[Bradford] Search engine: StartPage

Mon Jul 8 17:30:57 UTC 2013

Just FYI I spoke to a staff member in George Galloways office and he asked if we'd be able to put together some way that they can talk to us about the technical aspects of Prism, I'm too busy to lead on it but if someone would like to I'd be happy to arrange setting up a meeting.

Essentially it'd be nice to be able to provide George with some real technical facts so that he can turn it into political spin.

Regards

J
________________________________________
From: bradford-bounces at mailman.lug.org.uk [bradford-bounces at mailman.lug.org.uk] on behalf of Robert Burrell Donkin [robertburrelldonkin at gmail.com]
Sent: 06 July 2013 17:02
To: BradLUG
Subject: Re: [Bradford] Search engine: StartPage

On Fri, Jul 5, 2013 at 10:33 PM, Alice Kaerast <alice at kaerast.info> wrote:

<snip>

> The NSA have had access to not just the companies explicitly named in the
> Prism leaks, but core routers around the world.  We know that this includes
> China, I haven't been following closely enough recently to know if it
> includes Europe.

The raptor stuff in the late 90's is consistent with British engineers
handling the European theatre.

The special relationship is best understood as a continuation of the
wartime cooperation which won two wars (one hot, one cold). Hence,
spheres of responsibility are likely (yet again, old dogs etc). So, it
is reasonable to expect that the Brits would get Europe, the Aussies
south-east asia outside China and the US+Canadian the rest of the
world. Of course, given the turf-wars amongst US agencies and
distrust, I would also expect that the US also conducted
extra-curricula activities and black ops to reassure themselves that
none of the others were playing a double game...

> Snowden claims that good security still can't be broken by
> the NSA, but we don't know if that includes SSL.Startpage.com use SSL, but
> only 128-bit encryption, the certificate is only 2048 bit

These are almost certainly too low to avoid being cracked if the NSA
has reason to target you. Probably strong enough to avoid being broken
routinely (unless the key is within one of the islands of weakness).
However (after the British debacles in the 20s) the NSA is almost
certainly not going to supply intelligence to law enforcement or
politicians that show they can break the current encryption standards
out there. The same goes for the Brits and the Chinese.

The danger lies in public exposure of current operational capacities
by well meaning leaks.

Were this to happen, the inmates that run this asylum would have no
excuses left for failing to pander to bigotry, vested interests and
dirty money. The French have already tried this approach when they
banned strong (by which they mean laughably weak) crypto. But people
on the internet just said 'Stuff that for a game of Soldiers" and
ignored the law. Turned out their police had better things to do than
arresting everyone who used a computer...

Were the public exposure scenario to play out, then I expect that
everyone would just step up to 9k certs and 2k session keys. The NSA
would then deploy improved cracking methods without telling the
politicians. And the good old game would begin again, just a little
wiser and dirtier than last time...

Lots of fun :-)

Robert

_______________________________________________
Bradford mailing list
Bradford at mailman.lug.org.uk
https://mailman.lug.org.uk/mailman/listinfo/bradford
This email and its attachments may be confidential and are intended solely for the use of the individual to whom it is addressed. Any views or opinions expressed are solely those of the author and do not necessarily represent those of the organisation from which this email originated. If you are not the intended recipient of this email and its attachments, you must take no action based upon them, nor must you copy or show them to anyone. Please contact the sender if you believe you have received this email in error. This email was sent by School Email - Safe Webmail and Hosted Email for Schools