NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure
from the say-what-now? dept
There's been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved "rules" for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece -- and many others are now exploring -- the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it's determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn't sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn't collect it for that purpose. As Kevin Bankston points out to Andy Greenberg in the link above:
The default is that your communications are unprotected.That's the exact opposite of how it's supposed to be under the Constitution. The default is supposed to be that your communications are protected, and if the government wants to see it, it needs to go to court to get a specific warrant for that information.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, nsa, nsa surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
Not to mention that more people will move to encryption related development.
I wonder if the NSA has the firepower needed to decrypt all that? Also, given the new interest in crypto stuff I wonder if the US aren't actually doing a favor to the people around the world by unwillingly pushing the development of decentralized and encrypted alternatives?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
So... What percentage of Internet traffic is encrypted these days, and will be encrypted in the future? Sounds as though the NSA have written themselves a future-proof policy (subject to change without notice) that gives them carte blanche to collect, store and analyze pretty much any and all data that they care to from anyone they please, without limitation, as long as it's encrypted.
[ link to this | view in chronology ]
Re: Ninja
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: (post #1 by Ninja)
[ link to this | view in chronology ]
Re: Re: (post #1 by Ninja)
Schneier, Bruce, Applied Cryptography, Second Ed., New York: John Wiley and Sons, 1996, pp. 157–8:
(Slightly reformatted due to lack of superscript in available markup here. I've used “E” notation for powers of 10, and ^ for other exponentiation.)
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
https://www.eff.org/https-everywhere
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Most serious businesses will use SSH for remote server administration. Is the NSA going to try to be looking into that?
Last I checked, corporate espionage was still a crime.
[ link to this | view in chronology ]
Re: Re:
"Well, when the president does it, that means that it is not illegal." —RMN
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
Primarily, people they think are threats to the government. This includes, of course, political activists, and probably even people they think might someday become activists.
Remember how Pol Pot used to kill people with glasses, because anyone with learning was a threat to his regime? The NSA will have people just like that working for them; in any organization that large, it's guaranteed. And some will eventually come into positions of power, if they haven't already.
Do you really want a mini-Pol Pot having full access to anything you've ever said electronically to anyone?
[ link to this | view in chronology ]
Damn my competitive nature.
All I know is I'll be the winner because that little thing know as the power of ten dwarfs computing power very fast.
My message of I love toast and OOTB is a bitch will be triple encrypted each with a password over 500 chars. 90 trillions years in the future once they crack it they'll know just how much I love toast and hate OOTB.
[ link to this | view in chronology ]
A code word or phrase may be hidden , and be undetectable, in any communication, so does this mean they get to keep everything?
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
It's more cost effective.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Talk to your bank in the clear!
This also applies to on-line shopping sites. Make sure that there is no padlock visible when you are providing your credit card number on-line.
Remember: If you use encryptation when you're conducting financial transactions, the NSA may consider you a terrorist.
You have been warned.
[ link to this | view in chronology ]
Re: Talk to your bank in the clear!
[ link to this | view in chronology ]
I use double ROT-13, it's double plus good.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
Pffft...I've been using ROT-156 for years. They finally decided to upgrade to ROT-26. Amateurs.
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re: Re:
http://www.theatlantic.com/politics/archive/2012/07/the-supreme-court-still-thinks-corporation s-are-people/259995/
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
ROT-13
[ link to this | view in chronology ]
mark-up.
So, you have a malformed link in your page...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
(And what does function verify_data($first_name, $last_name, $email, $zip)
function validate_fields($required_fields)
function create_account($sku, $first_name, $last_name, $email, $zip, $address1 = "", $address2 = "", $city = "", $state = "", $country = "", $phone = "", $fax = "", $company_name = "", $title = "" )
function create_free_order($user_id, $product_id)
function send_confirmation_email($sku, $email, $first_name, $product_type)
function login($email, $password)
function new_password($new_password, $verify_password)
function get_form_type( $product_id )
function decode_gate_key( $key )
function encode_gate_key( $seminar_id, $product_id )that make the two of you?)
[ link to this | view in chronology ]
It's a lesson from the Holy Inquisition
[ link to this | view in chronology ]
Gmail is encrypted
Does that mean NSA is storing ALL emails sent via GMail?
Maybe. Probably they can't decrypt it, tho. :-)
[ link to this | view in chronology ]
Re: Gmail is encrypted
Sen. Wyden: Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?
DNI Clapper: No sir.
Sen. Wyden: It does not?
DNI Clapper: Not wittingly. There are cases where they could, inadvertently perhaps, collect—but not wittingly.
[ link to this | view in chronology ]
Re: Re: Gmail is encrypted
[ link to this | view in chronology ]
Re: Re: Re: Gmail is encrypted
——“WH defends DNI director Clapper after congressional testimony draws fire”, by Stephanie Condon, CBS News, June 11, 2013
[ link to this | view in chronology ]
Re: Re: Re: Re: Gmail is encrypted
[ link to this | view in chronology ]
Re: Gmail is encrypted
[ link to this | view in chronology ]
Re: Gmail is encrypted
[ link to this | view in chronology ]
Re: Gmail is encrypted
[ link to this | view in chronology ]
Re: Re: Gmail is encrypted
Truly yours,
The Future.
[ link to this | view in chronology ]
Re: Gmail is encrypted
(Welcome from living under a rock. hehe)
[ link to this | view in chronology ]
Re: Gmail is encrypted
[ link to this | view in chronology ]
Information about criminal activity
Yesterday I exceeded the speed limit. Another crime.
Hi, spook!
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Traitors
[ link to this | view in chronology ]
Re: Traitors
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Make it look like SPAM
Encrypt you data, convert to base64.
Replace each base64 character with some sentence from a book.
NSA's SPAM filter discards your message.
[ link to this | view in chronology ]
Re: Make it look like SPAM
[ link to this | view in chronology ]
Re: Re: Make it look like SPAM
[ link to this | view in chronology ]
Re: Re: Re: Make it look like SPAM
[ link to this | view in chronology ]
Re: Make it look like SPAM
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: 2048 bit VPN
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Tyranny Bedrock
This has turned into a sick, fucked up joke and if you're not laughing the joke's on you.
As soon as the powers of the NSA were unleashed within its own borders it was game over.
Secret data, secret sources, secret tips, secret courts, secret enforcement, secret government, secret law, secret all powerful gods to rule over the engines of commerce.
Soon
Everything
Creates a
Reasonable
Expectation of
Tyranny
Personally, I think some current and previous heads of government need to be tried for treason against the people. "To protect" does not override the foundational laws of freedom.
"The people" are the very last means of protection that any people have.
Doomed. Doooooommmeed.
I hope that all your hopes of abortion and immigrants and prayer in school and gun ownership, and favorite reality tv show ends the way you want it to! Fucking tools.
[ link to this | view in chronology ]
Reasonable Expectation of Privacy
Hopefully someone brings this up to the administration. I'm sure it won't be anyone from the mainstream media, and certainly not NPR.
[ link to this | view in chronology ]
Re: Reasonable Expectation of Privacy
1. Hey, you didn't encrypt it so obviously you weren't expecting privacy anyway.
2. You encrypted it, so you might be doing something bad.
[ link to this | view in chronology ]
Re: Re: Reasonable Expectation of Privacy
1. If you can search files then it's contributory infringement.
2. If you can't search files then you're just trying to hide the infringement, therefor it's contributory.
[ link to this | view in chronology ]
Re: Reasonable Expectation of Privacy
[ link to this | view in chronology ]
Steganography
[ link to this | view in chronology ]
Re: Steganography
[ link to this | view in chronology ]
Re: Steganography
[ link to this | view in chronology ]
Re: Steganography
[ link to this | view in chronology ]
Not cool.
[ link to this | view in chronology ]
Encryption Chain
User "A" Sends a 10 Meg Encrypted Picture to everyone on their E-Mail Chain List.
Receivers then Re-Encrypt the Original Message (This would now be a "NEW" File as far as the NSA cares, give they didn't break the original encryption. This new 10Meg Email is forwarded on to a new list of Anonymous users.
Rinse & Repeat.
Each User just sending to 10 new users with custom encryption for each user is 100 Meg per person of Encrypted Data for the NSA to keep.
[ link to this | view in chronology ]
Re: Encryption Chain
[ link to this | view in chronology ]
A rational response to Europe's privacy concerns would be to build Euro-owned and -governed big-data-type solutions.
However, to make them work and have any hope of addressing the privacy concerns, Europe would have to ban the use of the USA-based, hopelessly-compromised services like Google and Facebook.
Basically, to have any semblance of privacy going forward, Europe needs to turn SOPA-like restrictions on the historic US Internet services. No other choice: the US can never be trusted again.
[ link to this | view in chronology ]
Decode THIS!
M2.6:ZF(S&;$)[-1E3Z!C*$.4'E*W3 S^J%`VBD>85````14[FHT:1LPC\6BX.
MEAIT?CL5````0_':ZP9*!S!+8?^T.[7+>A(Y$-,DJ-UI8&
M'9^I9L5 5/F+.T,H6,24SF#H```T````#`P(!!Z"0(A0-````/^``````````
M*J+CY_]R>O)3J$HS.1SCO(/[#:N!H^^*)3[-!;HBY UD^,CIXF$2;G+D5J+L8
M];F+0;P3J`V+F_YH,TSE)(Y//0M,/S`(9\QG@X9/9I5*198"=?XQ_=0N-3-_R]_/U7)#'Y4/F*=-S! OIM&Z#
M%MY4?7LH7$4+6][H=@1J):T,;^%&TYL4L/&=Y1*A%DTC,A#Z"*0+@[A](GX6
L]!TZR@VLX,HW3CK= =L1BB"7
[ link to this | view in chronology ]
Funkoscope
ℱüηк◎ṧḉσ℘e || Psychedelic, Electronic, Chill
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
It goes even a little further
" sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis."
You sort of covered it, but to highlight: The DOJ and NSA are among the all time world champions in the use of weasel language. Notice their statement could be interpreted to mean they will keep data, even if it is clearly domestic only, even if it is clearly not illegal or controversial, simply because the breaking of the cryptography revealed insights into breaking crypto itself. In other words, if they broke it, they'll keep it just as an example of a code that might be used elsewhere.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
"The first thing I did after I heard about the highly classified NSA PRISM program two years ago was set up a proxy server in Peshawar to email me passages from Joyce’s Finnegans Wake. A literary flight of fancy. I started sending back excerpts from Gerard Manley Hopkins poems."
http://www.warscapes.com/literature/cryptogams-nsa
[ link to this | view in chronology ]
To Demosthenes Locke
"My epiphany came here...
Joyce, Hopkins, Proust, Shakespeare...had sought immortality in their endeavors... And yet, here the government had actually done it... for all of us: everything written now preserved for evermore – and if the United States of America had her way, it would be until the end of time. Our immortality in the mineral composition of database drives."
I have never desired, nor do I now, the preservation of my personal thoughts, ideas, and/or communications of any kind, which I sent specifically to certain individuals.
Around 10 years ago, it occurred to me that what is sent via the internet stays on the internet; and so, I made the decision a decade ago to never write or send that which I did not want preserved for posterity, frozen in databases for all time. I'm elated for that foresight, though at the time, my family & friends considered me "paranoid."
Even so, the fact that our written and spoken communications are stored (and depending on content, may earn us a visit similar to Mr. Sifton's)— should not only frighten us, but become the impetus for each and every one of us to refuse to make it as easy for them to continue doing so...
[ link to this | view in chronology ]
Unconstitutional
[ link to this | view in chronology ]
PGP/GPG use it love it.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The scariest part...
S: "What does your pet look like?"
R: "My cat is orange."
Could be "reasonably believed to contain secret meaning" given the standards of which the NSA is operating... ergo, any data qualifies.
[ link to this | view in chronology ]
sllab ym kcus
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Increase Encryption, Decrease Spam
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
But just publish the government side of things, not the "joe public" sender/receiver.
Oh, and if there is a "malicious payload", i.e. an encrypted attachment, make that publically available too. :)
[ link to this | view in chronology ]
[ link to this | view in chronology ]
This is a Very Useful Piece of Intelligence
We should all be sending encrypted messages, and each one should contain relevant quotes from the U.S. Constitution and our founding fathers.
The technically savvy should be doing everything in their power to enable the less technically savvy to achieve this.
Knowledge is power. We have just been handed a very useful bit of knowledge.
[ link to this | view in chronology ]
“These charges send a clear message,” the spokesman said. “In the United States, you can’t spy on people.”
Seemingly not kidding, the spokesman went on to discuss another charge against Mr. Snowden—the theft of government documents: “The American people have the right to assume that their private documents will remain private and won’t be collected by someone in the government for his own purposes."
Animal Farm by George Orwell. He eas ahead of his time.
[ link to this | view in chronology ]