fuck these guys

From my very limited knowledge of encryption...Mike, do you think it would be

https://plus.google.com/+MikeHearn/posts/LW1DXJ2BK8k Mike Hearn Shared publicly - Yesterday 10:30 AM #NSA The packet capture shown in these new NSA slides shows internal database replication traffic for the anti-hacking system I worked on for over two years. Specifically, it shows a database recording a user login as part of this system: http://googleblog.blogspot.ch/2013/02/an-update-on-our-war-against-account.h... Recently +Brandon Downey , a colleague of mine on the Google security team, said (after the usual disclaimers about being personal opinions and not speaking for the firm which I repeat here) - "fuck these guys": https://plus.google.com/108799184931623330498/posts/SfYy8xbDWGG I now join him in issuing a giant Fuck You to the people who made these slides. I am not American, I am a Brit, but it's no different - GCHQ turns out to be even worse than the NSA. We designed this system to keep criminals out . There's no ambiguity here. The warrant system with skeptical judges, paths for appeal, and rules of evidence was built from centuries of hard won experience. When it works, it represents as good a balance as we've got between the need to restrain the state and the need to keep crime in check. Bypassing that system is illegal for a good reason . Unfortunately we live in a world where all too often, laws are for the little people. Nobody at GCHQ or the NSA will ever stand before a judge and answer for this industrial-scale subversion of the judicial process. In the absence of working law enforcement, we therefore do what internet engineers have always done - build more secure software. The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined. Thank you Edward Snowden. For me personally, this is the most interesting revelation all summer. How we know the NSA had access to internal Google and Yahoo cloud data http://www.washingtonpost.com/blogs/the-switch/wp/2013/11/04/how-we-know-the... 732502Nico Lumma's profile photoIan Batterbee's profile photoAmber Yust's profile photoKonrad Rudolph's profile photo 39 comments Jeff WeissYesterday 2:46 PM+19 20 19 Until this article no one had mentioned that the intercepted traffic was on leased fiber, not on the public internet. That makes the cleartext transmission seem like a less glaring error, I suppose I can see how it wouldn't seem necessary. In fact, anyone claiming in was necessary probably would have been seen as paranoid until now. Still, encrypting data sent over the wire is not difficult. Considering the value of the data in question, and the number of parties who could access it (at least two - the fiber owners and the government), it seems like a worthwhile investment. Lesson learned, I suppose. Mike HearnYesterday 3:42 PM+42 3 2 I think the fact that Google uses private fiber has been well known for quite a while actually. Just search for [google dark fiber] and you will find many news stories discussing that, and it was mentioned off-hand in previous stories as well (I think). Yes, that's pretty much it. Encryption was being worked on prior to Snowden but it didn't seem like a high priority because there was no evidence it would achieve anything useful, and it cost a lot of resources. Once it became clear how badly compromised the fiber paths were, there was a crash effort to encrypt everything. Re: "not difficult". I disagree. Doing end to end on the scale of Google is a lot harder than it looks. Ignoring CPU capacity constraints, the entire thing requires a large and complex key distribution and management infrastructure (fortunately already present). Also lots of different protocols flow over our wires, each one of which has to be handled. Jeff WeissYesterday 4:15 PM+9 10 9 At Google's scale, everything is difficult. I meant "not difficult" relative to all the other feats they've pulled off. I can't say I blame them, really. They haven't historically come across as careless with their users' data - just the opposite in fact. If only the NSA manages to steal Google users' personal info, they're doing relatively well. There's always room for improvement. Mike HearnYesterday 4:16 PM+18 9 8 Right, sure. Compared to some other initiatives encrypting cross-dc links wasn't a moonshot. Self driving cars definitely rate as harder :) John A. TamplinYesterday 4:29 PM+18 9 8 I don't know in Google's case, but when I was at an ISP before, dark fiber meant we owned the fiber in the ground and were responsible for terminating it with our repeaters/routers/etc. So, to tap it would require either compromising the equipment we owned or someone physically digging up the fiber, inserting a tap, and putting it back. You could conceivably detect such a tap with TDR, but especially if this happened under the cover of a cable cut you might just assume the tap was an imperfect splice to repair the cut. So, I don't think it was unreasonable to assume that dark fiber was "safe". When I came to Square, it seemed over the top that even connections between services in the same datacenter were secured with mutual auth SSL -- it doesn't seem so excessive now. Jeffrey YunesYesterday 5:49 PM+14 5 4 I don't think this is a "big people vs. little people" thing. I'm little, Google's big, and we're both on the same side of this. Rather, this is a "government vs everyone else" thing. Andree ChristaldiYesterday 6:05 PM+4 5 4 Shocking, disgusting stuff. As you said, laws only matter to common folk, not the state. Good work Mike. Laurent GaffiéYesterday 7:25 PM+1 2 1 Well said Mike, well said. Trevor LoucksYesterday 7:57 PM+1 2 1 possible for Google,within the next few years, to do end to end encryption for all its services, but not manage or store the keys? I would prefer if everything was encrypted and decrypted locally and I stored the key how I saw fit. Using LastPass, hard copy paper, truecrypt container, or some other mechanism. I realize this would completely obliterate any type of possible password recovery. But man, a system like that would allow me to feel so much better when using Gmail or Google Drive. I guess it would have to be offered as an option, because I don't doubt most Google users would opt for easy usability instead of higher security. In the meantime I feel compelled to transfer my backups to places which offer end to end encryption with keys that aren't stored by the service provider. Jason BraddyYesterday 8:15 PM+6 7 6 +John A. Tamplin It's possible to tap an optical cable without breaking it, by bending it far enough that some of the light leaks out through a gap in the jacket. This can be detected by looking for unexpected drops in the light level via DOM, etc., and I believe that critical defense/intelligence network paths do this already. Jeff WeissYesterday 8:15 PM+1 2 1 +Trevor Loucks that would dramatically change Google's business model, since they generally offer free services in exchange for collecting people's data. Most of the offerings where privacy is a concern, the best private service wouldn't be a service at all. It would just be software you run yourself. Or maybe it would run on some cloud service, but the important point is that the provider doesn't see your data or care about it, they just lease you some computing capacity. John A. TamplinYesterday 8:27 PM+1 2 1 +Trevor Loucks In many cases that would mean the service couldn't operate - for example, GMail couldn't communicate with other SMTP servers if Google never had the decrypted message on its servers. If you have a doc for collaborative editing, how do multiple people get the same key? You certainly wouldn't have the ease of saying "share this document with the following" and it just work. Besides that, decrypting in the web browser using JS is slow and prone to other vulnerabilities. It currently isn't practical for web-based services to operate as you suggest. John MardlinYesterday 8:30 PM +Mike Hearn Was this work started before the most recent revelations made it clear that this was mission critical? I'm sure that implementing encryption on your scale is a massive challenge, it seems counter intuitive that it could be finalized so quickly after these revelations, regardless of whether or not the work had been begun already. Follow on: do you ever wish Edward Snowden would just give you everything you needed to know right away so this could be stopped sooner? Would you try to reach out and encourage that moving forward? Thanks for taking the time to be transparent and clarify to your users, while you're undoubtedly insanely busy. Ian BatterbeeYesterday 8:40 PM +John A. Tamplin Also worked at an ISP, for us, dark fibre was simply something where bits you shoved in one end came out the other untouched. The dark part referred more to the fact that the packet wouldn't congest with other people's traffic on the way, and would typically be a leased service on someone else's CWDM or DWDM network, though it could also be simple patching with no equipment in the way. Stephan BealYesterday 8:51 PM Okay, now admit it: how many of you had to google "Sisyphus" at the end of the article? ;) (i did!) Nicolas FischerYesterday 9:51 PM+4 5 4 These assholes think they're above the law. Fuck them! Let's use bitcoin to defund them. Amber YustYesterday 9:57 PM+3 4 3 +John Mardlin Yes, the project was started well before Snowden. The pace just got ramped up immensely in the past year or so. Jeff WeaverYesterday 10:57 PM+3 4 3 quite a post for bonfire day Guy would be proud :-) Mike HearnYesterday 11:39 PM+13 4 3 Nobody knows how to build services like the ones Google provides but where the service provider is blind to the traffic. It's not as simple as "Google makes money off ads so they don't want to change things". Ad-funded services are actually a good thing from a privacy perspective! A lot of people and media commentators don't realise this. The alternative to advertising is direct payment by end users for a service. Unfortunately, there are no ways to pay someone for something online anonymously. The closest is Bitcoin but it's still very young and immature, most people can't use it. So if the dominant paradigm for Google services was that you paid for them, you'd pay for them with a credit card and then anonymous accounts would be impossible, we'd always know exactly who you were. Even if we couldn't read the message traffic, we would still know immediately and automatically that Edward Snowden of BAH Hawaii had sent a message to Glenn Greenwald of the Guardian, which is obviously of great interest to the NSA. You don't need to be a genius to guess what a message from a high-clearance member of NSA staff to a journalist might say. All you need to know is that they're communicating at all. Currently though, anyone can sign up for a webmail account and provide any bogus name they like (and people do). Neither the webmail provider nor the advertisers know who a user really is, nor do they care. That's a pretty decent situation to be in. Anyway, although I'd love it to be different, there aren't any viable alternatives to the way cloud services operate today. These things either get fixed legislatively, or they don't. Cryptographers are inventing lots of really amazing technology that might one day make a truly private p2p cloud possible, but those techniques are probably decades away from being competitive (if they ever are). Jeroen van Gelderen1:03 AM+3 4 3 +Mike Hearn "These things either get fixed legislatively, or they don't." Then they won't. The TLAs will ignore the laws and lie about it until caught. Then do it again. Lauren Weinstein2:13 AM+12 3 2 I've had quite a few people ask why I haven't seemed to be more upset publicly about all the recent NSA and other surveillance disclosures. It's real simple -- there has been nothing disclosed that I (and many others) haven't assumed was going on at the hand of every capable surveillance org around the world for decades, one way or another. This sort of behavior goes back to the dawn of written communications -- tech has just made it easier in some ways (by concentrating flows and making storage so cheap) and harder in other ways (by providing means for robust encryption, when it's used). And recent history (that is, some decades) speaks clearly to the following. No matter what the politicians tell you, not matter what any countries' agencies say, there will be no substantive long-term change in these practices. Opportunistic gathering of all data they can get their hands on will continue, especially if it can be declared to be foreign or international in nature and so not subject to purely domestic restrictions (when those exist). At the best, we can hope for a bit more oversight (at least in the short term) and push hard for more transparency so that companies like Google can explain to the public what really happens in terms of data demands from government, and not be faced with when did you stop beating your wife? no-win situations where hyperbolic, false accusations can't even be legally refuted. Above all from a practical standpoint, it has to be encrypt, encrypt, encrypt -- as Google is now engaged in big time. Contrary to the assertions of the spooks, encryption to block or degrade opportunistic mass data collection is unlikely to significantly damage major targeted anti-terrorism efforts. When the agencies have something they really want to target, they can use warrants and even user endpoint attacks to deal with most kinds of common encryption. But what's so important about encryption at Google scale is that by making it significantly harder to do the mass, vacuum cleaner type surveillance, the opportunity for governments building up enormous databases of such material composed almost entirely of innocent parties' data can likely be curtailed in meaningful ways. And it's that sort of data collection that is most potentially subject to abuse, especially retrospective abuse under some future government quite possibly with a very different set of motives entirely. Jeff Weiss3:22 AM+1 2 1 +Mike Hearn in many cases it is simply not necessary to ship your personal info to someone else to organize. If you have a good internet connection at home, you can just put a modest box alongside your cablemodem that is capable of storing all your data and organizing it (with the right software, of course). And you would control your own privacy. The big missing piece is the software. Unfortunately all the effort has been poured into services like Google's because quite frankly, people don't know any better. Nobody knows the value of their data so they give it away. I would much rather contribute to a kickstarter for open source software to do the same thing. That way I know the application is working for me, not someone else. Ed Burnette3:31 AM + 1000000 from the US Michael Schwartz3:46 AM+3 4 3 Way to go Google for stopping all the hackers (even the ones my tax dollars are funding to spy on me!). Thanks to the crypto geniuses of the 90's, encryption is no longer a monopoly of the NSA. We have the power to have privacy, and if we work on open standards and open source software, we will also have the economies to make it ubiquitously supported by all domains on the Internet. Thank you for your transparency on the issue! Watson Ladd5:42 AM "Fuck You" is nice. Service and a court date is a lot nicer. Henrik Sjölander6:51 AM+5 6 5 I know that Googlers work for the security to help people in all countries for the right to privacy and spying governments, not only when it concerns free speach. I'm confident that you at Google are working on even things like these. That's why i like what google, and also employees like you Mike, are doing for everyone in the world. Thanks. Chuck McManis6:57 AM Knowing what Brandon and the opsec team is capable of, I am sure that given your new found understanding of the risks involved you will be up to the task mitigating this latest attack against the infrastructure. Kind of defines APT in a whole new way. Marco Tedaldi7:20 AM+1 2 1 The spy services are clearly criminal organizations. And the law is quite clear on how to handle criminal organizations and the members. Jay Perkins7:50 AM Today, in its world, Google is bigger than the government. It is time to start acting like it. Of course, advertising revenue is the milk that feeds the Google. Governments can cut off the milk. Kudos to Mike for speaking out as Brit. Americans suddenly have a fear that speaking out against the actions of its government will have real world consequences. Like investigations of your internet use and your finances. Americans have gained a fear of speaking out since the government convinced them that helping fight the war on "terror" meant that they voluntarily surrender the rights and freedoms that previous generations thought worthy of dying for, and it would somehow be patriotic, rather than idiotic. Anatoliy Lisovskiy8:04 AM+1 2 1 I heard a rumor as if in USSR some copper cables were going in pipes with dry air, or an inert gas, under certain pressure that was constantly monitored. Jerome Chan8:37 AM What is there to prevent the NSA from demanding the private keys for the encrypting software? Kazimierz Kurz8:43 AM encryption, hower complicated, is the only sollution. And even if encryption would be not very strong, it has to be done! Because even if it is easy to breake, it rise the cost for the atacker. It is a trade game. If You do something, even simple, - it may work for some time... Justin Lolofie8:44 AM brit outrage is classy outrage ++ Brandon Downey8:46 AM+1 2 1 While I can't comment about our employer's use of encryption, but if your concern is the compromise of current private keys revealing things about past encrypted sessions, technologies like this can help: https://www.eff.org/deeplinks/2013/08/pushing-perfect-forward-secrecy-import... Danny Sullivan8:56 AM As an American, I'm finding the spying revelations disgusting. We do have laws against such warrantless tapping, and it shouldn't be allowed. But Google's "big people" that can go after the big people you feel will escape these illegalities. Right now, aside from whatever private lobbying is almost certainly going on, all Google is doing publicly is arguing for a right to reveal number of requests you give out. It would be nice if Google stepped up the game. File a lawsuit against the US government. Go after the big people. When Google felt China violated its security, Google pulled out of the entire country. It seems to have a much higher tolerance for US spying -- or bottom line, while it doesn't like it, it'll hurt the bottom line too much to do a similar withdrawal. But a big fat huge legal action would be the F-You you really want, and that many would feel only a company of Google's size could pull off. It'll be interesting to see if the higher-ups act on your call. Larry Gritz8:58 AM+1 2 1 I really hope this is making Google (and other companies) think hard about their "free services in exchange for mining data and selling ads" strategy. It's that business model that made all this surveillance easy. I'd like to see Google offer to make us the customers rather than the advertisers, allow us to pay for legitimately private and secure services, and as a bonus finally stop being bombarded with ads. Simon Zerafa9:16 AM I wonder of having the traffic on leased fibre was really the smart move in the end? All of the traffic on that fiber was Google's. If it had been on a public link it would have been encrypted and far safer. Greg Hennessy9:33 AM If the system allows the perversion of the course of justice to such an extent that the CEO of QWest can be indicted and jailed on 'insider' trading charges for allegedly not co-operating with 3 letter organisations. One hopes that the executive leadership team @ Google have retained some suitably capable legal resources to deal with what is inevitably coming down the pike. The state and it's securocrats do not like to be defied in private, let alone in public. Kevin Lyda9:36 AM +Larry Gritz Did you not read +Mike Hearn comment above? There is no widespread, easy to use anonymous payment system. If you pay for your Google services, you're traceable. If advertisers pay for your account, you are not. This is not rocket science.