The Crypto- Keepers

Moderators: Elvis, DrVolin, Jeff

The Crypto- Keepers

Postby American Dream » Mon Sep 11, 2017 11:35 am

I'm not hugely shocked to read this but WTF...


Yasha Levine

The Crypto- Keepers

How the politics-by-app hustle conquered all


From a Whisper to a Scream
When Pavel Durov first had VKontakte taken away from him by the Kremlin and fled Russia, he was hailed in the West as a hero—a modern-day Sakharov who fought for freedom and paid the price with his business. America’s crypto and privacy community embraced him, too. But it did not take long for the relationship to sour—and the chief culprit was Signal, a crypto mobile phone app built by a small opaque company called Open Whisper Systems, aka Quiet Riddle Ventures LLC.

Invented by a self-styled radical cryptographer who goes by the name of Moxie Marlinspike (although his real name may or may not be Matthew Rosenfeld or Mike Benham), Signal was brought to life with funding from the BBG-supported Open Technology Fund (which has pumped in almost $3 million since 2013), and appears to rely on continued government funding for survival. Despite the service’s close ties to an organization spun off from the CIA, the leading lights of America’s privacy and crypto community back the app. “I use Signal every day. #notesforFBI,” Snowden tweeted out to legions of followers who went out and downloaded the app en masse. Marlinspike leveraged Snowden’s praise to the max, featuring the leaker’s endorsement prominently on his company’s website: “Use anything by Open Whisper Systems.”

Largely thanks to Snowden’s endorsement and support, Signal has become the go-to encrypted chat app among American journalists, political organizers, and activists—from anarchists to Marxists to Black Lives Matter. These days, it’s also the secure planning app of first resort for opposition rallies targeting Trump. The app’s even made major inroads into Silicon Valley, with Marlinspike working with management at Facebook and Google to get them to adopt the chat app’s encryption architecture into their mobile chat programs, including WhatsApp. Not surprisingly, Facebook’s adoption of Signal into its WhatsApp program won plaudits from the BBG; managers at the propaganda shop boasted that government-funded privacy tools were now going to be used by a billion people.

Despite Open Whisper’s continued ties to the U.S. government, leading lights of America’s privacy and crypto community have taken to warning off people from using anything else. That includes Telegram, which deploys a custom-built cryptographic technique designed by Pavel Durov’s brother, Nikolai, a mathematician. Even Snowden has taken it upon himself to shoo people away from Telegram, advising political activists, journalists, dissidents, whistleblowers—in short, everyone—to use Signal or even Facebook’s WhatsApp instead. “By default, it is less safe than @WhatsApp, which makes [it] dangerous for non-experts,” he tweeted in response to a question from a Telegram-curious supporter.

But for an app designed to hide people from the prying eyes of the U.S. government, Signal’s architecture has given some security and crypto experts pause. Its encryption algorithm is supposed to be flawless, but the app’s backend runs as a cloud service on Amazon, which is itself a major CIA contractor. The program also requires that users connect the app to a real mobile phone number and give access to their entire address book—strange behavior for an app that is supposed to hide people’s identities. Signal also depends on Google and Apple to deliver and install the app on people’s phone, and both of those companies are surveillance partners of the NSA. “Google usually has root access to the phone, there’s the issue of integrity. Google is still cooperating with the NSA and other intelligence agencies,” wrote Sander Venema, a developer who trains journalists on security. “I’m pretty sure that Google could serve a specially modified update or version of Signal to specific targets for surveillance, and they would be none the wiser that they installed malware on their phones.” And given Signal’s narrow marketing to political activists and journalists, the app works like a flag: it might encrypt messages, but it also tags users as people with something to hide—a big fat sign that says: “WATCH ME, PLEASE.”

And anyway, Signal or no Signal, if your enemy was the United States government, it didn’t really matter what crypto app you used. A recent dump of CIA hacking-tool documents published by WikiLeaks revealed that the agency’s Mobile Devices Branch has developed all sorts of goodies to grab phone data, even when it’s quarantined by the firewalls of apps like Signal and WhatsApp or even Telegram. “These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloackman by hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied,” wrote WikiLeaks.

Durov admitted that cryptography has its limits. Still, as he recounted how Snowden had talked down Telegram, Durov was frustrated and bewildered. He says he and his brother were very cautious about choosing cryptography techniques promoted by American experts—particularly since the NSA docs leaked by Snowden revealed the NSA secretly paid RSA, an influential computer security firm, to use a flawed technique that the NSA knew how to crack. The Durov brothers wondered if the same thing could now be happening with other popular encryption algorithms. They became even more concerned when Telegram began to draw public attacks on social media from American cryptography experts. “They based their criticism of our approach not on any actual weakness, but solely on the fact that we didn’t use the algorithms they were promoting,” he said. “Since they failed to engage in any meaningful conversation on cryptography, we started to realize there was some other agenda they were pushing rather than finding truth or maximizing security.”

But the attacks continued. Not only were Snowden and his crypto allies telling people to trust Facebook, a company that runs on surveillance and partners with the NSA; they were also promoting an app that was actively funded by the foreign policy wing of the U.S. national security state. It just didn’t make any sense.

Durov was dumbfounded. As we sat talking, he told me he could not understand how people could trust a supposedly anti-government weapon that was being funded by the very same U.S. government it was supposed to protect its users from.

We’ve entered a paranoid game theory nightmare world.


I told him that I shared his bewilderment. Throughout all my reporting on this set of crypto radicals funded by a CIA spinoff, I asked a simple question that no one could properly answer: If apps like Signal really posed a threat to the NSA’s surveillance power, why would the U.S. government continue to fund them? I couldn’t help but think of how this alignment of government and corporate power would have been received among the tech and media establishment in the United States had something similar taken place in the former Soviet Union: imagine if the KGB funded a special crypto fax line and told Aleksandr Solzhenitsyn and dissident samizdat writers to use it, promising that it was totally shielded from KGB operatives. Then imagine that Solzhenitsyn would not only believe the KGB, but would tell all his dissident buddies to use it: “It’s totally safe.” The KGB’s efforts would be mercilessly ridiculed in the capitalist West, while Solzhenitsyn would be branded a collaborator at worst, or a stooge at best. Ridiculous as this fusion of tech and state interests under the rubric of dissidence is on the face of things, in America this plan can somehow fly.


Read at: https://thebaffler.com/salvos/the-crypto-keepers-levine
American Dream
 
Posts: 19946
Joined: Sat Sep 15, 2007 4:56 pm
Location: Planet Earth
Blog: View Blog (0)

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 53 guests