The latest revelations about the NSA’s ability to undermine most encryption used online dwarf anything we have learned previously. What is worse, the NSA has worked to insert weaknesses into products — backdoors.
the National Security Agency and its UK counterpart GCHQ have broadly compromised the guarantees that internet companies have given consumers to reassure them that their communications, online banking and medical records would be indecipherable to criminals or governments.
The agencies, the documents reveal, have adopted a battery of methods in their systematic and ongoing assault on what they see as one of the biggest threats to their ability to access huge swathes of internet traffic – “the use of ubiquitous encryption across the internet”.
Those methods include covert measures to ensure NSA control over setting of international encryption standards, the use of supercomputers to break encryption with “brute force”, and – the most closely guarded secret of all – collaboration with technology companies and internet service providers themselves.
Through these covert partnerships, the agencies have inserted secret vulnerabilities – known as backdoors or trapdoors – into commercial encryption software.
It’s everything, everything that Cypherpunks ever muttered about over their beer.
This is the secret that likely explains why the Obama and Cameron administrations were willing to do almost anything to try to get Snowden, the reporters he leaked to, and the anyone who touched their data.
This is the nuclear winter of data security.
What do we do?
I used to say, we don’t really care if the NSA is reading our traffic, because if they are, the secret is so valuable they won’t waste it on anything but the most important national security matters. The Snowden revelations suggest that wasn’t completely right — there was some information sharing with civilian domestic law enforcement, although it was obfuscated in ways that undermined the constitutional guarantee of the right to confront witnesses against you. More importantly, the fact of the Snowden revelations mean that the cat is out of the bag, so the disincentive to use the information will be greatly reduced.
Bruce Schneier has given this some thought — he had an advance look at the documents — and he says that the IETF and other engineers need to re-engineer the internet to make it safer from surveillance. Meanwhile, there are things we can do individually.
For now, however, it is not hyperbole to say, as Schneier does, that “[b]y subverting the internet at every level to make it a vast, multi-layered and robust surveillance platform, the NSA has undermined a fundamental social contract.” It’s going to be tough, hard work to rebuild the Internet, and even harder work afterwards to rebuild trust in systems not to mention both public and private institutions.
Are we up to either job?
Frankly, no. I’m not up for the job. It’s all good to know “there are things we can do individually” to improve our security. But the reality is few ordinary people are capable of learning how to implement protections consistently and reliably until the internet is “rebuilt.” And that includes me.
As a professor of law, does it not bother you that the American people and members of Congress seem to be missing the underlying issue here?
Namely, that the Rule of Law guaranteed by the Constitution and Bill of Rights is in practice dead as a door nail in our nation? Rich banks, hedge fund companies, mortgage companies, violated the most fundamental laws in the most blatant manner, e.g. the total abandonment of the Title process for housing. And not a SINGLE ONE of them has suffered legal consequences. They are immune. Two banks in the past month sacked the wrong home, took possessions, sold them. Turned out to be WRONG PERSON and wrong house. Police would not even charge the banks with a crime.
As for any pretense of habeas corpus, due process, and the fundamental protections against search and seizure (which to me clearly equate to an implicit privacy in the Constitution): These things simply no longer apply.
I am the only one bothered by fundamental principles anymore?
Thank you, professor, for rightly framing this issue. It is only ostensibly about NSA, Xkeyscore, encryption … More fundamentally, it is about the rise of a totalitarian state. Albeit, one with a velvet glove and all the decorations of democracy, but one that is nevertheless in thrall to money and power, and is no longer a government of laws. I am afraid that things only get worse from here.
FWIW, I was addressing Prof. Froomkin, not being self referential. I am a retired computer technology programmer, consultant, and director with 30 years in IT. And based on that experience, I would suggest that given the current state of penetration of networks and data, the NSA and all the related alphabet soup of agencies have completely dismantled any Constitutional protections requiring due process and warrants. After this post by Froomkin, it came out that the NSA for years has been subverting just about every encryption mechanism used on the the Internet and in computing in general, and in addition has been working with their “corporate partners” (i.e. the corporate oligarchy) to build backdoors into as many commercial products, both software and hardware (routers, etc), as possible.
Actually, this post was in reaction to those revelations.
On the larger point, I have been working on a blog post that I hope to have up Real Soon Now.
” It’s going to be tough, hard work to rebuild the Internet, and even harder work afterwards to rebuild trust in systems not to mention both public and private institutions.”
Since part of the problem is that the NSA was able to coerce computer, communications, and software companies into introducing these backdoors into their hardware and software, then who do you trust to do the rebuilding? The whole concept of trust and security is broken, period.
I think it means open source tools rather than proprietary ones. Much harder to hide backdoors in code everyone can read. Not saying it’s impossible, but it’s much much harder.
The concept of trust and security is not broken. It just turns out that software and hardware vendors with proprietary closed-source products must now be presumed to be dangerous until proven otherwise.
Open source is a good place to start, but I don’t think this will fix the troubling ability to coerce the ISPs and communications companies into planting backdoors designed to intercept the data at the encryption points. Not sure how to solve that problem.
I guess what you are recommending is a layered approach to personal encryption. You are recommending that a person use personal encryption for a message that will again be encrypted by the usual tools.
It seems that more emphasis should be placed on Stenography, since a message using Stenography that is encrypted, once decrypted by the NSA, will appear as a normal text message.
If I were a terrorist, I could send a normal Word document whose first characters of every line spelt out my secret message, once the margins were set to 4″, say. Then the message, sent encrypted, would be read by the NSA. How will they find the secret message?
Whoa, I meant “Steganography.”
Hope Prof. Froomkin is following this thread. When I commented, I signed up for notifications on followups and posts to the thread.
I note in the email I am receiving that the default ‘admin’ account is given as origin of the email. Assuming this is the admin account in WordPress, I would highly advise Prof. Froomkin to have his tech support do two things:
1. create a new account in the blog in WordPress with a different name. Give it admin privileges. Then delete the default admin account.
2. Download and install the ‘Limit Login Attempts” addon for WordPress. This addon monitors failed attempts to login to accounts, and can be figured to lock the offending IP number out for periods of time, or permanently.
I have to personal domains using WordPress on my own web server, and a few months ago became aware of what is a massive automated attempt to break into WordPress accounts via the default admin account. Since installing the above addon, my two little web sites, which are very low traffic, have record sometimes hundreds of attempts every 24 hours by bots scanning for WordPress sites, trying to login as admin. If a login is successful, the WordPress site is of course compromised immediately and becomes a part of the hackers use of sites to spread malware and conduct other nefarious enterprises.
I very much appreciate the advice, but I deleted the admin account years ago, for the very reasons you give. I don’t know why the email identifies that way, but so much the better if it distracts a bot somewhere.
While it is shocking (but maybe only in the Casablanca sense) that NSA has managed to coerce, cajole, force, etc. tech companies to give over data and/or provide access (knowingly or otherwise), some perspective is in order as well.
The encryption breaking (so far as I’ve seen or heard about) is all very low-level and basic, and likely not being employed in situations where encryption actually matters much. REAL encryption, like using open standards on GnuPG with a 2048 or 4096 bit key, itself, is still safe and unbroken. And there is a line of thought that suggests that it may, in fact, be effectively unbreakable due to the amount of power required to brute force it. Additionally, if there was ever even a hint that 2048 wasn’t enough anymore, the word would get around and people would simply up the bit count going forward.
There is still the obvious problem that even if an unencrypted word never reaches the network, if (say) Windows has a backdoor that is exploitable, then NSA could just read the plaintext directly. (And that’s part of the ramifications in play with these stories).
And as someone has suggested, maybe it’s time to take another long hard look at the code in SE linux…
To me, an IMPORTANT issue is that if all this tech now has flaws and backdoors in place, why is it that NSA thinks that they are the only ones who will ever exploit it? what if Snowden had the right sort of knowledge and rather than expose NSA, he decided to reveal the secrets to a paying third party? And just as importantly, why would you, as the intelligence chief in Country X ever anymore employ any hardware/software that might be compromised by NSA? Don’t you wonder if (for example) France is now worried that all of their data is now available to NSA? What is the status of security for diplomatic cables? etc. Should foreign embassies on U.S. soil ever run Windows? Should the U.S. Government ever run Windows?