SoylentNews is people
SoylentNews
The FBI and other LEOs often complain about the risk to preventing and protecting against crime posed by the use of encryption on the internet. Recently, there have been several senior figures stating quite categorically that encryption will enable criminals to operate with impunity, completely defeating the efforts of those 'trying to protect us'.
In fact, next Wednesday, both the Senate Intelligence Commitee and the Senate Judiciary Committee are hosting "hearings" for [FBI Director James] Comey, about the issue of "going dark" due to encryption.
[...] So it's rather interesting that before all that, the US Courts had released their own data on all wiretaps from 2014, in which it appears that encryption was almost never an issue at all, and in the vast majority of cases when law enforcement encountered encryption, it was able to get around it. Oh, and the number of wiretaps where encryption was even encountered has been going down rather than up:
The number of state wiretaps in which encryption was encountered decreased from 41 in 2013 to 22 in 2014. In two of these wiretaps, officials were unable to decipher the plain text of the messages. Three federal wiretaps were reported as being encrypted in 2014, of which two could not be decrypted. Encryption was also reported for five federal wiretaps that were conducted during previous years, but reported to the AO for the first time in 2014. Officials were able to decipher the plain text of the communications in four of the five intercepts.
Obviously, if more communications are encrypted by default, it's true that the numbers here would likely rise. But the idea that there's some massive problem that requires destroying the safety of much of the internet, seems more than a bit far-fetched.
Original Submission
(Score: 2, Interesting) by anubi on Sunday July 05 2015, @06:29AM
Looks to me like about the last thing one would want to do is start spewing encrypted streams if one was trying to lay low and not arouse attention. All the TLA's probably have back doors to all the "approved" encryption techniques anyway, and all you have done is illuminate yourself as a generator of such stuff.
Once you are on the radar, everyone you contact is on it too.
Internet AIDS, if you will...
The real art is in communicating right out in the open without anyone even suspecting. Stuff like steganography. Use common public protocols, and hide your rubies in what looks like the cat litter pail. Roll your own encryption so you do not leave identifiable signatures of prior art. Use one-time pads of digitized interstation FM hiss if you are really paranoid about your stuff getting out. Hide it in custom porn or lulzcat videos, common stuff but no other copies exist to which the contents can be compared - or "pirated" redigitizations of copyright infringments... everyone else who downloads it is quite unaware of what's in the noise and sees only the movie. The fact many people downloaded the thing gives the cats a lot of mice to chase. Who cares if they have a copy of your stego'd in dirty little secret? Its useless and even its very existence is not detectable without the pad.
I get the idea this fear of encryption is overdone. I feel encryption is only of use if the existence of the communication is already known. Stuff such as above-the-board financial transactions and other business communication. Sure, TLA may use their backdoor, but should they misuse their privilege, problems will start showing up, get traced back to them, and they will have some explaining to do.
For the real covert stuff, the cat is out of the bag if its discovered that a communication even took place.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
(Score: 2) by MichaelDavidCrawford on Sunday July 05 2015, @06:47AM
Modify the encryption algorithm in some innocuos way then dont tell anyone what you did.
For example AES has multiple rounds. Add one or two more.
Destroy the source code.
To have any hope of decryption they will need your binary. While they could conceivably find it there are ways to hide it that would make it quite difficult for others to find. For example your crypto could be a photoshop plugin, unless you edit a certain specific image.
Yes I Have No Bananas. [gofundme.com]
(Score: 4, Interesting) by frojack on Sunday July 05 2015, @08:32AM
The problem with not using encryption so as to avoid suspicion is that then becomes the standard by which every one is judged. By knuckling under you condemn us all.
In short, you've chosen to become a useful idiot for them.
They can do a full take on just about anyone's and everyone's data stream. You can't hide in plain sight and expect that to work.
Why has Soylentnews.org decided on https only when everyone can pull up the pages? Because it forces them to break the encryption just to be sure it is what they think it is. Less resources to dedicate to digging into your personal life.
Encrypt it all and let God sort it out.
No, you are mistaken. I've always had this sig.
(Score: 1, Informative) by Anonymous Coward on Sunday July 05 2015, @08:46AM
While I agree with the encrypt everything approach, actually, any site with a login should be HTTPS-only (at least for logged in users) to protect against the Firesheep [wikipedia.org] attack.
(Score: 4, Insightful) by _NSAKEY on Sunday July 05 2015, @08:40PM
That, and they can't inject exploits into the packet stream in transit like they did with YouTube back before it went https-only.
(Score: 0) by Anonymous Coward on Sunday July 05 2015, @10:46AM
You did notice the s in https in the url for soylent right? Encrypted traffic is commonplace. Most people don't even realize how frequently they use it.
(Score: 0) by Anonymous Coward on Monday July 06 2015, @06:11AM
(Score: 2) by Yog-Yogguth on Wednesday July 29 2015, @09:21PM
Not to discourage you and not saying you're wrong (your conclusions are spot on in my opinon) exept one thing (and sorry if you've heard this before, not meaning to be a bore): you don't need to use encryption to get “internet AIDS”, I guarantee you that you already have it.
You don't need to read anything, you don't need to load a page after the fact, or (if by e-mail) the mail never needs to be delivered to your spam box or even sent; it's enough that it was somewhere where it was accessed (either in transit or on a corrupted node including any endpoints) and that it somehow involved or referenced you or has some kind of association with you.
You have never done anything at all, never mind whether it would be good or bad. It still doesn't matter.
Now then (if you read this) what precisely do you think my signature is? It is (purportedly) text strings the XKeyscore [wikipedia.org] system looks for in any and all MIME [wikipedia.org] content (or S/MIME [wikipedia.org] for that matter) the massive surveillance and manipulation system gets access to (not just e-mails but html pages, any html page bulk text like this comment is MIME, the details are in the given Wikipedia link). According to the snippets of leaked XKeyscore ruleset/configuration it flags anyone/thing associated with hits matching these strings as an extremist. Maybe they've changed that now or maybe they haven't, and who knows what else the ruleset looks for, it could be anything.
This is why there are millions of ordinary boring people on various lists already. Like you and me.
Not enough to get you into trouble on its own, enough to prove a point about where we are right now.
If this wasn't enough the system (i.e. not just XKeyscore but all of it) simply doesn't care if you have “internet AIDS”: it takes everything it can get and tries to get what it can not yet get. You are facing pretty much every government on the planet, every single “secret” service no matter if they're allies or not, exponential technological improvement, billions and billions of yearly expenditure, and some of the “smartest”/most capable people who have ever lived who nevertheless are for most part unable to realize where this thing “ends”.
It's hard to explain the horrors of this without sounding insane, even more so to people who aren't particularly interested or who can't overcome their innate disbelief or who simply don't understand the details. I'm no good at it. This is something that can be improved.
Another thing one can do is to speak ones mind openly.
Maybe the above is stupid, but I try not to do anything too stupid, deciding on my own terms as each should do for themselves.
Bite harder Ouroboros, bite! tails.boum.org/ linux USB CD secure desktop IRC *crypt tor (not endorsements (XKeyScore))
(Score: 1) by anubi on Thursday July 30 2015, @02:10AM
Thanks for the post. You and I think a lot alike.
I am convinced of exactly what you pointed out - we are all on a list - just like at credit reporting agencies. With the numbers beside our name indicating correlation of our perceived allegiance to different memes.
Like you say, I feel one thing I can do is openly speak my mind. And I do. Here. Probably too much.
"Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]