Sunday, November 18, 2012

The General, The Biographer, And Unencrypted Email

By Jon Matonis
Forbes
Tuesday, November 13, 2012

http://www.forbes.com/sites/jonmatonis/2012/11/13/the-general-the-biographer-and-unencrypted-email/

The newest poster couple for encrypted email is General David Petraeus and his ‘embedded’ biographer Paula Broadwell. One of the more curious aspects of this episode is why the nation’s spy chief couldn’t figure out the basics around email cryptography or why a West Point graduate and lieutenant colonel in the U.S. Army Reserves who also worked with the FBI Joint Terrorism Task Force wasn’t aware of Tor for IP masking.

It all started with the trace of an apparently anonymous email sent by Broadwell to Petraeus’ friend Jill Kelley that was traced back to Broadwell’s hotel room at the time via email location metadata. This email was the original message that led to the eventual discovery of the sexually explicit emails between Petraeus and Broadwell.

Obviously for readability reasons this original message could not have been encrypted (also Tor does not provide encryption), but it could have been anonymized as to location and that is precisely what Tor was designed for. Originally a U.S. Navy project for shielding location data and defending against traffic analysis, the Tor Project utilizes a layered router protocol which obfuscates the sender’s IP location. Even a rudimentary VPN (Virtual Private Network) that religiously deleted IP log files and accepted anonymous payments would have been sufficient. Oh well…live and learn.

Beyond that, everyone seems to be asking the obvious question about email encryption, especially in today’s surveillance state. If they can do this to each other, what are they doing to us? But let’s examine how email encryption might have been used under these circumstances and if it would have proven effective.

Assuming that the connection between Petraeus and Broadwell would still have been discovered, what other precautions could they have taken besides the old terrorist trick of sharing a draft version that each party separately logged into?

For starters, the couple could have used stress-tested PGP (Pretty Good Privacy) for point-to-point encrypted email which involves installing a separate piece of client software and the exchanging of public keys. Also, they could have used a simpler web-based OpenPGP-compliant service such as Hushmail, which would have at least protected their historical retained messages provided neither one of them logged on again and made their password vulnerable to a court-ordered java applet spoofing.

So then, are the involved parties safe from anyone discovering the contents of their encrypted messages? Would the investigation have stopped at the discovery of Paula Broadwell as the anonymous email sender? I’m afraid it isn’t as simple as that. Many factors are at play here dealing with individual or third-party data retention policies sometimes beyond your control as well as continued usage of the same private encryption key and password.

Federal agents have many tools in their arsenal, some legal and some not-so-legal. If IP location details were not protected, the linkage could have been established between Petraeus and Broadwell proving at a minimum the existence of some encrypted correspondence. The question is whether or not additional investigative actions beyond that would be warranted, or even approved. At that point, it’s all about the strength of the password and obtaining it either through password cracking or password observation if the password is sufficiently strong.

When law enforcement has the advantage of tracking someone without their knowledge, software and hardware keyloggers can be an effective method to obtain password credentials. Keyloggers come in many forms but they are typically installed between the keyboard and the computer to capture and record a computer user’s keystrokes, including passwords. Hardware keyloggers have an advantage over software keyloggers as they can begin logging from the moment a computer is turned on.

Alternatively, an ultra-small camera can be mounted above usual computer locations, such as an office desk or table. A wireless camera would be able to relay the images of the user typing a password thereby eliminating the necessity of physical re-entry.

Failing that, and failing waterboarding of the suspects, contempt of court charges could be invoked by the government since there is no specific law regarding key disclosure in the United States. One of the parties would first have to be charged with a criminal offense before the government can demand that they surrender their private encryption keys. Relevant case law has revolved around the Fifth Amendment privilege against self-incrimination.

Ironically, the global encrypted communication service Silent Circle just launched last month targeting government and corporate enterprise customers. It was founded by a world-renowned cryptographer and a former U.S. Navy SEAL sniper and communications security expert. I suspect this whole sordid story will made an excellent advertisement for them.

For further reading:
"E-Mail Security in the Wake of Petraeus", Bruce Schneier, November 19, 2012
"Petraeus case triggers concerns about Americans' online privacy", Jessica Guynn, Los Angeles Times, November 15, 2012
"Surveillance and Security Lessons From the Petraeus Scandal", Chris Soghoian, November 13, 2012

No comments:

Post a Comment