Hacker News new | past | comments | ask | show | jobs | submit login
As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption (vortex.com)
407 points by ColinWright on July 25, 2013 | hide | past | web | favorite | 289 comments

This kind of thing makes me think the Snowden disclosures actually emboldened the NSA in some ways. Their nightmare scenario occurred, and nothing happened. Nobody even got fired or "resigned". The public's tepid reaction has brought our nightmare scenario to life - we taught secretive government agencies that they can now do anything they want without fear of public backlash. These kinds of requests can now dramatically increase, with neither judges, politicians, or the NSA itself living in fear of anyone.

What you say is true, but misses an important consideration: yesterday, only tinfoil hats believed they couldn't trust third-party companies with their privacy. Today, everyone knows that the only way to have privacy is to handle it personally, from their local computer.

The whole PRISM scheme worked because people supposed the government respected their privacy. Now that it's been proven false, I expect people to use local encryption schemes, were third parties can't give a key they don't have. I expect people to become careful about which certification authority signed their SSL key, and to use self-signed certificates whenever practical. Targeted spying will remain possible, but indiscriminate surveillance PRISM-style would become impractical.

Unless they know how to crack TLS, but we have no reason to believe this as of today.

> Today, everyone knows that the only way to have privacy is to handle it personally, from their local computer.

I agree with you, but I think you have far too much faith in ordinary Americans. I invented some widely used anti-phishing technology, and I can tell you that spending a few months analyzing actual incidents where otherwise intelligent people did ridiculously unsafe things on the Internet will give you a new perspective on the tech savvy of the general population. Unless we (the tech community) make strong security both transparent to the user and enabled by default, the feds will be seeing everything they do. Sadly, most of them seem OK with that.

OK, I should have written "everyone that matters"; the point is to have a critical mass of expensive-to-eavesdrop communications, so that the NSA cannot routinely exploit much more than teenager gossips traded through Facebook.

Moreover, even if only the 10% best informed people use PRISM-proof communications, it's a safe bet that NSA's alleged targets (whatever the current definition of "terrorist" might be) are among them, so the argument that they're doing that to catch "terrorists" doesn't hold water anymore.

I believe the tech community is concerned about this, because it threatens the robustness of Internet. Today, nobody in the business can pretend with a straight face that top-level certification authorities are trustworthy; so I expect the next generation of security protocols, the successors of the (transparent and enabled by default) SSL, to treat governments as opponents.

I also believe that companies will change their security patterns, e.g. stop trusting American third parties such as Microsoft if they have competitors with political connections in Washington.

Define "everyone that matters"

That's the great thing about software, especially Free software - all it takes is a handful of us to make systems where strong security is transparent and enabled by default and it will proliferate to all the regular people.

Self signed certificates throw up all kinds of nasty "you're taking lots of risks" in browsers (if they're allowed at all). I would not expect that they will be more broadly used than before, particularly since installing a self-signed certificate locally is very hard to do for the average person.

And looping back to the tin-foil hatters, many of us have called into question why all browsers have, over time, decreased their support for self-signed certificates. There are modes wherein Firefox will not even offer the "proceed anyway" option [1]. Conspiracy theories abound, but the browsers' marginalization of self-signed certificates has always struck me as devious.

Yes, please do alert users that self-signed certificates are potentially sourced by nefarious organizations. But in most cases, they are used by small companies and individuals to simply encrypted content from trusted servers. So allow them to be permanently trusted.

Perhaps we will see an increase in interest in web-of-trust alternatives?

[1] https://bugzilla.mozilla.org/show_bug.cgi?id=435013

You can, pretty trivially, import your private CA's public key into your keychain, and boom, no more warnings.

I do think that the average joe, doesn't know what a certificate or CA is, should be protected from automatically trusting an unknown CA.

I don't see it follows. If anything, self-signed certs just make it easier for the NSA (or anyone else) to capture your traffic. Organizations should probably set up their own CA instead.

That's what we meant. IIRC you can't even use a self-signed certificate directly for authentication: you have to create your own self-signed root CA, then use it to sign you authentication certificate.

The point is, if what you do interest the US government, it can compel Verisign and the likes to betray your trust, so you shouldn't trust them. And what emerges progressively is that the threshold beyond which you're deemed "interesting" by US administrations is way lower than long believed.

If you're a company doing international business, you want to secure your strategic communications with your own root CA, not with that of a company who can't say no to the government.

A CA outside the reach of the NSA would be really valuable right now. A free CA outside the reach of the NSA would save the world.

Even on your local computer, it's probably a good idea to avoid operating systems that may be compromised by default. Also be careful about installing extra software, including browser plug-ins and addons. I am preaching to the converted though.

> it's probably a good idea to avoid operating systems that may be compromised by default.

It is if you're targeted. But then, if the US government is after you, you're already screwed anyway.

The point is to impede generalized surveillance of everyone without probable cause. Even if MS-Windows and OSX are bugged, which is almost certain, the NSA can't siphon all your data through your routers inconspicuously. It can only grab selected data from the computers of high-value targets, at a considerable cost, which is fine.

It's not about preventing states from surveilling legitimate suspects, it's about forcing them to respect the privacy of average joes, and limiting their control on the Internet as a whole.

>yesterday, only free thinkers believed they couldn't trust third-party companies with their privacy

fixed that for you

> Today, everyone knows that the only way to have privacy is to handle it personally, from their local computer.

My completely anecdotal experience is that when people want privacy, they're starting to avoid all manner of electronic communication.

Like with everything else than maybe virus outbreak, most changes takes time to affect entire community, economy or a country. Rome wasn't built in a day, so the Rome Empire didn't collapse in a day neither.

Take me as an example. I am 8 years in US, married to US citizen. Green Card holder now and couple years ago our plan was for me to become a US Citizen and us to raise our kids on US soil. Not anymore.

With all the outcoming gov scandals, with government forcing you to vaccine your kids, with you or your children going to jail for drawing a gun, for swat team breaking into your house because you are selling raw milk, for all this growing nonsense and my personal disgust with president that calls death of 4 us officials in Bengazi a "phony scandal", I am genuinely sick and disgusted of this to my deeper core. And here comes important part: so you say to me in response: if you don't like it, move out! And you are damn right!

We made this decision recently and right now my wife is learning my native language while I am shifting more towards doing more remote programming gigs. Surprisingly after I moved here from the country of communism, now it seems safer and more sane back in Europe than here! Europe has its problems of course, but honestly I believe Europe will deteriorate much slower than US. Here everything is on fast forward and yes examples like Manning or Snowden revelations and lack of echo makes it hard to believe anything will change for better in the future.

I believe I am not the only one who draw this conclusion lately. I also think that many smart people coming to this country to live "american dream" are also smart enough to realize the economical situation become so unstable that its better to "wait and see" back home.

With all the outcoming gov scandals, with government forcing you to vaccine your kids...

All other points aside for a moment: the government should force each and every parent to vaccinate their children. Herd immunity is a key factor in protecting most of the population from many awful diseases, and herd immunity is only effective if the vast majority are vaccinated. There's no credible evidence that vaccination causes autism or any other malady.

Even if we are 100% clear that there is no evidence that vaccination causes any malady, government mandates requiring that the government chooses what things should be injected into every single citizen crosses a very important line of freedom of action for me. Just like the argument that you may not agree with someone but will defend their rights to say it. I may not agree with an anti-vaccination person but I would defend to the end every persons right to liberty (that is choice) in regards to government mandates as to invasive procedures, pills, or injections. We have to think of the future implications of precedents like that.

The problem is it is not about your freedom and safety. It's about the freedom and safety of others. Herd-Immunity is essential for protecting those who can't be vacinated because of allergies or age. By refusing vaccinating you aren't just giving up your ability to be protected from these life-threatening diseases, you're also endangering others. The government has these laws for the same reason we have laws against drunk driving. You have the right to endanger yourself however you want; however, you have zero right to endanger another human.

Your position would be more clearly stated if you said that the problem is weighing freedom against safety. There I agree with you. It is not my freedom from government mandated medical injections or procedures the needs to be weighed against safety for the herd but rather the importance of freedom of choice generally weighed against safety for all. Also, the government does not have these laws. This is a line leglislaters have not crossed, and good thing too, given the importance of setting good precedents around medical ethics in a fast advancing field.

Yes vaccination is NOT a billion dollar business, vaccines do not kill people, and its perfectly logic you need to get shots against other peoples diseases BUT at the same time those who don't become a danger to you, yes.






I could go on and on here like the vaccines business is create problem & offer solution infinite loop, but I hope you can do a research on your own.

1st off, the last link you have there is a brilliant example of a failure to use Bayesian reasoning.

> its perfectly logic you need to get shots against other peoples diseases BUT at the same time those who don't become a danger to you

You don't understand herd immunity. It amplifies a weak individual immune boost (say, a 40% effictive vaccine) into a dramatic effect on the actual number of people who get sick.

Here's how it works: consider the average number of new people an infected person will infect (call this number k). If k>1 (1.01 even), the disease very likely explodes across the face of the earth and turns into an epidemic or pandemic. If k<1 (.99 even), it fizzles and only a few get sick (do a stochastic simulation if you must). Point is, we care a lot about making k<1 by any means possible.

Vaccines are hard to make and not very effective in the sense that there is only maybe a 40% chance they will stop you from getting sick if others around you are sick. But that 40% success rate dramatically effects k so long as everyone gets vaccinated: if k<1.6 pre-vaccination, our hypothetical vaccine turns a pandemic into a fizzle.

If you're one of the assholes who spoil the whole thing by not getting vaccinated, your peers have every right to get angry with you. I wish you could be collectively sued for your effect on an outbreak, but I'll settle for a bit of government incentive.

> vaccines do not kill people

The FDA and EMA are dramatically overcautious when it comes to this kind of thing (they minimize the number of lives lost to drugs and vaccines even at the expense of not minimizing total lives lost). If you think otherwise, safety and efficacy studies are public. Start with primary sources, avoid hokey nonsense like what you posted. The FDA site is a mess but google can usually find specific studies with filetype:pdf.

> the vaccines business is create problem & offer solution

Pretty sure it's evolution (of bacteria and viruses) creating the problem, not drug companies. Or do you not believe in evolution either?

Thanks for response, I upvoted you.

I wasn't clear in my first post. I am not against major vaccines, the problem is that today by age 8 you have many more shoot than those you had only 20 years ago. I fail to believe life on Earth change soo much that we all need so many more shots to survive.

Like with any other business, pharma sees opportunity to oversell and creates tons of unnecessarily shots that your local CSV loves to advertise. I also personally know an example of an older man who got a shot and 2 weeks later got sick exactly on something he was getting shot against. It doesnt make sense.

> I am not against major vaccines

Oh, good :)

> today by age 8 you have many more shoot than those you had only 20 years ago

There are two factors at play. One is evolution: there's a new flu every year (bacteria and virii can meaningfully evolve in less than a year, even). The other is that we are finding ways to vaccinate against more and more diseases. The diseases always existed, but your odds of catching them were higher then than they are now even if you don't vaccinate yourself because of herd immunity. There are still plenty of diseases we don't know how to vaccinate against, so expect the trend to continue.

> pharma sees opportunity to oversell

Yeah, and the US system is particularly vulnerable to those pressures. There are still protections: you couldn't get a placebo approved, even a well designed one. But single-payer systems are much better at focusing on efficacy. The other side to that is the US gets drugs first and sometimes exclusively. Just because a vaccine falls below the threshold of what the EU is willing to pay doesn't mean it won't save hundreds or thousands of lives in the US. We pay twice as much for health care and this is one of the (very) few extra privileges we enjoy as a result. Best take advantage of it :)

> older man who got a shot and 2 weeks later got sick exactly on something he was getting shot against

I still don't think you grok herd immunity. Vaccines do very little to protect the individual. If you would have gotten sick before the vaccine, you would probably still get sick after the vaccine. But if everyone gets vaccinated, the disease dies away.

It's like a nuclear bomb. Below critical mass, it's just moderately radioactive. Above critical mass, you get a huge explosion. Vaccines keep a disease from getting to critical mass. They don't stop individuals from getting sick very well (they don't stop the radioactivity) but they reduce it just enough to prevent pandemics (nulear explosions).

I'm not a doctor, but having had small kids in the US and in New Zealand I noticed a marked difference in the number of jabs that are recommended. I don't know the reasons for this but the idea that it may be correlated with a larger impact of business incentives in insurance-company US versus single payer NZ doesn't seem wildly implausible to me.

> I could go on and on here like the vaccines business is create problem & offer solution infinite loop

Except that we know the backstory to this particular chicken/egg problem, and we know that in this case vaccines came last, after the problem they were meant to solve (and, substantially speaking, have solved).

America's longest-serving President was crippled no less than 100 years ago by a disease which vaccination can now prevent, and you're blaming Big Pharma for that???

If you don't feel like putting in a serious effort into presenting your argument, then I see no reason why anyone should take it seriously.

I know you are probably far too far down that rabbit hole to hear me, but herd immunity is vital for those who do not have the option of getting vaccinated.

Thanks for your perspective. I wonder which hot-button you pushed that caused the downvotes? My suspicion would be vaccination, but I'm not ruling out the gun-illustration (the word "drawing" is ambiguous in this case) or Bengazi...

Indeed, the downvotes seem bizarre to me. This response just looks like somebody sharing their experience in the matter in a coherent way. It could also be someone who doesn't want attention drawn away from their post.

Anyhow, I'm in Canada right now, and am in the next few years probably looking to change careers. I have good contacts with several top-tier tech companies in the US, and also with the auto industry and big oil. I've never really had much of a desire to live in the US, but now more than ever I'm finding myself looking to other potentially less lucrative positions just because of my distaste, much like the post above.

It really doesn't feel like a good time to be living in the US as a foreigner with an engineering degree, a very foreign sounding name and very liberal views. :-/

I disagree with your usage of the past tense here. This is far from over, and I don't think the public's reaction was tepid.

Tepid? The response has been cooler than that.

You apparently missed the fact that the Obama administration had a full scale Democratic congressional revolt on its hands yesterday - a majority of congressional Dems voted to defund the NSA collection of bulk call records under FISA - the White House was seriously afraid the Amash Ammendment would pass - it only failed narrowly - 217 to 205. So in objective terms, the response has been far worse than the administration expected. And this policy tussle isn't over yet.

But still, everything continues as usual.

Nobody is guilty.

Nobody did anything wrong.

And money to the program continues to flow.

>Nobody is guilty.

>Nobody did anything wrong.

True and true. If I am not mistaken, What we've witnessed from James Clapper and General Alexander, it is legal for representatives from our federal surveillance agencies to openly lie in a Congressional oversight hearing.

This of course, if fact, is insane, and will only lead into extralegal catastrophe. Learn to read and reread `Clapperspeak'. When you look for it and know a little context, we see how entrenched and truthfully revealing it is:

"And Ye Shall Know the Truth, and the Truth Shall Make You Free"

- John 8:32, and the entrances of NSA, Fort Meade, Maryland, and the CIA HQ, Langley, VA

"Arbeit macht frei"

-Auschwitz, and the entrances of other Nazi slave labor camps during World War II

I think many of us in the United States saw this coming when the current administration stated they would not be addressing the previous administration's law breaking.

The law is now "in your face" optional, depending on how much money and/or power is involved. Power has always had undue influence, it is just flagrant now.

From what I read, this is fairly common among many countries, so I take it as part of the "human condition."

i think the issue is: 10% of the people are informed enough to realize what's going, and yes, some of them are acting. the majority of Americans don't know what's going on, and many of them don't care, which is sad.

I don't know what would have to happen for you to consider the response substantial. Would citizens need to be forming militias and actively marching in the streets? That's just not how people react anymore.

Tens of thousands of people called their congresspeople on a day's notice to express their support for the Amash Amendement. That amendment lost by only 12 votes. A large majority of people polled think that the NSA dragnet is infringing on privacy rights. I think that's pretty good for a notoriously apathetic populace. This issue is far from over.

A few tens of k's is remarkable. There's a fallacy of thinking "people aren't doing anything about it, therefore they don't care".

In fact, people don't "do something" because they estimate, rightly or wrongly, that they can't do anything that would make a difference. Millions worldwide protested the current US wars when they were getting started, but they went ahead on schedule. What, exactly, can citizens do to effectively influence their government anymore? If people perceive that rule of law is gone, the rational reaction is to "lie low" and hope to get thru these times unnoticed. Those still contacting congress may be old enough to remember a different USA and naive enough to not realize it is gone.

I find it sad, but that is the conclusion I came to, as well.

Tens of thousands caring out of a population of 350 million is 0.03% of the population. That's kinda tepid. But should Paula Deen have been fired from Food Network? Crisis of epic proportions!

You might want to consume different sources of news media. The only times I've heard the name "Paula Deen" was in conversation with my parents and grandparents. I'm sure her travails (whatever they are or were) amount to a crisis for some people, but you don't have to pay attention to those people.

Oh. Your parents and grandparents aren't Americans, then?

Look, if you hang with the hipsters who "consume" better media, then sure, you won't have any clue what the vast majority of the public cares about. It's not surveillance. It's whatever mass opiate has been focus-grouped out for the week.

In the meantime, though, that mass opiate is mainlined into every public space in the land on countless television monitors in essentially every place where a person has to spend more than 30 seconds. They've got no time to think about the future - they've got to be outraged about this week's 15-minute hate, or admire this week's baby, or fear this week's terrorist.

You may simply not visit those downscale places. Good on you. But Washington really doesn't care, except to the extent that you earn more money they can extract or possibly build more centralized data processing services they can mine.

Vivtek's point was that most people don't care about this, and consider the Paula Deen incident far more noteworthy.

That may have been true for whichever couple of days the talking heads devoted to the unfortunate Ms. Dean, but it simply isn't borne out over the long haul. If you look really hard, I doubt you can find a single piece about Dean that was produced today, while most outlets have several about Snowden.

You can't find a piece about Paula Deen today because the attention has shifted to Prince George. Which, by the way, is exactly the point: While there are people who care about Snowden, NSA, etc., they are not currently any kind of substantial part of the public. We all ignore that at our peril.

The fact that Snowden may be a larger-than-normal individual news story doesn't change the fact that the story doesn't capture public attention in the face of the multitudes of other news stories continually cropping up and then going away again.

Prince Who? Look, I'm an American. We fought several wars to confirm that we don't have to give a flying fuck about King George III or any of his syphilitic inbred descendants.

Not even 500 people made it out to support the July 4 protest of the NSA, in a country where tens of thousands of people will turn out to oppose gay marriage.

Depending on what polls you read, a majority of Americans think the NSA policy is acceptable: http://www.washingtonpost.com/politics/most-americans-suppor.... ("Overall, 56 percent of Americans consider the NSA’s accessing of telephone call records of millions of Americans through secret court orders 'acceptable,' while 41 percent call the practice 'unacceptable.')

The real news here is that Congress reacted more strongly than the public!

Maybe that's because they know how this power can and will be used against them. What's the likelihood of this blackmail power being used against an ordinary citizen? Very low (why bother?). Against a congressman? Well...

If you're talking about the media, what did you expect? The mainstream media is just a mouthpiece for the government at this point.

I know that's a popular thing to say, but the mainstream media broke the story. In what way are they a government mouthpiece?

In what way...

When they regurgitate the content of a government press release or briefing without challenging both its basic premises and noteworthy claims, which they all do every single day, many times a day, the popular news media perfectly inhabits the role of "government mouthpiece". This includes the many instances of on-the-one-hand-on-the-other press-release ping-pong between the two allegedly opposed narratives provided by our two allegedly opposed political parties.

The media didn't break anything. Snowden gave them the story, which they have mostly ignored in favor of hit pieces against him as a traitor and a coward.

Perhaps you need to look up the definition of "breaking a story":

"to be the first to broadcast or distribute the story of an event."[1]

Snowden provided the information, the media absolutely broke the story.

[1] http://idioms.thefreedictionary.com/break+a+story

You're right, it is a sweeping generalization. It'd be better to say that most of the mainstream media serves as the government mouthpiece. A few key outlets continue to serve the vital role of breaking important stories such as this one.

Unfortunately I believe @northernmonkey and all OP's are talking about the "average American" and maybe the "average human". After all, in the US anyway, aren't we-the-people the government? That would make the MSM a mouthpiece for... the average American. I believe that is more or less true as sad as it is.

Aware and concerned tech-heads are trying to protect a drunken fool (the public) from a hungry bear (whoever it is that actually runs the intelligence networks). Either one is dangerous enough on its own, trying to save one from the other is like trying to settle a domestic dispute... not sure it can happen.

I don't have an answer, just an analysis.

> Aware and concerned tech-heads are trying to protect a drunken fool (the public) from a hungry bear (whoever it is that actually runs the intelligence networks).

What self-important, self-aggrandizing bullshit.

Your comment leaves much to be desired.

And an attitude of comparing the public to drunken fools doesn't?

Not the point. Idiots will be idiots. It's better to hold yourself to a higher standard.

There is something to be desired about an attitude that conflates people having different values and priorities with their being "idiots."

Sorry, I miscommunicated. I was saying that the person you responded to was being an idiot by calling the general public drunken fools (true or not) and that it's a bad thing to lower to that level of discourse by retaliating in such a content-free manner because you won't change anybody's mind that way. I.e. your position is good, but it's only through expressing ourselves well that we can have an influence on others.

Of course if it was just to feel good about calling out idiocy then it's not necessary to put in much effort countering it.

Just so you both know, from the outside, you both appear to be on the same page on the decorum issues here.

heh... missed this rabbit trail. Forgive me for the offense. s/Drunken fool/uncaringly ignorant/. @all, Thanks for the correction whether harsh or gentle, I don't mind. If its called for, tone is less relevant.

Or is it the other way around? I honestly don't know anymore.

The public's reaction hardly matters in our two-party system, in cases where both parties are firmly against the public.

Do you think it was planned by the NSA?

I don't, but then anything is possible. They could have invented Snowden in response to a credible threat from someone else that was planning to leak this or other even more sensitive materials. Anybody making similar disclosures today would have a tough time getting any attention because the Snowden story drew so little public outrage.

The Snowden story got huge traction. It will be the biggest story of 2013.

Zimmerman story was bigger, I'd say. Maybe Paula Deen too.

Zimmerman perhaps. We're still not out of that story yet so it may grow bigger with protests, etc., but it's still a US centric story. Deen even more so,

Snowden has gotten a lot more international coverage.

To back that up from across the pond: the PRISM/Snowden story has been major news in the UK. Zimmerman was headline news, but only for a day or two, and I don't know who Paula Deen is.

You can call it boldness, but at this point I'm not sure how you'd distinguish it from an extinction burst[1], or "getting while the getting's still good."

1. http://youarenotsosmart.com/2010/07/07/extinction-burst/

It's unfortunate but not surprising how little coverage this whole thing has had. I think as tech savvy individuals we need to do a better job of informing people of these events. The media won't care unless people care.

> Public-key cryptography as we know it today may be rapidly approaching the end of its useful lifespan.

No evidence in the article substantiates this bold statement.

- "pressuring major Internet firms to provide their "master" SSL keys for government surveillance purposes": this demonstrates a weakness of centralized public-key infrastructures, it does not follow that public-key cryptography is doomed. (See: web of trust.)

- wiretaps, snooping, etc.: everyone is welcome to grab a copy of the ciphertext, this does not prove that cryptography is futile -- quite the contrary.

- "concerns about the security of widely used cipher algorithms and a range of other associated exploits": vague.

- "it is prudent to at least assume that intelligence agencies around the globe may still be working several steps ahead of public "state of the art" in crypto tech": unfalsifiable.

- "forced the hands of chip manufacturers to include "special goodies" for surveillance purposes": I am willing to fear deliberate plausibly deniable weaknesses on accelerated hardware implementation of crypto primitives, e.g., PRNGs, but it seems very hard to believe that implementations of public-key crypto using general purpose instructions could be somehow identified by the CPU and somehow tampered with in a way which would be non-obvious somehow.

- "when governments really want to target someone, they'll find some way to compromise the associated computers directly -- either through phishing or other malware attacks, or via in-person "black bag" jobs to physically alter systems as they might feel appropriate": humans are the weakest part of cryptosystems, and if they have physical access then they win; nothing new here.

In conclusion:

> I believe it would be fully appropriate for us to be considering alternative methodologies for data protection that are sufficiently outside the existing public-key "box"

Public-key cryptography is a tool. It certainly does not form, in itself, a full "methodology for data protection", but nothing in the article justifies that has lost any usefulness in its current form.

Public-key cryptography is a tool.

Yeah, I believe the author mistakenly conflated public-key cryptography with the public-key infrastructure (PKI). One is a technology and the other is a set of policies built around a trust model. While the technology remains sound, our confidence in the policies may be weakening. To prepare for this, we may need to look at alternative trust models such as web of trust.

Agreed. Public-key cryptography is fine. Entrusting third parties to protect your privacy is dying.

This is something I have been thinking about a lot lately. Users need to take more responsibility for guarding their own privacy. I think there are a lots of business opportunities here: easy to use tools that keep control entirely in Alice's and Bob's hands and public key cryptography is certainly part of the solution.

The fact that the agencies have to apply pressure to obtain keys proves that the crypto is working.

Therefore, if you have, use and keep secret your own keys, the best-resourced intruders cannot practicably get your data.

Of course, http://xkcd.com/538/

I've been thinking quite a lot about that exact thing as well. There must be a way to build great commercial tools that are also truly secure. I'd love to discuss further. Contact info in my profile.

> state 6 hours ago | link | parent | flag

> I've been thinking quite a lot about that exact thing as well. There must be a way to build great commercial tools that are also truly secure. I'd love to discuss further. Contact info in my profile.

'state', to solicit this collaboration, would it not be prudent to init a new HN account under a different name?

I would say that government attempts to force data to be handed over reinforce the strength of public key encryption. Since Public Key made its debut, we've known that the only real actual threat to the system was an incredible advance in the realm of factoring. That has not happened.

This article talks about the many ways public key can be circumvented, but offers no insight into a mathematical breakthrough. Thus, there will remain a way to encrypt your data, you just need to make sure your keys will always be safe.

> No evidence in the article substantiates this bold statement.

The implication is simple and frightening -- classify it as munitions and making illegal to possess.

Remember that Constitution also allows one to have arms. Well arms in 1700s was rifle and that was a top weapon whether for government infantry or dissenting militants. What happened, you can still own arms but you can't own ICBMs, air-2-surface missiles, attack helicopters, nuclear devices etc. So as you can see just because something seems so inalienable, it can still be easily taken (not saying use of public crypto is a Constitutional right, just making a comparison between obvious rights easily stripped away).

Not only that, many country do make it illegal to have crypto software. It is not an outlandish proposition.

It won't take much to drum up support. Just need 3-4 high profile cases of: terrorists or child molesters using PGP and Joe Sixpack would be pretty easily convinced to call his representative and ask him to vote to make such "enabling tools" illegal.

The implication is simple and frightening -- classify it as munitions and making illegal to possess.

You know we went through this in the 1990s and PGP was declassified as a munition, yes? http://en.wikipedia.org/wiki/Pretty_Good_Privacy#Criminal_in...

Before taking the claims at face value it's good to do a bit of background research. Also, I generally find anything where every paragraph consists only of a single sentence can safely be ignored.

Exactly that was my point. It was only 20 year ago. It was declassified as munition it can be reclassified as munitions pretty easily as well.

> Before taking the claims at face value it's good to do a bit of background research.

It also good to read and understand the whole comment before replying. I didn't say it is illegal (in US, it is in other countries) I said it is not an unreasonably hard step to take.

> It was declassified as munition it can be reclassified as munitions pretty easily as well.

As any browser has to integrate some sort of public-key cryptography support to use HTTPS, and as HTTPS is pretty useful for things like sending your credit card number over an insecure channel, I very much doubt that the genie could be put back in the bottle now.

I read your whole comment, I just don't agree with you. It would be wholly impractical to reclassify PGP as munitions considering its ubiquitous availability. It got declassified in the first place because there was strong legal precedent supporting the publication of the algorithm in book form. I think your fears are unreasonable.

All forms of public key encryption require proof that Alice or Bob are who they say they are or you can setup a man in the middle attack. Without a public key athority to Safely provide the correct public key your stuck with manual key exchanges which can work, but does not scale. If the government has the public key authority's private key they can spoof them and setup man in the middle attacks easily.

Web of trust. So say I meet someone visiting from the US that I trust, he gets my public key and signs it, and vice versa, then I can guarantee to people who have my pubkey that the one I'm sending them is his one.

Web of trust has massive scaling issues. The most obvious being a rooted devices can quickly compromise the network and your talking about a huge attack surface if your willing to trust more than one link in the chain.

Edit: Realistically if you want secure peer to peer communications your protocalls has to survive when 40+% of peers are compromised and well good luck with that at scale. This seems like a reasonable problem but you also need to be able to revoke certificats.

What about some sort of web of trust model that has a notion of confidence. Lets say I have four people; Alice, Bob, Carol, and me. I know both Bob and Carol, but I don't know Alice directly. Since both Bob and Carol vouch for Alice, I can be fairly sure that Alice is Alice. Now lets say that Bob has reason to believe that Alice has been compromised, so he revokes his link to Alice. Now I have am less confident about Alice, because I have one link to Alice instead of two. Or is this how Web of trust works?

This is how bitcoin works. The network will adopt whatever the majority agree on in terms what transactions happened. As a result, you can't man-in-the-middle bitcoin and it remains secure even without centralized key signers, because you can increase your confidence by confirming a transaction with as many nodes as you want. This is how you validate a local block chain - you connect to enough other bitcoin clients in the swarm such that at some confidence threshold you agree your chain is the correct one. The usual number is 8 independent connections in the bitcoin network (both for blockchain verification and confirmation of transaction acceptance) because the probability of getting 8 bad actors agreeing to the same fraudulent transaction is mathematically demonstrated to be sufficiently low.

Note: that is (besides the 51% attack vector) the primary reason the bigger parts of the crypto scene won't call bitcoin truly secure. Because there is still a risk of insecurity, it is just abysmally small, and disrupting one node doesn't mean the degradation of the web of trust because as long as the majority still agrees on the correct state of affairs (and as a false block chain diverges it becomes more expensive to maintain that public facing fork to disrupt other clients).

An important point about bitcoin for this discussion. It in no way authenticates who anyone is beyond there public key, it just keeps track of what someone does with those keys. Aka I did this work which I signed, i want to move a bitcoin to this act which I signed.

You make it sound like Web of Trust does not include revocation.


which time?

Random time, of course.

I mean, what's to stop people forming their own signing authorities and distributing the public keys via a trusted method as we do anyway?

The fact that neither you nor I have heard of the projects already doing this.

You are totally nitpicking on semantics. Obviously the general concept of public key encryption is not at risk.

"As Feds Demand the Keys, Preparing for the Death of Public-Key Encryption"


Something that people have apparently not quite connected is that these developments are incremental steps towards and can already be considered within the spectrum of mind reading. The only reason that that a majority of today's people do not recognize the situation as squarely in mind reading territory based on examples from literature and popular culture is that the the technical limitations still retrain government, with great frustration.

Although the same heeds of danger did not suffice in the early 20th century, we are facing the same mechanics that led to the world war. We are at a nexus of an ugly transition into the consequences of the information age the same way that humanity would ultimately face demise at the nexus of the consequences of industrialization leading up to the World War, first and second part.

The problem is a generational one; the baby boomer generation, with it's industrial age mindset is incapable from internalizing the consequences of their unprincipled actions.

Balderdash! How many people are in the baby boom generation? And you paint them all with one bush? Do you do the same for people of a particular race? Upon closer inspection you will find that few boomers are responsible for your woes. Your parents maybe, but most of us are as powerless as you. "Industrial mindset"? Poppycock! I look around and I see many young people serving up enormous amounts of their private information on public forums. Boomers have nothing to do with this. Quit obsessing about "boomers". It's such a useless distraction.

I expect few complaints will elicit less sympathy than the plight of the poor put-upon baby boom generation.

Thanks. Now stop being distracted.

You mean, we have a new paradigm, an unprecedented new perspective and ability, so the first thing we're gonna use it for is to try and kill as many people as we can before they kill us?

>so the first thing we're gonna use it for is to try and kill as many people as we can before they kill us?

As we always did. But let me correct you "the first thing we're gonna use it for is grabbing as much power as we can, which involves killing as many people as we can before they kill us, as they have the unfortunate tendency to resist".

Yeah, but thats an entirely different ballgame if you ask me. The thing that differentiates this and mind reading, is full public/mainstream understanding.


"Oh hey ma, the damned government is demanding public SSL keys, that means they can grab the data between your computer screen, and [insert popular services] servers"


"Err, ma. The government has just announced they're now going to be reading peoples minds wherever and whenever you are."

I'm sure one would illicit a much more active response, and as ever, its down to full understanding.

Precisely, I agree that this is the logical direction in which this is heading.

I think there's an implicit but rarely stated understanding - in silicon valley in particular - that there's value beyond traditional monetary capital in collecting and storing personalized information about individuals, groups, and organizations - i.e. security, profiling, recruitment and research value.

Background checks for hires, selection and identification of possible good candidates for roles, psychological profiles, etc could all - theoretically - be extracted given enough information. For now it is - allegedly - being used purely to identify and track bad elements, but these dubious 'values' exist in the data regardless (and, notably, also for attackers).

Knowing the intent of individuals and what they plan to do would clearly be massively valuable as well - PKD 'pre-crime' springs to mind, and I think Eric Schmidt was strongly signalling to the world that Google is hunting this value aggressively during this 2010 interview:


As connectivity spreads and devices become closer to our biological selves, this is only going to become more accurate - and thus more powerful and controlling for anyone with the ability to use and see the data.

The real questions I have are: how accurate are these predictions really (is Google anywhere near as advanced as their public statements would have us believe?), and how many organized criminals / terrorists will in their right minds continue to use these services, extrapolating, as they must, about these directions as well. With the current silicon valley mindset, the technologies to support all this infrastructure will be pursued even if for reasons of pure capital - they all align perfectly with valid use cases in the advertising, sales and marketing realms. (see: intent analysis)

I think there is a dream of purely computerized security based on 'enough' global buy-in to US-based services, aligned with sufficient communications interception. For example, if 70% of the world uses US services for communications, perhaps that is enough to identify suspicious holes/gaps/anomalies in social networks - as well as simpler patterns of criminal behaviour within the covered communications - and thus anticipate problems.

But whether this is near a reality, and whether the ones who suffer on aggregate are {citizens/residents} or {organized crime, terrorists} I think is very unclear without transparent statistics on coverage / actual crime preventions / etc. I would guess that the NSA, GCHQ, Facebook, Google et al are not there yet, but what they have done is create an arms race where if they do not follow-through, others elsewhere may do - and thus it has become a matter of national security (in terms of supremacy of the allies) after all.

Frankly I would question given the financial crisis whether they are even hunting the right targets, but direction is presumably still set from a political and defence angle as opposed to overall public good.

Given that other nations are likely now following in these same footsteps, I think it is extremely important that the US sets good precedents, because others will take their lead. And to make a parallel with the cold war, it seems like resolution of this kind of arms race would need co-ordination and agreement with other international spy agencies - after all, the volumes and value of the data/analysis they are storing is presumably as potentially destabilizing to international safety as nuclear stockpiling is.

This is all very interesting. So far it seems to be used to show me adverts for stuff I have already bought.

That's commonly known as 'remarketing' - by co-operating a little, a website and an advertising network can communicate the pages and products you've been looking at, and then the ad network can show you the products (or related items) again when you visit other sites.

It's frequently annoying if you've already made the purchase / decided not to, but it's a marketing ROI 'hack' in that the users who are being shown these adverts have already previously expressed some interest in them.

Even if 50% of users aren't interested any more or bought the product, the remaining 50% are still 'well qualified' -- i.e. known relevant -- and so showing the content again to them is more likely to result in sales, and so is 'cheaper' for the advertiser than targeting otherwise-unknown users. It's better for the ad network as well since their customers (the advertisers) will get better results.

Intent mining is really more about analyzing what people are saying online (or, equally, the text they're entering via search engines) and working out what they are intending to do - are they looking to purchase a camera, or are they looking for information about a business?

The two aren't completely separate - remarketing combined with intent mining could presumably have some interesting results (we've seen you were investigating shoes yesterday, and you're travelling to a mall - I'll show you some adverts from shoe stores there), but they're slightly logically different.

Have no doubt about it, this marks the beginning of the end of online privacy. Now that even the U.S. govt is asking for the TLS Certificates there is no country that has the moral high ground on this issue.

I'm from India and when I heard that the Indian government was asking Blackberry for its encryption keys I thought "Hah these people are so ignorant! They don't even know how public key encryption works!!". In hindsight it doesn't look very foolish. In fact they're openly building a surveillance system called CMS which has no checks and balances even on paper. Unfortunately in a country like ours with has so many other pressing issues it isn't a big deal yet.

Recently some governments tried to orchestrate a power grab of the internet via the ITU but it was vetoed by the US. "Its better to let the US govt. have a monopoly on the internet", or so I thought. What with all their constitutional protections and all. Recent developments have shattered my hopes.

The NSA's worst case scenario has already happened. Other than some modest outrage on the internet nothing much has changed. In a sense it shows a tacit acceptance of mass surveillance by most of the public. Hence my opinion that recent events mark a turning point.

With noone having the moral high ground its quite likely that all world governments and corporations are soon going to come to an agreement on permanent mass surveillance . What then ?

I am in the same boat. I supported US against my own (Indian) government on the ITU taking over internet governance issue because I genuinely believed US would be a better guardian of the Internet than India. I was proven wrong. Now, decentralization of internet control doesn't seem like all that bad a thing.

>Recently some governments tried to orchestrate a power grab of the internet via the ITU but the US vetoed it. I thought it would be better for the US govt. to have control rather than untrustworthy foreign govts. Recent developments have shattered even that impression.

Yes, this is the thing that worries me the most. It may very well be the beginning of the end of the "multi-stakeholder model" of internet governance. There's no one left with any kind of moral high ground to fight off these attempts.

It's a neat argument that the Feds have.

If you send traffic unencrypted: 'You have no expectation of privacy, because you're broadcasting information publicly.'

Turn on encryption: 'Clearly you have something to hide, and deserve additional scrutiny. It's still not a fourth amendment violation because we are just compelling a business to give us your keys'

Morton's Fork:

    A man living modestly must be saving money and could
    therefore afford taxes, whereas if he was living
    extravagantly then he was obviously rich and could
    still afford them.

Right on,

Clearly its also ok for the police to search your apartment at any time as well. You don't own your apartment, an apartment corporation does, so its clearly not a 4th amendment violation

Actually laws do protect private domain of a rental. It's the same reason the apartment companies themselves/landlords are not allowed to enter the apartment without your expressed consent.

They don't need consent, they just need to give notice.

The point is those laws are the implementation of the intent behind the Fourth Amendment, and it's strange that we don't have other laws which implement the full intent of the Fourth Amendment with respect to private communication.

Hey, don't give them any ideas now.

Corporations are people now as per http://en.wikipedia.org/wiki/Citizens_United_v._Federal_Elec...

Let's sue for the violation of our company's 4th amendment rights.

Sounds like not "the death of public key encryption" but the golden age of building technical controls into hardware/software which cannot be subverted by the operator, even in the face of a state agent with a gun.

Assuming the right tech is developed and deployed, this is going to be far better for everyone in a few years. Yes, it will be shitty for a year or two, but by 2020, if we actually have real technical security, it will improve security and trust for end users. Rather than "trust us", it will be "trust us, because...".

Those things you speak of will be outlawed and you won't be allowed to use them.

Harsh. dvmmh made a joke a few days ago and got downvoted to oblivion. But I think this comment is a good one: we do not live in a libertarian paradise. The government is comfortable using its powers, including physical violence under the law, to keep people from doing things it does not want them to do.

Sadly, that's exactly how things work. We tend to think we can find technical solutions to create legal loopholes, but they usually end up as contempt of court.

Situations like these probably rarely produce a real "winner". It is going to be an arms race between those favoring personal privacy and those favoring government snooping.

Just keep in mind that government operates basically on an unlimited budget and has access to a wide range of harassment opportunities for non compliance in matters like these. This fact alone will keep them at least at a dead level with potential counter measures.

No, it's a win because the government is not the only, and in most cases not the worst, threat.

Insiders (like Snowden and Manning, ironically) are one of the biggest threats. Being attacked by non-USG outsiders is a major threat ("hackers", state sponsored or not). Your business partners being hacked, or having lax security, is another threat. USG is probably near the bottom of the list of actual threats for most people, in terms of frequency; they just have the most amazing resources.

If the "evil NSA boogeyman" is enough to get people to finally care about security, that's great. It's like people preparing for zombies by buying water, freeze dried food, radios, shotguns, etc., when in fact they're at the same time preparing for the far more likely earthquake or civil insurrection.

> Insiders (like Snowden and Manning, ironically) are one of the biggest threats.

They're a threat to those who like running a Surveillance State, not to the average citizen.

Whistleblowers are a help to the average citizen, yes, but perhaps the parent poster meant "insiders with their own motives", which might not be benevolent.

Insiders are the biggest threat to any organization. Doesn't matter if it is USG and Manning or that Icelandic kid and wiki leaks or whatever. Independent of whether the org is good or evil.

"They" specifically are... generally, the point is that 'insiders' are probably not motivated the same way but have the same access to data which they could leverage against a target.

I always assumed "zombie apocalypse" was code for "civil uprising" anyway.

Even in Oakland, I am way more worried about things like an earthquake, blackout, etc than a civil war, though.

I can think of at least one counterexample, namely the failure of the NSA-promoted key escrow system in 1990s (aka Clipper chip)

And removing publicly available software crypto from the most serious export restrictions, at roughly the same time.

>Assuming the right tech is developed and deployed, this is going to be far better for everyone in a few years.

A, the old "let's use technology to solve a political issue" idea.

Sadly, it does not work. For one, the government has all the technology available for it too, including dedicated, full-time paid researchers.

Second, they can outlaw any of those things at whim.

These criticisms of technological solutions always miss the obvious: both approaches complement each other.

If I send my aunt a letter, I am assured that unless there is a warrant, my letter to her will not be read by my government. She doesn't live in my country though, and her country gives no such assurances. More-so, even if it did, I would have no particular reason to trust her government. On that note, what if I don't trust my government?

Instead of sending her a regular letter, thanks to technology I have the option of mailing her a message encrypted with her PGP public key. Now I have to trust that my government will not beat me with a wrench or compromise my computer to gain access to the pre-encrypted letter (if I posses it), I have to trust her government to not beat her with a wrench or break into her computer, and I have to trust our governments to not outlaw PGP.

So which is preferable, finding political solutions to the "my aunt and I are being beaten with wrenches" problem, or finding political solutions to the "my letters are secretly being read without our knowledge" problem? I assert the former is preferable. Beating people with wrenches is a far more extreme action, it is easier to trust governments not to do something that is more extreme.

All of the problems with technical solutions are ultimately political problems. You can either abandon all technical solutions and only go for political solutions, or you can find political solutions to the shortcomings to technical solutions. Technical and political solutions complement each other, providing assurances that the other cannot. Both need to be pursued.

Don't want the government to read your mail? Encrypt it. Don't want your government to ban that? Lobby your position.

>These criticisms of technological solutions always miss the obvious: both approaches complement each other.

In a small way, yes, but in the long run, politics trumps technology.

You could achieve privacy from the government if you solved the political issues.

But the reverse is not true: if you had the perfect technological solution, they could make using the solution illegal -- including doing away with plausible deniability, even if the technological scheme provides it.

Or, if the government goes totally south, they could fuck you in other ways, making the technological solution totally irrelevant. E.g they could put you in a concentration camp. Where's your tech now?

>Beating people with wrenches is a far more extreme action, it is easier to trust governments not to do something that is more extreme.

Only if you leave in a western democracy (and are not a dissident, activist, or of any concern to the law).

In any other country , trusting the government not to do the extreme is not really that obvious. Heck, even in Western Europe, there have been 3 active millitary dictatorships during the last 40 years (and this is not even counting Eastern European countries, stasi and such).

You really seem to be keen on not getting it.

What you are saying essentially boils down to "Don't waste your time with PGP because they could just stick you in a concentration camp." Being stuck in a concentration camp is a problem that needs a political solution (or in that particular extreme case, a violent solution...), so strive for one. Nobody is suggesting that everyone abstain from finding political solutions to political problems.

All the problems you seem to have with technical solutions are things that can be solved with political solutions. If you are advocating the possibility and pursuit of political solutions, as you seem to be doing, then why do you think the problems with technical solutions insurmountable?

Here is my proposal: Everybody use cryptography everywhere, to the full extent that we can manage. We then find political solutions to the political or physical threats to cryptography. If they try to ban cryptography, we fight back politically. If they start beating people with wrenches, we fight back politically. If they try to throw us in camps, we fight back politically (...and violently...).

There is absolutely no reason not to adopt technological solutions where they exist.

I agree being in a truly lawless or evil state, even with high quality privacy technology, means you can't live a normal life. I'm pretty sure well before the "get in the trucks to go to the concentration camps" stage, it would be time to demonstrate that cryptographic munitions are not the only kind of munitions. There have been some promising efforts by EFF, etc. to bring the rabid pro-gun crowd into this in various court filings; people who will change states, vote single issue, etc. over being allowed to own a .50bmg rifle (when they could otherwise have a .510dtc anyway) are exactly the kind of people who will go to the mattresses over crypto. I think they also brought in pro-abortion people who vote similarly single-issue.

The US is far from that stage right now. NSA is developing absurdly overpowered capabilities, but is actually using them in a relatively constrained way, at least so far -- they are not being used for even high level criminal cases or really anything except actual terrorism. The problem is exactly the same technology could be used with a change of administration for political repression, domestic criminal enforcement, or whatever.

Since terrorism is maybe 1k people with any connection to the US per year, it's pretty easy to justify deploying privacy enhancing technologies to the remaining 300 million people, and there wouldn't be a politically feasible way to stop it. The battleground would be any extension of CALEA to pure-Internet companies, or worse, to end user technologies. Unless that happens, there's not much to fear in deploying technology overall, although in certain verticals (finance, with various FinCEN/AML requirements), additional regulations apply.

I think it's important to do both. We can't solve political issues using only technology, but it can also be helpful to build our infrastructure in a way that would make it cost-prohibitive to outlaw these technologies.

For example, we could deprecate and eventually disallow TLS ciphersuites that don't provide forward secrecy, just like we did with single-DES, the NULL cipher, and "anonymous" (unauthenticated) encryption modes.

I've recently begun designing such security systems(a few weeks ago). They are quite ugly at the moment and would require entirely new approaches to systems design. I can only hope that more people begin to think like this as it is the best possible evolution in security past things like RSA encryption IMO.

In terms of hardware safeguards, is it really an improvement when we have to rely on proprietary hardware safeguards that may have government "special features" silently built in, vs open source software that can be inspected by the public?

The point is to make the hardware itself feasible to verify. There are ways to do this arbitrarily well. Traditional HSMs are a very bad choice for "interesting" users for exactly this reason -- look what Crypto AG did to the Iranian Government and others, and other vs proofed commercial devices.

I hope it works out similarly to how proliferation of public wi-fi led to increased adoption of https.

Did you know it is illegal to broadcast encrypted signals on HAM radio? Wonder how long it will take for that to come to the internet.

Ham radio is a special case, and it is actually the Hams trying to block crypto. There is actually an FCC open rule making issue right now on the issue, and arrl is against it.

The solution is to develop protocols which use crypto but use a public key for now.

I saw that. Apparently issue is with self-monitoring. Also, would only be allowed for emergencies.

I didn't know that! I used to be a member of FidoNet (pre-internet network that provided e-mail and usenet-like services) back in 1990s and any commercial activity and encryption was similarly prohibited - relay operators were even supposed to read their users' mail and delete any messages that violated the rules.

I don't think there's any chance of this coming to the internet though. There are just too much uses for encryption besides conspiring for terrorist attacks.

Just wondering - will older, but still decent hardware, start to become increasingly valuable since the hardware controls don't exist there? Will the value of my circa 2000 Dell PowerEdge take on new life?

I'm looking at ways to do an open source HSM using either trivially auditable/passive components (batteries, wire, wl gore fabric) and old cots components which you could buy from arbitrary sources, or buy a bunch of and inspect destructively.

Maybe we need a manufacturer to step up and make a line of computers that is open source and contains self auditing features such as checksums for all hardware. There has to be a way to do it. Some of the latest Kickstarter projects that are hardware based would be in a good position to try and pull that off.

> To be clear, this is not to assert that targeted, justified intercepts should not be possible under appropriate and realistic court supervision.

Why make this disclaimer? To avoid being branded a fringe anarchist?

It seems to me that we should absolutely be building intercept-proof communication privacy to the best of our ability since A) there's no such thing as perfect security and B) anything of importance eventually comes into contact with the real world where governments have immense power and don't need backdoors to do their job.

It's worth noting that prior to the internet there was absolutely no way of creating intercept-proof communication. Whilst I don't want companies handing over the SSL keys any more than you do, we have only had truly secure communication protocols available to the public for the past 10 or so years of human history.

True, but then neither did governments have the capacity to record all telephone and/or telegraph communications either. The sword cuts both ways.

This article seems to be mostly FUD. Per-session, ephemeral SSL keys are available and are used by at least Google [1], CloudFlare[2], and others.

No keys are stored, no keys can be given to the NSA.

1 - https://www.imperialviolet.org/2011/11/22/forwardsecret.html

2 - http://blog.cloudflare.com/cloudflare-prism-secure-ciphers

That's only true in a pure eavesdropping scenario. The keys would still allow MITM attacks.

Except for cert pinning. I think moxie is working on a general form of that right now.

Cert pinning doesn't solve that problem. Cert pinning solves the problem of a compromised CA signing false certificates. If an attacker has the private key of the endpoint, cert pinning will do nothing.

I.e. the attacker completely simulates the desired endpoint since they have the priv key, DNS and all? I think that makes sense indeed.

Broad solution to all this is building your lives in business in a way government can have a minimal control of. Just do what it requires and keep everything else encrypted and anonymized. And don't rely on government for anything, for we are heading for a world of global government failure: people and institutions are going to ignore and circumvent them all, and make them dysfunctional. In a way, that will be like communism: there is little government can be of help nowadays, and it is more and more becoming a nuisance.

Don't rely on government for anything? What are you talking about? Almost 100% of scientific research and 100% of infrastructure around the world is funded by government. Almost all of education, health and welfare around the world (though less so in the US) is run by government. A lot of people are suspicious of government, but such fundamental disdain toward and alienation from government are peculiar American (and sometimes Russian) traits.

/sarcasm -- (to be read in the voice of Sir Humphrey Appleby)

I, for one, rely on my government to perform all those vital, but tragically under-appreciated services done selflessly and at great sacrifice, and all for the public good. Our top Whitehall mandarins do so much to pre^H^H^Hdeserve their salaries.

The fabulous residences for the ambassadors, senior diplomats and other political appointees -- all those social events on the diplomatic circuit -- absolutely essential for our collective well-being. The unending sole-supplier cost-plus contracts given to the private contractors with the largest revolving door -- where would the nation be without them? The quangos and consultants, lobbyists and contractors -- our newly publicly-owned financial industry - the whole system -- not to mention the only middle class that we have left -- would suffer so very terribly without the kind patronage of a friendly state to steward and protect them.


I don't understand your point. You could probably say the same about your family. The fact that something is not working as well as it should does not mean it's not essential. I mean, would you prefer feudal lords? Because that's what we had before central government, and that's what many corporations would like. Do you want to be ruled by Google? By Walmart?

Do you want to be ruled by Google? By Walmart?

Why is the default assumption by Statists that if the government won't rule us, corporations will?

A novel concept that people may want to attempt to grasp is that there could be no rulers, and as such, there's no need to make up a fictitious "new ruler".

And this will last for approximately five minutes until a new ruler establishes themselves either through resource monopolisation or through pure threat of force. And they will never be short of toadies.

Why is the default assumption by libertarians that if the government is brought down, human nature will suddenly, completely change?

My view of libertarianism is that it's not a movement to 'fight government'. It is just a system of views that once productive forces of society achieve certain level, government at least as we know it will become redundant. And there is little 'new ruler' can do to establish himself if people don't need a ruler.

>> And there is little 'new ruler' can do to establish himself if people don't need a ruler.

How charmingly naive!

I don't know that people have needed a ruler at many times in history, but there has always been one. A power vacuum almost always results in war, revolution almost always results in war... basically humans like war and leaders. I don't think that will ever go away. We're tribal animals.

Even if people don't need a ruler, leaders will arise, and some of them will recruit violent men to force their will on others, growing into warlords. Factions will fight each other, people will die.

Better, IMHO, to have a codified power structure that seeks to eliminate or at least mitigate these flaws.

Well, if there is little government can do to control (like people using p2p currencies on a massive scale and encrypting their communications), and with production structure not suffering from possibility of monopolism (which we are close to having now), how will the government exercise their control? Of course we will always have some sort of government, but over years, it will become more and more irrelevant, not able to control/regulate things it claims to.

>> people using p2p currencies on a massive scale

I'm not of the faith that says that p2p or crypto currencies are necessarily a good thing. I, personally, think it's a good thing that democratic governments can exert control over fiat currency in order to attempt to mitigate economic disasters. I certainly don't think that the (for example) bitcoin model is a good one.

>> and encrypting their communications

I'm not really sure what this has to do with governments or control. I don't think democratic social order necessarily depends upon being able to surveil everyone, it's just a trap that the current bunch have fallen into.

>> production structure not suffering from possibility of monopolism

I'm not really sure what you mean here either, but it's hard to forsee a state in which monopolies are somehow impossible, or how the lack of them would imply the lack of need for government.

>> how will the government exercise their control?

In much the same way they do now, by the majority of us granting a democratic government a monopoly on the use of force. I'm not sure what bearing the form of currency, or encrypted comms, or even a utopian ideal of monopolistic impossibility have on this.

--edit-- Please do not take this as me saying either that I think the way governments have handled currency is good, or the way they do ... pretty much anything is all totally awesome. Far from it.

--edit 2-- The use of language is interesting here. Correct me if I'm wrong, but you see government as the external imposition of control on to otherwise free citizens? I see it as (at its best) free citizens banding together to achieve collective goals and prevent the worst of human nature overtaking us. The rhetoric and the social measures that come from government in this day and age are pretty abhorrent, but collective defence, roadbuilding, education etc are (to me) vital and useful functions.

Then the incentive structures have changed to no longer support statehood. See my earlier comment on how to easily figure out the viability of the various forms of anarchism.

"It seems to me that the fastest way to evaluate this idea is to look at how an organization is propelled to statehood in the first place. If incentive structures support states, they will exist."

Since government is the current default, the onus is on you to prove that the incentive structures that select for statehood have changed in a significant way. (Or that they are going to change or could be changed.)

>And there is little 'new ruler' can do to establish himself if people don't need a ruler.

Did you, as an uncoerced free man, ever swear an oath of fealty to the US government? (The pledge of allegiance doesn't count.) Did your parents? Did their parents? Did their parents? Has anyone?

Anybody who may have elected to be governed by the United States is now dead, and the chances are good that you're not even related to them by blood. The vast majority of people who have lived under some form of government in their lives almost certainly did not choose to.

EDIT: Unless they immigrated. Forgot about that option. If you immigrated to the United States, you are exempt from this thought experiment.

But not totally, because you probably weren't stateless when you did.

>there is little 'new ruler' can do to establish himself if people don't need a ruler.

What about sending his group of followers door to door shooting people who don't acknowledge that he is the leader?

True enough. Human nature is (moresthepity) what drives all of this ... which is why it is unlikely to change any time soon. In other words, we are all royally screwed.

It is interesting and fortunate that the NSA/GCHQ scandal was still bubbling away as a news item when the story broke about the UK government's moralizing censorship crusade. Viewing these two stories through the lens of my (inevitably dim) perspective on human nature has led me to some unsurprisingly depressing conclusions. (Apologies for the cross-posting):

You might not always get what you want, but the converse is more frequently true. For example, positions of power and authority tend to be occupied by the sort of person who actively seeks out greater power and authority. In contrast, those with no real desire to dominate and control others neither seek nor achieve power. As a result, our elite political, legal and corporate offices are inevitably dominated by an elitist, authoritarian culture and mindset. For as long as we allow people to self-select, even implicitly, there is nothing we can do to prevent this.

The authoritarian mind is characterised by a desire to dominate and control others. The more invasive, disruptive and widespread the control, the more satisfying it is to the authoritarian, and the greater the validation of their elite status.

Sex; particularly issues of sexual morality; are behavioural characteristics that are tremendously intimate, personal and difficult to rationalise/control. It is this very intimacy that makes the exertion of control over sexual behaviour so very compelling: Control over sexual behaviour is like crack cocaine to the authoritarian mind.

Time and time again throughout history, those in power have sought to control the sexual behaviour of their subjects, a motive that is exactly equivalent to the alpha male in the pack controlling access to the harem, and reminding all the beta males of their status by rubbing their noses in their inability to mate.

Technology is a lever - it gives increased power to those who wield it. Modern technology is already enabling those in power to gain greater control over their subjects. It is inevitable that technology will embed itself ever more intimately in our lives, and it is inevitable that this technology will be used by the alpha males in our society to exert their domination and suppression over the rest of the population - to mock, to belittle and to abuse those who are not in power.

Basically, as technology becomes more powerful, and exerts a greater influence over our lives, the humiliating and belittling reminders of our subservient role in society will become more and more pervasive ... and there is nothing that we can do about it.

The existence of the state - and the forceful dominance of one group over another - has always been the moral equivalent of rape - but the power of the state has always been diluted to such an extent that we have been able to persist in the illusion of freedom and self-determination. Technology is ending this dilution, and the truth of our subservient relationship to the state will forcefully re-assert itself in our everyday lives.

> A novel concept that people may want to attempt to grasp is that there could be no rulers, and as such, there's no need to make up a fictitious "new ruler".

Do you want to run the country? Do you think you have the time to run every aspect of the country? If you don't, then you need to delegate the authority to run those things to others. And then the people who are doing those jobs become the rulers in those areas.

And those areas are going to have to work together, at which point you get hierarchies and people similar to managers and fairly rapidly you end up with what we'd call a government.

If you believe there's a better way to run things, then start a company that works in a more egalitarian manner and scale it. As I understand it though, companies that work even vaguely like that have never scaled well beyond a few hundred people at most - i.e. Dunbar's number.

If you want to solve the problem of people needing a government there are serious questions about complexity and conscientiousness (do people even want to run their own affairs?) and how people are meant to work together when they can't know everything about all the areas they'd have to oversee without empowering others even if they just did that as their full time job.

So, my answer to why do I think people need rulers is, essentially, that equality doesn't seem to scale well to the sorts of problems that a country would have to address at the moment - and, implicitly, that anywhere that decides not to be a country anymore is going to get walked all over by anyone that decides to still be a country.

>A novel concept that people may want to attempt to grasp is that there could be no rulers

It seems to me that the fastest way to evaluate this idea is to look at how an organization is propelled to statehood in the first place. If incentive structures support states, they will exist.

It's the assumption because it's how things have always happened. Do you have an example to the contrary, of any significant group of humans living without rulers for any significant amount of time?

1) Most people around the world have some alienation towards their government (probably because most governments are willing to screw over/kill their citizens to maintain power if need be).

2) The United States Found Fathers pretty much all warned (and every child is taught in school) that the government should not be trusted (at least not with that much power).

Its astonishing that most American's allowed their government to become so over baring. If anyone read a couple history books as a child or young adult they would understand that one of the greatest concern for many of the nations leaders was the government become tyrannical. If it is a "peculiar American" trait, it comes from the literature, ideology, and moral fortitude of the original founders of the culture/nation.

'such fundamental disdain toward and alienation from government are peculiar American'

This. If you're so unshakably convinced that a government full of people you vote for every four years is never going to work in your interests, you have serious problems.

I wish you counted the officials you voted for and compared it to the number of governmental bureaucrats, agents, and other persons that are assigned, never elected, and often stay at their offices as elected officials change.

The number of non-elected officials is vastly larger than the few thousand elected officials people vote for.

Not that governments (and other bureaucratic bodies) never work in your interests. They always work in their own interests, and among these are self-perpetuation and grabbing more power. But as long as their other interests are aligned with yours, they could throw all their power at your cause. Should your interests diverge... well, good luck.

Many implementations of democracy have this problem, most prominent example of course the US.

I think it's rather the other way. The historical record shows that they hardly ever do what I would have preferred. One problem is that the referents for "you" and "your" don't always match during the sentence:

"If you [1] are so unshakably convinced that a government full of people you [2] vote for every four years is never going to work in your [3] interests, you [4] have serious problems."

1. the person reading this

2. the majority of voters in your country, which the person reading this is only likely to be a part of about 50% of the time at best, in the US

3. the person reading this

4. the person reading this

Looking at just US presidential elections, people who vote straight Republican or Democrat will have been in the majority at least some of the time, but someone voting their conscience without regard to party has a fair chance of having been in the minority most of the time.

Another problem is that voting gives an individual neither control over nor responsibility for anything that the elect do. Look at all the Bush voters outraged about what happened during that administration (either Bush, actually), and all the Obama voters currently outraged about current administration activities.

The thing is, for all its supposed power, government is really bad at marketing. People tend to see only what they don't like about government while simultaneously enjoying the benefits from various services that are provided by the government.

As in those "get the government out of my medicare" signs that were seen in the US.

(Cue the "blah blah markets can do it blah blah" responses - no, I'm sorry, but even economists disagree with you.)

> while simultaneously enjoying the benefits from various services that are provided by the government.

Using these services because there's no practical way not to is just the reality of our system. Taking a few scraps from your masters to survive does not mean you agree with your chains.

I'm curious, what's your ideal political arrangement? How do you propose we provide for transportation infrastructure, medical services, police, fire departments, etc? I'm not convinced that abolishment of the state is possible or even ideal, but I'm open to discussion.

I don't think abolishing the state is ideal now. Hierarchical structures and violence are far too ingrained in people and passed on to their children. We really need a philosophical awakening to move beyond institutionalized violence. Abolishing the state swiftly would have the opposite effect as there are too many people dependent on it. Too many lives would be lost. This is a process that needs to happen at a local level, over generations.

And I don't have any proposals for how those services will be provided. People will just figure it out and create solutions organically, as they have for numerous other problems throughout history. We didn't need to know how cotton would be picked before we abolished slavery.

I would point out that the conception of the state arose "organically", in the sense that basically all of our structures and hierarchies are socially constructed. With that in mind, would you see it as "wrong" if, upon finally ridding ourselves of ingrained hierarchical structures, we find ourselves rebuilding similar structures all over again? Do you find hierarchical structures of authority to be bad because you don't think they're "organic," or because you think there's a better way and you simply don't know what it is? Or perhaps you think our current structures are stale, and even rebuilding them in new ways would be helpful?

> a government full of people you vote for every four years

You mean a government full of people I vote against every four years, right? I actually don't vote any more, but back when I did, the people I voted for were never the ones who won the election. (At least not at the national level. There might have been a local one, though not any I can recall offhand.)

But even if my favored candidate had ever won, there are good public choice reasons to think the system as a whole would resist serving my interests ahead of its own. We have a "government by the government, for the government" - a vast barnacle feeding off the economy, trying to take as many resources as it can without killing the host.

"full of people" being the operative phrase here. People with power tend to abuse that power. This is human nature, and this is where distrust of government comes from.

People work in their own interest (however they may define that). Working in the interests of those that elect them is just a hopeful side effect of the democratic process.

Libertarian socialism is more popular in Europe than in America, and they, too, strongly disdain governments.

I think many in Europe have a disdain for governments because our countries have experienced tyranny up close and personal, if not experienced it directly. Many European countries have at some point in fairly recent history have had governments that have gone too far against their own people (Spain, Greece, Turkey, Italy spring to mind for example, but also to a lesser extent France, the UK, East Germany, Poland etc.).

In many European countries there's been a history of oppression and a state controlled press that spouts untruths, which makes people quite skeptical and untrusting of governments. Indeed, some countries still have this or a notionally free press that's hampered through other means.

There's an almost brave new world-like contrast in the US whereby having the illusion of a free press and free democracy has lead many Americans to believe they're free, even though they're supporting things that work against them collectively.

I'm not bashing America, there are many free-thinking Americans (on this site especially) and there are many non-free-thinking Europeans, I'm just trying to highlight some of the differences.

I just meant that in a personal way. That is: if you get into trouble, don't rely on the government to help you, for it is not too much willing to help, and pretty soon will be unable to. If you are in your 20s, no way you should hope the government will pay you pension once you grow old, for example.

I see. In that case, if you're in your 20s maybe you should try to get into politics and change government so that it would work better.

That's a nice view. What sucks is that you need money in order to get elected. And if you're not a millionaire already, chances are corporations won't be willing to lobby for someone proposing to change the status quo.

As someone who does research and builds infrastructure, it's not all government funded stuff. In fact, I'd say that governments indirectly fund a very small part of my research and none of my infrastructure.

All of these are taxpayer funded.

If anyone's interested in learning more of how you can use the private key of a server to monitor all communications: see, for example, US Pat. 7,543,051

It describes a way to passively/non-intrusively ("invisible to the server") capture and analyze all network traffic using a cable-tap.

Bottom of column 8: "In order to accomplish decryption in a timely manner the secure traffic decryption unit needs the private key of the server. Usually providing the server's private key to another device would be considered a security flaw, since private keys are not meant to be communicated to any other party. But since it may be assumed that usually the server's owner or operator will use the present invention to monitor his/her own server, providing the server's private key to the secure traffic decryption unit does not pose significant security risks."

Does this work? Has anyone built it?

A logical conclusion to this is that if/when governments start forcing people to supply them with their private keys, they will also start forcing companies producing encryption software to include backdoors.

At this point, I'm thankful that we have Free Software. With access to the source code, forcing the insertion of a backdoor is futile, since somebody else will fork and remove it. With Free Software, we'll still be capable of running our own encryption in a way that government intrusion will still be detectable by ourselves.

Unless, of course, governments then ban communication about backdoors, or instructions on removing them, or distributing source code altogether.

At this point, I'm thankful that we have Free Software.

Me too, which is why I'm worried about hardware. With enough effort, literally anyone can decide not to trust a binary and check the source. Unfortunately, the same cannot be said for hardware: you can't print your own microchips.

Hardware? More than One Billion people are walking around with computers in their pockets running closed source, proprietary, binary blobs. These computers constantly track their owners while being connected to most (if not all) of their private communications services.

Even people running a "fully" open source OS are affected.

Not even the Ubuntu phone will help this problem for which there is no end in site.

This is off topic, but it's high time we open source cellular radio drivers.

Free software means you are a terrorist to them.

But wasn't there an issue with the random seeds (and them possibly being corrupted) even in Free Software?

I agree with your sentiment, but want to provide a slight correction about "Free Software": MIT/BSD licensed software while not free in FSF/GPL sense, is still open and widely used and solves the problem we have right now. To avoid confusion with FSF ideals, I'd talk simply about Open Source software.

Sorry to nitpick but MIT/BSD licensed software is free in the FSF/GPL sense. To be free software, you have to respect freedoms 0-3 as defined here: http://www.gnu.org/philosophy/free-sw.html . This is the case for MIT/BSD licensed software and both those licenses are considered acceptable free software licenses by the FSF.

The cheklist for Open Source software can be found here: http://opensource.org/docs/osd. They are slightly different but in practice, most (if not all) free software licenses are also open source licenses and vice versa.

Stallman's definition of 'free software' isn't authoritative, lots of people have other definitions, and Stallman is quite explicit on trying to change definitions to suit him.

Thanks for clarification. I thought that since MIT/BSD does not enforce source disclosure, users don't have the "freedom to change the software" according to GPL parlance.

I think you might be a bit confused.

MIT/BSD are fully supported by the FSF and are GPL compliant. They are free software licenses in all aspects.

> MIT/BSD are fully supported by the FSF and are GPL compliant. They are free software licenses in all aspects.

To be clear, GPL compliance is not a prerequisite to being a free software license. There exist many free software licenses which are not technically GPL compliant for various reasons: http://www.gnu.org/licenses/license-list.html#GPLIncompatibl...

However, while freedom does not imply GPL compliance, I do believe GPL compliance implies freedom. I'm not 100% certain of this, but I can't think of a counterexample or how that might not be true.

(I know you probably know this, but I want to make sure others reading your comment do too).

Does the Federal government not understand that this (idiotic) mass scale surveillance is bad for business? All the big American companies generate most of their revenue outside of the US. Majority of the user-bases of the big Silicon Valley tech companies are foreign. This only works if there is a level of trust in the American system and American government. What are they thinking?!?!

>Does the Federal government not understand that this (idiotic) mass scale surveillance is bad for business?

Emmm, it's the business interests that ask for those kind of things. You think the politicians operate on a vacuum?

The idea is to get a stable climate where the business interests (multinationals and such) can do as they please, and citizens are afraid.

That's objectively false - Google, Microsoft, Yahoo, and Facebook (among others) have all been at pains to distance themselves from NSA data collection precisely because they understand how bad the NSA's behavior is for their business.

>That's objectively false - Google, Microsoft, Yahoo, and Facebook (among others) have all been at pains to distance themselves from NSA data collection precisely because they understand how bad the NSA's behavior is for their business.

For one, I wasn't speaking of those kind of business interests. Those companies are complicit in doing it, not those that benefit most from it. It's finance, infrastructure, industry, oil, millitary, etc.

Second, it's not like a CEO goes and asks his senator about it. It's an emergent consensus, developing from lobbies, campaign financing, policy meetings with the "giant of industry", think tank meetings, policy advisors etc, about what's best for the continuation of the status quo, keeping the people quiet, squashing dissidents and labour demands, the improvement of the country's diplomatic might (which acts as a multiplier for business interests inside the country), etc.

PUBLICLY, they have (Yahoo appears to be honestly resisting), Microsoft on the other hand was cracking open Skype before they even had taken the bow off.

From a PR standpoint, whether you are for or against the NSA program, you absolutely have to oppose it as an online multinational business.

I would have thought that it would worsen big business yet be great for independent consultants setting up their clients' own private email and file sharing operations. A net positive for the economy, I'd guess.

What are they thinking?!?!

They clearly aren't.

Your assertion (a correct one in my view) probably explains a good bit of the vitriol about Mr. Snowden's recent disclosures.

Decentralization is good.

The only thing I get really spooked over, is that eventually it gets to a point where the government starts demanding passphrases for hard drives with no hidden encrypted partition.

Am I being paranoid? Someone sensible please dilute my paranoia.

Realistically paranoid, I think.

Best plan may be to create a small encrypted partition, and put some data on it, so you can give them the passphrase when asked.

Don't forget the passphrase!

And what if they say "That data was obviously innocuous so there must be another encrypted partition"?

You could try putting something embarassing but not incriminating there (e.g., gay porn or whatever).

Aha, obviously you are quite cunning, therefore you knew that I would expect a second partition, so there must be a third partition!

Sure, but my point is that plausible deniability always comes paired with plausible accusibability. Hell, the very fact that you had one encrypted partition massively increases the probability that you have more than one. Most people don't even know how to set one up. I think you'd be way better off simply claiming you didn't have one.

One way or another, you're going to be relying on reasonable doubt in the end.

Just a thought: For the better half of the 20th century, i.e. after WWII, Europe has been confronted and living with acts of terrorism from numerous sides (Israeli – just after WWII, Palestine, left-wing, right-wing, nationalist, etc, etc) with several severe casualties. Europe's democracies (for the better part at least) stepped back from drastic surveillance measures at will. (Partly because of the example of the Eastern block. Look up: Stasi.) It worked anyway.

So: There is no possible deal of security versus freedom as it has been proposed for the last 12 years or so. Sorry. It does not make sense. There is no proportion between the losses of freedom and identity, the investment, and the reported "less than 50 use cases" for the whole surveillance system. Please stop. Immediately.

Just saying, while we are losing digital identity.

Articles like this miss the main issue.

Privacy rights should not have to be enforced at the public key encryption level.

Before all the sensationalists start going wild, remember that the NSA almost got defunded very recently. That is where the real frontier of this debate should be.

At best, this episode exposes how vulnerable public key encryption is. But let's not go off the reservation.

And as Feds demand skeleton keys to buildings, prepare for the death of cylinder locks?

Prepare for a change in how we use it, not for its death.

There is just so much more to public key crypto than public web SSL/TLS.

This is what I was thinking.

This sounds more like certificates are broken than public key crypto.

Yes they can come to me for my private key, but that's a different issue, then at least they're coming to me and not going to some intermediary "trusted party".

If certificates are broken then public key crypto is broken, because a trusted third-party certificate is necessary to prevent man-in-the-middle attacks, no?

No. The trust model of HTTPS was always broken from the start. This whole story "only" reinforces the point that key distribution and management is hard, and a central list of certificate authorities is not a good solution.

This story has exactly zero effects if you use some public-key system with different key management.

On the negative side, good systems don't really exist. On the plus side, this story might help push the development of good systems.

And the feds can demand the keys to those other things too :P

Yes, that's true, but there is a big difference between you being responsible for (not) handing over something that is in your possession and being unaware of a presumed safe channel being unsafe.

I treat email in Gmail as publicly accessible, same for almost everything I do on the web casually.

My business data lives in Amsterdam (Azure EU West), critical services we use are based in Europe. At least in my case I couldn't care less if the big US companies handed out SSL keys.

If you think that operating in any particular jurisdiction provides you with protection then you are sadly deluded. Your protection lasts just up until the point where protecting you becomes inconvenient. Oddly enough, using the resources of smaller companies provides less protection because they are easier to influence, and basing services outside of the US means that you are completely fair game for the NSA as you lack even the nominal protection that the (waxing and waning, but currently too damn weak for my mind) domestic/foreign distinction offers in terms of US SIGINT.

The NSA itself has exactly zero power outside the USA.

European snooping agencies seem to be quite happy to cooperate with them, so that argument doesn't really count.

They have the active cooperation of many governments and they have a lot of 0 day.

Be careful that you do not equate "power" and "authority". As Canada mentions below, they have top talent, researchers, and likely many exploits. It seems foolish to believe that geographical location of entities on a globally connected network has a nontrivial bearing on whether the NSA can penetrate it.

Key sentence: "Your protection lasts just up until the point where protecting you becomes inconvenient."

Azure is , as far as I'm aware, still run by Microsoft (a US company).

IIRC it's run by Microsoft Ireland in the EU.

Even then, if the US would be to access EU-hosted data, with no real justification, the EU will not take that kindly. Especially private data.

Yes it will. There is a huge scandal brooding in Germany about the Goverment Agencies sharing wiretaps etc. with US goverment, and high-ranking politicians not only seem to. have been informed but are even justifying actions like this in general. (Knowing that the EU is only as strong as its members, these revelations are really disconcerting to me even before I can see the extent of surveillance data shared)

Please forgive my rudimentary (and possible erroneous understanding. There are three things important to public-key encryption. The public key, the private key (together called the key pair) and a certificate. If I understand it the cert is just to give confidence that you have the correct public key. So the NSA having access to the cert is a non issue as everyone has access to same. That's its purpose in life. Also the public key is publicly available or the system wouldn't work. The only sensitive things are the private keys. Is this right so far? If I want to encrypt a message to someone I need to use that person's public key. I use the cert to make sure I have the right one. Now the message can only be decrypted with the private key. So how can the NSA decrypt such a message? They would need the private key. The ISP doesn't have it. Even if they have the private key don't they need a pass phrase to use it?

Not sure how the above applies to https or to ssh. Still, in both cases I don't think access to the cert breaks things. Indeed access to it and the public keys are essential to it working at all. (I guess one can operate without the cert too if you trust the source.)

The article is conflating stuff and is just FUD. You don't need certs to apply asymmetric cryptography.

As I understand it, the NSA could insert itself as a so-called "Men in the Middle" (aka MITM Attack). See this SO question for a far better explanation than I could provide: http://stackoverflow.com/questions/14907581/ssl-and-man-in-t...

Your understanding of keys is about right. It is the OP article that your are not understanding.

You ask "so how can the NSA decrypt such a message?" That's what the article is telling you: Either by 1) getting the private key from the corporation you are communicating with, or by 2) cracking the cryptography.

Most people don't encrypt every email, they just use https to their email server. You say you're not sure about https, but that is the big vulnerability. So NSA just needs to ask your emailserver corp for their private key (to decrypt the packets, and then everyone can deny that the NSA obtained your email from the corp). This is case 1) above.

For people who encrypt the message end to end (as in your example "encrypt a message to someone I need to use that person's public key"), this is case 2). It is controversial whether the NSA can crack the best ciphers, which are postulated to be near-impossible to crack. But the NSA has resources we cannot imagine and/or secret resources we cannot even know about. When the first encryption schemes came out, they were strong in the day but were later brute forced by more power computers. So there are some who think the NSA can or will be able to crack the current crypto (that's what the OP is referring to when he says "the means to subvert widely used mechanisms"). As others have said, in targetted cases like this, it may be easier for the NSA just to plant a bug on the receiving computer, to read contents after it has been decrypted.

Now certs, which you have half wrong. Yes, certs give confidence that you have the correct public key. But certs are mostly used by companies (case 1 above) not individuals (case 2).

In case 2, peer-to-peer encryption, individuals rarely go to the expense of getting trusted certificates. You say "let's take this private", and you send him your public key, or he sends you his--no cert involved. Instead you both rely on publishing your public keys everywhere and all the time (at the bottom of every email, on their website, etc.). That provides some history for you to trust the key he sends you--and vice-versa. In other words, public keys MUST be displayed publicly before you want to use it to gain credibility.

Certificates are a way for companies to publish their public key with a credible certificate authority (CA). A certificate is essentially another public-private key pair that lets you determine that the CA really endorses the public key you are interested in. The credibility of the CA is determined by their record in the marketplace as to whether they endorse credible companies and whether they keep their master keys secure.

The original article really doens't address certs, except to say that if master keys can be deciphered, we cannot trust certs anymore. That's because a malicious party could create a cert that looked real but wasn't (this happened recently when somebody stole one of the master keys used by a CA--they were able to make fake certs).

My question to you is: if you misunderstood the article, why are you taking such strong positions in your other comments?

Strong position? Do you mean the Post Office thing? Or the "Balderdash" comment warning about getting distracted by generalizing people? Or did you mean the joke about getting ads for stuff I already bought? Sorry if I came on too strong. The boomer bashing is getting old (get it?). It's in no way helpful.

The original article seemed to be a bit political and so I bailed on it. Perhaps I'm getting lazy in my old age.

Thanks for confirming my understanding about asymmetric keys. I forget how the pass phrase fits into this. Is it required in order to use the private key? Also the article and you use the term "master key". What is that? Is that just another term for private key?

The whole cert structure has always been a house of cards. As evidenced last year, e.g, with the Turkish provider ...

Since I first looked through the original Netscape, I've never had -any- reason to put so much trust in the hands of these Blue-Ribbon names. Or any ISP, for that matter. If US intelligence goes through with this, then only end-to-end (which has been deliberately stalled off and roadblocked and stonewalled for decades) will be left.

At that point we'll find out just how much power we've left to defend the privacy of our communications, our relationships, our finances and our movements. The Cryptocat guy may yet become a legend... or someone like him.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact