Slashdot Mirror
New Crypto-OS
gormanly writes: "m-o-o-t is a new open-source cryptography project begun to defeat the R.I.P. Act here in the U.K. "and make it look silly". The project aims to ship a new BSD-based OS on a bootable CD, which will disable all local storage and store encrypted user files in remote "data havens," split and hidden in random data for deniability. The government can't even know a user's sending e-mail, much less store it for 7 years." It's a nice idea, but right now, that's all it is.
CPS does have abusive powers, and stomps on everyones constitutional rights..
CPS: Why would you object to CPS, we are here to protect the children... You must Have something to hide! We are taking your children, please file some paperwork to see them.
(Does this sound like the RIP Act? You are automatically guilty...)
You want secure email? You must be a terrorist..
You want mp3s? You must be a pirate...
You spank your kids? Your a child abuser...
You are pro-choice? Your a baby killer...
Welcome to the Nanny State, let the government spoon feed you..
and yes, I am stupid ;-) Boy I feel dumb eheh
Also, I wanted to mention that one of the things that disturbs me so much about this RIP act, is that I communicate with many people in the UK both personally and professionally and I don't like that communication to come at the cost of my personal privacy, by having my own data logged into Big Brother's records.
---
seumas.com
If you don't think classic works of fiction such as 1984 contain very real warnings about the real world we inhabit, you're a moron.
If you think that just because there were good (or at least not bad) intentions behind a certain piece of legislation, that piece of legislation won't be abused at some point, you are also a moron.
In other words, if you agree with the above post, you are a moron.
Mr. Atrwoe, of course, is a troll, not a moron.
So what does one say to the people that decry "You oppose the RIP act, so therefore you support pornography/child abuse/whatever" ?
They are using the accusation as a way to stop you arguing with them. It means they are not interested in a rational discussion. They are only interested in "being right" by killing off any opposition to their narrow point of view. "Mess with us, and you'll get branded a child molester".
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
Recently the UK news reported about a children's home run by child molesting 'social workers'. So we know things are 'complicated'. Given we know the world is a complicated place, do ordinary people sitting in their homes think that they will personally become more safe with less privacy? Stalkers can already find out where you live etc. -- do you want them knowing more, because they've got access to a cracked government monitoring system? Will you feel safer when some weirdo sends you a transcript of a personal email you sent to your girl/boyfriend, (thanks to the efficient recording of all communications)?
People may say, "stop muddying the issue!", but that's my point: We're so used to thinking in simple either/or ways, that 'we', generally speaking, lack the ability to think in terms of systems of systems, compexities, side effects, combinations of effects, and possible and supposedly 'impossible' outcomes.
But if you want a simple answer from me, it's: I blame the schools.*
* It's where most programming takes place. I say fix the bugs in the source.
> In my experience, those of you who "really care about privacy" are the suicide bombers, hackers, and child pornographers of the world.
You've really had experience with suicide bombers, hackers, and child pornographers? Wow, I've had a sheltered life then compared to you! I've only met hackers (that's hackers, not crackers, which is a whole different argument).
It's not only important what's on the mind of those proposing legislation (although that is important), it's what the legislation says, and how it can be used.
I can think of several cases where I personally value privacy that are entirely above board:
- I'm involved in contract programming, and need to be able to share source code securely, and I don't trust any government agency to have access to it for whatever reason (what if it 'leaks'?).
- I'm a political activist. While I've done nothing illegal in that regard, I would be very uncomfortable about having every move monitored by a government that is essentially hostile to much of what I support - it would stifle communication. The present government will not do anything to harm me, but if something were to happen here like Nazism or McCarthyism (anti-Greenism?), I'm not too keen on archives being used to declare me a menace to society,
- I'm don't like any more than necesary of my personal information getting into the hands of the big corporates. They'd only use it to try and sell me things.
Now, if all monitoring could be guaranteed to be used only for a narrow intended purpose, was completely secure, and the collection agency was completely trustworthy, my only objections would be philosophical. Unfortunately, very few or no organisations live up to this.
Oh one last thing - it might be argued that that monitoring can be done anyway, without legislation. At least in that case, I do have some legal recourse (whatever that is worth). A while back, someone took the SIS to court for illegally breaking into his house.
Don't even say it.
I already feel so dumb.
(Always read the WHOLE blurb!)
Kevin Fox
Kevin Fox
Crypto-OS can and would destroy and regenerate the sshd private key periodically, like every hour. This is SOP for ssh. The sshd private key is not retained on the client side and is never transmitted in the session.
Spooks can analyze that wiretapped session until forever, even after seizing the user's machine, and there is no known way to extract the plaintext version of the session.
What you are discussing, in monitoring that A talks to B is called "traffic analysis", and encryption does nothing to get around this - HOWEVER, there ARE ways around traffic analysis. Some examples?
1)Blind drops - Things like the anon news groups - Let's say that you want to send a message to Mary. Mary KNOWS to check the drop, say, every other day for a message with the subject:
98hy45hj9ljh (which is changed every time inside the encrypted message)
Mary downloads the message (and probably a BUNCH of others - EVERY message in the drop works ) Now all they have is that you posted a message out to the drop. It'd be really hard to figure out everyone who downloaded that message from every usenet server in the world.
Another way to make traffic analysis harder is to post "Noise". You send out email to a random n% of you mailing list (and probably some to people who have NO idea who you are). Most of these emails don't contain anything but random noise Your contacts are doing the same. Now you want to send an email - You put your real email into the cue, and the next time that person comes up in the n%, you put your message in, instead of the mail. Now you could also force the message to be in the next batch, BUT if you do this often, you start to end up with a non random pattern that can be cracked
Another way around this is a DC net - I wish someone would finally get one of these working
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?
Because banning some of these just isn't politically correct and banning most of the others would be virtually impossible.
There's the concept of the slippery slope. One step down justifies the second step; using something akin to induction, the Nth step justifies the N+1 step, etc.
So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals.
More to the point the initial violations probably don't actually do much to either protect children or stop criminals.
But the easy political option is then to take away more rights rather than question the dogma that taking away rights helps...
That's like saying that you should ban cars because bank robbers use them to escape persecution.
Or paper, telephones, post, shoes, etc, etc. Just about any device or methodology ever invented can be used for criminal purposes. The concept of a "crime" is in itself an abstract concept...
I think it's a fair principle that government should only invade an individual's privacy in the event that they have reason to believe it will yield proof of a crime. It does not make sense for the government to invade 100% of the population's privacy in order to prevent crimes committed by less than 0.1% of the population.
very few (if any) governments have the support of 99.9% of their subjects. The number of people unhappy with some aspect of a government is much greater than the number of criminals. However the people doing the monitoring are likely to be so paranoid they have difficulty telling the difference between a criminal and someone excercising the freedoms of a democratic society. e.g. someone who thinks the current laws about drugs are nonsensical being regared as a drug dealer...
One way to prevent crime would be to have the government keep everyone's money and to have all transactions of said money be cleared by some agency (of course, this assumes somehow this agency is immune to corruption).
If the agency were to involve humans then corruption is certain anyway.
In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b
Why risk police with a real criminal gang when it's safer to arrest people on made up charges.
Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.
Also remember that they were never charged with high treason either.
How can logging all communications prevent terrorism unless those communications are processed for content?
This isn't even about monitoring all communications. It's about monitoring some types of communication. A terrorist can quite easily use alternatives...
No, actually, you did. No matter how much you hide the data, no matter how much you encrypt the data, no matter how much you shuffle data around, it still doesn't change three basic facts:
1. The data has to get to your PC somehow for you to use, manipulate, or deal with it in any way.
2. The data which comes to and goes from your PC has address headers on it.
3. The cops don't have to cryptanalyze the packets, or even know what's in them--they just have to know that you're sending traffic they want to monitor.
As soon as the cops start taking a specific interest in you and what you're doing, you need a hell of a lot more than crypto and obfuscation. It doesn't matter if they're using one-time pads in a cryptographically perfect fashion; this entire system is fundamentally busted.
"In Germany, the Nazis came for the Communists, and I didn't speak up because I wasn't a Communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me, and by that time there was no one left to speak for me."
attributed to Martin Niemoller
Gov.uk can still take it over if they wanted, no one is going to make a fuss, just like when the US invaded Grenada, no one cares whether its actually legal or not, the best way I have found so far of defeating the RIP Act is Rubberhose, the website is here and if you're too lazy to click the link heres the synopsis -
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.
Any sufficiently advanced man is indistinguishable from God
<a href="http://www.sealandgov.com/">Sealand</a ><p> ;<p>
<a href="http://www.havenco.com/">HavenCo</a>
I have about 50 floppies with random stuff on them. According to their methodologies, my data is one step towards being secure.
...until one of those floppies dies. Then I will sorely miss that unknown data.
EverCode
As long as the party in the UK is communicating in good faith, you can do the communication so that it cannot later be revealed to a third party even if the data was sniffed and the person in the UK reveals their keys.
i.e. If the communication is encrypted and sniffed in the UK, and then the person you were communicating with gives up their keys, the text of the communications still can not be decrypted. Check out the Paranoia link in my sig.
Mike.
Tales from behind the Lagom Curtain
I see a lot of people softly admitting that this is probably too much protection for any law abiding citizen, and only needed by criminals. Perhaps. I see that there are a few technical issues with the system, but there are political ones I would rather bear out now.
There are plenty of people throughout history who were criminals, some of whom were spied on by their government, such as MLK. With current trends, there undoubtedly will be uses for encryption by activists in the future.
Remember, a criminal is someone who breaks the law. Well, what is a good citizen to do when most of the laws are patently unconstitutional? Become a criminal, if they're really serious about democracy. Note that I'm not talking about Napster and other BS that Slashdot drones typically view as civil disobedience. There are much more important issues in the world, and it's important we take into account that there are people who fear for their lives because they act in accordance with beliefs which most of us share.
The only way to keep government even remotely just is to confound it at every turn with encryption, red tape, and other confusion. It certainly won't happen in McCongress or the Supreme Court w/ Cheese.
Move your laptop or other high-confidentiality computer into a "container" (form-fitting skin, box, closet, or even a small room) covered in copper mesh. The only cables passing through the mesh should be 8-gauge 12VDC power cables and fiber-optic ethernet. The only data entering or leaving on the ethernet is encrypted. No high-frequency RF data will enter or leave on 8-gauge DC power cables.
Problem solved. Cost, about $250 if you buy the copper mesh and AC-DC conversion hardware new, or a fraction of that if you can find everything as surplus or scrap. The FOTs (Fiber Optic Transceiver) are the expensive part.
Or about $25,000 if you are a US Federal agency :-)
I do not deploy Linux. Ever.
The scarey part is though the uk can try to go back and say that sealand belongs to theim
Read the Sealand website. Sealand is located in international waters. England has already tried to take the land back since they occupied it during the second world war. The case went to the supreme court and England LOST. The country is free of English jurisdiction.
-----
"People who bite the hand that feeds them usually lick the boot that kicks them"
Higher Logics: where programming meets science.
Here's what you reply:
If you dropped a nuclear bomb in the middle of every large city in the UK, that would reduce pornography/child abuse/whatever too, wouldn't it? I'm guessing that now you think we should all do that...
And see what the think of it. Then explain to them that the RIP act allows the UK government to jail those that it dislikes for totally arbitrary reasons. It lets law enforcement do the same... And you can't even tell anyone why you've been imprisoned without facing even stronger sentances.
-RickHunter
It's unfortunately only logical. With modern technology, it becomes increasingly possible, almost simple for governments to monitor their citizens completely, every minute of their lives. The society described in 1984 is positively lax and free compared with what is possible (but too expensive to bother doing - yet) right now. It is only logical that the same technology would also be used to develop methods to counter this threat.
The illegal we do immediately. The unconstitutional takes a little longer.
--Henry Kissinger
"And courts in the USA would probably support this idea, but in the UK there is no Bill of Rights (constitutionally at least) to protect its citizens from the government. "
I`m not sure actually - we (in the U.K.) recently incorporated the European Human Rights Act into UK law, which protects you from having to incriminate yourself, so a test case regarding the handing over of keys would be interesting.
I think it's justified to not trust a government that is disarming the populace and simultaneously arming it's police officers with guns for the first time.
Maybe the state's highest function is to grind out insoluble problems. (Zelazny, Hall of Mirrors)
>Anti government paranoia is downright unamerican.
Saying that, you must not BE an American, or perhaps you are a troll.
Anti-government paranoia is one of the MOST American things. The US was founded by people who were pissed off at ol' King George, and afraid of the future he would create for the Colonies.
The Founding Fathers even put some really, really radical stuff in the Constitution to protect us from the government -- this is the reason for the 2nd Amendment (that's the guns one, for you non-Americans).
One of the FFs, I think it was Jefferson, said something like, "Government is like fire -- a wonderful servant but a fearful master." I have probably misquoted it, but the essence is there, and it is an incredibly insightful statement.
We SHOULD keep an eye on the government. It is the nature of such institutions to aggregate power, to exert always more control -- and citizens need to be ever vigilant to keep that in check. When the citizens get lazy, or complacent, they start to lose freedoms for "the greater good."
That may be true, but fortunately, the constitution arguably agrees that the government does not necessarily have that right. Aren't your personal files which you created and stored on your computer the product of your own mind? And since the fifth amendment allows you to refuse to testify against yourself why can't you refuse to divulge the contents of your disk by simply pleading the fifth. Even if the argument were that the computer is simply evidence and that a court order requires you to turn it over how can the court order you to turn over the key which you argue might be incriminating? I realize that this is all academic in Britain but in the U.S. I think you could simply refuse to divulge your key on this basis and it would make for a very interesting Supreme Court case. Also to anonymous coward who posted: "The laws in this country are just, and created by the public will. Anti government paranoia is downright unamerican." Does this include the RICO laws? Anti government paranoia is quintessentially American. In fact i'd say it nearly defines 'American' particulary when contrasted with European viewpoints. But for anti government paranoia we would have Europes socialist structure. No, this wouldn't be all bad, but we wouldn't be nearly as competetive as we are today. Hooray for anti government paranoia!
What some people have said so far looks really good. I'd like to add my own bit. (I haven't given this before so it coupd probably be worded better.)
Let's say you trust the government, the police, the IRS and social services, etc etc. For sake of argument, let's say they're not corrupt in any way and will not misuse the information they hold about you in any way whatsoever.
Given that you trust them and through some magic it's been proven that collected information won't be misused or abused, and it will stop the child molesters and terrorists and make the world safer and more prosperous for everyone.. why shouldn't they be allowed to do this?
The simple answer in my mind is What About Tommorrow?
The problem with any sort of legislation is that it's much easier to put in place than it is to remove. What is there to guarantee that 30 years from now, corrupt people won't get into social services and run their own child pornographer's ring, for example? What is there to guarantee that a corrupt police officer - who isn't even born yet - won't abuse her privilege of having access to information about everyone?
Exactly what information can be collected and everything it might be used for is up to the imagination. The point is that once in place, legislation is very hard to tear down. It seems to me that the lawmakers are making it for today, assuming they know the system today, but without putting due consideration into what could potentially happen tommorrow.
===
Ever heard of Sealand? It's a defunct Anti-air base formerly of Britain's that's actually in International Waters.
Apparently, some guy moved in a few years back, declared it a separate country and proceded to set up secure data stoarage as the country's biggest (and only) industry.
Can I get a link to back me up on this? I don't have one handy
Averye0
--o You're just jealous cause the voices talk to me and not to you! o--
Why did the Members of Parliament make RIP Act LAW? They do not understand the consequences of it. To say they are ignorant is an understatement.
They believe any rubbish that they are told by their 'advisors'. By questioning it they think they look stupid.
By not doing so, it makes them look more dumb. They are imbeciles in the extreme.
Perverts and terrorists will find a way around these measures. Direct connected encryption or even blinking sending child porn CDs over postal service.
Only an idiot would believe the massive infrastructure that Government introduce is for monitoring these few thousand people. It can only be for spying on the masses. What about the law of presumed innocence?
People do not realise what is possible. The increase in processing power grows daily. As are storage costs coming down. This will be the same as having somebody watching everything you do. All your finances available for them to check - heaven help you if you cannot account for every penny when they check on your taxes. All your personal emotions in private emails, your fears about health worries and your personal quirks in web-sites you visit. All your inner-most secrets will be open to them.
With New Labours Newspeak (having to use the word 'investment' instead of 'spending') and this RIP Act - Big Brother has finally arrived.
skilful.com
1) More than likely, no one other that the intended recipient would want to read my e-mail, and
2)If they did, I have nothing to hide.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
From my understanding of the proposed monitoring system in Britain, all electronic communications travelling across the Internet will be archived. I don't think the intention was for the government to read messages sent to my girlfriend. The goal of this project is to help prevent terrorism and provide evidence needed to convict hackers/criminals.
It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
1)Keeping multiple sheets of paper together, and
2)Affixing stamps to.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
My karma is capped. I need some incentive to post insightful comments again.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
It's not the flexible kind though.
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
Not a foolproof one, by any means, but an answer none-the-less
There's the concept of the slippery slope. One step down justifies the second step; using something akin to induction, the Nth step justifies the N+1 step, etc.
So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals. Well, why not a little bit more to stop hate-groups? Then a little bit more to stop the insane. Then a little bit more to stop the disgruntled office worker with a gun. Then a little bit more for the kid who always gets beat up after school, and trying to find a gun. And a little bit more for the guy trying to find some booze and drugs for his party...
To address your statement, privacy is worth more than very many things. There will always be situations in which privacy is discarded (police search and seizure, warrant to enter, wiretap, etc), but on general grounds, any rights we have, once we give up, cannot generally be taken back without a fight.
The argument against RIP is essentially that of innate rights and protections. In the US, at least, any right not enumerated by the Constitution or Bill of Rights is automatically granted to the people, or something like that. In otherwords, a right need not be explicit for it to be afforded protection and observance.
I mean, the police services and such, in our best interest, want to protect us. That I can understand. The govt, I'm not so sure I trust, but let's give them some leeway. They can feel free to fund technology to decrypt, decode, decipher, and hack away at the security systems... but to intentionally allow a flaw in the system? Then what's to stop the not so scrupulous peoples from taking advantage of this? What's to stop the criminals?
Geek dating!
GPL Deconstructed
You're right, most people do prefer security to possibility, freedom, and excitement ^^
I did make as a parting comment the fact that someone not so scrupulous, who had access to this data, becomes the most feared and dangerous person around.
Geek dating!
GPL Deconstructed
Ok, I've visited on their site and this is my take. I wouldn't touch it with a barge pole - if it makes RIPA look silly then it may serve some purpose, but not as a viable secure platform. Their entire approach is flawed in any case, good security should be built into all platforms, you shouldn't have to consider changing for what ought to be such a basic facility.
This is very naive. You do not 'defeat' laws in code any more than you make crypto impossible by legislation. The two systems are completely orthogonal.
The law is not an attack on any protocols, it is a response to using those protocols if anything. You should also see the Snake Oil Warning Signs FAQ where it warns specifically against mud-slinging against existing or competing techniques.
I rather suspect that had this site had anything to do with established cryptographers whose opinions I trust (well, I can't find the m-o-o-t team members' names anywhere on the site ("We aren't exactly secret but some of us don't want to be identified") so I'll keep a very reserved judgement on their credentials), it would be spelled slightly better. I've no idea what methods of shorthand typewriting have to do with secure computing platforms... (They get it right on a different page, to be fair.)
This will potentially sabotage security, not improve it. Assuming they use strong, time-tested, public algorithms, it is still possible one could suffer a fundamental break tomorrow. Unlikely, but possible. Or next week, or next year. If back-up algorithms are used and implemented well, users should not even be aware of the back-up algorithms. One would also hope that no serious security implementer would suggest using 'export grade' ciphers, the fact that they believe this is possible is worrying.
The usual Dramatis Personae are Alice, Bob, Mallory etc. I've not seen any serious paper referring to 'Plod' and suspect it's just randomly offensive on their part. Their appeal to authority ("cryptographer's term") is bogus.
Don't believe this - it won't work.
*choke*. So they're going to get it right first time, with absolutely no implementation errors possibly leading to security compromises. I wish they'd publish a paper on that alone, because it beats anything anyone has come up with in 50 years of software engineering research. (Hmm. If you can't trust the update how can you possibly trust the original?)
The system also relies on you trusting your PC, and also possibly the data havens to some extent. We've already seen a story this week about the FBI installing bugs within the keyboard itself - other parts of the system can be similarly sabotaged with almost no chance of detection by the user - this is probably what any clued up LEA would want to do if they knew strong encryption was being used. Remember, if the end-point hardware has been tampered with all bets are off, for any security system.
There is so much more, I could go on all day. The possibility that they might want to make money from this (but are considering using a Free OS, which they might not want you to make copies of - no wonder they don't want to be identified) is mildly interesting. Frankly they could as well be part of a multinational government conspiracy, but rather than get excessively paranoid I think I'll just assume they're seriously misguided.
This is my World Wide Web of Whatever
As much as the need for complete security and privacy demands it, This moot-thingy just ain't gonna happen. First of all, it relies on external data-havens to store information. While there are many technically feasible ways to make this happen, it's not going to unless someone in a neutral country or Sealand just *gives* you a hell of a lot of diskspace and bandwidth.
Even if such data-havens exist, their service by definition will only be poor, sporadic, and prone to failure.
"Where's that subversive novel/treatise/pr0n I was writing on my m-o-o-t acount?" Oh, I'm sorry. One of the datahavens that was storing a chunk of your novel was raided by the FBI. Your data was not recovered but it *was* destroyed.
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
The government of Great Britian has now announced that in addition to storing all digital traffic across the internet for seven years, it will begin begin storing copies of all regular postal mail and phone conversations that are currently distributed through their country. The increased public safety resulting from this program, which will no doubt aid in catching and prosecution of evil doers is welcomed by all upstanding members of society.
If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?
The answer? -- it's easier to take away another man's liberty than your own.
---
seumas.com
It's easier to hide in a city than a village.
Encrypt everything. And send more bogus messages than real ones (a 10:1 ratio seems right).
The idea is to swamp the snoopers so that they cannot keep up. It should be easy: there are more of us than them.
The biggest worry for liberty is that any law that requires one to give up a key that exists only in your head erodes the right to not self-incriminate and the right to silence. (Both rights are, I believe, much weaker in the UK than elsewhere.)
I read the title, "New Crypto-OS" and I thought Wow! An operating system centered on cryptographic principles. That's so cool and temporally relevant!
It could support a PGP encrypted USB and digital video interface for disabling tempest and keystroke attacks. It could be built to only support SSL, SSH or other wise secure TCP/IP protocols, possibly some kind of ISP program through Anonymizer (or anyone, really).
Just think, a system based on the principle that the only place cleartext exists is on the CPU (and other minute pathways between crypchips and rasterizers, logic elements, etc...
But no, it's just another open source project for people to mess with... Sigh.
Kevin Fox
Kevin Fox
while I don't want people to be able to pry on my files if I don't want them too, I also don't want to need to be on a network 24/7 just so I can access my files.
They say that they'll pay for data havens from a small purchase price. That's usually unworkable, since you need to keep on getting new buyers all the time, meaning more storage-> more cost->more buyers->more storage->ad infinitum.
So, for a sustainable service you either need to pay a data haven(s) yourself, or pay a subscription fee to m-o-o-t.
On top of that you'll need a pretty quick connection, since (if I understand correctly) all your user files will be on the network somewhere (data haven). Costs are gonna get pretty high, pretty quick.
I really don't see how this is going to help them. The UK law says that the governemnt will monitor and store all internet traffic for seven years as well as be able to demand files / PGP keys from citizen's computers. This system still relies on the internet to transport your information to and from the data-haven. The boys at Scottland yard will still have access to your files as they travel though the ether.
-----------------
Then again, Moot is (or will be) an OS.
Sincerely,
Vergil
Vergil Bushnell
Insects and Grafitti Photos
just out of curiousity, where are these "remote data havens"? Your data can only be as secure as where it is stored.
-MSD.dyndns.org
FWIW this does not strike me as a well-conceived project. They plan to deliberately exclude a whole bunch of useful comms software (like PGP, web browsers) because they don't meet their rather artificial standards of security. They claim "all existing protocols are insecure", which is not the mark of someone with a clue. Oh, and they think they can charge for it - see the FAQ. I do not believe they will build a product that will be useful to anyone.
/.!)
(and the "pro" thing? I've been a pro for less than a month but I couldn't pass up the opportunity to crow about it on
--
Xenu loves you!
I don't think this is true. If I was trafficking child pr0n, I wouldn't think "ooh, I might have to give up my passwords one day, so I'll just send everything unencrypted now instead". Come to think of it, I wouldn't give my passwords away to the police if and when they raided me - better to get charged under RIP than to get caught trafficking child pr0n.
So genuine criminals won't change their behaviour because of this new law. The only people likely to be affected are the innocent, or those who have committed minor offences (illegal music copying?).
perl -e 'fork||print for split//,"hahahaha"'
"We take away the governments means to see the criminals encrypted data, then we can take away their (lawful) means of breaking the lock to the drawer where they keep their kiddie porn, then we take away their right to interfere when they suspect a child is being molested, all for the sake of 'priiiiivacy'"
And don't go with that old "those who forsake a little privacy..." quote.
Privacy matters less to people than safety. Period.
You'll have to convince them that the sacrifice of privacy that goes with RIP et al actually makes them *less* safe. Get the picture into their head of a criminal (perhaps a child molestor) with access to the governments data files. Get them to think about a dishonest cop who knows *their* darkest secrets and is coming for *them* and their *children*.
Fight fear with fear.
All opinions are my own - until criticized
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
The problem I have is that, Prima Facie, the argument for RIP is a lot more convincing than the argument against.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
If you're not doing anything wrong, you shouldn't have anything to worry about?
Bullshit. B-U-L-L-S-H-I-T.
In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b
This is the way all law enforcement has worked since the dawn of society. This is the way that law enforcement always will work. This is the reason why U.S. prisons are full of non-violent drug users while murderers and rapists are frequently given shortened sentances due to overcrowding.
Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.
Even if something *is* illegal, that doesn't make it wrong. Here's one for you DMCA ranters: If you use DeCSS to crack your DVD's to play under linux, you have commited a crime by circumventing the encryption on the disk. Is that wrong? Is it immoral? Will the FBI or RIAA come down on your ass if they find out?
Large-scale disk storage and access is easy and cheap. If you think that U.K. law enforcement can't easily run a grep or equivalent on the whole mess they've collected and look for people who have discussed DeCSS, then you are quite sadly mistaken, and probably deserve what they'll do to you when they bust your ass on airy charges.
First, the RIP act requires that communications be archived for seven years, draconian penalties for refusal to hand over decryption keys, etc., etc. Let's ignore the fact that the RIP probably violates the EU's human-rights agreement, of which the UK recently signed acceptance--after all, the UK seems to be ignoring it.
So. Communications must be archived for several years, with decryption keys available on request. Supposing we had some ultrasecure OS which encrypted absolutely everything out there, as well as as much of the TCP/IP packet as is possible. That basically leaves only the address field and routing information unencrypted.
Now we have a person using this machine, A, to communicate over a fundamentally insecure network (the Internet) with machine B. The authorities think that either A or B want to be doing something un-American (err--un-British?) like, I don't know, sharing the recipe for Colonel Sanders' secret blend of herbs and spices. What do the authorities do?
They start listening on the machine, of course. So what if every packet is encrypted--they can still look at TCP/IP headers and discover where the packets are going. If, in fact, it turns out that packets are going out addressed for B, then that's a pretty clear sign the machines are communicating. Suddenly, B gets a knock on the door and a warrant served, and told to hand over those conversations "oh, and don't tell A a word of all this".
That only covers direct peer-to-peer connections, though. The naieve counter to this is that relayed connections, such as email, are immune to this because they don't get sent directly to the target machine. Well, maybe... but that just means there are more points of failure for the authorities to exploit.
Even something as dramatic as establishing an IPsec connection with a mail relay in Seahaven wouldn't be proof. The American government seems to think that using encryption is evidence of malfeasance (see the recent story about the FBI using a keysniffer to defeat PGP). The British government, which is even more behind-the-times than the American government when it comes to encryption, will probably take it as evidence of high treason, or something similarly melodramatic and groundless.
If they can tell a judge, "look, milord, this bloke 'ere's got hisself a highly encrypted network with a rogue nation-state that's know t' be a haven f'r data pirates", the judge will probably spend all of three seconds before deciding that yes, you're a threat, and you really ought to hand over your decryption keys just so the government can be sure.
In other words, this solves nothing.
To every social problem, there is a technological solution which is hip, cool, sexy and broken. This is it.