U.S. Using Key Escrow To Steal Secrets? 207
Anonymous Coward writes "US/UK stealing industrial secrets?
Report: U.S. Uses Key Escrow To Steal Secrets "
Report: U.S. Uses Key Escrow To Steal Secrets "
This discussion has been archived.
No new comments can be posted.
U.S. Using Key Escrow To Steal Secrets?
Related Links Top of the: day, week, month.
"Beware of programmers carrying screwdrivers." -- Chip Salzenberg
Proud to be an American... (Score:1)
The NSA line eater. (Score:1)
>NSA's National Computer Security Center, which looks for new files and makes copies
>of any that it finds.
I want to know what subnet this beast emerges from so I can filter it out. Nah. It probably reappears on all sorts of IP addresses including ones already assigned to others. Since when does the NSA follow rules?
Instead, I think I'll just have some huge files in a directory called high_yield_warheads that actually contain the output of
Re:perhaps I'm wrong, but... (Score:1)
corners are bad from an aerodynamic (flow separation) and structural (pressurization and optimum volume/weight) standpoint. For radar reflection (not my area btw.) i hear that the angled panels were an easy way to control the direction that a signal was returned. The compromise was between aerodynamics wanting smooth curves and stealth wanting plates. of course, throw enough math at the problem and you can get a nicer compromise.
Echelon is about fla-vor-ice! (Score:1)
Re:TONS of supporting evidence! (Score:1)
Hah hah, just kidding everyone. I was just playing a joke! You see, I was only being sarcastic about my true opinions on my federal government. You see, the government is really just misunderstood. They're here to protectt us and... DON'T LISTEN! THEY'VE STOLEN MY MIND! ARRRRRRGGGGGHHHH! Hah hah. Just playing aroud again. The US government, as I was saying, is made up of people who are really out for our best interests. Every bit of information we have is available via the freedom o finformation act of... BULLSHIT! NO! THEY'VE TAKEN ME TO THEIR SUBMARINE! OH MY GOD! ALL OF THAT DATA... IT'S ALL HERE! Terabytes and terabytes of usenet messages, all containing pictures of Pamela and Tommy Lee! And it's all stored on Travan TR-1 cartridges! UNGHT... Just playing around again. So, yo see, the government loves us! I invite anyone who feels differently to join me in an open forum with several important congressmen and a few HIT MEN! I'M TRYING TO SAY HIT MEN... this weekend. Come to
314 15th street. It's an old warehouse, but don't worry, there's cookies and juice inside. DOn"T DRINK THE JUICE! IT'S GOT THEIR MIND CONTORL ENZYME IN IT! WHEN IT WEARS OFF, YOUR MIND WILL BE LIKE OATMEAL! Thank you for your time.
Re:Boy I wish ... (Score:1)
Wankers, how can us australians sell good beef/food thats non contaminated like usa' to other countries, when usa farmers are subsidiezed to the teeth and sell well below at our lowest cost price. Yep, thats fair.
You ARE subsidised (Score:1)
TONS of supporting evidence! (Score:2)
Anonymous, and proud of it. Bite me.
Re:[nrrrf...] (Score:2)
What people *don't* know is that the way this is implemented is by still performing 128 bit encryption, but supplying a "help field" which contains the remaining 88 bits of key encrypted with the NSA's public key. This means that the NSA can easily break the (for them) 40-bit encryption, but for anyone else(such as the european governments), they face the encryption full strength at 128 bit.
I'm probably a bit inaccurate on the details (I don't have a link handy), but that's the gist.
don't be so naive (Score:3)
They do it because the big aerospace co's make their hardware. They protect or help out these co's by telling them the European's competitor's bid, and then the US co. bids lower to get the job.
Intercepting international communications [mcmail.com]
Privacy Rights: Echelon and the UKUSA [miningco.com]
go and do a search in your favorite search engine and type in the 3 letter acronym and echelon. See what you get. Very educational.
just don't say the word echelon out loud.
but hey they're only covering "foreign" non-domestic communications right? um. uh. hmm.
Re:How about GPG instead of PGP? (Score:2)
Anyway, GPG isn't a bad idea, either.
Re:perhaps I'm wrong, but... (Score:1)
Right now, without more back-up for your comments, I'm afraid we'll have to file your message under the "Wishfull Thinking" department.
...phil
Re:[nrrrf...] (Score:1)
...phil
More NSA fun and games (Score:1)
...phil
More NSA fun and games (Score:1)
...phil
Re:The NSA isn't responsible for everything... (Score:1)
...phil
Re:[nrrrf...] (Score:1)
I wrote:
Math is hard, let's go shopping. 128 - 40 = 88 bits sent in the clear.
Re:[nrrrf...] (Score:3)
This is demonstrably nonsense.
It's true that the way the key strength is reduced from 128 bits to 40 bits is by sending 40 bits of the key in the clear. Everything you wrote beyond that is fantasy.
Things encrypted using the exportable version of Communicator can be easily decrypted by anyone with equal ease. It really is 40 bits.
Furthermore, the article itself said:
Um, hello, there's no deal involved here. The only deal is that the US Government has made it illegal to export strong crypto. The deal is, alter your product to use weak crypto in the export versions, or go to jail. Everyone who hasn't been living under a rock for the last six years knows this already.
Re:A Quote from the Story (Score:1)
Hey! How do you know where I am?
Web logs (Score:2)
I find it amazing that the NSA would be foolish enough not to spoof its own IP address if it was gathering information for illegal purposes. They actually work in secrets. They would know about web page logs.
Something else is going on here. But I'm not paranoid enough to really care.
Re:perhaps I'm wrong, but... (Score:1)
I belive it is widely held that we _gave_ it to them
Actually... (Score:1)
That there was Russian interest in the blueprints was "discovered" by the "security services", and so some modified plans were drawn up and subsequently copied by the KGB spooks.
The resulting aeroplane was the Tupelov TU-144, affectionatly known as "Concordski" - a 2/3 scale replica of a Concorde that couldn't fly . . . or at least not for very long
(bastard netscape 4.6 screwed my login, hence the previous ac post)
three words. . . (Score:1)
They said I was paranoid, they said I was crazy. I am not the one who is crazy. It is YOU who are crazy! I am just sane in a mad world!
Now we need to find the evidence that the US used this technology to give Intel and MS an advantage.
"The number of suckers born each minute doubles every 18 months."
-jafac's law
Re:News? (Score:1)
"The number of suckers born each minute doubles every 18 months."
-jafac's law
Re:Nope - it's NOT that stealthy (Score:1)
Supposedly it has 100 times the radar cross-section of a B-2, a plane several times it's physical size.
Also, the reason it was shot down was because it was flying at a low enough altitude for optically sighted AAA to get it. Some AAA gunner fired at a dark patch in the sky and got lucky. This was supposedly part of the "tactic" that the Iraqi's taught to the Yugoslavs for shooting down American "LO" planes (Low Observable).
"The number of suckers born each minute doubles every 18 months."
-jafac's law
Revolution? (Score:2)
Anyone have any luck with that "report" link? It keeps giving me a 500 Server Error.
"The number of suckers born each minute doubles every 18 months."
-jafac's law
Recommendations: "secure" browsers? (Score:3)
Second: all these inconveniences to get a secure browser to hide your communications are mostly useless considering the fact that only sites of very commercial nature let you use https (secure http via SSL/TLS). Of course, the point is not that "they" can see what we are talking about something on slashdot. They can see what we are talking about anything on anywhere.
U.S. is still pretty much driving the internet communications, protocols, applications and implementations, and when at every point we are limited to non-encrypted traffic, the bad guys still can get the whole picture (see, the bad guys even have the habit of defining the bad guys..). It's important do anything to get the U.S. lift those crypto controls, the regulations are not there for you! We would be in a much safer world where encryption would be ubiquitious, including even protocols like DNS, SMTP, POP3, HTTP. Maybe they would be a bit slower, but there would finally be another reason to get faster CPU's other than to run Bloatware version N+1 from MS. :)
Re:It's only partially "stealthy" (Score:2)
perl -e 'print scalar reverse q(\)-:
Re:Boy I wish ... (Score:1)
Nick
Re:ROTFL (Score:1)
Kids, this smells like a reporter didn't use his critical facilities...
And comes back again... (Score:1)
What makes this different is that for the last 20 years, the US, among others, has been pushing for all manner of global trade rules so that US firms could feel secure in Europe and Asia, and, unsurprisingly, those Europeans and Asians have demanded the same kind of treatment here. A lot of global trade rules can be summarised in one statement: you can't do to foreign companies what you don't do to your own.
Now, back in the Cold War, spying on the Russian or Chinese governments and their interests wasn't seen as any big deal. After all, it's hard to imagine the KGB suing in federal court for it's right to privacy. And of course, the shoe went on the other foot. If the USSR stole some commercial technology from Boeing or IBM, there wasn't any way they could go to market and compete with them. There might be patents, or not, either way the USSR wasn't going to pay any attention to them.
Now we have the odd sight of companies suing foreign governments in their own courts for violating their privacy. After all, civil law in the US recognises companies as persons and accords them rights. If the US subsidiary of Bull-Thompson can show it's been damaged by the NSA snooping on their faxes without a warrant, the law makes no distinction between them and somebody like Apple Computers.
Yes, the NSA spies. That's what they get paid for, but allowing them to spy on behalf of US firms introduces a lot of issues of conflict of interests. The US has agreed, in treaty after treaty, to honour the rights of foreign commercial interests in the USA. Whether or not that's a very good idea is a different issue, those treaties are presently US law.
Unfortunately, US law tolerates the government doing all manner of otherwise illegal things in the name of "national security." The US is nominally forbidden from spying on Canadians, Australians, NZ'ers, and UK citizens (but is well known to have done so on at least a few occasions - Gerhard Bull's case comes to mind) but can spy on Japan or France to their hearts content. EU countries aren't supposed to be allowed to spy on each other. This has lead to the UK asking the US to spy on French and German companies on behalf of British firms. (At least it's fairy credibly rumoured that this happens - it certainly isn't a surprise.)
If the dogma of free trade is to be preserved, you can't use government to spy on your competitors, even foreign ones. The French do certainly do it, and the US does, and in all likelihood every country with a foreign espionage service does it at least sometimes. (Neatly excluding Canada - a country that really doesn't seem to take its economic security too seriously.)
But it is also quite clearly illegal and something that you can sue for. What is to happen if a federal judge subpeonas the CIA to testify about espionage against foreign companies, or the NSA to describe in court its signal intelligence operations? The US recently dropped a case against the owner of the pharmaceuticals factory in Sudan that Clinton bombed last year, after he sued in US federal court. In this case, it was probably because the US didn't actually have any evidence against the guy, but the Justice department claimed that it was better to drop the case than "reveal its espionage sources." Is this a precedent for things to come? If so, the US might as well get out of the commercial espionage business altogether,or else it'll be tied up in court in perpetuity, settling espionage claims.
Re:Meredith hill? (Score:1)
;-)
Made me think of Cryptonomicon... (Score:1)
In the book, they were talking about the black ops situations where they would create "reasons" that they could use the intelligence gained from the cracked codes by, say, flying a spyplane over a convoy that was already known about, or faking a merchant ship crossing near a Milchow (supply submarine) or a spy post that supposedly had been in the middle of Italy for 10-12 months previously...
Re:Actually... (NASA buys TU-144) (Score:1)
The resulting aeroplane was the Tupelov TU-144, affectionatly known as "Concordski" - a 2/3 scale replica of a Concorde that couldn't fly . . . or at least not for very long :)
Actually the TU-144 could fly quite well. So well that NASA bought one or more of the planes!
It was taken out of service because a TU-144 crashed under odd circumstances at the Paris Airshow. Apparently a French Mirage was flying in the clouds when the TU-144 was doing its demonstration flight. This is a serious no no during said airshow because the risk of collision is very high is strictly against the rules of the airshow.
Anyway, the crash was most likely due to the Russian pilot reaction or over reaction to the presence of the french plane in its airspace. The story goes that the Russian nosed the plane down hard from a full throttle climb to avoid the Mirage, thus overstressing the airframe and causing structural failure. Everyone on board was killed and some innocent civilians too.
Neither French nor Russian governments would come to a satisfying conclusion of what happened. The above was gleaned by watching the same TLC show the previous poster noted.
It is easy to copy (Score:1)
They are completely (well from most angles) invisible to normal RADARs and show only lightly in stronger military RADARs.
The idea is that the whole ship is shaped so that the radarwaves are not reflected back to it, but instead somewhere else.
Round shapes are _bad_ since a round shape always has a part which reflects right back. Corners are bad because they are usually small round shapes.
So what you do is fill all the coners with radarwave eating materials and keep roundness, invard edges and corners to a minimum.
Like all really great stuff, the principle is simple and elegant..
--
Pirkka
Re:perhaps I'm wrong, but... (Score:1)
get the book "skunk works" by the ex-chief of lockheed development. it details all this. he's perfectly correct. good book.
White House would monitor online news sites too... (Score:1)
But when I worked QA for News Internet, the web hosting arm of News Corp, we were analyzing the web logs of FoxNews.com as part of a test. We found that every 30 minutes every page on the site was pulled down by none other than whitehouse.com.
Our guess is they were running a real-time analysis of the stories with some kind of bot. Nothing super-secret or anything, but still scary that the media is "monitored" in such a way.
Reminds me of the urban tale how the US' "No Such Agency" could use computer speech recognition to scan for "keywords" on pay telephones.
That WAS an urban legend, right??
Monica Lewinsky on the cover of Cigar Afficianado? (Score:1)
Yes! Another tasteless joke at someone else's expense! I kill me.
Now, for those of you able to read beyond a tasteless joke......
I really see no reason why anyone should be surprised if the government reads your mail. They've been doing it for years.
For those of you old enough to have grandparents in the second world war, ask your grandmother about receiving messages from grandpa with whole sections blacked out through both sides of the paper.
Key Escrow is just a Bad Idea{TM}. It doesn't make catching criminals any easier, since they merely don't use the aforementioned encryption schemes. It doesn't make catching foreign powers in malicious acts any easier, since they've got THEIR OWN encryption.
It DOES open up holes that foreign powers can exploit. It DOES enable the government to spy on nobody BUT THEIR OWN CITIZENS. It DOES allow the government to compromise their own home-grown corporations and steal their technology.
Get wise people. Start screaming at your elected officials. If they don't jump fast enough, replace the bastards. If THEY don't jump fast enough, replace them with someone who WILL. They work FOR US. Not vice-versa
Chas - The one, the only.
THANK GOD!!!
And this is why I won't vote for Al Gore (Score:1)
Re:Freedom to bare arms.. (Score:1)
The freedom to bare arms hasn't been contested anywhere I've seen. Short sleeve shirts, T-shirts, and halter tops are all still A-OK. The right to bear arms, on the other hand, has been debated lately. (And not of the ursine variety)
On a related thread, fire arms, though visually stunning, are not nearly as useful for defense against sundry boogeymen as are firearms.
Have a more accurate day.
(Asbestos undies *on*)
Re:Revolution? (Score:1)
Oh, and all Christians, save the politians, are Good!
Oooh. Now I'm quaking in my boots.
Ellis, you need to stop watching the X-Files and start reading few more newspapers.
Re:perhaps I'm wrong, but... (Score:1)
Basically, whenever the wavelength of the wave is less than twice the width of a "pathway", the wave disperses in a spherical wave pattern rather than as a linear wave front. The result is that you get massive nasty reflection patterns whenver an electromagnetic wave passes near a corner. As a result, you want to minimize corners if you want to reduce electromagnetic wave reflections. This is common knowledge amongst people that deal with electromagnetic wave theory. This is not new, and has something to do with electromagnetic waves acting as both waves and as particles, depending on the circumstances.
Oh, and in case you still doubt me, please go to your local library and pour through Jane's, the military technology journal. They talk at length about the development of both the F-117 and the B-2. Although most of their information has been collected using illegal means, their information is continually confirmed when countries de-classify their military tech.
Re:How about GPG instead of PGP? (Score:1)
At any rate, I'd still rather have source...
Re:perhaps I'm wrong, but... (Score:1)
They reflect radar right back at the source. This is, in a word, Bad.
Back when I wanted to be an aeronautical engineer, I was fascinated with this stuff. There were lots of photographs that were publicly available that show radar reflection levels of aircraft. Oddly enough, every corner and point has about several orders of magnitude the radar reflection, as seen from the radar, as the flat parts. Alas, these days are about 10 years ago, before the days of the web. I'm not aware of any such photos on the web, but I wouldn't be surprised if they are easy to find...
How about GPG instead of PGP? (Score:3)
perhaps I'm wrong, but... (Score:4)
The hardware and man hours required for this level of communications monitoring is simply too great. Besides, too many people would know about this if this were true. The secret would have gotten out long ago, and with many more verifiable sources.
Ever think that Intel & Microsoft made it through clever, strategic, and downright dirty business tactics? If Intel had illegally obtained secrets from competitors, don't you think their chips would be at least as fast as their competitors? Don't you think that you, too, could do pull some pretty brutish moves if you had $20 billion cash-on-hand to use as investment capital?
Look, maybe I'm wrong. Maybe there is a huge conspiracy. However, I usually tend to believe that the simplest explanation is also usually the correct one.
I'm not trying to say that the US gov't doesn't have the ability to track any given piece of e-mail, or that they can't crack any widely used encryption scheme, or that they can't monitor any given phone conversation in most parts of the world. I'm just saying that they don't monitor *every* e-mail and/or http: request. They can't crack *every* encrypted message. They can't monitor *every* phone call simultaneously. There's simply too much to do for that to be possible. And, while the US does have some interesting technologies in its military and intelligence wings, these technologies are orders of magnitude better than what ordinary individuals and companies have access to.
Ever wonder why the F-117 (the "stealth fighter") is composed of flat panels, all at odd angles? For purposes of stealth aircraft, corners are bad ju-ju. Yet the F-117 has tons of them. The reason is that the plane was designed in the early 70s, using commonly available technology during that time (not alien tech, as some suggest). They couldn't model curved surfaces on the supercomputers of their day! If they had access to some superior, ultra-fast technology, the F-117 would have looked more similar to the B-2. This isn't intended as definative proof that the US doesn't have such wonderous computing & networking tech. It is merely intended to show that the US gov't, too, proceeds at the same pace as the rest of the world, albeit with a quarter step head start. The tech required to do these sorts of things is simply too great--and I therefore reject these stories as X-Files inspired paranoia (and I hope that I am correct
Re:perhaps I'm wrong, but... (Score:2)
I recommend that one read "Skunk Works." The author (now deceased) worked there and was the head of the F-117 project. There are great sections in the book describing two other great Skunk Work projects, the U-2 and the SR-71.
News? (Score:2)
Remember ECHELON? Was on
[nrrrf...] (Score:3)
Stealing industrial secrets when nobody's looking, enabling NSA "help fields" in netscape and internet explorer, advocating "secure communications" using the clipper chip, and a multi-billion dollar system dating back to the late 1960's to listen in on the phone conversations of Pamela Anderson (Located on Meredith Hill).
Shame on you! You've spent billions of taxpayer dollars to do do what the Drudge Reports pump out every week.
--
Re:perhaps I'm wrong, but... (Score:3)
It has. More than a couple former NSA and CIA employees have come forth to explain the technology, and what's been going on. The biggest conspiracy is not that they are doing this, but that people refute the truth. They prefer a comfortable lie.
However, I usually tend to believe that the simplest explanation is also usually the correct one.
Well, the explanation is simple: Knowledge is power.
The FBI installs illegal wiretaps daily not because they can use it in court, but so that they can use that information to know when you are doing something.. and then have an agent able to spot that through legal means.
There is no huge conspiracy, only huge amounts of ignorance. The question I pose to you is - why must our government hide these things from us? What is national security... really? And why are they watching OUR communications, if it is foreign powers that they are honestly concerned about?
--
Use strong crypto whether you need it or not (Score:5)
I'm appalled by these findings. I always dismissed stories of what the spooks are listening to as totally blown out of proportion. Not any more. After reading the technical details section in the report it seems clear that the NSA so far must be ecstatic with joy over the popularity of the Internet: less pesky voice recognition, less error-prone handwriting recognition, more digital food, easy to digest, high in information content and relatively easy to filter.
I think the best way to make the spooks life harder is for as many people as possible to use strong crypto: the more well-encrypted messages they listen to the more resources they have to dedicate to the much harder task of breaking strong crypto rather than developing strong filters.
If I were a company interested in keeping my stuff secret, I wouldn't buy any American software: the Lotus example in the report is ridiculous --- does the US government really need a convenient way of listening in on the Swiss governments internal dealings ?
The only reasonable choice is Free Software. Use GPG, hit on it, beat on it, try to break it until we can believe it's reasonably secure.
Fill the Internet with encrypted noise to get the spooks sweating. It's not important if they can break your 'Happy birthday, Mom!' message; but all those encrypted 'Happy birthday' messages might keep them from reading the stuff you really don't want anybody to read.
Re:wow... (Score:1)
Doesn't sound much like socialism to me.
So kindly crawl back under your rock. Or at least learn what the hell socialism really means. Preferably before you make an ignoramus of yourself once more with statements like the one above.
Thank you.
--Z.
Re:Meredith hill? (Score:1)
Re:Freedom to bare arms.. (Score:1)
Point two: Your general argument makes as much sense as a claim that speed limits are just the first step towards banning cars.
Re:don't be so naive (Score:1)
I'd give you the book's direct link on, but Amazon's site seems to choke so I'll just give you their main site's link - amazon.com [amazon.com] and the book's ISBN: 0140067485. Its about $12, and it was written quite some time ago, but it is a really good book if you're interested in learning about "them."
Read the Report (Score:4)
This report is a Good Thing for a number of reasons. It documents how the NSA and our "national security state" have been joined at the hip to U.S. economic interests. It corroborates various reports over the years of state sponsored economic surveillance. It debunks that argument that key-recovery is needed for law enforcement. Lots of good stuff with the authoratative imprimateur of the EU.
But the real good news is found in both " Comint capabilities after 2000 [mcmail.com]" and in " Policy issues for the European Parliament [mcmail.com]". The cost of ComInt surveillance has proven to be prohibitive - a waste of time and money. And the rise of optical fibre networks has rendered snooping methods obsolete. But best of all, "Communications intelligence organisations recognise that the long war against civil and commercial cryptography has been lost."
Finally, check out this recommendation:
The bad news is this is a report by the Chief Geek at EU to the parliament. What are the chances that anyone other than geeks will pay any attention?That's not the part that surprises me. (Score:3)
What surprises me here is that it doesn't seem to bother anyone that we've come to the point where nobody questions the assumption that our government isn't any more trustworthy than the latest despot-of-the-week.
It surprises me that our government accepts the fact that we've grown cynical of their sincerity, and isn't worried about it.
secrets and lies (Score:1)
This has gone so far in the USA that level-headed reporting of facts which do not fall within the narrow permissible range (i.e., hawk-or-dove, GOP, Democrat or Libertarian) is swept under the carpet. Certainly the 'serious' newspapers and TV don't carry it. Publications like west-coast tabloids, 'mad socialist' rags and e-zines can get away with it because the people who matter -- investors and, to a lesser extent, voters -- don't read or believe these 'rumours'.
Honest reporters rarely make it to editorial positions in the decision-makers' media.
Fluff and shit helps a lot, and many things are kept secret successfully until it doesn't matter anymore but you'll be surprised how many people refuse to believe it -- even though it's in official, declassified documents.
Who cares *now* that the US funded and provided intelligence support to Nazi armies in the Soviet Union after the second world war was supposedly over, or that it adopted Nazi intelligence personnel and tactics in Europe?
J
disarming revolution (Score:1)
Armed revolution -- armed *anything*, really -- only leads to suffering and impoverishment.
The people in control of the oppressive government have no particular attachment to the American people as their preferred victims of oppression, and they aren't your elected officials, either. They are rather the chiefs of staff, secretaries of the executive, CEOs of defence corporations, major investors in defence corporations (which includes, not surprisingly, most of the major investors in most other major corporations too, so throw them in as well). Oh, and don't forget media magnates.
This elite has a better track record of oppressing third-world people (particularly in Latin America) with the help of purchased military establishments and governments there. It doesn't have the same clout in the US because it depends in large part on the good-will of the US public as consumers and voters (and some as skilled workers).
Since the 'enemy' isn't your elected officials per se but rather the estabishment, a confrontation on the grounds of force is a bit ridiculous. You'll put your life on the line, alongside millions of other Americans, to fight the PENTAGON?
The US is not the world's only superpower for no reason. It really does have the most powerful military ever to have existed. The Pentagon and the CIA have powerful allies (purchased by cash, drugs and blood) in the establishments of all the other powerful countries. China is *not* an exception.
So have your revolution, and enjoy the bloodbath. I don't think you'll find many to side with you, Truth and Justice against the American Way. Not if it's to be fought in the battlefield.
But if, OTOH, you use your vote and your right of association, you might get somewhere. It's a free country, compared with most.
J.
May I borrow that soapbox? (Score:1)
It's about time someone said this, and now I've heard it I'll be saying it over and over myself.
Democracy has become irrelevant in the US, thanks to the entrenched power of the Pentagon, its corporate subsidiaries and other major corporations, the two major parties
The ridiculous individualist ideology which values guns and investment above community and the vote keeps those people who might do something to improve public policy in opposition to public policy *itself*, as though the only possible policy was fascism. This leaves the US's more subtle, less fascist fascists firmly in control.
But the democratic institutions themselves exist! The US is, technically, a democratic country! Never mind that the Constitution (I mean the 1787 [house.gov] one, not the 1777 [hypermall.com] one) crippled the independent, radical democracy of the New England states; even Madison's document, designed to let "the people who own the country
The US polity is flawed and its government (including the unaccountable corporate elite) is fundamentally serving its own interests alone. But violence is not the way to change that.
Thanks.
J
May I borrow that soapbox? (Score:2)
It's about time someone said this, and now I've heard it I'll be saying it over and over myself.
Democracy has become irrelevant in the US, thanks to the entrenched power of the Pentagon, its corporate subsidiaries and other major corporations, the two major parties
The ridiculous individualist ideology which values guns and investment above community and the vote keeps those people who might do something to improve public policy in opposition to public policy *itself*, as though the only possible policy was fascism. This leaves the US's more subtle, less fascist fascists firmly in control.
But the democratic institutions themselves exist! The US is, technically, a democratic country! Never mind that the Constitution (I mean the 1796 one, not the 1779 one) crippled the independent, radical democracy of the New England states; even Madison's document, designed to let "the people who own the country
The US polity is flawed and its government (including the unaccountable corporate elite) is fundamentally serving its own interests alone. But violence is not the way to change that.
Thanks.
J
Whither Wintel (Score:1)
What I find harder to swallow is that they would be so easily caught on someone's logs. On the one hand they're being made out to be almost omnipotent, and on the other hand they don't even disguise thier IP?
It is sometimes necessary to speak.
Right on (Score:2)
Just a small factual correction - Lotus has had a Intl (56 bit with escrow) and North American version (with no escrow, as far as anyone knows) for many years, and the new release (R5) has not changed this at all. (R5 NA does support 128 bit SSL.)
I fail to see how 56 bits with 24 escrowed by the USG is worse than plain old 40 bit security.
--
Re:Boy I wish ... (Score:1)
As far as I know, Airbus hasn't been subsidized since they broke even quite a while ago.
Re:Can't say I'm surprised (Score:1)
Re:Web logs (Score:1)
Complete Report and Recommendations (Score:5)
2. At the technical level, protective measures may best be focused on defeating hostile Comint activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic information by general use of cryptography.
5. At the present time, Internet browsers and other software used in almost every personal computer in Europe is deliberately disabled such that "secure" communications they send can, if collected, be read without difficulty by NSA. US manufacturers are compelled to make these arrangements under US export rules. A level playing field is important. Consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional
applications which restore the level of security to at least enjoyed by domestic US customers.
We could tell them that is already possible
Re:A Quote from the Story (Score:1)
Re: (Score:2)
You are mistaken (Score:1)
2. The pilot was found guilty of destroying evidence. He was kicked out of the Marines and will go to prison.
Re:3 sides to every story (Score:1)
"Why would the US gov blow its wad on leaking confidential data to contractors to give
them an advantage? The best part of having a secret is keeping it"
Intelligence gathering is like collecting
baseball cards: you acquire a lot of stuff
you're not interested in but you keep
it for "traders".
How many movies have you seen where the
hero calls an old freind in Xcorp or CIA for some
crucial bit of info? The conversation ends
with "I owe ya one, buddy".
Only happens in fiction?
Re:perhaps I'm wrong, but... (Score:1)
Re:Interesting math and/or factchecking, though. (Score:1)
Or even bad crypt whether you need it or not. (Score:1)
Re:Interesting math and/or factchecking, though. (Score:1)
I think you're probably wrong. (Score:2)
On a similar note, comparing the tech required to design a plane to the tech required to scan text is really apples and oranges. The first is pretty much computation fluid dynamics, and is primarily floating-point operations. It also doesn't parallelize very well due to the high I/O requirements between nodes. That's why scientists in the field still like big vector processing Crays instead of SMP machines.
On the other hand, scanning text is entirely an integer problem. It is also easy to parallelize it to a massive scale. You could do it effectively using 8088 PC's if you had to. Just pass each message or packet off to a different node, and each node has it's own copy of the "dictionary" you are searching for. Easy. Note that the report does NOT claim that the NSA has been scanning phone calls for years. Only that they have been scanning text-based communications. It's really easy to build computers to scan huge amounts of text.
So, I don't think you are correct in calling the whole Eschelon report "X-Files" stuff. It's quite resonable to think that they could have built most of this thing using off-the-shelf parts. Or that they could have had custom chips built using standard processes.
Oh, and if you want a more reliable source, some of this stuff was discussed at US Congressional hearings back in the 1970's. At that time, a Congressman likened the NSA to a giant ear which was listening to the world. He also said that if that ear was turned inward, there would be nowhere to hide from it. And this was in the 1970's. If you really belive that the NSA is not sniffing and analyzing every bit of communication that it can get it's hands on, your not looking very hard because it's not really a secret. We are talking about the NSA. Spying on the electronic communications of foreign powers is their job. No one is accusing the Department of Agriculture of spying. It's the NSA. It's what they do. Why do people keep trying to pretend that the NSA isn't doing it's job?
Can't say I'm surprised (Score:1)
Re:Hey... (Score:1)
Re:perhaps I'm wrong, but... (Score:5)
I realize that this is off topic, but I felt I had to respond...
The f-117, and all of its flat panels are actually based on the "hopeless diamond" design. It is a very angular geometrical shape that is completely invisible to radar. The math behind it was developed by some german scientist.
When placed in a radar test chamber, the f-117 completely disappears. In fact, one of the sticking points in the development of the F-117 was figuring out how to hide the radar cross-section of the pilot's head through the window of the plane. The solution... Coat the window with a transparent film of gold.
So, to sum up, the F-117 design was not due to lack of computing power, but rather the mathematics of stealth.
--David Garrett
Exploit Porn and MMF (Score:1)
Actually, I think it would be pretty cool to use fake porn as a sneaky channel for encrypted communication. Just post a "corrupted" JPEG to usenet that is really an encrypted message. Or maybe have it be a well-formed porn picture, but with low-frequency artifacts that aren't necessarily noise...
Or go really low tech, and post Make Money Fast messages that have secret acrostics in the sentences. :-)
It's not all bullshit. (Score:3)
The NSA budget is estimated to be around 5 billion USD - that buys a shitload hardware and bandwith, i bet the not all of that bandwith is used for reading
Here a couple of excerpts from the NSA's about-page [nsa.gov]
- "It is said that NSA is one of the largest employers of mathematicians in the United States and perhaps the world. Mathematicians at NSA contribute directly to the two missions of the Agency: they help design cipher systems that will protect the integrity of U.S. information systems while others search for weaknesses in adversaries' codes."
- "The NSA/CSS is responsible for the centralized coordination, direction, and performance of highly specialized technical functions in support of U.S. Government activities to protect U.S. information systems and produce foreign intelligence information."
Now, what do you think the NSA does?
A Quote from the Story (Score:3)
Ha! So I guess now they know how to Make Money Fast.
Re:I feel the whole thing's overblown... (Score:1)
Just remember that when you go buy the petrol for your cocktails that you are able to afford your purchase in part due to some intelligence-enabled arm twisting to get around OPEC's price controls.
Re:I feel the whole thing's overblown... (Score:1)
And lest you start believing that Europeans are nothing but victims in the spycraft game, Europe has far more experience in the ways of stealing secrets from their rivals. They may not have anywhere near the same technological capabilities as UKUSA, but spy cases in the US have almost always indicated that to spy on the US, all one needs is a sufficiently disgruntled employee with a high enough clearance.
That said, nations would be hopelessly naive if they were to believe that other nation states are not out there attempting to get at their darkest secrets. Hence, the reliance on encrypted diplomatic channels, secure channels for military use, and exchange programs where they attempt to glean some information that is not generally publically available. Fact is, every nation of significance does conduct espionage. The United States is in the unique conundrum of doing it against the backdrop of our constitution. We also seem to always have the neatest gadgets and toys.
And to address your point about domestic espionage activities: let me assure you that no matter how tempted our spy agencies may be in conducting such activity, they know full well that if caught, they would face the wrath of those who pay for their existance--namely the Congress. You may say, historically this has been little deterrent. True, but historically, we were engaged in a silent war with the Soviet Union, and our citizens claimed for a time that spying on other citizens was a small price worth paying in the face of a supposed communist threat.
Moreover, even if the UK had dismantled its supposed echelon listening post in HK, what makes you think that the Chinese are not clever or resourceful enough to construct surveillance on their own? Singapore has singlehandedly created a vibrant surveillance culture, there is no doubt that the Chinese could easily do the same.
The article is about European countries portraying themselves as victims in a game they play as well as any other. Do you believe everything your nation's government says? If you don't, then, my friend, you are on equal footing with many Americans in dealing with dichotomies between stated and actual policies. It's just that here in the States, the differences eventually are aired publicly.
Re:Proud to be an American... (Score:1)
While America was busy deciding the morality of a married president getting a bj by an intern they failed to notice Clinton making deals with communist china to launch U.S. satellites satellitesthat contain the same encryption technology that our long range guided missiles do so their flight path's can't be tampered with by a victim country. (funny how one of those satellites crashed during initial launch and those same circuites ended up missing from the recoverd pieces).
Nor did anyone pay attention when Clinton was passing laws that give him absolute power to stop all government elections and usurp judicial and congressional power by calling a military state during times of a national emergency. Since he's allready stated he considers Y2K to be a national emergency I think next year is going to be a very interesting one.
Re:It is to LAUGH! - Lotus story is crap! (Score:1)
Re:OFF TOPIC? (Score:1)
Re:3 sides to every story (Score:1)
"Windows 98 Second Edition works and players better than ever." -Microsoft's Home page on Win98SE.
Adopt an MP (Score:2)
The story of the boy who cried "Wolf!"... (Score:2)
Kaa
Having a problem?.. kinda sorta (Score:2)
In any case, the role of national intelligence agencies is in flux following the end of the Cold War and it has been repeatedly suggested that they be used for gaining economic advantage. It has also been suggested that the Japanese, as well as Taiwan, Israel, etc. etc. have been doing this for a long time. I don't see any high moral problems here, anyway. All we are talking about are trade secrets of some corporation. The objections to economic espionage tend to be on the lines of "Gentlemen do not read other gentlemen's mail" and, unfortunately, that line of argument exhausted itself in the XIX century.
Kaa
I feel the whole thing's overblown... (Score:5)
One, the US/UK/etc. intelligence agencies collect data from the world communications network. So? Does this surprise anybody? Didn't we hear about it a zillion times before? Would anybody expect any intelligence agency with proper capabilities to do otherwise? So the UK spooks have a terabyte of Usenet data. Big deal. If I had a terabyte of storage handy I could have it, too. DejaNews likely has much more. Usenet is public forum anyway so I don't see any problems here.
Two, US intelligence agencies use intercepted data for commercial advantage of US companies. Again, this is old news. The report doesn't add any new hard data except some vague allegations that I (at least) have heard before. Airbus has been bitching about being spied upon for years by now.
In any case I don't see what this has to do with key escrow. It was a bad idea, it is a bad idea and it will stay a bad idea. *Of course* the spooks love it, but that's only to be expected and has been demonstrated numerous times before.
So I guess I don't understand what the whole noise is about.
Kaa
Re:A Quote from the Story (Score:2)
Re:This is quite an eye opener (Score:2)
IIRC, there are "freeware" versions there for personal use only. These should only use Diffie-Hellman keys rather than RSA keys (and thus be backwards-incompatible, unable to talk to PGP 4.0 and below). Using DH rather than RSA avoids the RSA patent.
Between this and GnuPG, there are now at least two vendors for legal downloads. The NAI stuff described above is sold (with RSA and other things bolted on) as payware; I can personally vouch that it is good compared to most payware. Those who know GnuPG will be able to say if GnuPG is technically better or worse.
Their very excuse for key escrow is full of holes (Score:2)
Lee
It is to LAUGH! - Lotus story is crap! (Score:4)
I have been working with Lotus Notes since version 2 first came out, I know the product well. The entire time Lotus and now Lotus\IBM (actually IRIS) have been producing Notes the Govt. has been all over them about their encryption. The entire time Lotus has been putting out a "weaker" 40bit version of Notes to satisfy the export laws, until R5.
Now, Lotus has come up with a compromise that they had hoped would allow them to get back to having only one code stream. That solution was to escrow 24bits (believe that's right) with NSA such that they could export Notes without major changes. This has been PUBLICLY STATED BY LOTUS in at least two VERY PUBLIC conferences dedicated to Notes that I have personally attended - and probably many others I haven't. Anyone attend Euro-Lotusphere that can comment? Folks, IT WAS NO SECRET! Period - end of story - full stop. Lotus made this known! To assert otherwise is truly funny!
This story about the Swiss is pure BS - if they didn't know that 24bits were escrowed with NSA it was because they didn't ask - not the fault of Lotus is it? Is the US Govt. policy on encryption so secret that the Swiss never bothered to wonder how it was Lotus got a product "stronger" than 40bits out of the country? Come on - are they that stupid? Someone in Switzerland didn't do their homework, covering it up by saying Lotus did this in "secret" is pretty silly.
If you want really bad - look at the French version of Notes. It's WEAKER than 40bits! How, Why?! Well, it seems the French Govt. wouldn't allow them to sell Notes in their country if it wasn't this weak! Yup, R5 French is weak as wet tissue and not because Lotus wanted it this way. In a security forum hosted by Lotus they publicly stated they wouldn't use the French version no matter what - it's that weak and they hate it! But, they had to satisfy the French Govt. or not sell their product. I THINK the French version is only 24bit - I'm not positive.
Lotus is NOT a bad guy in this, stupid reporters to the contrary. Sit in on any of the security forums at Lotusphere and listen to the Lotus guys talk about how they don't think 64bit is strong enough anymore, how they intend to go 128bit or better (did R5 get this? I'm not yet using it yet), and how they do their Public Key stuff. These guys are and have been so far ahead of the X509 crap it's not even funny. These guys have had certificates for years and STILL have useful features not yet implemented in X509 (hello - cert chaining?). They did this for funsies? And then we get articles that blast Lotus for being in cahoots with the Govt or NSA? Obviously someone isn't paying attention and hasn't done any research on Lotus - their making encryption so easy to use in Notes has NOT made them the US Govt's friend by ANY stretch of the imagination!
P.S. Know what's really funny? That someone will read an article like this or the one dealing with the Swiss and take it as gospel without ever researching it. Heh, if you want to know how it all really works Lotus has a White Paper in PDF on their site that goes DEEP into the details. I'd provide an URL but it's not handy, I'm only part way through it myself but it's damned detailed. Let's see M$ put something this detailed together about Exchange or NT! (lol)
The NSA isn't responsible for everything... (Score:2)
Hmm. Reading... [mcmail.com] They sound just a little too paranoid to me. The reason so much European traffic is going through Vienna VIRGINIA is not the NSA, or even BGP finding empty routes through the US, exactly... it's because European long distance rates are so high it's cheaper to cross the Atlantic twice!
Correct url for the report (Score:4)
The one in the TechWeb article is slightly mangled... if you didn't figure it out, try this [mcmail.com].
Check out the May 1999 STOA newsletter [eu.int] for a very quick summary (scroll down a bit). None of it is US authored, AFAICT.
3 sides to every story (Score:3)
Somehow I think this "finding" is not quite accurate. Why would the US gov blow its wad on leaking confidential data to contractors to give them an advantage? The best part of having a secret is keeping it.
Re:perhaps I'm wrong, but... (Score:2)
You're right that searching "every" bit of traffic is too much ... but in addition to the other points raised ("there is proof that they do this"), I'll just highlight that the espionage agencies have had years to develop specialized hardware to not just crack ciphers, but also do high speed pattern recognition. And yes, lots of academic research has been funded in those areas for the past decades.
That said, for the past two years I've been getting the story from folks in/around Washington DC that the spy agencies have given up on stopping crypto for purposes of national security. All the signals they really care about are too easily protected. That jives with what that report said.
The bizarre thing ... is that the FBI and other law enforcement folk have recently begun muddying the waters. It's like they don't want to notice what their higher tech buddies have concluded ... or maybe they just have a huge case of budget envy! Look on the bright side, if they get their wish, it's a new segment of the high tech industry.
What I found the most interesting bit in the Bernstein ruling was the observation that Fourth Amendment rights (protecting against unreasonable search and seizure) were at risk. Let it be noted that J. Edgar Hoover's organization is not noted for scrupulously obeying the law, and many folk have been noticing an alarming tendancy towards very authoritarian behavior in many police departments in the United States. What would you like to bet that members of minority communities will get more hassle for using crypto than, say, WASPs?