Two firms at the sharp end of privacy have joined forces to build an email system that provides end-to-end encryption that will hopefully prove impossible for service providers to eavesdrop and crack – even if forced to do so. "As founding partners of the Dark Mail Alliance, both Silent Circle and Lavabit will work to bring …
All eyes on this and anything similar.
Otherwise roll your own is an option, but a pain when leaving your tight knit team of hackers... oh no don't use that word. Shit here they come. El Reg. Don't give them my IP address. Pleeeaaasse. I'm such a fool. Well at least this is from the work place. It was that other admin that wrote that comment not me. Nooooo... Not the taser...
Re: All eyes on this and anything similar.
Hmm, let me see. What would be the teeny weeny problem they are doing their best to absolutely not mention at all, together with the rest of Silicon Valley (you should have seen them squirm at Dublin's Data Summit)?
- Homeland Security Act
- USA Patriot Act
- ECPA (to a degree - it comes up with this novel concept that privacy somehow has an expiry date)
Ah, yes, now I recall: a raft of laws that alleviate the need to act illegally to grab data from ANY company in teh US or having its main office there. Not that anyone cares: as far as I can see the NSA doesn't even bother with the law.
Fix that little problem first. As they are laws, it will only take a good 10 years or so..
Unfortunately, these are two small companies....
I hope that they can pull it off, but the dominant ISPs that are more or less in the Sigint agencies' pockets are going to try to find a way to combat this or just confuse the Hell out of consumers with faux-secure email offerings.
How to fix email
That's a pretty poor choice of name 'dark'? They should call themselves 'privacy shield alliance', since privacy is a fundamental human right that's been removed illegally.
It's quite straight forward to secure email, Thunderbird supports TLS, TLS is only broken a little.
The NSA leaks show they substitute their own certificates to hack TLS (=HTTPS)
They have a lot of private keys in Bullrun which they likely get from court orders like the Lavabit ones, where the judge orders the keys to be handed over for a limited intercept, and actually it's just stuck in the big database and used to decrypt all previous traffic they stored and all future traffic.
So the fix is a certificate authority that issues certs on nothing but an email address, and a modification to Thunderbird to automatically sign users up for a cert when they add any account.
Thunderbird should also have it's certificates stripped of all NSA domain CAs, since they are inherently untrustable, and the final mod should be to warn users whenever the fingerprint of the certificate changes for a given email address. Which would indicate a possible man-in-the-middle attack.
The certificate should be hosted in a location that has strong legal protections and not puppet democracy (i.e. not US/UK/NZ/AUS/CAN).
I'd also like to see 3 or 4 layers of certificate encryption, so we can encrypt with a Russian/Chinese/American/German key and to decrypt you'd have to fake all the certificates.
To go the next step is also easy, you don't really need the CA. SSH for example exchanges a public key certificate, you accept it the first time, and it works from then on. To man-in-the-middle these exchanges, you would have to catch 100% of these, every-time, all the time. Even then I can simply put the cert on a USB key and bypass the hack.
These are all really easy things to do and would eliminate the problem the CA offers with its weak link.
The first email would send the public key, all later traffic would be encrypted to any address you have the public key. You don't know 'bob' is 'bob simkins of 123 highstreet', but you don't need to since you don't know that now when you send email. The conversation though is encrypted.
I see the latest talking points across the boards is "the NSA is too big to defeat, just accept your new masters the Generals", but that's not really true.
That latest reacharound the FISA court, by tapping Google's internal networks because the FISA court won't issue the order under PRISM. It would be trivial/ultra-fast for Google to encrypt those links with a huge private key even.
Re: How to fix email
excellent post!! Have a virtual beer on me.
May I add another turn of the crank? How about a way to make "webmail" appear locally. That is, I use the google webmail interface as it is quite nice but that data is coming from them.
I also use the very nice Roundcube for my family email.
So perhaps thunderbird could make a "make my mail appear locally button" , so the mail is alway encypted and only appears plain in the browser locally. Not on google's servers.
I do this currently using thunderbird and some copy hacks, but I can't see a non-techie doing it this way...
Good show, chaps!
Good luck to this venture. The good ol' boys (not) of the NSA need a good slap in the face after all their antics. The question remains, however - which country is actually safe to host this service? It seems that most governments are spying on each other. If they can get something together, the whole world and its wife should be interested.
Yeah and lets collect interested parties email addresses without any encryption on http://darkmail.info/ as those addresses might be handy for nsa/gchq bods
PGP encryption and decryption has to be done locally, in your mail application or browser. You need the other party's public key, and when being paranoid you can't trust public key to the same channel that is used to deliver mail. Fortunately there are many other channels available. For example, I publish the hash of my public key on Facebook. That's not perfect, but pretty good.
Protecting metadata will be harder. It basically can't be done with today's SMTP relays, because every hop needs to know the full address of the recipient. This will require a direct connection from the source's ISP to the receiver's ISP, and both have to play ball.
I'm wishing the DMA all the best. They certainly have the brains to pull it off, and open sourcing everything will go a long way in establishing trust.
Enhanced subjects, searchable, the future of webmail?
With secure encryption needing to be on the local machine, won't emails have to be stored locally (or at least indexed locally) in order to be searched? This looks to me like an immigration from SMTP back to POP.
Alternatively, we could make our email searchable by including more keywords in the subjects and encryptting the body. Then we could get a list of candidates in a regular webmail server search, and then view the contents on the local machine decrypting each of them one by one. Not sure how smart that is . . . Subject lines would stray. Content would be lost. Detailed clues to contents would be there for the NSA/GCHQ/DEA/IRS/... to see.
why not have a system which posts encrypted text to usenet, with a subject line containing your public key ? Added advantage is it's waaaay harder to link conversations together, or to know who's read the message.
I totally agree with the right to anonymity, so - as my brain frequently does - I'm just checking whether what I think has any intended or unintended negative consequences. See if you guys can clear this stuff up.
Some assertions, please challenge:
1) Ever since we've had telecommunications, a law enforcement body has had the ability to intercept them.
2) The interception has generally been lawful, and unlawful interception will usually not be enough to convict anyone of anything. The law's intention is that it never can.
3) Interception of communications is a vital part of detection of crime.
If we have a privacy technology that is uncrackable, as appealing as that is to me as an individual, does this mean we're breaking 1) and 3) instead of fixing what's broken in 2)?
IE the laws around interception and their enforcement are far too lax, and tightening this up will actually fix what we don't like: that it's too easy to intercept stuff at the moment.
Putting it another way: home searches and wiretaps are legal with a warrant. We're not trying to ban those, although we would strongly protest the illegal use of them. I understand that in the short term (next 5-10 years) the NSA/GCHQ may not be responsible enough to police themselves properly, and so cool absolutely privacy tech will be useful to highlight the issue, but long term, is absolute privacy the solution?
Re: A thought
I agree that the government needs to be able intercept communications for lawful and focused reasons. However, there are already accusations floating around that NSA intercepts have illegally been used by law enforcement to develop probably cause for criminal investigations, and then law enforcement has actively worked to cover up the provenance of that probable cause. So it's not just the spooks you have to fight to get this fixed, it's law enforcement and prosecutors (who dont want to see their successful convictions overturned because the probable cause was tainted).
That is a VERY tall order to overcome
Re: A thought
I am not sure I follow the assertions under 2 -> 3.
I would propose the only reason 1) is true is because prior to the modern age there was no strong CITIZEN encryption or communication. Enigma was a military thing, and we all know the Govt's love to spend OUR cash on those things. What has precipitated the current "panic" is perhaps that 1) is fast not becoming true?
2) is a better assertion. But in the USA the founding fathers knew that the govt was untrustworthy and so the fourth and fifth amendments. The problem of "showing it in court" is how I understand our legal system to work - this is manipulated by the govt being able to fix "what is shown as evidence". Wasnt there a UK case with some company that require an MP to stand up and publish the information in parliament that they blocked in court? Basically the problem with even LAWFUL interception, is that unless you can challenge the means, citizens are at a massive disadvantage. I like to think criminals are caught because they are more stupid , than the police are smart - statistically this is more likely and more successful.
3) I am not sure this is a safe assertion either. I think often crime is "well known" to the police, but politics decide what gets prosecuted. Let us not forget the local councils use of RIPA in the UK... It is one thing to imagine the gangsters on the phone being tapped by the FBI, but Al Capone woz done on taxes using the RICO law. See what I did there? Govt changed the law to solve the gangster problem. Any reason RICO could not be used to round up Al-Qu and pals ?
I think you make some good points. I also thing the mature debate is yet to be had in Europe (the USA has a constitution that needs upholding), about what the governments are allowed to do.
We should all remember, that with the best intentions, if a bad person could get hold of your data, this would be bad but you probably could take actions to correct it.
If the govt wants to take it our on you, they are a body of effectively infinite resources. Its why we don't let the state kill people (in Europe), and why we should keep a closer eye on what they do in our name.
I think the privacy issue is perhaps education as well as legal. What information do companies really need to have on us? Who should they be able to share it with? What are the legal remedies for information abuse?
The underlying assumption about wiretaps is that there should be sufficient evidence UP FRONT to prevent govt fishing expeditions. What is that quote about "give me 6 of a mans words and I shall find something to hang him with" .
It is a fine balancing act, and the real problem is how the govt managed to co-opt the massive companies to do their spying for them, and passed laws so noone could talk about it, and no one goes to jail.
Re: A thought
Has any government EVER shown it can use that kind of power responsibly? I don't think so. Besides, if absolute privacy is possible, the criminals will use it anyway. I might as well use it too, right?
Re: A thought
Here are my challenges:
1) Interception: Capability and Legality are two completely different things. Violating the US Constitution is breaching the most sacred laws of the USA and ALL Law Enforcement Agencies have done so illegally so many times that it is THEY that should be strung up not the criminals. The ends do not justify the means no matter what the results. The fruit of the poison tree cannot be used to convict anyone.
2) Bullshit. Search and Seizure (including information) without a rightfully obtained warrant is illegal and EVERY Alphabet Agency and Government entity has broken this law since there were telegraphs. The result is that the only difference between a Cop and a Criminal is a badge! There are effectively no laws around illegal search and seizure because there is no overriding, independent agency that watches the watchers! The only way to fix this is to do what our forefathers were afraid to do, put the death penalty on the table as a max penalty for breaching the Constitutional amendments that safeguard our rights as citizens and then put some truly righteous bastard in charge of making those convictions happen. Then and only then will they pause before they break those laws again. By the way, this also means that "Well maybe just this one time" still results in a hanging at Leavenworth.
3) More BS. That's what they want you to think because that's how they get 1,500 billion dollar NSA slushfunds to do with as they please. Real feet on the street police work is what brings in convictions. If you break the law to make the law you are no better than the criminals you are supposedly protecting us from.
Absolute privacy is MANDATORY in the conduct of a free and unfettered democracy. Anyone who does not believe that needs to leave this country now.
Re: A thought
Not only that, but guess who has given the agencies and the police the directives to use any means necessary to reach their objectives? You elected prime minister or president and that person's cabinet / executive branch.
And we look to the government to fix this?
Re: A thought
I really like your first suggestion (2). Have a candidate in mind?
There are plenty of extremists out in the country, but finding a suitable candidate that isn't a religious nut (extreme), but has the same zeal for justice would be an excellent idea.
If the person also has known beef with the major power brokers like emperor Alexander and the top brass that have survived more than one administration, that'd instil even more confidence.
Re: A thought
Trying to fix this by laws isn't going to work.
The problem isn't just with the intelligence agencies, but with the entire government structure.
Organizations such as the NSA or FSB have been tasked by the echelon of power in government to do a certain job: "Get us intelligence". As that's the fundamental directive, there is naturally a compensating mechanisms in place to counter various threats to the agency objective, of which one type is legal threat.
Let me give an example of how this always plays out.
1. Someone leaks agency abuse about something specific (perhaps 1 act amongst thousands that are still unknown to the public)
2. Government & agency denies or plays down the revelation. Here most agency threats are eliminated entirely and business continues exactly as before.
3. For leaked incidents that can't be immediately squashed by the government, some "investigation" or hearing is convened, where the specific act in question is lightly probed. While this goes on, the agency being accused immediately starts shifting the responsibility for carrying out the abuse that was leaked to some other program or part of their organization. In worst case [from their PoV] they need to move the activity to another agency or part of government.
4. Some toothless law gets enacted to curtail the specific activity that was discovered at the specific agency, in the specific shape and form it was alleged to have manifested. Essentially a useless bill that tries to catch a problem that is no longer originating from where it was when the hearing started, nor named what it once was and possibly tweaked a bit to change some detail sufficiently to make it slip through the paw of the bill.
5. The government officials and agency reps adjourn the hearing, chuckle heartily and head out for a glass of wine, and absolutely nothing has changed, not even a step has been missed during the public spectacle.
Trying to get government to fix problems it has itself ordered into existence is unfortunately a laughable idea and a completely different recourse and set of players are required to address the issues of intentional governmental abuse of its citizen. Initiatives such as DMA is one amongst many efforts we need to ensure our liberty and freedom as the enemy is no longer foreign but domestic.
Re: A thought
Thanks for your comments (and everyone else's). You particularly seemed to respectfully term my assertions as BS; this thoughtlessness probably explains why it looks as though you didn't read my post? E.g.
1) I know that capability and legality aren't the same thing. Read my post and you'll get that.
2) Yes, I know it's illegal; that's what I said. Yes, I know it's been done; that's what I said. My point was that it's inadmissible in a courtroom. The rest of what you said was drowned out in all the crazy :)
3) Real police work without the legal ability to legally detain, search, intercept etc? My question is basically: why are we singling out intercept as universally wrong, rather than wrong when it's not legal (by definition).
The thing about leaving the country now, well how pleasant of you. Apologies for my thoughtcrime; I do indeed need to be punished for not believing as strongly as you do.
3ncrypt10n w0rk5. Tru5t th3 m@th
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.15 (GNU/Linux)
-----END PGP MESSAGE-----
Re: 3ncrypt10n w0rk5. Tru5t th3 m@th
Given the computing horsepower available to the NSA, I'm not sure we can rely on the difficulty of factoring large numbers as a basis for encryption for much longer. You think it's a coincidence that the first commercial buyer of a quantum computer is the defense and intel behemoth Lockheed Martin?
Are they copying SaluSafe service?
Instead of creating a competing service, why not join and expand SaluSafe?
- DAYS from end of life as we know it: Boffins tell of solar storm near-miss
- Put down that Oracle database patch: It could cost $23,000 per CPU
- Bose says today IS F*** With Dre Day: Beats sued in patent battle
- The END of the FONDLESLAB KINGS? Apple and Samsung have reason to FEAR
- Review Porsche Panamera S E-Hybrid: The plug-in for plutocrats