Slashdot Mirror
New Software To Balance Privacy and Security?
An anonymous reader writes "Claiming to provide both security and privacy, researchers at UCLA say they have developed a system to monitor suspicious online communication that discards communications from law-abiding citizens before they ever reach the intelligence community." From the article: "The truly revolutionary facet of the technology is that it is a new and powerful example of a piece of code that has been mathematically proven to be impossible to reverse-engineer. In other words, it can't be analyzed to figure out its components, construction and inner workings, or reveal what information it's collecting and what information it's discarding -- it won't give up its secrets. It can't be manipulated or turned against the user."
It also means that lawful citizens who do fit the parameters are reported on. The same as if the agencies are grepping.
a savvy person may be able to tell that the program is running in the background ... by distributing this software all over the Internet to providers and network administrators, you can easily monitor a huge data flow
How will this software be "distributed"? Virus? Payload in a Sony rootkit? Thousands of patriotic sysadmins? Plenty of potential for evil to be done here!
Paid Q&A/Research
If that isn't putting the priest in charge of Sunday School, I don't know what is.
The problem is not Privacy vs. Security. You will never have Security. Not yours. You can have privacy, though.
The problem is, and always has been, balancing privacy and convenience.
This new development both scares and encourages me. This is a step forward in surveillance, which involves watching people, eventually probably watching all of us. Fortunately, though, that would have an upside in that people can't get away with things when they're caught red handed... Unless they have some really good lawyers. Anyways that's just my two cents.
So, it collect all data fitting into the criteria set by the agency without any chance of anyone ever knowing what those criteria were? How is the "law-abiding" citizen to know he's not accidentaly fitted one? They say it improves privacy, but it actually removes it, since you can never know you've not been deemed a "terrorist".
So, when I take my case to court, that they're illegally intercepting my communications just to look for dirt to ruin my political campaign, it's impossible to reverse engineer and prove that they were only looking for terrorists?
I mean, the captured documents could already have been altered, no way to prove that they didn't, now.
Not to mention the way it works amounts to what is essentially an eternal wiretap of everyone, guilt, innocence and suspicion matter not.
-- javaDragon is an instance of JavaDragon.
Mrs. Buttle. And the Agency will compensate you for any errors, should we determine we are capable of one.
Secret evidence, secret law. secret court. Secret Government.
So, it has been mathematically been proben impossible to reverse engineer... has it also been mathematically proven impossible to socially engineer?
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
And who gets to define what a "law abiding" citizen is? It may be OK now but what happens when the law is that you do not oppose the state, whoops, too late, there is already the infrastructure in place to find out where those damned pro-democracy scum are and what they are upto.
Next, when we're all watching TV and doing our VoIP on the net, all have our home security systems on the net then the government 'sees' everything, 'knows' everything and you have entered into the police state where you can't even move without it being reported on.
In other words, it can't be analyzed to figure out its components, construction and inner workings, or reveal what information it's collecting and what information it's discarding -- it won't give up its secrets.
Maybe they have a mathematical proof that makes reverse-engineering impossible. Fine. But it is still possible to find out what it does in practice, since the nature of the data it processes is known. Just run it in a simulation and see what it does. No reverse-engineering required. From there onwards, it can be turned against the user and manipulated.
Lesson: Mathematical proofs are fine. But they have a specific scope. Not understanding that scope makes the proof useless and can result in faulty claims about how possible or impossible something is.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
If it can be run, it can be read. If it can be read, it can be decompiled. If it can be decompiled, it can be understood.
The core claim in the article is that an attacker with access to the code has no possibility of knowing if a given input will be flagged or not. I can see how someone with access only to the data storage could be prevented from knowing if the gigabyte of noise it stores just changed randomly or if his message was stored there in public key encrypted form. I can _not_ see how the applying of selection criteria can be hidden from someone with access to the code. The code _must_ make the decision on whether to save something or not.
How much you want to bet that some of the criteria include using encrypted communications and annonymizing proxies and other legitimate security measures that people will start adopting exactly because this kind of snooping system exists? It's a self-fulfilling prophecy.
Slashdot needs a "-1, Wrong" moderation option.
The Urban Hippie
...it is a new and powerful example of a piece of code that has been mathematically proven to be impossible to reverse-engineer...
Brrrrrr.. spooky! This sounds like an incredible misinterpretation of whatever the original paper/research is actually doing though. Devices may be reverse engineered without even looking inside if you have access to its inputs and outputs and can continually test and hypothesize and retest, etc. A device that distinguishes between 'evil' and 'regular' packets (as input) and outputs a bit that indicates 1='evil' or 0='not evil' (or a floating point degree of evil, say..) is no different. If you have access to the code that runs this particular device running on a router or somewhere packets drift by then obviously the situation can be no worse. I'd definitely like to see the link to this mathematical proof..
Which CPU does it run on?
Which executable format does it use?
Unless its running on dedicated hardware with really strong encryption (and even then, thats no gaurantee), it is possible to reverse engineer any piece of code piece by piece (for example, start with the first instructions the program executes and unwrap it from there). If you wanted to go deep, you could use an ICE or similar (or a software emulator with a built-in debugger that cant be detected from the emulated side)
http://www.research.ucla.edu/tech/ucla05-487.htm
How can they claim it has been "mathematically proven to be impossible to reverse-engineer" without having first submitted the code to peer review? My house can be mathematically proven to be impossible to break into. But tell that the the guy with the ski mask and the crow bar.
I am a leaf on the wind. Watch how I soar.
For crying out loud, this is spyware, by definition.
Lacking <sarcasm> tags,
methinks this will be stuck into VISTA and possibly forced onto XP users via a mandatory update.
Donald 'Duck' Dunn: We had a band powerful enough to turn goat piss into gasoline.
Isn't this like profiling? Everything can be reversed. Just wait until the dark side gets a hand in this.
If you have a stomach for cryptography this is the research paper that triggered these claims.k eith.pdf
There is nothing in there about particular software, but it is not surprising one might dream up these claims.
http://www.cs.ucla.edu/~rafail/PUBLIC/Ostrovsky-S
This new software selects which communications are of interest to the intelligence community using an undisclosed algorithm. This algorithm "cannot" be reverse engineered. We just have to take the government's word for it that the selection criteria are correct and are unrelated to anyone's personal or political agendas. This will somehow "may ease some of these privacy concerns by making the tracking of terrorist communications over the Internet more efficient, and more targeted, than ever before."? I don't know about you, but it doesn't ease my concerns in the slightest. Just the opposite in fact.
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Anyone want to bet that this "amazing, mathematically proven impossible to reverse engineer" software is going to implicate at least a few innocent people? A major part of the 9-11 problem was that the CIA had all but abandoned human intelligence in favor of the computerized variety. Computers can prove a lot of intel, but only so much and an agency that doesn't rely on agents and contacts in the field is one that'll miss key intel that could be disasterous. Only humans at this point can use intuition. We need that intuition in order to piece together intelligence reports correctly.
This software will only contribute to the "if you have nothng to hide, you have nothing to fear" mentality. People will ask why you showed up in the sweep if you aren't hiding something. Things like this just undermine guilty until proven innocent and will only serve to make our agencies lazier, not more efficient.
...said Ostrovsky, before running away in terror from a white cockrel and a plate of beans.
Many commenters are claiming "it is always possible to reverse-engineer a program!," using such reasons as "you can always watch the processor perform the instructions and eventually figure it out."
Let me tell you, as a cryptographer, that these claims are false. The recent field of program obfuscation gives surprisingly strong ways to prevent reverse-engineering, in a very rigorous and strong way.
Not every program can be obfuscated (this has been proven). However, programs that fit a certain template (like: "check if the input string matches the user's password") can be obfuscated. What this means is that you can give the program's entire code to the adversary -- he can run it on his own computer (no DRM required) on whatever inputs he likes, alter it, stretch it, twist it, whatever. After all this he still will not be able to guess the password, any more than if he had some mathematically-perfect black-box that truthfully answered the question: "is [X] the password?" (Actually the definition is even stronger than this, but that's the gist of it.)
Yes, this seems extremely hard to do -- after all, the adversary has complete and total power over the code that is running. Yet it can be done, rigorously and provably, if you're willing to believe that there are some number-theory problems out there (like RSA) that are hard to solve.
For the work described in the article, it sounds like the "black-box" does something like the following: if your input string contains some "watch words," then the output is the same as the input, but encrypted under the government's key. If your input string is "benign," then the output is just "THIS WAS A BENIGN INPUT", encrypted in the government's key -- i.e., it ignores any benign input and replaces it with a placeholder. By running the obfuscated program and looking at the output, you can't tell if the input was flagged or not. Even while watching the program run, you can't tell if the program is flagging the input or not (or learn anything about the government's key). When the government collects the output and decrypts it, it only sees the flagged inputs, as the rest have been ignored.
As I've said, none of this depends on the program requiring any DRM or TPM or any other specialized hardware. It only relies on the mathematics.
> For crying out loud, this is spyware, by definition.
No, spyware by definition runs on the user's computer. I don't think that's the case here.
Cut that out, or I will ship you to Norilsk in a box.
If this can be done, and i see no reason why it cannot, then wait till the bad guys find out how it works and start to make worms that cannot be reverse-engineered.
Oh brother.
This has been another valuable and informative opinion from:
Catahoula!
Uh, have we entered some new bizarre Orwellian Twilight Zone? So basically an uncrackable secret black box that the government can install on any machine to intercept any traffic with no ability for the surveilled party to repudiate the content (or perhaps even be aware of the surveillance?) is somehow a win for privacy? WTF.
BREAKING NEWS. The government has devised a fool proof plan to protect your privacy. They will simply garrison an intelligence agent in your house recording everything you do to make sure that the government doesn't inappropriately invade your privacy. (for your own safety please do not attempt to resist; you will have to be beaten to protect your own privacy, after which you will be dumped in a shallow unmarked grave - again for your privacy)
It's 10 PM. Do you know if you're un-American?
> "...researchers at UCLA say they have developed a system to monitor suspicious
> online communication that discards communications from law-abiding citizens
> before they ever reach the intelligence community."
"Law-abiding": which laws might that be? The laws intended to prevent disruption of society, like the ones used to jail many civil-rights activists in the 50s and 60s? The laws that declared a black man couldn't marry a white woman? Or the ones that declared a woman can't own real property?
Some of the very -best- people are by definition lawbreakers.
> From the article: "The truly revolutionary facet of the technology is
> that it is a new and powerful example of a piece of code that has been
> mathematically proven to be impossible to reverse-engineer.
That's a very broad statement. I haven't read the proof, so I can't say they're wrong. I will just point out that there are things "proven mathematically" in consumer statistics everyday that just aren't so. There is a difference between "mathematically proven" as used in colloquial speech and "a mathematical proof."
I wonder which this is?
Sounds like Famous Last Words...
If you disagree with me on social issues, then it's pretty clear that you are a narrow-minded bigot.
Parent is correct.
If I understand this correctly, if it's running locally, you can be spied upon successfully, because encryption prevents you from analyzing the operation of the program, yet it has access to all your data (presumably including encryption keys):
This would necessarily rely on some hardware support, a la "trusted computing"; otherwise you could get at its keys eventually.
But it would be easy to evade if you control and can trust your own hardware - just prevent it from running locally. If it's running elsewhere, say at the ISP, then use a clean-built system, and encrypt your communications, and the bad guys - i.e. NSA spies, Bush administration, etc. - can see what addresses you connect to, and file sizes and such but not the contents.
Well, yes, but adept targets can avoid having their data intercepted, by the precautions indicated above, unless they run compromomised systems like Vista or TC-supporting OS's with TPMs.
http://www.cs.ucla.edu/~rafail/PUBLIC/Ostrovsky-Sk eith.pdfk eith.ps
Postscript: http://www.cs.ucla.edu/~rafail/PUBLIC/Ostrovsky-S
"Because the code cannot be analyzed, terrorists using the Internet to communicate will never know if the filter has pinpointed their data or not."
Uhm, excuse me, but this is exactly the situation right now. Since when do terrorists ever KNOW that security is on to them until they're caught? Terrorists take precautions against being detected by ANYTHING. Terrorists with the slightest brains do not talk about operations in the clear at any time. What then is this software supposed to detect? Where is the benefit?
Supposedly the benefit is that "harmless" communication is never seen by the Fed. Bullcrap. The parameters of the software are SET by the Fed - they can see anything they want. That's obvious from the article as it glosses entirely over the matter of "criteria" in the first place.
This software would only be safe in the hands of someone who IS safe. In the words of the DRM enthusiasts, it only "keeps honest people honest." And since the criteria is changeable - as well as the appointment (or election) of the people who set the criteria - this is no security at all.
In the hands of George Bush, Dick Cheney and General Hayden, you're screwed, blued and tattooed.
This is nothing more than a propaganda piece put out at this time because Bush is in danger of being impeached over the spying issue. That's the bottom line.
Richard Steven Hack - This sig is TOO GODDAMN SHORT TO DO ANYTHING USEFUL WITH! MORONS!
> Not every program can be obfuscated (this has been proven). However, programs that fit a certain template (like: "check if the input string matches the user's password") can be obfuscated.
:)
That doesn't seem very new or very useful, really. Moreover, even with salting, you'd have to think that dictionary attacks were quite feasible. For example:
#!/usr/bin/perl
use warnings;
use strict;
my $hash = "paaTTskLMsSEI"; # If you can't crack this you suck
my $guess;
print "What is the password? ";
chomp ($guess = <STDIN>);
# I prefer disambiguating parentheses to going without warnings & strict.
print (((crypt($guess, "pa") eq $hash)? "You guessed it!" : "Nope!"), "\n");
exit 0;
There is no tradeoff between privacy and security, so there is no need to "balance" them. An individual is not secure if their privacy is being routinely violated.
The tradeoff is between privacy and totalitarianism. Solutions that attempt to split the difference are not helpful.
Get your teeth into a small slice: the cake of liberty
If it's running elsewhere, say at the ISP, then use a clean-built system, and encrypt your communications
And not get a routable IP address at all because your PC doesn't have an active TPM.
"Any sound that Winston made, above the level of a very low whisper, would be picked up by [the telescreen], moreover, so long as he remained within the field of vision which the metal plaque commanded, he could be seen as well as heard. There was of course no way of knowing whether you were being watched at any given moment. How often, or on what system, the Thought Police plugged in on any individual wire was guesswork. It was even conceivable that they watched everybody all the time. But at any rate they could plug in your wire whenever they wanted to. You had to live -- did live, from habit that became instinct -- in the assumption that every sound you made was overheard, and, except in darkness, every movement scrutinized. "
--George Orwell, 1984
Anyone see a parallel here? A black box that watches everything you do, with no way to know whether what you are doing is ThoughtCrime or not. Way to safeguard my privacy and rights.
**** You never REALLY learn to swear until you own a computer. ****
I've an idea then for how to circumvent this, that doesn't require defeating the mathematics involved.
Alright, so say you're running this software for whatever reason, maybe just to keep up appearences. But you don't want your traffic flagged, and you don't want to filter at the router. We can still decompile though. So... What about extracting the placeholder and the public key, then replacing the software with your own version that ALWAYS outputs the encrypted placeholder regardless of the input?
Just a thought, thanx for your attention.