Donate for the Cryptome archive of files from June 1996 to the present

17 March 2014

Comsec Tempest and Crypto Oil

At 12:09 AM 3/17/2014, Troy Benjegerdes wrote:

If everything (including the network path my data takes) is encrypted, then I have no real ability to know if it's being tapped, redirected, or misdirected.


A point not well emphasized by cryptographers, in public at least, nor by advocates of encryption as the essential requirement for comsec as advised by cryptographers.

"Unbeakable crypto" may not be used as much as it once was but there are a host of newly-minted versions of snake oilish assurances dominating the booming comsec market, thanks to Snowden's magnificent gift, estimated to eventually reach the trillion dollar level in two decades, to the gov-com-edu-org comsec panic industry.

Operators of systems, and the necessarily breachable security they offer, remain the Achilles heels of comsec. Lavabit is only one of the instances in which sysadmins (SAs) are compromised. Ubiquitous deployment of crypto throughout telecom and cyber systems is vulnerable to sysadmins who insist on full access to everything to "de-bug" and run their systems, especially those SAs easily manipulated by front offices and their ever so cooperative legal and financial advisors. Not many SAs will do what Snowden did in the "public interest" which just happens to be a great fortune maker for media and comsec hustlers.

End to end encryption is currently a hot recommendation of choice for comsec but skips over what happens behind, below, around and inside "end to end" code, hardware, implementation, and most of all the traffic flow of the precious capsules emitting transceiver vapor trails, EM clutter, arfully cloaked gaps, doors, handshakes, implants, bugs (and "de-bugs"), ways in and out, checks, double checks, safety plugs, sigs, nyms, language hints, and manifold uniquenesses witting and unwitting of fallible hunks of meat.

It is, or should be, primary for cryptographers to publicly admit cryptosystems inevitably fail, as some do despite being overridden by sales and CEOs and investors, being bribed and NDA'd into complicity, or in worst cases threatened with prosecution for revealing in natsec systems built-in faults or more deviously, pretending there are none while glossing deep deception with shallow claims that there are always a few which can be repaired, nothing is perfect, you get what you pay for, etc, etc, the formulaic exculpation inherent in the word "security."

No question this is expecting cryptographers to be more honest than the rest of the greedy "professional" class so avid to profess public interest while gobbling the public's hard earned with gleeful transgression slathered in "industry standards" and global treaties to assure governments and corporations remain piggish and dispensaries of rewards for the professional classes which find oligarchal enticements "irresistable" as Greenwald slobbered in agreeing to work closely with gov-com to withhold secrets  under guise of ventriloquizing Snowden's "causing no harm to national security."

"Causing no harm to national security" is verily medieval in its creed-promotional organized religion fervor. Cryptographers  have long been missionaries for this duplicitous "trust us" faith, so it figures they will evangelize among journalists to adopt encryption to upgrade the low value of despicable fear and trembling scripture, and, as always, the compensation for scribes of arcane holy writ of comsec tempest and crypto oil.

At 09:25 PM 3/16/2014, Cari Machet wrote:

wait ... are you saying money corrupts ???

if you are saying that corruption is at hand then how can we trust the supposed human beings behind any of these names ? i mean i think you are saying corruption is at hand but i dont want to assume anything...

Assume this promotional creed screed for national security journalism:

No, media venality is not news. What is worth examining is the long-term exploitation of "national security" as a joint gov-com-edu-org racket to manipulate secretkeeping as a wealth concentration industry. This has been commonplace since the national security state was invented after WW2 and led to need for continuous spying to manufacture enemies and to arm for diddly squat combat against fictious foes by hugely expensive but hardly ever used armaments. Cryptosystems among the black budgetary wastage.

In particular cryptosystem popularization (as here and its emulators) as ostensible opposition to the national security racket, begun in the flower-child 60s to flower wildly in the 90s and rise to a kudzu crescendo with Snowden's operation to validate crypto use against illusory enemies within the state, cloaked as usual by the blanket exculpt "to do no harm to national security," then hide behind privileged natsec journalism so dirty and complicit in govenment affairs it needs protection from the public, so merely dribbles dainty tidbits of threats to privacy and to advance the favorite ACLU and EFF lawyerly fund-raising hobgobblin of constitutional violation.

FISA Court jiggery-pokery by lawfare warriors indicates that lawyers and judges know diddly about comsec technology but dare not admit it and lose control of the public narrative of threat and protection obligatory in the trillion dollar national security hootenany which compares to organized religion of the medieval era which ruled heaven and earth with fantasticly frightening and pleasuring tales of evil and salvation.

Adled journalists are racing to adopt encryption as crusading chain mail raiment, ignorant of how easily it can be penetrated, but no matter, what will really protect the valiant journalists is "constitutional protection," a comedy of conceit and stupidity usually associated with court jesters.