Saturday, September 16, 2017

The Warrant Cases are Pyrrhic Victories

The essential question in Trusted Computing has always been "Trusted FROM WHOM?" and the answer right now is from the Government.

Trusted Computing is Complex

So a while back I had two friends who I hung out with all the time and because we knew almost no women after we worked a full day at the Fort we would go back to their house and try to code an MP3 decoder or work on smart card security (free porn!) or any number of random things.

One of my friends, Brandon Baker, went off to Microsoft and ended up building the Hyper-V kernel and worked on this little thing called Palladium, which then got renamed the Next Generation Trusted Computing Base and because of various political pressures relating to creating an entirely new security structure based on hardware PKI was then buried.

But it didn't die - it has been slowly gaining strength and being re-incarnated in various forms, and one of those forms is Azure Confidential Computing.

People have a hard time grasping Palladium because without all the pieces, it is always broken and makes no sense, and most of those pieces are in poorly documented hardware. But the basic idea is: What if Microsoft Windows could run a GPG program that it could not introspect or change in any way, such that your GPG secret key was truly secret, even from the OS, even if a kernel rootkit was installed?

Of course, the initial concept for Palladium was mostly oriented towards DRM, in the sense of having a media player that could remotely authenticate itself to a website and a secured keyboard/screen/speaker such that you couldn't steal the media. This generated little interest in the marketplace and the costs for implementation were enormous, hence the failure to launch.

"Winning" on warrants. The very definition of Pyrrhic Victories.

Law Subsumed by Strategy

There's a sect among the Law Enforcement, national security, and legal community that looks upon Microsoft and Google's court cases on extra-territorial warrant responses as an impingement of the natural rights of the US Nation State.

It's no surprise that the legal arguments are disjointed from both sides. Effectively the US position is that the government should be able to collect whatever data it wants from Google or Microsoft, because the data is accessible from the US, and because they want it. And Google and Microsoft have stored that data on overseas servers for many reasons but also because their customers, both international and domestic think the US State no longer has that natural right, that it is as primitive as Prima Nocte. And in addition their employees think the US has failed to go to bat on these issues for Google/Microsoft/etc in China and the EU.  This isn't necessarily true, but it is true that the USG has treated the populations that make up the technology elites as if their opinions are not relevant to the discussion.

Law is not a Trump Card

The problem with making the US Government the primary foe in every technology company's threat model is they can very quickly adapt to new laws by building systems which they cannot introspect, which is what Azure Confidential Computation is. But that's just the beginning. Half their teams come from the NSA and CIA technology arms. They know how to cause huge amounts of pain to our system while staying within regulations and laws, and they have buy in from the very tops of their organizations.

This was all preventable. If we'd had decent people in the executive team killing the Apple lawsuit last year, and finding some way to come to an agreement and end the crypto war, we could have prevented Going Dark from being a primary goal of all of the biggest companies (I.E. even at Financials). We needed to be able to negotiate with them in good faith to maintain a balance of "The Golden Age of Metadata" with what they and their customers wanted.

We didn't have anyone who could do that. As in so many pieces of the cyber-government space, we may have missed our window to prevent the next string in the international order from unraveling.

Thursday, September 7, 2017

Opaque cyber deterrence efforts


Pakistan's Nuclear Policy: A Minimum Credible Deterrence

By Zafar Khan
Figuring out what cyber operations can and can't deter is most similar to figuring out what percentage of your advertising budget you are wasting. That is: you know 90% of your cyber deterrence isn't working, you just don't know which 90%.

That said, so much more of cyber deterrence is based around private companies than we are used to working with in international relations. Kaspersky may or may not have been used for ongoing Russian operations, and the deterrent effect of banning them from the US market will have a long reach. This mix is complicated and multi-faceted. Some of the hackers that ran China's APT1 effort now work for US Anti-Virus companies.

Modern thinkers around deterrence policy often look at only declared overt deterrence, of the type North Korea is currently using. But covert deterrence is equally powerful and useful and much more applicable to offensive cyber operations where there is no like-for-like comparison between targets or operational capability.

But cyber does have deterrent effects - knowing that someone can out your covert operatives by analyzing the OPM and Delta Airline databases can deter a nation-state from operating in certain ways.

The question is whether non-nation-state actors also have opaque cyber deterrence abilities and how to model these effects as part of a larger national security strategy - for example, via Google's Project Zero. And it's possible that the majority of cyber deterrence will at least pretend to be non-nation-state efforts, such as ShadowBrokers.

Technically, deterrence often means the ability to rapidly respond and neutralize offensive cyber tools. Modern technology such as endpoint monitoring, or country-wide network filtering, can provide an effective deterrence effort when provided with input from SIGINT or HUMINT sources that effectively neutralizes potential offensive efforts by our adversaries.