We need to reboot email. Encrypt everything, including metadata -- given current hardware, the client can easily bruteforce it from a list of known keys. Build some sort of easy key distribution tool (connecting via p2p, dns, whatever, just build a goddamn UI). Ask existing transports to relax their restrictions enough to let fully-encrypted mail through, and build some intelligent webmail interface for this (Mailpile, currently being kickstarted, is trying to do smt like that).
We've been dicking around with PGP since the 90s without making any real progress, we've traded security for convenience (GMail, Facebook), it's time somebody reverts the trend.
I disagree. This is a political fight. Technical means can drag the resistance longer, which is helpful, but the political system needs to be put in checks and balances against becoming a police state. There is no substitute of "taking roads and doing peaceful protests" as out of comfort zone they might be.
We sometimes fall in love with our methods because that is what _we_ are good at, not what is necessarily the best course of action.
Again, I am not discounting the importance of improving technical measures, I am just cautioning against losing the sight of the forest for a tree.
The two fights don't conflict. In fact, they complement each other.
When all email is getting stored in plaintext on NSA computers, it's going to be hard to get the government to give up all that juicy data. Reduce the value of the data they're getting, and it's easier to reach a point where the political heat just isn't worth it to them.
At the same time, the political effort helps prevent new laws that make the technical solutions more difficult. And it helps encourage people to actually use our fancy technical solutions. If ever there were a time when we can get people on board with using crypto, it's now.
This is exactly it, the government is waging a war of technological means just as fervently as one of political means. There's no reason at all to limit our confrontations to the political arenas.
I think it's not the value of data should be reduced, it's the cost of access to the data should be increased. If it would be too expensive to watch everyone, they would naturally stop doing that.
Or they would force even more backdoors into proprietary hardware than they do already. For all we know Intel and AMD could have microcode to sabotage RNG and they can already decrypt anything with ease using a skeleton key to predict the randomness.
I've always (probably very naively) hoped that competition keeps chip makers honest. If anyone does something naughty then their competitors would probably discover it while reverse engineering the other's product.
Now that I say that, it sounds even more naive than I previously thought. All bets are probably off.
You can't let yourselves lose a power war by wasting all your time losing tactical battles. It's a tragedy if we all spend any time trying to protect our LOLs and OMGs to-from each other. If you are working on means for tracking behavior and extracting value (monetary, political, etc.) you are doing something less good than you could be.
Don't get caught by rope-a-dope when you could just cut funding for all this. We don't need protection from 20 terrorists who can kill 3,000 people. We can deal with them together. Somehow (fear, greed, stupidity?) we've lost our collective front. We need a 'We' now.
When Bush and some war-nat-resource-industry profiteers stack the deck, it's awful, but expected. At least the actions are rational. At this point, it's pretty obvious (not that it hasn't been for 50+ years) that we have a problem. The organizations at the heart of this are willing to act outside the spirit, if not the letter, of US law. The political factions riding power act outside the spirit, if not the letter, of our law and founding documents.
Our government is not behaving towards the world or our own citizens in the way that inspired generations to come here to build a better life for themselves.
The baby boomers frittered everything away. Lazy asses. Now, it's time to make amends. It's time to FORK THE USs REPO!!!
We need a plan B. It may be that the citizens have already lost this power war. Certainly the reaction of the UK police to the uproar (if it's that) of the Miranda detention and the snarkiness of the White House Dep. Press Secretary about being informed says to me that they don't really care what we think. And if they don't care it's either because they know they don't have to care (because we're not powerful enough), or they can't care because they are getting even more pressure from the other side, the intelligence community (who are thus more powerful than we are.)
Yes, political pressure. But what if that doesn't work?
Sorry. The analogy breaks down. Once you fork a government, there really isn't a mechanism to submit a pull request.
Anyways... No, you don't work within the system. You can't move fast enough to grassroots the elimination of funding for CIA and NSA and ancillary groups within military and war contractors. Any amount of traction will fail since there would be an asymmetrical and tactical-heavy process. You will lose against the financial and political interests of the ruling class. If the financial and political ruling class sees such a crowning jewel get it, they will FTFO and see it as a portent for things closer to their own power. The intelligence groups are the necessary brain to the necessary brawn that keeps the geopolitics in line with their bottom line.
The chasm between rich and poor is getting so far in the US that this is the beginning... you can't trust the poor. There's too many of them!
They've been trying to subvert these tools worldwide especially after the Arab spring. Just google 'Smartphone kill switch' every government is lobbying handset manufacturers for one in order to prevent theft of devices so they can push a button and brick the device with a hardware backdoor, but of course that's not the real reason they want a kill switch for every phone in their country. They want it to blackout comms during social unrest.
Same reasons why the UK would want a powerful pf filter implemented by a Chinese corporation at every single one of their ISPs. It's not to block dirty pictures, it's to shut off everything during social unrest. If they just wanted to block porno they could do simple DNS censorship, but they dropped in serious filter controls.
Currently my country is looking into regulating all wi-fi APs. They already have a kill switch for phones and ISPs, now they want to make sure you can't even make an adhoc or mesh network for social unrest. Of course it isn't to kill communications, it's to prevent crime because some criminals broadcast MITM networks inside cafes, so we need sweeping regulations to stop them.
The two are not mutually exclusive and there is overlap.
Personally, I don't care whom is in office or how ostensibly benign they portray themselves to be during campaign cycles. Governments are large, uncoordinated, stupid animals capable of arbitrarily ruining people's lives when it's politically convenient.
PHK is wrong; You don't leave your doors unlocked because the mayor seems nice.
I agree it's primarily a political fight, but I think we should work on both.
But it's true that with absolute government power where they can justify anything, and with so many partner countries willing to play along with them - encryption won't get you very far, no matter how good it is and where you are in the world. They'll find a way to put a backdoor into the systems somehow with or without the service provider's knowledge.
One needs to organize to fight politically. if you cant speak, you cant organize. that's why they are going after e-mail...they are desperate to keep themselves in power...
Printing press: now digital files, copiers make copies, record metadata of files
Telephone: GPS, trackable, recordable, micropohone, imaging system. wirelines rarely used.
Snail Mail: every parcel is imaged digitally
Cafe, walks, parks: CCTV on every streetcorner, remote acees to all wireless devices
Driving: Licenseplate scans (passive) of interstate traffic
I agree, but I'd also like to add a more specific cause to this idea. Like you say, technical measures aren't a bad idea either, but only drag things on.
My political view is this: both the right to communicate and the privacy of communications need to be treated as a fundamental human rights, just as freedom of speech is currently treated.
Then there are subjective measures. Breaching these rights may be warranted in certain specific situations (just as free speech is), but the current processes don't seem to go far enough to protect us. Even freedom of speech seems to have been curtailed too far in recent years. We need to have the political will to push back on this. But this can only happen if, first, we add freedom of communications and privacy of communications to our list of fundamental human rights.
That is pretty much the definition of freedom of speech universally applied. You are free to say what you want and your employer is free to say things like "you're fired."
You would be fine with the Government throwing you in jail for what you said then.
By that argument the Weiße Rose in ww2 Germany had free speech but they still got beheaded for it.
the UNHC defination is "Everyone has the right to freedom of opinion and expression; this right includes freedom to hold opinions without interference and to seek, receive and impart information and ideas through any media and regardless of frontiers."
You couldn't have setup a worse strawman. Congrats for making the jump straight from employee/employer relations to Nazis.
Governments throwing you in jail, intimidating you, or out right killing you all disrupt your right to free speech.
An employer exercising his free speech by firing you in no way prohibits your free speech. You can still tell everyone you want that you should form a union. No one is interfering to keep you from doing so.
Please tell me you don't actually equate those two scenarios.
Firing you for free speech is a serious chilling effect NO? did you not read the "Without Interference" part of article 19
Another example is the Chinese allowed protestors against the Olympics in special zones - they of course arrested them after - that is not free speech.
Possibly you ought to update the constitution in line with the Universal Declaration Of Human Rights like most of the first world countrys have.
It's funny you should mention the Nazis... have you ever tried to deny the Holocaust in Germany? Maybe publish anything glorifying the Nazi Party? If so, how did the German Government treat you?
But if your employer says "You are fired" he will need someone to replace you.
Most people don't know that in some jobs it takes half a year or an entire year of salary to train someone new to their new job until they start being productive to the company.
It is also something employers do not love to do, firing people is hard emotionally. Most of them are not sociopaths.
How do I know? I had been and I am "employer" myself.
I don't think this matters. Since I'm advocating privacy of communications, you could arrange to use trusted third parties and encryption such that others would not know what you've been saying, or with whom you've been communicating. It's perfectly reasonable for an employer to monitor communications while on their premises, and it is generally illegal for them to wiretap your home without you knowing about it.
So what are the political/social solutions? And particularly, what are those solutions that might be actionable by this audience?
Let's take a few things off the table first. Voting is out for obvious reasons. Same goes for holding up signs in an approved free speech area. The occupy protests were a bit more effective at least in raising awareness but didn't upset the system much. Violence is a no for me personally on ethical grounds and also because history has shown violent revolution to achieve nothing but swap one form of tyranny for another.
What has actually worked in the past? Some examples that come to mind are the fight for Indian independence, the US labor movement and the US civil rights movement. These were mostly non-violent movements that deeply disrupted the status quo and created somewhat lasting change. They offer lots of practical examples.
Basically, we need to organize and act in a way that makes it impossible for bully governments and corporations to transact business as usual. Until that happens, there is no leverage, no opening for change.
Here's an idea: let's start a tech workers union. Imagine what a large scale tech worker strike would do to the economy. Now imagine if we were to participate in a general strike with industrial workers.
It would be most advantageous to organize now, while we still have a privileged status within the system. Let's not rest on that status and accept it as the bribe it is.
| One of the tactical mistake is not to "name" people on the other side this asymmetric warfare against the world police states, and put the individuals in the spotlight. The of agencies and governments is abstract and non-tangible. Unlike the "Snowdens, Mannings, Greenwalds and Mirandas" they do not have fear, and hence accountability.
| At the end of the day, these agencies are made of people, who make decisions. While the aim should be to keep the 'agencies' under check, the general population resisting them need to target (and I do not mean attack their home or family members or something like that, I only mean to put the individuals under the spotlight) to "name and shame" the entity with feelings, family, emotions, weaknesses etc. under scrutiny. Just as the Snowdens and the greenwalds choices come with with the consequences, so should be the case for the british officials who chose to take a stand.
Email is inherently insecure and leaks all sorts of data even when the message content is encrypted to not just the government but everyone the message passes through on its way to the destination. This is a technical flaw.
The ability of the government to warrantlessly look at it is a political flaw and should also be corrected, but that doesn't mean the technical flaws should also be corrected.
The Direct Project is an email encryption scheme that hopes to replace the mail and fax currently used by American physicians to communicate patient health information. It is a requirement for Stage 2 (2014) Meaningful Use certified EHR software. So this is going to be adopted on a large scale in the next year or two.
It uses SMTP to transmit SMIME messages signed with X.509. Public keys for recipients are discovered either via DNS (as a CERT record) or via LDAP. Those discovered certificates are only trusted if the two parties have previously exchanged a trust anchor.
Direct itself does not define how trust relationships are initiated (which is a problem with scalability). So infrastructure is being formed around the protocol - such as HISPs and Trust Communities. HISPs intend to operate similar to how email providers operate - by providing web portals and edge protocols. Trust Communities are intended to create bundles of trust anchors for companies that have passed as certain level of accreditation.
There are currently two fully functional open source Reference Implementations in Java and C#.
One of the mechanisms for relationship building is Blue Button+[1]
We have a version of the java reference implementation up and running, so I can vouch for it. I have been thinking about it in context of the privacy atmosphere for quite a while now. On one hand I'm excited that such a technology could also be used for secure communication and on the other I'm worried that health records will be susceptible to the same coercion.
Agreed. Also, ONC has endorsed Direct Trust which has an accreditation process which will likely consolidate providers into HISPs, which will make easy targets for same coercion you speak of.
But a slightly altered system where private keys are not consolidated might be a huge improvement.
I think we need to go one step further than encryption.
We need to encrypt all communications expensively. Make algorithms which can be tuned to be arbitrarily expensive, computation-wise. Tune them so that it takes as much time as we can bear to encrypt and decrypt an email. Seconds, ideally.
The goal is to make it so that some large fraction of our computational resources are taken up encrypting and decrypting communications. Say, 10 or 20%. For every day uses this will just show up as emails being slow to open, since most people's computers are idle most of the time. But if your goal is to intercept and process all communications, all of the time, you can't do it without having an absurd level of computational resources at your disposal, even if you have all of the secret keys. Ten or twenty Google's worth of data centers.
If this was done properly, it would kill (free) webmail search. It wouldn't prevent targeted snooping, except insomuch as normal encryption does, but it could make pervasive snooping too expensive to be feasible.
Historically speaking, the US Government is pretty damn good at winning wars of attrition. Don't think you're going to find any amount of money that Congress won't happily hand to the military-industrial complex. They'll spend whatever it takes.
One estimate I found was that there 150 million iPhone 5's shipped in the first year, and each one was about 25 GFlops. If 1% of that CPU was spent encrypting & decrypting communications to and from the iPhones, that is about 37,500 TFlops, which is just over the Rmax listed for the top supercomputer, Tianhe-2. Some numbers for the cost of that supercomputer are around $100 million, but the estimated cost for the Xeon Phis alone could be as high as $250 million. Giving the defenders the advantage, let's round up to $1 billion.
So the NSA needs to spend $1 billion per year to counteract the top smartphone in the world. Their budget is estimated to be as high as $10 billion / year, so they could do it. But how much of the total pie are iPhone 5's? I think to be competitive we need to push the cost to the NSA up towards $30 or $100 billion per year. $1 billion is trivial, $10 billion Congress will swallow and move on. They still fund NASA to the tune of $16 billion, and no one in Congress even cares about NASA anymore. But $100 billion per year, then you're talking real money.
So what fraction of total personal computer sales are iPhone 5's? If they're 10%, we'll be hard-pressed to keep the NSA out of the game. If they're 1% of personal computer sales, I think we have a chance of keeping ahead of them.
Current estimated total cost for just one of many fighter jet programs (F-35 joint strike fighter): $397 billion. That's when we're barely making noise about something that unequivocally provides no national security benefit unless we're planning on aerial dogfighting like it's WWI. There are dozens of similarly useless or near-useless defense spending programs, like the tanks the Army keeps saying it doesn't want.
That's $397 billion over many years; I am suggesting a target of $100 billion per year.
That's not to say we couldn't or wouldn't spend in excess of $100 billion per year on a boondoggle. We've done it before and we'll do it again. But I think $100 billion is the point at which money even becomes an issue. $1 or $10 billion and there's barely a point in trying.
Buying two to three years will be enough in the average case.
Targeted individual surveillance will likely always be possible (not just because of encryption, but because of the 5$ wrench, trojans and so on). What we need is to make global, indiscriminate and realtime surveillance computationally unfeasible.
Three years from now, most commercially-sensitive, politically-embarrassing, or otherwise-newsworthy material, will likely be obsolete.
I spoke imprecisely... I mean as far as spending. People had to die to continue fighting in Vietnam, Korea, Iraq, and Afghanistan; we determined that the death toll wasn't worth it. To break crypto, we have to fund STEM research, buy hardware, and create good middle-class jobs. Good luck creating a public outcry over that.
We're not winning the war on drugs, but there is no indication of giving up on it at the federal level. Law enforcement spending is not slowing down.
I was thinking more of the USSR. There didn't seem to be any amount of money we weren't willing to spend. Lives, yes, but not money.
> Historically speaking, the US Government is pretty damn good at winning wars of attrition.
Unless you are speaking in some kind of figurative sense where I'm missing the metaphor, this isn't really true. The few real wars of attrition where the US has been on the winning side (WWI comes to mind) it "won" by joining late when the other side (as well as its allies) had already suffered considerable attrition. But even in those circumstances, its record in wars of attrition isn't that great (the US portion of the extended colonial conflict in Indochina comes to mind.)
Breaking cryptography doesn't require sending people's children to die, giving people PTSD, or otherwise angering a significant portion of the US population. If anything, it creates good middle-class jobs.
Imagine how much computing power the US fighter jet program's budget could buy.
If you hold assets in US dollars, or generally speaking use commodities and have a currency bound to the dollar in any way, they're consuming your wealth to keep up with that arbitrary increase of cost on computation. That means, you can never outlast them or win a war of attrition. They have your bank account via deficit financing (or taxes optionally). The only reason we have such a massive military + intelligence system to begin with is they can use inflationary means for financing it all (aka steal your purchasing power).
There's only one successful way to fight this: change the culture and change the politics.
Technical approaches are fine for shielding you today. At the rate the police state is accelerating, it's very unlikely to shield you tomorrow, as they're going to outlaw the means of shielding. They will not allow an arms race, they'll use their legal powers to shut it down, and make you a criminal.
"There's only one successful way to fight this: change the culture and change the politics."
Not going to happen short of a mass global natural disaster or mass military takeover changing the stakes. There's too much power concentrated at the top and no good reason for the people there to surrender any of it. If the masses get too persistent, they will "cull" the masses through whatever means...
This seems like a legitimate use case for an FPGA in every PC. Implement a set of expensive algorithms in Verilog, put it up on Github and set up some slick distribution mechanism that updates the logic when needed without bothering non-technical users with it. This would prevent the crypto from using up too much general purpose processing resources, cause it to be acceptably fast and provide a mechanism for updating the algorithms when flaws are found or new algorithms are introduced.
Downside is that it would probably take up to a decade to actually be adopted by the majority of PC users, but then again, the majority of PC users will probably not care too much.
> set up some slick distribution mechanism that updates the logic when needed without bothering non-technical users with it.
You'll need to make sure that those responsible to signing the updates are resistant to coercion. The best bet there is probably a moderately large number of somewhat anonymous signers. Have a large and diverse pool of signers and require every update to have some portion of the signers sign off on it before the releases are accepted. With any luck if doors start getting kicked in and signers start getting hit with wrenches, at least one of them will be able to warn the public.
And NSA will just have to buy one of these for each PC sold. And when buying in such bulk the devices will be times cheaper than what comes to the user.
And for 4 billion USD they could create their own foundry. And then costs begin to plummet once again.
I agree this is a good idea but I think using the words "encrypt" and "decrypt" confuses the goal a little bit as this idea is still useful even if the message aren't required to be confidential form anyone. I think "encapsule" and "release" describe it better. These operations can be used in combination with encrypt and decrypt if encryption is needed.
That's sort of an interesting idea. Of course without the key it's always absurdly difficult to decrypt...but if we're worried about them intercepting keys, this could make life harder for them.
The purpose of the hashing work in bitcoin is to solve the Two Generals Problem. The purpose of widespread expensive encryption of emails is to make routine decryption impractical. Two different problems, which don't have much in common besides having a solution involving computers doing work.
If you want a technological solution to the problem, use lavabit... I understand they offer a secure, encrypted (and reasonably convenient and usable) email service.
The NSA is the wrong unit of analysis. The NSA is a tool. The group of people that has disproportionate power over the government wins everytime anyone that opposes the status quo supported by that faction is intimidated into stopping a part of their work which focuses opposition to some piece of that status quo, though.
The way they are winning is the problem - which is that they get tax money. People need to be able to directly agree what their tax is spent on - on a per-item basis. New road? Fix up a certain road? Etc..
The people that have disproportionate power over government also have disproportionate wealth, and would not be weakened by a system of the type you present (which would just make it harder for government to serve diffuse interests.)
Any centralized service can be ordered to hand over encrypted material or to implement a backdoor, similar to Lavabit case. Bitmessage could be one possible type of solution. That way the only way to compromise the message (assuming it is as safe as bitcoin, not claiming bitmessage is) would be to compromise the sender or the receiver, both is much more secure than any email service. And they could not make any backdoors, because the code is opensource and changes would be visible. If they would make some of the clients with some kind of backdoor, others, without backdoor, could possibly not accept their messages, so the 51% attack would be vulnerability.
The problem with P2P is that you need "Ps" online at the same time in order to exchange data. One of the elements that allowed for the email revolution was the asynchronous nature of exchanges: I'll send an email now and you'll receive it whenever you're online. Requiring coordination is a non-starter.
Personally, as long as the encryption was entirely done client-side with opensource tools, and done properly (i.e. not involving keys stored on the actual server), I wouldn't mind making my messages go through hostile servers. Of course the NSA might be able to dedicate enough resources to break them, but they wouldn't have enough to break everyone's messages at the same time. If global surveillance were only possible with a two/three-year timelapse, that'd be a good enough window in most cases.
You can receive a message whenever you're online. The encrypted message is broadcast to a lot of people, at least one of them should be online when you go online.
Bitmessage is not the solution. If you tell me your address (and related public key), it can just be modified on the wire to MITM the communication. There's no getting around that.
We need to reboot email. Encrypt everything, including metadata -- given current hardware, the client can easily bruteforce it from a list of known keys. Build some sort of easy key distribution tool (connecting via p2p, dns, whatever, just build a goddamn UI). Ask existing transports to relax their restrictions enough to let fully-encrypted mail through, and build some intelligent webmail interface for this (Mailpile, currently being kickstarted, is trying to do smt like that).
We've been dicking around with PGP since the 90s without making any real progress, we've traded security for convenience (GMail, Facebook), it's time somebody reverts the trend.