How To Foil NSA Sabotage: Use a Dead Man's Switch

mspohr writes "Cory Doctorow has an interesting idea published in today's Guardian on how to approach the problem of NSA 'gag orders' which prevent web sites, etc. from telling anyone that they have been compromised. His idea is to set up a 'dead man' switch where a site would publish a statement that 'We have not been contacted by the government' ... until, of course, they were contacted and compromised. The statement would then disappear since it would no longer be true. He points out a few problems... Not making the statement could be considered a violation of disclosure... but, can the government force you to lie and state that you haven't been contacted when you actually have?" Rsync.net has been doing this for years; rather than the statement disappearing in case of an NSL being issued, it simply would stop updating. Indeed, their canary text also points out the same possible flaws: "This scheme is not infallible. Although signing the declaration makes it impossible for a third party to produce arbitrary declarations, it does not prevent them from using force to coerce rsync.net to produce false declarations. The news clip in the signed message serves to demonstrate that that update could not have been created prior to that date. It shows that a series of these updates were not created in advance and posted on this page."

What do you mean by "can"?

[kju]

can the government force you to lie and state that you haven't been contacted when you actually have

As we should have learned, the government by large does not care if they "can" (in a legally sense), they just do it. But if necessary: Those rubber stamp courts will surely find a way to make it happen in a way which is legal on paper.

Re:What do you mean by "can"?

[Joce640k]

All these tricks are just wishful thinking.

If other people learn you've been contacted then you're guilty no matter how you did it - by telling them or by stopping updates to a web site. It's all communication.

Re:What do you mean by "can"?

[FriendlyLurker]

Speaking of foiling NSA and other of the worlds shadowy sky organizations shenanigans, there are some great ideas floating about like this one posted a few NSA stories back by Anachragnome: "The NSA has made it clear that making connections--following the metadata--is often enough to get an investigation started. So why not do the same thing? Turn the whole thing around? Start focusing on their networks."

A sort of They Rule type network connection analysis on lists of people involved, start tallying connections and contacts build dossiers and trust-worthiness - combined with dead man switches for websites and professionally shunning anyone/organizations that have worked to subvert the security of the internet in favor of spying and undermining the social contract of the internet.

In related news Reddit co-founder was exposed as wanting to sign up and use Reddit/his reputation as a mouthpiece/research partner for Stratfor. Stratfor turned him down they already had people from the social networking world working for them apparently. Given Slashdot appears to give regular airtime to well known warmongering trolls, will anyone be surprised if most sites like Slashdot are already on the payroll...

The truth, it's just a leak away, it's just a leak awaaay....

Re:What do you mean by "can"?

[TWiTfan]

Agreed. In an America of secret courts, indefinite detention without trial or habeas corpus, secret police who prohibit you from even telling anyone they've contacted you, etc.--the concept of "proving yourself innocent" is laughable. "Because we said so" is the only charge the feds need anymore. Everything else is just dressing.

Re:What do you mean by "can"?

[Defenestrar]

In the case of a signed (and dated) statement, you still hold the controlling factor and would necessitate coercion on the behalf of the other party. If the other party (government or individual) is willing and able to bear sufficient coercion upon you to acquiesce to perjury, than the system fails. So, one should only implement such a model if one believes that the level of coercion is within the limits of one's conviction to resist - otherwise you're setting yourself and your "trusted" parties up for compromise.

A "dead man switch" system like this certainly lends itself to a civil disobedience of passive resistance in the tradition of Gandhi, and MLK Jr. But what level do you go for? If I recall right (and strongly paraphrasing), Gandhi's solution to the atomic threat was to allow yourself to be nuked so that the children of the "victor" would express enough horror at the methods that they would reject the philosophy used for the strike and therefore giving the "victim" the final moral victory. Personally, I suspect that I am vulnerable to coercion threatening the annihilation of my entire nation - and probably even a lesser version closer to home.

One thing I've learned about the country with the Bill of Rights is that there are times when the government does exceed its authority, and sometimes even the courts rubber stamp it (although not always - look at Jackson and the Supreme Court), but ultimately a correction factor is applied. Sometimes this is a groundswell of public ire, a brave confrontation like Ed Murrow, and often a combination of the two (i.e. civil rights in the '60s). Although occasionally, due to lack of notoriety or some such, the lesson isn't completely learned until the next generation reads it in their history books (i.e. syphilis study).

Finally, one also need to make sure that anyone else with the authentication to substitute for you holds the same convictions. For example, Thoreau only spent the one night in jail because someone else paid his poll taxes.

Re:What do you mean by "can"?

[Lumpy]

Secret? They do that openly. It is common knowledge they can jail you forever without trial or even telling you of what crime you may have violated. And the American public love it because it's "fighting terrorisim".

Secret means it's hidden, All of this is out in the open and publicly accepted.

Re:What do you mean by "can"?

[mounthood]

As we should have learned, the government by large does not care if they "can" (in a legally sense), they just do it. But if necessary: Those rubber stamp courts will surely find a way to make it happen in a way which is legal on paper.

Techies never seem to understand this, even though they read it over-and-over: the law is not a set of rules you work with, "it's the chain I go get and beat you with 'til ya understand who's in ruttin' command here." If an NSL isn't the right excuse, they'll make another.

Re:What do you mean by "can"?

[Defenestrar]

... The truth, it's just a leak away, it's just a leak awaaay....

And if you have potatoes, then the truth can bring some awesome soup with it

Re:What do you mean by "can"?

[BrokenHalo]

If I recall right (and strongly paraphrasing), Gandhi's solution to the atomic threat was to allow yourself to be nuked so that the children of the "victor" would express enough horror at the methods that they would reject the philosophy used for the strike

Trouble is, the history books tend to be written by the victors.

...Although occasionally, due to lack of notoriety or some such, the lesson isn't completely learned until the next generation reads it in their history books...

And given that so many people increasingly do not read at all (except in gobbets of 140 characters), I don't hold out much hope that their attention span will accommodate a book of any length.

Re: What do you mean by "can"?

[dave3548]

No, we don't "love it", we're appalled, angry, embarrassed and saddened. Trust in government is at an all-time low.

Re: What do you mean by "can"?

A somewhat vocal minority think the government has gone too far in its war on terrorists. Perhaps you remember the TSA's short-lived attempt to relax restrictions. My local news never has any trouble finding a member of the public willing to say how much safer they feel each time a government agency proposes a new search method or new restriction.

Slashdot is a libertarian-leaning echo chamber and not representative of America.

Re: What do you mean by "can"?

[wvmarle]

No, we don't "love it", we're appalled, angry, embarrassed and saddened.

No doubt there are also in the US many people who are appalled, angry, embarrassed and saddened about these indefinite detentions. However there are obviously not enough of them. Not enough people in the US that really want it to be changed, not enough people there that go to the streets and protest against those human rights violations, not enough people there voting for politicians who make fixing it their primary item.

Most of the rest of the world wants it to be changed. I really hope you guys can fix this issue, instead of trying to make such behaviour the norm and pull more and more other countries (most notably in Europe) into this.

Trust in government is at an all-time low.

Do you have anything to back up that claim? Or is it just your personal opinion?

Re: What do you mean by "can"?

[Lumpy]

Yes you do. I was born and raised in the USA and most everyone I meet approves of everything that they do to fight the boogymen.
It is RARE to find someone that actually wants the govt to follow the constitution.

Re:What do you mean by "can"?

[Somebody+Is+Using+My]

Sadly, this is the state of the country that I was once taught was supposed to stand for freedom in the world.

Fortunately, it actually isn't.

That is not to say that there are not some decidedly concerning excesses being committed by the government and its partners. From overreach by the executive branch, to undisciplined agencies like the NSA running havoc across our Constitutionally-protected (but not granted, important difference!) rights, down to the increasing aggressiveness of our police force, there are undoubtedly serious problems we as a nation need to face up to and rectify. These symptoms are indicative of a very worrying trend and it is right for Americans - and, indeed, citizens across the world - to take note of and speak against.

But even cynical as I am, the despairing belief that the United States of America is currently little more than a well-disguised police-state is so blatantly false to anyone who lives here as to be laughable. I'll not deny that we might one day end in such a place and we must fight against it. But America still remains a bastion of freedom and while it may no longer be a beacon guiding others, it still shines brightly enough. That we can have this conversation without fear of retribution at all is testament to that fact. That (barring a further slide into tyranny) I expect to go through my life without worrying about ending up in a gulag for my particular beliefs is a testament to that fact. That I have an opportunity - however slight it may be - to help change the direction of this country should I chose to do so is testament to this fact.

I still believe - contrary even to my expectations - that most Americans hold true to the ideals of this nation and would, given the chance, work to correct this nation onto a more favorable path. This even includes many of those we've granted positions of authority over ourselves. But between the vast bureaucracy of the government, the confusing melange of messages we get from the media and the self machinations of corporations, it is easy for these same Americans to feel powerless and so they do nothing. It's less apathy than a lack of a clear direction; they want to keep this country true to its ideals but do not know how - and worse, do not believe they can effect a change.

So rather than despair I encourage people to remember what makes this nation great and fight against those who would destroy it for their own short-term gains. Don't just accept the status quo or through excess cynicism allow justice to slip through our fingers. Speak out against these illegal actions, both to fellow citizens and to your representatives in both the state and federal governments. More to the point, do not through inaction be an accomplice to such un-American activities such as the NSA has been enacting; take a stand against them. You don't have to directly oppose them, just don't be their agent; if there are those who wish to subvert the ideals of this nation, make them do their own dirty work. Even if your tiny resistance barely slows down the behemoth, combined we can force a new and better direction for this country. It's also why people in authority fear the Internet and strive to suborn its intent; it allows a collectivism amongst citizenry that has never before been possible. Use this great tool to encourage others - with words and ideas - to strive towards the great dream of America rather than merely accept an "inevitable boot to the face forever".

This nation is at a critical juncture and our leaders are either unwilling or feel unable to enforce a change. It's time to remind them who truly wields the power in America - its citizenry. Don't mourn the passing of our freedoms before we even lose them; instead, stand up for those freedoms and warn those who would take them away that's not where we want this country to go.

Re: What do you mean by "can"?

[Jawnn]

No, we don't "love it", we're appalled, angry, embarrassed and saddened. Trust in government is at an all-time low.

I beg to differ. You and I may be appalled, angry, embarrassed, etc., but the American public, in general, seems quite content to let their government continue the ass-ramming they've been giving to our Constitution since 2001.

Re: What do you mean by "can"?

[celtic_hackr]

You all seem to miss the important aspects here.

1) Most Americans I talk with, who know about these things happening, hate everything that is going on.
2) But a good number of people aren't paying attention to most of it. My wife, and most of my close family, being among them. And these people don't want to know, because they know they'll get upset and frustrated about it.
3) Among those who know and are disgusted, few complain about it except to friends. Why, because, most of this activity doesn't have an immediate impact on Americans ability to travel "freely", buy food, earn a comfortable living, have spendable money and the ability to spend it mostly how they want, raise a family without major restrictions, go to the church of their own choice, live in any neighborhood they can afford, eat what they what, and have entertainment they want. In other words daily life in the USA is fairly stable and unrestricted. People are comfortable. Until, the activities of the government get so overbearing that life is no longer comfortable, few will be willing to do anything about it.
4) The American Revolution didn't happen because the middle class people weren't comfortable anymore. Life was not really that bad in American Colonies back then. The American Revolution happened because the wealthy were feeling uncomfortable and the Crown was messing with their livlihoods.

Ergo, nothing is going to change, unless:
1) The government actions start having a serious impact on the upper classes, or
2) The government makes life so hard for the average citizen that they have no choice but to revolt. You can complain to your politicians till you're blue in the face and it likely won't change anything, for long. They will relent, for a while, and then try it again when they think you aren't looking. Search your feelings, you know this to be true., or
3) Enough people get fed up and actually start a new political party, that alters the landscape.

Re: What do you mean by "can"?

[Yakasha]

The voting numbers don't reflect that. 98% vote to keep things as they are.

Please explain to me how to vote against it. There is no option for that on the ballot and the powers that be won't allow any.

I voted for Gary Johnson. You could have too. Maybe next time you won't throw your vote away on a Demopublican like Obama.

Good luck with this

[schwit1]

Don't expect a prosecutor to buy this argument. Anything you do that alerts others to a gag order will be treated as a violation. You may win in court, but you will be thousands of dollars in debt defending yourself.

Re:Good luck with this

Anything you do that alerts others to a gag order will be treated as a violation.

That's not vaguely true. As we've already seen with various companies closing down, they are allowed to say "I can't provide any details because of a gag order". They can't discuss _WHAT_ they are being prevented from saying but they can most certainly say that they aren't allowed to say something.

Re:Good luck with this

[david672orford]

Don't expect a prosecutor to buy this argument. Anything you do that alerts others to a gag order will be treated as a violation. You may win in court, but you will be thousands of dollars in debt defending yourself.

That is the position he will take at press conferences. But will he think he can win in court? He will face formidible obstacles such as:

• The case may bankrupt the defendant, but it will cost the prosecutor big too. It could easily blow up into a multi-year civil-rights battle against top lawyers.
• The gag provisions of the law are distastful to almost everyone including those who think they are an unfortunately necessity.
• The judge may well find the law distastful and be unwilling to enforce more than its letter.
• The law will inevitably face tough constitutional challenges.
• He should expect between multiple friend-of-the-court briefs from large organizations. These will contain extensive legal arguments citing previous cases and authorities probably going back to the 18th century. This will cost the defendant nothing, but the prosecutor will need numberous assistants to study all of them and prepare responses.
• In order to prove his case he will have to reveal classified information. He will have to prove that the accused actually received a secret order and didn't decide to discontinue the announcements for some other reason.
• His every move will trigger another news story in which he will figure in a highly unfavorable light.
• The constant press coverage will keep a distastful law before the public eye which may lead to changes in the law which he would not like.

So yes, it is a risk for the potential defendant, but for the prosecutor it is a trap.

Er, obstruction...?

[beaverdownunder]

Although cute, this 'idea' is irrelevant. Even if you made the case that you weren't contravening the letter of the request, you could still be charged with obstruction of justice, should your behaviour alter the conduct of the subject(s) under scrutiny. This puts the onus on you to lie.

In short, good luck with that. They're already way ahead of you. Way, way ahead.

Re:Er, obstruction...?

[Trepidity]

I don't think the intent is to argue that it isn't contravening the intent of the gag order due to a technicality, but rather to set up a constitutional challenge to the gag order. Compelled speech is reviewed at a higher level of scrutiny, so if the gag order actually requires you to affirmatively state things that you neither believe in nor are true, that would be a basis for challenging the gag order. You may still lose, but it would require violating a constitutional rule that thus far has been respected.

Re:Er, obstruction...?

[AHuxley]

Yes the East German protesters had a nice hint about that "require violating a constitutional rule" aspect.
Stand in front of an East German Church with a protest sign quoting the East German constitution.
You would go to jail and face the full force of the system but the need for the State to act was seen in public.

Declaration

When in the Course of human events, it becomes necessary for one people to dissolve the political bands which have connected them with another, and to assume among the powers of the earth, the separate and equal station to which the Laws of Nature and of Nature's God entitle them, a decent respect to the opinions of mankind requires that they should declare the causes which impel them to the separation.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

That to secure these rights, Governments are instituted among Men, deriving their just powers from the consent of the governed, That whenever any Form of Government becomes destructive of these ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its foundation on such principles and organizing its powers in such form, as to them shall seem most likely to effect their Safety and Happiness. Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed. But when a long train of abuses and usurpations, pursuing invariably the same Object evinces a design to reduce them under absolute Despotism, it is their right, it is their duty, to throw off such Government, and to provide new Guards for their future security. ...
He has erected a multitude of New Offices, and sent hither swarms of Officers to harass our people and eat out their substance.

Seriously?

[argStyopa]

We're talking about the government doing just about anything they want, and we're wondering if they'd restrain themselves according to something as little as the "letter" of the law?

+2 Funny.
+4 Sad.

Re:Either comply, change the law, or emigrate.

[ciderbrew]

If you like the law, or do not disagree with it, comply.
If you don't like the law, comply.
If you don't trust your government, comply.
And if all else fails, comply.

Re:Watch out what occurs to Lavabit

[plover]

Closing your website as a form of protest simply accomplishes the goals of the administration. If they can prevent your servicing a hundred other bad guys, they may happily choose to sacrifice chasing the one bad guy through your system. (Besides, it's not like there aren't other clues or trails out there.)

Of course, such an act is visible, noble, and it gets people talking; and you're seen as a good person for doing so. But those effects are all transient, and little more than a flap in today's breeze. The administration knows the negativity will fade over time. So over the long term, the closings provide the chilling effect the administration desires.

Re:Either comply, change the law, or emigrate.

[Trepidity]

Most people cannot legally emigrate, so that isn't really an option. If you have dual citizenship, or unique in-demand skills, this may be more feasible, but China is not going to accept random American citizens who want to move there, especially not people who want to move there due to political disgruntlement.

Post Employment Ad for "legal expert"

[tlk+nnr]

The rsync canary is a good idea, another standard approach for delicate communications are job advertisements.

In this case:
A large ad in a suitable newspaper that you are searching for a lawyer.

Why lump everything in one category?

[__aaltlg1547]

There are different ways you might be contacted by the government.

For example, maybe somebody who uses your website stole something. Suppose for example the FBI suspects that person of having sold it to someone else who uses your website and is looking for evidence of the same. So they get a warrant and go throught is one person's email, don't find the evidence they were looking for leave.

In another example, maybe one person who uses your website had his car washed by a guy who got an email from a dude who was seen in a cafe with a suspected terrorist. They issue a National Security Letter that threatens you with horrible consequences if you divulge anything, seize a copy of every record on your site going back to 2005, discover another 50 people who got messages from the guy whose car was washed and by the associative property of terrorism, they're terrorists, you're a terrorist and everybody who uses your site is a terrorist.

See the difference? It's not about being contacted by the government. It's about being swept up in a potentially vast and unwarranted (literally) investigation when you didn't do anything wrong.

Re:Canary, not dead man's switch

[Gibgezr]

If you read TFA, the method suggested by Corey is actually a dead man's switch: when the user fails to respond with a signed version of a random number generated by a website on time, the website notifies all subscribers of the event.

Re:Watch out what occurs to Lavabit

[cayenne8]

I'm curious, as that I've not played around with them in years, but are the nym servers , and the mixmaster and other anonymous remailers out there still functioning and useful?

Re:exact dupe, and bad idea

[Dins]

Yes, but say there are only 30,000 people in the entire country who AREN'T being tracked, then "we don't search and store data on 10's of 1,000's of Americans" is true.

The converse statement is, "We DO search and store data on 329,970,000 Americans"...

Re:Clever Tricks

[TWiTfan]

I bet the employee orientation at the NSA and CIA includes the admonition "Yes, you're going to lie to Congress, The President, and the American people. You're going to do it every fucking day, and LIKE it. And if you DON'T like it, either head to Russia or we'll arrange a cell for you right next to Bradley Manning."

Obligatory Code

[hacker]

...aaaand, here's some code to use to make your own (which I just posted about only yesterday

#!/usr/bin/perl

use warnings;
use strict;
use LWP::Simple;
use XML::RSS;
use HTML::Strip;
use File::Slurp;

my $url = 'http://feeds.bbci.co.uk/news/world/rss.xml';

binmode(STDOUT, ":utf8");

my $hs = HTML::Strip->new();
my @newscanary = '';

my $rss = XML::RSS->new();
my $data = get( $url );
$rss->parse( $data );

my $channel = $rss->{channel};

foreach my $item ( @{ $rss->{items} } ) {
        my $title = $item->{title};
        my $date = $item->{pubDate};
        my $desc = $hs->parse($item->{description});

        # Word wrap the output at 70 characters
        $desc =~ s/(.{70}[^\s]*)\s+/$1\n/xg;

        push @newscanary, "$title\n$date\n" . "-"x70 . "\n$desc\n\n\n";
}

write_file('canary.txt', @newscanary) ;

my $boilerplate = read_file('boilerplate.txt', {binmode => ':raw'});
my $newscanary = read_file('canary.txt', {binmode => ':raw'});

print $boilerplate, $newscanary;

$hs->eof;

Re:Obligatory Code

[DoofusOfDeath]

In Perl??? TERRORIST!!!

Pre-emptive tweet?

At what point does a gag-order come into force? Just send a tweet "A government official has just entered the building with an envelope I haven't opened yet. Updates to follow...", followed by no updates.

Wouldn't it be better ...

Wouldn't it be better to always have a message saying that you are collaborating with the NSA / currently being gaged. If that siuation does ever occur, you then remove the message because otherwise you will be breaking the law...

Or a poster for your library

[daffmeister]

The librarian Jessamyn West has had a similar idea for years.

Exactly right

[Phoenix666]

We all need to ostracize and refuse to have anything to do with any of these people. Looking to hire a subcontractor, and one of the firms in the running has connections to these people? Knock them out of the running and let them and their competitors know why. If we tag and track all of them and make them effectively persona non grata everywhere, and those who do their bidding likewise persona non grata, then we would begin to see change.

Society in general must excise these people or risk imploding catastrophically.