Monday, December 29, 2014

The limits of the NSA

Can encryption protect you and your data? That's the question explored by Der Spiegel in its analysis of the latest release of Snowden documents.

The German publication argues that there are easily-available and effective strategies for the average internet user who, as a matter of principle, demands privacy. Intriguingly, the myth of NSA infallibility may stop many people from using these measures.

We tell ourselves "Why bother?" and neglect to protect ourselves.

The NSA monitors internet traffic day and night. In doing so, the agency faces a variety of challenges ranging from "trivial" to "catastrophic." Listening in on your Facebook chats is trivial. Scooping up email routed through a Russian mail service -- like the one used by your humble host -- is a "moderate" challenge. (Well, at least it isn't trivial.)
Things first become troublesome at the fourth level. The presentation states that the NSA encounters "major" problems in its attempts to decrypt messages sent through heavily encrypted email service providers like Zoho or in monitoring users of the Tor network*, which was developed for surfing the web anonymously. Tor, otherwise known as The Onion Router, is free and open source software that allows users to surf the web through a network of more than 6,000 linked volunteer computers. The software automatically encrypts data in a way that ensures that no single computer in the network has all of a user's information. For surveillance experts, it becomes very difficult to trace the whereabouts of a person who visits a particular website or to attack a specific person while they are using Tor to surf the Web.
Hmmm.

Ever since the Snowden documents came out, we've heard conflicting reports about the challenge posed by Tor. In an earlier post, we discussed the anti-Tor tactics employed by the NSA -- including an app amusingly named MJOLNIR.
To your left, you will see the NSA's idea of what a terrorist looks like when he's using Tor. You can tell he's a terrorist because he has a long beard. If you grow a beard you can be a terrorist too! But you'll also need a little domino mask and a shirt that tells the world you're an expendable Star Trek crewmember.
As we noted earlier, the NSA has made Tor a prime target. But there's a huge problem here, because the NSA keeps insisting that they are focused on foreigners, not domestic targets. Tor -- by its very nature -- disguises the origin of data. The NSA cannot possibly know from the start who is saying what to whom, since bits and pieces of data are routed all over the world.

Although Tor still seems to be a good option, it is not the most effective way to foil the lads and lasses of No Such Agency.
Things become "catastrophic" for the NSA at level five - when, for example, a subject uses a combination of Tor, another anonymization service, the instant messaging system CSpace and a system for Internet telephony (voice over IP) called ZRTP. This type of combination results in a "near-total loss/lack of insight to target communications, presence," the NSA document states.

ZRTP, which is used to securely encrypt conversations and text chats on mobile phones, is used in free and open source programs like RedPhone and Signal. "It's satisfying to know that the NSA considers encrypted communication from our apps to be truly opaque," says RedPhone developer Moxie Marlinspike.
If you are a congressperson and you want to be able to talk to a lover without fear of blackmail from the conservatives (who undoubtedly work with the NSA), check out RedPhone!

This Der Spiegel article has a lot more to say; we should take a further look at it later.  

2 comments:

Anonymous said...

"Tor, ChatSecure, TextSecure, and RedPhone all receive money from the Open Technology Fund. The Open Technology Fund is run by Radio Free Asia. Due to a bizarre law, Radio Free Asia is technically a nonprofit, even though it was established and is funded by the US Congress. Radio Free Asia is under the direct supervision and oversight of the Broadcasting Board of Governors, which is a US federal government agency."

http://politynews.tumblr.com/post/87915481468/reset-the-net-is-promoting-us-government-funded

Anonymous said...

"...Tor was created not to protect the public from government surveillance, but rather, to cloak the online identity of intelligence agents as they snooped on areas of interest. But in order to do that, Tor had to be released to the public and used by as diverse a group of people as possible: activists, dissidents, journalists, paranoiacs, kiddie porn scum, criminals and even would-be terrorists — the bigger and weirder the crowd, the easier it would be for agents to mix in and hide in plain sight."

http://pando.com/2014/11/14/tor-smear/