On 05/26/2012 08:01 AM, Peter Gutmann wrote:

Marsh Ray <marsh@extendedsubset.com> writes:

...

Perhaps someone who knows German can better interpret it.

The government was asked "are encrypted communications creating any difficulties for law enforcement in terms of pursuing criminals and terrorists?". The government replied "no, not really, so there's no need to restrict the use of crypto by the public".

Sorry, that's not quite it. The "Kleine Anfrage" (small inquiry) is a tool for the opposition to put pressure on the government, which has to explain itself in response to specific questions on a certain topic. In this inquiry, the left party asked questions about telecommunication surveillance by the BND, (encrypted and/or unencrypted), which was reported about in the German press. In particular, they asked questions about the keywords used for filtering, the technical methods for filtering, the amount of filtering that has been done, if any successes were documented, how politicians/attorneys/journalists and other protected groups are protected, etc. The goal is to either find material that is embarrassing or at least to remind the government and secret services of their boundaries. In the end, most of the answers were secret and, as far as they were given at all, are only available to members of the German parliament. There is very little specific information that is not secret, for example that 90% of the emails are spam, that 16400 keywords were used etc. As far as decryption capabilities goes, the text is very clear: The software used to analyse the communication stream can, in principle, decrypt and/or analyze at least some of it. Note the qualifiers: In principle, decrypt and/or analysis, depending on type and quality of encryption. This really can mean anything and everything. I would assume that it just means that the software and services they are buying have implemented some automatic decryption based on the state of the art attacks on weak cryptography, or at the very least the ability to detect encrypted streams and at least analyse the flow. There is nothing in the answer that suggests that the BND has any abilities beyond what is commercially available as the state of the art. Also, there is nothing in the answer that suggests that there is no need to restrict the use of crypto by the public. That is just not within the scope of the inquiry or the response. The topic was surveillance of telecommunication by the BND in general. Encryption was only the topic of one question, which was, compared to the others, not very detailed and not very carefully phrased. Ideally, they should have split the question in decryption and metadata analysis and asked which methods are available in particular. They dropped the ball on this one, and thus government and secret service could weasel out with a typical non-answer: the smallest answer possible that is truthful and does cover the scope of the question. The only other possible answer would have been: "no, we can not analyse or decrypt encrypted communication streams at all", in which case the answer would have been secret because it revealed operational details that allows suspects to evade the measure. Thanks, Marcus _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE