Hidden Anti-Cryptography Provisions in Internet Anti-Trust Bills

Two bills attempting to reduce the power of Internet monopolies are currently being debated in Congress: S. 2992, the American Innovation and Choice Online Act; and S. 2710, the Open App Markets Act. Reducing the power to tech monopolies would do more to “fix” the Internet than any other single action, and I am generally in favor of them both. (The Center for American Progress wrote a good summary and evaluation of them. I have written in support of the bill that would force Google and Apple to give up their monopolies on their phone app stores.)

There is a significant problem, though. Both bills have provisions that could be used to break end-to-end encryption.

Let’s start with S. 2992. Sec. 3(c)(7)(A)(iii) would allow a company to deny access to apps installed by users, where those app makers “have been identified [by the Federal Government] as national security, intelligence, or law enforcement risks.” That language is far too broad. It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer). All Apple would need to do is point to any number of FBI materials decrying the security risks with “warrant proof encryption.”

Sec. 3(c)(7)(A)(vi) states that there shall be no liability for a platform “solely” because it offers “end-to-end encryption.” This language is too narrow. The word “solely” suggests that offering end-to-end encryption could be a factor in determining liability, provided that it is not the only reason. This is very similar to one of the problems with the encryption carve-out in the EARN IT Act. The section also doesn’t mention any other important privacy-protective features and policies, which also shouldn’t be the basis for creating liability for a covered platform under Sec. 3(a).

In Sec. 2(a)(2), the definition of business user excludes any person who “is a clear national security risk.” This term is undefined, and as such far too broad. It can easily be interpreted to cover any company that offers an end-to-end encrypted alternative, or a service offered in a country whose privacy laws forbid disclosing data in response to US court-ordered surveillance. Again, the FBI’s repeated statements about end-to-end encryption could serve as support.

Finally, under Sec. 3(b)(2)(B), platforms have an affirmative defense for conduct that would otherwise violate the Act if they do so in order to “protect safety, user privacy, the security of nonpublic data, or the security of the covered platform.” This language is too vague, and could be used to deny users the ability to use competing services that offer better security/privacy than the incumbent platform—particularly where the platform offers subpar security in the name of “public safety.” For example, today Apple only offers unencrypted iCloud backups, which it can then turn over governments who claim this is necessary for “public safety.” Apple can raise this defense to justify its blocking third-party services from offering competing, end-to-end encrypted backups of iMessage and other sensitive data stored on an iPhone.

S. 2710 has similar problems. Sec 7. (6)(B) contains language specifying that the bill does not “require a covered company to interoperate or share data with persons or business users that…have been identified by the Federal Government as national security, intelligence, or law enforcement risks.” This would mean that Apple could ignore the prohibition against private APIs, and deny access to otherwise private APIs, for developers of encryption products that have been publicly identified by the FBI. That is, end-to-end encryption products.

I want those bills to pass, but I want those provisions cleared up so we don’t lose strong end-to-end encryption in our attempt to reign in the tech monopolies.

EDITED TO ADD (6/23): A few DC insiders have responded to me about this post. Their basic point is this: “Your threat model is wrong. The big tech companies can already break end-to-end encryption if they want. They don’t need any help, and this bill doesn’t give the FBI any new leverage they don’t already have. This bill doesn’t make anything any worse than it is today.” That’s a reasonable response. These bills are definitely a net positive for humanity.

Tags: ,

Posted on June 21, 2022 at 6:34 AM34 Comments

Comments

Clive Robinson June 21, 2022 7:31 AM

@ ALL,

As a non US citizen looking in, when I see the likes of

1, The “American Innovation and Choice Online Act”(AICOA)
2, The “Open App Markets Act”(OAMA)

Almost the first thing I find is that the Title is at best a lie these days…

The first is almost certainly going to stifle both inovation and choice. Likewise the second put the markets in just a few grasping maws and paws to the detriment of all others…

Maybe there should be a law against such dishonesty by legislators…

Winter June 21, 2022 7:44 AM

@Clive, All

As a non US citizen looking in, when I see the likes of

I get the eerie impression that every time the EU installs a regulation that is seen to strengthen the protection of citizens and consumers, e.g., GDPR and DSA, Americans come up with nice sounding laws that pretend to do the same, except they do the exact opposite.

See, eg,
ht-tps://www.nytimes.com/wirecutter/blog/state-of-privacy-laws-in-us/

Clive Robinson June 21, 2022 7:57 AM

@ ALL,

There is also the question of what,

“End to End Encryption”

Means both technically and leagaly, most importantly the question of,

“Where are the ends in question?”

Consider a two part system,

1, An encryption system
2, A communications system

If the first is somewhere inside the chain of the second, then not only is it a technical mistake thus weak to the point of offering little or no security (Consider how Apple backs up the “user plaintext” unencrypted to it’s Cloud). It actually brings it under the auspices of these legal nonsenses.

But if the first somehow wraps around the second, it can be made both technically very secure, but also outside of the restraint of this legal nonsense. Because to wrap an encryption system around a communications system is beyond the control of,

1, The communications provider.
2, The end point controller.
3, The end point manufacturer.
4, The end point seller.

That is a user or first party in a secure communication could with some personal effort use pencil and paper to encrypt a message, that they then carry to and enter into their communications end point. The second party on receiving the communications from the first party can copy it to paper and carry it to a quiet place where they with some personal effort use pencil and paper to decrypt the message.

This behaviour falls both technically and legally outsise of the way “end point” in End To End Encryption is currently used.

Thus the best argument to use against such legal absurdities, is that it will never achive
it’s objectives except by deceit by the legislators, prosecuters and judiciary, and as such it is not just bad legislation but criminal legislation.

Franly June 21, 2022 8:10 AM

“national security, intelligence, or law enforcement risks” can be used to justify shutting down social media apps that are largely used by political conservatives, such as gab or parler. The main risk of this type of bill is not an end to encryption for the masses, but an end to freedom of speech. If you can only speak freely with excellent encryption, you might as well be living under a totalitarian regime.

Peter A. June 21, 2022 8:28 AM

@Clive: don’t worry, other countries parliaments also use bombastic and seemingly patriotic titles to cover bullsh1t legislation or just plain treason; add unrelated amendments of other random acts of law to an otherwise okayish new bill proposal; blatantly break parliamentary proceedings rules and terms that they have put into force by and for themselves (why amend the procedures, which are set by the parliament itself with full autonomy, when you can just ignore them); enact amendments to amendments of amendments even before they go into force, and don’t publish current full text (go figure yourself); amend personal income tax bill 12 times a year (on average); throw 600-page diff revamping tens of acts onto the house floor, while scheduling voting on it in 3 hours and limiting speech time to 5 minutes per party; proceed government-supplied bill proposals overnight, while keeping citizens-initiated ones on the backlog until the parliamentary term ends, so they go to the shredder together with +500k meticulously collected citizens’ signatures – I could go on.

Parliaments of the world regurgitate an endless stream of legalese with a WPM rate of a Gatling cannon, and this is somehow THE LAW, ignorance of which is not an excuse. This is modern “democracy”.

David June 21, 2022 8:49 AM

All proposed laws should be named by the members of Congress who most strongly oppose them.

The “George Orwell Universal Citizen Surveillance Act” would probably not have been passed as easily as the “Patriot Act.”

(And Web sites that require Javascript for their comment sections should say so, so that posters do not have to unblock JS sources one at a time until they find the right combination.)

Emoya June 21, 2022 8:54 AM

@Clive

That is an excellent point. Essentially the endpoints of any system/process can be extended to invalidate any attempts to control/monitor content, making said attempts unenforceable.

anonymous June 21, 2022 9:09 AM

As a non US citizen looking in …

As an American citizen on the inside, my reaction is the same.

John June 21, 2022 9:36 AM

Hmm….

I suppose if we get back to work, producing stuff people want to buy, it would help.

“International transportation of people and goods is not a safe thing for the longevity of mankind.”

John

Winter June 21, 2022 10:12 AM

@Peter A

new bill proposal; …; enact amendments to amendments of amendments even before they go into force, and don’t publish current full text

That has always made my head spin. How can I observe the law if is not published in a readable form.

It does not have to be so. In my country a law come only into force after it has been published in full in a public newspaper: Het Staatsblad. Currently it is published on the web:
ht-tps://www.officielebekendmakingen.nl/

Carlos June 21, 2022 11:23 AM

I believe that our assumption of current Internet encryption is flawed. We may believe that HTTPS (TLS 1.3), TFTP, SSH, etc are unbreakable and that our information flows within these protocols securely. My question then is this: if these Internet encryption methods are so secure, why does the US Federal Government use special encryption devices (called TACLANEs). If HTTPS (TLS1.3) is considered unbreakable given current technology, why does the US Government, and other governments around the world, use special devices. Could the answer be that perhaps these encryption protocols are not as secure as we in the general public think?

Sumadelet June 21, 2022 12:57 PM

This is ordinary politics in action: I will stop you from getting what you want, unless you let me have what I want. It’s a dirty, murky business, with negotiations going on behind closed doors.

Clive, as ever, is right regarding communications end-points and security end-points. But security and privacy have many facets. Even if the content of your message cannot be decrypted, someone watching your communications will likely be able to determine:

1) That you are sending encrypted messages. (Encryption can be outlawed)
2) To where the messages are being sent and from where they are being received, unless you are assiduous in using technology like TOR, or equivalent.

There are ways of mitigating (1), for example by (1) setting up a bidirectional permanent stream of apparently random data to a gateway* or (2) by using effective steganography (which is difficult). Almost nobody does this. And if you were to use technique (1), you would be marking yourself out as unusual. While nobody could tell when you were sending messages, and with whom you were corresponding, the mere fact of sending a random bit stream to a gateway is a flag.

*A Chaumian Mix network ( h++ps://chaum.com/wp-content/uploads/2021/12/chaum-mix.pdf) . e.g. Nymnet: h++ps://blog.nymtech.net/how-nym-improves-on-traditional-mixnet-designs-219cd36724a0 ; Loopix: h++ps://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/piotrowska ; and a Chaumian mix network with Randomized Partial Checking ( h++ps://www.ieee-security.org/TC/SP2014/papers/FormalAnalysisofChaumianMixNetswithRandomizedPartialChecking.pdf )

Ted June 21, 2022 3:44 PM

Gosh, those are really interesting concerns. Just taking the first point:

It would allow Apple to deny access to an encryption service provider that provides encrypted cloud backups to the cloud (which Apple does not currently offer).

That’s an angle I don’t think the CAP article fully touched on. From the article, I got the impression that national security concerns were primarily focused on adversary access to data.

However since the DOJ is one of the enforcement bodies, you have to wonder how much they’d influence any interpretations. This seems like an issue they’d absolutely take a position in. It’s going to be really interesting since the FTC and state attorneys general are also enforcement bodies.

I’m wondering if other app stores would support a backup encryption service. I don’t know about interoperability, but since Microsoft seems less antagonistic to these bills, is this something they would offer? Maybe this is a stretch, but possibly another up and comer app store?

Seeing as the American Innovation bill includes protections to platforms where their behaviors:

(B) protect safety, user privacy, the security of nonpublic data, or the security of the covered platform;

… it would be funny to deny another service the opportunity to compete for this right.

I like that the CAP articles mentions that there are still lots of questions about how these laws might apply, and that future litigation would help provide a body of case law.

Hopefully the EU laws coming down the pike – the Digital Markets Act (DMA) and the Digital Services Act (DSA) – further help the US prepare for changes and beneficial innovations here.

Clive Robinson June 21, 2022 4:23 PM

@ Ted,

Re : Gosh, those are really interesting concerns.

Something further to think about…

As you say,

However since the DOJ is one of the enforcement bodies, you have to wonder how much they’d influence any interpretations. This seems like an issue they’d absolutely take a position in. It’s going to be really interesting since the FTC and state attorneys general are also enforcement bodies.

Ubder their hands it won’t just effect applications but the Hardware and OS as well.

As I said earlier,

“Where’s the end point?”

Many –but not all– phones act not just as phones but access points / routers.

Look at it from the position of the psychopaths in the DoJ. What use would it be banning an encrypting mobile phone app, when a Smart Device user can simply put their encryption application on their smart device or more open computing device and just use the phone as a non end point “router / AP”.

In times past the US passed legislation requiring GPS to be fitted to all mobile phones on the excuse of “Health and Safety”. Knoeing full well that most phone manufacturers would fit it to every phone they make, no matter where it’s sold to minimize inventory costs.

So having foisted “the location bug in your pocket” on the World, they tried and effectively succeeded in getting “Bluetooth Beacons” on mobile phones. Not just the short range stuff for BLE but the longer range for “epidemiological reasons”.

So I can see the DoJ in effect “extending” our their definition of “end point” to other devices like all computers… With the US bring a major market, I can see this “US only Legislation” having world wide knock on effects…

With “cabled networking” disappearing from “personal” devices, such a view point would enable not just the DoJ but all those other Inteligence Community Agencies to effectively push back before the likes of “HTTPS Every where” and the like.

You only have to look at the rhetoric of Bill Barr and backwards into the 1980’s with Louis Freeh and his later “European persuasion tour” when 5th Director of the FBI to see that this is where they want things to be. His proffessional ethics are certainly under question as are Bill Barr’s oh and it appears that he and Steel’s paths (Steel report just before Trump Administration) have crossed in one way or another…

Let’s just say I find their aproach not just to politics but religion certainly taints there other activities where impartiality and following the correct legal procedures is a requirment not something to play lip service to.

JonKnowsNothing June 21, 2022 4:29 PM

@ John

re: I suppose if we get back to work, producing stuff people want to buy

There is a lot of stuff already written about consumer demands and wants: Needs v Wants v Desire v Fantasy.

  • I can need a meal to stay alive but that doesn’t mean I will get one.
  • I can want a decent place to live but that doesn’t mean I can buy it.
  • I can desire fairness for everyone and it’s clear that’s not happening.
  • I can maintain a fantasy that computers & encryption work when I know neither do.

When we focus on “consumer wants” what we are really focusing on is manufacture’s advertising driving consumer spending creating a false wave of “wants”, which will change with the next iteration of Weekly Ads.

Clive James, an Aussi journalist (1), was a keen eyed dissector of this process. In one of the many series he created he reviewed impacts of Hollywood movies on the population viewing them.

One of the comments regarding some of the casting boiled down to selling the idea that:

  • A guy like me could get a girl like her

They are still selling this idea. A smartphone, a smartwatch, a shiny this or a shiny that, a bigger house, vacation homes, long distance travel, wardrobes full of clothes and closets overflowing with shoes, along with extra houses to hold all the stuff, will let You have, what the Oligarchs have.

The Oligarchs get richer on this premise. WAI.

===

1) Clive James AO CBE FRSL (born Vivian Leopold James; 7 October 1939 – 24 November 2019) was an Australian critic, journalist, broadcaster.

SpaceLifeForm June 21, 2022 5:33 PM

@ Sumadelet

While nobody could tell when you were sending messages, and with whom you were corresponding, the mere fact of sending a random bit stream to a gateway is a flag.

Not if enough people do so, and there are multiple gateways. Think NNTP.

The din could drive Eve to insanity.

Oh, wait. Eve is already going nuts.

Can one distinguish an encrypted bag-of-bits from some kind of compressed bag-of-bits? Provably different?

If encryption is outlawed, only outlaws will have secret compresssed bag-of-bits.

AB June 21, 2022 6:53 PM

Interesting line of discussion on the same day Wired scooped that Mega’s encryption is broken.

https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/

Of course, this only impacts those who didn’t use their own encryption over the top. Mega has always claimed you didn’t need to, but I’d be surprised if they cared. I however never trusted Kim Schmitz. YIHAT? seriously?

Popular as he has become in the post BitTorrent era, it’s hard to act surprised that their implementation was a little under cooked.

I’m not wrapping my head in tin foil, so I will chalk this up to a return to his youthful level of incompetence, but it is also a little surprising to see Mega still up after all these years. Though if the three letters DID know about these issues they might have just clammed up and watched the fun. Zero indication that is the case at this point, but I could see it happening.

In relation to this post, it’s another reminder that (aside from the cringe-worthy burning of resources) that even with a backdoor inserted into legislation, the rest of the world from just going over the top. Steg and other methods will make it hard to know for sure which files are what they appear to be, and what their content is. A pain, and it will waste a ton of electricity and storage space, but the best they can hope for is and endless game of whack-a-mole.

Putting the tinfoil hat on for a second, I suspect this is more about killing the anti-trust bill with a poison pill than actually sneaking in the legislation. Though experience says they have tried that once or twice since the clipper chip died a much deserved death.

Sumadelet June 21, 2022 7:10 PM

@SpaceLifeForm

1) Not enough people do it.
2) It is entirely possible to backtrack NNTP to find the injection point of a message. Usenet providers talk about removing IP addresses and not retaining logs, but someone monitoring traffic into and out of a node has a rich source of metadata for analysis. The point about mixnets is to make that difficult, NNTP is not a mixnet. Not enough people use mixnets, and building them is not easy, especially in places that are interested in them not operating.
3) Theoretically, you have a point about the indistinguishability of random data and properly encrypted data. However, the Great Firewall of China is rather good at identifying (encrypted) VPNs and other traffic and shutting them/it down. It’s a practical demonstration. Most encrypted traffic these days has metadata that tells you what it is. Non TLS encrypted traffic will stick out like a sore thumb, and TLS encrypted traffic conveniently has IP addresses that give a monitor a good view of where messages are going to and coming from. Just connecting to a VPN provider or TOR node in some places will get you investigated, as would connecting to Freenet/I2P. If your adversary is monitoring your ‘last mile’ connection, it is difficult to explain away connections to mixnet gateways.

SpaceLifeForm June 21, 2022 8:05 PM

@ AB

Putting the tinfoil hat on for a second, I suspect this is more about killing the anti-trust bill with a poison pill than actually sneaking in the legislation.

That makes cents.

Ted June 21, 2022 8:39 PM

@Clive

Let’s just say I find their aproach not just to politics but religion certainly taints there other activities where impartiality and following the correct legal procedures is a requirment not something to play lip service to.

Ugh. I know right. Then you might also find this of interest.

The Senate Majority Leader who committed to bring these bills to the floor this summer has one daughter who is a registered lobbyist for Amazon. His other daughter works for Facebook as a product marketing manager.

SpaceLifeForm June 21, 2022 8:43 PM

@ Sumadelet

When I said ‘think NNTP’, I was not implying to actually use it. Obviously it is not trustable because it requires usibg an email addy, and then you get to the turtles of Domains, DNS, Certificate Authorities, BGP, etc.

What I meant about ‘think NNTP’, is the concept of peer to peer, store and forward, but all random. So, yes, a Mixnet.

You may find this of interest:

hxtps://efail.de/

It really shows why the crypto and the comms must be separated for security.

P.S. Maybe some have forgotten this over time, but the first random Mixnet was originally called ‘talk to your friends and neighbors face to face’.

Clive Robinson June 21, 2022 10:11 PM

@ SpaceLifeForm,

Re : Efail

Yes it works against not just “information communications” but in slightly modified ways against the other two parts of the triad of,

1, Communication
2, Storage
3, Processing

Of information.

One of the things “lockdown” showed up fairly clearly for those looking is that,

“Encryption can not be bolted on to existing processes”

Which is something way to many just assumed could be, and discovered orherwise.

For instance whilst encrypting a coice link between two people can be straight forward, three or more becomes extreamly problematic.

The result is often that a “cebtral node solution” is thought up and that effectctively stops End to End Encryption and does all sorts of other nasties such as,

1, Shared plaintext under different keys (so “known plaintext attack”).
2, Related plaintexts under different keys.

And several other ways to make cryptanalysis way easier.

MrC June 22, 2022 12:25 AM

@Carlos:
TLS1.3 is secure in principal provided that it’s implemented correctly (hard, screw-ups are common) and without side channels (very hard, screw-ups are the norm) and that all of the entities with the power to issue certificates are honest (historically they have very much not been), competent (ditto), and secure (ditto). The certificate-based trust paradigm is not suitable if your threat model includes anyone sufficiently powerful to suborn a certificate authority — which means pretty much every national government.

SpaceLifeForm June 22, 2022 12:28 AM

@ AB

re: Mega

The plotline thickens

hxtps://nitter.net/KimDotcom/status/1539426611870986240#m

<

blockquote>
Delete your Mega account.
It’s not safe.

Winter June 22, 2022 1:01 AM

@AB, SLF

re: Mega
The plotline thickens

Kim has said that from the moment he lost his company.

Alternative: Roll your own. Nextcloud seems to be good.
ht-tps://www.techradar.com/reviews/nextcloud-15

Denton Scratch June 22, 2022 3:28 AM

@Peter A.

enact amendments to amendments of amendments even before they go into force

According to Robert’s Rules of Order, you can have an amendment to an amendment; but there cannot be amendments to amendments to amendments.

https://en.wikipedia.org/wiki/Second-degree_amendment

I thought even amendments to amendments were forbidden; I thought there was only one layer of turtles. It doesn’t make sense to me; I meaan, if you don’t like my amendment, you can always vote against it, and propose an amendment of your own. But I looked it up, and I’m wrong.

Clive Robinson June 22, 2022 4:41 AM

@ Sumadelet,

Even if the content of your message cannot be decrypted, someone watching your communications

You should at this point ask two questions,

A, How.
B, When.

Because it effects everything there after.

I feel that it is safe to say that nearly all the communications do not pass under “human eyes” in the industrial process of “Collect it All”.

Because there is just to much traffic and way to little in the way of trained human resources to do so.

So it is probably correct to assume a mechanised filtering process. That does in effect a statistical check on each messages contents looking for certain “tells” that match “file types” at various levels.

All we can say is that they probably do start at a frequency count or equivalent base statistical test to classify and then work their way upwards along various statistical paths further classifying. And at some point looking for statistical anomalies. The aim being to winow out “potentially of interest” from “not of interest” long before you start differentiating into a selection process for human eyes.

So first “reject” then “select”. Why “reject” first? Simply because most of the traffic on the internet is “consuming” not “producing”. That is most people look at other peoples web pages, videos or hear their songs than they will ever make themselves. Likewise many emails are just includes of includes. That is probably only one byte in a hundred thousand of user data is actually newly created content. So all the collect it all has to do is store the very sparse “original content” and each copies meta-data.

If your original content gets clasified as Today’s “XKCD”, “Dancing hamsters” or next “Wii Fit Girl” then the traffic content can be effectively ignored.

Thus I suspect one of the NSA “bug bears” in this is “Digital Watermarking” and “individualised content tracking” which turns “Myriad copies into originals” as far as their filtering systems work.

Which begs the question of,

“Can you hide messages in such Super Cookies come Content Digital Rights Protection?”

To which the answer is,

“If it encompasses ‘redundancy’ then yes”

But, such systems usually only have a few hundred bits at most of redundancy to carry an ID / Serial Number. Even though it may be spread across thousands of bits in a file by the watermarking process.

The question you need to consider is “how many channels within channels can you have?”

Obviously the ID is it’s self a Shannon Channel as it’s mostly redundancy, and the Watermarking process another Shannon Channel that carries the ID, but is there “wriggle room” for other Shannon Channels in there? The answer is unfortunately for the NSA and friends “yes”. Worse yet their chances of spoting it is actually low.

Look on the ID as “signal” and the Watetmarking as “noise” and you get them combined as “signal + noise” if you know the “noise” then you can easily remove it from the “signal” and likewise the signal from the noise. If however you do not know the signal or the noise all you can do is average the signal from the noise if the signal is either sufficiently strong or repeated sufficiently often. That is you use the signal “framing” to synchronize against and the fact that a random noise source “sums to zero” to get rid of the noise and the result should be a cleaner clearer signal.

This is known by some as “lifting by EbNo” or collecting the energy of each bit of the signal which averages to either +1 or -1 against that of the noise that averages to zero. This is often done with a “matched filter” or similar. If you know the filter taps to use then life is a lot simpler than if you do not.

The point is as long as the noise averages to zero, in a flat distribution it probably will not draw attention to it’s self… This is the principle behind “Low Probability of Intercept”(LPI) radio systems where signals can be hidden “well below the noise floor” by the use of “Spread Spectrum” signalling etc.

I won’t go into detail but the “synthetic noise signal” can be thought of as a “Stream Cipher”. From which we know three things,

1, If the key stream is to Eve truely random then she can not tell the difference between noise and signal plus keystream. So she can not recover the plaintext signal (basically it’s an OTP).
2, If the keystream is known to Bob then he can recover the plaintext signal simply by synchronising the keystreams inverse to the apparant noise of signal plus keystream.
3, For Eve as an observer unless she can discover the keystream “generator function” or sequence then she can not generate the keystream inverse.

From a practical point Eve’s ability is based on what she knows by observation.

Now a another point to consider,

4, In a watetmarking system as long as Bob knows the ID / Signal he can find the noise. That is Alice can within limits generate the key stream randomly without having to tell Bob what it is. Because Bob can recover it.

So lets say Eve knows the ID as well she can by knowing the “basic” system pull up the long “random stream” as well, but if it looks random she had know idea if it is or if it’s another Shannon Channel hiding a message…

Eve may have suspicions but does not know… To even attempt to find out will require more resources than she can probably ever devote to a standard system, that is used by many people on many files.

However that may not stop Eve trying from time to time with spare resources.

That is the “B, When” question is going to wrest on a complex equation based on resources available, the capabity of the resources and the priority caused by the level of suspicion…

The problem of suspicion is that what look very much like stream ciphers are also used for reducing adjacent / co / cross channel interferance in communications systems, where it’s called “whitening” from “white noise”. It’s applied to a coherant signal to spread it’s energy across a channel bandwidth to limit the signal energy in every Hertz of channel bandwidth thus reduce harmfull interference towards the noise floor.

Understanding this then makes appreciating your two points of,

will likely be able to determine:
1) That you are sending encrypted messages. (Encryption can be outlawed)
2) To where the messages are being sent and from where they are being received, unless you are assiduous in using technology like TOR, or equivalent.

A little wider by showing that for Eve the power of legitimate legislation can not work for her against those who are sufficiently knowledgable…

Clive Robinson June 22, 2022 5:12 AM

@ Denton Scratch,

I thought even amendments to amendments were forbidden; I thought there was only one layer of turtles. It doesn’t make sense to me; I meaan, if you don’t like my amendment, you can always vote against it, and propose an amendment of your own.

It was once explained to me as,

“A matter of Scope”

Legitimate amendments could be focused against a single paragraph, or just a sentance or word, not the whole section or even act.

A “refining” amendment against say a word could be to broad or two narrow so a second amendment could give an option to adjust.

In times past legislators tended to propose “narrow in scope” to keep legislation specific thus legitimate. However these days they appear to propose so broadly in scope that the legislation can be so easily abused, as to not realy be considered legitimate legislation, just an abuse of power.

As others have noted this is not specific to US legislation or even types of legalistive systems. It appears to be more linked to a mental outlook of those in power.

Which means either “we the people” are voting for bad people, or we are not being given the option to vote for better or good people. I strongly suspect the latter for various reasons.

Clive Robinson June 22, 2022 6:03 AM

@ Winter, SpaceLifeForm, ALL,

Re : Kim Dotcom

Kim has said that from the moment he lost his company.

He was saying it before that in a more general sense, and perhaps unsurprisingly due to the behaviours of certain US individuals, a Court agreed with him.

So yes things are very probably tainted one way or another, the type of US personnel involved have a bad history in that respect…

Which brings us to,

Alternative: Roll your own.

Probably not a good idea for more reasons than this blog would alow me to put in one post.

But consider it this way,

They got at Kim Dotcom’s systems, various other Governments have got at Alphabet / Google, Apple, Blackberry/RIM, and many others… As I pointed out just yesterday the reason you have “GPS location tracking” and “Bluetooth Beaconing” in your modern phones is the US Gov wanted it that way.

So ask yourself the question,

“If I am going to roll my own, where am I going to get the parts both hardware and software to do it, that have not also been compromised already?”

Think back to RSA and the NSA Duel Eliptic backdoor that also ended up in Juniper Network equipment with no reasonable explanation. Then there was Solar Winds, again we have still not got to the bottom of how far that spread. At one point someone indicated that Microsoft development and code signing had been compromised, and there are still way to many question marks hanging in the air…

The simple fact is I suspect non of this blogs readers, have the skill set or ability by themselves as individuals to do a full stack from device physics upwards of all potential compromises or taints. Even as a “team” it would be difficult.

But in turn why should you trust me and why should I trust you?

Once not so long ago back last century saying such things got you marked down as being “A paranoid conspiracy theorist”, these days we have enough evidence to show it’s not conspiracy theories, and you are not being paranoid.

In fact in all probability you can not be paranoid, because if you can think it up bo matter how far fetched, but the laws of physics alow, then someone somewhere is probably doing it…

For example, using the shiny surface of a potato chip/crisp packet as a “microphone” transducer and an IR laser shone of it as the communications channel… Then someone showing that a high speed video camera could catch sufficient of the packet vibration to make the laser unnecessary…

We now live in a world where even burying yourself in a deep deep hole in the ground is in most cases not sufficient if they want to look over your shoulder. All they have to do is,

1, Find a Shannon Channel between you and a convenient point.
2, Find a transducer to convert the signal energy (sound) to another energy (light) to make use of the channel.

If you try using encryption to protect messages all they don’t have to break the encryption. No all they have to do is,

1, Find a Shannon Channel between you and a convenient point.
2, Find a transducer to see over your shoulder at the user interface you use and copy the plaintext to the channel.

Sometimes called an “end run attack”. It’s known that a high resolution security CCTV camera, that was not particularly secure, could be used to “shoulder surf” people entering their passwords in a supposadly secure software development environment…

You can hide modern high resolution cameras used on consumer drones in the fittings of lights and fire alarms mounted in the ceiling above their desks, or in wall clocks, picture frames, box files or the spines of books. Even in the partition walls cubicals are made from… But it does not have to be a camera, two good quality audio bugs and “surface mics” of the sort used on string musical instruments under a desktop will pick up the vibtations of you typing and so, with the right software know which keys you are pressing…

Avoiding modern survailance and tainted products is getting very very difficult…

Quantry June 22, 2022 1:21 PM

@ Carlos

“these encryption protocols are not as secure as we … think”

Especially when the keys are sold for a case of beer by bed wetters.

@ Emoya

endpoints of any system/process can be extended

MUST be extended, or back to Carlos’s comment:

Both ENISA [1] and the NSA have made definitive statements that we are to mix symetric key with our public key infrastructure, or just continue being content being found with our pants around our knees.

[1] Regards PQ Cryptography, but IMO exactly the same issue: Bad assumptions about the woolf guarding the hen house.

h–ps://www.enisa.europa.eu/publications/post-quantum-cryptography-current-state-and-quantum-mitigation

“…all commonly used public-key systems are no longer secure. Symmetric cryptography is also affected, but significantly less…”

People wonder why Ive “rolled my own” for years.

Maybe the folks running zigzag.com can align themselves with idquantique.com and produce “fast burning OTP papers”.

SpaceLifeForm June 22, 2022 6:40 PM

@ Sumadelet

It is possible (sorry, no links), to confuse the Great Firewall and get traffic thru.

Of course, this is not for most people because they are not technical. Got root?

But, it definitely is possible, and one could punch a temporary hole in the firewall, and get low volume traffic thru without being noticed by Eve.

It has to do with what the Great Firewall is looking at, and how TCP works. The trick is to confuse the DPI in the firewall.

This is exactly the same, but different.

See https://en.m.wikipedia.org/wiki/Confused_deputy_problem

SpaceLifeForm June 22, 2022 9:14 PM

@ Carlos, MrC, Quantry

The advantage of TLS1.3 is that there are less downgrade attack angles.

Feature or Bug?

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.