Comments on: The US as Communications Hub

By: Henry Miller

Henry Miller — Sun, 14 Oct 2007 18:54:01 +0000

Foreign governments aren’t stupid. They know perfectly well how their country’s traffic gets routed, and they wouldn’t be dumb enough to transmit sensitive information via unencrypted links that pass through another country.

I think they would be that dumb. Note the people who are involved in spy/anti-spy of course. About half of those in IT are likely to not be that dumb. However that leaves a lot of people who handle sensitive information who don't think that there email is spyable.

Note that top secret information is likely to be protected better. However sensitive information is often harmless if you expose any one part - the sum of the parts can often enough to know what the top secret plans are - if you can get enough parts.

By: Henry Miller

Henry Miller — Sun, 14 Oct 2007 17:54:01 +0000

Foreign governments aren’t stupid. They know perfectly well how their country’s traffic gets routed, and they wouldn’t be dumb enough to transmit sensitive information via unencrypted links that pass through another country.

Note that top secret information is likely to be protected better. However sensitive information is often harmless if you expose any one part - the sum of the parts can often enough to know what the top secret plans are - if you can get enough parts.

By: Timon

Timon — Thu, 11 Oct 2007 11:02:34 +0000

Isn’t it the case that open implementations of public key cryptography make all that traffic just noise? We can assume anyone capable of really damaging the United States (the hapless Padilla notwithstanding) is capable of installing PuTTy or Ubuntu with OpenSSH so what we are really saying with this legislation is: “The NSA can read everybody’s mail and listen to their phone calls unless they are banks, foreign governments, or terrorists above 1.5 on a competency scale of 1-10.” Who does that leave?

By: Timon

Timon — Thu, 11 Oct 2007 10:02:34 +0000

By: Don Marti

Don Marti — Thu, 11 Oct 2007 03:37:59 +0000

Much foreign communications also passes through “US territory” at the endpoints, if you count crypto software produced by US corporations. Certainly the stuff that the companies are shipping overseas isn’t obvious weak or escrowed crypto, but what if, say, the random number generator used to make session keys for ExampleWare Pro 2000 is just predictable enough for the NSA to crack it? Then there’s a powerful reason for the NSA to grab international traffic in bulk.

By: Don Marti

Don Marti — Thu, 11 Oct 2007 02:37:59 +0000