Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Forgot your password?
Close
typodupeerror
×
Encryption Security

Blaming Encryption 505

Posted by michael from the canada-not-available dept.
EisPick writes: "Just as a previous generation wrestled with whether or not to blame physicists for The Bomb, there are some misguided folks who are blaming Phil Zimmermann for the ability of terrorists to communicate confidentially. He tells the Washington Post, 'It has been a horrific few days.'" Meanwhile, John Gilmore has posted far and wide a call to mirror encryption code outside the United States, since export regulations are making a comeback.
This discussion has been archived. No new comments can be posted.

Blaming Encryption More

Blaming Encryption

Comments Filter:

  • Not the only target (Score:3, Insightful)

    by Eccles ( 932 ) on Friday September 21, 2001 @09:26AM (#2329657) Journal
    They should hate Boeing, too, then, and the construction engineers who figured out how to build a 100-story building.
    • It might seem silly to blame Boeing or the construction engineers, but would it be silly to blame the airlines and airports that set the security policies that allowed people to slip onto planes with apparently innocuous items turned into deadly weapons ? Would it be silly to criticize the design of airplanes that allow easy access to the cockpit, or the design of cockpit doors which are easily breached ? Would it be silly to criticize the people who set immigration policies allowing some of these people to enter the U.S., Canada, and other countries on sometimes tenuous grounds ? Is it silly to question the engineering designs that allow a plane to be crashed into a building ?

      If these things are not all silly, why not question whether or not a tool like PGP might have helped facilitate the attacks ? *If* it turned out that PGP-encrypted communication was intercepted by the FBI or NSA, but could not be decrypted in time, would that be irrelevant ? Would wondering about cryptography and what we want to allow be so silly then ?

      • *If* it turned out that PGP-encrypted communication was intercepted by the FBI or NSA, but could not be decrypted in time, would that be irrelevant ? Would wondering about cryptography and what we want to allow be so silly then ?

        Yes, it would be the height of stupidity. To say that we should wonder what we should allow with respect to cryptography assumes that we have the power to deny anyone the use of encryption. We can always make it illegal, but that won't hinder anyone who is planning a terrorist action. Unless we can force everyone's brains to be incapable of doing math, we can't stop them from using encryption.
      • would it be silly to blame the airlines and airports that set the security policies that allowed people to slip onto planes with apparently innocuous items turned into deadly weapons ?

        Yes. We should be able to walk onto planes without being searched, carrying whatever we want (within the bounds of common sense, which some people are a bit deficient on), and travel in peace.

        The tool that these soldiers employ is called "terror". The method of deployment is killing as many people at once as possible, though bombings and mass transit hijackings. Combine the two, and you have last week's horror.

        The victims are us - normal people. It adds to people's fear of flying, time spent trying to convince a security guard that my palm pilot with a cracked screen is a legit device.

        I'm not saying that we *shouldn't* have security... but just keep in mind that it should *not* be necessary. The goal should be attacking the source and preventing the need for such domestic measures.

        --
        Evan

    • Blame the friggin' Wright brothers.

      No, blame dinosaurs for allowing their rotting corpses to turn into jet fuel. The scaley bastards!

  • Was crypto used? (Score:3, Interesting)

    by sql*kitten ( 1359 ) on Friday September 21, 2001 @09:26AM (#2329662)
    Is there actually any evidence that the terrorists used public key cryptography to plan the attack on the World Trade Center?

    Just wondering, because I haven't seen any reports with that sort of detail in.
    • No idea.. but they do know that they didn't use curb side checkin, and that's banned..

    • This isn't stopping those who would restrict our use of crypto, however. Idiots.

    • Re:Was crypto used? (Score:3, Informative)

      by vrt3 ( 62368 )
      No. According to The Register [theregister.co.uk], Feds complain Bin Laden not using hi-tech equipment [theregister.co.uk]:
      "He switched off a lot of communications technologies," a US intelligence spokesman said.
      And:
      "This isn't low-tech," a former NSA consultant has been quoted as saying. "You'd have to really call it no-tech."
      • This could help explain why it's going to be hard to pin this on Bin Laden. The smart move for him is never to write anything or say anything on the phone, even if he thinks it's encrypted. In fact, he should avoid talking about the details of anything, even in one-on-one conversations.

        That's how John D. Rockefeller was able to claim ignorance of Standard Oil's devious methods. When he did talk about the company's tactics, he only did it verbally, and in a lot of cases he just insulated himself from day-to-day decision to insure "plausible deniability."
    • The register has a story [theregister.co.uk] which stay that if it was Bin Laden, he's not been using ANY technology for several hears.
    • Many posts have quoted the BBC article in which bin Laden is said to use 'no-tech'. If you go back and actually read the article you will find that the NSA guys are saying that he doesn't use modern communication methods, not that he doesn't use encryption. There is a difference.

      According to the reported from ABC (I have forgotten his name) who went over to Afghanistan a few years ago and interviewed bin Laden he DOES use crypto.

      A few years ago he stopped using cell phones and satellite phones to communicate, knowing that those technologies could be monitored.

      So what does he use now to send out secret orders?

      Encrypted Zip disks sent by courier who secretly take the disks out of Afghanistan. It wasn't clear whether the disks were then sent by snail mail or whether the data on them was transmitted using the internet. It also wasn't clear if PGP was used. Is his network large enough for key distribution to be a big hassle? If not he could skip public key crypto entirely and just use 3DES with a list of keys or long passphrases.

      For his edicts which are meant for public consumption he makes video tapes of himself and then sends them out to arab media outlets which then broadcast them.

  • That wasn't the guy who invented the protocol that was used....

    --- begin secret encrypted text ---
    Vg jnf gur thl jub vairagrq ebg13
    --- end secret encrypted text ---
  • How did Americans actually get the idea that American cryptography is the only possibility for terrorists to communicate in a secure way?

    Russians had (and still do have) their own cryptographic algorithms, as do Germans, Australians, Italians. I mean, what's the difference? Do export regulations really make that much of a difference?
  • Everyday, all over the world crimes are being commited with the use of everyday tools and technologies. He isn't probably alive anymore, but do you see the inventor of the cigarette lighter crying because every day his invention is being used to ligth millions of cigarettes, causing illness and death for thousands of people? Bottom line is that almost every tool can be used for good and for evil. All in all I don't think that it isn't any good feeling bad about what few people think about this technology. I think PGP has done an a lot of good as well. So it is really the balance between the good and the evil use that counts.

  • Technology is not the problem (Score:3, Insightful)

    by Midnight Thunder ( 17205 ) on Friday September 21, 2001 @09:32AM (#2329702) Homepage Journal
    If this article [bbc.co.uk] at the BBC is anything to by then the terrorists never even used encryption simply because it ran the possibility of sticking out like a sore thumb. Once again the only people who are likely to suffer from encryption back doors et al. is Joe public when the crackers find them.

    Why use technology when nobody is looking at the plain and simple stuff? Looks like KISS works to the advantage of terrorists as well.
    • Also in this Register article [theregister.co.uk]. Encryption just makes secrecy as easy and convienent. If your suspect is willing to go to the extra trouble of avoiding high-tech communications entirely, all the crypto restrictions in the world won't help.
    • From the BBC article you referenced:

      Before now, there has been speculation that Osama Bin Laden has hidden messages in pornographic images posted and swapped on Usenet, eBay and Amazon.

      However, after analysing over two million images from eBay, Niels Provos and colleagues from the University of Michigan have said they found no evidence of hidden messages. Mr Provos and his colleagues are now extending their work to check more images.

      Yeah, right. Any excuse to look at porn.

      Excuse me - I just have to recheck my stash of porn to see if any contain hidden terrorist communications.
    • never even used encryption simply because it ran the possibility of sticking out like a sore thumb

      Which is exactly why people shouldn't use encryption just for the heck of it. If terrorists' use of encryption causes them to be visible, then they won't use it, which deprives them of a valuable tool.
  • But it is idiotic to even suggest that any type of legal sanction against crypto would prevent access to this technology by the forces of evil.


    The principles allowing the creation of strong encryption are fundamental and simple enough that if it were not available freely it could be developed with minimal expense by anyone who wanted it. If it had been kept from the ordinary citizen the terrorist would still have it.

  • Black Tuesday and the Passive American (Score:3, Interesting)

    by rm3friskerFTN ( 34339 ) on Friday September 21, 2001 @09:34AM (#2329715) Journal
    Black Tuesday and the Passive American: A BILL OF RIGHTS CULTURE IS THE ONLY ANSWER

    "We must give up some of our freedoms to help combat terrorism."

    The predictable words -- and actions -- are beginning to spew from political, military, and law enforcement officials and their supporters. For safety, for security, for the greater good, they somberly tell us, we must comply with their agendas. To be protected from terrorism we must submit to more restrictions -- on our ability to travel, our freedom from arbitrary searches, on the privacy of our communications, on our right to bear arms, on our ability to conduct business hidden from the prying eyes of government.

    Sen. Judd Gregg (R-New Hampshire) has called for a global prohibition on encryption products without backdoors for government surveillance.

    Travel regulators have banned knives on planes. (Does this mean even the pilots can't protect themselves and passengers against hijackers?)

    ISPs who were reluctant to cooperate with the FBI's invasive Carnivore program are now rushing to comply.

    The Senate has, in the wake of Black Tuesday, voted to increase the FBI's authority to tap the phones of anyone suspected of terrorism. As we've seen by all these other random restrictions, we are ALL suspects in the eyes of the U.S. government.

    Perhaps most ominously of all, the Washington Post quoted House Democrat Leader Richard Gephardt (D-MO) as making the self-contradictory, but entirely predictable statement, "We're in a new world where we have to rebalance freedom and security. We can't take away people's civil liberties . . . but we're not going to have all the openness and freedom we have had." The Post [washingtonpost.com] then went on to describe how every war or crisis of the last 100 years has been use to increase government power -- often in the most draconian ways. More Data Here [afcomm.com] Freelance supporters of the Surveillance State are rushing to urge everyone to comply. One liberal talk show host responded to callers who complained that Big Brother policies at airports were a problem, "Big Brother is the only thing holding us together!"

    He offered no evidence to show how Big Brother made us safe on Tuesday, September 11.

    WE MUST THINK FREE, NOT PATRIOTICALLY JERK OUR KNEES

    Soon we may be at war. And as always at such times, we'll be expected to "pull together," "do what our leaders tell us is necessary," and sacrifice more freedom in the name of "safety and security" or patriotism. And, as the reality of the Day of Horror seeps in, who doesn't feel an urge to strike back, to "get behind our government," to "show those murdering bastards they can't push Americans around," and to "do whatever it takes to defend the greatest country on earth"? -- even if that means sacrificing individual liberty to "the cause."

    Whatever happens from here on out, we need to remember that Big Brother is NOT holding us together -- that he never can and never will. We must remember that the kind of restrictions on the liberties of ordinary Americans that were entirely ineffective in preventing the attacks of Tuesday, September 11, 2001 will not magically prevent future attacks merely because their severity is increased.

    What did all of Big Brother's efforts do to prevent Tuesday's slaughter? The violations of freedom we've already been subjected to in the name of safety -- airport x-rays, ID checks, disarmament, body searches, and the whole gamut -- became a sick a joke when the day arrived that we needed them to protect the country against the world's worst criminals. In fact, Daniel Pipes of the Wall Street Journal was quick to point out how the government's reliance on mass eavesdropping and tracking actually diverted resources from more effective anti-terrorism methods, such as actually studying and infiltrating genuine terrorist groups.

    Yet now the government proposes a giant national effort to do more of the same -- to impose more ineffective, wasteful, and oppressive mass surveillance and restrictions.

    New restrictions on the freedoms of non-violent people will do nothing to make America or the world safer. They'll make us less safe, as well as less free.

    There are at least two reasons for this.

    The first is that more restrictions, and more power placed in the hands of government, will simply, in the long run, create more rage and therefore more desire to strike violently. (As we also saw, some restrictions, like those that forbid armed citizens on planes, also make it harder for Americans to protect themselves and their country.)

    The second is something we observed, tragically, though cell phone calls from four doomed, hijacked planes: the fatal passivity and dependence that seems to be becoming the norm in American behavior.

    THE PASSIVE, UNTHINKING AMERICAN

    It appears now that a handful of heroic passengers on one flight, having learned via telephone that two other hijacked planes had already smashed into the World Trade Center, decided not to allow themselves to be used as weapons of war. These passengers on United Flight 93 attacked the hijackers who were in control of the plane. Doomed in any case, they ended up dying in the woods and fields of rural Pennsylvania, rather than passively allowing their captors to get away with an even more horrendous mass murder.

    We also know that, on at least one other flight --American Airlines Flight 77, which smashed into the Pentagon -- passenger Barbara Olson learned from her husband, U.S. Solicitor General Theodore Olson, of the World Trade Center catastrophe. During two separate calls, Mrs. Olson (a well- known author and conservative television commentator) asked her husband what the pilot -- standing next to her in the back of the plane -- should do.

    Picture that. Passengers and crew have been herded -- and note that word well, herded -- to the back of the plane. Even the pilot, the leader, the chief decision-maker, does nothing. Can't think what do to. Can't act. Instead of attempting to save their own lives and the lives of others on the ground, what do they do? They expect a federal government official to make the decision for them. THE EVIDENCE SAYS THAT THESE PEOPLE DIDN'T EVEN FEEL EMPOWERED TO DEFEND THEIR OWN LIVES WITHOUT FIRST ASKING THE ADVICE OR PERMISSION OF WASHINGTON, D.C..

    And why should we have expected otherwise? Americans have been told repeatedly never to resist crime, always to submit to any demand a thug makes of them. Always go along -- for safety's sake. Go along in order to avoid angering the criminal. We've been told always to submit, as well, to any demand made by anyone who appears to be "in charge." These people on Flight 77 -- and presumably on two of the other flights -- were apparently so paralyzed by their conditioning that they couldn't assert themselves even when the alternative was certain death.

    Even as pathetically disarmed as they were, they could have battered the hijackers with their briefcases, with their shoes, their purses. They could have overwhelmed them with sheer numbers of bodies. They could have gouged at their eyes with fingers or car keys. Could have knocked them unconscious with luggage from the overhead racks. Could have tripped them, stomped on them, tied them up with cords from audio headsets.

    But except on United Flight 93, they apparently did nothing. And so three planes flew, sure and true, into the heart of three American landmarks, slaughtering thousands.

    THE ONLY TRUE SECURITY MEASURE: A BILL OF RIGHTS CULTURE

    We must take back America as a country. We must make it free and independent again -- no longer the would-be ruler of its own people, and no longer playing at being the world's supercop. Only by doing that will earn the world's peace and respect.

    We must take our own individual lives and independent spirits back from would-be rulers and criminals, as well.

    If we consent, passively, to give up more freedoms -- even "temporarily," or "as an emergency measure" -- we'll be doing the opposite. We'll be less safe, less free.

    To restore American freedom and personal courage, we must restore the Bill of Rights -- in our country and in our hearts and minds. If we understand the Bill of Rights, we'll understand what we're fighting for -- and why. If we let it slip away what's left won't be worth fighting for.

    This means not merely having an intellectual or legal understanding of the Bill of Rights. This means not merely memorizing the Bill of Rights or teaching it to our children. This means understanding the concepts of individual liberty that underlie the Bill of Rights -- then living those concepts, breathing them, eating the, dreaming them, holding them as the most central values of our lives, in the same place we hold our beliefs in the diety, or our dedication to our families, or to truth or justice.

    We must behave as free people, expect and encourage others to behave as free people -- and have zero tolerance for anyone who abuses freedom or uses his authority to violate the Bill of Rights.

    If there ever was a time in history to get behind the Bill of Rights and promote it, it is now. If we yield to this mushy thinking that the road to freedom and safety lies in GIVING UP freedom and the Bill of Rights, then we might as well bow down in defeat right now.

    If we don't defend our rights, we'll have no rights. If we don't defend ourselves, our family members, and our fellow citizens -- AND defend their freedoms -- then our lives will be no more valuable than those of cattle and sheep. And the America we end up with won't be the America we thought we were fighting for.

    If you want to be a passive herd beast -- obey whatever the authority of the moment, be that a bureaucrat or a hijacker, tells you to do. Listen to their lies about "safety and security" and obey, obey, obey.

    But If you truly want to combat terrorism or terror-war, learn the Bill of Rights, teach the Bill of Rights, and enforce the Bill of Rights with every action of your life.

    FIGHT BACK WITH THE BILL OF RIGHTS.

    The Liberty Crew [jpfo.org] Jews For The Preservation of Firearms Ownership, Inc.

  • Misdirected Hate Mail (Score:4, Informative)

    by Phaid ( 938 ) on Friday September 21, 2001 @09:38AM (#2329745) Homepage
    Bin Laden and company are better known for using steganography [wired.com]. There's no indication that they use PGP in email; apparently their favorite method is to get free websites at e.g. GeoCities and embed messages in image files.
    • ...which ones? Can somebody provide links?

      I can just hear it now:

      Hillary: "Are you surfing porn again, Bill?!?"

      Bill: "No...I'm...I'm...looking for...looking for terrorist messages! Yeah, that's it!"


      • You'd as likely find a strict Muslim eating pork rinds in a liquor store as you would surfing a pr0n site, for steganographic purposes or otherwise. The lives of these men are entirely constructed around a strict obedience to (what they misguidedly see as a correct interpretation of) their faith. Further, it as been noted by Western intelligence organizations that these terrorist organizations use very little technology at all (even phones) instead relying on classical "no-tech" spycraft, which is part of the reason that the increasingly-focused-on-electronic-surveillance agencies have a very hard time tracking bin Laden et al.


        Even if you assume that they utilize information technology in their organization and steganography in particular, it is highly unlikely that pornographic images are being used.


        Naturally and as usual the political elites are using an external threat to move against internal things they do not like, such as encryption and pornography. (An analogy would be how every new recreational pharmaceutical is called a Date Rape Drug. Yet, strangely, the most frequently used chemical in date rape is still available widely, namely ethyl alcohol. Crack would be legal too if crack dealers were beefy white guys, wearing suits with Rotary Club pins on the lapel, that gave campaign contributions.)

        • Not that I disagree with what you're saying about those in power using this threat to attack internal things they don't like, but I found it interesting that, considering the supposed strict beliefs of these terrorists, some of them apparently spent time in a strip club in Florida. Time article [time.com]

          If this is true, and it pertains to attitudes that more than just a few of these people have, perhaps the story about secret porn communication isn't so far fetched.

          (personally, I still think it is a bogus story, but that's just me)
      • ***NEWSFLASH***

        Bill Clinton hasn't been the President of the US for about 8 months now.

        Unless you are inferring that they installed "Net Nanny" when George got into the Whitehouse to keep the bad stuff from him. In which case we should go after "Net Nanny" and their ilk for harboring terrorists.

    • I think we can all understand the message bin Laden was sending with goatse.cx
      • > I think we can all understand the message bin Laden was sending with goatse.cx

        I wonder if the shitweasel gets the message goatse.cx is sending him.

        (This time, it might pay to visit goatse.cx [goatse.cx], before you moderate ;-)

  • Comment removed based on user account deletion
  • "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."

    Zimmerman's hate e-mail told him "I hope you can sleep at night with the blood of 5,000 people on your hands." This person must be privy to proof that hasn't been released to the rest of us. But much more importantly, I hope that person sent an even stronger e-mail to every employee of American and United Airlines. And to all the service employees of several airports which were involved. And, hmmm, let's see, oh yes... also to everyone who works for companies who manufacture knives and box-cutters. And to all recent US sentors who have rejected spending more of the billions collected in air travel taxes on airport security rather than balancing the budget. There's probably a few thousand other people that are implicated before Phil Zimmerman.

  • Please, I can't believe that people actually believe that everyone who's involved in any tool the terrorists used is actually guilty of anything.

    People who would more guilty than Phil;
    - The manufacturers of the knifes and box-cutters.
    - The airplane manufacturers.
    - The printers of the airplane manuals in Arabic.
    - The people who produced the food for the terrorists last meal.

    Guilty by association? This is more like guilty by living in the same world.
    • Courtesy of the airlines who we all know are SO concerned with your security that they will actually pay someone minimum wage to put on a uniform and sit and pretend to look at a scanner! American and United might as well spare themselves some messy litigation and hand their companies over to the families of the victims.

  • Open Letter to Phil (Score:5, Insightful)

    by alexjohns ( 53323 ) <.moc.liamg. .ta. .cirumla.> on Friday September 21, 2001 @09:54AM (#2329848) Journal
    Dear Mr. Zimmermann,

    You're coming under attack for your decision to provide strong crypto to the general public. Please do not falter. There is a definite need for this sort of thing and the fact that it might be misused is no reason to ban it.

    Cars can be used to run over people. Hammers can be used to hit people. I don't think I need to mention guns. There are lots of things out there that can be used counter to their original purpose. I think in the coming age strong crypto at a personal level will be very important.

    There will always be people who blame the inventors for some of the uses their inventions are put. Some people blame Einstein for the devastation of Hiroshima & Nagasaki. Is Einstein really at fault? If someone dies in a car crash, who should be blamed - Ford? Benz? Should the Wright brothers be partly held to blame for the events of September 11th?

    Just because your tool was possibly used in a bad way doesn't make you guilty. If it's any comfort, since there is so much talk about heroes lately, know that you are one of MY heroes. I remember the early USENET discussions and your original profile in Wired. I've always thought that if I had more ability in math, I would've liked to be like you.

    Please know that for many of us, you are not a bad guy by any stretch of the imagination, and for a few of us, you are one of the really good guys.

    Thanks for listening.

    • Hear hear.
      I almost wish that posting had a space to add my signature to, in the way of petitions. I guess I'll have to do with adding this reply, and thank you for putting the time in to express what so many of us feel, so well.

      Malk
      • I went to lunch not too long after I posted that. Coming back, it's nice to see that other people feel the same way.

        You know, Einstein was really troubled, right up to his death, about his role in developing The Bomb. Oppenheimer (in my sig), also was deeply despairing of his role. I guess it's not bad company to be in.

        The thing about technology like this is that many other crypto researchers were working on similar things. If it hadn't been Phil's 'Pretty Good Privacy', it could just as easily have been Bruce's 'Applying Privacy', or Ron's 'Privacy the RSA Way' or perhaps IDG's 'Privacy for Dummies'. There are so many people on the cypherpunks list (which I haven't been on in a couple of years) who would have been eager to do the same thing. I just don't think it's necessary for Phil to beat himself up about it.

        Just my opinion.

    • I think it is good for inventors to take some moral responsibility for their inventions, although that would wisely be tempered with a recognition that all sufficiently useful devices based on publicly understood knowledge are likely to be developed eventually by somebody.

      Like most things, there is a necessary balance between the need for transparency in an efficient democratic society, and the need for protection from unreasonable search and seizure (e.g. the fourth ammendment). Phil helped tip the technological balance in one direction, but he didn't upend the scales.

      --LP
  • I'm against all this encryption restrictions. I have a website. I'd like to post encryption code as an act of protest. So, a simple question:



    Does anyone have a preprepared tarball of a veritable shiteload of encryption utilities -- ie everything you could possibly want, ssh, gpg, etc. I think somebody should create a tarball that we can mirror around, all the same, everywhere. And I'm too lazy to go create it myself, as I've already got a website up with a couple tools.

  • Just wait until I get my hands on the guy who invented Farsi. Those damn terrorists use this "encryption technology" as well, and not many in the U.S. government can break it! I even heard an announcement the other night where they were asking for supreme encryption experts known as "Farsi Speakers" to come in and help them decrypt this complicated technology!
    • You may be pushing for +1, funny, but don't forget the lesson of the Codetalkers.

      In WWII, the US Marines code "network" was cracked wide open by the japanese. So, they found a valuable asset: Native Americans speaking in their own language.

      Not one of the Codetalker transmissions were ever broken, and they were speaking in "plaintext" the entire time (albeit with a modified vocabulary).

      Encryption is as much an exercise in creativity and problem-solving as it it math.

      Codetalker stuff:
      http://www.history.navy.mil/faqs/faq61-1.htm

  • Cryptography as a weapon (Score:3, Interesting)

    by Phaid ( 938 ) on Friday September 21, 2001 @10:00AM (#2329883) Homepage
    While the replies to this thread are all sarcastic and full of self-righteous indignation, let's not forget that a big part of why the US and its allies won World War II was the fact that we were able to break the enemy's encryption [euronet.nl] like the German Enigma -- and that they were unable to break ours.

    We're all yelling and screaming about "what's next", taking away "more of our freedoms" and such like. Someone raised the point that the freedom to assemble in private, to learn to fly aircraft, to be free from random searches of houses, were also contributing factors to these terrorist acts. The problem is, if the government was able to monitor communications, restrictions on those activities wouldn't even be talked about -- the activities themselves are innocuous, but in the right combination they could indicate something sinister. This is the reason that people buying huge quantities of nitrogen-rich fertilizer are monitored because of its bomb making potential.

    I'm not advocating "back doors" in encryption products, mainly because it's too late for those to be useful when perfectly effective encryption is already out there for terrorists and anyone else to use. But the fact remains that the ability of people to unbreakably encrypt their grocery lists does have consequences beyond merely ensuring their privacy.
    • Your argument, while cogent, ignores the a very important question WHAT IS THE STATE OF THE ART, AT THE TIME OF THE WAR?


      During WWII, the state of the art was the Enigma machine. The cryptographers had the upper hand, and it was the imperative of wiining the war, which turned things around. During those times, the fact that the state of the art of cryptanalysis had caught up, was not widely advertised.


      The point is that these arguments are fluid, and depend on the current state of the art. With cryptography reigning supreme, it makes no sense to turn back the clock. Instead of crippling their own citizens, they should be looking for weaknesses in public key cryptography!

      • > With cryptography reigning supreme, it makes no sense to turn back the clock. Instead of crippling their own citizens, they should be looking for weaknesses in public key cryptography!

        And as you correctly point out, when fighting Enigma, the codebreakers had the upper hand.

        One thing (source: That awesome NOVA documentary on Bletchley Park) that bears repeating is that some of the biggest "breaks" in the cracking of Enigma (and its successors) often came from operator error on the part of the enemy soldier in the field, who didn't know how to use Enigma securely.

        That's not to say that Enigma was ever secure by today's standards -- only to say that the task of breaking it was made easier by screwups on the part of the enemy. (How many times have you walked by a cubicle and seen a password scribbled on a Post-it note? Your co-worker doesn't see it as a security risk, because they don't know the implications of what they're doing. The German soldier in the field made similar mistakes.)

        I would assume our codebreakers know about the exposure created by operator error, and are working on the problem as we speak. (And I wish them the best of luck - and I mean that sincerely, not in jest.)

        As computer systems grow in complexity, the number of avenues for such mistakes on the part of our new enemy increases exponentially. For any given communications channel, I can think of dozens of ways in which information could be extracted. I'm sure you can too.

        On that note, though, I'd ask you (not you-the-poster specifically, but all of the generic "you" reading this), however, to keep your speculations on ways in which the Bad Guys could slip up to yourself. I'm sure our codebreakers have already thought these holes. I'm not convinced the Bad Guys have thought of them all, and I'd like to see the balance of power tilted in our favor as much as possible.

        I was originally going to write something about how our current war is rather like the Battle of the Atlantic in WW2 - hunting down U-boats that had total domination of the seas, and protecting merchant mariners who lacked air cover for much of their journey - a battle in which crypto was absolutely vital.

        Then I realized the current war has something else in common with past wars:

        Loose lips sink ships.

        (Whereupon I shall shut the fsck up :-)

  • Technology is not good or evil. It is the use of the technology which can be evil. I think it was Karl Marx who said that root cause is usually socio-economic inequality and stratification.

    • The fact of the matter is, people DID blame Nobel, and he did feel guilty for creating dynamite. For this reason, he died alone and friendless, though mighty rich. Most see the Nobel Prize as being his way of buying himself a good name in the history books.

      I do agree with your point, though.
  • The existance of encryption is irrelevant. In fact one of the most secure forms of electronic information is a handwritten fax.
  • Just like how they should feel guilty for inventing airplanes.

  • Blame Encryption?? (Score:5, Funny)

    by canning ( 228134 ) on Friday September 21, 2001 @10:07AM (#2329930) Homepage
    Don't blame encryption, Blame Canada.

    • FreeSWAN and OpenBSD are both hosted in Canada, so I think you are right.

  • Break this or shut up.... (Score:3, Interesting)

    by ajs ( 35943 ) <{moc.sja} {ta} {sja}> on Friday September 21, 2001 @10:08AM (#2329936) Homepage Journal
    The following message was encrypted with one of the simplest cyphers known. I took the text and a random, non-repeating pad and used XOR between the ASCII values of the two. I then base64-encoded the result so that /. could display it (note, this last step is reversable trivially).

    Let this string be the line in the sand. If this can be decrypted, THEN we should worry about encryption software. If it cannot be decrypted, then any high school student can do strong crypto in their bedroom with the calculator they got for free for signing up for a mall card, and this discussion is just about invading privacy and enabling government to spy on businesses.

    du+27XAFml4uYuezNwvsewJpwj+AElF6ySV7vgXjtdoMIHYVT5 w+lAsIAozQt6OMUCji4E2BInB+
    tZHoDscCzdoV2VjlT9zPwJtdfbmHrt3wABqINnfrRbTRpprW QJ AOkNb1LHm60vNbR5uNyrYgkNPY
    FyzyfS+Gp+/L+w3u04A=
    • The main point being that if the cops get a search warrent, they can search your house/apartment/whatever for that random, non-repeating pad so that they can decrypt your message to the man who's going to bomb the Superbowl. Electronically, they can't do that yet. See the difference?
      • With public-key encryption, they can still get a warrant and search your house for your private key.

        The bottom line is this: They should not be able to decrypt your messages without a warrant.

  • The Hunt for Blame (Score:2, Insightful)

    by Grip3n ( 470031 )
    The simple fact of that matter is that when peopel are distressed, depressed and overwhelmed with hate, anger and fear, fingers begin to get pointed.

    If you recall the Colorado school masacre, you will remember the fact that the parents attempted to sue ID software for creating a game which, in their minds, influenced their children to go on a school masacre.

    The situation here is very much the same, and Phil is now taking the blame. However, why stop there? Why not blame our roads for allows the terrorists for getting around? How about phones so they could reserve airline tickets and flight school courses? Why not blame computers as a whole for allowing the terrorists to communicate?

    The truth is, people will hunt for a reason HOW. How was this allowed to happen? How could this have happened to ME? We resort to blaming others, whether it be the FBI, CIA or even someone like Phil Z.

    Time will pass and people will begin to take notice of the real problems that allowed the terrorists to operate. Does Phil Z have the blood of 5000 people on his hands? Hardly.
  • Mayhaps if the U$ were not so interested in supplying money and arms to any twit who gives lip service to supporting U$ aims-- making the world one vast McDonalds-- this discussion wouldn't be occuring (no, this is not a troll).

    Would you like fries with that....
  • Let's see, we could also blame:

    - The people who make knives / box knives.
    - The people who trained the terrorists to fly.
    - The people who sold the terrorists the plane tickets.
    - The people who made the planes.
    - The people who made the plane fuel.
    - The people who made the WTC.

    Yes this is stupid.
  • Sorry for the inflamitory subject line, but this kind of upsets me. If we are going to blame researchers for the misuse of their inventions then we may as well start with Boeing. One of the great modern problems it that the same technology that helps so many also can be misused.

  • Levelling the playing field? (Score:3, Insightful)

    by Robber Baron ( 112304 ) on Friday September 21, 2001 @10:25AM (#2330005) Homepage
    It began, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."

    [sarcasm]

    Right on! How dare anyone give the victims of oppressive (and sometimes genocidal) US foreign policy a means to strike back at their oppressors!

    [/sarcasm]

    Besides, do people really think that had PGP NOT been available, that terrorists would have sent their messages in "clear"? Anyone thinking that needs to pick up a stick and whack themselves in the head with it..."Stupid (whack), stupid (whack), stupid (whack)!"

  • These technologies should be heavily regulated:

    • Airplanes that can steered in any direction (good God, why?).
    • Flammable jet fuel (whoever designed this is as much a criminal as the terrorists).
    • Box cutters or knives capable of cutting skin (hello, they're for BOXES not PEOPLE).
    • JPEG files that allow their bits to be changed (computers scare me).
    • Any human language that allows the speaker to plan or describe terrorism (free speech is for terrorists).
    • Gravity (there are other directions besides down, why the favoritism).
    • Fire (let's ask ourselves, why was there fire in the WTC to ignite the fuel in the first place?).
    • Islam (people who are different should be watched closely).

    Each of these played a key role in the attack. Once these technologies are under control, America will be safe from terrorists. I guarantee it.

    Signed, John Q. Stupid, United States Congress

  • Watch out for sheep.. they can be real baaastards.. (ok that was goat, but still funny)

    JOhn
  • At least in this case, backdoors to PGP wouldn't have done any good at all (even if encryption was being used). Backdoors don't alert investigators to the activity of people they aren't investigating -- something else has to be suspicious first. Based on what I have read, only two of the terrorists were on the FBI's list and the FBI was only making a token attempt to track them down. Even if an investigation was being foiled by encryption, there should always be other investigative methods available to figure out what's going on. Any good conspirator will use a variety of communication methods, anyway. And use code words inside encrypted messages.
  • Although harder to use than public key because of the neccessity of generating and exchanging the pad (key) are there any user friendly programs out there that automate encrypted communications using one time pads?

    The reason being that even if the US gov't intercepts such a communication they could never prove it is an encrypted email - for all intents and purposes, without the pad, it's random data.

    -josh
  • Shortly after the great tragedy, I found myself wondering, "How long until the Media picks up on the Computer Gaming culture, and starts trying to blame that?". In the time since, I've heard people bandying around the idea that Microsoft Flight Simulator could have been used as a training tool to pilot a plane..
    At that point, I knew the world had truly gone barking mad again.
    It's the same with Crypto. Something that people don't understand is automatically to blame.
    How we look back on the Luddites of the Industrial Revolution, and consider them unenlightened barbarians.
    Going around and destroying the things they didn't understand because they felt threatened by it, without realising what they were truly rebelling against.
    Now, have a look at what's happening to the Internet, science, and the digital age as a whole...
    Each advance is slowly be destroyed by those that don't understand it, and can't work out how to control it, except this time, it's being done with a web of legislation and an army of lawyers.
    Methinks in many years to come, these will be remembered as the Luddites of our current age.
    Crypto is just one of the machines they're trying to break.

    Malk
  • Should Zimmerman feel guilty that his program was used for this? No, because he wasn't the one using it.

    Should he feel guilty for making such a powerful tool available to anyone while naively assuming the use of this technology would be free expression, and ignoring the possiblity that it could be used by terrorists, criminals, and other unsavory people and organizations? You're damn right he should.

    Technology, by its very nature, is amoral. It can be used for good or ill, depending on who uses it and how. Whether or not a technology is good is defined not by what it is, but by whom it is used and for what purpose.

    PGP and similar programs enabled anyone to communicate electronically in perfect privacy, removing the balance of public scrutiny. And when you combine that with the facts that it is easier to kill and destroy than save and create, and that the world is full of people willing to do so for any number of reasons, it should have come as no surprise that those people would be significantly strengthened by this.

    I suppose if Phil hadn't written PGP somebody else would have done it - but that doesn't change how naive he was to think that it would automatically make the world a better place. The road to hell is paved with good intentions. I wish people would learn that lesson.

    cryptochrome
  • We should blame him too!
  • In the wake of the terrorist attack, the US is making all sorts of bad moves. Well, bad to the people at least. For one, this whole encryption deal. People coming forth and saying encryption let this happen, encryption is bad! When all evidence points to the fact that all electronic communication was done unencrypted. One of the biggest complaints about bin Laden is that he didn't use technology enough to be tracked easily.

    The government has been itching a long time to do this, and now they can use the misinformation of the common folk to make anyone who stands with encryption a villian and an accomplice to the terrorists.

    Another thing I am not so sure about is the US approach to the Taliban. We are telling them to hand over bin Laden or we will destroy them, completely ignoring their reasonable call for proof. Right now, even though there is a lot of evidence against bin LAden, it is all circumstantial, and in a smaller case it would just be dismissed without further concrete evidence. The US is out for blood. This isn't a quest for Justice yet, it is one of blind vengeance. Once we had proof, then the vengeance would be justice.

    That said, something should have been done about bin Laden long ago. If we were able to definitely connect him to the older trade center bombing, two US embassy bombings, and the bombing of a US Destroyer, why only now do we really get forceful? Any one of those former actions could be construed as an act of war, and if we had been more forceful at the time, we might just have prevented the WTC tragedy. But I guess the people who lost their lives then just weren't important enough to the American people to warrant justice..

    In any event, I do think we need to get bin Laden, we cannot rightfully do it under the public pretense of justice for the WTC, but rather the more sensible pretense of trying to end terrorism, or even one of his numerous other crimes. The Taliban response may always be the same, but at least the US wouldn't look as bad when they do lower the boom.
    • We are telling them to hand over bin Laden or we will destroy them, completely ignoring their reasonable call for proof.

      Possibilies:

      1. The Taliban is trying to delay the fall of the hammer.

      2. The Taliban is hoping to glean some clues as to where we got our evidence.

      3. The Taliban has suddenly developed a respect for the rule of law and the rights of the accused.

      Personally, I find the credibility gap between the first two theories and the last one to be comparable to the gap between "Mommy and Daddy put the presents under the tree" and "There really is a Santa Claus".

      If we were able to definitely connect him to the older trade center bombing, two US embassy bombings, and the bombing of a US Destroyer, why only now do we really get forceful?

      Er, how about the obvious: 1)this was a bigger attack and 2)the US has a different administration?

      In any event, I do think we need to get bin Laden, we cannot rightfully do it under the public pretense of justice for the WTC, but rather the more sensible pretense of trying to end terrorism

      That's the position Dubya set forth last night.

  • The whole idea of encrypting a message is that there is only one way to open it: with the password/key/pattern that was used to encrypt it. With a backdoor, there becomes two ways to open it: with a password/key/pattern, and a backdoor key. Now, you say, only the guvment has the key. This is true. But who's in the government? People just like you and me, people who are not incorruptable, people who steal evidence and sell confiscated drugs and who take bribes. Which is an interesting thing to think about: if people have the key, then it makes sense that other people will eventually get the key. It's not a physical structure, it's a copyable string of bits that would eventually trickle down until everybody in the world had a key to the encryption, and unlike a physical lock you can't just replace it with a new key. Backdoored encryption would be secure for no more than a few years, then it would be as open after a fashion as pig latin.

    This is of course assuming there's one code that opens all or most encrypted files (one ring to rule them all). There's also the possibility that the government will just require you to submit any keys to a private repository, which would of course be hacked by Eaglesoft faster than you can say "ACLU."

    And besides, how can you enforce this when 256-1024 bit encryption exists throughout the world already? You can't round up software, hell i can hide a copy of BestCrypt on my machine for future use and then make a dozen copies when i need to. Encrypted data can be hidden in plain site as noise in an mp3 file or the difference between planes of a graphic. Since criminals don't go to CrockUSA and buy the software they use to skulk about with, there would be no way to even know what they were using.

    So we have useless encryption that isn't used, a huge instaled base of tough encrypters we can't stop and a group of people who our law doesn't affect. Why are we even arguing this? It's as stupid as, I dunno, declaring war against an enemy that doesn't exist yet or vowing revenge on a religion and people who had nothing to do anything. Sometimes the fucking reactionary know-nothings in this country make me wish I was in Canada, where nobody knows anything either but at least they don't have strong opinions about it.
  • I've said it before and I'll say it again: I'd gladly give up some of my security in encryption, or give up encryption entirely, to save another person's life. That's what I consider to be a priority. I just want my vote to be counted in the (predominantly crypto-loving) Slashdot community.

    And from the opinion polls on the street, most American would gradly give up a number of perceived "freedoms", so I'm not alone. Crypto-lovers are fighting a losing battle.

  • We don't need to play defense on this issue. We can play offense.

    The increased terrorist attacks underscore the need to strengthen our computer networks with strong unbreakable cryptography. Some well meaning but misguided inviduals may argue that we should weaken our computer infrastructure with back doors to ease law enforcement, but that weakening would create a greater opportunity for terrorists, as it is a virtual certainty that, with so many back door keys, some will fall into the wrong hands.

    In foreign policy, we neeed to promote the use of strong cryptography abroad, not only to strengthen the computing infrastructure of free countries, but because strong cryptography in the hands of the citizenry could help undermine oppressive regimes and enable more internal efforts at democratic reform. Since it is from oppressive regimes where terrorism seems to originate most often, making these governments more democratic is likely to be one of the most cost effective ways of reducing the terrorist threat.

    We need to pueblicize the idea that the governments of the free world should be actively promoting strong cryptography, both to guard against potential cyber-attack and to reduce terrorism at its source.

  • It was because somewhat unsuprisingly the mathematical brains in Japan and Europe had managed to come up with their own encryption systems which COULD be sold in the US, thus meaning that US companies couldn't compete abroad and could get slammed at home.

    Or was it that the NSA actually does have a working quantum computer ?

Slashdot Top Deals

It was kinda like stuffing the wrong card in a computer, when you're stickin' those artificial stimulants in your arm. -- Dion, noted computer scientist

Close