> On Mar 26, 2015, at 7:11 PM, [email protected] wrote: > > Encryption everywhere all the time? No, thank you. > > Better said, and at effective length, by David Golumbia
This assumes three things:
a) That you are protected by US law
b) That the systems are NOBUS ("Nobody But Us")
c) That cleartext isn't a direct exploitable vulnerability.
Unfortunately none is the case
Lets take case A and assume you aren't a 5EYES citizen. The US is quite
explicit that if you aren't a 5EYES citizen, anything goes: There are no legal
limits, there are no protections against US activities.
In particular, "economic espionage" in the classic sense [1] is on the table:
So if anything you do affects international commerce, you are an in-scope
target.
Lets take case B: There is an implicit assumption that the only one watching is
the "good guys". Its quite true that the NSA has been remarkably constrained
in its monitoring outside its mandates (unfortunately its mandates include
"SIGINT development" and economic issues.)
But who says the NSA is the only one listening?
The NSA's gross overreach in acting against others brings into play the golden
rule corollary: "Feel free to do unto others as they hath already done unto
you". [2] All it takes to monitor a 10 Gbps link is a load balancer and a
couple of 1u PCs: the software itself is pretty much routine NIDS-type stuff
[3].
We have near zero security on internal communications crossing the US. You
think a foreign country can't have a couple of "diplomats" hire a bobcat?
Place monitors at Foggy Bottom starbucks or every hotel in DC?
And that isn't even beginning to consider all the things said countries can do
on their borders: If one endpoint of your communication is outside the US, and
the countries it cross (*cough* France *cough*) can gain benefit from
monitoring it, they will. And since the NSA did it to them, they are welcome
to do it back to us.
Lets take case C, which is the kicker: Cleartext is not just an avenue for
monitoring, but a vector for attack. If your adversary can see your cleartext
communication, and can identify you as a target, they can modify that
communication to exploit you.
This is the biggest problem. The NSA said "its OK for nation states to
directly 'shoot' exploits from the backbone".
This also interacts very strongly with B: For <$200/each, I can deploy an open
WiFi monitor thats fully deniable (everything is COTS), disguised (think 'plug
in air freshener'), and tamper resistant, which enables not just "monitor all
on the wifi" but explicit "pwn by name": injecting malicious responses into
traffic of identified targets.
And the allowed target set is effectively everybody: the GCHQ used this to
penetrate Belgacom. Yes, telecom is critical infrastructure, and GCHQ used
this to exploit a NATO ally's critical infrastructure. So if you can penetrate
an ally's critical infrastructure by injecting exploits into cleartext
communication, and the NSA and GCHQ said its OK by doing it, why can't the DGSE
do it to us?
If you are lucky, your adversary can be any country where your traffic passes
through except your own.
Taken together:
If you aren't 5EYES, US law won't protect you.
If you are, foreign law won't protect you.
And in either case, cleartext, by being modified, is an exploitable
vulnerability, not just an observation hole.
This is why we MUST encrypt all the things.
There are no legal norms and niceties that can protect our interests, no matter
who "our" is: The US government, US companies, US individuals, foreign
governments, foreign companies, foreign individuals, they all now face a
practical UN full of adversaries who can and will exploit anything they want.
Its all on the table.
By spying on every communication for words like "WTO." and $CANDIDATE_NAME, by
hacking Belgacom, Petrobras, Gemalto, Huawei, and individuals like Quisquater,
the NSA and company have told the rest of the world that there are no limits on
who you can spy on and who you can hack, and the rest of the world will listen.
[1] The typical NSA dodge is to redefine "economic espionage" to being 'provide
the information to US companies'. Thats true, they do not appear to do that
form of economic espionage. But they are quite willing to hand the information
over to other portions of the US government, e.g. it is acceptable behavior to
search every email seen on the planet for voting information on the WTO, and
we've seen the NZ rules for this.
[2] The biggest offender is not the NSA but the GCHQ (British). But they did
it with our toys and then "Putin's law" comes into effect: If you give someone
a missile, you are partially responsible for who they shoot down.
[3] The biggest limit is often asymmetric traffic. Bro in particular doesn't
handle seeing one-side of a link, and its been a low priority for developers to
change that. But you can always download Vortex and start from there.
--
Nicholas Weaver it is a tale, told by an idiot,
[email protected] full of sound and fury,
510-666-2903 .signifying nothing
PGP: http://www1.icsi.berkeley.edu/~nweaver/data/nweaver_pub.asc
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ perpass mailing list [email protected] https://www.ietf.org/mailman/listinfo/perpass
