[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Zooko on JYA, cpunks, and surveillance (was: Re: Can't tell the kooks without a scorecard? Re: Monkey Wrenching the Echelon Engine)
On Sat, Sep 05, 1998 at 07:38:09AM -0700, David Honig wrote:
> At 10:25 PM 9/4/98 +0200, Zane Lewkowicz wrote:
>
> >I used to think that the feds would never bother to investigate
> >the likes of us, but i've been proven wrong. So now i assume
> >that all unencrypted mail is scanned (especially in light of
> >ECHELON & UKUSA & such).
>
> And all encrypted mail is archived.
>
And that is the rub. The real danger of key escrow type schemes
lies in the future decryption under a different political and legal
climate of half forgotten traffic going back years and years - stuff
fetched from vast secret archives of potentially interesting encrypted
messages squirelled away in the off chance that some time in the future
"they" will be in possession of the key to some of it and interested in
the contents.
And until crypto is universally used for almost everything,
saving the entirety of the 1-5% or so of email traffic that is encrypted
on the presumption that it wouldn't have been encrypted if it wasn't
important might be a good strategy, even if only a tiny fraction of
those messages can ever be broken. And certainly saving all of the
cipher email traffic from people identified by traffic analysis (group
membership, corrospondance with suspicious or known bad-actor people or
places, match to profiles profane and devine, etc) is really a
no-brainer.
The critical thing needed to protect against this chilling
threat is email tools that provide perfect forward secrecy. PGP and the
like do not, and capturing thus PGP messages in the hope that later on
one has access to the private key is a very useful practice. DH key
exchange has been around a long time, but so far the tentacles of the
NSA have kept it from being a standard automatic part of sendmail, MS
Exchange and qmail... Certainly one might want to enclose PGP or SMIME
email messages inside the encrypted tunnel to protect privacy in storage
and the "store" of store and forward mail routing, but having a secure
transport tunnel in the first place forces the vacuum cleaner hose to be
attached in quite different places where it is likely to be much more
visible and noticed. And sure IPSEC would be nice, but simply making
the ESMTP traffic between a short list of mail router programs opaque
would certainly leverage a small effort with a large result whilst
upgrading TCP/IP stacks and routers is a large effort...
I've long heard that the NSA fills warehouses with high density
tapes of cyphertext they can't break or don't want to spend the
resources to break on the off chance that later on the key will be
available or the information deemed truly important enough for
cryptanalysis where possible. And sometimes (as in the Venona decrypts)
this pays off...
--
Dave Emery N1PRE, [email protected] DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18