Five Eyes Governments Going Blind
Thanks to Edward Snowden, over the last two years we have learned that the United States, United Kingdom, Canada, Australia, and New Zealand comprise what the “Five Eyes.” The pieces of the world’s foremost power in the 19th century and the only surviving superpower from the 20th have an unprecedented level of cooperation… when it comes to violating the privacy of their citizens.
Maybe it was the Chaos Communication Congress presentation, or maybe it was the Sony hack, which our government seems desperate to pin on North Korea, but the Charlie Hebdo massacre marked a turning point. Four of the five eyes are now making clumsy grabs for more power to spy on their citizens. The CCC presentation taught us that what the NSA can do is considered ‘fragile’ – as soon as their quarry takes even basic precautions, they are effectively blinded.
Right now that blinding is a job for a confident technician, but with tools like DP5 protected chat, the Dark Internet Mail Environment, Zero Customer Knowledge VPNs, and proposals to provide Tor a funding model in the works, soon “out of the box” software will do what is needed.
And the Five Eyes governments are utterly terrified…
Also read: Zero Customer Knowledge VPNs
President Obama has brought forth a proposal to increase the penalties under the Computer Fraud & Abuse Act, but they are already draconian for those who are caught and they do little to discourage those who are not. The EFF has scolded on this, but they mysteriously failed to address the inclusion of Title 18 Section 1030 into things that can be prosecuted under RICO.
RICO, the racketeer influenced & corrupt organizations act, was created in 1970 and has been used to deal with criminal operations ranging from the mafia to the Los Angeles Police Department. The inclusion of Section 1030 computer related crimes might make sense due to similarities with the counterfeiting and money laundering aspects of the other crimes already included, but the statute is so sloppy that tweeting a link seen in an IRC channel might get you indicted.
Civil libertarians of all stripes, already unimpressed with the idea that North Korea had anything to do with the Sony intrusion, were immediately up in arms over this latest insult to our collective intelligence.
David Cameron has, to put it mildly, completely and utterly lost his mind. Reporting in The Guardian describes him as “living in cloud cuckoo land” due to his proposal to ban end to end encryption applications. Eris Industries has already indicated they’ll be leaving the U.K if a conservative government is elected again, and they’re just one of the first and more vocal in what will be a flood of fleeing talent.
Federal Attorney General George Brandis is leading the charge to criminalize the work activists, and journalists do with whistleblowers. Australia’s equivalent of the NSA’s Targeted Access Organization would have expanded power to plant malware and anything found and deemed to be a state secret would trigger a lengthy prison sentence.
There are no foolish pronouncements from the smallest of the five, because Ian Fletcher, head of the Government Communications Security Bureau, suddenly and inexplicably resigned after a rough weekend. Whispers in the wind say this is something to do with a journalist who was raided a few months ago, but it’s hard to make out exactly what happened.
A Brave New World for the Five Eyes
Wired’s Robert Graham had sharp words for the proposed changes here in the U.S.
In next week’s State of the Union address, President Obama will propose new laws against hacking that could make either retweeting or clicking on the above link illegal. The new laws make it a felony to intentionally access unauthorized information even if it’s been posted on a public website. The new laws make it a felony to traffic in information like passwords, where “trafficking” includes posting a link.
The disdain Graham displays has been universal. We aren’t going to outlaw end to end crypto; we aren’t going to be able to force centralized key escrow, another dumb idea that refuses to die. If we try this we will see every bit of cyber security research talent and all of the new cryptocurrency startups flee to Asia and Europe, rather than put up with stupid, counterproductive, and often unconstitutional laws.
The concept of the cryptographically secured blockchain has already been set loose. Way down under the chatter about hacking and child pornography and spying, a bunch of shaky financial institutions are hoping to head off this innovation. They are simply too late.
Images from Shutterstock.