Good evening. We're now off to a good start with this new Monday-Wednesday-Friday column, because this time I'm getting it published before midnight on both coasts.
So let's get right to it. The two big stories I'm seeing are that Google's Street View spying troubles are coming home to the US, and the NSA is apparently expanding its mission to protect US communications from foreign agents in a new and potentially troublesome direction.
For the most part, Google has been having troubles in Europe related to its Street View services. It was revealed that the Street View vans were spying on wireless networks and recording data from them, something that gives trouble for Google under various European privacy laws. However US officials may begin to act now that it's come out that gee, US officials weren't immune to this spying if their home networks weren't secure. Says Consumer Watchdog at its site Insidegoogle.com:
“This is the most massive example of wire tapping in American history and even members of Congress do not appear to be immune,” said Jamie Court, president of Consumer Watchdog, which published the results on its Insidegoogle.com website. “Whether it’s compromising government secrets or our personal financial information, Google’s unprecedented WiSpying threatens the security of the American people and Congress owes Americans action.”
I can only wonder what emails Vint Cerf and Andrew McLaughlin are exchanging about this matter.
Speaking of spying, the National Security Agency is in the news again. The spy agency charged with cracking enemy signals and protecting our own is apparently looking at protecting private signals over the Internet with a new program called Perfect Citizen. In theory, the program sounds harmless if narrowly construed and operated in good faith, but theory is irrelevant here.
First off, we're talking about spies, and in particular spies who have never published the methodologies behind previous "public services" such as the modification of the S-boxes of DES*. Secondly, we're talking about the government, which has made scope creep a way of life since the Louisiana Purchase. Thirdly, we're talking about the Obama administration, which is already active in trying to control the Internet via the Cybersecurity Act and via Net Neutrality regulation. We have no reason to believe Perfect Citizen is as harmless and safe as it appears to be. Watch out.
* Many years ago the government wanted to publish a standard cryptographic algorithm that private businesses could use to protect their data. The initial work was farmed out to IBM, who produced the code called Lucifer, later to be called DES, the Data Encryption Standard. However before DES, which became a FIPS Federal Information Processing Standard, was made official, it was turned it over to the NSA for review. NSA changed one part of the algorithm, called the S-Boxes, but never said why. Said Allen Konheim, one of DES's designers, "We sent the S-Boxes off to Washington. They came back and were all different." For all we know the NSA spooks made DES more crackable for themselves, and they're not saying anything to make us doubt that.
Today DES is terribly obsolete, because the key is too short. Also obsolete is the variant known as TDEA, the Triple Data Encryption Algorithm, which runs DES three times to get a triple key length. Both have been replaced by the new AES, Advanced Encryption Standard, which was developed entirely in the private sector (by Belgian researchers in fact) and was not changed by the NSA before final publication.