Honorable mention for the ITAR regs that prevented Phil Zimmerman from exporting PGP 128 bit encryption until Zimmerman and MIT press printed the source as a book protected by the first amendment, exported it, and this enabled others to OCR it, and recompile it offshore.<p>Also that ITAR enabled Thawte in South Africa (where I’m from) as a business to completely dominate sales for 128 bit SSL certs outside the US. Thawte was eventually acquired by Verizon for $600 million and the founder Mark Shuttleworth used the cash to become an astronaut and then founded Ubuntu.
As this is from 2016 it doesn't include this new fun revelation:<p>> On 11 February 2020, The Washington Post, ZDF and SRF revealed that Crypto AG was secretly owned by the CIA in a highly classified partnership with West German intelligence, and the spy agencies could easily break the codes used to send encrypted messages.<p><a href="https://en.m.wikipedia.org/wiki/Crypto_AG" rel="nofollow">https://en.m.wikipedia.org/wiki/Crypto_AG</a>
I was so curious about the origins of the SHA algorithms that I made a FOIA to NSA about <i>SHA-0</i>^0, as I wanted to understand how it was developed and requested all internal communications, diagrams, papers and so on responsive to that.<p>Interestingly I found that after I got a reply (rough summary: <i>you are a corporate requester, this is overly broad, it will be very expensive</i>) I could no longer access the NSA website. Some kind of fingerprint block. The block persisted across IP addresses, browsers, incognito tabs, and devices so it can't be based on cookies / storage.<p>Still in place today:<p><pre><code> Access Denied
You don't have permission to access "http://nsa.gov/serve-from-netstorage/" on this server.
</code></pre>
0: <a href="https://en.wikipedia.org/wiki/SHA-1#Development" rel="nofollow">https://en.wikipedia.org/wiki/SHA-1#Development</a>
In case anyone is wondering about the context for this 2016 article, it was right after the 2015 San Bernardino attack and the FBI was trying to get into one of the attacker's phones. Apple resisted the request primarily because they wanted a certificate that would allow them to install any rogue firmware/app/OS on any iPhone, not just the attacker's.<p><a href="https://en.wikipedia.org/wiki/2015_San_Bernardino_attack" rel="nofollow">https://en.wikipedia.org/wiki/2015_San_Bernardino_attack</a>
This topic comes up a bunch still. Someone please correct me, but as I understand it anyone using new chips that use Intel ME (or AMD's equivalent) have a gaping hole in their security that no OS can patch.<p>I know puri.sm[0] takes some steps to try to plug the hole, but haven't read up to see if it's effective or no.<p>[0] <a href="https://puri.sm/learn/intel-me/" rel="nofollow">https://puri.sm/learn/intel-me/</a>
Everyone forgets the speck and simon crypto the NSA wanted in the Linux kernel that were, ultimately, removed from it entirely after a lot of well deserved criticism from heavy hitters like Schneier.<p><a href="https://en.m.wikipedia.org/wiki/Speck_(cipher)" rel="nofollow">https://en.m.wikipedia.org/wiki/Speck_(cipher)</a>
for a long time, the US considered cryptography algos as a munition. Needed some arms license to export.<p>Also, US tried to convince the world only 56 bits of encryption was sufficient. As SSL (I don’t think TLS was a thing back then) was becoming more mainstream, US govt only permitted banks and other entities to use DES [1] to “secure” their communications. Using anything more than 56 bits was considered illegal.<p><a href="https://en.m.wikipedia.org/wiki/Data_Encryption_Standard" rel="nofollow">https://en.m.wikipedia.org/wiki/Data_Encryption_Standard</a>
There's talk that the NSA put its own magic numbers into elliptical curve seeds. Does that count?<p><a href="https://www.bleepingcomputer.com/news/security/bounty-offered-for-secret-nsa-seeds-behind-nist-elliptic-curves-algo/" rel="nofollow">https://www.bleepingcomputer.com/news/security/bounty-offere...</a>
This leaves out at least one other proven case - the NSA worked to weaken an early encrypted telephone system that was sold to numerous other governments and allowed them to listen in on conversations.<p>Then there's this: <a href="https://www.cnet.com/tech/tech-industry/nsa-secret-backdoor-paved-way-to-u-s-phone-e-mail-snooping/" rel="nofollow">https://www.cnet.com/tech/tech-industry/nsa-secret-backdoor-...</a><p>And then there was the Tailored Access Operations group that backdoored hundreds if not thousands of computers and networking gear <a href="https://en.wikipedia.org/wiki/Tailored_Access_Operations" rel="nofollow">https://en.wikipedia.org/wiki/Tailored_Access_Operations</a><p>And then there's Bullrun where they partnered with commercial software and hardware companies to insert backdoors, specifically in many commercial VPN systems <a href="https://en.wikipedia.org/wiki/Bullrun_(decryption_program)" rel="nofollow">https://en.wikipedia.org/wiki/Bullrun_(decryption_program)</a><p>Let's also not forget the backdooring of Windows NT: <a href="https://en.wikipedia.org/wiki/NSAKEY" rel="nofollow">https://en.wikipedia.org/wiki/NSAKEY</a><p>...and Lotus Notes was also backdoored, as well.
For financial encryption, so essential is warrantless surveillance to their control of finance, that they've successfully argued that a neutral and immutable protocol instantiating open source code on a distributed public blockchain is property of a sanctionable entity, and thus within their authority to prohibit Americans from using:<p><a href="https://cases.justia.com/federal/district-courts/texas/txwdce/1:2023cv00312/1211705/94/0.pdf" rel="nofollow">https://cases.justia.com/federal/district-courts/texas/txwdc...</a>
Now the argument coming from civil society for backdoors is based on CSAM:<p>> Heat Initiative is led by Sarah Gardner, former vice president of external affairs for the nonprofit Thorn, which works to use new technologies to combat child exploitation online and sex trafficking. In 2021, Thorn lauded Apple's plan to develop an iCloud CSAM scanning feature. Gardner said in an email to CEO Tim Cook on Wednesday, August 30, which Apple also shared with WIRED, that Heat Initiative found Apple's decision to kill the feature “disappointing.”<p>> “Apple is one of the most successful companies in the world with an army of world-class engineers,” Gardner wrote in a statement to WIRED. “It is their responsibility to design a safe, privacy-forward environment that allows for the detection of known child sexual abuse images and videos. For as long as people can still share and store a known image of a child being raped in iCloud we will demand that they do better.”<p><a href="https://www.wired.com/story/apple-csam-scanning-heat-initiative-letter/" rel="nofollow">https://www.wired.com/story/apple-csam-scanning-heat-initiat...</a>
I posted this because of the Enigma/Crypto AG mixup in the article, but it doesn't seem that anyone noticed. Seemed relevant considering the post about fabricated Atlas Obscura stories a few days ago.
Sharing this seems like an appropriate way of commemorating David Kahn's passing (<a href="https://news.ycombinator.com/item?id=39233855">https://news.ycombinator.com/item?id=39233855</a>). <3
i believe the cryptomuseum has a more extensive list than the one in the link: <a href="https://www.cryptomuseum.com/intel/nsa/backdoor.htm" rel="nofollow">https://www.cryptomuseum.com/intel/nsa/backdoor.htm</a> particularly one is interesting as i have reverse engineered and proven its existence: <a href="https://www.cryptomuseum.com/crypto/philips/px1000/nsa.htm" rel="nofollow">https://www.cryptomuseum.com/crypto/philips/px1000/nsa.htm</a>
One of my favorite comics about cryptography.
<a href="https://xkcd.com/538/" rel="nofollow">https://xkcd.com/538/</a><p>Government routinely posits a desperate need for backdoors in crypto and crypto secured products, but almost universally they get the data they want without needing a manufacturer provided backdoor. So why they insist on continuing to do that is beyond me. It's almost security theater.<p>If they really want your protected information they will be able to get it. Either through a wrench or a legal wrench. In lieu of that they can use practically unlimited resources at their disposal from who they employ (or contract out to) to the long axis to which most secured devices succumb from, time.<p>My personal threat model isn't to defeat the government. They will get the data eventually. My personal threat model is corporations that want to know literally everything about me and bad faith private actors (scammers, cybercrime and thieves) that do too.<p>Ultimately it will take strict legislation and compliance measurement along with penalties to protect the government from overstepping the bounds they promise not to step over already, let alone new ones. It will take even stricter legislation to stop corporations from doing it. There are significant financial and political incentives for our ruling bodies to not do that, unfortunately.<p>I mean honestly, when you have this kind of ability at your disposal...<p><a href="https://www.npr.org/2021/06/08/1004332551/drug-rings-platform-operation-trojan-shield-anom-operation-greenlight" rel="nofollow">https://www.npr.org/2021/06/08/1004332551/drug-rings-platfor...</a>
how likely is it that whatsapp or telegram are backdoored?<p>i wonder what tools do guerilla armies or drug lords use to communicate..<p>or maybe its better to hide in plain sight.<p>just use some kind of double speak that gives plausible deniability.
Encryption is meaningless with cpu-level side-channel memory key dumps active on most modern platforms. The reality is if you have been targeted for financial or technological reasons, than any government will eventually get what they are after.<p>One can't take it personally, as all despotic movements also started with sycophantic idealism.<p>Have a great day, =)<p><a href="https://xkcd.com/538/" rel="nofollow">https://xkcd.com/538/</a>
<p><pre><code> FBI director James Comey have publicly lobbied for the insertion of cryptographic “backdoors” into software and hardware to allow law enforcement agencies to bypass authentication and access a suspect’s data surreptitiously. Cybersecurity experts have unanimously condemned the idea, pointing out that such backdoors would fundamentally undermine encryption and could exploited by criminals, among other issues.
</code></pre>
"could exploited by criminals" is sadly a disingenuous claim. A cryptographic backdoor is presumably a "Sealed Box"[1] type construct (KEM + symmetric-cipher-encrypted package). As long as the government can keep a private key secure only they could make use of it.<p>There are plenty of reasons not to tolerate such a backdoor, but using false claims only provides potential ammunition to the opposition.<p>[1] <<a href="https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes" rel="nofollow">https://libsodium.gitbook.io/doc/public-key_cryptography/sea...</a>>