German NSA Committee May Turn To Typewriters To Stop Leaks 244
mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.
So what? they can be tapped to. (Score:5, Interesting)
My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.
Re:So what? they can be tapped to. (Score:5, Interesting)
Re:New Snowden (Score:2, Interesting)
The mole was paid off. NSA antics are seriously pissing off Germany and this issue has become another foreign policy faux pas of this presidential administration. As goes Germany, so goes other EU countries. They're slowly turning away from the US. I don't think alienating allies is a smart thing to do, but what would you expect from a president who allows warrantless wiretapping?
GCHQ and the NSA... (Score:3, Interesting)
Working together to return the world back to the stone age!
The one thing to take away from this (Score:4, Interesting)
Turning to typewriters is of course ridiculous blind activism, but there is one thing to take away from this: The mere possibility that someone is spying on them has made them uneasy about using normal and efficient tools and made them turn to antiquated tools instead which still won't protect them. Perhaps now they understand why blanket observation of the entire population is completely unacceptable.
Listening to keystrokes + HMM = Profit! (Score:4, Interesting)
Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different? A relatively straightforward codebook analysis of keypress noises plus a hidden markov model plus a Viterbi algorithm will allow you calculate the highest probability sequence of letters for a given sequence of sounds and timings between sounds even in German!
Mind you, they have to be able to get a sound bug in there, but that might be malware-infected computers nearby the typewriters.
Anyhow, basically, the technology used to do automatic speech recognition would make short work of tapping typewriters, so they’re fooling themselves if they think this’ll make much difference.
BTW, I have a strong suspicion that the Germans’ outrage is all a big charade. Every major country has big spy operations. The NSA is neither unique nor the first of its kind. The Germans could not have been ignorant of at least the general nature NSA’s dealings before Snowden, so while they openly object, secretly, this is business as usual. By doing this, they fool their people into thinking they’re not being spied on by their own government and, using the US as a scapegoat, they also generate a degree of solidarity. Russians spy operations, of course, are way worse, so their objections are the same bullshit. And the Chinese government is all about lying to, well, basically everyone while they use both capitalism and cyberwarfare to take over the world and control everyone, so their recent statement about the iPhone is also a crock of shit.
This reminds me of Andrew Cuomo’s push to restore trust in government. The whole idea is disingenuous. Governments, like any large organization, are only going to do what the people need only with checks & balances and transparency.
And as a final note, I believe that the stated purpose of the NSA is a good one: Mine publically available data to identify terrorist activity. That sounds like a good thing to do. It’s the illegal violations of privacy that are wrong. They violate our rights because it’s inconvenient to get the info they need some other way. It’s also inconvenient for me to work a regular job instead of selling drugs. There are much more convenient ways to achieve my goals that I avoid because they are wrong. To do their job, the NSA needs to find clever ways to acquire the information they need WITHIN THE LAW.
Re:Don't forget to burn the ribbon (Score:4, Interesting)
Typewriters make many copies
- The paper copies
- all the drafts you have to redo.
- the ribbon, especially film ribbons which often make a nearly perfect unencrypted ticker tape copy
- the carbon paper between sheets
- the impression on the platten
- The unique accoustic signature of each key
- the electrical signature on an electrical typewriter which is radiated through the air and power line.
In addtion, sensors can easily be put in the typewriter and some typewriters have electronics that can be tapped into. Documents are stored in the filing cabinet unencypted and any copy logging has to be done manually. The typewriter doesn't log when someone accesses a document or types up a copy. It dowsn't lock automatically when you walk away from your desk. To make up for the lost efficiency, entire armies of near minimum wage typists and filing clerks (two legged security holes) will be needed.
Re:Its a step in "rightish" direction (Score:4, Interesting)
Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.
Like.. um.. Novell Netware on ARCnet? :D
Security requires availability! (Score:5, Interesting)
The core components of information security are often misunderstood. The triad of confidentiality, integrity and availability are important to consider. There is a symbiosis between these three components. For example, if confidentiality and availability is highly restrictive, can we really be confident in the integrity of the data with so few people who have such limited access?
The old adage, being so tragically expressed here in real world terms, that the only "secure" computer is locked in a vault at the bottom of an ocean belies the very nature of security. For data to be useful and meaningful, it must be accessible to the people who need it when they need it. Failure to properly deliver accessibility will consequently build pressure on confidentiality (e.g. it will be shared inappropriately) and/or data integrity (e.g. the data will grow stale/irrelevant/etc).
A typewriter is a medieval instrument for data security. Because they have rockets, they might as well start building castle walls. They are, in essence and by design, surrendering. Sun Tzu would be proud of such an adversary that could create this result. Masterful.