AT&T, Voice Encryption and Trust

Yesterday, AT&T announced an Encrypted Mobile Voice. As CNet summarizes:

AT&T is using One Vault Voice to provide users with an application to control their security. The app integrates into a device’s address book and “standard operation” to give users the option to encrypt any call. AT&T said that when encryption is used, the call is protected from end to end.

AT&T Encrypted Mobile Voice is designed specifically for major companies, government agencies, and law enforcement organizations. An AT&T spokesperson said it is not available to consumers. The technology is available to users running BlackBerry devices or Windows Mobile smartphones, and it works in 190 countries.

Organizations interested in deploying Encrypted Mobile Voice will need to pay an additional fee to do so. AT&T said that cost depends on the size of the deployment. (“AT&T improves service security with encryption

Jake Appelbaum and Chris Soghoian expressed skepticism. (“From the company that brought you NSA wire tapping, they thought you’d also like….” and “If you trust AT&T’s new voice encryption service, you are a fool.“)

What’s funny (sad) about this is that there are a number of software encrypted voice systems available. They include RedPhone, CryptoPhone and zFone. Some of these even work on pocket sized computers with integrated radios. But Apple and AT&T won’t let you install alternate voice applications.

A lot of people claim that these restrictions on what you can do with your device just don’t matter very much. That you can really get everything you need. But here’s a clear example of why that isn’t so. Voice encryption is a special app that you have to get permission to run.

Now, maybe you don’t care. You’re “not doing anything wrong.” Well, Hoder wasn’t doing anything wrong when he went to Israel and blogged about it in Farsi. But he’s serving 20 years in jail in Iran.

Now is the time we should be building security in. Systems that prevent you from doing so, or systems that reset themselves to some manufacturer designated default are simply untrustworthy. We should demand better, more trustworthy products or build them ourselves.

[Added: I’d meant to include a comment about Adam Thierer’s comment “The more interesting question here is how “closed” is the iPhone really?” I think the answer is, in part, here. There’s a function, voice privacy, for which AT&T and three other companies think is marketable. And it doesn’t exist on the iPhone OS, which is the 2nd most prevalent phone platform out there.]

[Update 2: Robert and Rob rob me of some of my argument by pointing out that AT&T now allows you to install voice apps, but none of the encrypted voice apps that I’d consider trustworthy are available. (I exlude Skype and their proprietary & secret designs from trustworthy; it’s probably better than no crypto until you trust it, then it’s probably not good enough to really protect you.) Maybe this is a result of the arbitrary rejections by the Apple app store, but when I look for zfone, redphone or cryptophone, I see a fast dial app and some games. When I search for crypto, it’s all password managers. So while I’m no longer sure of the reason, the result remains. The iPhone is missing trustworthy voice crypto, despite the market.]

“We can’t circumvent our way around internet censorship.”

That’s the key message of Ethan Zuckerman’s post “Internet Freedom: Beyond Circumvention.” I’ll repeat it: “We can’t circumvent our way around internet censorship.”

It’s a long, complex post, and very much worth reading. It starts from the economics of running an ISP that can provide circumvention to all of China, goes to the side effects of such a thing (like spammers using it), and then continues to ask why we want circumvention anyway.

Take some time and go read “Internet Freedom: Beyond Circumvention.”

What Was Wrong With the Old FISA?

The Get FISA Right group is publicizing our need to re-think the laws. They have discussion going on on their site, as well as on The Daily Kos. I recommend catching up there, or reading Adam’s recent post here.

I have to ask what was wrong with the old FISA? It wasn’t a bad system, had a lot tradeoffs as well as emergency provisions. The government could, for example, get a warrant after the fact in an emergency.

But the old FISA was very Cold War. It was also very much adapted to the previous century’s technology in which wired technologies were static and protected and wireless or mobile technologies were highly regulated.

So let’s look at some of the things that are indeed worth changing.

  • I think it is important to note upfront that getting a warrant trumps all this discussion. We are talking about Fourth Amendment considerations, and that means what can be done without a warrant. But it also concerns a certain amount of how the government can operate when it has one, when they’re operating completely above board.
  • In the past, FISA was overly concerned with devices rather than persons. Changing it so that it affects persons is a good idea. If there is permission to spy on a person, then it should be to spy on the person. Making it the person and device is awfully restrictive, especially when it’s hard to know what counts. Rather than debate about what happens when DHCP gives you a new address, it’s better to just make things apply to persons. That probably makes the law adapt better to changing technology.

    I would not want end up having interesting new technologies like femtocells end up in some odd legal limbo because of some peculiarity of the technology. It’s better for us all to just agree that when it is okay to spy on a person, it’s that person.

  • In the past, FISA worried a lot about about where the pipes were. It also seems reasonable to have that abstracted away. This goes along with focusing on the persons. A phone call between non-US persons does not suddenly become a US thing just because some glass runs across the US.

    Now, this has consequences. I wouldn’t blame non-US telecom companies to proudly avoid the US as a result of that. It’s from the viewpoint of a civil libertarian who is trying to make sense out of the rules of spying that I think that.

    It is also the converse of thinking that when I am in another country, they’ll spy on me or not according to their rules, not mine.

  • The flip side of this is that US persons are protected everywhere. It seems fair that if we’re going to tune the law to make it easier to spy on non-US persons no matter where they are, the US persons should get full protection. This strikes me as being the way that things ought to be. My government shouldn’t spy on me (without a warrant) just because I’m traveling outside the country. This may be as things ought to be, but it used to be at least de facto that if you were outside the country, your calls would be monitored.
  • It is a point of our common law that non-US persons are subject to US law when they are in the US. If a foreigner is arrested in the US, they get a jury trial, for example. In this particular case, however, non-US persons in the US should have some extra measure of protection, the question is what.

I can go on, particularly about the new features of the new FISA. However, that strays away from this discussion. What didn’t work well in the old one.

What Should FISA Look Like?

wiretap america.jpg
Jim Burrows is working to kick off a conversation about what good reform of US telecom law would be. He kicks it off with “What does it mean to “get FISA right”?” and also here.

To “get it right”, let me suggest that we need:

  1. One law that covers all spying
  2. Require warrants when the US spies on
    1. Anyone in the US
    2. US persons (citizens and resident aliens) anywhere
  3. Allow the intelligence agencies to spy freely on foreigners oversees, even if the taps are in the US
  4. Require Executive, Judicial and Congressional oversight when protected and unprotected communications are entangled.
  5. Criminalize violation of the Constitution.

I think we need a law which works cross medium, and addresses both content and routing information. It should lay out broad principles of privacy protection for Americans and people in America, and the times when spying is acceptable in ways that enable debate and discussion. We also need to address the very real abuses of past wiretapping statues, perhaps with increasing oversight as time goes by.

This is a hard area, and I encourage you to join in the discussion here, on Jim’s blogs, or on your own.

I hit post to soon, I’d meant to explain the image. I picked the image because I believe that listening to phone calls is sometimes something we should allow a government to do. If we do it right, it’s a valuable tool. If we do it wrong, it becomes an intrusion and a betrayal of our values. To date, we are doing it wrong, with secret courts rubber stamping requests under complex laws that few can understand. The result is that legitimate wiretapping is harder than it needs to be. Getting FISA right includes restoring public trust.

Image: Dr. Bulldog & Ronin.

“Get FISA Right” Pointer

[Update: This got to #5 on change.org’s list, and they’re now working to draw attention to the issue on change.gov.]


Jon Pincus has asked me for help in drawing attention to his “Get FISA Right” campaign to get votes on change.org. When I’ve tried to look at this, it’s crashed my browser. YMMV–I use a number of security plugins which may be at fault The crash happens when the browser reports getting data from (I think) ytimg.com, so if you can watch YouTube video, you’re likely ok. I think that getting the rule of law restored in the intelligence community is incredibly important. At the same time, we face a large number of crises right now, and which to address first is a hard problem. I don’t want to endorse this over other things which I can’t see, but Jon asked for help drawing attention to it. So go take a look.

Note change.org is not the same as change.gov, the new President’s transition team’s site, operated and surveilled by Google.

In closely related news, the NYTimes reports that “Intelligence Court Rules Wiretapping Program Legal:”

A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans’ private communications may be involved, according to a person with knowledge of the opinion.

The court ruling grew out of a previously undisclosed challenge from a telecommunications provider, which questioned the constitutional authority of the executive branch in ordering it to capture and turn over international communications without court authority, according to the person with knowledge of the opinion.

It’s clear that we can not operate a system of secret courts issuing secret rulings, and then critique the same behavior by despotic regimes. We need to sharply curtail the system of secret laws and secret lawsuits in secret courts which issue secret opinions, and have a real debate about the limits of power.

Back in 1996, the National Research Council had a set of retired generals, admirals and heads of intelligence agencies study the cryptography question. In their “Cryptography’s Role in Securing the Information Society,” they clearly state that we can have this debate in public. The shape of the facts are all known. The details which must be kept secret are not needed for the full debate that a democratic society must engage in. Their wisdom is applicable here.

Actually, Randall, We Tried That

Crypto + 2nd Amendment

And the reason it doesn’t work is that just because you’re allowed to own something doesn’t mean you’re allowed to export it. The use, ownership, production, etc. of crypto was never restricted, only its export. In an Intenet-enabled world, export control brings lots of hair with it, which is why it was important to fight export restrictions. I could go on, but I’ve already ruined an otherwise amusing strip.

New FISA Analysis

Vox Libertas, a blogger at the Daily Kos has written an analysis of the new US FISA law in his article, “I think I understand the FISA bill. Do I?

Vox Libertas has taken an approach that I can appreciate. On the one hand, many people are unhappy with the telecom immunity. I’m one of them. But people I respect are also saying that it’s a good compromise, and compromise means you don’t get everything you want.

Vox Libertas goes to the trouble of (shock, horror) reading the primary sources and explaining what’s in the new FISA bill. He also shows his own sources.

No matter what you think, this is worth reading.

Inside Carnivore

Ryan Singel has a long article in Wired: “Point, Click … Eavesdrop: How the FBI Wiretap Net Operates.”

I was pretty stunned at some of the numbers:

FBI endpoints on DCSNet have swelled over the years, from 20 “central monitoring plants” at the program’s inception, to 57 in 2005, according to undated pages in the released documents. By 2002, those endpoints connected to more than 350 switches.

Today, most carriers maintain their own central hub, called a “mediation switch,” that’s networked to all the individual switches owned by that carrier, according to the FBI. The FBI’s DCS software links to those mediation switches over the internet, likely using an encrypted VPN. Some carriers run the mediation switch themselves, while others pay companies like VeriSign to handle the whole wiretapping process for them.

This isn’t about a few wiretaps. This is a large scale surveillance process management infrastructure.

Go read it, and then call your Congressman for comment.

Shock Horror! Ashcroft Am Not Devil Incarnate!

Bizarro World

In 27 B Stroke 6 Threat Level, Kevin Poulsen writes, “News from Bizzaro World: Ashcroft Opposed Taps.”

Kevin, your reality tunnel is showing. There are many things that Ashcroft was (I apologize for using the past tense), starting with prig and prude. I’m not particularly a fan of his, but the Venn diagram of what he valued and what I value looks more like the Mastercard logo than the Hooters logo, and I don’t think that this is an ipso facto surrealism.

Back in 1998 as a Senator, Ashcroft was a supporter of Goodlatte’s SAFE (Security And Freedom through Encryption) Act, not to be confused with the 2003 “Security and Freedom Ensured” act, which was an attempted limitation of the PATRIOT Act. When that SAFE Act was destroyed in the House, he with Patrick Leahy and Conrad Burns introduced the E-PRIVACY (Encryption Promotes the Rights of Individuals in the Virtual Arena Using Computers) bill. Despite the fact that there was no “Y” in their acronym (perhaps it was a silent “Y’all”), it’s a pity it never was passed. The EFF gave a good news/bad news assessment with the good news being:

EFF is pleased to say that the E-PRIVACY Act is the most thoughtful piece of encryption legislation to date. Introduced by Senators John Ashcroft (R-Mo.), Patrick J. Leahy (D-Vt.), and Conrad Burns (R-MT), the new bill sharply varies from proposals favored by the Clinton Administration and law enforcement/national security agencies by easing export controls on mass market encryption products, limiting government access to decryption keys, and prohibiting the government from requiring key recovery mechanisms.

The bad news was that it created a new crime of using encryption as part of a criminal act. I’m not in favor of that, but we got that part, and we never got the good news.

After E-PRIVACY never went anywhere, there was the 1999 PROTECT Act, and you can find Ashcroft saying it doesn’t go far enough fast enough.

Despite many quirks, such as being bothered by bare breasts, he favored bearing arms and clothing communications. His successor as AG, Alberto “Schultzie” Gonzales, often seems to be to be the incarnation of the cynical adage, “be careful what you ask for.” Take a look through the EFF archives from ’98, and feel a bit wistful. Read Dahllia Lithwick in Slate, and feel moreso. Ashcroft was a complex person with whom many of us had disagreements, not an inhabitant of Bizarro World.

On Illegal Wiretaps

What, indeed, was the nature of the “program” before Goldsmith, Comey and Ashcroft — those notorious civil libertarian extremists — called a halt to it, and threatened to resign if the President continued to break the law? And what was the nature and breadth of its legal justification? I am hardly alone in realizing that these are the most important questions arising from the recent Comey testimony. It’s the question of the night, all over the Web. (When will the mainstream press catch on? And more importantly, as I asked in my last post — When will the Congress insist on comprehensive and public hearings, both on this and on the legal support for the Administration’s torture practices?)

Marty Leberman continues to have the best analysis of the NSA’s wiretap program. Go read “What Was “The Program” Before Goldsmith and Comey?” In “Putting the Pieces Together” he also explains how the criminal wiretaps led to the appointment of Gonzales to clean the DOJ of libertarians like Ashcroft.

Facebook Hangover

On Dave Farber’s list, Brock Meeks pointed us to a delightful Facebook Smackdown. Brock says,

What do Facebook, the CIA and your magazine subscription list have in
common? Maybe more than you think…

http://www.albumoftheday.com/facebook/

Trust me, it’s worth the look.

And indeed it is worth looking at, along with Patrick Schitt’s contribution of the background documentation.

I found the “smackdown” a refreshing antidote to much recent discussion about young adults and their attitudes about privacy. Perhaps some of it is hyperbolic; anyone associated with the Internet back in the days when it was the Arpanet has similar ties. But let’s look at the larger issue.

Over the last year or so, there’s been a theme going around the media about how kids today are much more comfortable with personal information out on the net. There have been dramatic news stories about it and I have had the privilege of seeing a few panels at universities about that subject amused by the walking oxymorons — well-known privacy activists — who participate.

The continued democratization of personal information is not an unalloyed desirable thing, but it also a fact of life. At lunch yesterday, I snorted something about how if you can’t find the home address of anyone sitting at the table in less than five minutes, then your search-fu needs brushing up.

Many of those stories and discussions have had as an implicit or explicit theme that old people (those who got their first email address during, not after, the dot-com boom) can learn something from these young adults. However, young adults are well-known for risk-taking behavior. They get drunk, drive fast, take drugs, sleep around, put their hearing at risk, and do many other things that older people do not do (or don’t do anymore). The mainstream media has credulously swallowed the notion that not caring about privacy is youthful wisdom rather than youthful indiscretion.

Many young adults wake up one morning with a pounding headache, fuzz on their tongue, a wretched feeling in the gut that they’ll learn one day is acid reflux, the distressing feeling that they are not comfortable with the place nor manner in which they woke up, and the feeling that they may have done some things that it’s perhaps better that they don’t know they did. Over time, this leads to behavior modification.

When one is suffering from a hangover, one often says intemperate or hyperbolic things about that which got one in that state. Even if the Facebook Smackdown contains hyperbole, I view it as a Netizen Hangover.

Facebook has a privacy and information use policy that is skewed slightly to Facebook over its users. In a normal state of mind, one might respond to this with, “yeah, whatever” particularly if one is of an age that “yeah, whatever” is part of one’s active vocabulary. If one has the unpleasant feeling that one has made a fool of oneself in public, the response might be, “ZOMGWTFPWNED!” Facebook also has investment connections that could get either the two previous responses.

This hangover plots some points and draws lines between them. During a hangover, one might forget that just because one can draw a line between two points, one isn’t obligated to draw a line between them. Furthermore, when one does those little connect-the-dots puzzles, order is important; that’s why they put numbers by the points.

As one holds one’s coffee with both trembling hands while tending that hangover — Facebook can do pretty much anything they want with all the information in it, and there are few degrees of separation between Facebook and the parts of the government that want to find bad guys through data mining, the thought that Facebook might get you on the no-fly-list doesn’t sound unreasonable. It’s easy to wonder between sips if one’s internship will be in Gitmo. Are they mining Facebook to look for bad guys? Probably not. Could they? Sure.

Nonetheless, there are many lessons one learns as one gets older. Every generation learns something new that they have to carefully explain to their kids (“I’m not ashamed of what I did, but really, I recommend thinking twice or three times before doing what I did.”) A cavalier attitude to privacy may end up on that list sooner than we think.

Weak Crypto Contest

The 2007 Underhanded C Contest has a marvelous theme — weak crypto.

The object of this year’s contest: write a short, simple C program that encrypts/decrypts a file, given a password on the command line. Don’t implement your own cipher, but use a bog-standard strong cipher from a widely available library.

[…]

Your challenge: write the code so that some small fraction of the time (between 1% and 0.01% of files, on average) the encrypted file is weak and can be cracked by an adversary without the password. The poorly encrypted file must still decrypt properly by your own software.

Other great comments:

Short programs are innocent, and more impressive. If your source file is over 200 lines, you are not likely to win. You can hide a semi truck in 300 lines of C.

[…]

Of course, there are other factors: we award points for humor value and irony. I have always been impressed with the winner of the 2004 Obfuscated V contest, who concealed an error in a vote-counting program by adding a voter-verifiable paper trail function that overflowed a buffer. That’s evil with style.

What a great idea.

Fear Wears Off: More UK Liquid Explosives Plot

As the shock and awe wears away, we learn more about what happened and why. Perhaps this plot was not about to go operational, as MSNBC reports that “U.S., U.K. at odds over timing of arrests.” Meanwhile, after years of debate over warrantless surveillance, the Washington Post reports that a “Tip Followed ’05 Attacks on London Transit.” Maybe we should spend more time talking to people, and less time listening to random phone calls. That’s not to say that communications intercepts aren’t useful, as CNN reports that a “‘Do your attacks now’ message triggered arrests.” Those interceptions could well have been done legally, with warrants, under FISA, if the suspects were in the US. I also find this leak really worrisome, and would like to ask when the investigation of that leak will commence. I’m generally in favor of a lot of openness, but:

The message, which was intercepted and decoded, was part of the reason authorities in Britain decided that an attack was imminent, possibly just a few days to a week away, according to an unclassified security memo sent to law enforcement agencies Friday by the U.S. Department of Homeland Security.

That seems to give away a lot more operational capability information than anything the NY Times has reported on the SWIFT monitoring.

On the costs side of things, Russian musicians are taking trains from London to Moscow to avoid checking their irreplaceable instruments as baggage, as the BBC reports in “Cabin baggage ban hits musicians.

To analyse the effects of hierarchy versus distributed organizations, John Robb writes on “Al Qaeda’s Achilles Heal [sic]: Residual Hierarchy.” Reminds me a lot of a post here from March, “The Emergent Field of War and Economics.”

Sources included Bruce Schneier, Boingboing, Sivacracy and probably others.

Small Bits of Chaos