The government wants access to private SSL keys.
For those of you who aren’t technical, please allow me to explain what this means. SSL and TLS are the basis for nearly all secured internet communications. Log into your bank? You used SSL. Buy a sexy toy from sexytoys.com? You used SSL. Log into Facebook to change your password? You used SSL. Rent a book online from your local library? You used SSL. Hell… google secures their searches with SSL. You can default all your Facebook, twitter, MySpace and virtually every other popular social network or experience with SSL. SSL hides your information from prying eyes. It keeps people who can see your traffic from being able to understand it.
With the private SSL certificate signing keys, the NSA/U.S. Government can do a couple things:
1.) If they have a system in place to intercept your traffic… something called PRISM perhaps… they wouldn’t need the cooperation of any corporation, their network or their server administrators to get, log, and monitor your information and traffic. They’d just need a data center, say in Utah, that has the computing power to analyze the traffic and trap and store salient information. For what its worth… they could also trap every password change ever made for what ever purpose they want.
2.) Since SSL is based on key signing authorities and public key cryptography, if the government gets access to the private key of an issuing authority (aka Root authorities/certificates), they could easily generate their own keys and completely impersonate a company or operate as a man in the middle. This is particularly important because if they have access to someone who signed the certificates for a company that refused to give the NSA access… they just need to impersonate the certificates and voila!
Mind you… I’m not using hyperbole. I used to do certificate authentication for IKE tunnels for IPSec VPN and tunnel encryption and authorization for SSL VPN for a living and some of these things were part of my test cases.
GET ANGRY. I’m normally happy enough that someone cares enough to click like on Facebook… but that simply not good enough now. The government wants every post, every purchase, every IM, every email, everything you do to be private between you, the person you sent it to, and them! AYFKM! GET ANGRY! DO SOMETHING! Post your own anger. Tell your other friends and everyone you know that apathy is not an option. The government can find something wrong with every person in this country. They’ve made an impossible web of contradictory laws and regulations and you are guaranteed to have done something illegal! GET ANGRY!
I completely forgot the reason I wanted to post here instead of Facebook.
I’m thinking now is the time to begin an actual campaign to vote against and replace every incumbent, period. I don’t care if we’re replacing Republicans with Democrats or Libertarians with Socialists. I vehemently believe its time that we inform our legislature and executives, in the most obvious and painful way that we peacefully can, that the government works for us. Works on our whim and that our rights are not a negotiating point or a campaign strategy.
Anyone out there willing to try this? Anyone willing to figure out what it takes to change the government? To put your money into a cause and push blindly until you’re done?