… and nothing much will change.
My predictions:
There is only one group of people that the NSA is spying on that matters to most Americans. And that is other Americans. So what will happen is even more of that particular function… spying on Americans… will be outsourced to the British GCHQ, which already effectively acts an arms length subsidiary of the NSA, bought and payed for with US taxpayers money.
But the rules will be re-written to make it theoretically harder for the NSA to engage in mass surveillance of Americans, at least the ones in America. This will mollify enough of US public opinion to take away the pressure for any actual reduction in budget and capabilities. Indeed capabilities will continue to be expanded now that the NSA has been seen to be ‘brought under control’. Not that it was ever actually out of control.
And if you are not an American, you will just have to get used to the idea that the USA will be logging your mobile phone and internet meta-data… at least until enough of the internet gets fragmented into national enclaves which are capable of keeping the data secure from the Americans (at the baleful expense of making it easier for one’s own national government to control things).
And even people who were previously well disposed towards America will start see the institutions of the USA’s government as a threat rather than an ally. Reflexive anti-Americans will beat that drum long and hard and sadly it will be impossible to refute them, because for once they will be quite correct.
This will of course materially change the internet, and indeed the world, for the worse.
But most Americans will not give a damn as the net will still seem to work just fine in the USA and who cares if the US government is logging who calls who in Germany and Brazil?
But the upside, which is already happening, is new methods and approaches to security will appear and that is actually a ‘long war’ that the NSA and GCHQ cannot possibly win. I suspect Edward Snowdon’s lasting legacy will be simply making far more people aware that they were in a different battle for security than the one they thought they were in, and that means there are some rather interesting market opportunities for many different kinds of security.
But whatever ‘reforms’ for the NSA that get trotted out over the next few months and years, I would be very surprised indeed if anything really changes. The deck will get shuffled but the game and the stakes will remain the same.
For myself, I use geo-different proxies to appear to be some other countries citizen.
Fuck GCHQ and the NSA.
I think we’ll see a rise in dead drops. The following is a message encrypted with a public key that could be found and decrypted by the right person (and only the right person) if they happened to know the right places to look. Currently, someone doing such a thing would stand out but with the level of paranoia the current government is engendering, look to see it becoming more mainstream.
If nothing else, end-to-end encrypted communications will become the norm. That still is subject to metadata analysis somewhat but it is a start. Once things are encrypted, the metadata becomes less relevant.
—–BEGIN PGP MESSAGE—–
Version: GnuPG v1.4.7 (GNU/Linux)
hQIOA8h0/JMRj03UEAf9GwERC1K9jn5YtAhwIo9GQH6hg0P/udRQyNHwNPsT55yj
seF/fog0+sl72uTxssPSM7kUz2vYk/IQqtUCU+WUsR/3PU3SN17wLcQz6QLrWhi6
cxPNU5YJXc2m7DyhDC6cBdjvfe1yRl7ZM9HVkKilFhJOxbULUgD6oCr6yDVWUXVb
BirKAyhiivEkGlKV2oK/95CvGf7I7VEHP0QPa0xlnCrNN5sLaCOXyZ9+40j0q0l/
N0YfgZNU7ChhoiYGY2ydR2xUSFMI6ZFRfYeawBQeNLreqT0HrXeW7oOIJI7+yoVm
Osq49g95A5sLOUxMWB3ZsAB42d7nh7apSWs2PKnc0wf/Rnyr6t8GtJEjBhkHg279
86jMwRQxulpr8uQbN4eY9IGMc1MB9QTA83pGTmfuGkbrExRnbQP9o16nJNPuA5qk
qzQUct5yuhG2C108BGBYB1ARHv4uNz9Q3/kKbiJDzydXkthxtx/5a/Wmd03Lyc8i
BILtP/+cq6+Qd16+BM6zM7XzZoQaJYFmQV7F8d2MfK2a6fOtsMPeNX90Jmo5V1/X
r+ID+/coJm10aWw8etClXZLC8NkFagLUEa6YQu4f3Hgedtl3DZfZ33eCi6IVUmk8
Ji63LgzC+OGGH+Zh9Ds+iIcPsXXpEJixN30lEPkD3Y4bQuNaDWo1g48my1ebnG+m
utJRARg28nSzTFJPLz4Oe8uRn/oDjEQPj6fxYG5Or70k8yM+2/FxViA4AarEcuvD
Ar9ZiFMKHPn3sB/tnShu/zPiRucAXAPR81aKK0EjGkdGiO9Y
=uE7u
—–END PGP MESSAGE—–
The message from “I think” above (if it appears) is from me. Typing accident in the name field [fixed by editor]
If anyone is concerned about the content of the message, I’m happy to provide the private key (The message is “hello samizdata” FWIW.
Years ago when I was in Signals corps our unit in Melbourne was under attack from the East Germans. ASIO briefed us that they sent info home on magnetic tape which got demagnetised, they went to seven tons of paper a month, no problem they don’t have the personnel to read it. People the NSA don’t have enough personnel to read your crap and that’s what it is.
John Galt hope you use a different computer each time.
I heard, a few years ago, of an ideal way to send secret messages, without knowing any key codes beforehand.
Person A makes up a keycode, and sends a coded message to person B, who makes up his own keycode and encodes that message and sends it back to person A. Person A then takes off his key code, and sends this message back to person B, who removes his own key code, which should restore the original message.
A bit long-winded, but if you have the time, an interesting exercise.
Nick (nice-guy) Gray writes:
So E sees P+A, P+A+B and P+B.
Best regards
I’m not sure if the details are correct but that’s the basis of an SSL connection. Problem is, you still have the metadata.
Regional. I’ll skip the sarcastic comments about living in the sixties but you are aware they have computers now, right? Warehouse size buildings full of them. Your papers and magnetic tape would be processed in a nanosecond. They probably know who you’re going to have dinner with next week before you do (if they decide to look. And there’s the danger).
Richard Thomas,
Der!!!!!
There’s still not enough people to read them and the information flow upwards would suffocate the system.
The problem with ALL “encrypted” signals is the the very act of encryption draws the crabs.
Safe hand, “burn after reading” is about as good as it gets, but try doing that with hundred-thousand word documents, CAD files or similar.
That pretty much ALL governments distrust their people; i.e., generally the ones who “hire” and pay them, is a damning indictment on the quality of the “politicians”, the public “servants” and the casual attitude of the “peasants”.
We all know where this is heading. Many of us will live long enough to be wading through the gore splashed by the “consequences”.
Bruce,
What you say is correct, the great majority of encryption was to stop members of the PMG from reading traffic. Traffic flow security provides the most secure encryption but I wouldn’t put my life on it.
Nigel Sedgewick wrote, of Nick (Nice Guy) Gray’s post:
“So E sees P+A, P+A+B and P+B.”
Where P = payload and A and B are the encryption keys.
Surely this isn’t secure at all? An attacker who has P+A and also P+A+B can work out how to transform P+A+B back into P+A again, effectively separating out the B key. He can then use this to reduce P+B to P, giving him the content of your message.
If he wants to double-check, he can repeat the procedure using different combinations (i.e. using P+B to derive the B key from P+A+B, then using the derived keys to reduce P+A to P, P+A+B to P+B and so on) and check that all the derived versions match the intercepted ones where applicable.
Richard Thomas wrote:
“If nothing else, end-to-end encrypted communications will become the norm. That still is subject to metadata analysis…”
I suspect that the rise of strong encryption in the hands of ordinary users has driven the rise of traffic analysis as a countermeasure. Without strong encryption, the security services might see traffic analysis as far less necessary.
There is an interesting transcript of a long interview with John Inglis, Deputy Director of NSA (who is about to retire). This can be found here at NPR. Hat tip to The Privacy Surgeon.
The transcript is very long, running to some 15,600 words. However, it does make interesting reading.
This is particularly on the estimated number of terrorist plans that have been stopped (or otherwise materially impacted) initially and importantly by use of ‘metadata’ (as distinct from adding knowledge where initial suspicion came from use of other intelligence sources).
In the interview, Inglis reports that only 1 of the reported total of 54 terrorist incidents (I think since 11 Sept 2001) can claim as their initial intelligence source, the use of such ‘metadata’ from USA-based or USA-citizen communications. I note with interest that even this one suspect was actually previously known to the FBI (several years earlier by, I assume humint) but then determined by the FBI not to be involved in terrorism. Given that prior knowledge, it is not at all clear to me that this link to terrorist activity really was found purely by analysis of otherwise untargetted USA ‘metadata’.
Also of interest in this article are statements by Inglis as to how such ‘metadata’ is useful. This is, as I read it, primarily by the rapid checking of anyone (A) in contact with a communications node (B) newly tagged as terrorist-related. This is even if that contact (of A with B) predated by a significant period, the knowledge that B was suspected of terrorist involvement.
This extension of tagging is, IMHO, clearly useful in anti-terrorist operations. Only with storage of such ‘metadata’ for significant periods can there be the most useful (ie immediate) form of extension of the tagging.
However, also as stated by Inglis, the need for such ‘metadata’ to be stored by NSA itself is not essential (it could be stored by the provider of the Internet service, or other communications services – eg telephone companies). It is primarily the requirement for immediate access (including knock-on access) that is important; this is referred to by Inglis as ‘agility’. In addition to that point made by Inglis, I also see benefit in tighter security of the investigation, by severely restricting knowledge of interest in these particular communications participants. Such tighter security also is likely to benefit the innocent by reducing the risk of leaks into the public domain of their being under some suspicion for a limited period.
Most interestingly, what is thrown up by the interview is negligible (maybe perhaps one case of correcting a wrong previous intelligence analysis decision) to zero support for the creation of valid suspicion of terrorist activity from analysis of such ‘metadata’ (ie mining of big data), without external (partial) suspicion.
Best regards
Regional, the point is, no one has to read it. They just have to present their aim to the computer “Connect person X to terrorist organization” or “Correlate person X’s phone location with that of known prostitutes” and it all gets done automatically.
Enemy agents would need to be sure that they had picked up all the messages before this happened. I sent it back and forth twice, but it could be done more times than that, the exact number being agreed on beforehand by both parties. An interceptor could not know where on this chain he was.
I agree that if an attacker gets P+A+B, P+B+C, P+C+D and so on but not P+A, he has no way to extract keys or content (but if he does get P+A, and knows what he’s got, you’re stuffed). You could also pad the message stream with random messages of the same length to make it harder to separate the wheat from the chaff. If the channel chattered constantly, even when no message was being sent, then it might be very hard for an attacker to recognise what was a message and what was just another block of random characters, depending on the scheme you use to identify real messages between yourselves.
Two points spring to mind, though.
Firstly, this is closer to obfuscation than to cryptography. You’re relying on hiding the message from view for your encryption to work. If it all takes place in plain sight, then your encryption scheme offers no security at all.
Secondly, this seems to be the type of scheme which would work well for an embassy or diplomatic station, but not for an agent in the field.
The two have fundamentally different needs. The diplomatic station is expected to chatter and it’s expected to send many of those communications in code. The same goes for a military base, or any other known installation with a recognised need to use encrypted communication. It won’t be doing anything out of the ordinary by chattering constantly, especially as an eavesdropper will expect it to implement traffic flow security by sending random blocks along with the actual encrypted content.
However, it’s not enough for the agent in the field to secure the content of his communications. He needs to appear not to communicate at all, or to disguise his communication as something completely innocent, or his cover’s blown.
Right now, I feel like we’re more in the situation of the field agent, but the solutions being offered are more suited to the diplomatic station.
Roger, I think most of us have had our cover blown already.
Anyone still reading this thread?
http://www.techweekeurope.co.uk/news/blackphone-geeksphone-silent-circle-135968
Yes, and your interest has been duly logged 😉