Saturday, November 14, 2015

Communications Security

     It doesn't exist.  If NSA wants to read your mail, they're reading it.  If Google wants to read your mail, they're reading it.  They are probably doing so by means more devious than a brute-force decrypt -- but the "never decodable in finite time" stuff is a happy fantasy, playing off the manner in which we are easily impressed by large numbers.

     The Phone Company has been in bed with the Feds since there was Federal regulation of 'em.  They rat people out as a matter of routine.  The Telegraph Company was doing so even before there was regulation!  ...Mind you, there's a whole alternate to AT&T for the Internet backbone.  It's a network built and operated by the Federal government.  Ahem.

     Communications security is like the Maginot Line: not nearly as impregnable as it appears.  

     If you have information that has really, truly got to be kept secret, don't put it on the phone.  Don't put it on the Internet.  Don't talk about it near a phone. Don't talk about it at all, if you can manage to, and don't write it down, either.
  
     Two people can keep a secret -- if one of them is dead.  (Cribbed from Heinlein but absolutely true.)  Don't want your mail read?  Tough.

9 comments:

  1. i agree completely. i also hope that i am to unimportant for them to care about.

    ReplyDelete
  2. The original quote was, "Three can keep a secret, if two of them are dead." It was allegedly originally said by Benjamin Franklin (who had to keep a lot of secrets in the 1770s).
    New Orleans mob boss Carlos Marcello had that saying on a sign on the door to his office at Churchill Farms, Louisiana.

    ReplyDelete
  3. Play games? Belgian Home Affairs Minister says their Terrorists (Molenbeek, Belgium known as 'Jihad capital of Europe') are using Playstation-4 and multiplayer games to communicate to with each other: and is difficult for the authorities to monitor. “PlayStation 4 is even more difficult to keep track of than WhatsApp,” he said."

    ReplyDelete
  4. "'Pleeeeeeze don't throw me into that briar patch,' pleaded Brer Rabbit" Joel Chandler Harris was cribbing, but he cribbed from a deep well of collected wisdom.

    ReplyDelete
  5. Actually, you can communicate through e-mail and other electronic means without the NSA being able to read the plaintext, but most people won't go through the trouble.

    You have encrypt and decrypt manually, using a pencil and paper, and using one time pads (which have to be on paper and not generated with a computer - I use 10-sided dice and a typewriter to make numeric pads).

    If you follow the simple rules of one time pad use, and you keep the plaintext and the keys off a computer (and destroy them by burning immediately after use), then there is no way they can read what you sent short of them physically breaking into your home and copying the pads. And pads are easy to hide.

    If you make the packaging tamper evident, and you carry around the one you've currently opened on your person, you will know if they've been compromised, and security is preserved because you can then send inanities instead of real messages. Or, just sent the pad pages themselves: There would be know way for them to know that isn't what you were doing in the first place.

    ReplyDelete
  6. I should expand: They need to copy the pads before they are used, because they won't exist afterwards because you will have destroyed them.

    ReplyDelete
  7. If it's not vulnerable to a direct attack, it is to an orthogonal one. By sending obviously encrypted communications, you have already marked yourself and your correspondents as persons of interest. It is only necessary to subvert or control one end.

    If communications secrecy ever becomes a matter of life and death, expect a lot of people to not make it.

    ReplyDelete
  8. The Phone Company.
    TPC - weren't they the ultimate villain in 'The President's Analyst'?

    gfa

    ReplyDelete

Comment moderation is enabled. Your comment will not be visible until approved. Arguing or use of insulting or derogatory language will result in your comment going unpublished: no name-calling. Comments I deem excessively partisan will not be published.