Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
http://www.nytimes.com/2013/09/27/opinion/have-a-nice-day-nsa.html On Sep 25, 2013, at 3:14 PM, John Kelsey crypto@gmail.com wrote: Right now, there is a lot of interest in finding ways to avoid NSA surveillance. In particular, Germans and Brazilians and Koreans would presumably rather not have their data made freely available to the US government under what appear to be no restrictions at all. If US companies would like to keep the business of Germans and Brazilians and Koreans, they probably need to work out a way to convincingly show that they will safeguard that data even from the US government. I think we are in agreement, but I am focused on what this list -can- do and -can-not- do. All the large banks have huge systems and processes that protect the privacy of their customers. It works most of the time, but no large bank can say they will never have an employee go bad. My point is that this thread was moving towards the statement that citizens of country X should use service providers that eliminate the need for trust. Because of subpoenas and collaboration this statement is true in whatever the country the service provider is in and who the 3rd parties are. In essence, this is a tautology that has nothing to do with Cryptography. Even if a service provider could convince you that they _can't_ betray you, it would either be naiveté or simply be marketing. The only real way to eliminate the need for trust from any service provider of any kind, or any country (your's or some other country), is to not use them. The one problem that this list (cryptography@metzdowd.com) -can- focus on is that the bar has been set too low for the governments to be able to break a few keys and gain access to a lot of information. This is the violation of trust in the internet that, in part, has been enabled by weak cryptographic standards (short keys, non-ephemeral keys, subverted algorithms, etc.). I am not certain that Google could have done anything differently. Stated differently, Google (and all the world's internet service providers) are collateral damage. The thing that this list can effect is the creation of standards with a valuable respect for Moore's law and increases of mathematical understanding. Stated differently, just enough security is the problem. This past attitude did not respect the very probably future that became a reality. Are we going to continue this behavior? IMHO, based on what I have been seeing on the TLS list, probably. Jim ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On 09/27/2013 05:30 AM, james hughes wrote: The thing that this list can effect is the creation of standards with a valuable respect for Moore's law and increases of mathematical understanding. Stated differently, just enough security is the problem. This past attitude did not respect the very probably future that became a reality. I think there probably are some fair criticisms that we were a bit complacent after the clipper and export stuff seemed to be sorted out and the whole NIST/NSA thing with the AES and SHA-3 competitions seemed to be ticking over nicely. Are we going to continue this behavior? IMHO, based on what I have been seeing on the TLS list, probably. That's more than a bit silly though IMO. The sensible approach here is to a) see what's the best we can do now with deployed code given that we know it takes years to get anything near everything updated, but also b) figure out what do we want to do, knowing that it'll take years for deployment to happen no matter how small a change we make. a) is Yaron's BCP draft b) is TLS1.3 (hopefully) and maybe some extensions for earlier versions of TLS as well Arguing for (b) only, and that we ignore (a) would be dumb. For (a), we are entirely constrained in what we can do, basically, the only thing we can do is say how to better configure already deployed code. S. Jim ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On 23/09/2013 3:45 PM, John Kelsey wrote: It needs to be in their business interest to convince you that they *can't* betray you in most ways. This is the most important element, and legislation that states you cannot share that information won't be enough, especially since the NSLs have guaranteed that it can be circumvented without any real effort. If Google, or other similar businesses want to convince people to store data in the cloud, they need to set up methods where the data is encrypted or secured before it is even provided to them using keys which are not related or signed by a central authority key. This way, even if Google's entire system was proven to be insecure and riddled with leaks, the data would still be secure. You cannot share data that you can never have access to. Albeit, from a political perspective this could be Kryptonite since less savory types will be inclined to use your services if you can show effectively that the data stored on your services is inaccessible even under warrant. It will be hard to handle the public relations the first time anyone of the standard list of think of the children! group of criminals starts to use your services. -- Kelly John Rose Mississauga, ON Phone: +1 647 638-4104 Twitter: @kjrose Document contents are confidential between original recipients and sender. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
Je n'ai fait celle-ci plus longue que parce que je n’ai pas eu le loisir de la faire plus courte. On Sep 23, 2013, at 12:45 PM, John Kelsey crypto@gmail.com wrote: On Sep 18, 2013, at 3:27 PM, Kent Borg kentb...@borg.org wrote: You foreigners actually have a really big vote here. It needs to be in their business interest to convince you that they *can't* betray you in most ways. Many, if not all, service providers can provide the government valuable information regarding their customers. This is not limited to internet service providers. It includes banks, health care providers, insurance companies, airline companies, hotels, local coffee shops, book sellers, etc. where providing a service results in personal information being exchanged. The US has no corner on the ability to get information from almost any type of service provider. This is the system that the entire world uses, and should not be our focus. This conversation should be on the ability for honest companies to communicate securely to their customers. Stated differently, it is valuable that these service providers know the information they have given to the government. Google is taking steps to be transparent. What Google can not say is anything about the traffic that was possibly decrypted without Google's knowledge. Many years ago (1995?), I personally went to a Swiss bank very well known for their high levels of security and their requirement that -all- data leaving their datacenter, in any form (including storage), must be encrypted. I asked the chief information security officer of the bank if he would consider using Clipper enabled devices -if- the keys were escrowed by the Swiss government. His answer was both unexpected and still echoes with me today. He said We have auditors crawling all over the place. All the government has to do is to [legally] ask and they will be given what they ask for. There is absolutely no reason for the government to access our network traffic without our knowledge. We ultimately declined to implement Clipper. Service providers are, and will always be, required to respond to legal warrants. A company complying with a warrant knows what they provided. They can fight the warrants, they can lobby their government, they can participate in the discussion (even if that participation takes place behind closed doors). The real challenge facing us at the moment is to restore confidence in the ability of customers to privately communicate with their service providers and for service providers to know the full extent of the information they are providing governments. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On Sep 25, 2013, at 2:52 AM, james hughes hugh...@mac.com wrote: Many, if not all, service providers can provide the government valuable information regarding their customers. This is not limited to internet service providers. It includes banks, health care providers, insurance companies, airline companies, hotels, local coffee shops, book sellers, etc. where providing a service results in personal information being exchanged. The US has no corner on the ability to get information from almost any type of service provider. This is the system that the entire world uses, and should not be our focus. There are many places where there is no way to provide the service without having access to the data, and probably storing it. For those places, we are stuck with legal and professional and business safeguards. You doctor should take notes when you see him, and can be compelled to give those notes up if he can access them to (for example) respond to a phone call asking to refill your medications. There are rather complicated mechanisms you can imagine to protect your privacy in this situation, but it's hard to imagine them working well in practice. For that situation, what we want is that the access to the information is transparent--the doctor can be compelled to give out information about his patients, but not without his knowledge, and ideally not without your knowledge. But there are a lot of services which do not require that the providers have or collect information about you. Cloud storage and email services don't need to have access to the plaintext data you are storing or sending with them. If they have that information, they are subject to being forced to share it with a government, or deciding to share it with someone for their own business reasons, or having a dishonest employee steal it. If they don't have that information because their service is designed so they don't have it, then they can't be forced to share it--whether with the FBI or the Bahraini government or with their biggest advertiser. No change of management or policy or law can make them change it. Right now, there is a lot of interest in finding ways to avoid NSA surveillance. In particular, Germans and Brazilians and Koreans would presumably rather not have their data made freely available to the US government under what appear to be no restrictions at all. If US companies would like to keep the business of Germans and Brazilians and Koreans, they probably need to work out a way to convincingly show that they will safeguard that data even from the US government. --John ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On Tue, Sep 24, 2013 at 12:30:40PM -0400, Kelly John Rose wrote: If Google, or other similar businesses want to convince people to store data in the cloud, they need to set up methods where the data is encrypted or secured before it is even provided to them using keys which That would completely undermine their free (selling their customers as a service) model. For privacy-minded, the centralist cloud model seems to be irreversibly dead. P2P clouds are currently too unreliable unfortunately. What we need is end to end reachability (IPv6) and sufficient upstream for residential connections, all running on low-power no-movable-part systems (embedded/SoCs). Most of that is still in our future. are not related or signed by a central authority key. This way, even if Google's entire system was proven to be insecure and riddled with leaks, the data would still be secure. You cannot share data that you can never have access to. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
We had been asked to come in and help wordsmith the cal. state digital signature act. Several of the parties were involved in privacy issues and also working on Cal. data breach notification act and Cal. opt-in personal information sharing act. The parties had done extensive public surveys on privacy and the #1 issue was identity theft, namely the form of account fraud as result of data breaches. There was little or nothing being done about this so there was some hope that the publicity from the breach notifications would motivate corrective action. The issue is that normally an entity takes security and countermeasures in self-protection ... the entities suffering the data breaches weren't at risk ... it is the account holders. Since then several Federal breach notification bills have been introduced about evenly divided between having similar notification requirements and Federal preemption legislation eliminating requirement for notifications. The federal bills elimina ting noti fications cite industry specifications call for account encryption (that were formulated after the cal. legislation). We've periodically commented in the current paradigm, even if the planet was buried under miles of information hiding encryption it still wouldn't stop information leakage. One problem, is account information is basically used for authentication and as such needs to be kept completely confidential and never divulged. However, at the same time, account information is also required in dozens of business processes at millions of location around the world. The cal.personal information opt-in sharing legislation would require institution have record from the individual authorizing sharing of information. However, before the cal legislation passed, an opt-out (federal preemption) provision was added to GLBA. GLBA is now better known for the repeal of Glass-Steagall. At the time, the rhetoric in congress was the primary purpose of GLBA was if you already had bank charter you got to keep it, however, if you didn't have a charter, you wouldn't be able to get one (i.e. eliminate new parties from coming in and competing with banks). However, GLBA was loaded up with other features like repeal of Glass-Steagall and the opt-out personal information sharing (i.e. the financial institution needed record of person declining sharing of personal information ... rather than opt-in which required institution to have record authorizing sharing). A few years ago, I was at a national annual privacy conference in Wash DC. (hotel just up the street from spy museum). There was a panel discussion with the FTC commissioners. Somebody in the audience asked the FTC commissioners if they were going to do anything about GLBA opt-out privacy sharing. He said he worked on callcenter technology used by all the major financial institutions ... and that none of the 1-800 opt-out desks had provisions for recording information from the call (aka an institution would *NEVER* have a record of a person objecting to sharing their personal information). The FTC commissioners just ignored him. -- virtualization experience starting Jan1968, online at home since Mar1970 ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On Sep 18, 2013, at 3:27 PM, Kent Borg kentb...@borg.org wrote: You foreigners actually have a really big vote here. All those US internet companies want your business, and as you get no protections, in the current scheme, not even lip-service, you should look for alternatives. As you do, this puts pressure on the US internet companies, and they have the economic clout to put pressure on Feinstein and Polosi and all the others. This does not go far enough. The US government is not the only one inclined to steal information which it can reach, either because the information goes over wires the government can listen in on, or because the companies handling the data can be compelled or convinced to hand it over. Right now, we're seeing leaks that confirm the serious efforts of one government to do this stuff, but it is absolutely silly to think the US is the only one doing it. The right way to address this is to eliminate the need to trust almost anyone with your data. If Google[1] has all your cleartext documents and emails, they can be compelled to turn them over, or they can decide to look at them for business reasons, or they can be infiltrated by employees or contractors who look at those emails and documents. You are trusting a lot of people, and trusting a company to possibly behave against its economic interests and legal obligations, to safeguard your privacy. If they have encrypted data only, you don't have to trust them. It needs to be in their business interest to convince you that they *can't* betray you in most ways. -kb --John [1] I'm not picking on Google in particular--any US company may be compelled to turn over data they have. I imagine the same is true of any German or Korean or Brazilian company, but I don't know the laws in those places. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On 18/09/2013 01:50, John Gilmore wrote: Re Big Data: I have never seen data that could be abused by someone who didn't have a copy of it. My first line of defense of privacy is to deny copies of that data to those who would collect it and later use it against me. This is exactly the policy that NSA supposedly has to follow, according to the published laws and Executive Orders: to prevent abuses against Americans, don't collect against Americans. It's a good first step. NSA is not following that policy. What makes me a tad bitter is that we apparantly live in a world with two classes: US citizens and the subhuman rest of it. NSA-style blanket surveillance violates the fundamental right to privacy and ultimately also the fundamental right to freedom of expression. These are not rights that are solely vested in the exceptional Americans. The Bill of Tights already alludes to their universality, although it took the UN Declaration of Human Rights to explicitly acknowledge their universal nature. The way the debate is being framed in the USA does not endear the rest of the world to the USA any more than the USA's track-record in foreign policy already has. Other than that I wholeheartedly agree with what you wrote. Regards, Walter ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
On 09/18/2013 01:31 PM, Walter van Holst wrote: What makes me a tad bitter is that we apparantly live in a world with two classes: US citizens and the subhuman rest of it. NSA-style blanket surveillance violates the fundamental right to privacy and ultimately also the fundamental right to freedom of expression. These are not rights that are solely vested in the exceptional Americans. You foreigners actually have a really big vote here. All those US internet companies want your business, and as you get no protections, in the current scheme, not even lip-service, you should look for alternatives. As you do, this puts pressure on the US internet companies, and they have the economic clout to put pressure on Feinstein and Polosi and all the others. Sad that economic clout matters so much, but voters in the US are astoundingly ignorant of reality (pick a topic--other than sports and celebrity gossip--and we are ignorant), and so many can't be bothered to vote. We kind of get the government we deserve. Do what you can to save us, please. -kb ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
Re: [Cryptography] Gilmore response to NSA mathematician's make rules for NSA appeal
Walter van Holst walter.van.ho...@xs4all.nl writes: These are not rights that are solely vested in the exceptional Americans. The Bill of Tights [...] For people unfamiliar with this one, it's the bit that reads: Congress shall make no law respecting the wearing of hosiery, or prohibiting the free exercise thereof; or abridging the freedom of colour selection, or of the material used; or the right of the people peaceably to assemble, and to petition the manufacturers for a redress of manufacturing defects. Peter. ___ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography
