[cryptome] Re: Comsec as Public Utility Beyond Illusory Privacy

  • From: John Young <jya@xxxxxxxxxxxx>
  • To: Troy Benjegerdes <hozer@xxxxxxxxx>,tpb-crypto@xxxxxxxxxxx
  • Date: Mon, 17 Mar 2014 08:06:01 -0400

At 12:09 AM 3/17/2014, Troy Benjegerdes wrote:
If everything (including the network path my data takes) is encrypted,
then I have no real ability to know if it's being tapped, redirected,
or misdirected.

A point not well emphasized by cryptographers, in public at least,
and advocates of encryption as the essential requirement for

"Unbeakable crypto" may not be used as much as it once was
but there are a host of newly-minted versions of snake oilish
assurances dominating the booming comsec market, thanks
to Snowden's magnificent gift, estimated to eventually reach
the trillion dollar level in two decades, to the gov-com-edu-org
comsec panic industry.

Operators of systems, and the necessarily breachable security they
offer, remain the achilles heels of comsec. Lavabit is only one of
the instances in which sysadmins are compromised. Ubiquitous
deployment of crypto throughout telecom and cyber systems is
vulnerable to sysadmins who insist on full access to everything
to "de-bug" and run their systems, especially those SAs easily
manipulated by front offices and their ever so cooperative legal and
financial advisors. Not many SAs wil do what Snowden did in the
"public interest" which just happens to be a great fortune maker
for media and comsec hustlers.

End to end encryption is currently a hot recommendation of choice
for comsec but skips over what happens behind, below, around and
inside "end to end" code, hardware, implementation, and most of
all the traffic flow of the precious capsules emitting transceiver
vapor trails, EM clutter, arfully cloaked gaps, doors, handshakes,
implants, bugs (and "de-bugs"), ways in and out, checks, double
checks, safety plugs, sigs, nyms, language hints, and manifold
uniquenesses witting and unwitting of fallible hunks of meat.

It is, or should be, primary for cryptographers to publicly admit
cryptosystems inevitably fail, as some do despite being overridden
by sales and CEOs and investors, being bribed and NDA'd into
complicity, or in worst cases threatened with prosecution for
revealing in natsec systems built-in faults or more deviously,
pretending there are none while glossing deep deception with
shallow claims that there are always a few which can be repaired,
nothing is perfect, you get what you pay for, etc, etc, the
formulaic exculpation inherent in the word "security."

No question this is expecting cryptographers to be more honest
than the rest of the greedy "professional" class so avid to profess
public interest while gobbling the public's hard earned with gleeful
transgression slathered in "industry standards" and global treaties
to assure governments and corporations remain piggish and
dispensaries of rewards for the professional classes which
find oligarchal enticements "irresistable" as Greenwald slobbered
in agreeing to work closely with gov-com to withhold secrets
under guise of ventriloquizing Snowden's "causing no harm to
national security."

"Causing no harm to national security" is verily medieval in its
creed-promotional organized religion fervor. Cryptographers
have long been missionaries for this duplicitous "trust us" faith,
so it figures they will evangelize among journalists to adopt
encryption to upgrade the low value of the fear and trembling
scripture, and, as always, the compensation for scribes of
arcane holy writ of bare panic and crypto balm.

Other related posts: