June 2013 Archives

Spy Service with Trust Issues

  • Posted on June 26, 2013 at 4:06 pm

You really should have heard about PRISM and Tempora. You should know that this is only the part that was published with a source and some evidence of what’s going on. Keep in mind that there is a lot going on that we do not know about yet and probably never will. The fall-out of the scandal may be an eroded trust in IT staff and systems. The director of the N.S.A., Gen. Keith B. Alexander, has confirmed the lack of trust by establishing a buddy system for NSA’s IT staff. The concept isn’t new, and it’s used by the military, other agencies or in the field of cryptography.

The consequence rephrased reads like this: PRISM and Tempora have effectively destroyed the trust in IT systems – both for the people being victims of surveillance and the surveillants. The NSA now resorts to “a two-man rule” in order to restore trust internally (which will not prevent further whistle-blowers from leaking information). The victims try to restore trust by using encryption and tools to anonymise their communication. Both implications do not help either side. Furthermore the government agencies will continue their efforts and hide them from the general public in order to pursue their Greater Goal™ or the War on Stuff™.  Meanwhile everyone else is shopping ebay for slightly used civil rights.

A job well done. Let’s burn some books, basic liberties, journalists, and system administrators to make the world a better place.

Leistungsschutzrecht und Links

  • Posted on June 23, 2013 at 9:45 pm

Google setzt den Wunsch der Verleger in Deutschland um und entfernt alle Links auf Zeitungsartikel. Ich werde diesem Beispiel folgen und auch keine Links mehr auf Artikel in Online-Zeitungen setzen. Hat man sich ja so oder ähnlich gewünscht.

  • Comments are off for Leistungsschutzrecht und Links
  • Tags:

“No wall can stand against the yearning of justice…”

  • Posted on June 19, 2013 at 11:10 pm

Barack “I know what you did last Summer!” Obama held a speech in Berlin today. The Guardian has published the full text of it (and will probably be closed down and its staff will be sent to Guantánamo) on its web site. The speech contains a unique gem of sarcasm.

No wall can stand against the yearning of justice, the yearnings for freedom, the yearnings for peace that burns in the human heart.

I fully agree, but one of us is lying. NSA Director Keith “I owe him another friggin’ beer” Alexander has no interest in justice, freedom, and peace. Congratulations! You should have saved yourself the trouble of the American Revolution.

  • Comments are off for "No wall can stand against the yearning of justice…"
  • Tags:

PRISM, the „Cloud“ and Espionage

  • Posted on June 19, 2013 at 12:47 pm

There should be no surprise about the PRISM initiative and NSA‘s activities. Some people became a member of the EFF on 12 September 2001. It is an illusion to believe that any collection of data is safe from access by third parties especially if it is stored in centralised locations. Sane critics have criticised the „Cloud“ since marketing departments discovered the brand name for centralised storage (the „Cloud“ may be dispersed, distributed, virtualised or whatever, but there are still „Cloud“ providers who hold the key access to the whole infrastructure). Right after 9/11 the term Total Information Awareness (TIA) was coined. Take a look at what TIA entails. This is what you see now, but don’t assume that only the USA do this.

Russia, China and the USA are the Axis of Surveillance. The differences are merely semantics. Some European states also pursue total information awareness. They just don’t talk about it, and there are no whistle-blowers – yet (hopefully). Once you rely on the infrastructure of other’s, be careful.

The next CryptoParty in Vienna will discuss countermeasures against surveillance by totalitarian regimes.

Communication by Whistle

  • Posted on June 11, 2013 at 12:58 am

I have seen a couple of CrypoParty events. People gather. Some people like their tools. Some people like to communicate. Some people like their personal agenda. If you are lucky, then the three biases match. More often than not you are not lucky. This is where the party gets interesting.

Since PRISM hit the news there’s been talk about the mechanics of whistle-blowing. You need a source, you need its content, you need someone willing to dig through this content, you need someone who is able to write about this discovery in the right manner, and — above all — you need to protect your source (i.e. the whistle-blower). That’s the theory. In practice this neat list of requirements usually breaks down at some point.

First of all there may be no source. Good journalists (very rare these days) might find out by themselves though. Getting sources means to be trustworthy, which is a problem on its own. You need to be reliable and you need to have a basic grasp of operations security to get this right — on both ends.

Then there is the content. Not everything is useful (see, this is where the agenda comes into play). Provided you want the content to be published, it should be something that matters. Leaking the user’s manual of the local latrine in Mazar-i-Sharif is of limited interest for the general public. Sad, but true.

Provided you have a source and the content. What do you do? Well, reading of taking a look at it would be terrific. Few people do. Why? Because you have to understand what the content means and what it is. If you can’t tell the design plans for a nuclear bomb from your shopping list, then you should ask someone for help. You need additional experts (who also know what operations security is). That’s the toughest task.

Let’s assume you were lucky and you actually made sense of the information you got. Great! All you have to do is to prepare your findings for publications. Regardless if you use pure text, audio recordings or video, you need to put the content into the right form. You will need to explain what it means, you have to talk about the implications, and you must find a language that can be understood by your audience. That’s even tougher than to understand what the content is about. You have to be the translator between different groups. You need to find the right metaphors and ways to emphasise the meaning of the leaked information.

The last part is the most important issue. You have to protect your source at all costs! That’s how it works. True, some have seen so much that they don’t care any more. Good for you, but even the most desperate source deserves protection from harm, be it physical injury, mental stress or regal repercussions. Can you do that?

And that’s why tools, agendas or (secure) communication are a good start — but you need a whole lot more.

Somebody is lying

  • Posted on June 8, 2013 at 4:32 pm

Unless you have been living in a cave (or Abbottabad) for the past decade you have probably heard about NSA’s PRISM project. The security agencies have taken the „Cloud“ to the next level in order to access communication data and metadata. This is hardly a surprise for anyone keeping track of government activities. You don’t need strange conspiracy theories to stay sceptic. Provided someone wants to listen to the communication of non-US citizens and these non-US citizens use technology hosted in the US, then accessing the data gets a lot easier. The „Cloud“ is the best what could happen to agencies.

Of course the companies listed in the PRISM slide deck know nothing about it. Firstly everything except denying will hurt your business. Secondly all you need to not know anything any more is to receive a national security letter (NSL). Once you get this letter, you cannot say what’s going on behind the scenes. Too bad. Hence I’d take everything the compromised companies claim publicly with a large grain of salt. Press releases and speeches by CEOs usually have an agenda which doesn’t necessarily has something to do with truth.