Wired: Echelon Furor Ends in a Whimper

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Wed, 11 Jul 2001 09:35:51 +0100 

From: "John Young" <jya@pipeline.com>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Wednesday, July 11, 2001 12:20 AM
Subject: RE: Wired: Echelon Furor Ends in a Whimper

[snip]
> Should end-to-end encryption become universal as Brian suggests,
> the question arises of what would be singular data for the NSA
> and like-snoops to collect and retain? Will it be all communication,
> along with burgeoning storage and sorting inventions such as NSA
> brags it is feverishly developing (Bamford reports), or will other
> characteristics be used to single out special data (and now used
> to sort through increasing encrypted data)?

End-to-end encryption, as such, does not hide traffic flow information so I
suspect that collection and storage of encrypted traffic will be
increasingly selective on the basis of 'who is talking to who' and other
more subtle distinguishers.

> There are hints in the regulations governing NSA interception that
> there are other means to identify special data other than its
> cryptographic attributes. But only generic terms such as "technical"
> are used for those hints -- that is, when the terms are not censored
> altogether as cryptographic and TEMPEST terms once were.

When searching for 'needles in haystacks' it pays to use all the help you
can get.

Paradoxically, as we progressively deploy end-to-end crypto, we force
information pirates to apply more energy to illicit data acces in end
systems.  And since data held in the latter is infinitely less protected
than it is when cryptographically protected in transit, we may not see the
improvements in information security that we expect from such a deployment.

But, perhaps worse than this, system penetration is an active form of attack
that poses some really serious safety concerns.  If we find that systems
penetration is increasingly used, it will not always be obvious before the
event whether or not 'interfering' with a target system will pose serious
safety risks.  It is fairly obvious that enemy penetration of defence
systems could be disastrous but increasingly the same is true of many civil
systems.

It is hence hardly a surprise that governments are now increasingly
concerned about civil infrastructure protection but they face a legacy of
50+ years of government investment in insecurity.  The consequences of the
continuing inbalance of UK government investment in information expolitation
and information protection was the primary cause of major disagreements
between GCHQ and myself in the late 1980s and early 1990s.

    Brian