NationStates Jolt Archive

http://www.nytimes.com/2009/01/16/washington/16fisa.html?_r=3&partner=rss&emc=rss

WASHINGTON — A federal intelligence court, in a rare public opinion, is expected to issue a major ruling validating the power of the president and Congress to wiretap international phone calls and intercept e-mail messages without a court order, even when Americans’ private communications may be involved, according to a person with knowledge of the opinion.

The court decision, made in December by the Foreign Intelligence Surveillance Court of Review, is expected to be disclosed as early as Thursday in an unclassified, redacted form, the person said. The review court has issued only two other rulings in its 30-year history.

The decision marks the first time since the disclosure of the National Security Agency’s warrantless eavesdropping program three years ago that an appellate court has addressed the constitutionality of the federal government’s wiretapping powers. In validating the government’s wide authority to collect foreign intelligence, it may offer legal credence to the Bush administration’s repeated assertions that the president has constitutional authority to act without specific court approval in ordering national security eavesdropping.

Once they release the opinion, I would be interested to see what the basis for their decision has been. While I'm big on the idea that the Constitution protects US citizens (the People, as per the document, doesn't appear to mean "everyone in the world, wherever they happen to be"), I'm not in favor of the idea that the Constitution protects people outside of our borders.

I'm also wondering - at the end of the article they say this decision will likely affect Obama's changes to the wiretap policy - will he give up this power? Or only sharply define it?

Two things I notice.

One, its only international. Meaning two foreigners talking inside the US would concievably be protected from warentless wiretapping. And US citizens would also be protected as such. So, this in no way contradicts the supreme courts decisions that foreigners get constitutional protection.

Two, its not SCOTUS, so I would expect an appeal.

Two things I notice.

One, its only international. Meaning two foreigners talking inside the US would concievably be protected from warentless wiretapping. And US citizens would also be protected as such. So, this in no way contradicts the supreme courts decisions that foreigners get constitutional protection.

Two, its not the supreme federal court, so I would expect an appeal.

Given the current makeup of the Supreme Court, what do you think the outcome will be when it reaches SCOTUS?

http://www.nytimes.com/2009/01/16/washington/16fisa.html?_r=3&partner=rss&emc=rss
Once they release the opinion, I would be interested to see what the basis for their decision has been. While I'm big on the idea that the Constitution protects US citizens (the People, as per the document, doesn't appear to mean "everyone in the world, wherever they happen to be"), I'm not in favor of the idea that the Constitution protects people outside of our borders.
It's not a particularly complicated scheme. US CIA, by an agreement giving it rights to operate elsewhere, taps citizens there and passes information to say the MI6. Then the MI6, by same agreement, monitors US citizens and passes information to CIA...



I'm also wondering - at the end of the article they say this decision will likely affect Obama's changes to the wiretap policy - will he give up this power?
Like if he's some sort of a saint.

Given the current makeup of the Supreme Court, what do you think the outcome will be when it reaches SCOTUS?

Thats a toss up. Id honestly say theyd overturn it, 5-4, along the same lines they did in Rasaul V Bush. But, I cant read their minds.

FWIW, click here to read the Foreign Intelligence Surveillance Court of Review's ruling (http://www.uscourts.gov/newsroom/2009/FISCR_Opinion.pdf?WT.cg_n=FISCROpinion_WhatsNew_homepage).

I'm still reading it myself. I'll comment when I'm done.

"They will do it anyway, because they are not accountable"

FWIW, click here to read the Foreign Intelligence Surveillance Court of Review's ruling (http://www.uscourts.gov/newsroom/2009/FISCR_Opinion.pdf?WT.cg_n=FISCROpinion_WhatsNew_homepage).

I'm still reading it myself. I'll comment when I'm done.

Would like to get a copy of "Sealed Case".

Guess I'll have to start encrypting my e-mail then and only talking in code on the phone.

Guess I'll have to start encrypting my e-mail then and only talking in code on the phone.

I doubt that any publicly available encryption really protects you for more than 24 hours.

I doubt that any publicly available encryption really protects you for more than 24 hours.

That, and encrypting international emails is a good way to get you flagged for closer surveillance.

I doubt that any publicly available encryption really protects you for more than 24 hours.

What? They cracked one time pad coding? Isn't that like impossible?

What? They cracked one time pad coding? Isn't that like impossible?

Like you have one time pad stuff for your regular emails to everyone you know.

Like you have one time pad stuff for your regular emails to everyone you know.

Nah thats only for important stuff. If its boring and pointless it just gets the 256bit encyrption to annoy eavesdroppers.

I doubt that any publicly available encryption really protects you for more than 24 hours.

And I know you don't know a damn thing about modern cryptosystems. Military grade encryption, the same thing that protects every damn spy the NSA has, is available for free, fully audited, with source code. Use good keys, and it cannot be broken within your lifetime.

And I know you don't know a damn thing about modern cryptosystems. Military grade encryption, the same thing that protects every damn spy the NSA has, is available for free, fully audited, with source code. Use good keys, and it cannot be broken within your lifetime.

And you believe that... Al-Q laptops which were using PGP were broken in less than a day.

And you believe that... Al-Q laptops which were using PGP were broken in less than a day.

And they were not using large keys. Nor were they using a truly modern cipher. And then in all probability they had other methods of obtaining information for that particular case - rubber hose cryptanalysis, while illegal, is very effective if applied to the right person.

I reiterate: you can use the same cryptosystem that organisations like the NSA use to protect their data, for no cost. With sensible keys, this is secure.

And they were not using large keys. Nor were they using a truly modern cipher. And then in all probability they had other methods of obtaining information for that particular case - rubber hose cryptanalysis, while illegal, is very effective if applied to the right person.

I reiterate: you can use the same cryptosystem that organisations like the NSA use to protect their data, for no cost. With sensible keys, this is secure.

Not for very long.

And you believe that... Al-Q laptops which were using PGP were broken in less than a day.

O rly? Then why did this happen?

http://news.cnet.com/8301-13578_3-9834495-38.html?tag=nefd.blgs

O rly? Then why did this happen?

http://news.cnet.com/8301-13578_3-9834495-38.html?tag=nefd.blgs

That's the Justice Department wanting a key. Not the NSA.

The NSA reads whatever it wants to.

And you believe that... Al-Q laptops which were using PGP were broken in less than a day.

Guess I'll go back to reliable tactics then...

Source please?

Not for very long.

Hahaha, no.

The NSA use AES for data classified as "Top-Secret". The AES algorithm is freely available, and it is implemented by many free open source packages. Use a sufficiently large key - 512 to 1024 bit if you're feeling really paranoid - and this cryptosystem is secure against anything that anybody can currently deploy (more than that - against anything that everybody can currently deploy).

You, quite simply, do not know anything about modern cryptography. This would not be a problem, if you were not seeking to make pronouncements on it.

What? They cracked one time pad coding? Isn't that like impossible?
Isn't one time pad coding, like, perfectly safe and perfectly useless?

The problem with any encryption system is "but how do you transfer the key?". With OTP, key transmission is as much of a problem as message transmission.


Nah thats only for important stuff. If its boring and pointless it just gets the 256bit encyrption to annoy eavesdroppers.
So you want to say you actually use it - well, if so, how do you transfer the keys?

So you want to say you actually use it - well, if so, how do you transfer the keys?

There is the zero key. This is handed over to intended recipient in person in the dead of night with the paranoia etc. All subsequent keys are included in the previous message.

Before beginning, let me remind everyone that the Fourth Amendment to the U.S. Constitution reads:

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

US FISC court's decision -- absent some of the technicalities regarding standing, etc -- basically argues:

1. The court is only considering the specific circumstances of the application of the Protect America Act of 2007 in the case before it. It does not entertain a facial challenge to that statute and rejects hypothetical problems with the PAA as not evidenced in this specific case.

2. Although there is no SCOTUS precedent (or cited lower court opinons) precisely on point, there is a "foreign intelligence" exception to the warrant requirement of the Fourth Amendment. The court analogizes the "foreign intelligence exception" ot other "special needs" cases where government action "went beyond routine law enforcement and insisting on a warrant would materially interefere with the accomplishment of that purpose." The Court cites cases dealing with the drug testing of high-school athletes, drug and alcohol testing of railroad workers, and Terry pat-frisks for weapons.

3. Essentially the court argues that there is an exception "for surveillance undertaken for national security purposes and directed a a foreign power or an agent of a foreign power reasonably believed to be located outside the United States." Why? Because the interests of "national secutiy" are "particularly intense." The court adds that requiring a warrant might "hinder the government's ability to collect time-sensitive information and thus, would impeded the vital national security interests that are at stake.

4. The court recognizes that, even if a warrant isn't required, the searches under the PAA must still comport with the Fourth Amendment requirement of reasonableness. The court uses a "totality of circumstances" balacing test to weight the government's interest in an intrusion against the individual privacy interests at stake.

5. Not surprisingly, the court emphasizes that "the interest in national security [is] of the highest order of magnitude" and judges whether the protections afforded to the privacy rights of targeted persons by the PAA are reasonable "in light of this important interest." (In other words, national security trumps.)

6. The court concludes that the PAA is reasonable government action because of the "matrix of safeguards" of steps the Executive Branch must fulfill in order to conduct a search under the PAA. These steps, however, are wholly internal to the Executive Branch and require no judicial or objective oversight. To the argument that "by placing discretion entirely in the hands of Executive Branch without prior judicial involvement, the procedures cede to that Branch overly broad power that invites abuse, the court responds that "this is little more than a lament about the risk that government officials will not operate in good faith." The court finds the PAA's "prophylatic procedures" sufficient.

My beefs:

1. Although there is some argument to be made for a foreign intelligence exception to the Warrant Clause, simply saying "national security requires it" doesn't cut it. The cases relied on by the court are completely inapposite to the question of such an exception. And the court never clearly defines what the exception is.

2. My biggest complaint is with #6 above. It is a bedrock idea behind our Constitution that it protects against the potential of abuse and does not assume "good faith" by government officials. As James Madison wrote in Federalist #51 (http://www.constitution.org/fed/federa51.htm) (emphasis added):

It may be a reflection on human nature, that such devices should be necessary to control the abuses of government. But what is government itself, but the greatest of all reflections on human nature? If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself. A dependence on the people is, no doubt, the primary control on the government; but experience has taught mankind the necessity of auxiliary precautions.


This is particularly true regarding the Fourth Amendment and the Warrant Clause. Part of the whole point is that our privacy is not left to the whims of the Executive Branch. As SCOTUS explained in Johnson v. United States (http://laws.findlaw.com/us/333/10.html), 333 U.S. 10 (1948):

The point of the Fourth Amendment, which often is not grasped by zealous officers, is not that it denies law enforcement the support of the usual inferences which reasonable men draw from evidence. Its protection consists in requiring that those inferences be drawn by a neutral and detached magistrate instead of being judged by the officer engaged in the often competitive enterprise of ferreting out crime. Any assumption that evidence sufficient to support a magistrate's disinterested determination to issue a search warrant will justify the officers in making a search without a warrant would reduce the Amendment to a nullity and leave the people's homes secure only in the discretion of police officers. Crime, even in the privacy of one's own quarters, is, of course, of grave concern to society, and the law allows such crime to be reached on proper showing. The right of officers to thrust themselves into a home is also a grave concern, not only to the individual but to a society which chooses to dwell in reasonable security and freedom from surveillance. When the right of privacy must reasonably yield to the right of search is, as a rule, to be decided by a judicial officer, not by a policeman or Government enforcement agent.

Let me admit that I am not entirely convinced the PAA is wholly evil and unjustifiable. I am just not persuaded by this attempt at justification.

Hahaha, no.

The NSA use AES for data classified as "Top-Secret". The AES algorithm is freely available, and it is implemented by many free open source packages. Use a sufficiently large key - 512 to 1024 bit if you're feeling really paranoid - and this cryptosystem is secure against anything that anybody can currently deploy (more than that - against anything that everybody can currently deploy).

You, quite simply, do not know anything about modern cryptography. This would not be a problem, if you were not seeking to make pronouncements on it.

You don't know much about quantum computing, nor the fact that the NSA has a 7-qubit machine more than capable of cracking that key size.

You don't know much about quantum computing, nor the fact that the NSA has a 7-qubit machine more than capable of cracking that key size.

I don't know much about where you're getting this information and its reliability. Thus I don't believe it.

Would like to get a copy of "Sealed Case".

I believe it can be read here (http://www.fas.org/irp/agency/doj/fisa/fiscr111802.html).

I don't know much about where you're getting this information and its reliability. Thus I don't believe it.

That's your risk to take.

http://www.networkworld.com/community/node/34597

They're looking for new algorithms because they now have a machine. They're looking for new ways to use it.

Investigators should presuppose the existence of a fully functional quantum computer and consider what algorithmic tasks are particularly well suited to such a machine. A necessary component of this research will be to compare the efficiency of the quantum algorithm to the best existing classical algorithm for the same problem."

Even NIST has one. It's astonishingly fast.

http://www.networkworld.com/news/2008/060308-discovery-slashes-quantum-cryptography.html

I would not, for a moment, believe that old-style non-quantum encryption methods are safe. Anyone with the money and means to build a quantum computer will be able to read your traffic.

My beefs:

1. Although there is some argument to be made for a foreign intelligence exception to the Warrant Clause, simply saying "national security requires it" doesn't cut it. The cases relied on by the court are completely inapposite to the question of such an exception. And the court never clearly defines what the exception is.

2. My biggest complaint is with #6 above. It is a bedrock idea behind our Constitution that it protects against the potential of abuse and does not assume "good faith" by government officials. As James Madison wrote in Federalist #51 (http://www.constitution.org/fed/federa51.htm) (emphasis added):

It may be a reflection on human nature, that such devices should be necessary to control the abuses of government. But what is government itself, but the greatest of all reflections on human nature? If men were angels, no government would be necessary. If angels were to govern men, neither external nor internal controls on government would be necessary. In framing a government which is to be administered by men over men, the great difficulty lies in this: you must first enable the government to control the governed; and in the next place oblige it to control itself. A dependence on the people is, no doubt, the primary control on the government; but experience has taught mankind the necessity of auxiliary precautions.


This is particularly true regarding the Fourth Amendment and the Warrant Clause. Part of the whole point is that our privacy is not left to the whims of the Executive Branch. As SCOTUS explained in Johnson v. United States (http://laws.findlaw.com/us/333/10.html), 333 U.S. 10 (1948):

The point of the Fourth Amendment, which often is not grasped by zealous officers, is not that it denies law enforcement the support of the usual inferences which reasonable men draw from evidence. Its protection consists in requiring that those inferences be drawn by a neutral and detached magistrate instead of being judged by the officer engaged in the often competitive enterprise of ferreting out crime. Any assumption that evidence sufficient to support a magistrate's disinterested determination to issue a search warrant will justify the officers in making a search without a warrant would reduce the Amendment to a nullity and leave the people's homes secure only in the discretion of police officers. Crime, even in the privacy of one's own quarters, is, of course, of grave concern to society, and the law allows such crime to be reached on proper showing. The right of officers to thrust themselves into a home is also a grave concern, not only to the individual but to a society which chooses to dwell in reasonable security and freedom from surveillance. When the right of privacy must reasonably yield to the right of search is, as a rule, to be decided by a judicial officer, not by a policeman or Government enforcement agent.

Let me admit that I am not entirely convinced the PAA is wholly evil and unjustifiable. I am just not persuaded by this attempt at justification.


I fully agree with your complaints, and they are mine as well. One quick question, if you, old wise and learned one, could tell me if the quick analysis of a soon to be first year law student is correct:

Two things I notice.

One, its only international. Meaning two foreigners talking inside the US would concievably be protected from warentless wiretapping. And US citizens would also be protected as such. So, this in no way contradicts the supreme courts decisions that foreigners get constitutional protection.

Two, its not SCOTUS, so I would expect an appeal.

Or am I waaaaaaaay off, particularly on point one?

You don't know much about quantum computing, nor the fact that the NSA has a 7-qubit machine more than capable of cracking that key size.

I know about Quantum computing. I also know that the NSA have no such machine*, and that AES is not based on any problems which are tractable to quantum analysis. Your ignorance is showing again.

*In all probability. While the NSA have a lot of experts in Mathematics and Computer Science, they have nowhere near enough to be that far in front of the current state of the art.

I know about Quantum computing. I also know that the NSA have no such machine*, and that AES is not based on any problems which are tractable to quantum analysis. Your ignorance is showing again.

*In all probability. While the NSA have a lot of experts in Mathematics and Computer Science, they have nowhere near enough to be that far in front of the current state of the art.

That explains the contract with IBM four years ago for a 7-qubit machine.

Even NIST has one. It's astonishingly fast.

http://www.networkworld.com/news/2008/060308-discovery-slashes-quantum-cryptography.html

I would not, for a moment, believe that old-style non-quantum encryption methods are safe. Anyone with the money and means to build a quantum computer will be able to read your traffic.

Thats not a quantum computer. Thats light with data encyrpted in it relying on the fact eavesdropping at that scale necessarily disrupts the message

That's your risk to take.

http://www.networkworld.com/community/node/34597

They're looking for new algorithms because they now have a machine. They're looking for new ways to use it.

People have already written algorithms for quantum computers, even before any were built. We do not yet have the knowledge or technology to build one, and there is no way that the NSA is 50 years ahead internally, given that they do not have that proportion of the brains. If they were, they wouldn't be needing to offer research grants for work in the area.


Even NIST has one. It's astonishingly fast.

http://www.networkworld.com/news/2008/060308-discovery-slashes-quantum-cryptography.html

I would not, for a moment, believe that old-style non-quantum encryption methods are safe. Anyone with the money and means to build a quantum computer will be able to read your traffic.

This is irrelevant - it is talking about quantum key distribution, which is something entirely different.

That explains the contract with IBM four years ago for a 7-qubit machine.

[citation needed]

While this discussion on encryption is cool, can you guys start a seperate thread?

well, yes I'd like to get to reading "Sealed Case"

There is the zero key. This is handed over to intended recipient in person in the dead of night with the paranoia etc. All subsequent keys are included in the previous message.
That's where you get caught.

OTP is only perfect because of the zero information principle - the message and the key are equally useless.

If you transfer the key to the next message in the previous one, you fail, because they become a chain with effectively the same key. It's no longer a one-time pad. Furthermore, encryption done this way will be much easier to break than proper methods.

Also, the length of each next key will have to be reduced by the length of the actual message.

That's where you get caught.

OTP is only perfect because of the zero information principle - the message and the key are equally useless.

If you transfer the key to the next message in the previous one, you fail, because they become a chain with effectively the same key. It's no longer a one-time pad. Furthermore, encryption done this way will be much easier to break than proper methods.

Also, the length of each next key will have to be reduced by the length of the actual message.

I knew there was a reason I'm not a cryptographer.

I knew there was a reason I'm not a cryptographer.
...And neither were the Al-Qaeda members, even those who were dedicated "computer boys". (I'm not either, just know a bit about programming.)

It's easy to invent an encryption method that "takes over 9,000 years to break", but any method is pointless without proper use and security. This rating is for brute force cracking, while more intelligent cracking, using vulnerabilities or additional information, can shortcut through that in incomparably less time.

In addition, the more complex a method is, the more prone it is to mishandling. For instance, the terrorists could easily use the OTP coding just the way you've described, which would get the entire chain cracked on the third message.

A typical vulnerability with very long keys is the method used in key generation (the NS-infamous "My 10,000-bit encryption is better than your 4096 so I win"). Any suitable method will generate only quasi-random numbers, and most times the entire sequence can be replicated by just knowing the original seed. Which is just 32 bits long - so only 4 billion possible keys to go! Seems like a lot, but a child's play for proper software really. But still protects you from the random onlooker, which only makes you confident in your encryption security.