Home | Books | Help
A Drive for Freedom: How we solved the global surveillance problem with a 3.5 inch floppy disk.
By Klara Kali, July 2022
The Castalia Foundation is proud to announce that we have solved the global computer surveillance problem by using floppy-disk drives and off-the-shelf backdoored-computers. We are now sharing this solution so that millions of others can enjoy secure-messaging for the first time in decades.
Although the backdoored-CPU problem could also be partly solved by using Atari ST, Amiga, or other capable pre-2005 computers, the problem would remain that the user must trust these systems to be secure. Our solution does not require secure CPUs. Instead, we offer a logical remedy.
If you bought your computer after 2005, it likely has another smaller-computer embedded into its CPU (Central Processing Unit). This smaller computer is a chip-on-chip surveillance system that spies on everything you do. It knows your passwords, it knows the websites you visit; the movies you watch; the emails you write; and even that you are reading this article right now. Everything you can see on your screen; it can see on your screen too.
Your computer will, given the instruction to do so, relay all of this information to whoever has access to the chip-on-chip surveillance system.
"Who has access to everything on my computer via this system?" we imagine you ask.
Rogue governments; hackers; the CIA; and every other maniac you can imagine. On Intel systems, this backdoor is called the 'Intel Management Engine'; on AMD systems it is called the "Platform Security Processor".
If you use encrypted email, that's useless: The 'Intel Managment Engine' can just read the emails straight off your screen. Alternatively, the surveillance processor can just read the encryption keys straight off your hard disk. "But, my keys are password protected!" you protest. That's no protection either: The Intel Managment engine was recording your keystrokes when you typed your passwords.
Game over, man.
We will begin by describing why simply using a pre-2005 system is probably not sufficient security; then we will describe how three modern 'surveillance' computers can be arranged in a logical system to create a secure messaging platform despite their CPUs being backdoored.
Doubtless, in their original form, the Atari or Amiga (running Motorola 68k processors) are not backdoored. This is for the reason that the internet simply did not exist in any practical form at the time that these computers were manufactured. Consequently, we can assume the Atari and Amiga can run secure encryption systems because the CPU manfacturers did not anticipate these computers being co-opted in a surveillance grid.
Today, it is possible to set up a secure Atari or Amiga and connect it to the internet. However, we run into several problems:
1. The software for these machines will likely not be preserved on the original factory-issued media. Therefore it could have been meddled with.
2. If large numbers of people switch to Atari, for example, the market does not have enough second-hand Atari machines to fulfil demand. Also, the CIA will buy Atari computers up en-masse and/or target those buying them.
3. If a particular method of connecting the Atari to the internet for secure communications is popularized, then this method may be targeted by those same people who are currently surveilling you.
4. We still end up trusting the CPU, which is a 'black box' for most users.
In summary, the Atari or Amiga is a viable solution for basic secure messaging, but this method will not scale. That said, using an old Atari, for example, is certainly a solution that is light-years ahead of anything currently available from Intel or AMD.
Even with a non-backdoored Atari system, we are relying on a single-CPU / mainboard to connect to the internet; decrypt; and encrypt messages. This method is problematic because data can potentially be leaked between these stages; there is no mechanical boundary between them. Using one integrated circuit / CPU system for all three stages is a serious vulnerability.
The Floppy Disk solution
To understand the logic behind The Castalia Foundation's solution to the global computer surveillance problem, it is useful to use an analogy: We can imagine a situation where a brutal king of five-hundred years ago needs to send secure messages across his land. In his kingdom he has mathematicians who can encrypt and decrypt short messages; a primative version of today's PGP encryption systems.
The King cannot trust any of his mathematicians. He knows that they are all disloyal. If given the right 'code words' to spy on him, these mathematicians will report messages to his enemies. How does the king solve this problem?
The king must use his brutality and a system of logic.
First, the king gives one mathematician the encryption key and locks him in a prison cell. This mathematician can only send encrypted messages through a small letterbox in his cell which is closely monitored. He cannot recieve messages except from the king in person.
Secondly, the king locks another mathematician in another prison cell and gives this mathematician only the decryption key. This mathematician can only recieve messages, which he decrypts for the king in person. This mathematician cannot send messages. Ever.
Lastly, the king has a third servant to relay only pre-encrypted messages to his friends in other castles. This servant never sees any message that is not encrypted, and holds no keys. The king's friends have set up similar systems, with other imprisoned mathematicians, in their own citadels.
If we ignore the ethical mess that the king is in, we can see that he has set up an unbreakable encryption system that does not rely on his mathematicians being loyal to him. It does not matter if the mathematician who encrypts the messages is disloyal. This mathematician cannot report any unencrypted data outside the prison cell. His jail-cell letterbox only lets king-encrypted messages out.
Similiarly, it does not matter if the mathematician who decrypts the messages is disloyal. He can only recieve encrypted data, and even if he is 'triggered' by a 'code' to spill the king's secrets, he cannot: His prison cell will only ever recieve messages. He cannot send any 'data' out.
The astute reader will see that a series of logic-gates have been set up by the 'king' to ensure secure communications. Naturally, our analogy is a little imperfect, as we can imagine exotic ways to break this system in the physical realm of kings and castles. However, when we translate our analogy to the electronic realm, it is unbreakable.
It is worth noting at this point that the global-surveillance-problem cannot be solved on a single-mainboard architecture, and almost certainly cannot be solved by a non-mechanical system. In other words: We need to use a method where the user does not rely on trusting anyone; and where the everyday user can physically 'see' that the system is functioning, without relying on any 'black box' or 'trust us, please' paradigms.
How, then, can we build a simple, scalable, cheap, secure messaging system that the average, non-technical person can see is working correctly? How can we build it using off-the-shelf components which the CIA cannot hope to buy-up without bankrupting themselves?
We can use three off-the-shelf backdoored-computers (take your pick; all of them are backdoored), and two floppy disk drives, to ensure that we have 'imprisoned' our mathematicians in unbreakable cells.
How to jail your mathematicians
Obviously, there are more elegant ways to set up the system we are about to describe. However, the world needs secure-messaging immediately, and we are keen to publish our work as a temporary solution to the problem. Our solution does not rely on anyone manufacturing and distributing a new product, or on the user needing to source any unusual components.
With The Castalia Foundation's solution, the user does not need a background in electronic engineering to secure their messaging system. We feel that anyone of average intelligence will be able to implement a secure-messaging system by following this guide.
1. Purchase three PC computers capable of running Linux. Two of these computers will need to be stripped of their WiFi and bluetooth cards to ensure they cannot be accessed via these channels. You will find that desktop PCs are the better option for this. Desktop computers are more likely to have removable networking cards etc. Check with the seller on eBay, or the original spec-sheet for the computer, to ensure that the Wifi / bluetooth system is not inseperably welded to the mainboard. Generally, avoid laptops.
2. Purchase two 3.5 inch floppy disk drives. If you buy a sufficiently old desktop PC, then these drives may already be built into the computers. If not, you can find external USB hard disk drives all over eBay.
3. Purchase a box of 3.5 inch floppy disks. These will be used for data transfer.
4. Install a version of Linux on the three desktop PCs. Debian will do fine.
5. Designate roles for the computers. You could write their 'names' clearly on the outside of the cases of the computers. We will name our first computer: "Writer", our second computer "Reader" and our third computer "Sender".
6. Connect your 'Sender' computer to the internet using an ethernet cable (or WiFi if you are feeling more sloppy about security). Technically it should not matter, as the 'Sender' computer never sees an unencrypted message. Your 'Writer' and 'Reader' computers should NEVER be connected to the internet. If they are, the system becomes totally insecure.
7. Write a message on your 'Writer' computer and encrypt it using PGP and the Public Key of the person you are sending the message to. See the guide here for more information.
9. Format a fresh floppy disk on the 'Sender' computer. This is a slightly techncial stage. If in doubt, ask a friend. This can be achieved with a standard 1.44mb floppy disk on Debian using the command line and this command:
sudo ufiformat -f 1440 -v /dev/sdb
You must then add a basic FAT (or other) filesystem to the floppy disk (don't worry if that sounds like nonsense at this point), using the command:
Now the disk is ready to use.
10. Copy your encyrpted message onto the floppy disk.
11. Set the disk to read-only by flipping the tab on the floppy disk. This ensures that your 'Sender' computer, which is connected to the internet, cannot write any data to the disk which might be later read by the 'Writer' computer and used to send it a 'trigger code', Effectively, you have set up a one-way relay between your 'Writer' and 'Reader' computers.
12. Transfer the floppy disk to your 'Sender' computer.
13. Copy the encrypted message across.
14. Paste it into an email and send it to your friend via the internet.
15. Wait for an email response from your friend.
16. Save the response to another floppy disk. Flip the tab on the floppy disk to set it to 'read only' mode.
17. Transfer this floppy disk to the 'Reader' computer.
18. Decrypt the message on your 'Reader' computer.
19. Read the decrypted message.
19. Format the floppy disk to erase the message. For added security you can write junk data across the disk floppy. Here is a starting point for that.
It's important to be aware that anyone you write to will need to implement the same system to secure the messaging system. The Castalia Foundation's solution will not work properly if you are writing to someone who has not taken the same precautions and set up a similar three-phase encryption system using floppy-disk relays.
As you can see, we are using one computer exclusively to write messages; one computer to exclusively read messages. Finally, we are using a third computer to exclusively send and recieve post-encrypted messages. Because the 'Writer' and 'Reader' computers are not connected to the internet, it does not matter that they run backdoored-CPUs. Their only potential link to the internet is via the floppy-disk relay system.
Why are we using floppy disks?
For the simple reasons that:
1. Floppy disks are mechanical and can be assigned to read-only. This lock is physical, and not software based. Unlike a flash drive, a floppy disk can never be written to when physically assigned to read-only. It would be even better if we could also set floppy disks to a write-only mode, but our system is reasonably robust regardless.
2. Floppy disk drives light up and make a noticable mechanical sound when data is being read or written. This gives the user a clear, mechanical alert that data is being transferred. This alert will be noticable if the system starts going rogue and sending other data. With floppy disks, there is no way to 'hide' the fact data is being transferred.
3. Although there is a degree of security-through-obscurity to our method, we can be close to certain that nobody anticipated this means of circumventing global-surveillance systems. It would be close to impossible to get our 'Writer' computer (the only weak link in our system) to spill the contents of our unencrypted messages, and to write them to a disk, with instructions to the 'Sender' computer to relay the unencryted messages to a rogue actor on the internet.
We can be doubly sure this is not happening by using our 'Writer' computer to fill any spare space on the floppy disk with random data before ejecting the disk. This would leave no space for anything but the encrypted message to be relayed to the 'Sender' computer.
Again, it is worth reminding the reader that we are offering a solution which can be easily set-up by the average user or company to secure global communications immediately. The reader can perhaps imagine more elegant solutions to the problem, and more robust ones, but these will require many months of work to build and distribute the hardware. Nothing currently exists that meets this level of security.
Finally, the reader should be aware that there are many companies offering to provide a secure computer. However, all of these solutions rely on trust; where our system does not. With our solution you do not need to trust the CPUs; the OS or the suppliers.
Obviously, given knowledge of a very specific system configuration, and enough time, an enterprising hacker could probably dream up a way to break the configuration we have described. Hacking the Linux 'ufiformat' binary, and distributing a rogue version, or some other method might break security. But provided the user only uses an operating system that was released before our article, it is implausible that any such rogue code is in circulation, and so we feel our system is currently the most secure in the world.