Congress May Not Be So Eager To Simply Hand Over Its Own Authority To The Obama Administration To Approve TPP

End-To-End Encryption Isn't Just About Privacy, But Security

from the legacy-of-ed-snowden? dept

Thu, Nov 14th 2013 3:58pm — Mike Masnick

Nicholas Weaver has a fantastic article over at Wired detailing how GCHQ and NSA's "quantum injection" effort works to install malware on the computers of targets via packet injection. As he notes, this effort "turned the internet backbone into a weapon." That's dangerous on multiple levels. He explains that, while experts have been suggesting this for years, cleartext traffic isn't just a privacy issue, it's now a security issue:

If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgicom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.

The only way to protect against this is to encrypt everything:

The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.

Thankfully, he's not the only one thinking about this. As we pointed out a few weeks ago, IETF is moving forward, full-steam ahead, on looking at ways to make the internet secure by default.

That seems like a very useful consequence of all of this. While we've mostly been focused on what's happening at the political and policy levels around here, the technology can make a lot of that meaningless. The simple fact is that an awful lot of security online has involved kludges pasted on later, after problems or concerns appeared. Rethinking and rebuilding a more secure (it'll never be perfectly secure but it can be a lot more secure) internet from the ground up isn't just good for protecting privacy and keeping away from snooping spies, but it's just a good plan, in general, for security.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cybersecurity, encryption, end to end, nsa, online attacks, online security, packet injection, security, surveillance

22 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 14 Nov 2013 @ 4:16pm

My internet was already secured, but I do welcome more security, layers, layers and more layers of it.
[ link to this | view in chronology ]
This comment has been flagged by the community. Click here to show it

out_of_the_blue, 14 Nov 2013 @ 4:17pm

Oy. What's been obvious to me for years is now seeping into noobs.
"turned the internet backbone into a weapon." -- Sheesh. You only have to understand a bit of how it's designed -- the root servers, plain text everywhere, open addresses in every browser request -- to see that it has NO OTHER PURPOSE than for spying.

Just for history: in 1979, Neil Young (of Crosby Stills Nash and Young) wrote (one of his best in my opinion) "Computer Cowboy (Aka Syscrusher)" which speaks exactly of SNOOPING / HACKING the then almost unknown networks. "He rides the range at midnight [allegoric, see?] ... to bring another system down, and leave his alias behind". Security problems are SO not new.

And has this noob never heard of Google? The MAIN spying done on teh internets is BY Google and Facebook!

Oh, and mainly, this intended lack of security will become the excuse for hardware lockdown and personal identification everywhere. All as intended from the start: a panopticon system surveilled by gadgets, the utter end of personal freedom. The Internet IS the Big Brother telescreen system.
"The new Google privacy policy is: You have no privacy."

12:16:54[n-257-0]
[ link to this | view in chronology ]
- This comment has been flagged by the community. Click here to show it
  
  out_of_the_blue, 14 Nov 2013 @ 4:19pm
  
  Re: Oy. What's been obvious to me for years is now seeping into noobs.
  ^^^ Wish that I'd learn to preview. That's what it's for.
  [ link to this | view in chronology ]
- This comment has been flagged by the community. Click here to show it
  
  out_of_the_blue, 14 Nov 2013 @ 4:27pm
  
  Re: Oy. What's been obvious to me for years is now seeping into noobs.
  Whoops. 1982. Here for your delectation the lyrics (stolen no doubt):
  
  Well, his cattle each have numbers
  And they all eat in a line
  When he turns the floodlights on each night
  Of course the herd looks perfect!
  Computer Cowboy.
  
  Well, he rides the range 'til midnight
  And the wild coyotes yowl
  As he trots beneath the floodlights
  And of course the rhythm is perfect!
  Computer Cowboy.
  
  Ride along computer cowboy
  To the city just in time
  To bring another system down
  And leave your alias behind:
  Computer syscrusher.
  
  Computer syscrusher.
  
  Crusher. Syscrusher.
  
  Syscrusher.
  [ link to this | view in chronology ]
  - Anonymous Coward, 15 Nov 2013 @ 2:57am
    
    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
    LYRIC COPYRIGHT INFRINGEMENT!!!
    [ link to this | view in chronology ]
    - Pragmatic, 15 Nov 2013 @ 5:49am
      
      Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
      Yes indeed, the copyrighted material has been infringed and the artist deprived on remuneration by arch-hypocrite OOTB.
      
      I presume that's an anomaly on your part. So, shall we extradite you, Cathy? Huh? Shall we drag you from your home and treat you like a criminal for copying and pasting lyrics on a site that hosts adverts and therefore makes money from your infringement, you grifting, thieving, pirate?
      [ link to this | view in chronology ]
      - Pragmatic, 15 Nov 2013 @ 5:50am
        
        Re: Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
        *of remuneration.
        [ link to this | view in chronology ]
  - Dave, 15 Nov 2013 @ 10:38am
    
    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
    What a bitter and twisted person that OOTB must be! I have visions of a darkened room in a dingy basement in a less-then-salubrious neighbourhood occupied by a gnarled old man hunched over a yellowing keyboard desperately racking a few brain cells to try and produce aimless and completely irrelevant trolling posts to surpass previous attempts at what HE must presume to be intelligent comments. Nobody is fooled for one minute by such inane and puerile ramblings. I believe there is a diagnosis for such a person who desires to be the centre of attention and I would suggest a doctor is consulted.
    [ link to this | view in chronology ]
  - Bergman (profile), 16 Nov 2013 @ 12:08am
    
    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.
    So you've finally become an anti-copyright 'freetard' blue?
    
    Or do you think copyright laws only apply to other people?
    [ link to this | view in chronology ]
- DannyB (profile), 15 Nov 2013 @ 5:50am
  
  Re: Oy. What's been obvious to me for years is now seeping into noobs.
  Dear OOTB:
  
  Wouldn't you argue that TechDirt has it backwards? That end to end encryption is not just about Security but is about Piracy, er, um... I meant Privacy?
  [ link to this | view in chronology ]
Anonymous Coward, 14 Nov 2013 @ 4:25pm

I also believe solving international spying abuses, is just as much a technological issue, as it is a legislative issue.

That's why the NSA perverting organizations such as the NIST, is so horrible.
[ link to this | view in chronology ]
ahow628 (profile), 14 Nov 2013 @ 5:25pm

As bad as it is, this is good...
As bad as it is when this stuff happens, it could be good if we learn from it. I don't want the NSA spying on us, but we have become complacent and hopefully this is the kick in the pants that will change that.
[ link to this | view in chronology ]
Anonymous Coward, 14 Nov 2013 @ 5:59pm

Intelligence of other countries should thank them
To make spying and espionage effort toward American general public / business much much easier.

Now I understand why UK said Snowden is harming the national security ***of UK***.
[ link to this | view in chronology ]
- ahow628 (profile), 14 Nov 2013 @ 7:09pm
  
  Re: Intelligence of other countries should thank them
  Maybe I'm misunderstanding you, but it seems like you are missing the point. The reason the Snowden revelations were so damaging isn't because it is making spying on terrorists harder. It is so dangerous because it is going to hamper attempts to track their own citizenry.
  
  So it really doesn't have anything to do with the Americans or the British, per se.
  
  Think about this: The NSA or GCHQ each have multi-billion dollar budgets. They have thousands of employees. They sweep up tons of information. They wield massive amounts of power. If you think they want to give that up, you are crazy. End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless.
  [ link to this | view in chronology ]
  - Anonymous Coward, 14 Nov 2013 @ 7:48pm
    
    Re: Re: Intelligence of other countries should thank them
    " End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless."
    
    Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.
    
    They simply invent an enemy wherever they *can* monitor.
    
    Like Al Qaeda always magically popped up in any country they want to attack.
    
    http://articles.washingtonpost.com/2013-08-12/world/41335229_1_syria-islamic-state-foreign-fi ghters
    
    And terrorists suddenly are doing conference calls, just after the Skype tapping revelations come out.
    
    https://gawker.com/embassy-closing-terror-plot-uncovered-on-al-qaeda-confe-1052738613
    
    And, 'anonymous' suddenly stops being a MEME used by any hacker and is redrawn by the spooks as a cyber-terrorist-army, with 'cells' and a control structure and geographic leaders, anonymous in Australia, anonymous in Indonesia.... etc.
    
    If you're always fighting phantoms, it's easy to create any number of phantom enemies to fight.
    [ link to this | view in chronology ]
    - ahow628 (profile), 14 Nov 2013 @ 8:19pm
      
      Re: Re: Re: Intelligence of other countries should thank them
      But once again, what I'm getting at, most of that goes away (aside from the Al Qaeda thing) when end-to-end encryption is put into service. The NSA and GCHQ simply won't be able to harvest the traffic.
      
      Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.
      
      I think we are agreeing here. I said in my prior comment that they point was NEVER to spy on terrorists (although that was the excuse). With end-to-end encryption, spying on Gmail or Skype or whatever is ineffective. So what is the NSA's or GCHQ's job at that point? Why would they be around? Maybe they can get back to their actual mission instead of spying on their own citizens.
      [ link to this | view in chronology ]
      - Mr. Applegate, 15 Nov 2013 @ 6:00am
        
        Re: Re: Re: Re: Intelligence of other countries should thank them
        With end-to-end encryption, spying on Gmail or Skype or whatever is ineffectiveThat really isn't true. Especially as the world transitions to IPv6 they will be able to monitor traffic on the backbones to see who talks to who, even if it is encrypted.
        
        Really not much different than tracking the Meta-Data from cell phones. I may not know what you said, but I know who you said it to, for how long... If you talk to the wrong people then I will attack the end point (install spyware, or more likely activate it, since it is likely built in at this point) to garner further information.
        [ link to this | view in chronology ]
        
        ahow628 (profile), 15 Nov 2013 @ 7:00am
        
        Re: Re: Re: Re: Re: Intelligence of other countries should thank them
        I'm not an expert here, but I think you are mistaken. End-to-end encryption doesn't just cover the message itself. It also covers the transmission of that message including its sender and its destination. I think this would be tied into DNSSec. For email specifically, it would involve the previously mentioned Dark Mail.
        
        http://www.techdirt.com/articles/20131030/11091025070/dark-mail-alliance-lavabit-silent-circle- team-up-to-try-to-create-surveillance-proof-email.shtml
        
        The point of end-to-end encryption is that it would be end-to-end and not leave any dangling metadata. Perhaps there would be some ability to track the amount of data transmitted, but that would be obfuscated by sending extra data, using compression, sending messages split into chunks, or using stenography.
        [ link to this | view in chronology ]
        
        Mr. Applegate, 15 Nov 2013 @ 9:42am
        
        Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them
        I am an expert. Even encrypted data has meta data. The packets will reveal for example Packet size, Source, Destination, Source Port, Destination Port (which can reveal type of traffic, such as Web, Email...)
        
        Don't get me wrong, encryption makes the NSA et al job harder, but it is still possible. They would have to change to a multi layer approach, and would concentrate even harder into forcing back doors into encryption protocols. Many people believe they already have backdoors into some protocols, and they may well have the private keys issued by many cert sites.
        [ link to this | view in chronology ]
        
        John Fenderson (profile), 15 Nov 2013 @ 10:24am
        
        Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them
        He's not mistaken at all. Just to get the data from one machine to another over the internet requires information about where the data packet is coming from, where it is going, timestamps, and other miscellaneous things. This data cannot be hidden or the transmission won't succeed. There's really no way around this.
        
        What you can do is use thing like an onion router (like Tor) to obfuscate the transmission path. It's not perfect, but helps a lot. If you're only worried about specific services, you can use proxy chains (for web browsing) or anonymous remailer chains (for email) to get a similar effect.
        [ link to this | view in chronology ]
Anonymous Coward, 15 Nov 2013 @ 12:32am

Not only is end to end encryption necessary for security and privacy, Individuals and companies need to manage their own keys, and data. Microsoft does not encrypt their internal traffic and they want businesses and individuals to use their cloud, which seems like a good way of telling the government what you are doing and saying.
[ link to this | view in chronology ]
Corwin (profile), 15 Nov 2013 @ 5:32am

Meaningness
While we've mostly been focused on what's happening at the political and policy levels around here, the technology can make a lot of that meaningless.

Yeah, TOOLS that EXIST have that tendency to affect REALITY more efficiently than the wasteful enforcement of arbitrary rules by a self-granted monopoly on coercive violence.
[ link to this | view in chronology ]