Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Encryption Security

Congress Considers Mandatory Crypto Backdoors 1105

disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.
This discussion has been archived. No new comments can be posted.

Congress Considers Mandatory Crypto Backdoors

Comments Filter:
  • I have mixed feelings about this... It could be good in catching terrorists, but privacy avodocates will have a field day. What do you think?
    • by Mdog ( 25508 ) on Thursday September 13, 2001 @09:31PM (#2296096) Homepage
      Those who give up essential liberties for temporary safety deserve neither liberty nor safety. - Benjamin Franklin
      • New Hampshire (Score:4, Interesting)

        by 1010011010 ( 53039 ) on Thursday September 13, 2001 @10:06PM (#2296351) Homepage
        I think "Live free or die" is pretty good. Along with "Don't tread on me," and "the best we can hope for the people is that they are armed."

        The revolutionaries who founded the United States of America are chock full of good quotes on freedom and defending freedom.
      • by drsoran ( 979 ) on Friday September 14, 2001 @02:52AM (#2297349)
        Benjamin Franklin didn't have terrorists walking onto airplanes and crashing them into buildings full of tens of thousands of people. I think you can safely say this situation is quite a bit different than anything anyone could have predicted 200 years ago.

        As for "mandatory crypto backdoors", I think it's become a common saying that when encryption is outlawed, only outlaws will use encryption. This is a ridiculous time to be making any hot-headed decisions on something like this. Even if the US did make some inane law mandating backdoors in encryption there are plenty of free and completely open strong algorithms out there to use. What stops terrorists from using these other programs NOT made in the US or writing their own code?

        This is the kind of thing that happens after every tragedy unfortunately. Emotional people start making emotional cries for immediate changes. After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people. Banning strong encryption is not going to stop criminals or terrorists from using strong encryption! Hijacking airplanes is also a crime but that didn't stop a bunch of whacked fundamentalist motherfuckers from doing it now did it?
      • by nichughes ( 321642 ) on Friday September 14, 2001 @04:49AM (#2297550)

        "The criminal attempts of private individuals to decide for their country the question of peace or war, by commencing active and unauthorized hostilities, should be promptly and efficaciously suppressed."

        and

        "That individuals should undertake to wage private war, independently of the authority of their country, cannot be permitted in a well-ordered society. Its tendency to produce aggression on the laws and rights of other nations, and to endanger the peace of our own is so obvious, that I doubt not [Congress] will adopt measures for restraining it effectually in future."

        The idea was always there that congress might have to restrict the freedoms of those living within the republic to protect the common good, especially where individuals were trying to provoke the unimaginable horrors of war. Sure you can have a long debate on exactly where to draw the line, you can disagree with where they are currently suggesting the line be drawn, but lets not pretend its quite as simplistic as your one quote implied.


        If you disagree with what they propose then demonstrate alternatives or show why their proposal is worse than the threat faced by the USA. There are good arguments to be made, there are quite probably better ways of dealing with the threat but if all you do is run out old quotes then you are doing what Franklin said;


        Any fool can criticize, condemn and complain and most fools do.

        --

        Nic (expecting to be moderated to -1000 but figures it needed to be said anyway)
    • Re:Mixed feelings (Score:5, Insightful)

      by napir ( 20855 ) on Thursday September 13, 2001 @09:32PM (#2296098)
      Crypto algorithms are well-documented and not difficult to implement. Circumventing backdoors would be as simple as writing your own software, or use an older version of open source software such as GPG that doesn't support government-known backdoors. Sure, it'd be illegal in the U.S., but is that going to stop terrorists? All this will do is make it difficult for law-abiding corporations and individuals to keep data secure.
      • Re:Mixed feelings (Score:4, Insightful)

        by Evro ( 18923 ) <evandhoffman@@@gmail...com> on Thursday September 13, 2001 @10:25PM (#2296462) Homepage Journal
        This is the same argument that crypto supporters have been using all along. Corporations were complaining that they had to compete with foreign companies' products that had much stronger encryption while they were limited to 40/56/whatever-bit encryption for exported products. The argument appears to have fallen on deaf ears for the last 10-20 years. I don't see why now it would be any different.

        And good luck to the government getting people to dump all their current SSL/SSH software in favor of this new awesome backdoored version. Especially with products like OpenSSH which will remain downloadable from any number of sites for quite a while.
      • Re:Mixed feelings (Score:3, Insightful)

        by epine ( 68316 )

        Sigh. The vast majority of signals intelligence is devoted to traffic analysis: figuring out who people are talking to. Think about this. Do you think they have the resources to read all the stuff they can capture?

        Once they decide that an individual is connected into too many suspicious circles (drugs, munitions, political activism, voting democrat, etc etc) only at that point do they consider devoting resources to decyphering the content of the traffic exchanged. Compared to the total volume of traffic exchanged on global networks, they have the resources to crack only a tiny sliver of those communications.

        If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.

        It's very important to limit the total volume of strongly encrypted traffic. If they manage to limit strong encryption to 1% of the population consisting entirely of /. geeks, terrorists, and kiddie pervs that makes the expense and difficulty of their job at least an order of magnitude more bearable.

        In no way whatsoever do the objectives of this initiative depend upon Bin Laden adopting an American approved backdoor technology.

        Arguing that the American government thinks this is the objective of their backdoor policy is juvenile circularity invented to justify our _premise_ that the government is too stupid to be trusted in anything.

        Let me try to paint a picture of how things work based on what I believe to be the existing American capability in rough factors of ten.

        I would think that the Echelon system maintains a unique identity for 1 billion of the world's 10 billion people. This group would include the majority of people who have used a telephone at some point in their lives, and not many who haven't. We can think of this group as the "literate and connected" group.

        Out of of this roster of one billion "known" individuals, 100 million would be identified as belonging to the sphere of national interests. Anyone with a degree in metalurgy, who has ever travelled to the middle east or the eastern block, who has ever held a pilots license or owned an airplane, people involved in international trade, people trained to operate weaponry of any kind, people on the inside of national infrastructure grids, etc etc. What they are looking for at this level is overlap between the groups motivated to cause trouble and the groups with the skills or resources to cause trouble. The only thing they need to identify about people in this group is the various spheres of influence each person belongs to.

        Out of this group 10 million people are identified who have a significant presence in groups representing both means and motive. If you are in this group, Echelon problably knows your great grandmother's maiden name. Your location is monitored and the people you communicate with are identified and recorded. Your traffic will be subjected to keyword analysis and correlation beyond what the bulk filters are capable of processing. A select ten percent of your communications are permanently recorded in case they become interesting at a future point in time.

        Out of this group, 1 million people are identified who combine means+motive+opportunity. It is this group of people where they become very interested in digesting the _contents_ of your communications. Perhaps 1% of this is selected for a few seconds of human attention.

        Our of this group, 100 thousand people are subject to exhaustive scrutiny and human analysis.

        Out of this group, 10 thousand individuals are actively operated against. If you are in this group, there are white vans parked in your street, your cigarette lighter contains a satellite transponder, your keystrokes are monitored by devices that can only be seen under an electron microscope. To belong to this group you need to have your fingers stuck into more than one pie. These people are the tendrils that bind shadowy worlds together.

        Out of this group, you have 1000 people designated as the world's primary disruptors of shit. If you are in this group there is someone in the intelligence service who knows more about your life than you know about yourself. Your continued existence is reviewed daily. It's a good practice to surround youself with equally despicable proteges who are eager to take your place.

        Out of this group, there are 100 people who's continued existance is considered bothersome. These are the people who out so well protected or removed from American influence that nothing much can be done about it.

        Out of this group, 10 people are nominated by American politicians to play the part of celebrity terrorist. These are the "forces of evil" who constantly invoked to sway public opinion on any issue where it allows the government to get what it wants.

        Take a good look at that pyramid and decide whether it matters to the American intelligence service whether ten million people use strong crypto or whether one hundred million people use strong crypto. The intelligence service needs to know enough about this group of 100 million people to determine which subset of 10 million people deserve the next layer of surveillance.

        But no, if Bin Laden alone uses strong encryption, the entire government agenda against the strong encryption is ridiculed as being completely bogus. A fine example of /. rhetoric.

        • Re:Mixed feelings (Score:3, Interesting)

          by choco ( 36913 )
          Your argument is one I have seen before. But it is fundamentally flawed.

          The first thing to consider is the "trust" question. Do people trust their governments? The unavoidable answer is that here in the UK, in the USA and in many other countries, a very significant part of the population very obviously do not fully trust their governments.

          Arguments about whether this attitude is well founded aren't relevant. All that counts is the existence of enough such people.

          The next thing to consider is the praticalities - can it be made practically dificult for those who distrust their governments to obtain software without backdoors. Even in a "closed source" world this is going to be very dificult or even impossible - too many people already have the tools and the knowledge and it is very easy to spread the information around. In a world where "Open source" software is permitted I reckon it is simply impossible.

          So we have a number of people who wish to prevent government snooping - or simply wish to reach the maximum level of security they can achieve. If those people choose to use techniques without backdoors - they can do so.

          Can you "persuade" such people not to use encpryption without back doors ?

          I don't think you can do it by force. The first problem is detecting them. Such People will simply encrypt their files securely and then encrypt the results again using an "approved" method.

          How are you going to tell that people are using "double" encryption ?

          Maybe the security services will be allowed to do audits - use their backdoors on randomly selected messages to check that people aren't hiding unapproved encryption ? Do you think that would be publically acceptable ?

          What happens when security services encounter a file format they don't understand ? Can they demand that all file formats be explained to them to ensure you're not encrypting data ? Will that be universally publically acceptable ? Is it even practical ?

          So if you enfore encryption with back doors all the security services will see is an apparent mass of files encrypted using the approved methods - with no practical, publically acceptable or easy method of picking out the interesting messages or recipients.

          >If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.

          ... and because of the above they still won't have the resources to sift it.

          The only way to tell which of your 100 Million people are using unapproved crypto is to routinely open the "back door" to the privacy of all 100 million - with all the practical and political problems that follows. Even then you aren't much further forward.

          What's even worse is that the REAL terrorists will be busy uploading and downloading beautiful, original, high definition photos of huge flower arrangements and landscapes - with the real (heavily encrypted) messages hidden within using stego. So while the security services are busying trying to determine which of their 100 million make it onto the next list and then the next list - they've already eliminated from further study the ones they're after. Use stego correctly and it is near to mathematically undetectable as really makes no difference.

    • I can't see that any terrorist with a quarter of a brain will use a crypto scheme with a backdoor. So, the only people who can be spied upon are those who are law-abiding, and the only people who can't are law-breakers.
      • No, no, the funny thing to think about is all the terrorists going and *upgrading* their current encryption software because of a change in the word doc formats... inadvertently installing a backdoored compliant version. Microsoft will save the day, yet again!

      • Re:Mixed feelings (Score:5, Insightful)

        by Sniser ( 325496 ) on Thursday September 13, 2001 @10:18PM (#2296422) Homepage
        Exactly. Makes you wonder if the folks in congress haven't thought of something utterly obvious like this? Makes you wonder if it's about terrorism at all.

        "Of course it's about terrorism and defending liberty and democracy", you say. "It's fucking heartless to think this is some plot to handcuff us. Come on, thousands of innocent people DIED in the WTC, we've got to DO something, QUICK!"

        Right now, I'm not worried about terrorism at all.


        "This year will go down in history. For the first time, a civilized nation has full gun registration. Our streets will be safer, our police more efficient, and the world will follow our lead into the future."

        Adolf Hitler, 1935



        You see, even IF there was complete security, this isn't a good thing, as long as the govermnent isn't really democratic (look it up, there IS no democracy on planet earth... it's representative democracies, which is an oxymoron). Because your safety always depends on the govermnent not to screw you over.

        So I'm asking you, do you feel lucky?

        Americans and Europeans (me being german, and for me being the answer a "no", and a very resounding one after the things I heard our politicians say in the last 2 days), do you trust your governments completely, blindly, and does that "no time for criticism now, we have to stand together as the civilized nations of the free world, we'll do what we have to do (and we'll tell you what that is when it's already underway)" help to increase that trust?
    • Re:Mixed feelings (Score:5, Insightful)

      by ttyRazor ( 20815 ) on Thursday September 13, 2001 @09:59PM (#2296304)
      I think the point that some on TV have made that there is a significant lack of "human' intelligence (i.e. spies) is a lot more important than the lack of electronic surveillance and crackable crypto. I believe our intelligence agencies have become too preoccupied with their toys, and have forgotten that the most relevant communications occur in person.

      On top of that, they already have the tools, and putting mandatory backdoors on future products is not going to affect existing software. What would they do to them for using unauthorized software? arrest them?

      If this even gets close to being implemented, we need some sort of pledge from the intelligence community, backed by strict legislation, that any such system can ONLY be used or the purpose of national security and anti-terrorism, and any use beyond that would be strictly prohibited, and any other information obtained shouldn't leave the place it was intercepted from.

      Just my 2 cents, right now I do not feel any of us really is in any position to make a real judgement about this. Keep that in mind when forming some opinion that you would be unwilling to comprimise, as a few of us here often do.
      • Re:Mixed feelings (Score:3, Informative)

        by jdriller ( 416280 )
        Pledge so just used in emergencies? Ha ha ha...
        My x brother in law wrote an article in left wing Z magazine about the special federal circuit court that is specifically set up to approve wire taps. I forget the year and the exact numbers but they rejected something like 4 out of 23.7 THOUSAND. We ALREADY have a guarantee against unreasonable search and seizure and right to liberty. It is the basis of all our law. It is the Constitution. Pledge of restraint and honesty? You have me rolling on the floor!!!
        Oh, and by the way he had a white van outside his house for a week - night and day. My nieces even brought the spooks cookies....yeah, and he was a real threat. He is a newspaper sports writer mostly.
      • Re:Mixed feelings (Score:3, Insightful)

        by TomV ( 138637 )
        I think the point that some on TV have made that there is a significant lack of "human' intelligence (i.e. spies) is a lot more important than the lack of electronic surveillance and crackable crypto.


        I'm in the UK, so, tragically, have had to be a bit more aware of terrorism for the last 30 years.


        The Guardian newspaper made a similar point yesterday, citing the example of IRA standard operating practice where operational information has almost never been passed using telephones, fax or more recently email. The procedure most widely known has been for the two terrorists to get onto the same bus from different stops, talk quietly on the top floor, and get off at different stops.


        Crypto back doors, satellites, phone taps, the whole panoply of technological measures, whilst reassuring, can never have a useful impact on this sort of approach.


        OTOH, if, in fact, the CIA have 10,000 agents of middle-eastern origin under deep cover throughout the world, I don't want to hear them proclaim the fact to get out of a bad PR situation. Rather better to take the PR hit and leave the agents in place doing the job.

        TomV

    • I'm crystal clear on this one.

      They can have my copies of (OpenSSL|OpenSSH|gpg|etc.) when they pry them from my cold, dead fingers.

      That, and, as others have pointed out, the algorithms are known and not that difficult to implement. Any self-respecting terrorist would simply ignore encryption tools with backdoors built into them. It would (who am I kidding, will), generally speaking, only be the law-abiding folks who would (will) be injured by this.

      And I continue to be amused by the way second amendment slogans seem so appropriate to the likes of DMCA, SSSCA, and crypto regulation...

  • by purduephotog ( 218304 ) <hirsch AT inorbit DOT com> on Thursday September 13, 2001 @09:29PM (#2296084) Homepage Journal
    without much fight. All the right words will be said for fear and fright

    And if you fight against it you will probably lose... unfortunately. Maybe in a year. Or two. But the mood of the American people is quite frightening- cold rage.

    Besides- who says the government CAN"T break them already? It probably just takes a bit more effort...
    • by Erasmus Darwin ( 183180 ) on Thursday September 13, 2001 @09:41PM (#2296172)
      "Besides- who says the government CAN"T break them already?"

      The fact that they're passing legislation to add mandatory backdoors is a pretty big clue that they probably can't break some crypto already. A known backdoor significantly decreases confidence in a crypto-system and will cause the bad guys to be more vague and/or use the uncrackable but less convenient "one time pad".

      • by csbruce ( 39509 ) on Friday September 14, 2001 @12:03AM (#2296936)
        I think that the U.S. government will have a very difficult time convincing the terrorists that they should be using the government-crackable encryption rather than the easily available hard-to-crack kind. I guess the U.S. is determined not to be a relevant player in cryptography research or commerce.
  • Well... (Score:5, Insightful)

    by Scoria ( 264473 ) <slashmail@nosPaM.initialized.org> on Thursday September 13, 2001 @09:31PM (#2296094) Homepage
    I'm sure some open-source (and even minor corporations) would never agree to this.

    Especially those not in the US.
  • My essay (Score:4, Interesting)

    by jallen02 ( 124384 ) on Thursday September 13, 2001 @09:31PM (#2296095) Homepage Journal
    This is what I am afraid of! :(

    Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this :(

    The Price of Freedom [dyndns.org]

    Jeremy
    • Re:My essay (Score:3, Offtopic)

      by Supa Mentat ( 415750 )
      I agree with a lot of what you had to say. But the idea that we could possibly hit them so hard that no one would ever again DARE to do something like this is absurd. A strike that powerful does not exist. Why would terrorists like these ever fear us? Because we're going to kill them if they try anything? Perhaps you forget that they died doing this. Religious fanatics don't give a damn what you can do. If they die they are going cloaked in the glory of their God and will forever be considered martyrs by their people. We have to respond with something but there will never be a thing we can do to keep religious fanatics and other suicide terrorists scared enough of us as to prevent them from attacking us.
  • I don't think so. (Score:5, Insightful)

    by stuccoguy ( 441799 ) on Thursday September 13, 2001 @09:32PM (#2296100)
    Make it illegal to have crypto with no back doors and all law abiding crypto users will use back-door laden crypto and their law abiding messages will be an open book to law enforcement agencies.

    Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.

    • Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.

      Think harder: With carnivore, the government sees all traffic. They see crypto they can't break, they trace it with help from the ISP, they pay someone a not-so-friendly visit.

      Please stop convincing yourself it can't work. It can work, and pretending otherwise will only make it more likely.

      • There are too many things that encrypted information can be sent in. A simple "Coke sends this free drink tray" windows binary could probably have a code hidden in it.

        If someone wants to hide information, they will, period. All this law would do is make our own information - our credit card numbers and personal information - less secure.

        Lets face it : if the feds can break it, so can crackers.
        • by The Pim ( 140414 ) on Thursday September 13, 2001 @11:15PM (#2296710)
          If someone wants to hide information, they will, period.

          The history of cryptography has shown that the seemingly simple goal of transmitting hidden information is actually really, really hard. The suggestion that if the government outlaws the well known digital privacy schemes, people will come up with others just as good, is naive. It's the same reasoning that says that secret encryption algorithms should be more secure than public algorithms. It grossly underestimates the techniques available to detect and break poorly designed systems.

          If the author of OutGuess [outguess.org] can detect [outguess.org] most steganography, I would not feel at all secure using your "hide the encrypted message in an executable" trick.

          • by driftingwalrus ( 203255 ) on Friday September 14, 2001 @04:53AM (#2297555) Homepage
            If I where to send an e-mail that something like this:

            Hi George, how's the family? We're doing great over here, Lisa just gave birth to a baby boy, 6 lbs. We're planning on visiting New York September 12th, and hope we can see before heading home. Will you be in the area? Maybe we can get together for lunch.

            Would you know that the sender was REALLY telling the reader to set off a fire bomb(baby boy), approx. 6lbs in weight charge, September 12th at ? Or how about a numbers station?

            They quote numbers indicating page and word number in a certain book. m Like fourth word on the third page. The receiver then looks it up and reconstructs the message. This, my friend, is steganography. I honestly don't see how a computer could pick this stuff out.

      • by Zagadka ( 6641 ) <zagadka@noSPAM.xenomachina.com> on Thursday September 13, 2001 @10:05PM (#2296342) Homepage
        With carnivore, the government sees all traffic. They see crypto they can't break, they trace it with help from the ISP, they pay someone a not-so-friendly visit.

        But encrypted data can be hidden in non-encrypted data, in ways that make it virtually impossible to detect, using steganography. So the criminals could send photos to eachother, or even have a web-cam feed with data steganographically encoded into the frames.

        Take a look at OutGuess [outguess.org], for example. You might also find this article [antioffline.com] to be interesting, particularly the part with the photos of the Statue of Liberty.
        • by The Pim ( 140414 ) on Thursday September 13, 2001 @10:44PM (#2296557)
          Take a look at OutGuess, for example.

          And you might look at Stegdetect [outguess.org], by the author of OutGuess. He claims to detect many other popular steganography techniques. The feds throw stegdetect onto carnivore, and you can expect using steganography to earn you one of those unpleasant visits.

          Steganography is a long, long way from offering the practical security of encryption. Is it really possible to create a system that is undetectable even if the algorithm is public? Nobody's sure yet. Do the bad guys have the means to create their own effective algorithms and keep them secret? Questionable. Can they use a stego system correctly on a wide scale? Unlikely at present, since there is no popular, easy (for non-technical users) software, nor is there the widespread understanding of how to use stego that there is about crypto (these things do matter when it comes to the successful implementation of any security scheme).

          The point is, the government can (by imposing on everyone's liberty) effectively stop criminals from communicating privately. Therefore, we need to come up with a better argument than "it won't work", in order to prevent it.

          • There ARE ways to make Stego hidden enough that most methods are ineffective. And that's the real point here- the Terrorists in the WTC/Pentagon attack didn't use unbreakable Crypto- they didn't use much of anyting as far as anyone's been able to tell at this point.

            The terrorists seem to have won what they wanted- this country's using this as excuse to reduce our liberties and we're doing other things out of pure fear and demands for false security.
      • by MarkusQ ( 450076 ) on Thursday September 13, 2001 @11:24PM (#2296751) Journal
        Please stop convincing yourself it can't work. It can work, and pretending otherwise will only make it more likely.

        The people who are pretending are the ones that claim it can work. Crypto, as an arms race, is over. Given sufficient computational power on both sides, there is a guaranteed win for the encryptor.

        Claiming otherwise is like claiming the second player can force a win in Naughts-and-Crosses (aka Tick-Tack-Toe). It simply isn't true. The effort to hide information grows O(log2(N)) for parameters N for which the effort to find the information can not be bounded by a polynomial. In English: as the game gets more complex, it gets harder to encrypt at a much slower rate than it gets harder to decrypt.

        At some point (say, now) encryption has such a lead that it isn't even possible to say what contains encrypted data and what doesn't. Even the fact of encryption becomes hidden. From that point on, the decryptor is left with social tools (infiltration, hoping the bad guy slips up, etc.). Technology (and legislation about technology) can't help.

        -- MarkusQ

      • by MattW ( 97290 ) <matt@ender.com> on Thursday September 13, 2001 @11:44PM (#2296843) Homepage
        All they'd have to do is hide no-backdoor encrypted messages within backdoor-encrypted messages, and it would be undetected unless Carnivore automatically decrypted all messages, which conflicts with what the lawmakers are saying -- "only under the oversight of a court".
    • Re:I don't think so. (Score:4, Interesting)

      by Jeremi ( 14640 ) on Thursday September 13, 2001 @11:27PM (#2296768) Homepage
      When all the lawful crypto users are using back-door laden crypto, the criminals and terrorists will walk right through those back doors to wreak more havoc. How does that help anyone?
    • by billstewart ( 78916 ) on Friday September 14, 2001 @02:12AM (#2297272) Journal
      "The price of freedom is eternal vigilance" means us watching the government - not the other way around. Sometimes they get out of hand, and need to be reminded, like Senator Gregg, R-NH, whose speech started this discussion. We spent the whole Clinton Administration beating up on the NSA and the export bureaucrats and doing EFF lawsuits and anti-Clipper petitions and building DES-crackers to get the Feds to acknowledge that neither the First, Fourth, and Fifth Amendments nor the economics of computer technology were on their side, and generally it was the Democrats supporting the anti-civil-rights side (not too surprising) and the Republicans playing good guys (unusual, but it happened to align with business interests and oppose the administration.) Now that the Republicans are in control of the Presidency, we're seeing them start to switch sides (not too surprising, unfortunately, and there was always a split between the more pro-business Republicans who were mostly pro-crypto and the more social-conservative pro-police ones who were against it.)


      For another perspective on eternal vigilance, David Brin's [kithrup.com] book The Transparent Society [amazon.com] talks about the issues of ubiquitous cheap video cameras combined with cheap communications and computing. The recent face-recognition uses at Florida sports stadiums and the cheap X10 cameras with the annoying pop-up web ads are only the beginning.

  • It's too late (Score:2, Insightful)

    by KilljoyAZ ( 412438 )
    Whatever djinni that was in the bottle is out now. Restricting cryptography and crypto research in the US will do nothing to prevent its further development abroad. The Congress' energies would best be spent elsewhere, I think.
  • by ThePurpleBuffalo ( 111594 ) on Thursday September 13, 2001 @09:32PM (#2296103)
    Realistically, since the threat originates abroad, you would need to make all countries of the world follow this law. Also keep in mind that terrorists don't usually follow laws. Thirdly, home grown crypto is easy because Applied Cryptography (great book) costs $40.
  • by Waffle Iron ( 339739 ) on Thursday September 13, 2001 @09:33PM (#2296116)
    The cat is already out of the bag
    The genie is out of the bottle
    Humpty Dumpty is already broken
    Etc.

    What would this accomplish?
  • by Col. Panic ( 90528 ) on Thursday September 13, 2001 @09:33PM (#2296117) Homepage Journal
    The price of safety is too high if we are to reveal all communications to a government body. I am reminded of the arguments to register all firearms and the corresponding cry, "You can have my gun when you pry it from my cold, dead fingers!"

    Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.

    We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".

  • by Anonymous Admin ( 304403 ) on Thursday September 13, 2001 @09:34PM (#2296119)
    We can rest assured that all terrorists will promptly upgrade their crypto systems to use the backdoored versions. They are a patriotic and considerate bunch after all.

    sheesh.

    legislators.
  • Huh (Score:5, Insightful)

    by Anonymous Coward on Thursday September 13, 2001 @09:34PM (#2296122)
    Like the concept could possibly work. Why dont you just forbid terrorists from using oxygen? About as practical, and 100% effective.
  • Heavy crypto user? (Score:5, Interesting)

    by Glytch ( 4881 ) on Thursday September 13, 2001 @09:35PM (#2296128)

    Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.

    His sympathizers, on the other hand...

    • by gad_zuki! ( 70830 ) on Thursday September 13, 2001 @09:52PM (#2296244)
      He's a millionare that runs a sophisticated terrorist network consisting of cells all over the world.

      Yes, Dorothy, there are computers in the third world.
      • by Glytch ( 4881 ) on Thursday September 13, 2001 @10:26PM (#2296465)
        I wasn't saying anything about computers in the third world. I was referring (which I should have pointed out, now that I think about it) to an interview on CBC today of a journalist who is one of the few westerners to ever personally interview bin Laden. This man (forgot the name) recounted the three times he had seen bin Laden. When he described their last meeting in Afganistan, he was carrying a several newspapers. Bin Laden saw them, grabbed them, and sat in a corner to read through them all because he was so out of contact with the rest of the world.

        BTW, did anyone else see the interview? I'd like to get this guy's name. It was on Newsworld about 3pm AST, I think.
        • by Tim C ( 15259 ) on Friday September 14, 2001 @06:02AM (#2297666)
          That's exactly what I'd have done in his position - made the world think that I was out of touch, with a primitive communications infrastructure at best.

          Appear to be less of a threat than you are, and you get left alone, and can choose your battles. Appear to be gaining in power, knowledge and skill, and someone will have a go at taking you out for their own good.

          I'm not saying that that's the case here; just that that's what I'd do (and I'm no crimincal mastermind :) )

          Cheers,

          Tim
  • by Ghoser777 ( 113623 ) <fahrenba AT mac DOT com> on Thursday September 13, 2001 @09:36PM (#2296137) Homepage
    Sure, they want backdoors into email encryption now, and it seems harmless, but what will they want next? Why not have every home in America bugged; that way we can know when a burgaler is going to commit a crime. Cameras everywhere, low crime. Of course, the price will be the right of privacy.

    And when your behaviors are available freely for government inspection, it's much easier for them to supress behaviors they do not approve of (cause they know when it happens, unlike now when it can be hidden behind closed doors). You know, meetings about how to reform government.

    Of course the government will tell you that they'll use these backdoors only when they need to, national security type things. That's what the Dean at my old high school said, and then we caught him watching the monitors repeatedly for the fun of it.

    Oh yeah, not that the government has to actually be watching for you to be good now. Think how different your ations would be if you thought that the government might be watching at all times. This is pure, hardcore social control. It's like a gaurd tower in a jail. If there are clear windows, you can always tell when you are watched and when you are not. If the windows are dark, then you never know if you are being watched, so you act as if you are always being watched.

    They might as well run a wire into our head.

    F-bacher
    • by kin_korn_karn ( 466864 ) on Thursday September 13, 2001 @10:01PM (#2296322) Homepage
      that's right. here's what you do to keep it from happening:

      Go to wal-mart. go to that counter in the back with all the funny-looking thin things sticking up. there's a cash register back there and a cabinet, against a wall, that has these wood and metal things in it that you've probably seen. They're guns. Now that you're back at this weird counter in wal-mart, buy a gun (if you're 21 and otherwise legal to buy one). You'll want a 12 gauge shotgun, and a box or two of #4 rounds, 2 3/4 inch (standard) size.

      Now, take it out to the country. Load it. fire it. nobody will notice right now. get used to firing it. shotguns kick hard, but they kill fast and you don't have to aim very well with them.

      Why did you do this?

      See, when you can own guns, you have power over the government. They even wrote it into the law of the land, the Constitution, to ensure that the american people could have guns for cases just like this one that this thread describes. And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights, like James Madison and Thomas Jefferson knew we would have to.

      You're probably sitting there thinking, "what a crackpot." Hey, it's your freedom, I plan to keep mine.

      • And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights


        I never quite understood this argument. Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?

        • Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?

          The F16 and the nuke are weapons of mass destruction. For the government to PACIFY the people, they will have to OCCUPY our cities -- not destroy them. And an occupying force is terribly vulnerable to resistance.

          In the worst case scenario of a US revolution, the army will be rolling in with tanks and ranks of guys with rifles... and that's the kind of enemy that Joe Average with a Gun can in fact take on.

          Look at Chechnya. The Russians had to shell Grozny into a smoking pile of rubble because the Red Army could not deal with rebels with rifles. If it was Moscow that was to be pacified, they probably wouldn't have gone to such extreme measures; the Russians HATE the Chechens.

          I do not believe the American armed forces would pull a Grozny on an American city. Remember, the soldiers are our countrymen, and if average people were pissed off enough to take part in a revolution, that's going to include military folks too. They aren't the enemy... they are US.

          If some faction within the gov't started NUKING our own cities, I believe that the vast majority of our people, military and civilian, would unite to take the bastards out. And we'd do it too, with our Glocks and hunting rifles and fighting spirit.

          Anyway, it comes down to this: if the military tries to suppress or pacify an American revolution, they are vulnerable and I believe ultimately they will lose. If they try to utterly destroy us with nukes... well, ok, my shotgun won't help. But that isn't a revolution we're talking about there... it's genocide. I doubt things would ever come to that. We probably won't be nuking anybody as a result of the WTC attack, and that was a provocation worse than Pearl Harbor... so talk of nuking ourselves is pretty far out there.

  • They can't (Score:2, Insightful)

    by Nicodemus ( 19510 )
    Most crypto is made outside of the US, and as such they would have no control for adding back doors to it. They would have to create an import restriction so that US citizen's can only use US written crypto. And that wouldn't hurt Bin Laden at all. So don't worry...
  • How would that help? (Score:5, Interesting)

    by cperciva ( 102828 ) on Thursday September 13, 2001 @09:37PM (#2296146) Homepage
    From what I've heard, Osama Bin Laden doesn't use cryptography so much as he avoids using electronic communications at all. He has even (gasp) been reported to meet with his underlings *physically*, as in "lets all go into the same room and talk face-to-face".

    Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.
  • by aminorex ( 141494 ) on Thursday September 13, 2001 @09:37PM (#2296148) Homepage Journal
    Illustrious Baron Harkonen today decreed that
    all citizens will be equiped with remote-controlled
    heart-plugs. This will make us all safe, because
    only the loving Baron will have the transmitter,
    and he will only use it to protect us.
  • by Dr. Awktagon ( 233360 ) on Thursday September 13, 2001 @09:38PM (#2296153) Homepage
    Did you know, you can walk into almost any store and buy a knife WITHOUT ANY BACKGROUND CHECK? They should at least check the buyer for dark hair and skin, the signs of a terrorist.
    And I understand that plans to make knives are available on the internet? It used to be, only a skilled craftsman could make one, now any punk in his mom's basement can craft a steel blade capable of hijacking an airplane and crashing it into a building!
    • by 1010011010 ( 53039 ) on Thursday September 13, 2001 @10:01PM (#2296325) Homepage
      Well, and this is obvious, so please forgive me, it's because the hijackers strapped deadly crypto to themselves and threatened use it. *Of course* the Feds want to ban Crypto, and other sharp and/or explosive devices. They love us and want to protect us. This time.

      They had better legislate tender steak too, because we'll all be eating with plastic spoons next.
    • by pete-classic ( 75983 ) <hutnick@gmail.com> on Thursday September 13, 2001 @10:09PM (#2296370) Homepage Journal
      Finally, someone understands.

      I am trying to gain support to put together an organization I plan to call "Boxcutter Control, INC."

      The role of the unregulated boxcutter supply has been downplayed for far to long. Perhaps the one good thing to come out of this tragedy will be that we will reach the long over due conclusion that there just isn't a place for private boxcutter ownership in our society.

      I am also concerned about the baseball bat situation. Are you aware that in many areas a CHILD can purchase a THREE POUND baseball bat? There is NO purpose for such a heavy bat except for hitting things VERY hard. Now, I wouldn't interfere with people using a bat for sporting purposes, but they should be carefully regulated as well.

      Sure, this might be inconvenient, but if just ONE CHILD is saved, won't it be worth it?

      -Peter
  • Best reply (Score:5, Insightful)

    by Todd Knarr ( 15451 ) on Thursday September 13, 2001 @09:38PM (#2296155) Homepage

    I think the best reply one can give to the politicians who want to impose this is:
    "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"

    • Re:Best reply (Score:5, Interesting)

      by lie as cliche ( 266319 ) on Thursday September 13, 2001 @10:35PM (#2296508) Homepage
      `I think the best reply one can give to the politicians who want to impose this is: "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?'"

      I don't.

      The objective here isn't to stop the guy. They could've if they'd wanted to. About a week before the attack the U.S. Postal Service stopped delivering air mail to the region. They knew something we didn't, and opted not to stop it. And I think I know why.

      We hear a lot about terrorism against the U.S.. We don't usually hear the other side's complaints. Obviously they don't think of it as terrorism, they think of it as some sort of a protest. I wonder what they're protesting, and why. If our government did something unjust to them, I wouldn't trust our media to tell us about it. But as a tiny little group of malcontents going up against the U.S., about their only recourse is an attack like this. Given that the U.S. government knew about it beforehand, they didn't bargain to prevent it for one of two reasons. Either the price was considered too high, or the U.S. government thought that an attack like this would end up working in their favor. They've been looking for an excuse to nullify cryptography for years now. Anybody remember the Clipper chip? The legislation keeps being defeated, because people are siding with the need for privacy. Now they've been able to demonstrate a supposed need for the U.S. government to know everything that's being said anywhere in the country. Perhaps they think it will sway the common consensus in favor of their legislation.

      Galling, isn't it. More impressive (from a logistical standpoint) than crippling a nation with a store-bought knife and their own planes, is the prospect of prying your way into a nation's cryptography with someone else's store-bought knife, someone else's plane, and a bunch of lives you don't care about because you think of them as "your citizens", in the same usage as "your house" and "your car". Oh, and a temporary economic setback which you mitigate by printing more baseless currency. Clever.
  • by siraustin ( 129661 ) on Thursday September 13, 2001 @09:39PM (#2296163)
  • by LWolenczak ( 10527 ) <julia@evilcow.org> on Thursday September 13, 2001 @09:42PM (#2296179) Homepage Journal
    I, an American Citizen enjoy the security I have with crypto. I like knowing that the scriptkiddies that can see my traffic are unable to gain any information from my traffic that could be used against me, against my employer, or my friends.

    Why bother to make more laws? I'm sure there is a large stack of computer related laws, but nearly none are enforced, except when they want to slam somebody who is doing something thats perfictly fine in our books, but that they just don't like.

    I say we need to rally on this one, Crypto is good. It protects the common man from imtimindation, It protects companies private information, it aids in the protection of networks, that would otherwise be at risk of being hacked, by open logins, passwords, and secrets that cross the internet all the time.

    If you want to detur use of encryption, just outlaw it, and only the unlawful will use it, the lawful are the ONLY people hurt by such ideas and possible laws.

    Be reasonable, and Just. This is no time to be bickering anyway, nor is it time to take actions anywhere close to what the FAA has done.

    If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them. It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns. Again, what the FAA has done, only hurts the lawful people.

    IPSec & SSL Rocks!
  • Adobe puts a back door into it's ROT-13.

  • I haven't really followed the state of crypto freeware in years. Last package I used was PGP, which now seems to be commercial (www.pgp.com).

    Time to get familiar with the free stuff again, I think. What's good and reputable? I have no idea where to start.

    (Looking for Mac/Win desktop stuff, but wouldn't mind looking at Unix stuff too.)
  • The mildly paranoid will only use encryption software they have compiled themselves, from source code they can trust, written to follow specifications by respected people in the crypto community.


    The mildly paranoid will also only use compilers they have compiled themselves, and only use implementations that have undergone a line-by-line code review by a trusted person in their organization.


    The truly paranoid will only run this crypto on isolated systems using chips that they have personally inspected the original die and have an established 'chain of custody' from original pressing to installation in this isolated workstation.


    Osama Bin Laden will just have a few dozen of his faithful followers memorize 'one time pads', and a few hundred who can do 8-round Rijndael in their heads, and laugh at the silly Americans giving up essential liberties for a little temporary safety.

  • Someone should explain that whole horse-barn door thing to Congress.

    There's no way a foreign company is going to put up with the US government being able to read their stuff like it was a plain text postcard. "Why no, Airbus, we didn't pass on the amount of your bid to the people at Boeing who donate millions to our campaign funds. You can trust us. Really."

    Do they expect OBL to stop using whatever crypto he uses now and to change to the new improved with a backdoor built in version?

    Bin Laden used to use cell phones and satellites, now he uses the internet the way it was originally designed to be used, as a military communications tool. If they can find his messages but not read them, will they shut down the internet to block his messages? What happens when AOL starts screaming about being put out of business? Or do they have a plan for a different type of internet, one where they provide and charge for the content, just like cable television, and all the user stuff sent back upstream goes through the NSA computers before the government allows it to get where it's supposed to go?

  • by FangVT ( 144970 ) on Thursday September 13, 2001 @09:50PM (#2296232) Homepage
    In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance. "This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," Gregg said, according to a copy of his remarks that an aide provided.

    This is base grandstanding by a politician in the wake of tragedy. Saying that it needs international cooperation is tantamount to admitting that it can't be done and setting up to blame the rest of the world when it fails.

    The constitution was written by a group of people that had visceral knowledge of what it means to need a revolution, in the bloodiest sense of that word. Our modern laws would be a lot better if they were informed by that same knowledge.
    • by Nonesuch ( 90847 ) on Thursday September 13, 2001 @10:00PM (#2296311) Homepage Journal
      Using this sort of tragedy to advance a political career or a particularly opressive agenda is disgusting, but is also standard procedure for many politicians, American or otherwise.


      After every mass murder with the least connection to firearms, some politician proposes extreme restrictions on civilian ownership, without regard for whether it would have prevented the particular incident in question. One of the first bills proposed after the OKC bombing was new gun control laws.


      After every crime where the offender ever even saw a computer, let alone had an AOL account, some congressman will propose new 'Internet Crime' laws restricting freedom online.


      The only saving grace is these rash proposals seldom become law.

  • by solipsists ( 519537 ) on Thursday September 13, 2001 @09:52PM (#2296248)
    "They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- 4th Ammendment to the U.S. Constitution "[...]and every time we allow the government to grow in power at the expense of the people, we put ourselves in jeopardy of losing the ability to free ourselves of them if it goes too far." -- Thomas Jefferson (quotes taken from matthew rothenberg's 7/11/2000 article on the fbi's carnivore: http://www.zdnet.com/zdnn/stories/comment/0,5859,2 601960,00.html )
  • by Naikrovek ( 667 ) <jjohnson@p[ ]com ['sg.' in gap]> on Thursday September 13, 2001 @10:05PM (#2296343)
    The USA is the USA and nothing more.

    The USA (I'm a citizen) can pass any encryption law it likes, but it has no jurisdiction outside the USA. Other countries (like Australia, where I live) will likely pass similar laws to kiss ass with the USA, but what good is that? Terrorists DON'T CARE! For Fucks sake, they hijack planes and kill thousands, do you really think they'll care if the US passes a law requireing back doors in encryption software? PGP is ALREADY nearly unbreakable (in any reasonable time frame, anyway). Do you REALLY THINK that they'll use the new software because its required by some shit country that is on the other side of the world? NO. America is deluding itself and giving itself a false sense of security if it thinks that passing a law will stop terrorism, or even give its own government insight into terrorist activity.

    The problem is the problem, and the problem is not that they encrypted their data. Requiring ack doors is treating a possible symptom, and not the problem.

    I don't know what the problem is but it ain't encrypted data.

    -abused angry citizen
  • by Nonesuch ( 90847 ) on Thursday September 13, 2001 @10:11PM (#2296377) Homepage Journal
    The government of France tried this. They outlawed all forms of encryption without providing the keys to the french government.


    For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.


    End Result?


    The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.


    There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.

    • by horza ( 87255 ) on Friday September 14, 2001 @01:23AM (#2297172) Homepage
      The French don't trust their citizens and for years banned all encryption (except some businesses, with them having to hand over keys). They may have, as you allege, used the intelligence in an underhand way. However, I think your reason for 'relaxing' their stance on encryption is mistaken, or only part of the reason. Upon discovering all about Echelon [echelonwatch.org], and the extent to which the USA have been gathering intelligence on French business (and allegedly lost billions due to NSA handing key data for US businesses), it brought about the greatest 180 degree turn in crypto politics seen to date. From a complete ban to full support [jya.com] of strong encryption, with the encouragement [osslaw.org] of open-source software. To think things had steadily been improving since this article 2 years ago [nwfusion.com]. It would be a blow to the memories of those lost if their sacrifice failed to make the world a better place.

      Phillip.
  • Comment removed (Score:3, Insightful)

    by account_deleted ( 4530225 ) on Thursday September 13, 2001 @10:23PM (#2296452)
    Comment removed based on user account deletion
  • by Brian Stretch ( 5304 ) on Thursday September 13, 2001 @10:24PM (#2296457)
    Appropriate commentary here [nationalreview.com], dated yesterday:

    The main source of our strength is our freedom and open society. The United States already has the most powerful military in the world. We don't need the symbolic jaw, jaw, jaw of more laws, but the will to use our existing war power.

    Paul Weyrich, head of the Free Congress Foundation, aptly wrote: "The truth is that if we further emasculate our Constitution the terrorists will have achieved the greatest victory imaginable. Their triumph won't just be the thousands of people they killed, the triumph will be if they see our democratic institutions crumble. If President Bush can navigate a responsible course where we make an appropriate response to those who have perpetrated these unspeakable crimes while at the same time protecting our essential freedoms in the process he will end up being the greatest President of the modern age."


    Another essay from yesterday, "Freedom First [nationalreview.com]", is also a worthy read.
  • by SurfsUp ( 11523 ) on Thursday September 13, 2001 @10:45PM (#2296560)
    Here in Germany (I'm a Canadian by the way) privacy is a constitutionally guaranteed right. Too bad it isn't in the U.S.

    In the U.S. it's more and more like a favor the state gives to some people, some of the time, depending on how benevolent somebody feels that day. So bow to the demands of the spooks, make backdoors mandatory, give people long jail terms for circumventing them, and the terrorists win. They win bigger than they ever imagined by making life worse for ordinary U.S. citizens.

    In the name of pride we have to win this without cheating. Cheating means using the same tactics as the bad guy. No murdering civilians. No spying on our own people. No cameras in the bedrooms.

    Make cryptography a crime and only criminals will have cryptography.

  • by Greyfox ( 87712 ) on Thursday September 13, 2001 @10:53PM (#2296597) Homepage Journal
    And of course the American Public at this point will be more than happy to hand over another personal freedom for a guarantee from Congress that this will never happen again. After all, how could 50 people (That was the last estimate I heard on how many were directly involved in hijacking the planes) have kept their operations secret from the FBI and CIA and coordinated their activities without the use of strong encryption? At this point the American Public would probably agree to cameras in every room of their houses if it meant they could get back on an airplane without wondering if this is the trip they're going to die.

    We want our old complacency back and we'll legislate to get it. Complacency more than anything else bred this disaster and if our paranoia level is elevated to an heretofore unknown high, well, we're just getting a taste of what much of the world lives with every single day. I've been waiting years for something to shatter that complacency. Most people think how horrible this disaster was. I think how much more horrible it could have been, had the terrorists also had access to nuclear, chemical or biological agents.

  • by aozilla ( 133143 ) on Thursday September 13, 2001 @10:53PM (#2296600) Homepage

    In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.


    Interesting coming from a senator whose state motto is "Live free or die". Apparently he's following the "Give up freedom because of fear of death" version.


  • by mech9t8 ( 310197 ) on Thursday September 13, 2001 @10:57PM (#2296615)
    The battle of privacy and safety is going to begin in earnest now.

    Typical response in political issues, and part of the reason politics is so devisive.

    Battle *between* privacy and safety? Good god, are you saying we have to pick a side? "I'm for privacy!" "I'm for safety!"

    Stop devoting your time to "winning battles." Start devoting your time to finding solutions "both" "sides" can be happy with.

    One, it's the only way everyone will be happy.

    Two, it'll come up with a better solution overall than either side will come up with individually.

    Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose. This isn't something like the DMCA, where it's liberty vs. record companies. This is liberty vs. public safety, and for many people, in many instances, public safety will be more important.
  • by Tekmage ( 17375 ) on Thursday September 13, 2001 @11:19PM (#2296729) Homepage
    Thinking aloud...

    Terrorist organizations seem to thrive through anonymity and finding ways to circumvent traditional means of identity and authentication.

    As others have said, the encryption cat is out of the bag; it's never going back. Even if they tried to back-door the "legal" tools, a message doesn't have to be encrypted to hide it's true meaning/contents. They can just as easily be hidden in plain sight/text.

    ...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers. All digital images must be taken on approved photographic equipment; tampering with image watermarks is a Federal offense. You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record. Hmmm... This is starting to sound a little like the language police over in Quebec... ;-)

    We need better ways to ensure the authenticity of people's identity, not easier ways to watch who we think we might be watching but aren't sure because we're too lazy to authenticate the source and destination through other means.

    While it's nice to be able to travel in anonymity, places with security concerns can't afford the risk any more. I'm NOT advocating tracking everyone's movement and action without legal warrant. Attempt to control access, not content. If you are who you say you are, there shouldn't be any reason to interfere with your travel plans.

    Ultimately, it's a tough call. But from my own travels I know I get a little concerned when security DOESN'T ask me any questions. On my last trip they did ask about my multitool in with my laptop; it was allowed then, but after these events I don't think I'll be packing it any more. I value my safety more than my privacy in these situations...

    Last thing we want is Gattaca though... An extreme in controlling access...
  • by foxxtrot ( 217297 ) on Thursday September 13, 2001 @11:22PM (#2296747) Homepage
    As others have already notices Bin Laden did two things, avoid electronic communication, and when he did use crypto, he certainly wouldn't be using back-doored software. So essentially, himself and the other terrorists wouldn't be slowed down, our American civil rights would be violated however.

    Alright, now to the non-reduntant part of my post. On Tuesday, Tom Clancy was on CNN in the afternoon. CNN had Tom, because Tom wrote a book about terrorists chrashing a plane into the Capitol building, and killing both houses of Congress, and the President. Well, Tom said that the real problem we had in not seeing this coming is that the CIA employs some 20,000 people, and only about 800 of them are spooks. The only way to fight terrorism effectively is with a large, well-trained intelligence corps. We need at least twice, if not three or four as many spooks out in the field, infiltraiting these terrorist groups, so that we are aware of these plans before they something like Tuesdays events happen.

    Cryptography isn't our problem, an incredibly small spy system is.

    foxxtrot
  • by BrookHarty ( 9119 ) on Thursday September 13, 2001 @11:40PM (#2296821) Journal
    If a backdoor crypto law is passed, wait till everyone is using it, then crack the keys.
    Decrypt all congresses personal email, post those neat little secrets, post thier love letters, bank accounts.

    I bet they pass a law banning backdoor crypto and encrease personal privacy laws.

    -
    Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear. - Harry S Truman (1884 - 1972), August 8, 1950
  • guns != crypto (Score:3, Insightful)

    by Merk ( 25521 ) on Thursday September 13, 2001 @11:48PM (#2296857) Homepage

    See, I knew someone would say "strong crypto=guns", everybody should have the right to use strong crypto, and everybody should have the right to use guns.

    Let me point out what I think is the fundamental difference between these two arguments: crypto, used in anger or accidentally, is not dangerous.

    The saying "guns don't kill people, people kill people" is completely true. But guns make it really easy for people to kill. If a kid accidentally uses strong crypto, nobody dies. If a kid accidentally uses a gun, someone will probably be hurt or killed.

    Another popular saying is "if guns are outlawed only outlaws will have guns". That's kinda the point. If a police officer sees someone with a gun, he doesn't have to wonder if it is legal or not. Anybody trading in guns is breaking the law, there is no grey area like there is with gun shows, etc. It also means that petty criminals will not easily obtain guns. While it's true that "if strong crypto is outlawed only outlaws will have strong crypto", this doesn't really help law enforcement. If somehow they manage to intercept communication and realize it's encrypted, that'll be as much as they can do. Any outlaw with any skill will pick a good crypto system and make it strong enough to defeat law enforcement. Crypto is easy to use, hide and copy, unlike guns. Anybody with anything to hide would be able to obtain complete privacy, but the average citizen would have none. That's just dumb.

    Never mind whether or not making guns illegal is a good or bad thing. That's a different battle. But guns are not the same as crypto tools.

  • by Odinson ( 4523 ) on Friday September 14, 2001 @12:22AM (#2296998) Homepage Journal
    WE, or more specificly, programmers and freedom lovers need to fight this with the best tool we have, code. It's time open source took a SERIOUS swing at writing a daemon that records IP/port numbers and type of attack of all hacking and breakin attempts and sends the data back to somplace like securityfocus.com for public review.

    Raw data and meaningful statistics should be readily availible. And WE ALL HAVE TO RUN IT ON OUR MACHINES. WE have too or the FBI will hang our rights out to dry.

    Internet Revolutionarys - White Hat

    Crackers - Black Hat

    Enablers through apathy to crackers. Squashed like grape. - Gray Hat.

    Think about it, IF WE HAND THEM ALL NON-INVASIVE data they have a much harder case to make when tring to justify collection of INVASIVE DATA and we (freedom lovers) have a much better case to make.

    Think about the consequences if noone ever reported gunshots outside their house ever again. That is what is happening right now, and that is why the Government is heading down the path of misery and death at our expense.

    I do not know of such a program (or where to get my unencumbered data) If such a project currently exists please me/us to it so I can install it RIGHT NOW!

  • Digital Envelopes (Score:3, Insightful)

    by Ranger ( 1783 ) on Friday September 14, 2001 @12:22AM (#2297000) Homepage

    Encryption is the digital equivalent of an envelope. We don't think twice about putting personal letters in an envelope. "Hmmm... You must have something to hide. From now on all your letters have to be on postcards."

    Perhaps the best use of encryption is for digital signatures. If governments have the backdoor to them, how can we trust who the message is from, even if it's sent without being encrypted.

    As has been posted numerous times, encryption is already available and in source code as well. The bad guys aren't going to stop using it, if they really are.

    The rest of this comment is a long rant. Read it at your own peril.

    Our politicians are playing right into the hands of the terrorists. It is our freedoms that gives us our strengths. The freedom to assemble, the freedom to speak, the freedom to worship, the freedom to bear arms, and the freedom from unreasonable search and seizure. Our liberties have eroded over the decades. All in the name of security, most especially, our war on drugs. We cannot let our politicians take away from us what the terrorists have failed to do. Our liberties.

    America isn't perfect. It has it's warts, but it's a damn sight better than any other country. Yes, we are hated around the world, but why then does everyone wants to come here.

    We must take action not pass laws. We must prepare for a long and bitter struggle against those who would destroy America. We have the resources to do it. Americans have always risen to the occasion when in peril.

    Shutting the barn door after the horses have escaped is a common strategy of politicians. Yes, we won't be able to conduct our daily lives the same as it was before, but we shouldn't rush to ad insult to injury. I think their should be a sixty day cooling off period before politicians consider passing a law in response to a terrible event.

  • by lverrall ( 44904 ) on Friday September 14, 2001 @05:19AM (#2297600)
    It looks like the first casualty of this "War" on anti-freedom anti-democracy Terrorists is to remove personal Freedom through monitoring and, potentially, usurp the democratic process of what can be monitored by and by who.

    Carnivore was in at ISPs on Wednesday and will be into Tier 1's by now. Remeber to intercept 'net traffic you have to look at ALL the packets. To trap "encrypted" data whatever that may be you have to read 'em. Imagine the power to open ALL snail mail and read it to check if it's suspicious...

    There's a distinct danger that this kind of monitoring will be installed, relatively unchecked, with Civil Rights groups unable to mount a credible defence due to the devastating nature of the terrorist attacks. This will happen not just in the US but easily in the UK, France and Australia who have similar laws or technology in place.

    And once it's in, you can bet it won't come out again. Think 5 years down the line...

  • Remember CipherSaber (Score:4, Interesting)

    by victim ( 30647 ) on Friday September 14, 2001 @08:04AM (#2297941)
    Sorry I slept too late and didn't get this in until the wastelands of the later articles, but...

    Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber [gurus.com] home page.
    In George Lucas' Star Wars trilogy, Jedi Knights were expected to make their own light sabers. The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become
    impossible to suppress.

    So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom.
  • by ejw ( 27330 ) on Friday September 14, 2001 @10:39AM (#2298554)
    I'm curious how much useful information could be gleaned by looking at the flow of say, email messages (or telephone calls, etc.), between two or more sources.

    Using electronic surveillance to track the flow of electronic communications between a web of people would be almost as informative as knowing what they said: locations of servers used, telephone numbers dialed from, sender and reciever, length of message, frequency of messages, this could all be pretty good stuff.

    This was raised in Stephenson's Cryptonomicon.

    And if "bad guys" are using electronic communications, why not just shut them down? Cell phones stop working, email gets "lost", servers get hacked, ISPs get bombed (how hard would it be to sever small mountainous country "A"'s electronic access to the outside world?)

    Unless you have the resources to run your own cable, you are really at the mercy of other corporations, who can be bullied, and can't hide in a cave in the hills.

  • by w3woody ( 44457 ) on Friday September 14, 2001 @12:46PM (#2299366) Homepage
    Assume for a moment that Congress gets it's way on this. The amount of data that is transmitted across the internet each day is staggering: trillions of bytes of data is not easy to sift through.

    If the U.S. Government gets it's way, we need to place the highest restrictions on what the government may do with the data, and when it may sift through that data. That allows the government to decrypt and get at data in extraordinary circumstances such as the destruction of the World Trade Center and killing of thousands of lives. But we should then come down on law enforcement like a ton of bricks if someone goes through the data for non-extra ordinary circumstances, or violates personal privacy.

    I personally have no problems with being anonymous because the amount of data to track my computer usage is too large to make sifting through very easy. That is, I don't mind anonymonity through obscurity. But in extraordinary cases like this (and *ONLY* in extraordinary circumstances like this) should the government be permitted to sift through all the quadrillions of bytes of transmitted data to look for one or two e-mail messages and decrypt them.
  • by slashdot_commentator ( 444053 ) on Friday September 14, 2001 @06:56PM (#2301122) Journal

    Excuse me for pointing out the obvious. I haven't come across a post that spells it out. (And we should try to spell things out to the non-digerati.)

    If there is a law requiring a backdoor to all encryption technology, that will include corporate email and tools like ssh.

    As we all know, there is no such thing as a secure weakness. At some point, these backdoors will be hacked out, and that will be a goldmine for corporate espionage and penetration.

    The FBI's zeal in making the public "safe" from external threats will be exchanged for foreign corporations ability to outcompete U.S. based corporations. Not to mention give an advantage to the Chinese.

To communicate is the beginning of understanding. -- AT&T

Working...