back to article Watch out spooks: STANDARDS GROUPS are COMING AFTER YOU

The Internet Engineering Task Force (IETF) has vowed that the NSA won't be allowed to get away with its nefarious surveillance of the internet any more … as soon as 1,100 boffins can agree on a PRISM-proofing plan. The IETF met this week in Canada and the communiqué issued makes it plain that the standards body is mad as hell …

COMMENTS

This topic is closed for new posts.
  1. Don Jefe

    You mean the same standards committees that have their arms twisted by the governments of the home countries where their large/powerful members are? Those guys?

    The only way to stop this sort of thing is with big changes to the current climate of governance through fear and/or big changes in risk management policy. No independent group has enough power to stop mass scale government surveillance in the first place. They certainly aren't going to affect change with a 1431 page revision of a standard. I'm sure kit makers will welcome the sales opportunities this exercise will provide though. <--- That sentence, unfortunately, is the reason why big change is unlikely. There's simply too much money in things staying the way they are. The only people losing out in this are the common folk and fuck them, they've done their duty as soon as they create new taxpayers to replace themselves.

    1. theloon
      FAIL

      Wow, you clearly know nothing about the IETF, it's members and how it operates.

      1. theloon

        Why the thumbs down? Do you actually work in or contribute to the IETF and even understand it....? My guess is not.

        But if you do either know anything, or are actually attending then lets meet in the lobby of hotel in Vancouver where it is being hosted this week @ 11.30 PST and discuss it....yes that's right I'm actually there...

      2. Yes Me Silver badge

        Actual facts about the IETF

        I think Mr Jefe should actually watch the video of the session at http://www.ietf.org/live/ or https://www.youtube.com/watch?v=oV71hhEpQ20. You can skip the first 22 minutes of routine reports.

        And even read a few words about how the IETF actually works, for example starting at http://www.ietf.org/newcomers.html

        1. Don Jefe

          Re: Actual facts about the IETF

          Yep. IETF is about as neutral and immune to government and commercial pressure as ICANN. While they do some good things, their primary role is the streamlining of commercial practices online. Before you buy completely into their marketing efforts I suggest you skip the propaganda pages and really dig in to who steers the organization.

          1. Yes Me Silver badge

            Re: Actual facts about the IETF

            @Don Jefe: I call BS. What on earth makes you think that government pressure has substantial effects on the IETF? Please give chapter and verse. Of course engineers from vendors and operators participate in the IETF, which is why IETF standards actually relate to the real world. Again: educate yourself.

            I do know exactly who steers the IETF. I mean I know them personally. I assure you that the quickest way to get shouted down in the IETF is to say "My company thinks...". And nobody is stupid enough to say "My government thinks..." because it would be greeted by raucous laughter.

  2. doronron

    Pick 3 encryption schemes

    Pick 3 public key encryption schemes.

    Pick a USA public key encryption, a Russian public key encryption and a Chinese public key encryption. We don't know if they are backdoored, but we do know they don't cooperate and thus a message encrypted with all 3 schemes isn't backdoored.

    Put the public keys for these in the DNS server as TXT records.

    Every browser should keep a key-chain for every site they visit, and if they visit a site and its public keys are changed, the user should be warned of possible man in the middle attack.

    When sending any request to these servers, use the public key in the DNS together with 3 return keys for the return leg.

    To man-in-the-middle this scheme, you need to intercept all DNS requests everytime, right from day one, and do a key swap 100% of the time. To defeat such a man-in-the-middle attack, you need simply send the keys via a different route. So this is next to impossible to intercept on a mass scale and easy to detect and defeat.

    EMAIL

    Send out the 3 public keys in the header of every email to everyone.

    When your email client receives an email with these keys, it then always uses these keys to encrypt messages to that email address.

    If you receive an email with different keys, then the user is notified of a possible MITM attack, and can take steps to verify the key change, or simply treat the message as identity theft.

    To attack this scheme, you have to swap/or strip all keys all the time, right from day 1.

    To fix the attack, simply send the keys via a different route.

    Thus we should be able to protect journalism, political activism, protest, voters, innocent people, etc. from mass surveillance, of course terrorists and criminals will still be bugged, but it will stop the massive warrantless fishing that's been going on.

    Notice that it doesn't get bogged down in 'proving identity', this is unnecessary, you don't do this now with ordinary email.

    How do you change keys? You convince the receiver you are the genuine Bob Simpkins exactly as you do now when you email someone. If they believe you, they can accept the key, or not. Just as they accept your email or not as from you now.

    It just eliminates Big Brother from watching.

    1. Sir Runcible Spoon

      Re: Pick 3 encryption schemes

      "Notice that it doesn't get bogged down in 'proving identity', this is unnecessary, you don't do this now with ordinary email."

      However once you have established the trust you can digitally sign your email.

    2. Anonymous Coward
      Anonymous Coward

      Re: Pick 3 encryption schemes

      Shouldn't all DNS interactions be encrypted as well?

  3. Paul Hovnanian Silver badge

    CALEA

    http://en.wikipedia.org/wiki/Communications_Assistance_for_Law_Enforcement_Act

    And after all your precious standards work is done, law enforcement will just wave this under your nose. And you'll give them a tap off your backbone. I'm sure all members of the Five Eyes have similar legislation in place.

    1. M Gale

      Re: CALEA

      I think the idea is that various agencies can tap as much megabit-key-encrypted info as they like. It'll do them no use without a few billion years of supercomputing time.

  4. Anonymous Coward
    Anonymous Coward

    Also don't forget private key one time pads

    I've done this with point to point stock data. Orders sent from one broker to the central office need to be *fast* encrypted, and are financially critical to the business. Obviously you can't let spooks take a look and just assume they won't abuse their position, because they're not saints and you're not an idiot.

    So the fix was to generate a very large random key file from sampling white noise. The file is longer than all the stock orders they will send over the next twenty years.

    For 100 byte order, 1000 times a day that's about 750mb of private key., I carried the key on a CDR to install it, nowadays, you'd probably generate a 3TB key and carry it on a portable hard disk.

    Cryptographically it's uncrackable, of course that won't stop them hacking the computer on the end if it has a zero day exploit, or auto updates, but a stripped down Linux instead of Windows will give you your best shot at that.

    Better still, how about a really stripped down stack on a Raspberry Pi???

  5. Anonymous Coward
    Anonymous Coward

    The thing is, there is already sufficient technology around to make breaking into email, instant messaging, voip etc practically uncrackable. The technology is not the problem, it's just that the applications that we use day to day just don't implement them.

    Why is email not end-to-end encrypted all the time as a default? Processing power just really isn't an issue these days.

    What I hope will come out of these Snowdon revelations is a bigger uptake of what we already have. It is almost impossible to make a product that is 100% bulletproof, but like house security, you just have to make it hard enough.

    1. Anonymous Coward
      Anonymous Coward

      I think one reason is that intercepts for the government are simply low-hanging fruit. HOWEVER, we ALSO know they're not above pwning endpoints (which by definition MUST have the data in unencrypted form in order to display it). It's all very well using an armored car to transport the money, but what happens when they rob the bank during business hours (when the vault MUST be open)? And it's pretty hard to say any operating system can be declared hard to break (yes, even Linux--UNIX is where the term "rooting" comes from); the harder the target, the higher the priority, plus you have humans involved.

    2. John Smith 19 Gold badge
      Unhappy

      "Why is email not end-to-end encrypted all the time as a default? Processing power just really isn't an issue these days."

      Because it dates from a time when processing power was an issue.

      And decent protocols to negotiate for this have not kept up.

      1. MacroRodent

        why email is unencrypted

        Because it dates from a time when processing power was an issue.

        A more important reason for this state of affairs is that until fairly recently, the U.S. governement classified any encryption technology above toy level as munitions, and since most email software was originally developed in the U.S, the developers omitted encryption rather than deal with export restrictions.

        Also, there are also many other countries whose governements view encryption with suspicion, so baking encryption into email standards (which is how it should have been done right form the start) would have seriously restricted their spreading.

    3. Necronomnomnomicon

      Don't forget the meatbag factor

      I can encrypt all my outgoing emails if I want to. But as not one of my friends, even those in IT, are set up to receive encrypted emails, I may as well just mash the keyboard at random for all the information they'll be able to get out of it.

      If we want PGP and the like to actually take off, it needs big, widely-used mail providers like Outlook.com and GMail to talk you through setting up PGP when you set up an account with them, and then ask "Do you want to send this securely? (This is recommended)" every time you send an email. Only then will it get the mass adoption it needs to work.

      The fact that email clients like Outlook don't have any way of encrypting without plugins is another hurdle we need to jump for encrypted comms.

      Given how embedded email is in everything I can't help but think the DarkMail lot are right and we need a new standard that is encrypted by default to slowly usurp email as the default method of messaging.

      1. Don Jefe

        Re: Don't forget the meatbag factor

        You're absolutely correct, the plugin requirements make encrypting messages from the mainstream clients simply too much of a hassle for most people/organizations to deal with. There's also the risk management component in all this. Most businesses simply don't deal with truly sensitive information. The costs of implementing complex encryption schemes isn't worth it.

        The need for a new standard that eliminates the third party aspects and complex deployment issues is significant. Email 2.0. It'll happen one day, but right now tech standards bodies are too busy catering to their primary members.

  6. Old Handle

    The only way encryption will go mainstream is if it becomes a standard feature of products people would use anyway. (This has somewhat happened with web browsers, despite HTTP being far form perfect.) So standards groups at least theoretically have a valuable role to play. But really, it's up to the software makers. Ideally someone already established (like Mozilla, perhaps) would add it to an existing product.

    But the important thing is it must be very slick. Whatever it is has to be so good people would use it even if it didn't provide encryption. Because sadly most people just don't seem to care that much about privacy. But if were just a bonus, I don't think anyone will turn there nose up at it.

    1. Anonymous Coward
      Anonymous Coward

      Correct, the public at large is not going to use encryption unless it is truly simple. Case in point, the number of unencrypted wi-fi networks you can find just by war-driving an average residential neighborhood. The same applies to security updates.

      Standards need to be strong and easily audited at the IT provider level, where (hopefully) you can have people secure the internet backbone and fiber-to-the-curb. Beyond that, you need security-in-a-box.

      1. Charles 9

        But then you run into a security-vs-ease-of-use divide. Creating a turnkey solution that is nonetheless very secure has been hounding security researchers since before your average forum site required its own password. And that doesn't alleviate the issue of trust in the case of the security elements being subverted during the production stage. If we're really in DTA mode, how can a universal standard be established that everyone can use yet is not subject to corruption?

  7. Mike Banahan

    The problem with email encryption

    All the claims from the spooks so far (and I've watched with more than passing interest but not with a microscope) are that they are not reading emails but looking at the headers to see who is talking to whom.

    You can encrypt your email messages all you want - I and some of my correspondents routinely use PGP/GPG (which is not actually difficult to set up), but encrypting your email doesn't get around the problem of the plain-text From: and To: headers in the mail and its envelope and THAT is what the shadowy ones are interested in. Apparently. Oh, and if you do use encrypted messages, watch out for the unencrypted Subject line as well, which often pretty much tells you all you need to know without even reading the message.

    After conducting a moderately in-depth analysis involving a couple of mates and several pints we concluded that it's a fairly substantial piece of work to produce an anonymised encrypted email protocol that's going to make traffic analysis hard and also be proof against compromised servers. It's not easy to see a way of persuading people to lose the convenience of having their mail stored on a relay/hub waiting to pick up when they log in and you have to assume that the hub is compromised, so something like single-use To and From lines are going to be needed. And probably Tor-like anonymising of endpoint addresses as well so they can't get you by IP address.

    I'd love to see some good proposals to get around this, I'd be an early adopter. One bonus of a new protocol might also be to practically eliminate spam at the same time.

    1. doronron

      Re: The problem with email encryption

      I don't like PGP, its the wrong choices, it's gotten bogged down in key-revoke and proving federated identity. It bites off more than it can deliver to a non-expert user. A non expert user just wants to send a message and expects it to be private. That can be delivered easily.

      The 'from' and 'to' would be fixed if you encrypted traffic from Domain1 to Domain2, the spies would only know that *someone* in Domain1 is talking to *someone* in domain 2. They would not get to see *who*, only domain1 and domain2 would know who they route to internally.

      i.e. it would restore the freedom of association. It is not necessary to fix this problem in the email end to end part since you trust your email provider to *route* the message, even if you don't want them to *read* the message..

      Email encryption would fix the content, and domain to domain encryption would limit the routing from outside inspection.

      The subject line should be swapped for a coded one and moved into the encrypted body of the message. Currently its in the header.

      Tor is pointless, the exit nodes can be intercepted.

      This is quite trivial to deliver but porting the encryption code to Thunderbird might be tricky.

      1. Charles 9

        Re: The problem with email encryption

        But what happens if Mallory or Gene have the inside track on one of the domains along the way. They can pick out the traffic BETWEEN encryptions that way.

  8. David 45

    KISS

    "Keep It Simple, Stupid" has got to be the order of the day. One-click (or even automatic) encryption is about the only thing that non-techie friends of mine will go for. I've played around with encryption and I reckon it's too involved for the average user to fathom out.

    1. BlueGreen

      Re: KISS

      > I reckon it's too involved for the average user to fathom out

      Yep. A few years ago I started using GPG in thunderbird to a mate in german, out of principle and because he had enough tech understanding to do it (plus germans are security conscious and rather distrustful of governments, traits us brits sadly lack).

      Frankly I found it confusing and hard to understand what's going on and I'm not yer average guy in the street.

      The crapness of thunderbird didn't help (and I've long ago given up on that capricious buggy POS).

      It has to be really easy and my experience at the time was that it wasn't, and I soon stopped using GPG.

  9. Henry Wertz 1 Gold badge

    Plenty of standards...

    There are plenty of standards, encryption for http, encryption for e-mail, and encryption at the IP level via the likes of IPSec, and probably plenty of other standards. Few are used. IETF just needs to come up with best practices for what is most practical and effective.

    1. Charles 9

      Re: Plenty of standards...

      But how do ANY of these work against a state-level adversary who can get an inside track on the transport layer? They can learn almost as much from the routing itself as they can from the message: encrypted or not.

      1. The Man Who Fell To Earth Silver badge

        Re: Plenty of standards...

        Encryption should be thought of in the same way as for physical containment systems, namely as barriers that take time to breach or errode, not as impenetrable shields. As such, it is false logic to claim that you should do nothing because what you can do isn't perfect.

        1. Charles 9

          Re: Plenty of standards...

          But you can't use a physical analogue in a virtual setting. For one thing, the adversary need only copy the ciphertext to lock it in a particular state of protection (which, according to your analogy, they'd then be able to whittle down). You basically only have one shot to get your communique through versus a resourceful and patient adversary, which means your message has to be able to withstand BOTH immediate AND prolonged assaults.

  10. Dylan Fahey

    I'm laughing, really

    There is only one way to safely transmit your info across the net. It has to be encrypted prior to transmission.

    There is no other way around it.

    You can encrypt all the links you want, you can encrypt whatever, it doesn't matter unless what leaves your computer is encrypted first.

This topic is closed for new posts.

Other stories you might like