Slashdot Mirror

"Key escrow does not make you more vulnerable to a 3rd party?" You have got to be kidding me. YES IT FUCKING DOES. Repeat after me: KEY ESCROW IS SHIT. Here's an excerpt from a paper detailing why it is such a bad idea right out of the gate:

In short, eavesdroppers seeking access to the session key must use two keys to decrypt the LEAF: the family key (which is common to all chips) and the chip key (which is different for every chip). Assuming that the family key will be in fairly wide circulation,{194} the security of the Clipper Chip stands or falls on the security of the master list of chip keys. This list, or the two lists of key segments, would be of enormous value to any attacker, such as a foreign government bent on industrial espionage.

Pay phones were pretty impressive engineering overall when you think about how much abuse they were subject to.

The locks used on them, especially the coin box versions, were probably one of the most impressive parts of them. They might rank as one of the most secure mass-produced locking mechanisms ever made. I think the coin box had 1.5 million key variations and were extremely pick resistant.

This link outlines the lock system used and mentions the almost legendary status of them. I seem to remember the urban legend mentioned in the article about one guy who figured out a system for picking the coin box lock. The article doesn't go in to details, but I vaguely remember there was supposedly one guy (maybe an insider who had access to the internals or keying system or something) who got away with it for a while.

Back in the 1970s or even earlier, there would have been a huge motivation for a successful and simple method of opening pay phone coin boxes. Pay phones were everywhere and if you could gain easy access to opening the coin box you could have probably made a living just going from phone to phone emptying the coin boxes.

http://www.crypto.com/photos/m...

We've had this technology in the US since around 2006, however it was restricted to trunk/hybrid, or analogue radio systems and came bundled as part of a radio scanner. Scanners in many states are illegal to operate in a motor vehicle, hence the technology never really caught on. its biggest, perhaps only manufacturer, was uniden with their 'beartracker' feature
in the states many municipalities still use antiquated strobe technology to change traffic signals in the event an emergency vehicle needs to pass. several of our radar detectors alert for these 'strobes' of IR radiation. "Safety radar" was an invention that never saw much usage in the united states but would alert the driver of road hazards and approaching ambulances using dedicated transcievers. its largely been discontinued.

radios in the United States use APCO P25; this change was made largely after 2001. A digital system, it has cryptographic capability and is best-effort in protocol. Gnu Radio projects to capture and decode the unencrypted traffic are successful, and can yield through data capture, ping latency and triangulation a wealth of information such as who is in a given vicinity, their name, their unit number, the radio MAC address, what shift they work, and even their routes. much of this data wouldnt require 'listening' to the communication at all but is, much to our chagrin as slashdotters im sure, metadata

http://www.crypto.com/blog/p25... unrelated but this presentation gives insight into how pointlessly flawed APCO p25 is.

Oh, how many of this story fills out spots on the Public Relations Security Bingo game? I counted four. You have to refresh to get all of the possible options; there are more than fit on any one card :)

Except, if you are at the end of a corporate proxy, your encrypted session can be easily eavesdropped on .. link

thank you for addressing the problem of unlawful criminals snooping on your radio traffic. as a result of your decision to use a widely adopted, commercially available, and readily hackable radio protocol at taxpayer expense ive found the pasadena police radio system to be a terrific folly on friday nights.

Expect that your radios will jam, crash, and be forced to revert to unencrypted mode.

expect to have your radios counted every hour, and a general location of each radio posted to the internet.

expect your radios to be cloned and sold to the highest bidder.

http://www.crypto.com/blog/p25/
regards,
the next nefarious hacker to read this article.

CAs are generally safer because browser vendors require passing an audit to be included.

Diginotar passed multiple audits. Most of the several thousand mostly-unknown CAs (see my previous post) that browsers will accept a cert from have never had to pass any audit. In fact we don't even know who they are.

And like in this case, they will remove the certs for CAs that fail to perform properly.

This case is exceptional because it's the first time a CA has ever been removed for being negligent. Any other time in the past the CAs were regarded as too big to fail. In fact it was only the fact that it had issued an insignificant number of certs (around 700) that allowed it to be removed. They left Comodo in there earlier this year because it was too big to fail.

(Kinda scary how many misconceptions there are around this. As Matt Blaze said a decade ago, "a CA will protect you from anyone whose money it refuses to take", although Diginotar has shown that it won't even do that).

Well, I guess Matt Blaze won't fit into this brave, new world, Mr. and Mrs. AmeriKKKa.

This is a proposal for better security through psychological denial and cognitive dissonance.

As such, it fulfils the "Ignorance is Strength" part of the equation, which already has it's "War is Peace" and "Freedom is Slavery" components well under way. So begins the formalisation of thoughtcrime - through state promotion of doublethink.

The keyword here is blackwhite. Like so many Newspeak words, this word has two mutually contradictory meanings. Applied to an opponent, it means the habit of impudently claiming that black is white, in contradiction of the plain facts. Applied to a Party member, it means a loyal willingness to say that black is white when Party discipline demands this. But it means also the ability to believe that black is white, and more, to know that black is white, and to forget that one has ever believed the contrary. This demands a continuous alteration of the past, made possible by the system of thought which really embraces all the rest, and which is known in Newspeak as doublethink. Doublethink is basically the power of holding two contradictory beliefs in one's mind simultaneously, and accepting both of them.

-- Part II, Chapter IX - The Theory and Practice of Oligarchical Collectivism

Actually it's time to start attributing to malice.
A Conspiracy

Your h4lons raz0r full of poo

First, there's no such thing as a "democrat party" it's called the "democratic party"

Second, this isn't an R vs D problem, it's a physics problem because humans can not see the electronic signals inside these (doped with no oversight) pieces of silicone, regardless of the arrangement which is going to electronically represent in digital logic the tabulation of these election ballots. A poll watcher is a moot point, when you were not present 24/7 from the initial doping process, through assembly, manufacture, and down to deployment at the local polling place level, where you and I vote.

Third, when you can't provide oversight, you have garbage in, when your trying to tabulate garbage, you end up with garbage.

Fourth, being as there's no audit "trail" , and no human oversight from start to finish, you can't recount unvalidatable trash.

Fifth, the final outcome is always destructive, by electing oath breaking termites, everything becomes corrupted by propagating more oath breakers to destroy more stuff, and release everything from accountability of the existing law.

Sixth, you can quote all the fucking numbers you want, the reality is you still haven't counted the peoples vote.

Seventh, I give you Kudo's on also correctly recognizing the fact that electronic parts fail sometimes, for no reason, they fail, and for reasons they fail, they can burn out, they can overheat and give really weird output, but the sad fact is nobody is destructively reverse engineering these devices for exploits of malicious intent. Just cause something's burnt up, doesn't mean it failed, it may have failed with a purpose internally, like changing it's internal logic around and burning the channel shut. Clearly electronic semi conductors can not ever be trusted with this in mind as every machine would need to be destroyed to be audited fully for tampering, and even then, we still might not SEE it!

Now here's my opinion. (I didn't say fact) You want an open primary? Fine, Outlaw all electronic vote tabulation devices, and have an election which uses all paper ballots, all counted by all publicly interested parties, the public must provide 24/7 chain of custody, from the moment the poll opens to the moment the entire election is finally tabulated, and even then it ought be stored in a vault afterward with oversight from all interested public parties. Or transported to a vault by all interested parties. Where ever it goes it can not be allowed to have the "chain of custody" tampered with. If it is tampered with, then the election must start over. The other part of this is reform the way the SOS does it's policies and procedures. You can't have a corrupt sheriff in charge of kicking poll watchers out, and especially at the expense of breaking the "chain of custody" , which if you happen to look right now, not many deputies have asm programming and electronic manufacturing under their belt. So clearly local LEO (Law enforcement for short) is being exploited by whatever politician wants to put pressure or just straight up conspire to steal shit (like we already have seen.) So clearly there has to be some kind of check to this kind of exploit of power. Perhaps specifically trained election cops, to counter it all, and if need be they call local LEO for assist. But the days of rolling up poll watchers on faux charges, then releasing them after the election is over, breaking the chain of custody, has to stop for it to work. I really hope your feeling what I am saying here.

The next problem is the Electoral College. And I don't know what to say about that, personally I want it outlawed also, but FIRST these electronic vote tabulation devices have to go! Buy Paper, Pay humans, uh, if you can't get workers, do it like we do Jury Duty, your called to duty, you serve.

The other thing which I have been saying all along now, is this is literally a national security problem.

You don't know who is electing our reps. Could be the chip manufacturer in Korea, or China. You don't know though, because you haven't looked.

Such a configuration (called master keying in the US) reduces security. See Matt Blaze's paper on the subject at http://www.crypto.com/papers/mk.pdf (Abloy is mentioned by name as being vulnerable to the described attack).

A decade ago, I observed that commercial certificate authorities protect you from anyone from whom they are unwilling to take money. That turns out to be wrong; they don't even do that much.

Unfortunately, through a confluence of sloppy design, naked commercial maneuvering, and bad user interfaces, today's web browsers have evolved to accept certificates issued by a surprisingly large number of root authorities, from tiny, obscure businesses to various national governments. And a certificate from any one of them is usually sufficient to bless any web connection as being "secure".

For instance, Firefox 3.6 comes with a CA cert built-in from TÜRKTRUST Elektronik Sertifika Hizmet Salaycs, whoever they are. It's self-signed and doesn't expire until 2015. There are well over 100 CA certs in Firefox 3.6. We basically have to trust every one of those organizations not to snoop our SSL traffic. There has to be a better way.

See Matt Blaze's post The Metadata is the Message which gives a phone company placard saying among other things: Secrecy of communicatins is a basic requirement and important company policy. It includes divulging neither the conversation nor the fact that a call was made between two telephones.

The current dotcom culture towards privacy seems to be that anything not nailed down is theres. Screw 'em. We need completely anonymized peer to peer communication.

How about more current news reports then?

PhysRevLet is behind the times. The trend is for open access. This week, USENIX, the computing systems association and sponsor of many major conferences, is making access to all its published papers and conference proceedings free to the world. This blog has details.

DCS 3000, an FBI suite of systems for collecting and managing data from wiretaps for criminal investigations, was designed to meet those requirements. Recently released FBI documents reveal serious problems in the system's implementation. 22 Its auditing system was primitive, surprising for a system intended for evidence collection. The system has no unprivileged user IDs, relying on passwords rather than token-based or biometric authentication, and even uses an outdated hashing algorithm (MD5) appears in a 2007 "system security plan,"23 several years after Chinese researchers found serious problems with this already weak hashing algorithm). Most seriously, the system relied on a single shared login, rather than a login per authorized user. The system's ability to audit user behavior depended entirely on following proper processes, including using a manual log sheet to show who was using the system at a given time. Remote access--in an insecure fashion--is permitted from other DCS 3000 nodes, making the system vulnerable to insider attacks.

Working pretty well?

read all about it! Risking Communications Security

actually, it appears that all the voting machines that were audited in california were pretty bad, full of 'garden variety' mistakes and security flaws.

http://www.crypto.com/blog/ca_voting_report/

Security is never simple, The problem is that when you are securing a system you must secure the hole system against a planned attack. What this means? This means that is not only a choice of witch cryptographic algorithm you are going to use, this means that to create a secure system you must think about how keys are going to be created, how they are going to be exchanged, what side-channels might exists in the transaction and so on.

Just as an anecdote history, ssh was found to be leaking information about passwords, even if the attacker could not decrypt the data passing in the wire. The attacker would time the packets going out and in. If there were packets coming out the client side and none going in, this would mean that the data in this particular traffic was not being echoed and was probably a password. The timing between each packet leaving the client machine would show to the "bad guy" how "far" (in a sense) apart the consecutive keys were in the key board. With these timings he could plan his brute force attack, to try a much lower number of attempts.

The ssh hackers simply changed the software so it will transmit fake echo when you're in a no-echo situation, a simple fix. But this illustrate how something that most people would never think could turn into a bad problem. Secure systems must be very carefully planed and checked by third parties, the more the better. It aways easy to think about something that you would never break, that doesn't imply that it is secure.

sources:
http://www.crypto.com/papers/jbug-Usenix06-final.p df
http://www.securityfocus.com/columnists/375/2 (see the question "Did you develop any measure to fight timing based attacks?")

A commercial, and in some respects a social doubt has been started within the last year or two, whether or not it is right to discuss so openly the security or insecurity of locks. Many well-meaning persons suppose that the discussion respecting the means for baffling the supposed safety of locks offers a premium for dishonesty, by showing others how to be dishonest. This is a fallacy. Rogues are very keen in their profession, and know already much more than we can teach them respecting their several kinds of roguery.

Rogues knew a good deal about lock-picking long before locksmiths discussed it among themselves, as they have lately done. If a lock, let it have been made in whatever country, or by whatever maker, is not so inviolable as it has hitherto been deemed to be, surely it is to the interest of honest persons to know this fact, because the dishonest are tolerably certain to apply the knowledge practically; and the spread of the knowledge is necessary to give fair play to those who might suffer by ignorance.

It cannot be too earnestly urged that an acquaintance with real facts will, in the end, be better for all parties. Some time ago, when the reading public was alarmed at being told how London milk is adulterated, timid persons deprecated the exposure, on the plea that it would give instructions in the art of adulterating milk; a vain fear, milkmen knew all about it before, whether they practiced it or not; and the exposure only taught purchasers the necessity of a little scrutiny and caution, leaving them to obey this necessity or not, as they pleased.

        -- From A.C Hobbs (Charles Tomlinson, ed.), Locks and Safes: The Construction of Locks. Published by Virtue & Co., London, 1853 (revised 1868).

I don't understand why disk tumbler locks haven't gained popularity in US. In Scandinavia, due to harsh environmental conditions, all house locks are this type. They are practically unpickable (you need pro tools) and you still will leave break in marks. Well... people are fools and it's marketing dollars which matter.

From http://www.crypto.com/papers/notes/picking/

Disk Tumbler Locks

Some high security locks, such as those manufactured by Abloy and Abus, use round disk tumblers that are rotated into position by a specially designed key bitted with angled cuts corresponding to each tumbler. These locks are unusual in not requiring springs on the individual tumblers and are therefore especially well suited to outdoor use under extreme conditions. In the United States, disk tumbler cylinders are used primarily for padlocks situated in harsh environments, especially by public utilities and railroads. They require special picking tools to manipulate the tumblers and apply torque.

is so they can let people know their HILARIOUS counterfeit mattresses joke.

Keys are a tried and tested, secure and relatively intelligent way to secure a house.

Sure, mechanical locks are secure.

I would hate to be locked out of my house because of a power cut

Something I would hate more is if a power cut made me lose my work on the computer. I would love to invent a power supply that couldn't be interrupted. I'd call it an Uninterruptable Power Supply, or UPS for short. Wonder if I could patent the idea?

battery charge doesn't last forever

rfid doesn't have batteries, it's powered by the scanner.

Phillip.

If you have a secure system somewhere, you can use CFS, an encrypted filesystem, to store your passwords for various other systems. Then you can memorize a good password for the CFS system, and refer to it if you forget the password you're using for some other system.

This is fairly secure as long as the system CFS is accessed from is not compromised with a key logger. It has the advantages of paper, but with the capability of accessing it from remote with ssh. It also has the bonus of being harder to lose and easier to back up than a bunch of paper, and the backups of CFS are unreadable without the password, unlike extra paper copies.

Our old story on VoIP Wiretapping

Interestingly in U.S., there are serious legal restrictions on the use of wiretaps by police agencies. The Supreme Court has consistently held that wiretaps qualify as searches under the Fourth Amendment.

Article on related topic of Open Internet Wiretapping: Carnivore

IETF (Internet Engineering Task Force) policy on wiretapping which says: The IETF restates its strongly held belief, stated at greater length in [RFC 1984], that both commercial development of the Internet and adequate privacy for its users against illegal intrusion requires the wide availability of strong cryptographic technology.

Another issue: Is Dialing Into a Conference Call an Interception?

Hey all --

Sorry to have submitted a dupe. I don't read the NYT, and I saw this via a somewhat esoteric web site, and when it wasn't up on today's /. already, I figured it hadn't been submitted. My bad for not reading /. yesterday ;^).

Anyway, the obvious thing to do is see what domain names Avi and cohorts have registered recently, to see what they will obliterate next.

If this guy hooks up with Matt "Locksmiths ph33r my 7eet sk1llz" Blaze (linkage) it will be rather amusing.

On a serious note, why don't these firms just hire Avi, Ross Anderson, or Markus Kuhn up front, and save embarrassment and retooling?

I would rather have a locksmith check my locks to make sure they're safe, rather than a burglar breaking down my door and stealing all my valuables. I can learn the same lesson much more cheaply with the former.

You mean one of the locksmiths who got pissed off by Matt Blaze's paper in which he exposed the shoddy security practices in the locksmithing industry?

Picking a Bramah lock is quite possible, but requires some specialized tools.

Argh. Teach me to be lazy when citing companies. I meant Medeco , purveyer of lock cores to the DOD. And mul-t-lock, which seems to be at least a tad harder to pick than a conventional lock.

The lockpicking talk is scheduled for Saturday morning
The lockpicking talk is given by Matt Blaze. I was lucky to attend his talk at my university. The paper he presented is avalable here.
Not only was his talk educational, it was very entertaining. He actually brough some "tools of trade", and had an interactive demonstration of master key picking. It was fun.

The lockpicking talk is scheduled for Saturday morning
The lockpicking talk is given by Matt Blaze. I was lucky to attend his talk at my university. The paper he presented is avalable here.
Not only was his talk educational, it was very entertaining. He actually brough some "tools of trade", and had an interactive demonstration of master key picking. It was fun.

Well, I'm not sure if this is a mirror or the primary, but anyway check this out: Munitions - cryptographic software for Linux.

At home w/ SuSE I use cryptofs, but if you don't have SuSe here's something else that looks pretty good (And I think OpenBSD has this one too)-- CFS. I think there are actually a lot of options out there for you, just look around through Google.

Funny thing is that Matt does talk about a company called Crypto.Com, Inc.

Is Eurotech related to these guys, or is something really fishy here? :)

While it is certainly possible to easily implement file encryption at the user/application layer, I disagree that it should be. Matt Blaze pointed out a number of reasons why in his CFS paper back in 1993.

..if you do want disk-at-a-time encryption, StegFS strikes me as a better choice

StegFS is a neat concept; the only drawback there is the huge performance hit -- besides, the goal of stegFS isn't necessarily to support encryption; it is meant to support plausible deniability of file ownership, and those two goals are very different.

As you suggest, a distributed, global (federated) identity would make this all a lot easier and work a lot better. Persistent profile information is powerful and offers many advantages to citizens, corporations and all those middlemen, but can lead to serious privacy abuses if the information is not securely - and absolutely - controlled by the profile owner.

The fact that global identity is so valuable has not escaped the eye of marketing departments everywhere, and there are several projects aimed at establishing global identities for consumers. (Note that I say "consumers" here rather than "citizens" as the systems being designed generally only see you as a consumer and nothing more. Therefore, since there's nothing to buy on Slashdot or Poliglut, you probably wouldn't exist on those systems.)

There are two main problems with the currently proposed systems: Passport, designed by Microsoft, is a wholly centralized system. (The only thing good about this is that your profile data in Passport is not in danger of being bought by Microsoft!) The other system is Project Liberty, a system being put together by a scary consortium of BigCos. EPIC has a good, short paper on the privacy considerations of Liberty here.

There's a new group in this area working...

...to create the world's premier electronic system for individuals and organizations to interact commercially, socially and personally, while providing every entity with control of its information, identity, and relationships consistent with healthy communities.

So where does one go? First, of course it has to be open source. PGP's web of trust, Ron Rivest's and Carl Ellison's SPKI/SDSI, and Matt Blaze's Keynote all offer secure local name spaces and even integrated trust management systems. (Thought I had forgotten about your original point, didn't you?) We're nearing completion of a requirements specification and hope to have an initial implementation by years end. And this is being done mostly by volunteers, as there's no money (yet).

BTW, one of the most difficult problems facing federated identity systems such as Liberty is how to get all these BigCos to work together. We're following Chaordic approach that, like the Visa payment system, melds simple but powerful global unilateral agreements (Principles) with local control of agreements that control inter-group relationships.

By the way, that paper (referenced in Schneier's last Crypto-Gram) about privelege escalation with physical pin tumbler locks is here.

If anyone wants to read the actual article that Matt Blaze Wrote. It can be found here.

Really interesting stuff, however, as others have said, it really is only common sense. That is probably why no one has written a paper about it before.

Show me your publication record before you call Matt Blaze an egghead. If it's this long I may bother to consider your opinion.

Cryptographer Matt Blaze (of AT&T),previously known for cracking the backdoor of the vaunted 'clipper chip' has submitted a publication to the IEEE journal "Security and Privacy" which demonstates that given an ordinary building key (like your office key or one borrowed for the rest room) you can get 'root' access to the entire building (i.e. a master key) with no more that about 30 guesses and $2.00 at the hardware store, and typically much less than that.

The crack works on virtually all locks and was inpsired by parallels to cryptographic analysis, reducing the search from exponential to linear, and exploiting 'key" generation weaknesses. Virtually all master-key locks are vulnerable.

There is also a story on the front page of the nytimes covering police verification of the threat including giving the instructions to a 15 year old.

Cryptographer Matt Blaze (of AT&T),previously known for cracking the backdoor of the vaunted 'clipper chip' has submitted a publication to the IEEE journal "Security and Privacy" which demonstates that given an ordinary building key (like your office key or one borrowed for the rest room) you can get 'root' access to the entire building (i.e. a master key) with no more that about 30 guesses and $2.00 at the hardware store, and typically much less than that.

The crack works on virtually all locks and was inpsired by parallels to cryptographic analysis, reducing the search from exponential to linear, and exploiting 'key" generation weaknesses. Virtually all master-key locks are vulnerable.

There is also a story on the front page of the nytimes covering police verification of the threat including giving the instructions to a 15 year old.

RC4's "goodness" is very dependent on how it is used. Many of the attacks on WEP would work as well regardless of the stream cypher used; the problem was the poor implementation (e.g. the integrity check, weak key generation, small IV space). See, e.g. (In)Security of the WEP algorithm.

The "Weaknesses in the Key Scheduling Algorithm for RC4" paper (PDF or Postscript) also describes significant attacks on RC4. However, RC4 can be used in other ways; example would be to use RC4 output bytes as successive keys to a block algorithm (e.g. DES, or multiple DES with a separate key for each); there are other ways to use a stream cypher output in more secure ways.

Either the NSA can factor or it can't. If they can, then using modern encryption doesn't really burden them. If they can't, then no amount of ass-kissing and not using encryption is going to let them break the encryption of the terrorists who are going to be using REAL software without the government-mandated backdoors (murder is illegal too; did they respect that law?).

Think they just need a few more computers and a few less messages to sift through? You need to do a little more research about modern crypto. We're talking about things like the heat death of the universe happening before all computers in the world could finish factoring numbers that large (if factoring is "hard").

Outlawing encryption will not have any effect on these people. They don't respect our laws. The only effect will be to break the security of on-line transactions (over SSL for example). Backdoored schemes are broken schemes. A panel of a dozen great minds in the industry have already shown this: Rivest, Schneier, Diffie, etc. Read the paper here.

If you want stable and safe on-line transactions, you don't want the government mandating backdoors in encryption products.

I want to stop terrorists as much as the next guy, but let's thinks about measures that will actually HELP US DO THAT before acting. Things that are inconvenient and intrusive don't necessarily increase safety.

He didn't crack any encryption, he merely showed a real world implementation of someone elses work using cheap hardware ($100 linksys wireless card based off the Intersil Prismn II chipset). They used this card because much the card is done in software and it had a Linux driver that could grab raw WEP encrypted packets.

And just to add my contribution to the "someone else thought of it first" bandwagon, see my dissertation, available online here, which I believe anticipated what we now call p2p by at least five years. (Ironically, of course, this file is still available only via plain old http, from my not at all p2p centralized server...)

The paper that described the flaw in Clipper is at http://www.crypto.com/papers/eesproto.pdf. It was published at the 1994 ACM security conference.

You'll need to devise your own shell scripts to serve as a key manager etc.,this is a raw Unix component similar to 'dd', rather than a swiss-army-knife application like PGP.

-E

1. Statement for the Record on Internet and Data Interception Capabilities Developed by FBI presented by Donald M. Kerr, Assistant Director FBI Laboratory Division to the House Judiciary Committee's subcommittee on the Constitution.
2. The Carnivore System: the FBI's own report on it.
3. Open Internet Wiretapping: a paper by Steve Bellovin and Matt Blaze.

Several documents on the Carnivore system and what it does:

1. Statement for the Record on Internet and Data Interception Capabilities Developed by FBI presented by Donald M. Kerr, Assistant Director FBI Laboratory Division to the House Judiciary Committee's subcommittee on the Constitution.

2. The Carnivore System: the FBI's own report on it.

3. Open Internet Wiretapping: a paper by Steve Bellovin and Matt Blaze.

Two corrections: the correct date of the hearing is, of course, Monday 24 July (at 1pm in Rayburn 2141), and the un-adulterated link to my written testimony is http://www.crypto.com/papers/openwire tap.html.