Slashdot Mirror
Intelligence Officials Fear Snowden's 'Doomsday' Cache
Dega704 writes with news that Edward Snowden is believed to have a collection of highly sensitive classified documents that will be released in the event he is detained, hurt, or killed. According to Reuters, "The data is protected with sophisticated encryption, and multiple passwords are needed to open it, said two of the sources, who like the others spoke on condition of anonymity to discuss intelligence matters. The passwords are in the possession of at least three different people and are valid for only a brief time window each day, they said. The identities of persons who might have the passwords are unknown." These details have caused several security experts to express skepticism, but multiple sources, including Glenn Greenwald, believe Snowden has not released all of the documents he appropriated. "U.S. officials and other sources said only a small proportion of the classified material Snowden downloaded during stints as a contract systems administrator for NSA has been made public. Some Obama Administration officials have said privately that Snowden downloaded enough material to fuel two more years of news stories." Whether or not it's true, U.S. and U.K. officials clearly believe it, which can only serve to protect Snowden.
How would that even work? Is there a central server that keeps the data and decides what time it is? That sure sounds safe.
For example, if the NSA knows how to cryptoanalyze AES or PGP, the methods used getting into the hands of criminals would be bad for everyone.
Unless someone within the NSA realized there was a billion dollar payday if he sold those methods to certain criminals or countries.
In which case the public isn't safe and doesn't know it.
That's even worse.
Some things should be secret from the public, nuclear launch codes, names of spies, etc... but interent security affects all of us, and its not making anybody safer to try and hide a vulnerability there.
The NSA isn't magic. If the NSA can break AES, then anyone else might figure it out too.
"The passwords ... are valid for only a brief time window each day, they said."
How does that work?
There's no literal way for that to work, but there are ways to protect sensitive data in a way that could be described in that way.
One way I can think of is to get someone I know to buy something like an Amazon instance in a way that isn't traceable to me. Then I upload my data in an encrypted fashion into the instance. Then I give a set of people different passwords to log into the virtual machine running in that instance. Then I set the instance to power on in a scheduled manner so that the instance is only accessible at certain moments in time known to the people I give the passwords to. At all other times the instance is powered off and the people with the passwords to it do not have any knowledge of how to manage the instance itself directly. Thus, the people I designate as trustees for the data only have access at certain times. On top of that, they could have different segments of a key-split so that to actually access the data requires at least two different people logging into the instance and providing their keys, or alternatively one person logging in and providing two different key segments.
Why you might do something like this is to try to minimize the availability of the data from being discovered or cracked. Most of the time, the data isn't on a system that is in any real way accessible from the internet. Furthermore, it also makes it less expensive to create multiple data caches in the cloud because the cost of running the systems would be very low, since they would not be running most of the time.
That is why I've said from the beginning that, if only for PR purposes, the US is most likely working the hardest to KEEP HIM ALIVE.
Because Mahmoud Ahmadinejad HIMSELF could walk up and knife Snowden, and it would be blamed entirely on the US.
-Styopa