Posted on Oct 22, 2015 by Rick Falkvinge

Once Again, All Together Now: You Can’t Have An Agency Responsible For Citizen Security And For Government Security At The Same Time

Once again, an NSA wiretapping capability has been discovered – or made credible, in any case – that highlights the completely incompatible two faces of the U.S. National Security Agency. It turns out that the NSA has (likely) been able to wiretap a lot of encrypted traffic on the net, because of bad cryptographic implementations combined with hundreds-of-millions-dollars-worth of cracking precalculations from the NSA. Once again, this shows that the NSA cannot protect citizens from the government and protect the government from citizens at the same time.

What was strong crypto this morning can be weak crypto tomorrow. That just happened again, with many implementations of 1024-bit Diffie-Hellman key exchanges apparently being wiretappable by the NSA, because of implementation shortcuts that seemed inconsequential at the time – specifically, hardcoded prime number seeds in some SSH, HTTPS, and VPN software. As a result, if the NSA cracked one particular 1024-bit prime number (such a hardcoded seed), it would be able to wiretap two-thirds of previously-encrypted VPN traffic and one-quarter of SSH traffic. Another, and it would be able to decrypt about 20% of HTTPS traffic. This appears to have happened.

Now, to their credit, the NSA has been softly nudging people to maybe not perhaps use Diffie-Hellman key exchanges, but use Elliptic Curve key exchange instead. Considering that the NSA actively sabotaged the specification and implementations of Elliptic Curve Cryptography, though, to make it deliberately weak and crackable, people have rightfully been skeptical — if not downright scornful — at the NSA’s nudges toward a standard, or family of standards, they were discovered to have deliberately weakened. It was seen as an attempt to nudge people to use weak crypto – another word for non-crypto.

This highlights the ridicule of the NSA’s value proposition in the first place.

What is (falsely!) seen as government security is the ability to wiretap anybody and everybody at will, to get the coveted information advantage. Citizen security, however, depends on having a so-called sphere of privacy, defined by the seven privacies (body, correspondence, data, finance, identity, location, and territory) where the government may not intrude, or as it has evolved, at least not intrude without special treatment and good reason. When one and the same agency has the task of protecting both, one will give way. We know which one gave way.

(In the long run, though, it’s a complete fallacy that government security depends on wiretapping its citizens. The citizens are hiring a government to, well, govern the nation. Wiretapping your boss is gross mismanagement; true long-term security stems from security of a nation’s constituent individual decentralized citizens, and not from the temporary security of a centralized fortified power base.)

You cannot have the same agency responsible for wiretapping everybody and for protecting the same everybody from the same wiretapping at the same time. Who thought that was a good, reasonable, or even the slightest sane idea?

Oh, and as a last note, as this is the Private Internet Access VPN blog and it’s been estimated that two-thirds of VPNs are vulnerable to this attack and therefore wiretappable, our tech team jumped to investigate and found that PIA is not vulnerable – PIA uses a 2048-bit Diffie-Hellman key normally, and a 1536-bit key for its iOS special. In no case does it use the now-weak 1024-bit key.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.

VPN Service
  • tetridae

    Exchanging keys physically from and onto off line devices, letting all encryption and decryption be on offline devices, encrypted communication via on line devices but no coding done on them. And then you would need to find people willing to act paranoid as you are on this. And if being found out that you are indeed as paranoid that would mark you as a prime suspect for some really heavy crime, like dealing drugs or trafficing or terrorism so then they would put their special resources on you and then you’re fucked either way.

    No reason to do your best and to contribute in such a society. Easier to just buy a bunker and become an 100% analog gun crazed Hermit already.

  • And you need another, smaller agency watching the other two to make sure they’re behaving properly. Trust, but verify!

  • Antimon555

    “Wiretapping your boss is gross mismanagement”

    Wiretapping your boss, threatening to expose his most embarrassing thoughts, or threaten to kill him if that fails, if he were to try to contact someone else in the management who is on his side (the police is on the threatening employees’ side), to refuse to give you a raise, and especially to try firing you. Then you and everyone after you have a well-paid, perfectly sure job.