Thoughts on GnuPG and automation

Ingo Klöcker kloecker at kde.org
Tue Mar 3 21:24:15 CET 2015


On Tuesday 03 March 2015 19:31:14 Robert J. Hansen wrote:
> > This is definitely public information from the Snowden leaks.  There
> > is also quite a bit of information about other governments doing
> 
> > similar things.  Here's one example article:
> If all encrypted traffic is deemed suspicious, then 99.9999999% of the
> suspicious set -- Amazon transactions, Google searches, SMTP transfers,
> instant messaging, OkCupid profiles, iTunes purchases, and more -- is
> totally clean.  You'd have statistically better odds by arresting random
> people on suspicion of murder.  The policy would be completely
> pants-on-head absurd.

After the recent terrorist attacks in Paris and Brussels some German 
politicians are again arguing that we need Vorratsdatenspeicherung (data 
retention, i.e. storage of all communication meta data for 6 months) in 
Germany to prevent such attacks. Obviously, 99.9999999 % of this data will be 
completely unrelated to terrorist attacks, i.e. totally clean as you put it. 
You'd have statistically better odds by arresting random people on suspicion 
of terror. Still this completely pants-on-head absurd policy will become 
reality if those German politicians get what they want.


> This leads to a different question: "Is it more likely that this is the
> real pants-on-head absurd policy, or that the _Forbes_ journo has
> profoundly misunderstood the subject?"

Well, the Guardian wrote

"However, alongside those provisions [to minimise data collected from US 
persons; I.K.], the Fisa court-approved policies allow the NSA to:

[...]

• Retain and make use of "inadvertently acquired" domestic communications if 
they contain usable intelligence, information on criminal activity, threat of 
harm to people or property, are encrypted, or are believed to contain any 
information relevant to cybersecurity;"

Full article: http://www.theguardian.com/world/2013/jun/20/fisa-court-nsa-without-warrant

Specifically, see Exhibit B, Section 5 (3) a.
http://www.theguardian.com/world/interactive/2013/jun/20/exhibit-b-nsa-procedures-document


Moreover, see the recent article

http://justsecurity.org/19308/congress-latest-rules-long-spies-hold-encrypted-data-familiar/

which claims

"The Intelligence Authorization Act of 2015, which passed Congress this last 
December, should bring the question back to the fore. It established retention 
guidelines for communications collected under Executive Order 12333 and 
included an exception that allows NSA to keep ‘incidentally’ collected 
encrypted communications for an indefinite period of time."


So, you are right, that the articles do not claim that the NSA collects and 
keeps all encrypted communication forever.


Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20150303/e1bb6a30/attachment-0001.sig>


More information about the Gnupg-users mailing list