[liberationtech] NSA is very likely storing all encrypted communications it is intercepting
http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It If you use privacy tools, according to the apparent logic of the National Security Agency, it doesn’t much matter if you’re a foreigner or an American: Your communications are subject to an extra dose of surveillance. Since 29-year-old systems administrator Edward Snowden began leaking secret documentation of the NSA’s broad surveillance programs, the agency has reassured Americans that it doesn’t indiscriminately collect their data without a warrant, and that what it does collect is deleted after five years. But according to a document signed by U.S. Attorney General Eric Holder and published Thursday by the Guardian, it seems the NSA is allowed to make ambiguous exceptions for a laundry list of data it gathers from Internet and phone companies. One of those exceptions applies specifically to encrypted information, allowing it to gather the data regardless of its U.S. or foreign origin and to hold it for as long as it takes to crack the data’s privacy protections. The agency can collect and indefinitely keep any information gathered for “cryptanalytic, traffic analysis, or signal exploitation purposes,” according to the leaked “minimization procedures” meant to restrict NSA surveillance of Americans. ”Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement,” the procedures read. And one measure of that data’s relevance to foreign intelligence? The simple fact that the data is encrypted and that the NSA wants to crack it may be enough to let the agency keep it indefinitely. “In the context of cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning,” the criteria for the exception reads. “Sufficient duration [for retaining the data] may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.” That encryption exception is just one of many outlined in the document, which also allows NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted. “Basically we’re in a situation where, if the NSA’s filters for distinguishing between domestic and foreign information stink, it gives them carte blanche to review those communications for evidence of crimes that are unrelated to espionage and terrorism,” says Kevin Bankston, a director of the Free Expression Project at the Center For Democracy and Technology. “If they don’t know where you are, they assume you’re not a US person. The default is that your communicatons are unprotected.” All of those exceptions seem to counter recent statements made by NSA and FBI officials who have argued that any collection of Americans’ data they perform is strictly limited by the Foreign Intelligence Surveillance Act (FISA) Court, a special judiciary body assigned to oversea the National Security Agency. “We get great oversight by all branches of government,” NSA director Alexander said in an on-stage interview at the Aspen Institute last year. “You know I must have been bad when I was a kid. We get supervised by the Defense Departmnet, the Justice Department the White House, by Congress… and by the [FISA] Court. So all branches of government can see that what we’re doing is correct.” But the latest leaked document bolsters a claim made by Edward Snowden, the 29-year-old Booz Allen contractor who has leaked a series of top secret NSA documents to the media after taking refuge in Hong Kong. In a live QA with the public Monday he argued that NSA analysts often make independent decisions about surveillance of Americans not subject to judicial review. “The reality is that…Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant,” Snowden wrote. “They excuse this as ‘incidental’ collection, but at the end of the day, someone at NSA still has the content of your communications.” However, the leaked document doesn’t exactly paint Snowden’s picture of a random NSA analyst determining who is surveilled. The guidelines do state that exceptions have to be “specifically” approved by the “Director (or Acting Director) of
Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting
Am I off in thinking that this is a good time to push more web properties to use forwardly secret SSL key exchange (like Google does with ECDHE_RSA)? best, Joe On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It If you use privacy tools, according to the apparent logic of the National Security Agency, it doesn’t much matter if you’re a foreigner or an American: Your communications are subject to an extra dose of surveillance. Since 29-year-old systems administrator Edward Snowden began leaking secret documentation of the NSA’s broad surveillance programs, the agency has reassured Americans that it doesn’t indiscriminately collect their data without a warrant, and that what it does collect is deleted after five years. But according to a document signed by U.S. Attorney General Eric Holder and published Thursday by the Guardian, it seems the NSA is allowed to make ambiguous exceptions for a laundry list of data it gathers from Internet and phone companies. One of those exceptions applies specifically to encrypted information, allowing it to gather the data regardless of its U.S. or foreign origin and to hold it for as long as it takes to crack the data’s privacy protections. The agency can collect and indefinitely keep any information gathered for “cryptanalytic, traffic analysis, or signal exploitation purposes,” according to the leaked “minimization procedures” meant to restrict NSA surveillance of Americans. ”Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement,” the procedures read. And one measure of that data’s relevance to foreign intelligence? The simple fact that the data is encrypted and that the NSA wants to crack it may be enough to let the agency keep it indefinitely. “In the context of cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning,” the criteria for the exception reads. “Sufficient duration [for retaining the data] may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.” That encryption exception is just one of many outlined in the document, which also allows NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted. “Basically we’re in a situation where, if the NSA’s filters for distinguishing between domestic and foreign information stink, it gives them carte blanche to review those communications for evidence of crimes that are unrelated to espionage and terrorism,” says Kevin Bankston, a director of the Free Expression Project at the Center For Democracy and Technology. “If they don’t know where you are, they assume you’re not a US person. The default is that your communicatons are unprotected.” All of those exceptions seem to counter recent statements made by NSA and FBI officials who have argued that any collection of Americans’ data they perform is strictly limited by the Foreign Intelligence Surveillance Act (FISA) Court, a special judiciary body assigned to oversea the National Security Agency. “We get great oversight by all branches of government,” NSA director Alexander said in an on-stage interview at the Aspen Institute last year. “You know I must have been bad when I was a kid. We get supervised by the Defense Departmnet, the Justice Department the White House, by Congress… and by the [FISA] Court. So all branches of government can see that what we’re doing is correct.” But the latest leaked document bolsters a claim made by Edward Snowden, the 29-year-old Booz Allen contractor who has leaked a series of top secret NSA documents to the media after taking refuge in Hong Kong. In a live QA with the public Monday he argued that NSA analysts often make independent decisions about surveillance of Americans not subject to judicial review. “The reality is that…Americans’ communications are collected and viewed on a daily basis on the certification of an analyst rather than a warrant,” Snowden wrote. “They excuse this as ‘incidental’ collection, but at the end of the day, someone at NSA still has the
Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting
ECHDE_RSA offers an excellent degree of protection against after the fact analysis if and only if the private key is disclosed (or captured.) If the the privkey is unavailable, NSA can always go after the session keys -- capture of communications is actually made easier in these cases when sites use SSL Keep-alive and Session resumption. It makes things much harder for them, though. The session key is always weaker than the RSA or DH exchange. -j On Fri, Jun 21, 2013 at 8:14 AM, Joseph Lorenzo Hall j...@cdt.org wrote: Am I off in thinking that this is a good time to push more web properties to use forwardly secret SSL key exchange (like Google does with ECDHE_RSA)? best, Joe On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It If you use privacy tools, according to the apparent logic of the National Security Agency, it doesn’t much matter if you’re a foreigner or an American: Your communications are subject to an extra dose of surveillance. Since 29-year-old systems administrator Edward Snowden began leaking secret documentation of the NSA’s broad surveillance programs, the agency has reassured Americans that it doesn’t indiscriminately collect their data without a warrant, and that what it does collect is deleted after five years. But according to a document signed by U.S. Attorney General Eric Holder and published Thursday by the Guardian, it seems the NSA is allowed to make ambiguous exceptions for a laundry list of data it gathers from Internet and phone companies. One of those exceptions applies specifically to encrypted information, allowing it to gather the data regardless of its U.S. or foreign origin and to hold it for as long as it takes to crack the data’s privacy protections. The agency can collect and indefinitely keep any information gathered for “cryptanalytic, traffic analysis, or signal exploitation purposes,” according to the leaked “minimization procedures” meant to restrict NSA surveillance of Americans. ”Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement,” the procedures read. And one measure of that data’s relevance to foreign intelligence? The simple fact that the data is encrypted and that the NSA wants to crack it may be enough to let the agency keep it indefinitely. “In the context of cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning,” the criteria for the exception reads. “Sufficient duration [for retaining the data] may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.” That encryption exception is just one of many outlined in the document, which also allows NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted. “Basically we’re in a situation where, if the NSA’s filters for distinguishing between domestic and foreign information stink, it gives them carte blanche to review those communications for evidence of crimes that are unrelated to espionage and terrorism,” says Kevin Bankston, a director of the Free Expression Project at the Center For Democracy and Technology. “If they don’t know where you are, they assume you’re not a US person. The default is that your communicatons are unprotected.” All of those exceptions seem to counter recent statements made by NSA and FBI officials who have argued that any collection of Americans’ data they perform is strictly limited by the Foreign Intelligence Surveillance Act (FISA) Court, a special judiciary body assigned to oversea the National Security Agency. “We get great oversight by all branches of government,” NSA director Alexander said in an on-stage interview at the Aspen Institute last year. “You know I must have been bad when I was a kid. We get supervised by the Defense Departmnet, the Justice Department the White House, by Congress… and by the [FISA] Court. So all branches of government can see that what we’re doing is correct.” But the
Re: [liberationtech] NSA is very likely storing all encrypted communications it is intercepting
John Adams: ECHDE_RSA offers an excellent degree of protection against after the fact analysis if and only if the private key is disclosed (or captured.) If the the privkey is unavailable, NSA can always go after the session keys -- capture of communications is actually made easier in these cases when sites use SSL Keep-alive and Session resumption. It makes things much harder for them, though. Yep. The session key is always weaker than the RSA or DH exchange. I am not sure this last paragraph is true. I am concerned by the published reduced-round breaks against AES, but based on published techniques, it is still stronger than what we tend to use for PKI and DH. Using published techniques, RSA 1024 is approximately as strong as an 80bit symmetric key. I believe most websites use RSA-2048 at best, which is only as strong as 112bit symmetric key. Even RSA 3072 is only as strong as a 128bit symmetric key. Also, without forward secrecy, you only have to steal/break this key once to get everything. 256bit ECDH is also only as strong as a 128bit symmetric key. The same is true for P-256 as a public key. These two estimates are also based on existing published techniques. If there is some way to lift an elliptic curve's group onto Z_p efficiently (or via a huge storage tradeoff - perhaps one that consumes say, a yottabyte of storage), then we should probably be using larger ECC curves, too... Where is Dan Bernstein? Can someone talk him into crafting a 1024bit ECC curve? ;) -j On Fri, Jun 21, 2013 at 8:14 AM, Joseph Lorenzo Hall j...@cdt.org wrote: Am I off in thinking that this is a good time to push more web properties to use forwardly secret SSL key exchange (like Google does with ECDHE_RSA)? best, Joe On Fri Jun 21 08:32:46 2013, Eugen Leitl wrote: http://www.forbes.com/sites/andygreenberg/2013/06/20/leaked-nsa-doc-says-it-can-collect-and-keep-your-encrypted-data-as-long-as-it-takes-to-crack-it/ Leaked NSA Doc Says It Can Collect And Keep Your Encrypted Data As Long As It Takes To Crack It If you use privacy tools, according to the apparent logic of the National Security Agency, it doesn’t much matter if you’re a foreigner or an American: Your communications are subject to an extra dose of surveillance. Since 29-year-old systems administrator Edward Snowden began leaking secret documentation of the NSA’s broad surveillance programs, the agency has reassured Americans that it doesn’t indiscriminately collect their data without a warrant, and that what it does collect is deleted after five years. But according to a document signed by U.S. Attorney General Eric Holder and published Thursday by the Guardian, it seems the NSA is allowed to make ambiguous exceptions for a laundry list of data it gathers from Internet and phone companies. One of those exceptions applies specifically to encrypted information, allowing it to gather the data regardless of its U.S. or foreign origin and to hold it for as long as it takes to crack the data’s privacy protections. The agency can collect and indefinitely keep any information gathered for “cryptanalytic, traffic analysis, or signal exploitation purposes,” according to the leaked “minimization procedures” meant to restrict NSA surveillance of Americans. ”Such communications can be retained for a period sufficient to allow thorough exploitation and to permit access to data that are, or are reasonably believed likely to become, relevant to a future foreign intelligence requirement,” the procedures read. And one measure of that data’s relevance to foreign intelligence? The simple fact that the data is encrypted and that the NSA wants to crack it may be enough to let the agency keep it indefinitely. “In the context of cryptanalytic effort, maintenance of technical data bases requires retention of all communications that are enciphered or reasonably believed to contain secret meaning,” the criteria for the exception reads. “Sufficient duration [for retaining the data] may consist of any period of time during which encrypted material is subject to, or of use in, cryptanalysis.” That encryption exception is just one of many outlined in the document, which also allows NSA to give the FBI and other law enforcement any data from an American if it contains “significant foreign intelligence” information or information about a crime that has been or is about to be committed. Americans’ data can also be held if it’s “involved in the unauthorized disclosure of national security information” or necessary to “assess a communications security vulnerability.” Other “inadvertently acquired” data on Americans can be retained up to five years before being deleted. “Basically we’re in a situation where, if the NSA’s filters for distinguishing between domestic and