News.com: Crypto Doesn't Kill - People Do 259
McSpew writes: "Bravo to News.com for telling the truth about cryptography. They even cited /.'s coverage of Phil Zimmerman's real views on PGP and its possible role in any terrorist acts." On a per-word basis, this may be the best summary of why calls to ban or restrict encryption technology (as with government key escrow, or constrained key sizes) has little to do with enhancing national or world security.
Re:one-time pads (Score:2, Interesting)
I don't agree that one-time pads are sustainable for terrorists. Getting the same valid code book to a number of members in several countries? many of who might not know or trust each other?, regularly changing the code? using it for every messages.
At best u'd prob use one time pads to encode your daily keys for some other (faster and automatic) encryption mechanism.
Besides ,in the end you will still be sending a message which makes no sense of any kind (the encrypted string). The FBI will come kocking on your door and say (prob not very politely) that they want the key. This is exactly the same result you would get if you used PGP and hadn't surrendered the key.
This is why stenography is so hot - you encode stuff in traffic which looks "innocent" so no one even knows you are sending an encrypted message.
Letters to congress people. (Score:5, Interesting)
------
Honorable Senator xxxxxx,
I am writing to bring to your attention the pointlessness of Senator Judd Gregg's new legislation mandating backdoors in all cryptographic products. I could make many arguments that discuss our civil liberties and the right to be secure within our papers and possessions, but that argument while true and immensely important, is not even required in this case.
Simply put, with respect to strong cryptographic software, the "cat is out of the bag." The world is already full of good, secure cryptographic products with no backdoors. That is the case now, and was PRIOR to Congress' reduction of ITAR restrictions that kept us from exporting strong cryptographic products.
The world is full of smart people many of whom do not work for the NSA, and do not live within the United States. These people in the civilian cryptographic world are constantly researching and developing new cryptographic techniques, which Senator Gregg's legislation WILL NOT AFFECT. No matter how many laws you pass, NOTHING will keep the BAD GUYS from being able to download this cryptographic software from European and other web sites.
If Europe latches on to Senator Gregg's idea of mandating backdoors in all cryptographic products, then the people who want to use cryptographic products with no backdoors will simply write their own, or copy VERBATIM the computer source code for strong cryptographic software that already exists in many hundreds of published books.
Allow me to quote Bruce Schneier, perhaps the United States' leading civilian cryptographic expert:
"To illustrate the ease with which a cryptosystem can be implemented, I present the full code necessary for establishing a secure cryptographic channel over the internet, called the Diffie-Hellman Key Exchange. Both people communicating do the following:
"1. Get public key (Y, P) of the other person. This is just a pair of large numbers.
"2. Raise Y to the power of X, where X is the private key, modulo P. The result is the secret key.
"Modular arithmetic is taught to fourth-graders under the name 'clock math,' and secret-key cryptosystems are just as easy to memorize and implement as public-key systems. I could teach any twelve-year-old how to reproduce from memory in under fifteen minutes a strong cryptosystem on any Windows machine. Any terrorist is quite capable of doing the same."
This speaks volumes about the current state of cryptographic software in the world today, and the ease with which it can be implemented.
If Senator Gregg's legislation is passed, it will have ZERO affect on the people who DO have things to hide from you, and will only harm the innocent citizens of the United States who wish nothing more than to insure that their banking records and private email conversations remain truly private.
Regards,
-----
Rich...
Re:Crypto Kills (Score:2, Interesting)
Yes, but weapons can be used to attack someone. Crypto may only be used in a defensive way. To actually kill someone, people still need a weapon (e.g. a gun, a plane, a car or whatever).
On the other hand, nobody even thinks of restricting the free use of, for example, cars.
That is because people are accustomed to cars, they use them daily and they understand why they are useful. They don't see them as possible deadly weapons but as part of their daily life.
That's why it is essential to propagate encryption as the natural way for everyone to send emails. It would also help to use some less technical word instead of crypto. I would rather refer to it as a kind of "envelope". That's an image that even Joe Average can easily understand.
It's not in the ATA. Geez, I wonder why. (Score:2, Interesting)
After all, the Feds can install keystroke loggers [slashdot.org] on your 'puter, or they can call out a van full of TEMPEST equipment. The keystroke loggers require agents to physically enter the premises, which obviously requires a warrant. As for the TEMPEST equipment, no precedent exists AFAIK, but the ruling regarding thermal imaging [slashdot.org] may be helpful.
Do you EVER have a right to privacy? If you do... (Score:3, Interesting)
What is scary about this U.S. government talk of not allowing secure encryption is that it is working so well. Even the intelligent, educated people who comment on Slashdot (Don't joke about this, it's the truth.) are being led completely away from the real issue.
The real issue is that they are trying to get you to accept that you have no right to privacy.
The really important matter is that the U.S. government is trying to get you to accept the principle that it can spy on you. They know they will lose the encryption battle.
Do you ever have the right to privacy? If there is a single case in which you have the right to privacy, then you have the right to encryption, because you need it for that case.
From the article, What should be the Response to Violence? [hevanet.com]:
"The U.S. government has three separate, very large agencies that function as global secret police: The FBI, the CIA, and the NSA. The first two are authorized to kill other people. These agencies are secret in two senses: Their activities are hidden from the people of the U.S., even though the U.S. is a democracy. They also have secret budgets. These agencies function everywhere in the world, including inside the U.S."
It has somehow been established that U.S. citizens will accept that they cannot be told about either the activities or the budget of the secret "national security" agencies. Clearly, if they did know, and if they had a chance to vote, most citizens of the U.S. would vote against many of the activities. However, U.S. citizens are not allowed to have enough information to make an informed decision about the secret agencies.
Cryptography isn't going away (Score:3, Interesting)
Language has always had two purposes: 1. To aid in communication with those you like, and 2. To hinder communication with those you don't. Otherwise, we would probobly all be speaking in the same tongue or dialect. Even if these laws are passed, sending secret messages will always happen, and crypto/stego are too great a tool to be just thrown away by the people.
Use of GIF images to send secret messages is one obvious way to make your message invisible or even undetectable. Encrypting that message against any commercially available CD image would be even more useful. Any attempts to circumvent that encryption would result in extracting a CD image, and that's a DMCA violation.
Encryption Saves Lives (Score:3, Interesting)
...the United States military uses encryption every single day to save thousands of lives. How do you think these soldiers in the field talk to each other, relay coordinates, maintain anonymity in foreign lands to stay alive? That's right class, strong encryption!
It's ok to implement backdoors in the publically available encryption, but oh, this little stuff we use over here in our military is classified, you can't see it, and we can't even tell you we use it.. But here's a 200 page document, all conveniently highlighted in black marker, that explains everything you need to know about it.
All of these politicians and gubbermint officials supporting this type of intrusive "anal exploration" of our freedoms needs a brain exam.
Re:Crypto Kills (Score:3, Interesting)
Look, we'd better wise up. All this heavy spate of legislatory excess WRT Cyber-crime and encryption, etc is NOT because of 11-SEP at all. The tradgedy has simply given then a gigantic bandwagon with which to roll over those opposed to their plans. They have always wanted to clamp an iron fist on the throat of eFreedom, and this is just the excuse they need.
There is no point in showing them that these efforts won't help against terrorism. They are not introducing them for use against terrorists. They are introducing them for use against US. "To protect the children", of course.
Crypto not common?? (Score:4, Interesting)
If I understand you correctly and you're saying that crypto isn't common right now, that's not true. Salespeople around the US have been selling Virtual Private Networks (VPNs) to companies for a few years now, and these encrypt all traffic between a company's sites. While there almost certainly is still much more unencrypted traffic on the net than encrypted traffic, encrypted traffic is far too common for the government to be building a file on every instance they encounter.
Many lawyers use encrypted email because of legal precedent which makes email less legally "privileged" than say a phone conversation.
Then there are all the /. nerds using SSH to talk to their servers. Do you think the FBI or NSA has a file on Shoeboy?
Everyday use of encryption is a lot more common than you might imagine.