Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01

Phillip Hallam-Baker <> Thu, 05 December 2013 04:04 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id C52E51AE192 for <>; Wed, 4 Dec 2013 20:04:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id ZjgUQl1Z2AJh for <>; Wed, 4 Dec 2013 20:04:03 -0800 (PST)
Received: from ( [IPv6:2a00:1450:400c:c03::231]) by (Postfix) with ESMTP id 3040A1AE031 for <>; Wed, 4 Dec 2013 20:04:02 -0800 (PST)
Received: by with SMTP id u56so232287wes.8 for <>; Wed, 04 Dec 2013 20:03:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=NI0a7wfGHvFA3WPxh4wH7FLyTZaFTCjBTDbnYaJUDDw=; b=rlIKp/DqtNY4cTPdoUNdJkGFrFtigN9EM41U63mytVhbMAKixRj3trAZ7DNzHlBYqy 63Ty+iIuSrgPbeWk/I0EHeHDMAco9f70DwVGw5BTTmFT9Rm0dzxjGonmpGOiQT7Nk2ep bfuHZOpqZc2AYZlDIfmq7lLkBn/0HktcYN64yFg1z35jOctGsryomDKop3dI5wuBIMLZ V83GeJLPRDHmRh+0ZH6Np4rxxkrVtu39lRiZ5rAi5F8Q1ks23j6K+ngrv+DzpcJqvTWB XY7jZdY02BueVrlZrHXF5O+Sqrbrct+sHF7MCoyBB4W6VkNRpd9/L26JODg3QGwn5iIk tFSw==
MIME-Version: 1.0
X-Received: by with SMTP id k3mr10018998wix.34.1386216239509; Wed, 04 Dec 2013 20:03:59 -0800 (PST)
Received: by with HTTP; Wed, 4 Dec 2013 20:03:59 -0800 (PST)
In-Reply-To: <>
References: <> <> <> <> <>
Date: Wed, 4 Dec 2013 23:03:59 -0500
Message-ID: <>
From: Phillip Hallam-Baker <>
To: Bruce Perens <>
Content-Type: multipart/alternative; boundary=f46d043d655789ba7404ecc19e6d
Cc: perpass <>
Subject: Re: [perpass] Commnets on draft-farrell-perpass-attack-00 was RE: perens-perpass-appropriate-response-01
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "The perpass list is for IETF discussion of pervasive monitoring. " <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 05 Dec 2013 04:04:05 -0000

On Wed, Dec 4, 2013 at 6:35 PM, Bruce Perens <> wrote:

>  On 12/04/2013 02:57 PM, Phillip Hallam-Baker wrote:
> When someone starts accusing everyone of treason it isn't so much
> refutation that is appropriate as the men in white coats.
> Oh, come on Phillip. I did not accuse anyone, I said that it was arguably
> criminal or treasonous, and warned of the danger to you.

It seemed like more of a threat to me.

The NSA is very aware of the work that I am doing and its purpose. I
presented the work at MIT the week before Vancouver with several current
NSA employees present and a former NSA director.

One thing we know the NSA is going to need is usable data level security.
The only thing that differentiates my proposal from previous ones is that
(1) it requires exactly the same degree of effort as regular mail, (2) it
does not depend on building out infrastructure before deployment and (3) it
supports a policy layer so that in addition to discovering the recipient's
key, an application can determine the security policy of the recipient.

In other words, what differentiates my proposal is that it has a chance of
keeping Britain, American and their allies safe against the attacks that
are now going to be coming from all the other governments that are now
going to be playing copycat in the wake of Snowdonia.

The NSA is charged with two missions, not one. Protecting the US and its
allies from attack is far more important than attacking other countries.
The US has an electricity infrastructure that would embarrass many third
world countries, it has been defeated by squirrels let alone cyber-attacks.

Cyberwarfare has many of the same characteristics as terrorism. the
barriers to entry are low. It is inherently non-attributable and so
deterrence is infeasible. Any attempt to set red lines opens up the risk of
a false flag attack. And what might shock you is that people who have spent
their lives studying war had to have that pointed out by me.

Cyber is inherently destabilizing. And the risk is not just of a cyber
attack against the US and its allies. An attack against Russia or China
could lead to catastrophic consequences as well. Neither has the capacity
to develop an effective cyber defense in their critical infrastructure
unless the western powers develop the technology first. One of the ugly
costs of relying on industrial espionage is that it destroys any chance of
developing an indigenous research capacity.

The issues are vastly more complex than you imagine. NSA 1.0 spent its time
cracking mechanical ciphers to enable the CIA coups that stopped when the
world moved to digital in the mid 70s. NSA 2.0 grew large fat and lazy
while its military management spent their time boosting each other's egos
with (unsecured) Powerpoint presentations that almost certainly exaggerate
their capabilities.

We don't know what NSA 3.0 is going to be doing but it isn't going to have
anything like the intercept capabilities of the past and it will be two
congresses before they have any ability to shape the political landscape