- Speaker: Bruce Schneier
- Date: Thrusday 6 February 2014
- Duration: 1h
- Location: MIT, Cambridge, MA
Bruce Schneier is an internationally renowned security technologist, called a "security guru" by The Economist. He is the author of 12 books — including Liars and Outliers: Enabling the Trust Society Needs to Survive — as well as hundreds of articles, essays, and academic papers. His influential newsletter "Crypto-Gram" and blog "Schneier on Security" are read by over 250,000 people. Schneier is a fellow at the Berkman Center for Internet and Society at Harvard Law School, a program fellow at the New America Foundation's Open Technology Institute, a board member of the Electronic Frontier Foundation, and an Advisory Board member of the Electronic Privacy Information Center. He is also the Chief Technology Officer of Co3 Systems, Inc.
Cool codenames can be found in NSA documents:
- MUSCULAR: program used to collect Google and Yahoo user data by eavesdropping on lines between their datacenters.
- Little: Codename for Level 3 Communications, an ISP partner of the NSA.
- FAIRVIEW, STORMBREW, OAKSTAR, BLARNEY: programs used to collect Google and Yahoo user data by eavesdropping on the links between the individual users and the web servers. Many codenames depending on the servers used.
- PRISM: program used to collect Google and Yahoo's data by asking the companies directly.
- QUANTUM: program to do real-time packet injection from the network. Tap points above were passive, this one is active. Runs on TURMOIL. Bunch of subprograms, QUANTUM INSERT to insert packets, QUANTUMCOOKIE to forces you to divulge cookies, QUANTOM HAND (we don't know what it is exactly).
- FOXACID: QUANTUM exploit orchestrator, middle-man serving exploits to a user tricked to visit it.
- FERRET CANNON: decides which exploits is served to a user by FOXACID.
- SOMBERKNAVE (see Bruce Schneier's blog post published the day before): sits on a user's computer, turns on the wireless connection while the user is not paying attention, sends data over the network and turns the wireless connection off again.
- Surveillance tools, such as EVILOLIVE: IP location database.
- Analysis tools: MARINA, PINWALE, MAINWAY, XKEYSCORE, ...
- BULLRUN: program to deliberately subvert the security of products, standards, protocols.
- Other codenames: VALIDATOR, MINERALIZE, UNITED RAKE, EGOTISTICALGIRAFFE, BLACKHEART, HIGHLANDS, VAGRANT, BULLRUN... There is no codename database1 but hundreds seen so far.
The NSA has turned the Internet as a giant surveillance platform, robust legally, technically and politically.
For example, NSA has at least 3 different ways (through different legal authorities, different programs, ...) to access Yahoo and Google data. It is also true for cell phone and Internet data.
NSA is still lying on their capabilities and carefully uses sensitive vocabulary. When someone testifies that an activity is not done under a certain legal authority or a certain program, it is done under other ones.
We have seen the NSA documents, but a lot of information are shared with other agencies, CIA, DEA, NRO, ... and other Five Eyes countries (USA, Canada, UK, Australia, New Zealand). We are seeing some of them. We are seeing some of their devices to fake cell phone data too.
NSA's mission is to collect everything. Internet data from airplanes, chat conversations, ... every communication is collected.
NSA was born during the Cold War, that was normal. It collected a lot of data, useful or not. This ubiquitous mentality should have died with the Cold War, but got new interest with September 11. Intelligence agencies had a new mission: make sure this never happens again. To make sure of that, the only way is to know everything that does happen. The enemy changed from the communists abroad to the terrorists in this room, we now have to look everywhere, aided by natural trends of IT. Everything we do on a computer creates a transaction. Data is a product, more and more searchable. It is also easier to save everything. We are all leaving digital footprints everywhere in our life, enhanced by cloud computing. Natural consequences: wholesale surveillance of everyone, all over the world, backwards in time. Nothing is forgettable anymore.
This had created an alliance of businesses in private and public surveillance. We have built systems that spy on people in exchange of services. Surveillance is the business model of the Internet (cookies, cell phones as a tracking device, through the embedded GPS or the cell towers or through apps, ...).
Asking companies to give access to their data also comes from the Cold War, when we wanted to know where communications came from, as well as undersea cables to spy on soviet communications. It is more complex nowadays, leading to cooperation, bribery, threats, compulsion.
This is the golden age of surveillance, because everything we do is surveillable, not only metadata.
The president said: "Don't worry, nobody is listening to your phone calls". He used the verb "listening", but he didn't use "recording", "transcribing", "analyzing", ... Metadata equals surveillance data. And metadata is much more important than conversation content.
- The NSA looks for pairs of people coming near each other, turning their phones off and on again an hour later. → They look for secret meetings.
- They look for anonymous phones that turn off where other anonymous turn on. → They look for burner phones.
We recently saw a report from the Canadian NSA explaining how to look at IP and geolocation data to identify people who don't want to be found.
Unfortunately, recent reports only focus on specific database or pieces of information. But in practice, it is the combination of multiple tools and database that matter. Put things together and you see a very sophisticated analysis.
The USA have a very privileged position on the Internet, but it is not only about the USA, these are very generic technics. We had this huge window inside the NSA from Snowden documents, but every country can have that: Russia, Iran, China, Syria, ... use a lot of these technics. Also, technology spreads. NSA technology becomes PhD thesis which becomes hacker tools. What we are seeing is what criminals are going to do within a 3-to-5-year window.
We have built an insecure Internet for everyone. We now have a loss of trust in technology and protocols, in the institutions that govern the Internet, provide infrastructure equipment.
There are a lot of details we don't know. These documents are NSA only, nothing on the United States Cyber Command. Company names are very rare. They are hidden behind codenames, highly classified enough to be not written anywhere, which means that we will never know about them. We will not know who is compromised and how they are compromised. In a way, it is a good thing, because if we knew the names, we would chase yesterday's problems rather than working on tomorrow's solutions.
We can build an Internet that is vulnerable to all attackers, or one that is secure to all users. We have made surveillance too cheap. The solution is to make it expensive again.
In his first interview after he became public, Snowden explained that encryption works and that properly implemented cryptography systems are one of the few things we can rely on. Cryptography works. That is why the NSA is trying and failing to break Tor. That is also why the NSA has 10 times more information from Yahoo's data than from Google's data because at the time, SSL was not used by default at Yahoo, while it was at Google.
Unfortunately, end point security is so weak that the NSA can frequently find ways around it. They hire the top 10% of the country's mathematicians every year.
There is a document called the Black Budget where James Clapper, the director of the National Intelligence, says that they actually have something they are working on. We don't know what that is, but guesses are:
- Elliptic curves
- General advances in factoring
- RC4, a very commonly used stream cypher invented by Ron Rivest, just on the edge of breakability
- A technic to exploit bad random number generators
Most cryptography gives the NSA troubles. Most of how they break cryptography is by getting around it: bad implementations, sabotaging standards, inserting backdoors in products, stealing keys, ...
The NSA relies on unencrypted streams of traffic (cell phones data and metadata, unencrypted traffic on the Internet, other third-party data, ...).
The problem is complicated, solutions are too. It is going to include government self correction, legal counter measures, international cooperation, ...
Surprisingly, the NSA had no contingency plans for all of their secrets being leaked. It is fixed now, but this will limit what the NSA does politically.
Before, being part of an agency was like being part of a club. The agency would take care of you and you would take care of them. This relationship cannot work in a world of contractors. Snowden did not work for the NSA, he worked for a contractor, no job security. These contractors are looking at this relationship in a different way than a career analysist. the NSA has to assume that everything they do will become public within 3 to 5 years.
If Snowden had revealed that the NSA was spying on Talibans or North Korea, nobody would care. But instead, he revealed that the UK was spying on Belgium. The risk analysis changes.
The last 2 NSA's directors believed that bulk collection was effective, but there is a contrary belief that collecting everything is not effective.
Before, collaborating with the NSA was cost free, because companies were being assured that nobody would discover. Nobody believes that anymore, so there is a lot more fighting back, and public opinion is now against companies that are cooperating, especially overseas. Public announcement of loss of sales because of this. Companies need the world to trust them with their data. Less cooperation.
NSA has a bigger budget than all the other agencies combined, but they cannot do magic with economics, physics and mathematics. We don't know enough to build computers that are secure from targeted attacks, but we can build protocols that are secure against bulk collections. We can redesign protocols to include more encryption on the Internet, in clouds, ... We already have things like PGP to encrypt data communication, OTR for instant messaging encryption, full disk encryption, but we need more end point security, better anonymity tools, cloud security, more open source and open standards harder to subvert, target dispersal and assurance. We need to be able to test that a program does what we think it does and nothing else.
There is a lot to do technically, but this is merely a difficult political problem. Most proposed solutions today focus on specific elements that the systems can easily get around.
The solution that can be imagined is known: it requires transparency, oversight, accountability. It is how we secure ourselves when institutions have power over us.
The NSA is way faster than the laws and they use them to their very edges. We need to make robust laws that are technologically invariant. Examples: laws preventing bulk collections of innocent Americans, laws prohibiting the NSA from deliberately weakening products and services.
Succeeding this would only affect the USA. It will be very difficult to prevent those laws to apply to non-US persons and it will not affect other countries.
A common argument: if we prevent the NSA to do so, other countries will do better and will win. This is an arms race and we need to leave this frame. Governments need to understand that a secure Internet is in everyone's best interest, whatever other countries do.
Surveillance is legally, politically and technically robust. This problem must be solved for everybody, not just the NSA (including other governments and cyber-criminals). A secure Internet is vital to our society.
We cannot stop all surveillance right now. The best we can do now is asking agencies to tell us what they are doing. But in the end, protecting is more important than eavesdropping.
This problem is bigger than surveillance. It is about data sharing, surveillance as a business model, ... It can be seen in digital advertising, or in medical data (better for research but very personal). Google Maps can provide good traffic information but surveils everybody to do that.
Fundamental and long-term issue of the IT society: how to build systems that benefits society while protecting people individually?
- PGP works. Chances that the NSA is breaking EAS on the fly are too small.
- NSLs are just the front door of activities they are already doing illegally. Worried about individual engineers collaborating and informal ways of cooperating. Easier to do, no need for anybody's approval.
- NSA is storing encrypted pieces of data because it is cheap. Encrypting data flags people. It is better for you and other people who really need encrypted data to encrypt everything, not just sensitive information.
- Tech people and politicians must talk together. These issues are complex and technical, we cannot craft good policies if politicians do not understand how the systems work and how robust they are.
- Quantum computing is not something the NSA will achieve soon.
- The Freedom Act is a start.
- Surveillance and eavesdropping are different.
- Peer-to-peer systems are more resilient to attacks than centralized systems. However, with centralized systems, it is easier to hide who is talking to whom.
- Some systems have to track you: phones must give their position to emit phone calls, but these information could stay local. Also, metadata sent by mobile apps and grabbed by the NSA could be encrypted. For these systems, we need redesign to minimize or anonymize the metadata.
- Simple counter-argument to making a secure Internet: terrorists will kill your children. This argument stops all rational conversation: privacy is not a good enough argument against that. A good argument is that we can still respect our laws and liberties, and yet beat criminals.