On 12/14/2014 10:39 AM, Tim Mitchell wrote: > Morning all, > > > If no one has yet seen Section 309 of US HR4681, it contains > some very dubious language that sounds like it is legalizing > indefinite government retention of encrypted communications. > The text is as follows (Section 309.b.3.B.iii): > > (B) Limitation on retention.--A covered communication shall > not be retained in excess of 5 years, unless-- > .... > (iii) the communication is enciphered or reasonably > believed to have a secret meaning;
Based on Snowden releases, this is SOP. And in any case, it's clear that the NSA ignores civil law, given that the US is at war. Always. Forever. > This might be going out on a limb here, but "enciphered" > and "reasonably believed to have a secret meaning" could easily > be interpreted to apply to any and all encrypted Internet > traffic, including Tor. We know from Snowden releases that they retain as much intercepted traffic as they can, for as long as they can. There's recursive triage, based on context, occurrence of keywords in metadata and content, flagging by analysts, and so on. Over time, less-interesting content gets decrufted and chunked, and eventually deleted. But metadata is retained indefinitely. For encrypted (aka enciphered) intercepts, there's no readily interpretable content. So triage must be based primarily on metadata and context. And it's arguable that encrypted intercepts of particular interest (from Tor and other anonymity networks, VPN services, extremist websites, and so on) are retained indefinitely. > I'd be curious as to what experts in this area think about this, > and how to go about raising awareness if this is indeed as > serious as it sounds to me. Tor traffic among clients and relays is encrypted with perfect forward secrecy, so retention is not a very serious threat. Each chunk of data is encrypted with a different session key, and so is a separate puzzle. Learning a particular Tor relay's private key does allow an adversary to impersonate the relay. But it doesn't compromise prior traffic through that relay. > Full text of the bill can be found here: > https://www.congress.gov/bill/113th-congress/house-bill/4681 > > > > Thanks, > Tim -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
