NSA Spying defense implodes

A possibly fatal blow has been struck against the NSA domestic spying program, by one of their own. The crux of the NSA's arguement for dismissal was that it couldn't confirm that it did anything with AT&T et al, as it was a state secret. Obviously that is a ridiculous claim, as the conspicuity has blown away any supposed veil of secrecy, regardless if there was complicity or not. So what happened? National Intelligence Director Mike McConnell has (inadvertently?) destroyed the NSA's claim by openly admitting that the telephone companies being sued did indeed aid in the domestic spying program. Not that there was much doubt, but this is now down on ink and paper, and can not likely be considered a state secret at this point.

So how will the NSA and US Government respond? Perhaps they will claim heresay, or Mike McConnell will be pressured to claim that the interview was a farce. Maybe they will say that the statement is still vague enough that secrecy is preserved, which is like a wet t-shirt contestant denying obscenity charges for the fact they were wearing a shirt.

This lawsuit represents a threat that would bankrupt AT&T, Bell, and Verizon. The damages the telcos would have to pay would be in the billions, as there would be a $500 penalty per violation, to be paid to each person, which is likely anyone reading this. The telcos will use every bit of lobbying and persuasion they can muster to sweep this problem under the rug. And they have been doing a pretty good job of it so far, as we are six years into the illegal spying, with no accountability in sight.

FOLLOWUP: The EFF's Derek Slater has commented that this will allow the spying case to proceed in court, and defeats the government's claim of state secret privilege. Ars Technica speculates the government will shift tactics to press vigorously for immunity for its accomplices when congress reconvenes sessions in September.

UPDATE: I have spoken with the EFF, and they have informed me that they will be developing a strategy for dealing with the upcoming push for retroactive immunity for the telcos.

How easy is easy enough?

As I was wading through a myriad of clients asking why their browser was still slow after they signed up. Well obviously that wasn't right, XeroBank network is the fastest by far. They were still user the Tor network and had not logged into their account to download their software. It struck me: There must be a better way.

I was speaking with Ricardo about our checkout process, and it occurs to me that we should make some changes. What I want is to push the update directly to the user's xB Browser as soon as they finish checkout. Of course, they need to log in just to get their transaction ID, which is only two click from getting their browser already. Yeah, yeah, it is indeed pretty simple already. But, that doesn't mean there is a legitimate reason that it should be any more complicated than it already is. Another issue which stops this from happening is that completing checkout doesn't mean their credit card has been verified yet. So what to do? Well 1) Use the recovery-email-address to send the user a notification of "what now?", and 2) Something a little more.

I was having dinner tonight, about to drop into a transcendental state, when it hit me. Why can't we let users upgrade the browser, right from the browser? I rushed back to the XeroBank dojo.

I began pouring over the ancient scrolls of Master Xero. There is a legendary technique for extracting the config files from the ethereal core. I know that with the proper training, I can achieve the skill and apply it to the browser.

So I've devised a way that the users can upgrade the browser, if they haven't logged in to download the other. A lot of methods to reach the same goal. And I've been thinking about making it somehow even easier.

I must tell you, there is no more complex task than making the technical and difficult appear simple and easy.

UPDATE: The skill has been achieved. The only issue now is making the technique respect the balance of local proxy configuration, if the client has one.

DefCon 15: A Review

So we just got back from DefCon. It was a pleasure, and I had a great time. We arrived after Bruce Schneier's talk, which I regret, but I got to see some others. I met up with some Cult of the Dead Cow members and took Roger Dingledine & his fiance Rachel to a BBQ party. Roger is smart, a great speaker, and is well matched to Rachel. I ran in to some old buddies just about everywhere I went. One thing I noticed about Vegas is that is appears to have very few banks, but very many $4 ATMs, which is unfortunate as I had some wires transfers to execute.

On the second day I was busy working on my presentation. At 7pm I took the stage and gave it, unfortunately the type from the print shop was so small I couldn't see my notes and there was so much to cover that I didn't get it all out. Some of it got glazed over. I think what I will do is record the presentation for everyone who didn't get to see it, and do the full thing at my own pace, as we had only 45 minutes. Naturally, it will get posted online, here. All in all, however, I would say it went well. I played to a packed house of about 400 or 500 attendees, and we handed out lots of free XeroBank accounts. I really want to thank Myles Long for helping me out, and all those who showed up for the Q&A.

One great thing that happened was I heard about a party for Ninja Networks. Something else I heard from another attendee was that there is a puzzle called Caezar's Challenge, within the party. This party takes place every year, and is supposedly for the most elite (huh?). I ran into one guy from @stake, at a party at the Hilton. On the way out I asked him where the better parties were, and he handed me a badge for the Ninja Networks party, and told me the passphrase to get in. So we are back at the Riviera, and Kristin and I get into the party while a drove stand outside the velvet rope with tearful eyes. When I'm there I recognize a few faces, one of them from my local DC214 group. He informs me about the specific challenge and I read both parts of the challenge. What luck! I instantly knew answers to both the challenge questions, as they dealt with crypto-capitalism. So I located an inebriated Caezar, gave my answers, and he invited me to hang out in his pad in Seattle. Nice fellow.

Guess who I later notice at the party? Roger. At that point I asked him what he was up to; and I liked to imagine he showed up and chopped down the bouncers with his fist of fury, after giving telekinetic lobotomies to the zombie crowd dying to get in. Disappointingly he informed me that he had wandered in using the authority of his Tor Project shirt. Ah well, we can have dreams can't we? In mine, Roger Dingledine, Nick Mathewson, Paul Syverson, and Steven J Murdoch are all deadly ninja warriors, fighting for anonymity of the body, and privacy of the mind.

Well this post has had very little to do with portable privacy. To give it some sense of legitimacy, I have been listening to the complaints of Jim Verard, and making changes to xB Browser to accommodate. So here is what is new is xBB 2.0.0.6a:

- search and destroy Yahoo Sign & Seal tracking data which compromises anonymity
- disable registry-based Firefox/Thunderbird Plug-ins
- dialog for Xerobank mutex shutdown should no longer destroy profile settings (fingers crossed)
- crippled the mozilla updater system to prevent corruption and security vulnerabilities from update server spoofing.

todo: the profile section needs to be reworked still. We should have soft settings in the user.js, and hard settings in the prefs.js. We have tried one and the other, but not both. I think that will be especially vital in the Tor network version.

Privacy vs Profits: The false dichotomy of commercial anonymity

I often overhear comments such as "You can't trust commercial anonymity networks, all they care about is the bottom line." This is a common thought, because it makes sense. For the most part, that is true. I don't think you can trust most commercial anonymity services, nor should you. From what I've seen, all but two others stink right on the surface, no telling what goes on behind the counter. But that isn't what they are getting at. For some reason, people become suspicious when money is involved. Maybe they are thinking "If you'll take payment to protect me, will you take a little bit more to spy on me?" A valid concern, but let us step back.

Do you distrust a lawyer to defend your interests, because you pay them? Do you suspect a doctor of foul play, because there is a bill? Of course not. They are there to do their job. Infact I posit that they have more to lose because you are paying them. Their reputation is on the line, they have a duty to fulfill their obligation, and hopefully word gets around if they "rat you out". But again, such a statement begs the question, why does the bottom line get in the way of trust?

First lets examine the situation: Commercial anonymity networks, versus free anonymity networks. A free anonymity network is run by unknown individuals, who may or may not collude, may or may not be monitoring your exit-node traffic, and who owe you nothing. In fact, they give up their bandwidth, which could be generosity, or could be due to ulterior motives. They are inherently prone to attempts of spying, some traffic analysis, and have even been "theoretically" compromised due to technical attacks such as Sybil. I think a strong point they have is that they are difficult to observe, since there are 1000+ nodes in the Tor network. I2P has its own great things it can boast, I think their network is designed to be unobservable, but apparently isn't quite ready for the big time. When a subpoena is served or police show up, the user may get hassled, but they probably didn't keep logs, and they aren't a single entity, and there is no guarantee of the target using that network again, even if you could track them. So in essence, the user's identity isn't known by the person who gets investigated.

Commercial anonymity networks would typically be run by a single entity. Most of them are run from the USA, which is itself a bad idea. By running, I mean the firm is incorporated, and the principle owner(s) reside, in the USA. The risk is to the corporation itself. This is because the hazardous jurisdiction may make the firm, or the principles who control the firm, come under pressure to violate their oath (promised or implied). A specific example is the situation where e-Gold had not only it's assets confiscated, but the law firm that was supposed to protect the trust which held the assets also caved under governmental pressure, and finally the owners themselves live in the US. For all intents and purposes, it was a US company, despite its foreign registration. So we know the risk that a firm endures, but how does that transfer to the customer? Via moral hazard.

The moral hazard in this instance is the trust that the customer places in the firm. Due to assymetric information, the firm is inherently subject to a dilemma:

"Do we immediately comply with requests for data about our customers, or do we protect them and investigate if the claim has merit, and say NO if it doesn't?"

For firms located in the US and the UK, the dilemma has a built in answer: They have no choice. Their assets will be seized and the people involved will be arrested and imprisoned for obstruction of "justice" or some other charge. There are very few who are willing to go to jail for what they believe in, especially for someone else they've never met. So they have a different dilemma:

"Do we keep doing business and hope nobody finds out we are spying on our customers, or do we close up shop?"




Unfortunately, they may not have a choice in this situation. They may feel compelled by the powers that be to keep operating as a honeypot for the agency to drop by and collect the flies that get stuck. Or in the case of e-Gold, they openly and pro-actively worked with the FBI, without demanding proof that the customers involved are actual criminals. Of course, they do not have the prerogative to demand proof, as the governmental authority of that jurisdiction was involved. So this sort of situation could happen, or may already have happened, to many of the privacy providers located in risky jurisdictions. This bitter pill is sweetened by the fact that the firm under pressure can keep making money, and pretend that the horrible situation never happened. Such tactics are often used by police who pick up drug-dealers, turn them, and get them to become informants. For e-Gold, it didn't turn out as well. They cooperated completely, and they were still pillaged and accused. The message should be clear to providers of controversial services: It is not in your long-term interest to cooperate; but people don't live day to day by long-term decisions.

So what is the solution to a bad situation? Don't get in that situation in the first place. Don't do business with poorly structured commercial anonymity services, especially those that operate out of legally risky jurisdictions such as USA, Canada, and the United Kingdom. If you are using them, stop. Even though you aren't doing anything illegal, by using their services you could be volunteering your data to observation and snooping. A little paranoid? Maybe. But I would rather err on the side of precaution, when nobody really knows what either hand is doing. What would I personally suggest? Investigate the anonymity services out there. Find out their reputation, and what jurisdiction they are formed in. Ask their customers what they think, and take it all with a grain of salt.

Steve