(straw) man in the middle - hyperelliptic org · (straw) man in the middle: a modest post-snowden...
Post on 20-Jun-2020
4 Views
Preview:
TRANSCRIPT
(Straw) Man in the Middle:A Modest Post-Snowden Proposal
Brussels, Belgium
Jacob Appelbaum
[redacted]
10 December 2015
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 1 / 26
Post-Snowden?
What does that mean?
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 2 / 26
Understanding the plumbing
Mass surveillance works by first illegally and generally seizing data, andthen indiscriminately searching all data, until a specific search term isfound. This is selector based surveillance, a kind of surveillance thatrequires mass surveillance. It comes from vulnerabilities in core internetand other network protocols.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 3 / 26
A shift?
We have experienced a huge shift.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 4 / 26
Key changes
Specific understanding about a handful of protocols.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 5 / 26
Key changes
A general and pervasive fear; a feeling of helplessness.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 6 / 26
Key changes
People have lost faith in the authorities and adopted a fatalistic attitude.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 7 / 26
A new assumption
A pervasive fear of mass surveillance, jokes about being on lists; a newdefault of total monitoring!
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 8 / 26
A new default to fight passive attackers
Changes are now detectable.
Encryption is here to stay. Passive interception moves to active.Signal/ZRTP clients and Let’s Encrypt CA change the game.This impacts Law Enforcement and Intelligence; focusing on LE.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 9 / 26
A new default to fight passive attackers
Changes are now detectable.Encryption is here to stay. Passive interception moves to active.
Signal/ZRTP clients and Let’s Encrypt CA change the game.This impacts Law Enforcement and Intelligence; focusing on LE.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 9 / 26
A new default to fight passive attackers
Changes are now detectable.Encryption is here to stay. Passive interception moves to active.Signal/ZRTP clients and Let’s Encrypt CA change the game.
This impacts Law Enforcement and Intelligence; focusing on LE.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 9 / 26
A new default to fight passive attackers
Changes are now detectable.Encryption is here to stay. Passive interception moves to active.Signal/ZRTP clients and Let’s Encrypt CA change the game.This impacts Law Enforcement and Intelligence; focusing on LE.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 9 / 26
Cultural differences
In the US, the UK and in other countries in Europe - searches andnotification are different. Cryptography brings us to a new convergence forall cultures at once.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 10 / 26
A recent European Court of Human Rights ruling
Oversight isn’t enough: accountability is required
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 11 / 26
Checking validity
Example interactions with the police:
Siren on an otherwise unmarked car pulling over a driver
Drive to a well lit area, dial 112/911, confirm identity of ”officer”
No know raid by armed people
Did they declare they are police? How do we verify it?
Knock at the door with a search warrant
Is it a valid warrant?
Other examples such as a famous Tupac shooting involving police inplain clothing
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 12 / 26
Reality check
In most of these situations - we acknowledge the serious issue of policeimpersonation.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 13 / 26
How do we detect crimes?
Cyber cyber cyber
(Hint: You will receive nearly no help from any authority!)
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 14 / 26
How do we detect crimes?
Cyber cyber cyber(Hint: You will receive nearly no help from any authority!)
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 14 / 26
An example standard of evidence
In the German Chancellor Merkel case there was a supposed lack ofevidence.
Thus we see - we need a new standard of evidence!
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 15 / 26
An example standard of evidence
In the German Chancellor Merkel case there was a supposed lack ofevidence.Thus we see - we need a new standard of evidence!
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 15 / 26
A short summary
First, we acknowledge a change in thinking because of Snowden.
Secondly, we see a move towards more and more transparency.
Thirdly, we control those we can control and not those that wedon’t...
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 16 / 26
Wait, control?
I have no democratic control over the majority of services. I do havedemocratic control over a small set of services: local LE, national LE
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 17 / 26
Wait, transparency?
The new protocols force transparency, the proposed standard of evidencegive us data for action; but how might we choose what to act on?
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 18 / 26
Ask the honest parties to prove their honesty
They sign their interception request in real time, point it to a given court(docket, judge, case, etc.) just as with the search of the home.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 19 / 26
And anyone who doesn’t sign...
Is subject to investigation with the collected evidence.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 20 / 26
Wait, what?
There is no requirement that cryptophone or signal help with this proposal- only that a system of real time notification is implemented by states andtheir relevant agencies.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 21 / 26
Wait, what about TARGETED surveillance
Like cryptography that horse has left the barn with the move from passiveto active.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 22 / 26
Wait, what about malware
The same standard of evidence and notification should apply.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 23 / 26
Help the (honest) police
No ”Golden Key” required
A trade of the secrecy property that keeps security for the majority of usersLaw enforcement is always asking for a way to do this; my proposal allowsan avenue while also asking them to give up secrecy and commit toaccountability and transparency.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 24 / 26
Help the (honest) police
No ”Golden Key” requiredA trade of the secrecy property that keeps security for the majority of users
Law enforcement is always asking for a way to do this; my proposal allowsan avenue while also asking them to give up secrecy and commit toaccountability and transparency.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 24 / 26
Help the (honest) police
No ”Golden Key” requiredA trade of the secrecy property that keeps security for the majority of usersLaw enforcement is always asking for a way to do this; my proposal allowsan avenue while also asking them to give up secrecy and commit toaccountability and transparency.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 24 / 26
An equal standard
From homes to phones - interference is not secret, lawful processes exist,crimes committed by thousands of unlawful attackers now subject toreporting.
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 25 / 26
Questions?
Jacob Appelbaum ([redacted]) (Straw) Man in the Middle: 10 December 2015 26 / 26
top related