Friday, September 06, 2013

Snowden: Internet encryption useless against eyes in NSA, GCHQ

Both HTTPS, SSL, and VoIP only good against little fish

Edward Snowden has provided The New York Times and The Guardian and others with some eye-catching revelations:
N.S.A. Able to Foil Basic Safeguards of Privacy on Web (NYT)

NSA and GCHQ unlock privacy and security on the internet (Guardian)
The two U.S. and U.K. intelligence agencies "are investing in groundbreaking cryptanalytic capabilities to defeat adversarial cryptography and exploit internet traffic" according to Director of National Intelligence who was quoted in the latest Snowden document about the $52 billion black budget. See also skeptical, technically sophisticated remarks by Wired. HTTPS, SSL, and VoIP are no longer safe; the correctly implemented strong encryption seems fine.

Of course, I got a bit excited: Have the agents finally built operational quantum computers? Have they made some progress that proves that \(P=NP\), after all?

Well, not really. Already the subtitle of the article in The Guardian makes it clear that the weapons that the agencies use aren't some groundbreaking advances in quantum computation or classical algorithms. Instead, they abuse the weaknesses of the human factor. Some big progress occurred in 2010, we're told.

So it seems that $250 million is spent every year to "encourage" the tech companies to insert weaknesses (backdoors and trapdoors) into their products. I suppose that to decrypt a message using state-of-the-art encryption programs, you either need to input a very long nonsensical sequence of characters that changes every day or you have to type "My name is Bond, James Bond". ;-) This sounds like a joke but it may be very close to the truth, too. NSA influences international agreements about encryption standards. Lots of supercomputers are running to break the codes by brute force but this hard work would be useless if the agencies didn't have secret agreements with folks in the tech companies.

Analysts aren't allowed to ask or speculate about the sources of the data or methods used to make the data readable. Having watched many superagent movies and having seen that I couldn't complete, I won't ask or speculate, either. NSA claims that without this control, the U.S. couldn't allow the access to the cyberspace to remain unrestricted. This claim surely sounds tough but it may have a point, too. A GCHQ team works with the "big four": Google, Facebook, Hotmail, Yahoo.

Well, as long as I feel that those agencies don't use their behind-the-scenes powerful tactics to harm free individuals for something that should always remain legal, I find the reports above just a little bit chilling. On the other hand, every capability or influence may be abused and what we're hearing seem to be extraordinary powers, indeed. It still sounds a bit more plausible when these powers belong to institutions whose composition may be refreshed according to the desires of the American (and British) voters.

Does this serious Gentleman have his own capabilities, too?

The British GCHQ seems to be among the "top two". That couldn't stop Dmitry Peskov, a Putin spokesman, from overlooking Northern Ireland and calling the United Kingdom "just a small island no one listens to" that plays no major role in the world politics and whose Chelsea and other upmarket London districts is being bought by Russian oligarchs. Cameron et al. claim that they believe that the U.K. continues to be a superpower. It's up to you to decide whose perspective is more ludicrous. ;-)


  1. Well, such things show that it is high time for the non US world, to strive for getting less dependent on the US concerning access to cyberspace, its functionalities, etc ...

    They US have way to much controlling power concerning these (and other) issues all ower the world, and some US independent alternatives should be built up.

    Inserting back doors into security software by intention and similar things is crimial, every individual who does such a thing would be legally persued rightly so, so these US secret agancies should be severly punished for the damage they do to the rest of the world by their criminal activites too ... !!!

    Having said this I feel better now ... ;-P

  2. Well, maybe, Dilaton, but you could find out that a perfectly resilient system of encryption turns out to be a dangerous weapon as well, one that may be used by people and organizations you can influence much less than the U.S. government.

  3. Sure ...

    But it makes me very uneasy knowing that certain governemental organizations of a single large country have the power to put their nose into the most private business of inocuous people who have never done anything wrong, just want to be left alone, etc ...
    And they most probably make use of this power ... :-/

    Such power should not be in the hands of a single country that likes to try ruling and determining the whole world (I know this particular way of thinking from elsewhere ...), and appropriate measures should be taken to protect the rights of innocent people ...

    I dont like the US dominating cyberspace (and too many other things) like this ... :-/

  4. I do not use any Google services (like gmail etc). I switched to
    I do not have a facebook account. I do not have an Amazon account. I have Skype but never use it to communicate sensitive data. I have a dual system Win7/Mint Linux and use Linux for internet banking.
    Governments all over the world hate internet because they cannot control it so easily as other media. The more totalitarian the government, the more it tries to control the internet

  5. BTW the smile of the gentleman in the last picture looks scary, it reminds me of a Sheldon smile ... :-D

  6. Doesn't our French president make a great war chief?

  7. Yup. Whether there's some broader strategy when to make wars and when not is a different question.

  8. What advantages would France or the US have to put an Islamic government in Syria? We've done it in Lybia and it is a complete disaster...

  9. That's exactly what I meant. ;-)

    Things happening in Syria are horrible but on the other hand, they aren't far from what seems normal over there - to all groups - so a reaction to an evil act that implicitly assumes that the other side would never ever do something like that may lead to some unfavorable developments in the future, not to speak about expenses.

    The people whom Hollande would strengthen by an intervention aren't terribly different from those whom he targeted in Mali.

  10. Precisely ;-)
    (thanks for correcting me... I would have never realized my mistake! -Libya)

  11. There is nothing so bad that you could not find something good in it:

  12. One day, maybe, we will have a giant computer control the Internet without any human interference at all and it will have the power to send over a drone to terminate anyone it considers a public danger. Then all we have to worry about is bugs in the operating system and perhaps something like the scenario from
    2001: A Space Odyssey.

  13. You've done a lot of damage in Syria in the past. To understand the current war, I watched the following documentary

    In it the authors claim that the colonial French rule was similar to Assad in brutality. The French were one of the worst colonialists, very brutal. Only the Belgians were worse. The best colonialists were the Germans. That is at least my impression from my travels in Africa and from studying some history of African colonialism.

  14. Shannon, aren't those evolutions of the role of France funny and ironic?

    Before the Iraq war a decade ago, I would chat with various people who were mostly much more against the war than I was - I had mixed feelings like today.

    I mean folks like Jane Tolmie, a medieval Icelandic BDSM poetry Junior Fellow with black belt in judo. They would also argue that the war would irreversibly destroy the relationships of the US with France and all this stuff.

    You remember those times. Chirac would inform Czechia and other post-socialist countries (which tended to support the US position) that we had missed our great opportunity to shut up. ;-)

    I protested against the arguments about irreversible damage because it sounded nonsensical. And indeed, today, in another war in a nearby country, France is suddenly the greatest hawk, perhaps surpassing the US itself. It's a France with a heavily pro-tax left-wing leader that is dramatically more Hawkish than under a would-be right-wing, would-be Gaullist leader. Ironic. ;-)

  15. This documentary is bad even by the standards of the BBC. First, the narrator is very ignorant. The whole thing is riddled with historical errors of which it is hard to say whether they are just a result of ignorance or tendentiousness. For example, the claim that Constantine the Great converted the Roman Empire to Christianity (rather than just himself) is probably simply ignorance. But forgetting to mention that at the time of the Crusades most of the population of the areas that used to be part of the Byzantine Empire was Christian, sounds like a deliberate distortion. The ignoring of the history of the Assassins (actually the Ismaili branch of Shia Islam), whose stronghold was in Syria is probably ignorance although it is weird. But almost completely ignoring the long period of Ottoman rule, based on the famous Ottoman principle: “One should not involve oneself with the affairs of the Arabs” and the millet system, which is so essential for understanding the nature of all these post-Ottoman lands, and jumping straight into the French mandate (it came from the League of Nations - this also does not seem to be mentioned) and without even explaining how the various powers had long acted as protectors of different religious minorities (the French of Maronite and catholic Christians, the Russian of Orthodox Christians, the British of the Jews) who were all treated as dhimmies by the Ottomans, is again very tendentious. But the worst thing of all is a complete misrepresentation of the nature of the Alawite religion. In fact, when the Alawites were described as simply a branch of Shiite Islam who differ from the Sunni’s in that they believe that Ali should have been the successor of Muhammed, that was the point where I decided to stop watching. If you want to read the story told by a leading historian of Islam, you can find it here:

    You can also read about Alawites on the Wikipedia (look in the faith section) but remember that this section has been heavily edited. It confirms at leas the fact that the nature of Alawite belief is secret (and the long history of the practice of taqquia ) and that alone makes it fundamentally distinct from any “branch” of Islam - in fact Alawites have never been considered Muslims even by the Shia until the current Iranian regime decided to adopt them for political reasons.

    In any case, the lesson of this is: never trust any BBC documentaries except perhaps those dealing with nature.

  16. You are obviously much better versed in history than I am. I found the video informative and enjoyed it. Now I have at least some picture of what is happening in Syria and what factions are fighting there and why. The Alawites are supporting Assad and form 10% of Syrian population. The Alawites were persecuted in the past by the Sunni majority. If Assad falls there will be a massacre of Alawites. The Sunni rebels are partly islamists with ties to Al-Kaida and similar scum.

    I am not sure why the US is pressing for attack. If they remove Assad, Iraq situation could repeat with huge instability and genocides. I do not believe it is about the sarin.

    Concerning the Alawites, here is a nice diagram of the Shia factions

  17. Well, of course, if you read Pipes's account you will see that they have never belonged to the Twelver sect and only a few years ago some Iranian ayatollahs have been induced by the Iranian regime to recognise them as Twelvers, as a political cover for the Iranian-Syrian alliance. The Alawites are, of course, an "offshot" of the Twlevers, but in the same sense as the Bahais and the Ahmadis are "offshots" of Sunni Islam and are considered non-Muslims by all the other sects. It is hard to imagine how a sect that puts Ali above Muhammad (never mind that it considers both divine) can be considered muslim.

    Of course I agree about the point you make that a Sunni victory in Syria means an almost certain genocide of the Alawites and the Christians. The Druzes will probably escape to Israel and Lebanon and the Kurds with the help of the Iraqi Kurds will be able to defend themselves. The consequences will be horrible. But a victory for Assad and Hezbullah will be even worse. There will be not just a massacre but also a massive Iranian victory that will be followed by a massive war. So logic suggest the US has only three sensible choices. One, that it will surely not take, is to destroy first Assad and then the Sunni extremists. There is no need, I think, to explain why this choice is extremely unlikely to be made. The second choice is to wait but make sure no side can win and the war continues until exhaustion. The problem is that Iran will certainly get more and more deeply involved, both through its Hezbollah proxy and directly so at some point another choice will have to be made. The only other choice is to attack Iran. Of course one could hope that if the war continues for another 3-5 years and Iran is pulled in, the Iranian economy and the regime will collapse but by that time Iran will have nuclear weapons and the regime may not be willing to go out with a whisper rather than a bang.

  18. Snowden should get some kind of positive reward from what he has done. Nobel peace prize would be appropriate. NSA and CIA has spent billions and billions dollars and the gain is a bull's shit :D Fucking clowns! Scaring people works always, ask from IPCC! It's a free money!

    Hey NSA wankers, you should read some of my papers. There is some pretty interesting information on antimatter bomb developing ;-) It's much easier than in conventional nuclear weapons.

  19. Dear Lubos,
    that is a good point. Still I think if somebody is not too dumb and wants to communicate with practically unbreakable encryption and can spend just a little bit of ressources on it then he can do it. I find it unlikely for example that an open source program like PGP running on Linux has any backdoors in it. And if this seems too uncertain then you can always go back to the public information about the well known encryption algorithms and implement the favourite one yourself (or hire a programmer). Just I am not sure if all the Dschihadists behave in this way.

  20. Oh, come on! Saying P=NP doesn't mean you can crack any code! I had a discussion with a colleague once who said that P=NP would mean that writing a book should be as easy as reading one... This is so NOT true!...

  21. I agree with your analysis of the French surprising change of role ;-)
    France and the US will always be friends no matter what. As we French said during the Iraq war: speaking our mind is what friends do to each other, even if it creates strong disagreement. There was never any doubt among the French people that the US were still our friends, even if they pretended to hate us with their "freedom fries" etc. The thing that both leftists and rightists have in common is that they want the "grandeur" of France. It is in every speeches of every political parties.
    In the case of Syria I believe that Hollande and Obama are just trying to save what can be saved from their own image. It's all about control damage now.
    PS. Like Jane Tolmie I did judo as a teenager for 4 years which got me a blue belt. I remember my first judo body contact with that boy. It was... fun. ;-)

  22. Yes French colonialists were brutal but hey that's the way to be when you want to rule a country that is not yours ;-) . Germans colonialists the best?? Haha...

  23. I believe you are mistaken about the Bahai'i being an offshoot of Sunni Islam, they formed in Persia and so would be more accurately called a heresy of Shia Islam.

    BBC produces good wildlife documentaries but their natural science programming is apparently getting worse:

  24. You are completely right about the Bahais - I wrote that without thinking. Thanks ;-)

  25. lots of FB & Twitter traffic about Snowden/NSA scandal

    Welcome to the Machine [ Power, Dominion, Taking ]"

    "By definition, a government has no conscience. Sometimes it has a policy but nothing more"

    "The welfare of the people has always been the alibi of the tyrants"
    -- Albert Camus

  26. Yes and it is a simple strategy Lubos. In France the government decides to go to war when it is time to distract its citizens attention from the unemployment, taxes and deficit that keep climbing, and from Hollande's approval ratings, which soon will reach single digit numbers.

  27. You're a day late and a dollar short with that comment. And you should've known it.

  28. Yeah, you can delete my post if you want, I saw the link just a couple of minutes later...

  29. You are quite right Dilaton. Imagine what Nixon would have done with such tools as the NSA now has at his disposal? And if these idiots believe that weakening the cryptographic standards will benefit them in the long term they are severely misguided.
    Also, their hypocrisy is limitless - to think that not so long ago US lawmakers were accusing Huawei (chinese telecoms) of being a security concern, and successfully shutting them out of the US market, for fear of backdoors in their equipment. I guess they knew what they were talking about. And you now have to wonder if the real reason wasn't that Huawei was the only company which refused to install a NSA backdoor in their routers.
    Well I think I'm going to buy a Huawei router now, I don't care too much if the Chinese read my emails 8).

  30. Why would an Asssad/Hezbollah victory in Syria necessarily lead to a massive war? It would be, in effect, largely a continuation of several decades of recent history. Such a situation could remain fairly stable once things settle down.
    Regardless of what the US does it seems certain that the West will remain spectators for the most part in this horror. Of course a massacre will ensue following the victory of either side.
    Hezbollah’s interests are far from being in line with Assad’s and they will become wary friends, not conquering hordes.

  31. You are right, of course, Shannon; France and the US will always be friends.
    It does seem that when the leader of any country finds himself in a weakened position he looks for an external enemy to attack or, at least, to threaten. It has always been so.

  32. Dear Mikael, well, the two of us could probably do it, after lots of work. But the point is that the thousands of men who want to derail trains or bomb marathons cannot do it.

    I actually doubt that e.g. Al Qaeda as a whole organization has algorithm experts who would be able to prepare such information protocol that is independent of the products already made functional by someone else.

  33. Dear Andrei, I completely agree with you. The blog post linked above *.de is supposed to demonstrate it. ;-)

    What I wrote in this blog entry wasn't what you criticized. I didn't want to imply that they're the same problems. Still, cracking NP-complete problems would be a proof of P=NP and proving P=NP may be either equally hard or just a bit easier but it's still hard by today's standards, especially because many people who should try to find a solution believe that P isn't NP.

  34. You are completely missing the point and the fact that you do not mention Iran, without which none of this would be happening shows that you have not been paying any attention.

    Syria and Hezbollah are merely pawns of Iran - it's all about Iran's ambition to dominate the area. Iranian victory in Syria will be a deadly threat both to the Gulf states and to Israel (except that it is impossible) to imagine the Gulf States taking on Iran militarily) and a existential threat to Israel (where it is perceived as such even if you imagine you know better).

    Both Lebanon and Iraq and probably Bahrain would fall under Iranian domination, and the same sort of war that is now going on in Syria would spread there. All of that might not be a reason to care if the world had enough oil by then- which is not going to be the case by then, but there an even more important reason to worry. There is no doubt that an all out Iranian-Israel war will almost certainly follow an Iranian victory in Syria, and by that time Iran will posses nuclear weapons.

    You may be sceptical and think the West should take a chance but it would a considerably more risky and stupid thing to do that was letting Hitler take the Sudetenland and think that "situation could remain fairly stable once things settle down".

  35. Oh don't worry! It will all be paid for.

    “With respect to Arab countries offering to bear costs and to assess, the answer is profoundly yes,” Kerry said. “They have. That offer is on the table.”

  36. I have always believed that the US should form a Foreign Legion to do their fighting oversees. There would be plenty of volunteers: it is one of the "dirty secrets" of our culture that the Legion is oversubscribed, and when there is any serious fightings the number of applicants skyrockets. The Legion has lots of advantages over the US forces: the legionnaires fight better, they don't betray their colleagues, they don't appear on TV as experts on strategy, don't call others "chicken hawks", and so on. Nobody protests when they get killed (which is after all, a possibility that everyone who joins the Legion knows about) and they could be rented out to others for profit.

    And finally, last but not least, they have much better marching music:

  37. A cynic might say that the reverse of your proposal is taking place: U.S. is serving Saudi Arabia as a (well-compensated) foreign legion.

  38. One problem with that is that it is not quite clear who has been "well compensated" (so far anyway). No doubt some individual Americans have been compensated quite well but not necessarily the US as a country. For all the screams of "no blood for oil" the US has got precious little oil for all the blood and money spent in Iraq.

    Of course the question of how much "blood" is worth is relative. The Americans believe they paid too much in Iraq but their losses in 10 years of war were lower than, (for example), those of the Wehrmacht in its 1939 blitzkrieg of Poland that lasted just over one month.

    People who join the Foreign Legion are in effect selling their blood and not even for money (they are not that well paid) but for other things, like the excitement, chance to prove themselves, French citizenship etc. No point saying later that when you signed your contract you only expected to shoot at others and not to be shot at yourself.

  39. That was a good discussion that I missed. I hope the subject of the role of "consensus" in science, especially in making conjectures and hypothesis will come up again (and I don't mean the kind of "consensus" that is supposed to exist in "climate science"). On the whole, in a solid and well working science, the consensus should be right more often than not (because of the accumulated experience and knowledge of the scientific community) so going "against the consensus" should carry more risk of failure but also greater rewards when it turns out that the consensus was wrong. I would consider a proof that P=NP as a greater achievement than its opposite, precisely for this reason.

  40. I am no Middle east expert but you might be demonizing Iran a little bit. Just because Bush said it is part of the Axis of Evil doesn't mean one should take such war propaganda talk seriously.

    Iran is mostly secular, Iran has an educated population and a tradition of liberalism. Talks about "erasing Israel from the map" are probably not meant seriously, they are meant to impress the Islam public (western politicians make sometimes similar statements). Even if Iran developped nuclear weapons, it would not use them. Despite some propaganda, the leaders of Iran are not that crazy.

    The biggest problem in the Middle East is imho islamism, i.e. a medieval primitive religious ideology. Removing secular regimes and giving the countries to these medieval primitives is no good idea.

    And yes, the superpowers interest in these regions is primarily about securing access to oil, that means that the US is taking all these talks about the oil shale reserves not that seriously.

    BTW: what is the relationship of Russia to Iran? The Russians obviously want to keep Assad in power, does that mean that they support Iran and we see some continuation of the Cold War?

  41. Any country with deliverable nuclear weapons is, by definition (at least mine anyways), a superpower, at least a military one. Just like Thacher once said about Russia, "a third world country with 1st world weapons, if GB is not a superpower, then neither is Russia. Of course I realize that this makes Israel a military superpower as well.

  42. I have some personal experiences with people from Israel and from Iran (tourists, coworkers). I must say the Iranians were always the nicer and friendlier people and by no means religious fanatics. The Israelis were mostly arrogant, obnoxious and rude with a special sense of false entitlement. So my sympathy for Israel is not very high (I am not antisemitic, I am describing my general impression about a nation based on my encounters with a couple of dozens of its representatives - mostly tourists). Their Hebrew religion is just as deluded as any other religion and the Israeli religious leaders are just as fanatical as the Muslim leaders, believing in the special role of Jews in the world. No wonder Einstein distanced himself from these people and refused to become a president.
    These jewish fundamentalists shape the policy of Israel in the same manner as similar fundamentalists in Iran or elsewhere in Islamic world. But hate multiplies hate and violence mutliplies violence and after some time, no rational discussion is possible. Fundamentalists on both sides create hell for the ordinary people. Israel is certainly not just a poor victim of Arab agression. What the Jews experienced in Europe during the diaspora, they created for the Palestinians.

    Here an oppinion of a CIA analyst on demonisation of Iran

    And it was the West (CIA) who put Khomeini to power by trying to interfere. These intererences can have some unexpected consequences and the consequences might not always be pleasing.

  43. Your arguments, based on which tourists you found friendlier or the fact that Einstein did not want to be president of Israel are too much below the average level of this blog to be worth answering. Therefore I will leave this task to whoever finds it worth his while - I have still to finish grading a make-up exam in analysis for computer science students (who failed the first one). It is very irritating reading so many stupid answers but not as much as reading your posts on this subject.

    I will just mention one issue, connected with religion. I have never been religious in my life and I don't view myself as a Jew (my father was Jewish but I was brought up without even knowing this) but there is an enormous difference between both Judaism and Islam and the position of religion in Israel and Iran.

    As for the former, it should be enough to point out that according to the Jewish religion, even someone like you will go to heaven provided you don’t do something really appalling like murder someone. In fact, the Gentiles in order to go to Paradise need only observe the 7 Noahide laws ( ) so that should be easy, particularly that none of them requires one to be intelligent. On the other hand, according to Islam you are bound to go to Hell unless you become a Muslim and moreover, (and this is the difference between Islam and Christianity) unless you are one of the “People of the Book” (whose life can be spared on the condition of accepting perpetual humiliation) it is the duty of every Muslim to help you along on your way to Hell. That’s quite a difference, wouldn’t you say?

    Secondly, the position of religious leaders. While in Iran the most extreme ones of them wield absolute power, in Israel not only they are out of power but actually most of them don’t even accept the state of Israel and the craziest of all share your view so much that they even visited Iran at the invitation of Ahmedinejad ( )

  44. Mephisto, do you read Iran Press TV?