[Cryptography] "we need to protect [our dox] by at least encrypting them"
agr at me.com
Tue Nov 8 09:10:02 EST 2016
> On Nov 7, 2016, at 7:57 PM, ianG <iang at iang.org> wrote:
> On 07/11/2016 18:57, Arnold Reinhold wrote:
>> On Sat, 5 Nov 2016 14:29 IanG wrote:
>>> with the news that 5 intelligence services were likely (99%)
>>> to have hacked Hillary's private servers,
>> This claim is based on a Fox News story
>> that has since been revised to say:
>> "Authorities are operating under the working assumption there is a
>> high chance Hillary Clinton’s private server was breached, one source
>> with intimate knowledge of the FBI investigation told Fox News – though
>> there still are no digital fingerprints proving a breach.
>> The source said the server may have been hacked by up to five foreign
>> intelligence agencies. While other sources believe this is probable,
>> evidence has not emerged to confirm this.
> Yes - it's a leak. There is a rebellion going on in the FBI.
> Of course, there is no evidence to confirm it. Nor is there any evidence to confirm anything Snowden said about the NSA. Nor has the White House confirmed that wikileaks maildrops are essentially accurate, or identified the ones that have been changed. Nor has Sweden admitted that its case against Snowden is made up. Nor nor nor.
Was it a leak from someone in the know, or was it embellished (e.g. "98% chance”) along the way? The fact the Fox News retracted its original story strongly suggests the latter.
>> When FBI Director James Comey publicly discussed the Clinton email
>> case back in July, he also said that while there was no evidence hostile
>> actors breached the server, it was ‘possible' they had gained access."
>> That is a big difference; it now appears to be all speculation.
> OK, so at this stage, James Comey is fighting a battle that means he will lie even when he's telling the truth. Look at the stakes. One has to weigh his situation with the context of the week.
> Whatever he purports has zero meaning, against the stakes of the game he's in today, tomorrow.
>> I still ask why, if her servers were hacked, haven’t at least some of
>> the deleted emails been release through Wikileaks or some other source?
> Wikileaks are releasing what they have, but it looks like they got it from another source.
> The other intel agencies will not release it unless provoked. They're intel agencies - their job is done in the shadows. They got the product, the extracted, they fed up to their masters. Now kicks in the next task - to make sure their tracks are covered.
> No intel agency will admit to hacking, ever. We're still waiting for the NSA to admit to spinning the centrifuges, right? It makes zero sense for any intel agency to admit anything anytime anywhere.
>> If the other leaks have indeed been directed by a state actor, likely
>> Russia, as several intelligence agencies have concluded, why hold back
>> before the election convincing evidence she was hacked?
> Most or all intel agencies won't futz with the American election. Most or all foreign governments will not have a preference for one or other candidate. Most or all governments will recoil with horror at the accusation that they are interfering with the American election.
> So, no, they won't release it. Nor admit it. Ever.
Except that there have been numerous reports, from multiple sources, that Russia is indeed futzing with the American elections. People close to Putin have said on video that electing Clinton means war. Bluster no doubt, but hardly neutral. And Russia doesn’t have to admit anything, the can just anonymously leak the deleted Clinton email through Wikileaks or some other channel. The fact that they have not appeared as of 9 am on election day, suggests Russia doesn’t have them.
>> And if you believe the other leaks were from insiders, not state actors,
>> all the more reason that Hillary was wise to use a private server with a annouonumsly
>> few hand-picked admins she trusted. We have been deluged with Secret and
>> Top Secret documents purloined by Manning and Snowden. The handful of
>> emails on Hillary’s server that the FBI says were or should have been
>> classified seem to be among the few U.S. state secrets that the public
>> has yet to see.
> Unfortunately, the NSA, the FBI and the various other counter-intelligence agencies which are tasked at protecting the government are not going to see that as any more than self-serving bluster. And in court - if it ever were to get there - it would be demolished. That alone would send the perp to jail. E.g., if the answer to a few upsets within is that we go it alone, that means every agency, every secretary, every sysadmin who thinks he can do better than the NSA ... has carte blanche.
I’m not suggesting that a private server in each official's home is the right answer going forward, but a separate email server in each top-level official’s office safe with encrypted back up to the department servers might be a good solution for unclassified email privacy. The servers would be inside the department’s firewall perimeter defenses and could have additional protection, such as a stripped down operating system loaded from ROM, to minimize attack surface. Admin access would be limited to a few staff vetted by the official. The backups' encryption key might be escrowed in the national archives for future historical records. The old model of all email stored en clar on department servers is unworkable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography