Once Again, All Together Now: You Can’t Have An Agency Responsible For Citizen Security And For Government Security At The Same Time
Once again, an NSA wiretapping capability has been discovered – or made credible, in any case – that highlights the completely incompatible two faces of the U.S. National Security Agency. It turns out that the NSA has (likely) been able to wiretap a lot of encrypted traffic on the net, because of bad cryptographic implementations combined with hundreds-of-millions-dollars-worth of cracking precalculations from the NSA. Once again, this shows that the NSA cannot protect citizens from the government and protect the government from citizens at the same time.
What was strong crypto this morning can be weak crypto tomorrow. That just happened again, with many implementations of 1024-bit Diffie-Hellman key exchanges apparently being wiretappable by the NSA, because of implementation shortcuts that seemed inconsequential at the time – specifically, hardcoded prime number seeds in some SSH, HTTPS, and VPN software. As a result, if the NSA cracked one particular 1024-bit prime number (such a hardcoded seed), it would be able to wiretap two-thirds of previously-encrypted VPN traffic and one-quarter of SSH traffic. Another, and it would be able to decrypt about 20% of HTTPS traffic. This appears to have happened.
Now, to their credit, the NSA has been softly nudging people to maybe not perhaps use Diffie-Hellman key exchanges, but use Elliptic Curve key exchange instead. Considering that the NSA actively sabotaged the specification and implementations of Elliptic Curve Cryptography, though, to make it deliberately weak and crackable, people have rightfully been skeptical — if not downright scornful — at the NSA’s nudges toward a standard, or family of standards, they were discovered to have deliberately weakened. It was seen as an attempt to nudge people to use weak crypto – another word for non-crypto.
This highlights the ridicule of the NSA’s value proposition in the first place.
What is (falsely!) seen as government security is the ability to wiretap anybody and everybody at will, to get the coveted information advantage. Citizen security, however, depends on having a so-called sphere of privacy, defined by the seven privacies (body, correspondence, data, finance, identity, location, and territory) where the government may not intrude, or as it has evolved, at least not intrude without special treatment and good reason. When one and the same agency has the task of protecting both, one will give way. We know which one gave way.
(In the long run, though, it’s a complete fallacy that government security depends on wiretapping its citizens. The citizens are hiring a government to, well, govern the nation. Wiretapping your boss is gross mismanagement; true long-term security stems from security of a nation’s constituent individual decentralized citizens, and not from the temporary security of a centralized fortified power base.)
You cannot have the same agency responsible for wiretapping everybody and for protecting the same everybody from the same wiretapping at the same time. Who thought that was a good, reasonable, or even the slightest sane idea?
Oh, and as a last note, as this is the Private Internet Access VPN blog and it’s been estimated that two-thirds of VPNs are vulnerable to this attack and therefore wiretappable, our tech team jumped to investigate and found that PIA is not vulnerable – PIA uses a 2048-bit Diffie-Hellman key normally, and a 1536-bit key for its iOS special. In no case does it use the now-weak 1024-bit key.