Kryptos – Just something else for pigeons to shit on in Langley, or is it?
In our current age of COVID-19, telework is all the rage. I myself love it, since otherwise I would be driving a minimum of 100 miles round-trip every fucking day to work and back, scare shitless most of the time, especially on the beltway at oh-dark-thirty; hangovers never help there, either. It sucks when all of your life decisions are driven by the magnitude and timing of your commute. So, in a sense this curre nt situation has been great in confirming what I already knew was true, and I am never going back to doing that shit on a full-time basis. Now, I can get a good night’s sleep, awake at a decent hour, feed my cats, sit down at the computer with a clear head in a T-Shirt and my Tommy John’s, and am immediately effective.
The problem is that us so-called IC professionals have to ply our trade in SCIFS on TS systems, hermetically sealed. Today it reeks of being a stupid way to make a living. After 40 years in the business, I know that there are some things that have to be protected, to the point of using deadly force to defend them, but a lot of other security rituals we undergo are either habit, or driven upon us by nameless and faceless individuals who make it their job to ensure that their life-style is maintained to the inconvenience of the rest of us other-wise responsible adults who know how to use and protect said secrets worth defending.
When I started my puny SDVOSB back in 2010, I applied for a DD-254 and got certified for TS storage at home, as long as I had a GSA-certified container. The inspector who came to review my paperwork and do the home inspection told me that he had seen several instances where senior government and other spooky folks had installed the then DIS-approved private SCIFs in their houses. Most of those were closet-sized since you still had to comply with SCIF construction standards, double locks, outside motion detectors, and some modicum of Tempest or white-noise shielding for electronics that were not in a basement. People who had TS circuits in their houses used dial-up modems with crypto keys. I can’t remember who it was now but someone I knew had bought a house over on Capitol Hill from the widow of a former NSC staff guy, and discovered that he had
a SCIF in his basement.
RAF Rheindahlen – Because I know You are tired of pictures of Key West
When I was in Key West and later on at JIEDDO, I was working with a commercial company who had developed ICW JHU/APL a bit-level encryption program that protected both data at rest and in motion – theoretically unbreakable until the projected end of the universe – and it was not quantum encryption. Its secret sauce ran on normal PC and laptop technology at room temperature – like PGP but on steroids and a whole lot easier to use; allowing you to send/receive, work on, keep and store TS info on your home laptop. This was not a bulk-level encryption algorithm like AES-256, Triple DES, Rheindahlen (nefarious namesake pictured above), and/or Diffie Hellman, but one that used network theory and an M-n sequence to disassemble the data into 8-bits, and then send them along with the accompanying disassembled key bits on different pathways to be re-assembled at the other end. You could recover all of the data with even some missing bits – and it all happened automatically. A man-in-the-middle attack might get one or two bits, but not enough to be able to recover the entire algorithm. Data stored was similarly impregnable. The company was paired up with another large commercial service provider trying to bring their technology to market in the financial industry – they’ve had mixed results, mostly because the telecoms are still fighting their loss of control of the metering and taxing of volumes of data traffic, imposed by current crypto algorithm standards – just try to encipher the byzantine “Net-Neutrality” arguments. I had learned a little bit about that at a place that Dick Nixon once called “The Kremlin on the Charles.” Both Vic and I share those stigmata.
Not Exactly a Liberal Disquisition, but Pretty Damn Close
Lawrence Lessig was part of the adjunct faculty at Harvard Law, along with an iconoclastic and utterly entertaining PhD genius named Jonathan Zittrain, who when I was there in 1999-2000 was offering a ground-breaking 2-L and 3-L elective course called “Internet & Society: The Politics of Control.” Jonathan had gotten himself a generous grant and established the Berkman Klein Center for Internet & Society, of which his chief henchman at the time was Lawrence, and also amongst various co-conspirators included John Perry Barlow of the Electronic Frontier Foundation (and also a lyricist for Jerry Garcia and the Grateful Dead).[1] It was Barlow who more than two decades ago publically iterated the Declaration of Independence for Cyberspace (and by abstraction the Internet) to wit:
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind.
On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”
There’s more to it, and it’s worth reading about. Lawrence had just published his book, and I went to the party and got a signed copy. Harvard then was a pretty innervating place to be, and I did remember some of the things I learned there – I just had to wait for the right time to apply them.
The day I retired from the Navy, it was a monsoon. I later got a call from my contractor CEO friend that we had gotten a $2M grant from the HASC via an earmark courtesy of Duncan Hunter (the company was in his district in CA) to run a pilot program at JIATF-South using DEA LES and FOUO data as proof of concept. I had former employees who had had to move out of Key West lined up in places like Tennessee and Oklahoma to come back to work for us as contractors using the technology. However, it had taken too long to run through the permissions gamut and the whole concept died the day I walked out the door – SOUTHCOM objected to us getting extra money and conspired with DASD (CN) to steal it to use for some other stupid-shit ideas that they had – and we couldn’t do a damn thing about it.
About six months later, we were in high gear at JIEDDO building out our counter-IED network and deploying our own version of in-house developed analytical tools to sites around the planet. In addition to installing a rack of specialized gear and large data storage, we also bought with us high-speed network connectivity. The problem of course, was physics, and the limitations of bulk encryption standards and optical switching at the time meant that we were spending a lot of money transmitting fluff, and doing it on stacks of encryption devices – at great cost. So there I was looking at paying a hideous nine-figure telecommunications bill, and then the light came on – how about we use a national emergency as an excuse to see if we can get that cool-shit in-stream encryption program on our network so we don’t have to pay out of the tax-payer’s asses to switch tons of extraneous padded data, eliminating some very costly and unwieldy crypto devices, and get on with the future?
I talked with my then boss M4 and the other technology experts we had, and they were interested, so we had a meeting with the contractors and got their technology demo, and then M4 called A4, and told him that he needed to see this now. He sent one of his crypto gurus for a meeting, and agreed that they would run some independent V&V on it, which three months later came back aces and confirmed all of the claims of the technology – it worked as advertised. But, the inertia of the security system meant that not much else happened on the government side, and the bulk encryption crypto Nazis and national security hero ISPs were able to maintain their evil empire by strangling that pretty baby in the womb.
So it can be done, but maybe even less onerously these days given the spread of VMWare – printers and other peripheral devices will still be a problem. I’ve got me some guns to solve the physical security issues. So, the tech exists and nowadays probably is even better than ever – it is the culture that resists change, and as I learned at Harvard more than 20 years ago, it is all about control. Sound familiar these days in the new age of telework?
I remain your humble servant.
[1]Jonathan is still there at HLS doing the voodoo that he do, after having spent several years over at Oxford padding his resumé.
Copyright 2020 Point Loma
http://www.vicsocotra.com
Point Loma: Telework
Kryptos – Just something else for pigeons to shit on in Langley, or is it?
In our current age of COVID-19, telework is all the rage. I myself love it, since otherwise I would be driving a minimum of 100 miles round-trip every fucking day to work and back, scare shitless most of the time, especially on the beltway at oh-dark-thirty; hangovers never help there, either. It sucks when all of your life decisions are driven by the magnitude and timing of your commute. So, in a sense this curre nt situation has been great in confirming what I already knew was true, and I am never going back to doing that shit on a full-time basis. Now, I can get a good night’s sleep, awake at a decent hour, feed my cats, sit down at the computer with a clear head in a T-Shirt and my Tommy John’s, and am immediately effective.
The problem is that us so-called IC professionals have to ply our trade in SCIFS on TS systems, hermetically sealed. Today it reeks of being a stupid way to make a living. After 40 years in the business, I know that there are some things that have to be protected, to the point of using deadly force to defend them, but a lot of other security rituals we undergo are either habit, or driven upon us by nameless and faceless individuals who make it their job to ensure that their life-style is maintained to the inconvenience of the rest of us other-wise responsible adults who know how to use and protect said secrets worth defending.
When I started my puny SDVOSB back in 2010, I applied for a DD-254 and got certified for TS storage at home, as long as I had a GSA-certified container. The inspector who came to review my paperwork and do the home inspection told me that he had seen several instances where senior government and other spooky folks had installed the then DIS-approved private SCIFs in their houses. Most of those were closet-sized since you still had to comply with SCIF construction standards, double locks, outside motion detectors, and some modicum of Tempest or white-noise shielding for electronics that were not in a basement. People who had TS circuits in their houses used dial-up modems with crypto keys. I can’t remember who it was now but someone I knew had bought a house over on Capitol Hill from the widow of a former NSC staff guy, and discovered that he had
a SCIF in his basement.
RAF Rheindahlen – Because I know You are tired of pictures of Key West
When I was in Key West and later on at JIEDDO, I was working with a commercial company who had developed ICW JHU/APL a bit-level encryption program that protected both data at rest and in motion – theoretically unbreakable until the projected end of the universe – and it was not quantum encryption. Its secret sauce ran on normal PC and laptop technology at room temperature – like PGP but on steroids and a whole lot easier to use; allowing you to send/receive, work on, keep and store TS info on your home laptop. This was not a bulk-level encryption algorithm like AES-256, Triple DES, Rheindahlen (nefarious namesake pictured above), and/or Diffie Hellman, but one that used network theory and an M-n sequence to disassemble the data into 8-bits, and then send them along with the accompanying disassembled key bits on different pathways to be re-assembled at the other end. You could recover all of the data with even some missing bits – and it all happened automatically. A man-in-the-middle attack might get one or two bits, but not enough to be able to recover the entire algorithm. Data stored was similarly impregnable. The company was paired up with another large commercial service provider trying to bring their technology to market in the financial industry – they’ve had mixed results, mostly because the telecoms are still fighting their loss of control of the metering and taxing of volumes of data traffic, imposed by current crypto algorithm standards – just try to encipher the byzantine “Net-Neutrality” arguments. I had learned a little bit about that at a place that Dick Nixon once called “The Kremlin on the Charles.” Both Vic and I share those stigmata.
Not Exactly a Liberal Disquisition, but Pretty Damn Close
Lawrence Lessig was part of the adjunct faculty at Harvard Law, along with an iconoclastic and utterly entertaining PhD genius named Jonathan Zittrain, who when I was there in 1999-2000 was offering a ground-breaking 2-L and 3-L elective course called “Internet & Society: The Politics of Control.” Jonathan had gotten himself a generous grant and established the Berkman Klein Center for Internet & Society, of which his chief henchman at the time was Lawrence, and also amongst various co-conspirators included John Perry Barlow of the Electronic Frontier Foundation (and also a lyricist for Jerry Garcia and the Grateful Dead).[1] It was Barlow who more than two decades ago publically iterated the Declaration of Independence for Cyberspace (and by abstraction the Internet) to wit:
“Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind.
On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.”
There’s more to it, and it’s worth reading about. Lawrence had just published his book, and I went to the party and got a signed copy. Harvard then was a pretty innervating place to be, and I did remember some of the things I learned there – I just had to wait for the right time to apply them.
The day I retired from the Navy, it was a monsoon. I later got a call from my contractor CEO friend that we had gotten a $2M grant from the HASC via an earmark courtesy of Duncan Hunter (the company was in his district in CA) to run a pilot program at JIATF-South using DEA LES and FOUO data as proof of concept. I had former employees who had had to move out of Key West lined up in places like Tennessee and Oklahoma to come back to work for us as contractors using the technology. However, it had taken too long to run through the permissions gamut and the whole concept died the day I walked out the door – SOUTHCOM objected to us getting extra money and conspired with DASD (CN) to steal it to use for some other stupid-shit ideas that they had – and we couldn’t do a damn thing about it.
About six months later, we were in high gear at JIEDDO building out our counter-IED network and deploying our own version of in-house developed analytical tools to sites around the planet. In addition to installing a rack of specialized gear and large data storage, we also bought with us high-speed network connectivity. The problem of course, was physics, and the limitations of bulk encryption standards and optical switching at the time meant that we were spending a lot of money transmitting fluff, and doing it on stacks of encryption devices – at great cost. So there I was looking at paying a hideous nine-figure telecommunications bill, and then the light came on – how about we use a national emergency as an excuse to see if we can get that cool-shit in-stream encryption program on our network so we don’t have to pay out of the tax-payer’s asses to switch tons of extraneous padded data, eliminating some very costly and unwieldy crypto devices, and get on with the future?
I talked with my then boss M4 and the other technology experts we had, and they were interested, so we had a meeting with the contractors and got their technology demo, and then M4 called A4, and told him that he needed to see this now. He sent one of his crypto gurus for a meeting, and agreed that they would run some independent V&V on it, which three months later came back aces and confirmed all of the claims of the technology – it worked as advertised. But, the inertia of the security system meant that not much else happened on the government side, and the bulk encryption crypto Nazis and national security hero ISPs were able to maintain their evil empire by strangling that pretty baby in the womb.
So it can be done, but maybe even less onerously these days given the spread of VMWare – printers and other peripheral devices will still be a problem. I’ve got me some guns to solve the physical security issues. So, the tech exists and nowadays probably is even better than ever – it is the culture that resists change, and as I learned at Harvard more than 20 years ago, it is all about control. Sound familiar these days in the new age of telework?
I remain your humble servant.
[1]Jonathan is still there at HLS doing the voodoo that he do, after having spent several years over at Oxford padding his resumé.
Copyright 2020 Point Loma
http://www.vicsocotra.com