I'm ambivalent about NSA's need to request potentially large amounts of data from Google about broadly targeted foreign intelligence targets. I see the long term sinister possibilities while generally believing that the data isn't being misused today, and what immediate problems I see have more to do with ineptitude and laziness than with the belief that Internet surveillance is fundamentally evil.
But coercing Google into handing over TLS keys is unequivocally bad; indefensible, I think. It's one thing to legally compel Google to grant access to data, but another thing entirely to rewire Google itself:
* It provides NSA with a technical capability they do not currently have, enabling them to shoot first and answer questions for a court later, and eliminates a due process element that other providers (notably Yahoo) have been able to avail themselves of.
* If provides the USG with capabilities beyond simple surveillance, for instance by allowing them to spoof Google pages. There can't be any legitimate reason to provide them that blanket authority.
I appreciate the effort and expense it must take for companies like Google to resist these requests.
I can see where both of you come from, but I'm tending towards ferdo's view. So far there is, to my knowledge, no historical precedent of a large data collection effort for the purpose of law enforcement* that has not ultimately led to a bad outcome for those whose data was collected. (I'm talking about non-ongoing, so full-picture historical retrospection.)
I mean, even my own state (which has about as good a rule of law as they come) has in the past implemented a dragnet that kind of went awry. At least, according to the people that lived through "Rasterfahndung", it seems inevitable that the presumption of innocence goes out the window pretty much as soon as eager law enforcement personnel has access to large databases[1].
* The inevitable asterisk: It seems that it might be possible to keep things from going awry if there is a specific warrant signed by a judge for every _individual_ act of "listening in". Not a warrant for tapping a service provider, but a warrant to look at the data of a single user at that provider. But this is moot, since we are already way past any point where it would have been possible to stop at that.
I don't demand that you agree with me, or even remotely expect it. How could I? You know hardly anything about what I believe. I fully respect people who have militantly anti-government perspectives on NSA surveillance; those perspectives make sense to me, even if I share them only partially.
What I don't respect are people who have no earthly clue what they're talking about telling me how repellent my views are.
> militantly anti-government perspectives on NSA surveillance
This points to a flaw in the logic of governance that results in accumulated errors when it's used as a precept. The NSA is the interloper in American society and a latecomer to government. The existence of the NSA has no foundation in the so-called social contract that we all share. It's essentially a lawless institution at this point.
The NSA and those that support it that are militantly anti-social. Citizens insisting on their rights aren't the problem. Those that demand or facilitate the infringement of our rights are the actual problem.
By "militant" I don't simply mean strong-held beliefs, but also unquestioning acceptance of stories that reaffirm those beliefs. I don't think strong opposition to NSA surveillance automatically makes one "militant".
Apply the concept of "unquestioning acceptance of stories that reaffirm beliefs" to those people that rationalize receiving a salary from some aspect of the Surveillance State.
In practical terms, the problem with asserting ambivalent, balanced, middle ground positions is that white sees grey as black, and black sees grey as white.
Ah. Are these your true colors you are showing us?
You know what bugs me about your political posts? I've been thinking about this for a while, exactly what it is about the way you state your opinions that gets under my skin. Could it be the way that you always manage to sound so reasonable and eloquent? And indeed you do argue against some future possible abuse. Yet you manage to defend some currently reprehensible state of affairs. And you'll argue a minute point to death until your opponent concedes defeat meanwhile the larger issue has gotten lost many turns of the screw back. I have wanted to debate you so many times but given how well known you seem to be and also the way you seem to be held in high regard around here I have been very wary.
You could have written a post about the TLS keys and spared us the (not very surprising) insight into your ambivalence. But you didn't. Why not?
I'll unhappily dignify this comment. Obviously, the reason is that my point was that even someone who was ambivalent about FISA process should still have a problem with Google giving up their keys.
I don't know what you thought my "true colors" were, but if you thought they included an unwillingness to tell the authors of comments like these to go fuck themselves, now you know.
The fu comment and how it's tolerated on HN provides a true window into how the real world works.
And why people on the outside never know the true story of why someone in power (say the government) or PG does what they do. Which is why sometimes it seems wrong and doesn't make any sense or it seems there is an easy alternative.
They only know what they read about it or what they are told or what they understand or have been educated about.
You say something that almost certainly would get a user with lower karma hellbanned but it's totally tolerated.
Now a user who is new to HN may wonder why you can get away with that and then feel that it's ok for them to do the same.
PG (or whoever has hellbanning powers) decides that you are either to big to fail or the benefit that you provide to the community outweighs whatever detriment a comment like this poses by letting you continue on HN saying things like that. You most likely don't even get a warning from the cop. "Ok sarge I'll tone it down".
It's like being tenured or something in academia.
I love this stuff. I like the fact that at least some people on HN can say whatever they want (the freedom of speech we are all supposed to have) without fear of either downvotes or being banned from HN.
And while that doesn't mean I want to have a bunch of FU or abusive language thrown about (which would almost certainly detract and make me leave) it is an illustration of the power of the primadonna in organizations.
(By the way Steve Blank was totally like this at the company that I worked with him at. Untouchable.)
He used swearwords, but that's a superficial test. The provocation was worse-- the casual assumption of lack of integrity, after this whole useless subthread started with someone deliberately misinterpreting his use of "ambivalent" and then trying to pull the if-you're-not-with-us-you're-against-us trick. No real discussion can follow such a reply.
Ugh. No need to be so condescending. Thanks for deigning to respond though.
> Obviously, ...
There's nothing obvious about it. Why do you think your ambivalence about the FISA process is germane to the discussion we should be having? You should be aware that it'll trigger an off-topic response and derail the discussion as you see it has done.
> comments like these ...
The person was only (in a bit of a soap opera-ish way I will acknowledge) suggesting that you maybe should give reevaluating your position a try. Is that so unconscionable?
I intend no hostility towards you. I appreciate your energy and your knowledge and insights. Now getting back to the issue at hand, dang them pesky spooks!
It's just that they recognize your financial interest in Jay-Z and are sickened by your support for the Playa state. Look into your Lexus and change, man!
Since this is apparently new information to you, I hope you update your risk assessment.
The government misusing secret surveillance isn't conspiracy talk, it's first order incentives. It would be bizarre if the data were NOT being abused. I'm a law and order guy, but federal prosecutors have a well documented history of playing as close to the the line as they can and dancing right over the line when they can get away with it. Since they're now trying to hide the line, this should be fairly scary to rational people.
Did you read his comment before slandering him? He's a "security guy" and I'm guessing not as liberal as some of us Left Coast types, but that was not a "nothing to see here" comment.
I'm not interested in the semantic debate about what each of us means by "abuse", either. It's not relevant to my point; in fact, if you look carefully at my comment, it's kind of the opposite of relevant to my point.
> It provides the USG with capabilities beyond simple surveillance, for instance by allowing them to spoof Google pages. There can't be any legitimate reason to provide them that blanket authority.
The US government already has at least Verisign under their belt. They can already MITM just about any SSL connection they could ever want to.
I would wager that they have a large number of private keys anyway. It's not like datacenters would be able to do much when the NSA rocks up with a NSL.
But a MitM exploit is an active attack that requires control of a network over which the traffic passes, and it is detectable (for the specific case of Chrome and Google sites, trivially so).
Access to the master keys for a SSL/TLS session isn't like that at all. They could retroactively capture, archive, and decrypt any traffic to the site at all with nothing but the undetectable network taps we already believe they have.
That said: the linked article is talking about "legally" compelling Google et. al. I don't think that's the only tool in the box. Surely someone at each of these companies has access to the private keys and can be coerced via an appropriate bribe (which at the scales we're talking about could be staggeringly large!) or blackmail attempt to provide it "illegally".
> Access to the master keys for a SSL/TLS session isn't like that at all. They could retroactively capture, archive, and decrypt any traffic to the site at all with nothing but the undetectable network taps we already believe they have.
They can't in every case, especially for Google, who use a newer SSL that supports perfect forward secrecy. You are completely correct in the differing magnitudes of attack detectability though.
I believe that Google has changed them several times even in the last few years though, so it could be that even they don't have access to the old static keys anymore.
Yes, but if caught Mr. Rogue Employee Who Wants To Get Rich would now be facing federal felony charges (or state felony charges, if FedGov declines to prosecute). I suppose anything is possible, but Google employees in positions of high trust tend to be very well-compensated, and presumably the company has thought of this threat post-China intrusions and adopted the appropriate countermeasures.
Also, as another comment points out, Google uses PFS, so Apple, Yahoo, Microsoft, etc. are better targets for this type of insider attack.
As a legal matter, the scope of an NSL is defined in law, and does not cover SSL keys (even the FBI/NSA would recognize it would be a loser of an argument). NSLs can also be challenged; I disclosed in May that Google was fighting two lawsuits on this front.
> Red herring. We are never discussing active MITM in these NSA threads because they don't do that.
I believe that this quote in the article pretty much implies an active attack.
For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons...
That was the FBI talking, not the NSA (I'm the author of the article). Everything we've learned about the NSA in the last decade thanks to whistleblowers points to widespread passive surveillance. If anything, NSA is extremely hypercautious about revealing its surveillance methods and techniques, which active attacks could do.
I can envision the NSA wanting to undertake active attacks in rare situations, but we don't know whether it has the technical ability to do so under its relationship with AT&T/Verizon/etc. Also even AT&T/VZ/etc. that have historically opened their networks to the NSA for passive surveillance -- in violation of the law -- may have second thoughts if the attacks are active. I suppose you could posit the installation of devices at the target's ISP, but, again, we have no evidence this is something NSA does.
Seems like NSA is using 'individualized solutions' as a term of art for which we don't know their real definition. But based on recent disclosures we're probably safe going with the wildest possible interpretations.
Neither is inherently safer than the other, certificates are about trust, SSL/TLS gives you encryption regardless of where the certificate comes from. If you control both ends of a connection or know the person who signed the self-signed cert and trust him more than someone like Verisign, then yes, self-signed is just as good or better.
In the case of an organisation like Google, I don't see why the US government would even need the keys for Googles SSL certificates. Google have all the data they could ever want stored unencrypted anyway (or at least have the ability to decrypt). If they had any legal reason for wanting the content of my gmail account, they could just get the courts to subpoena Google for the data.
> they could just get the courts to subpoena Google for the data
I think that's one of the motivations right there. Even if FISA generally gives the government what it wants, it's still a process that the government appears to regard as a hassle to be eliminated.
I think the second reason is that google is a sophisticated enough company that they could perhaps infer things from the data request patterns that the requesting agencies would prefer secret.
Depends who your perceived thread is really. If you're trying to avoid a government MITM'ing you, sure, in a sense that's more secure.
The chief issue in all this is the huge number of trusted CA that are the default in most operating systems. My install of OSX for example has 181 default certificate authorities, and any one of them could be compromised. I'd be willing to bet that a sizeable portion are under nefarious control.
Just to make a point I picked a random CA and tried to look up some information about it. Couldn't reach their site the first time, as they are lacking an A record on their domain root. I've no idea why they would be trusted, as they look sketchy as all hell — http://www.valicert.com/
Depending on your use case and world-view, they've quite possibly been for a long time, maybe always. You just need to distribute the public part through other channels to the users.
If you train your users to accept self signing you might as well just give up on pki. It appears from the chromium pinning list that they really do let anyone add a pinning rule for themselves if they want to, that would probably be the most practical. I'm not sure of the status of pinning support in other browsers.
> It provides NSA with a technical capability they do not currently have, enabling them to shoot first and answer questions for a court later
If I remember correctly , you don't have a problem with the NSA phone metadata collection either... but wouldn't your same argument apply there as well?
Noted - and I edited my post -- I guess I was wrongly under the impression you did netsec and your company did based on the comments of yours I have read... so, I apologize for that.
I do stand by the general premise of my comment, though, which is why I did not delete it entirely, which is: Any acquiescence to even the small steps toward actual tyranny is unacceptable. In the case of the USG and NSA, if the NETSEC community doesn't have the balls to stand up to them - then the future is lost.
People need to be able to say "NO". Just because the NSA isn't gassing people, doesn't mean what they are doing is right/acceptable.
\ I wanted to say "Just because the NSA isn't outright killing people..." -- however, we all know they ARE outright killing people via drone attacks and other nefarious methods, so that statement would not actually be accurate.
I didn't understand the exchange with all the deleted messages. Nor did I care to.
So instead of a specific person's name I deliberately put the word 'hug' inside the [[hug brackets]] so that anyone who knew deep down that they deserved one would receive it.
The reason people say such things is because you seem to stray far from the general attitude HN has towards things like surveillance and the NSA. Nothing wrong with that of course, as we don't want to create a 'hivemind' like on Reddit, but you being such a prominent member and being so outspoken, it does draw attention to what kind of motive you may have for doing so.
It's incredibly unfair to come up with your own reasoning behind a statement someone has made (especially for a person who has been upfront, and verbose, on this topic as tptacek).
It's also quite self-defeating in that it allows you to believe that even people who say they disagree with you really don't disagree with you. In that world, everyone agrees with the ideas you have, even if they aren't allowed to say it!
the effort and expense it must take for companies like Google to resist these requests
I think the "resistance" by the legal departments of these companies is largely theatre. If someone with the resources of a nation-state agency wants the keys, they will get them. All they need to do is figure out who has access to them, and either bribe them or blackmail them.
I honestly don't know what that should have to do with the controversy but submit neither of us will be happier or smarter after the debate that a detailed answer to this question would provoke.
Ostensibly, requesting large amounts of data about broadly targeted foreign intelligence targets is to protect American interests, one of which is keeping terrorists from blowing us up (some might claim the most important one).
And, no bullshit, I prompt you this way because I know you to be wickedly smart and I assume good faith. I almost always learn something from discussing things with you, even if they turn out to just be little tidbits here and there.
I've probably learned more from you and rdl than the rest of HN commenters combined.
Every night, I bang two rocks together for several hours to scare off tigers so they won't attack me while I sleep. I have yet to be attacked by a tiger, so my plan must be extremely effective.
Serious question: are you stating that the reason we do not see 50,000 deaths per year in the US due to terrorist attacks is because the NSA keeps that from happening?
I think he's trying to pose the question that he thinks his opponents would ask, before they ask it.
But AFAICS no one is claiming that terrorism left unchecked would cause 50,000 deaths/yr, so really it's more of a strawman (and in poor taste too, IMHO).
Nope, because 50000 deaths/(50 plots/10 years) is too large of a number.
I don't think the NSA prevents significant amounts of American deaths. That means that these programs are all pain for practically zero gain. (And, consequently, ambivalence about them is dangerous poison.)
How realistic is it to keep these master keys secret? Can't the CIA just blackmail a foreign employee into handing over the keys? The keys must be sitting on literally thousands of boxes that do SSL termination. How many employees could access these keys?
Surely just hacking a load balancer or front end server is the preferred first option. I only know of 3 companies who actually use HSMs for their front end SSL for general purpose stuff.
Grabbing them in a virtualized environment is even easier.
It's just expensive. Generally there's OpenSSL support.
The HSM market makes me really sad. I'm kind of considering doing an "open source HSM" -- something using COTS components, ideally a few generations old, with everything totally verifiable by the user/assembler, and a key loadable at manufacture time -- the idea being companies could assemble and certify their own, or a third party or industry association could certify them for their regulees. Goal would be to price a low end version around $100-200, and a high-end (x86-64 performance) in the low thousands, unlike the rape that is Thales or SafeNet ($20k+ for mediocre performance). Plus, if you're at all "interesting", there's no way you'd trust a European defense contractor or a US defense-affiliated company with a "black box for keys, trust us".
Not sure if this would be a good business, though. Would need to raise actual VC for it, and while I know some awesome HW people, including in the tamper-resistance space, I've never done volume production of any hardware myself.
YubiHSM[1] seems much more reasonable at $500, but it's still not "cheap."
A COTS implementation would be interesting. Securing SSL keys would require very quick public key crypto and probably a PCI-E interface to talk to the server, the PCI-E interface making it much more expensive (FPGAs with PCI-E hard blocks have gone down in price, but are by no means cheap, not to mention the increased cost of the PCB). Prototypes probably wouldn't need VC for a proof of concept, but after that you typically need to put up a bit of money for any manufacturing.
I'd be interested in a way to securely generate and store a Root CA certificate and sign other keys with it. Ideally using something like secret sharing so that no single person can access the Root CA as well without having n out of m people.
Sadly, YubiHSM is a pretty useless single-purpose device only really useful for OATH. It doesn't do public key crypto at all, and more importantly, doesn't let you run real code on it (which only nCipher (now Thales) and IBM 4758/4764 ever really did). that is what will make HSMs super awesome.
Proof of concept can be done with a regular dev board or even a cellphone; it's volume production which requires VC.
I think there needs to be an acknowledgement that the NSA, the FBI, and the government in general are not staffed by angels or robots, but by human beings, and that some of these human beings are criminals. The very fact that Snowden got all that data means that, regardless of whether or not he's a criminal or a whistleblower, the humans in government cannot be trusted with this data. "The FBI" may have a need for this data but the humans in the FBI are too great a risk. I find it absurd that we are even having to have this conversation with an organization that has to deal with operational security.
Few men could be moral when offered the combination of unrestricted power over others, total secrecy, and lack of consequences for actions, that is so often the state of these agencies.
That's why we need their power to be limited and defined, as open as possible, and have legitimate avenues of redress for grievances. They are supposed to be public servants, not rogues.
I am always reminded of a quote from Arthur C. Clarke I was made aware of through Bill Joys "Why the future doesen't need us." http://www.wired.com/wired/archive/8.04/joy.html (Still a classic piece)
"Another idea is to erect a series of shields to defend against each of the dangerous technologies. The Strategic Defense Initiative, proposed by the Reagan administration, was an attempt to design such a shield against the threat of a nuclear attack from the Soviet Union. But as Arthur C. Clarke, who was privy to discussions about the project, observed: "Though it might be possible, at vast expense, to construct local defense systems that would 'only' let through a few percent of ballistic missiles, the much touted idea of a national umbrella was nonsense. Luis Alvarez, perhaps the greatest experimental physicist of this century, remarked to me that the advocates of such schemes were 'very bright guys with no common sense.'"
Clarke continued: "Looking into my often cloudy crystal ball, I suspect that a total defense might indeed be possible in a century or so. But the technology involved would produce, as a by-product, weapons so terrible that no one would bother with anything as primitive as ballistic missiles.""
The threat of terrorism is greatly overplayed by various interest groups. I wonder if the accumulated effect of this attempt to oust terrorists is creating more harm than it's hindering.
More people die in a year on the US roads than have died from all terrorist attacks accumulated.
Some of those that died on the roads most probably chose a car instead of the tediousness that is airports.
If the US government truly where interested in hindering terrorists and saving lives, they wouldn't hide the fact that they are eavesdropping, they would make it obvious and transparent, and possible for each individual citizen to know what they know about you.
> More people die in a year on the US roads than have died from all terrorist attacks accumulated.
I'm a little tired of this argument. "Only" 3000 people died in 9/11. Yet look at the effect that 9/11 had on the world, versus 100 times that many automobile deaths.
As much as we'd like to think the only bad outcome of a terrorist attack is loss of life, that's not really the biggest outcome. It is the impact on society, like it or not.
At the end of the day, terrorism is primarily a tool to affect political situations, their effect on public health situations is not really the point; it is that political damage that is worrying to governments.
99.99% of the impact of 9/11 was due to the reaction, not the initial action.
Using the vast impact of 9/11 as an argument for further reaction is getting everything backwards.
We would have been vastly better off following 9/11 if the government had gone with a "keep calm and carry on" mentality rather than the "everybody panic and start invading things" reaction they actually had.
Terrorism is like a bee sting, and our reaction to terror attacks in the US is like an allergic reaction. The difference is that the US has control over its own immune system, and could choose not to be allergic if it wished.
That "political damage" is almost all caused by the government, and can't be treated like an independent entity. The excessive impact of terrorism cannot be used to argue that the government needs to pay attention to terrorism, because it is that paying attention which causes the excessive impact in the first place.
certainly if politicians felt it was feasible to allow terrorist attacks to occur without mass hysteria resulting, they'd be doing that? Perhaps if all the media in the country were state run, and the government simply suppressed reporting of incidents like that in Boston, they'd be able to contain the hysteria. But as it stands, we have a free press, and on 9/11 as well as in Boston, the government did absolutely nothing in the immediate sense to cause the resulting hysteria; the 24/7 media did that all by themselves. The government's overreaction to all of it was only after the populace collectively freaked out (which you can argue, they could have downplayed, but again the government is extremely politically reactive - which is likely better than them not giving a shit about political opinion); this because they were informed by the media, which itself is an institution resulting from what the populace wants, as the media is a for-profit, market driven entity.
Why would politicians want to prevent the hysteria that follows a terrorist attack? It harms the country, but it benefits them enormously, allowing them to expand their powers, and boosts their popularity and chances of reelection. The Bush administration, for example, managed to leverage 9/11 into support for the invasion of Iraq, something they had wanted to do since long before, but would have had a hard time selling otherwise. They then rode the wave of hysteria to reelection despite the fact that Iraq had gone fairly disastrously for them.
The government's overreaction was after the populace had freaked out, that is true, but silence can be damning as well. Silence lets hysteria breed. If the President had gone live on national television with a "keep calm and carry on" message, I believe it would have helped a lot. Instead, the government treated it as an existential threat, invoking the NATO charter, declaring a "war on terror", etc. None of this was necessary, and it was all highly damaging, although not to the people in power.
> but it benefits them enormously, allowing them to expand their powers,
yeah, I know, my personal opinion is that Cheney definitely did that; invading a country that had nothing to do with terrorism was evidence of that. I don't see this as Obama's motive though, I think he just wants there to be no terrorist attacks under his watch so that he doesn't sustain more political losses on that front alone (look how much flak he took for benghazi). If there was not such a huge political price for terrorism, I get the impression it would be easier for him to reign in the NSA/FBI. But I can't prove any of this, I'm a dem so I'm biased, etc.
I don't know if I agree with you about Obama, although it's certainly a possibility. Even if we grant that, though, the government isn't one person, and the political losses you mention would come from Congress. The Bush administration had Congress eating out of their hand, but Obama very much does not. And no, sadly, I have no idea how to stop Congress from being a bunch of jerks.
> and on 9/11 as well as in Boston, the government did absolutely nothing in the immediate sense to cause the resulting hysteria
I don't recall hysteria in Boston. There was more hysteria over the Moonites than bombings. But I don't think anyone has the bar so low to say that it's all good as long as gov't doesn't create the hysteria. The gov't should be able to dampen hysteria rather than swing it higher.
Was there anyone hysterical over that? They prevented him from easily fleeing. I mean they had a dead police officer and a shootout where multiple very loud bombs went off.
Worse crimes happen with some frequency yet the response is never nearly that large. Boston is the only time I have ever heard of an entire major American city being shut down on order to chase a single criminal. His crime was not exceptional, aside from the "terrorism" angle. Such a massive overreaction is hysteria.
Worse crimes than injuring 246 people and killing 5? The only reason it might not be "exception" is the number of heroes that prevented victims from bleeding out. Without immediate aid, nearly everyone that lost a limb would be on the deceased list.
> The difference is that the US has control over its own immune system, and could choose not to be allergic if it wished.
Nope. Democracies are constrained to the strategic analysis ability of the average voter. Absent a radical eugenics campaign, the average voter will continue to cast superficial, uninformed votes. Democracies die because they vote for their own destruction.
P.S. If the people had voted in a rational nuclear power plan, the Middle East would be just another backwater. The bin Laden clan would be just another bunch of towelheads squabbling over camels.
The broader effect that 9/11 had is precisely the unnecessary overreaction to (or deliberate overplay of) what happened.
This "impact on society" is exactly what terrorist have in mind. Instead of keeping a cool head (like the Norwegians did after their 2011 attacks) we're playing right along with what a terrorist would want to achieve.
> As much as we'd like to think the only bad outcome of a terrorist attack is loss of life, that's not really the biggest outcome. It is the impact on society, like it or not.
That's a very dark view of mankind. You are basically saying people are so stupid that it's always going to be that after the loss of life, we'll invade lots of countries and spend a trillion dollars, and give up all of our freedoms.
So then, what is the purpose of terrorism? Is it equated with just plain old psychotic mass murdering with no other purpose than the joy of inflicting suffering? No. Terrorism is about obtaining a political result. First line in wikipedia (http://en.wikipedia.org/wiki/Terrorism): Terrorism is the systematic use of terror, often violent, especially as a means of coercion. I certainly don't think terrorism's effectiveness is necessarily as simple as, "people are so stupid", I'm sure the Wikipedia article and many others can discuss its rationale in depth.
The point is, equating terrorism to other events strictly in terms of loss of life does absolutely nothing to help the situation. If you want to change the societal psychology of terrorism, that's a noble goal, and if you can figure that one out, the governments of the world will gladly make you the richest man in history.
> So then, what is the purpose of terrorism? Is it equated with just plain old psychotic mass murdering with no other purpose than the joy of inflicting suffering? No. Terrorism is about obtaining a political result.
Of course that's the purpose of it. That's why preventing an overreaction would be more effective at fighting it than falling into the trap of getting trolled by them.
I can't help wondering if this is what prompted Google to adopt perfect forward secrecy in November 2011, and for Facebook to say last month it would follow suit, which I wrote about here: http://news.cnet.com/8301-13578_3-57591179-38/data-meet-spie...
Note I have no direct knowledge that this is the motivation, but it strikes me that PFS is a solution to a specific threat model of an eavesdropper having passive access to the network. I'd be eager to hear more from people who are more familiar with the issue than I am.
At the very least, if some judge in [rural county where Google has a datacenter] issues a subpoena for the keys necessary to decrypt a packet capture obtained by the Sheriff's Office in the course of investigating a local crime
A: They can credibly argue that they don't have that information, and it won't trigger an avalanche of copycat subpoenas.
B: The crypto key being sought by the subpoena is not one that would enable decryption of all Google, but rather one specific to the connection.
It's true that there are more Title III intercept orders targeting Internet providers and companies that come from states vs. the Feds. Note these stats do not include Foreign Intelligence Surveillance Act eavesdropping.
But because Google can be compelled to divulge the plaintext of, say, email messages or G+ posts if subject to a lawful court order, there's no need to perform a more difficult and expensive Title III wiretap. Real-time services like Hangouts are an exception, but it's still easier to serve a Title III order on Google than try to install a box on a rural ISP in Georgia and try to intercept and decode the stream.
Re: your point B, PFS would protect against passive attacks even if the master SSL key is known to Eve, and a subpoena would be insufficient legal process to obtain an ephemeral session key.
"The government's view is that anything we can think of, we can compel you to do."
Which pretty much in a nutshell encapsulates what's wrong with the U.S. security state we've built. Terrorism is the trump card, the thing that compels/allows the state to take anything it needs. As one official put it recently "We're not trying to spy on you, we're trying to find those among you who are trying to kill you" And anything they do in order to prevent that from happening is fair game. It's a perpetual state of war.
Having said that, this is kind of a good news/bad news situation. The good news? Looks like most of the secret back door rumors, at least when it comes to TLS, were wrong. The bad news? It doesn't matter. If the government can try compel you to release the secret password for millions of users -- and then forbid you even to talk about it in the open -- then there truly is no limit to the monitoring and control they can exert. Whatever they get away with this year, there'll be more to come next year. Fake out https websites, play MITM games with data providers -- if you've got the keys, the world is your oyster.
Back around the turn of the century, I worked on several government projects. Aside from the usual deadwood workers, there are folks that are really eager to push the technology and create as much automation and storage as possible. This is because they like to hack, just like the rest of us. I used to say, jokingly, that the only reason we didn't live in a dystopian security state was that the government was too inept to actually create one.
Looks like the joke was on me. They're pretty fast learners. Make the national transaction and storage system totally secure, then lean on the in-country tech community to give you the keys to all of it. What a terrible way to destroy the national tech economy.
It has been interesting, over the past some years, as a client just to observe the ongoing changes Google has been making to the nature of HTTPS connections to its properties.
Reporting like this appears[1], and -- coincidence or not -- those observations fit into place.
----
[1] Whether regarding three letter acronyms or protocol weaknesses or whatnot
P.S. I'm not sure why the downvotes. TLS renegotiation weakness. Perfect forward security. Even earlier, nascent deployment of their own intermediate certificate authority -- which disappeared after some months, only to reappear again more recently (at least, in my Gmail connections). More recently, in addition to maintaining perfect forward security, now also replacing the underlying certificates every three weeks or so -- at least, as based upon the changing validity dates that are easier/quicker to compare in/via the browser interface.
I continue to "wonder" where Google comes down in all this... "security/authoritarianism" fracas. If there is a single "Google position". Regardless, they appear to be one of the most proactive parties, from a technical perspective. And politics aside, I continue to think that behind the scenes, there are a lot of people there behind the scenes who want to "do the right thing" and who work hard, within their responsibilities and areas of expertise, to "make it so".
I agree. The most obvious explanation (which may not be correct, of course) for these engineering changes is that Google is trying to armor its network against state-sponsored surveillance.
BTW it's every two weeks:
http://news.cnet.com/8301-13578_3-57591560-38/facebooks-outm...
Langley added: "We would have totally eaten the cost and the speed years ago -- if we could have done it without worries." As an additional precaution, Langley said, Google usually rotates its RSA keys every two weeks.
Yes, we've lost everything encrypted with single DES, PPTP, SSL less than 1024 (?) bit keys, Debian Etch, and so on.
But on the other hand: Snowden was successfully able to evade Boundless Informant and conduct a confidential conversation with Greenwald and Laura Poitras (certainly already an active surveillance target for her film of William Binney).
And even 1024-bit SSL, unless you believe the NSA can't afford to devote <$1M per year per key to the effort:
http://news.cnet.com/8301-13578_3-57591560-38/facebooks-outm...
Eran Tromer, an assistant professor of computer science at Tel Aviv University who wrote his 2007 dissertation on custom code-breaking hardware, said it's now "feasible to build dedicated hardware devices that can break 1024-bit RSA keys at a cost of under $1 million per device." Each dedicated device would be able to break a 1,024-bit key in one year, he said.
It is possible that the keys are already compromised, and that the Feds want to cover themselves with an excuse for having supposedly encrypted communications when that is later discovered.
How is this worse than key escrow? You can still use PGP without having to give your secret key to the government. In a world of key escrow, the FBI would not have to put pressure on anyone to give up a secret key, because they would already have the key.
We won the cryptowars, but it was a Pyrrhic victory. By the time we won the right to distribute strong cryptography there were hundreds of millions of people using the Internet without it, and the important protocols were all insecure. We have spent over a decade trying to jimmy cryptography into those protocols and are now stuck with a complete mess. We are still relying on passwords to authenticate people, we are still sending unsigned email in the clear, etc. Glen Greenwald had to be pestered by another journalist to even bother with OTR when Snowden tried to talk to him.
I wish cnet didn't write this article like they thought they were CNN or USA Today. What are we supposed to make of the phrase "master keys"? It doesn't seem like they are talking about root ca's. Is it really practical to try to collect and use all of the multitude of last link in the chain endpoint certificate keys? Those seem to change quite often and can be quite numerous. Demanding sub-ca or company wide middle chain keys would seem to be more manageable, but that would suggest that both they're really worried about people watching for signing chain anomalies since presumably they have at least a few root ca privates and that they are willing to sit in the middle rewriting traffic.
Perhaps this is a response to growing use of certificate pinning? Facebook apparently has joined google in using pins, and I was recently told that microsoft is enabling pinning as an option in EMET4. But if that was the issue, that would tend to suggest they had been previously accustomed to rewriting some of these providers traffic with unlikely root ca's, something which people have been keeping an eye out for and to my knowledge has never been caught in the wild.
Didn't we already go through this in the mid/late 1990s?
(I'd personally have a really hard time giving them a polite multi-page legal letter saying "sorry, we are unable to comply, and we don't have to, due to x, y, z" -- either a single "No." or perhaps "Nuts!", or trolling them with ASCII art or a return letter demanding NSA turn over their keys. Which is why I'm not a lawyer.)
What if a company is storing its keys on a smartcard/cryptographic module that cannot export the key? I guess the FBI just asks for backdoor access to the company's servers, or maybe just follows the standard "we need to take your systems and shut down your business" approach?
Do you commonly store all TLS traffic somewhere? I may have misunderstood the article, but I had thought this was about TLS secret keys, not keys used internally for secure storage.
There has been some speculation that the NSA is focusing on bad RNGs now. I wonder what the quality (overall) are of the RNGs in the servers using these keys. I also am pretty curious how such a widely needed key is protected at the scale of tens to hundreds of thousands of devices.
I'm willing to bet, the feds already have the master encryption keys and just want to make the companies give up the keys willingly so it sheds some of the blame onto them rather than all on government at once.
I tried in 3 browsers (2 which I haven't gone to Facebook before), and Facebook didn't load over HTTP. Facebook sent HTTP STS headers, too. I believe you are incorrect.
But since I don't live in the US, it must have taken Facebook a long time to get to my country. I still remember telling all my friends to opt-in to HTTPS in 2012.
But coercing Google into handing over TLS keys is unequivocally bad; indefensible, I think. It's one thing to legally compel Google to grant access to data, but another thing entirely to rewire Google itself:
* It provides NSA with a technical capability they do not currently have, enabling them to shoot first and answer questions for a court later, and eliminates a due process element that other providers (notably Yahoo) have been able to avail themselves of.
* If provides the USG with capabilities beyond simple surveillance, for instance by allowing them to spoof Google pages. There can't be any legitimate reason to provide them that blanket authority.
I appreciate the effort and expense it must take for companies like Google to resist these requests.