Dear +NSA, I hope you are listening, for onceDaesh may be using the social media equivalent of spread spectrum communications, plus old style obscuring codes
Hedi Lamarr, more famous for her acting, invented a way for signals to jump from bandwidth to bandwidth so as to be virtually untraceable by a hostile party in real time.
We use spread spectrum theory for our cell phones today. It's just practical to find clear channels.
But ponder for a moment a slow, metaphorical social media equivalent. You are trying to evade the greatest eavesdropper in the world. How do you do it? I have been thinking about this for months, but Paris brings it to a head.
The first thing that got me thinking was a seminal technical paper in Tor's development, "Anonymity Loves Company," by Paul Syversant of the NRL and +Nick Mathewson
of Tor. In this paper, the two talk about, basically, why Tor was given as a gift to the world by the US military.
When the protocol was deployed, it was clear that anyone using it was US military, intelligence, and so on. Rather than protecting assets in the field, it would have marked them as targets. This basically made Tor useless.
So the protocol was open sourced so it would be moderately trusted (no security software can ever be called trusted, and doubly so software with origins in the US military regardless of security researchers vetting the stuff! Even the tin hat community has tin hats).
So Tor was given to the world so we could be chaff -- cover fire -- for the people who first needed it. To be truly anonymous, you must be a face lost in a crowd.
Much more efficient than the dude looking suspicious in the back alley, dressed as a bat. ;) People just ache to catch him and reveal his secret identity. Don't be that guy.
So, this is true for Tor in the age of encryption, but say we are moving into a new phase, the phase of phase shifted social media.
What if the most effective way to avoid detection is to communicate nearly everything harmlessly in the clear, and then -- laser fine -- use encryption for the quickest, most critical small packets of info, perhaps encoded in the image noise of baby pictures on Facebook (steganography), so no encryption arouses notice across the net.
Until this week, I had been thinking, WTF were Comey and them doing railing against the dangers of encryption. Just this past week, I had postulated they might be on another ill fated clipper chip scheme to license encryption tech, like gun control.
But hey, I can be wrong. I kind of thrive on fog of war scenarios... So I am bound to go off sometimes into speculation.
This essay too? Maybe. But this fits, unlike the other theory which was more "Why are smart people acting so stoned?"
I am often pissed at the IC, because they are paternalistic bastards who want to keep you safe
at the cost of your freedoms for your own good, right? And I find this anti-democratic and lazy, and often likely unconstitutional.
They would tell me that they don't have time for the luxury to educate the public, while they are saving us. Seige mentality. And admittedly, every intel failure, the public ravages them. Because, you know, they are an uneducated public on issues of risk and intel. Oops.
Family dynamics suck.
But now, I think the IC are railing against encryption as misdirection. They want people using encryption at the highest levels, because at the highest levels now, they can not find enemy assets with both hands -- because they are not using encryption. No target painting.
And discouraging encryption use by bozos and script kiddies takes a load off. Win-win, from their POV. It has issues, but at least, thank God, it means they aren't all doing shrooms before going to testify before Congress.
It also explains, perhaps, horribly, the arrest and incarceration of dozens of otherwise blameless American teen Muslims for social media amplification -- "material support of terrorism" -- for decade long sentences for what is cosmetically freedom of speech. Assets headed to some "Paris?" Or not? This must be examined transparently, before the social contract shatters.
But I doubt it's really slowing down Daesh or anyone important, and any advantage can't last. We need to engage the entire engine of security innovation in this, especially
since this arms war is cross disciplinary.
We have target painted ourselves into a corner, but we must enlist the encryption and security community's help, not alienate them further.
Even they can learn to think at the intersection of SIGINT and HUMINT, (many, including Nick, are incredible generalists) and bring great minds to bear on this problem.
I guarantee there's creativity on the other side. We've assassinated all the Daesh/AQI leadership with poor opsec and bad habits in anticipating us. I read Brennan's press releases. So does the world. Like recruitment fliers.