Slashdot Mirror
Ask Slashdot: Echelon Protection?
An unidentified submittor had a worthy question and I want
to submit it to you all for discussion:
"How confidant should we be in private sector
encrytion as a defense against ECHELON intercepts.
The NSA probably has toys we will never hear about.
Can we really trust PGP and FreeSWAN to defend personal and corporate data from the spooks?
Should corporations begin hiring encryption experts to
defend their data stream?" Slashdot has covered
Echelon before, and in the midst of all the
recent concern from Congress one can only sit
and wonder how long it is before 'privacy' (or if you
prefer, the illusion of privacy) becomes a thing of the
past.
Ever wonder why the US government seems just as afraid of low level encrytion that they can crack fairly easily as of high level stuff that would take them weeks? Its because if PGP keys became common and the use of even light encryption became standard policy, it would bring the Echelon sniffers to a grinding halt.
...
Think about the traffic that any sort of large sigint operation like this needs to filter through. If it took even a couple of seconds to descramble each message just to check for any red-flag words the entire system would rapidly backlog.
Want to fuck with the Echelon project? Put the words "nuclear technology transfer funding" in the subject line of all of your email and encrypt it. It could be fun
In case you didn't know, P ?= NP is probably the biggest unproven assumption in theoretical computer science today. Although it is widely believed to be true, noone has succeeded in proving it.
Furthermore, your definition for class NP is wrong (your definition instead most closely applies to a different class often called RP); NP is most easily described in the following way: if you are given a solution, you can verify that it is indeed a true solution in polynomial time.
In addition, your definition for polynomial time is wrong! Polynomial is time n^k where n is the size of the problem, and k is a constant; not k^n which rather would be exponential time (class EXP). For exponential time, it has been proven that EXP = NEXP; i.e. that nondeterminism buys you nothing when you have exponential time to play with (because you can simply enumerate all the possibilities and try them all.)
Now, public-key cryptography (but not traditional cryptography) relies on the assumption that P != UP, where UP is the class of problems solvable in polynomial time on something called a unambiguous nondeterministic Turing machine; UP is a subset of NP and a superset of P. The assumption P != UP is actually stronger than P != NP.
It is widely believed that P != UP != NP, but neither has been proven.
Reference: Papadimitriou, Christos H.: Computational Complexity, Addison-Wesley, ISBN 0-201-53082-1. Excellent book.
When properly used and configured, FreeSwan, using high quality encryption, should be proof against even the NSA. (And yes, it DOES work with 2.2.x kernels.) BTW John Gilmore refused (thanks, John!) to include standard DES in the FreeSwan implementation, even though some people wanted it for backwards compatibility.
High level encryption, 128 bit symmetrical keys and 1024 bit public-private keys, would take more computational power to crack than presently exists on the planet. Check out how long Distributed.net has been working on a 64 bit key.
The problem with all this is traffic analysis. Even though they can't read the messages, they can tell a LOT about things just by keeping track of who's talking to whom.
So just by keeping track of who is sending encoded messages to whom, they can find out a lot.
The real power of FreeSwan, and especially IPSEC, won't be seen until it operates as a standard, and everybody uses it. Then Echelon disappears into history, along with all the other police states that have plagued us recently.
Does anyone think it is likely that the NSA has mathematicians/computer scienties working for them who might have solved (or are close to solving) the problems upon which most cryptographic protocols are based (i.e. factoring or NP completeness)? An AC posted that a mathematics professor had his work censored by the NSA and I heard a rumor that someone at Berkeley had proven that P=NP (this was last fall some time), although I haven't heard anything about it since (although I'd guess it was because his 'solution' was WRONG).
Somehow, I doubt that the most talented people end up working for the NSA. How many intellectuals could bare to work in secrecy? It would be as if Shakespeare never showed anyone else his works, never had them performed, and burned them upon his death. It seems pretty unlikely that any creative person could work in such an environment...
... but I suppose there's always a chance...
I think most conspiracies are just that. While symmetrical algorithms are breakable by brute force, there is very little else you can do. The field symmetric encryption has enough study that many cryptographers would be willing to risk their life on such methods. Choosing a long enough key will make brute force impossible (considering the amount of energy required to move a single electron that many times the distance of one nanometer).
Asymmetrical encryption is a different matter. RSA (used by PGP and SSL) has the largest amount of study, so it is often trusted more than Elliptical, or some of the newer matrix based asymmetrical algorithms. RSA's breakability depends on the ability to factor large numbers. Over the years new factoring methods such as quadratic sleeve factoring have been invented that make RSA weaker and weaker. In general you need N*N number of bits to be as secure as symmetrical algorithm. Improvements to factoring have been incremental and not ground breaking and many people they will never go beyond ~O(sqrt(N)).
But there are practical reasons why you shouldn't be afraid of the government snooping on you. First, you are most likely boring. Unless you work for a foreign government, or you are involved in the weapons industry the RSA probably doesn't care about you. Even if you use PGP to trade child pron, the RSA has bigger problems to worry about. If they RSA had some magically decryption algorithm, there is so much information out there, that they cannot dedicate hardware to decrypting messages unless they believe it is a matter of national security. Most, if not all, of the information they collect is in plain-text form. If everyone used PKZIP to encode their messages, this would be probably require more processing power than they could handle to scan the data.
Local officals are a million times more likely to just raid your house and use "find" rather than try to tape your phone line. In fact I've never heard of a single case where local officals have tapped a modem-line and decrypted a message. It's much easier, cheaper, and faster to go straight to the source.
Bottom line is using PGP with any length key is probably safe. Use keys >2048 bit keys if you are selling nuclear weapons.
-- Virtual Windows Project
So many of these posts are concerned about echelon picking up every little bit of data going around on the net. It is probably true the NSA can monitor all traffic at various international chokepoints, as well as a large percentage of phone conversations. They keep logs of suspicious activity, while dumping the content and most of the innocuous stuff immediately. Chances are most slashdotters and everyone else doesn't make it past the first level of filters, but I would bet a copy of this discussion makes it to someone's desk for analysis(buy me a pint, J) and a good laugh.
/. logs on a regular basis and use the IP address to match AC postings to possible accounts. C-taco and Hemos have never stated they dump the logs on a regular basis or never back them up, so AC is a bit of a farce if it ever comes down to serious law enforcement action.
What worries the ones who are paid to worry about things like this is directed surveillance. If the echelon filters pick up something and it gets you onto a watch list, then any messages from/to you get collected and analyzed by a human. At that point they can determine whether you are just some snot-nosed college brat using PGP for fun or whether you should be monitored more closely.
The watch lists can probably number around 100,000 to 300,000 targets, with AI-like knowledge engines flagging only the most interesting changes to the watch list for humans to review. I understand there is a much fought over pecking order within the ranks of echelon/NSA analysts to get their filter to be on one of the higher tier alerts when they think their project is important. Each target gets a dossier opened on them and stored in a big case management database [remember INSLAW?], with various bits of info and analysis added as necessary.
Directed surveillance of embassies, terrorist communication channels, high ranking political types, and business leaders is the highest tier of alerts, producing reports of activity every day. Lesser tiers cover suspected drug activity, crackpot political fringe groups, key players in telecoms operators and military suppliers, and business and entertainment movers and shakers.
On the back end, post-event analysis of collected material can often reveal a bunch of information to analysts and law enforcement liasons, giving them all kinds of leads. [did anyone notice how the gay navyman on AOL just happened to have the exact same name as a convicted terrorist? coincidence, or the result of a very deep analysis of stored material?]
I'm too lazy to log out to AC, I figure someone [them!] grabs the
the AntiCypher
P.S. I especially like the people who go through tons of iterations just to hide something, is what you do so important that it needs hiding?
Hemos is like...sci-fi fans;he thinks technology is cool, but he hasn't bothered to understand the science it's based on