BACO BACO S.à.r.l. 2007 What do we talk about ? Information warfare is the use and management of information in pursuit of a competitive advantage. It comprises – collecting information, – assurance that one's own information is valid, – spreading of propaganda or disinformation, – undermining the quality of opposing force information, – and denial of information collection opportunities to others.
BACO BACO S.à.r.l. 2007 With friends like this...
BACO BACO S.à.r.l. 2007 ECHELON Australia, Canada, New Zealand, UK and USA operate under th 1948 UKUSA-Agreement to – monitor international telecommunication satellites – INTELSAT, – intercept non - INTELSAT communications, – tap land based or sub-sea communication cables plus microwave communications.
BACO BACO S.à.r.l. 2007 National Security Agency /Central Security Service – NSA/ CSS 60 – 100.000 collaborators world‘s largest employer of mathematicians CSS controls all US Signal Intelligence ( SIGINT ) budget in excess of US $ 30 billion ( 1998 27 billion ) beyond democratic control Fort Meade, Maryland, USA
BACO BACO S.à.r.l. 2007 ECHELON Report On Sept. 05th, 2001, G. Schmid, rapporteur of the Temporary Committee on the ECHELON Interception System, presented his report to the European Parliament. „The existence of a global system for intercepting communications, operated by) the USA, the UK, Canada, Australia and New Zealand under the UKUSA Agreement, is no longer in doubt.“
BACO BACO S.à.r.l. 2007 ECHELON Site Misawa, Japan
BACO BACO S.à.r.l. 2007
BACO BACO S.à.r.l. 2007 FAPSI Federalnoje Agenstwo Prawitelstwennoj Swjasi i Informazij tasked, inter alia, with economic-technological espionage ground-stations only in CIS, except Socotra Island, Yemen SIGINT aircraft ( four outside-CIS bases ) and ships service provider to western industry
BACO BACO S.à.r.l. 2007 FAPSI
BACO BACO S.à.r.l. 2007 DGSE Direction Générale de la Sécurité Extérieure operates nine SIGINT stations in mainland France stations in Djibouti, la Réunion, Kourou, Nouvelle-Calédonie, United Arab Emirates (?) Co-operates with the Bundesnachrichtendienst HELIOS Photo & SIGINT satellites
BACO BACO S.à.r.l. 2007 DGSE Domme, Périgord
BACO BACO S.à.r.l. 2007 ONYX The Swiss COMINT system ONYX is run by the Ministry of Defence in: – Heimenschwand – Leuk – Zimmerwald ( Operations Centre ) for broad surveillance of military and civilian communications ( downlinks of INTELSAT, INMARSAT, EUTELSAT, PANAMSAT, ARABSAT, GORIZONT )
BACO BACO S.à.r.l. 2007 ONYX Sites VERESTAR in Leuk
BACO BACO S.à.r.l. 2007 The Solution To protect information we need national cryptology solutions not under control of the “big spy nations”. Is this really the solution ? If yes, how far ?
BACO BACO S.à.r.l. 2007 Export Controls The Waasenaar Arrangement of 1995, to which Luxembourg is a signatory, imposes export control on systems, equipment and components using the following (either directly or after modification): – symmetric algorithm using a key longer than 56 bits; or – a public-key algorithm, in which the security of the algorithm is based on one of the following: (1) the factorisation of integers higher than 512 bits (e.g. RSA), (2) discrete log computations in the multiplicative group of a finite field larger than 512 bits, (3) discrete log computations in a group other than those mentioned above, and which is larger than 112 bits.
BACO BACO S.à.r.l. 2007 Countries under export control Afghanistan, Angola, Armenia, Azerbaijan, Bosnia- Herzegowina, Burundi, Cuba, Eritrea, Ethiopia, Iraq, Iran, D R Kongo, Lebanon, Liberia, Libya, Mynamar (Burma), Nigeria, North Korea, PRC (except Hong Kong), Ruanda, Sierra Leone, Somalia, Sudan, Syria, Tansania, Uganda.
BACO BACO S.à.r.l. 2007 Crypto Policy – GLIC* Report 1998 A survey yielded 76 responses: – 30 Green ( no restrictions ) – 19 Green / Yellow ( no restrictions, but respect Waasenaar Arrangement ) – 12 Yellow ( domestic controls plus Waasenaar Arrangement ) – 3 Yellow / Red – 1 Red / Yellow – 6 Red ( tight controls ) – 5 Unknown / no Response * Global Internet Liberty Campaign
BACO BACO S.à.r.l. 2007 Key Management Infrastructure ( KMI ) A large ( unknown ) number of countries requires national KMI. NSA still requires world-wide KMI under their control. Access to keys by national authorities based on applicable national and international law. Governments‘ respect of national and international law ranges from „flexible“ to non-existent; under „anti- terrorism“ everything goes.
BACO BACO S.à.r.l. 2007 Key Escrow Governments need to fight crime – access to key escrow is understood. Nobody really knows who actually will have access. No western government can resist the „friendly approach“ of the NSA for access.
BACO BACO S.à.r.l. 2007 My shopping list Crypto solution that is not recognized as such „Ad hoc“ keys ( individualized crypto ) On the spot key generation Any „illegality“ shall be invisible Steganography with file formats other than.bmp
BACO BACO S.à.r.l. 2007 We may need to look into a different direction
BACO BACO S.à.r.l. 2007 Into which direction ? Operate beyond the reach of a particular legal jurisdiction. Find legal loopholes – need to be the same in sending and receiving country. Use strong encryption with „non-escrow“ keys. „Super encrypt“ with a state approved - therefore „crackable“ – key ( or with steganography ).
BACO BACO S.à.r.l. 2007 The government syndrome Governments agree that industry should be protected from espionage with the help of strong crypto means, – but not strong enough to prevent governments to spy on industry. Governments want legal access to encrypted information, – but frequently do not respect international or national law.
BACO BACO S.à.r.l. 2007 The dilemma Legal government interest Crypto policyKey Escrow Governments as spies Illegal government action Protection of industry ? ? ? ? ? ? ?
BACO BACO S.à.r.l. 2007 The conclusion Il est dangereux d‘avoir raison quand le gouvernement a tort. François Marie Arouet (Voltaire) It is dangerous to be right when the government is wrong.