Neglecting the Lessons of Cypherpunk History 103
Nicola Hahn writes Over the course of the Snowden revelations there have been a number of high profile figures who've praised the merits of encryption as a remedy to the quandary of mass interception. Companies like Google and Apple have been quick to publicize their adoption of cryptographic countermeasures in an effort to maintain quarterly earnings. This marketing campaign has even convinced less credulous onlookers like Glenn Greenwald. For example, in a recent Intercept piece, Greenwald claimed:
"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."
So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.
With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons.
"It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive."
So, while he concedes the role of public relations in the ongoing cyber security push, Greenwald concurrently believes encryption is a "genuine" countermeasure. In other words, what we're seeing is mostly marketing hype... except for the part about strong encryption.
With regard to the promise of encryption as a privacy cure-all, history tells a markedly different story. Guarantees of security through encryption have often proven illusory, a magic act. Seeking refuge in a technical quick fix can be hazardous for a number of reasons.
Yep (Score:2, Insightful)
Publicly available 'encryption' does little more than keep the kids off your lawn. It is snake oil. While you are on the company wire, there will never be any hope of this elusive 'privacy'. Give it up, and make the rest of the world transparent.
Posting AC because the mods don't like hearing the truth about their golden calf...
Bolted down tight left and right (Score:1, Insightful)
Welcome to the Jail called The USA land of freedom ROFL .. the USA is THE threat to the free world.
Man that government and it's agencies are keeping the nuts and bolts tight giving it a turn every time they have a chance on "We the People "
Never before in history , even in Russia , have we ever seen a People stay coy under such an attack to basic human rights violations and the absolute rape of it's Constitution.It is with great sorrow that the world watches the USA spiral down into a land of slavery and absolute State surveillance and control without it's people takign arms and revolt against the tyrants in power . The whole establishment is rotten to the core and there's no way out. Surveillance of a planetary infrastructure should get the USA kicked out of all the world's groups and associations and make them loose their seats in all bodies of governance. I hope the world will react strongly and really start to hurt the USA in their wallet. They cannot be trusted , period. They are the enemies to the world now. Putin looks like a good guy compared to the politicians ( whose elections are funded by company money (so much for the politicos representing the people ) ) that are adopting laws and regulations further putting the screws to their own people and the world. Wake up
Strategic vs tactical interception (Score:5, Insightful)
Crypto everywhere isn't going to stop you specifically being watched, but it will stop strategic dragnet interception, and force a return to tactical decrypts.
Re:Strategic vs tactical interception (Score:4, Insightful)
Mod the parent up.
We are trying to make bulk surveillance harder, not targeted surveillance. By bulk I mean something like 500 million devices, all to be cracked.
Re:Strategic vs tactical interception (Score:5, Insightful)
Exactly. This is like putting a decent U-Lock on a bicycle. You're not going to make your bike unstealable, you're just going to make it not worth the effort for anyone that doesn't specifically want to steal YOUR bike with professional grade tools.
The roots of the problem are simple... (Score:2, Insightful)
... they stem from WW2 and the Cold War.
Normally, countries police citizens by applying a rule of law. In the US' case, there is a written constitution which drives this, but in general across the West there is a written or unwritten set of standards which limit state's powers.
If you are in an extreme war, and your country is at risk of being invaded, with many citizens being killed, it is appropriate to throw the above protection away. The state will do anything it needs to to survive, and will not follow normal rules. Interning enemy aliens or anyone suspected of supporting them is a good example - this would not be appropriate during peacetime.
During WW2 the Western Powers (in particular the US and UK) set up state systems with these extra-legal powers. When WW2 finished, much of this apparatus was closed down, but the intelligence services managed to keep their jobs, on the grounds that they were fighting a Cold War with the Eastern Bloc.They maintained their extra-legal modus operandi, though no one cared very much, since the game was only being played between competing members of the two blocks security services.
Then came the fall of the Berlin Wall. And the end of the Eastern Bloc as a credible war enemy.
That should have spelled the end of the security services' extra-legal operations. But it didn't. Instead, they cast around for new threats to justify their existence and their continuing role. And they found them in Middle Eastern terrorism.
Our current foreign policy seems to be INTENDED to stoke up the threat of terrorism, and to destabilise the Middle East. This only started after 2001. Now you know why. It's to keep people in the jobs they have become accustomed to...
Computers are compromised by design (Score:2, Insightful)
Phones in particular, with their many hidden CPUs that have encompassing access to the one system that the users perceive as the "main processor", are untrustworthy. No secure encryption can be implemented on phones. But modern PCs are hardly better: System management mode, separate coprocessors and external buses with full RAM access, UEFI, etc. make it impossible to verify that there isn't hidden functionality, even if you assume the hardware isn't malicious.
Re:Strategic vs tactical interception (Score:5, Insightful)
Indeed. And the dragnet is what is exceptionally dangerous. If the NSA/CIA/GCHQ has dirt on any politician and other person when they finally get into positions of power, then they control state. What happens if intelligence agencies control a state can be seen in the former Soviet Union, former eastern Germany and current Northern Korea. These people are unable to tolerate individual freedoms or not being in total control, because they are terminally paranoid and see enemies everywhere. There is no more reliable way to establish universal Fascism than failing to limit the power of the intelligence agencies.
Encryption is not the answer (Score:4, Insightful)
In the current political environment, encryption is not the answer. If you've been paying attention, there have been a number cases where a person was ordered to unlock the contents of a laptop or other device under the threat of being put in prison if they refuse. And that is the real problem. If you create some super-duper-encryption that is impossible to break, the various corrupt government agencies will simply declare you to be a terrorist, who can't possibly have any legitimate need for that encryption, and you will be ordered to decrypt or go to prison, and nobody will even know you are in prison thanks to secret laws enforced by secret courts.
Until THAT issue is addressed, encryption truly is just snake oil and feel-good public relations.
This is not about cryptography (Score:4, Insightful)
The author says that "cryptography is underhanded", but you will look in vain to find any technical meaning of that phrase anywhere in the article. What he really means is that the major corporations (Google, Apple, et al.) are underhanded because they are working with state spies to cripple algorithms and put in back doors, etc.
But trying to cripple cryptography this is something we already are aware of, and there are ways to shore up the technology to make it much, much harder for government to spy on us in bulk. Even using weak, crippled cryptography forces the spies to expend computing resources. Cryptography is all about raising the cost of spying, when dealing with government, not with preventing spying.
Re:Computers are compromised by design (Score:5, Insightful)
The device and the network has origins with the Communications Assistance for Law Enforcement Act.
https://en.wikipedia.org/wiki/... [wikipedia.org]
Trying to build a better app over that voice, text and network logging ready system is interesting.
An app can encrypt but the data has to be entered?
Get the plain text as it is entered? Then the new app can be as powerful as it wants and totally tested. The plain text is still ready on any network.
Re:Respuctfully, Greenwald Is Wrong (Score:2, Insightful)
A few products tried that in the 1950-1980. The US and UK govs always got the plain text they wanted long term.
Staff where turned, cheaper standards where set. The junk international standards and tame systems can be seen years later.
At some point in the consumer network the plain text is ready. At that point the backdoors, trapdoors are ready.
Product quality did not save the world from the tame standards.
Political leaders did not help. Experts did not mention much about junk standards. Was a lot said about tame encryption over the decades in the press?
The big brands did not seem to understand what was been done to their own networks.
Re:Strategic vs tactical interception (Score:2, Insightful)
Newsflash: The NSA *already* controls the politicians. Why else are there only two near-identical parties to choose from. The game has been rigged for a very very long time.
Re:Yep (Score:3, Insightful)
I am far from being an expert on encryption, but the danger is not that PGP will be broken; it's that there are weaknesses in the entire "ecosystem" that allow for side-channel attacks. That's part of what that NSA paper, linked to in the article, is discussing. If there is something that can be exploited in the user's operating system or in the hardware, then that becomes the weak link in the chain.
Then, there is the whole issue that you touch on: namely, the caveat of encryption's efficacy "if used right." The same is true of condoms and even oral contraceptives. Sadly, human beings are very bad at scrupulously adhering to the injunction to "use as directed."