Slashdot Mirror
New Crypto-OS
gormanly writes: "m-o-o-t is a new open-source cryptography project begun to defeat the R.I.P. Act here in the U.K. "and make it look silly". The project aims to ship a new BSD-based OS on a bootable CD, which will disable all local storage and store encrypted user files in remote "data havens," split and hidden in random data for deniability. The government can't even know a user's sending e-mail, much less store it for 7 years." It's a nice idea, but right now, that's all it is.
If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?
The answer? -- it's easier to take away another man's liberty than your own.
---
seumas.com
It's easier to hide in a city than a village.
Encrypt everything. And send more bogus messages than real ones (a 10:1 ratio seems right).
The idea is to swamp the snoopers so that they cannot keep up. It should be easy: there are more of us than them.
The biggest worry for liberty is that any law that requires one to give up a key that exists only in your head erodes the right to not self-incriminate and the right to silence. (Both rights are, I believe, much weaker in the UK than elsewhere.)
I read the title, "New Crypto-OS" and I thought Wow! An operating system centered on cryptographic principles. That's so cool and temporally relevant!
It could support a PGP encrypted USB and digital video interface for disabling tempest and keystroke attacks. It could be built to only support SSL, SSH or other wise secure TCP/IP protocols, possibly some kind of ISP program through Anonymizer (or anyone, really).
Just think, a system based on the principle that the only place cleartext exists is on the CPU (and other minute pathways between crypchips and rasterizers, logic elements, etc...
But no, it's just another open source project for people to mess with... Sigh.
Kevin Fox
Kevin Fox
We have the same in America, a government agency called CPS (Child Protective Services). CPS does have abusive powers, and stomps on everyones constitutional rights..
The interesting question is does it do this just because it can or to draw attention away from it's failures?
I don't think the intention was for the government to read messages sent to my girlfriend.
Neither was the intention of the German census for Hitler to be able to find all the Jews. Your comments are incredibly naive. If you've never heard all the arguments and reasons why, then I suggest you do some reading. EPIC and the book 1984 would be a good start. If, on the other hand, you've heard all the arguments and still have a bubbly-eyed adoration and faith in your government, then go be the first on the block to voluntarily install a telescreen in your bedroom, but leave us who really care about privacy alone.
--
while I don't want people to be able to pry on my files if I don't want them too, I also don't want to need to be on a network 24/7 just so I can access my files.
They say that they'll pay for data havens from a small purchase price. That's usually unworkable, since you need to keep on getting new buyers all the time, meaning more storage-> more cost->more buyers->more storage->ad infinitum.
So, for a sustainable service you either need to pay a data haven(s) yourself, or pay a subscription fee to m-o-o-t.
On top of that you'll need a pretty quick connection, since (if I understand correctly) all your user files will be on the network somewhere (data haven). Costs are gonna get pretty high, pretty quick.
I really don't see how this is going to help them. The UK law says that the governemnt will monitor and store all internet traffic for seven years as well as be able to demand files / PGP keys from citizen's computers. This system still relies on the internet to transport your information to and from the data-haven. The boys at Scottland yard will still have access to your files as they travel though the ether.
-----------------
Then again, Moot is (or will be) an OS.
Sincerely,
Vergil
Vergil Bushnell
Insects and Grafitti Photos
just out of curiousity, where are these "remote data havens"? Your data can only be as secure as where it is stored.
-MSD.dyndns.org
FWIW this does not strike me as a well-conceived project. They plan to deliberately exclude a whole bunch of useful comms software (like PGP, web browsers) because they don't meet their rather artificial standards of security. They claim "all existing protocols are insecure", which is not the mark of someone with a clue. Oh, and they think they can charge for it - see the FAQ. I do not believe they will build a product that will be useful to anyone.
/.!)
(and the "pro" thing? I've been a pro for less than a month but I couldn't pass up the opportunity to crow about it on
--
Xenu loves you!
I don't think this is true. If I was trafficking child pr0n, I wouldn't think "ooh, I might have to give up my passwords one day, so I'll just send everything unencrypted now instead". Come to think of it, I wouldn't give my passwords away to the police if and when they raided me - better to get charged under RIP than to get caught trafficking child pr0n.
So genuine criminals won't change their behaviour because of this new law. The only people likely to be affected are the innocent, or those who have committed minor offences (illegal music copying?).
perl -e 'fork||print for split//,"hahahaha"'
I value my privacy as much as the next guy, but this seems a bit extreme to me. Is it really worth all that effort just to make sure no one is reading your mail?
Like other posters suggested.. I think you need to read some books, and 1984 is a good start. You must be young, or incredibly naive.. I'm not an old geezer, but I understand power. My history teacher in high school way back when used to have a huge poster above the board. It said: "Power: It ain't for the givin', it's for the takin'". Those in power will do anything to further it. It's a theme that has been played out since the beginning of recorded history. Do you know what power is? It's the ability to control YOU, the lowly serf. That doesn't sit to good with me.
It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes
There's another very famous quote about police dictatorships not being built up overnight. Not everyone values information and free thought the way the average person here on /. or kuro5hin might. If the populace is trained to accept blatant violations of their personal freedom - for instance, random searches in schools, gradual introduction of monitoring cameras in common areas - then eventually you can get total control. And that prospect scares the living shit out of me. I'm not even an american, but the whole concept of the United States of America was to devise a system whereby the people could be guaranteed freedom from this - the founders of that nation were very wise - and look at what has happened under the guise of "protection" from terrorists, drug dealers, insert-evil-guy here.
People need to wake up and start to take responsibility for their lives and their freedom. Maybe we need a major war every generation. Watching friends die bloody violent deaths might wake a few people up about the true costs of freedom and make them think twice when those freedoms are given up for "protection".
Arrgh, this must have been a troll, but I'm cranky and half in the bag. Get GPG while you can.
..don't panic
"We take away the governments means to see the criminals encrypted data, then we can take away their (lawful) means of breaking the lock to the drawer where they keep their kiddie porn, then we take away their right to interfere when they suspect a child is being molested, all for the sake of 'priiiiivacy'"
And don't go with that old "those who forsake a little privacy..." quote.
Privacy matters less to people than safety. Period.
You'll have to convince them that the sacrifice of privacy that goes with RIP et al actually makes them *less* safe. Get the picture into their head of a criminal (perhaps a child molestor) with access to the governments data files. Get them to think about a dishonest cop who knows *their* darkest secrets and is coming for *them* and their *children*.
Fight fear with fear.
All opinions are my own - until criticized
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
The problem I have is that, Prima Facie, the argument for RIP is a lot more convincing than the argument against.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
There is no
If you're not doing anything wrong, you shouldn't have anything to worry about?
Bullshit. B-U-L-L-S-H-I-T.
In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b
This is the way all law enforcement has worked since the dawn of society. This is the way that law enforcement always will work. This is the reason why U.S. prisons are full of non-violent drug users while murderers and rapists are frequently given shortened sentances due to overcrowding.
Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.
Even if something *is* illegal, that doesn't make it wrong. Here's one for you DMCA ranters: If you use DeCSS to crack your DVD's to play under linux, you have commited a crime by circumventing the encryption on the disk. Is that wrong? Is it immoral? Will the FBI or RIAA come down on your ass if they find out?
Large-scale disk storage and access is easy and cheap. If you think that U.K. law enforcement can't easily run a grep or equivalent on the whole mess they've collected and look for people who have discussed DeCSS, then you are quite sadly mistaken, and probably deserve what they'll do to you when they bust your ass on airy charges.
First, the RIP act requires that communications be archived for seven years, draconian penalties for refusal to hand over decryption keys, etc., etc. Let's ignore the fact that the RIP probably violates the EU's human-rights agreement, of which the UK recently signed acceptance--after all, the UK seems to be ignoring it.
So. Communications must be archived for several years, with decryption keys available on request. Supposing we had some ultrasecure OS which encrypted absolutely everything out there, as well as as much of the TCP/IP packet as is possible. That basically leaves only the address field and routing information unencrypted.
Now we have a person using this machine, A, to communicate over a fundamentally insecure network (the Internet) with machine B. The authorities think that either A or B want to be doing something un-American (err--un-British?) like, I don't know, sharing the recipe for Colonel Sanders' secret blend of herbs and spices. What do the authorities do?
They start listening on the machine, of course. So what if every packet is encrypted--they can still look at TCP/IP headers and discover where the packets are going. If, in fact, it turns out that packets are going out addressed for B, then that's a pretty clear sign the machines are communicating. Suddenly, B gets a knock on the door and a warrant served, and told to hand over those conversations "oh, and don't tell A a word of all this".
That only covers direct peer-to-peer connections, though. The naieve counter to this is that relayed connections, such as email, are immune to this because they don't get sent directly to the target machine. Well, maybe... but that just means there are more points of failure for the authorities to exploit.
Even something as dramatic as establishing an IPsec connection with a mail relay in Seahaven wouldn't be proof. The American government seems to think that using encryption is evidence of malfeasance (see the recent story about the FBI using a keysniffer to defeat PGP). The British government, which is even more behind-the-times than the American government when it comes to encryption, will probably take it as evidence of high treason, or something similarly melodramatic and groundless.
If they can tell a judge, "look, milord, this bloke 'ere's got hisself a highly encrypted network with a rogue nation-state that's know t' be a haven f'r data pirates", the judge will probably spend all of three seconds before deciding that yes, you're a threat, and you really ought to hand over your decryption keys just so the government can be sure.
In other words, this solves nothing.
To every social problem, there is a technological solution which is hip, cool, sexy and broken. This is it.