I would like to thank everyone who provided feedback on the Selective
DoS Attacks discussion.
The following is a somewhat more trivial discussion spawned from it.
After spending a lot of time trying to resolve the reliability problems
in anonymous remailers, and having little discernable effect on the
problem, I came to the conclusion that remailer messages are being
deliberately deleted as part of a selective DoS attack.
This naturally leaves the question of how to fix the problem.
like to break in with a little trivia on the subject, and why "adding
more bits" may have little effect.
THE BIG LITTLE LOCK
BREAKING THE LOCK
THE BIG LITTLE LOCK
Modern encryption is an interesting tool. It is a tiny lock which
be produced from cheap materials; it can be obtained and applied easily
by most individuals.
But this same lock, when faced from the other side, is a very big lock,
requiring very substantial resources and time to break, if it can be
broken at all. In a few seconds a small PC can produce a coded message
which presumably takes a supercomputer many billions of years to break.
Thus is the individual empowered by encryption, and thus are governments
challenged through its use. As information increasingly becomes the
basis of change, affecting the flow of information becomes power.
Encryption can be used to both withhold information, and to insure its
BREAKING THE LOCK
Some time ago I introduced a friend of mine (who had just recently begun
using computers in earnest) to the concept of public key cryptography,
and I showed him how PGP works. The next day my friend came to me and
said he had broken PGP. I allowed him to explain, and he said it's
simple, "just scan for PGP messages and delete them".
Little did I know he had stumbled upon the very same solution as the
The NSA, CIA, and other intelligence-gathering organizations are
genuinely threatened by encryption. It can be argued that with their
massive computing resources they can break some of it. But they cannot
do so cheaply, and they cannot do so on a wide scale. If everyone used
encrypted communication, the eavesdroppers would quickly become
backlogged trying to decrypt it in real time. By the time they found
the message they were looking for, they'd be very dead of old age.
So imagine a meeting where they get together to discuss this problem.
think they came to much the same solution as my friend. They need to
eliminate or reduce the ability of people to use encryption securely.
This explains their horror when Phil Zimmerman wrote PGP, and their
prolonged legal attack against him.
It is folly to think of the NSA and their ilk as mere code breakers
eavesdroppers. That is a very passive personification of organizations
who are very active saboteurs, manipulators, and killers. Consider some
of their approaches to the problem of encryption. It reveals their
desperation and how serious they consider the problem.
Sabotaged Software - Again and again we find
that these people are
covertly sabotaging the security of software, both within their own
countries and overseas. A lot of the people who spend some time at
the NSA move into the private sector writing crypto code for
Microsoft, Netscape, etc. This means the NSA maintains these links
Sabotaged OS - Is it an accident that Windows
is so full of security
holes? Are these programmers really this incompetent, or is this
being done deliberately and under influence? Consider the NSA key
in Windows - a good speculative example. The presence of the second
key and the ability to change it renders the CrytpoAPI very
insecure, regardless of who owns the key. This aspect of the OS is
Sabotaged Hardware - The broken encryption
in cell phones is a good
example. The Processor Serial Number (PSN) quietly introduced by
Intel in some PII's and Celeron chips, and overtly introduced in the
PIII, is probably another example of the influence of these
organizations and their connection to industry. If you question the
security threat of the PIII, China doesn't. It has prohibited the
connection of PIII's to the internet.
Sabotaged Connectivity - I am convinced that
the lost mail everyone
is familiar with when using anonymous remailers involves widespread
sabotage of the network connections between the remailers. Messages
are deleted at will. This means that only the very determined can
use them at all, and they are crippled to an extent where widespread
and highly secure use is unlikely. In more general terms, if
internet systems fail they create financial losses and are abandoned
for other systems. By sabotaging connectivity and reliability these
organizations influence what services survive.
Export Restrictions - Purported as 'national
the anti-export agenda of the NSA directly impedes domestic
security. It also impedes open development in civilian
cryptography, making it illegal to share work. It slows down
development through extended software review procedures, which also
provides one-on-one contact between the developers and the agency.
This in turn allows the NSA an inside look at all the source code
(something even the users are often not granted), and promotes their
ability to arrange illicit deals. What the export restrictions are
primarily aimed at doing is preventing the widespread use of strong
encryption. They don't care as much about the terrorists, who
already use it, as they do about ensuring that there is only a
manageable and traceable amount of securely encrypted traffic.
Military-Industrial-Political Influence -
Eisenhower once said that
the next real threat to the US would not come from without, but from
the military-industrial complex. The NSA and CIA have developed
their own systems of organization and control, their own sources of
income, their own armies. It is certain that they greatly influence
political decisions (such as the export regulations); it is certain
they are in a position to greatly influence events worldwide; it is
very uncertain whether they actually answer to the American people.
Thus they are a government or terrorist organization in themselves.
Propaganda and Legal/Media Influence - A favorite
tactic of the CIA,
these people spread disinformation, manipulate the media, and seek
to treat citizens as cattle. They use the legal system when it is
convenient to their purposes and abandon it likewise. A good
example in remailers is so-called "designer abuse". If the normal
pressures on the remailers is not enough, they can turn up the heat
by posting illegal material, sending SPAM, mail bombs, etc., with
impunity. Thus if they don't like the level of encrypted security,
they reduce it.
When a country engages in sabotage and attacks to insure its security,
it is not merely promoting its own security, but is waging war. Thus it
can be said that in terms of information, the US and other intelligence
agencies are at war. And their targets are not merely other
intelligence agencies and terrorist organizations, but any form of
liberty which threatens their domination. And as usual in a war, it is
civilians who pay the greatest prices.
The intelligence agencies are protecting the security of the US in the
same way they use the US legal system when convenient, and bypass it
just as readily. US security is only of interest to them because they
are living there, not because they are a legal and integrated part of
it. They are protecting their own interests and tools of power, and
they are circumventing constitutional routes to do so. They are
insuring that people cannot speak without being traced, that people
cannot receive information of which the NSA does not approve. In short,
they are attacking the US people as much as any other people. They are
reducing the security of individuals and businesses, leaving them open
to widespread attack through weakened encryption, through software and
hardware which only gives the illusion of being secure. Their real goal
is to ensure that they maintain covert control of systems and people -
power. And it appears they will stop at nothing to achieve these goals.
When eavesdropping became insufficient, they turned to sabotage. They
are using US foreign policy as a puppet, pretending to promote its
interests, while in fact undermining the liberty of people everywhere in
They speak of terrorism as the great threat warranting this behavior,
yet they have proven themselves to be the greatest terrorists. What has
been stolen and destroyed because of their sabotaged software? What
progress and liberty has been lost, and will be lost, because of their
Dear fellows at the NSA, the CIA, the White House, if you think you
promoting liberty and freedom through dishonesty, deceit, and
manipulation, you are yourselves sadly deceived.
Obviously designing stronger encryption algorithms and communication
protocols is only a limited solution to a much larger problem. The
mathematicians at the NSA plod along without realizing how their tools
are being applied. Likewise civilians plod along without realizing how
ineffective encryption is when it is undermined by insecure hardware,
software, and connectivity. I worked for years on remailer software,
and while I suspected sabotage at times, it took a long time for the
pattern to become definitively clear. I am just as upset by the time
wasted tracking problems which were deliberately induced as I am by the
breach of security.
In short, there is no simple solution or algorithm fix to this puzzle.
Only a continuing vigilance against this kind of sabotage, and a better
realization of the true depth of the problem will bring about a more
genuinely open and secure environment.
It is somewhat paradoxical that encryption, which hides information,
so pivotal to promoting its open sharing and availability.
Eisenhower's Farewell Warning, January 17, 1961:
In the councils of government, we must guard against
of unwarranted influence, whether sought or unsought, by the
military-industrial complex. The potential for the disastrous rise
of misplaced power exists and will persist.
We must never let the weight of this combination
liberties or democratic processes. We should take nothing for
granted. Only an alert and knowledgeable citizenry can compel the
proper meshing of the huge industrial and military machinery of
defense with our peaceful methods and goals, so that security and
liberty may prosper together.
Eisenhower's Farewell Address at