Interesting that this is appearing only now, even though it happened in 2012.
Reminds me of the recent "news" that terrorists changed their tactics after the leaks, "according to government officials". Greenwald talked about this recently:
It's not a laugh track, it's an actual audience. He's speaking at the Socialism 2013 conference. He originally planned to be there but was unable to make it due to all the stuff that's gone down these last few weeks.
Like I've said in other posts, spy on people and they start to react. In this case they start using encryption more and more. No, such people are not 100% secure, but if there is a secure option, they take it. This increases encrypted traffic and of course government paranoia. More of us are hiding stuff, there for more of us must be guilty, so government needs to spy more.
Mean while, real criminals will simply avoid electronic communications.
I may be a bit too paranoid, but this seems like a decoy similar to the iMessage decoy earlier this year.
This is a quote from the government so surely there will be multiple -- perhaps even conflicting -- interpretations and definitions of the terms encryption, foiled, and wiretaps.
Doesn't seem too paranoid to me at all. Even a couple years ago, if you had said the NSA was spying on everyone, people would have branded you as a tin foil hat wearing conspiracy theorist. Now we're supposed to believe the things that our government tells us after years and years of lying about hundreds of things at a time? No thanks.
Huh? End-to-end just means it's not decrypted in transit by design. All the other usual technical things can still go wrong (trust model failures, exploitable programming bugs, crypto protocol breaks, crypto algorithm breaks, ui trickery etc). Not to mention social engineering, phishing, backdoors and such.
Interesting that they specifically mention Apple. If I recall, a few months ago, before this whole NSA thing broke, there was a story on how iMessage's encrypted-by-default communications were being a PITA for investigators used to just being able to pull SMS logs. I wonder if that's what this is talking about?
Of course, that's what they'd say if they had broken it. If they hadn't, then saying this would be counterproductive.
Alternate 1: Since they're keeping encrypted stuff forever, they're somehow OK with not getting access to stuff until moore's law has had a while longer to run / more exploits have been found?
Alternate 2: They want the metadata, and if people didn't trust encryption they wouldn't even get that?
I don't believe they can break most forms of crypto head on, but they can certainly exploit a lot of flaws (either errors in the implementation or flaws in either the infrastructure it runs on or physical/human factors).
It's an open question whether strong crypto used inappropriately makes people do things they wouldn't otherwise. If you know all comms are monitored, and don't ever say anything incriminating on the phone, you're better off than someone who has an unbreakable encrypted phone but is talking to an informant with a recorder on the other end.
Read in a literal sense, that is true, but the NSA has sufficient influence to exercise an effective veto over mass-market crypto just by saying they don't believe it's secure (whether that is true or not). If the NSA said "don't use AES", most people wouldn't use AES. They also could have easily spooked everyone off Rijndael during the AES selection process.
For that reason, I don't generally find it useful to argue the point of exactly where Rijndael actually came from.
Well it highly unlikely that they were not involved in the selection process for AES, so in a sense they did develop AES.
Also with Suite B, the NSA tells you want eliptic curve parameters to use. They may have chosen those parameters to suit there needs, should be need to break the encryption.
I think it's _hugely_ unlikely that the NSA has a way to break something like AES-256. Advances in crypto of that magnitude don't come out of nowhere, and there's not even a hint of how you would do that on the radar.
That being said... A focused attack by the US Government is a treat model that you just can't protect against (and still use any sort of modern technology). You can use all the encryption you want... They're gonna drop rootkits on your devices, bug your house and car, compromise your associates, etc... The fact that there have been some cases where encryption prevented an 'easy' wiretap, it doesn't mean they weren't able to get the information through some other means.
Reminds me of the recent "news" that terrorists changed their tactics after the leaks, "according to government officials". Greenwald talked about this recently:
http://youtu.be/Uulv4ve6RJ8?t=47m5s