From eugen@leitl.org Sun Sep 8 07:54:17 2013 From: Eugen Leitl To: cypherpunks@lists.cpunks.org Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked Date: Sun, 08 Sep 2013 13:54:14 +0200 Message-ID: <20130908115414.GB29404@leitl.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============5104515524544775076==" --===============5104515524544775076== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable ----- Forwarded message from Gregory Perry ---= -- Date: Sat, 7 Sep 2013 19:58:50 +0000 From: Gregory Perry To: Brian Gladman Cc: Cryptography Mailing List Subject: Re: [Cryptography] Bruce Schneier has gotten seriously spooked On 09/07/2013 02:46 PM, Brian Gladman wrote: > Because NSA and GCHQ are much more interested in attacking communictions > in transit rather than attacking endpoints. > > Endpoint attacks cost more to undertake, only give access to a limited > amount of data and involve much greater risks that their attack will > either be discovered or their means of attack will leave evidence of > what they have done and how they have done it. The internal bueaucratic > costs of gaining approval for (adverarial) endpoint attacks also makes > it a more costly process than the use of network based interception. > > There is significant use of open source encryption software in end to > end encryption solutions, in file archivers, in wifi and network > routers, and in protecing the communications used to manage and control > such components when at remote locations. The open source software is > provided in source code form and is compiled from source in a huge > number of applications and this means that the ability to covertly > substitute broken source code could provide access to a huge amount of > traffic without the risks involved in endpoint attacks. I would submit that the exact inverse is the real target - endpoint devices. = There is simply too much volume of Internet traffic to realistically analyze= and process, even with the next big datacenter in Utah and multi gigabit wir= e rate capable deep content inspection blades. It's the endpoint devices tha= t the FBI is after for targeted intrusions (for both domestic and foreign tar= gets), and the NSA used to have a very legitimate charter with a culture dedi= cated to protecting U.S. communications at all costs. For decades the FBI were literally the spies that couldn't shoot straight, as= was evidenced by CALEA (lets put backdoors into every phone switch), and Com= verse Infosys (then lets outsource all of our wiretap operations). But even = with all of those idiotic mistakes, the FBI got their amended FISA 2008 and t= he Patriot Acts passed which in effect repealed the Posse Comitatus Act and g= ave the FBI their political power play to gain control over all of the NSA's = signals intelligence capabilities, for domestic spying and wiretapping here o= n U.S. soil without any judicial oversight whatsoever. I would even wager that Herr Bob Mueller himself arranged this Snowden debacl= e with the Crown of England and his Chinese and Russian counterparts, to guar= antee Snowden safe asylum once he absconded with the NSA crown jewels. A sim= ple reading of the international media chatter shows that the NSA (and the US= A by proxy) are the bad guys now, with nary a mention of the FBI being involv= ed at any level of this with their own domestic spying operation that is many= orders of magnitude more powerful than anything the NSA and/or DoD had ever = even dreamed of accomplishing with foreign signals intelligence gathering. _______________________________________________ The cryptography mailing list cryptography(a)metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- --=20 Eugen* Leitl leitl http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5 --===============5104515524544775076==--