Tuesday, 31 May 2016 / TRUTH-OUT.ORG
  • The Elites and the Rise of Donald Trump

    Dean Baker: Donald Trump passed the threshold of committed delegates that gives him a lock on the Republican Party presidential nomination. It's worth considering what led to Trump's rise in the first place.

  • Congress Bows to the Chemical Lobby on Toxics Regulation

    New legislation would make it harder for states and the EPA to regulate toxic chemicals in toys, building materials and clothing, but President Obama still has a chance to veto.

Forgetting the Lesson of Cypherpunk History: Cryptography Is Underhanded

Saturday, 06 December 2014 12:26 By Bill Blunden, Truthout | Op-Ed
  • font size decrease font size decrease font size increase font size increase font size
  • Print

2014.12.7.Encryption.main"To put all of your eggs in the encryption basket is to chase after an illusion conjured artfully by propagandists," says Bill Blunden. (Image via Shutterstock)Those who extol the virtues of commercial technology as a means of remediation to government and other cyber-surveillance - suggesting that companies like Google and Apple, conspicuously deploying encryption to protect user data, will gradually foster near universal internet privacy - forget cypherpunk history.

There's a general theme that recurs as the Snowden affair unfolds. Specifically, several high profile figures have openly extolled the virtues of commercial technology as a means of remediation, with the basic narrative that companies like Google and Apple, having conspicuously deployed encryption to protect user data, will encourage other vendors to do the same and gradually foster near universal internet privacy.

Proponents of this narrative direct our attention to the recent outcry by officials like FBI director James Comey or GCHQ director Robert Hannigan. They presume that the uproar is evidence that encryption is a potent defense against government spying. But are high-level apparatchiks like Comey and Hannigan sincere in their protest or are they simply lending credibility to the high-tech industry's marketing campaign to reassure users that their data is safe? After all, if the FBI or the GCHQ, Britain's intelligence agency, makes a fuss then it must mean that Google's encryption is solid, right?

In an article that appeared recently in The Intercept, Glenn Greenwald extended his vote of confidence to both Google and Apple in this regard:

It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive.

While he acknowledges the existence of propaganda at work in the above excerpt please note the caveat at the end. That a journalist like Greenwald would accept guarantees of genuine protection from Google or Apple is an ominous sign. Because when it comes to acquiring market share, vendors are well aware that they don't necessarily have to offer genuine security so much as merely the impression of genuine security.

High-Tech's Magic Act

Let's just say there are good reasons why foreign security services are returning to typewriters. As far as security is concerned, high-tech products rarely deliver what they promise. The history of Silicon Valley is littered with bold initiatives that assured cyber security and then resulted in an endless trail of critical flaws (accidental or otherwise) rendering users vulnerable to cyber spies and crooks. The NSA itself admits as much:

Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems.

Industry players like Crypto AG, RSA and Microsoft stand out as prime examples. Likewise the Tor anonymity network was widely hailed as the guarantor of internet privacy only to witness alleged promises of confidence grotesquely pulled apart by a parade of federal investigators, academic researchers and state-sponsored spies. Don't even get me started about the serial failures of HTTPS. The Heartbleed bug was aptly named as it drove a stake through the notion that encryption is a cure-all and revealed it instead as a clever sleight of hand. It would be naïve to assume that a flaw like Heartbleed is an isolated incident.  

Cypherpunk History

History demonstrates that Greenwald's encryption-laden narrative is the stuff of pleasant fiction and that the outward acts of bold defiance tend to indicate concealed acts of collaboration. Once more the most widely used products are also the most likely to be subverted. What better way to intercept sensitive information than to convince users to mistakenly put their faith in technology that they magically believe will keep their secrets safe?

Back in the 1980s and 1990s, a group of encryption mavens known as cypherpunks sought to protect individual privacy by making "strong" encryption available to everyone. To this end they successfully spread their tools far and wide such that there were those in the cypherpunk crowd who declared victory. Thanks to Edward Snowden, we know how this story actually turned out. The NSA embarked on a clandestine, industry-spanning, program of mass subversion that weakened protocols and inserted covert backdoors into a myriad of products. Technology promoted as "secure" quietly and intentionally failed on behalf of national security.

The depth of this betrayal is hard to overstate.

One lesson that can be derived from cypherpunk lore is that it's extremely hazardous to put blind faith in technology. The public record shows that prominent high-tech companies actively assisted the surveillance state in relationships that have existed for decades. Corporate spokespeople brazenly lied about doing so when confronted with accusations of complicity. Are we to assume that they've turned over a new leaf?

High-Tech as a Serial Adulterer

Greenwald believes that leaked documents will induce Silicon Valley to clean up its act. But given the systemic forces at work, Silicon Valley will likely continue to consort with spies. In light of wage cartels, slave labor and wanton tax avoidance, it should be clear that high-tech companies have absolutely no shame at all. Like a textbook psychopath, most corporate entities really care about one thing only: profit. Caught in bed with the intelligence services, they'll simply keep on selling more lies.

Why should they clean up their act when it's cheaper and more profitable to sell snake oil to rubes? In the C-suites of Silicon Valley managing bad publicity is largely a matter of cleverly devised public relations. Having beguiled their users with a newly minted "encryption everywhere" sales pitch they will return to their old ways. High-tech executives, you see, want to have their cake and eat it too. People raking in billions are used to getting what they want: patronize the unwashed masses with talk of improved security and simultaneously maintain their links to their brethren in the intelligence services.

Shared Class Interest

The reality is that companies tend to collaborate with spies as a matter of shared class interests. There are subtle affinities that link corporate officers and intelligence officers beneath the surface of the body politic, an interface that has been referred to as the Deep State. Leaked documents show how spymasters and CEOs communicate via e-mail on a casual first-name basis. Indeed, writers like Julian Assange and Yasha Levine have described in detail the far-reaching links between high-tech companies, the Pentagon and the US State Department - the sort of relationships that President Eisenhower warned against in his 1961 farewell speech.

As former CIA officer John Stockwell observed both large corporations and intelligence services are "vigorously committed to supporting the system." Another former CIA officer, Philip Agee, explained this dynamic more bluntly, stating that the intelligence services are the "logical, necessary manifestations of a ruling class's determination to retain power and privilege." These assertions have been rigorously documented by activists like William Blum and filmmakers like Scott Noble.

In a nutshell, US intelligence pursues the interests of private capital. Snowden indicated as much in an open letter to Brazil. He warned, in no uncertain terms, that the surveillance state has little to do with preventing terrorism and that instead it was focused on "economic spying, social control, and diplomatic manipulation." There's no doubt whom this sort of activity actually benefits.

There Is No Refuge From Politics

Can the public rely on an app to safeguard its civil liberties? Universal encryption as a panacea is an appealing canard because it offers the chimera of a quick fix, an escape from more onerous and labor-intensive solutions - not to mention the opportunity for entrepreneurs to sell us things. "Genuine security? Wow, let me break out my check book!"

The surveillance state is motivated by the desire for power, the power to subvert technology and raise up an Eye of Providence behind a shroud of official secrecy. Power is rooted in politics. To put all of your eggs in the encryption basket is to chase after an illusion conjured artfully by propagandists. To save our civil liberties, we must recall our constitutional duty as citizens in a republic born out of revolution. Small as the windows of opportunity may seem we still have a system that admits the possibility of change. We must rise to seize this possibility, to recapture our government and remake the rules by which it operates. People in the past have mobilized to implement fundamental changes and we must do so again.

Copyright, Truthout. May not be reprinted without permission.

Bill Blunden

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics and institutional analysis. He is the author of several books, including The Rootkit Arsenal, and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.


Hide Comments

blog comments powered by Disqus
GET DAILY TRUTHOUT UPDATES
Optional Member Code

FOLLOW togtorsstottofb


Featured Videos

Forgetting the Lesson of Cypherpunk History: Cryptography Is Underhanded

Saturday, 06 December 2014 12:26 By Bill Blunden, Truthout | Op-Ed
  • font size decrease font size decrease font size increase font size increase font size
  • Print

2014.12.7.Encryption.main"To put all of your eggs in the encryption basket is to chase after an illusion conjured artfully by propagandists," says Bill Blunden. (Image via Shutterstock)Those who extol the virtues of commercial technology as a means of remediation to government and other cyber-surveillance - suggesting that companies like Google and Apple, conspicuously deploying encryption to protect user data, will gradually foster near universal internet privacy - forget cypherpunk history.

There's a general theme that recurs as the Snowden affair unfolds. Specifically, several high profile figures have openly extolled the virtues of commercial technology as a means of remediation, with the basic narrative that companies like Google and Apple, having conspicuously deployed encryption to protect user data, will encourage other vendors to do the same and gradually foster near universal internet privacy.

Proponents of this narrative direct our attention to the recent outcry by officials like FBI director James Comey or GCHQ director Robert Hannigan. They presume that the uproar is evidence that encryption is a potent defense against government spying. But are high-level apparatchiks like Comey and Hannigan sincere in their protest or are they simply lending credibility to the high-tech industry's marketing campaign to reassure users that their data is safe? After all, if the FBI or the GCHQ, Britain's intelligence agency, makes a fuss then it must mean that Google's encryption is solid, right?

In an article that appeared recently in The Intercept, Glenn Greenwald extended his vote of confidence to both Google and Apple in this regard:

It is well-established that, prior to the Snowden reporting, Silicon Valley companies were secret, eager and vital participants in the growing Surveillance State. Once their role was revealed, and they perceived those disclosures threatening to their future profit-making, they instantly adopted a PR tactic of presenting themselves as Guardians of Privacy. Much of that is simply self-serving re-branding, but some of it, as I described last week, are genuine improvements in the technological means of protecting user privacy, such as the encryption products now being offered by Apple and Google, motivated by the belief that, post-Snowden, parading around as privacy protectors is necessary to stay competitive.

While he acknowledges the existence of propaganda at work in the above excerpt please note the caveat at the end. That a journalist like Greenwald would accept guarantees of genuine protection from Google or Apple is an ominous sign. Because when it comes to acquiring market share, vendors are well aware that they don't necessarily have to offer genuine security so much as merely the impression of genuine security.

High-Tech's Magic Act

Let's just say there are good reasons why foreign security services are returning to typewriters. As far as security is concerned, high-tech products rarely deliver what they promise. The history of Silicon Valley is littered with bold initiatives that assured cyber security and then resulted in an endless trail of critical flaws (accidental or otherwise) rendering users vulnerable to cyber spies and crooks. The NSA itself admits as much:

Current security efforts suffer from the flawed assumption that adequate security can be provided in applications with the existing security mechanisms of mainstream operating systems.

Industry players like Crypto AG, RSA and Microsoft stand out as prime examples. Likewise the Tor anonymity network was widely hailed as the guarantor of internet privacy only to witness alleged promises of confidence grotesquely pulled apart by a parade of federal investigators, academic researchers and state-sponsored spies. Don't even get me started about the serial failures of HTTPS. The Heartbleed bug was aptly named as it drove a stake through the notion that encryption is a cure-all and revealed it instead as a clever sleight of hand. It would be naïve to assume that a flaw like Heartbleed is an isolated incident.  

Cypherpunk History

History demonstrates that Greenwald's encryption-laden narrative is the stuff of pleasant fiction and that the outward acts of bold defiance tend to indicate concealed acts of collaboration. Once more the most widely used products are also the most likely to be subverted. What better way to intercept sensitive information than to convince users to mistakenly put their faith in technology that they magically believe will keep their secrets safe?

Back in the 1980s and 1990s, a group of encryption mavens known as cypherpunks sought to protect individual privacy by making "strong" encryption available to everyone. To this end they successfully spread their tools far and wide such that there were those in the cypherpunk crowd who declared victory. Thanks to Edward Snowden, we know how this story actually turned out. The NSA embarked on a clandestine, industry-spanning, program of mass subversion that weakened protocols and inserted covert backdoors into a myriad of products. Technology promoted as "secure" quietly and intentionally failed on behalf of national security.

The depth of this betrayal is hard to overstate.

One lesson that can be derived from cypherpunk lore is that it's extremely hazardous to put blind faith in technology. The public record shows that prominent high-tech companies actively assisted the surveillance state in relationships that have existed for decades. Corporate spokespeople brazenly lied about doing so when confronted with accusations of complicity. Are we to assume that they've turned over a new leaf?

High-Tech as a Serial Adulterer

Greenwald believes that leaked documents will induce Silicon Valley to clean up its act. But given the systemic forces at work, Silicon Valley will likely continue to consort with spies. In light of wage cartels, slave labor and wanton tax avoidance, it should be clear that high-tech companies have absolutely no shame at all. Like a textbook psychopath, most corporate entities really care about one thing only: profit. Caught in bed with the intelligence services, they'll simply keep on selling more lies.

Why should they clean up their act when it's cheaper and more profitable to sell snake oil to rubes? In the C-suites of Silicon Valley managing bad publicity is largely a matter of cleverly devised public relations. Having beguiled their users with a newly minted "encryption everywhere" sales pitch they will return to their old ways. High-tech executives, you see, want to have their cake and eat it too. People raking in billions are used to getting what they want: patronize the unwashed masses with talk of improved security and simultaneously maintain their links to their brethren in the intelligence services.

Shared Class Interest

The reality is that companies tend to collaborate with spies as a matter of shared class interests. There are subtle affinities that link corporate officers and intelligence officers beneath the surface of the body politic, an interface that has been referred to as the Deep State. Leaked documents show how spymasters and CEOs communicate via e-mail on a casual first-name basis. Indeed, writers like Julian Assange and Yasha Levine have described in detail the far-reaching links between high-tech companies, the Pentagon and the US State Department - the sort of relationships that President Eisenhower warned against in his 1961 farewell speech.

As former CIA officer John Stockwell observed both large corporations and intelligence services are "vigorously committed to supporting the system." Another former CIA officer, Philip Agee, explained this dynamic more bluntly, stating that the intelligence services are the "logical, necessary manifestations of a ruling class's determination to retain power and privilege." These assertions have been rigorously documented by activists like William Blum and filmmakers like Scott Noble.

In a nutshell, US intelligence pursues the interests of private capital. Snowden indicated as much in an open letter to Brazil. He warned, in no uncertain terms, that the surveillance state has little to do with preventing terrorism and that instead it was focused on "economic spying, social control, and diplomatic manipulation." There's no doubt whom this sort of activity actually benefits.

There Is No Refuge From Politics

Can the public rely on an app to safeguard its civil liberties? Universal encryption as a panacea is an appealing canard because it offers the chimera of a quick fix, an escape from more onerous and labor-intensive solutions - not to mention the opportunity for entrepreneurs to sell us things. "Genuine security? Wow, let me break out my check book!"

The surveillance state is motivated by the desire for power, the power to subvert technology and raise up an Eye of Providence behind a shroud of official secrecy. Power is rooted in politics. To put all of your eggs in the encryption basket is to chase after an illusion conjured artfully by propagandists. To save our civil liberties, we must recall our constitutional duty as citizens in a republic born out of revolution. Small as the windows of opportunity may seem we still have a system that admits the possibility of change. We must rise to seize this possibility, to recapture our government and remake the rules by which it operates. People in the past have mobilized to implement fundamental changes and we must do so again.

Copyright, Truthout. May not be reprinted without permission.

Bill Blunden

Bill Blunden is an independent investigator whose current areas of inquiry include information security, anti-forensics and institutional analysis. He is the author of several books, including The Rootkit Arsenal, and Behold a Pale Farce: Cyberwar, Threat Inflation, and the Malware-Industrial Complex. Bill is the lead investigator at Below Gotham Labs.


Hide Comments

blog comments powered by Disqus