[Cryptography] Security clearances and FOSS encryption?

[Phillip Hallam-Baker]

On Sat, Jul 12, 2014 at 9:29 AM, John Kelsey <crypto.jmk at gmail.com> wrote:

>
> > On Jul 11, 2014, at 7:20 AM, ianG <iang at iang.org> wrote:
> >
> >> On 9/07/2014 17:18 pm, John Kelsey wrote:
> >> To the extent clearances do what they're supposed to do, they should
> indicate less risk of compromise to the project--less blackmail or bribery
> potential, for example.
> >
> >
> > Well, there are clearances that we do on our people, and the clearances
> > that our enemy does on his people.  We're talking about the latter, so
> > following your train of thought, we are dealing with (a) a signal of
> > something, and (b) people who are already compromised ... by the issuer
> > of the clearance, aka, the enemy.
>
> There isn't *one* enemy sitting in Ft Meade (or Mordor).  There are
> hundreds of potential enemies. Blackmail and bribery are generic techniques
> that can be used to compromise people--they can be used by the US
> government, foreign governments, private criminals, activists, *anyone*.
>  If the security clearance investigation excludes the people who would have
> been most susceptible to those techniques, then having passed it adds some
> value.  How much?  That, I don't know.


What it is meant to do is to discourage the worst security risks from
applying in the first place. It also ensures that an enemy attempting
blackmail has to dig deeper than the positive vetting process. And in the
pre-electronic age that would be difficult to do without making a lot of
noise.


The possibility of subversion by government agencies is always going to be
there, if not Ft Meade then the Kremlin, IRG, etc. The only difference with
Ft. Meade is that we do actually have a possible defense in moral suasion.

Snowden defected because he believed that the NSA had crossed the line and
became a threat to democracy in the US. So the question needs to be asked
where the line should be drawn. And this is an issue I have discussed with
ex-Directors of the NSA so don't dismiss my analysis out of hand as overly
left wing/libertarian.


Ft. Meade isn't the enemy.

Its the people inside and only some of them that are the concern. One of
the first things I learned in politics was that everyone has their own
agenda and that almost none of the people who get to the top give a hang
about patriotism or the good of the country. They like to think that they
do but they find excuses and pretexts for considering their own self
interest the national interest.

The US government is not the enemy but its agencies are the only threat.
Yes Putin is a dictator slowly turning Russia into a Fascist regime. They
have done Communism and it is discredited, Fascism is the only political
model they have left. But at the end of the day Russia has 750K men under
arms and most of their equipment is from the 70s at best. Russia can barely
keep hold of Crimea and has been forced to abandon attempts to annexe East
Ukraine. Their least awful noncontiguous ally is Iran (!) China has
deliberately entangled its economy with the US so that a war between the
two would destroy both, it is thus not a threat either.


The problem with Ft Meade is that (1) it is a military organization that is
spying on the bulk of the civilian population (2) Until the mid 1970s a
country was far more likely to suffer a coup by treasonous colonels than an
external invasion. (3) Most of those coups, including many against
democracies were engineered with the help of the Enigma type decryption
capabilities performed at Fort Meade.

Given the volume of anti-constitutional chatter on the right in the US and
the marked preference of the NSA/CIA for suppressing elected governments
they consider to be intolerably left wing, I see Fort Meade as a real
threat. So did President Eisenhower, quite possibly because the coup in
Iran was organized without his advance knowledge.


At the moment we have a lack of balance and too much concentration of power
in the hands of the NSA generals. Deploying strong civilian cryptography is
a necessary counterbalance but so is developing a set of norms for
cyber-engagement.

I have been pushing for the adoption of a norm that we consider cyber
attacks of all types against civilian infrastructure in the same class as
terrorism. This is of course anathema to people who have built their
careers around attacking things and blowing them up.

I do not of course expect the adoption of such a norm to be immediately
observed by any side. But I do think that we can put a stop to NSA attempts
to sabotage civilian cryptography efforts. And if that happens it will be
in their interest to make sure nobody else is doing the same thing.


For years, I have been arguing that open source code is no more secure than
proprietary, it is only the small subset of open source code that has been
extensively reviewed that is more secure. I still stick to that analysis
except that there is now a caveat: Any code base that is widely used is now
going to be scrutinized for potential vulnerabilities by foreign and
domestic spy agencies. In the past the NSA assumed it was the only party
doing this analysis and kept schtum when it discovered something. What is
the NSA going to do now when it knows that the Russian, Iranian and Chinese
intelligence services are looking at least as hard as they are?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140714/8b3a44ae/attachment.html>