Schneier on ‘Going Dark’ and the Crypto Arms Race
by Tom Spring / July 16, 2018
“Bruce Schneier is a computer security expert who, for decades, has been a leading voice for cryptography and all things security. In this question-and-answer formatted interview, Schneier describes the disjunction of today’s abundance of encryption tools and a dearth of personal security. Schneier also touches on some of the dangers associated with “middle ground” compromises in encryption to placate law enforcement.”
TP: What does the term “going dark” mean to you and is there a middle ground where law enforcement and cryptographers can meet?
Bruce: “Going dark” is a marketing term for an FBI narrative that encryption makes it impossible for the FBI to solve crimes. It’s propaganda, really, and has little basis in reality. As we see again and again, cryptography is not an impediment to law enforcement. We saw in the recent Mueller indictments (against Paul Manafort) that some of the messages sent using secure messaging apps were recovered. Investigators didn’t break the encryption, they were able to find backup copies of the message stored in various places. This is not uncommon.
TP: So the non-propaganda term for “going dark” would be strong encryption, secure communication or protecting data?
Bruce: What you are describing is security. The problem with notions of a “middle ground” is that cryptography is mathematics and law enforcement is policy. The laws of mathematics are not something that can be compromised, they just are.
TP: Today there is an abundance of encryption, or security, tools for keeping conversations and data private. Does that mean we are more secure than we were, say five years ago?
Bruce: Yes, today we have more encryption tools than before. That’s mostly due to the rise of smart phones as computing platforms, and secure messaging systems. We’ve always had secure email, but it’s never really worked very well. Today, people use secure messaging tools such as Signal and WhatsApp. At the same time, more end-user devices are natively encrypted. And more of the Web is encrypted. Are we more secure because of this? Of course we are, but security is a lot more than encryption. And there is an enormous amount of insecurity in the Internet services and systems we use. The threats have gotten more serious. So we are less secure than we were five years ago.
TP: Less secure in that people’s long tail of digital metadata can be used to exploit them despite how secure someone’s practices are?
Bruce: Partly, but I am thinking more of the increased threat landscape. Consider something like a car. Five years ago it would be impossible to hack a car because they weren’t on the internet. Now they are on the internet, and they’re vulnerable. Security used to be about data, but now it’s about the real world. We’re seeing the rise of computers that affect the world in a direct physical manner, and that adds a new level of risk that doesn’t exist when we were only concerned with data.
TP: Are we talking about IoT devices?
Bruce: IoT is part of it. IoT is the small things. I also worry about larger things — cyber-physical systems — such as power plants. We have seen successful attacks against Ukrainian power plants and other large critical infrastructure. These kinds of attacks are certainly possible and becoming easier for nation states, but also non-nation state actors. More critical systems are going online and that is bringing danger because they are not vulnerable to the same type of threats that computers are.
TP: Thinking a little bit more on the topic of encryption, we are seeing a lot of encryption cat-and-mouse games. On one hand Apple or Signal make their products stronger to lock out third parties. Then the government or an enterprise security company devise a workaround. Have we ever seen this back-and-forth before at this pace?
Bruce: It’s absolutely an arms race. We have seen it throughout human history again and again. There has always been and always will be that arms race between attacker and defense. You can go back to DES (Data Encryption Standard) in the 1970s. There is a constant battle between making something secure and rendering it insecure.
TP: In the context of today, has the US government gotten better at sidestepping encryption?
Bruce: It’s not just the government. Everybody has gotten good at sidestepping encryption. The US government, foreign governments, criminals, everybody. Sidestepping encryption is how we break systems. We almost never break the actual encryption. The Manafort indictments are a perfect example. Strong encryption is hard to break. So why would you spend your time doing the hard thing when you can do the easy thing?
TP: What’s your sense of the Justice Department and the FBI under Trump and where they want to take the encryption issue?
Bruce: I have no idea. Trump is a chaos agent. Making predictions about his policies seems fruitless.
TP: Thinking about the FBI, is there is there a middle ground between the things that law enforcement wants to do and the people’s right for security and privacy?
Bruce: The middle ground is having less security and giving more access to people who want to break into systems – that’s the FBI and the Chinese government and cybercriminals. That’s the middle ground. Think of it as a dial. How much security do you want to have? How much access do you want? This notion that I can build a backdoor that only works if a [person with a] certain morality tries to use it. That’s what doesn’t work. If you’re willing to have your nuclear power plant a little less safe in exchange for giving the FBI access, that’s your tradeoff.”
Obama’s surveillance legacy
by Sascha Meinrath / Jan 18, 2017
“In his farewell address, outgoing President Obama warned that US citizens “must guard against a weakening of the values that make us who we are.” And digital privacy advocates such as myself welcomed his call to “reform our laws governing surveillance to protect privacy and civil liberties.” Yet Mr. Obama’s most enduring legacy may be the establishment of the modern US surveillance state. During his eight years in office, Obama has dramatically expanded the reach of US government surveillance, with scores of new revelations of previously unknown surveillance initiatives continuing to regularly come to light.
Just two days after his Jan. 10 farewell speech, The New York Times reported that the Obama administration had granted sweeping surveillance powers to the incoming Trump presidency – dramatically expanding 17 government agencies legal authority to spy on US citizens. This schizophrenia between rhetoric and action has plagued the Obama administration, but in this case, also directly undermines the very values the exiting president has called upon the nation to so vociferously support.
Obama’s surveillance expansion was accomplished not with legislation but though the power of the president to issue new, or, in this case, updated, executive orders. Specifically, Obama added to the order former President Ronald Reagan first created in December 1981 – Executive Order 12333. This cold war relic had a singular goal, to “provide the president and the National Security Council with the necessary information on which to base decisions concerning the conduct and development of foreign, defense and economic policy, and the protection of United States national interests from foreign security threats.” Obama has updated the original intent and expanded its scope – just as former President George W. Bush did in 2004 and 2008.
Obama’s administration has reinterpreted “foreign security threats” to also mean “domestic security threats” and increased the number of agencies that have access to the National Security Agency’s (NSA) surveillance data. With the CIA, FBI, Drug Enforcement Agency, Treasury Department/IRS, Homeland Security, Coast Guard, and “such other elements of any department or agency as may be designated by the president” now able to get this data, there’s really no meaningful limit to how widely information might be shared nor who might be targeted.
These changes will dramatically increase the impact of spying on everyday Americans. Many more government agencies will have access to your most private emails, phone calls, text messages, social media posts, and a host of other information; and compartmentalization of sensitive information will be irreparably diminished. The power of these tools is far greater than should be in the hands of any president, regardless of political affiliation. However, whatever your concerns are about data in the hands of the government – and the concomitant development of registries targeting everyone from and immigrants to gun owners – this threat to democracy is compounded by the complete lack of transparency.
Under the veil of “national security,” these programs are largely hidden from the American people. As we celebrate Martin Luther King this month, we should remember the lessons of COINTELPRO – the secret surveillance program that labeled Martin Luther King a terrorist and sought to discredit this civil rights leader and drive him to suicide. The Fourth Amendment is unequivocal in its intent to protect people’s right to be secure in their “persons, houses, papers, and effects, against unreasonable searches and seizures.” And as a constitutional scholar, Obama already knows that the Fourth Amendment explicitly requires law enforcement to get a warrant prior to invading an individual’s privacy.
By using the power of the executive branch to enable warrantless surveillance of millions upon millions of Americans, Obama is not protecting the core values of our country, he is undermining them. For many Americans, their first brush with these new powers Obama has bestowed upon law enforcement will likely be its application – almost always wrongfully – in rounding up innocent civilians incorrectly identified as terrorists or criminals. Put simply, when you search through a vast quantity of data (e.g. the NSA’s surveillance data) for an incredibly rare phenomenon (e.g. a terrorist), the number of false positives – the number of innocent people incorrectly flagged as suspects – skyrockets.
A few commentators (especially those formerly employed by the NSA and the agencies and companies who have profited from over-exuberant surveillance) have continued to defend Obama’s expansion of surveillance efforts, often via statements that are, at best, misleading. Susan Hennessey, a Brookings fellow and former attorney in the NSA general counsel’s office, even went so far as to claim recently in the Atlantic that “the FBI could not obtain access to or search raw intelligence information for ordinary criminals in an ordinary criminal investigation against a US person” even while that is, sadly, exactly what has already been happening.
Likewise, her claim that “minimization procedures [to protect innocent Americans from warrantless surveillance] are taken very seriously,” stands in marked opposition to the NSA’s own internal audit documented thousands of violations yearly. These documented and ongoing abuses simply lend further credence to the impossibility of creating mass surveillance without their inevitably abuse (and subsequent denial of those abuses). This is a recipe for further division, alienation, and resentment on a national scale – not unity.
There has been some progress on this front. Organizations, individuals, and politicians from across the political spectrum have been quietly forging common ground on the importance of civil liberty for the future of our country Fundamentally, though, one cannot build solidarity without trust, and Obama’s unprecedented regime of snooping and spying has pitted Americans against Americans for far too long. Since 9/11, powerful forces have mistaken bravery for naivete while instituting practices that are craven, not courageous.
While the current overtly partisan rush to vilify or beautify both Presidents Obama and Trump will most certainly continue, we cannot overlook that Obama’s actions undermining civil liberty are now a part of the historical record, while President Trump’s intentions remain largely unknown. In the hands of any political faction, these over-arching surveillance programs are guaranteed to be abused – as they have been, thousands of times of times a year.
Thus, it falls to President-elect Trump to restore our essential liberty and rule of law: to fix what Obama has broken; to “cultivate peace” and walk us back from wars and military actions both numerous and secretive; and to become a champion, not for one faction or the other, but for the fundamental freedoms and liberty that define American Democracy and unify constituencies from across the political spectrum.”
Why Is Obama Expanding Surveillance Powers As He Leaves Office?
by Kaveh Waddell / Jan 13, 2017
“The Obama administration finalized new rules that allow the National Security Agency to share information it gleans from its vast international surveillance apparatus with the 16 other agencies that make up the U.S. intelligence community. With the new changes, which were long in the works, those agencies can apply for access to various feeds of raw, undoctored NSA intelligence. Analysts will then be able to sift through the contents of those feeds as they see fit, before implementing required privacy protections. Previously, the NSA applied those privacy protections itself, before forwarding select pieces of information to agencies that might need to see them.
The updated procedures will multiply the number of intelligence analysts who have access to NSA surveillance, which is captured in large quantities and often isn’t subject to warrant requirements. The changes rankled privacy advocates, who oppose a broadening of surveillance powers—especially on the cusp of Donald Trump’s inauguration. Trump and Mike Pompeo, the president-elect’s nominee for CIA director, have made it clear that they think overzealous civil-liberties protections should be cleared away in favor of stronger surveillance laws. But while the changes may subject more Americans to warrantless surveillance, the last-minute timing of the announcement actually might have been designed to cut future privacy losses. Susan Hennessey, a Brookings fellow and the managing editor of Lawfare, says firming up the changes before Trump takes office makes it harder for the incoming president to encroach even further on civil liberties. I spoke with Hennessey, who was previously an attorney in the NSA general counsel’s office, about the lasting effects of the new intelligence-sharing procedures. A transcript of our conversation follows, lightly edited for clarity and concision.”
Kaveh Waddell: First off, what do these changes mean for the intelligence community? Has a lack of information-sharing among agencies been holding back investigations?
Susan Hennessey: The origin of these changes dates back, honestly, to just after 9/11. There was this identified issue of “stovepiping”: Intelligence wasn’t being shared frequently or fast enough. Some modifications have already been made throughout the years. Under Executive Order 12333 as it previously existed, NSA analysts had to make an initial determination and apply a set of privacy rules before sharing raw signals-intelligence information with other parts of the intelligence community. After this change, it doesn’t necessarily have to be an NSA analyst that makes that determination—that information can be shared with other parts of the intelligence community. So it doesn’t change the substantive rules, it doesn’t change the scope of collection, it doesn’t change the types of protection, it doesn’t change the possible uses; it essentially just broadens the group of people who can apply those protections to the raw intelligence.
Waddell: And by extension, it broadens the group of people who get to see raw intelligence, before those rules are applied?
Hennessey: Yes. This is something that has been at the forefront of privacy and civil-liberties advocates’ minds when they’ve expressed concern with this type of collection. But it’s not accurate to say the rule change means it’s a raw signals-intelligence free-for-all, that anybody can get signals intelligence. Intelligence agencies other than the NSA will have to provide justification for why they need access to that data. It can only be for foreign intelligence, or other enumerated purposes. So it’s not that those agencies will just be able to see whatever they want—it’s that they will be able to request, with particular justifications, access to more raw signals intelligence than they had before. Then, they will need to apply those minimization procedures for themselves. The civil-liberties concern often surrounds the use of incidentally collected information. Under the new rule, the FBI could not obtain access to or search raw intelligence information for ordinary criminals in an ordinary criminal investigation against a U.S. person. However, if the FBI incidentally seized evidence of a crime, they are allowed to use that information. So that tends to be where the tension is for people who are concerned with the potential impacts that this change could have on U.S. persons.
Waddell: The fact that more Americans could potentially be subject to warrantless searches, just by virtue of being caught up in the raw signals intelligence that’s shared—is that something that concerns you?
Hennessey: No. Look, I think it’s important to understand that these minimization procedures are taken very seriously, and all other agencies that are handling raw signals intelligence are essentially going to have to import these very complex oversight and compliance mechanisms that currently exist at the NSA. Within the NSA, those are extremely strong and protective mechanisms. I think people should feel reassured that the rules cannot be violated—certainly not without it coming to the attention of oversight and compliance bodies. I am confident that all of the agencies in the U.S. intelligence community will discharge those very same obligations with the same level of diligence and rigor, adhering to both the spirit and the letter of the law. That said, there are potentially broader reforms that might be undertaken. I don’t think that they necessarily need to be linked to the sharing of data. But it’s reasonable to at least engage in a conversation about whether or not it’s appropriate to have particular post-collection reforms, like for example imposing an obligation for law enforcement to obtain a warrant in particular circumstances. That’s a long way of saying that nothing about this particular rule change exposing Americans to additional privacy risks. However, that doesn’t mean that there are not still reasonable and responsible reforms which might take place.
I know this will be spun as a bad news civil liberties story. But—details squabbles aside—this should actually be a huge source of comfort. https://t.co/4U8MRwKQxY
— Susan Hennessey (@Susan_Hennessey) January 12, 2017
Waddell: I found it interesting that you said the change could, in one way, actually be viewed as a “huge source of comfort.” I think you were referring to the timing of the change. Why is that?
Hennessey: These changes have actually been in process for eight or nine years. One of the things that I think individuals who had insight into intelligence activities and were concerned about the election of Donald Trump—specifically, some of the statements he’s made about adherence to the rule of law—a lot of those people’s minds went very quickly to these procedures. It’s important to understand the distinction between Executive Order 12333 and the Foreign Intelligence Surveillance Act: One very oversimplified way to think about it is that FISA is a statute that governs collection that takes place within the United States, but that is aimed at a foreign target; 12333 collection is aimed at a foreign target, and takes place outside the United States. That’s shorthand that glosses over some technical and legal nuance, but those are the broad buckets people should be thinking about. FISA is a statute, so you’d need congressional action to change those rules, and you have a built-in check there. But 12333 is not constrained by statute; it’s constrained by executive order. In theory, a president could change an executive order—that’s within his constitutional power. It’s not as easy as just a pen stroke, but it’s theoretically possible. Executive Order 12333 requires that this series of protective procedures exist and are adhered to. The procedures are kind of where the rubber meets the road on privacy. They’re the details, the nitty-gritty: What can you actually see? What can you share? What do you have to minimize? So they’re really, really important in terms of what the relationship between U.S. citizens and the intelligence community looks like. When they were in rewrites, they were sort of vulnerable. There was the possibility that an incoming administration would say, “Hey! While you’re in the process of rewriting, let’s go ahead and adjust some of the domestic protections.” And I think a reasonable observer might assume that while the protections the Obama administration was interested in putting into place increased privacy protections—or at the very least did not reduce them—that the incoming administration has indicated that they are less inclined to be less protective of privacy and civil liberties. So I think it is a good sign that these procedures have been finalized, in part because it’s so hard to change procedures once they’re finalized.
Waddell: Is that why we just went through an eight- or nine-year process to get here?
Hennessey: Exactly. For questions both of genuine complexity and just government bureaucracy, the time horizon here is longer than a single term of the presidency. So I don’t think that it’s necessarily true that the intelligence community or the Department of Justice was rushing to get these procedures passed; if anything, they’re a little bit late. But I think the bottom line is that it’s comforting to a large national-security community that these are procedures that are signed off by Director of National Intelligence James Clapper and Attorney General Loretta Lynch, and not by the DNI and attorney general that will ultimately be confirmed under the Trump Administration.
Waddell: Is there anything else we should be thinking about with these new changes?
Hennessey: People sometimes focus on the top-line stuff and end up missing the things that aren’t necessarily the symbolic expressions of privacy—the things that make us feel good—but are the functional elements of privacy and civil liberties. What rules do people apply day-to-day and how? There’s going to be a need moving forward to have disciplined conversations about the legal protections that really matter. If there is a silver lining to some of the anxieties that the incoming administration has produced, I think it’s the potential to move the conversation into a much more productive place. But that opportunity will end up being lost if the responses are the same old same. That’s my last shred of optimism, and I’m hanging on to it.”