End-To-End Encryption Isn't Just About Privacy, But Security

from the legacy-of-ed-snowden? dept

Nicholas Weaver has a fantastic article over at Wired detailing how GCHQ and NSA's "quantum injection" effort works to install malware on the computers of targets via packet injection. As he notes, this effort "turned the internet backbone into a weapon." That's dangerous on multiple levels. He explains that, while experts have been suggesting this for years, cleartext traffic isn't just a privacy issue, it's now a security issue:
If the NSA can hack Petrobras, the Russians can justify attacking Exxon/Mobil. If GCHQ can hack Belgicom to enable covert wiretaps, France can do the same to AT&T. If the Canadians target the Brazilian Ministry of Mines and Energy, the Chinese can target the U.S. Department of the Interior. We now live in a world where, if we are lucky, our attackers may be every country our traffic passes through except our own.

Which means the rest of us — and especially any company or individual whose operations are economically or politically significant — are now targets. All cleartext traffic is not just information being sent from sender to receiver, but is a possible attack vector.
The only way to protect against this is to encrypt everything:
The only self defense from all of the above is universal encryption. Universal encryption is difficult and expensive, but unfortunately necessary.

Encryption doesn’t just keep our traffic safe from eavesdroppers, it protects us from attack. DNSSEC validation protects DNS from tampering, while SSL armors both email and web traffic.
Thankfully, he's not the only one thinking about this. As we pointed out a few weeks ago, IETF is moving forward, full-steam ahead, on looking at ways to make the internet secure by default.

That seems like a very useful consequence of all of this. While we've mostly been focused on what's happening at the political and policy levels around here, the technology can make a lot of that meaningless. The simple fact is that an awful lot of security online has involved kludges pasted on later, after problems or concerns appeared. Rethinking and rebuilding a more secure (it'll never be perfectly secure but it can be a lot more secure) internet from the ground up isn't just good for protecting privacy and keeping away from snooping spies, but it's just a good plan, in general, for security.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    identicon
    Anonymous Coward, Nov 14th, 2013 @ 4:16pm

    My internet was already secured, but I do welcome more security, layers, layers and more layers of it.

     

    reply to this | link to this | view in thread ]

  2. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Nov 14th, 2013 @ 4:17pm

    Oy. What's been obvious to me for years is now seeping into noobs.

    "turned the internet backbone into a weapon." -- Sheesh. You only have to understand a bit of how it's designed -- the root servers, plain text everywhere, open addresses in every browser request -- to see that it has NO OTHER PURPOSE than for spying.

    Just for history: in 1979, Neil Young (of Crosby Stills Nash and Young) wrote (one of his best in my opinion) "Computer Cowboy (Aka Syscrusher)" which speaks exactly of SNOOPING / HACKING the then almost unknown networks. "He rides the range at midnight [allegoric, see?] ... to bring another system down, and leave his alias behind". Security problems are SO not new.

    And has this noob never heard of Google? The MAIN spying done on teh internets is BY Google and Facebook!

    Oh, and mainly, this intended lack of security will become the excuse for hardware lockdown and personal identification everywhere. All as intended from the start: a panopticon system surveilled by gadgets, the utter end of personal freedom. The Internet IS the Big Brother telescreen system.

    "The new Google privacy policy is: You have no privacy."

    12:16:54[n-257-0]

     

    reply to this | link to this | view in thread ]

  3. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Nov 14th, 2013 @ 4:19pm

    Re: Oy. What's been obvious to me for years is now seeping into noobs.

    ^^^ Wish that I'd learn to preview. That's what it's for.

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    Anonymous Coward, Nov 14th, 2013 @ 4:25pm

    I also believe solving international spying abuses, is just as much a technological issue, as it is a legislative issue.

    That's why the NSA perverting organizations such as the NIST, is so horrible.

     

    reply to this | link to this | view in thread ]

  5. This comment has been flagged by the community. Click here to show it
     
    identicon
    out_of_the_blue, Nov 14th, 2013 @ 4:27pm

    Re: Oy. What's been obvious to me for years is now seeping into noobs.

    Whoops. 1982. Here for your delectation the lyrics (stolen no doubt):

    Well, his cattle each have numbers
    And they all eat in a line
    When he turns the floodlights on each night
    Of course the herd looks perfect!
    Computer Cowboy.

    Well, he rides the range 'til midnight
    And the wild coyotes yowl
    As he trots beneath the floodlights
    And of course the rhythm is perfect!
    Computer Cowboy.

    Ride along computer cowboy
    To the city just in time
    To bring another system down
    And leave your alias behind:

    Computer syscrusher.

    Computer syscrusher.

    Crusher. Syscrusher.

    Syscrusher.

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    ahow628 (profile), Nov 14th, 2013 @ 5:25pm

    As bad as it is, this is good...

    As bad as it is when this stuff happens, it could be good if we learn from it. I don't want the NSA spying on us, but we have become complacent and hopefully this is the kick in the pants that will change that.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Nov 14th, 2013 @ 5:59pm

    Intelligence of other countries should thank them

    To make spying and espionage effort toward American general public / business much much easier.

    Now I understand why UK said Snowden is harming the national security ***of UK***.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    ahow628 (profile), Nov 14th, 2013 @ 7:09pm

    Re: Intelligence of other countries should thank them

    Maybe I'm misunderstanding you, but it seems like you are missing the point. The reason the Snowden revelations were so damaging isn't because it is making spying on terrorists harder. It is so dangerous because it is going to hamper attempts to track their own citizenry.

    So it really doesn't have anything to do with the Americans or the British, per se.

    Think about this: The NSA or GCHQ each have multi-billion dollar budgets. They have thousands of employees. They sweep up tons of information. They wield massive amounts of power. If you think they want to give that up, you are crazy. End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless.

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Nov 14th, 2013 @ 7:48pm

    Re: Re: Intelligence of other countries should thank them

    " End-to-end encryption would wreck all of that and make 90% of NSA and GCHQ useless."

    Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.

    They simply invent an enemy wherever they *can* monitor.

    Like Al Qaeda always magically popped up in any country they want to attack.

    http://articles.washingtonpost.com/2013-08-12/world/41335229_1_syria-islamic-state-foreign-fi ghters

    And terrorists suddenly are doing conference calls, just after the Skype tapping revelations come out.

    https://gawker.com/embassy-closing-terror-plot-uncovered-on-al-qaeda-confe-1052738613

    And, 'anonymous' suddenly stops being a MEME used by any hacker and is redrawn by the spooks as a cyber-terrorist-army, with 'cells' and a control structure and geographic leaders, anonymous in Australia, anonymous in Indonesia.... etc.

    If you're always fighting phantoms, it's easy to create any number of phantom enemies to fight.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    ahow628 (profile), Nov 14th, 2013 @ 8:19pm

    Re: Re: Re: Intelligence of other countries should thank them

    But once again, what I'm getting at, most of that goes away (aside from the Al Qaeda thing) when end-to-end encryption is put into service. The NSA and GCHQ simply won't be able to harvest the traffic.

    Not really. Do you think terrorist groups use gmail to communicate? Yet they tap Google.

    I think we are agreeing here. I said in my prior comment that they point was NEVER to spy on terrorists (although that was the excuse). With end-to-end encryption, spying on Gmail or Skype or whatever is ineffective. So what is the NSA's or GCHQ's job at that point? Why would they be around? Maybe they can get back to their actual mission instead of spying on their own citizens.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Nov 15th, 2013 @ 12:32am

    Not only is end to end encryption necessary for security and privacy, Individuals and companies need to manage their own keys, and data. Microsoft does not encrypt their internal traffic and they want businesses and individuals to use their cloud, which seems like a good way of telling the government what you are doing and saying.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Anonymous Coward, Nov 15th, 2013 @ 2:57am

    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

    LYRIC COPYRIGHT INFRINGEMENT!!!

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Corwin (profile), Nov 15th, 2013 @ 5:32am

    Meaningness

    While we've mostly been focused on what's happening at the political and policy levels around here, the technology can make a lot of that meaningless.

    Yeah, TOOLS that EXIST have that tendency to affect REALITY more efficiently than the wasteful enforcement of arbitrary rules by a self-granted monopoly on coercive violence.

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Pragmatic, Nov 15th, 2013 @ 5:49am

    Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

    Yes indeed, the copyrighted material has been infringed and the artist deprived on remuneration by arch-hypocrite OOTB.

    I presume that's an anomaly on your part. So, shall we extradite you, Cathy? Huh? Shall we drag you from your home and treat you like a criminal for copying and pasting lyrics on a site that hosts adverts and therefore makes money from your infringement, you grifting, thieving, pirate?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    DannyB (profile), Nov 15th, 2013 @ 5:50am

    Re: Oy. What's been obvious to me for years is now seeping into noobs.

    Dear OOTB:

    Wouldn't you argue that TechDirt has it backwards? That end to end encryption is not just about Security but is about Piracy, er, um... I meant Privacy?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Pragmatic, Nov 15th, 2013 @ 5:50am

    Re: Re: Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

    *of remuneration.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    Mr. Applegate, Nov 15th, 2013 @ 6:00am

    Re: Re: Re: Re: Intelligence of other countries should thank them

    With end-to-end encryption, spying on Gmail or Skype or whatever is ineffectiveThat really isn't true. Especially as the world transitions to IPv6 they will be able to monitor traffic on the backbones to see who talks to who, even if it is encrypted.

    Really not much different than tracking the Meta-Data from cell phones. I may not know what you said, but I know who you said it to, for how long... If you talk to the wrong people then I will attack the end point (install spyware, or more likely activate it, since it is likely built in at this point) to garner further information.

     

    reply to this | link to this | view in thread ]

  18.  
    icon
    ahow628 (profile), Nov 15th, 2013 @ 7:00am

    Re: Re: Re: Re: Re: Intelligence of other countries should thank them

    I'm not an expert here, but I think you are mistaken. End-to-end encryption doesn't just cover the message itself. It also covers the transmission of that message including its sender and its destination. I think this would be tied into DNSSec. For email specifically, it would involve the previously mentioned Dark Mail.

    http://www.techdirt.com/articles/20131030/11091025070/dark-mail-alliance-lavabit-silent-circle- team-up-to-try-to-create-surveillance-proof-email.shtml

    The point of end-to-end encryption is that it would be end-to-end and not leave any dangling metadata. Perhaps there would be some ability to track the amount of data transmitted, but that would be obfuscated by sending extra data, using compression, sending messages split into chunks, or using stenography.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Mr. Applegate, Nov 15th, 2013 @ 9:42am

    Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them

    I am an expert. Even encrypted data has meta data. The packets will reveal for example Packet size, Source, Destination, Source Port, Destination Port (which can reveal type of traffic, such as Web, Email...)

    Don't get me wrong, encryption makes the NSA et al job harder, but it is still possible. They would have to change to a multi layer approach, and would concentrate even harder into forcing back doors into encryption protocols. Many people believe they already have backdoors into some protocols, and they may well have the private keys issued by many cert sites.

     

    reply to this | link to this | view in thread ]

  20.  
    icon
    John Fenderson (profile), Nov 15th, 2013 @ 10:24am

    Re: Re: Re: Re: Re: Re: Intelligence of other countries should thank them

    He's not mistaken at all. Just to get the data from one machine to another over the internet requires information about where the data packet is coming from, where it is going, timestamps, and other miscellaneous things. This data cannot be hidden or the transmission won't succeed. There's really no way around this.

    What you can do is use thing like an onion router (like Tor) to obfuscate the transmission path. It's not perfect, but helps a lot. If you're only worried about specific services, you can use proxy chains (for web browsing) or anonymous remailer chains (for email) to get a similar effect.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Dave, Nov 15th, 2013 @ 10:38am

    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

    What a bitter and twisted person that OOTB must be! I have visions of a darkened room in a dingy basement in a less-then-salubrious neighbourhood occupied by a gnarled old man hunched over a yellowing keyboard desperately racking a few brain cells to try and produce aimless and completely irrelevant trolling posts to surpass previous attempts at what HE must presume to be intelligent comments. Nobody is fooled for one minute by such inane and puerile ramblings. I believe there is a diagnosis for such a person who desires to be the centre of attention and I would suggest a doctor is consulted.

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Bergman (profile), Nov 16th, 2013 @ 12:08am

    Re: Re: Oy. What's been obvious to me for years is now seeping into noobs.

    So you've finally become an anti-copyright 'freetard' blue?

    Or do you think copyright laws only apply to other people?

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This