End-To-End Encryption Isn't Just About Privacy, But Security
from the legacy-of-ed-snowden? dept
Nicholas Weaver has a fantastic article over at Wired detailing how GCHQ and NSA's "quantum injection" effort works to install malware on the computers of targets via packet injection. As he notes, this effort "turned the internet backbone into a weapon." That's dangerous on multiple levels. He explains that, while experts have been suggesting this for years, cleartext traffic isn't just a privacy issue, it's now a security issue:If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgicom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.The only way to protect against this is to encrypt everything:
Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.
The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.Thankfully, he's not the only one thinking about this. As we pointed out a few weeks ago, IETF is moving forward, full-steam ahead, on looking at ways to make the internet secure by default.
Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.
That seems like a very useful consequence of all of this. While we've mostly been focused on what's happening at the political and policy levels around here, the technology can make a lot of that meaningless. The simple fact is that an awful lot of security online has involved kludges pasted on later, after problems or concerns appeared. Rethinking and rebuilding a more secure (it'll never be perfectly secure but it can be a lot more secure) internet from the ground up isn't just good for protecting privacy and keeping away from snooping spies, but it's just a good plan, in general, for security.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, encryption, end to end, nsa, online attacks, online security, packet injection, security, surveillance
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Oy. What's been obvious to me for years is now seeping into noobs.
Just for history: in 1979, Neil Young (of Crosby Stills Nash and Young) wrote (one of his best in my opinion) "Computer Cowboy (Aka Syscrusher)" which speaks exactly of SNOOPING / HACKING the then almost unknown networks. "He rides the range at midnight [allegoric, see?] ... to bring another system down, and leave his alias behind". Security problems are SO not new.
And has this noob never heard of Google? The MAIN spying done on teh internets is BY Google and Facebook!
Oh, and mainly, this intended lack of security will become the excuse for hardware lockdown and personal identification everywhere. All as intended from the start: a panopticon system surveilled by gadgets, the utter end of personal freedom. The Internet IS the Big Brother telescreen system.
"The new Google privacy policy is: You have no privacy."
12:16:54[n-257-0]
[ link to this | view in chronology ]
Re: Oy. What's been obvious to me for years is now seeping into noobs.
[ link to this | view in chronology ]
Re: Oy. What's been obvious to me for years is now seeping into noobs.
Well, his cattle each have numbers
And they all eat in a line
When he turns the floodlights on each night
Of course the herd looks perfect!
Computer Cowboy.
Well, he rides the range 'til midnight
And the wild coyotes yowl
As he trots beneath the floodlights
And of course the rhythm is perfect!
Computer Cowboy.
Ride along computer cowboy
To the city just in time
To bring another system down
And leave your alias behind:
Computer syscrusher.
Computer syscrusher.
Crusher. Syscrusher.
Syscrusher.
[ link to this | view in chronology ]
Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
[ link to this | view in chronology ]
Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
I presume that's an anomaly on your part. So, shall we extradite you, Cathy? Huh? Shall we drag you from your home and treat you like a criminal for copying and pasting lyrics on a site that hosts adverts and therefore makes money from your infringement, you grifting, thieving, pirate?
[ link to this | view in chronology ]
Re: Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
[ link to this | view in chronology ]
Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
[ link to this | view in chronology ]
Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
Or do you think copyright laws only apply to other people?
[ link to this | view in chronology ]
Re: Oy. What's been obvious to me for years is now seeping into noobs.
Wouldn't you argue that TechDirt has it backwards? That end to end encryption is not just about Security but is about Piracy, er, um... I meant Privacy?
[ link to this | view in chronology ]
That's why the NSA perverting organizations such as the NIST, is so horrible.
[ link to this | view in chronology ]
As bad as it is, this is good...
[ link to this | view in chronology ]
Intelligence of other countries should thank them
Now I understand why UK said Snowden is harming the national security ***of UK***.
[ link to this | view in chronology ]
Re: Intelligence of other countries should thank them
So it really doesn't have anything to do with the Americans or the British, per se.
Think about this: The NSA or GCHQ each have multi-billion dollar budgets. They have thousands of employees. They sweep up tons of information. They wield massive amounts of power. If you think they want to give that up, you are crazy. End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless.
[ link to this | view in chronology ]
Re: Re: Intelligence of other countries should thank them
Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.
They simply invent an enemy wherever they *can* monitor.
Like Al Qaeda always magically popped up in any country they want to attack.
http://articles.washingtonpost.com/2013-08-12/world/41335229_1_syria-islamic-state-foreign-fi ghters
And terrorists suddenly are doing conference calls, just after the Skype tapping revelations come out.
https://gawker.com/embassy-closing-terror-plot-uncovered-on-al-qaeda-confe-1052738613
And, 'anonymous' suddenly stops being a MEME used by any hacker and is redrawn by the spooks as a cyber-terrorist-army, with 'cells' and a control structure and geographic leaders, anonymous in Australia, anonymous in Indonesia.... etc.
If you're always fighting phantoms, it's easy to create any number of phantom enemies to fight.
[ link to this | view in chronology ]
Re: Re: Re: Intelligence of other countries should thank them
Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.
I think we are agreeing here. I said in my prior comment that they point was NEVER to spy on terrorists (although that was the excuse). With end-to-end encryption, spying on Gmail or Skype or whatever is ineffective. So what is the NSA's or GCHQ's job at that point? Why would they be around? Maybe they can get back to their actual mission instead of spying on their own citizens.
[ link to this | view in chronology ]
Re: Re: Re: Re: Intelligence of other countries should thank them
Really not much different than tracking the Meta-Data from cell phones. I may not know what you said, but I know who you said it to, for how long... If you talk to the wrong people then I will attack the end point (install spyware, or more likely activate it, since it is likely built in at this point) to garner further information.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Intelligence of other countries should thank them
http://www.techdirt.com/articles/20131030/11091025070/dark-mail-alliance-lavabit-silent-circle- team-up-to-try-to-create-surveillance-proof-email.shtml
The point of end-to-end encryption is that it would be end-to-end and not leave any dangling metadata. Perhaps there would be some ability to track the amount of data transmitted, but that would be obfuscated by sending extra data, using compression, sending messages split into chunks, or using stenography.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them
Don't get me wrong, encryption makes the NSA et al job harder, but it is still possible. They would have to change to a multi layer approach, and would concentrate even harder into forcing back doors into encryption protocols. Many people believe they already have backdoors into some protocols, and they may well have the private keys issued by many cert sites.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them
What you can do is use thing like an onion router (like Tor) to obfuscate the transmission path. It's not perfect, but helps a lot. If you're only worried about specific services, you can use proxy chains (for web browsing) or anonymous remailer chains (for email) to get a similar effect.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Meaningness
Yeah, TOOLS that EXIST have that tendency to affect REALITY more efficiently than the wasteful enforcement of arbitrary rules by a self-granted monopoly on coercive violence.
[ link to this | view in chronology ]