Friday, October 7, 2016

Was Yahoo looking for Al Qaeda encrypted messages?

What they are likely referring it is software like "Mujahideen Secrets", which terrorists have been using for about a decade to encrypt messages. It includes a unique fingerprint/signature that can easily be searched for, as shown below.
The text string in these sorts of things is not hard to identify at all.  The string is used by programs to know where to start decrypting (all sorts of crypto programs do this).
The obvious "highly unique signature" the FBI should be looking for, to catch this software, is the string:
### Begin ASRAR El Mojahedeen v2.0 Encrypted Message ###
Indeed, if this is the program the NSA/FBI was looking for, they've now caught this message in their dragnet of incoming Yahoo! mail.
It's speculation that this is what Yahoo was looking for, but as Mythbusters would say, "Plausible."

I posted about this a couple years ago, in a post titled How do you say "Hey, NSA!  Look over here!" on the Internet?  In it, I said:
I've been very critical about how NSA is spying on citizens unsuspected of any crime, but this seems to be precisely what they should be doing.  I'm even OK with secret FISA court warrants allowing automated monitoring (and even attacking) anyone using al Qaeda code.  Seems like that falls under "probable cause" to me.
In most jurisdictions possession of lock picking tools is presumptive evidence of wrongdoing (if you're not a locksmith).  It seems plausible that possession of custom Al Qaeda encryption software is also presumptive of wrongdoing.  Sure, there's a First Amendment argument that can be made here, cryptographic research, yadda yadda - but this seems quite narrowly tailored to me.  If this is what Yahoo was looking for, it seems reasonable to me.


Divemedic said...

The difference, of course, is that the police don't get to enter your house in a preemptive search for lock picking tools. Firtst you get probable cause, THEN you get a warrant, then you search.

Minecraft Chuck said...

Of course, whatever you send via Yahoo essentially belongs to Yahoo. They explicitly state that they can use your content as they see fit, including sending it to third parties.

There is no constitutional issue here. There would be if the government forced Yahoo to give up the data. No force or coercion, no issue.

You can voluntarily pay more than your fair share in taxes, too. But if you do, you can't also claim that the government is robbing you.

The villain here, if there is one, is Yahoo. Beware 'free' email services - they are selling a product. You are the product.

matism said...

I would only note that the Orlando terrorist who murdered all those people in that homosexual nightclub had been "investigated" by the FedPigs and deemed to not be a problem. Even though his father reported him to them as a terrorist. In fact, they were so happy with him that they let him work as an armed guard for a DHS contractor.

Do you REALLY think that term is what the filthy bastards had Yahoo - and the rest, for it is now coming out that they ordered every major e-mail host to do the same thing - searching for?

Divemedic said...

Do you believe for a second that Yahoo didn't get any pressure from the government to do this?