Cryptography != Anonymity
  The slow erosion of cryptographic effectiveness

  This missive does not address the civil liberties issues concerning the recent disclosure of NSA data hualing.    Others are doing that furiously throughout the Western World.
 Rather I'm addressing technical issues with regard to computer Security. In particular the little known fact, apparently, that cryptography doesn't provide anonymity in and of itself.
  Often it requires just the opposite. Consequently cryptography can address the recent NSA meta-data surveillance schemes but only in a limited way which is not a coincidence. That was the intent behind
  these schemes.

  First a little background on myself. Security is not my main function but is an important function of being a Principle Architect and Software Engineer in financial services software. As the years and decades
  rolled along Security became more and more important. (I am greatly abbreviating here) Thus Security, being one of those technical aspects that doesn't lend itself well to self study, I
  took it upon myself to obtain a Master Degree in Computer Science with a concentration in Computer Security from Boston University. It is rigorous and it involves becoming, in affect, a cryptographer complete with  mathematical mastery of the guts of encryption algorithms. In short, I basically know what I am doing.

  Second, a little background on the NSA's current dilemma. Cryptography really works in the sense that not even the NSA can, in a reasonable amount of type, brute force crack current state of the art
  encryption algorithms be they symmetric or asymmetric. This has the NSA worried and starting many years ago they have endeavored to get around this road block. Of the many ways to end-run cryptography
  Spatial/Temporal Analysis and Frequency Analysis are two such techniques that have come to the fore recently. There power stems from an aspect of cryptography not often discussed. That is its inability
  to provide anonymity in and of itself. Assume for the analysis descriptions below the adversary knows who you are for near certain. That is your identity is a given in the system.


  Spatial/Temporal
  Basically you use two bits of information (time and place) along with your identity (GIVEN) to make predictions of past, present and future behavior transparent to analysis. That is they
  can determine what you did, what you are doing now and what you probably shall do in the future. Many of these records are public. You probably allow many apps to get your location data either on the phone
  or via a website at your desk using your IP address to determine your general location. Along with time, which is gathered to the millisecond via NTP and atomic clocks, your present situation can
  be analyzed accurately enough for government work. Further, if the adversary can obtain phone records, credit card records either by legal or illegal means the adversary can tell quite a lot about you.
  If we know you purchased 10 gallons of gas at noon on July 1 and then again at noon on July 10. That combined with your RMV records can tell us approximately how far and often you drive.

  Frequency
  If the adversary knows only the number of messages (email, internet messaging, phone calls, whatever) that are made on average and to whom you can communicate, this chatter can determine quite a lot.
  If the chatter increases and decreases with respect to the norm something is out of the ordinary. If it goes up, something might be going on. If it is going up and the receiver is your accountant and it is early April then you are dealing with tax issues.
  If suddenly there is no communication with anybody. Something else is up. You get the picture.


  Now that we have explained the basics of these analysis, why is it that cryptography doesn't help as much as you might hope? It is due to the very essence of cryptography and that is their reliance upon keys.

  Cryptography 101

  There are three forms of computer cryptography only two of which we shall discuss: Symmetric and Asymmetric.
  Symmetric cryptography is what most folks think of in terms of encryption. They have a big key that is usually a password or pass phrase and that is use to encrypt a large volume of data quickly.
  Using that same key you may decrypt that large volume of data quickly. That key is symmetric in that it is used for both encryption and decryption.

  Asymmetric cryptography is entirely different. The key for encrypting is entirely separate from the key used for decryption. The key is broken up into two parts thanks to the miracle of large, strong
  primes. One key is a private key you keep yourself physically. You never share that with anybody. The other key is public and is shared with the world. Anything encrypted with the Public Key can only be decryption with the private key. What is important is that those who wish to communicate with you know for certain that the public key truly belongs to you otherwise this scheme can fail. The adversary could
 spoof your key and impersonate you. Thus it is imperative (here it is!) that for asymmetric technology to be useful your identity be confirmed or in the parlance of Security terminology: Authenticated.

  The fact that asymmetric keys require that you not be anonymous is a real issue and it bleeds into symmetric keys as well.


  Spatial/Temporal Analysis and Cryptography

  Lets ignore the fact that the phone company can simply not encrypt anything and in fact doesn't encrypt much.

  Let's assume the phone companies symmetrically encrypt phone meta data related to spatial/temporal information using the phone companies own key. Does that help? No. If the adversary is the
  NSA it can simply ask for the key. Perhaps you can get around this by providing your own symmetric key? No, because you are giving that key to the phone company as it is their data. The NSA can ask
  for that key. Symmetric keys don't help with encrypting your private data held by a third party as you have to hand over the keys. That simple.

  Fine let's try asymmetric keys since I can hold the private key at home far away from the phone company. I give the public key to the phone company and they can use that to one-way encrypt the data.
  Problem solved?! Not quite. It helps no doubt but the adversary knows one big thing. It knows who you are. The public key is known to be owned by you as the phone company must attest without a doubt
  that you are whom you claim otherwise they can't possibly accept the key. If they accepted any key from anybody claiming to be you then the adversary will do just that claiming to be you.

  Thus you have foiled the adversary somewhat but you are still not anonymous. That's better than nothing but its a limited victory even assuming the phone company will always use the key regardless
  of NSA requests. As long as you don't have sole physical possession of the data you are screwed regardless. I'm somewhat mystified as to why folks think cryptography would help in this situation.

  Frequency Analysis

  Frequency analysis doesn't rely on cracking encrypted content at all so it doesn't matter. All that matters is knowing the frequency of the chatter and determining information that way without ever
  reading any of that content. You can even determine interesting information from the size of the data being sent. Encryption can help here somewhat as before. If you used an encrypted line that
  always produced a certain frequency of chatter by maintaining phony encrypted packets you can foil frequency analysis. Your real data can simply be inserted in place of phony packages when necessary.
  This will work. Unfortunately, to my knowledge, no available software packages do this. It will also cost you network performance and CPU time if you are a large organization so it can get expensive.
  It requires that the other end of the communication is in cahoots with you otherwise this can't work. It also relies upon you owning the data communication. IF one credit card company communicates on your behalf with another company, with the frequency increasing as you use the card more often, that analysis is still there for the picking if that company does not employ frequency shields. It becomes a shell game
  fairly quickly. The Adversary moves to the communication line associated with you in which anti-frequency techniques are employed.

  Cryptography really only maintains privacy effectively if you own the data solely. If you do not own that data solely, if a third party has access, no amount of cryptography will suffice. It appears
  obvious and fundamental to myself but apparently, from that I am reading in the press, this is not the case with most people. I'm going to stop here because I must stop somewhere. I simply wish
  to advise those who believe that cryptography is somehow the solution here that they are sadly mistaken. Governments around the globe are using Big Data techniques to mine public data along with your
  private data held by third parties to obtain a really good working knowledge of who you are and what you are doing. There's no prime number big enough or feistel network clever enough to
  change this reality. It need be addressed by some other means.

  As time goes on my prediction is that cryptography techniques, as it is presently understood, will become less and less useful as clever means of gathering data (public and private) and correlating it with other data mature. I just thought you ought to know. Sorry about the formatting. I'll get it better next time.