Schneier on Security
A blog covering security and security technology.
« Security Theater in American Diplomatic Missions |
| Anonymous Claims it Sabotaged Rove Election Hacking »
November 19, 2012
E-Mail Security in the Wake of Petraeus
I've been reading lots of articles discussing how little e-mail and Internet privacy we actually have in the U.S. This is a good one to start with:
The FBI obliged -- apparently obtaining subpoenas for Internet Protocol logs, which allowed them to connect the sender’s anonymous Google Mail account to others accessed from the same computers, accounts that belonged to Petraeus biographer Paula Broadwell. The bureau could then subpoena guest records from hotels, tracking the WiFi networks, and confirm that they matched Broadwell’s travel history. None of this would have required judicial approval -- let alone a Fourth Amendment search warrant based on probable cause.
While we don't know the investigators’ other methods, the FBI has an impressive arsenal of tools to track Broadwell’s digital footprints -- all without a warrant. On a mere showing of "relevance," they can obtain a court order for cell phone location records, providing a detailed history of her movements, as well as all people she called. Little wonder that law enforcement requests to cell providers have exploded -- with a staggering 1.3 million demands for user data just last year, according to major carriers.
An order under this same weak standard could reveal all her e-mail correspondents and Web surfing activity. With the rapid decline of data storage costs, an ever larger treasure trove is routinely retained for ever longer time periods by phone and Internet companies.
Had the FBI chosen to pursue this investigation as a counterintelligence inquiry rather than a cyberstalking case, much of that data could have been obtained without even a subpoena. National Security Letters, secret tools for obtaining sensitive financial and telecommunications records, require only the say-so of an FBI field office chief.
While the details of this investigation that have leaked thus far provide us all a fascinating glimpse into the usually sensitive methods used by FBI agents, this should also serve as a warning, by demonstrating the extent to which the government can pierce the veil of communications anonymity without ever having to obtain a search warrant or other court order from a neutral judge.
The guest lists from hotels, IP login records, as well as the creative request to email providers for "information about other accounts that have logged in from this IP address" are all forms of data that the government can obtain with a subpoena. There is no independent review, no check against abuse, and further, the target of the subpoena will often never learn that the government obtained data (unless charges are filed, or, as in this particular case, government officials eagerly leak details of the investigation to the press). Unfortunately, our existing surveillance laws really only protect the "what" being communicated; the government's powers to determine "who" communicated remain largely unchecked.
This is good, too.
The EFF tries to explain the relevant laws. Summary: they're confusing, and they don't protect us very much.
My favorite quote is from the New York Times:
Marc Rotenberg, executive director of the Electronic Privacy Information Center in Washington, said the chain of unexpected disclosures was not unusual in computer-centric cases.
"It's a particular problem with cyberinvestigations -- they rapidly become open-ended because there’s such a huge quantity of information available and it’s so easily searchable," he said, adding, "If the C.I.A. director can get caught, it’s pretty much open season on everyone else."
And a day later:
"If the director of central intelligence isn't able to successfully keep his emails private, what chance do I have?" said Kurt Opsahl, a senior staff attorney at the Electronic Frontier Foundation, a digital-liberties advocacy group.
In more words:
But there's another, more important lesson to be gleaned from this tale of a biographer run amok. Broadwell's debacle confirms something that some privacy experts have been warning about for years: Government surveillance of ordinary citizens is now cheaper and easier than ever before. Without needing to go before a judge, the government can gather vast amounts of information about us with minimal expenditure of manpower. We used to be able to count on a certain amount of privacy protection simply because invading our privacy was hard work. That is no longer the case. Our always-on, Internet-connected, cellphone-enabled lives are an open door to Big Brother.
Remember that this problem is bigger than Petraeus. The FBI goes after electronic records all the time:
In Google’s semi-annual transparency report released Tuesday, the company stated that it received 20,938 requests from governments around the world for its users’ private data in the first six months of 2012. Nearly 8,000 of those requests came from the U.S. government, and 7,172 of them were fulfilled to some degree, an increase of 26% from the prior six months, according to Google’s stats.
So what's the answer? Would they have been safe if they'd used Tor or a regular old VPN? Silent Circle? Something else? This article attempts to give advice; this is the article's most important caveat:
DON'T MESS UP It is hard to pull off one of these steps, let alone all of them all the time. It takes just one mistake -- forgetting to use Tor, leaving your encryption keys where someone can find them, connecting to an airport Wi-Fi just once -- to ruin you.
"Robust tools for privacy and anonymity exist, but they are not integrated in a way that makes them easy to use," Mr. Blaze warned. "We've all made the mistake of accidentally hitting 'Reply All.' Well, if you're trying to hide your e-mails or account or I.P. address, there are a thousand other mistakes you can make."
In the end, Mr. Kaminsky noted, if the F.B.I. is after your e-mails, it will find a way to read them. In that case, any attempt to stand in its way may just lull you into a false sense of security.
Some people think that if something is difficult to do, "it has security benefits, but that’s all fake -- everything is logged," said Mr. Kaminsky. "The reality is if you don't want something to show up on the front page of The New York Times, then don't say it."
The real answer is to rein in the FBI, of course:
If we don't take steps to rein in the burgeoning surveillance state now, there’s no guarantee we'll even be aware of the ways in which control is exercised through this information architecture. We will all remain exposed but the extent of our exposure, and the potential damage done to democracy, is likely to remain invisible.
"Hopefully this [case] will be a wake-up call for Congress that the Stored Communications Act is old and busted," Mr Fakhoury says.
I don't see any chance of that happening anytime soon.
EDITED TO ADD (12/12): E-mail security might not have mattered.
Posted on November 19, 2012 at 12:40 PM
• 56 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I use Apple Mail. There are a few things in it that are a) relatively easy to set up and use and b) can greatly improve your security and privacy.
Under Mail Preferences, Composing, enable the option to mark addresses not ending with "allowed" domains. I set up my own domain and the one I use at work. Now, any time I address mail to someone outside these domains their address turns bright red and I know I need to be more careful about what I send.
For the security aspect of it, I use CACert personal certificates with Apple Mail's natural S/MIME support—S/MIME is supported by pretty much every desktop class mail reader, even Outlook Express. This conveniently works across the desktop and my iOS devices, too. The only gotcha I've found so far is that the order you register certificates in Keychain matters; the first "wins", so when your certificate expires you will need to export your current one, delete it, import the new one, then import the old one. PITA, but a minor hassle compared to having encrypted and digitally signed e-mail.
But remember! S/MIME encryption can only encrypt the body of the message; the headers (from/to/cc/subject/date) are all sent in the clear. Also remember to pad your message with random data of variable length prior to encryption as one can glean information merely from the size of a message.
For redirecting my requests I use a simple SSH dynamic SOCKS proxy (ssh -D ; proxy through localhost:) and consistent use of such (or a VPN) can prevent association of an "anonymous" account with your other browsing habits. But like the advice article says, don't mess up. A single accidental authentication over the wrong connection can set up associations you don't want.
I can think of a lot of ways that "connecting to an airport Wi-Fi just once" MIGHT be a bad thing, but I'm not sure I understand the one or several the author is referring to by saying this. Why would connecting to a wifi airport just once be the death knell for anonymity? Certainly if you're using something like TAILS with Tor preconfigured and being super-spy about it (typing using on-screen keyboard, encrypting everything, etc), what damage could an airport wifi do? I just don't understand what they're inferring.
If you think the FBI shouldn't have done this to a respected member of the C.I.A then the U.S president could sign an executive order giving immunity to subpoena records of heads of state, military and security.
You know, it is amusing to watch a cop-show on TV hear the investigator say to the perp, "TelCo informs us that your phone was near the scene of the crime when it happened. Makes your alibi kind of weak."
Usually, they mutter something about a warrant for searches of the home. I'm not sure if they say anything about warrants when requesting incoming/outgoing call logs.
But it is disturbing to realize that the Police (at any level from Local P.D. to the Feds, at least inside the U.S.) can easily get that data about anyone they are interested in.
A warrant requirement would be some protection; but I'm not sure how much data the average TelCo will release without receiving a warrant.
damage done to democracy
It's long past time to start worrying about the damage caused by
democracy. The surveillance state is here because the People have decided that it should be. There is no reason to suppose that it will go away; rather the reverse.
did the FBI know that they were researching the Director of the CIA at the beginning of the search?
If so, it is defensible.
If not, it is frightening what is in their usual toolkit for ordinary crimes. Even if they need a special toolkit for investigating members of the CIA and other parts of the FedGov.
One other side effect of the wide use of computer-based communication tools: it's kind of hard for the FBI to tell which email address is a private account for the Director of the CIA.
If communications were all paper-based (or even telegram-based, but the sending process requires an employee of the TelCo to process a form created by the sender), the physical process of creating/dispatching the messages leaves a large trail. It should be easy to tell if a CIA employee is sending messages in a suspicious way.
When the CIA employee may be one of millions accessing an email server from a non-government-owned computer, it is nearly impossible for the FBI to investigate only the stuff done by CIA employees.
Thus, the FBI has a good argument for maintaining its current practices, however much those practices invade the privacy of all Americans who come to their attention.
I certainly can't see that this case would lead to any sort of "wake-up call."
That would be inconsistent with the outcome, which tends to make the FBI look pretty good. They discovered a possible locus for CIA leakiness; who can argue that this is bad?
In effect, to argue against this is perceived as the same thing as to argue that it's AOK for the head of the CIA to commit adultery and hide it.
There are no particularly comfortable answers...
Would it be good practice to regularly used encrypted email with as many colleagues/friends/relatives, so that in the instances where encryption is required, it doesn't stand out?
If you are visiting Berlin, have a time to go STASI museum. You will see what survealance was possible just by manual work on paper.
Now consider how much easier it is with computers. Then you will understand why to fight against survealance state (or corporations).
I think everyone is missing a big point here, not a technical one, but related to expectations of privacy. The rules are different for people of Petraeus' clearance and rank.
At his level, the strategy has to be not keeping the data secure, as in encrypted, but to keep the question from ever being asked, because you can’t say “no”. That means the data has to remain unseen. That's the difference.
When you hold a security clearance, you can’t deny access if asked even if they can’t read anything by whatever means you used. So if they look at traffic and discover a lot of stuff they can’t read, if they do talk to you the first question is “Can I have the keys please?” The answer cannot be “No” if you’re the director of the CIA if the request is made at the right level.
But for argument's sake if the answer was “No” and I’m the asker, the next question would be one that you don’t need an FBI background to ask: “Are you having an affair?” He might, for a short time, be able to refuse, but he absolutely cannot lie. The consequences of lying at that security level and rank, not mention being illegal, would be far worse than the truth. I’d suspect too that refusal to answer would be grounds for losing that clearance.
Also, the mainstream media are reporting on the “affair” aspects, but the FBI typically doesn’t care unless you can be blackmailed.
But someone at that level put themselves in a compromising situation and arguably should have known better, a lapse of judgement.
When several congressmen are sent to prison as a result of this sort of situation, then it will be addressed - at least to the extent of not allowing them to monitor computers owned by congressmen. Someday someone will link the accounts of a congressman to a mafia don or Osama-bin-Laden-equivalent, and then we'll get cyber security. Until then, it's in the government's best interest to have all this remain quasi-legal.
Intersting, in GB there is MP-consituent privilged communication. Yes, if somebody intimidates public official by -email, there is no such protection. Clive may add some juice to that.
In order to monitor computers of gov. officials of particular rank it should be special high level of authorization body, like FISA court /Attroney General. I just don't know who should authoruze to monitor judge of FISA court. Any suggestion?
Time and again, that is not the problem to give LE agency/officer additional power tools matching new tasks, but the problem is to give such power without setting up mechanism of judicial oversight. Otherwise, that Agency is sooner or later become Stasi like.
Petraeus has signed up for some serious secrecy agreements that strip away much if not all of his privacy right off the bat, and for good reasons.
Using him as an example in this investigation is, IMHO, silly, but perhaps it will work because people do not know better.
I think there's more to the story than meets the eye. First of all, why would a federal agency get involved in a run-of-the-mill e-mail threat? What grounds did they have for even starting an investigation in the first place? As far as has been reported, there were never any death threats or anything of that sort, just a bunch of "stay away from my man" type of comments. This kind of thing, no doubt, happens thousands of times every day. What made this case so special?
The official story is that Jill Kelley got a "friend" from the FBI to investigate for her, but isn't this illegal? Is it not an abuse of power for a federal agent to do "favors" for a friend? Why has this agent not been disciplined or fired?
To me, that is the real story. There is nothing surprising about the amount of data an investigator can get without a warrant -- anyone in the IT industry understands that. To me, what should be pursued is why the FBI got involved in the first place and whether it was legal for them to have done so.
I hope this angle is what the EFF pursues.
1) It's not run-of-the mill when the DCIA is mentioned; 2) They want to eliminate the DCIA being tracked or monitored by unknown sources. But when an anonymous email warns a married woman off a married man... So is he in a compromising circumstance?
1&2) If DCIA is involved and the concern is genuine, No and No. 3)Naturally she'd go to someone she knew. 4) Probably has, but not for forwarding a concern. He could have been fired for NOT forwarding a potential issue involving DCIA, and the agent "friend" did not participate in the investigation.
And yes, you sign away a lot of privacy with a security clearance. You're not playing on the same field anymore.
I recon the USA needs a new bill of rights to update the constitution for the 21st century.
For example, such a constitution would add to the 5th amendment and make it clear that the courts (or cops) cant force you to hand over passwords, keys or anything else that only exists in your head. And that they cant force you to enter those passwords (that only exist in your head) into a system and unlock things for them.
The 4th amendment would have additions to cover new surveillance technology. For example, if the police stand on the road and can see cannabis plants growing through an open window, that's not a 4th amendment violation and I suspect privacy advocates etc would agree. But if the cops examine the same property in a different part of the electro-magnetic spectrum such as infra-red, when is a warrant required and when is it not? The law does not make this clear. (c.f. a number of recent court cases on this issue)
While we are at it, lets extend the 4th amendment and the definition of "in plain view" and "reasonable expectation of privacy" to cover the Internet and give greater protection to emails and other electronic communications.
Spell out that data stored on computer servers which can only be accessed with usernames, passwords and keys should be treated exactly the same as physical goods stored in a 3rd party storage facility that can only be accessed with keys. (the fact that the data may also be accessible to the owner of the service should not override that right to privacy in the same way that the fact that the landlord can access your rental property does not override your right to privacy in respect of that property)
I am sure there are other things that would be needed in a "digital bill of rights" but this is a start.
i personally think the CIA chief know exactly what FBI can do. even ordinary kids know whatever you upload to google or facebook also send to FBI and lots of other places and lots of other people read it. this is not logical CIA administrator upload text on google and think its secure. thats just so not true. i think maybe something about election happened as we know he prefer romney as president to obama so they just made a funny story about sex to feed public and then retired Petraeus ...
The bottom line, is that the original "cat fight" (as characterized by the FBI Tampa Office themselves) emails were the catalyst that set everything in motion. Those were sent using ZERO protection, other than the "Oh, I signed up on Gmail as Jane Doe". Amateurs, plain and simple. An $80 a year VPN account from Sweden would have prevented all this (Tor is a PITA to use for anything Google/Microsoft related, requiring CAPTCHA's every 5 seconds). But you *can* access the VPN over Tor. They were both just plain dumb, and all this "The DCIA isn't safe, neither are you" stuff is ridiculous...the guy and his CI gal were clueless about anon techniques. Here's one: hMail Server is free, and so is a no-ip.com host name with an MX record. Wait, let me guess: "That's too hard".... LOL at incompetent feds.
Bruce, are you blocking VPN's? I had to switch to one out of Italy to get this to post. If so, please stop, out of all the sites on the internet, this one should be the most privacy friendly. Thanks,
What bothers me most about this is that if you try to explain your privacy concerns to the average citizen of the United States on the street, you will get a suspicious stare and the question, "What are you trying to hide, anyway?" Most people consider hits level of government access into our lives a Good Thing.
Sorry, s/hits/this/. (At least I didn't mis-anagram "this" a different way.)
i think those of us who read this blog on the regular are painfully aware of the fact that nearly everything the average person does online is recorded for future (mis)use by various govt organizations, both in the US and elsewhere. that said, petraeus was clearly aware of this situation.
on a long list of things that could be held over petraeus' head, having women on the side is a pretty weak piece of info. afaict there was no reason for the matter to be handled in such a public fashion except to assassinate petraeus' career, which was looking quite rosy until the past couple weeks. since this occurred almost immediately after obama was re-elected it would not be surprising if people within the obama administration had a hand in blackballing petraeus, who would otherwise have been difficult to remove considering the public perception of his "successes" in iraq and at the cia.
to me, it seems clear that petraeus made some powerful enemies, either in the obama camp or elsewhere, and they ruined his career. i am glad this whole event is bringing the insanity of the current surveillance state to the surface but most ppl care more about twinkies than they do civil liberties.
Very good point!
Clear laws including Constitution and Bill of Rights in particular ( I am talking about being clear to general public as soon as they could be applied to average Joe) substantially decrease possibility of their selective application by either LE or courts. When laws and procedures of their application are clear, then Kafka's 'Trial' is less possible.
Yeah, the Law which regulates particular specific institutions (e.g. international relations, stock exchange, interbanking communication, transnational corporations and their taxation, etc.)
could not be so clear for average Joe - they are basically addressed to the professionals (aka lawyers), but when Law is affected or applied to day-by-day life of average citizen, it should be clearly understandable upfront out of its text for high school graduate what is legal and what is not, and what is exact (min and max) punishment.
I learned long ago, in the early years of the internet, never to put anything in electronic form* that I did not want someone else to know.
* email, files, phone calls, whatever ...
Simple. Make all email, private, corporate and government viewable to the public, like a giant public forum.
While you're at it, make all security camera feeds public and browseable.
No secrets. It'll be awesome. :-)
What does anyone here think of Hushmail? It looks like they gave their keys to the gov't a while back, but I never know what to believe in the "news" any more.
I have long help the position that email is no more secure than sending a postcard- I assume that anyone who really wants to can either read it or copy it anywhere along the route of travel.
That said, it would sure be nice if our government would stop surveilling us.
Google > NSA > CIA > FBI
Microsoft > Skype
All major wireless companies allow law enforcement to search/skim call databases
First step: Break up Google
Second step: Break up DHS
If people could convince Microsoft to do away with standard built-in Contacts folder in Outlook it would help in preventing i-worms. I don't use it. I have my own file with my own formatted contacts. There is strength in diversity!
That's great until you want to exchange encrypted email with someone who only uses webmail. Or indeed lacks the savvy to set up their own certificate.
And even if they manage it, all you've done is notify the authorities that you're exchanging email you consider worth hiding. They can still see who you emailed and when.
Unless you follow all of the advice at the end of Bruce's post fanatically, the authorities just come and take your computer. Or grab a copy of your certificate from the provider.
Email is a stupid medium for exchanging messages that you wish to keep secret.
Etherpad or some forum on an encrypted drive on a server that only accepts connections from Tor endpoints sited in some unfriendly country might work. But make sure you only connect from shared wifi spots using a live CD that randomises its MAC address and User Agent. Change spots regularly as it's still fairly easy to detect that someone's using Tor. Oh, peruse a map in a store occasionally: if it's obvious that all your wifi spots are centred on your house, you've wasted your time.
Personally, my security consists of putting a number _before_ "password". If my government scares me so much that I'm trying to hide from it then there are bigger problems than my personal security. I'd be better off setting myself on fire somewhere public.
Of course, I suspect you've moved away from the subject of Bruce's point which was about the power of authorities. In my personal dealings, I trust to my government to watch my bank accounts and employers while I get on with my life.
Bruce Schneier wrote:
"National Security Letters, secret tools for obtaining sensitive financial and telecommunications records, require only the say-so of an FBI field office chief."
This is not true. In 2007, a federal court ruled that the NSL (specifically the gag order preventing the target from being notified by the recipient or the recipient even seeking legal advice) violates the Constitution. If we follow this to it's logical conclusion, that would seem to make Administrative Subpoenas unconstitutional as well, since the target of the inquiry is also never notified. https://www.eff.org/node/60041
Then, when the UnPATRIOTic Act was renewed in 2006 (after the above case entered the courts), Congress amended it to provide the right of challenge to those letters and their don't-tell-anyone demands. But to the FBI, they seem to believe that even if the letter is challenged, the recipient must turn over information they want anyway, before a court has ruled on the matter. According to the Republican who drafted that amendment, that's just plain nonsense. http://bit.ly/TN363v
More interesting info here: http://bit.ly/TN39fN
As for securing the privacy of our electronic communications, it's easy enough to do, but the problem is that it's been made too complicated for the average technology-challenged person to implement. Using Tor, PGP, and PGP Whole Disk Encryption with strong, 2048 keys works for home users, and there's also the Enlocked (http://www.enlocked.com/) service for sending email directly from your Web email interface to anyone.
For sending email, text messages, and video from iPads, iPhones, and/or the iPod touch or other mobile devices, there's Wickr and Silent Circle; more are probably coming.
If some OS vendor (perhaps Apple?) would take the lead and integrate all of these things in their products so that there's no complicated setup involved, and use their Fast Elliptic Encryption technology, that would go a long way toward thwarting the government's efforts to spy on us, while keeping everything they do secret.
PGP still works as advertised. Sure its a hassle but every single 'cloud encryption' storage or email service can be backdoored much like hushmail. When hushmail is asked by the feds to unlock somebodys account they feed the user a keylogging screen that captures their pw so the feds can decrypt everything later. Im sure any company like Apple who comes up with easy to use cloud PGP will do the same if asked. You can't trust any company you can only trust free open source software and yourself to keep your emails private. Etherpad remote server isn't secure either you're now trusting the hosting company wont siphon keys or somebody else on the network with inside access to the server. Tor isn't exactly foolproof either who knows how many nodes are run by governments now to do timing analysis.
If you configure your exit node to always be a trusted torservers.net exit, and you have wrapped your tor traffic inside a vpn so its slightly more difficult for timing correlation attacks (like what happened to Jeremy Hammond, FBI sitting out front logging when his wireless started Tor traffic) and you use proper full disc encryption, with DDR3 ram that can't be cold analyzed to siphon keys, and you always PGP encrypt email using s medium like privacydat email in Egypt or privacybox in Germany you have a good chance of defeating surveillance.
Moxie marlinspike is working on an easy yet still secure PGP email solution for Android. Prob will be released in the next Whispercore rom in 2013
derk diggler wrote:
"[…] every single 'cloud encryption' storage or email service can be backdoored much like hushmail."
We're not talking about cloud encryption, but even if we were, it's not true that it can be "backdoored." Enlocked works by encrypting your message after it's received via https from your browser, and the unencrypted original is immediately erased; then the encrypted message is sent to the intended recipient.
After the message is received, the recipient authenticates themselves using their email address and password.
You might see this as a cloud-based solution, but I don't, since your email isn't depending on a single provider; you can use multiple providers anywhere in the world, so it would be very difficult to figure out who is sending these encrypted messages, and if there was anything in them worth trying to access.
As for your belief that Apple would willingly allow a backdoor to an encryption solution that might be integrated into OS X or iOS, that's just rampant paranoia. There is no backdoor for PGP, and none for FEE (Fast Elliptic Encryption). If there were, then the first casualties of that would be governments that use PGP, and they don't want their secrets exposed to the light of day.
It seems to me that the simplest solution is to just shun the US based public email systems.
My guess is that the FBI would have a harder time obtaining access information from the Chinese authorities about activities in a QQ account or Weibo (Chinese Twitter) account.
You could use this QQ account to forward information to a US Facebook account where the interested parties befriend this anonymous Facebook entity.
Well the 'backdoor' in hushmail is presenting the user who's emails the feds want with a new login screen that stores the password. So a MITM browser attack technically.
These other solutions that encrypt after the mail has been sent are only as secure as SSL which is not very secure. It also relies on trusting the original is unrecoverable which is unlikely if the host is using a wear leveling device like SSD. It also relies on them not doing the exact same thing hushmail does to get at user passwords. End to end PGP is the only safe method.
What I mean by 'backdoor' is a MITM attack ala hushmail not a weak encryption implementation.
As for going overseas that's also not secure, just because there's no official MLAT or diplomacy between countries doesn't mean low level negotiations don't happen. Iran handing over the activity of carders using a VPN there to the US feds has happened before, there's no automatic security that a foreign country wont sell you out for a low level incentive like a bribe.
tl;dr - end to end PGP you yourself encrypt is desired. Middle man solutions have proven to be unreliable, simply hosting overseas is even more risky as a country like China has no protections in place for privacy.
As for your belief that Apple would willingly allow a backdoor to an encryption solution that might be integrated into OS X or iOS, that's just rampant paranoia.
No it isn't. Just like many other companies, Apple has a very poor reputation when it comes to privacy and ethics (anybody say Foxconn or geo-location tracking ?) I don't know how much revenue they are getting from US government contracts/orders, but I'm sure it will be more than enough to at least consider a request in this direction when faced with a sudden ban on their products, cleverly disguised as "non-compliance" with certain standards or regulations.
The safest thing to day in today's surveillance society is to assume that every COTS commercial product and free service is backdoored or spying on you in some way or another. If it's found out about, the card of plausable deniability is pulled by calling it a bug, an easter egg, a service feature, an unfortunate left-over from the debug version or something similar. Probably the only reason why there isn't overt legislation making this practice mandatory (yet), is because this would make it impossible for a vendor/service provider to sell outside the country where that legislation would be applicable. But I'm pretty sure some thinktank is working on that.
Which brings us to the essence of Bruce's post: to which extent is it (still) possible to get legislation in place assuring people of even the most minimalistic expectance of privacy, digital or other. With what we're seeing today, it would seem that this is drifting more and more away into the direction of Thomas More's Utopia, reserved only for a very privileged elite, crypto geeks and cypher punks.
I got this friend named Bruce Schneier. A long time ago he told me that everyone's privacy has disappeared. He continued and said that government officials have also lost their privacy.
If there is any consolation, that is it.
It seems to me that the simplest solution is to just shun the US based public email systems
Correct, but as Nick P has pointed out you need to use several non cooperating nations in chains in such a way that mucking about at the botom three layers of the ISO OSI stack (or top+2 layers ;) by hostile entities is not going to weaken the security.
@ dirk diggler,
tl;dr - end to end PGP you yourself encrypt is desired. Middle man solutions have proven to be unreliable, simply hosting overseas is even more risky as a country like China has no protections in place for privacy.
Security is not the place people should be "tl;dr"ing.
As you should know end to end PGP is not solving the problem it is simply moving it to the issue of KeyMat distribution, and as such it is not appropriate for many purposes.
Likewise Middle Men solutions need not be a weakness, you just need to work out how to make any undesired actions by them ineffectual at best or preffereably make their actions sing out like a canary so you are alerted to their perfidy.
One rule of criminal activity with regards betrayal has been,
"Only work with those who have more to lose by betraying you than they could ever hope to gain by that betrayal."
As far as we can tell from written records it actually has it's roots in ancient chinese secret/oposition societies where being tortured to death was in effect a hobby for those who were in power. However it is safe to assume the idea almost certainly predates written reccords in any society we are aware of. The secret society members were well aware that if takin in for questioning by those in power that if they did not talk they would die slowly and very painfully by tourture. Further that even if they did talk they would also die just less painfully. So a threat of their death by the secret society was not realy effective. Thus the society threat of death was not against the member but against their family, friends and associets etc.
This idea of killing the loved ones has been independently thought up and used ever since and is one of the reasons for "witness protection". It is also this threat and that of rivals kidnapping or killing "lovedvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvvv
This applies especially to the likes of China
@ dirk diggler,
There are times when this smart phone tries my patience... As I was saying (before the keyboard driver talk a walk in the park),
This idea of killing the loved ones has been independently thought up and used ever since, and is one of the reasons for "witness protection". It is also this threat and that of rivals kidnapping or killing "loved ones" that has caused many a more "street wise" criminal not to have a wife/girlfriend or children and no contact with existing members of their family.
This "be in a position of power" idea is not always possible thus other methods have to be used. This applies especially to the likes of China or other state actors. However most of these state actors have more than one other nation state who they are not on friendly relationships with at any one time. And the basic idea behind the old Arabic saying of "mine enemies enemy is my friend" can be used with good effect.
But there are issues with this, you realy need to know not just the geo-political situation but also the Internet back bone and pinch point situation. Contrary to the way it appears on the surface the Internet realy does not have any respect for geo-political boundries and it's topology is radicaly different and often very odd. Thus traffic from country A to B to C to D might actually be A to B, back to A then on to C back to A again and then finally off to D, which obviously allows A to see it as traffic from A to D only and from A's perspective obviating the use of B and C by the individual wishing to hide the traffic (this is a major issue with anonymising networks like TOR, et al).
There is of course a solution to this problem and it is one that has two parts, the first to do with the message its self (contents and headers), the second with the way the message travels as traffic flow through the network.
That is firstly the message contents and headers need to be encrypted differently on each path (link encryption) between network nodes over and above any end to end encryption by PGP etc.
Secondly each link node also needs to split messages into multiple parts and randomly pad them. Then using "store and forward" send the message parts out of sequence along a number of different paths and at wildly varying times. Also idealy the apparent traffic between nodes should remain constant that is rate limiting and traffic padding need to be carried out on each path in the network so a constant signalling rate is maintained as long as the node is in the network. Also all signalling or "Enginering Order Wire" (EOW) traffic MUST be "in band" in each and every link.
Outside of Millitary/Gov and some specialised private corporate (V)PN message systems I'm unaware of any public or subscription networks that currently offer this minimum required level of protection, and without it such networks are vulnerable to various forms of traffic analysis.
@ Dirk Praet,
I don't know how much revenue they are getting from US government contracts/ orders, but I'm sure it will be more than enough to at least consider a request in this direction when faced with a sudden ban on their products, cleverly disguised as "non-compliance" with certain standards or regulations
I don't know if you are aware but Apple was setting up a secure production line in Texas.
It is a matter of speculation as to why, some say it's because the iPhone is becoming the US Mil defacto standard with the squadies, some say the same but for Gov employees, others say it's to stop the endless cycle of court battles to stop imports etc.
Whatever the reason it has been indicated that they are getting help from the likes of the NSA to make the equivalent of the "ObamaBerry" (if you remember that from four years ago) now that RIM are very much in the descendant on market share due to amongst other things preasure from foreign countries (India et al) for access to the "secure" messaging etc. So we may well see a "special" or "enhanced" iOS for Mil/Gov users.
What might even happen is a repeate of the CarrierIQ debacle where preasure is not put on the phone manufactures but on the service providers to put "network test" software on the phones and make it a required part of the user contract. From the NSA's "data gathering" point of view CarrierIQ was an absolute "god send" as it backdoored each phone to a level that would be unimaginable by "government edict" and all they had to do was copy the packets as they passed over the Internet to CarrierIQ's servers... God alone knows how many passwords/phrases and other juicy bits they grabbed including passphrases to "on phone" apps such as password managers and potentialy key files etc, I suspect we never will find out the full extent simply because CarrierIQ didn't keep records as such...
I have a simple phillosophy with this "personal" smart phone, I assume everything on it is or will be public knowledge. It thus stays 100% away from any non public personal activities and thus it's not at my side all the time and most certainly does not get used for private personal activities etc.
And before you ask yes sometimes it's a right pain but having had the likes of OfCom "tapping it" in the past (and they being daft enough to walk into a simple trap and thus get caught red handed) has taught me that's the way life is in the modern world in the UK atleast.
@Clive Ofcom dont tap phones :-) thats what the secret squirrels do (the internal nick name for that function in British telecom)
In fact Ofcomm's main job is to keep Rupert Murdoch sweet.
And guys 8000/6mo requests for a country the size of the USA is not that worrying - the FBI running out of control is.
Having traditional coppers involved with Counter inteligence never seems to turn out well. Hoover in the USA and Even in the UK Stiletoe wasn't a sucess as DG of Mi5 (and thats what the Official history says)
It's funny you should mention the world of publishing, I was in Sutton round behind the railway station just the other day.
@Clive Ofcom dont tap phones :-) thats what the secret squirrels do (the internal nick name for that function in British telecom)
Strictly speaking no OfCom don't they actually get the celphone companies to do it for them by installing a micro/pico cell or equivalent directly adjacent to the place they wish to use their supposed delegated authority under RIPA.
The particular clown at OfCom behind the survalence of the phone I was then using was somebody called Clive Corrie out of OfCom's Birmingham office (you can look him up on the Internet as he fancies himself as an expert on the subject of telecommunications legislation involving EU EMC and R&TTE legislation, and at one point used to be a conferance speaker you can see from this link http://www.traditional-jazz.com/mainpages/... that people have serious reason to doubt not just his supposed expertise but his basic competence in forfilling his legal duties. Worse he does not take note of information in reports he commisioned and obviously belives he knows better than the UKs Government Communications HQ who as world acknowledged experts in EmSec / TEMPEST are probably the most knowledgable UK Gov body in EMC and it's implications http://www.whatdotheyknow.com/request/... ).
Historicaly it's not just newspaper barons OfCom are supposed to keep happy, it's also old Actors come part owners of radio stations/networks like Baron "Dicky" Attenbourgh (of Richmond-upon-Thames) who at one time had a sizable stake in what you might know as Capital Radio.
There were in the first few years of this current millennium three main controling interests in local radio stations one of which you might know EMAP Radio (that got sold off to Bauer Media back in 2008) that was a holder of one of the DAB matrix licences.
Well these local radio interests had a lot of political clout with the UK Labour party due to a dirty under the cover deal pulled by Neil Kinnock when he was leader of Labour and was running in the General election to become PM etc (the electorate quite rightly regarded him as a sleaze bag and rejected him and labour at the general election despite all the support given by both the newspapers and radio stations and he went on to become a very questionable EU politician who's name has been linked with sleaze there). The legacy effect caused Tony Blair PM to have to "pay back" the likes of Murdooch and Co and he formed OfCom into one hugh organisation with way way to much authority and sense of it's own self importance as a result.
Thus OfCom became in effect judge jury and executioner in all things media and in reality kow-towed to big media interests in much the same way as various politicians have (see problems David cameron current PM had and also the misfortunes of Vince Cable MP who tried to stand up against Murdoch).
Now the one thing both big media and Labour hated with a passion is "Pirate Radio" nearly all the draconian laws with regard to it (like "the Marine Offences Act" and much other legislation that was to follow) are due to the lothing and hating of a "short fat bloke in an old flash mac" who alledgadly had a bit on the side who was "a Lady in name....". After a prolonged "dirty tricks" campaign by the BBC, Harold Willson blaimed Pirate Radio for some of his own self generated political failings (he and kinnock are birds of a feather in this respect and both ran "afowl" of the "establishment" of the likes of the MI5&6 for whom the "secret squirels" actually worked for).
So OfCom had a real political embarisment on it's hands in that Pirate radio was (and still is) running rampent in most major metropolitan areas of the UK (which is why DAB is being pushed so heavily because the "matrix" only alows licensed stations given in the matrix to be received, so a matrix licence holder is in a position of considerable power).
OfCom are tasked with the job of "licence enforcment" and act as their own private little police force running around trying to put Pirates off the air as they upset the interests of the media organisations who only want you to hear what they want you to hear with their "ordained playlists" designed purely for revenue earning (imagine X-Factor style manufactured band listening only ;-)
Well OfCom failed misserably to stop the Pirates and still do. They first started with raids etc, so when this failed as it very much has done since the old Home Office days, OfCom then went after those supplying advertising revenue to the Pirates and when this failed they went after equipment manufactures. They did this by a rather underhanded series of tactics, to understand this you need to understand the UK implementation of the EU R&TTE Directive and what is and is not considered "putting on the market" and what is and is not considered a "system" and part of a system such as a "sub-system" or "component". Sufficet to say OfCom's interpretation of the legisslation is so warped that it is at major variance with the rest of Europe. The only way they get away with it is that they are also responsible for deciding in effect who can and can cannot be Notifed Bodies in the UK for RT&TTE CE.
Now the problem OfCom had was that whilst they very proudly used their abilities under RIPA to get at advertisers and other service providers by wire tapping phones to gather evidence (they actually bosted of it on their web site), it did not work with the supposed Equipment suppliers. The reason for this is with few exceptions the equipment the Pirates were using was either stolen or sourced by buying through "cut outs" or even quite legitimate and well established organisations. So there was no evidence that the equipment manufactures had any contact let alone knowledge of who the Pirates were, to be gathered by wire tapping the equipment suppliers or those who worked for them were, or for that matter ceasing the equipment manufactures sales records .
Put simply those equipment manufactures suppling the equipment to the cuttouts had no ability to determine if those they were selling equipment to were then supplying on to Pirates or not especialy when the cut outs were in other European countries. OfCom's argument was that these manufactures must be omnipitent and be able to see the organisations they weere selling to were either cut outs or going to have their equipment stolen at some future point in time...
It's a bit like arguing that the manufacture of car engines MUST be able to forsee that some one is going to obtain an engine by stealing a car or buying from a scrap yard or other individual other than the manufacturer, and that this person who the manufacture has absolutly no knowledge of will build the stolen/secondhand engine into a "cut-n-shut" or other dangerous vehicle and then run down some little old lady with it.
It flys in the face of all reason and is why we have the legal doctrine of "first sale" where by the producer has no right to dictate what a person does with something after it has been legitimatly purchased from the producer. In return for not having the right to forever have a controling interest in the item that has been produced, the law accepts that after the initial sale the producer has no liability for what the item is used for by subsiquent purchasors and any harm caused unless the item was defective when first sold.
So OfCom tried various tricks to put small companies who were quite legaly manufacturing equipment and selling it within the rules of the market as defined by the EU out of business.
In a number of cases the companies realising that OfCom owned not just the bat and ball but the park as well and could move the goal posts where ever they wished decided that there was no point being in the UK and simply (on paper atleast) up sticks to another EU country and carried on as before.
There is one option for guaranteed privacy: mail love letters :) Lettermail is the last method of communication on earth still with strong privacy protection req a warrant to open and read. I temped at a law firm a yr ago and the vast majority of communication between lawyers was mail due to email being easily compromised
Lettermail is the last method of communication on earth still with strong privacy protection req a warrant to open and read.
Only in theory. It's trivial to intercept and read.
@ Clive Robinson re using law against trackers
"Correct, but as Nick P has pointed out you need to use several non cooperating nations in chains in such a way that mucking about at the botom three layers of the ISO OSI stack (or top+2 layers ;) by hostile entities is not going to weaken the security."
Appreciate the plug. I may or may not be the first to come up with the idea. However, it was definitely original and I was using it effectively almost a decade ago. It works (with caveats). It's more complex to get right now b/c the web, surveillance & legal system are complex.
Basic principles are still using standardized encrypted mail as transport, non-suspicious SSL/HTTP relays for each client's initial contact, mix-master-like intermediate nodes to fight traffic analysis, and paths leading thought at least 3 jurisdictions non-friendly to each other (my innovation).
Using standardized encryption like PGP or S/MIME, along with SSL/HTTP links, makes it stand out less to surveillance efforts casting wide nets. Mix-master type stuff is well-understood. My variant was inspired by Orange Book covert channel worries: fixed (mininum & max) message length for intermediaries, precise send/exchange periods. Interesting that cov. channel countermeasures help against traffic analysis a bit.
The last one deserves a paragraph of its own. My contribution came about observing the Bernstein case, Zimmerman's battles, Clipper, etc. I noticed govt was going crazy in court. Like multinational corporations, the main solution was to put it outside their jurisdiction and then reduce likelihood of cooperation. So, each hop would need to go through at least intMinCoopJur countries. I had a detailed analysis of various countries and my main picks are (mostly) still valid today.
Other notes. It's best that the intermediary nodes are owned by foreign corporations in countries with strong laws protecting them or their privacy. It must be clear, at least to authorities, that the American entity doesn't own them. And, like Tor/I2P/Freenet, the more people using it the better.
@ Dirk Praet re snail mail issues & advantages
Indeed, the mail isn't quite safe against government intrusion. Paladin Press (you didn't hear name from me) published plenty of interesting works over the years. One was dedicated to covertly opening envelopes. There's also that spray that makes them temporarily transparent. There's also... I'm sure people get the picture.
That said, the US Postal Service has quite high security standards compared to many organizations if the sender or receiver aren't being specifically watched by government. Postal security people I've met take their job quite seriously. Classified information has even been sent through them at times for that reason. JJ Luna, a privacy consultant, also had a method for using them to transfer large amounts of money.
So, one might make good use of USPS in a security scheme as an out of band channel. Two innocent addresses and pseudonyms. Send letters with critical data embedded via Cold War era stego, invisible ink or microdots. Use that critical data, maybe combined with preshared secret, to drive the process of exchanging information confidentially and/or anonymously.
@Dirk Praet, Snail Mail: It may be easy to read, but hard to get it accepted as evidence in court (depending on the country you're in; German law for example has rather weak protections against illegally acquired evidence). So, depending on what exactly you want to send, it may still be useful.
Snail Mail or POPS has some advantages over electronic mail when it comes to security.
First off is what it can carry in the way of a payloaad message is far far greater than Email will be capable of (unless we do develop teleporter type atomic scanners ;)
That is Email can only send information where as POPS sends physical objects on which informaation may or may not be encoded. Whilst raw information and visable information on objects such as print on paper is fairly easy to copy information that is not visable on a physical object is not and can be used in a number of ways.
Back in times past various countries did not trust "diplomatic post" or it's courriers and some countries still do not trust the diplomatic bag security either (understandably so, remember Sadam sent the "we've no WMD" dossier to the UN in NYC by diplomatic bag but the US Gov still took the dossier away to copy it etc prior to alowing it to go to the UN...).
So there is still quite an interest in encoding information in physical objects that make copying either extreamly difficult or tamper evident. One such way used by Russia (and presumably others) in the past was photographic film that was not fixed or not developed but was security watermarked in some way. That is you watermarked photographic film during it's manufacture then photographed the information onto the film in the usual way and either sent the raw film or first fixed it but did not develop it and then send that. To get the information your adversary would have to go through the full development cycle thus making it obvious that the film had been got at, and the watermark should prevent your adversary substituting new film to cover the tampering up.
I"ve seen some interesting work on watermarking / fingerprinting using faults in naturaly occurring crystals or other optical objects such that they can be used as a unique and unforgable fingerprints. As such these fingerprints can be used as the equivalent of serial numbers.
During the cold war arms limitations talks a system was put forward that consisted of using a clear plastic resin and very small pieces of chopped fiber glass strands of varing thickness and optical properties such as refractive index that get stired into the resin and then painted onto a prepared metal surface integral to a weapon (such as a gun breach). When dry it's optical properties throughout the EM range are distinctly unique and at the time considered impossible to forge. As we know similar uniques systems such as the way threads are woven / stiched / painted in are being looked at as a way to fingerprint / serial number valuable art works and religious and other documents of high worth as an aid to stop them being sold on the open market again if they are stolen.
If such random and unique fingerprints or serial numbers are made in the right way they can also be robust and thus be used as codes so mailing such an object can be used to transport random codes.
However as in the photographic film you can work out how to robustly but invisably impress information into the object it becomes rather usefull as a way to transport information secretly and securely. One such simple way is to look at some developments in "tamper evident" seals.
Secondly the POPS system currently does not tag and track objects where as courier services such as UPS, DHL, TNT, et al do. That is a POPS letter only needs a delivery address which whilst unique to the delivery is not unique to an individual letter, and the letter can be put in one of a myriad of post boxes which are not monitored to enter the POPS system therefore it's not possible to currently track a letter in the POPS system (but I suspect this will change). However a couriered parcel gets a unique seriel number when it is picked up from a known access point and it's progress tthrough the courier system is tracked.
However this inability to track POPS letters is likely to change. In the UK the "Royal Mail" POPS is experimenting with "print your own stamps at home". Basicaly the stamp is a printed serial number unique to the letter to limit forgery. Now it is almost certain that this serial number is traceable to the person buying the print service and that it can be tracked partialy or fully through the system if not today certainly in the near future as the Royal mail tries to compeate with the courier services in a reducing market. I would expect other POPS to follow likewise if they are opened out to unregulated comercial pressure.
That said the POPS just like the courier services will remain open too being more easily used for secrecy type activities than EMail firstly simply due to the economic preasures of keeping costs down will limit sender authentication checking and secondly because it's not yet possible to make 100% copies of physical objects.
The opportunities for abuse here are epic, especially as it allows monitoring of corporate email which gives unlimited insider trading information with no way to track how that information was leaked.
If I were an FBI employee I could make a fortune in the stock market all at the expense of those who play fair. If you have a 401k or IRA this isn't just a matter of "I have nothing to hide". It affects you even if you are innocent.
Let's get back to Petraeus's problem in its simplest form, and see if it could be solved in a way that ordinary people could use. His problem was that he wanted to hide the correspondence between two people from their respective spouses, and his failure was that he failed to anticipate any kind of official, or technically skilled investigation in the method he chose. (That lack of anticipation was, I agree, dumb, given who he was).
Nevertheless, his instinct, which was to "share" communications, rather than "send" them, seems to me to have been a good start. First because it restricts the number of copies and avoids the use of accounts to which there might be more frequent access. Second, the retention of communication is controlled by both parties, and that would offer some grounds for a dialog between the parties about what might be retained in the common account. Either party might write to the other " I decided to delete that from our account because I don't think we should be keeping an ongoing record of sensitive materials." Of course, neither could control the reckless retention of messages off-site by the other party, but dialog on the subject might make that less likely.
I also would suggest that instead of using a common e-mail account, as e-mail accounts always attract attention in investigations, they might have used a private, password protected page on a private blog.
If both had, in additon, used a commercial vpn service provider, I wonder if they would ever have been caught. Not that such a system would be secure from a focused investigation with subpoenas and the like, but it would have been a lot more trouble to figure out what was going on. It seems quite likely that a mutual discussion of the use of vpn services would have made the mistress more cautious when sending the threatening e-mails to her supposed rival.
Because affairs of this type involve a certain amount of mutual triumphalism and the need to express and receive admiration, it is probably impossible to keep sexual content out of the communications. Still, I also wonder if two very disciplined parties could not keep the content sufficiently innocuous that it would be hard for an outsider to recognize the precise nature of the relationship, even if the practical matters (when and where to meet) were to be obvious, if the rest of the effort at privacy were to fail.
Mistresses are not usually terribly bright, I suppose, and long distance communication over a longer period of time would have to be fairly simple. Would you really expect your mistress to keep track of key rings and the like?
Lets be honest, he was (and probably still is) a serial womanizer, we see this odd sort of risk taking behaviour in many successful people. I suspect it comes from a form of "self belief" that made them the success they apparently are in the first place.
That is of the various ways from zero to hero they get hooked on risk at some level.
Due to the way our society currently works you get (a certain type of) success in life by being noticed in one way or another by other people, and staying noticed for the "right reasons. For some it is by birth for others by taking risks.
In the risk taking game if your first risk or risks are personaly high and they pays off you can then fall into one of two basic types.
The first like some gamblers just keep taking personal risks often bigger and bigger till they cannot take any more risks for whatever reason. We usually say "their luck has run out", we call these people either reckless or addicted. As individuals they appear to not understand that luck is chance and the probability the next risk pays off is less each time.
The second type take one or two initial big personal risks either by design or circumstances and these get them noticed. They appear to understand the jump in success it is just chance and they then take lesser personal risks as they rise on that initial success. They then get to the point they take few if any personal risks that can effect them directly. They do this in one of two basic ways giving rise to two basic sub types.
The first subtype takes no personal risk by in effect delegating the risk to others such as subordinates or colleagues they assess as being "chancers on the make". If the risk pays off they take a percentage of the success, if not they don't take a percentage of the failure. They have in effect become "hustlers".
The second subtype still take major risks but negate the risk outcome personally by jumping ship. One of these methods is by jumping befor the risk plays out good or bad, they then claim the success as their own if it pays good or claim it was those that took over that messed it up if it goes bad. The second method is that of the con artist they set up a false or otherwise untracable persona which they walk away from either way. If the risk plays good they walk with the money in their pocket, if bad without, but with only a small calculated loss.
Now personal risk comes in two types, those risks you take in your proffesional life or career and those you take in your private life. A type one risk taker usually sees no difference as "gambling is the game" that gives their life spice.
A type two risk taker generaly does see the difference but evaluate them differently. Thus you get those who end up taking a risk in neither and some who will continue to take a risk in one or the other.
I suspect Petraeus is a type two risk taker in his proffessional life but still likes to take what he considers calculated risks in his private life on the assumption he can handle the down side without it having an undue effect on his proffessional life.
Where it went wrong was he did not realise or over minimised the risk of one or both of the women he had afairs with.
It is difficult to tell from what has been reported what specifficaly went wrong. The one who received the threats has a somewhat colourful past and appears to be a significant risk taker in her own right. The biographer who (alledgedly) sent the threats may have had many reasons to take the actions she did, but she did not think them through (but then few of us ever do when it comes to our emotions).
Now the woman who received the threats took them to an FBI friend, we are supposed to believe because she was scared, but she was a risk taker so she may have decided to take a caalculated risk for a number of reasons but revenge may have been one another might be to profit from the situation in that she may have plans for a "kiss and tell" book.
Either way I suspect she told her FBI friend long before the investigation got going that Petraeus was or had been her lover.
Either way she's got his scalp on her belt lets see which way she tries to run with it.
Personaly I suspect that it might play out that both women get a kiss and tell book out of the situation and the current (or apparent) loser at the moment is Petraeus for taking the wrong type of risk in his personal life, at the wrong time.
However I suspect he will do very nicely out of it if he goes about using his contacts in the right way at the right time. At the very least he now has time to right his own autobiography with a much more likely probability it will sell than if he had not received his current publicity. That is his life story is not just the dull soldier to general to top spy which would make dry reading and thus limited sales in a specialist market. It now has glamour, he might not be "James Bond" but his life story now potentialy has that aura which opens it up to a much bigger potential market.
I tend to think that Petraeus is not a serial cheater. Young, eager, fawning biographer...he fell. If he was a serial cheater, etc. it would have leaked and been well known. People watch and observe. Someone who comments on attractive women, etc. That's why honeytraps still work in spy biz, whether it be business or goverment.
As Bruce would and has said, if the big guys want to get you they can. emails, history, docs are not secure. You can try with Tor, VPN, OS on Ram, etc. But most people don't need that much. I worry more about the creeping or dead run of ability of lower echelon people to access your information. Tick off the wrong TSA, sheriff, etc. We have seen way too many stories over the years about stalkers, jealous spouses, or ugly divorces to think otherwise. Ask Joe the plumber...Or anyone who crosses the wrong people.
The general public? clueless for the most part. why shouldn't I use the free Wifi at the hotel or starbucks?
Where are the cypherpunks? EFF maybe? Anon are childish, dangerous, and maybe useless. Wikileaks? Don't even get me started... I do wonder about the right to be secure in our papers though. Just my thoughts for what it's worth. The more you know about security the more you run the risk of paranoia... ;)
My comments here are probably a bit dated and the time past to weigh in
on blogs. Petraeus is probably not the best example of the degradation
or inadequacy of privacy. As holder of a clearance he has effectively provided carte blanche (paperwork you sign as part of being investigated for a clearance) to be investigated. That includes friends, acquaintences, relatives, neighbors, bank accounts, email, doctors, shrinks, counselors, periodic “lie detector” examinations, and
– probably - anything up to and including a full on colonoscopy. A hint of involvement in an affair (significant gambling or other debt, drug abuse, reported “suspcious” behavior – however that may be interpreted, or a casual and unintentional meeting with the wrong
person) could trigger a follow on investigation.
While I consider the average American
interpretation of privacy rights at best rudimentary and lacking, the interpretation that “If Petraeus’ email is being investigated, what chance do I have of keeping my email private?”
is backward. It is much easier for the FBI to investigate someone with a clearance because the subject of the investigation has effectively signed away their privacy rights, and they have access to secrets that the government has a recognized interest in protecting.
There's actually some deep history here. According to Weiner's recent history of the FBI (Enemies), Hoover had the FBI doing "black bag" illegal wiretaps since the 1930s, if not the 1920s. The FBI is a formidable intelligence organization, and while it was hampered somewhat in the 1970s, I suspect that, post-9/11, it got most of its prerogatives back.
In other words, reining in the FBI is one of those perennial challenges. Not that I think it shouldn't be done, for the same reasons it was done before. It's simply worth realizing that this isn't a new problem. Assuming someone gets reasonable laws into place, they probably will last only until the next 9/11-level crisis.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.