[Cryptography] NSA and Tor was Updates on Durov charges in France
iang
iang at iang.org
Sun Sep 8 05:56:24 EDT 2024
On 08/09/2024 00:48, efc--- via cryptography wrote:
>
>
> On Sat, 7 Sep 2024, Christian Huitema wrote:
>
>> relying on mega-scalers has its own problems: it contributes to more
>> concentration on the Internet, and even if we believe that these big
>> mixers are not somehow doing surveillance capitalism, they become an
>> attractive point for legal attacks. So maybe as a general practice we
>> ought to rely on a large number of medium size relays, instead of
>> just a few big ones.
>
> One question when it comes to public encrypted services that I think is
> neglected, is project and legal governance.
>
> Companies can easily be shut down, or opened up by law enforcement.
> Individual programmers can be threatened, open source projects can be
> infiltrated.
>
> Once you're in the inside, it is way easier to attack a project.
>
> How would you protect against those types of attacks? Is there anything
> organizational or legal, one can do, to reduce the possibility of those
> things?
Back in 2000s, when CAcert had a reasonable chance of being a real CA,
it faced a steady stream of attacks by 5-eyes IC (intelligence
community) that had put it on the list of must-breach, as with all CAs.
Now I don't suppose they bother that much, as it got blocked from the
browsers. When Snowden revealed the term of art "Secret Cells" this was
penned in 2 parts:
http://wiki.cacert.org/Risks/SecretCells
It's a little bit complicated bc there are assumptions & history. In
short, there had always been a background check for people working on
the critical systems. That got binned bc of legal issues to do with real
security background checking, but it was replaced by what was called
Arbitrated Background Check, in which an Arbitrator would work through a
checklist of questions relating to background and specifically exposure
to IC or police.
The use of an Arbitrator to do this was the crux. Arbitration operates
as a replacement for courts, and is backed up by "The Arbitration Act"
in each country. The advantage is that you get to modify the processes
of the law to suit local circumstances. So an assumption here is that
Arbitration exists as a tool within the community - most won't have that.
As a case at law, the ABC documentation was held 'under seal'. If there
were any lies found in the future, then that counted as lying to an
Arbitrator, and that meant penalties or actions or exposure could be
enacted directly.
The reason this works is bc of the assumptions: the Western IC at least
does breaches 'honestly' but secretly. Their modus operandi is to get
you to agree to let them in, and then also to agree to keep their
secrets, bc reasons. For eg, when breaching companies, they have a
little chat with the CEO and negotate a deal. Then if anything goes
wrong, *they've* not done anything wrong, they are blameless.
So by collecting their secrets, holding them under seal, and being able
to expose them, we raise the stakes. And, ofc the Security Policy
mandates that people who have exposure can't work anywhere near critical
systems.
This worked - once we had the ABC in place, the IC attacks dried up.
There was only one after that, and he was boxed in to the administrative
areas. Just to clarify this was a real thing, we had later on got
testimony of that guy being in meetings with his agency to check on
progress in breach.
Another assumption here is that it is only 5-eyes that is interested in
breaching. That does seem to be the case certainly as far as CAcert was
concerned. I never heard of any other intelligence agency being interested.
There was one flaw in the system - its real motive wasn't documented
well enough. Everyone knew what the purpose was, but everyone changes
over tiem. So when I came back a few years later for some other reason,
I discovered that the new generation of people had not understood it,
and changed its purpose from background check to technical check. Which
ofc was pointless as the Arbitrator was not competent at the technical
aspects of the critical systems.
iang
ps; another assumption was that while it was an Australian Association,
pretty much all the work was done across the Germanic country belt. This
made it a lot harder for 5-eyes to threaten by eg using police or tax
tactics, and those countries tended not to breach civil society.
More information about the cryptography
mailing list