industryterm:internet encryption

  • Dedefensa.org : La menace (à peine) voilée du Guardian
    http://www.dedefensa.org/article-la_menace_peine_voil_e_du_guardian_08_11_2013.html

    «...An American or European visitor would have been most struck by what the committee did not ask: it barely touched on the substantive issues raised by the Snowden documents. It skated over any serious questioning about the complex issues to do with mass surveillance, civil liberties or privacy. There were no questions about GCHQ’s reported involvement in agencies helping themselves to traffic between Google data servers. There was nothing on the bugging of world leaders who might be considered allies, not enemies. Nothing on the reliance on corporate partners – “well beyond” what they are legally required to do. And nothing on the issue raised by Sir Tim Berners-Lee – the “appalling and foolish” weakening of internet encryption with potentially terrible consequences for individuals and businesses. These matters have been widely discussed in this country, including in such subversive journals as the FT and the Economist. Indeed, they have been debated in every serious newspaper and legislature in the world. They will become manifest in reformed laws, treaties and alliances. But there was little suggestion today that much of this was of true concern.

    »Instead there was a kick at the “global media”. Let us be clear. The loss of Snowden’s material was plainly damaging for western intelligence. The disaster was that the US agencies have, for the second time in three years, proved incapable of keeping enormous secret databases secure. After WikiLeaks it is astonishing that 850,000 people worldwide were able to peer into the heart of secret operations in Cheltenham. No NSA official has apologised or resigned for this devastating failure and there were only the mildest questions today as to why GCHQ went along with these bizarre arrangements. The intelligence agencies were saved from true catastrophe by only one thing: the fact that Snowden didn’t dump the material on to the web, but handed it instead to journalists. Together with the New York Times and Washington Post, we have worked carefully and responsibly (in consultation with governments and agencies) to disclose a small proportion of what he leaked. Some would like newspapers gagged or prosecuted. Be careful what you wish for. Kick newspapers by all means, but, without them, be prepared for something much worse.»

    Ce dernier paragraphe est inhabituellement clair et franc. Il admet l’argument des chefs des services de sécurité et du renseignement, relayé par l’essentiel de la presse britannique (les fonds Snowden sont dévastateurs pour le renseignement, disons anglo-saxon, USA et UK), mais en repousse la responsabilité vers ceux-là même qui gémissent : trop incompétents pour protéger leur matériel les plus essentiels et secrets, ils n’ont donc qu’à s’en prendre à eux-mêmes pour les conséquences. L’argument met donc les adversaires face-à-face sans fioritures de langage ni gâteries de moralité type-patriotique : “vous avez été incompétents en ne protégeant pas vos secrets, nous nous montrons compétents en les publiant”. Le reste contient la “menace (à peine) voilée” : ”si les pressions contre nous continuent, et même s’accroissent jusqu’à des mesures discrétionnaires de censure, alors vous allez le regretter”. Pourquoi ? Parce que les journaux du fonds Snowden, et Snowden lui-même, – même s’il n’est pas mentionné dans cette partie de l’édito pour donner à la presse l’exclusivité de cette vertu de responsabilité, – ont été très prudents et très attentifs à ne publier qu’un minimum de documents, en choisissant ceux qui font le moins de dégâts. («Together with the New York Times and Washington Post, we have worked carefully and responsibly (in consultation with governments and agencies) to disclose a small proportion of what he leaked.») Si des mesures sont prises contre ces journaux (voir ce seul journal, le Guardian), alors l’on peut craindre ce qui arrivera à ce moment, c’est-à-dire la véritable dimension catastrophique que représente le fonds Snowden pour le Système ... Cette “catastrophe” pour “les services” qui a été évitée jusque là («The intelligence agencies were saved from true catastrophe by only one thing: the fact that Snowden didn’t dump the material on to the web, but handed it instead to journalists.»), – cette catastrophe pourrait bien survenir : «Be careful what you wish for. Kick newspapers by all means, but, without them, be prepared for something much worse.»

  • N.S.A. Foils Much Internet Encryption - NYTimes.com
    http://www.nytimes.com/2013/09/06/us/nsa-foils-much-internet-encryption.html?pagewanted=all

    #NSA documents show that the agency maintains an internal database of #encryption keys for specific commercial products, called a Key Provisioning Service, which can automatically decode many messages. If the necessary key is not in the collection, a request goes to the separate Key Recovery Service, which tries to obtain it.

    How keys are acquired is shrouded in secrecy, but independent cryptographers say many are probably collected by hacking into companies’ computer servers, where they are stored. To keep such methods secret, the N.S.A. shares decrypted messages with other agencies only if the keys could have been acquired through legal means. “Approval to release to non-Sigint agencies,” a GCHQ document says, “will depend on there being a proven non-Sigint method of acquiring keys.”

    Simultaneously, the N.S.A. has been deliberately weakening the international encryption standards adopted by developers. One goal in the agency’s 2013 budget request was to “influence policies, standards and specifications for commercial public key technologies,” the most common encryption method.

    Cryptographers have long suspected that the agency planted vulnerabilities in a standard adopted in 2006 by the National Institute of #Standards and Technology, the United States’ encryption standards body, and later by the International Organization for Standardization, which has 163 countries as members.

    Classified N.S.A. memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The N.S.A. wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse.”