Sweden has fallen

Tonight the swedish government passed a law that allows the government to spy on their citizens (and everybody else for that matter). Everything that passes through internet and cellphones are monitored in search for "threats against sweden"
It is the equivalent of opening private letters and read them.
Now this wont bother people that has something to hide, as most of you probably know. Truecrypt, private tunneling and so on. Only small time bandits doesnt know about such stuff.

Apparently the Swedish government today can gurantee that there will be no evil governments in the future and if there are they are of course swedish and swedish people never does anything bad for the people.... You can imagine this weapon in the hands of dictators.
So forget about everything you might have heard of swedish fight for freedom in the world.
We have now opened the pandoras box.
So be warned that there are no privacy if you do business with sweden.

 

I am a bit surprised at the move by your government. I thought they were a bit more progressive. I wonder what prompted this? Any ties to the Danish magazine cartoon incident?

 

Well, I'm probably going to get pointed out as a "FUD spreader" again, but, I've been trying to tell people that the world is different now and this type of thing is just going to be more widespread. CCsito, this move by Sweden is undoubtedly attributed to the "War on Terror", and where that is concerned, you can be reasonably sure the U.S had some influence. Sweden can be neutral in regards to wars fought by countries against other countries, but they can't be neutral to terrorists because terrorists attack anyone not supporting their cause.

 

"When Fascism comes to America, it will come wrapped in the flag carrying a cross"
- Sinclair Lewis, 1935

 

Not that I know or heard of. One of their reason for passing this law is terrorism. But any terrorist that gets caught by this law are not worthy to be called terrorist, just plain stupid. They will surely be expelled from the International Terrorist Club in dishonour and laughed at.

 

Not really, the Internet has become a very easy weapon for them in the form of recruiting people/hacking into servers. Cyberwarfare is of interest to them and they have people who can do such things. However, yes, it's very likely they will get caught because tunneling/Truecrypt and the like are almost certainly toys to the people hunting down these terrorists. And yes, the biggest reason they passed this law and every country that doesn't sponsor terrorism will pass similar laws is terrorism. The West will push, shove, punch, kick and threaten until A: Every country does what it wants, or, B: The West, especially the U.S, finds itself with much fewer friends than it used to. And it has begun in recent years to look like B is the answer.

 

I have a hard time understanding where you're coming from. The way you talk about the NSA/CIA almost sounds like hero worship to me. The way some people talk about them, you'd think they were imbued with mythical superpowers and the ability to crunch big numbers in a single bound. No, I don't work for them and I don't know for certain how they operate. But the reality is likely to be far more mundane. If they want to know what someone's doing on the internet, they won't use some super-secret monitoring technique. They'll bully the server/proxy owner. If they want your TrueCrypt password, they'll coerce you or look for some user mistake. Or they'll convict you anyway without the password because your failure to comply makes you look guilty.

If you think they're even going to try to bruteforce or otherwise crack a TrueCrypt volume created with a proper password and no information leaks, I think you're out of touch with how law enforcement actually operates. They won't try to bruteforce the key of a TrueCrypt volume, probably not now or 50 years from now. The average person is an idiot and will either choose a bad password or leak information in some other way.

But, for every technique that any law enforcement agency uses, there is a technique to bypass it that is probably 50 times easier. Almost anything that they can come up with, there is going to be a simple way to get around it. Anti-forensics is always much easier than forensics. The only difficulty is their techniques are classified. But, no, they're not going to break into a properly created TrueCrypt volume (with a proper password and no information leaks). It would be stupid to even attempt it.

You talk about the sophistication of their eavesdropping. Even if they could bypass Tor and any other anonymization network, I have a very simple solution that will stop any eavesdropping cold. Go to an internet cafe. All that multi-billion dollar spying garbage is stopped cold. You really would have to be a complete idiot not to be able to bypass them. But guess what? That's who they go after for the most part. Anyone they possibly could catch with all this technological nonsense probably wasn't a real threat to begin with.

 

Great, now I have to use tor and Enigmail and other types of software. I can't even type sexbomb in a mail, cause then someone will read it.

 

What you're not thinking about is that anti-forensics ALSO come from the government. I hope you aren't really thinking that these agencies come up with "super duper crypto" techniques not knowing how to break them, there's no other way to describe that line of thinking than just plain stupid. No, I don't hero worship them, but I also am not one of the folks they love, the ones who think they can skirt around the best techniques that the 3 letter agencies have at their disposal.

I'm not sure I read right into your comment about internet cafes, but I'm hoping you didn't mean they were safe, let's discuss the Chinese government if you think so. About Truecrypt, I've heard it being discussed as if it's the "super magical unbreakable badass". Who do you think made such technology? Does no one understand or want to understand that the government had every single last piece of our best technology long before us "average Joes" did?

No, they are not going to try and bruteforce a highly encrypted file/folder, whatever, bruteforce is doing it the hard way. They created this stuff, you better damn well get your head out of the sand and realize they knew how to get around it Are these guys God? No way. Can they, if they TRULY NEED to, get past anything you want to throw on your hard drive to keep them out? Take a moment to think about where all this crypto magic came from and then answer that question yourself.

With Sept 11, the Patriot Act, telecommunications immunity, and all these laws being enacted not only here in the U.S but worldwide, all the crypto fanboys and privacy advocates are in for a hell of a reality check. People can go on and on about all their security measures, how they think the government works or should work, and how they think the world works or should work, but like it or not and believe it or not, we all are slowly losing all these nice little freedoms we got used to and expected 10 years ago. It's perfectly alright if I'm not believed or brushed aside as a paranoid fool, I'm not forcing my opinion and beliefs on anyone, I'm merely trying to tell people to pay attention to what's going on around them.

 

wow! what a lame government over there lol....i wounder how come the swedish ppl didnt prevent such a dark law which remaind the old days ...

chers

 

Anti-forensics are any techniques used to defeat forensics. Anyone can come up with them, including you. AES, twofish, and serpent were all developed by independent cryptographers. TrueCrypt is completely open-source. Anyone can look at it, verify it, and compile it. The government has had just as much time to evaluate these ciphers as the general public. They didn't invent them, and they have no control over them.

My point is that it's not only possible to take over someone else's internet connection for your own purposes, it's trivially easy. With municipal wifi, your neighbor's wifi, internet cafes, etc, it's so easy to communicate anonymously, it's a joke. It's even possible to hack someone wirelessly from half a mile away. You can infect someone's computer and hijack their broadband. Anyone who cannot do these things and doesn't realize the risks of using their own internet connection is nothing short of a joke. People who use Tor or paid privacy services either want convenience (Tor) or high bandwidth (privacy service). People who expect to be tracked by the government will use neither. They don't need the high bandwidth that a privacy service will offer, so they'll send their messages from anywhere. They'll hijack your connection, and it'll work. Because they'll hack one wireless connection to send one message then hack another to send the next message. They'll rotate e-mail accounts randomly based on some preset formula. They'll use pgp or some other encryption.

TrueCrypt is open-source technology that uses ciphers created by the cryptographic community. The government neither created them nor has any special control over them.

It may seem like "crypto magic" to you, but they are based on mathematical principles that anyone can understand. Anyone can look at the source code to verify it for themselves. Unless you're implying that all non-government cryptographers are idiots, I don't see how you can justify your statements. TrueCrypt has been around for many years, and it has been evaluated by many cryptographers that don't work for the government.

I'm not arguing that the governments of the world aren't abusing their powers. It's self-evident that we are well past the point of screaming that we're losing our freedoms. We've already lost them. That ship has sailed. What I am saying is that it doesn't help them catch terrorists or any other criminals. Their technology is easy to bypass for someone motivated to do it. These lost freedoms hurt normal, law-abiding people like us.

And as long as we're talking about 9/11, let me remind you of one crucial fact. These governmental super-brains that you're talking about are the same ones that were running around like chickens with their heads cut off that day. They're just normal people like you and me. They have no special power, and the technology they do have is not beyond our imagination or comprehension. We can make rough guesstimates of their computing capabilities. And global surveillance/snooping is beyond the capabilities of any government, not for lack of computing power or technological resources, but because they could never have sufficient manpower to analyze even a small fraction of the traffic, much less decrypt encrypted traffic.

So, what am I saying? Yes, they can make our lives (normal people) miserable. But stopping real terrorists with this technology is a pipe-dream. It will never happen.

 

Folks,

This thread is about privacy. Let keep generalized political commentary out of it.

Blue

 

I don't want to seem pushy but this was a political thread from the start. Privacy can be a political issue.

 

Listen, I understand your point about encryption techniques such as AES 256 being basically impossible to decrypt in the bruteforce-type of way, (well, hell, I hope so, damn supercomputers these days), however, they are weak in an area where attacks are a daily occurance...passwords. Poorly implemented pass? Broken encryption. Got a keylogger? Broken encryption. Trojan? Broken encryption. And I do still stand by what I said about these methods being developed by the government, and by that I mean not the software used, but the actual encryption method itself.


The only counter-argument I would make against your argument of manpower is that computer power and technological resources are making manpower less necessary. In all honesty global surveillance is already happening, you don't need any one government, they all do it in one way or another, so global surveillance is already here. Do you need to worry about Brazil spying on you? Doubtful, Your own country? You best believe it.

I guess perhaps I should do a little backtracking and explain my original belief in another way. Can they bruteforce this stuff? Likely not. Do they have a ton of other ways to intercept it due to all the lovely holes and the way things work in our beloved operating systems and software we use? Big fat yep. So, my true point is that they don't NEED to work so hard, the work-arounds, backdoors, loopholes are already in place.

I also stand by my comment that indeed the military/intel communities did come up with these techniques. Can we possibly know these "independants" were/weren't working for governments, do you think they'll tell us someday? Again, likely not. My previous posts may have sounded like I think of these agencies as having magic wands, but I don't, that's silliness. All I truly meant was that you shouldn't be so sure of people and agencies that have trillions of dollars available and the means and intent on keeping tabs on us in the name of national security.

As far as "running around with their heads cut off on that day", there have been many many reports that they've known that was coming for quite some time and chose not to act. That is not technological weakness, that is plain stupidity. And yes, they can stop it, when we all have these RFIDs in everything (which not too long ago the U.S talked about wanting to do), our cell phones REQUIRE GPS service instead of it being optional, On-Star in cars, and so on, all that can be used against us. Again, not conspiracy theory, it's just plain easy to make happen in the name of the War on Terror.

See, you have to understand, regardless of how good/bad they did at handling Sept 11th, that day gave them a green light to do things out in the open that they had been doing secretly for years before. That's our real problem, not that they can decrypt our data, but intercept it before we even have the chance to encrypt it.

Oh, and though I fully respect the forum policy of politics, again I have to remind that technology is for a BIG part politics. To ignore politics is to ignore why such spying is going on, why they chose the technological methods they did, and why the world is the way it is. You live in a world that turns around because of politics.

 

I understand what you're saying. But I stand behind what I said in that someone intelligent and intent on bypassing all of this stuff will do it relatively easily. Let's say person A is very intelligent, highly motivated, and has a solid understanding of computers. If person A found 3 people just like him, all 4 could communicate readily over the internet with virtually no risk of being eavesdropped on.

What's the problem? Finding another 3 people like A. More likely than not, at least 1 of the people will be an idiot and probably all 3. That's where governmental snooping could work. Super-criminals don't really pop up too often. More often than not, you'll get a loose band of idiots begging to get caught.

A real terrorist threat would be perpetrated by 4 A's. The people they catch are W,X,Y, and Z (possibly an A in the mix). This loose band of idiots are 4 pot-bellies who sit in their basement all day, plotting to overthrow the government, sort of like a cartoon.

That's who they catch. And they don't even catch these people due to internet or computer activities but due to community tips. Most of these people pose less threat than some guy with a gun in a mall. So, you see what I'm saying. It doesn't really solve anything. A real terrorist cell, if there even is one, will not get caught by electronic eavesdropping.

 

malwaretesting,

A. Well, you are being gratuitously pushy
B. Privacy can clearly be a political issue, but not all political issues/commentary are privacy related and some of your comments, for example

have crossed that line.

Deal with it or move on.

Blue

 

Yeah, I get what you're saying too. Unfortunately we have to rely on the workarounds for the technology we KNOW they use. Now how we get around the tech we don't know about yet ( as I had said previously, all tech we use now was once top secret), that's another question entirely

 

People in general find this law hard to understand and they have no interrest to learn since it is not about the latest finalist in "Swedish Idol"
They might sometime gotten a virus on their computer so they think that it is good that government takes care of them thats about what many thinks about this law.

The sad thing is that every government knows their people. They can sugarcoat it so it sounds like everyone who has objections against such laws are crazy conspiracy theorists. So ignorant people find it easier to listen to what daddy says rather than trying to find out what it is all about. Their take on everything that the government is "surely our own government wouldnt lie to us, we elected them!" unless it is about raising the taxes on beer. And of course the hilarious: "I dont have anything to hide"
It is the same mistake that happens over and over again through out the ages.
But, it is like the saying; you get the government you deserve.

Truecrypt is open source. Dont you think that its code has been screened by knowledgeable people so we would´ve heard of government backdoors? Or are open source a superduper secret government plot?

 

"Truecrypt is open source. Dont you think that its code has been screened by knowledgeable people so we would´ve heard of government backdoors? Or are open source a superduper secret government plot?"

No, I'm absolutely not saying such software is some government plot. I'd say that would be going a bit too far down Paranoia Road.....What I meant by my statement was that AES and others had government insight. Whether it can be proven or not (and it likely cannot), the developer of AES very likely worked under government wings. The NSA accepted AES as their standard, it's only logical they had a hand in its creation, after all, why would they trust someone elses' encryption for their most classified material? They may hire out civilians to do work, but those civilians while doing that work work under the guidance of the government, so therefore they indeed worked for the government, whether they wore NSA/CIA, whatever badges or not.

Edit: I'll end my part in this long thread by saying this: I do NOT believe in the "all-knowing" idea some folks have about our governments, even if my earlier posts seemed as though I do. They, even with their trillions of dollars at hand and secret tech that isn't publicly known or publicly available, are still imperfect human beings. What I sort of ended up going in the wrong direction trying to do, was try to make people understand that this new Swedish law and all the laws like it, are going to become the norm, and, we who are not in these 3 letter organizations do not know what they are currently capable of inside those remote bases, and what their intent is for whatever they can do. We simply don't know, and to pass that fact as FUD or conspiracy is not only foolhardy, but dangerous. Whether politics are allowed to be discussed or not, the truth is ladies and gentleman, a pack of nutjobs with a few planes put us in the positions we are finding ourselves in.

 

This is a sad day. I wonder what the resolve of the people will be. They shouldn't have been glued to their television sets and blogs, but out in the streets. All of them.

 

The resolve of the people will sadly be as it has always been, they'll get comfortable with it. Just as with gas prices, where 2 months ago 3.50 a gallon was an outrage, now 4 dollars is, the people will beg for lower prices, it'll go back to 3.50, and the people will applaud. It'll work the same way with security. This whole Phorm/NebuAd thing for instance, that is nothing more than corporations seeing how far they can go before people throw fits. They will offer up a less intrusive way, the people will quiet down, not understanding that less intrusive is still intrusive.

Why should corporations/government change if the people are willing to accept what they do?

 

Well, the original subject of this thread is not an issue for the Swedish people solely. Let me point out that it's really the local implementation of the EU directive 2006/24/EC about data retention. At the time the Swedish minister of justice was one of Europe's most ardent advocates of that directive. Yesterday's Swedish legislation is said to be the most far-reaching of its kind in the Western world. I don't know about that, and possibly our American friends on this forum are entitled to protest the claim, but as far as I do know, Sweden is the only country within the EU that implements actual full content monitoring of all electronic communication that "crosses the borders" - doesn't most of it? - in order to intercept "external threats to the security of the realm", as they put it, but also "certain internal threats" of unspecified nature. Of course that's bullshit, and terrorism isn't even part of the supporting spin - it's far too exotic a phenomenon to most Swedes to be credible. (Finnish customers of Swedish ISP:s should really reconsider their need for encryption software, by the way). Anyway, the deadline for full implementation of the 2006/24 directive is set to March 15, 2009. Sweden is showing the way, and dammit, I'm NOT proud of my country at all.

 

About the only thing us Americans can protest about whether we have the furthest-reaching or not is the fact that our government and our own ISPs aren't real forthcoming about what they do. I hope terrorism remains nothing more than an exotic phenomenon to your country, though I'm not sure any country is safe from it completely. I'll head back to the malware section now since hell, you can't bring up topics like this without mentioning politics. I guess some just don't understand that.

 

No. It does not mean someone will read it. It means there might be a log of it, somewhere, allowing someone to read it, should they be so inclined.

And so? What's so critical about someone reading your emails? As long as you are aware this can happen, you will make sure only info you don't care about is in those mails.

Just like you don't shout your credit card number on the street ...

Mrk