Slashdot Mirror
German NSA Committee May Turn To Typewriters To Stop Leaks
mpicpp (3454017) writes with news that Germany may be joining Russia in a paranoid switch from computers to typewriters for sensitive documents. From the article: Patrick Sensburg, chairman of the German parliament's National Security Agency investigative committee, now says he's considering expanding the use of manual typewriters to carry out his group's work. ... Sensburg said that the committee is taking its operational security very seriously. "In fact, we already have [a typewriter], and it's even a non-electronic typewriter," he said. If Sensburg's suggestion takes flight, the country would be taking a page out of the Russian playbook. Last year, the agency in charge of securing communications from the Kremlin announced that it wanted to spend 486,000 rubles (about $14,800) to buy 20 electric typewriters as a way to avoid digital leaks.
My father used to work for the NSA as a cryptologic studies teacher and told me stories about how back in the 70s they had tech that could read back what was being typed simply by listening to the pattern of the clicks the type writer was making.
Nice. Dumpster diving for used typewritter ink ribbons is back in fashion.
A suspected security mole was today apprehended with 5 reams of carbon copy paper...
----------------------------------- My Other Sig Is Hilarious -----------------------------------
It's a great security initiative! Everybody should do this. Considering it is impossible to electronically monitor what is typed on a manual type writer, and certainly it would be near impossible to copy the manually typed paper with today's technology.
When they get photocopied for distribution a copy can easily go "missing" are the data file from the digital copier can be sent somewhere.
Using typewriters will definitely make spying the documents a bit harder, but leaking them is as easy as ever. The next level could be a new version of watermarked paper, which knows when it has been accessed or photographed.
And of course there are type writer ribbons to destroy and so forth.
But on the whole, it forces spying back to having physical access to the document and that's not a bad security mechanism.
A phone or nearby computer will be hacked and the secrets will be extracted by recording with the mic the relative sounds of the typewriter keys.
Couldn't they just buy a bunch of computers with no network hardware whatsoever?
Got them moderator blues I blieve I walk out the do', With these mod-points I been gettin', I 'most never post no mo'
using secret ink so the paper blank until you hold it over a candle. We used to do that as kids.
Oh there's so many vulnerabilities with electric typewriters, especially the single-use ribbon.
Manual typewriters with a fabric ribbon that is re-used might still need to be burned.
Working together to return the world back to the stone age!
I salute the German government in adopting this measure, quite seriously. I am migrating to virtualised NetBSD/amd64 myself, and aside from using pkgsrc in order to install Xorg, am probably going to rely on manual installation of packages in named directories in either /usr/local or /opt.
I fully believe that maximising simplicity, to the point of adopting seemingly primitive solutions, is the most effective means of maintaining reliability and security. There truly is no school like the old school. Others can call me a Luddite if they wish, but that is a title that I will wear with pride.
He could tell the difference between say "and" and "the" on all makes and models of typewriters?
Who was he, Rain Man?
Wait until they here about copy machines!
MidnightBSD: The BSD for Everyone
With computers, you can store vast amounts of data and run a lot of analysis on it. With paper, not so much. Good for the privacy conscious citizen.
Those who do not learn from commit history are doomed to regress it.
Turning to typewriters is of course ridiculous blind activism, but there is one thing to take away from this: The mere possibility that someone is spying on them has made them uneasy about using normal and efficient tools and made them turn to antiquated tools instead which still won't protect them. Perhaps now they understand why blanket observation of the entire population is completely unacceptable.
Get a doctor to write memos with a pen. Completely indecipherable.
"Couldn't they just buy a bunch of computers with no network hardware whatsoever?"
The NSA and GCHQ can cover that air gap with some extra hardware added when shipped.
A tiny burst wireless then sends logged text over a short range to a waiting collection device for storage or other networking.
"NSA Spying Includes Wireless Transmitters To Get Data Off 'Air Gapped' Computers" (Jan 14, 2014)
https://www.techdirt.com/artic...
ie the ideas behind RF transceivers eg SPECULATION, HOWLERMONKEY and CONJECTURE
NSA Codenames
http://cryptome.org/2014/01/ns...
Domestic spying is now "Benign Information Gathering"
Once they are done typing the documents they will have a secretary scan them and sent via email....
Do not look at laser with remaining good eye.
Countries have lost aircraft designs and lack of photocopy paper counts did allow the Soviet Union to get material from the UK in bulk.
A trusted person with access to paper work is a huge risk.
Domestic spying is now "Benign Information Gathering"
After East Germany lost its entire Western spy network early on due to the files been given to West Germany they thought about what their next file system would be like.
They broke the structure down so that eg 3 files would be stored in separated physical areas. If you wanted the full file you needed top staff to turn up in person to put a spies full background together. Later East Germany went digital and the CIA walked out with all the East German spy contact files from a safe.
You can also share slightly altered data in each page with "trusted" staff. A test to see what turns up in the media or gets reflected back at a friendly nations embassy.
No looking up computer master files to compare and see the changes, thats your own/only page.
Domestic spying is now "Benign Information Gathering"
What are they hiding that they have to go to Unibomber levels of paranio to hide? If they don't have anything to hide...
Physician handwriting is as indecipherable as Navajo code talk.
With "to stop the leaks" they mean "to stop privacy advocates getting proof that the committee is doing _nothing_ against the NSA".
The trick is to use technology so alien from the attacker that they can't interface with it.
To that end, I think it would be more practical to redesign certain computer systems especially involving networking.
Totally alien networking protocols. Stuff so different that nothing else on earth can interface with it or even knows how it works.
I'm talking about something beyond encryption. Totally divergent interface languages. Different to the machine code level. Ideally with no precedent.
And while you're at it, consider using "one time pad" type encryption keys for the exchange of larger encryption keys. Something that even if intercepted could not be decrypted... literally impossible.
Do that and any attacker can sit on their thumbs and spin.
I've decided to stop wasting my time responding to AC trolls/sockpuppets... so if you want a response from me... login.
Just don't go to park, You crazy security hipsters! http://www.jessicafreyphotogra...
Such pointlessness. Airgap the damn building and faraday it up, done, sorted.
This won't stop someone taking and photocopying documents!
This system is considerably LESS SECURE because you can't log accesses. You call that flimsy wall card scanner secure?
What happens when someones card is stolen without them knowing? Boom, enjoy your broken security.
Passwords have been stolen just by listening to keyboard click noises. Why could a typewriter be any different? A relatively straightforward codebook analysis of keypress noises plus a hidden markov model plus a Viterbi algorithm will allow you calculate the highest probability sequence of letters for a given sequence of sounds and timings between sounds even in German!
Mind you, they have to be able to get a sound bug in there, but that might be malware-infected computers nearby the typewriters.
Anyhow, basically, the technology used to do automatic speech recognition would make short work of tapping typewriters, so they’re fooling themselves if they think this’ll make much difference.
BTW, I have a strong suspicion that the Germans’ outrage is all a big charade. Every major country has big spy operations. The NSA is neither unique nor the first of its kind. The Germans could not have been ignorant of at least the general nature NSA’s dealings before Snowden, so while they openly object, secretly, this is business as usual. By doing this, they fool their people into thinking they’re not being spied on by their own government and, using the US as a scapegoat, they also generate a degree of solidarity. Russians spy operations, of course, are way worse, so their objections are the same bullshit. And the Chinese government is all about lying to, well, basically everyone while they use both capitalism and cyberwarfare to take over the world and control everyone, so their recent statement about the iPhone is also a crock of shit.
This reminds me of Andrew Cuomo’s push to restore trust in government. The whole idea is disingenuous. Governments, like any large organization, are only going to do what the people need only with checks & balances and transparency.
And as a final note, I believe that the stated purpose of the NSA is a good one: Mine publically available data to identify terrorist activity. That sounds like a good thing to do. It’s the illegal violations of privacy that are wrong. They violate our rights because it’s inconvenient to get the info they need some other way. It’s also inconvenient for me to work a regular job instead of selling drugs. There are much more convenient ways to achieve my goals that I avoid because they are wrong. To do their job, the NSA needs to find clever ways to acquire the information they need WITHIN THE LAW.
Poison the well. Everybody, anywhere in the world, whether it be a government, corporation, or individual, needs to become skilled at disinformation. If everybody's default behaviour is to muddy the waters by generating all kinds of contradictory data, the background noise level becomes so high that discerning fact from fiction is very difficult. Governments and corporations already use this tactic against the population; I consider much of Prime Time and 'reality' television to be propaganda, a kind of cultural disease vector.
Given that the genie is out of the bottle and privacy is dead, it would be best for everybody to know everything about everybody else, until the data becomes meaningless because of its sheer volume and commonness. If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless. But the TLAs and corporations won't let that happen - they'll always be one up on mere citizens when it comes to info gathering. So maybe it's time for everyone to start sowing disinformation. That would make the world really, really suck; but it would probably suck a lot less than it will if the ultimate goals of Big Brother are achieved.
'The Economy' is a giant Ponzi scheme whose most pitiable suckers are the youngest among us and the yet-unborn.
If I have it correctly there is no longer a single new typewriter manufacturer in the entire world.
Seriously?
It's a lot harder than you think :)
Check the museums and see if the Enigma Machines (http://en.wikipedia.org/wiki/Enigma_machine) are mysteriously missing. A layperson might call that a "typewriter".
The core components of information security are often misunderstood. The triad of confidentiality, integrity and availability are important to consider. There is a symbiosis between these three components. For example, if confidentiality and availability is highly restrictive, can we really be confident in the integrity of the data with so few people who have such limited access?
The old adage, being so tragically expressed here in real world terms, that the only "secure" computer is locked in a vault at the bottom of an ocean belies the very nature of security. For data to be useful and meaningful, it must be accessible to the people who need it when they need it. Failure to properly deliver accessibility will consequently build pressure on confidentiality (e.g. it will be shared inappropriately) and/or data integrity (e.g. the data will grow stale/irrelevant/etc).
A typewriter is a medieval instrument for data security. Because they have rockets, they might as well start building castle walls. They are, in essence and by design, surrendering. Sun Tzu would be proud of such an adversary that could create this result. Masterful.
I'm for it.
typewriters and phones with cords all the way. and dont let them turn the hangar deck into a gift shop.
this is slashdot.. there MUST be some bsg dorks like me to upvote... c'maaaan
Sounds like a good time to invest in whomever makes type writers
If all possible information about what's going on is available to everyone everywhere, then it becomes essentially worthless.
No. I can still single you out and destroy your life with that information. Well funded entities don't even need to single out anyone to take advantage of that flood of information. What seems like vast, insurmountable amounts of data to you is but a challenge to data scientists. Just because you couldn't make use of the information to your advantage doesn't mean nobody else can use it to their advantage, and that is precisely the problem. The small amount of disinformation any individual could sow is easily separated from the ubiquitous sources of accurate information which are beyond the control of the individual.
Seriously, the west needs to bring back their own manufacturing. For example, computers can and should be produced in the west. This idea of giving up ALL aspects of say electronics to China is about as stupid as it gets. Likewise, USA has owned communication. As such, it has made it easy for them.
And if anybody believes that China is NOT spying on the world via the equipment that is sold there, well, they are bloody fools and deserve it.
Maybe for flat-text documents, this'll work okay.
But I'm fairly sure intel documentation is a damn sight richer than "wall of text" in many cases.
Chas - The one, the only.
THANK GOD!!!
Good for retro spy movies, bad for actual security. Stick with open software+hardware solution like BeagleBoard. I am sure Russia and any developed European country is capable of creating their own ARM SoC from ground up if needed.
I have a better idea. Buy a laptop. Encrypt the entire hard drive. Clip the gold pins on the ethernet port. Disable all USB ports in the BIOS (most can do this). Then remove the wireless card completely. Tada, a typewriter.
Back to snail mail, fax machines, typewriters, mechanical credit card cachingers.
All have their weaknesses, but those frailties are well-known after so many years of experience.
It little behooves the best of us to comment on the rest of us.
Don't they teach kids how to use a pencil in Germany?
Plus, pencil marks are easier to erase!
Seriously, when it comes to creating hard-to-copy data, it's cheaper to have a manual typewriter and a stack of paper in a secured, sound-proof room than it is to come up with an EM-proofed room with a computer. For making local copies, use a non-electronic, secured photocopier or non-electronic, secured microfilm/microfiche-creation system and a microfilm/microfiche reader. For applications where you don't need to do transmit documents off-site and where you don't need to be able to search the document, a non-electronic solution may be better than an electronic solution.
Another advantage of paper is if and when you do need to put it on a computer, it's not all that hard to do.
Paper-and-ink was the way most government documents - secret or otherwise - were created and stored until a few decades ago (yes, there is still a lot of new work being done on paper today inside of governments, but electronic copies exist for almost all new things that will have any lasting value, at least in industrialized countries).
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
for avoiding eavesdroppers. And is this a direction that non-criminal organizations are going towards?
The problem is NOT what they are trying to resolve.
As some pointed, there are ways to collect data that were in use several decades ago, combined with modern technology.
They need to perform a serious risk analysis to remake their procedures (all them), and to implant a serious educational programs with corresponding verifications (regular tests and checks).
To change computers by typewriters to resolve their problems is like to cure a cancer with a cup of tea.
Okay, but how are you going to conceal a microphone in a room that has gone purely mechanical?
Just get one of these "things" inside the building, like the Russians did to the US Ambassador's office in Moscow in the late 1940's after WW-II.
And it's effective against the population because they don't have access to what governments and corporations do - Big Data. (And because they have the easy task of manipulating emotion, rather than the difficult task of manipulating data.) Unless literally everything you ever do/say/type is [pseudo-random] misinformation (or you're exceptionally consistent with your cover story), sooner rather than later the truth will start to stand out from the background noise.
If you don't trust your computer, how do you communicate?
Using a mechanical typewriter instead of a computer is one strategy.
Not having to trust the computer by putting it with the printer in a sealed room is another.
No wires or fiber, emi and sound shielded, air lock door system, only paper comes out intact.
I guess you can send power in with a rotating shaft.
Buck naked entry and exit would be a nice touch.
This completely gives up computer networking.
You could get is back by having two rooms in two locations interconnected by an encrypted tunnel built with trusted hardware.
Keys exchanged by physically moving sealed media.
Connecting to multiple locations requires much more trust in the technology than seems wise for the application.
No country on earth comes close to the reach, depth, or pervasiveness of the spying from the NSA. If the spy budget is like the Pentagon budget, the U.S. spends more than the rest of the world combined. How many spy satellites does Argentina have pointed at D.C.? How much of the world's fiber optic network goes through Iceland, as opposed to the United States? This is as nonsensical as saying the USAF and US Navy are matched by prop fighter planes in Bumfuckistan because they both have guns.
The NSA is entirely unique in spying on the electronic communications of every person on the planet.
The question isn't if you're paranoid, it's if you're paranoid enough.
so, one guy types up all the reports and then shreds them. THAT's security!
until the one guy goes out for the night...
probably all the typewriters they could dig up... one.
if this is supposed to be a new economy, how come they still want my old fashioned money?
I find it amazing that so many people commenting on that you can listen to the typing.
Yes, technically you could. However if you are able to bug an office, you can also just listen to people talking.
I saw some people using the mechanical typewriters some old movies and TV shows. Interesting to see how the paper moves sideways and upwards when a person types on the keyboard. Yes, I am showing my age. lol
U.S. spending on defense is not that far off the world average if you compare against GDP, especially if you include Japan (whom the U.S. is bound to defend under the peace treaties ending WWII). Much ballyhoo is made about how much the U.S. spends on the military in gross dollars. But that is mostly a consequence of the U.S. economy being so huge (nearly 1/4 of the world's total). If you think about it, you'll realize comparing military spending in gross dollars is pretty stupid, kinda like comparing how much food each country eats in tons instead of per capita. The U.S. accounts for 37% of the world's military spending, while the U.S. + Japan account for 30% of the world's economy. (I'm deliberately not adding European GDP to account for U.S. bases there as part of NATO, since those really should have been scaled back with the end of the Cold War.)
If you normalize for size of economy by comparing military spending vs GDP, the U.S. military ends up 15th in the world at 3.8%, notably below Russia. If you include Japan's GDP, it drops to 2.9% putting it 27th. (This excludes a few countries with historically higher military spending as percent of GDP since there is no 2013 data available for them yet. Mainly, Syria, UAE, North Korea, and Sudan.)
So getting back to your point, if countries' spending on their spy agencies is anything like their military spending, then NSA funding should actually be pretty close to what other countries' spy agencies get in proportion to their economy. BTW, spy satellites fall under NRO, not NSA.
It is paranoid if you THINK you are being spied on. They KNOW they are being spied on. Thi is not paranoid. This is common sense.
Paranoid would be to think that every person is a criminal and therefore you need to know everything about everybody.
Don't fight for your country, if your country does not fight for you.
Verifying any computer based device is going to be difficult, time consuming and costly.
They probably secure the area well enough to not worry about SOUND giving away what is being typed as well as used ink ribbons, electronic broadcasts from electric typewriters, and visuals of the typist or the papers being shuffled around... or improperly shredded. It has been a long time, it's quite possible they will mess up on the old tech they've long forgotten about securing.
At least with analog electronic typewriters the signal isn't going to stand out like it does with digital devices. They are still probably better off with mechanical typing until they can secure a device.
Next leaker will let us know that the electronic circuits in typewriters are sending wifi signals...
Democracy Now! - uncensored, anti-establishment news
Manual typewriters are pretty safe, if you dispose of the typewriter ribbons securely (spook agencies used to be really good at reconstructing content from used typewriter ribbons.) But even electric typewriters have their security risks - they're not all that quiet electrically, and weren't designed for low RF emissions, which gives spies some possibilities of doing electronic eavesdropping instead of having to do audio. There was once a cheap Brother electronic typewriter that had about a 2-mile signal range; I'm assuming it was designed like a computer keyboard plus computer printer in one box rather than being a dumb electromechanical.
There's also the question of whether they'll be able to find carbon paper, or are going to use photocopies.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
Tried to get my iPad into the typewriter, the screen cracked when I hit the first key.
There was an unknown error in the submission.
Curses! The enemy has used the Cursive Pharmaceutical Pad cipher!
We're doing that already. Consider the poor NSA drone who has to sift through the comments on Slashdot.
It's not enough. Our collective, much less our individual, ingenuity will not long withstand some of the finest minds in computing, set the problem of "how to extract the signal from the noise". At best, at the very outside, it'll buy us a decade of privacy, and then we'll be stuck forever with an environment full of useless and deliberately misleading information, which only the spooks will have the tools to see through.
Typewriters!? HA! Cuneiform!!!!!!
What about simple document scanners (ie: a cell camera) with OCR technology. How can you manage to ensure that your employees don't carry such a device and that paper documents aren't ever in lone possession? Sounds like more costs, politics. But interesting, nevertheless :-)