Cops hate encryption but the NSA loves it when you use PGP Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto. To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't …
"To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards."
Only now. As they tighten their control, more systems are going to slip through their fingers. I'm already looking at tunnelling my home connection through a dedi in a DC - just to get rid of dumb ISP stuff (DNS hijacking, port blocking, etc.) and to move my home VMs (OwnCloud etc.) closer to the net.
But it may flag me up, I've considered this, as far as I'm concerned they can waste their time getting a warrant to tap the exit point in the DC to see I'm just a pissed off geek. The more they push us toward encryption by snooping/interfering, the more noise they'll create for themselves to sift through.
He has a dedicated server that he rents in Washington DC. He is thinking about creating a VPN tunnel to that dedicated server from his home network and have all the traffic from it go through that tunnel to enter and exit through the server using its net connection. This way he is getting round any UK based ISP blocking of ports and websites and as a side effect making more encryption 'noise' for the authorities to sift through.
This post has been deleted by its author
This post has been deleted by its author
This post has been deleted by its author
"Didn't follow that, please expand and tell us more..."
Martin Summers summed it up nicely. The only difference is the server is in my country so local law enforcement can get a warrant if they want to monitor it, but being in a data centre, they will need a warrant. I'm not trying to hide from authorities, just get around consumer ISP dumbness for my home development environment - which is primarily used for hobby projects but often demo'd externally online.
I'll also be able to play with IPv6 and have multiple static IPs for my home network etc. - there are lots of benefits but it will make me look dodgy to the authorities.
Edit: Data centres in the UK aren't bound by the same rules as consumer ISPs.
Edit2: Yes DC = Data Centre, sorry :)
What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.
1st, if you going to use your own proxy, are you paying with it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).
Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.
What he means is that he's already busted. He's gonna access it from his home? LOL. FUCKING RETARD.
1st, if you going to use your own proxy, are you paying for it?? PayPal or Bank Account (Busted). You're going to use it from home (Busted). Are you going to use it @ Starbucks (Busted - they're called cameras). Do you have your Smart Tracker (phone) - (Busted). Did you drive their in your car (Busted). Did you order the same Mocha Shit-Latte (Busted). Do you know what a MAC address is, and how to change it? No (Busted). Are you doing anything that you'd do at home? (Busted).
Chances are you're not smart enough. That doesn't mean your dumb ... it just means you're not smart enough. I could have kept going on and on and on. You're going to do something that leads them right back to you. Even Gene HACKman couldn't remain anonymous enough. Sure it's a movie, but you'd better be more paranoid than that....and he was playing paranoid. Chances are, you're not that paranoid. You're going to jail, loser.
Similar here. I don't have anything illegal going over my connections, but I do encrypt where feasible and get others to do the same. It's not about my protection particularly, but about returning surveillance of our communications to be an active choice that an Intelligence Agency has to make with judicial oversight, rather than the free ride it became when email and the rest took off.
@AC: FFS stop talking common sense, they don't like it. More data, more data, need more data. And still won't prevent terrorists attacks by arseholes sending unencrypted messages to each other. This is no more than common dissent crushing apparatus - it has fuck all power over nut jobs.
If even readers of The Register can be thrown by the DC reference what hope does a security service have of being up to date with all the "argot" of a worldwide group of nasties ? How do you monitor a language you don't know ?
My only knowledge of security and police service procedures comes from TV and Cinema, but simply watching the comings and goings at a suspect address seems to be a very common practice. If the suspicions are confirmed then the other means are called in - such as the rooting of suspects' computers etc. It does seem to be a fairly effective data sifting method.
This is no more than common dissent crushing apparatus - it has fuck all power over nut jobs.
Ahhhh, so THATexplains why in Europe and North America political dissent from the ruling regime will immediately lead to your door getting kicked in at 4am and you being disappeared off to a seekrit camp somewhere on Salisbury Plain! It suppose it also explains why barely a month goes by without a terrorist "spectacular" attack in central London or other presitigious soft targets that have killed thousands of innocent civilians...
*rolls eyes*
...and that got HOW MANY upvotes? Come on commentards, I thought you were better than the usual run-of-the-mill BTL newspaper brane-speekers. Do try to apply a little critical thinking before clicking...
*watches karma vanish like tolerance and restraint at a Trump rally
Not 'El Reg-Tards. TLS to Hard. These fucks' refusal to implement TLS is totally for fellating their PM. TLS is 1st grade skill. Why 'El Fucktards? Why do you FLAT OUT refuse to use TLS? Is it that the Queen will look unkindly you? Not knight you? *** FUCKING TLS!!!! ***
>How do you monitor a language you don't know ?
There would be patterns, and statistical anomalies. Such techniques have been used to decipher long dead languages.
Of course, the bad guys could use rules to change the meaning of code words, ( e.g 'mango' mean 'bomb' but only if the football team who are currently 3rd in the premier division wear a blue strip, else 'ten mil spanner' is the magic word) but that requires discipline in their op sec. and perhaps wouldn't be considered a 'language'.
I am not "taking the piss" or anything else when I say the queen is scumbag and wants nothing more that your ownership. I don't believe you can call shots on evil powers hindering freedom and want to protect the queen. Or is this that dry English humor that goes far over my head?
I was with you until you suggested Brenda is above being satirised. This is the UK, not Thailand, and I'll take the piss out of the Royals if I fancy it. We pay enough for the privilege of having them, after all, I'm just getting my money's worth...
You would be well advised to look into the work of Gordon Welchman - during WW II he worked out just how valuable meta data really is. This is why I don't use PGP - that does f-all to protect end points.
Defending against meta data analysis requires looking at the sort of measures that have to be taken in-theather to prevent an enemy from analysing radio traffic for network density and thus identifying leaders and critical end points. Simply at a network level it's already a pain to prevent painting a target on your back.
The next challenge is your friends, because there are no laws against asking them about you - basically the thing that happens continuously on Facebook and LinkedIn.
This is why I laugh when I see yet another company promising that it will "protect you from the NSA" - I know what is needed, and it's a lot more than setting up secure communication. To be honest, these days I'm no longer sure that those asking loudly for crypto backdoors are as clueless as they appear - I'm starting to think that they know very well it's nonsense, but make all that noise to distract you from what they really want, your meta data. In some countries such as the US they have already won, if I'm not mistaken the FBI can now get that data without a warrant.
I'm OK with law enforcement having access to it, my problem is the lack of accountability that is supposed to accompany such powers, because that makes abuse certain. *That* is the real issue someone like Teresa May needs to address. Until then, fingers off.
"I'm OK with law enforcement having access to it, my problem is the lack of accountability that is supposed to accompany such powers, because that makes abuse certain. *That* is the real issue someone like Teresa May needs to address. Until then, fingers off."
I'm hoping some folks in Cheltenham are watching our voting patterns and using them to adjust their future policy making to be more palatable... Err hang on. No. Err.. Damn.
Am I correct in thinking that the more popular and widely used PGP or encryption of similar strength were to be used, the less useful the metadata would be? If every man and his gran were using it to do pretty much everything, that would be a headache for the spooks, no?
Yes, I have used pgp on windows and linux, and yes I agree it's not optimal in terms of ease of use. Which is why I said "or something of similar strength".I was just checking that I'd understood the article correctly - that IF something as secure as pgp were to become widely used, then the sheer volume of metadata would dilute the value of that metadata.
It's more than just pgp on windows, linux or mac since most folks have multiple devices which include phones and tablets where they expect to get things like email. Each of these need to be sync'd so it's more than just a question of how easy it is to install, configure and use on a device it has to work across devices which is going to be the ocean that needs to be crossed for the average user.
"... dilute the value of that metadata." It will not do that to a degree that makes much difference. It will slow queries somewhat and increase the storage requirement, but both effects are likely to be overcome by technological progress along with routine equipment replacement and upgrading.
"If you're using enigmail then yes it's easy. However that presupposes you know Unix and how to set it all up"
It also presupposes that your correspondents also use PGP. Of course most if not all of your correspondents probably don't use it because most if not all the people they know don't use it either.
I've said it before: it needs to be baked into the mail protocols and software as a default, not as an add-on. Until then, as the man said, it just raises a flag.
it needs to be baked into the mail protocols
It has been, for 39 years. PEM in RFC 989.
And then again in 1991 with PGP (RFC 1991, though that only specified message formats), and in 1998 with S/MIME v2 (RFC 2311; S/MIME v1 was not standardized).
and software as a default
Well, yeah. MUA and MTA authors couldn't be bothered, or picked the wrong horse.
PEM was probably too early. There wasn't a widespread appreciation of the need for improving email security, the US was still laboring under excessive cryptography export controls, and sharing code (particularly important for crypto, given the difficulty of getting it right) was impeded by less-widespread access to the Internet.
PGP was generally perceived as a single implementation, not an interoperable specification, until OpenPGP came along in 1998. But mostly, I think, the problem was that MUA authors in particular were much more concerned with adding flashier features that they thought would attract novice users, as well as avoiding those damned export controls again.
S/MIME wasn't clearly superior to PGP (and still isn't). It looked mostly like a way for RSADSI to push PKCS#7. Microsoft climbed on board (Outlook still supports S/MIME natively but not PGP), because of course they did, but to PGP fans S/MIME looked like god-not-more-crap-thrown-on-top-of-poor-email. And corporations generally just went with SMTP+POP/IMAP or a proprietary protocol like Exchange, running through VPN tunnels, for confidentiality, and didn't worry about authentication and other features of cryptographically-secured email.
@ZSn: No geek here, but I was able to setup up PGP on a Mac's Apple Mail client using GPG Tools in very little time. Click to sign, click to encrypt or not... its ridiculously easy to use. Technical support was great too.
For me its actually a lot harder for me to find other people within my circle of friends who will send PGP encrypted email back and forth. So I don't encrypt anything but I like signing my email. I guess that's better than nothing.
If every man and his gran were using [encryption] to do pretty much everything, that would be a headache for the spooks, no?
If it were just a matter of seeing who was using encryption and using that fact to identify targets for closer surveillance then you'd be right.
There's more to it, though. The metadata in messages to and from anyone who is already a suspect can identify that person's correspondents, for example, and often knowing who is communicating with whom is as important as being able to read what they say. The fact that encryption is available makes these people less cautious about using easy-to-monitor public networks (aka the internet) as their message carrier.
This sort of thing has been done for ages ... I heard a guy from the UK Police High-Tech Crime Unit give a very interesting talk some years back. He was addressing a roomful of IT Security professionals, and explaining why it didn't matter that what we were doing for a living might be abused by the Wrong Sort of People. Just as well, as everyone in that room was probably making a living out of encryption technology in one way or another!
Am I correct in thinking that the more popular and widely used PGP or encryption of similar strength were to be used, the less useful the metadata would be?
Nope. All you protect is content. PGP doesn't do anything to protect the endpoints of the conversation (very little does, to be honest). Volume has zero to do with it.
//Nope. All you protect is content. PGP doesn't do anything to protect the endpoints of the conversation (very little does, to be honest). Volume has zero to do with it.//
Actually, stuartnz is right, in the sense that the article was about how using PGP in itself flagged you up as someone to study. If everybody used it, that wouldn't be the case.
If every man and his gran were to use it then yes, the information value of its being used in any given circumstances would fall to zero. That would rather destroy the value that the NSA guy claims he currently gets out of it. So, no, he certainly doesn't want everyone to start using it, which is why he immediately tried to taint "PGP use" with the brush of"only bad guys use it".
It seems to me that that what we have here is some FUD disguised as a "Well I never!" news story.
It would be no more than a minor to moderate inconvenience if everyone so inclined to switched to consistent use of PGP or equivalent. The inconvenience would be limited to modest floor space and storage increases. SigInt agencies already are quite good at building, maintaining, and using very large databases. They would simply provide for the greater volume and go about their business largely unaffected. Facebook started sending PGP encrypted notifications a while back. They may be captured, but are unlikely to have been much noticed, although they have fairly obvious intelligence potential and likely enough are not being excluded from any program for collecting encrypted email.
The plain fact is, however, that most people (I think nearly all) simply do not care enough if their traffic is sent in the clear to make the minimal effort required to switch to use of PGP or the like.
Rogers came out not being against encryption? What gives... ? The article points out the "goodness" of us using it as attracts attention. If everyone does it, then everyone gets "noted"? There's more to his statement then meets the eyes.
Icon ---> Closest thing to a tinfoil hat
As I read it, he's trying to talk people out of using encryption by saying that it makes them targets for investigation.
Which is probably true, as far as it goes.
If everyone started doing it, then of course the advantage would disappear. But we all know "everyone" isn't going to start doing that. At best, about 1% of internet users will. And so the haystack will remain much smaller than the field.
If you see someone arguing "We all need to start using encryption all the time, the spooks won't know what to do" - that's the person who's trying to spread surveillance more widely.
Surely everyone is in favour of targeted surveillance so if there is a good way of them filtering down who to look at in more depth that is a good thing.
If you drove through a red light district every day at 5mph would you expect the police to pay an interest in what you are doing? You haven't done anything wrong but they if they are to catch kerb crawlers then you behaving like one would raise their interest.
I'm all for robust privacy and encryption so would like to think "they" are adept at distinguishing between someone who is concerned about their privacy and someone up to no good that they need to investigate.
I understood it as when they're investigating someone and they're using PGP, it's much easier to piece together who is in their "network" for want of a better word. IE - they're not likely to be sending encrypted emails to their gran (unless she's in on the plan). So you look at everybody the person is sending encrypted mails to and add them to your scope. Then you look at who they're sending encrypted mails to and so on. It gives you more of a pointer where to focus your resources.
But maybe that's because my tinfoil hat got knocked off when I fell off the back of the hype train.
I understood it as when they're investigating someone and they're using PGP, it's much easier to piece together who is in their "network" for want of a better word.
The key (if you pardon the pun) is that PGP is not casually applied, it's wilful, targeted and a sign that the two end points of that conversation have a more than casual connection with each other. I have used it on many platforms (Android, iOS, Windows, Linux and OSX) and it has become easier. It has, however, not becomes so easy that it's easy for the casual user as key management is still not smooth enough so it'll never be a default, it takes extra effort.
The world of meta data is not one of facts, but of probabilities that you seek to get as high as possible. As with all statistical processes you can screw up badly if you use the wrong data (let's not forget the wonderfully clear statement of General Michael Hayden on this matter and yes, he thought he was being funny), not to mention that the result of such an analysis typically ends up in the hands of people who don't understand the difference between probability and fact.
So, using PGP is indeed somewhat akin to flag waving. If more people start using it you would indeed end up with a small reduction in probability but I suspect that PGP is but one of the many inputs.
Difficult to say. I have some friends whose state government office was located such that their best route home is straight through the red light district (in fact I believe they said they pretty much had to walk through it if they decided to go out for lunch). At rush hour, you're going to tend to be doing 5 mph there even if you don't want to.
If we want to resist this unsettling trend in the government to outlaw cryptography, one measure we can apply is to use cryptography as much as we can now while it is still legal. When use of strong cryptography becomes popular, it's harder for the government to criminalize it. Thus, using PGP and PGPfone is good for preserving democracy.
If privacy is outlawed, only outlaws will have privacy. Intelligence agencies have access to good cryptographic technology. So do the big arms and drug traffickers. So do defense contractors and some other corporate giants. But ordinary people and grassroots political organizations mostly have not had access to affordable “military grade” public-key cryptographic technology for telephone conversations. Until now.
page 10, paragraphs 2 and 3
Manual for pgpfone, by Phil Zimmermann et. al. July 1996
ftp://ftp.pgpi.org/pub/pgp/pgpfone/manual/pgpfone10b7.pdf
That's nearly 20 years ago. Ignoring any particular reference to PGP/PGFone, did we take any notice of his message and made pervasive use of strong cryptography? If we had, then, the governments would have had a much more difficult task to try to control it
At the time he wrote that, the Internet was very much smaller & most people on it were geeks of one sort or another. So it was not exactly a dumb statement then. However AOL was connected about that time & the 'net started a long descent to what we see today, though there have been compensations along the way (Altavista & descendants, http, etc). PGP has always required some intelligent deployment. Enigmail might be just a plug-in but the real work is setting up & managing the public key infrastructure required to use it effectively as a day-to-day tool. Amongst a small circle of friends, acquaintances & colleagues that is manageable, but otherwise, forget it. And although there is now a halfway decent CA infrastructure for website certificates, that's still too hard to deploy universally for personal e-mail signing & encryption.
So non-TLS encryption is going to stick out like a sore thumb for a long long time, even TLS used in unusual contexts (not web, not IMAP etc).
And the bigger the effective public key infrastructure, the less valuable it is in keeping out the riff-raff. This is the essential problem with the various certs for websites. Processing all of the inputs leads to the bad guys getting stuff too.
For what it is worth, there are public repositories for PGP public keys - pgp.mit.edu is one - and others can be found by installing Enigmail. The model in which keys are obtained from a public key server is slightly discordant with the usual PGP model in which trust is assigned based on the signature of the key by others and the trust one has in the keys used for the signature. Used reasonably it can provide reasonable security, probably as good as a Comodo signed certificate. When you can meet a correspondent, generate and sign keys off network and exchange them in person, the trustworthiness of those keys is very good.
The point about unusual use of encryption is interesting and merits an upvote or two.
The problem with standard encryption is that the task can be offloaded to a computer quite easily.
Pictorial representation of what you're trying to say, no matter how obvious, is hugely problematic.
So with an agreed code, I could be stood facing right, with a ransom note in my hand and an AK47 pointing at my head, and only my mates would understand I'm regretting taking that cheap holiday.
Yeah, Captcha was just a vehicle to badly explain my point.
The way i would see it working is someone would create a Facebook page and populate it with the usual guff, just to make it realistic. Then when they want to pass on information they would do so by posting seemingly innocuous photographs of themselves in various poses, clothes, pointing and with everyday items in their hands, etc, but all of it is a pre-agreed code.
Admittedly it's pretty cumbersome and limited in scope, as trying to pass on the structural layout of ARM's latest chip design would be nigh impossible, but telling someone where to meet and when would be quite easy.
Really? Recent Paris attacks had metadata, data, watchlist members, the whole kit and caboodle. Did it prevent it? Nope. I have no faith that these twats have any idea of what to do but collect data. Binney pointed out the level of utter stupidity that now pervades the ranks of the five eyes.
Wrong point of failure. The guys collecting the data know exactly what to do with it. It's the "Islam is the religion of Peace" twats in charge of them who won't let them use the data they collect, or even correlate it properly. Same story during 9/11, the guys who were practically screaming for an investigation of suspicious activity were told they to shut up and stop being racist.
Sending a plain text email is like writing a post card anyone can read it.
sending an encrypted email is like sending a sealed letter. anyone can see who its to but the content is "secure".
to remove the Address meta data other services need to be used.
I agree end to end encryption of the content should be baked in to the software and used as a default setting. BUT what's the chance we can get ALL email software providers to agree to ONE "secure" NON back doored publicly validated open source standard that works for sending and receiving mail to anyone on any device. (so no chance that it will be in Gmail :-( )
OpenPGP (RFC 4880) is such a standard and is not known to have a back door, although the source code has been available for anyone interested to analyze for over 20 years. The chance of universal adoption (so far) is zero, since Microsoft does not support it in Outlook. On the other hand, there are multiple implementations for gmail, and applications for Android, Windows, and Linux; and web search will easily find implementations Mac OSX, iOS, FreeBSD, and OpenBSD. Whether these all have been scrutinized equally thoroughly is uncertain.
Given how easy it is to get gmail (or other) email addresses, removal of message address information probably is less a problem than a minor inconvenience.
Disguise encrypted data as bittorrent traffic? With torrent traffic taking up a huge chunk (~30-40%) of the internet's throughput, I think this would be incredibly effective. Although the encryption in bittorrent is fairly weak, there's so much traffic that it would be nearly impossible to decrypt enough of it to find the one or two pieces here and there which are actually PGP/whatever data in disguise.
Another thing one could try, is using chat from within an online gaming platform (such as WoW etc.).
While they (meaning whoever hosts the platform) probably monitor most of the public chatter on sites like that, I doubt anyone looks into the private stuff, unless someone accuses you of breaking their code of conduct.
A friend and I once sent each other a string of nonsense, that included the words Jihad, bomb, zero hour, Al Qaeda, martyr, infidel, die, kill, and New years eve.
Figured if anyone was monitoring it, a flag would be raised, but nothing came of it.
At least I don't think it did :)
PGP as such is not chatty and doesn't (have to) contain any metadata. The email (as the most common transport medium) is.
So how the NSA are getting any more metadata and links between participants in a conversation from a PGP message as opposed to a plaintext email is beyond me.
If it's just the old prejudice that everybody who uses encryption has something to hide and/or is naughty, then it's an old hat. Let them log/store all encrypted emails, if they like. There's about the same metadata in them as in plaintext emails. Time to attach PGP encrypted cat pictures and videos to every message. Or hide PGP encrypted stuff in attached pictures (steganography). Or both.
Just send lots of randomly encrypted e-mail to lots of random e-mail addresses. It matters not that the person you are writting to doesn't know you, doesn't want to know you and can't decrypt the mail anyway. It adds a lot of spurious meta data to confuse the spooks.
According to the (utterly broken) UK snooper's charter currently under way - "metadata" is defined as "anything that doesn't tell you what the actual 'content' of the message is".
So if a message is encrypted, the whole thing becomes metadata. And then the ICP has to store it.
This is just part of the reason ICPs are none too keen on it...
> So how the NSA are getting any more metadata and links between participants in a conversation from a PGP message as opposed to a plaintext email is beyond me.
I'd suspect they get quite a bit of extra info when the correspondents do their key lookups and/or verifications against whichever keyserver or directory they are using. It's not going to be 'direct' metadata so much as 'associated' metadata.
So even if there's complete end-to-end encryption, an insufficiently secured lookup of the key for Mr Alfred Qaeda Esq may raise an eyebrow.
"I'd suspect they get quite a bit of extra info when the correspondents do their key lookups and/or verifications against whichever keyserver or directory they are using."
Okay that's a very good point. On the other hand, the recipients I use PGP with have never published their keys. No keyserver comms happening if the key is present (imported by other means) and trusted already.
Sysconfig: The gumshoes aren't finding EXTRA metadata because a conversation is wrapped in PGP. The article is simply pointing out that the use of an encryption wrapper invites scrutiny. The metadata is already in the email transport chain or server timestamps. But a forensic investigator needs to winnow down mountains of messages (or stored data files). And so, they view the use of encryption as a sore thumb. It bubbles up your message, because you clearly feel that there is something worthy of hiding.
It is for this reason that privacy tech and anonymity (VPN, TOR, etc) must become ubiquitous. With encryption by default, investigators will no longer be treating privacy as a red flag.
0000000: 8501 0c03 4c8c 9506 6833 55b6 0107 fd16 ....L...h3U.....
0000010: 2597 49f8 0cb1 3621 075c 3ce1 b32a 67b7 %.I...6!.\<..*g.
0000020: 2347 a773 fa6a 4376 3717 be53 959b 01a1 #G.s.jCv7..S....
0000030: 702d 3ff6 4375 579d 0931 7d5e dcb8 ec7a p-?.CuW..1}^...z
0000040: ca88 d7ed cab4 64cb 70be 9578 ec54 a31b ......d.p..x.T..
0000050: 24dd 40f2 e268 ba64 d843 d021 d7e9 fd2e $.@..h.d.C.!....
0000060: 8e84 a0c5 9eaf ceb7 dd42 6af4 7cb5 dcde .........Bj.|...
0000070: 66cc 8e40 580d ff4d caf3 fad6 f175 756c f..@X..M.....uul
0000080: 8e1a 83ac aab0 025c 85d9 98e5 3ea6 e7a5 .......\....>...
0000090: d0ef ac66 636b a7ca b0ed f07f dc68 0b74 ...fck.......h.t
00000a0: 0ce2 a74e 3980 55c5 64ae a648 090d 83d1 ...N9.U.d..H....
00000b0: 2a4d baa6 74d0 7dae 2b71 437c d6af aa94 *M..t.}.+qC|....
00000c0: 7c0d 4879 95ab bc8f 6302 748a 844a ceea |.Hy....c.t..J..
00000d0: d592 951b 92cb 8f12 b92b 8af8 87e8 354e .........+....5N
00000e0: cd10 ced4 931e 6eae e480 3569 677c 4f96 ......n...5ig|O.
00000f0: e1cd 235b e849 eb0b 393e e864 f7ed 1a12 ..#[.I..9>.d....
0000100: 682c 4805 c59c ed34 ad12 d474 66a1 efd2 h,H....4...tf...
0000110: 4f01 0af7 b6cc c977 1bc5 45dd 68ba b276 O......w..E.h..v
0000120: e447 423c d239 20e3 f212 182c 54a0 c345 .GB<.9 ....,T..E
0000130: 41a9 684e 6458 857c 00c0 1e09 6aa6 26b0 A.hNdX.|....j.&.
0000140: 271e 84ac fafe 649d 9872 78d1 9bef 15f8 '.....d..rx.....
0000150: d6ca 046f 6ef8 1edd fac4 55a1 95e0 e8d7 ...on.....U.....
The above is a dump of a gpg-encrypted file containing 16 famous digits. I must be missing something - where are the metadata there?
Username: g00se
Posted: roughly 23:00 2016-01-27 UTC
Source IP address: (in the reg logs)
Dest: (pretending this wasn't a post on a forum, the recipient)
PGP: TRUE
Length: 160-ish bytes
PGP Version: (In a real pgp header)
There's your metadata. The big part is PGP: TRUE, since it's easier to track since there's less PGP traffic on the net. How about this scenario. BadG00se sends a PGP email to his local handler. Gets noted since it's PGP. shortly after, handler sends out PGP emails to several other accounts, some known and some not to the NSA. Those get flagged too. etc. Then someone slips up and sends out something in plaintext from one of the previously-unknown accounts.
A bit more:
Sender/receiver pair
The entire mail header (because it shows point of origin and mail servers this went through).
You cannot avoid signalling a sender because the recipient has to work out which key to use (unless pre-arranged, and that's another flag in itself), and you need a recipient because it would simply not go anywhere. Mail headers are added automatically, you have no control over that, and if you want to be cute by pushing this via TOR into an open relay you'll find it most likely will bounce off spam filters instead.
Previous commentard is correct in that you will eventually make a mistake. It's a bit like Google and Facebook having these social media buttons in all websites which flag up your presence. You may be creating an unallocated chain of events, but at some point you will use a website with an account from the same system, at which point the chain has an owner. They don't care if it takes a year - their data does not have a mandated expiry.
Yes, I've been doing this for a loooong time..
Twenty year ago, I looked into PGP to see if I could use it to safely send "tax-return information to customers". So, as I could not explain it to human clients, that was a useless undertaking.
Knowing nothing about decryption or PGP or metadata here, my best three, no four, guesses about the famous 16 digits contained in the "Show me" post are
1) PI: 3.141592653589790
2) The number e: 2.718281828459045
or may be, something more computer related like
3) 248163264128256 , or
4) 1234567890ABCDEF
Let me know about any prices I may already have won!
Think of all the headers in an email. Source and Destination for one. As the article clearly says, they don't need to read the encrypted text, they just want to know that you and your destination are talking.
As it states. If you are using PGP, Tor, or any of a bunch of other things, you are flagged as a person who is possibly interesting. This reduces the subset of search targets immensely.
And if you are only talking to your gran using PGP, and she only talks to you using PGP, they will pretty much ignore you.
You are crediting them with far too much intelligence and capability. More likely is that either your's or your granny's place will get a dawn knock by CO19 and you will be threatened with prison time unless every communication is decrypted for them. You will then be spoken of in a press conference as the reason why the laws exist as they do. Heaven help you if they find out you're brown or have a history of brown anywhere in your ancestry, you utter dissenting bastard.
"As it states. If you are using PGP, Tor, or any of a bunch of other things, you are flagged as a person who is possibly interesting. This reduces the subset of search targets immensely."
It does reduce the group of search targets. But it doesn't exactly help in any way shape or form if - like in recent terror attacks in Europe - it has been established that no encryption whatsoever was used. They figured that out in hindsight. In other words too late. Maybe they had already been focussing too much on encrypted stuff, who knows.
Also, I would expect that encryption in any way shape or form is most commonly used by businesses rather than individuals, especially VPNs. But then again, they may be much more interested in trade secrets than combating terrorism (which has caused a negligible number of deaths in comparison to car accidents, fatal injuries at home and what have you).
Ha - this may have been true as little as two years ago - but between netflix regions and publicised metadata collection, there has been a huge increase in VPN use and corresponding traffic. When every mom and pop is playing hide and seek with the media companies, policing is just collateral damage in the war for your lounge room.
Sadly, statistically few people will use it, because so few people understand the need for privacy all the time, not just some of the time.
More importantly, the problem is that so few people understand that it is nothing to do with your need for privacy: by using all the available privacy tools all the time you are protecting the people who do need privacy and who are important to you. That may be journalists, campaigners, battered wives, or even politicians.
"It a reasonable guess that heavy users of encryption are doing it for a reason - mostly ill."
Well I use ssh connections when traveling to pass files to/from my server ( just another directory on my file manager via fish://) No evil secrets but encrypted regardless due to ssh.
"No evil secrets but encrypted regardless due to ssh."
In fairness, the article was specifically referring to PGP rather than any other encryption and (as noted by earlier comments) the decision to use PGP to protect a given email is a far more conscious one on the part of the "target" than (say) simply using SSH for remote connections. (Indeed, the latter is almost de rigeur even amongst n00bs for remote terminal sessions simply because there are no examples on the interwebs for running a telnet connection anymore.)
But I think I'm right in saying that if that email is sent to a foreign (**) email server via a STARTTLS-ed SMTP session, the spooks probably can't even tell whether it uses PGP or not because the metadata was encrypted in that case too. (**Foreign in this context means not in a country where the spooks can ask their friends to issue a warrant to the owner of the server.)
But I think I'm right in saying that if that email is sent to a foreign (**) email server via a STARTTLS-ed SMTP session, the spooks probably can't even tell whether it uses PGP or not because the metadata was encrypted in that case too
You are right that TLS encryption of SMTP exists and hides the metadata from easy interception. On the other hand, it has numerous weaknesses, including:
1) In most cases, TLS is set up opportunistically -- most servers do not insist on TLS and will drop back to sending without it if the receiver doesn't (appear to) accept it. Most servers prefer not losing email to link security. My personal servers insist on TLS for submitting mail for sending but are forced to accept incoming mail from anyone (although I do add a header to tell me it arrived without using TLS -- and I sometimes complain to the sender that they should turn it on).
2) In many cases no certificate validation is done, so it is easy to MITM. For example at international gateways.
3) It is not end-to-end, it is link-by-link, so if the receiving system is compromised, or if it can be convinced to forward the message on to another system without using TLS (see 1) then the metadata is exposed.
4) There are some attempts to help with problems 1 & 2 by setting up information that says "my mail server always wants to see TLS -- if you try to connect to me and don't get TLS then don't send" and "my certificate looks like this -- if you don't see that certificate don't send". But it is hard to do and fragile and, in practice, no one implements it (search for DANE TLS for more info).
Reasonable guess? Not sure, I move 50GB of pgp files over ssh into AWS every day, that probably puts me in the "heavy user" category. It's Fred sending one message a week to worry about.
I wonder if the NSA's filter lets them slurp pgp files from s3 or intercept ssh... if so only needs a few people like me to give them a huge storage problem (although the analysis will be easy), and we're a minnow as Big Data goes.
No, it's not a "mostly ill reason". There are several good reasons.
Let me give you a few examples: An accountant wants to share tax data with the client - that's sensitive private data, that is required by law to be kept safe, so it should be encrypted.
A doctor wants to send health data to a patient, again, it's data that is required by law to be kept private.
Without encryption it cannot and should not be sent by e-mail.
A lawyer wants to send sensitive court or law-suit data to a client. It would be stupid, wrong and possibly malpractice to send such info unencrypted.
A business company making widgets sends the latest data about how well the newest widget performs
from the engineering department to the accounting department. They would be idiotic if they did not
encrypt such data.
A secretary of state, say Hillary Clinton, sends sensitive government data from her private e-mail account
unencrypted. It would be goofy if she really did that. Oh, what? oh she really did? oh, that's a bad example then. (Let's blame it on Microsoft and its spirit of openness.)
Alrighty then, several US embassy operators were sending sensitive government data home to Washington DC in plain text, without encryption. It'd be sort of dumb if they did that. Oh they did, that's another bad example. Sorry.
Or let's say the US FDA sends info about approving the latest drug from Pfizer or Merck, etc unencrypted to their clients. That would be dumb. Not sure if they do that. I am not on their list of clients.
Or the US Army cables that they are going to "Attack at dawn" in plaintext. That would be stupid.
At any rate, I believe I made my point that there are many reasons why certain data should be
transmitted only in a safely encrypted fashion, and that these many reasons have nothing to do with
terrorism or weird anarchist ideas.
Now do you get it?
Wouldn't all those instead choose to send the data by trusted courier, then? If time's not an issue, they probably wouldn't leave such data to the Internet, especially (like a raw 3D rendering for a movie studio--easily multiple terabytes) the data's too bulky for Internet transport.
,.how some people still hold onto the idea that our spooks have capacity issues that limit their ability to monitor everything. (Think Bletchly in 1940's and then factor Moore and more besides)
Thus by standing in a forest you are somehow out of sight. Sure the agencies haven't the ability to make sense of everything immediately, and hence need to narrow the criteria before looking deeper, but if you suddenly become of interest, they'll pull every online keystroke you ever made out of their repositories.
No doubt future advances would see bots racing through the historic records compiling full profiles of everything that ever breathed, if they haven't already done so.
I totally support the quest for the NSA to build an unbreakable encryption method that includes a golden key that only they can use as a back door , presumably tied to NSA computers some how so China can't use it etc etc.
Of course, step two is for china and other nations to steal it , and make a very tiny modification as to who exactly is holding that golden key , and who exactly is locked out and can never get in .
Not to mention every large corperation and group in the world doing the same , thus enhancing privacy (specifically , choking off NSA's industrial espionage operations) rather than reducing it.
Imagine a car maker in germany whom no one can hack and find out what next years model looks like , so they make good sales, as opposed to poor sales because some americans got a cheap knock off look a like going before they could finish the real deal.
:)
step two is for china and other nations to steal it
Those other nations don't need to steal it. They will be given it.
If not, they won't use the NSA's backdoored encryption - and so will all the bad guys. For every nation to put effort into getting secure encryption off the Internet, they're all going to want a slice of the pie. So they'll all insist on getting the keys before trying to remove teh encryption they've already got.
So all these nations will have the magic key to decrypt all communications. That's already a disaster - but it doesn't stop there. If every country in the world has several people with access to the key, sooner or later it will leak - it would be very valuable to organised crime, for example. And at the point, the bad guys have the ability to decrypt any communication in the entire world.
Vic.
but we already learned that we are all potential terrorists (at least those of us who don't live in the US). Using encryption will now make you doubly suspicious? I wonder how many terrorists they already caught with their PGP metadata. And whether they ever get any false positives ;).
Or is it just FUD to scare all those real and imagined terrorists?
I seem to recall that this issue with using encryption identifies you as a potential suspect was solved a long time ago.
Is there not a program which conceals the encrypted message within a jpg or other image file?
Imagine every cat image or video on the web being the possible source of a terrorist message.
PGP is so yesterday...
"Is there not a program which conceals the encrypted message within a jpg or other image file?" -- Donchik.
Yes, there are several --- search "Steganography." More to the point, if you conceal it within an original creation of your own (i.e. there's no way to compare the picture to an 'original version' out on the web) you can post it publicly on Facebook, Tumblr or any number of well known places and, providing you have enough friends/watchers then they cannot even see to whom it is addressed.
More to the point, if you conceal it within an original creation of your own (i.e. there's no way to compare the picture to an 'original version' out on the web) you can post it publicly on Facebook, Tumblr or any number of well known places and, providing you have enough friends/watchers then they cannot even see to whom it is addressed.
.. although I would first run a quick "exiftool -all= image.jpg" over it - you never know what IPCT/EXIF data you will otherwise leave behind. Not that you have to worry much: most image sites strip it, usually breaking US copyright law in the process..
Plus what if the server routinely alters uploaded pictures, potentially mangling most stego?
That's why most image sites do it. Sites such as FB would otherwise become a conduit for stego messages by every crook on the planet. The only problem is that they mangle too much - some data is illegal to mess with, and some lawyers are waking up to the rather large financial potential that has (and it could not happen to a nicer set of organisations, so I gave that awakening a leg up when I talked to a group of lawyers a while back :) ).
This article points to the reason that TOR, VPN, PGP and financial transaction mixers should be ubiquitous. That is, businesses, consumers, and enterprise should encrypt and anonymize *any* communication, storage or transaction for which the parties do not require a provable receipt and a public audit trail. Just as with a bedroom discussion, or a drink purchased with cash at the local pub, privacy and anonymity should be enabled by default. There should be no chance of interception—even by forensic investigators—without the consent of at least one party to the original transaction.
I will gladly go head to head with any pundit that feels that privacy technology enables terrorism. Far from it. Treating private communications, storage and transactions as an open book is far more crippling to national interests.
Philip Raymond
CRYPSA, Co-Chair
Cryptocurrency Standards Assocation
"With all due respect, there is no "privacy technology". That is called simply called security."
But the AP (or whatever it's called) can't make a buck off of just plain "security". It has to be wrapped in some special technology sauce that can be patented, or at least controlled.
Correct. Post Snowden, Silicon Valley exploded in an absolute frenzy, scratching off all the old "security" words on products and replacing them with "privacy" so they could continue to sell. What is especially egregious is that it's easy to prove they all knew damn well that they were selling a lie, but hey, that seems nowadays merely in line with the best of US business traditions: keep selling until you're caught.
If you need that data to travel on a public system, the answer is no although you can indeed at least prune some of it. It will always have an origin, which you could possibly cloak, but without a target you'll have to develop a holding location which creates its own problems.
This traceability is going to get a lot worse with IPv6 coming in. At the moment you have still some protection from NAT traversals where one IP address can be one person or a whole ISP, but with IPv6 there is the potential to forego that layer of protection, which could result in every single machine having its own ID. At that point all these data thieves such as Google, Facebook and any intelligence agency won't even have to bother with cookies. Just implement a law that mandates a fixed IP address on each device (which, of course, immediately gets ignored or bypassed by government agencies and criminals) and your privacy is pretty much dead.
With NAT, one IPv4 address nearly always means one property (home or small business). NAT at the ISP level is not widespread and not an obstacle if you are the local intelligence agency. If you've pinned it down to a single house, pinning it down further to a single keyboard isn't worth the effort. (If, on the other hand, you are an advertiser trying *not* to send the inappropriate ads to your customer's children, targetting down to the level of individual logins on a particular machine might be prudent, or even a legal requirement. Cookies still have their place, even with IPv6.)
Now if you'd made the point that some ISPs dynamically re-assign IPv4 addresses to different customers then you might have a point, but even here the "always-on" nature of an ADSL or cable connection means that the addresses remain associated with a single end-point for long periods.
You're basically asking how to mail a letter without an address: barring telepathy, no. SOMEONE has to be able to know where the letter's going, and that alone can be exploited by the plods. About the only way you can avoid this is to go there in person using only private transportation (public will find a way to log you), and even then they may note something by your absence.
RE: "NAT at the ISP level is not widespread and not an obstacle if you are the local intelligence agency."
That's not the case in Asia, where they have billions of people and not enough addresses to go around, thus they were among the first to do carrier-grade NAT. Unless you're saying the plods were one-step ahead and mandated identifiable traces on all computer hardware before they were even sold.
Along the lines of "everyone should encrypt everything", another old component of Operational Security is amount of traffic. Each site within a group should always be sending the same about of traffic to each other site. Random cruft when nothing is happening, then real data if something is going on. But those watching will not see a spike of traffic to realize what triggers when. You should never panic and send of burst of out-of-band / unusual traffic to flag your intentions.
Guess how much bandwidth you have available / choose to buy is based on how much importance you assign to this aspect of your security. It is just one of the onion layers to manage.
If you have X bandwidth, assess your criteria to assign Y% of it to "secured" traffic, then keep that Y% portion filled.
Just using OpenDNS gets around ISP rubbish and stops then seeing what you are doing. Sure they may KNOW you are downloading a film, but one of the family outing, porno, or anything else. Now add on a VPN and go to somewhere like Malaya or India (watch all the football games with a VPN like SaferVPN) and the whole thing becomes a farce. Even Using Skype with a VPN means that when you call from say one skype to another both on a VPN even using skype out the wotsits will have fun finding exactly where you are, Now lete go one further, is there or can there be any monitoring of say Echolink. Use false amateur radio callsigns and get the thing set up and you are person to person with no intermediary. Now using a slang code and back chat then it becomes even harder.
Frankly for every thing that is looked at there are thousands that are not. I do not like or even understand terrorists, however realism has to come into such as monitoring. The ones that make silly slips give a route to others, its not just the encryption. Funny, most of the idiots going to IS have been indoctrinated, that gives a mental loophole in their intelligence. They may not be stupid, but they cannot think for themselves so they open an incompetent hole, or should I say a hole of incompetence.
That's why, if they're REALLY interested in you, they'll spear-fish, drive-by, or use any and all means to pwn you at the endpoint: outside any encryption of obfuscation envelopes (because, at the end, the content MUST be decrypted for you to be able to employ it, seeing as we're not in Ghost in the Shell levels of technology where we keep cryptochips in our bodies as of yet.
We are today asking the court for a warrant to search the GPS history of Hargli bin Tawkin, and others as yet unnamed.
Yes, sir.
Extremists are relying less on the Internet and e-mail to pass plans, schedules and target data to each other. Conspirators now avoid email because post-Snowden, they know we read it; we've lost track of a number of cell's lately simply because they meet personally in places they're unlikely to attract attention. Location metadata from cellphones has already let us connect the dots in several cases,and GPS manufacturer databases will extend our ability to follow to terrorists to their headquarters before they can strike.
In a more physical manner, we are asking the Court to allow coded graphite nanoparticles to be placed in writing instruments, so we can use laser fluorescence to follow people who leave cryptic Post-It notes on public bulletin boards.
Yessir; we'll track them by the lead in their pencils, ha ha.
Thank you, Your Honor.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
