How to Foil NSA Sabotage: Use a Dead Man's Switch

Registering for nothing-to-see-here deadlines could help to sound the alert when a website has been compromised

Email Print
FacebookTwitterShare

The more we learn about the breadth and depth of the NSA and GCHQ‘s programmes of spying on the general public, the more alarming it all becomes. The most recent stories about the deliberate sabotage of security technology are the full stop at the end of a sentence that started on 8 August, when the founder of Lavabit (the privacy oriented email provider used by whistleblower Edward Snowdenabruptly shut down, with its founder, Ladar Levison, obliquely implying that he’d been ordered to secretly subvert his own system to compromise his users’ privacy.

It doesn’t really matter if you trust the “good” spies of America and the UK not to abuse their powers (though even the NSA now admits to routine abuse, you should still be wary of deliberately weakened security. It is laughable to suppose that the back doors that the NSA has secretly inserted into common technologies will only be exploited by the NSA. There are plenty of crooks, foreign powers, and creeps who devote themselves to picking away patiently at the systems that make up the world and guard its wealth and security (that is, your wealth and security) and whatever sneaky tools the NSA has stashed for itself in your operating system, hardware, applications and services, they will surely find and exploit.

One important check against the NSA’s war on security is transparency. Programmes published under free/open software licenses can be independently audited are much harder to hide secret back doors in. But what about the services that we use – certificate providers, hosted email and cloud computers, and all the other remote computers and networks that we entrust with our sensitive data?

Ultimately these are only as trustworthy as the people who run them. And as we’ve seen with Lavabit, even the most trustworthy operators may face secret orders to silently betray you, with terrible penalties if they speak out.

This is not a new problem. In 2004, American librarians recoiled at the FBI’s demands to rummage through their patrons’ reading habits and use them to infer terroristic intent, and at the FBI’s gag orders preventing librarians from telling their patrons when the police had come snooping.

Jessamyn West, a radical librarian, conceived of a brilliant solution, a sign on the wall of her library reading “THE FBI HAS NOT BEEN HERE (watch very closely for the removal of this sign).” After all, she reasoned, if the law prohibited her from telling people that the FBI had been in, that wasn’t the same as her not not telling people the FBI hadn’t been in, right?

I was reminded of this last week on a call with Nico Sell, one of the organisers of the annual security conference Defcon (whose founder, Jeff Moss, told the NSA that it would not be welcome at this year’s event). Nico wanted me to act as an adviser to her company Wickr, which provides a platform for private messaging. I asked her what she would do in the event that she got a Lavabit-style order to pervert her software’s security.

She explained that her company had committed to publishing regular transparency reports, modelled on those used by companies like Google, with one important difference. Google’s reports do not give the tally of secret orders served on it by governments, because doing so would be illegal. Sell has yet to receive a secret order, so she can legally report in each transparency report: “Wickr has received zero secret orders from law enforcement and spy agencies. Watch closely for this notice to disappear.” When the day came that her service had been served by the NSA, she could provide an alert to attentive users (and, more realistically, journalists) who would spread the word. Wickr is designed so that it knows nothing about its users’ communications, so an NSA order would presumably leave its utility intact, but notice that the service had been subjected to an order would be a useful signal to users of other, related services.

Read the rest of the article

Email Print
FacebookTwitterShare
  • LRC Blog

  • Podcasts