NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure
from the say-what-now? dept
There’s been plenty of commentary concerning the latest NSA leak concerning its FISA court-approved “rules” for when it can keep data, and when it needs to delete it. As many of you pointed out in the comments to that piece — and many others are now exploring — the rules seem to clearly say that if your data is encrypted, the NSA can keep it. Specifically, the minimization procedures say that the NSA has to destroy the communication it receives once it’s determined as domestic unless they can demonstrate a few facts about it. As part of this, the rules note:
In the context of a cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning, and sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.
In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them. And, furthermore, as we noted earlier, the basic default is that if the NSA isn’t sure about anything, it can keep your data. And, if it discovers anything at all remotely potentially criminal about your data, it can keep it, even if it didn’t collect it for that purpose. As Kevin Bankston points out to Andy Greenberg in the link above:
The default is that your communications are unprotected.
That’s the exact opposite of how it’s supposed to be under the Constitution. The default is supposed to be that your communications are protected, and if the government wants to see it, it needs to go to court to get a specific warrant for that information.
Filed Under: encryption, nsa, nsa surveillance
Comments on “NSA: If Your Data Is Encrypted, You Might Be Evil, So We'll Keep It Until We're Sure”
What we’ll see now (if it isn’t already happening) is a massive hike on encryption usage (I use https whenever available, OpenDNS encryption tool and others for a while now), anonymizing tools such as TOR/VPNs and services outside the US reach (ie: based in a privacy friendly country).
Not to mention that more people will move to encryption related development.
I wonder if the NSA has the firepower needed to decrypt all that? Also, given the new interest in crypto stuff I wonder if the US aren’t actually doing a favor to the people around the world by unwillingly pushing the development of decentralized and encrypted alternatives?
Re: Re:
All part of the grand scheme. Making it more difficult and costly to use the internet and communicate. Just think who has the most to lose from information. I’ll give a hint, it ain’t ordinary mortals having an affair.
Re: Re:
Looking at things through the other end of the telescope, the NSA’s policy on encrypted communications might be construed to mean that they reserve the “right” to capture, store and decrypt all encrypted communications, regardless of whether or not said communications are directly associated with a specific foreign person. In other words: All encrypted data encountered during whatever passes for the normal course of business, regardless of its source or destination, goes into their databases for use, at their discretion, now or at some point in the future.
So… What percentage of Internet traffic is encrypted these days, and will be encrypted in the future? Sounds as though the NSA have written themselves a future-proof policy (subject to change without notice) that gives them carte blanche to collect, store and analyze pretty much any and all data that they care to from anyone they please, without limitation, as long as it’s encrypted.
Re: Ninja
It doesn’t really help to encrypt your communication if they can get to it at its destination (Gmail, Facebook, ect.)
Re: Re:
they helped to develop a lot of that, so….
Re: Re:
This was my thought exactly. All of the sudden they’re going to be getting a lot more data than they’re used to!
Re: (post #1 by Ninja)
Computer power is approximately doubled each year. What may be unbreakable today, may cost a week to crack in the future.
Re: Re: (post #1 by Ninja)
Schneier, Bruce, Applied Cryptography, Second Ed., New York: John Wiley and Sons, 1996, pp. 157?8:
(Slightly reformatted due to lack of superscript in available markup here. I’ve used ?E? notation for powers of 10, and ^ for other exponentiation.)
Re: Re:
Better yet, they gonna ask for an increase in budget and build a neural-photon supercomputer that will cost $35B and be obsolete after 2 years when a new open source encryption system is released, all to analyze millions of emails and logs and determine that there’s nothing in there.
Re: Re:
they can if they want to… they are the federal government. they can purchase all the processing power they want, they can ask others to do it for them, or they can higher someone smart enough to decrypt it easily w/o having to have the right key.
Re: Re:
You can install Https-everywhere browser add-in and that’s it and 1500 web pages will get encryption in your browser without you need to worry anything about. See how to install:
https://www.eff.org/https-everywhere
Re: Re:
Yeah, except for something called quantum computers..
The US based company I work for uses a secure, encrypted VPN to allow employees to work from home or while out in the field. I suppose the NSA are keeping the data from that? Or is it just the general public they are concerned with?
Re: Re:
Given they wouldn’t be able to tell the difference until they crack the encryption, I’d say it’s safe to assume unless definitively proven otherwise, that yes, they are grabbing that data.
Re: Re:
Worse:
Most serious businesses will use SSH for remote server administration. Is the NSA going to try to be looking into that?
Last I checked, corporate espionage was still a crime.
Re: Re: Re:
“Well, when the president does it, that means that it is not illegal.” ????? ?RMN
Re: Re:
Well, seeing as how the Government works for Big Business and not the taxpayers, I can assure you your work is safe.
Re: Re:
Unless your office has a government official on speed dial, you are “the general public”.
Re: Re:
Or is it just the general public they are concerned with?
Primarily, people they think are threats to the government. This includes, of course, political activists, and probably even people they think might someday become activists.
Remember how Pol Pot used to kill people with glasses, because anyone with learning was a threat to his regime? The NSA will have people just like that working for them; in any organization that large, it’s guaranteed. And some will eventually come into positions of power, if they haven’t already.
Do you really want a mini-Pol Pot having full access to anything you’ve ever said electronically to anyone?
Well all I can say is I will be using the strongest encryption I can find from now on just for the hell of it. Their statement just seems like a challenge to me and I cannot help myself.
Damn my competitive nature.
All I know is I’ll be the winner because that little thing know as the power of ten dwarfs computing power very fast.
My message of I love toast and OOTB is a bitch will be triple encrypted each with a password over 500 chars. 90 trillions years in the future once they crack it they’ll know just how much I love toast and hate OOTB.
A code word or phrase may be hidden , and be undetectable, in any communication, so does this mean they get to keep everything?
Re: Re:
Here’s the catch. Probably yes, but only in a secret interpretation of the rule.
Re: Re:
According to the rules:
So “Yes” depending on whose definition of “reasonably” one uses. In this case it appears to be the NSA’s, so we’re screwed.
Re: Re:
Yes, that’s the point.
Twenty hours since the story broke and no official response? What are they waiting for?
Re: Re:
They are waiting for some contractor to leak their response to the press.
It’s more cost effective.
Re: Re:
They’re busy playing mp3s backwards, looking for hidden messages that might suddenly turn a kid into a terrorist.
Talk to your bank in the clear!
The NSA desires your cooperation in separating law-abiding citizens from foreign terrorists. The NSA asks you to make sure that when you are using the internet to conduct banking transactions, all your information is un-encrypted. That is, there should be no padlock visible on your browser.
This also applies to on-line shopping sites. Make sure that there is no padlock visible when you are providing your credit card number on-line.
Remember: If you use encryptation when you’re conducting financial transactions, the NSA may consider you a terrorist.
You have been warned.
Re: Talk to your bank in the clear!
Sounds like a kike to me
This means they will be keeping most business emails, or is this saying they can easily decrypt pgp.
I use double ROT-13, it’s double plus good.
Re: Re:
Double ROT-13 has been deprecated in favour of ROT-26.
Re: Re: Re:
Double ROT-13 has been deprecated in favour of ROT-26.
Pffft…I’ve been using ROT-156 for years. They finally decided to upgrade to ROT-26. Amateurs.
Re: Re:
Corporations aren’t people, the constitution doesn’t apply.
Re: Re: Re:
Didn’t you hear? They are people now.
http://www.theatlantic.com/politics/archive/2012/07/the-supreme-court-still-thinks-corporations-are-people/259995/
Re: Re: Re:
Corporate personhood is the legal concept that a corporation may be recognized as an individual in the eyes of the law. So yes, corporations are people.
Re: Re:
I just use cat images.
Re: ROT-13
I use ROT-X where the rotation is determined for each character separately based on random factors. I like to think my flash games are well encrypted!
mark-up.
So, you have a malformed link in your page…
Mike, you left out a closing a tag from that link
Just a thought: From today’s article Masnick says your data can be kept “if [the NSA] discovers anything at all remotely potentially criminal about your data” which is an inference made from The Guardian article saying they can collect your data if it contains “information on criminal activity”. But I inferred that they can collect your data not because “you are a criminal talking about your crimes”, but rather that they can collect your data if you are “talking about your friend’s roomate’s cousin’s brother” doing something illegal.
Re: Re:
Sure you don’t mean your father’s brother’s nephew’s cousin’s former roommate?
(And what does function verify_data($first_name, $last_name, $email, $zip)
function validate_fields($required_fields)
function create_account($sku, $first_name, $last_name, $email, $zip, $address1 = “”, $address2 = “”, $city = “”, $state = “”, $country = “”, $phone = “”, $fax = “”, $company_name = “”, $title = “” )
function create_free_order($user_id, $product_id)
function send_confirmation_email($sku, $email, $first_name, $product_type)
function login($email, $password)
function new_password($new_password, $verify_password)
function get_form_type( $product_id )
function decode_gate_key( $key )
function encode_gate_key( $seminar_id, $product_id )that make the two of you?)
Re: It's a lesson from the Holy Inquisition
Inquisitors during the middle ages realized they could get more targets by forcing their suspects (under torture) to confess to conspirators, generally by applying enough pain that they’re willing to allege their own sister.
Gmail is encrypted
Gmail is encrypted – both the web interface and server-to-server communications.
Does that mean NSA is storing ALL emails sent via GMail?
Maybe. Probably they can’t decrypt it, tho. 🙂
Re: Gmail is encrypted
Sen. Wyden: ? Does the NSA collect any type of data at all on millions or hundreds of millions of Americans?
DNI Clapper: ? No sir.
Sen. Wyden: ? It does not?
DNI Clapper: ? Not wittingly. There are cases where they could, inadvertently perhaps, collect?but not wittingly.
Re: Re: Gmail is encrypted
Clap on Clap off – the Clapper
Re: Re: Re: Gmail is encrypted
?President Obama ?certainly believes that Director Clapper has been straight and direct in the answers he’s given? Congress, White House spokesman Jay Carney said Tuesday.?
????? ???WH defends DNI director Clapper after congressional testimony draws fire?, by Stephanie Condon, CBS News, June 11, 2013
Re: Re: Re:2 Gmail is encrypted
He was straight and direct. He just wasn’t truthful.
Re: Gmail is encrypted
Nah.. Google has probably given them the “keys-to-the-kingdom” already… Helpful little Google..
Re: Gmail is encrypted
not just gmail, Google.com. And facebook. and g+ . And basically every social media platform.
Re: Gmail is encrypted
Your emails are not encrypted on gmail servers.
Re: Re: Gmail is encrypted
Emails are encrypted on Gmail servers NOW!
Truly yours,
The Future.
Re: Gmail is encrypted
The NSA easily makes Google decrypt all mails, so that NSA can have their copy of all mails. Including those mail you deleted, because those mails did exist for a moment.
(Welcome from living under a rock. hehe)
Re: Gmail is encrypted
Google gives the government the key. Your gmail is decrypted.
Information about criminal activity
Sometimes I open other people’s mail. (Esp. when it’s addressed to my 4-year-old.)
Yesterday I exceeded the speed limit. Another crime.
Hi, spook!
The NSA thinks we are guilty until proven innocent.
Traitors
All of you should be shot for treason! All this is just to protect us! The NSA likely will be arresting the lot of you soon enough anyways.
Re: Traitors
Please your rhetoric is that of a naive. “Traitor” is just a view point from what “side” your brain is BAMBOOZLED towards. I.E. Germans who were “traitors” to their countrymen. Not to say they were ever real cool with Hitler per se, but stil branded traitors by many including their own country. “http://news.bbc.co.uk/2/hi/uk_news/magazine/8635541.stm”
So the “s” in “https” means the NSA is listening.
Make it look like SPAM
Ever see those spam message that have a bunch of random words?
Encrypt you data, convert to base64.
Replace each base64 character with some sentence from a book.
NSA’s SPAM filter discards your message.
Re: Make it look like SPAM
Better Yet, get an throw away email address and get it on as many spam lists as possible, then take all that wonderful spam we have all tried to fight for years, and encrypt it and send it out… now you just increased the work load for the whole operation by 1000% if 500 ppl do it, the whole thing comes crashing down just based on the sheer amount of info they would be forced to sift, thus making the whole thing impractical….
Re: Re: Make it look like SPAM
Hell, just buy some botnet time and send out a couple million encrypted Viagra ads every week.
Re: Re: Re: Make it look like SPAM
Hypothesize a mail-list for Syria/Iran, and a spambot sending out encrypted messages from random email address in US (typical behavior of spambots). How long until it fills the NSA’s new facility? Show your work.
Re: Make it look like SPAM
Very intriguing, any proof they have a spam filter?
This is why I use CryptoCloud. Hurray 2048 bit VPN. Have fun wasting several mainframes over the next quadrillion years for data that is worthless in terms of national security.
Re: 2048 bit VPN
You don’t understand how it works. It doesn’t matter how good the encryption from you to point X is. All it takes is for them to have access to point X and grab whatever decrypted traffic. All VPN does is to encrypt data at one end of the pipe, and decrypt at the other end. The VPN tunnel is transparent to the communicating parties, so you only need to tap at the point, where the data is decrypted again. You either do it by officially order a company to comply, or you just pay an employee of the company, to do the job for you.
might just as well throw the Constitution and every other law meant or designed to protect ordinary people, their speech, their ideas and their property out the window. law enforcement are going to do exactly as they please! does anyone actually believe that things will change after this episode has died down and blown over? things will be the same as they were or worse. the one difference will be they way it is all hidden away!
Tyranny Bedrock
There is no 4th amendment.
This has turned into a sick, fucked up joke and if you’re not laughing the joke’s on you.
As soon as the powers of the NSA were unleashed within its own borders it was game over.
Secret data, secret sources, secret tips, secret courts, secret enforcement, secret government, secret law, secret all powerful gods to rule over the engines of commerce.
Soon
Everything
Creates a
Reasonable
Expectation of
Tyranny
Personally, I think some current and previous heads of government need to be tried for treason against the people. “To protect” does not override the foundational laws of freedom.
“The people” are the very last means of protection that any people have.
Doomed. Doooooommmeed.
I hope that all your hopes of abortion and immigrants and prayer in school and gun ownership, and favorite reality tv show ends the way you want it to! Fucking tools.
Reasonable Expectation of Privacy
As I said before, I really can’t see how encrypting your message cannot result in a reasonable expectation of privacy, meaning that encrypted messages should not legally be captured without a court order.
Hopefully someone brings this up to the administration. I’m sure it won’t be anyone from the mainstream media, and certainly not NPR.
Re: Reasonable Expectation of Privacy
Justification for snooping through all your stuff with impunity:
1. Hey, you didn’t encrypt it so obviously you weren’t expecting privacy anyway.
2. You encrypted it, so you might be doing something bad.
Re: Re: Reasonable Expectation of Privacy
Wait… This sounds strangely like the thinking surrounding Mega, doesn’t it?
1. If you can search files then it’s contributory infringement.
2. If you can’t search files then you’re just trying to hide the infringement, therefor it’s contributory.
Re: Reasonable Expectation of Privacy
When it comes to all the 21 spy agencies, forget any laws. They do what they want to do. It is all secretive, so you either have no idea what’s going on, or if you do have an idea, you can’t sue bcs of state secrets privilege. That’s it. Once you allowed the unpatriotic “Patriot Act” to become a law, you screwed your own future.
Steganography
We need to develop strong encryption that is then hidden using steganography so that is disguised as something else.
Re: Steganography
We don’t really, because this already exists and has for a very long time.
Re: Steganography
On the contrary, because of the way the NSA criteria are worded, the fact of the existence of steganography enables them to save anything they want (“well, it might have a secret meaning”)…
Re: Steganography
We should not have to encrypt anything. Encryption is supposed to protect us against hackers and other unwanted mother******* who wish to invade our privacy. Elected Governments work towards assisting public against such attacks. Are we going crazy or the whole process has turned upside down and people including me are just sitting on our backsides commenting on the role of an agency whose main goal seems to be to become, actually has become the biggest dictator and we just say, oh well, it is in the name of security and sll the while they are attacking other countries directly or indirectly claiming dictatorship in those countries. I guess now the slavery and colonialism is over, the next step is to control the world via electronic media. All of you tech guys out there I applaud your suggestions but youcould be charged with treason so soon. It is time to get our heads out of our a***s and start a new peaceful world without weaponry, mass killing and class distinction in any form. How??? No idea, it seems my head is still where sun does not shine.
Not cool.
Ugh.
Encryption Chain
So if they have to keep all Encrypted data tell it’s encrypted, what would happen if.
User “A” Sends a 10 Meg Encrypted Picture to everyone on their E-Mail Chain List.
Receivers then Re-Encrypt the Original Message (This would now be a “NEW” File as far as the NSA cares, give they didn’t break the original encryption. This new 10Meg Email is forwarded on to a new list of Anonymous users.
Rinse & Repeat.
Each User just sending to 10 new users with custom encryption for each user is 100 Meg per person of Encrypted Data for the NSA to keep.
Re: Encryption Chain
Thanks, this article and the responses were bringing me back to the days when I worked as a messenger in NYC and would stop at every other pay phone to call 800 numbers from Falwells’ “Liberty Lobby” and other right-wing jackholes. Engage them in an inventive two minute elliptical conversation or simply declare “you paid for this call” and be on my way. Yes, let the era of extreme encrypted funny cat videos with nonsensical koans, automated palindrome generators and sedoku-derived text begin. Let them choke on it. Don’t forget bean dip recipes and product ingredient lists with rAnDom CApS.
Europe’s response to this will be interesting.
A rational response to Europe’s privacy concerns would be to build Euro-owned and -governed big-data-type solutions.
However, to make them work and have any hope of addressing the privacy concerns, Europe would have to ban the use of the USA-based, hopelessly-compromised services like Google and Facebook.
Basically, to have any semblance of privacy going forward, Europe needs to turn SOPA-like restrictions on the historic US Internet services. No other choice: the US can never be trusted again.
Decode THIS!
MP+D’+D^34:@%7DLH=GH(14““”Q>AX7.]?M`X9IJ):E/D![R4“`!”?9)P
M2.6:ZF(S&;$)[-1E3Z!C*$.4’E*W3S^J%`VBD>85““14[FHT:1LPC6BX.
MEAIT?CL5““0_’:ZP9*!S!+8?^T.[7+>A(Y$-,DJ-UI8&
M’9^I9L55/F+.T,H6,24SF#H“`T““#`P(!!Z”0(A0-““/^“““““
M*J+CY_]R>O)3J$HS.1SCO(/[#:N!H^^*)3[-!;HBYUD^,CIXF$2;G+D5J+L8
M];F+0;P3J`V+F_YH,TSE)(Y//0M,/S`(9QG@X9/9I5*198″=?XQ_=0N-3-_R]_/U7)#’Y4/F*=-S!OIM&Z#
M%MY4?7LH7$4+6][H=@1J):T,;^%&TYL4L/&=Y1*A%DTC,A#Z”*0+@[A](GX6
L]!TZR@VLX,HW3CK==L1BB”7
Funkoscope
http://Soundcloud.com/Funkoscope
ℱ?ηк◎ṧḉσ℘e || Psychedelic, Electronic, Chill
So while they were busy with this two yahoo’s in Boston managed to legally enter the country, one became a citizen, Russia was telling us the other was radicalized, and they managed to set off pressure cooker bombs, killing and maiming the very citizens the NSA was preoccupied spying on.
Dis sht b crzy u tink dey sav evry txt kdz snd. U cn c sum fdrl 5-O tnkin 0 sht alKda
Oops
It goes even a little further
“In other words, if your messages are encrypted, the NSA is keeping them until they can decrypt them”
” sufficient duration may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.”
You sort of covered it, but to highlight: The DOJ and NSA are among the all time world champions in the use of weasel language. Notice their statement could be interpreted to mean they will keep data, even if it is clearly domestic only, even if it is clearly not illegal or controversial, simply because the breaking of the cryptography revealed insights into breaking crypto itself. In other words, if they broke it, they’ll keep it just as an example of a code that might be used elsewhere.
Also, if you use a iOS device, and you use iMessage as your message platform, all the text you send are encrypted and thus can be farmed by the NSA.
I thought this was a chilling page:
“The first thing I did after I heard about the highly classified NSA PRISM program two years ago was set up a proxy server in Peshawar to email me passages from Joyce?s Finnegans Wake. A literary flight of fancy. I started sending back excerpts from Gerard Manley Hopkins poems.”
http://www.warscapes.com/literature/cryptogams-nsa
Re: To Demosthenes Locke
Thank you for that link. I read it… and after pondering the story (especially in light of the NSA’s storage of our communications), I found this to be the most frightening conclusion of all:
“My epiphany came here…
Joyce, Hopkins, Proust, Shakespeare…had sought immortality in their endeavors… And yet, here the government had actually done it… for all of us: everything written now preserved for evermore ? and if the United States of America had her way, it would be until the end of time. Our immortality in the mineral composition of database drives.“
I have never desired, nor do I now, the preservation of my personal thoughts, ideas, and/or communications of any kind, which I sent specifically to certain individuals.
Around 10 years ago, it occurred to me that what is sent via the internet stays on the internet; and so, I made the decision a decade ago to never write or send that which I did not want preserved for posterity, frozen in databases for all time. I’m elated for that foresight, though at the time, my family & friends considered me “paranoid.”
Even so, the fact that our written and spoken communications are stored (and depending on content, may earn us a visit similar to Mr. Sifton’s)? should not only frighten us, but become the impetus for each and every one of us to refuse to make it as easy for them to continue doing so…
Unconstitutional
There is absolutely no Constitutional basis for their conduct. The agency needs to be shuttered.
Look this is bullshit they keep everything anyway, if you encrypt everything it just make their job harder and gives you a bit of privacy maybe.
PGP/GPG use it love it.
NSA is committing copyright infringement! We should get Prenda to send themselves and encrypted porn movie and then sue the NSA!
The scariest part...
I think the scariest part of that statement is: “or reasonably believed to contain secret meaning” …
S: “What does your pet look like?”
R: “My cat is orange.”
Could be “reasonably believed to contain secret meaning” given the standards of which the NSA is operating… ergo, any data qualifies.
This post turn me on dead man may contain annuit coeptis novus ordo seclorum secret meaning turn back turn back and therefore may be retained by the cranberry sauce NSA which eats Cheez Whiz.
sllab ym kcus
Hosting our own private with email encrypted connections. The NSA has no play here! 🙂
Increase Encryption, Decrease Spam
Perhaps excessive encryption compute time could be used as the cost of sending an email, which would help reduce spam, if you only accept encrypted email?
Privacy through obfuscation is the answer. . I’ve been saying it for years. Write an app that dumps tons of encrypted data into their pool amidst the data that is actually legit and even if they can eventually decrypt it, they will can’t figure out what is meaningful.
Re: Re:
CALLED LAYERING, But with that method you have just made it impossible for you or anyone else you want to read the info legitimately. Besides they will break your silly app. Not even close.
The solution to all this is to build systems which track government data and publish it all, openly, for the world to see. Something like Logwatch, to pick up times emails sent to/from elected officials, law enforcement and the military.
But just publish the government side of things, not the “joe public” sender/receiver.
Oh, and if there is a “malicious payload”, i.e. an encrypted attachment, make that publically available too. 🙂
If you have nothing to hide… don’t hide it.
This is a Very Useful Piece of Intelligence
It tells us that one of the most effective ways of protesting the NSA’s abuse of our Constitutional rights is for as many citizens as possible to send encrypted messages.
We should all be sending encrypted messages, and each one should contain relevant quotes from the U.S. Constitution and our founding fathers.
The technically savvy should be doing everything in their power to enable the less technically savvy to achieve this.
Knowledge is power. We have just been handed a very useful bit of knowledge.
At a press conference to discuss the accusations, an N.S.A. spokesman surprised observers by announcing the spying charges against Mr. Snowden with a totally straight face.
?These charges send a clear message,? the spokesman said. ?In the United States, you can?t spy on people.?
Seemingly not kidding, the spokesman went on to discuss another charge against Mr. Snowden?the theft of government documents: ?The American people have the right to assume that their private documents will remain private and won?t be collected by someone in the government for his own purposes.”
Animal Farm by George Orwell. He eas ahead of his time.