NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure

from the say-what-now? dept

There’s been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved “rules” for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece — and many others are now exploring — the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it’s determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:

In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.

In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn’t sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn’t collect it for that purpose. As Kevin Bankston points out to Andy Greenberg in the link above:

The default is that your communications are unprotected.

That’s the exact opposite of how it’s supposed to be under the Constitution. The default is supposed to be that your communications are protected, and if the government wants to see it, it needs to go to court to get a specific warrant for that information.

Filed Under: , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure”

Subscribe: RSS Leave a comment
Ninja (profile) says:

What we’ll see now (if it isn’t already happening) is a massive hike on encryption usage (I use https whenever available, OpenDNS encryption tool and others for a while now), anonymizing tools such as TOR/VPNs and services outside the US reach (ie: based in a privacy friendly country).

Not to mention that more people will move to encryption related development.

I wonder if the NSA has the firepower needed to decrypt all that? Also, given the new interest in crypto stuff I wonder if the US aren’t actually doing a favor to the people around the world by unwillingly pushing the development of decentralized and encrypted alternatives?

Anonymous Coward says:

Re: Re:

Looking at things through the other end of the telescope, the NSA’s policy on encrypted communications might be construed to mean that they reserve the “right” to capture, store and decrypt all encrypted communications, regardless of whether or not said communications are directly associated with a specific foreign person. In other words: All encrypted data encountered during whatever passes for the normal course of business, regardless of its source or destination, goes into their databases for use, at their discretion, now or at some point in the future.

So… What percentage of Internet traffic is encrypted these days, and will be encrypted in the future? Sounds as though the NSA have written themselves a future-proof policy (subject to change without notice) that gives them carte blanche to collect, store and analyze pretty much any and all data that they care to from anyone they please, without limitation, as long as it’s encrypted.

Anonymous Coward says:

Re: Re: (post #1 by Ninja)

Computer power is approximately doubled each year.

Schneier, Bruce, Applied Cryptography, Second Ed., New York: John Wiley and Sons, 1996, pp. 157?8:

Thermodynamic Limitations

One of the consequences of the second law of thermodynamics is that a certain amount of energy is necessary to represent information. To record a single bit by changing the state of a system requires an amount of energy no less than kT, where T is the absolute temperature of the system and k is the Boltzman constant. (Stick with me; the physics lesson is almost over.)

Given that k = 1.38E-16 erg/?Kelvin, and that the ambient temperature of the universe is 3.2?Kelvin, an ideal computer running at 3.2?K would consume 4.4E-16 ergs every time it set or cleared a bit. To run a computer any colder than the cosmic background radiation would require extra energy to run a heat pump.

Now, the annual energy output of our sun is about 1.21E41 ergs. This is enough to power about 2.7E56 single bit changes on our ideal computer; enough state changes to put a 187-bit counter through all its values. If we built a Dyson sphere around the sun and captured all its energy for 32 years, without any loss, we could power a computer to count up to 2^192. Of course, it wouldn’t have the energy left over to perform any useful calculations with this counter.

But that’s just one star, and a measly one at that. A typical supernova releases something like 1051 ergs. (About a hundred times as much energy would be released in the form of neutrinos, but let them go for now.) If all of this energy could be channeled into a single orgy of computation, a 219-bit counter could be cycled through all of its states.

These numbers have nothing to do with the technology of the devices; they are the maximums that thermodynamics will allow. And they strongly imply that brute-force attacks against 256-bit keys will be infeasible until computers are built from something other than matter and occupy something other than space.

(Slightly reformatted due to lack of superscript in available markup here. I’ve used ?E? notation for powers of 10, and ^ for other exponentiation.)

Malor (profile) says:

Re: Re:

Or is it just the general public they are concerned with?

Primarily, people they think are threats to the government. This includes, of course, political activists, and probably even people they think might someday become activists.

Remember how Pol Pot used to kill people with glasses, because anyone with learning was a threat to his regime? The NSA will have people just like that working for them; in any organization that large, it’s guaranteed. And some will eventually come into positions of power, if they haven’t already.

Do you really want a mini-Pol Pot having full access to anything you’ve ever said electronically to anyone?

Anonymous Coward says:

Well all I can say is I will be using the strongest encryption I can find from now on just for the hell of it. Their statement just seems like a challenge to me and I cannot help myself.

Damn my competitive nature.

All I know is I’ll be the winner because that little thing know as the power of ten dwarfs computing power very fast.

My message of I love toast and OOTB is a bitch will be triple encrypted each with a password over 500 chars. 90 trillions years in the future once they crack it they’ll know just how much I love toast and hate OOTB.

Anonymous Coward says:

Talk to your bank in the clear!

The NSA desires your cooperation in separating law-abiding citizens from foreign terrorists. The NSA asks you to make sure that when you are using the internet to conduct banking transactions, all your information is un-encrypted. That is, there should be no padlock visible on your browser.

This also applies to on-line shopping sites. Make sure that there is no padlock visible when you are providing your credit card number on-line.

Remember: If you use encryptation when you’re conducting financial transactions, the NSA may consider you a terrorist.

You have been warned.

Anonymous Coward says:

Just a thought: From today’s article Masnick says your data can be kept “if [the NSA] discovers anything at all remotely potentially criminal about your data” which is an inference made from The Guardian article saying they can collect your data if it contains “information on criminal activity”. But I inferred that they can collect your data not because “you are a criminal talking about your crimes”, but rather that they can collect your data if you are “talking about your friend’s roomate’s cousin’s brother” doing something illegal.

Anonymous Coward says:

Re: Re:

Sure you don’t mean your father’s brother’s nephew’s cousin’s former roommate?

(And what does function verify_data($first_name, $last_name, $email, $zip)
function validate_fields($required_fields)
function create_account($sku, $first_name, $last_name, $email, $zip, $address1 = “”, $address2 = “”, $city = “”, $state = “”, $country = “”, $phone = “”, $fax = “”, $company_name = “”, $title = “” )
function create_free_order($user_id, $product_id)
function send_confirmation_email($sku, $email, $first_name, $product_type)
function login($email, $password)
function new_password($new_password, $verify_password)
function get_form_type( $product_id )
function decode_gate_key( $key )
function encode_gate_key( $seminar_id, $product_id )that make the two of you?)

Anonymous Coward says:

Re: Gmail is encrypted

Does that mean NSA is storing ALL emails sent via GMail?

Sen. Wyden: ? Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?

DNI Clapper: ? No sir.

Sen. Wyden: ? It does not?

DNI Clapper: ? Not wittingly. There are cases where they could, inadvertently perhaps, collect?but not wittingly.

Anonymous Coward says:

Re: Re: Re: Gmail is encrypted

?President Obama ?certainly believes that Director Clapper has been straight and direct in the answers he’s given? Congress, White House spokesman Jay Carney said Tuesday.?

????? ???WH defends DNI director Clapper after congressional testimony draws fire?, by Stephanie Condon, CBS News, June 11, 2013

Anonymous Coward says:

Re: Traitors

Please your rhetoric is that of a naive. “Traitor” is just a view point from what “side” your brain is BAMBOOZLED towards. I.E. Germans who were “traitors” to their countrymen. Not to say they were ever real cool with Hitler per se, but stil branded traitors by many including their own country. “http://news.bbc.co.uk/2/hi/uk_news/magazine/8635541.stm”

Anonymous Coward says:

Re: Make it look like SPAM

Better Yet, get an throw away email address and get it on as many spam lists as possible, then take all that wonderful spam we have all tried to fight for years, and encrypt it and send it out… now you just increased the work load for the whole operation by 1000% if 500 ppl do it, the whole thing comes crashing down just based on the sheer amount of info they would be forced to sift, thus making the whole thing impractical….

Pietro says:

Re: 2048 bit VPN

You don’t understand how it works. It doesn’t matter how good the encryption from you to point X is. All it takes is for them to have access to point X and grab whatever decrypted traffic. All VPN does is to encrypt data at one end of the pipe, and decrypt at the other end. The VPN tunnel is transparent to the communicating parties, so you only need to tap at the point, where the data is decrypted again. You either do it by officially order a company to comply, or you just pay an employee of the company, to do the job for you.

Anonymous Coward says:

might just as well throw the Constitution and every other law meant or designed to protect ordinary people, their speech, their ideas and their property out the window. law enforcement are going to do exactly as they please! does anyone actually believe that things will change after this episode has died down and blown over? things will be the same as they were or worse. the one difference will be they way it is all hidden away!

Rapnel (profile) says:

Tyranny Bedrock

There is no 4th amendment.

This has turned into a sick, fucked up joke and if you’re not laughing the joke’s on you.

As soon as the powers of the NSA were unleashed within its own borders it was game over.

Secret data, secret sources, secret tips, secret courts, secret enforcement, secret government, secret law, secret all powerful gods to rule over the engines of commerce.

Creates a
Expectation of

Personally, I think some current and previous heads of government need to be tried for treason against the people. “To protect” does not override the foundational laws of freedom.

“The people” are the very last means of protection that any people have.

Doomed. Doooooommmeed.

I hope that all your hopes of abortion and immigrants and prayer in school and gun ownership, and favorite reality tv show ends the way you want it to! Fucking tools.

TheLastCzarnian (profile) says:

Reasonable Expectation of Privacy

As I said before, I really can’t see how encrypting your message cannot result in a reasonable expectation of privacy, meaning that encrypted messages should not legally be captured without a court order.

Hopefully someone brings this up to the administration. I’m sure it won’t be anyone from the mainstream media, and certainly not NPR.

Pietro says:

Re: Reasonable Expectation of Privacy

When it comes to all the 21 spy agencies, forget any laws. They do what they want to do. It is all secretive, so you either have no idea what’s going on, or if you do have an idea, you can’t sue bcs of state secrets privilege. That’s it. Once you allowed the unpatriotic “Patriot Act” to become a law, you screwed your own future.

Anonymous Coward says:

Re: Steganography

We should not have to encrypt anything. Encryption is supposed to protect us against hackers and other unwanted mother******* who wish to invade our privacy. Elected Governments work towards assisting public against such attacks. Are we going crazy or the whole process has turned upside down and people including me are just sitting on our backsides commenting on the role of an agency whose main goal seems to be to become, actually has become the biggest dictator and we just say, oh well, it is in the name of security and sll the while they are attacking other countries directly or indirectly claiming dictatorship in those countries. I guess now the slavery and colonialism is over, the next step is to control the world via electronic media. All of you tech guys out there I applaud your suggestions but youcould be charged with treason so soon. It is time to get our heads out of our a***s and start a new peaceful world without weaponry, mass killing and class distinction in any form. How??? No idea, it seems my head is still where sun does not shine.

NSA Troll says:

Encryption Chain

So if they have to keep all Encrypted data tell it’s encrypted, what would happen if.

User “A” Sends a 10 Meg Encrypted Picture to everyone on their E-Mail Chain List.
Receivers then Re-Encrypt the Original Message (This would now be a “NEW” File as far as the NSA cares, give they didn’t break the original encryption. This new 10Meg Email is forwarded on to a new list of Anonymous users.

Rinse & Repeat.

Each User just sending to 10 new users with custom encryption for each user is 100 Meg per person of Encrypted Data for the NSA to keep.

PatG says:

Re: Encryption Chain

Thanks, this article and the responses were bringing me back to the days when I worked as a messenger in NYC and would stop at every other pay phone to call 800 numbers from Falwells’ “Liberty Lobby” and other right-wing jackholes. Engage them in an inventive two minute elliptical conversation or simply declare “you paid for this call” and be on my way. Yes, let the era of extreme encrypted funny cat videos with nonsensical koans, automated palindrome generators and sedoku-derived text begin. Let them choke on it. Don’t forget bean dip recipes and product ingredient lists with rAnDom CApS.

wallow-T says:

Europe’s response to this will be interesting.

A rational response to Europe’s privacy concerns would be to build Euro-owned and -governed big-data-type solutions.

However, to make them work and have any hope of addressing the privacy concerns, Europe would have to ban the use of the USA-based, hopelessly-compromised services like Google and Facebook.

Basically, to have any semblance of privacy going forward, Europe needs to turn SOPA-like restrictions on the historic US Internet services. No other choice: the US can never be trusted again.

Michael Rivero (profile) says:

Decode THIS!


cosmicrat (profile) says:

It goes even a little further

“In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them”

” sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.”

You sort of covered it, but to highlight: The DOJ and NSA are among the all time world champions in the use of weasel language. Notice their statement could be interpreted to mean they will keep data, even if it is clearly domestic only, even if it is clearly not illegal or controversial, simply because the breaking of the cryptography revealed insights into breaking crypto itself. In other words, if they broke it, they’ll keep it just as an example of a code that might be used elsewhere.

Demosthenes Locke says:

I thought this was a chilling page:

“The first thing I did after I heard about the highly classified NSA PRISM program two years ago was set up a proxy server in Peshawar to email me passages from Joyce?s Finnegans Wake. A literary flight of fancy. I started sending back excerpts from Gerard Manley Hopkins poems.”


Peter Wiggin (profile) says:

Re: To Demosthenes Locke

Thank you for that link. I read it… and after pondering the story (especially in light of the NSA’s storage of our communications), I found this to be the most frightening conclusion of all:

“My epiphany came here…
Joyce, Hopkins, Proust, Shakespeare…had sought immortality in their endeavors… And yet, here the government had actually done it… for all of us: everything written now preserved for evermore ? and if the United States of America had her way, it would be until the end of time. Our immortality in the mineral composition of database drives.

I have never desired, nor do I now, the preservation of my personal thoughts, ideas, and/or communications of any kind, which I sent specifically to certain individuals.

Around 10 years ago, it occurred to me that what is sent via the internet stays on the internet; and so, I made the decision a decade ago to never write or send that which I did not want preserved for posterity, frozen in databases for all time. I’m elated for that foresight, though at the time, my family & friends considered me “paranoid.”

Even so, the fact that our written and spoken communications are stored (and depending on content, may earn us a visit similar to Mr. Sifton’s)? should not only frighten us, but become the impetus for each and every one of us to refuse to make it as easy for them to continue doing so…

Anonymous Coward says:

The solution to all this is to build systems which track government data and publish it all, openly, for the world to see. Something like Logwatch, to pick up times emails sent to/from elected officials, law enforcement and the military.

But just publish the government side of things, not the “joe public” sender/receiver.

Oh, and if there is a “malicious payload”, i.e. an encrypted attachment, make that publically available too. ๐Ÿ™‚

Elizabeth Conley (profile) says:

This is a Very Useful Piece of Intelligence

It tells us that one of the most effective ways of protesting the NSA’s abuse of our Constitutional rights is for as many citizens as possible to send encrypted messages.

We should all be sending encrypted messages, and each one should contain relevant quotes from the U.S. Constitution and our founding fathers.

The technically savvy should be doing everything in their power to enable the less technically savvy to achieve this.

Knowledge is power. We have just been handed a very useful bit of knowledge.

Anonymous Coward says:

At a press conference to discuss the accusations, an N.S.A. spokesman surprised observers by announcing the spying charges against Mr. Snowden with a totally straight face.

?These charges send a clear message,? the spokesman said. ?In the United States, you can?t spy on people.?

Seemingly not kidding, the spokesman went on to discuss another charge against Mr. Snowden?the theft of government documents: ?The American people have the right to assume that their private documents will remain private and won?t be collected by someone in the government for his own purposes.”

Animal Farm by George Orwell. He eas ahead of his time.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop ยป

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...