhere and all passwords have to be typed in at some point) etc.
However I am pretty sure noone is uploading target coordinates or guiding missiles using AES 256 even, it seems. I could be wrong but I would assume something greater.
It is assumed the NSA, other than side channel attacks, cannot break AES as of 2006, still it is getting close.
"AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.[11]"
Right, this wouldn't even be news, noone cares. Is the topic of this thread in the news? AP phone logs are recently, echelon was previously, noone cares about CISPA, SOPA, AT&T diverting traffic for NSA (wired - http://www.wired.com/science/discoveries/news/2006/04/70619 - did you hear about this one on CNN?) etc in mainstream news. The media would quickly label this 'conspiracy' and people would turn off their minds largely like your response.
Even if there were multiple whistleblowers on something like this the individuals would be attacked on their character and it would move onto the next (wikileaks). Writers would be most likely committing career suicide attacking something that big even with lots of evidence.
If our security agencies aren't doing this we are going to fail, the Chinese, Russians are all doing this even as recent at the Chinese attacks on Google. It is almost always flaws in software that facilitate the communication not the algorithms themselves.
You could easily test this. Modify OpenSSL (which recently had a keygen issue making weaker keys and has had holes before: http://www.gartner.com/id=676807), then upload an app that allows encrypted communication and when you upload it to Apple answer the question of 'Yes' to using new cryptography. They are mainly there for export controls but you won't be able to publish that app without an FBI/NSA review if you had added new cryptography algorithms, they have to be approved. Good luck if you send any messages to geopolitical sensitive places without an approved algo or library.
Could some hackers please hack the police wiretapping systems already in place the government doesn't seem to understand the threat to our security and anonymity this poses without a demonstration.
No system is completely secure including the wiretapping system which introduces one point of failure not to mention incredible power for a not so benevolent dictator.
If Hitler were alive today we would all be screwed by now so how long do you reckon it would take for another man like him to rise to power?
I would give it maybe 5 generation and I'm being generous here. Given how China is behaving right now drunk on power i don't think we're going to have to wait that long.
That they can follow? Yes. I think Gwern's got a fairly simple rundown on her silk road article on her website. That they can make practical use of for day to day? Not really, no.
Open-source end-to-end encrypted communications. Using it is not rocket science. You should not trust legislation and goodwill of service providers for your privacy. Take the power to your own hands.
GPG is the number one tool of course. For IM-like functionality OTR (over XMPP) seems to be the preferred protocol, you could use eg Jitsi as the client. For (mobile) voice there is RedPhone and SilentCircle. Both are fairly new so I wouldn't be 100% confident on them but they are made by experts and lay on very strong foundations.
Given that the Government has already back-doors in nearly all of your communication. How would they utilize it? What would their benefit be?
That's nothing but Psychopathic behavior!! Someone wanting to know everything about you, just because there could something be that could harm you, or there could something be that you could use to profit from. That's sick!
You put 99,9% of the population into quarantine, because 0,01% is infected, thus harming all.
Then there is this obsession of some even more psychopathic citizens that act as a voluntary traitor, just to get attention. Remember the volunteers who helped to reveal the identities of demonstrators in the UK.
When I see an IT-Expert, I won't ask him to fix my computer just because he can, but people do. They don't care about the time and effort someone has to offer for you for free. They require it, because they believe they can require it. IT-Experts usually don't have high self-esteem which allows many people to put knives into the backs of those IT-Experts. That's the same egoism that the Government has, it believes to stand above the human rights.
Well it's sad, but in the US you've given up on privacy more or less, because everybody thinks about his own profit and not being willing to share a dime of your profit, even in theory, allows politicians to reform the law into something stinky. But politicians profit from doing that, because the suggest stinky compromises. Someone has to break this cycle. If I said that in an uneducated channel, people would say: "stupid communist" or something. But in reality I believe that people should just be friendlier to each other. Why is that so hard to understand. :( This makes me truly sad.
I live in a world where I have to use simpler and simples words, just because my surrounding doesn't understand common words anymore. The overall IQ is getting lower and lower, so low that I cannot use metaphors, sarcasm, irony and even folk wisdom anymore, because people are completely unaware of them. Knowing that these people would accept this law, because they don't care, don't read, don't think on their own is sad. People don't start thinking on their own, they agree on others or more popular people say, as if this was fully acceptable and logical. I am so happy when I hear about services like http://udacity.com because I hope the next generation won't dumb down like this generation. Way too many children fail at school, way too many pupil don't get higher education. The gap is becoming greater, your heritage becomes your identity.
Orwell laid it out dangerously obvious in his novel. Most of it got real. Let's hope that the day "Lies" become "Truth" never arrives.
We blame China, while we export the technology for it. We blame China while we implement that censoring infrastructure into our own Governments.
50 comments
[ 2.2 ms ] story [ 109 ms ] threadCan't stop the signal, Mal.
The difference today is this: lots of people are buying restricted computers (tablets, smartphones, even some laptops), and it would not be hard for the government to push backdoors into software distributed via the "app store model." This time there is actually a chance of the Justice Department getting their way.
So it will go like this - I write hi on the IM client, the Pi intercepts the protocol unpacks the hi encrypts it with the private key, sends some base64 to the server who then translates it to the receiver that has similar device installed which does the decryption.
It is not perfect but it can be done. And I am sure Mr Schneier can think of something much better in its sleep.
As a coauthor of the original post, I think the term is still reasonable and useful.
I agree that the applicability of "backdoor" to the cases you mention is less clear, and sometimes absent. Often, the main reasons that users don't get to control their own crypto keys may have to do with a service provider's business model and engineering decisions. If facilitating surveillance wasn't one of the main design goals, I can see where "backdoor" feels much less appropriate. (I think I'd argue that it's still an appropriate term if the architectural decisions about encryption are directly influenced by pressure from the government. Legislation to ban certain designs for communications systems should put us squarely in that category.)
I'd also like to find ways to encourage users to value end-to-end encryption, but I don't think that was meant to be the point of using the term "backdoor". We are actually talking about legislation here, supposedly meant to change how services are engineered, likely including services and software that are already in use.
I'd actually be happy, though, if the government put in place some/more regulation on companies that collect so much personal data.
tl;dr -- Most large public services you use (Skype, Exchange, likely Gmail, etc) have backdoors.
Large vendors believe they have to respond to subpoenas or face public obstruction or co-conspiracy charges. As a result, they place these backdoors to avoid the PR or believe they are required to play by the US govt's rules. They may not be realtime backdoors, and they may require a bunch of processing, but it is possible to read most messages sent through large, popular systems (both voice and text like email, sms, chat). I think everyone is waiting for a major court ruling or congressional bill to clarify what's what.
snippet of previous post to explain the vendor's mentality:
> The govt comes by with a subpoena (secret, classified, or public) and requires Microsoft or the customer company to produce communication records that exist in a form that may be used as evidence. Failure to do so is best contempt of court and worst obstruction of justice. No 5th amendment privilege for other people's crimes [and prior to last year's ruling, it was assumed that passwords (or private keys) could be compelled for any reason in the US, and systems were built with that assumption]. So everyone who chooses to store or process messages makes it so the encryption is reversible and they can honor court requests. Nothing is private as a result.
> There is not yet a way to build a messaging service that has both features [content-aware features like URL detection, spell-checkers, web browsing for dumb clients, targeted ads to fund free services, etc] AND [pure] privacy [in the US].
This assertion seems dubious - IIRC the law (court order or subpoena or whatever) cannot compel a company to disclose information which they do not have in their possession. What are your sources (and/or credentials) supporting this opinion?
[EDIT] While we're at it, could you please also substantiate the following claim of yours? It doesn't look right either - if this were so, then emails would be retained indefinitely whereas we know for a fact that they are routinely and aggressively purged, except when explicitly held for discovery.
>There is a prevailing theory that companies are responsible for employee actions, and failing to log is seen as unacceptable.
I am concerned about another scenario. I'm working on a site where people can exchange messages they've encrypted at the endpoints, such that the participants alone have the decryption ability and the server does not (assuming drawkbox is mistaken in some of his claims). Will it be illegal to launch this in the US if the requested law is passed first?
Sometimes in tax law, courts have held that because Congress was considering a bill, the taxpayer was on notice that something was going to be illegal, and then the taxpayer was unable to rely on it, even though it was legal when he did it. Besides, USG in recent years has proved to be unrestrained by legal barriers to anything it has demanded.
Black-and-white statements like "USG in recent years has proved to be unrestrained by legal barriers to anything it has demanded" only serve to cloud your judgement and blind you to the intricacies of the situation and your available options. You know it's not true.
To be clear, I think that vendors make their services "backdoorable" because they want to extract revenue from them and attract consumers. Once they have the capability, the government can then capable of compelling them to comply. I don't think the government is compelling them to build the capability in the first place.
To use a concrete example, Bitlocker is presumably not backdoored by Microsoft and I don't believe that the government has any (public) laws that would allow them to compel Microsoft to modify Bitlocker in such a way. Microsoft's refusal to backdoor Bitlocker could not get them into any sort of official trouble. If Microsoft had Bitlocker backdoored already for whatever reason (say, customer service data recovery), then the government could compel them to comply them to unlock drives.
I don't think we really disagree on anything substantial.
I disagree. Most are "backdoorable" because it is easier to build a service that way.
For instance consider gmail. The hard requirement is that a person armed with a user name and password can login from a browser and get access to that email. The common requirement is that a person armed with the right cookie can get that email. Now in theory you could encrypt all of the emails on the server, but now your operations costs went through the roof. However if you store them in plain text then you can use smart indexing, and your operations costs are much more manageable.
However once you've decided to have plain text files on your server, EVEN IF you aren't doing anything with them other than storing/sending them to the user, you're now able to backdoor those files, and hence can be compared to by a court.
There have been many email systems out there. Open source (qmail, sendmail, etc), proprietary (Exchange, Dovecot, etc), hosted in the cloud (Hotmail, Gmail, etc), hosted at your company (Exim, Oracle Communications Messaging Server, etc), built on top of platforms not meant to do email (Lotus Notes being a prime example) and so on.
Every single one of the ones I named and many, many, more stored data in plain text and legal discovery could be compelled on them. Simply because that was the easiest way to build them. There are exceptions, but they are exceptions because they were meant to be. Hushmail comes to mind. However even there, even when it was designed to store data in encrypted format, if the government can find a way to force you to extract data, they will push you to do so. (See http://en.wikipedia.org/wiki/Hushmail for a description of the way in which the government got Hushmail to capture plain text, even though the data was stored in plain text.)
The moral? Often the government has access not because evil profit-mongering corporations did wrong, but simply because obvious technical decisions leave them able to do so. And this can be true even when those corporations made a good faith effort to make that impossible.
Okay sure, I can go with that. My point is that the reason is not "because the government makes them do it that way." I agree with all of what you are saying.
Tying into the original conversation, my beef with skype isn't so much that they were backdoorable but that they were backdoorable when they have been claiming for years that they are not.
So who at Google is going to code an encrypted Gmail in their 20% time? Paid, of course, because the server won't know what ads to show. (You could put that intelligence in the client, but it seems a privacy-sensitive clientele wouldn't like even that info to leak.)
You could put that intelligence in the client, but there is only so much analysis you do do using JavaScript, I'm sure the computing power they have available on their servers is phenomenal, and add to that a huge databank of information they have available to be able to better match those ads to you. And you've already mentioned the privacy issue...
What's worth remembering, though, is that such a proposal came reasonably close to becoming federal law in the 1990s. It was backed by the FBI and was approved by a House of Representatives committee, which I mention here: http://news.cnet.com/8301-13578_3-10024163-38.html
An excerpt from that article: "In the 1990s, [now-VP Joe] Biden was chairman of the Judiciary Committee and introduced a bill called the Comprehensive Counter-Terrorism Act, which the EFF says he was "persuaded" to do by the FBI. A second Biden bill was called the Violent Crime Control Act. Both were staunchly anti-encryption, with this identical language: It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law...
While neither of Biden's pair of bills became law, they did foreshadow the FBI's pro-wiretapping, anti-encryption legislative strategy that followed -- and demonstrated that the Delaware senator was willing to be a reliable ally of law enforcement on the topic. (They also previewed the FBI's legislative proposal later that decade for banning encryption products such as SSH or PGP without government backdoors, which was approved by one House of Representatives committee but never came to a vote in the Senate.)"
And I hope it's clear I like and respect your questions -- people like you are the key reasons I keep coming back here.
About bitlocker, I agree with you that there likely isn't a backdoor built into the service beyond breaking crypto (likely still hard, though crypto export laws still apply and influence overall strength). What I would point out is that the data recovery 'backdoor' (where private keys get stored in central servers, either in AD or your Microsoft Account) is turned on by default. It's most likely for user convenience, but I imagine those that want ediscovery would be happy.
http://windows.microsoft.com/en-us/windows-8/bitlocker-recov...
Google gave up Paula Broadwell's joint Gmail account with David Petraeus to the FBI after receiving a subpoena. Gmail isn't secure unless you log in through Tor, compose your message on a separate editor (to avoid autosaving of plaintext) and then copy and paste a PGP encrypted message before you send it.
Now, you might think that this is a ridiculous and impractical thing to do, especially if you are not guilty of any crimes. But Paula Broadwell wasn't guilty of any crimes (or at least wasn't charged with any crimes) before Google happily violated her privacy by giving away her information without a warrant.
[ǣ] http://online.wsj.com/article/SB1000142412788732407350457811...
Twitter successfully fought for the ability to notify the Wikileaks crew of a DOJ (d) order it received, who then fought it in court with the help of EFF and ACLU: http://news.cnet.com/8301-31921_3-20027893-281.html
Facebook fought a subpoena from the state of Virginia: http://news.cnet.com/8301-13578_3-10352587-38.html
Amazon.com fought the DOJ in court in Wisconsin and fought the North Carolina tax collectors in court in Seattle: http://news.cnet.com/8301-13578_3-9824977-38.html http://news.cnet.com/8301-31921_3-20020680-281.html
And, perhaps most importantly, Google is currently challenging a secret NSL it received from the FBI in federal court in San Francisco, making it the first large Internet company to do so.
In other words, the thesis of the parent's post -- that "contempt of court" is likely -- has been disproven by recent history. That said, I think it's fair to say that AT&T, Verizon, and the other telcos have a much closer relationship with law enforcement and are less likely to take privacy-protective steps via litigation. Look at AT&T's warrantless wiretapping for the NSA. And in the case of the recently-publicized DOJ subpoena to Verizon for the AP's phone records, Verizon could have notified the affected journalists, but chose not to do so.
If you did it on the client, and not on the server, you could provide those features without reading messages, or breaking end-to-end encryption.
Ironically, one of the groups working hardest to enable and promote end-to-end secure communications technology is NIST, ie, "the Government."
I don't see the irony. It's just the nature of government. The government isn't one person, it's competing factions with conflicting interests.
The ideal in cryptography is to minimize the attack surface and eliminate vulnerabilities. If NIST adopts poor cryptographic standards which fail in that regard then they lose face and risk having their dominion over those matters reduced. Their incentives therefore align well with those of the general public.
On the other hand, the FBI's job is to put humans in prison. Security vulnerabilities are their friend because they're often legally allowed to exploit them. And as a bonus, the bad guys can exploit them too -- more bad guys (real or imaginary) means larger law enforcement and defense budgets.
There's a great line in "What Chinese Hackers Get Wrong About Washington:"
This is the most pervasive of of all Washington legends: that politicians in Washington are ceaselessly, ruthlessly, effectively scheming. That everything that happens fits into somebody’s plan. It doesn’t. Maybe it started out with a scheme, but soon enough everyone is, at best, reacting, and at worst, failing to react, and always, always they’re doing it with less information than they need.
That’s been a key lesson I’ve learned working as a reporter and political observer in Washington: No one can carry out complicated plans. All parties and groups are fractious and bumbling. But everyone always thinks everyone else is efficiently and ruthlessly implementing long-term schemes.
http://www.washingtonpost.com/blogs/wonkblog/wp/2013/02/25/w...
If using NSA approved crypto they'd love that such as RSA.
It's newer algorithms like PGP in the 90's that actually protect (or did) or extreme military grade encryption. Trapdoors and algos that can be broken by the NSA are more preferred and don't get the Zimmerman treatment because of that. If I were the NSA I'd do the same thing, it is their job.
There really is no way to fully encrypt that isn't undoable by the NSA. As long as it is only the NSA and not some other competitor spying on business ideas and private communications. Trapdoors for national security are typically in the software or a known flaw that makes it easier to decrypt and recover this information, obtain keys or enter the system to trigger and get the needed information to reverse. There are ways to trigger these modes within the software, software to be used by the NSA has to be approved by them. There is a reason you are subject to all sorts of scrutiny if you don't use approved algos/software wherever you do encryption/decryption (even when you upload a new app you are asked this and can cause problems if you aren't using the system crypto libraries).
http://www.rsa.com/rsalabs/node.asp?id=2188 http://www.rsa.com/rsalabs/node.asp?id=2240
If you want to test this, simply make your own crypto lib and send some comms to a bad place in current geopolitics (I don't recommend it). Soon you will get a visit from the FBI and you may get the Phil Zimmerman treatment. Again, can't fault them, it is their job, but understand nothing is truly secure from national security. Yes it might be impossible for other businesses to read it or individuals but not the organization that employs the greatest cryptographers of all time.
How about links supporting the claims about NSA? I don't doubt they're trying to break any encryption as far as possible, but the statement that they definitely can break anything needs some evidence.
Some papers on some techniques, even modes that make weaker key generation: http://www.cryptovirology.com/cryptovfiles/newbook.html
The last real non NSA approved system was PGP in early 1990's, look up Phil Zimmerman and understand that if you create a system that the NSA has trouble peering into if needed (sometimes with considerable processing power) you will be contacted.
http://www.rsa.com/rsalabs/node.asp?id=2316
"As the premier cryptographic government agency, the NSA has huge financial and computer resources and employs a host of cryptographers. Developments in cryptography achieved at the NSA are not made public; this secrecy has led to many rumors about the NSA's ability to break popular cryptosystems like DES (see Section 3.2), as well as rumors that the NSA has secretly placed weaknesses, called ``trapdoors,'' in government-endorsed cryptosystems. These rumors have never been proved or disproved. Also the criteria used by the NSA in selecting cryptography standards have never been made public."
There would never be definitive evidence and if so it would cause huge problems, for most communications including fast SSL/HTTPS exchanges for business or regular private communications this is not a worry. Most encryption is good enough for that level of communication, there is a reason though the military for sensitive information is using much greater levels and systems for crypto than consumer grade. Just don't be naive to think the NSA can't right now read all of your communications encrypted or not through many avenues trapdoors, backdoors in libraries, taking over computers to get private keys (all keys are stored somewhere and all passwords have to be typed in at some point) etc.
From what I understand, the DoD standard is AES 128.
However I am pretty sure noone is uploading target coordinates or guiding missiles using AES 256 even, it seems. I could be wrong but I would assume something greater.
It is assumed the NSA, other than side channel attacks, cannot break AES as of 2006, still it is getting close.
"AES has 10 rounds for 128-bit keys, 12 rounds for 192-bit keys, and 14 rounds for 256-bit keys. By 2006, the best known attacks were on 7 rounds for 128-bit keys, 8 rounds for 192-bit keys, and 9 rounds for 256-bit keys.[11]"
So logically, since we all know with unshakable certainty that the NSA has such capabilities, they must be suppressing and controlling the media.
Even if there were multiple whistleblowers on something like this the individuals would be attacked on their character and it would move onto the next (wikileaks). Writers would be most likely committing career suicide attacking something that big even with lots of evidence.
If our security agencies aren't doing this we are going to fail, the Chinese, Russians are all doing this even as recent at the Chinese attacks on Google. It is almost always flaws in software that facilitate the communication not the algorithms themselves.
You could easily test this. Modify OpenSSL (which recently had a keygen issue making weaker keys and has had holes before: http://www.gartner.com/id=676807), then upload an app that allows encrypted communication and when you upload it to Apple answer the question of 'Yes' to using new cryptography. They are mainly there for export controls but you won't be able to publish that app without an FBI/NSA review if you had added new cryptography algorithms, they have to be approved. Good luck if you send any messages to geopolitical sensitive places without an approved algo or library.
It doesn't mean people aren't trying to make new crypto libs: http://www.wired.com/science/discoveries/news/2006/04/70524 because there are lots of systems to track you now: http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/ + http://www.theverge.com/2012/3/15/2876528/wired-nsa-building... and on and on.
https://bitmessage.org/
PPA for Ubuntu or Debian:
https://launchpad.net/~fuzzgun/+archive/pybitmessage
No system is completely secure including the wiretapping system which introduces one point of failure not to mention incredible power for a not so benevolent dictator.
If Hitler were alive today we would all be screwed by now so how long do you reckon it would take for another man like him to rise to power? I would give it maybe 5 generation and I'm being generous here. Given how China is behaving right now drunk on power i don't think we're going to have to wait that long.
That's nothing but Psychopathic behavior!! Someone wanting to know everything about you, just because there could something be that could harm you, or there could something be that you could use to profit from. That's sick!
You put 99,9% of the population into quarantine, because 0,01% is infected, thus harming all.
Then there is this obsession of some even more psychopathic citizens that act as a voluntary traitor, just to get attention. Remember the volunteers who helped to reveal the identities of demonstrators in the UK.
When I see an IT-Expert, I won't ask him to fix my computer just because he can, but people do. They don't care about the time and effort someone has to offer for you for free. They require it, because they believe they can require it. IT-Experts usually don't have high self-esteem which allows many people to put knives into the backs of those IT-Experts. That's the same egoism that the Government has, it believes to stand above the human rights.
Well it's sad, but in the US you've given up on privacy more or less, because everybody thinks about his own profit and not being willing to share a dime of your profit, even in theory, allows politicians to reform the law into something stinky. But politicians profit from doing that, because the suggest stinky compromises. Someone has to break this cycle. If I said that in an uneducated channel, people would say: "stupid communist" or something. But in reality I believe that people should just be friendlier to each other. Why is that so hard to understand. :( This makes me truly sad.
I live in a world where I have to use simpler and simples words, just because my surrounding doesn't understand common words anymore. The overall IQ is getting lower and lower, so low that I cannot use metaphors, sarcasm, irony and even folk wisdom anymore, because people are completely unaware of them. Knowing that these people would accept this law, because they don't care, don't read, don't think on their own is sad. People don't start thinking on their own, they agree on others or more popular people say, as if this was fully acceptable and logical. I am so happy when I hear about services like http://udacity.com because I hope the next generation won't dumb down like this generation. Way too many children fail at school, way too many pupil don't get higher education. The gap is becoming greater, your heritage becomes your identity.
Orwell laid it out dangerously obvious in his novel. Most of it got real. Let's hope that the day "Lies" become "Truth" never arrives.
We blame China, while we export the technology for it. We blame China while we implement that censoring infrastructure into our own Governments.
Hypocrites.