back to article Using encryption? That means the US spooks have you on file

Anyone who encrypts their emails or uses secure instant message services runs the risk of having their communications stored by the US National Security Agency, according to the latest leaks from former NSA sysadmin Edward Snowden. The Guardian has published two more explosive documents which set out what sort of information …

COMMENTS

This topic is closed for new posts.
  1. Ole Juul

    Encryption?

    Sarcasm? Satire? Txt-speak?

    1. jai

      Re: Encryption?

      Owhay aboutway igpay atinlay?

      1. Anonymous Coward
        Paris Hilton

        Re: Encryption?

        pooksay avehay orkway hattay utoay ithway heirtay ainframemay!

        -

        arispay ustjay ecausebay

        1. Blacklight
          Facepalm

          Re: Encryption?

          So they're tracking all Canadian email then, ay?

    2. andreas koch
      Devil

      @ Ole Jul - Re: Encryption?

      <fnord>Be careful, those are automatic trigger words.</fnord>

    3. edge_e
      Big Brother

      Re: Encryption?

      Spelling mistakes, gramatical errors.

      Hidden words

      INcorrect captiisation

      They can apply it to anything

      1. Francis Boyle Silver badge

        Re: Encryption?

        Spelling mistakes, gramatical errors.

        Hidden words

        INcorrect captiisation

        Anything by amanfrommars.

        We're all doomed!

      2. theblackhand
        Angel

        Re: Encryption?

        For simple messages

        Usually the spelling will be incorrect

        Check for simple typos

        Kindergarten-grade mistakes

        You should also be aware of grammar errors

        Obvious word substitutions

        Usually this will allow the intended message to be seen clearly once the mistakes are removed

        Narrowing the possibilities

        Selecting the useful information

        Although, maybe the message is more subtle.....

    4. LarsG
      Meh

      Re: Encryption?

      Simple solution to this has been around for years, just write a letter.

  2. andreas koch
    Facepalm

    Reminds me of the rules

    for the use of Ford Prefects corporate credit card: only if the researcher's life is threatened, there is a particularly rare and valuable bit of information to be acquired and no other means would do or when he really, really wants to.

    Bit fuzzy? Never . . .

    1. Robert Carnegie Silver badge

      Re: Reminds me of the rules

      Actually, the currency that Ford Prefect liked to pay in, to which the rules applied, was "Writing a favourable review in The Hitch Hiker's Guide to the Galaxy".

      Also, he preferred not to use the "really wants to" clause, because then you had to suck up to the editor... or something like that.

      So he used an American Express (technically not credit) card, which of course was refused, at which point usually his life was threatened, not technically.

      But your point seems to stand. If there aren't strict rules strictly enforced to stop the spooks doing whatever they like, then they will. The public needs to be protected by having everybody, including the spooks, know what those rules are.

      Otherwise the data will be used e.g. to interfere with voter registration. To attack democracy directly. It -will-. There is minuscule voter fraud of illegal votes being cast, but copious fraud of false counting -and- of denying citizens the right to vote, either illegally or because they're black or Hispanic. Yes, in the U.S.

      Homosexuals, trade unionists, feminists, and opponents of foreign dictatorships also can be targeted in various ways.

      When un-free countries become free, we are usually told that one of the first things that the liberated mob does is to rampage into the secret police headquarters and destroy the secret files.

      Americans should do the same - now.

      1. Anonymous Coward
        Anonymous Coward

        Re: Reminds me of the rules

        "Homosexuals, trade unionists, feminists..... can be targeted in various ways."

        Sounds good. When are we building our Golgafrinchan Ark B?

      2. Tom 13

        Re: Otherwise the data will be used e.g. to interfere with voter registration

        Ah yes, the racsist canard. Oh, and there's the confirmation: Homosexuals, trade unionists, feminists, too. In other words, none of the people who've actually been illegally targeted by the current regime in the known scandals. Oh, and let's not forget the outright lie that There is minuscule voter fraud of illegal votes being cast given the results of Democrats in New Jersey being thrown into jail on just those charges, or precincts near Chicago and Philadelphia where 105% of the total population voted even though we rarely exceed 50% of registered voters casting ballots even though we barely have something 45% of the total eligible voting population registered.

        1. Wzrd1 Silver badge

          Re: Otherwise the data will be used e.g. to interfere with voter registration

          "Ah yes, the racsist canard. Oh, and there's the confirmation: Homosexuals, trade unionists, feminists, too. "

          Do look up the Red Scare I and II, then look up McCarthyism. Then, look up J. Edgar Hoover.

      3. Wzrd1 Silver badge

        Re: Reminds me of the rules

        "When un-free countries become free, we are usually told that one of the first things that the liberated mob does is to rampage into the secret police headquarters and destroy the secret files.

        Americans should do the same - now."

        What a great idea! Revolt, then destroy the evidence of crimes committed by the previous regime.

        As for the rest, that is a nice synopsis of American history, especially during the McCarty era, with the House UnAmerican Activities Committee, a more aptly named committee there never was.

  3. Michael H.F. Wilkinson Silver badge
    Black Helicopters

    Steganography?

    Any image (large) might contain some subtly hidden message (just replace the least significant bits of the image with bits from a compressed, encrypted file). Even this crude method can be very hard to detect, as a compressed file is already close to noise in its bit patterns (high entropy signal). Any high entropy signal can be considered suspect for that reason (photon-noise-limited astronomical images spring to mind)

    The NSA are of course aware of steganography, and could use this to suggest any media file is suspect. The only problem they then face is tracking all such data.

    Me, paranoid?

    1. silent_count
      Paris Hilton

      Re: Steganography?

      I note the clever way you've used steganogrphy*, in your otherwise innocuous message, to demonstrate your point.

      Incidentally, I wonder if it will become fashionable to periodically send emails containing blocks of RNG-generated text just to spite the NSA, who'll then waste resources storing and trying to decipher them.

      * I agree, by the way. It really is a travesty that Paris Hilton hasn't swept the Nobel Prize awards.

      1. Anonymous Coward
        Anonymous Coward

        Re: Steganography?

        There was a fad, many years ago* of adding "trigger" words to your email signature to bamboozle the spooks monitoring email traffic.

        *Circa the late 90s iirc.

        1. Alan W. Rateliff, II
          Paris Hilton

          Re: Steganography?

          I think I still have one of my email clients configured with an X-SpookWords: header.

        2. Cheshire Cat
          Big Brother

          Re: Steganography?

          I think you're referring to the old UseNet "NSA Line Eater" trick of adding "food for the line eater" as your first post line. The original reason was to circumvent a bug in netnews that deleted the first line of a posting; later it was changed to put words like "russia", "nukes" or "kibo" into the line to trigger grepping routines.

          BB because...

        3. as2003

          Re: Steganography?

          Plot twist: storage manufacturers have been spent years emailing terabytes of "encrypted" data around, lacing the meta-data with trigger words. NSA was forced splash out on multi-million dollar data warehouses to accommodate this suspect "chatter".

    2. Grikath
      Angel

      Re: Steganography?

      There's an idea... embed your messages in a porn stream.. That way the snoops would have to trawl through the 90% of the internet dedicated to that particular pastime ... ;)

      1. Alan Brown Silver badge

        Re: Steganography?

        According to various rumours, that's been happening since the early 1990s on Usenet.

        Apparently there are some rather interesting nazi-related textfiles buried in all those pics of Claudia Schiffer too.

    3. jubtastic1
      Big Brother

      Re: Steganography?

      A long time ago on an internet far far away I was an Admin on the forum for a MMOG, we had a spate of users leaking secure bits of the forums via screen-grabs, so I replaced the forums 'reply' button, an icon of a document on a blue button, with a PHP script that produced an image that was identical save for the users forumID and IP address being encoded in the dots representing words on the icon. Nobody noticed the difference and because the reply icon was above and below each post it was likely to end up on a screen grab.

      A separate script decoded the cropped icons from screen-grabs and coped with jpeg compression just fine to reveal the user.

      \o for Pacifica

  4. g e
    Pint

    So use TOR or VPN's _more_

    There has to be a point where they can no longer store all encrypted stuff as quickly as they can find it.

    At which point their heads explode, obviously.

    Friday pintday.

    1. Brewster's Angle Grinder Silver badge

      Re: So use TOR or VPN's _more_

      It turns out the human condition is amenable to planet-scale deduplication:basically we all bitch about the same things so you don't need as much storage space as you'd think.

    2. andreas koch
      Coat

      Re: So use TOR or VPN's _more_

      >...

      At which point their heads explode, obviously.

      ...<

      No, they'll just stop routing the suspicious, encrypted ATM requests to HSBC until they've caught up.

      Just kidding.

      Oh, wait . . .

      1. Anonymous Coward
        Anonymous Coward

        Re: So use TOR or VPN's _more_

        is -that- what happened to HSBC this afternoon? ;)

      2. jonathanb Silver badge

        Re: So use TOR or VPN's _more_

        Well given that they have been laundering trillions of dollars of money for Mexican drug cartels, that's maybe not such a daft idea.

    3. pierce

      Re: So use TOR or VPN's _more_

      the Utah Data Center supposedly has a ultimate capacity of 5 zetabytes. which is 5000000 petabytes. thats enough storage to hold ALL internet traffic for 5 years. and keep all major disk manufactures bottom line happy for a couple years while its populated.

  5. alain williams Silver badge

    scare tactic

    The implication is: if you don't use encryption then we won't keep your emails. I would not fall for that one.

    1. Anonymous Coward
      Anonymous Coward

      Re: scare tactic

      Me neither. So they store it. But they can't read it, at least until quantum computers are available. So what are they going to use it for. A source of random numbers?

      1. Michael H.F. Wilkinson Silver badge
        Black Helicopters

        Re: scare tactic

        If you can get your hands on a good one-time pad (least significant pits of camera noise will do) you have a provably safe encryption, because the (truly random) key is as long as the message. Quantum computing does not help one jot. Trying all keys gives you (apart from a load of rubbish) all possible plain-text messages of the given length, and all possible zip/rar/tgz/bz2/... files of the same length, exploding the possible space of intelligible solutions further. Somewhere in that humongous space of solutions is the right one, but you have no way of telling which one is correct.

        The only problem is transmitting the key over a secure channel. That is not that difficult: store these random bits steganographically on a DVD or Blu-Ray disc containing footage of the kids playing, and take them personally to the intended person when visiting them on holidays.

        1. Suricou Raven

          Re: scare tactic

          I've considered that as an idea for a super-secure VPN for corporate laptops. Have a trusted computer at the office generate a giant OTP. One copy goes on the VPN server, and one on the company laptop before the trip to China. Packets from the laptop to the VPN server are XORed starting at the beginning of the OTP, packets going the other way are XORed starting at the end. So long as the laptop is maintained physically secure, it'd be unbreakable. Eventually the OTP would be depleted, but that's just a matter of having a large enough pad - you could easily use a hundred-gig pad these days, which is plenty to last for the duration of a business trip.

      2. pierce

        Re: scare tactic

        read up on the Utah Data Center. they are building some SERIOUS crypto cracking supercomputer clouds to go with their 5 zettabyte storage farm.

        1. Lee D Silver badge

          Re: scare tactic

          And anyone of interest can just apply some stupidly high level of encryption, and thus just create more work for them and still stay, relatively, secure. It's really not that hard to use something ludicrous like 8192bit TLS, for example. It's just a matter of time on encryption/decryption and on modern machines you'll barely notice it and nothing's THAT time-critical.

          But doing so increases the brute-force cracking time exponentially to the point where you could network the world and still chase a few millennia. Decyrpting crypto is NOT about brute-force techniques, that's the dumbest thing in the whole world to even try (given that you have no idea what encryption algorithm or keysize to even start with). It's about getting the data in other ways (e.g. subverting traffic routes, feeding false certificates, etc.), clever tricks and have people on staff who can find the holes. That's a whole different board game. As such, you don't want to waste your computing power decrypting someone's Facebook access when you could have just (for example), subpoeaned Facebook.

          I honestly don't buy all this "spooks with acres of datacentre" junk. Sorry, I treat it how it sounds - a military-issued misinformation to deter enemies. Same for just about everything that's come out of GCHQ lately (i.e. the last ten years). Crying that we don't have enough power, Jim, and just need a few billion in funding to spend on supercomputers. Cracking crypto by brute-force really isn't worth it, not for criminals, not for militaries, not for anyone. Anyone with a brain will be using encryption of a type / keysize that it's just infeasible with all the datacentres in the world. And every false positive costs you SO much in terms of wasted effort that it's just ridiculous. And those people organising their terrorism on some 128-bit SSL-secured website? There are much better ways in for a DAMN SPYING AGENCY than messing about trying to brute-force the private key.

          If they have those kind of datacentres, they are using them for statistical analysis. Big data set, powerful computer churning over it to find correlations, not brute-forcing someone's Twitter session when they could just ask Twitter. Think "Google", not "The Matrix".

          And if the NSA etc. were THAT good, they wouldn't need feeds inside Facebook et al. When that was announced I just laughed. If they wanted to do see Facebook traffic, and it was as illegal as it is, and they HAD acres of supercomputers decrypting PKE communications, they'd know Facebook's private key before they ever had to put any box into a datacentre and keep lots of people privy to the secret, and from then on decryption is basically "free".

          Even if the key changes, store data, brute-force the new key, decrypt all the data once you've broken it. And then even Facebook wouldn't know that what was happening was being decrypted en-route, and only the major transit sections would ever need to have any knowledge of the NSA's actions. But, no. Let's stick a box in a datacentre where a thousand people work and swear them to silence illegally.

          These people, including GCHQ, are not doing their jobs if what they say is true. But these people are hired to be entirely 100% deceptive for a living. I wouldn't even be surprised if any such "box" was basically filled with two house bricks and a battery for the flashing LED. We're dealing with people whose job is to be deceptive, reassure the public about security, deter the enemy, but only as a SIDELINE to their real work. Which isn't brute-forcing SSL keys, but being inside the very groups they want to monitor, and breaking SSL entirely via weaknesses, side-hacks and all sorts of other avenues. You can bet that some researcher at GCHQ knew about BEAST attacks, Debian-based key weakness etc. years before anyone else did. Hell, they kept the very existence of PKI secret for decades until it was "reinvented".

          If this "acres of datacentre" junk is true, I'm VERY VERY disappointed in whatever agency runs it. If the "tapping-direct-into-Facebook-etc." is true, I'm even more disappointed. If GCHQ etc. are actually sitting there brute-forcing keys as a matter of routine rather than as the last resort on the very tail of something they know is absolutely critical, after all of their side-methods have knocked down the problem by several orders of magnitude, then I feel very, very sorry for what they've become. Not because of the privacy issues, but just that "spying" has been so watered down that it's brawn over brains, in some of the very agencies that cracked, invented and pioneered these techniques in the first place.

          GCHQ was 5 years ahead of anyone else, even the top published mathematicians in the world, and didn't tell anyone until 25 years later. If we've really been reduced to just letting a large computer churn through a stupidly unfiltered dataset and trying to brute-force SSL sessions, then that speaks more for the UK education system than anything else at all.

          I don't doubt for a second, though, that GCHQ et al wouldn't try to give you that impression, and actually go to the effort of creating a physical datacentre that does very little, just to be a target for some other nation, while sitting on ways to get this information and break this encryption without having to lift a damn finger.

          Hell, if I was GCHQ, I'd be inside (or behind!) Truecrypt, Tor, Bitcoin, and just about everything else related. I wouldn't be touching Facebook with a bargepole, except to spread misinformation.

          1. Roland6 Silver badge

            Re: scare tactic @Lee D. Acres of datacentres

            It wouldn't surprise me if they did have acres of datacentres - it's not like they would use public cloud for all that analysis - or would they...?!!!

          2. Wzrd1 Silver badge

            Re: scare tactic

            "I honestly don't buy all this "spooks with acres of datacentre" junk."

            Sorry to break it to you, but they do have such datacenters. Note the plural. I've looked upon one with my own eyes.

            The NSA hires more mathematicians than any other entity in the world. They also hire more programmers than any other entity in the world.

            They also own more supercomputers than any other entity in the world.

            Their budget is part of the DoD budget, much of it a black budget.

            That said, they're part of the DoD, so one data processing term is operable: GIGO.

            Or most commonly, garbage in, nothing out.

  6. ElNumbre
    WTF?

    So.....

    If I use a VPN to connect to a US exit point and send an encrypted email, they WONT put me on the list? Am I reading that right?

    1. drunk.smile

      Re: So.....

      My reading of that case is:

      If it's a VPN where they deem that it 'could' be that you are not in the US then, citizen or not, they may pop you into their database for 5 years until they can establish otherwise.

      1. Anonymous Coward
        Black Helicopters

        Re: So.....

        They have a test based on their estimate of probability that you are in the U.S. So while using a U.S. exit point will help, it's not an absolute guarantee of success. Also, if they are reading your communications and you are rattling on about spending the weekend in Liverpool or something, then you are hosed because they will automatically put you in the "foreign" category.

        Also, using a U.S. exit point probably exponentially increases the chance that you get hoovered up by GCHQ, becuase now you are in the non-British bucket. How well GCHQ's surveilllance works and under what rules I could not say, beyond that they get slapped around some if they are caught snooping on Brits.

        1. Oldfogey
          Go

          Re: So.....

          Liverpool is in Ontario

          1. Jess--

            Re: So.....

            great stuff

            into the "not american" and "not english" lists you go

            suppose the same argument could be used for Birmingham for someone to end up on both lists

            1. Anonymous Coward
              Anonymous Coward

              Re: So.....

              Strangely there are a lot of place names that are applied to more than one settlement in the world.

    2. Anonymous Coward
      Anonymous Coward

      Re: So.....

      It is all conditional probability aka Bayes analysis.

      Old good google conditional probability algo applied to network data (via map-reduce). If that algo spits out that you are of interest you will never get off their database until the end of your life. Those guidelines contain enough backdoors for them to always keep everything from you.

      The interesting bit is that algo works of BIG DATA. LOTS OF DATA. This makes all the claims about only 2000 requests very very difficult to believe

  7. Anonymous Coward
    Anonymous Coward

    so, if we all use encryption, for everything, then perhaps we can give them data overload.

  8. NomNomNom

    Vindication

    Well well well, so all those people over the years telling me to use encryption turn out to have a load of egg on their faces. I shouldn't gloat, but lets just say it's been a running battle with some of these clowns, especially the self-appointed security "experts".

    I have always refused to use encryption for good reason. It's not that I can't figure out how to encrypt my emails, it's just that I always knew deep down that I couldn't trust encryption. Call it intuition or a natural eye for security if you will. We see it in films all the time some whizkids breaking supposedly unbreakable encryptions.

    I've always preferred to hide my secrets using more secure and harder to detect means. For example if I need to send a secret message to one of my contacts, I send them a perfectly innocent looking email:

    "Hi, what's for tea tonight?"

    If the NSA read that they'd just think it was a harmless email. But my contact knows to press the secret keyboard code CTRL-A which will reveal hidden text. Hidden text I have planted at the end of the email by setting the outlook editor to write in white font on white background. For extra security when data is particularly sensitive I print out the emails and post them by snail mail. My contacts then scan them in at the other end. Even if the NSA get hold of the paper in transit they can't use CTRL-A on it even if they knew about CTRL-A (perhaps they do, perhaps they don't, that's just the risk I take. That said I wouldn't put it past Microsoft to have told them about it)

    While some have scoffed at my security arrangements, note that in 10 years my communications have never been hacked. I only mention this now because I no longer use this system, I have a much better one. Sorry, not telling :)

    1. Anonymous Coward
      Anonymous Coward

      Re: Vindication

      Ha ha, the joke's on you because the NSA still use Amstrad's with green screen monitors. I get round this though by typing in code so the letters are numbers. Only me and my friend know A=1, B=2, C=3, etc. :)

      1. Uncle Slacky Silver badge

        Re: Vindication

        I do better than that - I use ROT 13. Just to be really secure, I use it twice.

        1. My Alter Ego

          Re: Vindication

          ROT26 is much quicker.

      2. xperroni
        Coat

        Re: Vindication

        Ha ha, the joke's on you because the NSA still use Amstrad's with green screen monitors. I get round this though by typing in code so the letters are numbers.

        Oooh, clever!

        And without any hint on what the numbers mean, the only way they could ever break the code would be to try out all possible combinations - obviously pointless, since this would take millions of years, unless they had vast networks of powerful computers

        Oh.

    2. Xamol
      Facepalm

      Re: Vindication

      Do you really think they sit there looking at your emails in Outlook or do you think they maybe scan the content of the message in raw format then laugh at the people 'hiding' messages in white on white?

      I hope you were being ironic/sarcastic. If not, you should maybe cast your natural eye for security over your new 'much better' system once more - just to make sure it's not got any tiny flaws...

      1. Anonymous Coward
        Anonymous Coward

        Re: Vindication

        "I hope you were being ironic/sarcastic."

        If this line didn't make it obvious, there's no hope for you.

        "For extra security when data is particularly sensitive I print out the emails and post them by snail mail. My contacts then scan them in at the other end."

      2. Frank Marsh
        Happy

        Re: Vindication

        So two people get the joke, and then one gets suckered in. Yes, Xamol, they're joking. If this were the Daily Mail comments, I wouldn't be so sure. But if someone on The Register starts taking in hushed tones about "Ctrl-A", they're pulling your leg.

      3. Jamie Jones Silver badge
        Trollface

        Re: Vindication

        "Do you really think they sit there looking at your emails in Outlook or do you think they maybe scan the content of the message in raw format then laugh at the people 'hiding' messages in white on white?"

        You're American, I assume :-)

    3. andreas koch
      Pint

      @ NomNomNom - Re: Vindication

      Cheers, you made my weekend.

      Have a good one yourself!

    4. Anonymous Coward
      Anonymous Coward

      Re: Vindication

      <quote>

      While some have scoffed at my security arrangements, note that in 10 years my communications have never been hacked

      </quote>

      Well if they were you wouldn't know about it, so you cant really be sure they haven't, can you?

    5. Toastan Buttar

      Re: Vindication

      13 clueless downvoters and counting...

      What a pity El Reg obfuscates the identities of down- (and up-) voters.

      Wait a minute - what happens if I press CTRL-A and paste the original message into Paint, then replace all the white pixels with black?

      1. Anonymous Coward
        Anonymous Coward

        Re: Downvotes

        There are myriad reasons why readers may have downvoted the post, regardless of whether or not they understood the sarcasm.

    6. Paul Hovnanian Silver badge

      Re: Vindication

      "Hi, what's for tea tonight?"

      NSA: Tea? This guy has to be foreign. We don't drink tea in Murrica. We throw it in Boston Harbor.

    7. DF118

      Re: Vindication

      This is the best proof yet that people don't actually read the whole comment before rushing to downvote. There is no way any normal reg reader making it past the first sentence could see this as being anything other than a ruthlessly well-considered argument against the supposed merits of "encryption".

    8. Mephistro
      Coffee/keyboard

      Re: Vindication (@ NomNomNom)

      Please, NomNomNom, use that <sarcasm> tag. Every time you write a comment like this, watching your downvotes is like watching a herd of sheep falling down a cliff. Sad.*

      * Well, not really. Actually ROFLMAO and spilling whatever beverage I'm drinking at the moment all over the keyboard, the screen and the wall behind.

  9. Anonymous Coward
    Anonymous Coward

    So there is no practical distinction, American vs. non-American....

    "The documents clearly state that surveillance should cease the minute a target is on US soil or is deemed to be an American – but there are exceptions to this which allow spooks to store communications from American citizens."... "Spies are also told they can retain "all communications that are enciphered or reasonably believed to contain secret meaning" for up to five years, giving them another way to keep American citizens' communications data"

    Glad that was cleared up. So there is no practical distinction, American vs. non-American, and therefore there is no difference when it comes to certainty over your right to privacy. So what gives the US the right to spy on 100% of the world just to catch <1%? Especially when they are merely looking after their own interests, and not the Globe?

    1. Anonymous Coward
      Black Helicopters

      Re: So there is no practical distinction, American vs. non-American....

      Eh, there is an auditing and inspection process where the Inspector General at the NSA looks into what NSA analysts are doing and whether they are following the rules correctly. I have no idea whether that process has genuine teeth or not.

      Basic rules of protection from the NSA snooping on you:

      If you're in America: Some

      Overseas: Almost none

      1. DanceMan
        WTF?

        Re: So there is no practical distinction, American vs. non-American....

        Overseas? How about just across the border in Canada? A few of us still think it's a separate country, even if our PM doesn't.

  10. Anonymous Coward
    Anonymous Coward

    Sorted

    I'm going get as many pictures of bunnies and encrypt and email them, adding terrorist keywords. They should have some fun with that

    1. Anonymous Coward
      Go

      Re: Sorted

      A friend of mine and I were joking around this last weekend that I should get a dog and name him "Jihad". The resulting back and forth phone and email traffic would be most amusing!

      1. sisk

        Re: Sorted

        A friend of mine and I were joking around this last weekend that I should get a dog and name him "Jihad". The resulting back and forth phone and email traffic would be most amusing!

        I pity the poor spook trying to puzzle out exactly what 'Jihad crapped on the carpet again' is supposed to mean.

    2. Anonymous Coward
      Anonymous Coward

      Re: Sorted

      I'm going get as many pictures of bunnies and encrypt and email them, adding terrorist keywords. They should have some fun with that

      Not a good idea if you don't want to end up on that other evil, the US no-fly list. I'm not seriously suggesting anyone should do this, but as a mental exercise I wonder what would happen if lots of messages start to appear between apparently seriously dodgy people and, say, members of foreign governments about to visit the US? Could lead to interesting diplomatic problems.

    3. Allan George Dyer
      Coat

      Re: Sorted

      Yes, once you're identified as suspect they'll concentrate on rubber hose cryptography.

      ** Thump **

      "b.b.b.but they really are bunny pictures"

      "Shall we try that again, Mr. AC?"

      ** Thump, Thump **

      Obligatory xkcd reference: https://xkcd.com/538/

  11. NomNomNom

    NSA: I spy with my little eye something beginning with A

    Africans?

    NSA: no

    Asians?

    NSA: no

    Australians?

    NSA: no

    AMERICANS?!

    NSA: uhhh..

    1. Tom 13
      Coat

      Re: NSA: uhhh..

      Nope. It's:

      Another Canadian!

  12. This post has been deleted by its author

  13. Werner McGoole

    So I wonder...

    Would sending random numbers count as encrypted data? They could be encrypted random numbers, of course (or encrypted anything, really), so probably the NSA would have to keep them all, just in case. Sounds like a really fast way to fill up disks to me.

  14. fishman
    Joke

    My encrypted emails

    I always encrypt my emails with rot-13 encryption. And to be really safe, I encrypt it twice.

  15. Alan Firminger

    B1536D256988FFC5ADD5D907A9F74FB2A724EF6BC66A576812

    CFE5580A46A5D7931907AEC3C09736C83798FFB8F4999F7F25

    03583AA3400524AC86A845D4E0BA5200898963B7E8178CF47E

    B54D82241C89D24126AB31A308EBEED6619E44C725B1CB14D4

    1. Uncle Slacky Silver badge
      Thumb Down

      You sunk my battleship!

    2. bigtimehustler

      You my friend have just been recorded for 5 years hah

    3. Anonymous Coward
      Paris Hilton

      Re: B1536D256988FFC5ADD5D907A9F74FB2A724EF6BC66A576812

      Argh, that's filthy. And with a melon too?

    4. Anonymous Coward
      Anonymous Coward

      I can do that too. Does it start like this?

      3.243f6a8885 a308d31319 8a2e037073 44a4093822 299f31d008

      I like Pie

  16. Buzzword

    Large files

    What if we encrypt all our messages, and pad them out to 100 MB too? That's small enough to keep our own messages, but big enough to cause a storage headache for the NSA & friends.

    1. bigtimehustler

      Re: Large files

      This would work, but only if we generated a random 100mb of data each time, otherwise they could de-dupe all the data.

    2. hplasm
      Happy

      Re: Large files

      Download the Internet, encrypt it and use it as an email signature.

      That should keep them busy,

      Might need a bigger processor, possibly won't work on a Tablet.

    3. Pete 2 Silver badge

      An email a day keeps the NSA away

      The other thing you have to do is send the same number of (100MB) emails to the same people each day. That way the baddies who are listening in can't infer anything from the emailing frequency.

      If you only sent an email when something important was happening, or about to happen that in itself tells the baddies something is going on.

  17. Elmer Phud
    Black Helicopters

    Substitution

    In code:

    "I planted the C4 and set the timer. The explosion scattered over a long distance and got many people."

    Becomes, in real terms:

    "Planted four rows carrots of carrots just at the right time.

    Got so many of the buggers I reckon I fed half the neighbourhood"

    1. jgarbo
      Black Helicopters

      Re: Substitution

      Right! In business we use this plain text substitution for important comms. Just agree (face-to-face or snailmail) on words, then for extra fuzziness rotate them according to day, date (odd-even) or month. Message gets through seen but not understood by spies.

  18. i like crisps
    Big Brother

    Dear American Spooks Everwhere

    Go F**K yourselves you C**K munching, S**T stabbing, Panda F** ING C**NTS.

    There...Decrypt that you F**KS.

  19. Derpity
    Pint

    All of 'em

    I'd be surprised if every western govt wasn't already doing this and the US was just the first to get caught in public.

    I'm sure I'll be downvoted to hell for saying this but: As a society we demand almost absolute security from random acts of violence(terrorism or whatever) but we also expect almost absolute privacy. This puts law enforcement/govt/et al in a very difficult position. I don't see how you can have it both ways. I think people lose sight of that and immediatly que the outrage when they learn of new details of this. I'm not saying there's not some ambiguity in whos getting monitored and for what, however I don't think theres some huge conspiracy to see what porn you're downloading.

    Beer cos its Friday

    1. hplasm
      FAIL

      Re: All of 'em

      "As a society we demand almost absolute security..."

      Who are you calling 'we', Kemosabe?

      1. Sir Runcible Spoon

        Re: All of 'em

        indeed. I think you'll find that absolute security is an insidious idea that has been foisted on the public by the fear-mongers.

        No-one wants feudalism or anarchy, but cotton wool lined cages is also something I could do without.

      2. jgarbo

        Re: All of 'em

        "As a society we demand almost absolute security..." Demand? Naive. You're as secure as you make yourself.

    2. Destroy All Monsters Silver badge
      Big Brother

      Re: All of 'em

      > Beer cos its Friday

      No beer for you because there are these little things called "laws" you are forgetting about which were, once upon a time, regarded as a great advance to check the power of kings and administrative forces.

      Don't let the door of the cattle truck hit you when you are getting out. Inside the "perimeter zone", natch.

    3. Anonymous Coward
      Stop

      @Derpity

      There is no such thing as "almost absolute security". Life has misfortunes, and on some occasions those misfortunes involve people who wish to do violent harm to others. I'd always thought that if someone wanted to conduct a really successful terrorist attack/crazy rampage, they would just steal a semi or a dumptruck and drive around a major city hit-and-run bowling over pedestrians on the sidewalks. It would take the police quite awhile to catch them or stop the truck if the driver didn't do something stupid like driving into a cul-de-sac.

      What I want our counterterrorism people to have is the ability to speak to analysts in other government agencies, and to go get warrants for individuals or groups based on actions those persons took. Once you have a real warrant then sure, go after their email and social media and phone records, but let's not go trolling through the innocent population-at-large. That's just a recipe for ultimate abuse.

  20. Anonymous Coward
    Anonymous Coward

    One-time pad video club anybody?

  21. stragen001
    Black Helicopters

    "communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis".

    So if anyone sends an email in an Allo Allo - esque style saying something like "le albatross 'as exited le cat flap" then that will be kept on file?

  22. Daniel B.
    Boffin

    Reminds me of HS

    Back in High School, I encrypted the following message:

    "Si estás leyendo esto, CHINGA TU MADRE, este mensaje no dice nada!"

    (If you're reading this, [local profanity], this message doesn't say anything!)

    The idea being that anyone snooping my email and eventually cracking the "secret" message would have wasted their time for nothing. Maybe these practical jokes will become standard?

  23. Anonymous Coward
    Anonymous Coward

    The solution is simple. Get everyone to encrypt everything. Good luck getting everyone to encrypt everything.

    1. Anonymous Coward
      Anonymous Coward

      Yes, that would be a very simple thing to do.

  24. sisk
    Trollface

    I don't bother with encryption

    I firmly believe that NSA will (if they haven't already) crack quantum computing long before the private sector. When they do, they won't tell anyone. They'll just have their quantum computer cranking away in a uber-secure room not on any blueprints. It will be 400 feet under ground, with the secret elevator behind a hidden door that looks like a book case. To get in you'll have to pull a book having something to do with the genealogy of Edward Cullin, on some other such tome that no sane person will touch. And with this 50 gazillion dollar machine and the 30 bajillion dollars worth of security around it, they're going to munch through the encryption I put on that email to my mom like it's nothing. (Never mind the fact that my poor mother would never be able to figure out how to decrypt it even with step by step instructions and the key).

    Nope. I'll throw them for a loop by revealing the existence of their top secret machine in a jokingly sarcastic manner on some forum somewhere instead.

    1. dssf

      Re: I don't bother with encryption

      No, pulling a book would be too simple to be so simple.

      You'll gain access by opening a specific book, removing a certain isolinear chip, plugging it into a certain biomemetic gel pack, putting it through a phase variance first of 22 giga Cochranes, then reversing the polarity at a particular ODN junction access control panel, followed by performing a specially-sequenced baryon sweep alternated with a nuanced blast of chroniton particles, only to have to use a nadion stream emitter to cause a spectral shift of a secret, daily-changing amount.

      Then, when you think you've entered the Inner Sanctum, you have to cope with dancing, nutating, uulating laser beams and holo lasers, and the real fryer is indistinguishable from the holo emitter.

      In all seriousness, IIRC, either I or someone else years ago, when FISA stuff came up, off-handedly said the USA would route domestic traffic via the UK, and the UK would route its domestic traffice through the USA. Alternatively, they could just tap, split, and route abroad the streams they want to copy "legally". Wait, maybe I ws daydreaming...

    2. Anonymous Coward
      Anonymous Coward

      Re: I don't bother with encryption

      I don't worry about government spooks reading my emails, because unless I am doing something REALLY bad they won't bother to even have a person look at it... But I do care about my emails being read by anyone else...

      1. Sir Runcible Spoon
        Flame

        Re: I don't bother with encryption

        "I don't worry about government spooks reading my emails, because unless I am doing something REALLY bad they won't bother to even have a person look at it... But I do care about my emails being read by anyone else..."

        I'm sorry, but this attitude is starting to really irritate my penis.

        YOU ARE A FUCKING MORON sir.

        What happens, let's say, if the government of this country takes us in a direction that you don't particularly like - such as invading a neutral country for their oil and killing thousands of their citizens, and then leaving them in a worse mess than when they were in in the first place.

        Let's say your brother is in the Army, dedicated to defending his country, his family and all the values imbued therein and gets killed in a pointless waste that looks like an effort to line some big-wigs already overwhelmed bank account.

        Let's say you start a conversation with your cousin saying you're not happy about this state of affairs and you send this by email.

        Suddenly not only are all your communications being monitored (because they were anyway) but now they are being _looked_ at.

        All this spying has one aim - to quell dissidence in their own country.

        1. tom dial Silver badge

          Re: I don't bother with encryption

          For me, the key assertion here - that the aim of the NSA monitoring and data collection is to quell dissidence in the U. S. - fails of plausibility. It presumes a conspiracy with a cast numbering in the hundreds to thousands, very difficult to sustain. It presumes that the NSA managers and analysts are not much the same in their background, attitudes, interests, and outlooks as most of the citizens, also implausible. I suspect that the major difference between NSA analysts and the general population is that they average one or two standard deviations above the mean in intelligence tests.'

          That said, I do not want the NSA, or the FBI, having access to my telephone records, emails, or anything else that is mine without a proper warrant issued under a strict literal reading of the fourth amendment, treating digital and electronic data as if they were papers. The sticky point is whether we consider that such warrants would be necessary to target those who are not U. S. Citizens - the term in the fourth amendment is not "citizens", but "people".

          In addition, I am extremely skeptical that analysis of bulk data, as suggested by the apparent magnitude of NSA data collection, stands any reasonable chance of uncovering a terrorist plot or producing anything else of much use. It is far too easy for those who do not wish us well to use encryption with one time pads, conveyed by physical means, TOR, Pay-as-you-go cell phones and the like that are very difficult to track. If the government has real evidence that massive collection and analysis of communication data is effective, they should produce it. So far, all I have read about is things that were uncovered by targeted collection that led to arrests through classical police work.

          1. 142
            Thumb Up

            Re: I don't bother with encryption

            yep. I'm willing to believe it's a case of mostly well meaning people creating something that has unintended consequences. Like you say, they're probably all like Reg readers - many probably ARE Reg readers. We're all guilty at some point, of going too far with tech solutions to meet our own goals as programmers, admins, etc, etc and losing sight of the big picture for other stakeholders. It's no different here.

            The issue is that if it's that easy for someone like Snowden to release info of that's in our interest, then it's a real problem if someone who's not as well meaning gets his hands on the data (or is in charge of the data). It doesn't matter if it was made FOR the quelling of dissidence, it's the fact it could easily be used to do so that's the the issue.

            Incidentally, does anyone know how well paid the NSA folk are? I know it's been said here repeatedly that GCHQ pay pittance.

    3. Nigel 11
      Boffin

      Quantum computing

      I firmly believe that NSA will (if they haven't already) crack quantum computing long before the private sector. When they do, they won't tell anyone.

      I'm quite sure that they haven't already.

      You may be right as of some near future, but the consequences of that will be greater and faster and stranger than you imagine. "The Laundry" plays this idea for (very uneasy) laughs, but I expect laughs would be the last thing on our minds. The result would be more like Skynet going active crossed with the Stargate sequence from 2001.

      I don't expect the singularity to arrive this way, because I don't believe nature will support quantum computing work for numbers of qubits sufficient to break strong cryptography ... but I don't have any particular hotline to the future and may be proved wrong. In which case, may the Eschaton be merciful. Cracking cryptograms for our amusement will be the last thing on its mind.

  25. BornToWin

    Perhaps

    If you are using encryption and you don't have security clearance, maybe you have something to hide? It's a two way street.

    1. cyrus

      Re: Perhaps

      I have to use encryption daily in emails to my team mates who may need account user names and passwords. We simply do not allow that info out in the clear.

      I guess I am most likely on a some ones shit list because of it.

      But the only thing I have to hide is my clients' privacy. You can't even do business in the US without attracting undue attention. Oh well, I guess I have to stand behind my integrity and protect my clients from my government, too. What a pity.

    2. M Gale

      Re: Perhaps

      If you are using encryption and you don't have security clearance, maybe you have something to hide?

      Of course I do: My privacy.

    3. Steven Roper
      Mushroom

      Re: Perhaps

      If you are using curtains on your windows and you don't have excessively light-sensitive skin, maybe you have something to hide? It's a two way street.

  26. Anonymous Coward
    Unhappy

    Dear Mods

    Any chance you would consider moderation of the Register, as the tone, technical comments and childish rhetoric is getting beyond a joke.

    1. sabba
      Joke

      Re: Dear Mods

      Or you could just stop reading the ones you deem childish!! Just a thought.

      Hello!! Hello!! Are you there....did you get my message? Hello!!

  27. This post has been deleted by its author

  28. MrXavia
    Facepalm

    Rule 1, if you do it online, it is NOT private...

    Rule 2, expect every packet you send to be intercepted...

    Rule 3, encrypt if you want it to be private, but expect the encrypted email to be intercepted by someone...

    Rule 4, Don't worry, unless your a terrorist or a child molester, the government doesn't care..

    1. jgarbo
      Joke

      What's wrong with terrorizing child molesters?

      1. Alan Brown Silver badge

        "What's wrong with terrorizing child molesters?"

        For starters the age of consent varies wildly with era and geography. What may be 2 consenting adults in one time/place may not be in another.

        The vast majority of "child molestation" cases don't involve pre-teens and in a lot of those cases the older of the pair is under 20. It's a very murky area and nowhere near as clearcut as the Daily Fail would have us believe, largely thanks to kneejerk legislation in response to extreme cases which were already crimes under existing laws instead of aiming for better detection of what's going on everyday under our collective noses..

        Having once been stuck in a very awkward position as an ISP admin due to a prederast sending email which bounced into the postmaster box, I'd really appreciate some well thought-out laws for a change.

        Disussions over the fact that more than 1/3 of sexual predators are under the age of 18, that 50% of sex offenders are female and that the source of greatest danger for molestation (80%-90% or so) comes from the immediate family and its circle of friends, not some stranger on the street or net are probably better had in other fora, but it does bring home the point that the awful stuff which happens on the net, while awful, is only a tiny fraction of what's going on in households around you, whereever you may be. Stuff becomes news BECAUSE it's so unusual and headlines about what is more likely to be happening at home may cause a drop in circulation

        The issue with GCHQ or NSA or anyone else hoovering up all your data is that because it's all secretive, it's easy to abuse, whether that's a rogue spook looking up his brother-in-law's politics or a politician telling an agency to dig up all the dirt it can about XYZ activist's past/associates in order to discredit/blackmail, even if the activities in question were perfectly legal. (such as being an active B&D participant).

  29. Anonymous Coward
    Happy

    How t okeep a secret and not let the NSA / GCHQ find out

    Its simple - I just do not tell myself the secret that I need to keep and thus I cannot post it online or email it or store it on my computer.

    Its completely secure :)

  30. Anonymous Coward
    Anonymous Coward

    The solution is simple

    Encrypt everything. Let them store it for five years, spend time cracking it or whatever they want to. Nothing like a lot of messages that only say, "Hi, NSA hope you're having a great day. Until the next useless email; 3, 2, ...."

  31. heyrick Silver badge
    WTF?

    Something overlooked?

    "what they are allowed to do in order to spy on "non-US persons".

    Yeah. Um. Allowed by who? Themselves? That might not fly with other countries, especially when they figure out that this smacks of World Police. Is it justified for America to eyeball the rest of the world when they don't have their own house in order? Is it justified for them to make judgements given their highly eccentric morality (seriously, WTF was the big deal with the superbowl titty?) and religious opinion bordering on a laid back sort of fundamentalism? And if they are snooping on us non-Americans, I can only assume that this means it is quite alright for non-Americans to snoop on Americans, hello PRC and Russia and... ;-)

  32. Tom 7

    reverse steganography

    I'm wondering how often a key can be used to decrypt noise into something that seem meaningful to the paranoid so if you throw enough crap at white noise you may just get the infinite monkeys version of a terrorist threat?

    1. Suricou Raven

      Re: reverse steganography

      That's the idea behind the one-time pad. There are many (as in 2-to-the-lots) possible keys that return what looks like a legitimate message. One for every possible message. Thus it's impossible to determine which is the right key, if any.

      1. Charles 9

        Re: reverse steganography

        So start with some cheap-but-huge image, then start encrypting a bunch of innocuous documents against it and come up with a ton of encrypted trash. Should make for a busy day.

  33. Anomalous Cowshed

    That is precisely how we used to know that all comms are monitored

    A colleague of mine once sent an encrypted file with a 256 bit key, about 10 years ago, from the UK to another country. Very soon afterwards, he reported being contacted by a senior manager in his company, requesting disclosure of the key so that they could pass it on to "the authorities". This is why the recent disclosures about NSA and GCHQ, etc. didn't come as much of a surprise to some people...

    1. Sir Runcible Spoon

      Re: That is precisely how we used to know that all comms are monitored

      Um, if your colleague encrypted it with the receivers public key, how come he was in a position to provide the key to decrypt it?

      1. My Alter Ego

        Re: That is precisely how we used to know that all comms are monitored

        Nowhere does it say PKI was used, although it's an excellent excuse. Maybe that was your point.

  34. dmcq
    Happy

    Yeah!, now they'll get those terrorists sending 'spam'

    Those spam messages with the words spelled wrong - they're messages from terrorist leaders sent out so no one knows who is their cells! Many of those pictures of cats posted as well, what the Lolcats do is really a secret message. They're not funny at all. And when people trash a comments page with puerile rubbish - that can be them hiding their evil work too, even young children seem to have been recruited into their ranks. I'm all for the NSA and GCHQ securely storing all these secret messages, of course I advocate using the power of the law to convict the villains but I'll understand if in the interest of national security and if they can't fully decrypt the messages they deal with this menace quietly and without fuss - if some are caught up in this who aren't terrorists I'm sorry but they should not have defaced a web page and anyway you can't make an omlette without breaking eggs.

    1. Anonymous Coward
      Anonymous Coward

      Re: Yeah!, now they'll get those terrorists sending 'spam'

      Hmm. I was wondering if we couldn't convince the NSA, GCHQ and all the other members of the alphabet soup club that criminals and terrorists use spam as transmission method.

      First of all, that's not so far off - we are so conditioned to zap such stuff that we may miss that the next viagra message of a particular brand is actually a signal. The main reason is, of course, to get those agencies to close down spammers and so actually do something directly positive and beneficial. It means less rubbish for us to filter out, and less rubbish to them to store - and it buys some public goodwill back.

      Next up: telesales terrorism. :p

      1. Charles 9

        Re: Yeah!, now they'll get those terrorists sending 'spam'

        Whatever happened to code messages using plain old innocuous conversations such as wrapping a plot as a plan to visit their mum and asking how the rest of the family's doing? I mean, if they planned this out properly beforehand, how will the spooks be able to tell the difference between a terrorist plot and a birthday party?

  35. Trevor Marron

    Can you still use web mail and save it in the drafts box?

    I seem to remember a technique where you shared a web mail service log-on and simply left messages in the 'drafts' folder so no message was ever actually sent. Anyone wishing to view the messages just logged on and read them.

    1. Sir Runcible Spoon

      Re: Can you still use web mail and save it in the drafts box?

      If they are intercepting pure data streams those draft emails would be in cleartext in an http session.

      Unless it's https of course, in which case they will have to use the *key* to read to it.

    2. OffBeatMammal
      Black Helicopters

      Re: Can you still use web mail and save it in the drafts box?

      given that most of the providers are rolling over and sharing whatever is asked of them I have to assume that draft folders (as well as things like Google Docs or Dropbox) are also no longer particularly safe places.

      Something like HushMail may be a little more reliable but who knows.

      The problem is unless you have total faith in the provider of the storage mechanism and the integrity fo the channel from you to it... then balance the risk accordingly.

      Even if the system you use is in a different country you don't know that they're not "cooperating" with local authorities and then simply sharing the gathered intelligence as part of a cross-border exercise.

      It scares me when paranoid fantasies turn out to be real... and scares me even more that nothing will happen as a result of this in any of the countries where it's discovered to be happening :(

  36. Ben 54

    Storage

    Can anyone even see the impossible logistics with this whole setup? Storing audio takes up space, a LOT of space. Let alone doing it in real time. The technology is there, but how big of a server farm do they have to keep running as a library for this? And to check every call, every minute, for everyone?

    1. Mephistro

      Re: Storage

      They could just use an automated voice recognition system, search for 'interesting words' or 'interesting individuals' and store only the audio from the 'interesting calls'. They would need a big server farm for the voice recognition part, though.

      1. Mephistro

        Re: Storage

        Continuing from my last post.

        The system would -of course- submit alerts to human operators, so they could review the audio from the interesting calls, and probably also classify the calls according to several parameters, e.g. countries involved, known ideology of any of the participants, whether any of the participants has a criminal record or has ever been arrested...

        This shit is f**king scary.

        1. 142
          Boffin

          Re: Storage

          Audio doesn't take up that much space, especially with compression. Even in the 70s you could encode intelligible speech with well less than 5kbit/ second, just using delta modulation. And you don't have to store the silence between words that presumably makes up the bulk of most phone calls.

          Even without compression - assuming 8kB/sec* it's still more than feasible - here's a back of the envelope estimate someone did (I suspect he's underestimated the number of phonecalls): http://blog.archive.org/2013/06/15/cost-to-store-all-us-phonecalls-made-in-a-year-in-cloud-storage-so-it-could-be-datamined/

          It's running the analysis that'd be a PITA - that would be a phenomenal amount of processing power - and would obviously need more processing power the more compression had been applied to the audio. Again, though, given the surprising fact that storing all the phone calls for a year is feasible, there's probably ways to optimise it!

          *(that'd be 8bit, 8kHz PCM mono uncompressed - a tad better than normal phone quality)

          1. Alan Brown Silver badge

            Re: Storage

            "And you don't have to store the silence between words that presumably makes up the bulk of most phone calls."

            And when you're listening to the other end. It's not often that there's speech going in both directions and if there is, it's usually meaningless.

            That takes the absolute maximum down to 1/2 the raw rate (64 or 56kb/s depending wihch country you're in) even before compression is applied (the encoding uses non-linear quanta in both cases)

      2. Frankee Llonnygog

        Re: Storage

        Voice recognise this!

        "The halibut flies enticingly. Be sure and leave the violin under the midwife. Ring twice for last Wednesday."

    2. Charles 9

      Re: Storage

      Don't think tapes. Think digitized recordings using efficient voice codes. And IIRC the NSA is building the biggest server farm in existence in Utah

      http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/

      (Think exascale machines and a storage capacity of yottabytes).

  37. Alan Firminger

    Where is the physical interception

    It has to be at the terminal station.

    In 1990 the busy terminal station would have one person and a dog as a fall back staff, more staff might show up for day time procedures. A little used link such as to Denmark would be without permanent staff.

    But of course then there was no reason why any one would want to break open the locks and set foot inside. Each must possess a serious border guard.

  38. Who took my handle %@£#

    Email inscription

    My friend who works for the NSA says that the hardest inscription to crack is British English. :-)

    1. NoOnions
      Headmaster

      Re: Email inscription

      ...otherwise known as 'English' - your NSA friend speaks American English... ;-)

  39. Cipher
    Mushroom

    Just a quick note to Big Ears...

    aCExMSEo71OyvNvI5Ojx6NTBuREQ6zlrx+rCJS8rm/bHHQM0BiBbINBIaz3h3GVnxbdWJiEzMyF8f/0YbowPKMpYXiXLHbZe3o0bbgYPsYFA34rizkZO4z4IMyExMSHMztyiklaHEiAVNf1lkL37O4ZircNUSokhMzMh6uO1Ya45wWCqsYFA34rizkY6871wq+j0c0VelE7Xy3AhOSEGjFl0aX41HSExMCGvk4E4zvm6ITEyIeDxlO2CZtd1PyExNjAhhF25f4yc6DmDcov23SEzOSEhMTAhtS2ezW12tEeKvobDU2ik3de+BA6P74QZLm/FoXGexMxALHssxm3tQe1+iZ76stVgnTb5m8g/zaMhMzkh5sPe9WCt1HiaOpe4qCsE6RqifylF5uUCUtcEArMllAiokyZQF2tNu8BGogXEWMeh+9vR2TbTITAhrsz81YdjITAhs4wkxeh+t2/pXPEO7FRtN55Rz46nITM0IRmyVAZe96djZax+bnKHQVjab7UsBbhq8mpZFHFIpWYzRq6URyzioTvk/jDJITE2MCGWiysvoRZQt+Sk2xqvZPrZlH6JRNFBr5U28TshMTAhpweJ/6c8cBQ+j4tsSCz+55GMq32UhoC8LLoVEZQbeKPr

  40. Respectyouresefinit
    FAIL

    Did anyone notice this was all marked secret and released by an it pro?

    As an it professional I find the release of this information appalling.

    I've no idea as to the whole picture but come on a sysadmin who is probably only second line puts the whole it industry into disrepute...

    When you are an it admin you have access to everything. That doesn't mean you have the right to look at and copy whatever you fancy. I'm sure most people working anywhere have no clue that as an it admin we have access to what we do...

    Please as it admins always remember we are the keepers not the releasers.

    // end of moan

    1. Charles 9

      Re: Did anyone notice this was all marked secret and released by an it pro?

      But that poses a challenge: how do you keep the keeper from becoming a releaser? Who admins the admin, IOW? Because your environment could easily become DTA and you can't even trust the admins. How do you allow an admin to do his/her job while preventing him or her from stealing the data?

  41. paulc
    Mushroom

    so basically everybody then

    as all of us use https for banking or on-line shopping purposes or most email like googlemail and that communication is encrypted between originator and host by default...

    tosspots, the lot of them.

  42. Frankee Llonnygog

    Use one way encryption

    Otherwise known as Google Translate. Once Google has rendered your text into English, nobody has a hope in hell of understanding it.

    1. Silverburn
      Pint

      Re: Use one way encryption

      You need some "salt" with that too. More specifically...beer.

      That will turn it from english into something truly uninteligible to any sober person, but will make perfect sense to anyone who's consumed the right amount of "salt".

  43. Crisp

    Coming soon to an American town near you

    A Key Signing Party!

  44. sabba
    Gimp

    So let's all start...

    ...encrypting huge blocks of random text and sending them via email (or other means) over the net.

    Won't serve any great purpose but it should start to ramp up their server and associated storage costs.

  45. Alan Brown Silver badge

    Don't forget...

    ..about the ctrl-F4 super-secure encryption option.

  46. envmod

    i always thought this would be the case

    i've always thought thst using TOR and the like would actually draw attention to you rather than the desired effect of making you anonymous... basically, the authoroties will assume you wouldn't be using such a service unless you're up to something. it was probably fucking set-up by the NSA in the first place to amass a nice database of all the likely terrorists/crims/pedos/capitalist dissenters around the globe.

  47. Rob73!
    Big Brother

    Too late.....

    Playing devils advocate here......

    If you own a msartphone, have an online presence, use a supermarket loyalty card, then i think you have to accept that you are consenting to surrendering at least some of your privacy. And if you have been doing the above for anumber of years already, it's probably too late to stop your details being logged if not looked at.

    That being said, I don't think Government should be able to slurp data on the industrial scale that it appears to be doing so at present. It's equally not defensible to suggest that it's soley to combat "terrorism". As the very definition of "Terrorism" can change. Today it's largely inferred to be Islamist terrorists. Tomorrow it could be you or I, simply because we don;t like the current government of the day.

    Can't see that using encryption is going to be worse than sending traffic unencrypted. Yes it might flag a trigger, but unless they demand to nsee your private key they won;t be reading it.

    Also, I think considering just how far removed from sanity and democracy our respective governments seem to be moving, people like Brad Manning and Ed Snowden are more important than ever before.

  48. Wzrd1 Silver badge

    One thing that the NSA has to watch for is not monitoring US citizens.

    The reason isn't a question of niceness or nastiness, it's a question of law.

    Most germane is the Posse Comitatus Act, which forbids the military from operating in any police activity inside of the US.

    Of course, one also has to recall how often such laws were thoroughly ignored in the US, such as CIA operations inside of the US through the 1970's, before Congress put that shenanigans to a stop.

  49. Anonymous Coward
    Anonymous Coward

    That's fine

    They all cry and whine that they need this for fighting terrorism, but at the same time they stand against any provision to make sure the data can only be used for fighting terrorism, and can't be used for anything else. Clearly they are using it for other things.

    We have had enough of their nonsense. That's fine if they want to keep everything because effective immediately, we are encrypting EVERYTHING, and we considder government documents to be suspect and subject to publication.

    Laws be damned.

    1. Charles 9

      Re: That's fine

      "We have had enough of their nonsense. That's fine if they want to keep everything because effective immediately, we are encrypting EVERYTHING, and we considder government documents to be suspect and subject to publication."

      Then what happens when the government fires up their black-project ("it doesn't even exist") quantum computer and start cracking all the communications they've been keeping backlogged in Utah en masse (since post-quantum encryption wasn't and still isn't the norm)? Then they wouldn't care if you encrypted everything; they'll be able to read most of it ANYWAY.

      1. Suricou Raven

        Re: That's fine

        Then we need to encrypt absolutely everything that can be encrypted. The sheer volume of data that flows over the internet would too much for even the NSA to store. They have to justify their budget to someone - asking for another billion dollars worth of hard drives is going to cost some political favors.

        1. Charles 9

          Re: That's fine

          Black projects are on a strictly need-to-know basis. And they DO intend to store ABSOLUTELY EVERYTHING—encrypted or not. Last I heard, their storage capacity was in the yottabyte range if not greater. They're also holding the encrypted stuff for when code breakers catch up (that's where the theoretical black-project quantum computer comes into play, and they may already have it. How long were they in service before the SR-71 and F-117 became public knowledge?). As for the budget, just say, "They're planning something worse than 9/11" or "They've got a nuke and plan to use it over South Dakota" and that should scare anybody into giving them anything they want. Nothing like an existential threat to loosen the purse strings.

This topic is closed for new posts.

Other stories you might like