More like this

Security

Cops hate encryption but the NSA loves it when you use PGP

It lights you up like a Vegas casino, says compsci boffin

Nick Weaver
Dropping truth bombs ... Nick Weaver at Enigma

Usenix Enigma Although the cops and Feds wont stop banging on and on about encryption – the spies have a different take on the use of crypto.

To be brutally blunt, they love it. Why? Because using detectable encryption technology like PGP, Tor, VPNs and so on, lights you up on the intelligence agencies' dashboards. Agents and analysts don't even have to see the contents of the communications – the metadata is enough for g-men to start making your life difficult.

"To be honest, the spooks love PGP," Nicholas Weaver, a researcher at the International Computer Science Institute, told the Usenix Enigma conference in San Francisco on Wednesdy. "It's really chatty and it gives them a lot of metadata and communication records. PGP is the NSA's friend."

Weaver, who has spent much of the last decade investigating NSA techniques, said that all PGP traffic, including who sent it and to whom, is automatically stored and backed up onto tape. This can then be searched as needed when matched with other surveillance data.

Given that the NSA has taps on almost all of the internet's major trunk routes, the PGP records can be incredibly useful. It's a simple matter to build a script that can identify one PGP user and then track all their contacts to build a journal of their activities.

Even better is the Mujahedeen Secrets encryption system, which was released by the Global Islamic Media Front to allow Al Qaeda supporters to communicate in private. Weaver said that not only was it even harder to use than PGP, but it was a boon for metadata – since almost anyone using it identified themselves as a potential terrorist.

"It's brilliant!" enthused Weaver. "Whoever it was at the NSA or GCHQ who invented it give them a big Christmas bonus."

Given all the tools available to the intelligence agencies there's really no need for an encryption backdoor, he explained. With the NSA's toolkit of zero-day exploits, and old-day exploits, it's much easier to root a target's computer after identifying them from metadata traffic.

With all these tools it's not hard to see why the intelligence community isn't pushing hard for an encryption backdoor, or actively opposing it. Last week, the NSA boss Mike Rogers came out against plans to bork encryption for the police:

Youtube Video

"Encryption is foundational to the future, so spending time arguing about, 'Hey, encryption is bad and we ought to do away with it,' that's a waste of time to me," he said. "Encryption is foundational to the future, so what we've got to ask ourselves is, given that foundation, what's the best way for us to deal with it?" ®

Sponsored: Global DDoS threat landscape report