Congress Considers Mandatory Crypto Backdoors 1105
disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.
People will hand it over (Score:4, Insightful)
And if you fight against it you will probably lose... unfortunately. Maybe in a year. Or two. But the mood of the American people is quite frightening- cold rage.
Besides- who says the government CAN"T break them already? It probably just takes a bit more effort...
Well... (Score:5, Insightful)
Especially those not in the US.
I think I speak for slashdot when I say (Score:5, Insightful)
Re:Mixed feelings (Score:5, Insightful)
I don't think so. (Score:5, Insightful)
Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.
It's too late (Score:2, Insightful)
This will do little good. (Score:5, Insightful)
WTF (Score:1, Insightful)
Independant Crypto Software (Score:1, Insightful)
Huh (Score:5, Insightful)
Re:Mixed feelings (Score:3, Insightful)
How far down the slippery slope will we go? (Score:5, Insightful)
And when your behaviors are available freely for government inspection, it's much easier for them to supress behaviors they do not approve of (cause they know when it happens, unlike now when it can be hidden behind closed doors). You know, meetings about how to reform government.
Of course the government will tell you that they'll use these backdoors only when they need to, national security type things. That's what the Dean at my old high school said, and then we caught him watching the monitors repeatedly for the fun of it.
Oh yeah, not that the government has to actually be watching for you to be good now. Think how different your ations would be if you thought that the government might be watching at all times. This is pure, hardcore social control. It's like a gaurd tower in a jail. If there are clear windows, you can always tell when you are watched and when you are not. If the windows are dark, then you never know if you are being watched, so you act as if you are always being watched.
They might as well run a wire into our head.
F-bacher
They can't (Score:2, Insightful)
Re:frp (Score:3, Insightful)
-dcviper
ACLU [aclu.org]
Best reply (Score:5, Insightful)
I think the best reply one can give to the politicians who want to impose this is:
"And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"
Re:People will hand it over (Score:5, Insightful)
The fact that they're passing legislation to add mandatory backdoors is a pretty big clue that they probably can't break some crypto already. A known backdoor significantly decreases confidence in a crypto-system and will cause the bad guys to be more vague and/or use the uncrackable but less convenient "one time pad".
No Crypto, Fine.... enforce your damn laws! (Score:3, Insightful)
Why bother to make more laws? I'm sure there is a large stack of computer related laws, but nearly none are enforced, except when they want to slam somebody who is doing something thats perfictly fine in our books, but that they just don't like.
I say we need to rally on this one, Crypto is good. It protects the common man from imtimindation, It protects companies private information, it aids in the protection of networks, that would otherwise be at risk of being hacked, by open logins, passwords, and secrets that cross the internet all the time.
If you want to detur use of encryption, just outlaw it, and only the unlawful will use it, the lawful are the ONLY people hurt by such ideas and possible laws.
Be reasonable, and Just. This is no time to be bickering anyway, nor is it time to take actions anywhere close to what the FAA has done.
If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them. It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns. Again, what the FAA has done, only hurts the lawful people.
IPSec & SSL Rocks!
Re:Heavy crypto user? (Score:4, Insightful)
Yes, Dorothy, there are computers in the third world.
gladly giving away our civil liberties? (Score:5, Insightful)
Re:I don't think so. (Score:3, Insightful)
If someone wants to hide information, they will, period. All this law would do is make our own information - our credit card numbers and personal information - less secure.
Lets face it : if the feds can break it, so can crackers.
Re:don't forget Rivest's "Winnowing and Chaffing" (Score:4, Insightful)
Massively informative. But the intent to maintain privacy is still there, and let's not kid ourselves, that's what they really want to eliminate. It'll be just as illegal as any crypto to use this. They may as well just make it mandatory to put the NSA on the cc: line.
Re:Mixed feelings (Score:2, Insightful)
If this does happen, it will only harm american citizen's privacy...
Re:Mixed feelings (Score:5, Insightful)
On top of that, they already have the tools, and putting mandatory backdoors on future products is not going to affect existing software. What would they do to them for using unauthorized software? arrest them?
If this even gets close to being implemented, we need some sort of pledge from the intelligence community, backed by strict legislation, that any such system can ONLY be used or the purpose of national security and anti-terrorism, and any use beyond that would be strictly prohibited, and any other information obtained shouldn't leave the place it was intercepted from.
Just my 2 cents, right now I do not feel any of us really is in any position to make a real judgement about this. Keep that in mind when forming some opinion that you would be unwilling to comprimise, as a few of us here often do.
Climbing the bodies of innocents as a soapbox. (Score:4, Insightful)
After every mass murder with the least connection to firearms, some politician proposes extreme restrictions on civilian ownership, without regard for whether it would have prevented the particular incident in question. One of the first bills proposed after the OKC bombing was new gun control laws.
After every crime where the offender ever even saw a computer, let alone had an AOL account, some congressman will propose new 'Internet Crime' laws restricting freedom online.
The only saving grace is these rash proposals seldom become law.
Re:How far down the slippery slope will we go? (Score:5, Insightful)
Go to wal-mart. go to that counter in the back with all the funny-looking thin things sticking up. there's a cash register back there and a cabinet, against a wall, that has these wood and metal things in it that you've probably seen. They're guns. Now that you're back at this weird counter in wal-mart, buy a gun (if you're 21 and otherwise legal to buy one). You'll want a 12 gauge shotgun, and a box or two of #4 rounds, 2 3/4 inch (standard) size.
Now, take it out to the country. Load it. fire it. nobody will notice right now. get used to firing it. shotguns kick hard, but they kill fast and you don't have to aim very well with them.
Why did you do this?
See, when you can own guns, you have power over the government. They even wrote it into the law of the land, the Constitution, to ensure that the american people could have guns for cases just like this one that this thread describes. And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights, like James Madison and Thomas Jefferson knew we would have to.
You're probably sitting there thinking, "what a crackpot." Hey, it's your freedom, I plan to keep mine.
Re:I don't think so. (Score:5, Insightful)
But encrypted data can be hidden in non-encrypted data, in ways that make it virtually impossible to detect, using steganography. So the criminals could send photos to eachother, or even have a web-cam feed with data steganographically encoded into the frames.
Take a look at OutGuess [outguess.org], for example. You might also find this article [antioffline.com] to be interesting, particularly the part with the photos of the Statue of Liberty.
Re:The Battle (Score:1, Insightful)
Re:Mixed feelings (Score:5, Insightful)
"Of course it's about terrorism and defending liberty and democracy", you say. "It's fucking heartless to think this is some plot to handcuff us. Come on, thousands of innocent people DIED in the WTC, we've got to DO something, QUICK!"
Right now, I'm not worried about terrorism at all.
"This year will go down in history. For the first time, a civilized nation has full gun registration. Our streets will be safer, our police more efficient, and the world will follow our lead into the future."
Adolf Hitler, 1935
You see, even IF there was complete security, this isn't a good thing, as long as the govermnent isn't really democratic (look it up, there IS no democracy on planet earth... it's representative democracies, which is an oxymoron). Because your safety always depends on the govermnent not to screw you over.
So I'm asking you, do you feel lucky?
Americans and Europeans (me being german, and for me being the answer a "no", and a very resounding one after the things I heard our politicians say in the last 2 days), do you trust your governments completely, blindly, and does that "no time for criticism now, we have to stand together as the civilized nations of the free world, we'll do what we have to do (and we'll tell you what that is when it's already underway)" help to increase that trust?
Re:I don't think so. (Score:5, Insightful)
A small band of essentially unarmed men captured 4 airplanes by playing to passengers & pilots fears. They then drove these planes into tall buildings, killing several thousand. Their total cost was rudimentary flight training, plane tickets (did they buy in advance?), and room & board while planning. They brought no advanced weapons, hacked no computer systems. Once again, it has been shown that the unaided human mind is the most dangerous weapon in the known universe.
There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks. Just victims' fear and the terrorists' willingness to die. These are social problems, and all the techno-fear 'solutions' that have been bandered about over the last few days both here and in the mainstream media, are completely ineffective to affect these social problems.
How does changing our crypto laws fix that?? Take as an example bin Laden, which the investigation is leaning towards. Where is the ambiguity there? In 1996 he issued a fatwah declaring war on the United States. How could we assume that that was nothing; that something like this wouldn't eventually happen? There are so many ways to infiltrate these groups, there are existing ways to harass their activities both within the US and without. How does attacking the civil liberties of US citizens to use technology freely aid the capture of a group whose men can perform such audacities without the aid of technology??
Comment removed (Score:3, Insightful)
On this very subject (link) (Score:5, Insightful)
The main source of our strength is our freedom and open society. The United States already has the most powerful military in the world. We don't need the symbolic jaw, jaw, jaw of more laws, but the will to use our existing war power.
Paul Weyrich, head of the Free Congress Foundation, aptly wrote: "The truth is that if we further emasculate our Constitution the terrorists will have achieved the greatest victory imaginable. Their triumph won't just be the thousands of people they killed, the triumph will be if they see our democratic institutions crumble. If President Bush can navigate a responsible course where we make an appropriate response to those who have perpetrated these unspeakable crimes while at the same time protecting our essential freedoms in the process he will end up being the greatest President of the modern age."
Another essay from yesterday, "Freedom First [nationalreview.com]", is also a worthy read.
Re:Mixed feelings (Score:4, Insightful)
And good luck to the government getting people to dump all their current SSL/SSH software in favor of this new awesome backdoored version. Especially with products like OpenSSH which will remain downloadable from any number of sites for quite a while.
Re:I don't think so. (Score:4, Insightful)
And you might look at Stegdetect [outguess.org], by the author of OutGuess. He claims to detect many other popular steganography techniques. The feds throw stegdetect onto carnivore, and you can expect using steganography to earn you one of those unpleasant visits.
Steganography is a long, long way from offering the practical security of encryption. Is it really possible to create a system that is undetectable even if the algorithm is public? Nobody's sure yet. Do the bad guys have the means to create their own effective algorithms and keep them secret? Questionable. Can they use a stego system correctly on a wide scale? Unlikely at present, since there is no popular, easy (for non-technical users) software, nor is there the widespread understanding of how to use stego that there is about crypto (these things do matter when it comes to the successful implementation of any security scheme).
The point is, the government can (by imposing on everyone's liberty) effectively stop criminals from communicating privately. Therefore, we need to come up with a better argument than "it won't work", in order to prevent it.
Do this and the terrorists win (Score:5, Insightful)
In the U.S. it's more and more like a favor the state gives to some people, some of the time, depending on how benevolent somebody feels that day. So bow to the demands of the spooks, make backdoors mandatory, give people long jail terms for circumventing them, and the terrorists win. They win bigger than they ever imagined by making life worse for ordinary U.S. citizens.
In the name of pride we have to win this without cheating. Cheating means using the same tactics as the bad guy. No murdering civilians. No spying on our own people. No cameras in the bedrooms.
Make cryptography a crime and only criminals will have cryptography.
Re:frp (Score:0, Insightful)
Re:we knew there were going to be trade offs (Score:1, Insightful)
Do we? That seems profoundly non-obvious - and indeed wrong - to me. I would say that a tribesman in the outback feels more secure than someone who's in an American jail, for instance, and the former is utterly free while the latter is not free at all. Security and freedom go hand in hand. The reason we lost some sense of security two days ago was because we already gave up much of our freedom to the Federal Government, who proceeded to get us into this mess.
Re:We've defeated suicide terrorists before (Score:4, Insightful)
Yes... lets kill those damn civillians. That'll teach them never to mess with the United "We are Freedom" States of America. Let's take away their choice to have beliefs, because their beliefs are WRONG! Hell, why don't we just run jumbo jets into their embassies... or would that bear too striking a resemblance to the attack itself?
If you want to kill civillians then you are no better then the terrorists... so does that mean we should kill you too?
Typical Kneejerk Response (Score:3, Insightful)
Typical response in political issues, and part of the reason politics is so devisive.
Battle *between* privacy and safety? Good god, are you saying we have to pick a side? "I'm for privacy!" "I'm for safety!"
Stop devoting your time to "winning battles." Start devoting your time to finding solutions "both" "sides" can be happy with.
One, it's the only way everyone will be happy.
Two, it'll come up with a better solution overall than either side will come up with individually.
Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose. This isn't something like the DMCA, where it's liberty vs. record companies. This is liberty vs. public safety, and for many people, in many instances, public safety will be more important.
Download (open)PGP,GPG,OpenSSL Now (Score:2, Insightful)
I personally would not, I'd rather stand tall and go to jail. I have a right to crypto wether in law or not. Please reply.
Posted with LYNX
Re:I don't think so. (Score:4, Insightful)
The history of cryptography has shown that the seemingly simple goal of transmitting hidden information is actually really, really hard. The suggestion that if the government outlaws the well known digital privacy schemes, people will come up with others just as good, is naive. It's the same reasoning that says that secret encryption algorithms should be more secure than public algorithms. It grossly underestimates the techniques available to detect and break poorly designed systems.
If the author of OutGuess [outguess.org] can detect [outguess.org] most steganography, I would not feel at all secure using your "hide the encrypted message in an executable" trick.
Strengthen encryption, for reliable authentication (Score:3, Insightful)
Terrorist organizations seem to thrive through anonymity and finding ways to circumvent traditional means of identity and authentication.
As others have said, the encryption cat is out of the bag; it's never going back. Even if they tried to back-door the "legal" tools, a message doesn't have to be encrypted to hide it's true meaning/contents. They can just as easily be hidden in plain sight/text.
...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers. All digital images must be taken on approved photographic equipment; tampering with image watermarks is a Federal offense. You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record. Hmmm... This is starting to sound a little like the language police over in Quebec...
We need better ways to ensure the authenticity of people's identity, not easier ways to watch who we think we might be watching but aren't sure because we're too lazy to authenticate the source and destination through other means.
While it's nice to be able to travel in anonymity, places with security concerns can't afford the risk any more. I'm NOT advocating tracking everyone's movement and action without legal warrant. Attempt to control access, not content. If you are who you say you are, there shouldn't be any reason to interfere with your travel plans.
Ultimately, it's a tough call. But from my own travels I know I get a little concerned when security DOESN'T ask me any questions. On my last trip they did ask about my multitool in with my laptop; it was allowed then, but after these events I don't think I'll be packing it any more. I value my safety more than my privacy in these situations...
Last thing we want is Gattaca though... An extreme in controlling access...
Re:OT: get a new quote (Score:5, Insightful)
The sad fact is that we will indeed lose freedom, not for security, but for the perception of security. All kinds of measures will be taken, laws enacted, procedures implemented. Getting on a plane will be a nightmare, but while everyone will be at least inconvenienced, no real prevention will occur.
People want action - they want something done. It doesn't matter if it helps or not. The perception is that anything is better than nothing. I had to go to Bethesda Naval Base today. Only one entrance was open, you had to show ID, another guard had a mirror-onna-stick to look under the cars, another guy was walking around with a shotgun. Looks good, seems secure. Except...
Except a shotgun is only useful within 50 yards at best, the mirror is useless because no one is hanging onto the undercarriage of a car (and you put explosives on the floorboards and in the trunk, not under the car), and although they demanded an ID from me as a passenger, they didn't actually look at it carefully, much less check it with NCIC.
So how much freedom are you (or realistically, is your mother or neighbour) willing to give up?
woof.
Re:I don't think so. (Score:5, Insightful)
The people who are pretending are the ones that claim it can work. Crypto, as an arms race, is over. Given sufficient computational power on both sides, there is a guaranteed win for the encryptor.
Claiming otherwise is like claiming the second player can force a win in Naughts-and-Crosses (aka Tick-Tack-Toe). It simply isn't true. The effort to hide information grows O(log2(N)) for parameters N for which the effort to find the information can not be bounded by a polynomial. In English: as the game gets more complex, it gets harder to encrypt at a much slower rate than it gets harder to decrypt.
At some point (say, now) encryption has such a lead that it isn't even possible to say what contains encrypted data and what doesn't. Even the fact of encryption becomes hidden. From that point on, the decryptor is left with social tools (infiltration, hoping the bad guy slips up, etc.). Technology (and legislation about technology) can't help.
-- MarkusQ
This is stupid (Score:1, Insightful)
Sorry, it doesn't work that way (Score:5, Insightful)
Re:I don't think so. (Score:1, Insightful)
I agree with pretty much everything you said except this:
There are so many ways to infiltrate these groups, there are existing ways to harass their activities both within the US and without.
This is actually one of the areas in which the U.S. has been weak. To illustrate this point allow me to refer you to the opinions of a former CIA [theatlantic.com] agent who operated in Afghanistan.
Re:People will hand it over - crypto's already out (Score:4, Insightful)
The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.
We're talking about outlawing every copy of products like Windows 2000 and Lotus Notes, every router that implements VPN, and so on. The impact on US business would be horrendous. And the big money finance folks would just ignore the order.
Traditionally, the crypto issue has been framed as a rights issue with the cypherpunks against the feds. This neglects the significant commercial impact.
guns != crypto (Score:3, Insightful)
See, I knew someone would say "strong crypto=guns", everybody should have the right to use strong crypto, and everybody should have the right to use guns.
Let me point out what I think is the fundamental difference between these two arguments: crypto, used in anger or accidentally, is not dangerous.
The saying "guns don't kill people, people kill people" is completely true. But guns make it really easy for people to kill. If a kid accidentally uses strong crypto, nobody dies. If a kid accidentally uses a gun, someone will probably be hurt or killed.
Another popular saying is "if guns are outlawed only outlaws will have guns". That's kinda the point. If a police officer sees someone with a gun, he doesn't have to wonder if it is legal or not. Anybody trading in guns is breaking the law, there is no grey area like there is with gun shows, etc. It also means that petty criminals will not easily obtain guns. While it's true that "if strong crypto is outlawed only outlaws will have strong crypto", this doesn't really help law enforcement. If somehow they manage to intercept communication and realize it's encrypted, that'll be as much as they can do. Any outlaw with any skill will pick a good crypto system and make it strong enough to defeat law enforcement. Crypto is easy to use, hide and copy, unlike guns. Anybody with anything to hide would be able to obtain complete privacy, but the average citizen would have none. That's just dumb.
Never mind whether or not making guns illegal is a good or bad thing. That's a different battle. But guns are not the same as crypto tools.
I disagree - now what? (Score:2, Insightful)
Also, something else I just realized - I haven't told my employer about some of the thoughts I've been having lately. I got a really neat idea, having to do with encrypted processing and secure software sales - shit I shouldn't say much more, cause I guess my employer owns my ideas and someone else might see them here and run us out of business! Then we're *all* fucked!
Re:People will hand it over (Score:5, Insightful)
Re:I don't think so. (Score:5, Insightful)
How do you coordinate those efforts without communication technology? The government frustrated similar terrorist efforts on more than one occasion (including New Year's Eve) by being able to intercept and decrypt their communications. So, yes, if you forget that the point of encryption is being able to communicate, then you might have some kind of point. But communication is needed. How do you say, you get on this flight, watch out for this, the president is likely going to be here, oh wait, this flight was delayed or canceled, reschedule this thing a week later, wait, they seem to suspect us, call everything off until two months from now. How do people in remote locations give each other the kind of encouragement and coordination necessary to hijack four planes at once for suicide missions, if there isn't communications technology? The media has reported that steganography has become a central part of Bin Laden's "terrorist training camps." Authorities believe that terrorists have been using images on porn and other sites to hide encrypted messages. A better question to ask is:
Does curbing encryption work in spite of the steganographic techniques they have been using? But the technology issue can't just be tossed aside. It is key to the actions of modern terrorists.
The Dangers Of Prohibition (Score:2, Insightful)
The one thing that governments the world over do not (and sometimes will not) realise is that prohibition or restriction of anything (whether it's drugs, firearms, explosives or encryption) has not, and probably never will, work.
The main principle that I base this opinion on is that the law only regulates the behaviour of people who abide by the law. People who don't abide by the law aren't affected by any of these prohibitions because they don't affect them (unless they are caught and punished). What this means is that the only people that are really affected by prohibition are law-abiding citizens who, by principle, shouldn't be breaking the law in the first place. Therefore, while some lawbreakers are caught, many more are not and this makes the restrictions inefficient and inconvenient for the average person. The law itself is often not a deterrent for people to change their actions, especially if the action had previously been legal, rather it merely changes the method by which the action is performed. So if the government says that you can't do something, you simply do it when the government isn't looking.
For example, when the prohibition for alcohol (which had previously been completely legal) was introduced, people stopped drinking freely in their bars and in their homes and snuck off to "speak easys" (illegal drinking houses) that were often run by the mob or some other underground association. Therefore, prohibition didn't help the authorities and instead helped the underground. Furthermore, since alcohol was illegal this made the demand high and the supply low, so the quality went down and prices went up. People would be poisioning themselves on "drinks" that would contain large amounts of methanol (a chemical with similar effects to ethanol (alcohol) that is even more poisonous), so the incidents of death and blindness went up. Parallels can be spotted between this example and the drug debate that rages on in society today.
The fact that it's cryptography futher complicates the problem as you also being denied your right to privacy (where the government can't legally monitor your communications without just cause and a lot of paperwork - the NSA don't count as they themselves don't spy on US citizens, which is illegal, so they get other agencies to do it for them) but also your right to freedom of choice (the compulsory nature of these provisions means that the backdoors would be standard on all encryption products and backdoor-free versions could not be legally sold inside the United States). Add to that the prospect (which is more like an inevitability) of government abuse of these powers (one poster's example of the French government's "assistance" to French businesses using this power is a prime example) and you have a law that is so dangerous that its misapplication has the potential to completely erode the freedoms of the citizens of the United States. Furthermore, the rush introduction of this legislation after such the proposal of the SSSCA and the WTC/Pentagon/PA terrorist attacks, when the nation is still in shock and grasping for a way to prevent such an event occuring again (which is impossible to do), is inexcusable. The deaths of innocent citizens should never be used as an excuse to further erode people's freedoms in order to preserve "security" in the future (when it's obvious that there is no such thing as absolute or perfect security, only degrees of security).
My advice is, if you haven't already, to start a letter-writing campaign to your congresscritters now because by the time the Supreme Court rules this law as unconstitutional (which it most likely will - at least, it will if judges aren't being monitored 24/7), it may be too late. If enough people say something about it, then you never know how much effect it could have.
Re:How far down the slippery slope will we go? (Score:3, Insightful)
I never quite understood this argument. Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?
Digital Envelopes (Score:3, Insightful)
Encryption is the digital equivalent of an envelope. We don't think twice about putting personal letters in an envelope. "Hmmm... You must have something to hide. From now on all your letters have to be on postcards."
Perhaps the best use of encryption is for digital signatures. If governments have the backdoor to them, how can we trust who the message is from, even if it's sent without being encrypted.
As has been posted numerous times, encryption is already available and in source code as well. The bad guys aren't going to stop using it, if they really are.
The rest of this comment is a long rant. Read it at your own peril.
Our politicians are playing right into the hands of the terrorists. It is our freedoms that gives us our strengths. The freedom to assemble, the freedom to speak, the freedom to worship, the freedom to bear arms, and the freedom from unreasonable search and seizure. Our liberties have eroded over the decades. All in the name of security, most especially, our war on drugs. We cannot let our politicians take away from us what the terrorists have failed to do. Our liberties.
America isn't perfect. It has it's warts, but it's a damn sight better than any other country. Yes, we are hated around the world, but why then does everyone wants to come here.
We must take action not pass laws. We must prepare for a long and bitter struggle against those who would destroy America. We have the resources to do it. Americans have always risen to the occasion when in peril.
Shutting the barn door after the horses have escaped is a common strategy of politicians. Yes, we won't be able to conduct our daily lives the same as it was before, but we shouldn't rush to ad insult to injury. I think their should be a sixty day cooling off period before politicians consider passing a law in response to a terrible event.
Re:Mixed feelings (Score:2, Insightful)
There's two main thing to consider here.
First they've already got it, and if the agencies can't break it why would they chnage the algorithm they've already got.
Secondly, one nation, and once again it's the US, can't make a global poilicy no matter how good their intentions. I'm Australian, and glad of it. Our governments a complete bunch of muppets, but they're ours and should be able to decide policy for our country. Of course they can't, but we keep hoping that one day one of our politicians will make a decision other than what to have for lunch (that's when they're not in parliment, in which case they eat what ever is on the menu)
So here it is: How fucking stupid does the US senate have to be to ask ever nation in the world to subscribe to the idea of encryption software that allows other nations agencies to gain entrance, especially if that back door is maintained by one government.
The answer, I hope, is not that stupid.
Besides, a backdoor will only help you if you know what transmissions to intercept, and if you know that then human intelligence would probably be a better alternative.
Just my 2 cents ($AU24)
How smoke signals will regain popularity... (Score:2, Insightful)
First of all, the obvious fact that criminals simply won't "upgrade" to the back doored crypto has been mentioned already before.
But... Let's say for argument sake that the morons actually go through with legislation like this. Then what? So the U.S. gov't gets the keys to encryption software - but it could only be for cryptographic software originating in the good ol' USA. Do you honestly think the EU is going to give the U.S access to their encrypted messages especially after the whole Echelon thing a while back?
But ok... let's say that they're really scared right now with the terrorism and all that and decide to go with it. But of course, they are going to want their own back doors too. After all, sovereign nations being sovereign nations want are going to want to exercise well... "sovereignty" of all things, over their respective minions.
So now we have international treaties to regulate these back doors and keys and stuff - after all, the U.S. is going to want access to the same back doors as the EU has and vice versa or else the whole thing would be meaningless.Terrorists don't care about borders.
But do all EU governments get a key. How about other trustworthy friends like Japan? Surely they will want keys. In Japan gets keys, how about oh... Russia? India? If India gets keys, Pakistan is going to insist too. Eventually everyone wants keys and of course its only going to be effective if everyone has the potential ability to read everyone else's encrypted mail - after all terrorism is international, right?
How do you decide who doesn't get a key then? We have to be able to prevent rogues states from acquiring the keys after all. But what about the goold guys who become bad guys because of coups and stuff? Next thing you know even the bad guys have the keys and now they can enjoy reading my grandmother's encrypted mail to her online knitting pals.
But the whole scheme still depends upon bad guys cooperating by using the back-doored encryption software but they won't because it turns out Echelon and ilk can't eavesdrop on "smoke signals" so it makes a come-back in a big way.
Trouble is... (Score:2, Insightful)
So what the american congress is suggesting is that normal people can't have secure communications anymore. And where is the point in that?
Bill of Rights (Score:2, Insightful)
Re:Forget Crypto, how about KNIVES? (Score:2, Insightful)
I had to show 3 forms of i.d. to buy one a couple months ago.
I'm packing for a hoped for flight back home, I decided to put my fountain pen in the checked baggage. I'm keeping my housekeys unless they complain. Terrorists always win
Re:Specious argument (Score:3, Insightful)
I live in Seattle, where anyone can carry a gun as long as they have these 2 things:
1. $60
2. Nothing bad on their record
Is Seattle famous for its high violent crime rate?
MOST US states have similar "shall-issue" weapon permits... if there was a correlation between such laws and increases in crime, wouldn't someone have pointed it out by now? The states and Feds collect a lot of crime data. Surely it would be obvious by now. There are enough people with an anti-gun agenda, wouldn't Brady or someone like that have presented the irrefutable proof that gun permits cause carnage?
It's strange, I wouldn't trust the average guy on the street to fix my hamburger right. But I'll be damned if they don't manage to carry a gun responsibly most of the time when they are given the right to do so. Pretty weird.
You might want to read this summary [beast-enterprises.com] of Gary Kleck's study on defensive gun use.
This [kc3.com] page has a summary of crime stats that relate to CCWs. Quick factoid: Florida's homicide rate has declined 21% since adopting a permissive CCW law in 1987. This is not an unusual kind of result.
I realize that figure does not PROVE that concealed weapons reduce crime. But it does seem to indicate that a CCW law doesn't turn a state into a bloodbath.
Give your fellow American a little more credit. Surprisingly, they seem to deserve it.
Moderation incompetence (Score:1, Insightful)
While I agree that the genie is out of the bottle on encryption and the government better just find another way to accomplish their security goals, I also think concern for privacy is way overrated. While I may not want my neighbor next door to know how much money I make, I don't mind filling out those surveys with all my demographic information at all. I mean, what are they possibly going to do with it...I am just a number to most of these people. The same thing goes for the police.
I can safely say that I couldn't care less if the police read every email I had ever written or received. It just doesn't matter...information about me simply isn't that useful and you are a fool if you think the information about you matters one iota.
The Price of Liberty is Eternal Vigilance.... (Score:5, Insightful)
For another perspective on eternal vigilance, David Brin's [kithrup.com] book The Transparent Society [amazon.com] talks about the issues of ubiquitous cheap video cameras combined with cheap communications and computing. The recent face-recognition uses at Florida sports stadiums and the cheap X10 cameras with the annoying pop-up web ads are only the beginning.
Re:Mixed feelings (Score:3, Insightful)
Sigh. The vast majority of signals intelligence is devoted to traffic analysis: figuring out who people are talking to. Think about this. Do you think they have the resources to read all the stuff they can capture?
Once they decide that an individual is connected into too many suspicious circles (drugs, munitions, political activism, voting democrat, etc etc) only at that point do they consider devoting resources to decyphering the content of the traffic exchanged. Compared to the total volume of traffic exchanged on global networks, they have the resources to crack only a tiny sliver of those communications.
If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.
It's very important to limit the total volume of strongly encrypted traffic. If they manage to limit strong encryption to 1% of the population consisting entirely of
In no way whatsoever do the objectives of this initiative depend upon Bin Laden adopting an American approved backdoor technology.
Arguing that the American government thinks this is the objective of their backdoor policy is juvenile circularity invented to justify our _premise_ that the government is too stupid to be trusted in anything.
Let me try to paint a picture of how things work based on what I believe to be the existing American capability in rough factors of ten.
I would think that the Echelon system maintains a unique identity for 1 billion of the world's 10 billion people. This group would include the majority of people who have used a telephone at some point in their lives, and not many who haven't. We can think of this group as the "literate and connected" group.
Out of of this roster of one billion "known" individuals, 100 million would be identified as belonging to the sphere of national interests. Anyone with a degree in metalurgy, who has ever travelled to the middle east or the eastern block, who has ever held a pilots license or owned an airplane, people involved in international trade, people trained to operate weaponry of any kind, people on the inside of national infrastructure grids, etc etc. What they are looking for at this level is overlap between the groups motivated to cause trouble and the groups with the skills or resources to cause trouble. The only thing they need to identify about people in this group is the various spheres of influence each person belongs to.
Out of this group 10 million people are identified who have a significant presence in groups representing both means and motive. If you are in this group, Echelon problably knows your great grandmother's maiden name. Your location is monitored and the people you communicate with are identified and recorded. Your traffic will be subjected to keyword analysis and correlation beyond what the bulk filters are capable of processing. A select ten percent of your communications are permanently recorded in case they become interesting at a future point in time.
Out of this group, 1 million people are identified who combine means+motive+opportunity. It is this group of people where they become very interested in digesting the _contents_ of your communications. Perhaps 1% of this is selected for a few seconds of human attention.
Our of this group, 100 thousand people are subject to exhaustive scrutiny and human analysis.
Out of this group, 10 thousand individuals are actively operated against. If you are in this group, there are white vans parked in your street, your cigarette lighter contains a satellite transponder, your keystrokes are monitored by devices that can only be seen under an electron microscope. To belong to this group you need to have your fingers stuck into more than one pie. These people are the tendrils that bind shadowy worlds together.
Out of this group, you have 1000 people designated as the world's primary disruptors of shit. If you are in this group there is someone in the intelligence service who knows more about your life than you know about yourself. Your continued existence is reviewed daily. It's a good practice to surround youself with equally despicable proteges who are eager to take your place.
Out of this group, there are 100 people who's continued existance is considered bothersome. These are the people who out so well protected or removed from American influence that nothing much can be done about it.
Out of this group, 10 people are nominated by American politicians to play the part of celebrity terrorist. These are the "forces of evil" who constantly invoked to sway public opinion on any issue where it allows the government to get what it wants.
Take a good look at that pyramid and decide whether it matters to the American intelligence service whether ten million people use strong crypto or whether one hundred million people use strong crypto. The intelligence service needs to know enough about this group of 100 million people to determine which subset of 10 million people deserve the next layer of surveillance.
But no, if Bin Laden alone uses strong encryption, the entire government agenda against the strong encryption is ridiculed as being completely bogus. A fine example of
Decrypt this (Score:2, Insightful)
A child can implement a one-time pad using a deck of playing cards, a pair of dice, or by simply flipping a coin repeatedly.
And the most advanced governments even if equipped with what is now only theoretically possible -- like the quantum computer -- would not be able to successfully cryptoanalyze a message so encrypted.
Are we going to classify playing cards as munitions? Dice too? What about coins: can we devise a currency that is crypto-safe?
Sometimes I feel like I'm drowning in monkeys.
Freedom and Encryption in the US. (Score:2, Insightful)
I'm a Swede living in Japan and I have always been following the cryptography and digital copyright debate with a concerned interest.
The second thing that came to mind when I learned of the tragedy was what pro-regulative forces would take this golden oportunityto bring on all kinds of regulations to the US people, especially
in regard to encryption technology.
It is quite clear to me that 'the land of the free' is not close to as free as you'd like to think you are.
Where I come from,
1. Reverse engineering is not a crime
2. Software patents are not allowed
3. Regualtions on encryption has never been heard off.
Where I live, I've never heard of a cracker ever being prosecuted (there might have been I case or two that I have not heard of, but the point is, the government is NOT being paranoid about it).
I am not saying that lenient laws and or are always good, but they do tend to provide a greater amount of freedom.
Speaking of installing backdoors, it's pretty arrogant to think that encryption software can be made only within the us. Sure, most consumer
software (read M$, PGP) is made in the us, but the only real effect is that consumers will be exposed to backdoors and hardcore criminals will
use something else / write their own code. Especially well funded criminals that can pull of terror stunts like this one.
BTW, I read in Wired that the FBI were pushing carnevor installations to be used 'just for a few days' AFTER the attack, like, there would
be a lot of communication to listen to AFTER the attack? It looks like people are giving in on their principles already.
Anyway, I sincerely hope that America recovers fully both in body and mind, and do not allow this tragedy to be amplified by giving in to
those who might be using it to their own purposes.
Strength to you all.
Re:I don't think so. (Score:2, Insightful)
Not really. Ever heard of talking? How about talking in codes across the phone? Etc, etc. Are you going to invade other countries every time you suspect stenography?
Even if this stopped terrorists, which it won't. If I were to live in a police/military state like this, I would move out. Unless you start imposing restrictions on emigration too. Then people will shoot their way out.
Amazing how violence and force breeds more violence and force, isn't it?
- Steeltoe
Re:I don't think so. (Score:2, Insightful)
Do _all_ US citizens think your laws apply all over the world?
Re:We've defeated suicide terrorists before (Score:2, Insightful)
Well, if we're talking about being tough on supporters of terrorism, that's a perfectly fair statement.
Maybe, lets hear what Jefferson had to say (Score:4, Insightful)
and
The idea was always there that congress might have to restrict the freedoms of those living within the republic to protect the common good, especially where individuals were trying to provoke the unimaginable horrors of war. Sure you can have a long debate on exactly where to draw the line, you can disagree with where they are currently suggesting the line be drawn, but lets not pretend its quite as simplistic as your one quote implied.
If you disagree with what they propose then demonstrate alternatives or show why their proposal is worse than the threat faced by the USA. There are good arguments to be made, there are quite probably better ways of dealing with the threat but if all you do is run out old quotes then you are doing what Franklin said;
--
Nic (expecting to be moderated to -1000 but figures it needed to be said anyway)
Re:I don't think so. (Score:5, Insightful)
Hi George, how's the family? We're doing great over here, Lisa just gave birth to a baby boy, 6 lbs. We're planning on visiting New York September 12th, and hope we can see before heading home. Will you be in the area? Maybe we can get together for lunch.
Would you know that the sender was REALLY telling the reader to set off a fire bomb(baby boy), approx. 6lbs in weight charge, September 12th at ? Or how about a numbers station?
They quote numbers indicating page and word number in a certain book. m Like fourth word on the third page. The receiver then looks it up and reconstructs the message. This, my friend, is steganography. I honestly don't see how a computer could pick this stuff out.
I had feelings about that (Score:1, Insightful)
any media to track criminal communications, but since
it's incredibly easy to send secret informations on the
Internet without encrypting them, this will result in a
general limitation of civil rights for common and honest
people, while real criminals will continue to communicate.
And, believe me, there are -infinite- ways to hide
data in a way they won't look like encrypted.
NSA, FBI and others will throw away your money (I'm
European) to enforce unhetical (and unamerican) laws
that will take away your freedom without giving anything
back.
That's like blindly bombing the Afghanistan, killing
thousands of innocent people, to hit the few ones that
led the terrorists. It will work as it worked for Saddam
and many others: it will not work.
Besides that, my condolences to everyone lost their
relatives and friends in that catastrophe, and my tears
to everyone died. My heart is with you all.
Defending Freedom by reducing it... (Score:4, Insightful)
Carnivore was in at ISPs on Wednesday and will be into Tier 1's by now. Remeber to intercept 'net traffic you have to look at ALL the packets. To trap "encrypted" data whatever that may be you have to read 'em. Imagine the power to open ALL snail mail and read it to check if it's suspicious...
There's a distinct danger that this kind of monitoring will be installed, relatively unchecked, with Civil Rights groups unable to mount a credible defence due to the devastating nature of the terrorist attacks. This will happen not just in the US but easily in the UK, France and Australia who have similar laws or technology in place.
And once it's in, you can bet it won't come out again. Think 5 years down the line...
Re:Mixed feelings (Score:3, Insightful)
I'm in the UK, so, tragically, have had to be a bit more aware of terrorism for the last 30 years.
The Guardian newspaper made a similar point yesterday, citing the example of IRA standard operating practice where operational information has almost never been passed using telephones, fax or more recently email. The procedure most widely known has been for the two terrorists to get onto the same bus from different stops, talk quietly on the top floor, and get off at different stops.
Crypto back doors, satellites, phone taps, the whole panoply of technological measures, whilst reassuring, can never have a useful impact on this sort of approach.
OTOH, if, in fact, the CIA have 10,000 agents of middle-eastern origin under deep cover throughout the world, I don't want to hear them proclaim the fact to get out of a bad PR situation. Rather better to take the PR hit and leave the agents in place doing the job.
TomV
Re:People will hand it over (Score:2, Insightful)
They have a pretty clear idea who is responsible, and they are aware that those people are spread thinly across many nations, including the USA itself, most of europe as well as the middle east, sharing cities and countryside with the overwhelming majority who utterly abhor their actions.
This calls for a good old fashion ass whooping. Kill them.
I'd certainly agree that the people responsible for this cannot be allowed to remain at large, able to repeat this atrocity at will, and I concur that this will likely involve kiling them. I'd prefer to see lawlessness countered with lawful arrest and very public trial, but it does seem unlikely that a group of suicide bombers would allow themselves to be taken alive.
flatten the whole fucking countryside and then burn them out of their stinking rotten holes in the ground.
I understand the pain. I have been bereaved in a non-related incident this very week, and I live in the UK where we have had ongoing domestic terrorism for 30 years - believe me I know the pain right now. But to avenge the deaths of thousands of innocent civilians trying to go about their lives by taking actions that would kill thousands of innocent civilians trying to go about their lives would be exactly the worst thing to do right now. When a group of terrorists attemt to show that world that indiscriminate slaughter is more powerful than the rule of law and justice, to counter their actions with more indiscriminate slaughter is to show that they have won the argument. The US has become a target specifically BECAUSE it has gone around the world, 'meddling in other countries affairs', to uphold the very principle that law is higher than force. Such is sometimes the terrible price of goodness.
Yes, this is rage. I would question the patriotism of anyone who ISN'T outraged at this point. 90% of Americans see this as an act of war. We will accept nothing less than war against the people that perpetrated this atrocity.
It's not even a matter of patriotism, rather the same underlying principle but applied to humanity rather than to a nation. I would question the very humanity of anyone who isn't outraged at this point. But to fight a war, you need an enemy, and weapons. When the Japanese Air Force bombed Pearl Harbour, it was clear that the enemy was the Japanese nation, that the target was the Japanese armed forces, and that the war could be ended by use of heavy military personnel and equipment to force the surrender of the islands of Japan. In the current situation, we don't know how to easily identify the enemy, they aren't uniformed, their bases are widely distributed, their structure is non-hierarchical, so just taking out Osama won't do it, you can't measure progress in the battle, and there is no readily identifiable point at which it is possible to say 'the war is won'. Slaughter every living terrorist, and more will appear to avenge them.
Police action on an unprecedented scale is needed now, but so is a rethink of the very principles of foreign policy by every nation on earth.
What a ghastly world we live in since Tuesday. These people want to start World War 3. Let's all do everything we can to make sure they don't succeed.
TomV
There is no point. (Score:1, Insightful)
As a good example I managed to re-write my own public-key RSA based encryption system in about a month (all code algorithms written from scratch). And this is my spare time.
The only consequence is that the law-abiding ciztens and businesses will be using encryption based systems which are inheritally weak, and hence very prone to industrial espionage or crackers.
OutGuess 0.2 can't be detected w/Stegdetect... (Score:3, Insightful)
The terrorists seem to have won what they wanted- this country's using this as excuse to reduce our liberties and we're doing other things out of pure fear and demands for false security.
Why restrict *US* ? (Score:2, Insightful)
Isn't the threat to National Security coming from OUTSIDE ?
Government Exploiting a Tragedy (Score:1, Insightful)
I'm going to start questioning this whole thing from a conspiracy standpoint. Haven't government anylists been saying all along that only a war could pull us out of this economic slump? Anyone notice that we closed our market, but the other world markets were negatively affected. The NIKKEI(sp) index dropped lower than the DOW for the first time since 1957, putting us ahead of the Japanese.
All a little suspicious to those who rightly don't trust our government. It would be just like them to, not only exploit this tragedy, but also perpetrate it. They don't garner my trust when they propose ridiculous laws like this one.
I know this may sound unpopular here but... (Score:3, Insightful)
If the U.S. Government gets it's way, we need to place the highest restrictions on what the government may do with the data, and when it may sift through that data. That allows the government to decrypt and get at data in extraordinary circumstances such as the destruction of the World Trade Center and killing of thousands of lives. But we should then come down on law enforcement like a ton of bricks if someone goes through the data for non-extra ordinary circumstances, or violates personal privacy.
I personally have no problems with being anonymous because the amount of data to track my computer usage is too large to make sifting through very easy. That is, I don't mind anonymonity through obscurity. But in extraordinary cases like this (and *ONLY* in extraordinary circumstances like this) should the government be permitted to sift through all the quadrillions of bytes of transmitted data to look for one or two e-mail messages and decrypt them.
The law is a threat to U.S. (economic) security. (Score:3, Insightful)
Excuse me for pointing out the obvious. I haven't come across a post that spells it out. (And we should try to spell things out to the non-digerati.)
If there is a law requiring a backdoor to all encryption technology, that will include corporate email and tools like ssh.
As we all know, there is no such thing as a secure weakness. At some point, these backdoors will be hacked out, and that will be a goldmine for corporate espionage and penetration.
The FBI's zeal in making the public "safe" from external threats will be exchanged for foreign corporations ability to outcompete U.S. based corporations. Not to mention give an advantage to the Chinese.