Since the NSA revelations started appearing i’ve been wondering how this can possibly end. When people start intercepting traffic (PRISM) and capturing it for later analysis (TEMPORA) you have to start to wonder how safe operation on the current internet will be in immediate future.
This piece on Netcraft discusses the interception of SSL traffic, asking the same questions as above:
Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy. However, recently leaked documents appear to reveal that the NSA, the United States National Security Agency, logs very high volumes of internet traffic and retains captured encrypted communication for later cryptanalysis.
It goes on to discuss a variant of this form of security called Perfect Forward Secrecy, that isn’t as widely used but theoretically could make the job analyzing intercepted traffic much harder. You might assume that some of the activities that perform on internet are reasonably secure. For example, your online banking, credit card transactions, checking your work mail, etc.
There are now several reasons to question this assumption. The biggest is obviously that the like of the NSA and GCHQ are operating at multiple levels on the network, and their capabilities are largely unknown. Webmail for example, they want to read that, and have several options as to how they go about so doing. They could run all the traffic flowing to the webmail server through a splitter, capturing a copy of it, and read the contents at their leisure. This is only slightly complicated by SSL if the certificate system is compromised and they have access to the certificate roots. The other alternative is to work through the legal system and demand that the webmail provider give them copies of any mail in which they decide to take an interest. It’s easy to imagine that net being dragged pretty wide.
And that’s only the beginning of it! The NSA, the purported largest employer of cryptographic mathematicians in the world,[citation needed, etc] could be (and probably is) years ahead of the mainstream in the art of breaking modern ciphers. They’ve sponsored competitions for becoming the new standard for encryption / hashing, and picked the winners. The creators of the new standard do very well for themselves, but maybe the NSA does better – they get to pick a standard where they already know they have an advantage.
The game theory here seems a little dubious. Knowing that there are weaknesses that you can exploit doesn’t stop them also being weaknesses that your competitors can also exploit. But perhaps they play by different rules, and anything truly important is secured under another (higher) standard. The whole thing sounds a little paranoid… which given what has been released (and acknowledged to be happening!) should probably give pause for thought.
Back to trust. Modern, complex, societies obviously require a certain degree of trust to function. Certain communications, interactions, have an expectation of privacy. You trust that the person or institution with which you are interacting is acting in good faith, be it a friend, a bank, a doctor, a co-worker. You chose whom to trust with the expectation that they are part of the network of trust that society has developed to support the complexity of interactions. By the same token, you don’t expect that the majority of your mail is being read (it is), that someone is keeping a file on you just in case you step out of line (someone is), that the majority of your phone calls will be recorded, converted to text, analyzed, and retained indefinitely (they probably are), that ever webpage that you access is logged and retained indefinitely (details).
All of which leaves me wondering. What happens if this trickle of leaks, and the activities that they reveal, continues? Does the network of trust in society start to breakdown? And, what does that look like?
I doubt most of us can imagine what it would be like to be in modernized surveillance state. It seems likely that very few of the people in power have given it much consideration either. The danger is that they’ll simply adapt to circumstances, and inevitably become increasingly controlling.
History can’t really be our guide as the capabilities available to monitor the modern society far exceed those previously available, but it is hard to imagine a fairytale ending!
Meant to include a link / reference to Ken Thompson’s ‘Reflections of Trust‘ but somehow it got lost on the way. You should read that… it pretty much says that no computer program can really be trusted, even if you have the source (and usually you don’t).
I’ve often thought that it would be sensible to have an equivalent of the physicians hippocratic oath for software engineering, and maybe even science in general.
My feeling now is that boat has sailed, and the cult of technology is well on it’s way to being our ‘design for living’.