[liberationtech] [tt] WaPo: NSA-proof encryption exists. Why doesn't anyone use it?

Eugen Leitl eugen at leitl.org
Mon Jun 17 04:00:04 PDT 2013 

----- Forwarded message from Frank Forman <checker at panix.com> -----

Date: Mon, 17 Jun 2013 00:40:03 +0000 (GMT)
From: Frank Forman <checker at panix.com>
To: Transhuman Tech <tt at postbiota.org>
Subject: [tt] WaPo: NSA-proof encryption exists. Why doesn't anyone use it?

NSA-proof encryption exists. Why doesn't anyone use it?
http://www.washingtonpost.com/blogs/wonkblog/wp/2013/06/14/nsa-proof-encryption-exists-why-doesnt-anyone-use-it/

2013 Bloomsday
By Timothy B. Lee, Published: June 14, 2013 at 10:50 amE-mail the writer

Computer programmers believe they know how to build cryptographic systems
that are impossible for anyone, even the U.S. government, to crack. So why
can the NSA read your e-mail?

Last week, leaks revealed that the Web sites most people use every day are
sharing users' private information with the government. Companies
participating in the National Security Agency's program, code-named PRISM,
include Google, Facebook, Apple and Microsoft.

It wasn't supposed to be this way. During the 1990s, a "cypherpunk"
movement predicted that ubiquitous, user-friendly cryptographic software
would make it impossible for governments to spy on ordinary users' private
communications.

The government seemed to believe this story, too. "The ability of just
about everybody to encrypt their messages is rapidly outrunning our
ability to decode them," a U.S. intelligence official told U.S. News &
World Report in 1995. The government classified cryptographic software as
a munition, banning its export outside the United States. And it proposed
requiring that cryptographic systems have "back doors" for government
interception.

The cypherpunks won that battle. By the end of the  Clinton
administration, the government conceded that the Internet had made it
impossible to control the spread of strong cryptographic software. But
more than a decade later, the cypherpunks seem to have lost the war.
Software capable of withstanding NSA snooping is widely available, but
hardly anyone uses it. Instead, we use Gmail, Skype, Facebook, AOL Instant
Messenger and other applications whose data is reportedly accessible
through PRISM.

And that's not a coincidence: Adding strong encryption to the most popular
Internet products would make them less useful, less profitable and less
fun.

"Security is very rarely free," says J. Alex Halderman, a computer science
professor at the University of Michigan. "There are trade-offs between
convenience and usability and security."

Most people's priority: Convenience

Consumers have overwhelmingly chosen convenience and usability. Mainstream
communications tools are more user-friendly than their cryptographically
secure competitors and have features that would be difficult to implement
in an NSA-proof fashion.

And while most types of software get more user-friendly over time,
user-friendly cryptography seems to be intrinsically difficult. Experts
are not much closer to solving the problem today than they were two
decades ago.

Ordinarily, the way companies make sophisticated software accessible to
regular users is by performing complex, technical tasks on their behalf.
The complexity of Google, Microsoft and Apple's vast infrastructure is
hidden behind the simple, polished interfaces of their Web and mobile
apps. But delegating basic security decisions to a third party means
giving it the ability to access your private content and share it with
others, including the government.

Most modern online services do make use of encryption. Popular Web
services such as Gmail and Hotmail support an encryption standard called
SSL. If you visit a Web site and see a "lock" icon in the corner of your
browser window, that means SSL encryption is enabled. But while this kind
of encryption will protect users against ordinary bad guys, it's useless
against governments.

That's because SSL only protects data moving between your device and the
servers operated by Google, Apple or Microsoft. Those service providers
have access to unencrypted copies of your data. So if the government
suspects criminal behavior, it can compel tech companies to turn over
private e-mails or Facebook posts.

That problem can be avoided with "end-to-end" encryption. In this scheme,
messages are encrypted on the sender's computer and decrypted on the
recipient's device. Intermediaries such as Google or Microsoft only see
the encrypted version of the message, making it impossible for them to
turn over copies to the government.

Software like that exists. One of the oldest is PGP, e-mail encryption
software released in 1991. Others include OTR (for "off the record"),
which enables secure instant messaging, and the Internet telephony apps
Silent Circle and Redphone.

But it's difficult to add new features to applications with end-to-end
encryption. Take Gmail, for example. "If you wanted to prevent government
snooping, you'd have to prevent Google's servers from having a copy of the
text of your messages," Halderman says. "But that would make it much
harder for Google to provide features like search over your messages."
Filtering spam also becomes difficult. And end-to-end encryption would
also make it difficult for Google to make money on the service, since it
couldn't use the content of messages to target ads.

A similar point applies to Facebook. The company doesn't just transmit
information from one user to another. It automatically resizes users'
photos and allows them to "tag" themselves and their friends. Facebook
filters the avalanche of posts generated by your friends to display the
ones you are most likely to find the most interesting. And it indexes the
information users post to make it searchable.

These features depend on Facebook's servers having access to a person's
private data, and it would be difficult to implement them in a system
based on end-to-end encryption. While computer scientists are working on
techniques for creating more secure social-media sites, these techniques
aren't yet mature enough to support all of Facebook's features or
efficient enough to serve hundreds of millions of users.

Other user headaches

End-to-end encryption creates other headaches for users. Conventional
online services offer mechanisms for people to recover lost passwords.
These mechanisms work because Apple, Microsoft and other online service
providers have access to unencrypted data.

In contrast, when a system has end-to-end encryption, losing a password is
catastrophic; it means losing all data in the user's account.

Also, encryption is effective only if you're communicating with the party
you think you're communicating with. This security relies on keys--large
numbers associated with particular people that make it possible to
scramble a message on one end and decode it on the other. In a maneuver
cryptographers call a "man in the middle" attack, a malicious party
impersonates a message's intended recipient and tricks the sender into
using the wrong encryption key. To thwart this kind of attack, sender and
recipient need a way to securely exchange and verify each other's
encryption keys.

"A key is supposed to be associated closely with a person, which means you
want a person to be involved in creating their own key, and in verifying
the keys of people they communicate with," says Ed Felten, a computer
scientist at Princeton University. "Those steps tend to be awkward and
confusing."

And even those who are willing to make the effort are likely to make
mistakes that compromise security. The computer scientists Alma Whitten
and J.D. Tygar explored these problem in a famous 1999 paper called "Why
Johnny Can't Encrypt." They focused on PGP, which was (and still is) one
of the most popular tools for users to send encrypted e-mail.

PGP "is not usable enough to provide effective security for most computer
users," the authors wrote.

Users expect software to "just work" without worrying too much about the
technical details. But the researchers discovered that users tended to
make mistakes that compromise their security. Users are supposed to send
other people their "public key," used to encode messages addressed to
them, and to keep their private key a secret. Yet some users foolishly did
the opposite, sending others the private key that allowed eavesdroppers to
unscramble e-mail addressed to them. Others failed to make backup copies
of their private encryption keys, so when their hard drives crashed, they
lost access to their encrypted e-mail.

Using PGP is such a hassle that even those with a strong need for secure
communication resist its use. When Edward Snowden, the man who leaked the
details of the PRISM program, first contacted Glenn Greenwald at the
Guardian in February, he asked the journalist to set up PGP on his
computer so the two could communicate securely. He even sent Greenwald a
video with step-by-step directions for setting up the software. But
Greenwald, who didn't yet know the significance of Snowden's leaks,
dragged his feet. He did not set up the software until late March, after
filmmaker Laura Poitras, who was also in contact with Snowden, met with
Greenwald and alerted him to the significance of his disclosures.

Going with the flow

Felten argues that another barrier to adopting strong cryptography is a
chicken-and-egg problem: It is only useful if you know other people are
also using it. Even people who have gone to the trouble of setting up PGP
still send most of their e-mail in plain text because most recipients
don't have the capability to receive encrypted e-mail. People tend to use
what's installed on their computer. So even those who have Redphone will
make most of their calls with Skype because that's what other people use.

Halderman isn't optimistic that strong cryptography will catch on with
ordinary users anytime soon. In recent years, the companies behind the
most popular Web browsers have beefed up their cryptographic capabilities,
which could make more secure online services possible. But the broader
trend is that users are moving more and more data from their hard drives
to cloud computing platforms, which makes data even more vulnerable to
government snooping.

Strong cryptographic software is available to those who want to use it.
Whistleblowers, dissidents, criminals and governments use it every day.
But cryptographic software is too complex and confusing to reach a mass
audience anytime soon. Most people simply aren't willing to invest the
time and effort required to ensure the NSA can't read their e-mail or
listen to their phone calls. And so for the masses, online privacy depends
more on legal safeguards than technological wizardry.

The cypherpunks dreamed of a future where technology protected people from
government spying. But end-to-end encryption doesn't work well if people
don't understand it. And the glory of Google or Facebook, after all, is
that anyone can use them without really knowing how they work.

COMMENTS

murphyjim41
12:13 AM GMT+0000
The NSA is a collection of highly paid people who do absoulutely nothing
to deter terrorism. They are trying to keep their comfy jobs by lying to
us about what they can do.Only the most inept and unsophisticated
terrorists would be detected by US intelligence agencies. They like to
claim that they are protecting us but with more than 1.4 million people
with top secret security clearances the US has no secrets. The biggest
enemy of the American people is our own government. Our government is
corrupt and ineffective. Our laws and regulations totally paralyze our
country and are pushing us towards total bankruptcy. It betrays our men
and women by sending them to fight in useless and needless foreign wars
which have nothing to do with defending our country. In a rich nation like
the US hundreds of thousands of people must depend upon food stamps to
avoid hunger. We have more people in jail and prison than any other
country in the world. Health care in the US is only readily available to
the rich.

We are not in the top twenty in terms of health or standard of living. Our
Congress is for sale to the highest bidder. What more can be said? Lots of
Americans have comfortable lives and benefit from our corrupt system but
millions more are on the outside looking in at the good life.
Liked by 5 readers

skypilot177
2:16 AM GMT+0000
Nice--another poster who makes nothing but opinionated, unsubstantiated
claims. You know all of this information HOW, exactly? What you think you
know is a crock, more than likely. And as for your opinion of our own
government--you are more than free to move to another country, where the
govt. would be so much better. China, perhaps?? I'm sure they'd be happy
to have you.

trambusto
6/15/2013 10:04 PM GMT+0000
I shouldn't have to "NSA-proof" my life from my own government.
Liked by 5 readers

Idle speculation
6/15/2013 3:52 PM GMT+0000
What are we going to do about Americans and their slavish adulation of the
powerful?
Liked by 5 readers

P. K. Carlisle LLC
6/15/2013 11:15 PM GMT+0000
The article makes a couple of good points, and misses a big one. To the
degree possible, I'll limit myself to technical and social questions.

PGP encryption has been available since the '90s as noted. I have set it
up on many machines; it's somewhat involved to set up, and requires that
both sides of a conversation use it. People aren't generally willing to do
that. I have had a PGP key available for years, including posted at my web
site as a courtesy; I have never received a PGP encrypted email other than
test emails I have sent myself to validate PGP functionality.

Here is the big point the article missed. As the article notes, PGP keys
must be stored on a desktop or server associated with the user. PGP keys
are identifiable by certain structural characteristics. A properly
tailored virus could scan a computer for the presence of PGP keys, wait
until a piece of text is about to be encrypted or decrypted and copy that
unencrypted text in the computer's buffer immediately before encryption or
immediately after decryption. In other words, if the user feels it is
sufficiently important to encrypt or decrypt a piece of information, the
virus feels that text is sufficiently interesting to make a copy as well.

If this seems technologically daunting, it's not. Microsoft appears to be
sharing information about Windows vulnerabilities with the NSA, and
Stuxnet operated by identifying specific characteristics of the machines
it was able to access. So using PGP (at least on a Windows based system)
would likely provide a false sense of security. I could foresee the NSA
planting a Stuxnet like virus on journalists' personal computers and news
sites' servers specifically to scan for PGP activity.

Since a) this scenario is well within technological possibility, and b)
the average user will not be realistically likely to use encryption in any
case, the only workable option for ensuring privacy while staying online
will have to civil.
Liked by 3 readers

P. K. Carlisle LLC
3:55 AM GMT+0000
You are correct as far as you go.

You could use a separate computer (call it Alice) for
encryption/decryption. Alice never goes online. A second machine (Bob)
does go online for transmission/reception. Now, how do you get the
encrypted/decrypted content to/from Bob without connecting to Alice?
Bluetooth, flash drives (Stuxnet's specialty) can be compromised.
Connecting Alice to Bob over the network, in fact any electronic means,
compromises Alice. You would have to do this:

Encrypt on Alice. Print a hard copy of the encrypt. Scan the hard copy
into Bob with OCR software for transmission. For received encrypts, the
same in reverse: Print a hard copy on Bob, scan onto Alice with OCR
software for decryption. Of course, to prevent contamination completely,
that means two scanners and printers as well.

Two problems with that scenario. First, how many Americans are really
going to go to that length for security? Second, it gets to be a bit like
Tom Clancy playing "Behind the Iron Curtain".

coffeine
9:55 AM GMT+0000
There are risks associated with using general purpose computers to protect
really seriously important information because of back doors, spyware,
etc. However, for general purpose this is more than sufficient. Acquiring
your PGP keys will require special effort and this can only be done if you
are a "special" person.

If you want much better PGP security, first create a virtual machine on
your PC (see VirtualBox, free). Fresh install your OS (windows, Linux,
OSX, etc) on the virtual machine. Apply patches, download TrueCrypt,
disable all internet connections to the virtual machine, encrypt virtual
drive, install PGP, or GNUPG and create new keys. Use the shared folder or
USB or cut and paste to transfer data. Do not turn on internet connection.
Do all your encryption within the virtual machine and copy the ciphertext
and the public keys only to the host machine for other use such as
e-mailing and for placing the public keys on the key servers.

keeladog
6/15/2013 11:40 PM GMT+0000
My son is a computer genius who was heavily recruited by the CIA, the NSA,
and several other spy agencies you've probably never heard of (he turned
them down for an even better opportunity). He has (he claims) completely
protected my computer and cell phone against government spying. Every once
in a while he drops by and makes some checks and complex adjustments. When
he talks about this stuff, I can barely understand a word. But I believe
him---he's my son, after all, and we love each other. I wish all of you
could have the same privacy advantages I enjoy.
Liked by 2 readers

TightAndRight
6/15/2013 11:17 PM GMT+0000
Why are you people so upset about NSA collecting metadata .. Google and
other big data aggregators know more about your private life than the
Federal government ever will .. and they share that data for a price.
There is a marketing profile out there for anyone who has ever paid for
goods with a credit card or surfed the net. If you want to have some fun,
install the Ghostery app in Firefox or Safari and check out all the data
scrapers that run when you click onto a web site .. the Washington Post's
home page has at least a dozen scraping scripts that run when you first
view that page. Ghostery will, by the way, allow you to block those
scrapers, individually or by using a continually updated black-list.
Liked by 2 readers

Bob S.
12:07 AM GMT+0000
We'll never have vodka as cheap as Soviet Russia had.

Serega1
2:03 AM GMT+0000
Vodka wasn't cheap in the USSR. In 1980 a 0.5l bottle cost 4 rubles and
the average salary was 160 rubles, so an average man earned about two
bottles worth a day. Moonshine was prohibited but popular.
Liked by 1 reader

mongolovesheriff
6/15/2013 9:32 PM GMT+0000
If only Algore has been seated as president.
http://thehill.com/blogs/blog-briefing-room/news/3...
Liked by 2 readers

andrewp111
6/15/2013 4:42 PM GMT+0000
If you use those tools, you will stand out as a target. Perhaps the NSA
can't easily decrypt well encrypted communications on their own, but they
will certainly know you sent encrypted messages and will know who you
communicated with. And since NSA has access to Microsoft's hidden holes,
they will simply hack into your PC and steal your private encryption keys
anytime they want. Ditto for smartphones. If you want to communicate like
a spy, you need to use rigorous operational security procedures, and not
just PGP or OTR installed on your desktop. Things like using public WiFi
connections with encrypted laptops, encrypting your messages offline on
stand alone computers, and changing the MAC address on the laptop every
time you hook to the internet. Of course they will spot that, and then you
REALLY become a target for the FBI.
Liked by 2 readers

Robbyg
6/14/2013 7:18 PM GMT+0000
Email encryption doesn't have to be cumbersome. The problem is that there
two many encryption "standards" and babble out there about encryption
methods. I recently wrote an article about how encryption today is like
the "Tower of Babel". If you don't know the story about the Tower of
Babel, you will find the read interesting.
http://www.echoworx.com/wp-content/uploads/Email-Encryption-is-like-the-Tower-of-Babel.pdf.
The confusion on how to create encrypted messages and with what type of
method where the intended recipient can actually read those messages is
daunting to most people. It's our ultimate goal as encryption software
vendors to build a system that supports all major encryption methods (PGP,
S/MIME, PDF, TLS, and the rest of the alphabet soup) and do it in a way
that doesn't require a huge investment of time, money, and resources. Only
then we will get the typical user to user to protect their information by
encryption. I believe we have accomplished this with our OneWorld
Encryption solution. http://www.echoworx.com/oneworld/.
Liked by 1 reader

Nicholas Stamos
6/14/2013 4:51 PM GMT+0000
I agree that end point or client side encryption is the only solution and
it is very effective. I disagree that the only solution is PGP. THe
industry has done a good job at defining an email standard called SMIME,
that is built into every modern email client (Outlook, Apple Mail, iOS
Mail, etc). And the provisioning/configuration process is much easier than
in the past. One has to purchase a certificate, which costs about $20 per
year, and then install it on all their devices and mail clients. Not
trivial, but no where as complex than in the past. I personally have
adopted this approach.

And things are getting better. For example, I am the founder of nCrypted
Cloud, which is focused encrypting your data file in cloud storage
providers like Dropbox. We have completely automated all the security
provisioning, key management, etc. The end user experience is as simple as
can be, and we provide the end user with the same user interface they are
already comfortable with using Dropbox. All the encryption and keys are
handled under the covers, but we ensure you, or only people that you chose
have visibility to your data. Dropbox itself will no longer have
visibility, and even of asked to hand your data over through a subpoena to
the government, will hand them data that they will not be able to decrypt.
We also have no access to your keys. Services like our will be available
for email as well.

We believe we have proven false the classic statement by security experts
"Applications can either be secure or easy, not both" And, it also free
for consumer use (www.ncryptedcloud.com), also disproving security costs
money (we get our revenue from corporation for corporate use, similar to
Yammer).

I hope we inspire end users to demand secure solutions that are simple.
Liked by 1 reader

NicholasStamos
6/14/2013 8:24 PM GMT+0000
Thank you for your question, it's an excellent one. The answer to your
question is neither. Your idea around a filter driver is a good one, and
something that I have done in the past with a previous security company i
had started providing security and encryption for Fortune 2K customers.
However, my experience with filter drivers is that they are prone to cause
many compatibility problems on end users machines, even those tightly
controlled by IT in large corporations. So not an architecture appropriate
for a solution we want to on consumer and enterprise machines. Your second
idea, is also clever, and has been used by a company called Secret Sync in
the past (bought by PKWare, and rebranded Viivo) so its workable, but not
an ideal solution.

So we the answer to your question is we take a different approach
depending on the platform. On the Windows platform, Windows provides
interfaces in Explorer that allows us to create user mode Explorer
extension. This allows us to create a virtual view on top of Dropbox,
using documented interfaces, and also allow Dropbox to display their
status in our view. So one get the native experience of Dropbox in our
view, and its seamless. We then on demand, decrypt and encrypt documents
outside of Dropbox folder, in the appropriate local temporary location,
and move data back to Dropbox folder when editing is done if needed. On
Mac OSX, since the Finder does not provide developers the ability to have
build plug-ins we integrate through a WebDav interface by implementing a
local light weight WebDav server that creates a virtual view on top of
Dropbox, and again assures no files are ever stored un-encrypted.

For more details on our crypto and key management, goto our YouTube
channel at www.youtube.com/ncryptedcloud. Thank you.
Liked by 1 reader

whale12345
3:28 AM GMT+0000
But it's difficult to add new features to applications with end-to-end
encryption. Take Gmail, for example. "If you wanted to prevent
government snooping, you'd have to prevent Google's servers from having
a copy of the text of your messages," Halderman says. "But that would
make it much harder for Google to provide features like search over
your messages." Filtering spam also becomes difficult. And end-to-end
encryption would also make it difficult for Google to make money on the
service, since it couldn't use the content of messages to target ads.
=========NH:
Instead you need applications on you computer that read files you
permit it to read and then have that program run automated google
searches for you and report the results to you. If you don't permit
your app to read a file by checking the file to block it , then you
keep that out of the hands of the private vendors and the government
========NH//

=======NH:
Provided you have a fire wall or work off line while your file is in
the unencrypted state . Perhaps two physically separate computers [...]
one on line one off . Transfer the encrypted file to the off line one
,, un encrypt let your search robot app see what of what files you will
then send that portion back to the on line computer via a thumb drive
or optical disk . but then you have to be sure you get a clean erase
when you are done and want to reuse it , or you simply archive the
optical disk transfers to have a secure memory of what you did search
for on line.
===========NH//

P. K. Carlisle LLC
3:54 AM GMT+0000
One thing that I might do if I worked for the NSA's version of the
Department of Dirty Tricks: I would have long ago infected every installer
of PGP on every server that I could reach, anywhere in the world (which is
a lot of them) to automatically put every computer which installs PGP into
the NSA's surveillance net. It is not hard to do when you consider that
the NSA interfaces with major software vendors so that a virus NSA created
would be sure to stay out of commercial virus scanner definition
databases. Also, Stuxnet remained unidentified for a long time even
without the cooperation of software security vendors.

verdhello
7:39 AM GMT+0000
Maybe encryption is an overly passive way of dealing with those pesky spy
agencies (in the USA and elsewhere). A more proactive approach would be to
tackle the agencies head-on. For those who have a mind to, it might
involve flooding the internet with emails containing those key words that
spy agencies are so drawn to. Words like 'bomb', 'attack', 'terror', etc.,
etc. It would, of course, require many hundreds of thousands of such
emails, but it could be possible given the right political climate - a
mass movement of protesters motivated by a major political cause. The
effect would be to tie up a spy agency's detection capabilities for a long
time. Whether this is technically possible, however, is less important
than the realisation that individual citizens are pretty much powerless
against the technological intrusiveness of spy agencies. But hundreds of
thousands of citizens acting in concert would be a power to reckon with.
The internet is a two-way street - and the game can be changed. It has
always been citizens versus government.

Ogredaddy
1:53 AM GMT+0000

Face it people,

The Patriot Act, along with tweaks and expansions to The Patriot Act, are
about as close as
the government can get to implementing A General State of Martial Law...
with out, you know. really.... actually, coming
out......and...just.....SAYING IT!

Serega1
6/15/2013 10:39 PM GMT+0000
Why doesn't everybody use NSA-proof encryption? They don't need it.
Snowden did. Technology can protect people from government spying, but
they must do their part. Like cars, planes, guns or any other tools
"end-to-end encryption doesn't work well if people don't understand it".
Few people are like Kardashians - most want their private life to be
private even if they don't go to the extremes about it. Government
snooping does no physical damage, but it's pretty irritating like a
nagging wife "protecting" her marriage.
Like

ziggyzap
6/15/2013 10:38 PM GMT+0000
Instead of fooling around with encryption and other methodsl, the best way
to deal with NSA snooping is to completely overload the resources of the
spies and drive them crazy.

Every email should contain a provocative phrase that will trigger an alert
at NSA and CIA, such as "Kill The President" or "Nuke The White House" or
"Suicide Bomber Mohammed Farouk Is Going to Blow Up The Golden Gate
Bridge" and other similar phrases.

That will have the NSA weenies being snowed under with emails from
everybody and trying to figure out whether any of them are real or not.

The same goes for Facebook and Twitter. Users should just tweet the same
sort of provocative phrases or paste them on their Facebook walls.

Then if they get a visit from the CIA they can tell those jerks that that
if they had not been reading their personal mail, then they wouldn't be
wasting their time like this.

You can beat this intrusiveness by making their lives a complete misery by
overloading and hopefully crashing their systems while fooling with their
minds.
_______________________________________________
tt mailing list
tt at postbiota.org
http://postbiota.org/mailman/listinfo/tt

----- End forwarded message -----
-- 
Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org
______________________________________________________________
ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org
AC894EC5: 38A5 5F46 A4FF 59B8 336B  47EE F46E 3489 AC89 4EC5

More information about the liberationtech mailing list