Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security After the Death of Trust

Posted by samzenpus on from the lock-it-down dept.

An anonymous reader writes "Simon St. Laurent reviews the options in the wake of recent NSA revelations. 'Security has to reboot. What has passed for strong security until now is going to be considered only casual security going forward. As I put it last week, the damage that has become visible over the past few months means that we need to start planning for a computing world with minimal trust.'"

40 of 162 comments (clear)

  1. Minimal Trust: by Hartree · · Score: 4, Insightful

    Shouldn't that have been the paradigm from the beginning if you really wanted security?

    Just because you think a person or organization can mostly be trusted today, doesn't mean it will always be the case.

    1. Re:Minimal Trust: by buravirgil · · Score: 2

      The paradigms shift along the sea changes and no patterned pulse cannot be read. But Bob Dylan sings better than I will ever post: Strike another match. Go start anew.

      --
      Would were! Should is! Could be! And live a hundred times three.
    2. Re:Minimal Trust: by Anonymous Coward · · Score: 4, Insightful

      It has been available for a kind of long time. RFC 2440 for encrypted email was written in the 1990s, but people are really resistant to anything that might help their own privacy. I can't even get my friends to use "Off The Record" for secure IMing. They don't care that their IM is going unencrypted over the network, or at least not enough to spend 2 minutes to install it.

      Yes nothing is perfect including this but encryption is a lot better than not. Endpoints (who you talk to) is still exposed but having your message contents hidden still seems like an improvement, but people won't do it even when it's easy and you prompt them to.

    3. Re:Minimal Trust: by somersault · · Score: 2

      I don't see the point in encrypting all my IM either. If the government wants to watch me joke around with my friends, let them. I encrypt passwords and banking info, but who cares about the rest?

      If your friends felt they really had something they needed to tell you about in private, then they could talk to you via an encrypted connection from a Live CD, or tell you in person. For the rest, nobody cares.

      --
      which is totally what she said
    4. Re:Minimal Trust: by Pieroxy · · Score: 4, Insightful

      Until you chat with a friend, make dirty terrorists jokes, and this friend is thought by the NSA to be a terrorist. You'll find yourself interrogated before you know it.

      There are countless scenarios that may see you regret this carelessness.

      --
      Write boring code, not shiny code!
    5. Re:Minimal Trust: by jenningsthecat · · Score: 4, Insightful

      It has been available for a kind of long time. RFC 2440 for encrypted email was written in the 1990s, but people are really resistant to anything that might help their own privacy.

      The problem is getting a critical mass of users to adopt encryption. And although it's largerly a matter of people either not caring, or not knowing enough to care, it's also a problem of not wanting to stand out in the crowd and risk getting singled out. My friends and I don't use e-mail encryption because, with so few other regular users of it, we would simply be marking ourselves for special attention from TLA's.

      It's the kind of thing where a significant portion of the population - say 10% - needs to start using e-mail encryption simultaneously. And unfortunately, that's not likely to happen any time soon. I've said it before and I'll say it again: like sleight-of-hand in a magician's act, bread and circuses really do work to keep people distracted from what their leaders and masters are doing. Until enough of us pull our heads out of our popcorn bags, organize, and start engaging in the Internet's equivalent of 'passive resistance', the 1% and their minions are going to keep screwing us over.

      --
      'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
    6. Re:Minimal Trust: by somersault · · Score: 2

      If the NSA want to feel like idiots, they're free to do so.

      I don't live in the US either btw, and I'm happy to let you guys keep it to yourselves.

      --
      which is totally what she said
    7. Re:Minimal Trust: by lxs · · Score: 4, Informative

      To twist an oft abused quote around:

      If you have nothing to hide you have nothing to fear so go ahead and encrypt everything. Make the bastards work for every byte.

    8. Re:Minimal Trust: by MadKeithV · · Score: 2

      (in another country, no less)

      You guys are unbelievably paranoid sometimes.

      Um, dude.

    9. Re:Minimal Trust: by ArsenneLupin · · Score: 3, Insightful

      If the NSA want to feel like idiots, they're free to do so.

      A similar thing happened to a friend in Germany. And not, the German police didn't feel like idiots, and quite happily wrecked the guys life. If you have a gun, you never feel like an idiot. Instead you just pull the trigger on anybody who dares to snicker...

    10. Re:Minimal Trust: by MozeeToby · · Score: 5, Insightful

      For the rest, nobody cares

      I do. I fucking care that I can't communicate without big brother leaning over my shoulder to make sure I'm a good citizen. It's fucked up. Even if they never used a single byte of the data, the act itself is fucked up. Besides that, laws change. Much more of your day to day life than you imagine is already illegal to some extent or another. With pervasive eavesdropping you're just one ticked off bureaucrat away from a prison sentence. And even if you yourself by some miracle live (an almost impossible) squeaky clean lifestyle, it's even less likely that your family and friends to as well.

    11. Re:Minimal Trust: by Anonymous Coward · · Score: 3, Interesting

      Anyone remember when the NSA threw a fit regarding 128bit SSL becoming the next standard?

      Then suddenly there was silence, and technology moved forward to 256bit and then 1024 etc... never to hear another whisper from the NSA.

      This should have been the beginning of all the questions

      For most of us in the field, we rely on solutions doing what they say they will; in order to meet the requirements we set. So we have to maintain some level of trust somewhere, but at the same time, trust wasn't a part of the risk assessment process, at least it wasn't charted, it was assumed.

    12. Re:Minimal Trust: by kilfarsnar · · Score: 4, Insightful

      Yeah? What exactly do I need to be kept "safe" from? Are they going to send thugs round to interrogate me for flirting on Facebook?

      "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him." -Cardinal Richelieu

      No I would imagine not. Any given person likely has little to fear from increased surveillance; most people's lives are uninteresting. But if someone is looking at you with the intent of finding wrongdoing, they will find it. Especially if they have a history to look back on.

      The other issue is that these surveillance powers are being used against anyone the US government doesn't like, for whatever reason. Do you agree with everything the US government does and says? I'd guess not. Do you support the actions of people who are organizing to push back against those policies you disagree with? I'd imagine so. Well these surveillance (and detention) powers are being used against those groups who are fighting for what you believe in, whether you participate or not. So your interests are being indirectly harmed by these powers.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    13. Re:Minimal Trust: by kilfarsnar · · Score: 3, Funny

      Whatever, I could use a holiday. If chatting about buying a kitten or playing guitar hero can get me a free holiday, then by all means I will continue what I'm doing.

      If you think extraordinary rendition is like being on holiday, I'd hate to see where you usually vacation.

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    14. Re:Minimal Trust: by kilfarsnar · · Score: 3, Insightful

      I'm aware of that, but generally the worst that happens if they don't like you is that they'll stop you from legally entering the US. You have to be being a douchebag on a pretty epic scale before they start being able to justify rendition.

      ORLY?

      Do you think Khalid El-Masri and Maher Arar would agree? Or do you not have a Muslim sounding name, so you figure you'll be fine? First they came for the Muslims, something something...

      --
      "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
    15. Re:Minimal Trust: by khallow · · Score: 2

      I hope you're right. Hard to say what their priorities will be in the future though.

    16. Re:Minimal Trust: by ArsenneLupin · · Score: 2

      There's plenty of other agencies around who are interested in such silly concerns, unfortunately. And they do have the power and willingness to wreck people's life over such trivialities.

  2. most people don't want to bother by Anonymous Coward · · Score: 5, Interesting

    I try to get my family to stop using gmail, and instead use a local mail program which they can then use for end to end encryption, private non-cloud storage of their old emails, etc, but they don't want to bother. They'd rather have google storing all their emails and are fine with the advertising they get shown as a result of the data-mining of the email contents. They don't care about the NSA because they "aren't doing anything wrong".

    That's what security is up against: people who want to put all their information in "the cloud" and don't really care what that means for privacy and security or even services that can disappear at any time or change their terms of service at any moment. It's all about the simplicity, and nothing else matters except allowing it to be a brainless usage model.

    1. Re:most people don't want to bother by ruir · · Score: 3, Informative

      There are PGP plug-ins for Chrome and Mail in Mac, at least. Why not exchange PGP keys with the family? I have used the gpgtools in the past in my Mac, and it is much pretty easy to install and use then.

    2. Re:most people don't want to bother by ruir · · Score: 2

      PGP by definition has to have an element of trust unknown for 3rd players, i.e. the private keys. If gmail implemented it, it was almost the same as not having it. and I certainly wouldn't see the point of using it. The point of using it on your side, in a TRANSPARENT method, is for google not be able to access your private messages too. Note, you don't have to be an expert, the installation of the tools have just to be simple enough. After exchange keys, the software is smart enough to know when you are sending messages for people with you haven't exchanged keys (yet), or for people with keys on the store, and automatically encrypts that conversations. So yes, transparent, but on YOUR side. In the past, people would say only typists would write document and nowadays people with Word write documents too.

    3. Re:most people don't want to bother by Anonymous Coward · · Score: 3, Insightful

      The screwy thing about that, is that it needs a plugin at all. This is ancient shit. For the last 15-20 years, most email clients have come ready to use pgp out of the box, but then you get to the high-profile (i.e. popular, because it comes with pre-installed consumer OSes) email clients, and they require people to search for plugins, in order to get basic 1990s-level tech. The problem used to mainly just be Apple Mail and MS Outlook (and then, sadly, Thunderbird, WTF) but then smartphones got popular, and the situation with today's smartphones is even worse, if that's possible. It's really pretty negligent for MS and Apple (and now Google) to be shipping out OSes with broken email by default. That means negative security by default. Shame on them.

    4. Re:most people don't want to bother by interkin3tic · · Score: 2

      You always trade some privacy and security in exchange for being social and active. The terms of the compromise are up to the individual. If you're insisting your family should get end to end encryption and they don't want it, YOU'RE the brainless one for not realizing your preferences are not their preferences.

    5. Re:most people don't want to bother by Rich0 · · Score: 2

      I understand how to do exactly everything you're asking your family to do, and yet I still trust all my email to Gmail.

      The reason is that it makes the data readily accessible. I'd like to read my email from arbitrary computers using only a web browser, and routinely read my email in this way so the client needs keyboard shortcuts/etc.

      Sure, I could set up squirrelmail or roundcube and use IMAP with some client on Android (and have done so in the past), but the software is very clunky. With gmail I can process each email I read with a single keystroke. With something like squirrelmail it takes several mouse clicks to archive a message.

      I'd really prefer using FOSS and encrypting everything, but it is a real pain unless you're almost exclusively reading your email via an X11 console. Even then the keyboard shortcuts often aren't as good as gmail, but at least you have drag-and-drop.

    6. Re:most people don't want to bother by devent · · Score: 2

      True. Privacy is not a technological issue but a political one.
      I could barricade my windows, put steel fence around my house, install EM shielding etc. Would not be a nice life, through. The same is for Internet privacy: I could install packet filter, firewalls, encrypt everything, but it's not a nice experience of the Internet then.

      That is why we need strong privacy laws. We have privacy laws of mail and phone calls, why we don't have privacy laws for e-Mail and Web sites, Skype, etc.? Privacy laws are essential for freedom of expression and democracy.

      --
      http://www.mueller-public.de - My site http://www.anr-institute.com/ - Advanced Natural Research Institute
    7. Re:most people don't want to bother by Tom · · Score: 3, Insightful

      They don't care about the NSA because they "aren't doing anything wrong".

      They are missing the experience of living in a police state, bless them. One of the reasons Germany is a little (not enough, but a little) less ignorant of this is that many of its citizens still remember the GDR and the Stasi.

      Even risking to Gowdin this, but maybe it gets them thinking to tell them that the Jews in Germany also thought they didn't do anything wrong. The Nazis, on the other hand, were very happy that religious affiliation was on government record and were extremely efficient in rounding up all the Jews who, remember, didn't do anything wrong.

      --
      Assorted stuff I do sometimes: Lemuria.org
    8. Re:most people don't want to bother by Teckla · · Score: 2

      That's what security is up against: people who want to put all their information in "the cloud"

      I don't think that's quite accurate. People want simplicity, ease of use, worry free backups, automatic sync between devices, etc.

      Give them thick client, encrypted solutions that give them those things with minimal or no effort, and a great many would probably convert.

      The success of the cloud is largely because thick client solutions have largely failed the average user test. Us technical folks don't recognize or ignore this fact far too often.

  3. Re:What? by Big+Hairy+Ian · · Score: 4, Insightful

    We never really trusted our government.

    The problem with elections is that the government always wins :(

    --

    Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.

  4. Start buying stamps again by jfdavis668 · · Score: 2

    Well, I guess I have to start buying stamps again. But beware the postal inspectors!

  5. Misunderstanding what trust is by onyxruby · · Score: 4, Interesting

    Take the view of the Pentagon and assume that you are at all times compromised. You probably are. Any given entity can be broken into by a determined hacker. Talk to a pen tester sometime and ask them how many places they have failed to break into. The entire concept of trust is that you can send data privately over the Internet, you can't unless you encrypt your data offline ahead of time.

    On the Internet trust is all about identity and encryption. For most people that translates into a certificate that is used to supply SSL. People then assume that because they are using SSL that they can now trust a given connection. There is no justification for trust and there never has been, the entire concept of trust is a misunderstanding of the concept of how a Certificate Authority works.

    All a Certificate Authority does is say that their is an unbroken chain of identity from a given point to a given point. Even then a Certificate can be forged or stolen or issued improperly, and even if controls detect a bad certificate in use most people will click the button to use the bad certificate anyways.

    All of this assumes that a given government entity hasn't used a court order to force a Certificate Authority to replicate a Certificate so that your data can be seized. Certificate Authorities cooperate with things like court orders, they don't self destruct like Lavabit. That whole backstory with Lavabit self destructing - it was a fight over getting the key that was used because he wouldn't hand over his private key.

    People also forget that SSL is wholly dependent on Certificate Authorities. SSL is used to encrypt data with a key when data is in transit. The problem is that data anyone that owns the network can conduct an MITM attack against your key. SSL is fundamentally broken because it presents a perception of trust when it is incapable of providing that level of trust.

    1. Re:Misunderstanding what trust is by h4rr4r · · Score: 2

      Not when you hold the same keys the real CA does. The NSA may well have their own copies of these keys.

  6. Re:It wasn't a revelation by causality · · Score: 4, Insightful

    Why would a government not take the effort to look into what people do on a daily basis when they have the technology .

    To me it was also predictable, because I've read history books and noticed again and again that the most ruthless, sociopathic, often bloodthirsty control freaks are the ones who want power so badly that they'll do anything to achieve it. That's the nature of government. Public awareness and understanding is the only real thing holding it back. We have public apathy and ignorance because most people have been softened and made complacent by convenience and pointless indulgences (hundreds of channels of brain-dead horse-shit, news media controlled by 5 corporations all of which are cozy with government, public education for obedient workers and not for self-directed thinkers).

    But that the government would want to spy on its people and would use technology in that manner, no that's not remotely surprising to anyone who understands the nature of governments and the people who most want to run them. What we need is a majority of people who comprehend this basic fact that has been repeatedly observed throughout history. The stakes are higher now, and become higher the more our tech advances. Our leaders have noted that bread and circuses works, that's because they actually do learn from history.

    --
    It is a miracle that curiosity survives formal education. - Einstein
  7. Re:less trust, more thrustworthyness by Entropius · · Score: 3, Funny

    "Thrustworthy" sounds like a colloquialism for someone worth having sex with.

  8. Should people try to emigrate? by tepples · · Score: 2

    I don't live in the US either btw, and I'm happy to let you guys keep it to yourselves.

    Is your country accepting refugees from the U.S. regime?

  9. Practical problems with the web of trust by tepples · · Score: 2

    RFC 2440 [describing OpenPGP] for encrypted email was written in the 1990s, but people are really resistant to anything that might help their own privacy.

    You talk about OpenPGP. How much does it cost to travel to get your key signed by people who are well connected in the web of trust? And how can you trust that the people who signed the key of the person with whom you want to communicate are reliable at signing keys?

    I can't even get my friends to use "Off The Record" for secure IMing.

    That depends on whether a client supporting Off The Record is available for a particular operating system (such as Windows Phone) and how easy it is to start using. Mobile operating systems prefer monolithic apps over protocol plug-ins that can be installed into an existing app, and people might not be willing to learn a different IM client's user interface just to communicate with you.

  10. Trust is context- and stake-dependent by aaaaaaargh! · · Score: 4, Insightful

    I trust some people's knowledge and expertise in one domain, but not in another. Likewise, if I were a US citizen running an entirely legal US company I'd have not the slightest problem with trusting the NSA cloud with all my company data (if they had such a service). I trust AES with keeping my personal data unencryptable by crooks and criminals, but I probably wouldn't use AES to encrypt all my data if I were a member of the Chinese military. It really depends in the threat scenario and your goals. An unconditional discussion of trust is fruitless.

  11. Re:P2P crypto software by blueg3 · · Score: 2

    If you follow this link, you have failed the first test of computing with minimal trust.

    If it actually goes to crystallographic software and you use that software, you've failed the second and third tests.

  12. Re:P2P crypto software by Rich0 · · Score: 3, Insightful

    That is the real problem. If all I do is work from my desktop then I can just use kmail and its fairly strong gpg support and I'm done. The problem is that I use many operating systems, including ChromeOS, so I need Android clients, web-based clients, etc. I've yet to see anybody write a really good web-based email client, and even the IMAP options are very limited if you want to use tag-based email management (as in Gmail).

    I really don't want to use Gmail. Its identity management is broken on Android, it isn't good at threading, there is no way to use it with encryption, and it gives Google access to all my mail. The problem is that nobody has come up with an equivalent FOSS option. The best I can do is cobble together a bunch of stuff and still get an inferior product. I've yet to find a web-based MUA that handles keyboard shortcuts nearly as well as Gmail...

  13. Re:less trust, more thrustworthyness by kilfarsnar · · Score: 2

    Like spongeworthy?

    --
    "What the American public doesn't know is what makes them the American public." -Ray Zalinsky (Tommy Boy)
  14. Re:Hardware by gmuslera · · Score: 3, Insightful

    Like Intel embedding 3g radios in the vPro processors? Putting trojan in FPGAs? If i can't walk to the next continent, why worry to start walking?

    Do what you have at your hands, you can improve a lot your security in the points where you control. And let the rest of the world figure the missing pieces, with open source software you also have portability, when an alternative comes in that area (i.e. moving to ARM) you will be able to take a step forward. Just don't get too tied to a solution that you can't control.

  15. Re:It wasn't a revelation by Tom · · Score: 2

    because I've read history books and noticed again and again that the most ruthless, sociopathic, often bloodthirsty control freaks are the ones who want power so badly that they'll do anything to achieve it. That's the nature of government.

    Give that man a cookie.

    I had a few years in an elected position. In the end, I gave it up because I couldn't take standing up against the egomaniac psychopaths anymore whose only concern was themselves and their position. These people will win out because people like you or me will reach a point where we just can't take it any longer, but for them it's the meaning of life.

    --
    Assorted stuff I do sometimes: Lemuria.org