Crypto Affirmative - DDI 2015 ST

7/25/2019 Crypto Affirmative - DDI 2015 ST

1/208

1AC


2/208

1AC


3/208

SQ

Cryptowars are coming now. The NSA and FBI want to blockand ndermine strong encryption in !a"or o! easy sr"eillance

o! all digital commnication# Compter scientists are $ghtingback.Tokmet%i &'1(Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How toprotect privacy and security! "lo#al Con$erence on Cy#er%pace &' * + -pril&' The Ha.ue, The Netherlandshttps://www0.ccs&'0com/sites/de$ault/1les/documents/How2&'to2&'protect2&'privacy2&'and2&'security2&'in2&'the2&'crypto2&'wars0pd$

3e thou.ht that the Crypto 3ars o$ the nineties were over, #ut renewed 1.htin. haserupted since the %nowden revelations0 4n one side,law en$orcement and intelli.encea.encies are a$raid that #roader use o$ encryption on the 5nternetwill make their

work harderor even impossi#le0 4n the other, security e6perts and activists ar.ue thatinstallin. #ackdoors will make everyone unsa$e05s it possi#le to 1nd some middle .round #etweenthese two positions 7This is the story o$ how a hand$ul o$ crypto.raphers hacked! the N%-0 5t8s also a story o$encryption #ackdoors, and why they never 9uite work out the way you want them to08 %o #e.an the #lo. post onthe ;atthew "reen, assistant pro$essor at John Hopkinsuniversity, and a couple o$ international collea.ues e6ploited a nasty #u. on the servers that host the N%- we#site0?y $orcin. the servers to use an old, almost $or.otten and weak type o$ encryption which they were a#le to crackwithin a $ew hours, they mana.ed to .ain access to the #ackend o$ the N%- we#site, makin. it possi#le $or them toalter its content0 3orse still, the crypto.raphers $ound that the same weak encryption was used on a third o$ the @million other we#sites they scanned0 or instance, i$ they had wanted to, they could have .ained access towhitehouse0.ov or tips0$#i0.ov0 >any smartphone apps turned out to #e vulnera#le as well0 The irony is this: thisweak encryption was deli#erately desi.ned $or so$tware products e6ported $rom the A% in the nineties0 The N%-wanted to snoop on $orei.n .overnments and companies i$ necessary and pushed $or a weakenin. o$ encryption0This weakened encryption somehow $ound its way #ack onto the servers o$ A% companies and .overnmenta.encies0 7%ince the N%- was the or.aniBation that demanded e6port+.rade crypto, it8s only 1ttin. that they should#e the 1rst site aected #y this vulnera#ility8, "reen .lee$ully wrote0 The ;


4/208

and data#ases0 -pple developed a new operatin. system that encrypted all content on the new iFhone #y de$ault0-nd hackers started developin. we# applications and hardware with stron., more user+$riendly encryption0 5n thepast $ew years we have seen the launch o$ encrypted social media (Twister), smartphones (?lackphone), chatso$tware (Cryptocat), cloud stora.e (?o6cryptor), 1le sharin. tools (Feerio) and secure phone and %>% apps(Te6t%ecure and %i.nal)0 This worries .overnments0 5n the wake o$ the attack on Charlie He#do in Faris, A= Frime>inister David Cameron implied that encryption on certain types o$ communication services should #e #anned0 5nthe A%, ?5 director James Comey recently warned that the intelli.ence a.encies are 7.oin. dark8 #ecause o$ the

emer.ence o$ de$ault encryption settin.s on devices and in we# applications0 5n 4;5TCy#ersecurity and 5nternet Folicy ;esearch 5nitiativehttp://dspace0mit0edu/handle/&0/P*P'R1les+area

The .oal o$ this report is to similarly analyBe thenewly proposed re9uirement o$ e6ceptionalaccess to communicationsin today8s more comple6, .lo#al in$ormation in$rastructure0 3e 1nd that itwould pose $ar more .rave security risks, imperil innovation, and raise thorny issues$or human ri.htsand international relations0 There are three .eneral pro#lems0 irst, providin.e6ceptional access to communications would $orce a -trn$rom the #est practicesnow #ein. deployed to make the 5nternet more secure0 These practices include $orward secrecyS where decryption keys are deleted immediately a$ter use, so that stealin. the encryption key used #y a

communications server would not compromise earlier or later communications0 - related techni9ue, authenticatedencryption, uses the same temporary key to .uarantee con1dentiality and to veri$y that the messa.e has not #een

$or.ed or tampered with0 %econd, #uildin. in e6ceptional access would su#stantiallyincrease system comple6ity0 %ecurity researchers inside and outside .overnment a.ree thatcomple*ity is the enemy o! secrityS every new $eature can interact with others to createvulnera#ilities0 To achieve widespread e6ceptional access, new technolo.y $eatures would have to #e deployed andtested with literally hundreds o$ thousands o$ developers all around the world0 This is a $ar more comple6environment than the electronic surveillance now deployed in telecommunications and 5nternet access services,which tend to use similar technolo.ies and are more likely to have the resources to mana.e vulnera#ilities that may

arise $rom new $eatures0 eatures to permit law en$orcement e6ceptional access across a
http://dspace.mit.edu/handle/1721.1/97690#files-areahttp://dspace.mit.edu/handle/1721.1/97690#files-area


5/208

wide ran.e o$ 5nternet and mo#ile computin. applications could #e particularlypro#lematic #ecause their typical use would #e surreptitious S makin. securitytestin. dicult and less eective0Third, e6ceptional access would createconcentrated targets that could attract #ad actors0 %ecurity credentials that unlock the datawould have to #e retained #y the plat$orm provider, law en$orcement a.encies, or some other trusted third party0 5$law en$orcement8s keys .uaranteed access to everythin., an attacker who .ained

access to these keys would enoy the same privile.e 0 >oreover, law en$orcement8s stated need$or rapid access to data would make it impractical to store keys oine or split keys amon. multiple keyholders, as

security en.ineers would normally do with e6tremely hi.h+value credentials0 ;ecent attacks on the Anited%tates "overnment 4ce o$ Fersonnel >ana.ement (4F>) show how much harm can arise whenmany or.aniBations rely on a sin.le institution that itsel$ has security vulnera#ilities05n the case o$ 4F>, numerous $ederal a.encies lost sensitive data #ecause 4F> had insecure in$rastructure0 5$service providers implement e6ceptional access re9uirements incorrectly, thesecurity o$ all o$ their users will #e at risk0

And# the threat to encryption is not hypothetical# the NSA hasalready inserted backdoors in so!tware and ndermined

commercial encryption standards./arris# &'10%hane, -merican ournalist and author at orei.n Folicy ma.aBine0 U3-; : the riseo$ the military+5nternet comple6 / Hou.hton >iin Harcourt0 F0VV+P

or the past ten years the N%- has led an eort in conunction with its ?ritish counterpart, the"overnment Communications Head9uarters, to de$eat the widespread use o$ encryption technolo.y#y insertin. hidden vulnera#ilities into widely used encryption standards 0


6/208

people to use an in$erior al.orithm that had #een enthusiastically em#raced #y an a.ency whose mission is to #reak codes0 ?utthere was no proo$ that the N%- was up to no .ood0 -nd the Kaw in the num#er .enerator didnWt render it useless0 -s %chneiernoted, there was a workaround, thou.h it was unlikely anyone would #other to use it0 %till, the Kaw set cryptolo.ists on ed.e0 TheN%- was surely aware o$ their unease, as well as the .rowin. #ody o$ work that pointed to its secret intervention, #ecause it leanedon an international standards #ody that represents * countries to adopt the new al.orithm0 The N%- wanted it out in the world,and so widely used that people would 1nd it hard to a#andon0 %chneier, $or one, was con$used as to why the N%- would choose as a#ackdoor such an o#vious and now pu#lic Kaw0 (The weakness had 1rst #een pointed out a year earlier #y employees at >icroso$t0)

Fart o$ the answer may lie in a deal that the N%- reportedly struck with one o$ the worldWs leadin.

computer security vendors, ;%-, a pioneer in the industry0-ccordin. to a &' report #y ;euters,the company adopted the N%-+#uilt al.orithm Xeven #e$ore N5%T approved it0 TheN%- then cited the early use 000 inside the .overnment to ar.ue success$ully $or N5%Tapproval:W The al.orithm #ecame Xthe de$ault option $or producin. random num#ers! in an ;%- security product called the#%a$e toolkit, ;euters reported0 XNo alarms were raised, $ormer employees said, #ecause the deal was handled #y #usiness leaders

rather than pure technolo.ists0! or its compliance and willin.ness to adopt the Kawedal.orithm, ;%- was paid Y' million, ;euters reported0 5t didnWt matter that the N%- had #uilt an o#vious#ackdoor0 The al.orithm was #ein. sold #y one o$ the worldWs top security companies, and it had #een adopted #y an international

standards #ody as well as N5%T0The N%-Ws campai.n to weaken .lo#al security $or its ownadvanta.e was workin. per$ectly0 3hen news o$ the N%-Ws eorts #roke in &', in documents released #y


7/208


8/208

lan

The -nited States !ederal go"ernment shold !lly spport and

not ndermine encryption standards by making clear that itwill not in any way sb"ert# ndermine# weaken# or make"lnerable generally a"ailable commercial encryption.


9/208

lan ls 2ero 3ays

The -nited States !ederal go"ernment shold !lly spport and

not ndermine encryption standards by disclosing %ero day"lnerabilities to so!tware man!actrers and by making clearthat it will not in any way sb"ert# ndermine# weaken# ormake "lnerable generally a"ailable commercial encryption.


10/208

Ad"antage 444 + 5conomy

Ad"antage 444 is the economy +

First# "lnerabilities that !acilitate domestic sr"eillancecompromise the secrity o! the entire internet.6ene%ia 718Faul OeneBia, system and network architect, and senior contri#utin. editor at5n$o3orld, where he writes analysis, reviews and The Deep


11/208

The collapse o! the internet ndermines the entire globaleconomyCCIA 1&(international not+$or+pro1t mem#ership or.aniBation dedicated to

innovation and enhancin. society8s access to in$ormation and communications)(Fromotin. Cross\?order Data lows Friorities $or the ?usiness Community,http://www0ccianet0or./wp+content/uploads/li#rary/Fromotin.Cross?orderDatalows0pd$)

The movement o$ electronic in$ormationacross #orders is critical to bsinessesarond the world, #ut the international rules .overnin. Kows o$ di.ital .oods, services, data andin$rastructure are incomplete0 The .lo#al tradin. system does not spell out a consistent, transparent $ramework $orthe treatment o$ cross\ #order Kows o$ di.ital .oods, services or in$ormation, leavin. #usinesses and individuals todeal with a patchwork o$ national, #ilateral and .lo#al arran.ements coverin. si.ni1cant issues such as the stora.e,trans$er, disclosure, retention and protection o$ personal, commercial and 1nancial data0 Dealin. with these issuesis #ecomin. even more important as a new .eneration o$ networked technolo.ies ena#les .reater cross\#ordercolla#oration over the 5nternet, which has the potential to stimulate economic development and o# .rowth0 Despitethe widespread #ene1ts o$ cross\#order data Kows to innovation and economic .rowth, and due in lar.e part to.aps in .lo#al rules and inade9uate en$orcement o$ e6istin. commitments, di.ital protectionism is a .rowin. threataround the world0 - num#er o$ countries have already enacted or are pursuin. restrictive policies .overnin. theprovision o$ di.ital commercial and 1nancial services, technolo.y products, or the treatment o$ in$ormation to $avordomestic interests over international competition0


12/208

o$ customers, suppliers, and researchers0 or e6ample, 1nancial institutions rely heavily on .atherin., processin.,and analyBin. customer in$ormation and will o$ten process data in re.ional centers, which re9uires relia#le andsecure access #oth to networked technolo.ies and cross\#order data Kows0 -ccordin. to >c=insey, more thanthree\9uarters o$ the value created #y the 5nternet accrues to traditional industries that would e6ist without the

5nternet0The overall impact o$ the 5nternet and in$ormation technolo.ies onproductivity may surpass the eect o$ any other technolo.y ena#ler in history,includin. electricity and the com#ustion en.ine, accordin. to the 4ore #roadly,

economies that are open to international trade in ICT and in!ormationgrow !aster and are more prodcti"e :imiting network access dramaticallyndermines the economic bene$ts o! technology and can slow growthacross entire economies.

5conomic decline cases nclear war/arris and Brrows ;athew, FhD


13/208

e6isted #etween the .reat powers $or most o$ the Cold 3ar would emer.e naturally in the >iddle


14/208

Ad"antage 444 + Inno"ation

Backdoors sti=e inno"ation becase they re9ire centrali%edin!ormation =ows.

Tokmet%i# &'1(Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How toprotect privacy and security! "lo#al Con$erence on Cy#er%pace &' * + -pril&' The Ha.ue, The Netherlandshttps://www0.ccs&'0com/sites/de$ault/1les/documents/How2&'to2&'protect2&'privacy2&'and2&'security2&'in2&'the2&'crypto2&'wars0pd$

Ansound economics The second ar.ument is one o$ economics0 ?ackdoors can stiKe innovation0 ore and more we# servicesare usin. peer+to+peer technolo.y throu.h which computers talk directly to oneanother, without a central point o$ control0ile stora.e services as well as payment processin. andcommunications services are now #ein. #uilt in this decentralised $ashion0 5t8s e6tremely dicult towiretap these services0 -nd i$ you were to $orce companies to make suchwiretappin. possi#le, it would #ecome impossi#le $or these services to continue toe6ist0 - .overnment that imposes #ackdoors on its tech companies also risks harmin. their e6port opportunities0or instance, Huawei Q the Chinese manu$acturer o$ phones, routers and other network e9uipment Q is una#le to

.ain market access in the A% #ecause o$ $ears o$ Chinese #ackdoors #uilt into its hardware0 A% companies,

especially cloud stora.e providers, have lost overseas customers due to $ears thatthe N%- or other a.encies could access client data0 Anilateral demands $or #ackdoors could putcompanies in a ti.ht spot0 4r, as researcher Julian %ancheB o$ the li#ertarian Cato 5nstitute says: 7-n iFhone that-pple can8t unlock when -merican cops come knockin. $or .ood reasons is also an iFhone they can8t unlock whenthe Chinese .overnment comes knockin. $or #ad ones08

And# backdoors ndermine the !ndamental strctre o! theinternet + this disrpts any !tre inno"ation.Hu.o 2ylberberg, >aster in Fu#lic Folicy candidate at Harvard8s =ennedy %choolo$ "overnment, 81&+&'1(#XThe ;eturn o$ the Crypto 3ars,X =ennedy %chool;eview, http://harvardkennedyschoolreview0com/the+return+o$+the+crypto+wars/

?ut #ackdoors are a pro#lem $or yet another reason0 They clash with the end+to+endar.ument that is at the very core o$ the architecture o$ the internet: the networkshould #e as simple and a.nostic as possi#le re.ardin. the communications that itsupports0 >ore advanced $unctionalities should #e developed at end nodes (computers, mo#iles, weara#ledevices)0This, ar.ue researchers, allows the network to support new and unanticipatedapplications0! The endtoend argment has ignited nprecedented le"els o!inno"ation0The #ack doors that intelli.ence a.encies are tryin. to promote wouldapply to our communications system as a whole , not only to the end nodes that are the devices


15/208

with which we send the messa.es0This violates the end+to+end ar.ument and underminestrust in the internet as a communications system. Sch backdoors woldndermine the generati"e internet as we know it# redcing e"ery ser>scapacity to inno"ate and disseminate prodcts o! inno"ation to billions o!people in a secre and sstainable way.

Internet inno"ation minimi%es energy ine?ciency and is theonly way to sol"e global warming.Crowe 10

Tyler, otleyool +&+&'@, X5nternet o$thin.s can #attle climate chan.e,X A%- T4D-E,http://www0usatoday0com/story/money/personal1nance/&'@/'/'&/internet+#attle+climate+chan.e/VPP/

>achine to machine communication, or the internet o$ thin.s, is on the precipice o$ takin. the world #y storm0 -t its very core, machine to machinecommunication is the a#ility to connect everythin., 5 mean everythin., throu.h a vast network o$ sensors and devices which can communicate with eachother0 The possi#ilities o$ this technolo.ical evolution span an immensely wide spectrum ran.in. $rom monitorin. your health throu.h your smartphone,

to your house knowin. where you are to adust li.htin. and heatin.0The way that the interneto$ thin.s could

revolutioniBe our lives can #e hard to conceptualiBe all at once 0 %o today letWs $ocus on oneplace where machine to machine communication could have an immense impact:


16/208

and $ully inte.rated heatin., coolin., and li.htin. systems that can adust $or human occupancy0 There are lots o$ proections and estimates related tocar#on emissions and climate chan.e, #ut the one that has emer.ed as the standard #earer is the amount o$ car#on emissions it would take to increase

.lo#al temperatures #y & de.rees Centi.rade0 -ccordin. to the ANWs


17/208

#iodiversity is likely to occur in a @_C world, with climate chan.e and hi.h C4&concentration drivin. a transition o$ the


18/208

Ad"antage 444 + CyberCrime

-ndermining commercial so!tware redces the ability to

pre"ent cybercrime and only !acilitates access to networks !ororgani%ed criminal networks.Bla%e# &'1(>att, Aniversity 4$ Fennsylvania Fro$ o$ Computer and 5n$ormation %cience AsHouse 4$ ;epresentatives Committee 4n "overnment 4versi.ht -nd ;e$orm5n$ormation Technolo.y %u#committee


19/208

ost cy#er+crimes #e.in when an oender o#tains unauthorised access toanother system0 %ystems are o$ten attacked in order to destroy or dama.e them and the in$ormation thatthey contain0 This can #e an act o$ vandalism or protest, or activity undertaken in $urtherance o$ other politicalo#ectives0 4ne o$ the more common $orms is the distri#uted+denial+o$+service (DDo%) attack, which entails Koodin.a tar.et computer system with a massive volume o$ in$ormation so that the system slows down si.ni1cantly0

?otnets are 9uite use$ul $or such purposes, as are multiple co+ordinated service re9uests0 - notoriouse6ample o$ a #otnet+initiated DDo% attack occurred in -pril &'', when .overnmentand commercial servers in


20/208

computer system: indeed, the the$t o$ personal 1nancial details has provided the#asis $or thrivin. markets in such data, which ena#le $raud on a si.ni1cant scale 0&

Essian organi%ed crime is the most likely scenario !or nclearterrorism.2aitse"a '7SCenter $or 5nternational %ecurity and Cooperation (C5%-C) Oisitin.ellow$rom the National Nuclear Centre in %emipalatinsk (Iyudmila, &'', %trate.ic5nsi.hts, Oolume O5, 5ssue , 4r.aniBed Crime, Terrorism and Nuclear Trackin.,!rm$)

The use o$ radioactive material $or malicious purposes $alls within the ran.e o$capa#ilities o$ or.aniBed criminal structures, at least those in ;ussia 0 %uch amalevolent use may #e an indirect evidence o$ the or.aniBed crime involvement inthe illicit trackin. o$ radioactive su#stances0 >ore than a doBen o$ malevolentradiolo.ical acts, such as intentional contamination and irradiation o$ persons, have #een reported inopen sources since PP0 4ne o$ them, which happened in "uan.don. Frovince o$ China in &''&Sresultedin si.ni1cant e6posure o$ as many as @ people workin. in the same hospital0Z[Two incidentsS#oth in

;ussiaShave #een linked to or.aniBed crime0- widely+pu#liciBed murder o$ a>oscow #usinessman with a stron. radioactive source implanted in the head+rest o$his oce chair in PP was one o$ them0 The director o$ a packa.in. company died o$ radiationsickness a$ter several weeks o$ e6posure0 The culprit was never $ound and it was alle.ed that ma1a mi.ht have#een #ehind the ploy to remove a #usiness competitor0Z*[ The same source mentioned a similar incident, whichhappened in 5rkutsk around the same time, when some#ody planted radiation sources in oce chairs in an attemptto kill two company directors #e$ore the Xhot seatsX were discovered and removed0 No speculations were made

re.ardin. the possi#le ma1a involvementin this murder attempt, althou.h it cannot #e e6cluded0The less known case with stron. indications that shady criminal networks may have plotted it happened morerecently in %t0 Feters#ur.0 4n >arch V, &'', >oskovskiye Novosti pu#lished an article, in which the authordiscussed several hi.h+pro1le assassinations and murders in ;ussia and a#road usin. various methods o$ poisonin.04ne o$ such killin.s was reportedly per$ormed with a hi.hly radioactive su#stance0 5n %eptem#er &''@, Head o$?altik+


21/208

Chechen war in Novem#er PP@, was missin.0Z*&[ The ;ussian authorities #elieve the terrorists were plannin. touse them in e6plosions in order to spread contamination0 5t should #e noted that Chechen e6tremists stand out $rommany other terrorist or.aniBations #y persistently makin. threats to use nuclear technolo.ies in their acts o$violence0 The notorious #urial o$ a radiation source in the "orky park o$ >oscow in PP #y the now late 1eldcommander %hamil ?asayev and the threat #y -hmed Makayev a$ter the >oscow theater sie.e in 4cto#er &''& thatthe ne6t time a nuclear $acility would #e seiBed are ust two such e6amples0Z*[ 5n January &'', Colonel+"eneral5.or Oalynkin, the chie$ o$ the &th >ain Directorate o$ the ;ussian >inistry o$ De$ence, in char.e o$ protectin.;ussia8s nuclear weapons, said operational in$ormation indicates that Chechen terrorists intend to seiBe some

important military $acility or nuclear munitions in order to threaten not only the country, #ut the entire world0!Z*@[-ccordin. to an assessment o$ a ;ussian e6pert on nonproli$eration, whereas unauthoriBed access to nuclear

munitions #y terrorist .roups is 7e6tremely impro#a#le,8 access and the$t o$ nuclear weapons durin.transport or disassem#ly cannot #e wholly e6cluded 0Z*[ ;ussia8s top security ocials recentlyadmitted they have knowled.e a#out the intent and attempts #y terrorists to .ain access to nuclear material0 5n

-u.ust &'', the director o$ the ;ussian ederal %ecurity %ervice Nikolay Fatrushev toldat a con$erence that his a.ency had in$ormation a#out attempts #y terrorist .roupsto ac9uire nuclear, #iolo.ical and chemical weapons o$ mass destruction0Z**[ Iater thatyear, the >inister o$ 5nterior, ;ashid Nur.aliev, stated that international terrorists intended to seiBe nuclearmaterials and use them to #uild 3>D0!Z*[ 5$ terrorists indeed attempted to .ain access to nuclear material inorder use them $or the construction o$ 3>D, such attempts have not #een revealed to the pu#lic0 4ut o$ almost'' trackin. incidents recorded in the D%T4 since PP, only one has reportedly involved terrorists, other thanChechen 1.hters0 The incident was recorded in 5ndia in -u.ust &'', when ?order %ecurity orce (?%) ocialsseiBed && .ram o$ uranium in ?alur.hat, northern 3est ?en.al alon. the 5ndia+?an.ladesh #order0 Two local men,descri#ed as 7suspected terrorists8, were arrested0 5ndian intelli.ence a.encies suspect that the uranium was #ound$or >uslim 1.hters in the disputed re.ions o$ Jammu and =ashmir and that a.ents o$ FakistanWs 5nter%ervice+5ntelli.ence (5%5) were involved0Z*V[ 3hether the arrested suspects were indeed mem#ers o$ a terrorist or.aniBation

remains unclear #ased on the availa#le in$ormation0 Conclusion Alliances between terroristgrops and drg cartels and transnational criminal networks are a wellknown !act. Sch alliances ha"e sccess!lly operated !or years in Iatin-merica, and in Central+, %outh+, and %outh+


22/208

#etween two or more o$ the states that possess them0 5n this conte6t, today8s andtomorrow8s terrorist .roups mi.ht assume the place allotted durin. the early Cold 3ar years to new statepossessors o$ small nuclear arsenals who were seen as raisin. the risks o$ a catalytic nuclear war #etween thesuperpowers started #y third parties0 These risks were considered in the late P's and early P*'s asconcerns .rew a#out nuclear proli$eration, the so+called n pro#lem0 t may re9uire a considera#le amount o$ima.ination to depict an especially plausi#le situation where an act o$ nuclear terrorism could lead to such amassive inter+state nuclear war0 or e6ample, in the event o$ a terrorist nuclear attack on the Anited %tates, itmi.ht well #e wondered ust how ;ussia and/or China could plausi#ly #e #rou.ht into the picture, not least#ecause they seem unlikely to #e 1n.ered as the most o#vious state sponsors or encoura.ers o$ terrorist.roups0 They would seem $ar too responsi#le to #e involved in supportin. that sort o$ terrorist #ehavior thatcould ust as easily threaten them as well0 %ome possi#ilities, however remote, do su..est themselves0 ore6ample, how mi.ht the Anited %tates react i$ it was thou.ht or discovered that the 1ssile material used in theact o$ nuclear terrorism had come $rom ;ussian stocks,@' and i$ $or some reason >oscow denied anyresponsi#ility $or nuclear la6ity The correct attri#ution o$ that nuclear material to a particular country mi.htnot #e a case o$ science 1ction .iven the o#servation #y >ichael >ay et al0 that while the de#ris resultin. $roma nuclear e6plosion would #e spread over a wide area in tiny $ra.ments, its radioactivity makes it detecta#le,identi1a#le and collecta#le, and a wealth o$ in$ormation can #e o#tained $rom its analysis: the eciency o$ thee6plosion, the materials used and, most important b some indication o$ where the nuclear material came

$rom0!@ -lternatively, i$ the acto$ nuclear terrorism came asa complete surprise, and-mericanocials re$used to #elieve that a terrorist .roup was $ully responsi#le (or responsi#le at all)suspicion would shi$t immediately to state possessors 0 ;ulin. out 3estern ally countrieslike the Anited =in.dom and rance, and pro#a#ly 5srael and 5ndia as well, authorities in 3ashin.ton would #e

le$t with a very short list consistin. o$ North =orea,perhaps 5rani$ its pro.ram continues, andpossi#ly Fakistan0 ?ut at what sta.e would ;ussia and China#e de1nitely ruled out in this hi.hstakes .ame o$ nuclear Cluedo 5n particular,i$ the act o$ nuclear terrorism occurred a.ainsta #ackdrop o$ e6istin. tension in 3ashin.ton8s relations with ;ussia and/orChina, and at a time when threats had already #een traded #etween thesemaor powers, would ocials and political leaders not #e tempted to assumethe worst 4$ course, the chances o$ this occurrin. would only seem to increase i$ theAnited %tates was already involved in some sort o$ limited armed conKict with;ussia and/or China, or i$ they were con$rontin. each other $rom a distance in apro6y war,as unlikely as these developments may seem at the present time0The reverse mi.htwell apply too: should a nuclear terrorist attack occur in ;ussia or China durin. aperiod o$ hei.htened tension or even limited conKict with the Anited %tates, could >oscow and

?eiin. resist the pressures that mi.ht rise domestically to consider the Anited%tates as a possi#le perpetrator or encoura.er o$ the attack 3ashin.ton8searlyresponseto a terrorist nuclear attack on its own soil mi.ht also raise the possi#ility o$an unwanted(and nuclearaided) con$rontation with ;ussia and/or China0or e6ample, in the noiseand con$usion durin. the immediate a$termath o$ the terrorist nuclear attack, theA0%0 president mi.ht #e e6pected to place the country8s armed $orces, includin. its nuclear arsenal, on ahi.her sta.e o$ alert0 5n such a tense environment, when care$ul plannin. runs up a.ainst the $riction o$

reality, it is ust possi#le that >oscow and/or China mi.ht mistakenly read this as asi.n o$ A0%0 intentions to use $orce (and possi#ly nuclear $orce) a.ainst them0 5n thatsituation, the temptations to preempt such actions mi.ht .row, althou.h it must #eadmitted that any preemption would pro#a#ly still meet with a devastatin. response0


23/208

Ad"antage 444 + Internet Freedom

NSA backdoors and weak secrity create a hacker race to thebottom + this ndermines global secrity and hman rights.

3onahoe, 10,


24/208

Spport !or 5ncryption is integral to internet !reedom anddemocracy promotion worldwide.Jehl# &'1(Danielle =ehl is a senior policy analyst at New -mericaWs 4pen Technolo.y 5nstitute,?- cum laude Eale *++&', XDoomed To ;epeat History Iessons rom The

Crypto 3ars 4$ The PP's,X New -merica, https://www0newamerica0or./oti/doomed+to+repeat+history+lessons+$rom+the+crypto+wars+o$+the+PP's/

%tron. encryption has #ecome an inte.ral tool in the protection o$ privacy and thepromotion o$ $ree e6pression onlineThe end o$ the Crypto 3ars ushered in an a.e where the securityand privacy protections aorded #y the use o$ stron. encryption also help promote $ree e6pression0 -s the

-merican Civil Ii#erties Anion recently e6plained in a su#mission to the AN Human ;i.hts Council , encryptionand anonymity are the modern sa$e.uards $or $ree e6pression0 3ithout them, onlinecommunications are eectively unprotected as they traverse the 5nternet,vulnera#le to interception and review in #ulk0


25/208

customary le.al norm those that have si.ned #ut not rati1ed the Covenant are #ound to respect its o#ect andpurpose under article V o$ the Oienna Convention on the Iaw o$ Treaties0 National le.al systems also protectprivacy, opinion and e6pression, sometimes with constitutional or #asic law or interpretations thereo$0 %everal.lo#al civil society proects have also provided compellin. demonstrations o$ the law that should apply in theconte6t o$ the di.ital a.e, such as the 5nternational Frinciples on the -pplication o$ Human ;i.hts toCommunications %urveillance and the "lo#al Frinciples on National %ecurity and the ;i.ht to 5n$ormation0 -lthou.h

speci1c standards may vary $rom ri.ht to ri.ht, or instrument to instrument, a common thread in the law

is that, #ecause the ri.hts to privacy and to $reedom o$ e6pression are so$oundational to human di.nity and democratic .overnance, limitations must #enarrowly drawn, esta#lished #y law and applied strictly and only in e6ceptional circumstances 0 In adigital age# protecting sch rights demands e*ceptional "igilance. -0 Frivacy asa .ateway $or $reedom o$ opinion and e6pression *0


26/208

http://politicalviolenceata.lance0or./&'/'/'/how+can+states+and+non+state+actors+respond+to+authoritarian+resur.ence/

Chenoweth: 3hy is authoritarianism makin. a come#ack %tephan: There8s o#viously nosin.le answer to this0 ?ut part o$ the answer is that democracy is losin. its allure in parts o$ theworld03hen people don8t see the economic and .overnance #ene1ts o$ democratic transitions, they lose hope0Then there8s the compellin. sta#ility 1rst! ar.ument0 ;e.imes around the world, includin. Chinaand ;ussia, have readily cited the chaos! o$ the -ra# %prin. to usti$y heavy+handed policies and consolidatin. their .rip on power 0 The color revolutions! that toppledautocratic re.imes in %er#ia, "eor.ia, and Akraine inspired similar dictatorial retrenchment0There is nothin.new a#out authoritarian re.imes adaptin. to chan.in. circumstances0 Theirresilience is rein$orced #y a com#ination o$ violent and non+coercive measures0 ?utauthoritarian paranoia seems to have .rown more pi9ued over the past decade 0;e.imes have 1.ured out that people power! endan.ers their .rip on power and they are crackin. down0

There8s no #etter evidence o$ the eectiveness o$ civil resistance than the measuresthat .overnments take to suppress itSsomethin. you detail in your chapter $rom my new #ook0inally, and importantly, democracy in this countryand elsewhere has taken a hit lately0-uthoritarian re.imes mockin.ly citeima.es o$ torture, mass surveillance,and the caterin. tothe radical $rin.es happenin. in the A% political system to re$ute pressures to democratiBethemselves0 The 1nancial crisis here and in


27/208

democracies are the only relia#le $oundation on which a new world order o$ internationalsecurityandprosperitycan #e #uilt0


28/208

Ad"antage 444 + Critical In!rastrctre L2ero 3aysM

2eroday "lnerabilities make critical in!rastrctre most

"lnerable + nclear power at risk./arris# &'10%hane, -merican ournalist and author at orei.n Folicy ma.aBine0 U3-; : the riseo$ the military+5nternet comple6 / Hou.hton >iin Harcourt0 F0PV+''

The tar.ets that are most vulnera#le to a devastatin. Bero day attack are the sameones that the N%- is tryin. to protect: electrical power plants, nuclear $acilities,natural .as pipelines, and other critical in$rastructures, includin. #anks and1nancial services companies0 Not all o$ these companies have a system $or easily sharin. in$ormationa#out vulnera#ilities and e6ploits that have #een discovered and pu#licly disclosed, o$ten #y more de$ensive+minded hackers who see their o# as warnin. technolo.y manu$acturers a#out pro#lems with their products, rather

than tryin. to pro1t $rom them0 3hen companies 1nd out a#out a risk in their system, itWs upto them to apply patches and de$ensive 16es, and their technolo.ical Kuency varies 0%ome may #e prepared to patch systems 9uickly, others may not even realiBe theyWre usin. a vulnera#le piece o$

so$tware0 They, 9uite literally, may not have received the memo $rom the vendor warnin. that they need to installan update or chan.e the security settin.s on a product in order to make it sa$er0 ore to the point, what i$ he discovered a desi.n Kaw in the #rand o$ windowthat everyone in the nei.h#orhood used that allowed an intruder to open the window $rom the outside 5$ thesecurity .uard didnWt alert the homeowners, theyWd 1re him + and pro#a#ly try tohave him arrested0 They wouldnWt accept as a de$ense that the security .uard was keepin. the windowsW Kawa secret in order to protect the homeowners0 -nd the police surely wouldn8t accept that he8d kept that in$ormation

to himsel$ so that he could .o out and ro# houses0 The analo.y isnWt per$ect0 The N%- isnWt a law

en$orcement a.ency, it8s a military and intelli.ence or.aniBation0 5t operates #y adierent set o$ laws and with a dierent mission0 ?ut as the a.ency drums up talk o$cy#er war and positions itsel$ as the #est e9uipped to help de$end the nation $romintruders and attacks, it should act more like a security .uard than a #ur.lar 0


29/208

Nclear Eeactors are "lnerable to cyber attacks + casesmeltdown.

Talitha 3owds, +&+&'11, X- New Fhase o$ Nuclear Terrorism Q Cy#er 3ar$are,XC%5%, http://csis0or./#lo./new+phase+nuclear+terrorism+cy#er+war$are-n article #y "lo#al %ecurity Newswire hi.hli.hted how, in li.ht o$ the un$oldin. nuclear power plant disaster in

Japan, a nuclear terrorist attack could #e carried out0 5t states that, Nuclear reactors across the A% areencased in enou.h concrete to withstand a direct hit $rom an airliner and can #eshut down remotely in case o$ a terrorist strike or natural disaster0 ?ut that is true in

Japan as well and somethin. entirely dierent caused the disaster there: the $ailureo$ the coolin. systems that prevent nuclear reactors $rom overheatin..The coolin.systemsarent encased in concrete, and key components from pumps to water-intake pipes sit outside thereactor complexes and are $ar less protected, leavin. them vulnera#le to a well+plannedterrorist strike or a natural disaster0 -s the dire situation in Japan shows, disa#lin. ordestroyin. the coolin. e9uipment regardless of how it happens can tri..er a $ull+scalenuclear emer.ency0!Charles addis, a retired C5- operations ocer and $ormer head o$ the a.ency8s unit oncounterin. terrorism supported this view0 He stated, any o$ the non+nuclear states think that the A% e6a..erates the threat o$ nuclear terrorism, andare there$ore unwillin. to spend money to protect their nuclear assets in the manner in which the A% wants0 oro#vious reasons, the lack o$ investment into protectin. a.ainst nuclear terrorism $or non+nuclear states isunderstanda#le when they don8t see it as a direct threat to their national security0 However, re.ional attacks

whether they are carried out #y terrorists or states have a worldwide eect0 Nuclear terrorism, coupledwith cy#er war$are could #e the ne6t .reatest threat $acin. states0 -n article in orei.nFolicy states that the crisis at the Fkshima power plant !acility copled with

the St*net attacks on the Iranian nclear !acility at Natan%# paints apictre o! the be!ore and a!ter o! what cyber con=ict may look like.OThearticle hi.hli.hts that enemies will #e a#le to tar.et critical in$rastructure, like nuclearpower plants + as was done #y the A0%0 and 5sraeli team tar.etin. the 5ranianpro.ram and #urrowin. into their operatin. systems! Q which would #e akin towhat we are seein. in Japan0!5t $urther points out that what makes the cy#er threat so unsettlin. is itsinvisi#ility0 Not only are they invisi#le #ut it is hard to detect who has launched them0!This $orm o$ war$aremay #e very attractive to terrorists who are una#le to physically enter a nuclear$acility #ut can in1ltrate the $acilities in$rastructure to cause a meltdown0

Nclear meltdowns case e*tinction:endman//11 Q ?- $rom Harvard Aniversity and >?- $rom 3harton %choolat the Aniversity o$ Fennsylvania (%tephen, Nuclear >eltdown in Japan! ;ense,http://rense0com/.eneralP/nucmelt0htm)or years, Helen Caldicott warned itWs comin.0 5n her PV #ook, XNuclear >adness,X she said: X-s a physician, 5

contend that nclear technology threatens li!e on or planet with e*tinction0 5$present trends continue, theair we #reathe, the $ood we eat, and the water we drinkwill soon #econtaminated with enou.h radioactive pollutants to pose a potentialhealth haBard $ar .reater than any pla.ue humanity has ever e6perienced0X >ore #elow


30/208

on the inevita#le dan.ers $rom commercial nuclear power proli$eration, #esides added military ones0 4n >arch ,New Eork Times writer >artin ackler headlined, XFower$ul Guake and Tsunami Devastate Northern Japan,X sayin.:

XThe V0P+ma.nitude earth9uake(JapanWs stron.est ever) set o a devastatin. tsunami that sent walls o$water (si6 meters hi.h) washin. over coastal cities in the north0X -ccordin. to JapanWs >eteorolo.ical %urvey, it wasP0'0 The %endai port city and other areas e6perienced heavy dama.e0 XThousands o$ homes were destroyed, manyroads were impassa#le, trains and #uses (stopped) runnin., and power and cellphones remained down0 4n%aturday mornin., the J; rail companyX reported three trains missin.0 >any passen.ers are unaccounted $or0

%trikin.at &:@*F>Tokyotime, it caused vast destruction, shook city skyscrapers, #uckledhi.hways, i.nited 1res, terri1ed millions,annihilated areas near %endai, possi#ly killed thousands,and caused a nuclear meltdown, its potential catastrophic eects $ar e6ceedin.9uake and tsunami devastation, almost minor #y comparison under a worst casescenario0 4n >arch &, Times writer >atthew 3ald headlined, Xoreover, under a worst case core meltdown, all #etsare o as the entire re.ion and #eyond will #e threatened with permanentcontamination, makin. the most aected areas unsa$e to live in 0 4n >arch &, %trat$or

"lo#al 5ntelli.ence issued a X;ed -lert: Nuclear >eltdown at Guake+Dama.ed Japanese Flant,X sayin.: ukushimaDaiichi Xnuclear power plant in 4kuma, Japan, appears to have caused a reactor meltdown0X %trat$or downplayed itsseriousness, addin. that such an event Xdoes not necessarily mean a nuclear disaster,X that already may havehappened + the ultimate ni.htmare short o$ nuclear winter0 -ccordin. to %trat$or, X(-)s lon. as the reactor core,which is speci1cally desi.ned to contain hi.h levels o$ heat, pressure and radiation, remains intact, the melted $uelcan #e dealt with0 5$ the (coreWs) #reached #ut the containment $acility #uilt around (it) remains intact, the melted

$uel can #e0000entom#ed within specialiBed concreteX as at Cherno#ylin PV*0 5n $act, that disaster killednearly one million people worldwide $rom nuclear radiation e6posure05n their #ook titled,XCherno#yl: Conse9uences o$ the Catastrophe $or Feople and the any thousands will die, potentially millions under a worse case scenario, includin. $ar outside oreover, at least 1ve reactors are at risk0 -lready, a &'+mile wide radius was evacuated0 3hat happened inJapan can occur anywhere0 Eet 4#amaWs proposed #ud.et includes Y* #illion $or new reactors, a shockin. disre.ard$or .lo#al sa$ety0 Callin. ukushima an Xapocalyptic event,X 3asserman said X(t)hese nuclear plants have to #e


31/208

shut,X let alone #ud.et #illions $or new ones0 5tWs unthinka#le, he said0 5$ a similar disaster struck Cali$ornia, nuclear$allout would aect all -merica, Canada, >e6ico, Central -merica, and parts o$ %outh -merica0 Nuclear Fower: -Technolo.y $rom Hell Nuclear e6pert Helen Caldicott a.rees, tellin. this writer #y phone that a potential re.ionalcatastrophe is un$oldin.0 4ver ' years a.o, she warned o$ its inevita#ility0 Her &''* #ook titled, XNuclear Fower isNot the -nswerX e6plained that contrary to .overnment and industry propa.anda, even durin. normal operations,nuclear power .eneration causes si.ni1cant dischar.es o$ .reenhouse .as emissions, as well as hundreds o$thousands o$ curies o$ deadly radioactive .ases and other radioactive elements into the environment every year0

>oreover, nuclear plants are atom #om# $actories0 - ''' me.awatt reactor produces'' pounds o$ plutonium annually0 4nly ' are needed $or a #om# a#le to devastatea lar.e city, #esides causin. permanent radiation contamination 0

Independently# Attacks on the ci"ilian power grid caseretaliation and nclear warTil!ord 1&;o#ert, "raduate A% -rmy -ir#orne %chool, t0 ?ennin., "eor.ia, Cy#er attackerscould shut down the electric .rid $or the entire east coast! &'&,http://www0e6aminer0com/article/cy#er+attackers+could+easily+shut+down+the+electric+.rid+$or+the+entire+east+coa

To make matters worse a cy#er attack that can take out a civilian power .rid, $or e6amplecould also cripple the A0%0 military0The senator notes that is that the same power .rids that supplycities and towns, stores and .as stations, cell towers and heart monitors also power every military #ase in our

country0! -lthou.h #ases would #e prepared to weather a short power outa.e with #ackup diesel.enerators, within hours, not days, $uel supplies would run out! , he said0 3hich meansmilitary command and control centers cold go dark0 ;adar systems that detectair threatsto our country wold sht 3own completely0 Communication #etweencommanders and their troops would also .o silent0 -nd many weapons systemswould #e le$t without either $uel or electric power!, said %enator "rassley0 %o in a $ewshort hours or days, the mi.htiest military in the world would #e le$t scram#lin. tomaintain #ase $unctions!, he said0 3e contacted the Fenta.on and ocials con1rmed the threat o$ a cy#erattack is somethin. very real0 Top national security ocialsSincludin. the Chairman o$ the Joint Chie$s, the Director

o$ the National %ecurity -.ency, the %ecretary o$ De$ense, and the C5- DirectorS have said,preventin. a cy#er attack and improvin. the nation8s electric .rids is amon. themost ur.ent priorities o$ our country! (source: Con.ressional ;ecord)0 %o how serious is the Fenta.ontakin. all this iin Harcourt0 F0PV

5n any market+ .ray or otherwise + the #i..est #uyers have an outsiBed a#ility to setterms and conditions0-s the reputedly sin.le lar.est purchaser o$ Bero day vulnera#ilities and e6ploits,the NSA cold trn the market on its head i! it boght p %ero days !or thee*press prpose o! disclosing them.The a.ency has #illions o$ dollars to spendon cy#er security0 3hy not devote some portion o$ that to alertin. the world to thepresence o$ 16a#le Kaws3hat responsi#ility does the a.ency have to warn the
http://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coahttp://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coahttp://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coahttp://www.examiner.com/article/cyber-attackers-could-easily-shut-down-the-electric-grid-for-the-entire-east-coa


32/208

owners and operators o$ vulnera#le technolo.y that the capa#ility o$ an attacka.ainst them e6ists ThatWs an ethical dilemma that the a.ency hasnWt had to address 0 ?ut i$ there isever a cy#er attack on the Anited %tates that results in si.ni1cant physical dama.e,or causes widespread panic + or deaths +the a.ency will #e called to account $or its $ailure toprevent that disaster0 ThereWs a .ood chance that some $uture N%- director, sittin. at a witness ta#le#e$ore mem#ers o$ Con.ress and television cameras, will have to e6plain havin. known a#out the

vulnera#ility -mericaWs enemies had e6ploited, #ut decidin. to keep 9uiet, #ecausethe N%- wanted to use it one day0


33/208

Ad"antage 444 + Cyber6lnerability LcriticalishM

Backdoors and %ero day "lnerabilities !ndamentallyndermine hman secrity.

3nn Ca"elty# &'10>yriam, Deputy $or research and teachin. a the Center $or %ecurity %tudies (C%%)and %enior Iecturer $or %ecurity Folitics at iller &'' Ferlrothand %an.er &'), with several downsides to this: 1rst, e6posin. these vulnera#ilities in order topatch them,as was the norm not so lon. a.o, is #ecomin. less likely0%econd, the competition $ore6clusive possession o$ such vulnera#ilities mi.ht even .ive pro.rammers incentives to deli#erately create andthen sell them(%chneier &')0 5t is unknown which computer systems have #een compromisedS#ut it is knownthat these #ackdoors or sleeper pro.rams can #e used $or dierent purposes(surveillance, espiona.e, disruption, etc0) and activated at any time0 5t also has #eenrevealed that the A% .overnment spends lar.e sums o$ money to crack e6istin.encryption standards Sand apparently has also actively e6ploited and contri#uted tovulnera#ilities in widespread encryption systems(%imonite &' un. &' Clarke et al0 &')0The cru6 o$ the matter is that these #ackdoors reduce the security o$ the entire systemS$oreveryone0 The e6ploitation o$ vulnera#ilities in computer systems #y intelli.ence

a.encies and their weakenin. o$ encryption standards have the potential to destroytrust and con1dence in cy#erspace overall0 -lso, there is no .uarantee that the #ackdoor+makershave $ull control over them and/or can keep them secretS in other words, they could #e identi1ed and e6ploited #y

criminal hackers or even 77terrorists880 Here, state practices not only #ecome a threat $or humansecurity : parado6ically, they also #ecome a threat $or themselves0

The ni"erse belie"es in encryption + it is critical to conterdystopian state "iolence.Assange# &'1&

"ulian #ssange, an -ustralian computer pro.rammer, pu#lisher and ournalist0


34/208

>ost o$ the time we are not even aware o$ how close to violence we are, #ecausewe all .rant concessions to avoid it0 Iike sailors smellin. the #reeBe, we rarely contemplatehow our sur$ace world is propped up $rom #elow #y darkness0 5n the new space o$ theinternet what would #e the mediator o$ coercive $orce Does it even make sense to ask this 9uestion 5n thisotherworldly space, this seemin.ly platonic realm o$ ideas and in$ormation Kow, could there #e a notion o$ coercive$orce - $orce that could modi$y historical records, tap phones, separate people, trans$orm comple6ity into ru##le,and erect walls, like an occupyin. army The platonic nature o$ the internet, ideas and in$ormation Kows, is de#ased

#y its physical ori.ins0 5ts $oundations are 1#er optic ca#le lines stretchin. across the ocean Koors, satellitesspinnin. a#ove our heads, computer servers housed in #uildin.s in cities $rom New Eork to Nairo#i0 Iike the soldierwho slew -rchimedes with a mere sword, so too could an armed militia take control o$ the peak development o$

3estern civiliBation, our platonic realm0The new world o$ the internet, a#stracted $rom the old world o$#rute atoms, lon.ed $or independence0 ?ut states and their $riends moved to controlour new worldS#y controllin. its physical underpinnin.s0 The state, like an armyaround an oil well, ora customs a.ent e6tractin. #ri#es at the #order, would soon learn tolevera.e its control o$ physical space to .ain control over our platonic realm 0 5t wouldprevent the independence we had dreamed o$, and then, s9uattin. on 1#er optic lines and around satellite .round

stations, it would .o on to mass intercept the in$ormation Kow o$ our new worldSitsvery essenceS even as every human, economic, and political relationshipem#raced it0 The state would leech into the veins and arteries o$ our new societies, .o##lin. up everyrelationship e6pressed or communicated, every we# pa.e read, every messa.e sent and every thou.ht .oo.led,

and then store this knowled.e, #illions o$ interceptions a day, undreamed o$ power, in vast top secret warehouses,$orever0 5t would .o on to mine and mine a.ain this treasure, the collective privateintellectual output o$ humanity,with ever more sophisticated search and pattern1ndin. al.orithms, enrichin. the treasure and ma6imiBin. the power im#alance #etween interceptors andthe world o$ interceptees0 -nd then the state would reKect what it had learned #ack into the physical world, to startwars, to tar.et drones, to manipulate AN committees and trade deals, and to do $avors $or its vast connected

network o$ industries, insiders and cronies0 ?ut we discovered somethin.0 4ur one hope a.ainsttotal domination0 - hope that with coura.e, insi.ht and solidarity we could use to resist0 - stran.e propertyo$ the physical universe that we live in0 The ni"erse belie"es in encryption. It is easierto encrypt in!ormation than it is to decrypt it. 3e saw we could use this stran.e propertyto create the laws o$ a new world0 To a#stract away our new platonic realm $rom its #ase underpinnin.s o$ satellites,undersea ca#les and their controllers0 To $orti$y our space #ehind a crypto.raphic veil0 To create new lands #arred to

those who control physical reality, #ecause to $ollow us into them would re9uire in1nite resources0 -nd in this

manner to declare independence0%cientists in the >anhattan Froect discovered that the universe

permitted the construction o$ a nuclear #om#0 This was not an o#vious conclusion0 Ferhaps nuclear weapons werenot within the laws o$ physics0 However, the universe #elieves in atomic #om#s and nuclear reactors0 They are aphenomenon the universe #lesses, like salt, sea or stars0 %imilarly, the universe, our physical universe, has thatproperty that makes it possi#le $or an individual or a .roup o$ individuals to relia#ly, automatically, even withoutknowin., encipher somethin., so that all the resources and all the political will o$ the stron.est superpower on earth

may not decipher it0 -nd the paths o$ encipherment #etween people can mesh to.etherto create re.ions $ree $rom the coercive $orce o$ the outer state0 ree $rom massinterception0 ree $rom state control0 In this way# people can oppose their willto that o! a !lly mobili%ed sperpower and win0


35/208

mer.e with the internet and the $uture o$ our civiliBation #ecomes the $uture o$ theinternet, we must rede1ne $orce relations0 5$ we do not, the universality o$ theinternet will mer.e .lo#al humanity into one .iant .rid o$ mass surveillance andmass control0 3e must raise an alarm0 This #ook is a watchman8s shout in the ni.ht0 4n >arch &',&'&, while under house arrest in the Anited =in.dom awaitin. e6tradition, 5 met with three $riends and $ellowwatchmen on the principle that perhaps in unison our voices can wake up the town0 3e must communicate what wehave learned while there is still a chance $or you, the reader, to understand and act on what is happenin.0 5t is time

to take up the arms o$ our new world, to 1.ht $or ourselves and $or those we love0 @r task is to secresel!determination where we can# to hold back the coming dystopia wherewe cannot# and i! all else !ails# to accelerate its sel!destrction.

The state is key + only state action can resol"e the!ndamental secrity imbalance in cybersecrity.

3nn Ca"elty# &'10>yriam, Deputy $or research and teachin. a the Center $or %ecurity %tudies (C%%)

and %enior Iecturer $or %ecurity Folitics at


36/208

vulnera#ilities has to #e actively worked a.ainst 0 This is a compromise that somestate actors need to make i$ they want a type o$ national security that e6tends tocy#erspace. I! sch a compromise is not made# then the 9est !or morenational secrity will always mean less cybersecrity, which will always mean lessnational security #ecause o$ vulnera#ilities in critical in$rastructures0 The reason why vulnera#ilities persist and

even proli$erate has already #een identi1ed a#ove: the current incentive structures in the market

are skewed (Dynes et al0 &''V)0This is where states are needed to help improve cy#er+security throu.h additional re.ulation(and throu.h $urther encoura.ement o$ voluntary arran.ement$or the increase o$ cy#er+security in the corporate sector)0 urthermore, there is no dou#t $rom a humansecurity perspective that the Bero+day e6ploit 77market88needs to #e re.ulatedinternationally $or security reasons (=uehn &')0 5n addition, prime human security concerns like the$reedom o$ speech and the ri.ht to privacy should no lon.er #e seen as anti+security, #ut as pro+security i$ linked to vulnera#ilities: reducin. the amount o$ datathat is unencrypted will su#stantially reduce cy#ercrime and cy#er+espiona.e, with#ene1ts $or #oth human+centred and state+centred security 05n turn, the ethics thatshould .uide our $uture en.a.ement with cy#er+security have to take into accountthe special and all+em#racin. characteristics o$ cy#erspace 0 %o $ar, ethical considerationswith #earin. on cy#er+security have mainly #een made $rom a military perspective, $ollowin. the tradition toaddress new $orms o$ war$are and weapons systems under ethical viewpoints (c$0 ;owe &'' Dipert &'' ?arrett

&')0 Cy#er+security, as ar.ued in the very #e.innin., is $ar more than this, however: rom #oth a stateand a human security perspective, cy#erspace has #ecome more than ust atechnolo.ical realm in which we sometimes interact $or social or economic reasons0Cy#erspace has #ecome a $undamental part o$ li$e and is constitutive o$ new,comple6 su#ectivities 0 -n ethics that 1ts such a #road understandin. is 5n$ormation


37/208

that increase the .overnment8s capa#ility to undermine adversaries also limit our capa#ility to protect ourselves0?ut the president also says that, the same sophistication you need $or de$enses means that potentially you canen.a.e in oense!Sin other words, that we can use cy#er attacks or their possi#ility as a deterrent a.ainst threats0

Eather than accepting that e"erybodys "lnerable,! however, we shold aimto make all systems more secre# protecting global in!rastrctre andrelyin. on the A0%0 militaryWs si.ni1cant oensive capa#ility when it is needed0 Thismilitary approach to cy#ersecurity allows #road industry sectors to #e treated as collateral dama.e0 5n e#ruary

&', the National %ecurity -.ency (N%-) and its Anited =in.dom counterpart, "overnment CommunicationsHead9uarters ("CHG), were reported to have in1ltrated several maor mo#ile phone carriers and manu$acturers o$the %u#scri#er 5denti1cation >odule (%5>) cards used to secure mo#ile phones0 The N%- and "CHG sou.ht tocapture the encryption keys used #y the carriers to encrypt phone conversations and prevent installation o$

malicious so$tware on phones0 ay o$ this year, provide cleare6amples0 Antil PP& (and in some cases even later), the A0%0 .overnment tried to maintain surveillance o$$orei.ners #y re9uirin. -merican companies to re.ister as arms dealers and to o#tain e6port licenses i$ they wantedto sell secure we# systems a#road0 5nstead, companies desi.ned systems with hi.hly secure modes $or theirdomestic clients, #ut deli#erately weaker crypto.raphy $or $orei.n users0 This switchin. #etween security levelsultimately #ecame part o$ the widely adopted standard $or secure we# #rowsin., which is still in use today even

thou.h the .overnment has eased e6port restrictions on stron. crypto.raphy0 -ttackers discovered how to tricksystems into usin. the weaker mode, which is now trivial to de$eat thanks to advances in technolo.y0 3hen the;


38/208

Sol"ency

The plan sol"es strong encryption key to the internet.

Jehl# &'1(Danielle =ehl is a senior policy analyst at New -mericaWs 4pen Technolo.y 5nstitute,?- cum laude Eale *++&', XDoomed To ;epeat History Iessons rom TheCrypto 3ars 4$ The PP's,X New -merica, https://www0newamerica0or./oti/doomed+to+repeat+history+lessons+$rom+the+crypto+wars+o$+the+PP's/

%tron. encryption has #ecome a #edrock technolo.y that protects the security o$the internet The evolution o$ the ecosystem $or encrypted communications has also enhanced the protection o$individual communications and improved cy#ersecurity0 Today, stron. encryption is an essentialin.redient in the overall security o$ the modern network, and adoptin. technolo.ies like HTTF%is increasin.ly considered an industry #est+practice amon. maor technolo.y companies0 Cloud+Computin. %ecurity 3orkshop >0 rans =aashoekFro$essor, >assachusetts 5nstitute o$ Technolo.y Hu.o =rawcByk ellow, 5nternational -ssociation $or Cryptolo.ic;esearch %usan Iandau -uthor, %urveillance or %ecurity The ;isks Fosed #y New 3iretappin. Technolo.ies


39/208

3enke Iee Fro$essor, "eor.ia 5nstitute o$ Technolo.y -nna Iysyanskaya Fro$essor, ?rown Aniversity Tal >alkin-ssociate Fro$essor, Colum#ia Aniversity David >aBires -ssociate Fro$essor, %tan$ord Aniversity =evin >cCurleyellow, 5nternational -ssociation $or Cryptolo.ic ;esearch Fatrick >cDaniel Fro$essor, The Fennsylvania %tateAniversity Daniele >icciancio Fro$essor, Aniversity o$ Cali$ornia, %an Die.o -ndrew >yers Fro$essor, CornellAniversity ;a$ael Fass -ssociate Fro$essor, Cornell Aniversity Oern Fa6son Fro$essor, Aniversity o$ Cali$ornia,?erkeley Jon Feha Fro$essor, Carne.ie >ellon Aniversity Thomas ;istenpart -ssistant Fro$essor, Aniversity o$3isconsin Q >adison ;onald ;ivest Fro$essor, >assachusetts 5nstitute o$ Technolo.y Fhillip ;o.away Fro$essor,Aniversity o$ Cali$ornia, Davis "re. ;ose 4cer, 5nternational -ssociation $or Cryptolo.ic ;esearch -mit %ahai

Fro$essor, Aniversity o$ Cali$ornia, Ios -n.eles ?ruce %chneier ellow, ?erkman Center $or 5nternet and %ociety,Harvard Iaw %chool Hovav %hacham -ssociate Fro$essor, Aniversity o$ Cali$ornia, %an Die.o -#hi %helat -ssociateFro$essor, Aniversity o$ Oir.inia Thomas %hrimpton -ssociate Fro$essor, Fortland %tate Aniversity -vi %il#erschatBFro$essor, Eale Aniversity -dam %mith -ssociate Fro$essor, The Fennsylvania %tate Aniversity Dawn %on.-ssociate Fro$essor, Aniversity o$ Cali$ornia, ?erkeley "ene Tsudik Fro$essor, Aniversity o$ Cali$ornia, 5rvine %alilOadhan Fro$essor, Harvard Aniversity ;e#ecca 3ri.ht Fro$essor, ;ut.ers Aniversity >oti Eun. ellow, -ssociation

$or Computin. >achinery Nickolai Meldovich -ssociate Fro$essor, >assachusetts 5nstitute o$ Technolo.y X-nopen letter $rom A% researchers in crypto.raphy and in$ormation security0X (&'@)0http://people0csail0mit0edu/rivest/pu#s/-6@0pd$

>edia reports since last June have revealed that the A% .overnment conductsdomestic and internationalsurveillance on a massive scale, that it en.a.es in deli#erateand covert weakenin. o$ 5nternet security standards, and that it pressures A%technolo.y companies to deploy #ackdoors and other data+collection $eatures0-sleadin. mem#ers o$ the A% crypto.raphy and in$ormation+security researchcommunities, we deplore these practices and ur.e that they #e chan.ed 0 5ndiscriminatecollection, stora.e, and processin. o$ unprecedented amounts o$ personal in$ormation chill $ree speech and invite

many types o$ a#use, ran.in. $rom mission creep to identity the$t0 These are not hypotheticalproblems they have occurred many times in the past0 5nsertin. #ackdoors, sa#ota.in.standards, and tappin. commercial data+center links provide #ad actors, $orei.n anddomestic, opportunities to e6ploit the resultin. vulnera#ilities0 The value o$ society+widesurveillance in preventin. terrorism is unclear, #ut the threat that such surveillance poses toprivacy, democracy, and the A% technolo.y sector is readily apparent0 ?ecausetransparency and pu#lic consent are at the core o$ our democracy, we call upon the A% .overnment tosu#ect all mass+surveillance activities to pu#lic scrutiny and to resist thedeployment o$ mass+surveillance pro.rams in advance o$ sound technical and social

controls05n 1ndin. a way $orward, the 1ve principles promul.ated at http://re$orm.overnmentsurveillance0com/provide a .ood startin. point0 The choice is not whether to allow the N%- to spy0 The choice is betweena commnications in!rastrctre that is "lnerable to attack at its coreand one that# by de!alt# is intrinsically secre !or its sers.


40/208

?ack in the PP's and &'''s, encryption was a complicated, minority interest0 Nowit is #ecomin. easy and mainstream,not ust $or authenticatin. transactions #ut $or encryptin. dataand communications0 ?ack then, it was also mostly a A% de#ate #ecause that was wheremost stron. encryption was developed0 ?ut thatWs no lon.er the case: encryptionso$tware can #e written anywhere and #y anyone, which means no one countrycannot dictate .lo#al policy anymore0 Consider this: the ri.ht to privacy has lon. #een considered a9uali1ed rather than an a#solute ri.ht S one that can #e in$rin.ed, $or e6ample, on the .rounds o$ pu#lic sa$ety, orto prevent a crime, or in the interests o$ national security0 ew would a.ree that criminals or terrorists have the ri.ht

to plot in secret0 )hat the widespread se o! strong# wellimplementedencryption does is promotes pri"acy to an absolte right0 5$ you have encrypted ahard drive or a smartphone correctly, it cannot #e unscram#led (or at least not $or a $ew hundred thousand years)0

-t a keystroke, it makes a#solute privacy a reality, and thus rewrites one o$ the$undamental rules #y which societies have #een or.anised0No wonder the intelli.enceservices have #een scram#lin. to tackle our deli#erately scram#led communications0 -nd our $ear o$ crime Sterrorism in particular S has created another issue0 3e have demanded that the intelli.ence services and lawen$orcement try to reduce the risk o$ attack, and have accepted that they will .radually chip away at privacy inorder to do that0 However, what we havenWt mana.ed as a society is to decide what is an accepta#le level o$ risk

that such terri#le acts mi.ht occur0 3ithout that understandin. o$ what constitutes anaccepta#le level o$ risk, any reduction in our privacy or civil li#erties S whether#reakin. encryption or mass surveillance S #ecomes palata#le0 The point is o$ten madethat cars kill people and yet we still drive0 3e need to have a #etter discussion a#out what is an accepta#le level o$sa$ety that we as a society re9uire, and what is the impact on our privacy as a result0 -s the Aniversity o$ %urreyWs3oodward notes: X%ome o$ these thin.s one mi.ht have to accept0 An$ortunately there mi.ht not #e any easy wayaround it, without the horri#le unintended conse9uences0 Eou make your enemies less sa$e #ut you also make your

$riends less sa$e #y Zattackin.[ encryption S and that is not a sensi#le thin. to do0X -nd while the -S canno longer dictate policy on encryption# it cold be the one to take a leadwhich others can !ollow. 3hite House cy#ersecurity coordinator >ichael Daniel recently ar.ued that,as .overnments and societies are still wrestlin. with the issue o$ encryption , the A% should come up withthe policies and processes and Xthe philosophical underpinnin.s o$ what we want todo as a society with this so we can make the ar.ument $or that around the planet 000to say, this is how $ree societies should come at this0X ?ut he doesnWt underestimate the scale o$ the pro#lem,either0

Shi!t in policy o! protecting in!rastrctre is key to a"ert sol"ethe coming clash between secrity and intelligence.Joshua -0 Jroll 1(, doctoral candidate in computer science at FrincetonAniversity, where he works on computer security and pu#lic policy issues at theuniversity8s Center $or 5n$ormation Technolo.y Folicy, *++&', XThe Cy#erConundrum,X -merican Frospect, http://prospect0or./article/cy#er+conundrumHo"ing to rotectFirst Three months a$ter N5%T withdrew the D;?" standard, a review initiated #y Fresident ?arack 4#amacalled $or a shi$t in policy0 ;e.ardin. encryption, the Fresident8s ;eview "roup on 5ntelli.enceand Communications Technolo.ies recommended that the A0%0 "overnmentshould: () $ully support and not undermine eorts to create encryption standards(&) not in any way su#vert, undermine, weaken, or make vulnera#le .enerallyavaila#le commercial so$tware and () increase the use o$ encryption and ur.e A0%0

companies to do so0! ?ut there were $ew visi#le si.nals that policy had chan.ed0 No $orei.n nation, no hacker,! 4#ama said in his &'%tate o$ the Anion speech, should #e a#le to shut down our networks, steal our trade secrets, or invade the privacy o$ -merican $amilies0! ?ut thenearly Y@ #illion re9uested $or cy#ersecurity in the president8s 1scal year &'*#ud.et proposal eectively supports and rein$orces current undermine+1rst policy, apolicy that has $ailed to stop the Kood o$ attacks on -merican #usinesses and the .overnment itsel$ #y $orei.n intelli.ence services, weekend hacktivists,

and common criminals0 - protect+1rst policy o$ #olsterin. security technolo.ies would identi$ythe most critical pieces o$ security in$rastructure, invest in makin. those de$ensessecure, and support their universal deployment0 Sch a policy wold emphasi%espport !or ni"ersal endtoend encryption tools such as secure we#


41/208

#rowsin.. - we#site is delivered securely when that site8s address starts with https!Sthe 7s8 stands $or secureSand your #rowser puts a lock orkey icon ne6t to the address0 ?rowsers can load and display secure pa.es, .uaranteein. that while the pa.es are in transit $rom server to user, the pa.esremain con1dential and are protected $rom tamperin., and that the user8s #rowser veri1es that the server is not an impostor0 -t present, secure #rowsin.

is underused and under$unded, leadin. to trou#lin. security lapses0 - notorious e6ample is the Heart#leed #u.,disclosed in -pril o$ &'@0Heart#leed allowed attackers to reach out across the5nternet and e6tract the contents o$ a computer8s memory, includin. encryption keys, passwords, andprivate in$ormation0 Two+thirds o$ the we#sites on the 5nternet were vulnera#le, alon. with countless computers em#edded in cars, wireless routers, homeappliances, and other e9uipment0 ?ecause e6ploitation via Heart#leed usually did not leave a record, the $ull conse9uences o$ Heart#leed will almost

certainly never #e known0 -ll o$ this was due to a sin.le pro.rammin. error in a so$twarepacka.e called 4pen%%I, which is used #y the maority o$ we#sites that provide secure pa.es0 ?y any measure, 4pen%%I is a corepiece o$ our cy#er in$rastructure0 Eet it has #een maintained #y a very small team o$ developersSin the words o$ one ournalist, two .uys named %teve!Sand the $oundation supportin. it never had a #ud.et reachin. even Y million per year0 Despite its central role in we# security, 4pen%%I had neverunder.one a care$ul security audit0 >atthew "reen, a crypto.rapher at Johns Hopkins Aniversity and an outspoken critic o$ 4pen%%I, said a$ter Heart#leedthat the 4pen%%I oundation has some very devoted people, it ust doesn8t have enou.h o$ them, and it can8t aord enou.h o$ them0! %ince theHeart#leed attack, a consortium o$ companies, includin. some o$ the #i..est names in the 5nternet #usiness, pled.ed contri#utions o$ a $ew million dollarsto start the Core 5n$rastructure 5nitiative (C55), a .rant+makin. process $or security audits o$ important in$rastructure components like 4pen%%I0 C558s #ud.et

o$ a $ew million dollars is nowhere near the $ew hundred million now devoted to the N%-8s %5"5NT


42/208

All A, Cards


43/208

SQ + Crytpo)ars


44/208

SQ 5ncryption

The NSA weakened encryption and created "lnerabilities incommercial so!tware + compromising the secrity o! the entire

internet./arris# &'10%hane, -merican ournalist and author at orei.n Folicy ma.aBine0 U3-; : the riseo$ the military+5nternet comple6 / Hou.hton >iin Harcourt0 F0VV+P

or the past ten years the N%- has led an eort in conunction with its ?ritish counterpart, the "overnmentCommunications Head9uarters, to de$eat the widespread use o$ encryption technolo.y #yinsertin. hidden vulnera#ilities into widely used encryption standards 0


45/208

didnWt deny that the #ackdoor e6isted, or may have e6isted0 5ndeed, ;%- said that years earlier, when it decided to start usin. the Kawed num#er+.enerator al.orithm, the N%- had a trusted role in the community+wide eort to stren.hten, not weaken, encryption0! Not so much anymore0 3hendocuments leaked #y %nowden con1rmed the N%-8s work, ;%- encoura.ed people to stop usin. the num#er .enerator Q as did the N5%T0 The standards#ody issued its own statement $ollowin. the %nowden revelations0 5t was a model o$ care$ully cali#rated lan.ua.e0 XN5%T would not deli#erately weaken acrypto.raphic standard,X the or.aniBation said in a pu#lic statement, clearly leavin. open the possi#ility+ without con1rmin. it + that the N%- had secretlyinstalled the vulnera#ility or done so a.ainst N5%TWs wishes0 XN5%T has a lon. history o$ e6tensive colla#oration with the worldWs crypto.raphy e6perts tosupport ro#ust encryption0 The ZN%-[ participates in the N5%T crypto.raphy development process #ecause o$ its reco.niBed e6pertise0 N5%T is also re9uired#y statute to consult with the N%-0! The standards #ody was eectively tellin. the world that it had no way to stop the N%-0


46/208

Backdoors FI

)hat is a backdoorR2etter# &'10

=im Metter, ward+winnin., senior sta reporter at 3ired coverin. cy#ercrime,privacy, and security0 &++&'@, XHacker Ie6icon: 3hat 5s a ?ackdoor,X 35;


47/208

Cryptowar Brink

New Crypto )ars coming now.Jehl# &'1(

Danielle =ehl is a senior policy analyst at New -mericaWs 4pen Technolo.y 5nstitute,?- cum laude Eale *++&', XDoomed To ;epeat History Iessons rom TheCrypto 3ars 4$ The PP's,X New -merica, https://www0newamerica0or./oti/doomed+to+repeat+history+lessons+$rom+the+crypto+wars+o$+the+PP's/

An$ortunately, in the past $ew years the consensus that stron. encryption is .ood $orsecurity, li#erty, and economic .rowth has come under threat 0 The June &'revelations a#out the A0%0 National %ecurity -.ency8s pervasive surveillancepro.rams S not to mention the N%-8s direct attempts to thwart 5nternet security to$acilitate its own spyin. S dramatically shi$ted the national conversation,hi.hli.htin. the vulnera#ilities in many o$ the tools and networks on which we nowrely $or #oth everyday and sensitive communications 0 3hile ordinary individuals, civil li#ertiesadvocates, and maor technolo.y companies have since em#raced .reater use o$ encryption as a necessary step toaddress a wide ran.e o$ modern threats $rom #oth .overnment and non.overnment actors, intelli.ence a.enciesand law en$orcement ocials have also #ecome increasin.ly outspoken a.ainst measures to stren.then thesesystems throu.h encryption0 To make their case, they have revived many o$ the ar.uments they made a#outencryption in the PP's, seemin. to have $or.otten the lessons o$ the past0 5n response, encryption proponents

have countered with many o$ the same ar.uments that they made in the PP's, alon. with a $ew new ones0P 5tseems like we may once a.ain #e on the ver.e o$ another war: a Crypto 3ar &0'0?ut it would #e $ar wiser to maintain the peace than to #e.in a new andunnecessary conKict0 3e already had a ro#ust pu#lic de#ate that resolved thisdispute, and nothin. has chan.ed since the PP's that would cast dou#t on thepolicy conclusions we reached then indeed , the post+war period has onlyrein$orced those conclusions0 -lthou.h there are numerous individual lessons $romthe Crypto 3ars, the overarchin. takeaway is that weakenin. or otherwiseunderminin. encryption is #ad $or our economy, our economic security, and our civilli#erties S and there is no reason to repeat our previous mistakes0

Crypto )ars coming now.Tokmet%i &'1(Dimitri, Data Journalist at the Correspondent (Netherlands) Think piece: How toprotect privacy and security! "lo#al Con$erence on Cy#er%pace &' * + -pril&' The Ha.ue, The Netherlandshttps://www0.ccs&'0com/sites/de$ault/1les/documents/How2&'to2&'protect2&'privacy2&'and2&'security2&'in2&'the2&'crypto2&'wars0pd$

3e thou.ht that the Crypto 3ars o$ the nineties were over, #ut renewed 1.htin. has erupted sincethe %nowden revelations0 4n one side, law en$orcement and intelli.ence a.encies are a$raid that #roader use o$ encryption on the

5nternet will make their work harder or even impossi#le0 4n the other, security e6perts and activists ar.ue that installin. #ackdoorswill make everyone unsa$e0 5s it possi#le to 1nd some middle .round #etween these two positions 7This is the story o$ how a

hand$ul o$ crypto.raphers hacked! the N%-0 5t8s also a story o$ encryption #ackdoors, and why theynever 9uite work out the way you want them to08 %o #e.an the #lo. post on the ;atthew "reen, assistant pro$essor at John Hopkins university, and a couple o$ internationalcollea.ues e6ploited a nasty #u. on the servers that host the N%- we#site0 ?y $orcin. the servers to use an old, almost $or.ottenand weak type o$ encryption which they were a#le to crack within a $ew hours, they mana.ed to .ain access to the #ackend o$ theN%- we#site, makin. it possi#le $or them to alter its content0 3orse still, the crypto.raphers $ound that the same weak encryptionwas used on a third o$ the @ million other we#sites they scanned0 or instance, i$ they had wanted to, they could have .ained

access to whitehouse0.ov or tips0$#i0.ov0 >any smartphone apps turned out to #e vulnera#le as well0 The irony is this: thisweak encryption was deli#erately desi.ned $or so$tware products e6ported $rom the


48/208

A% in the nineties0 The N%- wanted to snoop on $orei.n .overnments andcompanies i$ necessary and pushed $or a weakenin. o$ encryption 0 This weakened encryptionsomehow $ound its way #ack onto the servers o$ A% companies and .overnment a.encies0 7%ince the N%- was the or.aniBation thatdemanded e6port+.rade crypto, it8s only 1ttin. that they should #e the 1rst site aected #y this vulnera#ility8, "reen .lee$ully wrote0

The ;% apps (Te6t%ecure and%i.nal)0 This worries .overnments0 5n the wake o$ the attack on Charlie He#do in Faris, A= Frime >inister David Cameron impliedthat encryption on certain types o$ communication services should #e #anned0 5n the A%, ?5 director James Comey recently warnedthat the intelli.ence a.encies are 7.oin. dark8 #ecause o$ the emer.ence o$ de$ault encryption settin.s on devices and in we#

applications0 5n


49/208

contentious0


50/208

5*ception Access Bad

Too many risks.)eit%ner et al# &'1(

Daniel J0 3eitBner is Frincipal ;esearch %cientist at the >5T Computer %cience and-rti1cial 5ntelli.ence Ia# and oundin. Director, >5T Cy#ersecurity and 5nternetFolicy ;esearch 5nitiative0 rom &'Q&'&, he was Anited %tates Deputy Chie$

Technolo.y 4cer in the 3hite House -#elson, Harold -nderson, ;oss ?ellovin,%teven >0 ?enaloh, Josh ?laBe, >att Die, 3hit1eld "ilmore, John "reen,>atthew Iandau, %usan Neumann, Feter "0 ;ivest, ;onald I0 %chiller, Jerey 50%chneier, ?ruce %pecter, >ichael 3eitBner, Daniel J0 =eys Ander Doormats:>andatin. insecurity #y re9uirin. .overnment access to all data andcommunications! &'+'+'* http://hdl0handle0net/&0/P*P'

3ith people8s lives and li#erties increasin.ly online, the 9uestion o$ whether to support lawen$orcement demands $or .uaranteed access to private in$ormation has a special

ur.ency, and must #e evaluated with clarity0rom a pu#lic policy perspective, there is an ar.ument$or .ivin. law en$orcement the #est possi#le tools to investi.ate crime, su#ect to due process and the rule o$ law0?ut a care$ul scienti1c analysis o$ the likely impact o$ such demands must distin.uish what mi.ht #e desira#le $rom

what is technically possi#le0 5n this re.ard, a proposal to re.ulate encryption and .uarantee lawen$orcement access centrally $eels rather like a proposal to re9uire that all airplanescan #e controlled $rom the .round0 3hile this mi.ht #e desira#le in the case o$ ahiackin. or a suicidal pilot, a clear+eyed assessment o$ how one could desi.n such acapa#ility reveals enormous technical and operational comple6ity, internationalscope, lar.e costs, and massive risksS so much so that such proposals, thou.h occasionally made,are not really taken seriously0 3e have shown that current law en$orcement demands $or e6ceptional access would

likely entail very su#stantial security risks, en.ineerin. costs, and collateral dama.e0 5$ policy+makers#elieve it is still necessary to consider e6ceptional access mandates, there aretechnical, operational, and le.al 9uestions that must #e answered in detail #e$ore

le.islation is dra$ted0 rom our analysis o$ the two scenarios and .eneral lawen$orcement access re9uirements presented earlier in the paper, we oer this set o$9uestions0
http://hdl.handle.net/1721.1/97690http://hdl.handle.net/1721.1/97690


51/208

Fed insecre

Feds sholdn>t hold or data# they get hacked all the time.-ndrea Castillo, (&'+&', X-merica8s schiBophrenic anti+encryption

cy#ersecurity strate.y,X >edium, https://readplainte6t0com/america+s+schiBophrenic+anti+encryption+cy#ersecurity+strate.y+&d'aPV&The #ack doors $or which encryption anta.onists pine are more the stu o$ dreamthan reality0erlin will #e hard+pressed to #end the rules o$ mathematics to suitthe " men8s whimsies0 ?ut the move to weaken encryption does not ust $ail technically, itwould $ail strate.ically0 ?ad .uys could use #ack doors, too . The !ederalgo"ernment wold perhaps be one o! the worst entities to secre the keysto or digital kingdom0 4ver the past P years, the rate o$ reported $ederalin$ormation security $ailures increased #y 1#1


52/208

5ncryption ood


53/208

NSA Backdoors Now

NSA is ptting back doors in systems Jaspersky pro"esFishman and Har9isBoire &&(-ndrew ishman and >or.an

>ar9uis+?oire, F4FAI-; %< AND


54/208

reverse en.ineer it to 1nd ways to neutraliBe the pro#lem0 Doin. so re9uired o#tainin. awarrant0 Fersonal security products such as the ;ussian anti+virus so$tware =aspersky continue to pose a challen.eto "CHG8s CN< ZComputer Network


55/208

intelli.ence yields a#out ' new potentially malicious 1les per day $or malware tria.e0! This is a tiny $raction o$ thehostile so$tware that is processed0 =aspersky says it detects &,''' new malicious 1les every day, and an internal"CHG document indicates that its own system collectZs[ around '',''',''' malware events per day0! -$ter

o#tainin. the 1les, the N%- analysts Zc[heck =aspersky -O to see i$ they continue to letany o$ these virus 1les throu.h their -nti+Oirus product0! The N%-8s Tailored -ccess4perations unit can repurpose the malware,! presuma#ly #e$ore the anti+virusso$tware has #een updated to de$end a.ainst the threat0 The Froect C->?ore Tar.etsL! Those companiesinclude Check Foint so$tware, a pioneerin. maker o$ corporate 1rewalls #ased 5srael, whose .overnment is a A0%0ally0 Nota#ly omitted are the -merican anti+virus #rands >c-$ee and %ymantec and the ?ritish company %ophos0There is a certain lo.ic to monitorin. reports Kowin. into anti+virus companies0 %uch reports include new malware,which can potentially #e re+purposed, and intelli.ence a#out hostile actors0 3hat8s more, in$ormation a#out securityvulnera#ilities in the -O so$tware itsel$ can #e harvested0 -nti+virus companies commonly, thou.h not always,respond slowly to such reports, leavin. a window in which spy a.encies can potentially e6ploit these Kaws0 - &'&report $rom "oo.le security en.ineer Tavis 4rmandy documented how, a$ter alertin. %ophos to multiple securityvulnera#ilities in its anti+virus so$tware, the 1rm estimated it would re9uire si6 months to patch all o$ the #u.s0 Thatestimate was later revised down *' days $or the entire set o$ 16es, accordin. to 4rmandy0 5t8s not clear e6actly howmany reports like 4rmandy8s have #een pilin. up at anti+virus companies0 ?ut =oret, the security researcher,su..ests that most -O companies have serious pro#lems in this area0 Durin. a period o$ g year 5 researchedmore or less -O en.ines,! he wrote in an email0 5 $ound vulnera#ilities in @ -O en.ines0! -nti+virus 1rms vs0

intelli.ence a.encies -s .overnment spies have sou.ht to evade anti+virus so$tware, theanti+virus 1rms themselves have e6posed malware created #y .overnment spies0

-mon. them, =aspersky appears to #e the sharpest thorn in the side o$ .overnmenthackers0 5n the past $ew years, the company has proven to #e a proli1c hunter o$state+sponsored malware, playin. a role in the discovery and/or analysis o$ variouspieces o$ malware reportedly linked to .overnment hackers, includin. thesuperviruses lame, which =aspersky Ka..ed in &'& "auss, also detected in &'&%tu6net, discovered #y another company in &'' and ;e.in, revealed #y%ymantec0 5n e#ruary, the ;ussian 1rm announced its #i..est 1nd yet: the surveillance pro.ram0 No stran.er to tar.etedcy#erattacks, =aspersky Ia# announced earlier this month that it had #een thevictim o$ a sophisticated intrusion0 5n an email, =aspersky Ia# told The 5ntercept,!5tis e6tremely worryin. that .overnment or.aniBations would #e tar.etin. us insteado$ $ocusin. resources a.ainst le.itimate adversaries, and workin. to su#vertsecurity so$tware that is desi.ned to keep us all sa$e0 However, this doesn8t come asa surprise0 3e have worked hard to protect our end users $rom all types o$


56/208

adversaries0 This includes #oth common cy#er+criminals or nation state+sponsoredcy#er+espiona.e operations0! 3hen asked $or comment, the N%- and "CHG declined to respond on therecord to the speci1cs o$ this story0


57/208

Secrity )eak Now

Cyberattacks case de"astating damage to in!rastrctre@nly Congress can sol"e

)eekly Analysis, ++&'1(, X4cial: "reatest cy#er risks to national securityinvolve hand$ul o$ sectors,X 5nside Cy#ersecurity,http://insidecy#ersecurity0com/Cy#er+"eneral/Cy#er+Fu#lic+Content/ocial+.reatest+cy#er+risks+to+national+security+involve+hand$ul+o$+sectors/menu+id+'VP0html

The .reatest cy#er risks toA0%0 national security involve a#out a third o$ thecountryWs* critical in$rastructure sectors,accordin. to an ?5 ocial0 The #ureauWs cy#ersecurityoutreach pro.ram $or critical in$rastructure is $ocused on si6 sectors Q #ankin. and 1nance,ener.y, transportation, in$ormation technolo.y, communications and pu#lic health Qthe pro.ramWs leader, %tacy %tevens, said durin. a June P pu#lic meetin.o$ cy#ersecurity pro$essionals or.aniBed#y the Department o$ Homeland %ecurity in Cam#rid.e, >-0 The ?5 ocialWs comments, as well as documentso#tained #y *nside 'ybersecurityunder the reedom o$ 5n$ormation -ct, shed new li.ht on how A0%0 authorities viewcy#er risks in industry, a su#ect shrouded in secrecy that some ar.ue is e6cessive0 -n 4#ama administrationadviser, ;ichard DanBi., last year ur.ed .reater disclosure o$ cy#er risks $acin. various sectors in the interest o$ena#lin. #etter policymakin.0 %tevens told *nside 'ybersecuritythat the ?5 and DH% have a shared understandin.

o$ which sectors are associated with the .reatest cy#er+related national security risks0 This hierarchy ena#les the?5 cy#ersecurity outreach unit to prioritiBe its resources0 The unit has $ocused on #ankin. and 1nance, ener.y,transportation, in$ormation technolo.y and communications since it was esta#lished in &' and added pu#lichealth to the list more recently, she said0 Fresident 4#ama has repeatedly ur.ed improvements in cy#ersecurity $orcritical in$rastructure, includin. in an e6ecutive order issued in &'0 4#amaWs speech at the 3hite House

cy#ersecurity summit in e#ruary mentioned most o$ the sectors cited #y %tevens0 X>uch o$ our criticalin$rastructure++ our 1nancial systems, our power .rid, health systems ++ run on networks connectedto the 5nternet, which is hu.ely empowerin. #ut also dan.erous, and creates newpoints o$ vulnera#ility that we didnWt have #e$ore ,X 4#ama said0 Xorei.n .overnmentsand criminals are pro#in. these systems every sin.le day0 3e only have to think o$real+li$e e6amples ++ an air trac control system .oin. down and disruptin. K

Crypto Affirmative - DDI 2015 ST

Documents

Transcript of Crypto Affirmative - DDI 2015 ST