[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] HR4681 Sec 309 communication privacy legislation

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] HR4681 Sec 309 communication privacy legislation
From: Mirimir <mirimir@xxxxxxxxxx>
Date: Sun, 14 Dec 2014 19:57:28 -0700
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sun, 14 Dec 2014 21:57:46 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/simple; d=riseup.net; s=squak; t=1418612254; bh=QEd7zTWt5Oxe5ITtxa4VEO04sVTczct1lw3fWc86R4o=; h=Date:From:To:Subject:References:In-Reply-To:From; b=d/wLS+h5CI+L0hKwrbXO4HrwURwKQQFJM5qV5PKL+khzctCHxcGw4XK9VNVnmLBpT bsgPhN9GV+EN+F3jxu6Ax4N/+pyT2zsdXo1QdT56+PFRwlF75nUG9PEa0eXSZl7lhP WHyV8836N0Hw/jqLJYb9Q+dWfaLzuuZf8EVflLlg=
In-reply-to: <COL131-W890F2621434CED49DF8306AB6E0@xxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <COL131-W890F2621434CED49DF8306AB6E0@xxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0

On 12/14/2014 10:39 AM, Tim Mitchell wrote:
> Morning all,
> 
> 
> If no one has yet seen Section 309 of US HR4681, it contains
> some very dubious language that sounds like it is legalizing
> indefinite government retention of encrypted communications.
> The text is as follows (Section 309.b.3.B.iii):
> 
> (B) Limitation on retention.--A covered communication shall 
>  not be retained in excess of 5 years, unless--
> .... 
> (iii) the communication is enciphered or reasonably 
>  believed to have a secret meaning;

Based on Snowden releases, this is SOP. And in any case, it's clear that
the NSA ignores civil law, given that the US is at war. Always. Forever.

> This might be going out on a limb here, but "enciphered"
> and "reasonably believed to have a secret meaning" could easily
> be interpreted to apply to any and all encrypted Internet
> traffic, including Tor.

We know from Snowden releases that they retain as much intercepted
traffic as they can, for as long as they can. There's recursive triage,
based on context, occurrence of keywords in metadata and content,
flagging by analysts, and so on. Over time, less-interesting content
gets decrufted and chunked, and eventually deleted. But metadata is
retained indefinitely.

For encrypted (aka enciphered) intercepts, there's no readily
interpretable content. So triage must be based primarily on metadata and
context. And it's arguable that encrypted intercepts of particular
interest (from Tor and other anonymity networks, VPN services, extremist
websites, and so on) are retained indefinitely.

> I'd be curious as to what experts in this area think about this,
> and how to go about raising awareness if this is indeed as
> serious as it sounds to me.

Tor traffic among clients and relays is encrypted with perfect forward
secrecy, so retention is not a very serious threat. Each chunk of data
is encrypted with a different session key, and so is a separate puzzle.
Learning a particular Tor relay's private key does allow an adversary to
impersonate the relay. But it doesn't compromise prior traffic through
that relay.

> Full text of the bill can be found here:
> https://www.congress.gov/bill/113th-congress/house-bill/4681
> 
> 
> 
> Thanks,
> Tim

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

Follow-Ups:
- Re: [tor-talk] HR4681 Sec 309 communication privacy legislation
  - From: ITechGeek

References:
- [tor-talk] HR4681 Sec 309 communication privacy legislation
  - From: Tim Mitchell

Prev by Author: Re: [tor-talk] Tor and solidarity against online harassment
Next by Author: Re: [tor-talk] Tor and solidarity against online harassment
Previous by thread: Re: [tor-talk] HR4681 Sec 309 communication privacy legislation
Next by thread: Re: [tor-talk] HR4681 Sec 309 communication privacy legislation
Index(es):
- Author
- Thread