Former security executives endorse unbreakable encryption

The Washington Post has published an editorial written by three former governmental security officials who (now) fully support end-to-end encryption.

Mike McConnell is a former director of the National Security Agency and director of national intelligence. Michael Chertoff is a former homeland security secretary and is executive chairman of the Chertoff Group, a security and risk management advisory firm with clients in the technology sector. William Lynn is a former deputy defense secretary and is chief executive of Finmeccanica North America and DRS Technologies.

The three men, now firmly ensconsed in the private sector, believe that an encryption “back-door” is not worth the risk of privacy rights.

We recognize the importance our officials attach to being able to decrypt a coded communication under a warrant or similar legal authority. But the issue that has not been addressed is the competing priorities that support the companies’ resistance to building in a back door or duplicated key for decryption. We believe that the greater public good is a secure communications infrastructure protected by ubiquitous encryption at the device, server and enterprise level without building in means for government monitoring.

First, such an encryption system would protect individual privacy and business information from exploitation at a much higher level than exists today. As a recent MIT paper explains, requiring duplicate keys introduces vulnerabilities in encryption that raise the risk of compromise and theft by bad actors. If third-party key holders have less than perfect security, they may be hacked and the duplicate key exposed. This is no theoretical possibility, as evidenced by major cyberintrusions into supposedly secure government databases and the successful compromise of security tokens held by a major information security firm. Furthermore, requiring a duplicate key rules out security techniques, such as one-time-only private keys.

Second, a requirement that U.S. technology providers create a duplicate key will not prevent malicious actors from finding other technology providers who will furnish ubiquitous encryption. The smart bad guys will find ways and technologies to avoid access, and we can be sure that the “dark Web” marketplace will offer myriad such capabilities. This could lead to a perverse outcome in which law-abiding organizations and individuals lack protected communications but malicious actors have them.

Finally, and most significantly, if the United States can demand that companies make available a duplicate key, other nations such as China will insist on the same. There will be no principled basis to resist that legal demand. The result will be to expose business, political and personal communications to a wide spectrum of governmental access regimes with varying degrees of due process.

It is well past time

While a lot can happen before the expiration of the Patriot Act on June 1, it looks like Congress (or at the least the House) are prepared for major reductions in US domestic spying and surveillance.

From the New York Times:

After more than a decade of wrenching national debate over the intrusiveness of government intelligence agencies, a bipartisan wave of support has gathered to sharply limit the federal government’s sweeps of phone and Internet records.

On Thursday, a bill that would overhaul thePatriot Act and curtail the so-called metadata surveillance exposed by Edward J. Snowden was overwhelmingly passed by the House Judiciary Committee and was heading to almost certain passage in that chamber this month.

An identical bill in the Senate — introduced with the support of five Republicans — is gaining support over the objection of Senator Mitch McConnell, Republican of Kentucky, who is facing the prospect of his first policy defeat since ascending this year to majority leader.

The push for reform is the strongest demonstration yet of a decade-long shift from a singular focus on national security at the expense of civil liberties to a new balance in the post-Snowden era.

Under the bipartisan bills in the House and Senate, the Patriot Act would be changed to prohibit bulk collection, and sweeps that had operated under the guise of so-called National Security Letters issued by the F.B.I. would end. The data would instead be stored by the phone companies themselves, and could be accessed by intelligence agencies only after approval of the secret Foreign Intelligence Surveillance Act court.

The legislation would also create a panel of experts to advise the FISA court on privacy, civil liberties, and technology matters, while requiring the declassification of all significant FISA court opinions.

More details from the Times here.

Decades of surveillance (updated)

USA Today is reporting that the government started collecting data on citizens’ international telephone calls a decade prior to 9/11.

For more than two decades, the Justice Department and the Drug Enforcement Administration amassed logs of virtually all telephone calls from the USA to as many as 116 countries linked to drug trafficking, current and former officials involved with the operation said. The targeted countries changed over time but included Canada, Mexico and most of Central and South America.

Federal investigators used the call records to track drug cartels’ distribution networks in the USA, allowing agents to detect previously unknown trafficking rings and money handlers. They also used the records to help rule out foreign ties to the bombing in 1995 of a federal building in Oklahoma City and to identify U.S. suspects in a wide range of other investigations.

The Justice Department revealed in January that the DEA had collected data about calls to “designated foreign countries.” But the history and vast scale of that operation have not been disclosed until now.

How Americans can ever trust the government to protect their privacy, and comply with the Constitution, is a real puzzle. Secret data collection by the government is apparently unstoppable in the current political environment. Shameful.

Update: The EFF has agreed to represent Human Rights Watch, a civil liberties group, in a lawsuit challenging the legality of the DEA’s massive data collection program.

Human Rights Watch, a nonpartisan organization that fights human rights abuses across the globe, filed suit against the U.S. Drug Enforcement Administration late Tuesday for illegally collecting records of its telephone calls to certain foreign countries as part of yet another government bulk surveillance program. The group is represented by the Electronic Frontier Foundation (EFF), which has launched a series of legal challenges against unconstitutional government surveillance.

“The DEA’s program of untargeted and suspicionless surveillance of Americans’ international telephone call records—information about the numbers people call, and the time, date, and duration of those calls—affects millions of innocent people, yet the DEA operated the program in secret for years,’’ said EFF Staff Attorney Nate Cardozo. “Both the First and Fourth Amendment protect Americans from this kind of overreaching surveillance. This lawsuit aims to vindicate HRW’s rights, and the rights of all Americans, to make calls overseas without being subject to government surveillance.”

The CIA seeks to break security of Apple devices

The Intercept is reporting that the CIA has conducted a multi-year campaign to break the security of Apple iPhones and iPads.

By targeting essential security keys used to encrypt data stored on Apple’s devices, the researchers have sought to thwart the company’s attempts to provide mobile security to hundreds of millions of Apple customers across the globe. Studying both “physical” and “non-invasive” techniques, U.S. government-sponsored research has been aimed at discovering ways to decrypt and ultimately penetrate Apple’s encrypted firmware. This could enable spies to plant malicious code on Apple devices and seek out potential vulnerabilities in other parts of the iPhone and iPad currently masked by encryption.

* * *

The security researchers also claimed they had created a modified version of Apple’s proprietary software development tool, Xcode, which could sneak surveillance backdoors into any apps or programs created using the tool. Xcode, which is distributed by Apple to hundreds of thousands of developers, is used to create apps that are sold through Apple’s App Store.

The modified version of Xcode, the researchers claimed, could enable spies to steal passwords and grab messages on infected devices. Researchers also claimed the modified Xcode could “force all iOS applications to send embedded data to a listening post.” It remains unclear how intelligence agencies would get developers to use the poisoned version of Xcode.

Researchers also claimed they had successfully modified the OS X updater, a program used to deliver updates to laptop and desktop computers, to install a “key logger.”

* * *

“Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”

Bellovin says he generally supports efforts by U.S. intelligence to “hack” devices — including Apple’s — used by terrorists and criminals, but expressed concern that such capabilities could be abused. “There are bad people out there, and it’s reasonable to seek information on them,” he says, cautioning that “inappropriate use — mass surveillance, targeting Americans without a warrant, probably spying on allies — is another matter entirely.”

Documents provided by Edward Snowden revealed the CIA attacks on Apple software and hardware. The documents also reveal that other tech companies were also attacked.  Tim Cook has repeatedly attacked the efforts of the CIA and the NSA and he has called for privacy protection for all Apple customers.

“If I were Tim Cook, I’d be furious,” says the ACLU’s Soghoian. “If Apple is mad at the intelligence community, and they should be, they should put their lawyers to work. Lawsuits speak louder than words.”

* * *

“I want to be absolutely clear that we have never worked with any government agency from any country to create a backdoor in any of our products or services. We have also never allowed access to our servers. And we never will,” Cook said last September in announcing Apple’s new privacy policy. More recently, Cook said, “None of us should accept that the government or a company or anybody should have access to all of our private information. This is a basic human right. We all have a right to privacy. We shouldn’t give it up. We shouldn’t give in to scare-mongering.”

* * *

As corporations increasingly integrate default encryption methods and companies like Apple incorporate their own indigenous encryption technologies into easy-to-use text, voice and video communication platforms, the U.S. and British governments are panicking. “Encryption threatens to lead all of us to a very dark place,” declared FBI Director James Comey in an October 2014 lecture at the Brookings Institution. Citing the recent moves by Apple to strengthen default encryption on its operating systems, and commitments by Google to incorporate such tools, Comey said, “This means the companies themselves won’t be able to unlock phones, laptops, and tablets to reveal photos, documents, e-mail, and recordings stored within.”

Under current U.S. regulations, law enforcement agencies can get a court order to access communications channeled through major tech companies and wireless providers. But if those communications are encrypted through a process not accessible by any involved company, the data is essentially meaningless, garbled gibberish. “In a world in which data is encrypted, and the providers don’t have the keys, suddenly, there is no one to go to when they have a warrant,” says Soghoian. “That is, even if they get a court order, it doesn’t help them. That is what is freaking them out.”

You can read the full, detailed and shocking article here.

Wikipedia sues NSA over mass surveillance

Wikipedia is suing the NSA over the spy agency’s so-called “upstream” surveillance, which collects information around the world by tapping into Internet cables.

The notion that the N.S.A. is monitoring Wikipedia’s users is not, unfortunately, a stretch of the imagination. One of the documents revealedby the whistle-blower Edward J. Snowden specifically identified Wikipedia as a target for surveillance, alongside several other major websites like CNN.com, Gmail and Facebook. The leaked slide from a classified PowerPoint presentation declared that monitoring these sites could allow N.S.A. analysts to learn “nearly everything a typical user does on the Internet.”

The harm to Wikimedia and the hundreds of millions of people who visit our websites is clear: Pervasive surveillance has a chilling effect. It stifles freedom of expression and the free exchange of knowledge that Wikimedia was designed to enable.

* * *

In the lawsuit we’re filing with the help of the American Civil Liberties Union, we’re joining as a fellow plaintiff a broad coalition of human rights, civil society, legal, media and information organizations. Their work, like ours, requires them to engage in sensitive Internet communications with people outside the United States.

That is why we’re asking the court to order an end to the N.S.A.’s dragnet surveillance of Internet traffic.

Privacy is an essential right. It makes freedom of expression possible, and sustains freedom of inquiry and association. It empowers us to read, write and communicate in confidence, without fear of persecution. Knowledge flourishes where privacy is protected.

This is an excellent, well-funded effort that might have a decent chance of limiting at least some of the “collect it all” operations of the NSA.

SIM card security breached by US and UK

The Intercept is reporting this morning that US and UK spies broke into the internal network of Gemalto, the largest SIM card manufacturer in the world and stole the encryption keys used by the manufacturer. SIM cards are designed to protect the privacy of cellphone conversations, among other things. The reporting is based on documents provided by Edward Snowden, and the breach was described in a document written in 2010.

So, as a beginning point, you can safely assume that your mobile phone privacy was breached over four years ago.

Here are more details:

Leading privacy advocates and security experts say that the theft of encryption keys from major wireless network providers is tantamount to a thief obtaining the master ring of a building superintendent who holds the keys to every apartment. “Once you have the keys, decrypting traffic is trivial,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “The news of this key theft will send a shock wave through the security community.”

* * *

The U.S. and British intelligence agencies pulled off the encryption key heist in great stealth, giving them the ability to intercept and decrypt communications without alerting the wireless network provider, the foreign government or the individual user that they have been targeted. “Gaining access to a database of keys is pretty much game over for cellular encryption,” says Matthew Green, a cryptography specialist at the Johns Hopkins Information Security Institute. The massive key theft is “bad news for phone security. Really bad news.”

SIM cards were not primarily designed to protect privacy, but instead were by cell phone companies to limit fraudulent use of their networks.

SIM cards were not invented to protect individual communications — they were designed to do something much simpler: ensure proper billing and prevent fraud, which was pervasive in the early days of cellphones. Soghoian compares the use of encryption keys on SIM cards to the way Social Security numbers are used today. “Social security numbers were designed in the 1930s to track your contributions to your government pension,” he says. “Today they are used as a quasi national identity number, which was never their intended purpose.”

Because the SIM card wasn’t created with call confidentiality in mind, the manufacturers and wireless carriers don’t make a great effort to secure their supply chain. As a result, the SIM card is an extremely vulnerable component of a mobile phone. “I doubt anyone is treating those things very carefully,” says Green. “Cell companies probably don’t treat them as essential security tokens. They probably just care that nobody is defrauding their networks.” The ACLU’s Soghoian adds, “These keys are so valuable that it makes sense for intel agencies to go after them.”

Much more from The Intercept here.

Representative tweets:

Christmas Eve NSA data dump

If you head the NSA and, due to a court order, you are required to publicly release (heavily redacted) documents indicating that the NSA violated the law repeatedly over more than a decade, when would you choose to announce the release?

Well, the NSA chose to make the release around 1:30 pm, Christmas eve.

Bloomberg reports:

The NSA, responding to a Freedom of Information Act lawsuit from the American Civil Liberties Union, released a series of required quarterly and annual reports to the President’s Intelligence Oversight Board that cover the period from the fourth quarter of 2001 to the second quarter of 2013.

The heavily-redacted reports include examples of data on Americans being e-mailed to unauthorized recipients, stored in unsecured computers and retained after it was supposed to be destroyed, according to the documents. They were posted on the NSA’s website at around 1:30 p.m. on Christmas Eve.

In a 2012 case, for example, an NSA analyst “searched her spouse’s personal telephone directory without his knowledge to obtain names and telephone numbers for targeting,” according to one report. The analyst “has been advised to cease her activities,” it said.

Other unauthorized cases were a matter of human error, not intentional misconduct.

Last year, an analyst “mistakenly requested” surveillance “of his own personal identifier instead of the selector associated with a foreign intelligence target,” according to another report.

 

An excellent proposal

Senator Mark Udall (D-CO) lost his reelection bid on Tuesday. This is particularly important as Udall was one of the most forceful members of the Senate Intelligence Committee to call for more disclosure from the CIA and NSA regarding their operations.

Trevor Timm, writing in The Guardian, has interestingly suggested that Udall could legally read into the Congressional Record the text of the CIA Torture Report, prepared by the Intelligence Committee, which is still tied up by the CIA (and Obama Administration) refusals to allow publication of the report without massive and frustrating redactions.

America’s rising civil liberties movement lost one of its strongest advocates in the US Congress on Tuesday night, as Colorado’s Mark Udall lost his Senate seat to Republican Cory Gardner. While the election was not a referendum on Udall’s support for civil liberties (Gardner expressed support for surveillance reform, and Udall spent most of his campaign almost solely concentrating on reproductive issues), the loss is undoubtedly a blow for privacy and transparency advocates, as Udall was one of the NSA and CIA’s most outspoken and consistent critics. Most importantly, he sat on the intelligence committee, the Senate’s sole oversight board of the clandestine agencies, where he was one of just a few dissenting members.

But Udall’s loss doesn’t have to be all bad. The lame-duck transparency advocate now has a rare opportunity to truly show his principles in the final two months of his Senate career and finally expose, in great detail, the secret government wrongdoing he’s been criticizing for years. On his way out the door, Udall can use congressional immunity provided to him by the Constitution’s Speech and Debate clause to read the Senate’s still-classified 6,000-page CIA torture report into the Congressional record – on the floor, on TV, for the world to see.

There’s ample precedent for this. In 1971, former Senator Mike Gravel famously read the top-secret classified Pentagon Papers for three hours before almost collapsing and then entering thousands of pages more into the record after he couldn’t speak for any longer from exhaustion.

* * *

But now, Udall has nothing to lose. He can’t get kicked off any committee he won’t be a part of in two months. And he can’t be prosecuted for revealing classified information as a member of Congress.

This would be a terrific service to Americans who need to know that torture was official US policy following 9/11 so as to insure that such crimes never happen again by the American government.

 

Second NSA whistleblower is “confirmed”

Michael Isikoff is reporting that Federal agents have identified a suspected “second” whistleblower providing details of the NSA surveillance programs to reporters.

Excerpt:

The FBI has identified an employee of a federal contracting firm suspected of being the so-called “second leaker” who turned over sensitive documents about the U.S. government’s terrorist watch list to a journalist closely associated with ex-NSA contractor Edward Snowden, according to law enforcement and intelligence sources who have been briefed on the case.

The FBI recently executed a search of the suspect’s home, and federal prosecutors in Northern Virginia have opened up a criminal investigation into the matter, the sources said.

But the case has also generated concerns among some within the U.S. intelligence community that top Justice Department officials — stung by criticism that they have been overzealous in pursuing leak cases — may now be more reluctant to bring criminal charges involving unauthorized disclosures to the news media, the sources said. One source, who asked not to be identified because of the sensitivity of the matter, said there was concern “there is no longer an appetite at Justice for these cases.”

I believe that the Justice Department should tread very carefully in dealing with any whistleblowers. And it should be especially careful in challenging reporters covering any additional disclosures in an attempt to reveal to Americans the overall breadth of the surveillance of American citizens. The people have a right to know.

Surveillance self-defense

The EFF has just released a compendium of products than can help you defend your computer systems and communications from the surveillance state. It is called Surveillance Self-Defense. It offers advice for people in differing scenarios.  I am planning to implement the recommendations in the section entitled “Mac User?”.

Well worth a careful review.