Wednesday, October 16, 2013

New Style Codebreaking

I refrained - barely - from comments on the notorious Snowden case for many months. Unless you were involved in a NASA settlement project on Mars, you will know Edward Snowden by now, the former National Security Agency contractor who blew the whistle, or better, the lid from NSA's Pandora box.

I waited because I believed that the initial headlines would quickly fade away - as they did - and the really interesting bits were still to come in the following months, both directly by the Snowden papers and indirectly through tremors all over the security and intelligence branches.

Although only a fraction has surfaced by now, the available information already proved more than enough to make spectacular headlines that - as also expected - hardly appear in the news, are completely ignored and underestimated, not only by the average user, but even - and this is far worse - by professional organisations and governments.

Intelligence historian Matthew Aid just published an enlightening article on NSA's New Code Breakers (alternative read via Fortuna's Corner), detailing how NSA shifted in the past decade its focus from codebreaking to non-cryptanalytic techniques, as there are, black bag operations (surreptitious entry, theft...), hacking and - this a nice euphemism - Tailored Access Operations (sophisticated spyware).

In other words: why decrypt it when you can steal it before it is encrypted. Now, the problem isn't NSA's capability to intercept and cryptanalyse your communications. After all, this is (or at least was) their primary task. The problem is that they now, on a massive scale, steal your data from on-line services or by breaking into your computer. They call it data mining, but it's actually data theft, and NSA is not to blame for that.

Several years ago, I wrote about how insecure computers are, the flawed security of public key cryptography (used all over the world for virtually everything), the current so-called state-of-the-art crypto algorithms and why it is useless to run crypto or anti-virus software on personal computers to protect your privacy. The security guru's (the experts after all) surely disagreed... until now.

Of course, anyone with only a bit of knowledge about security knows (but not all admit) that there's no such thing as a secure computer or privacy on the Internet. I always tried to convince people that secure communications meant putting your personal computer aside and use alternative "old school" methods.

These include personal conversation, dedicated off-line crypto devices or even return to one-time pad encryption, the unbreakable system (yes also unbreakable for NSA) which was - for good reasons - very popular until the 1980's for military and government communications. Solid and secure communications, even unbreakable, isn't new. It was already available half a century ago.

Crypto developers don't like to hear this, but the truth is that secure communications is pretty easy. Crypto security is not a complex mathematical problem but a technical-logistical problem. If you can get enough key material to the correspondents, you can provide perfect security. Today, mass key distribution and truly unbreakable encryption are perfectly possible with current hardware technology, albeit not when running it on the junk computers they sell today. However, it's also perfectly possible to develop secure computers for the commercial market.

Of course, it would present an enormous challenge to switch from the current insecure systems to solid encryption technology. But who's to blame for that? This would also require a new architecture for computers, focused on performance and watertight security, not focused on all kinds of legalised commercially driven back-doors to sell slash fed you with updates, spam and addware.

Computers don't install malicious software by themselves. They do exactly what you tell them to do, and they never do what they are not programmed for. It's that simple. Computer security is easy to accomplish, both in hardware and software, without compromising performance or comfort, if you're willing to.

The problems with our computers already started in the 1980s, with the rapidly expanding computer business. The cryptologists had to devise new solutions to cope with the exponentially expanding communications and the related key distribution However, that's exactly where it went wrong. Badly wrong.

Instead of focusing on how to solve secure key distribution for highly secure crypto algorithms, they choose the path of developing easy-to-use and so-called unbreakable public key cryptography: use traditional (yes, insecure) crypto algorithms to encrypt data, under control of a shared key of limited size. Instead of large keys and secury encryption they choose small keys and mathematical (at least in theory) secure encryption. They chose lazy over hard.

It's obvious that practical is quite different from secure. Recent events and the collapse of digital privacy and security - because that's exactly what happens now - proves the cryptologists approach to be a fatal mistake. I don't hear them boast about their crypto security now, nor do I see them provide solutions to today's eavesdropping catastrophe. Because they can't. And they know it.

The computer companies and their software developers are also to blame for the incompetence of the cryptologists, and some are even accomplices to the current privacy collapse. They decided to build in all kinds of processes, running behind our backs, to automatically install software, change system files and send information about your system and your data. And all this at the request of virtually anyone. Of course, some of these processes are useful to improve performance and compatibility. But the computer should only run trusted useful software, and yes, it's perfectly possible to tell the computer to do only that.

However, most open-the-backdoor processes are developed for nothing more than purely commercial proposes (yes, also those updates for so-called compatibility) or even developed by intelligence agencies that take a walk with your privacy. Even more worrying, some well known companies are kind enough to provide assistance to those agencies who believe privacy is the right to pry. Oh well, isn't privacy a conjugation of piracy? I don't hear them boast about their anti-virus and firewalls now, nor do I see them provide solutions to today's eavesdropping catastrophe. Because they don't want to. And they don't care.

I also wrote, years ago, about the consequences of these wide open gates: crypto and security software developers have absolutely no clue, I say again, no clue whatsoever, of all unidentified spyware, add-ons,  plug-ins and - as we recently discovered - government made "tailored access operations" hardware and software that is running on your computer. Consequently, security vendors are constantly one step behind, thus promising what they cannot deliver. They tell you that you need them. Indeed, their software is so bad that your computer constantly crashes or leaks like a sieve, if you don't constantly plug it... with their other software, of course.

Can you imagine buying a car that requires a daily check by the constructor to solve ever returning security issues? Hopefully not the breaks today? Dooh! You'd sue them! We all know what the problem is. Commercial profit. Forget all their excuses, they are unwilling to provide a solid and secure product. Is there another word for it than money driven arrogance towards the customer? By now it should be clear that they really screwed you, in your wallet and in your privacy. Does it sound harsh? It should.

Note that there are many excellent security experts who deserve our respect, but give me one good computer security slash crypto expert (the problem solving kind of expert, not problem exploiting expert). They now roll themselves in poor excuses ranging from "it's a complex problem" over "the algorithm is fine but the platform bad" to "the current threats are illegal practises", but that's exactly what they are supposed to protect us from.

Computer security and privacy are currently non-existent, and this also count - even more - for tablets and smart phones. It's about time that everyone starts realising that we completely depend on those machines for all our communications and that politicians, who - I am told - represent us, start to act and make laws that protect us. Until then (and "then" won't be the near future) you should think about what you type on your keyboard. In plain English: nothing you type or store digitally is safe from being read, exploited and misused by others. Get it? Just ask, from all people, that poor former CIA chief, general Petraeus. The Russian clearly got the point.

Do not misunderstand. I'm not against legally authorised surveillance (only on the bad guys), nor do I oppose to intelligence agencies and their work. However, some agencies and companies forget that privacy is a basic human right and all to easily use the pretext of fight against crime and terror as an excuse to snoop on you and me. Make sure to read Matthew Aid's piece on NSA's capabilities. Frode Weierud presented an excellent view on the PRISM and OCEO data mining programs, another dubious NSA surveillance trick. The Guardian has an excellent interactive page with discussions on NSA and privacy (scroll down their page to watch all interviews). More on NSa's collection programs and crypto backdoors in Bruce Schneier's November Crypto-Gram issue and his post on metadata. More detailed information on NSA's capabilities and operations at Electrospaces.

Update: with new information continuously surfacing and being confirmed, it seems that the U.S. war on terror backfires and NSA will get blamed for that. More allies are questioning the unrestricted dragnet collection of data on their country, its government agencies and citizens, and do not accept the excuse of war on terror.

While NSA can still claim to respect all U.S. laws and denies eavesdropping on its own citizens, their allies, especially those in Europe with a tradition of strict laws on privacy, are turning against the no-rules collection of intelligence. By now, this also affects the carefully build relations between the U.S. and its allies. Has NSA shot itself in the cyber foot? Even the U.S. public concern grows on both their own privacy and the effects of the international turmoil on their country.

It is not because the technology allows to collect information on a massive scale that you should actually do this, or that it is smart to do so. When even U.S. congressional oversight has no clear picture of NSA's operations, then how can, for instance, Europe be sure that the same technology is not used for industrial or corporate espionage, or to obtain foreknowledge on economic negotiations? Nothing new there. Technology equals power and history has shown, and will continue to show, that power corrupts. The intelligence archives are full of such examples.

However, if their allies (just as U.S. citizens by the way) have no idea of what information was collected and whether it was misued or not, then there is a crisis of confidence between partners. Answers like "we cannot discuss sensitive issues", "we assure you we do nothing wrong" or "we confirm nor deny" are hardly conducive to restore trust. Eavesdropping on friendly heads of states has nothing to do with war against terror, it's blunt offensive espionage. In the end, such a policy can have more adverse than beneficial political and economical effects to the U.S. (and the terrorists will be glad to hear that).

Intelligence collection on both friend and foe isn't new, but the technology has changed enormously since ECHELON, the first worldwide SIGINT collection network. Is the wide scale data mining proportional to the goal? Doesn't damaging international relations and redefining basic rights on privacy gets pretty close to admitting that the terrorists won? Of course, it's not up to NSA to justify anything, they only execute what they are told to do (if otherwise, there's a serious problem). Only the politicians are accountable.

Is the Foreign Intelligence Surveillance Act (FISA) in need of an update that includes rules on intelligence gathering abroad? In any case, given the possible impact on international relations, no intelligence agency should independently determine the means and rules to achieve the goals that were set by the politicians, because inappropriate or disproportional means will eventually do more harm than good. Since NSA and U.S. laws (and for that matter also GHCQ, GCSB, ADSD, DGSE, BSI and many others) perceive privacy and secrecy differently than the friends they snoop on, there might be a need for a different (not necessarily more) oversight, with new rules that addresses the distrust and concerns about privacy. Case far from closed.

Despite all the sorrow, a bit of cheerfulness (well, sort of): the story of the humorous logo that is not to be confused with the NSA logo!

46 comments:

Ubaldo said...

Excellent article. Congratulations. I really like your site and your blog.
Access the site practically every day for research and entertainment.
Again congratulations for the initiative to warn us about the false security in communications via computers and the internet.

Anonymous said...

Als airgap goed genoeg is voor de Snowden journalisten zal het wel voldoende zijn voor ons denk ik.

Het probleem is dat niet iedereen het geld heeft om 2 computers te kopen, 1 computer voor het (de)coderen, en 1 computer voor "internet".

Een veelbelovende oplossing is het gebruik van een goedkope (wegwerp) computer, bijvoorbeeld een Raspberry PI. http://www.raspberrypi.org/

Dit computertje loopt op een batterij, je sluit het aan op een pc toetsenbord en een (pc) monitor. De Raspberry PI is ongeveer zo groot als 2 pakjes sigaretten.

Het besturingssysteem draait op een SD geheugenkaartje dat je altijd veilig kan bewaren.

Je zorgt ervoor dat je Raspberry PI nooit aan internet gekoppeld wordt.

Na het opstarten van je linux, https://arkos.io/, gebruik je je favoriete codeer programma voor het coderen / decoderen van je tekst.

De gecodeerde tekst zet je via een usb stick, QR code, of via geluidskabels en het minimodem programma, over naar de "internet computer".

Christos T. said...

Nice piece Dirk. Unfortunately I don’t think anything will change.

YO9GJX said...

Dirk Good point, but I think Christos T. is right. Nothing is going to change, there is no interest especially because it's about money and control.

Dirk Rijmenants said...

Hi Christos and YO9GJX,

I know that changing the system isn't easy, and that any change is undesired by those who make the most profit. However, people should realize that they should never store or send private things on a computer or the Internet. That’s one thing to start with. If you don't have privacy on the Internet you can do two things: a) don't use it for private things or b) use it and accept the consequences.

The problem is that most (ignorant) people go for option b, because they don't care. By doing so, they throw away one of their most important basic rights, the right to confidentially and to freely exchange their opinion and personal information to whom they choose to.

It's actually funny. Today's generation is cocooning themselves into little private worlds, completely shut off from other people, social interaction and yes, often from reality. They have 12000 "friends" and "chat" with everyone, even complete strangers, but they don't really talk anymore. It's a contradiction. Either you cocoon, and are keen on your privacy, or you don't cocoon and have a real life. What they are doing now is creating, by themselves, a big brother world. Bureaucracy has already over-regulated our lives, and now they even accept that their opinions and conversations become regulated (that's what surveillance is).

Those who do appreciate privacy (even if you use only 1% of your brain, you do) should avoid using insecure systems for private things, and should also makes sure that what the idiots find okay, doesn't become law, because that's what is happening right now. An example:

In my (democratic) country Belgium, they are currently making laws to oblige telecom operators to store all information of your communications: who calls to whom and the conversation (speech), but also all internet traffic, e-mails, and websites we visit. Just add locating by gps, cell and smart phones too. Big brother 2.0! For legally authorized use only? Yeah sure! This is surveillance without a court order. They make illegal practices into law. Meanwhile, if you put video footage from a burglar on the Internet, you violate that criminal’s rights and privacy. It is illegal to do so (not joking here, actually the case in our nice country). And it gets even better...

Many months ago the Belgian telecom boys discovered, not for the first time, malicious sophisticated spyware on their computer systems that allows intercepting and retrieving calls, and they still cannot get rid of it! Too sophisticated! This is no hackers stuff, but state-of-the-art "tailored" software from foreign intelligence agencies (U.S., Russia, China... pick one). This WILL have devastating consequences, both for you private and for your country's economy and security (scientific, economical and industrial theft). Conclusion: our governments make laws that destroy our privacy. Any idea what this leads to? I do!

Does privacy matters? Yes! Do we have to throw away privacy because many ignorant idiots, politicians and commercial firms don't care about it? The last answer we should give is "nothing will change". We can start doing things, even at our level, to secure our privacy. But more importantly, we should pressure our politicians, who are mostly lawyers, the most ignorant and backward people when it comes to technology (our so-called secure governments and minister's communications have been breached several times in the recent years).

I don't support people who scatter national secrets, but the Snowdon case is an eye opener and if things go on like they do now, things will get far worse than 1984's big brother (in fact, technically, reality already exceeds Orwell's predictions).

Do you want to become completely controlled, or do you want to keep some privacy? Nothing will change, you say? You can be sure…

Things WILL change, for the worse…

Dirk Rijmenants said...

Let's give a small example of how important privacy is. And it doesn't even require real surveillance techniques:

An employer checks out your facebook page and discovers you are member of a leftist or rightist association, or he finds out you're married to a black man or woman, or Jewish, or gay, whatever. He decides not to hire you, or even fire you. This happens more than you think. Today, they use the Internet to check your background. The information that you intended to be only for your friends makes you a victim of prejudice and racism. Nice price to pay for giving up your privacy, isn't it?

Another example: your employer has access to your medical files. Not possible? Easier than you might think. Today, all government databases are interconnected and tens of thousands civil servants can access your files. Now, your employer sees you've had cancer, a sexually transmittable diseases, or a depression, say, five years ago. He decides not to hire you. Plain discrimination, based on unlawful breach of your privacy.

Third example: can you tell me the difference between someone reading your e-mail or someone opening an envelope containing your hand-written letter? Of course, there's no difference, as both are grave violations of your privacy. However, for the law, there's quite a difference, because your e-mail is by far not as well protected as your letter. Can you explain this? I can't!

The above listed examples aren’t merely everyday details that we should accept. In the Third Reich, people were registered on Dehomag’s punched IBM cards. We all know where that has lead to. Today, people are executed, just because they visited a website that their country doesn’t like. Bloggers were already molested and some even ended up dead. Go tell them that privacy isn’t really that important. And if you got balls, try to tell it in their own country.

Privacy matters and the issues we have with it will only grow larger in importance and numbers, proportional to the surveillance technology and the lack of legal oversight.

Anonymous said...

The privacy and safety discussion is nothing new in my opinion.

The first priority of most people is to get a task done, before it is done "safely".

The first steam trains were unsafe. Poor brakes and they tend to explode or crash. The need to transport goods cheap and efficient made people take the risk. Only after the problem of train transport was solved, people invested in safe steamtrains.

The same with cars. The first cars were very unsafe, they did not have wipers or seat belts. But, people used them anyways. Only much later cars became safer.

Or take postal mail for example. The main goal is to get a message from A to B. First on a folded sheet of paper with a ribbon or wax seal, later we use envelopes.

My first priority with email, phone or the internet is to get a job done. It's great to call I am late for dinner. It's fantastic to email cheap with someone on the other side of the world. I feel confident someone will make a better internet, email or phone in the future. Just like I travel in a safer train, safer car or use safer postal mail.

For now, most "safety" systems for computers and phones are too cumbersome. I don't want to wait minutes longer before Windows start on a fully encrypted Trucrypt hard disk. I could use Bitlocker, but I see Microsoft is happy sharing info with LEO. I find it cumbersome to exchange One Time Pads because it's the only safe system. SSL formats seems compromised so GPG seems less secure. That is, if I can convince someone to use GPG. I use Viber to cheaply call and text friends in other countries. Viber gets the job done. It seems less insecure than - say Skype or Whatsapp. Everyone seems to use Whatsapp - sigh. Seeing the recent discussions about Tor, well, I stick with my ISP for now.

So, I wait for a better internet. It will come.

Christos T. said...

‘things will get far worse than 1984's big brother (in fact, technically, reality already exceeds Orwell's predictions).’


I think we got there several years ago. With computers and the internet you can check what someone is doing online but many people do not use computers and/or the internet.

However everyone uses mobile phones and it’s easy to monitor these. So I can track your movements and your social circle with your mobile phone. Add tax records from the government server and banking records from your local bank and I know 99% about you. In that sense all the brouhaha about NSA/GCHQ internet surveillance is closer to a disinformation campaign.

Dirk Rijmenants said...

Dear Anonymous,

I believe your examples with trains and cars are a bit misleading. The problem with today's communications security is not that it will get safe, given some time. The security/privacy could have been safe already many years ago. The technical means are present and there's absolutely no excuse whatsoever for not providing secure services.

I absolutely disagree that security is cumbersome and takes too much time. Easy to use software, completely by default (you don't even know it's running) integrated in all your e-mail,data saving software and storage hardware is already available but it's distribution is all but encouraged, nor is it integrated by default.

In the contrary, the leading computer firms have no intention whatsoever to do so, because they cooperate in the commercial and surveillance scam, because they profit from insecure computers. Moreover, they design their platforms is such ways (flooded with backdoors and deliberate security issues) that it is impossible to properly secure them.

Deliberately providing insecure systems is a whole other problem than a progressive evolution to a better product. With computers, we see an evolution to a worse product, and this evolution is fueled by commercial profit and surveillance.

Indeed, the privacy and security discussion is not new. However, another discussion is the question why, after so many years, the leading companies still refuse to provide secure systems, although it is technically and practically already possible since decades.

What's new now, is that we receive more and more confirmation that it is purely a question of bad willor, better called, malicious criminal practices.

You're hoping for a better Internet? If it's up to those who control it currently, you can forget it. Keep on dreaming, they want to make it even worse.

PS; it should by now be clear that no single software, Whatsapp, TOR, PGP, Silent Circle or whatever is save. There's a distinct difference between the traditional interception between two correspondents and the current user-end retrieving of data/speach before any encryption, rerouting or any other protection.

Anonymous said...

Dear Dirk.

I am hopeful because the leaders of the pack now realize they are just as vulnerable as the average joe. They can't hide in their castle with moat anymore. A certain German Chancellor suddenly realizes all her secrets lies on the street too, just like ours.

Creating secret backdoors in consumer products has one flaw. Security by obscurity goes poof when exposed. It could very well be that a skilled expert uses the technology against those which are monitoring us. The same backdoor equipment is used by close friends of leaders, and they are vulnerable. The leaders will have few fiends if the friends must live under strict security policy. Not many friends want to swap their iPhone for those government issued brickphones which claimed to be ubersafe. Who wants to ditch their iPad for a North Korean style tablet?

I am hopeful because I see clever people with potential ideas and concepts. http://freifunk.net/ for example, a private network free of commercial providers. You might visit http://prism-break.org/ for example. Take McAfee, who is creating dCentral.

Fred said...

Your reference to Fortuna's Corner is very interesting so thanks for that.

But your fears about the risks to my PC seem to me both paranoid and totally unrealistic.

There must be at least 250 million PCs/handheld devices in the Western world and probably as many again in companies and other organisations. If I am just John Doe (as I am) why should anyone pick out my humble PC to hack into from the half billion or so that exist? There is more chance of me being knocked down by a truck than having my computer attacked.

And even in that very rare case that I am attacked, what is the hacker going to find? Encrypted passwords and encrypted private information that he/she hasn't a hope in hell of decrypting. As an example, if you were such a hacker, what would you make of the cipher text below? My guess is you would take one look and then go and seek something more easy.

0b 7a 48 6e 3e 64 6c 58 53 26 5a 3a 07 20 0d 60 2b 6f 60 05 5c 64 77 35 2d 57 66 40 34 2c 5e 0b 40 58 3a 73 16 25 01 40 13 56 18 6c 08 04 24 1b 2b 4d 09 10 17 27 37 68 1e 5f 05 0a 44 67 0e 4e 30 06 5e 47 42 47 46 65 6e 0e 32 2a 18 55 0d 48 24 1e 21 4c 38 1e 2f 75 4e 07 3b 34 64 57 74 74 04 43 51 41 3d 5a 64 04 75 33 4e 00 2d 27 39 42 7e 49 57 50 1b 4f 58 52 73 6e 43 11 33 40 03 20 0d 3c 03

Dirk Rijmenants said...

Hi Fred,

I believe you're missing the point of data mining. The biggest challenge for intelligence agencies is currently the sheer volume of data they have to cope with. Even NSA's data center in Utah chokes regularly. They won't bother trying to find those few passwords on your PC, nor will they waste time trying to decipher some simple or high grade encryption on your computer. There's a big misunderstanding about meta data collection. Of course, they are not interested in that individual email from you, they don't care about your affair, nor do they want to know what spicy websites you visit. If you believe that, you're definitely paranoia.

Meta data is a large scale an automated breach of privacy. I believe you are not quite aware of all the information they can extract from meta data. The scope, sophistication and speed of the statistical analysis, performed on such meta data is truly frightening and I'm not talking about your girl friends name or some address.

On an automated and massive scale, people are categorized into certain behavioral groups, race, religion, income, political and sexual orientation, their social links to others, and many other categories. You're in the wrong category? Still, nothing to worry, as you're one of millions. However, given certain (maybe politically or legally incorrect) parameters, they apply filters on the meta data and start flagging people. Now things are getting personal. If you end up with the wrong little flag, you have a serious problem, sooner or later (that’s what I referred to in the above comment of categorizing people in WW2).

The main problem with meta data is that it is not volatile. It is ready to be used, now and in the future, re-categorized and re-filtered under control of changing parameters. The most naïve thing to do is to say “well, I’m not doing anything wrong”. Is that so? Maybe today, under the current laws and government. But laws, opinions and governments can change, and so do those flags. How would you, Fred, feel when your name was flagged in North Korea (and the many other – large - countries I don’t name, but you and I know). I’m sure they have other opinions than you on what’s right or what is wrong, and use other parameters to flag you. At that moment, meta data isn’t funny or paranoia anymore to you as an individual. It becomes life threatening.

And here we come to your opinion that picking out John Doe’s individual computer is ridiculous. If you have earned your little red flag at the wrong agency, it suddenly isn’t that ridiculous any more. Can’t or won’t happen? It is already done on a massive scale and many flags have already been set wrong too, even by democratic countries.

Fred, if you know your history, you will know that there are far too many examples of people being categorized on a massive scale and what that lead to. Croat, Serbs, Muslim, Jews, Catholics, Christians, Palestinians, Atheists, leftists, rightists, Communists, militant, peaceful, rich, poor, intelligent or not, political ideas… you name it. I have personally witnessed in the field some of the ethnic and ideological cleansing myself. Fred, you don’t want to get caught up in those things!

I see you think “not in my country”. Is that so? Take the U.S., a pretty democratic country. They have put more than 110,000 American citizens of Japanese origin in camps. Most of them innocent people. How about Mccarthyism? Oh sure, I’m against communism too, but also against a red which-hunt on innocent people. Now that was a good example of the wrong red flag. How about all files on the black Americans that surface now at the National Archive, secretly – and individually – under surveillance. Now, I’m not against the U.S. but only want to give an example.

Things can change, and do change. Ideologies and governments change. People change. Still not worried about some little wrong flag behind your name? Sure, not at this moment. But things can change.

Dirk Rijmenants said...

Fred, before you start asking if I was involved in ethnic cleansing, a little explanation by example. Former Yugoslavia and Bosnia are no more than 1500 Km away from “civilized” Belgium, in the heart of Europe. I was there as part of an effort to (already far too late) keep them apart and avoid even more damage. Ever worked in or saw destroyed cities or mass graves, or talked to torn families that have parents or siblings, “categorized” in rival camps? Can you imagine the consequences of a tool like meta data, being socially accepted, in the hands of one ethnic/ideological group to monitor or control another. This isn’t some sci-fi big brother story but a future reality you don’t want to live in.

Fred said...

I know all about data mining and I also know that it is of the greatest use to the NSA. My view is that if you are innocent you have nothing to fear. If you are a criminal, terrorist, money launderer … you had everything g to fear -- and quite rightly so -- before Snowden opened his big mouth. Please don't tell me about the people who have been wrongly picked up as a result. All systems have errors. You are more likely to be arrested for a crime of which you are innocent than to be picked on as a result of there NSA'a data mining.

Your paranoia just does not stack up with the facts. John Doe carries on living his/her life quite happily despite your scaremongering. Enthusiastic amateurs with limited horizons who put their noses into things they don't know about come to the wrong conclusions.

Swapping horror stories is another useless occupation. What happened in Bosnia has no relevance (in the sense of being remotely likely to happen) in the democratic West. Go back to your IT and leave alone things you don't know about or understand.

Cheers!






Dirk Rijmenants said...

My toes curl when people defend a, or probably their, government, in practices of unlawful surveillance, as if only they have the just right to invade one's privacy. What are you trying to tell me? That I, as a law abiding citizen, don’t have a right to privacy?

I do know what I'm talking about (and I’m not IT) and yes, you need to catch the bad guys, but don't come up with the worn out terrorist excuse. If you have done nothing wrong, they may invade your privacy? A bit silly, isn’t it? If you have done nothing wrong, you are entitled to your privacy. Period. If not, they have to come up with a legal warrant before collecting data on you. And yes, even in the U.S. there are laws that forbid collection of personal data without a legal warrant. And for good reasons. We don’t live in the Far West, do we?

From your answer I see you have a very strong personal opinion on this. I hope you can enjoy this right for many more years. As for the relevance of Bosnia and such. May I point out that these countries all had a democratic elected government, just like yours, and also citizens with an outspoken opinion, only with other results. If you find your democracy superior than those, or mine, there might be a problem.

Please don’t talk about John Doe, paranoia and the uselessness of those examples. Many people suffer in “democratic” countries, despite never doing anything wrong. Putting people into such boxes tells more about people with a paranoid need to snoop on others. Demanding your right for privacy, or collecting data on a whole community to find that few terrorist? What’s more paranoid?

The moment you start collecting data on your own citizens and your neighbors, out of fear for terrorist, those terrorist have reached their goal. You do understand it is not even “remotely likely” that your country will be invaded by terrorist, and that terror is their principal goal? That you already lost the war on terror if your democratic institutions turn to Stasi practices.

The moment we have the arrogance to believe we are smarter, better and are more righteous than our ancestors, or our neighbors, and don’t accept other views on our so-called supremacy, without questioning ourselves, we will make the same mistakes as they did. Since all that is not even remotely likely to happen in your country, I assume you live in paradise. Congratulations! Where do you live? I'll move over there right away...

Dirk Rijmenants said...

Dear Fred,

Let’s get some facts and figures straight on threat analysis and the excuses to catch terrorists and criminals. The U.S. has over 300,000,000 inhabitants. The chance of being a victim of terrorist crime is far less that being gunned down on the streets. The odds of getting killed on the road is by far exceeding that of getting shot or blown up by terrorists. Even the most dark page in recent history, the 9/11 atrocities with 3,000 victims, how horrible it is, was no were near the figures of people dying every single years from drug abuse or domestic violence. That is the grim reality. Please have the courage to examine the disturbing figures on violence from Americans against Americans, or traffic deaths each year. Where’s NSA in that picture?

The chance of you, Fred, being the victim of a terrorist attack is statistically near nill. That is the hard reality of average John Doe, not your reality. Statistically, the threat level does not justify the unlawful means that are currently applied on the war on terror. If a government uses the excuses of fight against terrorism to bypass constitutional rights, then they are either paranoia or, more likely, deliberately tell lies to their citizens. If you make millions of people living their lives in fear for a handful of terrorists, then the terrorist win, and easy victory. You can also prove that by statistics.

Maybe it is more convenient to scare people than to focus them on the real problems that face their own country? Maybe they don’t want to hear the truth (that would worry me). What about the statistical but inconvenient truth about tens of thousands veterans that return from the real war on terror, left without hardly any support in our (both your and my) democratic countries?

I know the benefits of indistriminant data collection. It’s easier to eavesdrop on everyone and filter out what you need, than to search for and focus on the criminals. But safeguarding constitutional rights is what distinguishes a real democracy with respect for its laws from so-called democracy.

Don’t misunderstand. Every victim of terrorism is one too many. I was deployed the very day of 9/11, and we should pay respect to those who fight against the real terrorism. And I’m the first to admire the excellent professional skills and usefulness of NSA. They are vital to their nation’s security. The problem is not NSA or its personnel, but those who ask/permit NSA to go beyond the legal boundaries. Being civilized countries, we should not mount a no-rules fight, regardless of any domestic and international democratic rules. However, if I well understood your comments, all these arguments are the least of your worries.

Let’s be serious. The statistical odds that NSA, by collecting data on American citizens, would foil a terrorist plot where you are killed, is far far far less than you getting eaten by your computer mouse. Not only statistics prove that point. Even, from all people, our dear friend, NSA’s boss Keith Alexander, recently admitted in the Senate Judiciary Committee that he lied about the number of terrorist plots and the importance/lack of proof on how many were foiled by (illegal) data collection. Now that really worries me.

By the way, if you also have some knowledge on intelligence collection, you should know that NSA has no license to spy on American citizens and thus cannot, and is not allowed to fight against the many different crimes, occurring in the U.S. Or is any constitution also the least of your worries? If so, I’m afraid we will never settle our disagreements.

Fred said...

Well I see that you have followed my lead and are now talking in statistical terms. Pity that you are off on another trip and your statistics are a load of bull. You can't possibly know how many terrorist attacks have been foiled, nor the devastation that successful attacks could have wrought.

And you just don't get what I have been saying to you. So I will spell it out for you one more time.

YOU AND ANY OTHER INNOCENT PERSON HAS AS MUCH CHANCE OF BEING COMPROMISED BY THE NSA AS YOU HAVE OF FLYING TO MARS.

Got it now?

All the rest of it -- Bosnia, turning out for 9/11, paranoia about your liberty, prescriptions about democracy -- is pure film-flam (quatsch).

Dirk Rijmenants said...

Dear Fred,

thanks for your enlightening last post. Unfortunately, it seems that you really didn't catch what the discussion is about: privacy

If you believe that it is up to you, or NSA, to decide wat privacy is, and how others should treat it, then there's really no sense in continuing this discussion with you.

Nevertheless, Best regards and have a nice sunday.

Christos T. said...

Fred, you said:

‘YOU AND ANY OTHER INNOCENT PERSON HAS AS MUCH CHANCE OF BEING COMPROMISED BY THE NSA AS YOU HAVE OF FLYING TO MARS. ‘

The data collected by the NSA have no expiration date. Let’s say that today you’re a nobody. If in the future you manage to gain fame, power, money etc and for some reason you are deemed to be a danger to the national interests of the USA everything they have on you will be used against you.

Innocent means jackshit in this world. If the government is ruled by leftist ideologues what do you think will happen to you if you visit and support financially right wing political movements?

This already happened in the US when the IRS targeted the so called tea party.

Let’s reverse the situation. Right wing government and you are a lefty, you go on tv and defend Castro, Stalin and all those humanitarians. What’s stopping them from using all your communications from decades ago against you?

It’s that simple mate.

Dirk Rijmenants said...

Hi Christos,

I wonder. If Angela Merkel has nothing to fear, why on earth do our friends eavesdrop on her? Just to have some souvenirs? Or maybe, she's not that innocent, but a plain criminal and money launderer. No wait, I'm sure she's a covert terrorist with ties to Al Qaeda, or Neo Nazi, auch, a former East German, so probably communist. Aaaah, that make sense! I'm sure we can justify all this.

Shall we weep or laugh?

Fred said...

Good morning Christos!

I still maintain that if you have not offended against the laws of your country you have nothing to fear from the Intelligence community.

Of course if your country is governed by some extremist group -- right, left or centre -- that you have spoken out against in the past then you might have problems because of it. And remember it's not just the spooks who are watching you. There's also the Special Branch, the anti-terror squad, the tax agency… But if an extremist government takes power in your country you will have problems in any case. If, for example, you are an outspoken Marxist revolutionary in Greece you may well be in trouble if the neo-Nazis get into power, without any action at all by the NSA or CIA.

But if you go through life worrying about all the nasty things that could happen to you, then you would never get out of bed in the morning! To me it's as foolish to think that you can stop the Intelligence community doing their thing as it is to stop the traffic in case you get run over crossing the street.

Countries have always spied on each other, friend or enemy, if only because today's friend may be tomorrow's enemy. The fuss being made in some quarters about this strikes me as naive.

Fred said...

Dirk,

Angela Merkel is hardly an ordinary citizen. Your speculations are comic but rather silly don't you think?
It is pretty clear why countries spy on their neighbours and it would be naive to think that it hasn't been happening.

Let the big boys sort things out between themselves without, we hope, coming to blows. And the little boys like you and me can just get on with our lives as normal.

Dirk Rijmenants said...

From the "comical" New York Times:

German Cancellor Ms Merkel:

"The alarm of Americans — and, indeed, their allies — after the attacks of Sept. 11, 2001, was understandable, Ms. Merkel said then, but “the aim does not justify the means. Not everything which is technically doable should be done. The question of relative means must always be answered: What relation is there between the danger and the means we choose, also and especially with regard to preserving the basic rights contained in our Basic Law?”

If we take the hard statistical threat/risk figures, given that the U.S. already lost the war on terror because (terrorists have halready got their goal of fear), add NSA's Gen Alexander's statement that he lied about the number of threats and foiled threats, we can easily conclude that Ms Merkel's statement is the only correct one: the war on terror give no one the right to determine by themselves to acces your private information and to determine what they do with it. Period.

P/K said...

Very interesting article and comments! In the past it was rather clear: intelligence agencies were only interested in political, diplomatic and military issues and those targets were also quite capable to secure their communications in hte right way.

Nowadays that's different, not because intelligence agencies are spying on every ordinary citizen (they still have the more or less classic national security/interest targets), but because everyone is now producing so much data - data that are stored, because we probably don't communicate more than in the past, but our (digital) communications are now stored, almost always beyond our control. That provides new risks which weren't there in the past.

Fred said...

I thought this article made a good summary of the collection and usefulness of metadata:

http://www.theguardian.com/world/2013/sep/30/nsa-americans-metadata-year-documents

A lot of things are true in theory but don't work out in practice. When I worked in France I used to joke to my polytechnicien colleagues: "You French always ask 'will it work in theory?' but we British prefer the question 'does it work in practice?'"

So at the moment many people are worried about the theoretical threat to them of the US and others collecting data from the Internet. But where's the practical evidence that harm is being done? The papers are not reporting it, the Law reports don't mention it, there's nobody offering themselves as an example of being harmed. There's a lot of speculation but zero evidence. Sounds like another of those theories that don't hold in practice, nicht war?

Anonymous said...

@fred.

A friend of me wanted to buy a gun. He was rejected. After much confusion and many inquiries he found out he was on a "list". Much more later it became clear he was on "a list" because he wrote a bombing manual. For a space shooter game. This data has "somehow" be picked up by "something".

This secret collecting of data has far more implications than most people realize. What if you can't get a gov't or banking job, get rejected over and over again? So you end up flipping burgers? Because some agency has put you on a confidential list which you are not allowed to see? A list you did not know exists? Now YOU can do all the hard work finding out who put you on that list.

Fred said...

Hello anonymous,

Well all I can say is that if you do a darn fool thing like publishing a manual on bomb making in the present environment then you can expect to be put on a list. What did he want the gun for anyway? No sympathy for that I'm afraid. We live in a free world, but that freedom should be used sensibly.

Fred said...

I would like to comment on this statement:
” how can Europe be sure that the same technology is not used for industrial or corporate espionage..”
Here we see “Europe” picked out as a political entity, which it firmly is not. Europe is a collection of Nation States, each of which has its own policies and its own reaction to the Snowden affair.
This wrong idea of Europe as a political entity is the goal of weak countries, especially France and Belgium. France has been trying for 50 years to create a political Union in Europe in which France plays the dominant role as leader and rival to the USA. Belgium, a tiny country twice attacked and occupied in the past 100 years, has been the lapdog of France and has benefitted by hosting the European bureaucratic HQ and parliament.
The present European Community is a colossal waste of money. The valuable part is the free market with no tariff barriers to its 27 members. This is a British and German idea, based on earlier policies in both countries, which is practical in its objectives and valuable to all members. The rest is a bureaucracy that interferes in business (example: all toilet flushes in Europe must use the same volume of water), in Human Rights law (example: convicted illegal immigrants cannot be deported), in Agriculture (example: paying Farmers for doing nothing) and in any triviality that the bureaucracy may wish to waste its time on. As France pushes for closer Union, the citizens of many countries are pushing in the reverse direction. At the forefront is Britain that is demanding curtailment and return of powers. In France there is a backlash and the leading political party (Front National) now wishes to withdraw completely from the EC. In Germany there are rumblings in a minority party for the first time and tentative support from Merkel for Britain’s policy. In Sweden there is also support.
In the sphere of Intelligence there is cooperation between some of the countries but no organized common effort. There is no Europe Intelligence Agency. The reported anger of politicians in France and Germany at the Snowden revelations is ironic. Both countries have themselves been actively collecting private information about their own citizens!
Now let me comment on this: “However, if their allies have no idea of what information was collected and whether it was (sic) misued or not, then there is a crisis of confidence between partners.”
This implies that allies should tell each other about their Intelligence programs, which is absurd. There is no way that the US is going to treat, for example, Belgium as an equal in this respect – let alone France, many of whose policies are anti-US. Besides, one of the key aspects about Intelligence is secrecy, even within the organization in a single country. The thought that all the activities of an Intelligence agency should be made public is patently unrealistic and is not going to be done.
The complaint about Intelligence gathering that seems to be common in a number of countries is the fear of the individual that some innocent aspect of their past behaviour will be held against them. I suppose this fear is based on the terrible things that happened in the Nazi and Communist periods, and in fiction in such novels as ‘1984’. And if there is a real risk that the Government of such an individual’s country could act in such a totalitarian way, then the individual has every reason to be concerned. I am not going to comment on other countries – it is none of my business. But I am quite happy that the freedoms in my own country are sufficiently established and guaranteed that such an outcome is of negligible probability and can be ignored.

Dirk Rijmenants said...

Dear Fred,

When talking about Europe, I do this in general terms. Of course, each country has it's own specific laws and views on this issue. From your view on Europe I cannot but conclude you’re British. Let me assure you that, although Europe has some advantages, many in our “tiny” country of Belgium, believe that Europe is, above all, an enormous and money eating bureaucracy, unable to impose necessary laws and able to impose laws that no one has voted for. Exempli legio, alas.

All these arguments, however, have nothing to do with privacy. Although the lack of unity in Europe also affects intelligence gathering, that mere fact of being European, Belgian or for that matter Australian should has nothing to do with how people should look at basic rights like privacy, and neither does the fact that Belgium was occupied twice.

As for sharing intelligence programs, that practice is not that absurd, as UKUSA showed already decades ago. You can discuss on how far one would/should expand such alliances. All this, however, doesn’t change anything to the fact that (renegade or not) intelligence gathering can cause serious frictions between countries, or angry citizens. We all know that all allies share intelligence, that’s not the problem. And of course, intelligence should not be made public. The problem is that if you gather data on your citizens, there is always the possibility that it is misused. The opportunity makes the thief.

How do I value the promises from the U.S. or, for instance, GHCQ that they won’t misuse the data they collect? Unfortunately, nil, zero, zip. Why? Even recent history has shown that some people in these agencies, and politicians, tell blatant lies and break laws. Not all do, and most do an excellent job, but some always mess up for the rest, be it by pressuring intel pers to produce things they should not produce, up to losing USB sticks with sensitive data ;-)

The question is not if, but when and by whom. We can find enough embarrassing examples, here, in your country, and in the U.S. where overzealous government officials or civil servants used such information to make either bad decisions or make profit of it. This goes from federal police officers checking the phone records of their wife’s friends, over lobbyists of shady firms with good connections who track the source from a reporter that wrote unpleasant but true things, up to presidents who eavesdrop on their political opponents, in their own country, nota bene. I’m sure these examples all sounds pretty familiar, unfortunately.

Remember, in most cases, those victims, given above, had done nothing wrong, so nothing on your record doesn’t mean anything. We, the countries, all had many such scandals, from the small bourgeois, to the huge political, didn’t we? This has nothing do with being invaded in the past, or fear for a 1984 scenario. The U.S. has never been invaded, yet some over there – even presidents - have shown to be pretty paranoia and eavesdropped way beyond all laws and any decency.

That is the reality of not having privacy. And this is not a problem of intelligence agencies, but of politicians who make the laws, define how their agencies should operate and the their objectives. I’m also quite happy with the freedoms I have, but I want to keep them, and if some are already lost in the process of technological evolution, would like them back.

Let’s just agree on the fact that we disagree on privacy.

Fred said...

Just a couple of new events that indicate the momentum behind publicizing personal data, and the absurdity of expecting to place limits on national Intelligence.

Trojans have reportedly been placed in mobile phones and iPads by Russia, Pakistan, Iran that transmit audio even when the device is switched off. Personnel in Government departments have been issued with soundproof, lead lined boxes in which to put their devices during confidential discussions.

Large retailers are fitting video scanners at checkouts to record details of customers.

Ever heard of King Canute? L

Dirk Rijmenants said...

Same thing happening here, as our prime minister ordered last week to leave cell phones and such in another room during sensitive meetings by government members. Also last week, Van Rompuy, president of the European council received, as many others at the end of a G20 meeting in Sint-Petersburg, USB sticks. He requested examination of the sticks and they proved positive. China has played such pranks also in the past.

Now, what can we observe? People getting paranoia, or their governments? Whoever is turning paranoia, it’s a pretty high cost for getting that few terrorist in a million. Is it worth that? Affecting millions to get a few nut cases? During WW2, we sacrificed millions to get freedom for even many more. These days, one nut case terrorist who kills 3,000 can hostage the complete western world and its values of freedom. Is it worth all that?

Fred said...

My observation is rather different.

The unstoppable trend is for more and more personal information to become public -- both because people are telling more about themselves through social networking and because agencies of all kinds are observing people whether people like it or not.

Attempts to regulate this trend are as useless as King Canute demanding that the incoming tide stops. Thus we all should get used to what is inevitable and adapt accordingly.

Dirk Rijmenants said...

If the social media prove one thing, than it is that people have no clue about the risk of publishing their complete life on-line. You don’t need an intelligence agency to exploit or misuse this kind of information. Lawyers do it, employers, police, social security does it. They simply check Facebook and twitter, and you’re screwed. Now, that’s the user’s own choice. That is indeed an unstoppable trend, but their own problem.

The current problems with the intelligence agencies is their hypocrisy about why they spy. The main goal of today’s intelligence gathering is primarily economical, industrial and political. Cold War is replaced by Cold Peace, and this time it’s against both friend and foe. The days of “good vs bad” are long gone (if ever existed). Political and economical foreknowledge are big business. Money and influence, that’s all. Funny that they scream murder if the Russians pull the same prank on them. But the real game doesn’t sound as good as “war on terror”, because honestly spoken, it is plain theft. Well, the game is what it is.

War on terror? Is there really anyone in the intel community that seriously believes that the biggest threat comes from a sheep farming idiot extremist? Those who did the most successful attacks (f.i.9/11) were highly educated. They are smart enough to have an innocent digital life and a second conspiring life, completely off the grid. The well organized threats stay invisible and the lone idiot passes under the radar. We’ve seen the various attacks in recent years (f.i. 7/7, Shoe bomber, Boston; several shootings), despite heaps of tax money spend on intel. Meanwhile, some of the publicly most radical folks cannot be extradited from their “guest country” because we would violate their rights, a real joke. Talking of hypocrisy! With current U.S. foreign policy it is, alas, simply waiting for the next attack to happen (not necessarily from Al Qaeda) and you can bet on it, they won’t see it coming.

Here in Europe, we already got used to terrorists 40 years ago, with the Rote Armee Fraction, Bader Meinhoff, Red Brigades, IRA, CCC, Action Direct and many more fractions, some of them sponsored and supported by intelligence agencies. Did we survive? Yes! There were casualties, but police did their job and usually got the extremists, without today’s high tech indiscriminant dragnet eavesdropping. Terror was fought, and terror did not rule the continent, as it does now in many countries. The current threats might be different, but the goals are identical: creating fear.

Alas, we’re actually deviating from the blog post. The issue was that today’s computers are insecure and that certain groups have no interest in changing that. Truly secure computers are easy to develop, and would avoid discussions of peeping agencies.

Fred said...

Just to complete our discussion on privacy, the former head of Sun Microsystems, Scott McNealy said 14 years ago in 1999: "You have zero privacy anyway. Get over it."

I am sure he knew what he was talking about then and it's certainly no less true now. That theme has been what I have been saying in this column and I am glad to be in good company.

Some comments on computer security later.

Fred said...

Hello again Dirk,

This time subject is 'insecure computers'.

I read your paper. Interesting stuff. Could you explain in some more detail how you would connect the 'secure' computer to the 'insecure' computer in such a way that what passes between them is only cipher text and NOT nasty viruses, trojans or whatever that will steal things from the 'secure' computer?

This question refers to your paragraph "The solution however is simple: a dedicated notebook or laptop computer that is used exclusively for one-time pad encryption. This notebook is stripped from the usual insecure network connections and IO ports (both physical and wireless) that work via the OSI layers. This notebook’s only connection to the outside world is a basic IO system (possibly optical) from which the crypto software sends raw message bytes to a normal PC or reads raw message bytes only."

Dirk Rijmenants said...

Fred,

The problem with today’s computers is that they lack the basic input/output (I/O) ports and only talk to the outside world through insecure Ethernet, Wifi or USB. Viruses enter a computer system because inputs such as the Ethernet interface doesn’t merely accept raw byte values, but processes the inputted data through several different layers of software processes, the so-called OSI-model, the standard communications model in today’s computer architecture.

When a malicious series of bytes (the virus) is presented to the computer, the first thing it passes is the physical (raw bit input) layer. No problem here. Next, there are various layers of which the data layers (session, presentation and application) are the main problem. They process the data, (mis-)recognize these as valid data and either lets the data be executed by some valid application or simply sees it as valide software and executes it. Now you have a virus. Why? Because the system (is designed) to automatically processes the bytes. Alas, those inputs and that very architecture, although useful for many purposes, is what makes a computer insecure.

Viruses don’t enter your PC and start eating things from themselves. A virus is simply a series of bytes that represent program code. The higher levels of the OSI communications model process those raw entry bytes as valid software. There are numerous virtual ports, all controlled by the OSI layers. The good news is that you don't need to OSI layer architecture to communicate.

Any desktop and most laptops can be fitted with a I/O port (serial or parallel). These good old I/O ports are very useful, but “modern” outside connections provide more hocus pocus (and security problems). However, the main advantage of the I/O port is that is processes data on the physical (bit) level. This is similar to the first layer of the OSI model, but with an important difference: it is not processed any further. The received bits and bytes are processed only when asked for by the software that controls that port. Nothing special, nothing innovative or secret. This is basic computer architecture that always existed.

And here’s how we get rid of any nasty stuff: the I/O port can be programmed directly by the user to accept the presented bytes and send these bytes to the appropriate software to process it. If the data that arrives is, for example, a valid encrypted message, the software, which is written to recognize it as such by a given header, will fed it to the software that decrypts the message. If a virus is presented at the input, it is simply not recognized as valid data, and will not be processed and cannot do anything malicious, because the input is simply not programmed to execute that virus.

Here’s the difference with the OSI model. Viruses are only viruses if they are erroneous recognized by the higher OSI levels as valid software are processed as such, screwing up the PC. You can only have trouble with a virus if your PC is programmed to accept and execute that virus. Unfortunately, today’s computers are programmed for so many useless junk (automatic updates, codes, add ware etc etc) that they accept about anything, including viruses. And the software companies are to blame. Reason? Commercial profit.

If you have software that reads the raw data bytes from a I/O port, under control of your software that processes only those bytes that have a valid format, you can never get viruses, because your software is not written to process and run that series of bytes we call a virus.

part 2 below due to size limit comments...

Dirk Rijmenants said...

part 2:

Two ways to connect insecure computers to a secure device:

First: you can connect the insecure PC through a I/O port (with I/O cable) to a secure computer (stand-alone laptop) which is NEVER connected to any network. Interface software on the insecure PC only takes the data, received on that insecure PC, and sends it through its I/O to the secure PC’s I/O port. The same interface software accepts data, sent from the secure PC. The software on the secure laptop, written to exclusively accept pre-determined data formats, reads the data and processes it only in that way as the software was written for. The only way to infect this system is to get your hands on the secure PC.

Second: The insecure PC is connected through a I/O port to a dedicated device. Here also, some interface software relays the data from the insecure PC to the device. This can be special purpose hardware with at its core a PIC processor, arduino board or even a simple Basic-Stamp, connected, for example, to an LCD screen and keyboard, enabling text entering and storage, with the PIC including encryption software. Advantage of such dedicated devices: impossible to infect with malicious software.

Both options, especially the second, are used, and preferred, for high-security communications, as they rely on communications through the basic physical level, directly and exclusively processed by the proper software. Especially the military is champion in special interface cables to connect secure devices to insecure stuff. It’s actually the only 100 percent watertight system, and here’s why:

Every single computer connection where data is processed through the standard OSI layer communications levels is by definition insecure as the various layers can, and usually will, accept malicious software and wrongly recognize them as valid data, thus executing the malicious software.

Dirk Rijmenants said...

To put it short: if a computer input is programmed to accept a large number of different data types and process them through many different complex and interacting processes, you always have the risk that malicious data slips through and is executed erroneous. Your internet connection and OSI model are the main cause.

If a computer input is programmed to accept only strictly defined formats, and these are only presented to valid software, specifically written to process that data, there is no possible way that malicious software can run on your PC, simply because the PC is not programmed to process that virus.

Today’s computers are infested with processes that accept all kinds of Active-X controls, vbs scripts, html scripts, java and many others. Moreover, virtually all software has options to automatically accept executable files to install updates, codecs or additional scripts, or add-ons to expand its options. All these are a security nightmare, as viruses simply disguise themselves as one of the many above. If you simply don’t program your PC do accept all this shit, you don’t even need a virus scanner. It’s that simple. Alas, you won’t neither have all those sizzle fizzle blinking options, but did you need a secure PC/device or a toy? You can always use the toy computer for fun and the secure PC for serious things.

Fred said...

Well I left you a query this morning but it seems to have disappeared. Must have an infected computer!

Let me repeat my question, How do I connect my two computers to comply with the requirements you have described?

I have a Mac Pro (insecure, connected to the Internet) and a Mac Mini (secure, no Internet connection). Both computers have Ethernet, USB and Firewire ports.

Which of these ports do I use for interconnection? Do I need any special software for the Mini to ensure only the correct bytes pass?

Dirk Rijmenants said...

First of all, you don’t use directly the ports you have. You need a serial or parallel port for both PC’s, preferable a port directly on the pc. A standard USB to serial or parallel port cable at both ends is a solution, but I would not prefer it (it requires higher level processes for interfacing). As long as you NEVER connect the two PC’s by the USB cable itself, but only through the parallel or serial data cable. You connect these with a serial or parallel cable, but by USB cable or Firewire. Of course, the secure PC should not have Wifi and preferably have the USB, Ethernet and Firewire ports removed or inaccessible.

Of course, insecure systems and secure systems can never communicate securely with each other. Nor can you expect to receive insecure data on an insecure PC and simply relay that to a secure computer.

You write interface software that can send and receive the raw data bytes. To communicate securely, you need two secure PC’s. The first PC encrypts the message and sends it through the interface as raw bytes to an insecure PC. The interface at that insecure PC simply relays these bytes, for instance through e-mail, to the receiving insecure PC. The software on that PC relays the bytes to the interface of the secure computer which processes/decrypts the bytes with the appropriate crypto software.

Of course, this is all custom software to process data on a low level. Don’t expect to send word docs or spreadsheet files directly through the serial cable. Sending such files that need to be processed/opened by standard software (text processing, spreadsheets, video, audio,…) should not be send through insecure channels and should be encrypted by non standard crypto software. Those files, and standard crypto software you use, can be compromised by the possibly insecure source computer. Here you arrive at the same problem as mentioned earlier: standard software has various processes and options that can be infected, and there is a serious risk of intrusion when using such software.

Such systems are not hard to set up, but require programming skills (to write the interface software) that depends on the system you use it for, and the proper hardware (serial or parallel data exchange between PC’s). Specialized firms either sell dedicated crypto devices or secure interfaces for normal PC’s. However, in the end, your so-called “secure PC” still requires installation of a (commercial) operating system, which in itself is a risk.

The most practical method is to develop a small board with a PIC or AVR microcontroller and use basic programming to control a serial port, a small screen and a keyboard, and integrate crypto algorithm routines. Today’s programmable boards make these designs very easy. Such dedicated devices are absolutely secure against intrusion and can have various I/O options, from serial data up to modulated signals (through telephone or other audio channels). Some examples are the KL-43, the TST 1221, PARSA or the older HC-530. Some spy communications gear works alike, albeit built into the most exotic housings.

If you really want to send whatever file types, you need secure servers. Problem is that using “whatever files” always poses a security risk. You don’t want to know how many so-called highly secure networks have been compromised. The cause is always the same: users unintentionally or intentionally bring in infected software, via USB sticks, CD’s or even media players. The Chinese and Russians are very good at making such bugs and distributing them at business fairs as free presents. Works beautiful!
If you really want to have secure communications, use a dedicated crypto device, connected through a serial cable and use insecure systems to transmit the message.

Dirk Rijmenants said...

A little side note: ALL standard commercial crypto applications are readily circumvented by intel agencies. The algorithms might be strong, but the application on normal PC’s is completely insecure. Using crypto on a normal internet connected computer is about the most idiot thing there is. If they want it, they don’t intercept the encrypted message or data, they simply grab it before it is encrypt. That problem already started in the 1980’s when they shifted from dedicated crypto systems to crypto that is integrated in standard computers. However, if you encrypt on a secure (dedicated) system first, it is impossible to circumvent.

Fred said...

The problem with your suggestion is that I cannot use my two Mac computers and also I need connectors and special software that I do not possess. That's too restrictive. I have a better method.

I keep my Mac Mini for encipherment. It has no connections to the outside world. It is connected only to a printer and a scanner. So I can right away encipher by my chosen method and print out the cipher text.

Next I scan the printed message into my Mac Pro and send it to the recipient (by email, or posted on a web site, by Morse over the Internet or whatever).

There is no way the enemy can read the plaintext before the message is enciphered. In a word he is screwed by my system.

Now the receiver prints off the received cipher text message. He then scans the printed message into his 2nd computer (which has no connection to the outside world except directly to printer and scanner) and decrypts it.

So there it is. A secure system using my present kit that I can get started with immediately.

I will post later on the enciphering system I will use when I have a bit more time.

Dirk Rijmenants said...

Hi Fred,

If you don’t have the proper hard- and software at your disposal, and have a low volume of messages, then this semi manual method is indeed an excellent solution. When scanning the printed page with OCR, you can even grab the ciphertext directly. You can print the full byte or ASCII range by compressing it into base64 or, easier for OCR, base26 (only upper alphabet). Even printing it as bar codes is possible. If you have a smart phone, you could print the data as QR code, photograph it with your smart phone and send it to the receiver. The version40 type QR code can hold 1852 characters.

The solution is not suitable to process and send larger volumes of messages, as it would become too labor intensive, but it is indeed a good low tech solution. It’s also a way to convey unbreakable messages, as you can perfectly encrypt a message with one-time pad and send its printed ciphertext or corresponding graphical code to the receiver. Since OTP is rather labor intensive you could do the encryption automatically, under the condition that you have a truly secure PC (and old surplus notebook is ideal). Completely NSA proof. Any such solution is good, as long as you digitally separate the secure PC from the insecure PC.

Another possibility is to download freeware modem software that converts data into an audio signal. Ham radio amateurs use such software to send data to their TNC (Terminal Node Controller). RTTY, Morse (high speed), FSK software etc, is also readily available as freeware. When installed on both secure and insecure PC, you only need two audio cables (out->in and in->out) between both PC’s to send and receive data as audio signal with the modem software. The byte or character values are only processed as audio and are converted by the demodulator of the software only into byte values or characters. Audio signals are of course only processed by the sound card and not seen as application data or executable files. Free from viruses! Note that this only counts when you connect the sound cards, not when you use a real modem in/output on your PC, which works as any other insecure port and again would pass the data through all data layers and various processes, just as Ethernet would do.

If desired, you can directly use the speakers from the secure PC to send the signal to your phone. The receiver simply holds his phone speaker to the PC microphone while running the modem software. With this method you could process a larger number or longer messages without the need of extra hardware. Some free software is TrueTTY or CwGet, that sends text in from a text box as audio signals and receives it as characters in a text box. Required hardware: two 3.5mm jack audio cables. This is similar to how dedicated crypto hardware like the TST-1221 sends its messages through telephone or radio transmitter.

By the way, Fred, thanks for the constructive thoughts. Discussing and disagreeing is OK, but solutions are better and more interesting for the reader ;-)

Fred said...

Interesting about using audio signals, I hadn't thought of that. I am a Ham Radio operator and I have a hardware/software gadget called SignalLink that plugs into my receiver and also my computer (via a USB port) and converts incoming Morse code to letters on the screen, or vice versa. SignalLink has its own sound card and all the de/encoding is done on board and not in the computer. So the processed data is probably "invisible" to a virus/trojan in the computer.

But encrypting my secret message into Morse and sending it out on my transmitter is not too good an idea! I suppose I could send my Morse message by 'phone, but phones can be tapped!

Dirk Rijmenants said...

@Fred, You could even use psk31 or such. As a HAM we're not allowed to send encrypted messages. However, by telephone would be possible. Merely encoding into Morse is of course insecure, but if the message is encrypted first, you can securely send it through telephone. Although providing secrecy this however doesn't provide anonimity. Telephone is hardly anonymous.

Fred said...

Hello Dirk,

This conversation has been most interesting and useful -- thanks!

A question: in your long list of Intelligence agencies there is no mention of MOSSAD. I take it that those gentlemen do not have an open face to society at large. Is there any source of information about them like organisation, activities,….?