Microsoft: C'mon, you can trust us... look at our gov spook-busting plans Microsoft has detailed a three-pronged plan to encrypt customer data, improve transparency and fight harder in the courts not to have to hand over your data. The new plan is designed to restore customer trust after revelations of government snooping. Microsoft has been stung into action by in the wake of documents leaked by …
Thier aim is to confuse people into thinking they are different today than they were last week,
In reality they are a Merican company, so all their data is wide open for the NSA to browse at any time.
Its all just words for the media to cut and paste in their blogs and news reports. These people love free content for their blogs and sound bytes for their 30 second TV and radio news slots, they dont care what the words actuallty mean.
What does encryption matter if both govs and crims can get access new passwords more securely than you can write them down?
Secured input services should be built down in the OS kernels (and even chip-maker microcode) of all major vendors so deeply that unless the user sets an option, it would be impossible for keyloggers to work at all, even commercial ones installed by the users themselves.
One major hack just in the news appears to have depended on keylogging. Change your password with all the best salting and length in the world and the hackers have it.
The Sydney Morning Herald article today thinks that SPLUNK is a more targeted threat than Cloud365. (MS will just leak all your private data at rest) whilst for the loss of your private data in motion you have to thank Californian software company Splunk who has a "technology stack" to produce "real time … intelligence".
Splunk software is used by the US National Security Agency and Britain's Government Communications Headquarters and enables organisations to analyse "massive streams of machine data generated by websites, applications, servers, networks, mobile and other devices".
Australian Defence intelligence has been buying Splunk software since at least 2009.
Another Hero in the story is Gigamon, a large Silicon Valley-based information technology firm that specialises in what it terms "network traffic visibility solutions''.
"Gigamon's systems are designed to find not just a needle in a haystack, but bits of needles in many haystacks. We do that by taking all the hay, all the time. We take everything."
Confidential Australian documents describe the Gigamon technology as "a vacuum cleaner" that "sucks up unsynchronised and disaggregated data, filters and sorts it to re-create the original puzzle"
proportionality? warrants? OK, I'll go and eat my bread and watch some circus entertainment on BBC1
This is just smoke and mirrors. Any of these companies serious about real security would not speak only in terms of trusting them with data they can see.
I will trust them when they can prove that data access is through multiple custody of entities other than the big companies and government.
The current PKI, with companies like Verisign, Microsoft and a host of other unknowns is only as strong as its weakest link. When it comes to the government, the weakest link is too weak to be of any use at all.
I don't want to go off here, but suffice it to say that Microsoft's protests that they are getting secure is 100% hot air. There is no effective increase in security here. What we were worried about remains exactly as it was.
You do not have to know that much to know that Microsoft's plan here cannot be effective as security. Certainly Microsoft knows it. If they are lying about this one transparent fact, how can you trust them at all?
"This is just smoke and mirrors... suffice it to say that Microsoft's protests that they are getting secure is 100% hot air. There is no effective increase in security here. What we were worried about remains exactly as it was."
[I only quote the above because it summarises general sentiment as of the time of writing this].
Why does PFS provide no effective increase in security? Surely, assuming no complicit skulduggery, at the very least it negates MITM attacks?
I assume also that general sentiment holds true for Twitter and any other company implementing PFS?
"Unless the MITM has a copy of the key."
But how does he get that? He can have both public and private keys, but how does he get the session key when it is never sent across the network*?
*Which is why I originally said without complicit skulduggery :) I was hoping to address the technical as opposed to the political/judicial.
@smurfette:
PFS is a good thing as far as it goes. However, it is tangential to the issue here. The issue is that nefarious entities (NSA, FBI and others) can gain access to private information by forcing Microsoft to hand over the ciphertext and keys.
As long as Microsoft is the sole custodian of keys capable of accessing my information I am as vulnerable to the NSA after PFS as I was before. It is fine that MSFT is going to serve cake to its customers. However, much as I am happy to have a slice of cake, it was not cake that I asked for. Whether I get cake or not has no bearing on whether or not MSFT has the ability and the will to turn over my private communication.
It is out of scope for a comment here to lay out how such a system would work, but essentially, since MSFT cannot be trusted with my information they should have no access to anything at all except on an as needed basis. When it comes to the actual need to deliver software, MSFT requires no personally identifiable information about me at all. Everything they need from me including information for payment, delivery of goods, support, etc can all be done through a trusted intermediary and that intermediary can, using sound cryptography, be an m of n collection of entities who in the aggregate are trustworthy.
The above is a bit complex for people without the necessary background, but it is pretty simple for those who do have it. Microsoft and similar companies all know how they can provide genuine privacy and security to their customers. They choose not to do it because at the end of the day they want to pry into your affairs themselves.
It's easy to keep a secret if the only person you need to share it with is you.
So Microsoft can make a perfectly secure system where you have the keys, you encrypt it, they store and you decrypt it. That's great if the only use of the cloud is as a great big disk drive in the sky.
As soon as you need somebody else to process it then you need to share keys and unless you trust them you are screwed - whatever the technology, especially if you know the NSA is looking over their shoulder
"It's easy to keep a secret if the only person you need to share it with is you. So Microsoft can make a perfectly secure system where you have the keys, you encrypt it, they store and you decrypt it. That's great if the only use of the cloud is as a great big disk drive in the sky. As soon as you need somebody else to process it then you need to share keys and unless you trust them you are screwed "
I might be misunderstanding your point, but surely you are not implying that if I am using SSL/TLS+PFS and you have my private key that you can decrypt my data, are you?
"PFS is a good thing as far as it goes. However, it is tangential to the issue here. The issue is that nefarious entities (NSA, FBI and others) can gain access to private information by forcing Microsoft to hand over the ciphertext and keys..."
Yes. I agree although my original comments were intended to address the technical improvement only.
Personally I see 4 distinct but interleaved areas here: (1) Intrinsic data security; (2) Trust; (3) Legislation; (4) The security services.
In terms of intrinsic data security, PFS can only be a good thing. From a data perspective alone it has to be seen as a welcome improvement and I would welcome any argument, presented on a purely technical basis, to the contrary (not necessarily from your good self, but from anyone).
In terms of trust things appear to be a little more complex and subjective. Essentially, improving basic data security may well foster a little trust in some circles. In others perhaps not so. Would I personally trust Microsoft? No more that I would Apple, Google, Cisco, Yahoo, Adobe, Facebook, Twitter et.al. They're all cast from the same die.
As for legislation and the security services... Well, if they conspire (in)appropriately, any real sense of data security is abject folly. In this respect I feel it's a little unfair for Microsoft to be singled out as every person and business is subject to the laws of the land. But I do see this a wholly different discussion, as opposed to a tangential one - but then I'm like that ;)
I never thought I would write a comment supporting Microsoft -- I am as much an MS hater as almost anyone here. However, I think that btrower is being a little unfair to Microsoft.
Adding encryption to inter-datacentre links is definitely a significant improvement. This encryption will presumably not be TLS based so the fact that Verisign will print a certificate for the government whenever asked won't help. And even the FISA court won't be able to order MS to release the keys for those internal links (MS would fight that one all the way, and start to call in some really high level favours). I believe that Microsoft will succeed in actually making those links secure.
That is an improvement, not just security theatre, because the NSA will then have to fall back on actually asking MS for data about customers. MS can then possibly take legal actions and, in any case, will know (even if it is not allowed to tell anyone) that the action has happened. The NSA will know that a record exists, inside Microsoft, of their actions -- which could come to light at a later date. That is an improvement over the case today where the NSA just watches the links and not even MS knows what is being caught.
Of course, MS should have done this years ago. And it should do much more (the announcement, for example, does not say they will fight gagging orders for individual customers, only for business customers). And the NSA still has massively over-reaching legal powers available to it. But at least this announcement closes down one important part of the NSA toolset.
I agree completely that the right thing is for MS to stop having the keys to anyone's data. This makes providing some of their higher value outsourced services hard (how does an outsourced office system send an out-of-office response if it cannot look at the message without the user being online?). But they have some really good R&D people and they should redirect them to work on these challenges on being able to do (limited) processing on encrypted data without decrypting it.
As you have all pointed put, the NSA an most agencies have the SSL master keys.
Therefore, all HTTPs sessions with "secure" keys provided by the major key providers are insecure.
Microsoft could provide secure services if they wanted: by issuing their own keys from outside snooping governments territories, and hosting elsewere. They are not going to do that.
"As you have all pointed put, the NSA an most agencies have the SSL master keys. Therefore, all HTTPs sessions with "secure" keys provided by the major key providers are insecure."
That's fair enough, I don't necessarily disagree.
But, let's say you are a hypothetical MITM, and you have both public and private keys. How are you going to decrypt my PFS traffic?
"Microsoft is following Twitter's lead and adopting Perfect Forward Secrecy* and 2048-bit key lengths to strengthen encryption of customer data."
Wow fast move on key length guys, BTW no keys smaller than 2048 bits will be issued by CA's post Jan 1 2014. More FUD from a company protected from lying to their customers about security curtsy of SOPA.
"Where a gag order attempts to prohibit us from doing this, we will challenge it in court."
Number of FISA applications for data surveillance in 2012: 1856.
Number of denials: 0
People have challenged gag orders in court. Google, Yahoo, MS, etc. All motions were denied.
Euro-centric data centers are a damned good idea and one that should be pursued with haste.
http://www.outsidethebeltway.com/charting-33-years-of-fisa-report-data/
> Euro-centric data centers are a damned good idea …
But won't help if the company is US based. Unless the data centre is operated by an outfit with no US control at all will it help - simply because if it's US controlled then the bosses can be told "give us the data or go to jail", at which point they'll slurp the data back across the pond and hand it over.
> Euro-centric data centers are a damned good idea …
But a good thing for the JCB business.
Every data center won't just have an extra connection to the NSA (assuming they are US owned, or want to do business int he US) but they will also have an extra connection to all 28 countries. In those countries where the military, government and secret services don't trust each there will be multiple connections.
I'm picturing 50 or 60 different groups of shady dark-glasses wearing spooks all trying to install their own secret taps while not being noticed by the other lots. Would make a great Ealing comedy.
Because there's a lot of money at stake and this is what its really about- NOT Privacy! In time, US tech companies are going to be treated as 2nd class for offering 'tainted' clouds. And ultimately this will lead to a hit in their bottom line, and they know it!
That is unless they can claim in their glossy brochures and sales pitches that they're protecting their customers. But we all know its a falsehood, as their claims to fight for the right to challenge the NSA can never ever be verified.
The US has become a sick puppy. It was always about power plays and informational control long before Edgar Hoover arrived. But now that its in moral and financial decline its becoming even more desperate. I trust China more. At least I know what the rules are when I'm there, and don't have to put up with empty assurances. Personally, I can't wait for the other 99% of Snowden's revelations....
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
