The Privacy BlogPrivacy, Security, Cryptography, and Anonymity

CAT | Email Security

This NYTimes article discusses a bill which the Obama administration is proposing to submit to congress. The general background of the bill is that evolving technology has made it more difficult for law enforcement to conduct effective wiretaps and other intercepts because much of the targeted communication now takes place on the Internet and is often encrypted.

The actual text of the proposed bill does not appear to be available, but the article lists the following likely requirements.

  1. Communications services that encrypt messages must have a way to unscramble them.
  2. Foreign-based providers that do business inside the United States must install a domestic office capable of performing intercepts.
  3. Developers of software that enables peer-to-peer communication must redesign their service to allow interception.

The first of these is similar to the CALEA law which requires telecommunications carriers to design their services to enable automated real time intercepts. While this generally sounds reasonable when “we” say it, the idea is more ominous when coming from some other governments.

The second of these feels uncomfortably familiar. See my past blog posts (and here)on the attempts of privacy hostile countries to require similar concessions from RIM.

The third proposal is completely outrageous. In effect it says that I may not speak in a way which is unintelligible to the wire tappers. As a colleague quipped “I am hiring Navajo code talkers.” This would require a back door be inserted in to cryptography tools. Experience shows that any crypto system with such a back door will be breached and then left vulnerable to the enormous number of criminal hackers on the Internet today.

In 1993 the US Government proposed a system called the “Clipper Chip” which would provide all encryption for personal computers, but to which the US Government would have back door access. This was a terrible idea then, it was widely ridiculed, and suffered a well justified death by 1996. This third proposal would be much worse. It is asking huge numbers of non-crypto experts to build back doors in to their systems. Frankly, the cryptography in most software is already badly broken in many cases. Something as subtle and complex as a secure and effective law enforcement back door would be far beyond their abilities and render currently poor security completely untrustworthy.

All this is not to mention the potential abuse by oppressive regimes, who will pounce on the capability to further crush dissent within their countries. Finally, it will be largely ineffective against serious threats. Very strong and easy to use cryptography is already available world wide, for free (GPG, ZPhone, TrueCrypt, etc.). This is a classic case of damaging the innocent while leaving the guilty and dangerous unaffected.

It seems to me that there is a pendulum swing to these things. Technology cuts both ways. Some times it favors the interceptor and some times it favors the communicator. In most ways the Internet has been a fantastic boon to law enforcement. Cloud computing, email hosts, social networking, open WiFi, and huge hard drive that encourage people to save everything all provide law enforcement with enormous amounts of information they could never have collected in the past.

It may not be shocking to anyone that there is no federal push to make that more difficult to access while pushing to enhance their ability to intercept encrypted communications.

All this is argument about a bill we have not seen yet. Let us hope that the furor that has swirled around it will cause it to be retraced or modified significantly before it is actually delivered to congress.

No tags

There has been a lot of media coverage of the threats of Saudi Arabia and the UAE to shut down BlackBerry connectivity in their countries unless RIM (the maker of BlackBerry) introduces a back door so they can monitor communications.

I have been following this story closely, but wanted to wait until I had all the facts before blogging about it. At this point I don’t think I am going to get the whole story. The statements I am seeing are absolutely contradictory and the whole thing is getting really fishy.

UAE/SA say that they need to be able to access BlackBerry communications, but they can’t.

RIM says that their technology makes interception impossible because the communications are encrypted end to end between the BES server (located at the users place of business) and the handset. RIM claims not to have access to the decryption keys.

Third parties claim that RIM has arrangements with other countries (including the US and Russia) which allows such access.

RIM responds that this is false and that they don’t have this ability.

It looks like RIM and UAE/SA will come to an agreement while both continue to claim that they have not compromised their positions.

The moral of this story is that you should not trust security you can not fully analyze yourself. Anonymizer Universal uses strongly encrypted L2TP VPN technology to secure your information so even if your telecommunications provider is cooperating with surveillance they still can’t read the contents of your messages.

Unfortunately Anonymizer Universal does not support BlackBerry yet, but iPhone, Windows, and Mac users are protected.

No tags

Cnet (among others) reports on Google’s interception of personal information from open WiFi nodes, including passwords and e-mail.

Clearly it was poor practice for Google to be capturing and recording such information as they drove around, but the real news should be that the information was there to be captured. The intent of the monitoring of WiFi seems to be collecting the locations of WiFi base stations to improve enhanced GPS location services. This works by having your device upload a list of all the WiFi base stations it can see (along with signal strength) which the service then looks up in a database to determine your location. This requires the service to have a database of the physical location of an enormous number of WiFi base stations.

To do this, all Google would have needed to capture was the hardware address of each device. Instead they captured some of the actual data being sent back and forth as well.

It turns out that this is incredibly easy. With many of the WiFi chipsets built in to personal computers, laptops and USB adapters, one can easily download free software that will start intercepting open WiFi traffic with a single click.

The shocking news should not be that Google accidentally got this information but that anyone with bad intent could do it to you. Anonymizer will soon be releasing a video we did a few weeks back showing how someone could take control of your Facebook account using an open WiFi and almost no technical expertise at all.

If the connection between you and a website, email server, or other service is un-encrypted, then anyone near you can intercept it if you are using an open WiFi.

To be clear, open WiFi means that the underlying connection is un-encrypted. Many public WiFi sites have a login page. This is to manage usage, and provides no security to you at all.

If you get a connection before you type in a password, especially if you see a web page before you type a password, then you should assume you are on an insecure connection and therefor vulnerable.

No tags

A long time customer recently sent in the following question. Since it should be of broad interest, I asked his permission to anonymous post and answer it here.

How do you know that subscribing to an anonymizer does not simply mark you for observation?

We all know the NSA is capable of intercepting any electronic communication, and with gajillions of electronic communications happening every second, how would the NSA (or the FBI or the CIA or whoever it is who watches us) know which of those communications to watch?

Seems like the people wanting anonymity would be the first on the list.

Surely they COULD, couldn’t they? That is, get the subscriber lists, which would enable them to intercept communications this side of the proxy – i.e., intercept on the way out, on the way TO the proxy, BEFORE it gets securely tunneled? And no, that would not be possible with the web, but it would with email. Supposedly.

This is what has been proposed to me. What do you think? Does it have any validity?

It is certainly the case that the government could, in principle, monitor your access to privacy services. As long as that access is over a strongly encrypted connection, the contents of your communication, what sites you are visiting or who you are communicating with would be protected. The strength of your anonymity is then largely determined by the number of other users of the same service with which your traffic is being mixed.

In the United States, the use of privacy tools is not restricted. Strict separation of intelligence from law enforcement functions should prevent drift net monitoring of your use of Anonymizer from leading to any kind of legal investigation. The huge number of Anonymizer subscribers would also make this difficult and highly visible.

Outside of the US it is another story. Many countries exercise much greater control over the Internet. Even if it were not blocked by the Iranian government, accessing the Anonymizer website from within Iran would be a risky activity. Once again, the key here is safety in numbers. We have run anti-censorship tools in Iran that supported over 100,000 users. With those numbers, it is awkward for the government to go after people simply for using the service. This is not to say that if you are already under observation for some other reason that it would not give them added ammunition. Privacy tools are generally very effective at keeping you below the radar, but can be much less effective once you are on the radar for whatever reason.

The reality is that there is no evidence of widespread Internet surveillance being used in the US to track users of privacy services. As long as the connection to the service is well encrypted, you should be fine.

No tags

There have been a lot of articles lately talking about the fact that the person who hacked in to Sarah Palin’s Yahoo! account used “an anonymizer”. The articles also say that the privacy provided was compromised.

The unfortunate misuse of Anonymizer’s registered trademark has created some confusion. The person who hacked the account used a privacy service, but not one connected in any way to Anonymizer Inc.

No tags

FindLaw’s Writ – Colb: Does the Fifth Amendment Protect the Refusal to Reveal Computer Passwords? In a Dubious Ruling, A Vermont Magistrate Judge Says YesThis case raises some interesting questions about using cryptography. Not the usual ones about technical attacks, but about how strong crpyto behaves in court. In general, if someone finds an encrypted volume on your computer, is that prima fascia evidence of illegal materials and thus probable cause? Suppose it was called “my plans to kill the president”? In this particular case the defendant actually showed law enforcement people the contents of the encrypted directory, and the files located therein clearly indicated illegal content. That would seem to be his big mistake. The prosecutors are not guessing about the files in there, they know what is there already, and just want access.At the end of the day, the defendant can always decide if the punishment for contempt for not revealing the password is worse than the punishment for what will be found inside. If the contents are really bad, he is best off resisting. I can’t see anyone doing 20 years in jail to compel production of the password.Of course, in that amount of time, computers may be fast enough that brute forcing the password may be trivial. This is a real concern if the statute of limitations for your crime is very long or there is no limitation.

No tags

Steroid bust shows Feds can still get at “private” and “secure” e-mail

It appears that Hushmail was able to turn over cleartext emails to the government when presented with a court order. This points out the importance of understanding the security model of the security tool you are using. For example, secure web pages (SSL protected) only protect the data as it moves between your browser and the remote web server. It does nothing at all to protect the data once it arrives.

Incorrect assumptions about a security model can lead you to take actions that you might not otherwise. This can put you at significant risk. Many solutions are very robust against specific threats while offering no protection at all against other threats. Understanding what is and is not protected by a solution is critical BEFORE you actually start to use it to protect important information.

No tags

Yahoo scolded for helping China imprison dissident – MSN Money

Yahoo! was taken to task in a congressional hearing for handing over information to the Chinese government that lead to the imprisonment of a dissident reporter. There is certainly much that could be said about standing up to oppressive governments and the risks of locating infrastructure in such countries.

I think one of the most important lessons to take away is to take more personal responsibility for your own security and privacy. Information collected by the services we all use is archived almost indefinitely. Today the problem may be China, but who knows which government may turn oppressive over the next 10 years. Even the US government has a history of witch hunts.

Internet users must be proactive about their security. Tools exist to enable people in China to use the Internet freely without any censorship or monitoring. Anonymizer provides such a service free to Chinese users. A number of other organizations do the same. Encryption, anonymity, and privacy tools can largely de-claw the modern police state, but only if they are used consistently.

No tags

<< Latest posts