Cops hate encryption but the NSA loves it when you use PGP
It lights you up like a Vegas casino, says compsci boffin
By Iain Thomson
Jan 27 2016
<http://www.theregister.co.uk/2016/01/27/nsa_loves_it_when_you_use_pgp/>
Although the cops and Feds wont stop banging on and on about encryption
– the spies have a different take on the use of crypto.
To be brutally blunt, they love it. Why? Because using detectable
encryption technology like PGP, Tor, VPNs and so on, lights you up on
the intelligence agencies' dashboards. Agents and analysts don't even
have to see the contents of the communications – the metadata is enough
for g-men to start making your life difficult.
"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at
the International Computer Science Institute, told the Usenix Enigma
conference in San Francisco on Wednesdy. "It's really chatty and it
gives them a lot of metadata and communication records. PGP is the NSA's
friend."
Weaver, who has spent much of the last decade investigating NSA
techniques, said that all PGP traffic, including who sent it and to
whom, is automatically stored and backed up onto tape. This can then be
searched as needed when matched with other surveillance data.
Given that the NSA has taps on almost all of the internet's major trunk
routes, the PGP records can be incredibly useful. It's a simple matter
to build a script that can identify one PGP user and then track all
their contacts to build a journal of their activities.
Even better is the Mujahedeen Secrets encryption system, which was
released by the Global Islamic Media Front to allow Al Qaeda supporters
to communicate in private. Weaver said that not only was it even harder
to use than PGP, but it was a boon for metadata – since almost anyone
using it identified themselves as a potential terrorist.
"It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ
who invented it give them a big Christmas bonus.”
<snip>
_______________________________________________
perpass mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/perpass
