Tag: cryptography

The Habsburg Google

It is often portrayed as an innovation of Google, to use convenient services — starting with the provision of free email — as a honeypot to attract masses of otherwise indifferent citizens to make their private information and correspondence available for lucrative snooping provision of services. But according to Adam Zamoyski’s history of counterrevolution in Europe between the revolutions of 1789 and 1848, the Austrian empire got there first. (The parallels to trends in the modern world are so numerous and extensive that the author coyly disclaims any effort to mark them out, starting from the overarching inclination of governments frightened by revolutionary terror to snoop on everything, and invent fantastic conspiracies — often instigating the plots themselves — to justify their spiralling tyranny, to small things, like an obsession with ciphers and politicised reinvention of archaic religious movements.)

The perennial Austrian foreign minister Count Metternich was obsessed with the need to keep an eye on the revolutionary conspiracies crisscrossing the continent, but had direct access only to letters passing through the Austrian postal service.

To ensure that as much European mail as possible continued to pass through Austrian domains, Metternich saw to it that the Habsburg postal service was cheaper and faster than the alternatives.

The force of “overwhelming”

The New Republic has published a film review by Yishai Schwartz under the portentous title “The Edward Snowden Documentary Accidentally Exposes His Lies”. While I generally support — and indeed, am grateful — for what Snowden has done, I am also sensitive to the problems of democratic governance raised by depending on individuals to decide that conscience commands them to break the law. We are certainly treading on procedural thin ice, and our only recourse, despite the commendable wish of Snowden himself, as well as Greenwald, to push personalities into the background, is to think carefully about the motives — and the honesty — of the man who carried out the spying. So in principle I was very interested in what Schwartz has to say.

Right up front Schwartz states what he considers to be the central dishonesty of Snowden’s case:

Throughout this film, as he does elsewhere, Snowden couches his policy disagreements in grandiose terms of democratic theory. But Snowden clearly doesn’t actually give a damn for democratic norms. Transparency and the need for public debate are his battle-cry. But early in the film, he explains that his decision to begin leaking was motivated by his opposition to drone strikes. Snowden is welcome to his opinion on drone strikes, but the program has been the subject of extensive and fierce public debate. This is a debate that, thus far, Snowden’s and his allies have lost. The president’s current drone strikes enjoy overwhelming public support.

“Democratic theory” is a bit ambivalent about where the rights of democratic majorities to annihilate the rights — and, indeed, the lives — of individuals, but the reference to “overwhelming” public support is supposed to bridge that gap. So how overwhelming is that support? Commendably, Schwartz includes a link to his source, a Gallup poll that finds 65% of Americans surveyed support “airstrikes in other countries against suspected terrorists”. Now, just stopping right there for a minute, in my home state of California, 65% support isn’t even enough to pass a local bond measure. So it’s not clear that it should be seen as enough to trump all other arguments about democratic legitimacy.

Furthermore, if you read down to the next line, you find that when the targets to be exterminated are referred to as “US citizens living abroad who are suspected terrorists” the support falls to 42%. Not so overwhelming. (Support falls even further when the airstrikes are to occur “in the US”, but since that hasn’t happened, and would conspicuously arouse public debate if it did, it’s probably not all that relevant.) Not to mention that Snowden almost surely did not mean that he was just striking out at random to undermine a government whose drone policies he disapproves of; but rather, that democratic support for policies of targeted killing might be different if the public were aware of the implications of ongoing practices of mass surveillance. Continue reading “The force of “overwhelming””

A very special relationship

Anyone interested in the technical details of US and British internal signals espionage, as practiced by NSA and GCHQ in the second half of the 20th century and beyond, should read James Bamford’s The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America. Some of the details are fascinating, many are disturbing, and some are just unimaginably bizarre. Like the fawning letter sent by Sir Leonard Hooper, director of GCHQ in the late 1960s, to his NSA counterpart Marshall “Pat” Carter, in which he suggested (perhaps tongue in cheek) he might like to name GCHQ’s two giant radio dishes after Carter and his deputy. After effusive thanks for the NSA’s support, and Carter’s personally, he goes on:

Between us, we have ensured that the blankets and sheets are more tightly tucked around the bed in which our two sets of people lie and, like you, I like it that way.

I’ve read this over multiple times, and I don’t think I can decipher it. Are the blankets and sheets wrapped around the two sets of people separately, or are they bound in a transatlantic conjugal embrace? Are the intelligence agencies the Mommy and Daddy, tucking us in for the night while they protect us from the bogeys (from whom they derive much of their power, while themselves knowing that they are mere figments). This talk of wrapping sheets “tightly” around two sets of people who passively “lie” makes me think of winding sheets wrapped around corpses.

And then, there’s the closing: “like you, I like it that way”. Is he still speaking metaphorically here? Was he ever? Or is he proposing or recalling a secret tryst? Is that the sort of pillow talk that deeply closeted military types engaged in half a century ago?

Hackers will be hackers

Guardian reporter Luke Harding has published some background material on the reporting for his new book The Snowden Files. Apparently someone in the security services decided to play with his mind while he was reporting on them. Not only did he and other reporters have laptops stolen (including from a locked hotel safe), not only did both the Guardian offices in London and in Washington, as well as the New York home of their US editor in chief suddenly have sections of pavement being dug up and replaced, but when Harding was texting his wife from Rio de Janeiro

“The CIA sent someone to check me out. Their techniques as clumsy as Russians.” She replied: “Really? WTF?” I added: “God knows where they learn their spycraft.” This exchange may have irritated someone. My iPhone flashed and toggled wildly between two screens; the keyboard froze; I couldn’t type.

And then, while writing the book at home in Hertfordshire,

I was writing a chapter on the NSA’s close, and largely hidden, relationship with Silicon Valley. I wrote that Snowden’s revelations had damaged US tech companies and their bottom line. Something odd happened. The paragraph I had just written began to self-delete. The cursor moved rapidly from the left, gobbling text. I watched my words vanish. When I tried to close my OpenOffice file the keyboard began flashing and bleeping.

Over the next few weeks these incidents of remote deletion happened several times. There was no fixed pattern but it tended to occur when I wrote disparagingly of the NSA.

Now, this isn’t the worst abuse of human rights in recorded history. It’s just a prank. But exactly for that reason, it underscores a point I made back at the beginning of l’affaire Snowden: Fear of the techniques the NSA and its confederates have been developing, and in the data they gather, depends not on their being villains with nefarious intentions. It depends on their being careless mortals who have no idea what use their techniques and their data will be put to.

I doubt that there was any senior official who thought that tipping off a Guardian reporter to their real-time computer manipulation capabilities would be a brilliant idea. My guess is, some bored hacker assigned to monitor Harding’s computer got cocky, and decided to show off his electronic muscles. (It’s pretty intimidating, though. Presumably it would be child’s play for them to remotely plant child pornography on the hard drive of someone they’re eager to shut down. At least in the old days, the spies needed to break into your home to plant drugs.)

GCHQ and the NSA can’t exist without hiring hackers, but getting hackers to work on your security problems is like the old lady who swallowed the spider to catch the fly. (She’s dead, of course.) I like hackers, by and large. But I like them as scrappy underdogs. The combination of arrogant macho hacker culture with essentially unlimited resources and military organisation is, to put it bluntly, terrifying. And if the leaders of our security services think they can keep the hackers under control, they’re delusional.

Spying on allies

Reading about President Obama’s speech on the significant but minimal changes he is planning to make to US intelligence gathering in the wake of (but in no way as a consequence of, it goes without saying) the Snowden revelations, I found myself wondering: How much shit are US allies expected to take? I don’t mean their leaders (who have been promised a personal exemption from espionage). I mean the average people, who have put legal regimes in place that prevent their own governments from spying on them. Why should they be more accepting of spying by the US?

And it’s not as though there’s nothing they can do about it. The solution would be to limit the role of American companies in the European market, particular with regard to sales of computer technology and collecting private information. As well as monitoring US embassies and diplomats more closely for engagement in illegal espionage. The US is assuming they won’t dare, because of the economic power of the US, the goverments’ reliance on US military and diplomatic power. That’s probably true, in the short term, but it’s clearly going to be an expensive, ongoing drain on US influence.

And then there’s the recent full court press by US legislators on the various intelligence committees to assert that Edward Snowden is a foreign agent — a pretty egregious assertion to be making publicly, since it would potentially make him liable to the death penalty. For example, here’s Michael McCaul, chairman of the House committee on homeland security:

Hey, listen, I don’t think … Mr Snowden woke up one day and had the wherewithal to do this all by himself. I think he was helped by others. Again, I can’t give a definitive statement on that … but I’ve been given all the evidence, I know Mike Rogers has access to, you know, that I’ve seen that I don’t think he was acting alone.

What’s most interesting is that, for all the bluster about “evidence”, it sounds like the claim he’s making is, the NSA couldn’t possibly be so incompetent that some random guy could just come in and walk off with their complete files. Since Snowden is obviously not a master criminal, it can only be that he was being steered by brilliant, nefarious foreign intelligence services.

It’s not hard to guess who put the idea in his head that the NSA couldn’t possibly be so incompetent…

Crypto-fascism?

The word “crypto-fascist” is one of those old-left words whose day has past. In its old meaning — a right-wing authoritarian (fascist) who conceals his true views (crypto, presumably on the uncomfortable model of crypto-Catholics) — has no currency. I propose, then, that this evocative collection of phonemes be repurposed for current circumstances, to mean

Cryptological fascism. The creeping co-optation of democratic states by the cryptographer class; the authoritarian impulse arising from the déformation professionelle of professional cryptographers.

I think that after the Cameron government decided to retaliate against the family of journalist Glenn Greenwald, either for his insolence in daring to embarrass GCHQ, or at the behest of the US for embarrassing their real masters in the NSA, there can be no question that the “someday” when government surveillance and secrecy might undermine democracy is now. Secrets inevitably corrupt human relations,. The vast industry devoted to secrets has created a society within our society that cannot but hold the rest of us in contempt, even as they claim — and probably even believe — that everything they do is for our good.  That is crypto-fascism. The impulse hasn’t changed, but the power balance has been shifted massively by new technologies.

A recent blog post by economist John Quiggin reminded me of an important perspective that is easily missed, when we talk of “the US government” or “the UK government” as though they were unitary entities. He writes

It’s hard to see what kind of power can protect the security apparatus now that it is operating, to some extent in the harsh light of day. In the Snowden matter alone, the security state has trashed relations with Russia, China, and most of Latin America, as well as gravely embarrassing its UK and EU client agencies, and yet they are further than ever from getting their man… At some point, surely this must become a political liability too costly to carry.

Much of the seemingly insane thrashing of the UK and US security apparatus is surely directed internally as much as externally. They are making their legal case and their utilitarian case to the parliamentarians, for sure, most of it behind closed doors, but they are also making their we’re-crazy-as-fuck-don’t-mess-with-us play, much of which by its nature must happen in public. (Because the foolishness wastefulness of the public display is what makes the crazy convincing. It’s the handicap principle, with clandestine agencies in the role of stotting gazelles.)

And that’s exactly the argument that I made before, the danger that Obama — convinced of his own rectitude — cannot even acknowledge: The main danger of this universal surveillance is not the way it will be used to target private citizens, though that is terrible enough (and it has already begun, in the case of David Miranda). It is the way it will be used to wage power struggles within democratic government, using private information against political opponents. The question is not if it will happen, but only when.

What happens if you forget the key?

Courts in the US and the UK have recently been ruling that criminal suspects may be forced to reveal cryptographic keys that encode files that may include incriminating evidence. US courts have been divided on whether this infringes upon the otherwise absolute right to avoid self-incrimination. I’ve never taken that argument very seriously — it’s certainly not in the spirit of the right to refuse to assist in prosecuting oneself to allow people to hide documentary evidence of a crime, just because the revelation would be “speech”.  But while people may be compelled to testify in court, and in some democracies may be required to assist police by correctly identifying themselves, it’s not usual for people to be compelled by law to reveal particular information, particularly when they may not know it. While perjury charges may be brought against those who testify falsely, the inevitable unreliability of memory makes perjury convictions difficult, and I thought impossible when the subject simply pleads ignorance rather than testifying to a falsehood.

In fact, the strongest argument for a right not to reveal a password is that it’s not the hidden data that are protected by the right against self-incrimination, but rather the admission that you know the password, hence are at least in some way in control of and responsible for them, that cannot be compelled. According to the Regulation of Investigatory Powers Act 2000 (that was apparently a banner year for civil liberties in the UK), “failing to disclose an encryption key” is an offence in itself. In 2009 a man was jailed for 13 months for refusing on principle to provide encryption keys to the authorities, despite the fact that he was not suspected of any crime other than not cooperating with the police.

I have encrypted volumes on my laptop hard drive — with old exam papers — whose passwords I’ve forgotten. I probably should delete them, but I haven’t gotten around to it, and maybe I’ll remember one of these days. Even if I did delete them, they’d still be there on my hard drive unless I took exceptional measures. So if customs officials ever took an interest in my laptop while I was entering the UK, I could end up in prison for up to two years. The only thing I could do to protect myself is either to destroy the hard drive, or have it erased, which is itself suspicious.

Unlike most other criminal offences, the offence of withholding a cryptographic key is impossible to prove, but also impossible to disprove. It is even impossible for anyone but the accused even to know whether or not there has been any offence. And if there has been no criminal offence — if the accused does not, in fact, know the key — there is no way to prove that. It is the democratic state’s version of the plight of the man being tortured for information that he does not have, so that he has nothing to offer to end the suffering.

Along these lines, I was wondering about the current state of the right to silence in British law, and there came a revelation in the form of the British authorities (oddly, the news reports are all vague about which authorities it was; presumably the UK Border Agency, but maybe agents from a secret GCHQ data-mining task force) detaining the partner of journalist Glenn Greenwald under schedule 7 of the Terrorism Act 2000. According to the Guardian,

Those stopped under schedule 7 have no automatic right to legal advice and it is a criminal offence to refuse to co-operate with questioning,

This is pretty frightening, particularly when these laws are being so blatantly abused to settle political grudges.

Leaker irony

The Guardian comments, with just a trace of snark

A senior Obama administration official who would not provide his or her name told reporters late on Sunday that Snowden’s presumed travel plan undermined the whistleblower’s stated intent to tell the American people about broad government surveillance.

“Mr Snowden’s claim that he is focused on supporting transparency, freedom of the press and protection of individual rights and democracy is belied by the protectors he has potentially chosen: China, Russia, Cuba, Venezuela and Ecuador,” said the official, who did not note that the US was simultaneously attempting to secure the cooperation of China and Russia.

In this new brave new world of cooperation among the US, China, and Russia on criminalising dissidents who reveal government secrets, I look forward with schadenfreude to the next time a Chinese intellectual flees to the US embassy, or seeks refuge in the US from supposed persecution. Now that the US state department has pronounced the sanctity of arrest warrants, I expect to see the US respond favourably to those issued by the Chinese Communist Party or the Kremlin.

PRISM and leaks

Plenty of people commenting on the revelations of secret US government acquisition of vast quantities of personal data on telephone calls and other communications (my comments here and here) suggest that this is all overblown, even paranoid. William Saletan wrote about the telephone surveillance

Chill. You can quarrel with this program, but it isn’t Orwellian. It’s limited, and it’s controlled by checks and balances.

David Simon compares it to wiretapping payphones and calls The Guardian’s reporting “the heights of self-congratulatory hyperbole”.

So here’s just one example of how far-reaching the negative impact of this sort of surveillance could be — even if it is never misused. There has been much discussion of the Obama administration’s stepped up attacks on leakers, and on the journalists who publish leaks. Imagine you are a government employee in possession of significant evidence of official crimes or corruption. You would like to turn it over to a journalist, but you also know that once you do, the government will be able to trawl through all of the journalist’s email and telephone calls — not just prospectively, but going back years into the past, and find all contacts and contacts of his contacts. They will have plenty of private and embarrassing information that they can use to pressure you or the journalist, or his boss.

Now that the leaker has revealed himself, Farhad Manjoo put the case against the NSA’s power-grab succinctly: The very fact that such an unexceptional 29-year-old was able to gain access to so much information by itself disproves their claim that “you can trust us to do the right thing with your data”. The question you need to ask yourself is not, do I trust the president with this surveillance capacity? The question is, do I trust the most frustrated (or bored) FBI agent or NSA contractor with a top security clearance with this capacity.

Julian Assange’s password

One of the weirdest facts in the fascinating book on underground cryptography and the anti-secrecy movement represented by Wikileaks — beyond the general fundamental link, which I’d never quite put together before, between cryptography (keeping secrets) and whistleblowing (revealing secrets) — was the comment that Guardian journalist David Leigh had published Julian Assange’s password — ACollectionOfDiplomaticHistorySince_1966_ToThe_PresentDay# — to the unredacted US State Department cables. Master of Secrets Assange gives out his own password to a journalist — rather than giving the Guardian a version encoded with a throwaway password — and then expresses shock and dismay when it ends up in print. Did he also give Leigh the PIN code for his bank card, but ask him only to use it to check the balance?