Posts Tagged ‘NSA’

The methods of securing data are robust. Your financial transactions, health records and other sensitive information are safeguarded by strong mathematical processes. You can use these same tools yourself to keep your emails private. It is not much harder than learning a new phone and installing an app.

Usually, when your personal data is exposed by organized gangs of Russian “businessmen” or the Chinese People’s Liberation Army, it because of failures in computer security allowed by weaknesses in the programs. The cell phone companies deliver records to the NSA. The NSA does not break your ciphers. As far as we know, no one has ever cracked one of the public key methods developed since 1975. Some theoretical weaknesses have been suggested. Brute force attacks by the NSA have been hinted at, but never demonstrated. The mathematics is as immutable as the Law of Identity: A is A.  It is absolutely true that 1 + 1 = 2, always and forever.

A Crazy Idea

In the early to mid-1970s, independent researchers Whitfield Diffie and Martin Hellman at Stanford, Ralph Merkle at Berkeley, and Ronald Rivest at MIT, along with his doctoral candidates Adi Shamir and Lenard Adelman, all sought and found ways to encrypt information that were not based on any of the historically known methods. As a result, when Ralph Merkle submitted his papers to the Communications of the Association for Computing Machinery, they were rejected for denying the established wisdom of 2000 years. Working on his doctorate at Berkeley, he was told by his professors that he obviously did not know the basics of cryptography.

Codes and Ciphers

A code is a secret translation of one set of symbols for another. If we let
Handkerchief = Train
Scarf = Bus
Blouse = Plane
Red = 2:00PM
Blue = 3:00PM
Green = 3:45 PM
Then, “Thank you for the red scarf “ or “Thank you for the green blouse” could be sent via email or on a post card and the real meaning would be hidden. The weakness is in exchanging the key. Someone has to pass the translation table. However, given the security of the key table, the code is unbreakable.

A cipher is an orderly substitution. Taking the alphabet backwards, A=Z, B=Y, C=X,… turns BARACK OBAMA into YZIZCP LYZNZ. Another kind of cipher just takes the letters in turn say, every third in rotation so that HILLARY CLINTON becomes LRLTHLYIOIACNN.

Ciphers often can be broken with applied arithmetic. In English, e is the most common letter, followed by t a o i n s h r d l u… Among the complicated ciphers was the Vigenere in which a table of letter keys allowed shifting substitutions. During World War II, the Germans employed their “Engima” machine with its shifting and changeable wheels. It fell to the first of the computers, the “Bombe” of Bletchley Park and “Ultra” Project. In The Jefferson Key by Steve Berry (Ballantine Books, 2011), a supposedly unbreakable cipher finally falls to a modern-day sleuth. As constructed, it involved writing the letters vertically, then inserting random letters, then writing the letters horizontally. However, again, common arithmetic allows you to use the fact that any English word with a Q must have that letter followed by a U; and no English words have DK as a digraph. (Until DKNY, of course.) So, the cipher was broken.

Speaking to LASCON in Austin, October 23, 2014, Martin Hellman said that he and his co-workers were considered “insane” for suggesting that an encryption method could be devised in which the formulas were public. In fact, this idea had old roots.

The 19th century founder of mathematical economics, William Stanley Jevons, suggested that certain mathematical functions that were “asymmetric” could be the basis for a new kind of cryptography. Just because A=Z does not mean that Z=A. His idea did not bear fruit. However, Martin Hellman asked his colleagues in the mathematics department if they knew of any such asymmetric functions. Indeed, many exist.  They can be called “trapdoor functions” because they are easy to do in one direction, but computationally difficult in the other.  In other words, they are are unlike the four common arithmetic operations.

The Diffie-Hellman system employs modulo arithmetic.  RSA (Rivest-Shamir-Adleman) uses the totient function discovered by Leonhard Euler in 1763. In 1974, Ralph Merkle, then at Berkeley, thought of using a set of puzzles, where each one is moderately hard, but the full set of 15 becomes computationally difficult. Working together, Merkel and Hellman created a “knapsack” function in which the challenge is to put the “most important objects” (numbers) with the smallest weights (numbers) into a bag (solution set).

You can get the papers online. If you loved high school algebra, and get a kick out of crossword puzzles (especially acrostics) this will be fun. If not, just accept the fact that they work.

The salient facts remain: the cipher system is clearly described, yet stands cryptographically secure.   That is a mandate called “Kerckhoffs Law” named for Auguste Kerckhoffs, a 19th century Dutch linguist. A cryptographic system should remain secure, even if everything about it is known, except the key. Thus, in our time, you can find the mathematical theorems and computer code for public key systems. You can download almost instantly clickable applications to secure your email.

Pretty Good Privacy
A hundred years ago, codes and ciphers and the study of cryptography all were controlled by the secret services of governments. In our time, academic theoreticians publish papers. To be patented, a device must be published. And so, Phil Zimmermann took the mathematical theorems and processes of the RSA encryption algorithm and recoded them from scratch to create a new system, just as powerful, but available to anyone without need for a license. Zimmermann was threatened with lawsuits and such, but he prevailed. Today, PGP is a free product offered by software sales giant Symantec on their website here. It is something a “loss leader” for Symantec. You can get PGP from other places as well, see here.

With it, you can encrypt your emails. Know, however, that (1) you would need to be “approved” by another PGP user (easy enough) and that (2) anyone you send emails to with this also needs it to read your emails to them. Be that as it may, it is no harder than setting up a really cool Facebook page, just a bit of work and some close focus.

More websites that value privacy are shutting down … Groklaw, Lavabit, and Silent Circle.

While I agree with much of what Pamela Jones said in this article, http://www.groklaw.net/article.php?story=20130818120421175, I can’t agree with her conclusion to get off the Internet. “They” win then, don’t they?

I also have to agree with PandoDaily’s Adam L. Penenberg that their owners shutting down these 3 websites in particular was not such a great idea. http://pandodaily.com/2013/08/20/why-shutting-down-groklaw-lavabit-and-silent-circle-was-a-bad-move/  Like the guy said in The Godfather, “Go to the mattresses!” Keep people interested in fighting for their rights.

Now, back to the usual type of privacy-impacting shenanigans this website looks at. This article talks about how stores want to personalize your shopping experience for your shopping habits, kinda like Amazon already does. http://pandodaily.com/2013/08/23/customer-stalking-coming-soon-to-a-store-near-you/

I like coupons as well as the next person, but … it’s c-r-e-e-p-y! Facial recognition software, emotion-sensing technology … Carmel Deamicis calls it customer stalking and I don’t want to be stalked. Next thing you know, I’m gonna have one of those coffee machines that brews individual cups of coffee at a bazillion dollars per cup sitting in my kitchen and I’m going to feel bad every time I throw one of those little cups away. And, besides which, the type of coffee that goes in them is kinda nasty.

I don’t like it when Amazon tells me what I’ve looked at and what I’ve bought and what somebody else that bought what I bought bought … Geez, is that even grammatical?!

But what I do know is this: It’s creepy.

A filter bubble is when the results of doing an Internet search are targeted to you–your likes, your age, your location, your click history, and other aggregated information–meaning that you don’t see objective results when you search. It also means that advertiser links can be targeted more closely to what you might purchase. For an interesting look at filter bubbles, check out this information page at https://duckduckgo.com/?kad=en_US. The comments at the bottom of the page are very enlightening.

But is your information private when you search using DuckDuckGo? Maybe. You can read more about Web privacy and the NSA at Duck Duck Go: Illusion of Privacy and CNN’s How the U.S. forces Net firms to cooperate on surveillance.

For a more in-depth look at how Google personalizes your searches, read Personalized Search for Everyone and look at your Google Web History here [you must be signed in to a Google account to view this page]. You can turn off search history personalization by following instructions here.

To see who’s tracking you as you surf the Web, install a Firefox add-on called Collusion; it’s eye-opening!

For more reading on the NSA and privacy, read Bruce Schneier’s Crypto-Gram Newsletter; always fascinating!

NSA peepers

Posted: June 9, 2013 by IntentionalPrivacy in Cell phone, Privacy, Social media
Tags: , , , , ,

Coming on the heels of the Verizon snooping story last week is a remarkable article by The Washington Post that alleges the NSA collects data, codenamed “PRISM,” from “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” http://www.washingtonpost.com/investigations/us-intelligence-mining-data-from-nine-us-internet-companies-in-broad-secret-program/2013/06/06/3a0c0da8-cebf-11e2-8845-d970ccb04497_story.html Make sure you watch the video also.

Then there’s the AP surveillance case, which you can read about here.

One of my favorite quotes from one of my favorite movies, Sneakers, is where Cosmo saysThere’s a war out there, old friend. A world war. And it’s not about who’s got the most bullets. It’s about who controls the information. What we see and hear, how we work, what we think… it’s all about the information!”

Yes, I believe that’s true.

Business Insider wrote another article here about a statement issued by US Director of National Intelligence James R. Clapper Jr., which declares PRISM is used lawfully to gather foreign intelligence.

What can you do about snooping?

  • Don’t use Facebook, Yahoo, Hotmail, Gmail, Skype, YouTube, etc.
  • Maintain your super secret data on an encrypted computer running something like SELinux using TEMPEST technologies that never connects to the Internet. Never!
  • Don’t use a cell phone to make important calls and don’t carry a cell phone with you. In fact, don’t make important calls from land lines either.
  • Have your super secret conversations in person in a windowless room that you’ve swept for bugs.
  • You ought to be shredding your discarded paperwork anyway!

I mean, I could go on … but is any of this practical? Not really (except for the shredding).

The ACLU says:

In 2012, Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.) wrote, “When the American people find out how their government has secretly interpreted the Patriot Act, they are going to be stunned and they are going to be angry.”

Am I surprised about the WP expose article? No. The sad thing? Do I feel safer because of this snooping? No, not really. Yes, I understand that there have to be tradeoffs between privacy and security.