[Cryptography] Separating concerns

Phillip Hallam-Baker hallam at gmail.com
Thu Aug 29 16:31:57 EDT 2013


On Thu, Aug 29, 2013 at 4:27 AM, ianG <iang at iang.org> wrote:

> Hi Phill,
>
>
> On 28/08/13 21:31 PM, Phill wrote:
>
>> And for a company it is almost certain that 'secure against intercept by
>> any government other than the US' is an acceptable solution.
>>
>
>
> I think that was acceptable in general up until recently.  But, I believe
> the threat scenario has changed, and for the worse.
>
> The firewall between national intelligence and all-of-government has been
> breached.  It is way beyond leaks, it is now a documented firehose with
> pipelines so well laid that the downstream departments have promulgated
> their deception plans.
>

Quite, I had a conversation with a government type this morning. His
question, 'what if the intercepts are shared with the IRS'

Moreover Snowden has proved that the internal controls in the NSA are lax.
If a low level grunt working for a contractor has such access to the NSA's
own crown jewels it is idiotic to imagine that they keep the confidential
secrets of IBM or Microsoft or GE with greater care.


And, they told us so.  In the comments made by the NSA, they have very
> clearly stated that if there is evidence of a crime, they will keep the
> data.  The statement they made is a seismic shift;  the NSA is now a
> domestic & criminal intelligence agency.  I suspect the penny has not
> dropped on this shift as yet, but they have said it is so.
>

They will keep the data anyway. They will query it if there is evidence of
a crime but otherwise they are keeping everything.

And worse, they are creating fake stories to explain how the data was
collected. So they have perjured themselves in numerous criminal
prosecutions that are likely to be found unsafe when the full extent of the
scheme emerges.


This is not a stable situation. It is easy to see why Obama was infatuated
with the intelligence community and thus willing to give them carte
blanche. He came into office with the US losing two wars and a military in
which every staff officer who had had the courage to tell Rumsfeld his
plans were insane was dismissed. The intelligence services were the only
part of the military Obama could trust to provide an exit strategy.

But the next President is not going to be beholden to the intel services in
quite the same way. Even Obama appears to be starting to ask questions
about how the intelligence results are being achieved.




> In threat & risk terms, it is now reasonable to consider that the USA
> government will provide national intelligence to back up a criminal
> investigation against a large company.  And, it is not unreasonable to
> assume that they will launch a criminal investigation in order to force
> some other result, nor is it unreasonable for a competitor to USA
> commercial interests to be facing a USA supplier backed by leaks.
>
> E.g., Airbus or Huawei or Samsung ...  Or any company that is engaged in a
> lawsuit against the US government.  Or any wall street bank being
> investigated by the DoJ for mortgage fraud, or any international bank with
> ops in the USA.  Or any company in Iran, Iraq, Syria, Afghanistan,
> Pakistan, India, Palestine, ....  or gambling companies in the Caribbean,
> Gibraltar, Australia, Britain.  Or any arms deal or energy deal.
>
> (Yes, that makes the task harder.)


Not necessarily.

We have lots of technology. This is not a technology problem, it is a
deployment problem. The greater the level of concern, the easier deployment
becomes.

-- 
Website: http://hallambaker.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20130829/677e1a81/attachment.html>


More information about the cryptography mailing list