[Cryptography] NSA and Tor was Updates on Durov charges in France

iang iang at iang.org
Sun Sep 8 05:56:24 EDT 2024


On 08/09/2024 00:48, efc--- via cryptography wrote:
>
>
> On Sat, 7 Sep 2024, Christian Huitema wrote:
>
>> relying on mega-scalers has its own problems: it contributes to more 
>> concentration on the Internet, and even if we believe that these big 
>> mixers are not somehow doing surveillance capitalism, they become an 
>> attractive point for legal attacks. So maybe as a general practice we 
>> ought to rely on a large number of medium size relays, instead of 
>> just a few big ones.
>
> One question when it comes to public encrypted services that I think is
> neglected, is project and legal governance.
>
> Companies can easily be shut down, or opened up by law enforcement.
> Individual programmers can be threatened, open source projects can be
> infiltrated.
>
> Once you're in the inside, it is way easier to attack a project.
>
> How would you protect against those types of attacks? Is there anything
> organizational or legal, one can do, to reduce the possibility of those
> things?


Back in 2000s, when CAcert had a reasonable chance of being a real CA, 
it faced a steady stream of attacks by 5-eyes IC (intelligence 
community) that had put it on the list of must-breach, as with all CAs. 
Now I don't suppose they bother that much, as it got blocked from the 
browsers.  When Snowden revealed the term of art "Secret Cells" this was 
penned in 2 parts:

http://wiki.cacert.org/Risks/SecretCells

It's a little bit complicated bc there are assumptions & history. In 
short, there had always been a background check for people working on 
the critical systems. That got binned bc of legal issues to do with real 
security background checking, but it was replaced by what was called 
Arbitrated Background Check, in which an Arbitrator would work through a 
checklist of questions relating to background and specifically exposure 
to IC or police.

The use of an Arbitrator to do this was the crux. Arbitration operates 
as a replacement for courts, and is backed up by "The Arbitration Act" 
in each country. The advantage is that you get to modify the processes 
of the law to suit local circumstances. So an assumption here is that 
Arbitration exists as a tool within the community - most won't have that.

As a case at law, the ABC documentation was held 'under seal'. If there 
were any lies found in the future, then that counted as lying to an 
Arbitrator, and that meant penalties or actions or exposure could be 
enacted directly.

The reason this works is bc of the assumptions: the Western IC at least 
does breaches 'honestly' but secretly. Their modus operandi is to get 
you to agree to let them in, and then also to agree to keep their 
secrets, bc reasons. For eg, when breaching companies, they have a 
little chat with the CEO and negotate a deal. Then if anything goes 
wrong, *they've* not done anything wrong, they are blameless.

So by collecting their secrets, holding them under seal, and being able 
to expose them, we raise the stakes. And, ofc the Security Policy 
mandates that people who have exposure can't work anywhere near critical 
systems.

This worked - once we had the ABC in place, the IC attacks dried up. 
There was only one after that, and he was boxed in to the administrative 
areas. Just to clarify this was a real thing, we had later on got 
testimony of that guy being in meetings with his agency to check on 
progress in breach.

Another assumption here is that it is only 5-eyes that is interested in 
breaching. That does seem to be the case certainly as far as CAcert was 
concerned. I never heard of any other intelligence agency being interested.

There was one flaw in the system - its real motive wasn't documented 
well enough. Everyone knew what the purpose was, but everyone changes 
over tiem. So when I came back a few years later for some other reason, 
I discovered that the new generation of people had not understood it, 
and changed its purpose from background check to technical check. Which 
ofc was pointless as the Arbitrator was not competent at the technical 
aspects of the critical systems.

iang

ps; another assumption was that while it was an Australian Association, 
pretty much all the work was done across the Germanic country belt. This 
made it a lot harder for 5-eyes to threaten by eg using police or tax 
tactics, and those countries tended not to breach civil society.



More information about the cryptography mailing list