Re: [perpass] perens-perpass-appropriate-response-01

Jacob Appelbaum <jacob@appelbaum.net> Thu, 05 December 2013 00:31 UTC

Return-Path: <jacob@appelbaum.net>
X-Original-To: perpass@ietfa.amsl.com
Delivered-To: perpass@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 86D4B1AE195 for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 16:31:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.6
X-Spam-Level:
X-Spam-Status: No, score=-0.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FSL_HELO_BARE_IP_2=2, RCVD_IN_DNSWL_LOW=-0.7] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 78Hbr1tASvhY for <perpass@ietfa.amsl.com>; Wed, 4 Dec 2013 16:31:21 -0800 (PST)
Received: from mail-lb0-f172.google.com (mail-lb0-f172.google.com [209.85.217.172]) by ietfa.amsl.com (Postfix) with ESMTP id 843131AE1A2 for <perpass@ietf.org>; Wed, 4 Dec 2013 16:31:21 -0800 (PST)
Received: by mail-lb0-f172.google.com with SMTP id z5so9884699lbh.31 for <perpass@ietf.org>; Wed, 04 Dec 2013 16:31:17 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:message-id:date:from:mime-version:to:cc:subject :references:in-reply-to:openpgp:content-type :content-transfer-encoding; bh=vcoJJAvtBkQj88/yHiQ21jg1B1uQ2ogA+Qge6ZKdYYM=; b=hdLqJQpbcEuKEAuJa/NwA3HcsRwUcn0RmGS7DEuAiNHc7PbeGvetoab5m/IT8sQ+u8 KgCMMZO6NU2++vXKBi5x1VcEU/3gSpj8WivAb27yfiBkovvwGqEPmpSJg2xUhxVdvzyy 4hJ0/CQAzmTFPq8/VVqKYlpRKtfTdKTFOrLcoPzLiMUp/znQM30vH7Ze6iihE0U3VRrv j7fw4E3PHhQ7LbH7SYscKMABbJdOH6YRz9pBZCbpjNWCvMhGO/2GZJ/HVHP553LlqZqO KYb0g5Q9vPuArA4t6LmbdCaz1FHVxiVF3/tuoUZ5873BYmzxBdsROvge9rWXV0uS0QVj FbKQ==
X-Gm-Message-State: ALoCoQlRLZeWD4/3rokQ2CV+aHUFeEzCZ5/JSKns8ae7IVMZWFOaOPJkssV++PjJxtZ6DbYwbLSX
X-Received: by 10.152.36.101 with SMTP id p5mr18674laj.67.1386203477435; Wed, 04 Dec 2013 16:31:17 -0800 (PST)
Received: from 127.0.0.1 (tor-exit0-readme.dfri.se. [171.25.193.20]) by mx.google.com with ESMTPSA id e10sm103336425laa.6.2013.12.04.16.31.05 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Wed, 04 Dec 2013 16:31:16 -0800 (PST)
Message-ID: <529FC942.9050400@appelbaum.net>
Date: Thu, 05 Dec 2013 00:30:58 +0000
From: Jacob Appelbaum <jacob@appelbaum.net>
MIME-Version: 1.0
To: Bruce Perens <bruce@perens.com>
References: <E2DA1477-C86E-441E-A33D-D47A0D67AFF3@iab.org> <EF9BD1E4-6EF3-4035-AC4E-1A2D3CADE615@mnot.net> <529E8494.7000806@perens.com> <20131204111309.GB11727@nic.fr> <529F61D8.6030105@perens.com> <20131204171207.GC19914@thunk.org> <529F63C0.3040804@perens.com> <529F88AC.3090904@appelbaum.net> <529F90A0.8000706@perens.com> <529F9205.30906@appelbaum.net> <529F98C0.9090808@perens.com> <529F9F14.8050805@appelbaum.net> <529FB61A.7090604@perens.com> <529FBEF9.7030205@appelbaum.net> <529FC347.3080806@perens.com>
In-Reply-To: <529FC347.3080806@perens.com>
OpenPGP: id=4193A197
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Cc: perpass@ietf.org
Subject: Re: [perpass] perens-perpass-appropriate-response-01
X-BeenThere: perpass@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <perpass.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/perpass>, <mailto:perpass-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/perpass/>
List-Post: <mailto:perpass@ietf.org>
List-Help: <mailto:perpass-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/perpass>, <mailto:perpass-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Dec 2013 00:31:23 -0000

Bruce Perens:
> On 12/04/2013 03:47 PM, Jacob Appelbaum wrote:
>> So basically, you were just blowing smoke?
> No. The organization is charged to protect us. 

Us? Are you including the Dutch, German, Brazilian, Canadian, British
and Swedes on the list? Or just 'us' Americans?

It sounds to me like you're blowing smoke - specifically because they
aren't actually protecting us in the ways that they assert. Global
domination through criminal activity that results in hegemony? Sounds
solidly protectionist but not in a way where we've consented!

> However poorly or well it's 
> actually working, and I assume that I do not have the whole story either way. 
> They need reform, sure. Not elimination.

Ah, I see, you think we need spies outside the rule of law - that pretty
much sums up the problem. We either have the rule of law or we have this
- that is how we found ourselves here. The fact that you're not entitled
to know the whole story should tip you off that you might not want to
give them the benefit of the doubt regarding reform.

What is technically possible is effectively shown to be inevitable when
the economics line up for the NSA and friends.  Eliminate the NSA,
they're (mass) criminals; the DNI lies to Congress. The NSA gives full
feeds of their spying data to other nations. The examples are as
boundless as BOUNDLESSINFORMANT and beyond.

To boot they're hurting average Americans who write software. The taint
of the NSA is like the Chinese state security all over Huawei gear. I
think it is sadly deserved for many companies and their products.

> 
> Throwing deliberate hurdles in their way is like spreading nails in the path of 
> a police car. Cops have more than enough abuses, but most people accept that 
> they do good stuff too, and nobody sensible suggests getting rid of them.

I see that in your spare time, you're also a straw man factory; could
you knock it off Bruce? It is surprisingly annoying and a total derailment.

But while we're making funny jokes, I'll see you and raise you a muppet
video:

  https://www.youtube.com/watch?v=CjMLZuuXDRQ

Perhaps the discourse might be improved by not muddling intelligence
services and police? ;-)

>> Good luck with a Man-On-The-Side attack on .se. domains that are properly configured.
> OK. But I'm horrified that .se is the best demo you can cite.

DNSSEC has issues - a lack of query privacy for example - but what do
you want? A full list of every DNSSEC enabled domain where someone has
to steal keys to begin to perform such an attack?

Here is some code by the way to implement QI:

 http://github.com/stealth/QI

>> What political solution do you envision exactly?
> Given the choice, I would roll increases in executive authority related to the 
> pursuit of war or espionage back to what we had before the PATRIOT act. This is 
> something we can state in one sentence and that makes sense. IMO it is a 
> workable campaign and one you should join.

How do you propose that this will ensure we won't return here? And how
will your political successes impact your safety when it is another
government taking these actions?

>>   I'm really curious to
>> hear how you're going to defend your computer or from attackers with
>> nation state capabilities (or less) with a political solution.
> How else can I defend my computer? I do not decieve myself that they are stopped 
> by any technical measure that you or I are capable of. They can break down the 
> door and water-board me if they want to. I am completely helpless before them 
> except for what I can achieve politically.

Ah, I see. You're seriously wrong and pretty much provably so!

The documents released by Snowden clearly state it - as an example in
the Guardian Tor story, they specifically said that they can't
deanonymize everyone all the time - it forces them to target and to
target for memory corruption related exploitation specifically:


http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption

http://www.theguardian.com/world/2013/oct/04/tor-attacks-nsa-users-online-anonymity

http://www.theguardian.com/world/interactive/2013/oct/04/tor-stinks-nsa-presentation-document

http://www.theguardian.com/world/interactive/2013/oct/04/tor-high-secure-internet-anonymity

Technical counter measures causes NSA dragnet surveillance to fail and
it reduces them to specific targeting of individuals. If you are
targeted, as I am no doubt targeted, you're right - you're probably not
up for the task. Seriously though - I would encourage you not to mistake
your inability with a general inability. I have computers where the NSA
would be foolish to touch them because the moment that they do, I'll
drop their technique, their payloads and everything related on the front
page of a major news paper. A political and a technical solution all in
one, as it should be, I might add.

Properly implemented cryptography works wonders and it will help reduce
a lot of suffering if we deploy it widely. I'm not sure why you refuse
to acknowledge this fact.

All the best,
Jacob