Europe Sets Encryption free, USA Protests 244
Jor writes "This (english) article on Telepolis (german site) says that the European ministers of Foreign Affairs are expected to decide next monday (27th) to drop all export regulations regarding encryption software to countries outside the European Union. The article also points out that the USA are pretty pissed off by this decision.
"
Re:Why the USA is pissed (Score:1)
A quick glance at the constitution reveals no such restriction.... </I>
It really says people may bear *any* kind of arms? Or merely be armed? The latter doesn't stand in the way of regulation as long as some kind of weapon is legal. Knifes only, anyone?
heh (Score:1)
> As we know Echelon has been a joint venture between European countries an the US,
> one wonders how that partnership will be affected.
Actually no, we don't know that. Echelon is (disclaimer: "supposed to be") a joint venture between the US and it's English allies, which means Britain, Australia, and Canada. The main target of Echelon is the EU for crissakes. That's why the article mentions that there's widespread distrust of American security products: because they're all assumed to be part of the conspiracy.
> Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will
> blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
One government sueing another over differences in their mutual legislation?!? In which court, exactly?
-this message brought to you by Nerds Against Drunk Posting
catalyst.
=-=
Shaped Charges (Score:4)
Then the shaped charge was invented. Anti-armor tech caught up with armor tech.
Until we come up with better technology to crack encryption (IANACF - I am not a crypto freak), people are SOL trying poke through modern crypto schemes.
But the answer isn't to try and keep people from designing the armor. The answer is to develop a better method of defeating the armor. To try and stop the progression of crypto technology is stupid and, at best, a delaying action. The only benefit the efforts of the US Government will have are on the economics of non-US crypto companies.
Re:Not everyone opinion (Score:1)
One-time pads are unbreakable. The messages an army (or drug ring, or whatever) need to operate are short - usually only a few lines per message.
A single cdrom can hold pads for over a million messages, and of course all your units have a different one.
Quantum computers (Score:1)
Another question is, how far ahead this research NSA's and other intelligence gathering organizations' R&D is. (Paranoid-mode on ;-)
Re:echelon? (Score:2)
Now, if everything is encrypted in an industrial-strength code, projects like Echelon will either take immense computing power or become wholly ineffective, with the latter being more likely. I know that the US has contributed excessive dollars and power to covert projects before, but Echelon casts such a wide net that decoding all of those tadpoles and minnows to catch the very rare shark just costs too much. Even for the NSA.
Re:About Time--But Does It Matter? (Score:1)
I keep hearing Americans claim over and over that the US is technologically ahead, but I see absolutely no evidence for this. Intel CPUs suck; Microsoft software sucks; Cisco import much of their router software from the UK; the ARM is the best-selling CPU worldwide, and it's British; even mobile phone handsets come out a year earlier over there.
Never attribute to malice... (Score:5)
In any case, its always been easy to get strong encryption in the US, so your argument makes no sense whatever.
On the flip side, it's always been easy to get encryption out of the US too. The so called export restrictions have always been an ridiculously porous barrier -- not only because the easy but illegal transfer of encryption programs, but because the restricted algorithms themselves have been protected under the first amendment -- if exported in printed form.
I think you miss two important alternative explanations.
(1) Politics.
Politicians are by in large not stupid. They just do stupid things for smart reasons. Export restrictions are symbolic not practical.
Politics is about appearances. If there is an item on the news that grabs everyone's attention, you can expect to congressional hearing pretty soon. That's why we get things like "crime bills". On the theory it's better to be ineffectual than indifferent, do something and if you're lucky and people aren't watching too closely, they may not even notice you are being ineffectual.
On the flip side, it's bad to have the appearance of coddling criminals, welfare mothers or terrorists, so it makes perfect sense (from a political sense) not to be the one caught pulling the plug. Do you think the Republicans would praise Clinton for dropping export restrictions? As a Democrat, I'm very sure that my party wouldn't have kind words for a Republican president who did so.
(2)Inertia
The very ineffectualness of the restrictions is what keeps them going. Nobody in the defense or intelligence estabishment who really understands these issues is going to care much, except for the people whose job it is to enforce the restrictions. Given the political exposure of "weakening" a defense, even if it is obsolete or as in this case merely symbolic, it's much easier to go along and not make waves.
Re:Nobody knows the damage done by Barney's Army.. (Score:1)
___
Re:Leading by example... (Score:2)
Well do I have to be the one to say it? Fine... LIAR! If you could break ANY encryption in three days then you have something going that the rest of the world has missed. Just to demonstrate I would like you to take a crack at this next block. Mail me the answer (e-mail listed, it works). I'll even give you four days to do it in.
GHTRY AUYIT HGYYT LINQW
If you can't do it then admit you were being a idiot. Thank you.
Export (Score:1)
I think that these reasons many of you cannot see behind this decision are clear. The group of ministers of foreign affairs of EU is debating a long time already about e-commerce and whole EU is talking about it. Also whole EU has problems with overproduction and need for export. They see as a help in solution of this situation use of e-commerce, but they cannot export into 3rd world countries and make business with them effectively and spread e-commerce solutions there without having good encryption allowed in these countries.
I think that Europe is going everything to catch up with US considering e-commerce and to even get one step further.
Re:Stop stretching the truth! (Score:1)
Moderators, how did that post get +2?
siri
Re:Mixed Feelings (Score:1)
Another thought is the fact that with linux clusters becoming more common it doesn't take as long to break the encryption. With a very powerfull cluster the encryption becomes a minor anoyance, to the average hacker its a bit harder.
It takes (and will continue to take) years to break long keys by brute force. They will simply be unbreakable to just about everyone.
Re:Will The US Govt come to it's senses (Score:1)
Too Bad Quantum Computing Will Render Encryption (Score:1)
I'm sure the NSA, FBI, ATF, DEA, BIA, INS, CIA, DOD, DOJ, and the Freemasons are sinking lots of dough into quantum conmputing technology (so they can have it before it's publically available).
The value of encryption is finite. Come up with something better, people.
May I suggest secret decoder rings? (BE SURE TO DRINK YOUR OVALTINE)
Re:Of course these things come and go ... (Score:1)
On the other hand, the rate of progress in breaching privacy is exploding like everything else.
150 years ago, if you wanted to be absolutely certain a conversation was secure, all you haed to do was go out to the middle of a big field, check there was nobody within earshot, and whisper.
Is there any similarly effective means of achieving privacy currently available at negligible cost?
TomV
Re:Why the USA is pissed (Score:2)
Kintanon
Won't make a difference (Score:1)
Thus if we have restrictions on internal use of encryption I don't see how we are going to develop and export strong encryption.
France has more oustanding european court cases against it that any other nation
-dp
Misreporting. (Score:2)
The article does not say that the United States is "pretty pissed off" by this decision. That is pure speculation.
Re:US Patents doesn't matter in EU (Score:2)
Well, Denmark doesn't. In paragraph 1.2.3 of the Danish patent law [147.29.40.90], programs for computers ("datamaskiner") is explicitly excempted. However, as an earlier poster pointed out, algorithms can still be patented as part of a larger system.
Will the US citizens come to their senses? (Score:1)
I wonder this, as well. I can see perfectly--being that I am an American--why its own citizens would hate the U.S. Government. We have to suffer the effects of this bloated federal government every day.
This is not a situation that we have to sit quietly and accept, however. I may despise the myriad of unconstitutional agencies I'm forced to pay for with my taxes, but I love the spirit in which my country was created, and I believe in the ideals that our ancestors paid for in blood.
Americans don't have to take this. We can fight back with the weapon government fears most--VOTE. Vote for a candidate that believes in your ability to govern yourself. If you want to learn about these candidates, visit the Libertarian Party home page [lp.org].
Topher
Got Freedom? [lp.org]
I want a cigar... (Score:2)
>There's no point in being the only nation on this planet banning encryption export.
Being alone has never stopped them before, why would it now?
Devil Ducky
Heh! (Score:2)
BTW, I've been downloading my encryption products from Norway forever now. Much easier than screwing with an American site. Mandrake uses servers in other countries to seamlessly install encryption products once your networking is set up. The net's been bypassing our stupid regulations for ages now. Pity decss and that cyber patrol crack didn't fare so well.
Re: (Score:2)
Re:Leading by example... (Score:2)
Some already have. RSADSI hired Eric A. Young (the guy who wrote SSLeay) to work on their SSL project in AU. The idea is that all of the coding, support, and sale is done outside the US, so it won't be 'tainted' by the export laws. That way they can sell it to anybody in the world, conviniently getting around US export laws.
Re:Why Europe is Different (Score:2)
This seems to be a rather severe departure from reality. Anti-terrorist paranoia (i.e., heavy police presence, "anti-terrorist" squads, airport security) is, according to most sources, more common in Europe than in the U.S.
In fact, the anti-self-protection laws you cite, are themselves an example of paranoia that has not, as of yet, infected the U.S., apart from in some Northeast cesspools.
The U.S., by the way, is not a particularly violent country, when compared to the world as a whole, instead of comparing only against largely homogeneous (by comparison, mind you) Northern European countries.
--
Re:Stop stretching the truth! (Score:2)
The article says that the US was pressurising the EU not to go ahead with the move. Why did CmdrTaco say that the "US is pissed"? What further indications are there in the article that the US is indeed pissed?
And you think they'd be pressuring the EU not to go ahead with it if they liked it? No. The article stated rather nicely that the US government is... pissed.
-- iCEBaLM
US Patents doesn't matter in EU (Score:2)
Comment removed (Score:5)
I don't get it (Score:2)
Does any law enforcement agency really think that Bad Guys anywhere in the world have any trouble at all getting strong encryption technology? The whole argument seems pretty pointless to me. They're just preventing people from making money with it. (conspiracy theory?)
Re:Why the USA is pissed (Score:2)
What the US government doesn't want is widespread use of encryption. The way to avoid this is to keep it out of mainstream products.
In your cell phone example, using a US standard does not keep you from calling someone outside the US. If you couldn't use a US cell phone to call someone in Europe, people would get upset about the lack of standards.
Encryption is only effective if it goes from one end to the other. Therefore, two people from different countries need to use the same standard.
What the encryption regulations have done is keep strong encryption out of the hands of the mainstream. These regulations have kept strong encryption from being built into Internet Explorer (for lack of a better mainstream example). If all of the mainstream applications had built-in encryption, and it was friendly enough that even my Aunt in Minnesota could use it, then eavesdropping on the internet would be practically impossible.
Cell phones don't follow a standard, but the worldwide phone system allows multiple standards to talk to each other. With encryption, there is no way to transliterate in the middle, because to do that, you'd have to decode the message.
Re:US Patents doesn't matter in EU (Score:2)
Re:Leading by example... (Score:2)
Steven,
I just had a little look at your posting history, and you're a pretty amazing guy. I am surprised that you feel it necessary to tell me that you were a sponsor of that contest since I would have expected you to be well-informed enough to be aware that Our People have been watching you for some time. We are forming a new World Organisation called Braggard, Inc. which we feel you would be more than qualified to preside over.
thanks,
Z
p.s. Anticipating a positive response we have already disabled http://www.jjjulius.com [jjjulius.com].
Re:About Time--But Does It Matter? (Score:4)
EU Good, US Bad (Score:3)
Shall I Say anymore?
Re:Showing some...backbone... (Score:2)
More because of issues of trade balance, than as a favor or quid pro quo to Europe. A cheap Euro means higher imports from Europe, less export to Europe, and US companies being defeated in world markets by cheap European goods.
Leading by example... (Score:2)
--cyphergirl
That's nice (Score:2)
Well, I'm glad that SOMEBODY doesn't.
...phil
Re:Brevity... (Score:3)
The conspiracy theory about encryption doesn't make any sense, because it can't target the people who need to be targeted -- the ornery free-thinkers with IQs higher than room temperature. The political theory does make sense because it fits with the pattern of behavior you can see every day if you look at any successful politician of any particular ideological stripe.
Conspiracies do happen; after all Nixon did try to cover up Watergate and he did use the IRS to force George Wallace to give up his third party. The KISS applies to conspiracies as well as anything else. The Wallace thing was simple, old fashioned blackmail, and worked perfectly. The Watergate thing started simple, but got too complicated to be managed, as it drew in too many of the executive branch. Of course, once he started down that road, he was stuck. The story had more legs than he had expected, and he was stuck with a balooning conspiracy that toppled his presidency.
Complicated conspiracies are simply prone to failure. To posit conspiracies that are complicated and doomed to faiure from the outset is to assume stupidity on the part of the conspirators. I have news for you -- these guys are rich and powerful and get a lot more action than the average geek.
So, you wanted a sound bite? Here it is: The difference between a politician and a geek is that a politician is willing to act stupidly to achieve his ends, whereas a geek is not.
Of course you can never disprove the existence of a conspiracy, especially to someone willing to introduce new propositions to support the conspiracy theory because he likes conspiracy theories. However, Occam's razor favors the straightforward political explanation.
Re:Why the USA is pissed (Score:3)
Re:Why Europe is Different (Score:2)
Re:About Time--But Does It Matter? (Score:3)
Showing some...backbone... (Score:2)
Even as an American it's nice to see some other countries/political entities showing some backbone and independant thought [terrorist nations notwithstanding]. While I don't usually follow these things too closely, it seems to me that quite often the US govt. pushes, and other countries just go along with it. :)
Then again, maybe I just really have no clue
Ender
Re:Terrorists aren't generally feared (Score:2)
Oh yes they are.
The introduction of the ARV (Armed Response Vehicle) was in direct response to the number of firearms involved in serious crime.
ARV= Three police officers with firearms training, Beretta 92f's and H&K MP5's.
Of course they do have a tendency to kill people every once in a while (shot a depressed farmer here in Cambridge a while back) but they're probably criminals right?
Re:Won't make a difference (Score:2)
I thought that restriction had been recently lifted, like within the past couple of years.
...phil
Linux clusters don't get you there (Score:2)
The nice thing about current mathematical cryptography is that many algorithms have strength that's exponentially proportional to key length - so a small increase in the amount of encryption and decryption work radically increases the work that's required to crack it without the keys. Linux clusters and distributed.net [distributed.net] and DES cracker boxes are great for brute-forcing DES and RC4-40 and RC5-56, but the planet only has 2*170 atoms on it, 3DES, which has 168-bit keys, takes only about 3 times as much work as DES to encrypt/decrypt. (Ok, the real strength is only about 112 bits, because there's an attack using 2**64 bits of storage and 2**112 cycles, but there's always 5-DES and 7-DES, and algorithms like RC4 and RC5 don't even take extra work to use longer keys - you won't crack RC4-128 or 3DES by brute force in your lifetime unless the Great Nanotech Singularity changes your lifetime a lot - and probably not in the planet's lifetime.
It's MUCH easier to steal keys than crack good algorithms. Decompiled your keyboard ROMs lately? This is Slashdot, so many of you *have* checked out the device drivers for your keyboards
Re: Blowfish (Score:2)
Re:Showing some...backbone... (Score:2)
Among other things. Ipeople think that the supply of money (as determined interest rates, reserve rates and government deficits) will be high relative to production in the EU, then they will get rid of their Euros in favors of something else.
Re:Why the USA is pissed (Score:3)
A munition is much heavier than the arms that the 2nd ammendment allows. Munitions include shells for heavy artillery and bombs, both of which you most definately are not allowed to own.
A quick glance at the constitution reveals no such restriction....
I'd say you need to re-read it. At the moment the government regulation of nuclear missiles and rocket launchers is a violation of our second amendment rights, BUT it's one that the citizens of the US have chosen to endure the interest of not having weapons of mass destruction available quite that easily. But make no mistake, it IS a violation of the rights set down in the constitution.
Kintanon
Brevity... (Score:2)
Re:Use encryption regularly and casually (Score:2)
In other words, when host A wants to send a packet to host B, it makes an https connection to B (if one isn't already open) and sends the packet along that. At the other end, B interprets the packet as coming from some special 'crypto' network interface, and handles it just as if it had come from the network card or modem.
The advantages of doing this would be that ISPs wouldn't want to block https, since it is used for ecommerce. Likewise governments. And because https is encrypted, there's no easy way to tell that you're engaging in subversive activities (eg encrypted telnet) rather than approved activities which involve buying lots of stuff on the net. (please bear in mind that this whole post has been run through a conspiracy-paranoia filter.)
Also, it could be totally transparent to the user; if such a feature got put as standard into the Linux kernel (for *example*), traffic between Linux boxes would form a sort of 'cryptobone' (!) while communications to other OSes would proceed as normal.
Re:About Time--But Does It Matter? (Score:2)
As for going into detail of course you can't. You don't have any. If you were so involved with security like you claim then you would be much more tight lipped and be able to keep your mouth shut. By the very act of saying you know so much but can only say these little tidbits you show yourself as a person who has never worked in, around, and/or with people or things that deal with security. If you did then you would know never to mention secrets (or hush-hush as you say), even little teasers. Please at least try to be a little more subtle in your trolling.
Re:Why the USA is pissed (Score:2)
The problem has everything to do with keeping powerful uncontolable tools out of the hands of the populace.
Re:About Time--But Does It Matter? (Score:5)
All of the 'standards' (OpenPGP, SSL/TLS, S/MIME) have been published in RFCs. And documents describing almost every algorithm known are available online, either in RFCs, or the conference proceedings where they were first presented. Only code is restricted from export - textual descriptions are fine. And of course reference code for algorithms invented in Europe, Canada and other non-restrictive areas is available too.
Left hand, right hand... :+) (Score:2)
--
Re:heh (Score:2)
That is not to say that I believe encryption restrictions should be in place, just there is always more happening than what is being screamed about.
*ASIDE* I noticed you didn't chide him for not thinking before posting when you reposted...
Devil Ducky
Finally hitting the US where it counts. . . (Score:5)
This is exactly the sort of development that is needed in order to push the US into dropping restrictions on the use of strong crypto. The US govt. has limited concern for the demands of lone privacy advocates and crypto-lovers, but it has a hard time ignoring the concerns of big business, particularly now with the spotlight being on the one's and zero's industry. From the look of the article, a lot of the motivation behind the EU changing these restrictions was economic; companies that have to wait 6-8 months every time they want to sell products containing encryption to someone in another telephone exchange are less competative than those that don't. So this change makes European cryptography exporters (which could include a very wide range of products now a days, not just PGP style personal crypto managers, but also products with embedded protection) more competative. US businesses don't like being less competative than there overseas counterparts. It leads to the creation of "buy American" commercials (in this case, "Encrypt Americans". .
Re:Will The US Govt come to it's senses? (Score:4)
Re:About Time--But Does It Matter? (Score:2)
It's nice to see the American government slapped down a few notches and maybe this will be an "time to end the ignorance" wake up call for Captial Hill and the FCC.
Re:Never attribute to malice... (Score:3)
--
Re:About Time--But Does It Matter? (Score:3)
You dont have to `say` you`re from anywhere...
www.pgpi.com
has version 6.5.1i (i = international)
a wholy legal, inside and out of the states, version of pgp.
a.
can you blame them? (Score:2)
My Home: Apartment6 [apartment6.org]
Re:Leading by example... (Score:4)
Encryption is the process of coding and decoding information to ensure its privacy. The encryption of computer data may well be the most powerful tool peaceful individuals have to protect themselves against Big Brother. Predictably, Big Brother is eager to control it. The rationale, as expressed in A Report to the President of the United States (Sept. 16, 1999): "American history has been punctuated by periods in which the National government had to respond to sweeping social, economic and technological developments." Speaking of cyberspace as a "new tool", the government claims that technology raises new issues to which it must respond in new ways.
Buncombe. The issues are the same as they have always been. In 1785, a resolution authorized the secretary of the Department of Foreign Affairs to open and inspect any mail that related to the safety and interests of the United States. The ensuing 'inspections' caused prominent men, like George Washington, to complain of mail tampering. According to various historians, it led James Madison, Thomas Jefferson and James Monroe to write to each other in code - that is, they encrypted their letters - in order to preserve the privacy of their political discussion.
The U.S. Founding Fathers used encryption to avoid government monitoring. Today, the U.S. government has relaxed much of its crypto export restrictions, but after reading the above article I can see we need to be a lot more vigilant about insuring free, unrestricted communications for everyone. The police-state policies of the NSA and FBI need to stop.
Its about bloody Time... But who cares? (Score:2)
Secondly what the point to the USA being pissed off?
Its not like there are any major threats anywhere anymore. *cough* Iraq*cough* (giggle) and the UN has already made them their Redheaded Step Son. And anyways, Everyone knows that Russia has the Best Coders in the world and If they want strong encryption they'll get it through Russia. (and it will probably be better than *cough* blowfish or DES or what ever we can't export anymore)
On a Sad note. Guess I won't be applying to the NSA anymore....
Re:Use encryption regularly and casually (Score:2)
Look at theTEA project [lemuria.org] (Transparent Encryption Agent), or look at the methods for transparent PGP of mail I outlined in Gnu Privacy Guard tutorial, part 2 [kuro5hin.org] towards the end of the document.
So, unlike your tank cars, this can be implemented easyily and quickly -- with no extra material cost. Replication of software and data through computers is essentially cost free, which how the GNU project [gnu.org] can get away with giving away free [libre, beer] software
I'd prefer constant, perversive encryption to having someone listen into even the most insignificant private conversation I hold any day.
---
Re:Never attribute to malice... (Score:3)
One trite cliche which only exists because someone said it a few years ago and which has been repeated over and over again since then is nothing to build your whole philosophy on. It isn't very realistic, for one thing; there are many things attributable to malice that cannot be explained away by stupidity. Just ask any of Jeffrey Dahmer's victims. To say "never" in that statement is just plain misleading. It wasn't even real life; it was Robert Heinlein, in a fictional novel ("Logic of Empire", 1941). You want something more reality-based to quote as a cliche? Try this one:
Here's another one:
Ahhh, that Lenny Bruce; such a wise man.
I try to avoid cliches completely, myself. They're just so trite, so cutesy. Instead of telling someone "A stitch in time saves nine," I'll tell them "You better fill up your gas tank now before you run out of it in the middle of nowhere and get beaten to death by gangs of hooded hoodlums who would really like to steal everything you own and perhaps rape you in the process." It has more of an impact that way. Similarly, I say now:
Since strong encryption is so easy to come by outside the US and EU, and always has been easy to come by, why have the US, France, and the UK (mentioned in the story) always been so against it? Why not, say, Germany? They seem to be just about even with those other three countries in their maniacal approach to the internet (a side note here for France: Lighten up, guys!! Who cares if you can get Nazi helmets in an online auction, for christ's sake???) so why not on the encryption issue? There are many countries that simply don't see it as a threat. Israel, for example, has certainly had its share of terrorist activity over the years, and I doubt it's gotten any worse because of the internet in any country, whether the terrorists are using strong encryption or Cracker Jack Secret Decoder Rings to secure their transmissions. The law enforcement agencies of the world have no right intercepting and reading the mail of whomever they please. They do it anyway, of course; violating our human rights at will, then either denying it or becoming aloof -- "We have every right to read anything we want to; we have to keep the world safe from (______), don't we?" You may fill in that blank with any perceived "threat" you wish; whether or not it really exists, the end result is the same: it lets the Powers-That-Be do whatever they want to "prevent" or "combat" the real or imagined threat. Look at Communism in the 50's; what a joke that was. McCarthy was an idiot. How about the Nuclear Threat, which has been around for more than 50 years now? Ever since the US permitted their use, people have been terrified of nuclear weapons. It wouldn't have been much of a deterrent if they hadn't used them, of course. Japan had been trying to surrender to us for weeks before we wiped two of their cities off the earth. Why didn't we accept their surrender? Ask Henry Stimson, US Secretary of Defense ("War") at the time. They couldn't let Japan surrender to us until we were ready with the A-bomb and had a chance to use it... and not just use it, but use it on real humans! That's the whole reason Hiroshima and Nagasaki were wiped off the earth: to scare the Russians. Because then the Russians knew that not only did we have the bomb, but (crucially) that we were willing to use it on people. The A-bomb didn't "bring the war to a swift end;" the war was prolonged to make its use possible. After Hiroshima, the Japanese were begging us to take their land, their sovreignty, their women... but no, we hadn't made our point yet. We had to drop another one just to show Russia we meant business. Now, how believable is this conspiracy? I swear to you, it's the God's honest truth, but I bet 90% of you out there have already rejected it simply because that ain't how it happened in the history books you read in school. But remember something: history is always, always written by the victor. Do you honestly think the US History textbook your child reads every day would have the aforemention true story in it? Assume it really happened for a moment. Assume the US decided to slaughter a few hundred thousand Japanese, who just happened to conveniently be our enemies at the time (but they're our friends now; wouldn't you try your damndest to keep on the good side of someone who'd nuked you twice??) just to make a point to the Russians that we wouldn't hesitate to do it to them. Do you really think that would get written down as the Official Version of History? I think not. Whatever people believe to be true because they've been told it's the truth by people they believe and trust is what will be put into the history books. And people with power who are capable of the things the US government has done over the years (biological weapons testing in New York subways in the 1960's; injecting women and children with plutonium just to see what it did to them in the 1950's; the Tuskegee experiments where black men were allowed to die of syphillis just to see what it did to them in the 1940's -- and they called Dr. Mengele evil!) are capable of anything, believe me. Do you truly doubt it? Do you have that much faith in the leaders of this country? They are humans, you know, and thus susceptible to overpowering greed, lust, fear, hate, and all the other things that make people do bad things... and the more power you have, the worse the things you can do and get away with doing through a cover-up!
There's another reason why they want to keep encryption out of our hands: to save face. If we can keep secrets from them, the most powerful "intelligence" agencies on earth, anyone can... and they just can't have us realizing it. Perhaps this whole "Echelon" thing is just disinformation; whether it exists or not, if we believe that it does, and thus they can hear every phone conversation we have, read every email we send, intercept every fax we transmit, and view every web site we look at along with us, it severely limits what we feel "safe" doing, doesn't it? And the less secure we feel in doing what we do, the more we Fear them. That's the key: Fear. If we don't fear them, they pretty much become obsolete. Same as with God. Without our fear of them, they cannot control us.
And "control," the terror that comes with it, the feelings of utter helplessness, the impetus to Obey Thy Master or Suffer The Consequences, are the things without which they cannot continue to enslave the world. So, of course, encryption they can't break Must Go because otherwise, we might feel a bit safer and more secure... and They can't have that. Does anyone out there feel safe in today's world? At any instant you could become just another one of the victims of violent crime. You could die in a drive by shooting 30 seconds from now, or some crazed person could run into your workplace with an Uzi and shoot everyone in it, or terrorists could detonate a nuclear bomb in your city (do NOT laugh at this one; it's truly amazing it hasn't happened yet, what with the 100 missing suitcase nukes from Russia -- Read Schroedinger's Cat by Robert Anton Wilson if you need some convincing); if you're gay, you could be gay-bashed; if you're an ethnic minority in your neck of the woods, or even if you aren't, you could become a victim of hatred at any moment. Matthew Sheppard. Rodney King. Columbine. Waco. Oklahoma City. Ruby Ridge. Paducah. How endless is this list? How far back in time does it go? How far into the future will it go? And every time something like that happens, are we allowed to just forget it happened and move on? No. CNN has to blare the news for weeks afterward, sometimes years. Every anniversary they remind us of just how unsafe we are, how much we need Them to "keep us safe." We're supposed to just blindly let Them have all the control and power over us They want, because otherwise they might not "be able to" prevent another Columbine massacre. It's like Mafia insurance; "Ya gives us what we wants, and we'll make sure nothin' happens to ya..." And strong encryption is just the tiniest aspect of that. It's all about power and them keeping it... and keeping it from us, the ones who actually deserve it and who might even be able to use it wisely without exploiting everyone along the way to keep it.
"The best weapon of a dictatorship is secrecy, but the best weapon of a democracy should be the weapon of openness."
My page about why everyone should use encryption (Score:2)
Why You Should Use Encryption [goingware.com]
Note that while, yes, encryption is processor expensive, I suspect the work to decode all the JPEG images on a "content rich" website is probably a lot greater than the work required to encrypt and decrypt all those images for transmission.
The beauty of today's modern processors is that there is really no problem with just running encrypting everything. If the BIOS would support decrypting the OS as it boots, most of us would have no objection to encrypting pretty much everything on our disks, maybe even including the virtual memory. Really.
My 450 MHz pentium III laptop has no problem playing MPEG movies off a PGPDisk encrypted volume that is stored either on NTFS or FAT (where the encrypted volume is either NTFS or FAT itself - and you know FAT's not a fast filesystem).
Where the performance issues really count is for the servers and for those you'd certainly want hardware encryption. I'd be happy to donate a couple hundred bucks to Slashdot if it went toward implementing an SSL encrypted slashdot server, wouldn't you?
Clients have no problem with encryption in software. PGPDisk you have to pay for but I believe there is filesystem encryption for Windows PCs that is free. Let's see... ScramDisk [clara.net], lots of good links at Yahoo 's encryption software page [yahoo.com]
I remember seeing an australian partition encryption utility there, I recall it implemented an australian government encryption standard as well as the more common ones, but I don't see it anymore.
And of course there's the linux encrypting kernel.
No, there's no reason not to encrypt. I think the main obstacle isn't export controls - it's user interface. Encryption is hard to learn. Compare using an encryption tool to, say, downloading an image from your new digital camera via USB on Windows or Mac. It should be really easy or no one will use it.
Mike
Re:Mixed Feelings (Score:2)
(Warning: I'm not a cryptography wonk.)
It's all a matter of degree. The reason public key cryptography is an attractive prospect is because the difficulty involved in cracking the scheme grows exponentially as key sizes increase. At that rate of increase, you can't just add more/bigger computers into the mix and expect to get results. Of course, no one is actually sure of exactly how hard it is to perform the computations necessary to crack big-key public key algorithims, but they all seem to agree that it's pretty damn hard. Check the sci.crypt FAQ, part 6 [faqs.org].
The reason that the government is concerned is because, for the first time, they're really worried that they can't crack these codes. Or, at least, not quickly enough to be able to do anything with them.
Re:Use encryption regularly and casually (Score:3)
The point is that while it's a worthy goal to encrypt everything for the heck of it, it is not cost effective. Just like it is not cost effective to install two-inch armor plating and internal gel padding on cars, even though it would cut automotive fatality rates by 90%.
As a security expert, you know that encryption is EXPENSIVE. The only way to bring down the cost of custom encryption devices is commoditization. Just like awesome 3-D graphics has fallen within the reach of the masses due to commoditization (anybody remember the $15K+ Elsa & E&H cards that rendered 50K triangles/sec? It wasn't that long back). You basically want a DES (or, more likely, AES) encryption chip on each motherboard.
For this to happen, we need the following:
1) A publicly accepted AES standard. All AES standards require hardware implementations, and I believe all the final proposed candidates have efficient hardware implementations.
2) A cheap chip (or, even better, build it into the mobo chipset).
3) A well-defined API to this device. I assume 2 and 3 will go hand-in-hand.
4) Intel or VIA (through Asus, Abit & others) to buy into this and start building it on their chipset. Alternatively, Once one manufacturer does it, all the others will, too. It's just too big a competitive advantage.
Use encryption regularly and casually (Score:5)
I'd like to see Slashdot, for example, have the option of being served up on 128-bit SSL. I mean all the pages on the site. It would probably be best for the slashdot folks if this were done with hardware encryption support.
For one thing, encrypting all one's casual traffic helps to provide cover for people who really do have something to hide.
I recommend using a web hosting service which provides secure shell login access. One such web hosting service is Seagull Networks [seagull.net]. Here is how I retrieve my POP mail through SSH port forwarding [betips.net]. The tip entry gives BeOS specific instructions but the basic idea should work on any platform for which SSH is available.
And yes I know my email is sent to seagull in the clear, but what this does is generate encrypted traffic (generally a good thing) and also prevents my ISP from snooping on me unless they hack into my hosting service.
If you work in a company and are concerned that your employer may be snooping on your personal email (you're not mailing out your resume are you? Know how an ethernet sniffer works?) then you should definitely use SSH for your mail.
Also on my laptop I use PGPDisk [pgp.com] to encrypt my Quicken Checkbook and source code on NT, and the Linux Encrypting Kernel [kerneli.org] to encrypt source code on Linux. If someone steals my laptop, my clients won't have all their trade secrets stolen too.
Mike
Speed matters. (Score:2)
Besides, in terms of non Public Key Cryptography, 128bit is reasonably secure for current applications. Just look at Distributed.net trying to crack 64bit encryption. 128bit is 2^64 stronger then that. Thats reasonably secure from brute force attacks.
If its a cryptoanalyitic attack your worried about (such as someone knowing how to quickly decrypt the messages), what you need is better algorithms, not longer keys. Longer keys don't stop a cryptoanalyitic attack.
Re:Left hand, right hand... :+) (Score:3)
The funny thing is that the other slashdot article doesn't appear on the mainpage of slashdot, even though it's new enough that it really should.
Perhaps this is a bug in slashdot? That would explain why the other article has only four posts in it....
Re:Mixed Feelings (Score:2)
- They would like to feel more secure about their own communications and secrets (not like Microsoft who are quite happy to use an unecrypted zip file with a click through license, explains a lot about our online privacy and security doesn't it!).
- Personally the industries employees don't feel secure sending their own personal details using low-grade security
So perhaps the pressure has come from the companies, but a large part of the reason is to try and accelerate the uptake on e-commerce because too much of their target audience feels that web security is not secure (despite the increibly insignificant levels of fraud actually perpetrated by breaking encryption let alone where the internet can accept any blame, ask your banking friends how many cases of internet credit card fraud they have seen, mine have all answered none).Re:Leading by example... (Score:2)
IIRC, Sun already has done: back when I worked as a Solaris admin, we received a new version of Solaris which said on the packaging that the encryption components were from Holland. At that time, MS were still selling crippled versions of NT; Sun just moved development somewhere they weren't affected by these dumb laws.
I do wonder why MS didn't do the same - anyone got any ideas?
Incidentally, I received an updated WWW browser by e-mail a few days ago, including 128 bit SSL support, from a UK company. The attached text indicated that the only restriction was that the software must not be exported to the usual places (Iraq, North Korea etc.) and that this was in line with govt. policy - i.e. the restrictions had already been lifted! Is something wrong here, or is the UK just ahead of the rest of the EU?
Re:Why the USA is pissed (Score:5)
The reason that the FBI wants to keep crypto out of the hands of the citizens is indirectly our own fault.  We clamor that we want security and safety and we bitch and moan when our law enforcement (part of our government) doesn't provide it for us.  The war on drugs, the crackdown on guns are simply responses to people's fear and insecurity.  Crypto does make law enforcement's job tougher and that is a fact that everybody should just accept. 
Personally, I'll take the freedom to use crypto in any way that I see fit and I'll argue that even those that wish to use crypto in a way that is counter to my beliefs should be allowed to do so.  The benefits far outweigh the problems that it brings.
"When you trade freedom for security you get neither" - Thomas Jefferson
Re:Not everyone opinion (Score:2)
Been there, done that, cracked it. That little scenario took place during WWII. The Allies won out over the "unbreakable" code. There is NO SUCH THING as an unbreakable code in reality. There is always someone who will spill the beans. There is always someway to capture an encoding device. I'm more worried about Country X launching nuclear missiles than wether or not Country X can talk in private or not.
Bad Mojo [rps.net]
Re:Stop stretching the truth! (Score:5)
From: WhiteHouse
To: Joe Public
The Whitehouse, on behalf of the United States Goverment would like to clear up a few rumors that have been causing an uproar with the citizens of this Great Country.
There was been some acusations and rumors going around that the White House and the United States Goverment are not fully happy with the state of the union. To clear this up, and to fully put out or offical statement on this, on behalf of the United States Goverment we would like to state for the record "We are really fucking pissed".
I know this may come to a surpise to most of the citizens of this Great Country, but ever since the CIA and rosewell conscripies, the Goverment and the White House of this Great Nation of ours, have not really been getting any, and this makes us really pissed off. We (the United States Goverment) watch our citizens going day in and day out getting laid by great looking women, and on behalf of the United States goverment I would like to say "Where is my booty, why don't I get any hoes?" and also like to add "And the United States Goverment is pissed about this"
Thank you for taking the time to read this press release and hope this clears up any details the American public might not be aware about.
EU ethos... (Score:3)
Many rulings in Europe do come about because of big company pressure, but this almost smacks of something else.
Prediction:It means that the European crypto stuff will become the world standard.
Thus all that US investment and current export regime which hurts the consumer in Europe as well as companies can be ignored as a free to export crypto will be more attractive to both US and European countries.
IMO this is an excellent move for Europeans, both in business and the consumers.
So maybe the EU did it _knowing_ it would piss the US off, and with the _express_ intention of reducing the US' control of crypto.
Re:Mixed Feelings (Score:2)
Most of the EU countries have previously supported encryption (UK and France being notable exceptions). The change in policy is "sudden" only if you consider that previous policy to be the one specified in the Wassenaar agreement, which was pushed down the throats of other countries by US bullies.
While there certainly are economic incentives to protect the interests of the european cryptography industry, the conspiracy theory is needless in this case. The idea for the change probably came from the Directorate-General for the Information Society, which is spear-headed by Erkki Liikanen (who was also quoted in the article). See these links for more information:
echelon? (Score:2)
Further, if something "bad" were to happen (i.e. plane blowing up), you know the US Gov't will blame the EU, saying that lift on encryption resulted in that tragedy. Lawsuit to follow?
About Time--But Does It Matter? (Score:2)
Besides, all of the major encryption standards were developed in the US, so the EU's decision will not really affect distribution of the well-known algorithms (except RSA, whose patent will run out and whose algorithm could be integrated without permission into a European company's product).
For once, it's EU that is leading the way. Technologically, we're (US) ahead--but, we seem to be farthest behind when it comes to developing appropriate policy in regards to new technologies.
Re:Use encryption regularly and casually (Score:2)
All you need is access to your SSH configuration information. Another interesting approach is to run VNC (Virtual Network Console) over SSH. On the VNC web page, there is information on how to run a VNC session over SSH on any port number.
The US gov't may be pissed, but not me... (Score:2)
This is an obvious sign that the Wassenaar (sp?) treaty is breaking down, thich is a good thing.
The big celebration will happen when the RSA patent expires later this year... Get ready Uncle Sam, your days of being able to casually eavesdrop on every communication are slowly fading into history.
Of course these things come and go ... (Score:3)
Before that they started opening mail - that's why people would put those elaborate wax seals on their mail .... and before there was an organised mail delivery system intercepting mail was hard ....
My point is that there's been an ongoing technological battle between those who want their privacy and those who want to breach their privacy .... it's been going on for centurys .... maybe the spooks will give up when we're all using quantum entanglement to comunicate .... or maybe they'll juts get a lot more spooky :-)
Re:Why Europe is Different (Score:2)
What effect on US policy (Score:2)
redundant: you can export anywhere from the US in two hops. I see
three main options for US policy makers (from least likely to most
likely): drop their own export restrictions, reimpose crypto
restrictions or pretend it is not happening.
Stop stretching the truth! (Score:2)
It would not be surprising that the US is pissed about this development. But please don't try to stir the sauce - it's hot enough as it is.
Re:Shaped Charges (Score:2)
"I'm not going to teach you how to make unbreakable encryption in this class."
(Class, as one, groans in disappointment)
"I will teach you how to break every encryption method known to man."
(Class Cheers!)
The moral of the story, encryption is breakable by those who have the reasources and knowledge. Hey, maybe someone will finally find a p-np solution.
Re:Won't make a difference (Score:4)
Re:Heh! (Score:2)
By the way, please turn around, there is a gun barrel at the back of you...
Only if you where a little quicker boy, what a shame, and a smart one to.
For everyone reading slashdot, all of GreyFox's posts from now on are really from CIA agents.
Which is somewhat cool, because Agents rack up a lot of karma, but on the down side Agents have a stuble way of brainwashing you though their period and question mark placements.
Why the USA is pissed (Score:5)
And if you disallow exports, you can't create a world-wide standard. But whoops, the EU allows exports now, so we can standardize on that.
So the US is pissed for two reasons:
1) The EU will be the encryption (and thus privacy, etc) standards-bearer for the 21st century. This causes loss of money and face for the US.
2) The US can't keep EU encryption out of the hands of USians unless it also bans encryption imports. And since that action isn't compatible with the nominal "munitions" argument, it would tip their hand too much.
--
Have Exchange users? Want to run Linux? Can't afford OpenMail?
The way things are (Score:2)
Re:About Time--But Does It Matter? (Score:2)
I believe the difference between Europe and the US faded away, just because Europe has a far better policy regarding technology advances.
Tim Dobbelaere
Smart Card & Cryptography
Keyware Technologies [keyware.com]
Honest, we're *not* pissed (Score:2)
Pretty much shows that our gov't is *not* representative of the people or our interests, eh?
--
You have to wonder... (Score:3)
Meanwhile, the US goes on with its laissez faire "privacy" laws (feel free to collect anything you want, and to cross-correlated to your heart's content). Furthermore, we have these lame crypto export restrictions, making secure interoperability on the Internet difficult.
Can anyone call the United States the "Land of the Free" without a touch of sarcasm?
Re:US Patents doesn't matter in EU (Score:2)
The reason D,H,R,S,A and many other US-based cryptographers published first and then apply for patents is that back in the 70s and early 80s, the NSA still had a heavy thumb on the crypto world, and while the good guys were establishing that, yes, they could publish crypto even without permission, there's a bit of American patent law that lets the NSA (and probably other military agencies) seize and classify any patent applications that are critical to national security. So if you published first, it didn't do them any good to steal your patent, but if you applied for the patent first, they could steal it and squelch it. So you published, took your US and Canadian patents if you wanted, and gave up the European patents. Sometimes the dance was more obscure, and you had to carefully time submissions to the patent office and journals to work the time lags in both of them.
Back in the mid-90s, the cat was out of the bag, and I developed a login protocol based on Diffie-Hellman. After some online literature-searching, I was annoyed to find that some guy at Siemens in Germany had also developed it, and patented it in Germany and then the US a couple years before, though I hadn't seen anything about it in print. In US patent law, you can't patent something that would be obvious to anyone skilled in the trade (in spite of all the totally lame and obvious software patents out there, where the patent examiners were clueless about the subject area.) Believe me, if *I* found it, it's pretty obvious (:-) -- it was simple enough I'd expected to see it in the usual references, I was doing the literature search to find if I'd missed some flaw that makes it useless. But the German patent predated the US one, so it wasn't worth pursuing.
Universal Encription (Score:2)
You're wrong: Encryption is cheap. (Score:2)
- You don't need a chip to do encryption
- Chips wouldn't be (and arne't) that expensive, anyhow
- You can put such chips on an ISA/PCI/USB interface, as they don't need to be on the motherboard (e.g. hardware that enhances SSL processing)
Did you even read the post you were replying to? How much do you think that individual spent to be able to apply encryption to so many aspects of his computing and communications methods? Virtually nothing.Your argument is not unreasonable; in fact, I think it's a common misconception. It's not some huge monumental ordeal to deploy encryption for yourself, casually. It should be obvious after reading the parent post that it encryption can be employed almost everywhere, cheaply and effectively, in the status quo.
Re:Never attribute to malice... (Score:2)
Not everyone opinion (Score:2)
send flames > /dev/null