Even if governments backdoor crypto, they still won't be able to spy on terrorists


#1

Originally published at: https://boingboing.net/2018/04/06/raising-the-stakes.html


#2

North Korea already has devices that only run certified apps and open certified files.


#3

…and/or a willingness to let enemy spies conduct surveillance of your population, government and businesses.

More than one-half of our elected officials are perfectly happy to let an adversary nation compromise our national security. I don’t see crypto policy changing the basic problems of corruption and treason.


#4

Not to mention how this has played out in the past: we see it justified for combating Terrorism, but very quickly used for everything else.


#5

Don’t be put off by the maths, folks. The basic idea can be explained without it.

Supposing you have two friends, Winston and Julia, who can messages to each other but every message can be read first and even altered by a third person, Mark, with huge computer resources to break any known crypto.

Steganography is the art of (say) saying one thing but meaning another. For some reasons, the current politicians in power in the US and UK consider themselves experts in this field. Don’t judge.

If Winston and Julia had a long time to prepare, they could have a large codebook, where every possible sentence could be mapped onto another meaning. More practically, they may have a simple number of code phrases. The larger their codebook, the more subtle their communication can be.

This does not necessarily mean a physical codebook. A terrorist should not say “We destroy the infidels on Thursday. See you in Paradise!” when “We should meed on Thursday as agreed previously” should do. Let us use “codebook” as a general template for saying one thing and meaning another.

Mark may pass their messages into German, through a style checker, then back to English, so passive becomes active, words may be replaced by synonyms, but the basic meaning is unchanged. Blocks of random characters would be deleted. With care, Mark can even pick out sentences like “My password is skcb06935” and substitute the password string with another just in case it hides a hidden message; and do the reverse substitution on the posts in the other direction.

Nevertheless, if the communication system passes data at all, most ordinary sentences ought to emerge with the meaning largely unchanged at some level. This does not mean Winston and Julia cannot communicate - it just mean their messages have to be longer to transmit the same hidden data, using sentences rather than words. This probably means the process of coding becomes more laborious, and in the end coding a general message may lose out to using a simple code such as “whatever” to mean “I will take my lunch in the Victory Sandwich Bar, and I can tell you there”. But, in theory, there is nothing stopping the most general communication - just that the code books get larger and the coding becomes more laborious.

Can Julia and Winston check the integrity of their messages if they never meet? They can if there is any common signal. They could have a checksum that depended on whether it had rained that day, or the posting time has a number of minutes that is divisible by 3. Sports scores or share prices give a large trove of common data. Now, if Winston and Julia can exchange messages and check their integrity, they can also exchange extensions to their coding method, and bootstrap a complete codebook. The entropy calculations in the paper give a measure of how much you can hide in text while keeping the message looking normal, and how big the codebook is.

The hard maths is only if you want to write an optimised encoder. The basic conclusion is that any way of passing messages however backdoored can pass hidden messages for a sophisticated user.

They all know this. Sophisticated users were never the target. Mark wants to run the projector in Plato’s cave. Get the 40% least sophisticated and you have any democracy.


#6

Even if governments backdoor crypto, they still won’t be able to spy on terrorists

That implies that combating terrorism is the goal, not just the excuse given for it…


#7

I saw the thing where it runs Kitkat (Android.) Surely it exudes poison from the screen if it both already has a connection and the CPU is using more than 300mW? Or running Kitkat now is super like that anyhow?
There’s a thing about algae on the 42long page…great, Norks are going to spirulina and not starving…only no, if’s for fuel and fertilizer. Youth Chemical Plant, make better choices!


#8

Nice. Its not spam mimic (didn’t handle the brackets). It’s not Fourmilab tool with the default dictionary (doesn’t support ‘the’). It doesn’t seem to be stegsnow. I have a sneaking suspicion that this may just be rubbish, made to look like low quality steganography. The spaces are ordinary spaces. I’m giving up because its me and the weekend. I bet the Stazi would keep going.

I imagine a mail tool that appends a fixed format line of character garbage to each message. This could be used as a checksum to show your text has not been interfered with. It could be a short message to someone with the right key. It could just be garbage. In all cases it declares “I am very against this sort of thing”. Swamp the spooks with dud data.


#9

This topic was automatically closed after 5 days. New replies are no longer allowed.