omnibus PRISM/NSA/free Edward Snowden/encryption tutorial thread

Summary of XKEYSCORE so far: https://firstlook.org/theintercept/2015/07/01/nsas-google-worlds-private-communications/

Not only does the document-leaker in Fort Leavenworth prison face limits on what she can read, but the banned books are often literary classics.

http://www.thestar.com/news/gta/2015/08/21/chelsea-mannings-banned-book-list-shockingly-long-dimanno.html

hey Brits

The mass surveillance operation — code-named KARMA POLICE — was launched by British spies about seven years ago without any public debate or scrutiny. It was just one part of a giant global Internet spying apparatus built by the United Kingdom’s electronic eavesdropping agency, Government Communications Headquarters, or GCHQ.

The revelations about the scope of the British agency’s surveillance are contained in documents obtained by The Intercept from National Security Agency whistleblower Edward Snowden. Previous reports based on the leaked files have exposed how GCHQ taps into Internet cables to monitor communications on a vast scale, but many details about what happens to the data after it has been vacuumed up have remained unclear.

Amid a renewed push from the U.K. government for more surveillance powers, more than two dozen documents being disclosed today by The Intercept reveal for the first time several major strands of GCHQ’s existing electronic eavesdropping capabilities.

One system builds profiles showing people’s web browsing histories. Another analyzes instant messenger communications, emails, Skype calls, text messages, cell phone locations, and social media interactions. Separate programs were built to keep tabs on “suspicious” Google searches and usage of Google Maps.

https://theintercept.com/2015/09/25/gchq-radio-porn-spies-track-web-users-online-identities/

"According to Snowden's lawyer, Ben Wizner of the ACLU, @Snowden himself will be controlling the account."

https://theintercept.com/2015/09/29/edward-snowden-twitter-snowden/

https://www.youtube.com/watch?v=t3r51QI4Ctw

this is the best thing which has ever occurred

All morning I've been singing "and there won't be Snowden in Africa this Christmas ..."

So i rewatched Citizenfour, and i think it's Greenwald in either the David Carr interview or the outtakes on the DVD who points out that we now prefer to say PRIVACY for what we invariably used to refer to as LIBERTY.

So if we no longer "should have any expectation of privacy/liberty," as DJP has often suggested, what is the putative organizing principle of the country? I know we've been lying to ourselves about all kinds of shit for 239 years, but one needs a good cover story for a national credo. What is the Latin for "Retweeting Taylor Swift"?

"pecuniam tuam semper habe"

What's another word for pirate treasure ?

revenueoftheClintonFoundation

A constitution of "With privacy and justice for all" sure would make things different.

Also, turns out Snowden likes Harvey Danger.

"Paranoia, paranoia / Everybody's coming to get me"

i'm going underground with the moles digging holes

wow I'm glad I wasn't around for this thread.

I don't think we no longer "should have any expectation of privacy/liberty," FWIW my colleagues and I spend a LOT of time on privacy (liberty) protections and we serve as a counterweight in a lot of policy discussions about what cops/spies want vs. what citizens are entitled to. I think that after 9/11 when Cheney told DIRNSA and DNI "whatever it takes" we swung the pendulum back out towards Alien and Sedition Act territory, on bogus and shortsighted executive statutory flim flam, and now we're swinging back.

I think that the administration backed down from the "golden key" stuff that DHS and FBI and NSA leadership were publicly asking for from silicon valley types is a pretty good indicator that we're moving in a direction to restore a lot of what was lost in the fire.

(And maybe then some. And maybe even past the point where it's a good idea and where it really does make some legitimate (...to taste) law enforcement and intelligence activities impossible)

Tombot, you kinda gotta speak to what it is you and your colleagues do; it's been a while.

www.us-cert.gov

the "about us" page needs an update

I am pretty sensitive to having my ramblings here tied back to my professional self. but everything is going to bite all of us in the pants one day, so

one concrete example - I get CC'd on email notices every time one of our network signatures for catching malware, etc. unintentionally captures personal data, and the analysts have to go clean it up. I can also say that having spent time inside multiple "3 letter agencies" that this place has more required training on handling sensitive information than anywhere else, and that's not the classified stuff - everybody gets trained on handling that - it's about protected private citizen and company information, which we are, as above, incredibly concerned with. the whole business is about trust.

it's Metadon't Day

https://theintercept.com/2015/11/28/snowden-effect-in-action-nsa-authority-to-collect-bulk-phone-metadata-expires/

Some Senate Republicans, led by Sen. Tom Cotton of Arkansas and 2016 presidential candidate Sen. Marco Rubio of Florida, tried to delay the program’s official end this month in the wake of the Paris terrorist attacks. But despite support from Senate Majority Leader Mitch McConnell (R-Ky.), the effort got no traction in Congress.

http://www.politico.com/blogs/under-the-radar/2015/11/nsa-bulk-phone-snooping-program-shuts-down-216228#ixzz3t0Ek8s14

Clinton, the Democratic presidential frontrunner, gave a talk at the Brookings Institution where she urged tech companies to deny ISIS “online space,” and waved away concerns about First Amendment issues.

“We’re going to have to have more support from our friends in the technology world to deny online space. Just as we have to destroy [ISIS’s] would-be caliphate, we have to deny them online space,” she said.

“And this is complicated. You’re going to hear all of the usual complaints, you know, freedom of speech, et cetera. But if we truly are in a war against terrorism and we are truly looking for ways to shut off their funding, shut off the flow of foreign fighters, then we’ve got to shut off their means of communicating. It’s more complicated with some of what they do on encrypted apps, and I’m well aware of that, and that requires even more thinking about how to do it.”

A “senior administration official” told Reuters that the White House intends to talk to tech companies in the coming days about developing a “clearer understanding of when we believe social media is being used actively and operationally to promote terrorism.” Major social media sites are already deeply engaged in combating online propaganda and recruitment by Islamic militants.

https://theintercept.com/2015/12/07/obama-hints-at-renewed-pressure-on-encryption-clinton-waves-off-first-amendment/

you know, freedom of speech, et cetera

Ugh.

https://alexcabal.com/creating-the-perfect-gpg-keypair/

please encrypt your emails to me

https://alexcabal.com/creating-the-perfect-gpg-keypair/

If you're new to PGP, please don't follow that advice, stick with the defaults.

Everyone always thinks I'm joking about $10,000-a-night hookers,
incidentally. I'm not. If someone were to give me a $100,000 budget to
acquire a secret worth $1,000,000, hiring a high-class call girl for two
weeks would be a *damned* tempting attack vector. People spend so much
time obsessing over technical minutiae of crypto, and so little time
realizing the weakest part of the system is always the human being... so
why not hire an expert in manipulating human beings?

love these guys

Cyberhawk, Yellowstone, Blackfin, Maximus, Cyclone, and Spartacus!

In the catalogue, each device is listed with guidelines about how its use must be approved; the answer is usually via the “Ground Force Commander” or under one of two titles in the U.S. code governing military and intelligence operations, including covert action.

But domestically the devices have been used in a way that violates the constitutional rights of citizens, including the Fourth Amendment prohibition on illegal search and seizure, critics like Lynch say. They have regularly been used without warrants, or with warrants that critics call overly broad. Judges and civil liberties groups alike have complained that the devices are used without full disclosure of how they work, even within court proceedings.

“Every time police drive the streets with a Stingray, these dragnet devices can identify and locate dozens or hundreds of innocent bystanders’ phones,” said Nathan Wessler, a staff attorney with the Speech, Privacy, and Technology Project of the American Civil Liberties Union.

https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/

Pretty sure those are all members of MASK
http://upload.wikimedia.org/wikipedia/en/a/a9/MASK_Logo.JPG

Chris Christie accused Cruz of opposing the NSA’s bulk collection of metadata for political, not philosophical, reasons. “He went for the easy political vote at a time when it looked like it was a popular thing to do,” the New Jersey governor said on Morning Joe. “With all those dead Parisians, it doesn’t look so popular!”

oy veh

http://nymag.com/daily/intelligencer/2015/12/consorting-with-foreign-government-a-scandal-too.html

There's a lot we don't know beneath The Wall Street Journal's report today that the National Security Agency picked up intelligence on meetings with U.S. members of Congress and domestic political groups while spying on the Israeli government after credible reports (subsequently validated by the surveillance) that the Israelis were collecting and leaking intelligence on the sensitive U.S.-Iran nuclear talks.

The story has many dimensions. But, so far, virtually all of the reaction involves two questions: (1) Should the U.S. be spying on our ally Israel? (This was raised immediately if cautiously by Marco Rubio, who's in a bit of a quandary because he's normally a fan of surveillance.) And (2) should the Executive branch be spying, even incidentally, on the Legislative branch? (Former House Intelligence Committee chairman Peter Hoekstra called for an investigation of this possibility and for indictments if it turned out to be true.) These are both important and complex issues. But there should be a third question raised as well: Should members of Congress be consorting with agents of a foreign government to thwart U.S. diplomacy?

who's zoomin' who?

eh. obv i am a biased commentator here but ultimately isn't he arguing that congress should not meet w/ foreign leaders when they disagree w/ the president's policy? that means that, eg, mccain should not have had a relationship w/ saakashvili's gov during the time that he was advising a US military response to Russia encroachment on Georgia while Bush's policy was not military? like do we really believe that there's no place for members of congress to a) 'consort' with foreign leaders and b) disagree w/ the POTUS at the same time? seems both impossible + undesirable and really only an issue here bc a) omg israel and b) don't look but the WH just spied on congress.

like do we really believe that there's no place for members of congress to a) 'consort' with foreign leaders

Dems have gotten grief for this too, from Pelosi on back through the Reagan years, on issues from Central America to Iran...

Here the Republicans were arguably trying to undermine ongoing treaty negotiations and not just disagreeing with the President, Commander in Chief...I think Kilgore is arguing that there's no place for members of Congress to do that.

i agree that both parties have done this over the years - it seems like a consequence of how we've split foreign affairs power between the executive and legislative branches and probably a bit silly to bemoan. until it's illegal for congress to try to undermine the executive branch's diplomacy this kind of thing will continue to happen - esp when the branches are split by party.

http://articles.philly.com/1987-11-13/news/26175480_1_house-speaker-jim-wright-wright-and-ortega-wright-ortega

http://csrc.nist.gov/publications/drafts/nistir-8105/nistir_8105_draft.pdf

which one is you

This certainly confirms the hunches many people had about the NSA's announcement that it was abandoning ECC.

That's got to be a historically short lifespan for a technique - has anything else in the history of secret codes been brought into wide application and then rendered essentially useless within a little over a decade? I mean this is a projection, not a guarantee that quantum computing has been advanced enough to consistently and affordably crack everything, but one assumes NIST and their colleagues across the way have a pretty good handle on where stuff is going to be in the next few years.

I guess there were several systems introduced just prior to or during WW2 that became completely obsolete shortly thereafter.

Recently, some experiments using ion traps and superconducting circuits have demonstrated universal sets of quantum gates that are nominally below the highest theoretical fault-tolerance thresholds (around 1%) [9, 10]. This is a significant milestone, which has spurred increased investment from both government and industry. However, it is clear that substantial long-term efforts are needed to move from present day laboratory demonstrations involving one to ten qubits up to large-scale quantum computers involving thousands of logical qubits encoded in perhaps hundreds of thousands of physical qubits.

Note lack of even a ballpark guess as to how many years "substantial long-term efforts" will actually take. Yeesh.

When standards for quantum-resistant public key cryptography become available, NIST will reassess the imminence of the threat of quantum computers to existing standards, and may decide to deprecate or withdraw the affected standards thereafter as a result. Agencies should therefore be prepared to transition away from these algorithms as early as 10 years from now. As the replacements for currently standardized public-key algorithms are not yet ready, a focus on maintaining crypto agility is imperative.

Please be prepared to completely ditch all implementations of ECC and RSA in a hot minute. Lol, mobile.

I think a cancer therapy based on Crispr will be approved by the FDA before a high-scale quantum computer breaks an RSA key. Like that's the side of that bet I would take.

Apparently most of the world agrees with you because I haven't heard of any VC cash being thrown around at quantum-resistant crypto startups, like, at all

https://www.documentcloud.org/documents/2702948-Problem-Book-Redacted.html#document/p1

AUSCANNZUKUS is still my favorite all-caps word ever. I love that my phone knows it.

so there's this:

Robert Cattanach, a cybersecurity attorney and former Department of Justice special counsel to the secretary of the Navy, said the government's request leaves Apple in a difficult position as the company is now thrust into the center of the battle to balance privacy needs against counterterrorism efforts.

"The FBI's request to a U.S. Magistrate for an order requiring Apple to disable the auto-wipe feature after 10 unsuccessful attempts represents the next step in the journey to find the holy grail of back door unencryption, and the next salvo in the ever-escalating battle between law enforcement and tech companies," Cattanach said.

http://www.latimes.com/local/lanow/la-me-ln-apple-san-bernardino-security-20160217-story.html

@Snowden 6h6 hours ago
This is the most important tech case in a decade. Silence means @google picked a side, but it's not the public's.

Will be interesting to see how this plays out.

‏@ggreenwald
Claim Apple is doing this "only" for PR benefit is bizarre: PR in refusing FBI's demand to open phone of Muslim who mass-murdered Americans?

i wonder how awkward the pro-Apple chants will be here

Rally in New York, NY!
Apple is right. No government backdoor in our iPhones!
Tuesday February 23 2016 • 5:30 pm
Apple Store • 767 5th Avenue @60th Street