The following is a post i captured from Alt.Privacy.Anon-Server
The author is RProcess, Anonymity Guru & Programmer
The sentiments below should be those of 'every' freedom lover
     Sunny
 

The Big Little Lock

Subject: On Misplaced Power
From: RProcess
Date: 27 Sep 1999

I would like to thank everyone who provided feedback on the Selective
DoS Attacks discussion.
http://www.skuz.net/potatoware/PSKB-035.html
The following is a somewhat more trivial discussion spawned from it.

After spending a lot of time trying to resolve the reliability problems
in anonymous remailers, and having little discernable effect on the
problem, I came to the conclusion that remailer messages are being
deliberately deleted as part of a selective DoS attack.

This naturally leaves the question of how to fix the problem.  I would
like to break in with a little trivia on the subject, and why "adding
more bits" may have little effect.
 

Contents:

THE BIG LITTLE LOCK
    BREAKING THE LOCK
    NATIONAL SECURITY
    SOLUTIONS
 
 
 

THE BIG LITTLE LOCK

Modern encryption is an interesting tool.  It is a tiny lock which can
be produced from cheap materials; it can be obtained and applied easily
by most individuals.

But this same lock, when faced from the other side, is a very big lock,
requiring very substantial resources and time to break, if it can be
broken at all.  In a few seconds a small PC can produce a coded message
which presumably takes a supercomputer many billions of years to break.

Thus is the individual empowered by encryption, and thus are governments
challenged through its use.  As information increasingly becomes the
basis of change, affecting the flow of information becomes power.
Encryption can be used to both withhold information, and to insure its
untampered delivery.
 
 

BREAKING THE LOCK

Some time ago I introduced a friend of mine (who had just recently begun
using computers in earnest) to the concept of public key cryptography,
and I showed him how PGP works.  The next day my friend came to me and
said he had broken PGP.  I allowed him to explain, and he said it's
simple, "just scan for PGP messages and delete them".

Little did I know he had stumbled upon the very same solution as the
NSA.
 

The NSA, CIA, and other intelligence-gathering organizations are
genuinely threatened by encryption.  It can be argued that with their
massive computing resources they can break some of it.  But they cannot
do so cheaply, and they cannot do so on a wide scale.  If everyone used
encrypted communication, the eavesdroppers would quickly become
backlogged trying to decrypt it in real time.  By the time they found
the message they were looking for, they'd be very dead of old age.

So imagine a meeting where they get together to discuss this problem.  I
think they came to much the same solution as my friend.  They need to
eliminate or reduce the ability of people to use encryption securely.
This explains their horror when Phil Zimmerman wrote PGP, and their
prolonged legal attack against him.

It is folly to think of the NSA and their ilk as mere code breakers and
eavesdroppers.  That is a very passive personification of organizations
who are very active saboteurs, manipulators, and killers.  Consider some
of their approaches to the problem of encryption.  It reveals their
desperation and how serious they consider the problem.

    Sabotaged Software - Again and again we find that these people are
    covertly sabotaging the security of software, both within their own
    countries and overseas.  A lot of the people who spend some time at
    the NSA move into the private sector writing crypto code for
    Microsoft, Netscape, etc.  This means the NSA maintains these links
    to industry.

    Sabotaged OS - Is it an accident that Windows is so full of security
    holes?  Are these programmers really this incompetent, or is this
    being done deliberately and under influence?  Consider the NSA key
    in Windows - a good speculative example.  The presence of the second
    key and the ability to change it renders the CrytpoAPI very
    insecure, regardless of who owns the key.  This aspect of the OS is
    effectively crippled.

    Sabotaged Hardware - The broken encryption in cell phones is a good
    example.  The Processor Serial Number (PSN) quietly introduced by
    Intel in some PII's and Celeron chips, and overtly introduced in the
    PIII, is probably another example of the influence of these
    organizations and their connection to industry.  If you question the
    security threat of the PIII, China doesn't.  It has prohibited the
    connection of PIII's to the internet.
    http://www.bigbrotherinside.com/#help

    Sabotaged Connectivity - I am convinced that the lost mail everyone
    is familiar with when using anonymous remailers involves widespread
    sabotage of the network connections between the remailers.  Messages
    are deleted at will.  This means that only the very determined can
    use them at all, and they are crippled to an extent where widespread
    and highly secure use is unlikely.  In more general terms, if
    internet systems fail they create financial losses and are abandoned
    for other systems.  By sabotaging connectivity and reliability these
    organizations influence what services survive.

    Export Restrictions - Purported as 'national security requirements',
    the anti-export agenda of the NSA directly impedes domestic
    security.  It also impedes open development in civilian
    cryptography, making it illegal to share work.  It slows down
    development through extended software review procedures, which also
    provides one-on-one contact between the developers and the agency.
    This in turn allows the NSA an inside look at all the source code
    (something even the users are often not granted), and promotes their
    ability to arrange illicit deals.  What the export restrictions are
    primarily aimed at doing is preventing the widespread use of strong
    encryption.  They don't care as much about the terrorists, who
    already use it, as they do about ensuring that there is only a
    manageable and traceable amount of securely encrypted traffic.

    Military-Industrial-Political Influence - Eisenhower once said that
    the next real threat to the US would not come from without, but from
    the military-industrial complex.  The NSA and CIA have developed
    their own systems of organization and control, their own sources of
    income, their own armies.  It is certain that they greatly influence
    political decisions (such as the export regulations); it is certain
    they are in a position to greatly influence events worldwide; it is
    very uncertain whether they actually answer to the American people.
    Thus they are a government or terrorist organization in themselves.

    Propaganda and Legal/Media Influence - A favorite tactic of the CIA,
    these people spread disinformation, manipulate the media, and seek
    to treat citizens as cattle.  They use the legal system when it is
    convenient to their purposes and abandon it likewise.  A good
    example in remailers is so-called "designer abuse".  If the normal
    pressures on the remailers is not enough, they can turn up the heat
    by posting illegal material, sending SPAM, mail bombs, etc., with
    impunity.  Thus if they don't like the level of encrypted security,
    they reduce it.
 
 

NATIONAL SECURITY

When a country engages in sabotage and attacks to insure its security,
it is not merely promoting its own security, but is waging war.  Thus it
can be said that in terms of information, the US and other intelligence
agencies are at war.  And their targets are not merely other
intelligence agencies and terrorist organizations, but any form of
liberty which threatens their domination.  And as usual in a war, it is
civilians who pay the greatest prices.

The intelligence agencies are protecting the security of the US in the
same way they use the US legal system when convenient, and bypass it
just as readily.  US security is only of interest to them because they
are living there, not because they are a legal and integrated part of
it.  They are protecting their own interests and tools of power, and
they are circumventing constitutional routes to do so.  They are
insuring that people cannot speak without being traced, that people
cannot receive information of which the NSA does not approve.  In short,
they are attacking the US people as much as any other people.  They are
reducing the security of individuals and businesses, leaving them open
to widespread attack through weakened encryption, through software and
hardware which only gives the illusion of being secure.  Their real goal
is to ensure that they maintain covert control of systems and people -
power.  And it appears they will stop at nothing to achieve these goals.
When eavesdropping became insufficient, they turned to sabotage.  They
are using US foreign policy as a puppet, pretending to promote its
interests, while in fact undermining the liberty of people everywhere in
the world.

They speak of terrorism as the great threat warranting this behavior,
yet they have proven themselves to be the greatest terrorists.  What has
been stolen and destroyed because of their sabotaged software?  What
progress and liberty has been lost, and will be lost, because of their
totalitarian control?

Dear fellows at the NSA, the CIA, the White House, if you think you are
promoting liberty and freedom through dishonesty, deceit, and
manipulation, you are yourselves sadly deceived.
 
 

SOLUTIONS

Obviously designing stronger encryption algorithms and communication
protocols is only a limited solution to a much larger problem.  The
mathematicians at the NSA plod along without realizing how their tools
are being applied.  Likewise civilians plod along without realizing how
ineffective encryption is when it is undermined by insecure hardware,
software, and connectivity.  I worked for years on remailer software,
and while I suspected sabotage at times, it took a long time for the
pattern to become definitively clear.  I am just as upset by the time
wasted tracking problems which were deliberately induced as I am by the
breach of security.

In short, there is no simple solution or algorithm fix to this puzzle.
Only a continuing vigilance against this kind of sabotage, and a better
realization of the true depth of the problem will bring about a more
genuinely open and secure environment.

It is somewhat paradoxical that encryption, which hides information, is
so pivotal to promoting its open sharing and availability.
 
 
 

Eisenhower's Farewell Warning, January 17, 1961:

    In the councils of government, we must guard against the acquisition
    of unwarranted influence, whether sought or unsought, by the
    military-industrial complex. The potential for the disastrous rise
    of misplaced power exists and will persist.

    We must never let the weight of this combination endanger our
    liberties or democratic processes. We should take nothing for
    granted. Only an alert and knowledgeable citizenry can compel the
    proper meshing of the huge industrial and military machinery of
    defense with our peaceful methods and goals, so that security and
    liberty may prosper together.

Eisenhower's Farewell Address at
http://www.geocities.com/~newgeneration/ikefw.htm
 
 

1999
HOME