Comments:"Schneier on Security: More on the NSA Commandeering the Internet"
URL:http://www.schneier.com/blog/archives/2013/08/more_on_the_nsa.html
A blog covering security and security technology.
« How Many Leakers Came Before Snowden? |Main
August 30, 2013
More on the NSA Commandeering the Internet
If there's any confirmation that the U.S. government has commandeered the Internet for worldwide surveillance, it is what happened with Lavabit earlier this month.
Lavabit is -- well, was -- an e-mail service that offered more privacy than the typical large-Internet-corporation services that most of us use. It was a small company, owned and operated by Ladar Levison, and it was popular among the tech-savvy. NSA whistleblower Edward Snowden among its half-million users.
Last month, Levison reportedly received an order -- probably a National Security Letter -- to allow the NSA to eavesdrop on everyone's e-mail accounts on Lavabit. Rather than "become complicit in crimes against the American people," he turned the service off. Note that we don't know for sure that he received a NSL -- that's the order authorized by the Patriot Act that doesn't require a judge's signature and prohibits the recipient from talking about it -- or what it covered, but Levison has said that he had complied with requests for individual e-mail access in the past, but this was very different.
So far, we just have an extreme moral act in the face of government pressure. It's what happened next that is the most chilling. The government threatened him with arrest, arguing that shutting down this e-mail service was a violation of the order.
There it is. If you run a business, and the FBI or NSA want to turn it into a mass surveillance tool, they believe they can do so, solely on their own initiative. They can force you to modify your system. They can do it all in secret and then force your business to keep that secret. Once they do that, you no longer control that part of your business. You can't shut it down. You can't terminate part of your service. In a very real sense, it is not your business anymore. It is an arm of the vast U.S. surveillance apparatus, and if your interest conflicts with theirs then they win. Your business has been commandeered.
For most Internet companies, this isn't a problem. They are already engaging in massive surveillance of their customers and users -- collecting and using this data is the primary business model of the Internet -- so it's easy to comply with government demands and give the NSA complete access to everything. This is what we learned from Edward Snowden. Through programs like PRISM, BLARNEY and OAKSTAR, the NSA obtained bulk access to services like Gmail and Facebook, and to Internet backbone connections throughout the US and the rest of the world. But if it were a problem for those companies, presumably the government would not allow them to shut down.
To be fair, we don't know if the government can actually convict someone of closing a business. It might just be part of their coercion tactics. Intimidation, and retaliation, is part of how the NSA does business.
Former Qwest CEO Joseph Nacchio has a story of what happens to a large company that refuses to cooperate. In February 2001 -- before the 9/11 terrorist attacks -- the NSA approached the four major US telecoms and asked for their cooperation in a secret data collection program, the one we now know to be the bulk metadata collection program exposed by Edward Snowden. Qwest was the only telecom to refuse, leaving the NSA with a hole in its spying efforts. The NSA retaliated by canceling a series of big government contracts with Qwest. The company has since been purchased by CenturyLink, which we presume is more cooperative with NSA demands.
That was before the Patriot Act and National Security Letters. Now, presumably, Nacchio would just comply. Protection rackets are easier when you have the law backing you up.
As the Snowden whistleblowing documents continue to be made public, we're getting further glimpses into the surveillance state that has been secretly growing around us. The collusion of corporate and government surveillance interests is a big part of this, but so is the government's resorting to intimidation. Every Lavabit-like service that shuts down -- and there have been several -- gives us consumers less choice, and pushes us into the large services that cooperate with the NSA. It's past time we demanded that Congress repeal National Security Letters, give us privacy rights in this new information age, and force meaningful oversight on this rogue agency.
This essay previously appeared in USA Today.
Tags: essays, FBI, internet, National Security Letters, national security policy, NSA, PATRIOT Act, privacy, surveillance, whistleblowers
Posted on August 30, 2013 at 6:12 AM • 31 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Time to change the ssh protocol so that the clear-text password is not more given to the Daemon sshd.
For this, it is not necessary need to change passwords, or salting mechanism of /etc/shadow (unlike the patch Secure Remote Password (SRP) for openssh):
the bcrypt call should be done by the client ssh, not by the server sshd.
(now, sshd has clear-text access on your password as you typed it; it even know if and how you mis-spelled it).
Presumably, if forced to keep the business running, there are alternatives such as charging a ridiculous service fee, selling the business to your new company in NZ, or having your security fall over and get hacked.
Does anyone have a scheme outlined for multi-jurisctional distributed service, such that complying with an NSL-type request in one jurisdiction gracefully removes itself from that jurisdiction just by turning on surveillance? Is there a cute name for such behavior?
What I find far more disturbing is the disappearance of Groklaw - a weblog that started with the SCO-Linux lawsuits and moved on to other checks on corporate/legal behavior. Groklaw has shut down, with essentially the same citation as LavaBit and the other, name forgotten, secure email service.
I find it more disturbing because it implies a tit-for-tat between government and big business - You let us peek, and we'll protect you from corporate whistleblowers. I'm not saying shutting down LavaBit was right - it wasn't, but at some level it could be taken (or mistaken) as national-security related. Nothing of the sort can be said for Groklaw - it's pure and simple corporate protection - or corruption.
I was wondering if you could structure a company like Lavabit in such a way that all customers receive an ownership share in the company and write the bylaws of the company so that all owner-clients have the right to know about any national security letters received. Not a corporation but more like some type of cooperative.
And we know that Joseph Nacchio is currently in prison on "insider-trading" charges, a conviction that is in no way connected with his refusing to cooperate with the NSA without a court order. The timing is not suspicious.
Merely coincidence.
sshdoor:
Your complaint about OpenSSH is off topic, but ... an "evil" sshd daemon is equivalent to an "evil" server. Anyone with administrative and/or physical control of the server has access to unencrypted data on it, with or without your password.
Passwords are passé. Don't use them. Use a different authentication method, such as PKA, and that with passphrases. Pay attention to the server's public key fingerprint at first authentication, and use strict host key checking.
Pred14 - I'm not sure I put much stock in PJ shutting down Groklaw. I remember she tried to shutdown the site after it looked like the whole SCO issue was mostly done a few years ago. I don't doubt her conviction and desire to work with the open source community to help in any way she can, but I get the feeling she was looking for a way to exit gracefully before this whole NSA thing blew up.
Bruce - We don't know why they were threatening the owner of of Lavabit with arrest. It may be simply because he dared to mention that he couldn't talk about the reason. Of course, I don't doubt that the NSA was upset by him shutting down the service. I do doubt that anyone would argue that he was required to maintain the service as part of the order he received. If the government wanted to service to remain up, they could have just confiscated it; and maybe they will do that in the future.
@Quantum Mechanic
@michael
The surveillance regime is organized around centralized repositories of data on multiple users. There would be too much time and expense and liability for the government to issue warrants to all individual internet users, if those users hosted their own email in their own residences. The solution to this particular surveillance problem is not in some more innovative service, but it opting out of commercial services, to the greatest extent possible.
The same basic principle applies to airport screening. If every traveler got a pat-down, the lines would last many more hours. People don't have more hours, otherwise they would drive. So people opt for the pornoscanners. If every traveler rejected the pornoscanners, it would create the sort of havoc that would really make government officials rethink their policies. Consumers would be hurt, airlines would be hurt, tourism would be hurt. The system would be non-functional, the policies blatantly untenable.
Unfortunately, for webmail and FaceBook as for air travel, Americans don't want to change their behavior. In the absence of political will, individual will is required.
We can shut down the two-party system the same way: just stop voting for democrats and republicans. Many people are afraid of this option, since it might allow "the other side" a numerical advantage at the polls. Beyond the fact that "both sides" are complicit in all this, there is an equally fundamental problem with this logic: while most Americans think "polarization" is a problem in American politics, the default solution that most Americans would offer is.... more polarization. Americans still think "their side" needs to win. There is another problem with this logic: given how close our elections have become, many of them might as well be settled by chance. The outcome of such an election says nothing about voter preference. Voting for democrats and republicans clearly isn't the answer. Unfortunately, most people don't want to change their behavior.
@michael
I wonder if it would be possible to use the BitCoin infrastructure to manage holdings in such entities?
In other words, certain business decisions are taken by voting, and voting rights are implemented as bitcoin-based "smart property".
That way, voting rights can be bought and sold, with ownership validated in a decentralised manner.
It might also be possible for voting to be implemented using some cryptographic mechanism too, so the entire scheme does not require a trust chain.
Yes. Though I don't think it matters much which part of The Complex is more to blame in any particular case. The point is that The Complex exists, and is too damn strong.
If you run a business, and the FBI or NSA want to turn it into a mass surveillance tool, they believe they can do so, solely on their own initiative. They can ...Taking a very distant, eagle's-eye view, the problem is that society has decided that economic rights like Levinson's right to run his business are not worthy of protection. Thus the US doesn't have to explain why its powers extend to doing whateverthehell it feels like to his business. Thus the only way to survive is to join The Complex.
And The Complex is too damn strong.
Good luck with getting the Congress to smack down the NSA. The NSA has access to their banking records. The NSA truly knows where the bodies are buried. Any Congressman who speaks out about the NSA needs to have a squeaky-clean fundraising record, and none of those 'black' line items leading back to him. It's a pile of interconnected spaghetti that no one can attack, because there's always *something* in their background that can cause embarrassment or impeachment. The Congress is no more immune to this sort of coercion than Ledar Levison was. He was probably *more* immune, as he had an independent firm, and hadn't signed any contracts of secrecy.
It's a very scary time in America. We already know that the government is willing to use tear gas against those who protest legitimate issues with corporations. Who knows what ends they might go to if we start questioning the government itself?
"Every Lavabit-like service that shuts down -- and there have been several -- gives us consumers less choice, and pushes us into the large services that cooperate with the NSA."
But new ones also spring up (albeit outside the US) to fill the niche. One such startup, Mailpile, is aimed at making centralised email servers redundant and giving users control over their own email: http://www.indiegogo.com/projects/...
Has www.schneier.com been Commandeered yet?
Lot's of terrorists talking of blowing up damps there.
Soon we will get Linux distributions having to release their master keys so that NSA can distribute modified binaries to all the terrorists out there - unless it is already done.
In my spare time I've been working on the code for a crowdsourced history website. The idea is to provide the necessary tools online to do high-quality historical research and make it available to everyone on the web.
Unfortunately, the issue of surveillance has reared its ugly head, and now I'm not sure whether I can ethically offer such a service. History can be very controversial, both in terms of current events (Syria, Iran, Iraq) but also going back a bit further - the Depression and Roosevelt are still currently controversial, particularly when dealing with issues like banking (Glass-Steagal) and monetary policy.
The questions get more complicated when I consider the possibility that people from other countries with less rights than we have in the US might use the service, and whether that ties in with issues like intelligence sharing agreements... I'm currently contemplating whether I should throw 3 years of spare-time work out the window.
@Greendemon
Mailpile is not an email service located outside the U.S. Mailpile will be an email server that you run on your own computer and access through a web interface. So if I run my own email server on my own machine on U.S. soil, the NSA, FBI, etc. can still send me National Security Letters demanding the contents. It's not clear whether running my own email server would fend off the surveillance.
It seems the secrecy part of NSLs could work both ways. Imagine having the courage to refuse to comply with an NSL. What can the government do? If they arrest you, then they have to be charged with something. But they can't charge you with refusing to comply with an NSL, because the NSL must remain secret.
So they have to drum up some other charge (e.g., insider trading). If enough people had the courage to say no to NSLs, that wouldn't scale well.
We should start a whitehouse.gov petition to award Nacchio the Presidential Medal of Freedom.
Is it possible we are overlooking a solution that might strike fear into the apparatus. That is to say, why not punish the transgressors of privacy be they individual(s), corporations, or government(s), with monetary penalties so "Draconian" no one individual or institution would dare any behavior that would be financially ruinous.
We first need to address the idea that the genie is out of the bottle. Our modern activities are, and have been for some time, recorded, first with paper storage repositories and now with digital storage repositories. That will not, and maybe should not change. However, we can place a monetary value on our own, individual records, that if misused, and that misuse discovered, would cost the "thief" so dearly, they could not possibly take the chance of using the information for any nefarious purpose. For illustrative purposes, let's revisit the phone hacking scandals in the UK.
If the parent company of the tabloid that hacked private phone calls to discover information later used in articles about celebrities (or other newsworthy(?) individuals), were to pay all gross profits from all subsidiaries world-wide for the calendar year in which the transgression took place, there would be no transgression; period. The value of the potential "news" would be so insignificant when compared to the potential cost, unlawful, immoral, and unethical, behavior would be stopped in its tracks.
The only way to rise up against a totalitarian regime is to make the cost of misusing information orders of magnitude greater than the benefit.
Of course, implementing this type of check and balance will be difficult at best. But, I for one, cannot see any other solution.
Freedom and Privacy are products.
The government has granted itself a monopoly over their distribution. As for every monopoly the product becomes more scarce, uniform and expensive because it becomes inconvenient for the provider to continue providing it when it can command its price without regard to its quality or quantity.
The result is rationing. Are you happy with your ration ?
In the case of freedom and privacy, it isn't even in the government's interest to keep providing it at all.
In fact, it's already what has been happening. The government had us believe we had some privacy when we had none. Thanks to Edward Snowden, we now know the product was fake.
The next logical step is for the government to grant itself the exclusive rights over the freedom of speech.
sshdoor: Performing the password hash on the client opens a massive security hole in the ssh system. Once you have stolen the list of hashed passwords from the server through some other vulnerability, you have open access to log in to any account on the system.
The current method of performing the password hash on the server means that the client has to prove it has knowledge that even the server does not have, in order to log in, which is much safer.
If we can't trust both the server and client software, then all bets are off anyway. Revealing the password to the server software would only be an issue if you are re-using the same password on another system, and you wouldn't do that, would you?
Joseph Nacchio was convicted of insider trading because he didn't reveal publicly that profits wouldn't be as high as expected.
The reason for missing profit goals was that the NSA was canceling contracts in retaliation.
But, per NSA secrecy regulations, Nacchio wasn't allowed to talk about that!
Now he is in prison.
(The above argument is not waterproof. It can't be, given that secrecy rules are covering up so much of the truth. But it seems to describe the situation as far as I can piece it together.)
"The whole concept of the journeyman artist has disappeared. You are not allowed to go on a journey. There is no journey. You're either extraordinarily brilliant or you're dead." George Wolfe, NYPT
Marketing angle? Zmail for zombies.
@Byron:
> The only way to rise up against a totalitarian regime is to
> make the cost of misusing information orders of magnitude
> greater than the benefit.
At what price would you set this misuse so that a government, whose ability to print money at will and to tax its citizens is unlimited, can't 'turn a profit'? How would you enforce this price on a government that can seize operating services without recourse for the owner?
As it stands now, by issuing an NSL, the government can have its way with you or your business, and you can't do anything about it since suing the government to get it to stop requires "standing" (evidence that you've been harmed by the activity in question) and you can't prove standing because of the gag order. ...And that's when the courts are sympathetic to your cause!
In the meantime in Russia: “The Big Advertising Brother ”, marketers offer "free"¹ traffic analysis systems to internet service providers.
The system is built upon Deep Packet Inspection technology. This technology was first employed by wireless carriers in 2009. Approximate installation cost is $50M.
iMarker (the company that offers DPI traffic analysis systems) officials claim that the system is already in use by 11 ISPs and collects data from ~12% of Runet users.
Here's the link, but the text is in Russian, no English variant, sorry: http://www.vedomosti.ru/tech/news/15669231/...
¹ All data collected by the system is shared with marketers.
@Lance:
Two problems with your statement.
1) "Cost" is more than just money. Influence, elections, etc. are all potential costs as well.
2) The US government cannot simply print all the money it would like, because eventually the cost of printing more money exceeds the value of the printed money. The dollar is actually the second national currency - the first one suffered hyperinflation (from exactly this) and was abandoned.
Yep. Nacchio is in jail for insider trading, because he knew the government was going to punish Qwest for not cooperating and sold some stock.
And IIRC he had a tough time getting evidence for his trial due to secrecy.
I can't image many CEO's resisting after that. Their personal lives were at stake.
Just like congress didn't resist much after their offices were quarantined.
Back in 2001, I wonder how close we were to the brink.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.