Congress Considers Mandatory Crypto Backdoors 1105
disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.
Mixed feelings (Score:2)
I think I speak for slashdot when I say (Score:5, Insightful)
New Hampshire (Score:4, Interesting)
The revolutionaries who founded the United States of America are chock full of good quotes on freedom and defending freedom.
Only outlaws will have encryption.. blah blah blah (Score:4, Interesting)
As for "mandatory crypto backdoors", I think it's become a common saying that when encryption is outlawed, only outlaws will use encryption. This is a ridiculous time to be making any hot-headed decisions on something like this. Even if the US did make some inane law mandating backdoors in encryption there are plenty of free and completely open strong algorithms out there to use. What stops terrorists from using these other programs NOT made in the US or writing their own code?
This is the kind of thing that happens after every tragedy unfortunately. Emotional people start making emotional cries for immediate changes. After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people. Banning strong encryption is not going to stop criminals or terrorists from using strong encryption! Hijacking airplanes is also a crime but that didn't stop a bunch of whacked fundamentalist motherfuckers from doing it now did it?
Maybe, lets hear what Jefferson had to say (Score:4, Insightful)
and
The idea was always there that congress might have to restrict the freedoms of those living within the republic to protect the common good, especially where individuals were trying to provoke the unimaginable horrors of war. Sure you can have a long debate on exactly where to draw the line, you can disagree with where they are currently suggesting the line be drawn, but lets not pretend its quite as simplistic as your one quote implied.
If you disagree with what they propose then demonstrate alternatives or show why their proposal is worse than the threat faced by the USA. There are good arguments to be made, there are quite probably better ways of dealing with the threat but if all you do is run out old quotes then you are doing what Franklin said;
--
Nic (expecting to be moderated to -1000 but figures it needed to be said anyway)
Re:Mixed feelings (Score:5, Insightful)
Re:Mixed feelings (Score:4, Insightful)
And good luck to the government getting people to dump all their current SSL/SSH software in favor of this new awesome backdoored version. Especially with products like OpenSSH which will remain downloadable from any number of sites for quite a while.
Re:Mixed feelings (Score:3, Insightful)
Sigh. The vast majority of signals intelligence is devoted to traffic analysis: figuring out who people are talking to. Think about this. Do you think they have the resources to read all the stuff they can capture?
Once they decide that an individual is connected into too many suspicious circles (drugs, munitions, political activism, voting democrat, etc etc) only at that point do they consider devoting resources to decyphering the content of the traffic exchanged. Compared to the total volume of traffic exchanged on global networks, they have the resources to crack only a tiny sliver of those communications.
If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.
It's very important to limit the total volume of strongly encrypted traffic. If they manage to limit strong encryption to 1% of the population consisting entirely of
In no way whatsoever do the objectives of this initiative depend upon Bin Laden adopting an American approved backdoor technology.
Arguing that the American government thinks this is the objective of their backdoor policy is juvenile circularity invented to justify our _premise_ that the government is too stupid to be trusted in anything.
Let me try to paint a picture of how things work based on what I believe to be the existing American capability in rough factors of ten.
I would think that the Echelon system maintains a unique identity for 1 billion of the world's 10 billion people. This group would include the majority of people who have used a telephone at some point in their lives, and not many who haven't. We can think of this group as the "literate and connected" group.
Out of of this roster of one billion "known" individuals, 100 million would be identified as belonging to the sphere of national interests. Anyone with a degree in metalurgy, who has ever travelled to the middle east or the eastern block, who has ever held a pilots license or owned an airplane, people involved in international trade, people trained to operate weaponry of any kind, people on the inside of national infrastructure grids, etc etc. What they are looking for at this level is overlap between the groups motivated to cause trouble and the groups with the skills or resources to cause trouble. The only thing they need to identify about people in this group is the various spheres of influence each person belongs to.
Out of this group 10 million people are identified who have a significant presence in groups representing both means and motive. If you are in this group, Echelon problably knows your great grandmother's maiden name. Your location is monitored and the people you communicate with are identified and recorded. Your traffic will be subjected to keyword analysis and correlation beyond what the bulk filters are capable of processing. A select ten percent of your communications are permanently recorded in case they become interesting at a future point in time.
Out of this group, 1 million people are identified who combine means+motive+opportunity. It is this group of people where they become very interested in digesting the _contents_ of your communications. Perhaps 1% of this is selected for a few seconds of human attention.
Our of this group, 100 thousand people are subject to exhaustive scrutiny and human analysis.
Out of this group, 10 thousand individuals are actively operated against. If you are in this group, there are white vans parked in your street, your cigarette lighter contains a satellite transponder, your keystrokes are monitored by devices that can only be seen under an electron microscope. To belong to this group you need to have your fingers stuck into more than one pie. These people are the tendrils that bind shadowy worlds together.
Out of this group, you have 1000 people designated as the world's primary disruptors of shit. If you are in this group there is someone in the intelligence service who knows more about your life than you know about yourself. Your continued existence is reviewed daily. It's a good practice to surround youself with equally despicable proteges who are eager to take your place.
Out of this group, there are 100 people who's continued existance is considered bothersome. These are the people who out so well protected or removed from American influence that nothing much can be done about it.
Out of this group, 10 people are nominated by American politicians to play the part of celebrity terrorist. These are the "forces of evil" who constantly invoked to sway public opinion on any issue where it allows the government to get what it wants.
Take a good look at that pyramid and decide whether it matters to the American intelligence service whether ten million people use strong crypto or whether one hundred million people use strong crypto. The intelligence service needs to know enough about this group of 100 million people to determine which subset of 10 million people deserve the next layer of surveillance.
But no, if Bin Laden alone uses strong encryption, the entire government agenda against the strong encryption is ridiculed as being completely bogus. A fine example of
Re:Mixed feelings (Score:3, Interesting)
The first thing to consider is the "trust" question. Do people trust their governments? The unavoidable answer is that here in the UK, in the USA and in many other countries, a very significant part of the population very obviously do not fully trust their governments.
Arguments about whether this attitude is well founded aren't relevant. All that counts is the existence of enough such people.
The next thing to consider is the praticalities - can it be made practically dificult for those who distrust their governments to obtain software without backdoors. Even in a "closed source" world this is going to be very dificult or even impossible - too many people already have the tools and the knowledge and it is very easy to spread the information around. In a world where "Open source" software is permitted I reckon it is simply impossible.
So we have a number of people who wish to prevent government snooping - or simply wish to reach the maximum level of security they can achieve. If those people choose to use techniques without backdoors - they can do so.
Can you "persuade" such people not to use encpryption without back doors ?
I don't think you can do it by force. The first problem is detecting them. Such People will simply encrypt their files securely and then encrypt the results again using an "approved" method.
How are you going to tell that people are using "double" encryption ?
Maybe the security services will be allowed to do audits - use their backdoors on randomly selected messages to check that people aren't hiding unapproved encryption ? Do you think that would be publically acceptable ?
What happens when security services encounter a file format they don't understand ? Can they demand that all file formats be explained to them to ensure you're not encrypting data ? Will that be universally publically acceptable ? Is it even practical ?
So if you enfore encryption with back doors all the security services will see is an apparent mass of files encrypted using the approved methods - with no practical, publically acceptable or easy method of picking out the interesting messages or recipients.
>If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.
... and because of the above they still won't have the resources to sift it.
The only way to tell which of your 100 Million people are using unapproved crypto is to routinely open the "back door" to the privacy of all 100 million - with all the practical and political problems that follows. Even then you aren't much further forward.
What's even worse is that the REAL terrorists will be busy uploading and downloading beautiful, original, high definition photos of huge flower arrangements and landscapes - with the real (heavily encrypted) messages hidden within using stego. So while the security services are busying trying to determine which of their 100 million make it onto the next list and then the next list - they've already eliminated from further study the ones they're after. Use stego correctly and it is near to mathematically undetectable as really makes no difference.
Re:Mixed feelings (Score:3, Insightful)
Re:Mixed feelings (Score:3, Funny)
Re:Mixed feelings (Score:5, Insightful)
"Of course it's about terrorism and defending liberty and democracy", you say. "It's fucking heartless to think this is some plot to handcuff us. Come on, thousands of innocent people DIED in the WTC, we've got to DO something, QUICK!"
Right now, I'm not worried about terrorism at all.
"This year will go down in history. For the first time, a civilized nation has full gun registration. Our streets will be safer, our police more efficient, and the world will follow our lead into the future."
Adolf Hitler, 1935
You see, even IF there was complete security, this isn't a good thing, as long as the govermnent isn't really democratic (look it up, there IS no democracy on planet earth... it's representative democracies, which is an oxymoron). Because your safety always depends on the govermnent not to screw you over.
So I'm asking you, do you feel lucky?
Americans and Europeans (me being german, and for me being the answer a "no", and a very resounding one after the things I heard our politicians say in the last 2 days), do you trust your governments completely, blindly, and does that "no time for criticism now, we have to stand together as the civilized nations of the free world, we'll do what we have to do (and we'll tell you what that is when it's already underway)" help to increase that trust?
Re:Mixed feelings (Score:5, Insightful)
On top of that, they already have the tools, and putting mandatory backdoors on future products is not going to affect existing software. What would they do to them for using unauthorized software? arrest them?
If this even gets close to being implemented, we need some sort of pledge from the intelligence community, backed by strict legislation, that any such system can ONLY be used or the purpose of national security and anti-terrorism, and any use beyond that would be strictly prohibited, and any other information obtained shouldn't leave the place it was intercepted from.
Just my 2 cents, right now I do not feel any of us really is in any position to make a real judgement about this. Keep that in mind when forming some opinion that you would be unwilling to comprimise, as a few of us here often do.
Re:Mixed feelings (Score:3, Informative)
My x brother in law wrote an article in left wing Z magazine about the special federal circuit court that is specifically set up to approve wire taps. I forget the year and the exact numbers but they rejected something like 4 out of 23.7 THOUSAND. We ALREADY have a guarantee against unreasonable search and seizure and right to liberty. It is the basis of all our law. It is the Constitution. Pledge of restraint and honesty? You have me rolling on the floor!!!
Oh, and by the way he had a white van outside his house for a week - night and day. My nieces even brought the spooks cookies....yeah, and he was a real threat. He is a newspaper sports writer mostly.
Re:Mixed feelings (Score:3, Insightful)
I'm in the UK, so, tragically, have had to be a bit more aware of terrorism for the last 30 years.
The Guardian newspaper made a similar point yesterday, citing the example of IRA standard operating practice where operational information has almost never been passed using telephones, fax or more recently email. The procedure most widely known has been for the two terrorists to get onto the same bus from different stops, talk quietly on the top floor, and get off at different stops.
Crypto back doors, satellites, phone taps, the whole panoply of technological measures, whilst reassuring, can never have a useful impact on this sort of approach.
OTOH, if, in fact, the CIA have 10,000 agents of middle-eastern origin under deep cover throughout the world, I don't want to hear them proclaim the fact to get out of a bad PR situation. Rather better to take the PR hit and leave the agents in place doing the job.
TomV
Re:Mixed feelings -- not me (Score:3)
I'm crystal clear on this one.
They can have my copies of (OpenSSL|OpenSSH|gpg|etc.) when they pry them from my cold, dead fingers.
That, and, as others have pointed out, the algorithms are known and not that difficult to implement. Any self-respecting terrorist would simply ignore encryption tools with backdoors built into them. It would (who am I kidding, will), generally speaking, only be the law-abiding folks who would (will) be injured by this.
And I continue to be amused by the way second amendment slogans seem so appropriate to the likes of DMCA, SSSCA, and crypto regulation...
People will hand it over (Score:4, Insightful)
And if you fight against it you will probably lose... unfortunately. Maybe in a year. Or two. But the mood of the American people is quite frightening- cold rage.
Besides- who says the government CAN"T break them already? It probably just takes a bit more effort...
Re:People will hand it over (Score:5, Insightful)
The fact that they're passing legislation to add mandatory backdoors is a pretty big clue that they probably can't break some crypto already. A known backdoor significantly decreases confidence in a crypto-system and will cause the bad guys to be more vague and/or use the uncrackable but less convenient "one time pad".
Re:People will hand it over (Score:5, Insightful)
Re:OT: get a new quote (Score:5, Insightful)
The sad fact is that we will indeed lose freedom, not for security, but for the perception of security. All kinds of measures will be taken, laws enacted, procedures implemented. Getting on a plane will be a nightmare, but while everyone will be at least inconvenienced, no real prevention will occur.
People want action - they want something done. It doesn't matter if it helps or not. The perception is that anything is better than nothing. I had to go to Bethesda Naval Base today. Only one entrance was open, you had to show ID, another guard had a mirror-onna-stick to look under the cars, another guy was walking around with a shotgun. Looks good, seems secure. Except...
Except a shotgun is only useful within 50 yards at best, the mirror is useless because no one is hanging onto the undercarriage of a car (and you put explosives on the floorboards and in the trunk, not under the car), and although they demanded an ID from me as a passenger, they didn't actually look at it carefully, much less check it with NCIC.
So how much freedom are you (or realistically, is your mother or neighbour) willing to give up?
woof.
Re:People will hand it over - crypto's already out (Score:4, Insightful)
The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.
We're talking about outlawing every copy of products like Windows 2000 and Lotus Notes, every router that implements VPN, and so on. The impact on US business would be horrendous. And the big money finance folks would just ignore the order.
Traditionally, the crypto issue has been framed as a rights issue with the cypherpunks against the feds. This neglects the significant commercial impact.
Well... (Score:5, Insightful)
Especially those not in the US.
My essay (Score:4, Interesting)
Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this
The Price of Freedom [dyndns.org]
Jeremy
Re:My essay (Score:3, Offtopic)
Re:We've defeated suicide terrorists before (Score:4, Insightful)
Yes... lets kill those damn civillians. That'll teach them never to mess with the United "We are Freedom" States of America. Let's take away their choice to have beliefs, because their beliefs are WRONG! Hell, why don't we just run jumbo jets into their embassies... or would that bear too striking a resemblance to the attack itself?
If you want to kill civillians then you are no better then the terrorists... so does that mean we should kill you too?
I don't think so. (Score:5, Insightful)
Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.
Re:I don't think so. (Score:2, Troll)
Think harder: With carnivore, the government sees all traffic. They see crypto they can't break, they trace it with help from the ISP, they pay someone a not-so-friendly visit.
Please stop convincing yourself it can't work. It can work, and pretending otherwise will only make it more likely.
Re:I don't think so. (Score:3, Insightful)
If someone wants to hide information, they will, period. All this law would do is make our own information - our credit card numbers and personal information - less secure.
Lets face it : if the feds can break it, so can crackers.
Re:I don't think so. (Score:4, Insightful)
The history of cryptography has shown that the seemingly simple goal of transmitting hidden information is actually really, really hard. The suggestion that if the government outlaws the well known digital privacy schemes, people will come up with others just as good, is naive. It's the same reasoning that says that secret encryption algorithms should be more secure than public algorithms. It grossly underestimates the techniques available to detect and break poorly designed systems.
If the author of OutGuess [outguess.org] can detect [outguess.org] most steganography, I would not feel at all secure using your "hide the encrypted message in an executable" trick.
Re:I don't think so. (Score:5, Insightful)
Hi George, how's the family? We're doing great over here, Lisa just gave birth to a baby boy, 6 lbs. We're planning on visiting New York September 12th, and hope we can see before heading home. Will you be in the area? Maybe we can get together for lunch.
Would you know that the sender was REALLY telling the reader to set off a fire bomb(baby boy), approx. 6lbs in weight charge, September 12th at ? Or how about a numbers station?
They quote numbers indicating page and word number in a certain book. m Like fourth word on the third page. The receiver then looks it up and reconstructs the message. This, my friend, is steganography. I honestly don't see how a computer could pick this stuff out.
Re:I don't think so. (Score:5, Insightful)
But encrypted data can be hidden in non-encrypted data, in ways that make it virtually impossible to detect, using steganography. So the criminals could send photos to eachother, or even have a web-cam feed with data steganographically encoded into the frames.
Take a look at OutGuess [outguess.org], for example. You might also find this article [antioffline.com] to be interesting, particularly the part with the photos of the Statue of Liberty.
Re:I don't think so. (Score:4, Insightful)
And you might look at Stegdetect [outguess.org], by the author of OutGuess. He claims to detect many other popular steganography techniques. The feds throw stegdetect onto carnivore, and you can expect using steganography to earn you one of those unpleasant visits.
Steganography is a long, long way from offering the practical security of encryption. Is it really possible to create a system that is undetectable even if the algorithm is public? Nobody's sure yet. Do the bad guys have the means to create their own effective algorithms and keep them secret? Questionable. Can they use a stego system correctly on a wide scale? Unlikely at present, since there is no popular, easy (for non-technical users) software, nor is there the widespread understanding of how to use stego that there is about crypto (these things do matter when it comes to the successful implementation of any security scheme).
The point is, the government can (by imposing on everyone's liberty) effectively stop criminals from communicating privately. Therefore, we need to come up with a better argument than "it won't work", in order to prevent it.
OutGuess 0.2 can't be detected w/Stegdetect... (Score:3, Insightful)
The terrorists seem to have won what they wanted- this country's using this as excuse to reduce our liberties and we're doing other things out of pure fear and demands for false security.
Re:I don't think so. (Score:5, Insightful)
The people who are pretending are the ones that claim it can work. Crypto, as an arms race, is over. Given sufficient computational power on both sides, there is a guaranteed win for the encryptor.
Claiming otherwise is like claiming the second player can force a win in Naughts-and-Crosses (aka Tick-Tack-Toe). It simply isn't true. The effort to hide information grows O(log2(N)) for parameters N for which the effort to find the information can not be bounded by a polynomial. In English: as the game gets more complex, it gets harder to encrypt at a much slower rate than it gets harder to decrypt.
At some point (say, now) encryption has such a lead that it isn't even possible to say what contains encrypted data and what doesn't. Even the fact of encryption becomes hidden. From that point on, the decryptor is left with social tools (infiltration, hoping the bad guy slips up, etc.). Technology (and legislation about technology) can't help.
-- MarkusQ
Sorry, it doesn't work that way (Score:5, Insightful)
Re:I don't think so. (Score:5, Insightful)
A small band of essentially unarmed men captured 4 airplanes by playing to passengers & pilots fears. They then drove these planes into tall buildings, killing several thousand. Their total cost was rudimentary flight training, plane tickets (did they buy in advance?), and room & board while planning. They brought no advanced weapons, hacked no computer systems. Once again, it has been shown that the unaided human mind is the most dangerous weapon in the known universe.
There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks. Just victims' fear and the terrorists' willingness to die. These are social problems, and all the techno-fear 'solutions' that have been bandered about over the last few days both here and in the mainstream media, are completely ineffective to affect these social problems.
How does changing our crypto laws fix that?? Take as an example bin Laden, which the investigation is leaning towards. Where is the ambiguity there? In 1996 he issued a fatwah declaring war on the United States. How could we assume that that was nothing; that something like this wouldn't eventually happen? There are so many ways to infiltrate these groups, there are existing ways to harass their activities both within the US and without. How does attacking the civil liberties of US citizens to use technology freely aid the capture of a group whose men can perform such audacities without the aid of technology??
Re:I don't think so. (Score:5, Insightful)
How do you coordinate those efforts without communication technology? The government frustrated similar terrorist efforts on more than one occasion (including New Year's Eve) by being able to intercept and decrypt their communications. So, yes, if you forget that the point of encryption is being able to communicate, then you might have some kind of point. But communication is needed. How do you say, you get on this flight, watch out for this, the president is likely going to be here, oh wait, this flight was delayed or canceled, reschedule this thing a week later, wait, they seem to suspect us, call everything off until two months from now. How do people in remote locations give each other the kind of encouragement and coordination necessary to hijack four planes at once for suicide missions, if there isn't communications technology? The media has reported that steganography has become a central part of Bin Laden's "terrorist training camps." Authorities believe that terrorists have been using images on porn and other sites to hide encrypted messages. A better question to ask is:
Does curbing encryption work in spite of the steganographic techniques they have been using? But the technology issue can't just be tossed aside. It is key to the actions of modern terrorists.
Re:I don't think so. (Score:4, Interesting)
The Price of Liberty is Eternal Vigilance.... (Score:5, Insightful)
For another perspective on eternal vigilance, David Brin's [kithrup.com] book The Transparent Society [amazon.com] talks about the issues of ubiquitous cheap video cameras combined with cheap communications and computing. The recent face-recognition uses at Florida sports stadiums and the cheap X10 cameras with the annoying pop-up web ads are only the beginning.
It's too late (Score:2, Insightful)
This will do little good. (Score:5, Insightful)
The cat is already out of the bag (Score:3, Redundant)
The genie is out of the bottle
Humpty Dumpty is already broken
Etc.
What would this accomplish?
Clock It! 2001-1984=17 Years Late (Score:5, Interesting)
Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.
We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".
backdoor v2.0 (Score:5, Funny)
sheesh.
legislators.
Huh (Score:5, Insightful)
Heavy crypto user? (Score:5, Interesting)
Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.
His sympathizers, on the other hand...
Re:Heavy crypto user? (Score:4, Insightful)
Yes, Dorothy, there are computers in the third world.
Re:Heavy crypto user? (Score:5, Informative)
BTW, did anyone else see the interview? I'd like to get this guy's name. It was on Newsworld about 3pm AST, I think.
Re:Heavy crypto user? (Score:4, Interesting)
Appear to be less of a threat than you are, and you get left alone, and can choose your battles. Appear to be gaining in power, knowledge and skill, and someone will have a go at taking you out for their own good.
I'm not saying that that's the case here; just that that's what I'd do (and I'm no crimincal mastermind
Cheers,
Tim
How far down the slippery slope will we go? (Score:5, Insightful)
And when your behaviors are available freely for government inspection, it's much easier for them to supress behaviors they do not approve of (cause they know when it happens, unlike now when it can be hidden behind closed doors). You know, meetings about how to reform government.
Of course the government will tell you that they'll use these backdoors only when they need to, national security type things. That's what the Dean at my old high school said, and then we caught him watching the monitors repeatedly for the fun of it.
Oh yeah, not that the government has to actually be watching for you to be good now. Think how different your ations would be if you thought that the government might be watching at all times. This is pure, hardcore social control. It's like a gaurd tower in a jail. If there are clear windows, you can always tell when you are watched and when you are not. If the windows are dark, then you never know if you are being watched, so you act as if you are always being watched.
They might as well run a wire into our head.
F-bacher
Re:How far down the slippery slope will we go? (Score:5, Insightful)
Go to wal-mart. go to that counter in the back with all the funny-looking thin things sticking up. there's a cash register back there and a cabinet, against a wall, that has these wood and metal things in it that you've probably seen. They're guns. Now that you're back at this weird counter in wal-mart, buy a gun (if you're 21 and otherwise legal to buy one). You'll want a 12 gauge shotgun, and a box or two of #4 rounds, 2 3/4 inch (standard) size.
Now, take it out to the country. Load it. fire it. nobody will notice right now. get used to firing it. shotguns kick hard, but they kill fast and you don't have to aim very well with them.
Why did you do this?
See, when you can own guns, you have power over the government. They even wrote it into the law of the land, the Constitution, to ensure that the american people could have guns for cases just like this one that this thread describes. And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights, like James Madison and Thomas Jefferson knew we would have to.
You're probably sitting there thinking, "what a crackpot." Hey, it's your freedom, I plan to keep mine.
Re:How far down the slippery slope will we go? (Score:3, Insightful)
I never quite understood this argument. Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?
Re:How far down the slippery slope will we go? (Score:3, Interesting)
The F16 and the nuke are weapons of mass destruction. For the government to PACIFY the people, they will have to OCCUPY our cities -- not destroy them. And an occupying force is terribly vulnerable to resistance.
In the worst case scenario of a US revolution, the army will be rolling in with tanks and ranks of guys with rifles... and that's the kind of enemy that Joe Average with a Gun can in fact take on.
Look at Chechnya. The Russians had to shell Grozny into a smoking pile of rubble because the Red Army could not deal with rebels with rifles. If it was Moscow that was to be pacified, they probably wouldn't have gone to such extreme measures; the Russians HATE the Chechens.
I do not believe the American armed forces would pull a Grozny on an American city. Remember, the soldiers are our countrymen, and if average people were pissed off enough to take part in a revolution, that's going to include military folks too. They aren't the enemy... they are US.
If some faction within the gov't started NUKING our own cities, I believe that the vast majority of our people, military and civilian, would unite to take the bastards out. And we'd do it too, with our Glocks and hunting rifles and fighting spirit.
Anyway, it comes down to this: if the military tries to suppress or pacify an American revolution, they are vulnerable and I believe ultimately they will lose. If they try to utterly destroy us with nukes... well, ok, my shotgun won't help. But that isn't a revolution we're talking about there... it's genocide. I doubt things would ever come to that. We probably won't be nuking anybody as a result of the WTC attack, and that was a provocation worse than Pearl Harbor... so talk of nuking ourselves is pretty far out there.
Re:How far down the slippery slope will we go? (Score:3, Interesting)
Now regarding the other idea...so you put this jail cell in with a couple marshalls. What do you do when terrorists in the back of the plane start slitting the throats of women, children, or babies? You have to leave your cushy little cage to get to them, whoops sorry that's what they wanted. Do you really think the marshalls would be able to resist the temptation to leave the cage as one-by-one the passangers are all slaughtered? Do you think any of them would still have a job after the public got wind of it? It doesn't matter if they were preventing a crash, the public will still say they should have done something. It's a lose-lose situtation.
No, marshalls should be unfettered and undercover. That way, the terrorists need to have a lot more people on the plane to take it over. A trained gunner can easily take out two or three individuals before they have an opportunity to react.
I think personally what we need to develop is an emergency lockout. A panic button that when pressed will lock the plane on autopilot programmed to land at the nearest airport. If that's not technically possible, it should circle the nearest body of water or uninhabited area (using GPS). The only way to override this lockout would be with a code from ground control. This system would be that difficult to implement. It wouldn't be foolproof, but it wouldn't be something two or three men armed with forks would be able to disarm. Worst case scenario is that the plane runs out of fuel and makes a crash landing in the middle of a field. Hopefully with no fuel, people would survive that. As tech improves, it should be possible to land flawlessly.
But anyway, regardless of what changes are made...I don't think they will be necessary. The reason this happened is because no one conceived of the possibility. Everyone did what the law enforcement agencies have always said: be cooperative and don't fight back. But look what happened in PA. People will fight back now. No one is going to let themselves become a flying bomb.
God help any Arabic person who forgets to put down his pencil/fork/toothbrush before standing up in the aisle. He's likely to be tackled and beaten by a panicing mob of passengers.
- JoeShmoe
They can't (Score:2, Insightful)
They can, rather easily- make crypto criminal. (Score:5, Informative)
IMHO, this is just one more step towards a police state.
How would that help? (Score:5, Interesting)
Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.
Baron Harkonen and the Heart-plugs (Score:5, Funny)
all citizens will be equiped with remote-controlled
heart-plugs. This will make us all safe, because
only the loving Baron will have the transmitter,
and he will only use it to protect us.
Forget Crypto, how about KNIVES? (Score:5, Funny)
And I understand that plans to make knives are available on the internet? It used to be, only a skilled craftsman could make one, now any punk in his mom's basement can craft a steel blade capable of hijacking an airplane and crashing it into a building!
Re:Forget Crypto, how about KNIVES? (Score:5, Funny)
They had better legislate tender steak too, because we'll all be eating with plastic spoons next.
Re:Forget Crypto, how about KNIVES? (Score:5, Funny)
I am trying to gain support to put together an organization I plan to call "Boxcutter Control, INC."
The role of the unregulated boxcutter supply has been downplayed for far to long. Perhaps the one good thing to come out of this tragedy will be that we will reach the long over due conclusion that there just isn't a place for private boxcutter ownership in our society.
I am also concerned about the baseball bat situation. Are you aware that in many areas a CHILD can purchase a THREE POUND baseball bat? There is NO purpose for such a heavy bat except for hitting things VERY hard. Now, I wouldn't interfere with people using a bat for sporting purposes, but they should be carefully regulated as well.
Sure, this might be inconvenient, but if just ONE CHILD is saved, won't it be worth it?
-Peter
Best reply (Score:5, Insightful)
I think the best reply one can give to the politicians who want to impose this is:
"And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"
Re:Best reply (Score:5, Interesting)
I don't.
The objective here isn't to stop the guy. They could've if they'd wanted to. About a week before the attack the U.S. Postal Service stopped delivering air mail to the region. They knew something we didn't, and opted not to stop it. And I think I know why.
We hear a lot about terrorism against the U.S.. We don't usually hear the other side's complaints. Obviously they don't think of it as terrorism, they think of it as some sort of a protest. I wonder what they're protesting, and why. If our government did something unjust to them, I wouldn't trust our media to tell us about it. But as a tiny little group of malcontents going up against the U.S., about their only recourse is an attack like this. Given that the U.S. government knew about it beforehand, they didn't bargain to prevent it for one of two reasons. Either the price was considered too high, or the U.S. government thought that an attack like this would end up working in their favor. They've been looking for an excuse to nullify cryptography for years now. Anybody remember the Clipper chip? The legislation keeps being defeated, because people are siding with the need for privacy. Now they've been able to demonstrate a supposed need for the U.S. government to know everything that's being said anywhere in the country. Perhaps they think it will sway the common consensus in favor of their legislation.
Galling, isn't it. More impressive (from a logistical standpoint) than crippling a nation with a store-bought knife and their own planes, is the prospect of prying your way into a nation's cryptography with someone else's store-bought knife, someone else's plane, and a bunch of lives you don't care about because you think of them as "your citizens", in the same usage as "your house" and "your car". Oh, and a temporary economic setback which you mitigate by printing more baseless currency. Clever.
don't forget Rivest's "Winnowing and Chaffing" (Score:5, Interesting)
Re:don't forget Rivest's "Winnowing and Chaffing" (Score:4, Insightful)
Massively informative. But the intent to maintain privacy is still there, and let's not kid ourselves, that's what they really want to eliminate. It'll be just as illegal as any crypto to use this. They may as well just make it mandatory to put the NSA on the cc: line.
No Crypto, Fine.... enforce your damn laws! (Score:3, Insightful)
Why bother to make more laws? I'm sure there is a large stack of computer related laws, but nearly none are enforced, except when they want to slam somebody who is doing something thats perfictly fine in our books, but that they just don't like.
I say we need to rally on this one, Crypto is good. It protects the common man from imtimindation, It protects companies private information, it aids in the protection of networks, that would otherwise be at risk of being hacked, by open logins, passwords, and secrets that cross the internet all the time.
If you want to detur use of encryption, just outlaw it, and only the unlawful will use it, the lawful are the ONLY people hurt by such ideas and possible laws.
Be reasonable, and Just. This is no time to be bickering anyway, nor is it time to take actions anywhere close to what the FAA has done.
If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them. It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns. Again, what the FAA has done, only hurts the lawful people.
IPSec & SSL Rocks!
Re:Specious argument (Score:3, Insightful)
I live in Seattle, where anyone can carry a gun as long as they have these 2 things:
1. $60
2. Nothing bad on their record
Is Seattle famous for its high violent crime rate?
MOST US states have similar "shall-issue" weapon permits... if there was a correlation between such laws and increases in crime, wouldn't someone have pointed it out by now? The states and Feds collect a lot of crime data. Surely it would be obvious by now. There are enough people with an anti-gun agenda, wouldn't Brady or someone like that have presented the irrefutable proof that gun permits cause carnage?
It's strange, I wouldn't trust the average guy on the street to fix my hamburger right. But I'll be damned if they don't manage to carry a gun responsibly most of the time when they are given the right to do so. Pretty weird.
You might want to read this summary [beast-enterprises.com] of Gary Kleck's study on defensive gun use.
This [kc3.com] page has a summary of crime stats that relate to CCWs. Quick factoid: Florida's homicide rate has declined 21% since adopting a permissive CCW law in 1987. This is not an unusual kind of result.
I realize that figure does not PROVE that concealed weapons reduce crime. But it does seem to indicate that a CCW law doesn't turn a state into a bloodbath.
Give your fellow American a little more credit. Surprisingly, they seem to deserve it.
I can see it now... (Score:2, Funny)
So what open source app should I get while I can? (Score:2)
I haven't really followed the state of crypto freeware in years. Last package I used was PGP, which now seems to be commercial (www.pgp.com).
Time to get familiar with the free stuff again, I think. What's good and reputable? I have no idea where to start.
(Looking for Mac/Win desktop stuff, but wouldn't mind looking at Unix stuff too.)
Re:So what open source app should I get while I ca (Score:2)
OpenBSD CD set includes full source code. (Score:2)
Shipped from Canada or Europe to avoid those pesky American laws.
And while you're at it, you can pick up the 'OpenBSD Globe' T-shirt with the very relevant slogan 'Make Crypto Not Munitions', and a timely quote from Ben Franklin.
OpenBSD will run on pretty much all of the same hardware that will run Mac/Win, and then some.
Only use encryption you have compiled yourself... (Score:2)
The mildly paranoid will also only use compilers they have compiled themselves, and only use implementations that have undergone a line-by-line code review by a trusted person in their organization.
The truly paranoid will only run this crypto on isolated systems using chips that they have personally inspected the original die and have an established 'chain of custody' from original pressing to installation in this isolated workstation.
Osama Bin Laden will just have a few dozen of his faithful followers memorize 'one time pads', and a few hundred who can do 8-round Rijndael in their heads, and laugh at the silly Americans giving up essential liberties for a little temporary safety.
Will they turn off the internet? (Score:2)
There's no way a foreign company is going to put up with the US government being able to read their stuff like it was a plain text postcard. "Why no, Airbus, we didn't pass on the amount of your bid to the people at Boeing who donate millions to our campaign funds. You can trust us. Really."
Do they expect OBL to stop using whatever crypto he uses now and to change to the new improved with a backdoor built in version?
Bin Laden used to use cell phones and satellites, now he uses the internet the way it was originally designed to be used, as a military communications tool. If they can find his messages but not read them, will they shut down the internet to block his messages? What happens when AOL starts screaming about being put out of business? Or do they have a plan for a different type of internet, one where they provide and charge for the content, just like cable television, and all the user stuff sent back upstream goes through the NSA computers before the government allows it to get where it's supposed to go?
This was inevitable, but it's still sad... (Score:5, Informative)
This is base grandstanding by a politician in the wake of tragedy. Saying that it needs international cooperation is tantamount to admitting that it can't be done and setting up to blame the rest of the world when it fails.
The constitution was written by a group of people that had visceral knowledge of what it means to need a revolution, in the bloodiest sense of that word. Our modern laws would be a lot better if they were informed by that same knowledge.
Climbing the bodies of innocents as a soapbox. (Score:4, Insightful)
After every mass murder with the least connection to firearms, some politician proposes extreme restrictions on civilian ownership, without regard for whether it would have prevented the particular incident in question. One of the first bills proposed after the OKC bombing was new gun control laws.
After every crime where the offender ever even saw a computer, let alone had an AOL account, some congressman will propose new 'Internet Crime' laws restricting freedom online.
The only saving grace is these rash proposals seldom become law.
gladly giving away our civil liberties? (Score:5, Insightful)
lack of jurisdiction (Score:3)
The USA (I'm a citizen) can pass any encryption law it likes, but it has no jurisdiction outside the USA. Other countries (like Australia, where I live) will likely pass similar laws to kiss ass with the USA, but what good is that? Terrorists DON'T CARE! For Fucks sake, they hijack planes and kill thousands, do you really think they'll care if the US passes a law requireing back doors in encryption software? PGP is ALREADY nearly unbreakable (in any reasonable time frame, anyway). Do you REALLY THINK that they'll use the new software because its required by some shit country that is on the other side of the world? NO. America is deluding itself and giving itself a false sense of security if it thinks that passing a law will stop terrorism, or even give its own government insight into terrorist activity.
The problem is the problem, and the problem is not that they encrypted their data. Requiring ack doors is treating a possible symptom, and not the problem.
I don't know what the problem is but it ain't encrypted data.
-abused angry citizen
Mandatory backdoors -- french tried, gave up. (Score:5, Interesting)
For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.
End Result?
The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.
There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.
French tried - it backfired (Score:5, Informative)
Phillip.
Comment removed (Score:3, Insightful)
On this very subject (link) (Score:5, Insightful)
The main source of our strength is our freedom and open society. The United States already has the most powerful military in the world. We don't need the symbolic jaw, jaw, jaw of more laws, but the will to use our existing war power.
Paul Weyrich, head of the Free Congress Foundation, aptly wrote: "The truth is that if we further emasculate our Constitution the terrorists will have achieved the greatest victory imaginable. Their triumph won't just be the thousands of people they killed, the triumph will be if they see our democratic institutions crumble. If President Bush can navigate a responsible course where we make an appropriate response to those who have perpetrated these unspeakable crimes while at the same time protecting our essential freedoms in the process he will end up being the greatest President of the modern age."
Another essay from yesterday, "Freedom First [nationalreview.com]", is also a worthy read.
Do this and the terrorists win (Score:5, Insightful)
In the U.S. it's more and more like a favor the state gives to some people, some of the time, depending on how benevolent somebody feels that day. So bow to the demands of the spooks, make backdoors mandatory, give people long jail terms for circumventing them, and the terrorists win. They win bigger than they ever imagined by making life worse for ordinary U.S. citizens.
In the name of pride we have to win this without cheating. Cheating means using the same tactics as the bad guy. No murdering civilians. No spying on our own people. No cameras in the bedrooms.
Make cryptography a crime and only criminals will have cryptography.
Sheep (Score:3)
We want our old complacency back and we'll legislate to get it. Complacency more than anything else bred this disaster and if our paranoia level is elevated to an heretofore unknown high, well, we're just getting a taste of what much of the world lives with every single day. I've been waiting years for something to shatter that complacency. Most people think how horrible this disaster was. I think how much more horrible it could have been, had the terrorists also had access to nuclear, chemical or biological agents.
New Hampshire State Motto (Score:3, Funny)
In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.
Interesting coming from a senator whose state motto is "Live free or die". Apparently he's following the "Give up freedom because of fear of death" version.
Typical Kneejerk Response (Score:3, Insightful)
Typical response in political issues, and part of the reason politics is so devisive.
Battle *between* privacy and safety? Good god, are you saying we have to pick a side? "I'm for privacy!" "I'm for safety!"
Stop devoting your time to "winning battles." Start devoting your time to finding solutions "both" "sides" can be happy with.
One, it's the only way everyone will be happy.
Two, it'll come up with a better solution overall than either side will come up with individually.
Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose. This isn't something like the DMCA, where it's liberty vs. record companies. This is liberty vs. public safety, and for many people, in many instances, public safety will be more important.
Strengthen encryption, for reliable authentication (Score:3, Insightful)
Terrorist organizations seem to thrive through anonymity and finding ways to circumvent traditional means of identity and authentication.
As others have said, the encryption cat is out of the bag; it's never going back. Even if they tried to back-door the "legal" tools, a message doesn't have to be encrypted to hide it's true meaning/contents. They can just as easily be hidden in plain sight/text.
...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers. All digital images must be taken on approved photographic equipment; tampering with image watermarks is a Federal offense. You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record. Hmmm... This is starting to sound a little like the language police over in Quebec...
We need better ways to ensure the authenticity of people's identity, not easier ways to watch who we think we might be watching but aren't sure because we're too lazy to authenticate the source and destination through other means.
While it's nice to be able to travel in anonymity, places with security concerns can't afford the risk any more. I'm NOT advocating tracking everyone's movement and action without legal warrant. Attempt to control access, not content. If you are who you say you are, there shouldn't be any reason to interfere with your travel plans.
Ultimately, it's a tough call. But from my own travels I know I get a little concerned when security DOESN'T ask me any questions. On my last trip they did ask about my multitool in with my laptop; it was allowed then, but after these events I don't think I'll be packing it any more. I value my safety more than my privacy in these situations...
Last thing we want is Gattaca though... An extreme in controlling access...
We MUST lobby against this (Score:5, Informative)
Alright, now to the non-reduntant part of my post. On Tuesday, Tom Clancy was on CNN in the afternoon. CNN had Tom, because Tom wrote a book about terrorists chrashing a plane into the Capitol building, and killing both houses of Congress, and the President. Well, Tom said that the real problem we had in not seeing this coming is that the CIA employs some 20,000 people, and only about 800 of them are spooks. The only way to fight terrorism effectively is with a large, well-trained intelligence corps. We need at least twice, if not three or four as many spooks out in the field, infiltraiting these terrorist groups, so that we are aware of these plans before they something like Tuesdays events happen.
Cryptography isn't our problem, an incredibly small spy system is.
foxxtrot
Humm, I have an Idea. (Score:3, Funny)
Decrypt all congresses personal email, post those neat little secrets, post thier love letters, bank accounts.
I bet they pass a law banning backdoor crypto and encrease personal privacy laws.
-
Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear. - Harry S Truman (1884 - 1972), August 8, 1950
guns != crypto (Score:3, Insightful)
See, I knew someone would say "strong crypto=guns", everybody should have the right to use strong crypto, and everybody should have the right to use guns.
Let me point out what I think is the fundamental difference between these two arguments: crypto, used in anger or accidentally, is not dangerous.
The saying "guns don't kill people, people kill people" is completely true. But guns make it really easy for people to kill. If a kid accidentally uses strong crypto, nobody dies. If a kid accidentally uses a gun, someone will probably be hurt or killed.
Another popular saying is "if guns are outlawed only outlaws will have guns". That's kinda the point. If a police officer sees someone with a gun, he doesn't have to wonder if it is legal or not. Anybody trading in guns is breaking the law, there is no grey area like there is with gun shows, etc. It also means that petty criminals will not easily obtain guns. While it's true that "if strong crypto is outlawed only outlaws will have strong crypto", this doesn't really help law enforcement. If somehow they manage to intercept communication and realize it's encrypted, that'll be as much as they can do. Any outlaw with any skill will pick a good crypto system and make it strong enough to defeat law enforcement. Crypto is easy to use, hide and copy, unlike guns. Anybody with anything to hide would be able to obtain complete privacy, but the average citizen would have none. That's just dumb.
Never mind whether or not making guns illegal is a good or bad thing. That's a different battle. But guns are not the same as crypto tools.
The illicid traffic daemon (Score:3, Interesting)
Raw data and meaningful statistics should be readily availible. And WE ALL HAVE TO RUN IT ON OUR MACHINES. WE have too or the FBI will hang our rights out to dry.
Internet Revolutionarys - White Hat
Crackers - Black Hat
Enablers through apathy to crackers. Squashed like grape. - Gray Hat.
Think about it, IF WE HAND THEM ALL NON-INVASIVE data they have a much harder case to make when tring to justify collection of INVASIVE DATA and we (freedom lovers) have a much better case to make.
Think about the consequences if noone ever reported gunshots outside their house ever again. That is what is happening right now, and that is why the Government is heading down the path of misery and death at our expense.
I do not know of such a program (or where to get my unencumbered data) If such a project currently exists please me/us to it so I can install it RIGHT NOW!
Digital Envelopes (Score:3, Insightful)
Encryption is the digital equivalent of an envelope. We don't think twice about putting personal letters in an envelope. "Hmmm... You must have something to hide. From now on all your letters have to be on postcards."
Perhaps the best use of encryption is for digital signatures. If governments have the backdoor to them, how can we trust who the message is from, even if it's sent without being encrypted.
As has been posted numerous times, encryption is already available and in source code as well. The bad guys aren't going to stop using it, if they really are.
The rest of this comment is a long rant. Read it at your own peril.
Our politicians are playing right into the hands of the terrorists. It is our freedoms that gives us our strengths. The freedom to assemble, the freedom to speak, the freedom to worship, the freedom to bear arms, and the freedom from unreasonable search and seizure. Our liberties have eroded over the decades. All in the name of security, most especially, our war on drugs. We cannot let our politicians take away from us what the terrorists have failed to do. Our liberties.
America isn't perfect. It has it's warts, but it's a damn sight better than any other country. Yes, we are hated around the world, but why then does everyone wants to come here.
We must take action not pass laws. We must prepare for a long and bitter struggle against those who would destroy America. We have the resources to do it. Americans have always risen to the occasion when in peril.
Shutting the barn door after the horses have escaped is a common strategy of politicians. Yes, we won't be able to conduct our daily lives the same as it was before, but we shouldn't rush to ad insult to injury. I think their should be a sixty day cooling off period before politicians consider passing a law in response to a terrible event.
Defending Freedom by reducing it... (Score:4, Insightful)
Carnivore was in at ISPs on Wednesday and will be into Tier 1's by now. Remeber to intercept 'net traffic you have to look at ALL the packets. To trap "encrypted" data whatever that may be you have to read 'em. Imagine the power to open ALL snail mail and read it to check if it's suspicious...
There's a distinct danger that this kind of monitoring will be installed, relatively unchecked, with Civil Rights groups unable to mount a credible defence due to the devastating nature of the terrorist attacks. This will happen not just in the US but easily in the UK, France and Australia who have similar laws or technology in place.
And once it's in, you can bet it won't come out again. Think 5 years down the line...
Remember CipherSaber (Score:4, Interesting)
Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber [gurus.com] home page.
So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom.
information flow (Score:3, Funny)
Using electronic surveillance to track the flow of electronic communications between a web of people would be almost as informative as knowing what they said: locations of servers used, telephone numbers dialed from, sender and reciever, length of message, frequency of messages, this could all be pretty good stuff.
This was raised in Stephenson's Cryptonomicon.
And if "bad guys" are using electronic communications, why not just shut them down? Cell phones stop working, email gets "lost", servers get hacked, ISPs get bombed (how hard would it be to sever small mountainous country "A"'s electronic access to the outside world?)
Unless you have the resources to run your own cable, you are really at the mercy of other corporations, who can be bullied, and can't hide in a cave in the hills.
I know this may sound unpopular here but... (Score:3, Insightful)
If the U.S. Government gets it's way, we need to place the highest restrictions on what the government may do with the data, and when it may sift through that data. That allows the government to decrypt and get at data in extraordinary circumstances such as the destruction of the World Trade Center and killing of thousands of lives. But we should then come down on law enforcement like a ton of bricks if someone goes through the data for non-extra ordinary circumstances, or violates personal privacy.
I personally have no problems with being anonymous because the amount of data to track my computer usage is too large to make sifting through very easy. That is, I don't mind anonymonity through obscurity. But in extraordinary cases like this (and *ONLY* in extraordinary circumstances like this) should the government be permitted to sift through all the quadrillions of bytes of transmitted data to look for one or two e-mail messages and decrypt them.
The law is a threat to U.S. (economic) security. (Score:3, Insightful)
Excuse me for pointing out the obvious. I haven't come across a post that spells it out. (And we should try to spell things out to the non-digerati.)
If there is a law requiring a backdoor to all encryption technology, that will include corporate email and tools like ssh.
As we all know, there is no such thing as a secure weakness. At some point, these backdoors will be hacked out, and that will be a goldmine for corporate espionage and penetration.
The FBI's zeal in making the public "safe" from external threats will be exchanged for foreign corporations ability to outcompete U.S. based corporations. Not to mention give an advantage to the Chinese.
Re:frp (Score:3, Insightful)
-dcviper
ACLU [aclu.org]
Re:I think I speak for slashdot when I say... (Score:2)
The reason? Our founding fathers had no idea how large cities and communities and government would get. How oculd they forsee the future conflicts of privacy vs safety?
I generally lean toward protected privacy, but it almost seems like it has to be dealt with on a case-by-case basis.
Of course, who's the one who's doing the deciding?
F-bacher
Re:I think I speak for slashdot when I say... (Score:2)
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
Re:Independant Crypto Software (Score:3, Informative)
umm, "stenography" is "The art or process of writing in shorthand." according to dictionary.com [dictionary.com].
I think what you meant was "steganography", which is "The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography.".