[tor-talk] HR4681 Sec 309 communication privacy legislation

Mon Dec 15 04:55:51 UTC 2014

This is all mute:

(i) the communication has been affirmatively determined, in whole or in
part, to constitute foreign intelligence or counterintelligence or is
necessary to understand or assess foreign intelligence or
counterintelligence;

Item I probably is intended to cover FISA warrants.  Which is what the NSA
has been using to get info from companies already.

So I read this as they can keep the communications indef if it is encrypted
or they have a FISA warrant, FISA warrants are already NSA general
procedure for getting everyone's emails and call records.

-----------------------------------------------------------------------------------------------
-ITG (ITechGeek)
ITG at ITechGeek.Com
https://itg.nu/
GPG Keys: https://itg.nu/contact/gpg-key
Preferred GPG Key: Fingerprint: AB46B7E363DA7E04ABFA57852AA9910A DCB1191A
Google Voice: +1-703-493-0128 / Twitter: ITechGeek / Facebook:
http://fb.me/Jbwa.Net

On Sun, Dec 14, 2014 at 9:57 PM, Mirimir <mirimir at riseup.net> wrote:
>
> On 12/14/2014 10:39 AM, Tim Mitchell wrote:
> > Morning all,
> >
> >
> > If no one has yet seen Section 309 of US HR4681, it contains
> > some very dubious language that sounds like it is legalizing
> > indefinite government retention of encrypted communications.
> > The text is as follows (Section 309.b.3.B.iii):
> >
> > (B) Limitation on retention.--A covered communication shall
> >  not be retained in excess of 5 years, unless--
> > ....
> > (iii) the communication is enciphered or reasonably
> >  believed to have a secret meaning;
>
> Based on Snowden releases, this is SOP. And in any case, it's clear that
> the NSA ignores civil law, given that the US is at war. Always. Forever.
>
> > This might be going out on a limb here, but "enciphered"
> > and "reasonably believed to have a secret meaning" could easily
> > be interpreted to apply to any and all encrypted Internet
> > traffic, including Tor.
>
> We know from Snowden releases that they retain as much intercepted
> traffic as they can, for as long as they can. There's recursive triage,
> based on context, occurrence of keywords in metadata and content,
> flagging by analysts, and so on. Over time, less-interesting content
> gets decrufted and chunked, and eventually deleted. But metadata is
> retained indefinitely.
>
> For encrypted (aka enciphered) intercepts, there's no readily
> interpretable content. So triage must be based primarily on metadata and
> context. And it's arguable that encrypted intercepts of particular
> interest (from Tor and other anonymity networks, VPN services, extremist
> websites, and so on) are retained indefinitely.
>
> > I'd be curious as to what experts in this area think about this,
> > and how to go about raising awareness if this is indeed as
> > serious as it sounds to me.
>
> Tor traffic among clients and relays is encrypted with perfect forward
> secrecy, so retention is not a very serious threat. Each chunk of data
> is encrypted with a different session key, and so is a separate puzzle.
> Learning a particular Tor relay's private key does allow an adversary to
> impersonate the relay. But it doesn't compromise prior traffic through
> that relay.
>
> > Full text of the bill can be found here:
> > https://www.congress.gov/bill/113th-congress/house-bill/4681
> >
> >
> >
> > Thanks,
> > Tim
>
>
> --
> tor-talk mailing list - tor-talk at lists.torproject.org
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>