17 March 2014
Comsec Tempest and Crypto Oil
At 12:09 AM 3/17/2014, Troy Benjegerdes wrote:
If everything (including the network path my data takes) is encrypted, then
I have no real ability to know if it's being tapped, redirected, or misdirected.
A point not well emphasized by cryptographers, in public at least, nor by
advocates of encryption as the essential requirement for comsec as advised
"Unbeakable crypto" may not be used as much as it once was but there are
a host of newly-minted versions of snake oilish assurances dominating the
booming comsec market, thanks to Snowden's magnificent gift, estimated to
eventually reach the trillion dollar level in two decades, to the gov-com-edu-org
comsec panic industry.
Operators of systems, and the necessarily breachable security they offer,
remain the Achilles heels of comsec. Lavabit is only one of the instances
in which sysadmins (SAs) are compromised. Ubiquitous deployment of crypto
throughout telecom and cyber systems is vulnerable to sysadmins who insist
on full access to everything to "de-bug" and run their systems, especially
those SAs easily manipulated by front offices and their ever so cooperative
legal and financial advisors. Not many SAs will do what Snowden did in the
"public interest" which just happens to be a great fortune maker for media
and comsec hustlers.
End to end encryption is currently a hot recommendation of choice for comsec
but skips over what happens behind, below, around and inside "end to end"
code, hardware, implementation, and most of all the traffic flow of the precious
capsules emitting transceiver vapor trails, EM clutter, arfully cloaked gaps,
doors, handshakes, implants, bugs (and "de-bugs"), ways in and out, checks,
double checks, safety plugs, sigs, nyms, language hints, and manifold
uniquenesses witting and unwitting of fallible hunks of meat.
It is, or should be, primary for cryptographers to publicly admit cryptosystems
inevitably fail, as some do despite being overridden by sales and CEOs and
investors, being bribed and NDA'd into complicity, or in worst cases threatened
with prosecution for revealing in natsec systems built-in faults or more
deviously, pretending there are none while glossing deep deception with shallow
claims that there are always a few which can be repaired, nothing is perfect,
you get what you pay for, etc, etc, the formulaic exculpation inherent in
the word "security."
No question this is expecting cryptographers to be more honest than the rest
of the greedy "professional" class so avid to profess public interest while
gobbling the public's hard earned with gleeful transgression slathered in
"industry standards" and global treaties to assure governments and corporations
remain piggish and dispensaries of rewards for the professional classes which
find oligarchal enticements "irresistable" as Greenwald slobbered in agreeing
to work closely with gov-com to withhold secrets under guise of
ventriloquizing Snowden's "causing no harm to national security."
"Causing no harm to national security" is verily medieval in its
creed-promotional organized religion fervor. Cryptographers have long
been missionaries for this duplicitous "trust us" faith, so it figures they
will evangelize among journalists to adopt encryption to upgrade the low
value of despicable fear and trembling scripture, and, as always, the
compensation for scribes of arcane holy writ of comsec tempest and crypto
At 09:25 PM 3/16/2014, Cari Machet wrote:
wait ... are you saying money corrupts ???
if you are saying that corruption is at hand then how can we trust the supposed
human beings behind any of these names ? i mean i think you are saying corruption
is at hand but i dont want to assume anything...
Assume this promotional creed screed for national security journalism:
No, media venality is not news. What is worth examining is the long-term
exploitation of "national security" as a joint gov-com-edu-org racket to
manipulate secretkeeping as a wealth concentration industry. This has been
commonplace since the national security state was invented after WW2 and
led to need for continuous spying to manufacture enemies and to arm for diddly
squat combat against fictious foes by hugely expensive but hardly ever used
armaments. Cryptosystems among the black budgetary wastage.
In particular cryptosystem popularization (as here and its emulators) as
ostensible opposition to the national security racket, begun in the flower-child
60s to flower wildly in the 90s and rise to a kudzu crescendo with Snowden's
operation to validate crypto use against illusory enemies within the state,
cloaked as usual by the blanket exculpt "to do no harm to national security,"
then hide behind privileged natsec journalism so dirty and complicit in govenment
affairs it needs protection from the public, so merely dribbles dainty tidbits
of threats to privacy and to advance the favorite ACLU and EFF lawyerly
fund-raising hobgobblin of constitutional violation.
FISA Court jiggery-pokery by lawfare warriors indicates that lawyers and
judges know diddly about comsec technology but dare not admit it and lose
control of the public narrative of threat and protection obligatory in the
trillion dollar national security hootenany which compares to organized religion
of the medieval era which ruled heaven and earth with fantasticly frightening
and pleasuring tales of evil and salvation.
Adled journalists are racing to adopt encryption as crusading chain mail
raiment, ignorant of how easily it can be penetrated, but no matter, what
will really protect the valiant journalists is "constitutional protection,"
a comedy of conceit and stupidity usually associated with court jesters.