The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 52

Wednesday 9 October 2013


Let's Build a More Secure Internet
Eli Dourado via Matthew Kruk
CMU Researchers Claim To Have Created Messaging App Even NSA Can't Crack
Geoff Goodfellow
NSA data center 'meltdowns' force year-long delay
James Niccolai via Paul Saffo
Hundreds of US companies make false Data Protection claims
Nikolaj Nielsen via Peter Houppermans
Re: Lowering Your Standards: DRM and the Future of the W3C
Jeff Jonas
Info on RISKS (comp.risks)

Let's Build a More Secure Internet (Eli Dourado)

"Matthew Kruk" <>
Wed, 9 Oct 2013 01:29:42 -0600
Eli Dourado, *The New York Times*, 8 Oct 2013
Can we ever trust the Internet again?

In the wake of the disclosures about the National Security Agency's
surveillance programs, considerable attention has been focused on the
agency's collaboration with companies like Microsoft, Apple and Google,
which according to leaked documents appear to have programmed "back door"
encryption weaknesses into popular consumer products and services like
Hotmail, iPhones and Android phones.

But while such vulnerabilities are worrisome, equally important - and
because of their technical nature, far less widely understood - are the
weaknesses that the N.S.A. seems to have built into the very infrastructure
of the Internet. The agency's "upstream collection" capabilities, programs
with names like Fairview and Blarney, monitor Internet traffic as it passes
through the guts of the system: the cables and routers and switches.

The concern is that even if consumer software companies like Microsoft and
telecommunications companies like AT&T and Verizon stop cooperating with the
N.S.A., your online security will remain compromised as long as the agency
can still take advantage of weaknesses in the Internet itself.

Fortunately, there is something we can do: encourage the development of an
"open hardware" movement - an extension of the open-source movement that has
led to software products like the Mozilla browser and the Linux operating

The open-source movement champions an approach to product development in
which there is universal access to a blueprint, as well as universal ability
to modify and redistribute the blueprint. Wikipedia is perhaps the
best-known example of a product inspired by the movement. Open-source
advocates typically emphasize two kinds of freedom that their products
afford: they are available free of charge, and they can be used and
manipulated free of restrictions.

But there is a third kind of freedom inherent in open-source systems: the
freedom to audit. With open-source software, independent security experts
can scrutinize the code for vulnerabilities - whether accidentally or
intentionally introduced. The more auditing by the programming masses, the
better the security. As the open-source software advocate Eric S. Raymond
has put it, "given enough eyeballs, all bugs are shallow."

Perhaps the greatest open-source success story is the Internet itself - at
least its "soft" parts. The Internet's communications protocols and the
software that implements them are collaboratively engineered by loose
networks of programmers working outside the control of any single person,
company or government. The Internet Engineering Task Force, which develops
core Internet protocols, does not even have formal membership and seeks
contributions from developers all over the world.

But the problem is that the physical layer of the Internet's infrastructure
- the hardware that transmits, directs and relays traffic online, as well as
its closely knit software (or "firmware") - is not open-source. It is made
by commercial computing companies like Cisco, Hewlett-Packard and Juniper
Networks according to proprietary designs, and then sold to governments,
universities, private companies and anyone else who wants to set up a

There is reason to be skeptical about the security of these networking
products.  The hardware firms that make them often compete for contracts
with the United States military and presumably face considerable pressure to
maintain good relations with the government. It stands to reason that such
pressure might lead companies to collaborate with the government on
surveillance-related requests.

Because these hardware designs are closed to public scrutiny, it is
relatively easy for surveillance at the Internet's infrastructural level to
go undetected.  To make the Internet less susceptible to mass surveillance,
we need to recreate the physical layer of its infrastructure on the basis of
open-source principles.

At the moment, the open hardware movement is limited mostly to hobbyists -
engineers who use the Internet to collaboratively build "open" devices like
the RepRap 3D printer. But the Internet community, through a concerted
effort like the one that currently sustains the Internet's software
architecture, could also develop open-source, Internet-grade
hardware. Governments like Brazil's that have forsworn further involvement
with American Internet companies could adopt such nonproprietary equipment
designs and have them manufactured locally, free from any
N.S.A. interference.

The result would be Internet infrastructure, both hardware and software,
that was 100 percent open and auditable.

But never, of course, 100 percent secure. The N.S.A. could still try to
exploit the Internet's open hardware. And of course, open hardware would do
little to prevent the government from reading e-mail if it still had the
cooperation of companies like Microsoft or Google. Open hardware is not a

Still, open hardware would at a minimum make the N.S.A.'s Internet
surveillance efforts more difficult and less effective. And it would
increase the difficulty of surveillance not just for the N.S.A. but also for
foreign governments that might otherwise piggyback on N.S.A.-introduced
security vulnerabilities.

A 100 percent open-infrastructure Internet - a trustworthy Internet - would
be an important step in the empowerment of individuals against their
governments the world over.

Eli Dourado is a research fellow with the technology policy program at the
Mercatus Center at George Mason University.

  [It is delightful that the author's name conjures up the image of El
  Dorado (by slightly disemvowling it), with visions of a golden view of the
  Internet of the future:

     El Dorado in Webster's: Spanish, literally, the gilded one
        1 : a city or country of fabulous riches held by 16th century
            explorers to exist in So. America
        2 : a place of fabulous wealth or opportunity

  The open-source aspect of Eli's article is very refreshing.  However, in
  light of the reality that today there is no adequate security in the
  servers, switches, and even local hosts attached to the Intenet, and that
  NSA could have had secret backdoors implanted in everything, we have a
  very long way to go before the Internet and all of its attached systems
  might be considered adequately trustworthy.  PGN]

CMU Researchers Claim To Have Created Messaging App Even NSA Can't Crack

<*the keyboard of geoff goodfellow*>
Tuesday, October 8, 2013
Carnegie Mellon University researchers claim they have created a smartphone
messaging app with security that not even the National Security Agency can
break.  The app is called SafeSlinger, and is free on the iTunes store, and
Google play store for Android phones.  Researchers say the app uses a
passphrase that only the user, and the other party can know.  They claim
messages cannot be read by a cellular carrier, Internet-provider, employer,
or anyone else.

The setup takes a few minutes, with the user answering security questions
generated by the app that help it generate encryption and authorization
credentials.  The app then works just like a regular messaging app.

In a press release from CMU's CyLab, programmer Michael W. Farb said, “the
most important feature is that SafeSlinger provides secure messaging and
file transfer without trusting the phone company or any device other than my
own smartphone.''

  [Of course, it is not just that the app might be nonbreakable.  Note
  carefully that the last sentence above implies that you have to trust your
  own smartphone—even if it is fundamentally untrustworthy.  In addition,
  don't forget that the underlying smartphone hardware and software may not
  be impervious to insider misuse, outsider attacks, and so on, irrespective
  of what the app does.  Also, `unbreakable' might ignore denial-of-service
  attacks, electromagnetic interference and emanations, and much more.
  However, the old adage that NOTHING is unbreakable (unless it is actually
  NOTHING!) makes this sound suspiciously like hype, especially when claimed
  with respect to defending against the aggregated abilities of the NSA and
  all sorts of other people with significant experience in breaking
  supposedly secure systems.  Just a thought from the RISKS perspective.

NSA data center 'meltdowns' force year-long delay (James Niccolai)

Paul Saffo <>
Wed, 09 Oct 2013 09:09:18 -0700
James Niccolai, *ComputerWorld*, 8 Oct 2013
Giant new Utah facility has been dogged by electrical problems, a report

IDG News Service - A massive data center being built by the National
Security Agency in Utah has been plagued by "chronic electrical surges" that
have destroyed equipment and delayed its opening for a year, according to a
report Monday.

The facility has suffered 10 "meltdowns" in the past 13 months that
destroyed hundreds of thousands of dollars' worth of machinery, The Wall
Street Journal reported Monday, citing project documents and unnamed

The data center is expected to be the NSA's main facility for storing,
decrypting and analyzing the vast amounts of data it collects through its
surveillance programs. Those programs have been under scrutiny since the
disclosures about Prism and other data collection efforts earlier this year.

The data center has cost a reported $1.4 billion excluding the computing
equipment inside, and covers more than a million square feet.

Data centers can consume huge amounts of power, partly for the compute gear
but also for cooling equipment that keeps the computers from overheating.

The NSA facility, located 30 miles south of Salt Lake City in a town called
Bluffdale, continuously uses 65 megawatts of electricity—enough to power
a small city—at a cost of more than $1 million a month, the Journal

The electrical problems, known as arc fault failures, create "fiery
explosions, melt metal and cause circuits to fail," one official told the

"Documents and interviews paint a picture of a project that cut corners to
speed building," the Journal said. Backup generators have failed several
times and the cooling system has yet to be tested, according to the

An NSA spokeswoman told the Journal that "the failures that occurred during
testing have been mitigated." But the Journal said there is disagreement
about the cause of the problems and whether proposed fixes will work.

The NSA planned to turn on some of the computers at the facility this week,
the Journal reported.

James Niccolai covers data centers and general technology news for IDG News
Service. Follow James on Twitter at @jniccolai. James's e-mail address is

Hundreds of US companies make false Data Protection claims (Nikolaj Nielsen)

Peter Houppermans <>
Wed, 09 Oct 2013 15:11:59 +0200
Nikolaj Nielsen, EU Observer

"STRASBOURG - Hundreds of US-based companies handling EU citizens' data have
lied about belonging to a data protection arrangement known as the Safe
Harbour Framework. Christopher Connolly, a director at Galexia, an
Australian-based consulting company on Internet law and privacy, told the
European Parliament's civil liberties committee on Monday (7 October)
that “many claims of Safe Harbour membership are false.''

  Well, duh.  Colour me surprised, knowing that Safe Harbo(u)r certification
  relies on .. (wait for it) .. SELF assessment.  No conflict of interest
  there, clearly...

Re: Lowering Your Standards: DRM and the Future of the W3C (R 27 51)

Jeff Jonas <>
Wed, 9 Oct 2013 01:28:20 -0400 (EDT)
> the W3C's pragmatists say, no worse than the current environment where
> Silverlight and Flash serve the purpose of preventing unauthorized
> behavior.

Despite being a Linux & Unix advocate, I run Windows 7 on my netbook mostly
because it's a standard platform upon which way too many desired, required
or useful programs exist.

Despite that, I can't count the number of times Flash or Silverlight have
crashed.  "preventing unauthorized behavior" seems to mean preventing
running reliably.  As an engineer and programmer, I'm ashamed that we're
relying on such an unreliable infrastructure for the future of all
communications, commerce and education.

Here's a simple way to kill the addition: add a mandatory performance,
stability & reliability clause, as tested on a reasonable platform of
existing systems (so it's not used as an excuse for planned obsolescence of
hardware and/or software).

That also gives me insight as to why M$ was advocating using Windows 8
embedded on everything.  It's not just for total vertical marketing (M$
products from the server to the middleware to the mobile device) but for
Silverlight to display "protected content" and further lock users into the
proprietary service provider.  Since I'm not a M$ zombie, I didn't catch
that nuance during the presentation.  But then again, M$ events aren't for
anyone with a clue about competing products or technologies.

Please report problems with the web pages to the maintainer