Feds Are Suspects in New Malware That Attacks Tor Anonymity

Security researchers tonight are poring over a piece of malicious software that takes advantage of a Firefox security vulnerability to identify some users of the privacy-protecting Tor anonymity network.

The malware showed up Sunday morning on multiple websites hosted by the anonymous hosting company Freedom Hosting. That would normally be considered a blatantly criminal “drive-by” hack attack, but nobody’s calling in the FBI this time. The FBI is the prime suspect.

“It just sends identifying information to some IP in Reston, Virginia,” says reverse-engineer Vlad Tsyrklevich. “It’s pretty clear that it’s FBI or it’s some other law enforcement agency that’s U.S.-based.”

If Tsrklevich and other researchers are right, the code is likely the first sample captured in the wild of the FBI’s “computer and internet protocol address verifier,” or CIPAV, the law enforcement spyware first reported by WIRED in 2007.

Court documents and FBI files released under the FOIA have described the CIPAV as software the FBI can deliver through a browser exploit to gather information from the target’s machine and send it to an FBI server in Virginia. The FBI has been using the CIPAV since 2002 against hackers, online sexual predators, extortionists, and others, primarily to identify suspects who are disguising their location using proxy servers or anonymity services, like Tor.

The code has been used sparingly in the past, which kept it from leaking out and being analyzed or added to anti-virus databases.

The broad Freedom Hosting deployment of the malware coincides with the arrest of Eric Eoin Marques in Ireland on Thursday on an U.S. extradition request. The Irish Independent reports that Marques is wanted for distributing child pornography in a federal case filed in Maryland, and quotes an FBI special agent describing Marques as “the largest facilitator of child porn on the planet.”

Freedom Hosting has long been notorious for allowing child porn to live on its servers. In 2011, the hactivist collective Anonymous singled out Freedom Hosting for denial-of-service attacks after allegedly finding the firm hosted 95 percent of the child porn hidden services on the Tor network.

Freedom Hosting is a provider of turnkey “Tor hidden service” sites — special sites, with addresses ending in .onion — that hide their geographic location behind layers of routing, and can be reached only over the Tor anonymity network.

Tor hidden services are ideal for websites that need to evade surveillance or protect users’ privacy to an extraordinary degree – which can include human rights groups and journalists. But it also naturally appeals to serious criminal elements.

Shortly after Marques’ arrest last week, all of the hidden service sites hosted by Freedom Hosting began displaying a “Down for Maintenance” message. That included websites that had nothing to do with child pornography, such as the secure email provider TorMail.

Some visitors looking at the source code of the maintenance page realized that it included a hidden iframe tag that loaded a mysterious clump of Javascript code from a Verizon Business internet address located in eastern Virginia.

By midday Sunday, the code was being circulated and dissected all over the net. Mozilla confirmed the code exploits a critical memory management vulnerability in Firefox that was publicly reported on June 25, and is fixed in the latest version of the browser.

Though many older revisions of Firefox are vulnerable to that bug, the malware only targets Firefox 17 ESR, the version of Firefox that forms the basis of the Tor Browser Bundle – the easiest, most user-friendly package for using the Tor anonymity network.

“The malware payload could be trying to exploit potential bugs in Firefox 17 ESR, on which our Tor Browser is based,” the non-profit Tor Project wrote in a blog post Sunday. “We’re investigating these bugs and will fix them if we can.”

The inevitable conclusion is that the malware is designed specifically to attack the Tor browser. The strongest clue that the culprit is the FBI, beyond the circumstantial timing of Marques’ arrest, is that the malware does nothing but identify the target.

The heart of the malicious Javascript is a tiny Windows executable hidden in a variable named “Magneto.” A traditional virus would use that executable to download and install a full-featured backdoor, so the hacker could come in later and steal passwords, enlist the computer in a DDoS botnet, and generally do all the other nasty things that happen to a hacked Windows box.

But the Magneto code doesn’t download anything. It looks up the victim’s MAC address — a unique hardware identifier for the computer’s network or Wi-Fi card — and the victim’s Windows hostname. Then it sends it to the Virginia server, outside of Tor, to expose the user’s real IP address, and coded as a standard HTTP web request.

“The attackers spent a reasonable amount of time writing a reliable exploit, and a fairly customized payload, and it doesn’t allow them to download a backdoor or conduct any secondary activity,” says Tsyrklevich, who reverse-engineered the Magneto code.

The malware also sends, at the same time, a serial number that likely ties the target to his or her visit to the hacked Freedom Hosting-hosted website.

In short, Magneto reads like the x86 machine code embodiment of a carefully crafted court order authorizing an agency to blindly trespass into the personal computers of a large number of people, but for the limited purpose of identifying them.

But plenty of questions remain. For one, now that there’s a sample of the code, will anti-virus companies start detecting it?

Update 8.5.13 12:50: According to Domaintools, the malware’s command-and-control IP address in Virginia is allocated to Science Applications International Corporation. SAIC is a major technology contractor for defense and intelligence agencies, including the FBI. I have a call into the firm.

13:50 Tor Browser Bundle users who installed or manually updated after June 26 are safe from the exploit, according to the Tor Project’s new security advisory on the hack.

Update 14:30: SAIC has no comment.

StartPage and Ixquick Deploy Newest Encryption Standards against Mass Surveillance

First search engines to offer TLS 1.1.and 1.2 as well as "Perfect Forward Secrecy"

NOTE: High Desert Technology provides a SECURE SEARCH PAGE which is directly tied in with STARTPAGE (the service mentioned below).

NEW YORK & AMSTERDAM - In the wake of the US PRISM Internet surveillance scandal, companies are revisiting how they do business online and beefing up their privacy practices to protect their users.

Private search engines StartPage and Ixquick have pioneered a new advance in encryption security this week, becoming the first search engines in the world to enable "Perfect Forward Secrecy" or PFS in combination with a more secure version of SSL encryption known as TLS 1.1. and 1.2 , which works by setting up a secure "tunnel" through which users' search traffic cannot be intercepted. 

This is the latest in a series of security firsts by StartPage and Ixquick, which pioneered the field of private search in 2006. Combined, StartPage/Ixquick is the largest private search engine, serving well over 4 million searches daily.

Harvard-trained privacy expert Dr. Katherine Albrecht, who helped develop StartPage, says, "We take encryption very seriously, and we've always led the way when it comes to security. We were first to adopt default SSL encryption in 2011, and now we're setting the standard for encryption in the post-PRISM world."

SSL encryption has been proven to be an effective tool for protecting sensitive online traffic from eavesdropping and surveillance. However, security researchers now worry that SSL encryption may not provide adequate protection if Government agencies are scooping up large amounts of encrypted traffic and storing it for later decryption. 

With SSL alone, if a target website's "private key" can be obtained once in the future - perhaps through court order, social engineering, attack against the website, or cryptanalysis - that same key can then be used to unlock all other historical traffic of the affected website. For larger Internet services, that could expose the private data of millions of people.

StartPage and Ixquick have now deployed a defense against this known as "Perfect Forward Secrecy," or PFS. 

PFS uses a different "per-session" key for each data transfer, so even if a site's private SSL key is compromised, data that was previously transmitted is still safe. Those who want to decrypt large quantities of data sent using PFS face the daunting task of individually decrypting each separate file, as opposed to obtaining a single key to unlock them all.

This can be likened to replacing the master "skeleton key" that unlocks every room in a building with a tight security system that puts a new lock on each door and then creates a unique key for each lock.

In addition to its pioneering use of PFS, earlier this month StartPage and Ixquick deployed Transport Layer Security, or TLS, encryption versions TLS 1.1 and 1.2 on all of its servers. TLS is an upgraded form of SSL encryption, which sets up a secure "tunnel" that protects users' search information. 

In independent evaluation, StartPage and Ixquick outscore their competitors on encryption standards. See Qualys' SSL Labs evaluation of StartPage's encryption features:


CEO Robert Beens urges other companies to upgrade to these new technologies. "With Perfect Forward Secrecy and TLS 1.1 and 1.2 combined, we are once again leading the privacy industry forward. For the sake of their users' privacy, we strongly recommend other search engines follow our lead."

Government requests for private SSL keys

 The U.S. government has attempted to obtain the master encryption keys that Internet companies use to shield millions of users' private Web communications from eavesdropping.

These demands for master encryption keys, which have not been disclosed previously, represent a technological escalation in the clandestine methods that the FBI and the National Security Agency employ when conducting electronic surveillance against Internet users.

If the government obtains a company's master encryption key, agents could decrypt the contents of communications intercepted through a wiretap or by invoking the potent surveillance authorities of the Foreign Intelligence Surveillance Act. Web encryption -- which often appears in a browser with a HTTPS lock icon when enabled -- uses a technique called SSL, or Secure Sockets Layer.

"The government is definitely demanding SSL keys from providers," said one person who has responded to government attempts to obtain encryption keys. The source spoke with CNET on condition of anonymity.

The person said that large Internet companies have resisted the requests on the grounds that they go beyond what the law permits, but voiced concern that smaller companies without well-staffed legal departments might be less willing to put up a fight. "I believe the government is beating up on the little guys," the person said. "The government's view is that anything we can think of, we can compel you to do."

A Microsoft spokesperson would not say whether the company has received such requests from the government. But when asked whether Microsoft would turn over a master key used for Web encryption or server-to-server e-mail encryption, the spokesperson replied: "No, we don't, and we can't see a circumstance in which we would provide it."

Google also declined to disclose whether it had received requests for encryption keys. But a spokesperson said the company has "never handed over keys" to the government, and that it carefully reviews each and every request. "We're sticklers for details -- frequently pushing back when the requests appear to be fishing expeditions or don't follow the correct process," the spokesperson said.

Sarah Feinberg, a spokeswoman for Facebook, also declined to answer whether her employer has received encryption key requests. In response to a question about divulging encryption keys, Feinberg said: "We have not, and we would fight aggressively against any request for such information."

Apple, Yahoo, AOL, Verizon, AT&T, Opera Software's Fastmail.fm, Time Warner Cable, and Comcast declined to respond to queries about whether they would divulge encryption keys to government agencies.

Encryption used to armor Web communications was largely adopted not because of fears of NSA surveillance -- but because of the popularity of open, insecure Wi-Fi networks. The "Wall of Sheep," which highlights passwords transmitted over networks through unencrypted links, has become a fixture of computer security conventions, and Internet companies began adopting SSL in earnest about three years ago.

"The requests are coming because the Internet is very rapidly changing to an encrypted model," a former Justice Department official said. "SSL has really impacted the capability of U.S. law enforcement. They're now going to the ultimate application layer provider."

An FBI spokesman declined to comment, saying the bureau does not "discuss specific strategies, techniques and tools that we may use."

Top secret NSA documents leaked by former government contractor Edward Snowden suggest an additional reason to ask for master encryption keys: they can aid bulk surveillance conducted through the spy agency's fiber taps.

One of the leaked PRISM slides recommends that NSA analysts collect communications "upstream" of data centers operated by Apple, Microsoft, Google, Yahoo, and other Internet companies. That procedure relies on a FISA order requiring backbone providers to aid in "collection of communications on fiber cables and infrastructure as data flows past."

Mark Klein, who worked as an AT&T technician for over 22 years, disclosed in 2006 (PDF) that he met with NSA officials and witnessed domestic Internet traffic being "diverted" through a "splitter cabinet" to secure room 641A in one of the company's San Francisco facilities. Only NSA-cleared technicians were allowed to work on equipment in the SG3 secure room, Klein said, adding that he was told similar fiber taps existed in other major cities.

 But an increasing amount of Internet traffic flowing through those fiber cables is now armored against surveillance using SSL encryption. Google enabled HTTPS by default for Gmail in 2010, followed soon after by Microsoft's Hotmail. Facebook enabled encryption by default in 2012. Yahoo now offers it as an option.

"Strongly encrypted data are virtually unreadable," NSA director Keith Alexander told (PDF) the Senate earlier this year.

Unless, of course, the NSA can obtain an Internet company's private SSL key. With a copy of that key, a government agency that intercepts the contents of encrypted communications has the technical ability to decrypt and peruse everything it acquires in transit, although actual policies may be more restrictive.

One exception to that rule relies on a clever bit of mathematics called perfect forward secrecy. PFS uses temporary individual keys, a different one for each encrypted Web session, instead of relying on a single master key. That means even a government agency with the master SSL key and the ability to passively eavesdrop on the network can't decode private communications.

Google is the only major Internet company to offer PFS, though Facebook is preparing to enable it by default.

Even PFS isn't complete proof against surveillance. It's possible to mount a more advanced attack, sometimes called a man-in-the-middle or active attack, and decode the contents of the communications.

A Wired article in 2010 disclosed that a company called Packet Forensics was marketing to government agencies a box that would do precisely that. (There is no evidence that the NSA performs active attacks as part of routine surveillance, and even those could be detected in some circumstances.)

The Packet Forensics brochure said that government agencies would "have the ability to import a copy of any legitimate key they obtain (potentially by court order)." It predicted that agents or analysts will collect their "best evidence while users are lulled into a false sense of security afforded by Web, e-mail or VOIP encryption."

With a few exceptions, even if communications in transit are encrypted, Internet companies typically do not encrypt e-mail or files stored in their data centers. Those remain accessible to law enforcement or the NSA through legal processes.

Leaked NSA surveillance procedures, authorized by Attorney General Eric Holder, suggest that intercepted domestic communications are typically destroyed -- unless they're encrypted. If that's the case, the procedures say, "retention of all communications that are enciphered" is permissible.

 It's not entirely clear whether federal surveillance law gives the U.S. government the authority to demand master encryption keys from Internet companies.

"That's an unanswered question," said Jennifer Granick, director of civil liberties at Stanford University's Center for Internet and Society. "We don't know whether you can be compelled to do that or not."

The government has attempted to use subpoenas to request copies of encryption keys in some cases, according to one person familiar with the requests. Justice Department guidelines say subpoenas may be used to obtain information "relevant" to an investigation, unless the request is "unreasonably burdensome."

"I don't know anyone who would turn it over for a subpoena," said an attorney who represents Internet companies but has not fielded requests for encryption keys. Even a wiretap order in a criminal case would be insufficient, but a FISA order might be a different story, the attorney said. "I'm sure there's some logic in collecting the haystack."

Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, challenged the notion that current law hands the government the power to demand master encryption keys. Even with a FISA order for the private key, Opsahl said, the amount of technical assistance that a company must provide to the NSA or other federal agencies "has a limit."

Federal and state law enforcement officials have previously said encrypted communications were beginning to pose an obstacle to lawful surveillance. Valerie Caproni, the FBI's general counsel at the time, told a congressional hearing in 2011, according to a transcript:

Encryption is a problem, and it is a problem that we see for certain providers... For individuals who put encryption on their traffic, we understand that there would need to be some individualized solutions if we get a wiretap order for such persons... We are suggesting that if the provider has the communications in the clear and we have a wiretap order, that the provider should give us those communications in the clear.

"One of the biggest problems with compelling the [private key] is it gives you access to not just the target's communications, but all communications flowing through the system, which is exceedingly dangerous," said Stanford's Granick

ACLU warns of mass tracking through license plate scanners

The American Civil Liberties Union is warning that law enforcement officials are using license plate scanners to amass massive and unregulated databases that can be used to track law-abiding citizens as their go about their daily lives.

In a new report, "You Are Being Tracked: How License Plate Readers Are Being Used to Record Americans' Movements," the ACLU discusses the data culled from license plate scanners - cameras mounted on patrol cars, overpasses and elsewhere to record your license plate number and location at a given time. There are tens of thousands such cameras now in operation, according to the group, with the data in some cases being stored indefinitely.

The cameras, which are often installed thanks to federal funding, are designed to catch car thieves and other criminals. The ACLU's Catherine Crump writes that the organization does not object to "when they're used to identify people who are driving stolen cars or are subject to an arrest warrant." But, she continues, "they should not become tools for tracking where each of us has driven."

The ACLU report is the result of an analysis of 26,000 pages of documents from police departments around the country, obtained through nearly 600 freedom of information requests. It finds that while some jurisdictions keep the information gleaned from the scanners for a short time - 48 hours in the case of the Minnesota State Patrol - many hold onto the data for years. That includes the Delaware Department of Homeland Security and the state of New Jersey, which keep the data for five years, and towns in Texas and New York, which are presumed to keep the data indefinitely.

The organization complains that there are "virtually no rules in place" to keep officials from tracking "everybody all the time." The town of Grapevine, Texas reported scanning an average of 14,547 plates each day in September 2012 and said it had nearly 2 million plates stored in its database. Milipitas, California has 4.7 million plates in its database. Neither town has a policy in place to regulate that data. The ACLU also warns that the data is being fed into larger databases, with the private National Vehicle Location Service now holding more than 800 million license plate records. The group's database is used by more than 2,200 law enforcement customers.

"Trips to places of worship, political protests, or gun ranges can be powerful indicators of people's beliefs," writes Crump. "Is it really the government's business how often you go to the drug store or liquor store, what doctors you visit, and the identities of your friends?" The report warns that the data can be used in an official capacity to spy on protesters or target communities based on their religious beliefs, or unofficially by a police officer who wants to keep an eye on a romantic rival.

The ACLU is calling for regulations to be put in place to prevent broad-based tracking using the scanners. It said the scanners should be used in a limited capacity, that the data be stored for less than a month unless it has been specifically flagged, that the public should be able to find out if a plate is contained in a database, that the data not be shared with third parties, and that scanner usage be reported publicly on an annual basis.

Microsoft and NSA. Encryption provided by Microsoft useless.

This article originally written and posted here: http://m.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data

• Secret files show scale of Silicon Valley co-operation on Prism
• Outlook.com encryption unlocked even before official launch
• Skype worked to enable Prism collection of video calls
• Company says it is legally compelled to comply

Microsoft has collaborated closely with US intelligence services to allow users' communications to be intercepted, including helping the National Security Agency to circumvent the company's own encryption, according to top-secret documents obtained by the Guardian.

The files provided by Edward Snowden illustrate the scale of co-operation between Silicon Valley and the intelligence agencies over the last three years. They also shed new light on the workings of the top-secret Prism program, which was disclosed by the Guardian and the Washington Post last month.

The documents show that:

• Microsoft helped the NSA to circumvent its encryption to address concerns that the agency would be unable to intercept web chats on the new Outlook.com portal;

• The agency already had pre-encryption stage access to email on Outlook.com, including Hotmail;

• The company worked with the FBI this year to allow the NSA easier access via Prism to its cloud storage service SkyDrive, which now has more than 250 million users worldwide;

• Microsoft also worked with the FBI's Data Intercept Unit to "understand" potential issues with a feature in Outlook.com that allows users to create email aliases;

• In July last year, nine months after Microsoft bought Skype, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism;

• Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport".

The latest NSA revelations further expose the tensions between Silicon Valley and the Obama administration. All the major tech firms are lobbying the government to allow them to disclose more fully the extent and nature of their co-operation with the NSA to meet their customers' privacy concerns. Privately, tech executives are at pains to distance themselves from claims of collaboration and teamwork given by the NSA documents, and insist the process is driven by legal compulsion.

In a statement, Microsoft said: "When we upgrade or update products we aren't absolved from the need to comply with existing or future lawful demands." The company reiterated its argument that it provides customer data "only in response to government demands and we only ever comply with orders for requests about specific accounts or identifiers".

In June, the Guardian revealed that the NSA claimed to have "direct access" through the Prism program to the systems of many major internet companies, including Microsoft, Skype, Apple, Google, Facebook and Yahoo.

Blanket orders from the secret surveillance court allow these communications to be collected without an individual warrant if the NSA operative has a 51% belief that the target is not a US citizen and is not on US soil at the time. Targeting US citizens does require an individual warrant, but the NSA is able to collect Americans' communications without a warrant if the target is a foreign national located overseas.

Since Prism's existence became public, Microsoft and the other companies listed on the NSA documents as providers have denied all knowledge of the program and insisted that the intelligence agencies do not have back doors into their systems.

Microsoft's latest marketing campaign, launched in April, emphasizes its commitment to privacy with the slogan: "Your privacy is our priority."

Similarly, Skype's privacy policy states: "Skype is committed to respecting your privacy and the confidentiality of your personal data, traffic data and communications content."

But internal NSA newsletters, marked top secret, suggest the co-operation between the intelligence community and the companies is deep and ongoing.

The latest documents come from the NSA's Special Source Operations (SSO) division, described by Snowden as the "crown jewel" of the agency. It is responsible for all programs aimed at US communications systems through corporate partnerships such as Prism.

The files show that the NSA became concerned about the interception of encrypted chats on Microsoft's Outlook.com portal from the moment the company began testing the service in July last year.

Within five months, the documents explain, Microsoft and the FBI had come up with a solution that allowed the NSA to circumvent encryption on Outlook.com chats

A newsletter entry dated 26 December 2012 states: "MS [Microsoft], working with the FBI, developed a surveillance capability to deal" with the issue. "These solutions were successfully tested and went live 12 Dec 2012."

Two months later, in February this year, Microsoft officially launched the Outlook.com portal.

Another newsletter entry stated that NSA already had pre-encryption access to Outlook email. "For Prism collection against Hotmail, Live, and Outlook.com emails will be unaffected because Prism collects this data prior to encryption."

Microsoft's co-operation was not limited to Outlook.com. An entry dated 8 April 2013 describes how the company worked "for many months" with the FBI – which acts as the liaison between the intelligence agencies and Silicon Valley on Prism – to allow Prism access without separate authorization to its cloud storage service SkyDrive.

The document describes how this access "means that analysts will no longer have to make a special request to SSO for this – a process step that many analysts may not have known about".

The NSA explained that "this new capability will result in a much more complete and timely collection response". It continued: "This success is the result of the FBI working for many months with Microsoft to get this tasking and collection solution established."

A separate entry identified another area for collaboration. "The FBI Data Intercept Technology Unit (DITU) team is working with Microsoft to understand an additional feature in Outlook.com which allows users to create email aliases, which may affect our tasking processes."

The NSA has devoted substantial efforts in the last two years to work with Microsoft to ensure increased access to Skype, which has an estimated 663 million global users.

One document boasts that Prism monitoring of Skype video production has roughly tripled since a new capability was added on 14 July 2012. "The audio portions of these sessions have been processed correctly all along, but without the accompanying video. Now, analysts will have the complete 'picture'," it says.

Eight months before being bought by Microsoft, Skype joined the Prism program in February 2011.

According to the NSA documents, work had begun on smoothly integrating Skype into Prism in November 2010, but it was not until 4 February 2011 that the company was served with a directive to comply signed by the attorney general.

The NSA was able to start tasking Skype communications the following day, and collection began on 6 February. "Feedback indicated that a collected Skype call was very clear and the metadata looked complete," the document stated, praising the co-operation between NSA teams and the FBI. "Collaborative teamwork was the key to the successful addition of another provider to the Prism system."

ACLU technology expert Chris Soghoian said the revelations would surprise many Skype users. "In the past, Skype made affirmative promises to users about their inability to perform wiretaps," he said. "It's hard to square Microsoft's secret collaboration with the NSA with its high-profile efforts to compete on privacy with Google."

The information the NSA collects from Prism is routinely shared with both the FBI and CIA. A 3 August 2012 newsletter describes how the NSA has recently expanded sharing with the other two agencies.

The NSA, the entry reveals, has even automated the sharing of aspects of Prism, using software that "enables our partners to see which selectors [search terms] the National Security Agency has tasked to Prism".

The document continues: "The FBI and CIA then can request a copy of Prism collection of any selector…" As a result, the author notes: "these two activities underscore the point that Prism is a team sport!"

In its statement to the Guardian, Microsoft said:

    We have clear principles which guide the response across our entire company to government demands for customer information for both law enforcement and national security issues. First, we take our commitments to our customers and to compliance with applicable law very seriously, so we provide customer data only in response to legal processes.

    Second, our compliance team examines all demands very closely, and we reject them if we believe they aren't valid. Third, we only ever comply with orders about specific accounts or identifiers, and we would not respond to the kind of blanket orders discussed in the press over the past few weeks, as the volumes documented in our most recent disclosure clearly illustrate.

    Finally when we upgrade or update products legal obligations may in some circumstances require that we maintain the ability to provide information in response to a law enforcement or national security request. There are aspects of this debate that we wish we were able to discuss more freely. That's why we've argued for additional transparency that would help everyone understand and debate these important issues.

In a joint statement, Shawn Turner, spokesman for the director of National Intelligence, and Judith Emmel, spokeswoman for the NSA, said:

    The articles describe court-ordered surveillance – and a US company's efforts to comply with these legally mandated requirements. The US operates its programs under a strict oversight regime, with careful monitoring by the courts, Congress and the Director of National Intelligence. Not all countries have equivalent oversight requirements to protect civil liberties and privacy.

They added: "In practice, US companies put energy, focus and commitment into consistently protecting the privacy of their customers around the world, while meeting their obligations under the laws of the US and other countries in which they operate."

• This article was amended on 11 July 2013 to reflect information from Microsoft that it did not make any changes to Skype to allow Prism collection on or around July 2012.

Encryption, Capitalism, and the Law

Article originally posted here https://medium.com/surveillance-state/b804de3b5b


Thank you for choosing cyberpunk dystopia.

encryption, capitalism, and law

June has been a pretty surreal month. As the Guardian and the Washington Post continue to publish internal NSA documents in what has become a torrential TOP SECRET/NOFORN early Christmas bonanza, many of us in hacker and activist communities have now seen what we long suspected confirmed: that the government is indiscriminately collecting and storing massive quantities of data, and that the distinction between the “law enforcement” and foreign intelligence use of this data has become increasingly blurred. For people who have family ties in Pakistan or regularly attend Mosque,for those who were a part of Occupy Wall Street, or have participated in the blockade of the KXL Pipeline, the fact that the national security apparatus conducts domestic operations on a racial and political basis is no surprise; it has often been a daily fact of life for years.

Yet, being right is obviously not reassuring, and how to turn these revelations into substantive change is far from clear. Unlike in 1976, when the Church Committee was formed to address the abuses of the Nixon era, there is now a broad spectrum of established legal precedent and business practices which make widespread surveillance both legal and profitable. The courts have consistently ruled that when we turn our data over to a third party, we have no reasonable expectation of privacy. Never mind that it is pretty much impossible to communicate online today without handing your information to a third party, whether that is Apple, Facebook, Google, Dropbox, or any email server, for that matter. At the same time, the dominant business model for online services has come to be based on user data exploitation and targeted advertisements. Companies that can’t access their users’ data because it is encrypted deny themselves revenue from targeted ads. Users who have become accustomed to not having to pay to access online services are less likely to buy into a fee-for service business model that might offer them greater privacy. These two aspects of the world we now find ourselves in, the legal architecture supporting surveillance and the profit motive driving private data exploitation, together compose a mutually re-enforcing bulwark defending the state’s panopticon from both passive individual resistance and organized direct attack. All of this is happening in a world where the real-time location tracking of millions of people has become trivial, where commercial facial recognition is becoming ubiquitous, and in which the president reserves the right to murder anyone, at any time, with a flying killer robot. If there are prophets of our time, they are Kafka, Alan Moore, and Phillip K. Dick.

The Failed Cypherpunk Insurgency

That to defy the surveillance state should be harder today than it was twenty years ago is tragically ironic, since today there are publicly available cryptographic tools that can effectively shield individuals’ communications from interception. Free software such as LUKS, GnuPG, and OTR theoretically allow anyone to secure their hard drive, their email, and their conversations online. For much of the 1990s, there was a fight to make these tools publicly available. Many of the most secure crypto algorithms, such as RSA, were patented and couldn’t be used without first paying a hefty license fee. Cryptography was legally considered to be a type of “munition” by the US government, and anyone who developed software that employed crypto risked being prosecuted in the US for unlawfully trafficking in ordinance. The cypherpunks of the 1990s were committed to spreading cryptography through any means necessary. Phil Zimmermann, who wrote PGP, the free software for encrypting email, successfully circumvented the legal blockade on the export of cryptography by publishing his source code as a book, “PGP Source Code and Internals.” The text was written in machine readable format, so that anyone who purchased a copy of the book would be able to scan in the software, then use it or distribute it themselves. Although he was charged with violating the ban on munitions exports, Zimmermann was able to successfully argue that his book was not software, but first amendment protected speech. The 90s are littered with similar cypherpunk battles; some hackers set off to countries with laws favorable to exporting cryptography, so that they could safely write code and share it with the world. They believed that if encryption was widely available, government surveillance would be impossible, censorship would become a historical relic, and untraceable digital currency would become ubiquitous. Without the ability to monitor citizens or collect tax revenue, governments would fall and the people of the world would build a new society on the ashes of the old. If this sounds grandiose or naive, that’s because it was.

The cypherpunks believed that with cryptography, the internet could exist as a platonic space, free from the coercive influence of organized violence. Since no amount of force can solve a math problem, and since individuals online become place-less avatars of their physical selves, then theoretically a cryptographic net could become the ultimate state-proof reality. They failed, though, to anticipate that the hegemonic forces of organized capital would exert the same disproportionate influence over people online as in the physical world, and that these new internet capitalists would be just as welcoming to the coercive influence of the state as their predecessors had been.

Today, the cypherpunk mindset lives on among technically inclined people who have fallen in love with cryptography. I know because I’m one of them. I think the way the Diffie-Hellman exchange appears to defy logic is utterly fascinating. I make one time pads for fun, I occasionally tune into shortwave number stations based out of Russia, and if you get me drunk I will explain public key cryptography in detail to anyone present regardless of their expressed level of interest in the subject. That people would freely choose to use cryptography and become enthralled with its mathematical simplicity seems natural to me. However, if I’m honest, I have to admit that I go well out of my way to use crypto tools on a daily basis. The online spaces most of us frequent aren’t designed to protect our data from the people who built them, because if they were, those same people would very quickly be out of business.

Free Choice Isn’t Free

All of us express our agency within a given set of restrictions. If I live in a neighborhood without stores that sell fresh fruits and vegetables, then my “choice” to eat healthy food comes with higher costs in travel time and money that I may not have. When all of my friends use cell phones to make plans and meet up, then my choice not to carry an insecure tracking device expands to include the choice not to spend as much time with my friends. If most all of my friends are planning parties on Facebook, then my choice not to use Facebook expands to include the choice not to go to most parties. These are choices that aren’t really free choices; they are all weighted by the influence of dominant players who define the shape of the terrain in which I make my choice.

The terrain of online communication is similarly shaped and defined by hegemonic players: companies that profit off of user data exploitation and seek to keep users within their internally coherent fiefdoms. Once a company achieves a certain critical mass of users, it is no longer in their interest to be compatible with other platforms and technologies; since their users have already become dependent upon them, it is now in that company’s interest to force a choice away from their competitors, rather than offer users more choice. Google, for example, recently decided to stop supporting XMPP, an open chat protocol that allows GTalk users to chat with a wide variety of other platforms, including Facebook, Outlook, and free software applications such as Pidgin that support true end-to-end encryption. Since GTalk is tied to GMail, Hangouts, and Google+, users who are upset at losing the freedom of XMPP will have to decide if they are mad enough to forgo the benefits of those other Google products. Even if a user were to leave Google, in order for them to be able to chat with all of their friends, they would have to convince them all to use Jabber instead of GTalk. Their choice then, is not really a free choice.

This effect of choices that aren’t choices applies to anyone trying to secure their online communications with cryptography as well. Since any end-to-end crypto tool requires that both people are using the tool to communicate, an individual who wants to use crypto has to convince other members of her social network to adopt the same tool she is using. This means that anyone designing a crypto tool today, no matter how easy to use, is swimming upstream against the closed networks of the established players.

This network effect inherent to successful platform adoption means that secure communication is a social phenomenon as much as a technical one; whenever there is a large community of people using a particular technology, that network is healthy and there is an incentive for other people to join it. A technology with a small network faces large barriers to widespread use. Generally, we can say that successful technologies are (a) easy to use and (b) have large networks. It’s clear that these two qualities are mutually re-enforcing and together encourage widespread adoption of a platform. What’s not clear is whether an easy to use tool naturally leads to widespread adoption.

Some cryptographers are attempting to address the user adoption friction caused by difficult to use software like PGP by making elegant, easy crypto tools that work where users already are: their phone and the browser. Moxie Marlinspike and Nadim Kobeissi are two of the most prominent developers doing this kind of work. Moxie founded Whisper Systems, and brought encrypted VoIP and texts to smart phones with Red Phone and Text Secure. Nadim built Crypto Cat, the first in-browser encrypted chat platform (Note: Crypto Cat has apparently just been hit with the discovery of another major security flaw, http://tobtu.com/decryptocat.php). Both have simple interfaces that are pleasant to use. Whether they will be widely adopted largely depends on the hope that good design leads to a larger user base, which by way of the network effect will accelerate user adoption.

There is some reason to believe that this may not be the case. A software tool’s ease of use is not just a function of design, but interoperability with other existing stuff that people are already using. Red Phone and Text Secure are deliberately grafted into existing users’ habits by seamlessly replacing the default phone and texting applications in Android. However, because Google defines the state of play by controlling the platform on which both of these programs run, Red Phone and Text Secure function more or less at the mercy of Google. What happens to Red Phone if Google tries to force out competitors and make Hangouts, their video chat and VoIP client, the replacement for standard calls on Android? That might be back to the drawing board for Whisper Systems. Crypto Cat, on the other hand, runs as a Chrome and Firefox plugin, so while it seems unlikely that it would be swept off of either of those platforms, people still have to go out of their way to use Crypto Cat; people go there for secure communication, but it isn’t built into any of the increasingly closed online worlds they inhabit. Companies that are able to generate mass revenue through user data exploitation are able to construct a constellation of interdependent services whose convenience is primarily derived not from their user design in and of itself, but from the fact that they are part of a large, internally coherent ecosystem. This is the “sandbox effect” of monopolistic design. Without the ability to derive revenue from user data, most user friendly encryption applications are either run out of pocket like Whisper Systems and Crypto Cat, or are fee-for-service, like Silent Circle.

User choice isn’t just restricted by the coercive effect of the rent seeking and anti-competitive behavior of hegemonic companies like Google; their entire business model is based on undermining privacy. No major internet company is interested in offering true end-to-end encryption, because this would mean that they would no longer have access to the user’s plaintext data: the lifeblood of their ad-based business model. These companies effectively offer what Bruce Schneier has dubbed “feudal security.” Google promises to keep your inbox free of competitors’ spam in exchange for discretely offering you some of its own. Data exploiting companies effectively secure their users’ against their competitors and against malicious exploitation, but they horde users’ plaintext data for themselves. Which, since almost all of these companies are US based and subject to US law (whatever that may happen to be these days), means that Google, Facebook, Skype, etc. also horde users’ data for the NSA.

Cyberspace Isn’t Space: Trouble With The Law

Quite obviously, when the fourth amendment was written, there was no internet. Personal papers were largely kept at home or at an office,and the protection against “unreasonable searches and seizures” referred to trespass by government officials. This has created problems when the deterritorializing effect of technology confuses the nature of private space. However, much of this apparent confusion in the courts is fairly recent, and there is a strong historical precedent of US courts adapting to new technologies while upholding the intent of the fourth amendment.

In a 1928 case before the Supreme Court, Olmstead v.United States, the defendant argued that the evidence gathered against him by a phone wiretap should not be admissible in court, since the government hadn’t bothered to obtain a warrant to do so. The federal government argued that no such warrant was necessary, since no “search or seizure” of the defendant’s home had taken place. The court ruled with the defendant, arguing that:

Applying to the Fourth and Fifth Amendments the established rule of construction, the defendants’ objections to the evidence obtained by wiretapping must, in my opinion, be sustained. It is, of course, immaterial where the physical connection with the telephone wires leading into the defendants’ premises was made. And it is also immaterial that the intrusion was in aid of law enforcement. Experience should teach us to be most on our guard to protect liberty when the Government’s purposes are beneficent. Men born to freedom are naturally alert to repel invasion of their liberty by evil-minded rulers. The greatest dangers to liberty lurk in insidious encroachment by men of zeal, well meaning but without understanding.

The court went on to conclude that:

By the laws of Washington, wiretapping is a crime. [n13] Pierce’s [p480] Code, 1921, § 8976(18). To prove its case, the Government was obliged to lay bare the crimes committed by its officers on its behalf. A federal court should not permit such a prosecution to continue.

You would think that such an astounding instance of common sense would equally apply to the protection of email from warrantless seizure, but you’d be wrong. In United States v. Miller (1976) and other similar recent cases, the court has repeatedly bought the argument that since sending an email involves “voluntarily disclosing information to a third party” the person sending that email therefore has no valid expectation of privacy in their communications. If there were no precedent analogous to email upon which to base their decision, it might make sense that the court was just confused, but that’s not the case. As far back as 1876, in Ex parte Jackson - 96 U.S. 727, the government has previously argued that the fourth amendment does not protect against the interception of mail, since the sender has entrusted it to a third party, the US Postal Service. The court rejected that line of argument, declaring that:

Letters and sealed packages of this kind in the mail are as fully guarded from examination and inspection, except as to their outward form and weight, as if they were retained by the parties forwarding them in their own domiciles. The constitutional guaranty of the right of the people to be secure in their papers against unreasonable searches and seizures extends to their papers, thus closed against inspection, wherever they may be. Whilst in the mail, they can only be opened and examined under like warrant, issued upon similar oath or affirmation, particularly describing the thing to be seized, as is required when papers are subjected to search in one’s own household.

Unfortunately, the effect of recent decisions in line with United States v. Miller, which perpetuate the notion that privacy is obviated if a third party is involved, has not just undermined our online privacy, it has also produced a myriad of insidious structural changes in how the judicial review of executive power operates, often in ways which are not immediately apparent.

One of the virtues of the post-feudal common law legal tradition is the principle of equality before the law. Individuals are all theoretically subjected to the same set of laws via the same legal process, whether they are a part of the state power structure, are wealthy “private” parties, or are ordinary persons. Of course, people with more access to societal privilege or with connections to people of influence almost always fair far better than those who don’t have such access, but this sort of corruption of the judicial process is quite different from its structural abrogation, which is what we are seeing now between the state and internet companies, a relationship which has come to resemble more a series of feudal fiefdoms negotiating their position with a ruling state than it does the functioning of a healthy judicial system in a democratic society.

In the physical world, if the government wants to search my house, then they (theoretically) get a warrant to do so. I would have the opportunity to fight over the legitimacy of that warrant in court. Today, my data is stored with a few very large companies, and so the government instead goes straight to them, via an administrative subpoena or similar rubber-stamp instrument to get my data. While a warrant to search my house might be issued on an ex parte basis, meaning that I am not notified of the warrant hearing and do not have the opportunity to object beforehand, I would nonetheless be able to argue that the warrant was issued illegitimately afterwards, and get any evidence associated with the improper warrant tossed out of court as well. This isn’t the case with National Security Letters, which are served to ISPs and internet companies and include a gag order, effectively banning the company that receives them from ever notifying the customer being targeted that they have received such an order. ISPs and companies like Google and Twitter which receive these orders can fight them in court, but unlike the actual defendants, they lack a strong incentive to do so; resisting these types of requests is a civic service that private companies have little reason to pursue. Beyond maintaining their reputation with their customers, Google or Facebook have a weak incentive to spend thousands of dollars in legal fees just to stick up for any individual user.

As a result of the courts’ ongoing habit of upholding the notion that we somehow forfeit our expectation of privacy when storing information with a third party, the conversation in the court system has contracted from a very broad based series of diffuse opinions written in many courts by judges hearing objections from many defendants’ attorneys to a very narrowly based series of secret conflicts between large internet companies and the government, most often before the secret and unaccountable FISA court. Effectively this has bypassed any thoroughgoing legal examination of the legitimacy of the government’s broad surveillance practices by transforming common law judicial review into a series negotiations between internet companies and the government over how much information they are willing to share about their users. This isn’t equality before the law, since individuals are powerless to question the legitimacy of the surveillance directed at them. Instead, the companies that “own” the data choose whether they want to resist government requests at their own expense.

All of this is to say that the situation we now find ourselves in is quite complex; a series of interdependent and mutually re-enforcing edifices which support mass state surveillance have metastasized over the past decade: in the legal sphere, through the ad-based services we use, and due to a deficit of viable, easy to use online tools that incorporate true end-to-end crypto. Without a business model that can support end-to-end crypto and a robust court challenge to the current widespread (mis)interpretation of the fourth amendment by the judiciary, the future looks very bleak. Think Blade Runner meets Minority Report.

Please Note: This piece is highly indebted to the ideas of Moxie Marlinspike, Jacob Appelbaum, and to a lesser extent Bruce Schneier. The stuff on the history of the cypherpunk movement in particular, and the bit on the false nature of liberal choice theory is ripped almost directly from a talk Moxie gave at Defcon 18. Hopefully people who haven’t come across these ideas elsewhere will feel curious to look those fine people up on the interwebs.

Subscribe to our Newsletter

Search ALL Articles

Managed V. Non-Managed



US-CERT Latest Warnings

Latest US-CERT Released Warnings

Posted Articles