Norwegian government propose access to extended surveillance methods

The Norwegian Government proposed Proposition 68 L (2015-2016) today extending and introducing a wide range of methods for the police to cross the privacy boundry with increased surveillance, including what the Minister of Justice, Progress Party (FrP)'s Anundsen, calls "surveillance closer to the soul".

The possibility to perform telecommunications control in Norway has history back to 1915, however was limited to cases involving national security until 1976. Starting in 1915 the surveillance was restricted to post and telegraph but telephone surveillance was added in December 1950. Now in 2016 the government wants to extend the scope to:

  • "Data reading" is introduced as a term giving the police access to hacking into computers, including adding keyloggers (physical or virtual)
  • Possibility to send silent SMSes to generate telephone traffic. The Norwegian police has already been wildly criticized for illegally using IMSI catchers across, in particular, Oslo in violation with court order and registration requirements. A silent SMS is a message that is not displayed by the phone, but the generated traffic will increase the verbosity information that can be apprehended by the police when the phone company is compelled to turn over data.
  • Take control over email accounts without a court order to ease access to information early in an investigation
  • Physically bug (microphone) private rooms without an actual crime having been committed as a preventive measure.

"Closer to the soul", indeed; if you don't already see the resemblance to Minority Report (2002) you likely want to make it your weekend movie pick. IMDB summarize the Spielberg movie as "In a future where a special police unit is able to arrest murderers before they commit their crimes, an officer from that unit is himself accused of a future murder"

Anundsen argues that you don't get any more access to an individual's thoughts from monitoring what is typed on a computer and potentially never sent, than you get by physically taking control over the person's diaries. Without going into how wrong that argument sounds to begin with, there is of course a difference of awareness of the police physically getting access to a person's diaries or just silently monitoring in the background while the person were to be writing in the diary without knowledge of the police presence.

This adds to a long line of police requests for increased access to information across the globe. Senators in USA wants a new bill to impose fines if operators don't willingly help attacking their own products and Obama is ever reducing security, this time by increasing the scope of use of data collected.

So what can you do to protect yourself in a society where everyone around you is increasingly becoming your enemy? Arstechnica had an interesting post recently titled "Most software already has a 'golden key' backdoor: the system update". If you can't trust the operative system and hardware providers you're lost to begin with. Bill Gates expresses his view on personal information access asIt is no different than [the question of] should anybody ever have been able to tell the phone company to get information, should anybody be able to get at bank records,” Gates said. “There’s no difference between information.” He offered this analogy: “Let’s say the bank had tied a ribbon round the disk drive and said, ‘Don’t make me cut this ribbon because you’ll make me cut it many times.’

So you need a software stack that you can trust, and likely want to audit the source code of, or if using binary builds at least a system that use reproducible builds.

With a relatively trusted software stack, and monitoring any update activity, while making sure that you do update for security issues immediately, of course, the added complexity of encrypted and digitally signed emails comes into question. Personally I quite prefer OpenPGP using the GnuPG implementation, and with the way the world continues to develop I'm tempted to refuse to answer emails from people that sends me emails that aren't following proper email etiquette and are properly signed and encrypted. Phone calls and SMS messages I prefer not to get or take to begin with (we haven't even discussed SS7 in this post). Naturally private keys should only be stored on smart cards and data expected to be sensitive only read on airgapped systems.

It is also curious that Norway is following China in its privacy activity by this act.

OpenPGP Certificates can not be deleted from keyservers

Due to my involvement in sks-keyservers.net I frequently get questions on whether I can remove OpenPGP certificates from the keyservers.

TL;DR; Removal of OpenPGP certificates from a keyserver is not possible.

To start off with, the OpenPGP keyserver network consists of more than 150 keyservers reconciliating their database between the peers. Even if I could delete it from some servers I operate it will be re-added on next re-synchronization with the other servers unless done in a coordinated fashion of all the keyservers in the network, i.e. virtually impossible.

The correct way to flag a key as not being used is revocation.
Revocation require access to the private key or a revocation
certificate generated while having access to the private key; gnupg 2.1 automatically generates revocation certificates when a key is generated for this purpose and places it in ${GNUPGHOME}/openpgp-revocs.d.

Data is by design never removed from keyservers, much like it stays around in a blockchain. One should never validate a public keyblock based solely on email address in UID on a keyserver; But before using a public keyblock it needs proper due diligence verifying inter alia fingerprint, creation type, key algorithm, with the perceived owner of the keyblock out of band before signing (cerifying) and using it as a trusted channel. That several certificates exists for a single email address is, from a cryptographic and security point of view irrelevant, as it is only applicable as a potential issue if people don't follow proper procedure for due diligence.

To make the story even longer;  even if it was technically possible the social protocol is missing. Speaking more generally, there might've been two (or more) people sharing the same name, and email addresses change over time, if the previous user deleted his email, it wouldn't make the certificate any less valid that someone else take over the email address, and if someone could remove the data it would require ways to verify the authentication of the request. Additionally it could make the keyserver operators viable to certain legal liability if incorrectly deleting a key allowing it to be replaced by a MITM cert.

I love free software but I love you more

The Free Software Foundation Europe is running its campaign once again this year, and I quote:

In the Free Software society we exchange a lot of criticism. We write bug reports, tell others how they can improve the software, ask them for new features, and generally are not shy about criticising others. There is nothing wrong about that. It helps us to constantly improve. But sometimes we forget to show the hardworking people behind the software our appreciation. We should not underestimate the power of a simple "thank you" to motivate Free Software contributors in their important work for society. The 14th of February (a Sunday this year) is the ideal day to do that.

As part of this campaign the FSFE's FOSDEM stand allowed for sending postcards to projects that matters to users.

This year Gentoo received a post card supporting the future development, I love free software, ... but I love you more:

01_front

With a nicely thank you note hand-written on the back:

02_back

"Thank you for such a powerful and flexible system"

Next year we hope to receive even more postcards, but thank you very much for the one we received this year 🙂

On another note, Gentoo was interviewed during FOSDEM and the recording is available at HPR with Gentoo starting about 1:56:40.