Nasty Bad Men Are Using Encryption

ruebarb writes: "It appears that Osama Bin Laden and the majority of the Slashdot community have something in common - they love that free encryption! Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities. The article is available at cnn.com -- Expect the usual political outcry and demands for restriction of encryption technology to follow shortly hereafter" And an unnamed correspondent writes: "USA Today has this report about how terrorists are using encryption to distribute secret mayhem instructions via the internet. Gee, you think? What do you think -- is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?" In related news, several of the major news networks are reporting that innocent-looking newspapers and circulars have been employed to form the ransom notes used by notorious kidnappers; calls to ban newspapers on that ground may face some opposition from extremists, but will no doubt soon reach the legislature.

Um, you *can* get the PGP source

It's always been available through the MIT distribution site: http://web.mit.edu/network/pgp.html Yes, even v6.5.8 is there.

It's also been obtainable in book form since 2.6.2 (hell if I know where to find it, but it's out there somewhere). That's how the international PGP versions came about; the book was exported (working into a loophole in U.S. crypto export laws) and later OCR scanned and compiled to create the PGPi releases. Of course it's not necessary anymore since the crypto laws were laxed, so the source can be exported in digital form to the international team; no more need for the book scanning chicanery.

Let me get blunt for a second...do you honestly think that Phil Zimmerman, after enduring that IRS/FBI-molded crucible for five years over releasing PGP to the masses, is going to bend over and let these government gestapo bastards compromise it? There are very few people I respect more than PRZ for staying his course through that flood brought against him. The fact that people even suggest that he would fold is appalling and offensive to me (and certainly to him as well). And believe it or not he *does* still decide what lives and dies with PGP, even since it's been absorbed by NAI. PGP is just as secure as it was back then (although, sadly, not as *stable*...but that's not his fault, blame corporation-demanded feature creep for that...)

Re:Ordinary folks usually are not terrorists

> These people will not only follow all their
> religious beliefs, they will follow those
> beliefs to the exact letter.

While I don't have any personal experience with Islamic fundamentalists, I do have experience with Christian fundamentalists of the 'bomb the abortion clinic' type, and my experience has been that they are *not* 'to the letter' followers of their chosen path. The guys I've known have been interested in porn, one's daughter accused him of molesting her (sorry, I don't know if there was a conviction), I've known those who cheat on thier wives, etc. I think to assume that any religious terrorist will follow every tenant of their faith, even when not (knowingly) being watched, is a dangerous assumption. It may simply be that their 'transgression' is forgiven by their god (in their estimation) because of the 'greater good' of their actions -- or not, I'm not a psych by any means, but in the case of Christian Fundamentalists, to assume that they will completely follow their religion as written would be incorrect.

That said, I think you have a good point about harmless pictures, but then, I don't claim to have a great deal of understanding of the way those folks' brains work, and apparently, neither do you (no insult, just that what you said completely contradicts my experience)

Log file of secret CIA hack of Bin Laden's website

telnet osama.users.mindspring.com
Opening 207.69.212.32...Connected

Xenix 6.66
Login: root
Password: allah

# ls /usr/bin/laden
bomb
doom
extort
gas
kidnap
nuke
quake
wolf3d
# rm -rf /usr/bin/laden
# echo "htmlbodyh137337 (1@ 4@X0R WUZ 433R/h1/body/html" /home/httpd/doc/index.html
# ^D

Re:why?

hey, what website do you think they were using as a gathering place?!!

You don't really think all those first post penis birds ate my balls were script kiddies, do you? Why do you think /. doesn't archive anything below (score:1) ?!!

A little known fact is that all those links to the reciever are not all the same picture !! They stenagraphically encode secret bombing plans in there!!

And I shudder to think about what "ALL&nbsp YOUR BASES&nbsp ARE&nbsp BELONGING&nbsp TO&nbsp US!" implies!

effectiveness of regulations

[David+Jao]

encryption regulations would restrict less well-financed criminal operations.

No, they wouldn't.

Gnu Privacy Guard is a very popular, well known, open source and free software e-mail encryption program available from Germany. Exactly how would US encryption regulations affect anything done in Germany?

Key escrow sounds very nice in theory but how in the world do you propose enforcing its use by international terrorist groups? Even the most poorly-financed terrorist group has free access to Gnu Privacy Guard which obviously has no key escrow capabilities.

US laws regulating encryption have the distinct disadvantage that criminals and foreigners (the very two groups the US is trying to control) are not bound by them.

The REAL reason this is coming up!

[freddie]

The spooks need an excuse to spend their days browsing through pr0n! Just like the cops have to look at pr0n to find pedophiles, so does the CIA, to find terrorists. It's not for pleasure of course, they're just looking for "hidden messages"

Re:The REAL reason this is coming up!

[phaktor]

Monday's todo list

8:00 - Mrs P. L. Anderson.
9:00 - Miss June.
10:00 - Nerv Gas
11:00 - Debbie (in Dallas)
12:00 - Lunch

Wow I wish I had that job :)

Re:forget encryption...

[MonkeyBoy]

Are you sure it was the CIA?

Mac zealots could have been right all along - the same people phasing out Macs for PCs "because most people use them" may have started up your program.

Re:forget encryption...

[MonkeyBoy]

Sure, it's trivial for americans to decode english backwards. But them thar forang langwedges shur ar hard tu deecohd!

tuahel srev relffuos el ruop rios ec fuen a nogatnep ua suov-zessinueR

*** NEWSFLASH *** Osama Bin Laden Breathe Oxygen !

[Taco+Cowboy]

*** NERWSFLASH ***

The latest news from INTELLIGENT SOURCE is that the terrorist Osama Bin Laden breathe OXYGEN !

Yes, the SAME OXYGEN that all the NON-terrorists breathe !

Sources from the INTELLIGENCE also said that they will lobby the congress to support their proposal to BAN OXYGEN, for that is ONE VERY EFFICIENT WAY to KILL Osama Bin Laden !

For ONCE, the United States Of America, the ONLY FREE COUNTRY in the world, must take the lead to WIPE OUT ALL THE TERRORISTS, and we can start by taking out Osama Bin Laden.

Repeal the 1st and 4th Amendments

[shanelenagh]

Prediction: There will soon be a bill presented in the legislature to repeal the first and fourth amendments.

The bill will be titled "The Terrorism and Child Molestation Prevention Act of 2001".

shane

Re:Here's why the public doesn't care

[AviN]

People can save 14 cents by not using an envelope. It's called a postcard. See http://pe.usps.gov/text/dmm/r100.htm#Xfz79519.

Re:Need a key escrow?

[KyleCordes]

Ah, but not all crypto is so obvious. Take your message. Compress. Encypt with arbitrarily strong crypto. Spread it across the low order bits of a picture. GIF compress. Send.

Somewhere I read of web site about various means to hide the transfer of data.

Regarding terrorists, it would seem more important to stop them from *doing* bad things, rather than to listen to them talk about it. For that matter, if they are going to do something very bad, why talk about it over the internet at all?

Here's why the public doesn't care

[198348726583297634]

They don't want to think the government is out to get them. (hint: it probably isn't.)

The public at large will never embrace encryption because the public at large is not anti-authoritarian, is not confrontational, and is definitely too lazy to be bothered with something "just because it's a good idea." I'm no government shill, but it's silly to expect your neighbor to believe you when you say, "Encryption is the backbone of something-something blah blah and that's why you should use pgp for every email you send."

People have different priorities. Your priorities are not the world's, nor are they even the "best" for an ideal (eg, safe, free, beer-filled, whatever) world.

Encryption just doesn't matter that much.

Random thoughts:
-encryption is not like putting a letter in an envelope for mailing, because the envelope doesn't protect the contents of the letter so much as it contains them from the rigors of mailing. If people could save 15c by not using an envelope, they probably would.
-living in a safe world _is_ a good thing, for those of you who are about to suggest that no freedom is worth giving up for safety. Anyone who hasn't been mugged or assaulted on the street may sit out of any discussion about the value of a safe world.

Re:Here's why the public doesn't care

[lizrd]

They don't want to think the government is out to get them. (hint: it probably isn't.)

You're right of course. For the vast majority of us there really isn't anyone who's out to get us. But that doesn't mean that there aren't certian things that we would rather keep private. Furthermore, it makes a big difference when the government starts telling you what you can and cannot write.

Encryption just doesn't matter that much.

Encryption matters a lot. It's not the encryption itself that matters but the fact that I want to have the choice to communicate privately in whatever form I see fit. I reserve the right to write letters in Latin (a language unreadable by many) or in ROT13 or PGP encrypted. The point isn't about the encryption but rather it's about telling me how my personal communications must be conducted. It's true that I rarely hit the encrypt button on my mail client, but I insist on having that choice.

encryption is not like putting a letter in an envelope for mailing, because the envelope doesn't protect the contents of the letter so much as it contains them from the rigors of mailing. If people could save 15c by not using an envelope, they probably would.

It's true that envelopes do offer some benefits that aren't necessary for e-mail. With an e-mail there isn't the need to bind together various documents inside a paper wrapper. On the other hand, it would be fine with the post office if you were to use envelopes made of transparent bond but no one does that. In fact a great many people use security envalopes which have printing on the inside to make it difficult to see what is inside the envalope without opening it. Your argument about people being cheap and unwilling to pay for the security that envalopes provide is baffling to me. People do save 14c by sending a post card rather than an envalope via the US Postal Service. In addition, they save another 2-7c by not buying an envelope in the first place.

living in a safe world _is_ a good thing, for those of you who are about to suggest that no freedom is worth giving up for safety. Anyone who hasn't been mugged or assaulted on the street may sit out of any discussion about the value of a safe world.

Of course living in a save world is a good thing. I doubt that there's anyone here who will argue with that. My question for you is how will restricting people's rights in anyway work to reduce street crime? My contention is that it simply won't. Overall, it would seem that there are more ways in which we will be vulnerable to crime without access to encryption than if it is not avaliable to the law abiding.
_____________

As If

[grappler]

As if it would be remotely possible to, starting today, keep encryption out of the hands of terrorists.

Need to Outlaw Encryption

[Nickbot]

Well after reading this article I'm quite certain they should outlaw all encryption. Then all criminals will stop using it and start turning themselves in to the police.

After that, we need to work on legislation that will allow cops to take the pee out of a swimming pool.

Re:gov't intervention is worth it

[rark]

No, key escrow is not reasonable.

It would be reasonable if I trusted the government -- and I use trust in the same sense as 'trusted host'.

Risks of Key escrow

1. government using keys to decrypt data of mine (or anyone's) for political reasons -- think it can't happen in the U.S.? The FBI has no issues with putting people in prison on trumped up or blatently false charges for political reasons, why not decrypt the data of people who they have political beefs with? Surely they can find *something* (even if it's just tax mistakes) to put you away for, at least temporarily.

2. use of key escrow to read data that *is* illegal, but is saving people's lives -- Remember, this is the same country that put japanese people in concentration camps two generations ago. I'll argue that it's better to keep the option of resistance open, in case it is needed

3. someone could steal the keys. we're talking the U.S. Gov't here. Their track record on computer security is worse than corporate america's -- and it's not like CA's is stellar!

Also, key escrow doesn't solve for the problem: Terrorists communicating in ways that intelligence agencies can't crack. There's no guarantee, short of world escrow, completely enforced (meaning that *every* time non-escrowed keys are used, everybody involved gets punished) that would keep terrorists from using non-escrowed keys. The chances of that happening are infintesimal, esspecially when technical issues are taken into account (i.e. stenography -- how can you enforce a all-keys-escrowed policy if you're not sure what's even encrypted). Even if that happened, that doesn't stop the more classic (and even more difficult to foil) strategies.

Risks (plenty) vs benefits (none, really, taking into account the difficulty of enforcement)

Best evidence against need for stricter laws

[sterno]

This perfectly illustrates why we don't need to have restrictions on encryption. Let's think about this situation and the facts that we know:

1) The US government is certain that Bin Laden is a backer of terrorists (enough so to bomb sovereign countries).

2) The US government has enough evidence against 4 men to take them into court and prosecute them as terrorists.

Seems to me that they are getting by fine regardless of the encryption. I mean if the encryption was such an issue, how would we have any information about these people? Traditional intelligence gathering and detective work are not dead because of encryption.

---

Dang Propaganda

[itsjpr]

The G-folk have been trying to use "scary porn" as a reason we need to hand over our rights. That didn't seem to be working, so now they've gone to planting articles like the one at USA Today. Let's show a picture of something that will fright all true-blooded, upstanding Americans--a crazy Arab terrorist!

This story is full of sources with questionable motives regarding security and the free exercise of liberties around the world: the FBI, our AG, "expert" panels, and "independent" Israeli "think tanks". Come on, how dumb does the American population look?

That dumb, huh?

How can we ever hope to combat that kind of propaganda?

At least I'm getting closer to a "Successful Slashdot Submission." -- AC #5.

On the other hand . . .

[loon]

> When used in moderation any technology can be a good thing.

Even instruments of torture?

It's difficult to imagine an iron maiden, a rack, or Windows9x/2000 being put to "good" use.

Re:On the other hand . . .

[SunCrushr]

The rack could be used to wind twine into rope. The iron maiden could double as a wardrobe. Windows 9x/2000. Well, ya got me there...

Re:Remember wiretapping is (relatively) new ....

[fireant]

Just about 100 years ago the cops couldn't tap phones to solve crimes, there weren't any

I'm a nitpicker...

March 10th of this year will be the 125th anniversary of that historic incident in which A.G. Bell spilled acid on himself and proceeded to convert his voice into an analog electrical signal that traversed a wire and alerted Thomas Watson to his plight.

So actually there were quite a few phones 100 years ago. I don't know about the history of wiretapping, though. :)

Re:To borrow from an old saying...

[Darren.Moffat]

When encryption is outlawed only the countries that really have free speech will have it not the one that thinks it does ;-)

Re:PGP and backdoors

[Darren.Moffat]

All fine except that the source for most versions of PGP is available for viewing.

Re:Do-it-yourself at home, too! #2

[Smallest]

and here's one that lets you use BMP, TIFF, PCX, etc.
<p>
<a href="http://www.smalleranimals.com/stash.htm"> http://www.smalleranimals.com/stash.htm</a>
<p>
-c

Re:Good news. Follow my logic and understand why.

[nEoN+nOoDlE]

among others

Re:Does he really exist?

[nEoN+nOoDlE]

according to the X-Files, it's Saddam Hussein that the US drags out when they need to push an agenda... they hired him cause he plays a mean Henry V.

Re:"Nasty Bad Men Are Using Encryption"

[SEWilco]

Solution: Nasty Men made illegal.

Lying in the press?

[Mock]

Here's a very interesting excerpt from the USA Today article:


Here's how it works: Each image, whether a picture or a map, is created by a series of dots. Inside the dots are a string of letters and numbers that computers read to create the image. A coded message or another image can be hidden in those letters and numbers.

They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read.


Bad privacy groups! Don't you know that you just download PGP and then it will automatically add the super secret terrorist map to the "dots" of the picture?

I wonder if my JPEG viewer can decode the extra words in the "dots"?

Re:forget encryption...

[CoderDevo]

Maybe they encrypted it with a Tom Mix decoder ring? ROT13 anyone? Do you really think this kind of decryption is processor consuming?

why?

[ff]

Why do you say Osama Bin Laden is a bad man? Do you know him personally?

Re:why?

[sirinek]

I cant say that I know him. Does he read ./ too?

siri

Re:as a //

[Losifer]

I believe there's a strong difference here, but it's possible that I'm not being completely objective here. When you encrypt something, you're just denying other people access to that information. The information might be good, bad, neutral, a recipe for lima bean soup, whatever. All you're doing is making sure nobody but it's intended recipient has access to it. When you have a gun, however, the only thing you're going to do with it is shoot something. In my view, this is inherently harmful (I don't condone hunting and I don't support the death penalty). Of course, if only the government has guns, then the government can oppress us with greater ease. So I guess my now-offtopic viewpoint is that all guns should be destroyed.

THE NEW BOGEYMAN

[COMMIERAD]

It would seem that "terrorism" (i.e. war waged by the powerless against the powerful is the new bogeyman for the state ruling class to take away our individual and collective fredoms.

Fight the Power!!!

Please tell me you're not serious

[DzugZug]

Do you really think that if our government intercepts a message in arabic we cant read it? Do you consider spanish to be an effective method of encryption?

FBI Agent: Boss, we just intercepted this measage from Osama but it's in arabic.

FBI Supervisor: Well then there's nothing we can do. I hope it wasnt important.

So what?

[jcr]

There's nothing wrong with Bin Laden that a plain, old-fashioned bullet from a mossad sniper rifle couldn't fix.

If he'd been doing this fifty years ago, he'd be using couriers and one-time pads. He's got the money, and the motivation.

The real long-term solution here, is to engineer a crash in the worldwide oil market, so that rag-head assholes like Bin Laden have trouble coming up with the money to buy a firecracker, much less a soviet nuke.

-jcr

How does the saying go?

[scarbelly]

When encryption is outlawed, only outlaws will use encryption...

Re:forget encryption...

[ghoti]

While writing backwards might be a bit too simple, what about some permutation scheme that works on the whole text prior to encryption? Maybe controlled by a second key? That should make most attacks pretty hard or unusable. Any comments on that by somebody who knows a bit about cryptography?

umm...

[romco]

"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper.

Two things here...
1. The Intelligence, law-enforcement and military communities are always going to have a problem with people of any kind having private information.

2. Using the word "Intelligence" in the same sentence with law-enforcement or military is just plain silly.

What is the agenda here?

[waveman]

The article states they they have been able to break the crypto. I personally assume that since they removed the export barriers on 128 bit crypto they can break it.

I suspect that all this carry on is to make people think they are safe to use PGP, when in reality they probably are not. So people will use PGP and get their messages decoded.

The bottom line is if those people want to find out what you are saying they will. Even if they have to park a van out the front of your house and watch your screen and read your mouse clicks.

One can also assume, based on known past practices, that the US uses their crypto capabilities to obgain commercial advantage for US companies by feeding them information obtained from cracking secret commmunications.

The guy can get rockets, etc.

[Shanep]

He can get rockets, guns and explosives without crypto, so what the hell could stop him getting an OpenBSD CD set?

Does the US media actually beleive that all the Worlds crypto is made in USA?

Banning crypto now is not going to make the CD's and systems of all the "bad guys" just disappear or stop working.

I would'nt be surprised if he had Russian and US crypto hardware at his disposal.

What's he gonna do? "Oh US crypto is a munition again, I better not break any international laws and aquire some!"

Banning crypto will ONLY prevent law abiding people from getting or using it.

Re:Need a key escrow?

[Introspective]

Which government ?

Frankly, the US government can pass legislation until it is blue in the face, it won't make any difference to how the rest of the world is using strong crypto.

Some of the worlds best crypto was developed in Europe ( Germany, Finland, etc ) and released as freeware. It is unlikely that any US legislation will have any affect on the development and circulation of these systems.

Wait a fucking minute

[haggar]

Nobody was saying "ban the free encryption/software". These are only conjectures (not necessarily valid) about how terrorists use these tools to communicate. don't be so fucking protective. Relax, damnit!

Yeah, thanks so much!

[diablovision]

Sure. Bin Laden is such a great guy! Thanks a bunch Binny! *pat on the back*

no kidding

[staeci]

quick outlaw it so law-abiding citizens start using it

what a croc
--
Steve Jobs: We're better than you are.
Bill Gates: That doesn't matter.

Re:no kidding

[staeci]

that should read ' so law-biding citizens can't use it'
--
Steve Jobs: We're better than you are.
Bill Gates: That doesn't matter.

Re:NASTY BAD MEN ARE USING CHEMISTRY

[AtrN]

No. But lighting farts in public would be allowed with a $5 permit.

Terrorists ate my computer.

[Doctor+Dark]

Here's how it works: Each image, whether a picture or a map, is created by a series of dots. Inside the dots are a string of letters and numbers that computers read to create the image. A coded message or another image can be hidden in those letters and numbers.

Well, I got a magnifying glass, and it didn't help, so I looked at my screen with a microscope. It's true! Each dot on the screen contains strings of letters and numbers. And each of those characters is made up of dots... Who knows what those could contain? I think I saw a plot to elect an idiot somewhere...

Playfair slashdot

[threaded]

snoax nqsqw qodqh svpml toyix zaowo ukvgn xtode hndhn xlhah qokxx dewbu

bin Laden's Code brocken!!!!

[wharfrat]

In prevois posts in slashdot by bin Laden as 'Anonymous' he says.... :

"Ixne on the low-upba"

The cypher is still rough but it seems to mean something about Natalie Portman running a beowolf cluster of goatsex?

To borrow from an old saying...

[KilobyteKnight]

When encryption is outlawed, only outlaws will have encryption.

Re:Uh oh

[Tye]

Rocks and clay can also be used in encryption.

Re:But it WILL extend Osama's jail term when caugh

[Lord+Kestrel]

He probably wouldn't be killed even if he WAS caught in the US. Most states are so afraid of execution, that they never actually execute anyone anymore. But then again, with Bush as President, Osama may actually get executed if he was here.

---GEEK CODE---
Ver: 3.12
GCS/S d- s++: a-- C++++ UBCL+++ P+ L++
W+++ PS+ Y+ R+ b+++ h+(++) r++ y+

Re:forget encryption...

[repete]

Bad men use encryption, let's ban encryption. Bad men use weapons, let's seel them some weapons (they kill each other, and we laugh all the way to the bank...) ... Other bad men does 'CENSORED' stuff to kids - let's ban the kids ... ... I don't get it. Can the world be so simple that terrorism can be stopped by banning encryption ? I don't think so - could'nt we start off by banning terrorism, and see how it goes ?

Re:Ordinary folks usually are not terrorists

[graphicsboy]

hey guys, im a Muslim, and an Arab (Palestianian). I think you guys make strong points. I personally dont think there is anything to keep the bad guys from using any means necessary to get messages & info accross "enemy" lines. I think in thier head, they are at war, so they (whoever they are) would use anything they could. This goes for Muslim , Christian, or Jew. At the same time, I usually take anything in print (electronic or otherwise) with a few truck loads of salt. -marwan

Bin Laden's views...

[Schnake]

It's hard to understand Bin Laden's views when you're a citizen of the country he hates, just like it's hard for Microsoft employees to imagine the concept of open-source.

A few hundred years ago, Christians gathered together and went on the Crusade. And then in more recent times, the Jews have taken over Jerusalem. And now the Muslims just want to reclaim it back, without denying Christians and Jews rightful privilege to worship in their Holy places in the region.

Re:Good news. Follow my logic and understand why.

[rosewood]

Dude - there was that one episode of Tale Spin where Baloo who couldn't spell had to write in the sky with the smoke stuff - You think Baloo is on the fringe? Eat at joes man -- EAT AT JOES!

Re:Bin Laden using chat rooms

[rosewood]

lmao Giggles

War On Drugs Targets Tech

[Broadcatch]

And in a related story: "The 120-page December 2000 International Crime Threat Assessment report - created by basically every federal law enforcement agency in the U.S. - is riddled with examples of how computer technology has advanced the cause of national and international crime. Modern telecommunications and information systems, state-of-the-art communications equipment, computers - they're all to blame."

--

Re:Remember wiretapping is (relatively) new ....

[Gis_Sat_Hack]

Umm - I seem to recall that Napoleon set up an incredibly extensive system of semaphore towers on hilltops that spanned his empire at it's peak.
Tales abound of young officer's versed in the secret art of 'pointy stick' messages being set up for blackmail or worse. Evil revolutionaires would actually hide in barns and spy on govt comms.
-imagine.

Re:Cat out of bag, horse long gone from barn...

[Gis_Sat_Hack]

Custom built, special purpose, analog computing engines built 50 years ago had the edge on speed until about the second pentium chip.
Deep Blue(?) the chess computer was built out of custom chips that specialised in chess evaluations.
DSP chips can perform several loads, scalar multiplications, additions, stores & modular indexing increments PER CLOCK CYCLE.
I imagine if the NSA wanted to crack a code (PGP), they would custom design a chip with it's basic low level operations corresponding directly to low level 'crack' operations && then go massively parallel.

Re:reasonably competent ...

[Gis_Sat_Hack]

agreed - 50 heads followed by 50 tails is first order statistically 'good', though just a tad predictable.
The generator I referred to is good for crypto & good for other app's also.
Thanks for the reference, I tend to prefer less applied and more generalised texts on algebra , fields, groups, combinatorics, spaces & topologies.

reasonably competent ...

[Gis_Sat_Hack]

I'd expect a reasonably competent programmer to read prior art, there's a wealth of material, both theory & code in many places. Knuth for one.
I'd also expect a reasonably competent programmer to testbed a random number generator and all other modules both seperately and in gestalt.
Wouldn't you ?

I believe the last random number generator I wrote is still in use as one of several alternate generators in a library used by the local maths dept. modelling group.

Re:reasonably competent ...

[silicon_retina]

If you are interested in testing your random numbers, our "anti-crypto" government has conveniently provided all of the necessary mathematical tools: http://csrc.nist.gov/encryption/tkrng.html

Re:reasonably competent ...

[crucini]

You can be a competent or even excellent programmer without being a good cryptographer. Many of the fundamental ideas of cryptography are non-obvious to programmers.

I believe the last random number generator I wrote is still in use as one of several alternate generators in a library used by the local maths dept. modelling group.

Perfect example. It's possible (in fact common) to write a PRNG which is quite good statisticaly while being quite poor cryptographically. A large LFSR is an example. Read Schneier's

• Applied Cryptography

for more.

Re:Blatant FUD-mongering

[Gis_Sat_Hack]

mod this comment up, please.

It's a point often forgotten, some good people in the world AREN'T actually white american middle class 'christians'.

perhaps use of encryption makes you a suspect

[Rather+do+it+myself]

And perhaps "they" just want to keep the average joe from using encryption so as to keep the background noise low. If encrypted messages were the norm how much harder would it be just to pick out the suspicious senders.

Re:Need a key escrow?

[belroth]

Hopefully only for those on US soil....

----

Re: Nasty Bad Men

[atgrim]

Normally I would agree with that. However, this IS the Federal Government we're talking about. They have proven their tendencies towards total control (or attempted control) many many times in the past. IMHO, not just "something" should be done. If we let our Gov't "Just do something" about it, then we give up more of our rights and freedoms.

What I want to know is....

[ctucker]

How much 'research' did it take to discover this? I know I'll sleep a lot better at night, knowing the fearless freedom fighters at the FBI (and other 'law enforcement officials') are forever surfing pr0n and doing battle in the sports chat rooms to save me from those nasty evil terrorists. Come (hehe) to think of it, I'd like to volunteer to help! Where do I sign up?
Dibs on the Natalie Portman stuff!

Seriously, prediction #1: the goal here is to generate the hysteria necessary to make private encrption illegal, or #2: the 'enemy' of the next 4-8 years will continue to be facile computer users and/or programmers. The good news is that the War on Hackers is going to be fought by the same people who lost the War on Drugs.

Re:Need a key escrow?

[SimCash]

"Criminals, of course, simply won't obey the law. Duh."

Gee, you sound like a big fan of the 2nd amendment. That's the refrain they sing when gov tries any gun control.

Of course, as with criminals and guns, the correct answer is not "Make encryption illegal", but rather, "kill terrorists - no excuses". The question is - are international terrorists entitled to the protection of the US Constitution? I don't think so.

The Constitution is a covenant between Citizens of the USA and the government of the USA, the rest of the world feels it does not need to follow those rules (e.g., consider modern day slave trade in Europe, Africa and Southeast Asia), and they are correct to feel that way. On the other hand, they are not entitled to Article 4 (due process) protection either. As we arrogantly said in the 60's, apply 4-F status:

1. Find 'em (not easy)
2. Feel 'em (are they open to dialog, probably not)
3. Feck 'em
4. Forget 'em.

i saw him the other day

[siokaos]

irc.2600.net as #emmanuel Let's get him!!!

Encription's physical world analogy

[jaylubo]

Gee, do you think criminals also use locks on the doors of their hideouts?

Perhaps some legislation to ban door locks as well, because the scary criminals are using them to do bad deeds behind closed doors.

It's a simple choice.

[DevilEye]

What's more important? Your privacy online, or the lives of millions? I'm willing to sacrifice a few tools in order to stop Al Qaeda, especially given the proven effectiveness of that organization.
Besides, if you have something you really want to keep secret, maybe the net isn't the best place to put it.

-NDE

Re:Does he really exist?

[spagthorpe]

Exactly.

WWJD -- What Would Jimi Do?

Dumbshit politicans need to think it through.

[Robber+Baron]

I don't understand... Even if one banned the export of encryption from the USA, whats to stop someone such as the above mentioned gentleman from aquiring encryption software from a non-American software provider? What, do they think that no-one else is bright enough to write encryption software??? Another thought: Whats to stop one of his "friends" from burning him a CD and mailing it to him??? I know, I know thats illegal, but in case you haven't noticed these guys are already criminals!!! If Bin Laden or the Mob or anyone else wants encryption, an export ban is hardly going to stop them. That's right up there with my country's (Canada) recent dumbshit politician firearm registration legislation. Yeah right, all the criminals are going to rush down to the police station and register their guns. We don't need legislation restricting encryption, we need legislation restricting politicians.

proper wording please

[sebol]

When USAtoday called Osama Bin Laden as "Terrorist"
& The other media called him as "terrorist" too,
Slashdot doesnt have to invent "Nasty Bad Men" for calling Osama Bin Laden©

Re:CNN, the paragon of journalistic integrity

[ruebarb]

Actually, the store broke on USA Today first - CNN, MSNBC, and other sources are reprinting it, but USA Today did the legwork.

Filler / Fodder

[trey]

The news media are a poor substitute for internet media. There never was a "new economy" and there never will be "control of the internet". These terrorists better be careful or they will be voted out by the tribal council and lose their MEDIA COVERAGE.

Oh, I get it now...

[CSParsons]

Terrorists using ecryption == good guys. Corporations, governments, police, anybody making more money than you == bad guys. Its all so clear. What happens if terrorists are using *All hail!* Linux? Should we give them free reign to blow up whatever they want? I think the best idea would be to wait around until people are killed, and then ask the people responsible to turn themselves in, because conducting a search would be a gross intrusion into the private lives of the people who did it.

Re:Does he really exist?

[arunkv]

Emmanuel Goldstein.

Ban playing cards

[strlen]

They use playing cards for encryption in the Cryptonomicon (actually a working algorithm). let's ban them too, besides why do hard working, honest Christian americans need to play cards for?

Re:forget encryption...

[alexburke]

Curses! Foiled again!

Don't you mean "Zut alors! Empêché encore!"? (However, if you want to pass as a fro^H^H^HQuebecer, you'll need to say "Tabargnac! Let maudits Anglophones!" Don't dare diss French in Quebec, or you'll have hot grit^H^H^H^Hpoutine poured down your pants.

--

Re:You can't really tell

[moopster]

I don't mean to be a black helicopter type, but the only reason the SS/CIA/FIB/Police/(put your favorite citizen protection group here) try to outlaw (or ask the legislators to) encryption is that they know if it gets mass acceptance it will be very hard to monitor stuff using fun tools like Carnivore (which we all know is only used to save us from terrorists. Neal Stepehnson in Cryptonomicon showed how an individual using a deck of cards could create easy one-time pad. My $00.02

Go here for instructions on how to use Solitare (an encryption scheme using a deck of cards).

----------
No army can withstand the strength of an idea whose time has come.

Re:Am I alone here?

[OwnedByTwoCats]

The US Government has been trying to regulate crypto for a very long time. Who remembers the Clipper Chip? With this history of regulation, plus the abuse and corruption generated by the War On Drugs, it is reasonable for the /.er on the net to be wary of government calls for more regulation.

:-D

[jallen02]

M4#M7M-%\?6!TB9G;@=Z+D_N ^O@6LJE3&5?KGI1LYT@5L):2G=:)7+@?B?:8 )4);>ZY#$M7[H

Okay it says I cant use caps.. stupid lameness filter.

Re:This sounds like a pre-emptive

[eric6]

hey there, you may be on to something. this Inter-Net may be dangerous!

-said by your favorite ignorant politician

--------------------------

Uhh.....

[pointym5]

And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves!

Umm, what's the likelihood that "what's coming" is a missile versus something like a truck or van loaded with explosives? Maybe we could look at some statistics from recent terrorist attacks. Let's see, how many involved long-range ballistic missiles?

Re:Uhh.....

[mpe]

Umm, what's the likelihood that "what's coming" is a missile versus something like a truck or van loaded with explosives?

The only kind of missiles terrorists tend to use are those of the very short range man portable variety.

Re:Uhh.....

[mpe]

There is perhaps a larger likelihood than you think. While improbable that Saddam will be lobbing his alleged nuclear arms at us in the near future, the U.S. should be vigilant in at least keeping tabs on what is going on where.

Senario 1, Iraq launches an ICBM. Before the engines even burn out the US has launched bombers and fed targeting data into land and submarine based missiles.
Senario 2, smuggle a bomb into the US, stick in on a truck and drive it to Washington.
Which senario do you think the average terrorist would go for...

Hello, CNN, USAToady, CIA, FBI? Examples?

[code_rage]

The USAToady article lists 3 examples where these techniques were used. How about if the FBI publishes the actual documents so that their claims can be evaluated? Since they have defuzed the plots in those cases, it would not harm security to expose the evidence to public scrutiny.

Not that I doubt that it's possible for terrorists to exploit these techniques, but so far the feds have not substantiated their claims.

Khobar, Kenya, Tanzania, USS Cole, and NMD

[code_rage]

Bzzzt. Thanks for playing. You are absolutely correct that we (U.S.) invest too much in SIGINT and imaging, and not enough in HUMINT. Technical intelligence methods are easy to foil (just ask India about their nuclear test site) and easy to fool (just ask Serbia about their tanks in Kosovo).

But, recent terrorist attacks against U.S. targets show a pattern: they are all targets of opportunity, and they were all attacked with very low-tech devices. NMD cannot find a truck bimb, let alone stop it. As opportunists, bin Ladin and his minions will hardly be stopped by NMD. If they were to acquire a nuke, why would they waste their time trying to acquire a missile to deliver it? Just bring it in on a ship. Oops, just let the cat out of the bag. Sorry, New York.

Re:Thank you, Mr. Bin-Laden!

[shren]

Where'd you get the stuff in bold? I'm curious to read the rest of it. Always get all of the sides of the story...

Re:Well, they can't really take it back, now...

[flossie]

However, a massive reduction in the number of people using encryption would make it *much* easier to focus on those who retain it.

-- flossie
http telnet

Re:forget encryption...

[Roger_Wilco]

It worked in the second world war --- while the British were cracking Enigma codes with Collosus, a ridiculously parallel computer, the Americans were using the Navajo language to pass their secret information.

I think you guys are missing the point...

[typedef]

If the government really does intend to outlaw encryption, the point isn't going to be to stop people from using it. Rather it will be used as an incentive to obtain search warrents, do keystroke-logging wiretaps and probably just add more jailtime to criminals. While I doubt that mesures such as this would cause the govenrment to start cracking down on Joe Encryption-User, it would definatly hinder the development of future encryption technologies.

Re:Blatant FUD-mongering

[hexdef6]

ummm... try reading the Old Testament. There is enough violence and slaughter to make Pol-Pot blush. When the Israelites were ordered to cast out the Cannanites, they were ordered to destroy every inhabitant of the city, and to leave no stone atop another. They even had to kill the Canaanite livestock. Failure to obey this order is what got Saul in trouble.

Replying to another post, Osama Bin Laden is not exactly on the fringe of Islam. At least not Shi'ite Islam.

You have to understand that Islam has two major divisions - Sunni and Shi'ite. If you know any Muslims, it is likely that they are Sunni. The Sunni sect represents about 80% of all Muslims. The Shi'ite sect represents most of the remaining 20%.

Sunni Muslims are the fun-loving, mostly peaceful folks that believe that the post of Ayotollah (kind of like Church Father, or maybe chief modern prophet) is to be assigned based on spiritual eligibility. The Shi'ite folks believe that the Ayotollah should be a hereditary descendent of past Ayotollahs. The Shi'ite Muslims are also more likely to be rock-throwing, suicide-bombing, jihad-making folks, because they take very seriously the idea of "purging the infidel". Now please understand that not ALL Shi'ite Muslims are like this, but the ones that are are by no means rare.

With all this in mind, understand that Osama Bin Laden is fully within the laws of his religion when he kills American "infidels". There is a sort of standing Jihad on America for a number of reasons, most of which result from either our political meddling or our "immoral" society.

Jaeger
www.JohnQHacker.com
GodHatesCalvinists.com

Re:Banning encryption

[31:]

which'll be interesting, as IT departments around the country are recieving mandates to move away plain-text pasword protocols... ideally towards everything being encrypted...

Well, I guess if we just XOR everything with NOTATHREATTOUSSECURITY it'll be good enough

---
I'm not ashamed. It's the computer age, nerds are in.
They're still in, aren't they?

Re:Moderation is the key (no pun intended).

[SunCrushr]

I agree. Quality > or = quantity.

Re:NASTY BAD MEN ARE USING CHEMISTRY

[Ig0r]

If you didn't have anything to hide, you wouldn't need to chew with your mouth closed!

--

Re:NASTY BAD MEN ARE USING CHEMISTRY

[Ig0r]

Exothermic reactions will become illegal without a proper liscence.

--

Re:And this is

[sid_vicious]

And unless encryption breaking techniques make a quantum leap foward in the next few years, this situation is going to become the norm.

Quantum leap = quantum computing?

Just curious if the pun was intended or unintended..

:)

i bet

[bigpat]

I bet he has four walls around his bedroom too. Just like me.

I bet he sometimes uses motor vehicles to get around. Just like me.

I bet he even uses paper from time to time to plan out his horrible deeds.

The pen is mightier than the sword. So why not make the pen illegal? I'll keep my encryption.

cyber-terrorism

[sg_oneill]

b0mz_g3rl: NE1 4 sum cyber*TERRORISM*
h8z_USA: Hey b0mz_g3rl. I gotz me a 6ft SKUD m1ss1l3
b0mz_g3rl: Oh... I can feel your AK-47 on my sweating Flak jaket
*b0mz_grl shows h8z_USA her PUBLIC KEY!!!!!!!!
*giggles stands on her head

Cite, please.

[peccary]

Can you at least give us his name? The county and state?

Two Birds/ One Stone

[peccary]

'sfunny, nobody has commented yet that this pretext allows The Man to simultaneously target not only crypto users (the obvious target) but also pr0n sites.
Wanna bet Ashcroft put 'em up to this?

Re:gov't intervention is worth it

[peccary]

Another poster commented that chemistry should be restricted, and perhaps it should be in the sense that large fertilizer sales should be tracked (eg., by inserting chemical "tags" into the fertilizer).
Already done. Happy yet?

I knew it!!!!!!!!!!!!!!!! I did!!!!!!!

[cfleming]

I was watching an evil 'encrypted' DVD the other day and I could swear that some muslims had put in some evil, homoseximal, subliminabbble suggestions.

Damn those worshipers of God and their Fight Club.

Re:Osama using the web... [TRANSLATION]

[Maggot75]

It's plain to me that Osama was using the smiley faces as the real channel of communication.
<Osama888> wasssuuuuuupppppp >:D
The ">:D" clearly means 'I plan to bomb Dixie', > being a code for 'bomb' and Dixie being a reference to the United States of America.
<Osama888> hehe then I told the guy, "do you know who I am??" and he was like D:
"D:" means that the next supersecret hidden message is intended for his contact in Dixie, probably saying where the bomb should be located for maximum destruction.
<Osama888> yea w3rd.. brb pizza ;)~~~
The ;)~~~ is of course Monica Lewinsky in her semen stained dress. (~ is muslim terrorist for sperm)

Re:Cat out of bag, horse long gone from barn...

[max+cohen]

Informed sources tell me the NSA has been breaking PGP for years

Interesting. While I've always knew the NSA was years ahead of most when it came to computer technology (my guess is 5-8 yrs), I have a healthy doubt they've discovered a factoring algorithm that is that much more advanced than public domain modern math research has produced. This problem has plagued mathematicians since the beginning, and for me to think it's been solved is just too great of a leap of faith. So for this PGP claim to be true, I would assume the NSA has built some amazing pieces of hardware to perform this math in such a short amount of time. I've read the NSA has it's own fab to manufacture in-house chip designs, but I'm short on details for the level of technology their dealing with. I would harbor a guess of 0.1 or 0.07 um (not too unreasonable for the 5-8 time frame), coupled with the fact that they don't have to worry about getting high yields to bring down chip costs. No idea about their EDA tools or systems engineering either, but I'm guessing their focusing more on parallel systems just based on the amount of those big iron systems Cray, SGI, and IBM are pushing these days (trickle down effect from R&D to the marketplace).

Anybody know of a resource that might have better info on this?

Nice Graphic

[ColdTap]

I thought the graphic that went with the story was particularly thoughtful and balanced...with journalism like this who needs terrorists?

Why is government considering better than human?

[Valar]

What worries me is that people have this perception that giving the government something is safer than giving it to terrorists. I don't trust the NSA or CIA with PGP any more than i trust J. Random Islamic Militant. The government is made up of people just like you and me, so why are they less fallible?

Re:Uh oh

[Rentar]

Welll ... but actually you can do cryptography in rocks & clay ... then it's called hard crypto.

this is so offensive

[jayfoo2]

I was reading this in USA today (hey i'm in a hotel, it's free, the sports section is good) this morning and I couldn't beleive it. This was one of the most offensivly one-sided articles I have ever read.

there were one paragraph that really set me off,

"It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it."

What the article forgets to say is why civil liberties groups like encryption and don't like key escrow.Because terrorists aren't the only people using encryption!

That is what I find offensive, this article does not even hint that there might be legitimate uses for encryption, not for dissidents, not for coroporate data, not even to protect your credit card number from the l33t when you are buying a chia pet online (they're very cute!).

The scary thing is that it's not just USA today. Clearly there is a press release behind these articles, and almost every reporter (cnn, ap) basically just re-arranged the release.

...how it all happened

[Alien+Perspective]

From the CNN article:
The paper said weeks of interviews with U.S. law enforcement officials and other experts disclosed details of how extremists hide maps and photographs of terrorist targets in sports chat rooms, on pornographic bulletin boards and other popular Web sites.

Lt. Klink: Officer Krupke, what are you doing looking at those porno websites?

Krupke: I'm, uh, looking for...terrorist messages....yeah, yeah, that's it! Those devious terrorists are hiding messages in these image files. See where they've cleverly disguised the map to their secret base in the Grand Teton mountains?

Klink:They're hiding messages on porno sites? Oh my god! Alert the media!
Good work, Krupke...keep on the lookout for more messages!

Krupke:Yes SIR!

You can't really tell

[TygerFish]

The truth about encryption is what was mentioned by someone in an earlier post: if you ban encryption, criminals will still use it. To criminals, you can add spies and terrorists.

Despite US laws defining encryption technology as a munition, it is ridiculous to assume that none of the publicly available encryption schemes was illegally exported to foreign countries. It doesn't take an Einstein to figure out putting encryption technology on a laptop and putting the laptop in a diplomatic bag, or for that matter, simply sending it as a large email attachment from inside the United States. Common sense tells you that a lot of governments have already done exactly that. Chances are, if it was made here, it's out there, and noise about limiting access to encryption is either the result of ignorance about CS in our lawmakers (who would have imagined it...), or it's planning for a rainy day for U.S. citizens. Either way, limiting public crypto on this basis is ridiculous.

The 'reasoning' behind calls for limiting public access to encryption is double-edged; it's impossible to extract bad acts from not knowing, especially when ignorance plays well for reelection campaigns.

Limiting access to encryption might not be intended as a prelude to massive invasions of privacy, but it works perfectly well as one regardless of the stated intentions of the powers that be.

To mail me, remove the 'mailno' from my email addy.

Re:You can't really tell

[Shoten]

At my last job, I worked with a person who was previously extremely high up at the DEA. (Great guy, btw...although the job didn't work out, I wished I could have taken him with me to work here too.) Remembering the fact that among the various goblins and badguys mentioned as users of crypto was "Drug Cartels," I saw the opportunity to ask someone who really knew.

You know what he said? The drug cartels are not using things like PGP or any of the other commercially available OR open-source encryption tools. It's far worse than that...they have developed their own tools, and by his account (and knowing him, it's not his opinion but that of someone who would actually be knowledgeable on the topic) they have crypto that is "ahead of anything you can buy now." They bought some talent and created their own proprietary tools.

This goes beyond the concept of "ban crypto and only criminals will have it." The criminals roll their own now.

restricting encryption furthers laziness

[ledbetter]

Bottom line, encryption isn't going anywhere. There are enough good pieces of free encryption code and great books like Applied Cryptography that even if the big bad government decided to ban all commercial encryption software; encryption is here to stay.

What this attempt to point out the evil uses of encryption is really stemming from is laziness on the part of law enforcement. They have been used to catching criminals the easy way: listening to their phone calls, and reading their mail. Well, play time is over, and law enforcement is going to have to wake up and realize that the days of those methods being effective enough on their own to catch the big guys in organized crime and terrorism are over. They should quit wasting energy on whining, because there's nothing anyone can do about it.

That's a relief...

[glowingspleen]

At first I got really REALLY scared about the possibility of technology being used for evil purposes, but then I remembered that all the really neat stuff like AI and Nanotechnology have been designed only for the use of the good and just!

Whew! It's good to know that there will never, ever ever be any tiny supersmart autonomous microscopic robots that can take me apart cell by cell! Thanks science!

Re:Cat out of bag, horse long gone from barn...

[Karl_Hungus]

(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab ;-)

Yeah, but FBI's purview includes counterintelligence and prevention of terrorism in U.S. They've done counter-intelligence operations inside CIA headquarters. I'm not saying they don't get along, but (especially) if any of this stuff is on websites in/owned by US corps, they're gonna be all over it.

linkwhorelink: Osama's Wanted poster. Does he use a cane to hide the fact he's so damn tall?

Pig-Latin

[Karl_Hungus]

Oday ouyay inkthay ey'rethay usingway isthay?

Slashdot Users Accused of Terrorism

[MathPenguin]

An in depth investigation of all Slashdot readers is becing conducted by the US Government. "After all, they're some of the staunchest supporters of encryption. They obviously must be involved in something sinister."
-----------------
It's not really funny, unless someone doesn't get it

Re:Uh oh

[MathPenguin]

You must be kidding. Rocks. Do you realize how easy it would be to bash someones head in with one of those. Even pebbles can be used as projectiles. Looks like we'll just have to use clay and our fingers...

but can't our fingers be used to strangle...
-----------------
It's not really funny, unless someone doesn't get it

Re:CNN, the paragon of journalistic integrity

[TechLawyer]

Then I stand corrected. I would delete my prior post in shame, but instead I will likely watch my precious karma decrease by 1. Penance enough, I suppose.

CNN, the paragon of journalistic integrity

[TechLawyer]

Ah, yes, another great story broken on CNN, the same network that allowed US Army psyops officers to work in the newsroom during the Serbian War. CNN wouldn't have any ties to the government, or any interest in policy, would they?

She's a witch!

[doorbot.com]

Burn her!

I wonder how long it takes for the public (after sufficient inundation by governmental FUD), to want to ban things like SSL.

"Secure shopping, my ass! It uses encryption... terrorists are using to take away Ahmehrican dream!"

What would be ironic...

Government employee, under new anti-encryption laws, sends un-encrypted (or poorly encrypted) data to someone else in the government.
It is intercepted by "terrorists" and easy read. Valuable information (eg, location of the president at ABC on XYZ) is acquired and damage is done.
An investigation traces the trail back to the unencrypted data, the "leak" is identified publicly, and then the public can't understand: "But you said encryption caused cancer!"

OH my god its SO CLEAR!!!!

[BeerSlurpy]

I didnt realize that key escrow would help prevent the use of steganograpy to communicate between terrorists.

However, this article makes it so damn clear! I feel stupid for not having caught it earlier.

And I thought I was a computer expert too. I feel so ashamed.

Just an excuse to usurp wire tapping laws

[Sebastopol]

All of the discussion has been about banning crypto, but this is obviously a premedited release to prime the skids for banning newsgroups and sniffing all internet traffic.

The fact that they reference pornographic bulliten boards explicitly says to me that usenet is the first target.

I love the last line, referring to keys as 'signals'. What a fool.


---

Re:Thank you, Mr. Bin-Laden!

[eudas]

the above comment warrants positive moderation.

eudas

Re:Good news...they don't know it?

[xipho]

Surely they've come to the same conclusions as you just have...they know that you know that the public doesn't know... and what kinda response its gonna provoke. Give them a little credit (arg)...be more paranoid...

Considering that this is a US website....

[Asic+Eng]

...it might be interesting to note that
these terrorists are probably using guns. :)

So presumably we need to outlaw guns in the US,
so that the terrorists won't have any... uhm

Don't flame me, I'm joking... or am I? ;)

The Real Reason

[Garry+Anderson]

Quote: "It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security."

It is blinking obvious the bad guys will still use encryption programs that have no "master key".

Therefore it is logical that them having the "master key", is only good for spying on the people.

So, THE REAL REASON for continuing this course, is to deny us the basic human right to privacy.

This will be the same as having somebody watching everything you do. All your finances available for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes. All your personal emotions in private emails, your fears about health worries and your personal quirks in web-sites you visit. All your inner-most secrets will be open to them.

WIPO.org.uk - no connection with, and wishes to be totally disassociated from, the World Intellectual Property Organization, WIPO.ORG - part of UN, payed for (owned by?) by big business.

Re:But it WILL extend Osama's jail term when caugh

[lewko]

When he *is* caught, he will die in the executioner's chair.

Extending his sentence? Sure... Maybe fewer amps for a longer period or watered down lethal injection...

Re:Osama using the web...

[brakzilla]

There was really no need for you to make that remark :( it was obviously a joke...

yeah, but it's HOW they're using it...

[jpellino]

given that they seem to have stumbled on a useful version of steganography, that's the part that's troubling - they can largely forego the typical encrypted email routes... yes they should be gone-after. no the gummint should not have all our keys.

Re:Cat out of bag, horse long gone from barn...

[Tyrannosaurus]

Don't forget 'toothpaste out of the tube.' Couldn't agree more.

---

This sounds like a pre-emptive

[esconsult1]

strike by the govt. Sure, terrorists are going to use the technology like anyone else.
It's like saying the internet foster's date rape.

USA Today anti-encryption freedom article

[NoBs]

The FBI purblic relations people fed USAToday quite an article. Evidently they are too stupid to see the stupidity in their position: A gang is involved in acts of violent crime. They allegedly use encryption to conceal their actions, so the FBI targets the vast majority of decent people to deny them their rights to privacy. The FBI have been considered by some to be a lawless, terrorist organization unto themselves.

Does this mean...

[Godwin+O'Hitler]

...that the media are acting as government propaganda agents? Does it mean people believe what they read in the press? Does it mean people believe what the government says in your country?

You want roses?! You have to deal with thorns too!

[NeoCode]

I can quote several idioms like that, but I'd come straight to the point. There are always two aspects of an innovation, some technology and any story. And this is no exception.
People who have something to hide and want their message to get across will use encryption to send and spread their message on the web. There is nothing you or your mamma can do about it.
With technologies like Freenet being developed and improved all the time how can we be sure that nothing illegal will not happen. The fact is that we can't be sure of anything, especially in times like these. No one thought that the pr0n industry will drive the internet (lets face it. its true!)

I can blab on and on about this but it just amuses me that the government is concerned about stuff that they themselves are doing. And if they are really concerned about all this, I am pretty sure that the NSA have very gifted code breakers which can break these codes given enough time.
If you make technologies like encryption free, be prepared to deal with what lies ahead.
These are my 2 cents.

peace out
NeoCode

Re:Moderation is the key (no pun intended).

[agentZ]

Any technology, the oldest (fire) included, can be used for the good of all or to destroy.

I absolutely agree with you. There are some technologies, however, such as explosives, which although they have good uses, are mostly used for destructive purposes. Thus, they are tightly controlled by governments to restrict their getting into the wrong hands. Perhaps part of the problem is that because encryption, like explosives technology, is not widely used, many people see it as being only weapon. Most people still assume their e-mail is private (after all, it's illegal, according to the wiretap laws to run a sniffer if you're not authorized) so what's the need for encryption?

Re:Well, they can't really take it back, now...

[agentZ]

Yes, but the rhetoric will be something along the lines of, "America is the most technologically superior nation in the world, so of course they're just getting this stuff from us. If we stop exporting it, they won't be able to get it anymore." It's totally flawed thanks to this @#!# Information Superhighway thingy, but that's what they'll say. (Maybe if we just cut the Transportation Department funding?)

Some facts

[agentZ]

First, let's stop foaming at the mouth and look at reality: The US government cannot make encryption go away. The crooks are going to keep using it whether it's legal or not. You can't make a technology disappear. Even if it was "illegal" in the US, you could get it from places overseas. (The same way even though it wasn't supposed to be exported you could get it on the Internet.)

The current DOJ Policy on Encryption says that what they want is third party escrow of private keys. Now I'm not vouching for that system at all, but just keep that in mind. The idea, of course, is that the "big" companies will put escrow in their products, and then only the escrow'ed products will be approved for export.

But so long as there is freeware PGP...

Re:The part that struck me...

[msodfjsalfhlskdhf]

Much like cold war republican efforts in the south to paint naacp leaders as commie bastards just waiting for the chance to overthrow the "perfect" wasp-controlled country we had at the opening of the century...

====
All things in life are subjective. At least that's what I think.

Re:forget encryption...

[singe_69]

Hey, what about writing backwards? does anybody know if the gov scans for this?

Re:forget encryption...

[singe_69]

"dood lwek" Ah fuck! I can't figure out how to spell "Dood" backwards!

Terrorists using Air Conditioning against West...

[Corrupter]

I am sure Bin Laden uses paper and pens/pencils in his communications as well. Therefore, maybe we should make them illegal for the general public. Perhaps he uses air conditioning in his Afghan hideout. Yes, Air Conditioning Technology should be restricted also so that it doesn't fall into the hands of terrorists and make them more comfortable while plotting against Western Democracy.

Get rid of it all!

[Spackler]

Hidden in the X-rated pictures on several pornographic Web sites and the posted comments on sports chat rooms may lie the encrypted blueprints of the next terrorist attack against the United States or its allies

So, no more pr0n, and get rid of these terrorist that are cheering for the New England Patriots!

I love our government. Make sweeping statements to try and make the world safe for us. Oh, hang on, that government is by us, and for us... hmmm, how did the framers of the constitution really think this would work out???

Re: Nasty Bad Men

[bigmouth_strikes]

It's easy to make fun of the way that media sometime cover the issues of encryption. They sometimes do exaggerate and usually get some or all of the facts wrong and whathaveyou.

But nevertheless, it is a real problem that do require more that just a few sweeping opinionated comments on /. Criminals are getting geared up on the latest technology, and society will suffer if nothing is done. Yes, society means me, you and your mom.

Already we can see how criminal organizations are using international banks and money transfers to and from them for money laundering. The more they can act anonymously, the more they can get away with and that makes at least me mad.

Re:Here's some other things to get rid of.

[Alatar]

Only U.S. citizens can commit treason. You have to be loyal to a government before you can betray it.

Re:Osama using the web...

[Alatar]

using the web? looks like an irc log to me. irc predates the world wide web and the two services have nothing in common.

Circa 1930s

[headphone]

The rapid growth of the Telephone device from government use to the public has created new communication mediums for criminals. Previously their communications were limited to the more trackable device such as Postal mail or the Telegraph but the preferred devices of todays Crime boss is the Telephone.

John T Good the Chief Intelligence agent for the US Marshalls said today that telephone gives criminals instant access to the nefarious plans of their bosses.

Jim B Well president of the EUTD(Ethical Use of the Telephone Device) said that the control of the Telelphone Network and all other controls should rest with the government so we can only issue Telephones to God fearing people of America.

What you reap is what you sow.

OH NOOOO!!!

[sheetsda]

Terrorism and dangerous plans on the internet! nothing like a dangerous cookbook of explosives/booby traps/terrorism techniques has never passed over the net before!!

Please uncle sam, you actually think Bin Laden A) needs the internet to send his terrorism messages and B) bomb recipes has never travelled across the pipes.

Hey Bin Laden, glad to see you're paying attention. Hey Uncle Sam, welcome to the 90s... too bad Bin Laden and the rest of us are in 2001.

"// this is the most hacked, evil, bastardized thing I've ever seen. kjb"

Here's some other things to get rid of.

[pcwhalen]

Washington DC -- In a baffling announcement from the Oval Office today, George W. Bush declared he would lobby to have freedom of assembly revoked.

"I have heard all the arguments that the framers of the Constitution held the right of assembly inviolate, but it's dangerous to allow groups like Bin Laden to meet and discuss strategery" said the President, flanked by Republican members of both houses of Congress. "If they can't meet, they can't talk treason."

The President outlined a plan to disallow freedom of religion as well, citing the "Moslem" problem. The President's speech was aired on PBS right after the Super Bowl. "You have to hand it to Dubya," quipped political pundit and prognosticator George Stephenopolis, "everyone was watching Survivor 2. Slipped right through the cracks."

Why Feds want to ban Crypto

[TomRC]

Q: Why would the feds want to ban crypto? Are they really, really interested in what I have to say? Out to "get something on me" in case I ever step out of line? Nope.

A: They fear that the volume of encrypted communication will get so large that the encrypted messages of those who really have something to hide won't stand out by the very fact of their use of encryption.

What does this imply? That "they" are monitoring just about all communications - including those we commonly assume they aren't legally allowed to - and tracking encrypted comm traffic flow. Do you think the Europeans would tolerate US spy agencies monitoring their communications, if they weren't doing the same for US communications, and trading info when "something comes up"? Neat way to get around any ban on wiretaps without a warrant - just collude with someone who isn't bound by your nation's laws.

don't ban encryption...

[objekt]

let's just ban the internet

And It Hides the Data in Existing Images!!!

[vodoolady]

Here's how it works: Each image, whether a picture or a map, is created by a series of dots. Inside the dots are a string of letters and numbers that computers read to create the image. A coded message or another image can be hidden in those letters and numbers.

They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read.

Snort. It's not just propoganda, it's poorly researched propoganda! Ohhh, those scary first amendment terrorists, ohhh

Re:Good news. Follow my logic and understand why.

[fognugen]

"I suggest that we embrace the criminals for this campaign. The fact that Bin Laden and criminals like the mafia use encryption make it into a sexy field again, like it was in the 1920's through 40's, say."

You just clearly stated that we should embrace Bin Laden for using encryption. Please think about what you are saying, especially w/ headers like "Follow my Logic."

You have suggested that we support someone who has openly launched a campaign to kill any and all Americans simply b/c they are American.

Re:Need a key escrow?

[theNeophile]

I would have no problem with key escrow, but I'm manly encrypting to protect myself from the goverment.

Re:ROFL!

[Creepy13]

"We already know that some 30 countries are working on offensive information warfare programs and the principal target for each is the United States. We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds. We also know that every day hundreds of American companies are attacked through cyberspace and that billions of dollars are lost through theft and blackmail. "

As if things like that only happen to the States..... lots of sites here get attacked trough cyberspace... with lots of attacks originating not only from Russia.. but also from the States... United States != World

Yes!!! Let's ban encryption!

[tulare]

And while we're at it, why not include a ban on using lemon juice on paper - after all, that is also a way to hide your communications. Once we've been protected by these fine efforts of our legislators, we can then work out the troubling problem of personal messengers, who simply won't say unless they're in the right company. A simple attack on free association would take care of that.

Or we could take a close look at ourselves and our societies, and try to (I know I'm being ridiculously optimistic here) actually solve our differences in ways which don't make people feel like secretly plotting to do others harm. 'Scuse me.

encryption ~= guns

[Martin+Spamer]

...is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?

Perhaps, is this part of a PR campaign to show John Q. Public how dangerous guns are in any hands other than gov? Why would the former succeed when the latter has failed ?

IQ Test...

[Interrobang]

I did...Now what?

...If I type Ctrl+Alt+ this funny thing called an "XServer" shuts down and my screen goes all black, though...

I dunno, shucky-darn... Guess I'm pretty dumb if I can't even get an IQ test to work right.

Charly (No Flowers, please, just Publick Keyes!)

Cyclical Threats

[Interrobang]

Has anyone else out there noticed that these "outside agitator threats" seem to come in cycles (roughly ten years, or long enough for the previous incarnation to be a really sun-faded memory in the minds of the Great Unwashed)? (The second question is "Why?") First it's DRUUUGGS! Then it's YOUTH CRIME! Then EVIL_NASTY_BAD_HACKERS! Then it's TERRORISTS! Soon, no doubt, we'll be back to SATANIC CULTS and RITUAL ABUSE!

And do you really think that the majority of these so-called threats are even real, let alone as real as the media-manipulators want us to believe?

Terrorists! Drugs! Satanic Panic! I can hardly wait. Somebody come roust me out of these docs when it's over, kay?

?!

Oh DARN

[SanLouBlues]

Well at least they have a chance to crack the messages. Would they rather they only communicate in person in rooms which are stringently bug-checked first? They should be making really big computers which can trivialize encryption and encouraging people to think it's safe . . .

[FBI employee] - No boss, I wasn't looking at porn, I was searching for terrorist plans. Honest!

Re:forget encryption...

[omega_rob]

Hmmm, I suppose that's true. Maybe they could embed their nefarious plans in a COBOL program or something. Virtually uncrackable that way, since all the COBOL programmers were killed after that whole Y2K debacle.

omega_rob

Re:Exactly

[o_kenway]

Yes - Our government did this and slipped the Regulation of Internet Privacy (I don't remember the name exactly) Bill through Parliment on a lazy afternoon where a third of the House turned up and now we will have boxes in Greenwich which will monitor all our traffic. If you have an encrypted file (and ISPs this means YOU too) on your computer and the Government asks to see, you must by law give them the key. Furthur more, if you know that someone is being watched and you warn them that you were asked for the key, you are given a long jail sentence. Isn't the UK wonderful?

Re:ban envelopes, too

[HD+Webdev]

Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store

Especially when it's an over-the-phone transaction.

I can guarrantee you this (from my experience at 5 stores), when you phone in an order, your CC# is entered into a normal CC receipt/validation machine. The receipt from that (which contains your FULL credit card number) travels to the person who finds the merchandise, then given to someone who takes it to shipping, then the shipping person puts it in the box and seals that box.

FOUR people have had the chance to copy and distribute that CC #

OTOH, when it comes to ecommerce, the only person who sees the full CC# is the main web site person/programmer. S/he will pass on a receipt that only contains the last 4 digits of the CC# to the order fillers

Re:Err, wrong.

[hughk]

Probably a passphrase vulnerability on his secret keyring. If you try long enough, of course you can come up with the combination - it just isn't going to be very fast.

Re:Cat out of bag, horse long gone from barn...

[hughk]

No, all the govt crypto agencies are scared sh1tless about strong cryptography. Some versions of PGP had bugs (which have since been fixed), the advantage of open source. Mostly it is very secure. If it could be attacked, Bin Laden would be a high enough priority for the NSA to use significant computer power to attack his traffic. I guarantee his sat phone is bugged, but what use is that unless cleartext is used.

Remember the NSA is an institution and part of the government. Neither the govt. or institutions are known for efficiency. During wartime, their entrance procedures are relaxed, so this is how truely innovative persons like Turing were invited to join GCHQ during WW2.

Van Eck monitoring works, but it is quite difficult when you can't get close. The same applies to installation of keystroke logging. Not many NSA agents want to drive their black wagons in the middle of Afghanistan. Kabul is not eactly user friendly and where bin Laden hangs out is likely to be even less.

I would put down this to an attempt by the NSA to spread FUD.

Re:ROFL!

[hughk]

Usually you will find less bugs in Russian software. Frankly, it is very difficult to persuade a Russian programmer that his work is ready to ship.

As for holes inserted by nefarious government agencies. Believe me, I have met people from these agencies. They fundementally don't understand (the wages are terrible) and a commercial s/w developer wouldn't think of compromising their stuff by allowing these agencies anywhere near the code.

I can't speak for China or India, but with Russian stuff, you don't have to worry unless you buy a black box with a seal "FAPSI Approved".

Why is anyone suprised?

[T300bps]

There's nothing particularly new about the idea of using "secret codes" to pass information along. Everyone I knew in middle school wrote [and often memorized] codes to write more "secure" notes to their friends. Leonardo DaVinci wrote backwards. Ours and every other military have used codes, ciphers, and various types of encryption for centuries. Many gangs have their own alphabets and pictograms.

And we're supposed to be suprised that Osama Bin Laden is using PGP and/or other crytographic software?

Because Bin Laden is one of the Bad Guys [TM], any tool he uses to make his job easier is a Bad Thing [TM], and doubly so on the Web because the media has worked very hard to make it look dangerous.

In many ways it is. Identity theft, script kiddies, and hackers with a penchant for malicious code are real. Unfortunatly, Joe EndUser has yet to come to the realization that the Web is a lot like the real world: learn the basics, play it safe, and you're usually okay. Remain ignorant, and you're a target.

Because society at large IS ignorant regarding even the very basics of the technology it's addicted to and/or reliant upon, it should be no suprise that Joe EndUser is afraid of encryption. He's afraid of his own on/off switch! He doesn't have the tools to understand why something like that would be useful. He can't apply common sense to something that acts like a TV with a typewriter and cup holder attached.

"Why would you use encryption if you're not doing something wrong?" he asks. Same reason I don't shower in the town square, or keep my diary pasted on the front door of my apartment, or keep my mother's jewelry in a candy bowl next to the street. Some things are private, or should be kept safe.

Because Joe EndUser doesn't understand the toys he uses to "download that internet," the media can have a field day frightening people with a useful tool. They don't make money telling Joe EndUser that the good guys use it too, or teaching people how these tools work. The media makes money on fear and outrage.

It comes down to this: if you want to keep your privacy, you want the right to use encryption, etc., it's like anything else in a representative democracy. You get involved. You keep yourself informed, you educate other people, and you get in touch with relavent parties. It's work, but any government ostensibly based on the will of the people requires active citizens.

Re:Better also ban all those NEWSPAPERS

[raju1kabir]

I'm surprised that no one else in this thread has mentioned the fact that encrypted transmissions have been hidden in newspapers at least since world war 2

I was going to but then my office was invaded by marketing people, sucking up the rest of my afternoon.

The key similarity is that reception of the message is anonymous; only general-interest web sites or chat rooms with lots of traffic are really viable. As you say, classified ads in the newspaper are still better. The problem is that the data payload is much smaller.

Transmission doesn't need to be so anonymous, because unwitting third parties can be maneuvered into doing it, and in any case by the time the message is discovered the transmitter has long vanished - and the identity used has been scrapped.

Other than newspapers and parts of the internet, there are not many anonymous-receiver channels into which it's relatively easy to inject an arbitrary message. Shortwave radio? Not enough potential listeners to hide the target. Wearing different-colored T-shirts outside the Today Show window? Not enough bandwidth.

So basically it's a duopoly. Do you suppose the media companies are pushing this story because the newspapers they own are losing valuable classified ad revenue in the absence of encoded spy messages?

Re:Ordinary folks usually are not terrorists

[raju1kabir]

People who suicide-bomb school buses are usually very righteous, "pure" fanatics, the same kind of fanatic that bomb abortion clinics in the west.

You're completely right. However, the people who suicide-bomb school buses are the low men on the totem pole, the weakest-minded of all, the people so caught up by the leaders' rhetoric that the leaders find it better to have them dead than alive.

Every movement has its leaders and its followers. It is the leaders who are doing the planning and communicating (and encrypting), and the followers who are manipulated into carrying out the acts that increase the leaders' power.

These people will not only follow all their religious beliefs, they will follow those beliefs to the exact letter.

There is no place in the Quran or any other religious text that I'm aware of that recommends killing busloads of innocent children to complain about political acts halfway around the world. This stuff does not come from religion per se; it comes from people whose slavish and unconsidered devotion to religion allows them to follow the words of anyone who claims to authoritatively represent that religion.

By their prior zealotry displayed in the temple, the church, or the mosque, the footsoldiers of "religious" terrorism have proven themselves to be willingly manipulated. So clever people come along and manipulate them, tossing in some irrelevant crumbs of spiritual mumbo-jumbo to speed the process along.

Not to hard to get around.

[apocalypse76]

Just use dsniff, or other tools to do a man in the middle attack if necessary.

Re:Cat out of bag, horse long gone from barn...

[baptiste]

Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor

Yeah did you notice in each example, they broke the code anyway to foil the plot? SO why all teh Red scare tactics? Course it was interesting to see that one code took one year to break. (Where's distnet when you need it!)

PGP and backdoors

[Choco-man]

of course, PGP isn't open source, so we really aren't certain phil and friends haven't placed a well written backdoor to allow viewing of encrypted messages. should this be the case, perpetuating the idea of security by placing export restrictions and a low level disinformation campaign made to foster distrust via suggestions that PGP provides unbreakable security would benefit the goverments of the world by giving a false sense of security to those 'bad guys', and urge them to use the program, which actually gives an automatic back door entry for authorities.. something to think about.. me? consipircist theory? naa...

Re:that only holds true for freeware

[Choco-man]

NAI isn't going to give away the source to it's commercial products, which, ostensibly, are marketed at 'better' than freeware. there's no way pz is still calling the shots for this product - to think nai would allow that is nothing short of niave. pz sold the rights to this product line, made a mint, and now the corporation is going to do what any other corporation would do - make money off the product in any legal way they see fit.

Encryption Everywhere

[Fat+Casper]

I just know there was a relevant message concealed in that first post.

I wonder how long it'll take the good folks at the FBI to crack it.

PS

[tethal91]

You don't have to be paranoid for them to be after you. You don't have to be a conspiracy nut for them to conspire... i am really not a conspiracy nut; facts are facts. Just watch the history channel if you think the government always tells the truth, the reality is somewhere in between the conspiracy theorists delusions and the naive passerby's dreams.

I don't see the point of using encryption.

[Flabdabb+Hubbard]

These terrorist guys are usually arabs, or irish, and speak different language from us. E.g. in arabia they speak arabic, and in ireland they speak irish/gaelic. So why bother encrypting. How many US govt officials do you think can understand arabic anyway. And even if they do, what if the terrorists have a secret language, where for example 'I have some warez' translate to 'I have the detonaters and timers'.

The cryptography argument is lame and useless. The US govt is a self-perpetuating organism that seeks power for its own sake.

A bit like the redmond retards :-)

Re:I don't see the point of using encryption.

[Flabdabb+Hubbard]

You've just seen that Brad Pitt film haven't you were he's speaking 'Irish' haven't you ......

No, I guess the movie makers are not stupid (like the vast majority of us americans) and made him speak english so we can understand.

Re:I don't see the point of using encryption.

[Flabdabb+Hubbard]

Maybe it was moderated up because it was making exactly the same point that you made ?

There's not much you can do to stop terrorists from communicating

Re:I don't see the point of using encryption.

[bugg]

Why was this moderated up?

The CIA employs a huge number of languistic experts. Don't believe me? Head over to cia.gov and look at the positions they're hiring for.

As for the latter, that's basically the same concept as a OTP- just less flexible (not any message can be sent), although equally impossible to break (without having a code book).

There's not much you can do to stop terrorists from communicating.

The Benefit Outweighs the Danger

[derf77]

I believe that encryption is a good thing. Even if our 'friend' can use encryption to plan his 'fun', why can't they just check up on his IP, trace where he's connecting from and shove a cruise missle down his throat.

Re:The Benefit Outweighs the Danger

[HerrNewton]

Pity the poor loser with a win-gate proxy.

----

Re:Exactly

[lie+as+cliche]

he implied without saying directly that the gorvernment used the news media like a precision weapon in control what was known, by whom and when.

And it perceivably still is. Just look at the process, the motives, and the tactics used to determine in whose interests it would be to generate the effects being produced by this. Does this actually surprise people? It's really just a matter of reverse-engineering to have a looksee at the code.

In this case, you take some foreign political figure people associate with terrorism, guns, all sorts of dangerous and icky activites, and cryptography, which is the thing you want despised at the moment. You then find a way to superglue them indelibly together in the minds of a large proportion of the citizenry. Repeat as needed until the negative backlash from regulating against cryptography has been quelled enough to make it a non-threat. Can't have them all waking up before it's too late, can we?

What tickles me pink is the timing. Whoever's in charge of placing these pieces in the news is up for a big demotion. Putting that story in the national news media directly on the heels of the movie Antitrust? How much do you think that will minimize the psychological impact? It's comforting to know they're fallible, at any rate. =)

Re:ban envelopes, too

[lie+as+cliche]

Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage.

This is what boggles my mind... These moves are obviously, and provably, not done for the reasons claimed, but always seem to end up further restricting the rights of the common man. So why are the geeks the only ones to connect the dots there? I want to say the average citizen isn't that stupid, but then it's the same rampant idiocy that has me forswearing a career in tech support before I leap off the nearest building like a clinically-depressed lemming.

So explain this to me... we [Americans] have a government trying to erode our rights, yes? And yet the federal government derives its right to rule from the Citizens themselves. By the People, for the People, remember? So we have the rights first, as individuals, and supposedly choose to defer some of those rights to our respective States. Those States got together and merged one facet of their authority to create a Federal government. So if all the rights the federal government has are conferred upon it from the Citizens, how can it then turn 'round and attempt to meddle with the rights of the Citizens, which supercede it? I think I have the answer; hit my homepage for a write-up on it.

It's actually doubly funny, since the federal government was primarily designed for the purpose of regulating interstate commerce. Where they get the uppity idea that they have jurisdiction to make laws against what people can and can't do as individuals is beyond me... a few unlawfully-ratified fraudulent documents that wouldn't stand up in a court of law. It's a faulty legal premise that's ready to be knocked over like a house of cards.

"I regret to say that we of the FBI are powerless to act in cases of oral-genital intimacy, unless it has in some way obstructed interstate commerce."
-- J. Edgar Hoover

ANTI-CRYPTO Islam & Arab-bashing

[Factomatic]

Am I the only person who finds the prominent use of racist stereotypes in the government's argument disturbing?

Sure, Bin Laden claims to be Muslim but I think you'd find very few Muslims who support this guy. Yet you see numerous mentions of the religion and its followers in close proximity to mentions of terrorism.

IS ANYONE ELSE BOTHERED BY THIS???????

Comments?

Re:Encryption is a Right.

[phooka.de]

Maybe americans are allowed to use force to overthrow their gouvernment, but over here, I'd guess that the german gouvernment supports OpenSource encryption for different reasons. Anyone on any side of the atlantic will surely understand a european's feelings if he has to hear that the american economy is constantly being fed information about ours by the CIA.

In a way you could therefore say that in the eyes of the german gouvernment, the CIA's "monopoly" on encryption is more of a threat to its people than some terrorists (who already encrypt anyway).

Uh...Are we willing to circumvent 4th amendment

[Goose3254]

Doesn't that protect us from reasonable search and seizure? Isn't PGP a way to protect personal mail? So the "g" has open season on your mailbox, apparently, because that little envelope is "supposed" to keep them out, and they're not crying about wanting to open every bit of mail in the world. If we give in to this sort of intrusiveness, the terrorists have already won.

Hey did you notice ?

[Kewjoe]

Bin-Laden spelt backwards is Mad Ass! :p

Re:ban envelopes, too

[CmdrButtPlug]

Try our free IQ test! Type Ctrl-Alt-Delete NOW!

Lessee... C... t... r... l... dash... A... t... *Dang!* [Backspace] l... t... dash... D... e... l... e... e... *Doh!* [Backspace] t... e... space... N... O... W... !

Done! Did I win? Where is my free IQ?

Re:Encryption for private citizens should be banne

[tdye]

Yeah, clinton was a real friend to the privacy movement...
DMCA, CDA, Clipper chip, etc.

Hell, didn't he appoint Louis Freeh AND Janet Reno?

Two bastions of liberty if I've ever seen 'em...

Sheesh.

Paranoia

[stigmatic]

Call it paranoia if you will but one thing is for sure, encryption has been used for hundreds of years in different methods, so why is the FBI now claiming that because Osama is using encryption then ______ ? Then what?

Sounds to me like a planted seed for future attacks against the public who wants their PGP and encryption mechanisms.

Encryption invented by who??

[mr_tenor]

Being a student in pure mathematics, I just feel the urge to point this out: Encryption was not invented by privacy groups, the government or software developers. All encryption algorithms are simple mathematical tricks which any university student could understand (Heck - they taught us RSA in irst year).

The proposition to ban encryption is a parallel to restricting the right of people to think of novel things and invent novel things.

Stupid ALERT!!!

[GendaB]

I don't know which is dumber, sawing off big pieces of your freedom in the mistaken belief that it will somehow protect you from people who would do you harm at the drop of a hat... or believing for even a moment that you can wish the great mouth-breathing public into acting with a collective IQ higher than say about 40. I mean we are the nation that just elected a Texan meat puppet for it's top political office... yes?

Don't get me wrong. I think there's a great deal of hope for this country. Just not this generation. Once the boob tube evolves into the something that is capable of stimulating brain cells instead anesthetizing them, that generation should be pretty damn interesting. As it is, most folks can't be bothered to rub two brain cells together and spark a thought. I fear the next decade or so is gonna chafe a whole lot of folks who cerebrate as either an occupation or preoccupation. Face it folks, we've raised being clue free to an artform...

So, do we let the government, people with a proven record of dishonesty, corruption, poor judgement, and all around the same mental skills as those who elected them... make critical plans for us, our freedom, and the posterity of the race??? I'm sorry, I just can't bring myself to think of the Christian Coalition as a brain trust!

So, the first thing to do in making a difference, is to notice the environment in which you're trying to make a difference. Then speak appropriately to that environment. Looking around, I'm guessing our best shot is to make a strong case for why arabs, communists, satanists, and unfriendly extraterestrials, would want us to destroy our human rights, our need to educate our young, and profoundly limit our own freedom. If we can convince John Q. public, that the enemies of god and all that we hold dear, would have us give more power away to our government, we might have a small chance to stop this stupid trend of letting the government think for us, simply because most folks are convinced that thinking is too much work.

I'd suggest however that we get on the stick, because as we post, idiots are coming up with bigger and better ideas for stripping you of your freedom. If you don't want your hinny sold to the highest bidder, by the best government that money can buy, you might wanna put a rush on speaking from the high places so the masses can get the message. I mean all the people, even the slow witted. Not that it isn't good to start with the bright folk, you just have to make sure the message goes all the way to the grassroots.

Oh, it might just just be worth mentioning, that this whole conversation is just going to get a whole lot more interesting as we head pelmel towards the spike. As the your privacy disappears in a puff of digital optics, and the power to control and change grows, the temptation to do so will exponentially increase, by those witless baboons who think the world should be remade in their own image. The battle to keep the idiots in check will grow ever more fevered. It will be the job of those, who are informed, educated, (and subject to vision greater than the myopic sight of those who lives are dominated either by the next fiscal quarter or election), to choose the careful path that will determine the survivability of our species in the face of exponential change.

Freedom is a little like your soul... it's easy to sell, because you can't feel it, or taste it, or even notice it while you have one... only, it's reaking hell once you've sold it to some evil devil bitch.

Anne Marie Tobias

- In this message I've encrypted the ultimate plan to control our government, starting with the president! and yes it does involve cornering the market in beef jerky and nose hair trimmers! -- Me

And Scott McNealy Says..

[Hamfist]

Back in 1995 or so, I seem to remember Scott McNealy talking about encryption. He said something to the effect of "To heck with U.S. made encryption, we buy all of our encryption from the Russians, after all, these are TRADE SECRETS we're talking about." Banning encryption in the US would never stop it's use. I'd say the US would be better off hiring some really good russian mathemeticians to create next generation encryption and codebreaking tech. Just my 2 bits (when converted to US Funds, 1 bit; hope it's on)

Re:Need a key escrow?

[anomie2]

Damn fine post.

Your Point Is...?

[Blacklaw]

So, what you're saying is something along these lines:

"Although the source code for the freeware PGP version has been available for a number of years, and checked over by novices and industry experts alike in multiple countries around the world, it's not secure because NAI made a branded, commercial version."

Why not just use the PGPi Freeware version - we're all fairly sure that's secure? Or perhaps that wasn't a real message at all - perhaps that was your plans to blow up parliament!!!

Also, check out the CKT (Cyber Knights Templar) build of PGP - support for a ridiculous 40,096-bit key length (compared with 4,096 from NAI or PGPi.

-Blacklaw

Outlaw terrorism, and only criminals will... No, wait... Can I try this signature again?

Some Words

[genderbender]

Let me tell you about some terrorists. Who formed the USA. Which got more freedom then before. But not all terrorists are good or even trying to be good.

This is of course just leading to full control of everyone. The Borg is where we are heading, if we let The Gov. take away our Guns, Encryption and our minds. I think in 5-10 (Maybe even sooner) years it will be time to take on the Gov. But now is not the time because we can try to take them politically. You remember at tampa (Super Bowl) where they used cameras to check if you where a criminal is digitaly the same as if they took your prints because your there. I mean that this could make it so that if the gov. didn't like you they could find you when you went to the market. Anarchy is not the Answer but a new Gov. is.

Propaganda

[JohnSmith1138]

This is just propaganda put out so the next time the government wants a backdoor key put in encryption algorithms, John Q. Public won't worry so much about their privacy.

Re:Good news. Follow my logic and understand why.

[Nickoty]

c'mon, it was VERY obvious that use of encryption wasn't what was relevant in this article

Re:When Encryption is outlawed...

[Nickoty]

I'd guess that would be part of the 'mathematical basis' part that was already done.

Re:When Encryption is outlawed...

[Nickoty]

If only criminals use encryption, it would be quite easy to find criminals with systems such as your famous carnivore. Unless of course stegenography were to be used.

If it smells like FISH

[Razzious]

A dirty old man once told me "Son there are 2 things that smell like FISH...and only 1 of them IS"

When will they learn that they don't have the right to all we own. Although I wonder when I see things like this, is it not a TROLL type story designed to get us all worked up.

The reason for encryption fear is obvious though. Face it anything "THEY" want to find out on you "THEY" can. Your bank records, search your house, search a safe deposit box, confiscate belongings etc. Encryption effectivily removes this power. As someone previously posted "if its outlawed only the outlaws will use it".
Razzious Domini

Not just bad men!

[SiriusBlack]

... hasn't _everybody_ who has ever purchased anything over the internet used encryption, without knowing it? As well as anyone who's ever checked their bank account online? Do you hink all the data going to and from those ATM machines you use every day is sent in plain text? How about your credit card number when it's verified by a card reader at the mall? Let's face it, if you weren't using encryption on a regular basis, your bank account would be pretty much empty by now, wouldn't it?

Re:The part that struck me...

[SiriusBlack]

Well, let's see... they've already used evil drug trafficers and (ethnic) gangs to justify random traffic stops, checkpoints, illegal search and seizure, and the outlawing of weapons based on appearance... not to mention eavesdropping innocent citizens (can you say Echelon and Carnivore?), so I guess this is just par for the course, isn't it?

Hack Terrorists!

[Sliced+Bread]

I'm a young geek unaware of a lot the world in all its complexities and entirety. Yet, I think it's a good idea to "hack the shit out of terrorist bastards" If any of you have the talent to do such a thing... defend legitimate encryption. Even if it is a BS hype story. Hit dat shit maN! Bend over that Osma Llama, and give him a good BinlANALDin...

Re:Hack Terrorists!

[Sliced+Bread]

Who ever gave me a score of 1 !!! BOoOoOOoo I think if you're inteligent, and well read, enough to understand the ideals disscussed in the previous articles, you'd think this would be a good follow up! Sorry you're not enlightened... the comic yet serious tone... BOOO!

Am I alone here?

[bob-supreme+emporer]

Maybe it's just me, but just based on the comments posted in response to this story, I think it is safe for anyone to conclude that slashdot users are extremely biased, to the point of their arguments not making much sense. If one reads the resposes to other articles, one comes to the conclusion that the situation is much, much worse. But, I digress.

Two things are taking place on the message boards of slashdot as a whole. Either fewer messages are getting moderated up to 3, 4, or 5, or simply posts that are not "insightful" or "funny" are being moderated as being so. Let's take the posts in this posting as an example. Casually perusing through the contents of the message board lead one to the conclusion that there are two types of posts that are being posted largely: (1) The "hey, Osama Bin Ladin uses rubber ducky's in his bathtub, so lets outlaw them" post, or the sad attempt at parody post. Yes, maybe the first person who comes up with such a comment (namely, Cmdr Taco) was funny, but then it's just stupid. (2) The "Obviously this is a plot by the US to restrict encryption more". Let's focus more on this second type of post. Based on absolutely no factual evidence, numerous people have concluded that this story was "made up" by the US government in an effort to convince the public that encryption is necessary. Despite the fact that most Americans don't have a memory extending past a week ago, this argument has several major flaws. I feel that it makes sense that Osama Bin Ladin, as well as all terrorists, would use encryption when discussing plots that he doesn't want others (the US government) privy too. Also, many people are making the very common mistake (at least on Slashdot) or assuming that the United States is the whole world, or at least the only important part of it. I highly doubt that Osama Bin Ladin has lax US regulations to thank for his ability to use encryption (It's not like US encryption regulations are loose anyway).

If Cryptography is outlawed, only outlaws will use cryptography. Oh, and Osama Bin Ladin.

Operation Slashdot

[BinLaden72]

cb81 f55e 3f86 9438 6bd8 8700 16ee c8b1 5b42 2dfe 53ee 4e62 c061 ac44 b1d5 a7cf 8287 c8ca 6644 ddfd 4c2d 9d0b e99c c7dd 7a03 00c7 5f28 587b 37a6 18c9 b804 21df c773 6f8f 196d f794 5254 93eb d4e7 e189 04cb 8ce0 b3ef ba37 023d f4e3 f2f9 4053 0b42 6390 0876 d042 78f7 6edc d73d fbcd c456 df85 3369 2da8 36ec 12e7 ee48 8875 cc16 19ca 1386 a270 d083 ab8d b130 85a6 f767 b573 0729 03ac bcef c450 5326 fca5 caa1 c40b c43d f7b1 f219 6d27 6f73 21b4

Best of luck, see you on the plane. O.

I can just see the bumper stickers now:

[guttentag]

"Encryption doesn't kill people. Terrorists kill people."

Osama bin Laden in chat rooms?

[whungus]

I love a good rumor, no matter where it comes from... but the skeptic in me wonders how someone who spotted Osama bin Laden in a chat room could verify the identity of the speaker, especially if he's careful enough to be using encryption to start with. Same goes for emails... did someone intercept his private key, or is a public key with "Osama bin Laden" listed as the name enough to verify the identity of the writer?

Re:The part that struck me...

[SuperStereo]

To be honest, im more terrified of americans.

Re:Does he really exist?

[OG+Loki]

Bin Laden does actually exist, but he is not the Anti-American all powerful evil guy that the US government would like you to believe he is. Bin Laden doesn't hate the U.S., he hates the Saud Royal family. Can you blame him? The late King Saud was an Arab war lord that concurred most of the Arabian peninsula with the help of mercenaries and foreigners. His descendants have amassed great wealth from exploiting the country's natural resources. They do not allow political opposition of any sort. Saudi Arabia is a dictatorship, not a democracy, ruled by a Royal family. The very name Saudi Arabia gives insight to how the royal family views the country and rights of its subjects. Imagine if G.W. changed the name of the U.S. to Bush's States of America, or if the U.K. became the Windsor Kingdom.

Re:So much garbage, so little space

[OG+Loki]

"d)"All the Islamists and terrorist groups are now using the Internet to spread their messages," says Reuven Paz, academic director of the Institute for Counter-Terrorism, an independent Israeli think tank." This has absolutely nothing to do with encryption. Notice the equality achieved in the sentence between Islamist and terrorist. Rephrase to "All Southern Baptists and racists groups are now using the Internet". Think about it. " Or replace "Islamists and terrorist groups" with Lawfirms and Colleges, or the IRS and Warner Brothers, or Museums and General Motors. Or replace "the internet" with the Postal Service, or TV, or Sky Writers, or the Interstate Highway system, or Container Ships. This sort of vauge propaganda bullshit is used by the powers that be to consolidate their power and increase fear and paranoia amoung the tempest tossed.

Old, old news and some things to read

I wrote about this professionally a number of years ago; it's funny how the 'experts' in the field, not to mention the researchers working for the publication, seemed to miss it. Just for fun, I even went to Google, and did a search for:
"dead drop" cryptography terrorist
Sure enough, out pop a number of my papers. On the other hand, I really don't expect much more when I see iDefense involved in a story.

For those who are actually interested:
http://www.7pillars.com/papers/IntelNet.html
http://www.7pillars.com/papers/MT.html
http://www.7pillars.com/papers/Blueprint.html
These articles directly discuss the actual details that the news report hints at (poorly).

I would also recommend to the reader:
http://www.7pillars.com/papers/IntelligenceCours e. pdf
http://www.7pillars.com/papers/Waging.html

A general list of various papers can be accessed through:
http://www.7pillars.com/pubindex.html

For the record, we've been pushing strong, unescrowed cryptography for a number of years. If groups like the FBI keep pushing scare stories out, much like the one that started this discussion thread, the aim is to keep crypto under control. It's already outside control (it isn't that information wants to be free, it's that information defies control), for the 'bad guys.' What the controls do limit, however, are integration of crypto into hardware and OSes at a basic service level. As a consequence, the good things that crypto would enable--like helping stop computer viruses, cracking of networks, identity theft, industrial espionage, in short, all the things that groups like the FBI should be more concerned about--are left unaddressed. If more information about -that- sort of thing interests you, take a look at
http://www.7pillars.com/papers/didfinal.htm

Michael Wilson

Re:Religious texts and war

[bluGill]

priesthood celibacy

Accually there is a passage in the bible encourageing priesthood celibacy. It is NOT a requirement, but it is encouraged. One of Paul's letters I belive.

There is a lot of scripture for sleeping only with your wife, and scripture for no divorce. Your right that there is little on celibacy by comparition so it is clearly of lesser importance. (In fact the little that can be used to imply it state clearly that it is the ideal, and most cannot do it, and there is nothing wrong with being amoung those who can't.

Here's a quote

[Don+Negro]

The report said instructions for terrorist activities also are posted on the sites, which the officials declined to name.

"To a greater and greater degree, terrorist groups, including Hezbollah, Hamas and bin Laden's al Qaeda group, are using computerized files, e-mail and encryption to support their operations," CIA Director George Tenet wrote last March to the Senate Foreign Relations Committee.

Surprise, America's Chief Spook doesn't like encryption, and won't give details to back up his claims. I'm sure someone would have noticed PGP blocks on cnnsi.com's discussion boards (or wherever).

Course, it's probably all a smokescreen. If he wandered around saying things like 'Oh, encryption doesn't really bother us. We just send it to our boys at Ft. Mead, and they tell us what it said.' it'd raise a few eyebrows.

Sometimes I worry, I really do.

Don Negro

Re:Here's a quote

[Zachary+Kessin]

I'm sure its not anything obvious, there are a lot of web sites out there, and there are probably a hidden web mail site somewhere in the world that they are using. It would not be hard to setup, hell one guy with a linux box and a cable modem anywhere on the planet.

Chances are its a hidden area on a site that has a normal legit front section.

Re:Alternatives

[Zachary+Kessin]

The made up language thing probably would not work for long. Patterns have a way of creaping in. And lets face it the bad guys already *HAVE* the encryption tech, so banning it probably will not help.

Maybe someone should tell them that RSA was desinged by Jews, that might stop them. :)

Reminds me...

[slim]

This reminds me of TV reports we frequently get after organised robberies. "The gang were very sophisticated, using mobile phones to organise their movements". We still keep hearing this even though over half the schoolkids in the country have a mobile phone and use it habitually.

People use crypto.
Criminals are people.

--

Not too unbelievable...

[jd]

I've always thought those #teen chat rooms were a bit suspect.

Seriously, the covert use of a public media to transmit military/paramilitary information is ancient.

The French Resistance, in WW2, often communicated with the Allied forces via coded messages in newspapers, etc.

Re:Not too unbelievable...

[Pig+Hogger]

The French Resistance, in WW2, often communicated with the Allied forces via coded messages in newspapers, etc.

During the (world) war (II), a few allied intelligence agencies had squads of knitters working for them. They were testing whether the knitting patterns to be printed in some newspapers were genuine knitting patterns rather than secret messages!

--

I agree, but stand by my words.

[isaac]

You're making my point - cryptanalysis is neither cheap nor fast, and hence is only used where out-of-band attacks are unfeasable.

My sources are a special agent from the Florida Department of Law Enforcement with whom I worked on a computer crime case in 1998, and Robert D. Steele, former CIA case officer, founder of OSS Inc., and author of On Intelligence: Spies and Secrecy in an Open World. Good enough for me.

Incidentally, Mr. Steele's excellent talk at H2K is online in MP3 form here.

-Isaac

Check out TWINKLE

[isaac]

Check out Adi Shamir's work on TWINKLE. I'd wager that the NSA has had practical machinery with similar operating principles in use for some time, given that they are the world's largest employer of mathematicians and cryptologists.

-Isaac

Begone, troll.

[isaac]

You don't need algorithmic vulnerabilities to crack PGP.

Consider the passphrase, for instance - much less entropy in a typical PGP pass phrase than in the key itself.

Or, how about advances in machine factoring a la TWINKLE.

If it's bugs you want, try the infamous ADK bug that went undetected for 3+ years, allowing third parties access to cleartext, a-la escrow.

Or the randpool bug of 1995?

I'd go on, but I'm bored of trying to pull heads out of sand.

-Isaac

Blame not science

[Oestergaard]

Most parts of science, be it pshycology, chemistry or mathematics, has a dual use. This is how the world we live in is made.

Sure, blame science. Outlaw science. And only ouwlaws will know science. Clearly, this is not a viable approach.

One would think that the broad audiece, the public, and even maybe politicians would realize this. But for some reason, which is beyond my comprehension, someone doesn't.

I have feet, and I have hands. And I am able to kill with those. I am also able to help others, using those same instruments. What makes me help others, rather than terminate their existance ?

Law, you may say. I would be punished, for using my instruments in a way disobedient to the law, given that my practice of so-called maljustice was discovered of course. From a personal point of view, I would say my odds of getting awaay with malpractice would be good. So what makes me a generally percieved nice person, and maybe even a to-the-heart nice person, given that I could probably get away with being otherwise ?

It is not law, clearly. It is not limitation in my possibilities in doing harm, either.

I am about to graduate with a master's degree, in half a year from now. Anyone with the slightest knowledge of basic phycics knows, that any engineer could assemble a crude nuclear weapon easily, given access to the proper materials and equipment. I suppose this makes me, and about a few million other people, a threat to the security not only of a nation that percieves itself as the only one in the world, but also a threat to humanity in general, to man kind... So why are we not hunted down like the witches and trolls we are ? Like we used to be ?

Accept, that with knowledge and skill, follows responsibility. Accept, that not all are equal. Accept, that some are born with a skill, and that others choose to achieve that skill thru hard work. But accept, that some has the knowledge, the ability, and the will to help. But accept also, that the possession of such abilities also implies, that the person in question may have the abiltiy to do harm.

Then, trust those people.

Thruout history, trust has been material in any relationship formed, and broken. World history is not likely to change, and basic principles of trust and relationships and even war, are not going to change anytime soon.

Get over that hump. Accept it. I'm a nice guy, and so are millions of others like me. Like you.

Well, they can't really take it back, now...

[boinger]

You can't anti-release something. Even if they make it "illegal" I can't imagine Mr. bin Laden saying, "Oh, crap! Now what will we do?" - I'm pretty sure he and his crew are just going to keep using what they're using now.

Am I the only one thinking "Duh"?

Re:Well, they can't really take it back, now...

[interiot]

That's partially true, but not completely.

Encryption & cryptoanalysis are in a constant arms race, so if (BIG if) the US could keep improved encryption out of the hands of criminals, then in a decade, the government would have the technology and/or CPU power to decrypt most of what's out there now.
--

To: Osama Bin Laden:

[AftanGustur]

To: Osama Bin Laden:
The passphrase is "/."

-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.4 (Linux)
Comment: For info see http://www.gnupg.org

jA0EAwMCZQtz4SsogXBgyUoINMfK7BSgYzT4L4ZxxLdfrGDX E8 mCHjPDr98/md/j
DlvBNKk1r5Y72jTzE0Hbw1cUBZ8spJhyoqG6mRWAKpKkFnBM ph n44iuuqQ==
=++Ya
-----END PGP MESSAGE-----

--
Why pay for drugs when you can get Linux for free ?

easy to break too

[Barbarian]

If you read the USA Today article, 2 of the 3 cases stated were broken for sure, for the other it's not said.

Religious texts and war

[Pac]

There is no place in the Quran or any other religious text that I'm aware of that recommends killing busloads of innocent children to complain about political acts halfway around the world.

There is also no place in the Christian Bible recommending the burning of witches, the killing of infidels, priesthood celibacy, drug banishment and many other things righteous christians do or have done in the name of their God. It is mostly a question of late interpretation.

The Islam deals explicitly the religious war problem, and the Jihad concept is fully developed. It was a necessary concept by the time Mohammed bought the main text to light and many islamic religious leaders think it remains necessary to this day, to face the western menace

While I agree with you that most of the conceptual knowledge will be concetrated at the top, as in any army, a practical encryption knowledge is needed throughout the organization. As Bruce Schneier always says, an encryption process is as strong as its weakest link. There is no point in the leaders using NSA-proof encryption to plan their acts and then communicating these plan to those who will carry them out in plaintext!

I think that my main point, since the first post, is that a western-centric view of the Middle East leads to grave distortions. Either we understand the historical and cultural background of the terrorists or we will never be able to deal with it

Ordinary folks usually are not terrorists

[Pac]

I think you are mostly right. I am not, I think, defending the Islam (or any other religion, for that matter), acts of terror in the name of a god or any kind of fanatism. If my post made you think otherwise it was my fault.

But I believe you are wrong in thinking that the religious rethoric is not sincerely acted by many, specially by those that will take their rethoric to its logical and ultimate consequences.

People who suicide-bomb school buses are usually very righteous, "pure" fanatics, the same kind of fanatic that bomb abortion clinics in the west.

These people will not only follow all their religious beliefs, they will follow those beliefs to the exact letter.

I really do not think these people will use porn pictures to communicate, specially when millions of perfect harmless pictures can be used.

Luddites are using smoke signals. Fire outlawed!

[crovira]

Osama bin Laden is using encryption. Poor fool. With a couple of cracking Beowolf clusters (of Crays 'cause our government can afford the best,) his messages might as well be in clear text.

Using a one-time-pad code to transmit over a mobile Ham radio would get him better security. Come to think of it smoke signals would be more secure.

Some countries (like Britain, the US, Russia, Chine, India and Pakistan) started using one-time-pads before or shortly after world war two and still works fine to this day.

Encryption is a Right.

[chris_sawtell]

Americans.
You are allowed to bear arms.
This is your constitutionally guaranteed right.
Encryption techniques are munitions (ITAR rules).
Therefore you are Constitutionally allowed to have and use encryption free of hinderence. Why is the American Citizenry allowed to bear arms? "Because they must be able to overthrow evil or unjust governments". It is for this very reason that the German Government not merely encourages the use of Cryptography but actively supports it. Quoting the Gnu Privacy Guard "The German Federal Ministry of Economics and Technology granted funds for the further development of GnuPG". I would just like to remind American readers and their Government that the Germans have more recent experience of "evil or unjust government" than anybody else.

The use of encryption as the modern day weapon against "Evil Government" is both far more effective and infinitely less fatal than the use of guns as permitted by an anachronistic Constitution.

Telephones A Threat, Must be Banned

[FreeUser]

It has come to our attention that the common household telephone has been a key component in numerous crimes, including plots to commit murder, kidnapping, acts of sedition, treason, and, yes, terrorism.

The threat to Our Great Nation (tm) is unacceptable. I hereby call for our congressmen to enact legislation as quickly as possible to eliminate this threat to Our Democracy (tm) and the Wellbeing of Our Children (tm) by banning any and all use of the telephone by unauthorized persons anywhere.

It is critical we do this quickly, lest the Bin Ladens of the world abuse Their Liberties (tm) take More Innocent Lives (tm). Remember, if you want A Safe And Secure America (tm) you must be willing to give up a few personal liberties. You didn't really need them anyway, did you?

Something in common

[Pope+Slackman]

Osama Bin Laden and the majority of the Slashdot community have something in common -

Zealotry and a desire for Jihad? ;P

--K

No Suspicious Actions, That You Know Of.

[sharkey]

Dateline Tampa, FL. - Sources close to the NFL, FBI and Tampa police state that upon review of the digital tapes of each attendee of the Superbowl, none exhibited any "suspicious" reaction to the Presidents accouncement. There were no "furtive glances" or "checking over the left shoulder" by the departing fans.

Police Chief Dan Glee Ballsak issued this statement concerning the event: "Yes, there were cameras there. But we emphatically deny that ANY tapes or recordings were made or currently exist. Which is a shame, as the resolution is good enough to apply J. Edgar Hoovers Phrenological Profile against the shapes of the attendees skulls to see if they will commit a crime someday. Now, if you'll excuse me, they're showing the flashing co-eds again."

Reporters were confused, but much reassured by his statement. "Digger" Smutch, a reporter for the Daily Dirt, made this statment, "That co-ed thing is kind of a weird thing to say, but anyone who can use 'emphatically' in a compound sentence must know his stuff."

Florida Democrats hailed the speech, admitting that Dubya, "Might be Okey-Dokey after all. After all we've done to abolish the 2nd Amendment, and freedom in general here in this country, the 1st Amendment didn't stand a chance. It is an encouraging sign that he recognizes the Unitaed States Governments divine mandate to rule, both in this country and abroad, in the material world and the spiritual world, and above all, regulate thought on the Internet"

The Democratic spokesman did let slip that fact that they do not know the number of fans cheering for New York during the game, but that they were, "Still counting," and hoped to have a hand-accurate count "Within 2 months."

--

Better also ban all those NEWSPAPERS

[double_h]

I'm surprised that no one else in this thread has mentioned the fact that encrypted transmissions have been hidden in newspapers at least since world war 2 -- the Japanese used some pretty clever crypto disguised as newspaper advertisements to inform their agents in the U.S. as to when the bombing of Pearl Harbor was due to go down.

I'm not surprised that the USA Today article failed to mention this interesting historical footnote.

And really, in some ways, its more secure to encode small amounts of data in a newspaper personal or want ad. Downloading a file with a hidden message will almost certainly leave an IP footprint -- buying a newspaper from a streetcorner vending machine is pretty much untraceable.

But it's not surprising to see this kind of scare-tactic propaganda used to make people mistrust encryption. (Oh yeah, and don't forget to be wary of foreigners, and their weird religions also.)

Re:When Encryption is outlawed...

[Surt]

"The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own.
"

Actually, to roll your own without exposing yourself to side attacks is really difficult. How much entropy did the last random number generator you used/wrote have? Do you know? Would you know to know when rolling your own? Would a only 'reasonably' competent programmer know?

*sigh* Crypto regs are stupid--- here's why

[ByronEllis]

I cringe every time people start talking about crypto regulations-- why? Simple, for some reason it appears that U.S. citizens are incapable of believing that a country that isn't the U.S. (or at least isn't in a position that the U.S. can bully them) could create a mathematician with the skills required to develop strong cryptographic algorithms or the programmers required to implement said algorithms (along with the rest of the security chain). Its simple arrogance and it WILL bite us (I'm a U.S. citizen, what can I say?) on the ass eventually. Hard. Its not like this stuff is a nuclear weapons programs which at least takes a lab of some sort and readily identifiable "natural" resources (you gotta have a place to build bombs and you need stuff to put in the bombs). The crypto algorithms can be developed on a piece of paper and implemented on damn-near-anything (we could, of course, attempt to control every computer on the planet, but then most of the chip fabs aren't in the U.S. *whoops*). So what do crypto regs get us--- they hamstring U.S. companies in an internantion crypto market. This doesn't sound like a terrifically good idea does it? It also potentially exposes the average U.S. citizen in that massive personal crypto restrictions put us at a potential disadvantage (assuming a good chunk of the rest of the world responds to cries of restriction from the U.S. with a collective "Um, no? Wait, lemme think.... no"). This sounds like the opposite of what governments are put in place to do to me. Stupid.

But then, what can we expect of legislators trying to control something that they don't know enough about to even know they know nothing at all?

Aha! Slashdot Trolls == Terrorist Operatives

[IntelliTubbie]

Maybe the goatse.cx and penis bird images are really encrypted terrorist communications! To be honest, I'd feel a lot better about that than if they were really there for their own sake. Yeesh.

Cheers,
IT

Re:forget encryption...

[fluffhead]

Yes, I got the joke - most of us Americans (me included, even though I speak a little French) are regrettably monolingual. However, as you probably already know, the U.S. Government agencies involved in espionage & counterterrorism (NSA, CIA, FBI, et al.) are the largest employers in the U.S. (if not the whole world) of trained linguists and translators. Everything from French to Arabic, Persian and Urdu. After all, once you break the code, you have to understand the underlying message. And let's not forget the WWII Navaho code-talkers.... I wonder if they have any other "secret" languages up their sleeves?

#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak

Budget time

[Paul+Johnson]

The Feds aren't saying this to try to ban encryption, they just want the budget. The senate committee holds the purse strings, so the Feds are talking up a scare in order to justify a budget to deal with it.

This happens every year at about this time.

Paul.

Re:Thank you, Mr. Bin-Laden!

[CharlieG]

In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia

Actually Adid was trained in the US, by the US Army

Re:ban envelopes, too

[mpe]

Envelopes can be opened when there's cause; enctyption can't.

Firstly how do you know which envelopes to intercept in the first place? Even if you get that right you could end up with coded messages which simply cannot be atacked by cryptoanalysis.

Re:Need a key escrow?

[mpe]

Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation.

Actually the existance of such laws can easily make things less safe for the public. If an activity is illegal people enguaging it it have little to lose by breaking other laws. e.g. if the distribution and selling of drugs was legal then those involved would use lawyers instead of machine guns to solve their business problems.

Re:forget encryption...

[mpe]

After all, once you break the code

Except that codes, unlike cyphers, cannot be broken algorithmically.

And let's not forget the WWII Navaho code-talkers....

The langauge used here contained a large amount of "slang", such that even someone who knew the Navaho language could not understand the message.
A terrorist organisation (especially one linked to some kind of cult) is prefectly capable of comming up with their own slang and jargon.

Re:forget encryption...

[mpe]

Can the world be so simple that terrorism can be stopped by banning encryption ?

"Mr/Ms Criminal please don't break the law"...

I don't think so - could'nt we start off by banning terrorism, and see how it goes ?

You'd have to start by defining "terrorism", potentially highly embarrasing for many governments... (Most definitly including the US government.)

Re:When Encryption is outlawed...

[mpe]

The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own.

You might just as well ask for something to be uninvented. Encryption is a technology several thousands of years old. Further it is far from the only way to send clandestine messages. Simply that it is a mechanism which lends itself well to automation.

Re:Moderation is the key (no pun intended).

[mpe]

There are some technologies, however, such as explosives, which although they have good uses, are mostly used for destructive purposes. Thus, they are tightly controlled by governments to restrict their getting into the wrong hands. Perhaps part of the problem is that because encryption, like explosives technology, is not widely used, many people see it as being only weapon.

The problem with control is that the technology to manufacture weapons is hardly secret. In some cases it's thousands of years old. A flint tipped arrow can be just as lethal as a bullet.

Re:And this is

[mpe]

How do you infiltrate a terrorist organization made up of people who are relatives?

Using the same techniques the Americans and Italians use against the Mafia would be a good starting point.

Err, wrong.

[rjh]

Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.

I'd love to know who those informed sources were, and what the basis for their information is. Out-of-band attacks against systems are almost always cheaper, better and more effective than cryptanalytic attacks; after all, no matter how secure the pipe, it's still designed to leak at both ends.

Saying that "they'll only bother with cryptanalysis where out-of-band attacks are infeasible due to required time and labor" strikes me as highly specious. Out-of-band attacks are cheap, effective and fast. Cryptanalysis isn't.

Re:Err, wrong.

[OmegaDan]

I knew a fellow who was convicted for computer trespass on the evidence he had PGP'd on his drive. It did take them two years to crack it, but that wasn't very consoling to him in jail.

Re:Blatant FUD-mongering

[thogard]

Osama Bin Laden is the US's goverments blame child of the decade now that Castro, Qadhafi, etc are not longer a "threat". He is used as an example of why the terrorism needs to be fought and why the budget needs to increase.

For thouse that don't know, Bin Laden stole a great deal of money from the Saudi Goverment and built hospitals all over the Arab world. This has annoyed King Fahd who most lilky would have helped out anyway but this was done behind his back. Keep in mind that stealing large amounts of money in Saudi results in the death penalty. I suspect that Bin Laden was allowed to leave Saudi because of the good work that he has done there.

So why is the US got him listed on the top ten? Its because he feels that scnations aginst a country (Libya) are act of war and should result in people fighting back which he has done. They guy is an engineer and a good planner who feels his people (all Arabs) should be at war with those that have santions aginst any Arabs. He is also for a united Arab country. His work to bring western style hostpitals to the Arab world makes means that in many places in the world he has the type of respect that we would expect to be given to Mother Theresa in Inida.

If the US goverment did want to capture him, all they have to do is go to Ciaro and hang out in the Hilton and wait till he shows up. I know several people have have seen Bin Laden there.

as a //

[DzugZug]

It's an interesting parallel to what has happened with guns. As you think about this argument try to remain objective whatever your stance on gun control is. I bring it up for historical comparison not to start a political flamewar. The attitude of the media has been for some time now that only the government should have guns. Many people agree that citzens can't be trusted with firearms. Why should we have guns if the government is going to protect us?

What was done with the weapons of the past will now be done with the "weapons" of the future. It only makes sense to villify encryption. Without public outcry how can it be banned? The next step is to find some event that could have been prevented if terrorist X didn't have encryption. A recent office shooting prompted a slew of gun control legeslation by the Massachusettes state legeslature. Sooner of later the same thing will happen with encryption. When little Suzie gets blown up by a bomb that the FBI could have prevented if only carnivore had picked up the email and been able to decode it, then and only then will the real threat to encryption, privacy, etc. begin. If it happened with Colt it will happend with RSA. Remember that we DONT have a constitutional right to keep and bear encryption. Privacy rights advocates have a hard fight ahead of them.

I'm WORKING here, damnit!

[Tackhead]

>details of how extremists hide maps and photographs of terrorist targets in sports chat rooms, on pornographic bulletin boards and other popular Web sites.

"Damnit, boss, can't you see I'm working here, it only looks like I'm jacking off to g0at pr0n!"
- Some guy in Langley

Re:Need a key escrow?

[Tackhead]

>Of course, the reality is that this is prime material for legislatures to begin convincing the less tech-savvy "common man" that they desperately need legislation in place to form a Key Escrow so that anyone's keys can be cracked by the government if they so desire.

Criminals, of course, simply won't obey the law. Duh.

Yep, and when crypto is outlawed, only outlaws will have crypto. Use of crypto will therefore expose one to surveillance because guilt can be presumed.

Re:Cat out of bag, horse long gone from barn...

[Tackhead]

>Someone's pushing an agenda with this article,

Amen. And it ain't the folks who want to outlaw crypto.

"The operational details and future targets, in many cases, are hidden in plain view on the Internet. Only the members of the terrorist organizations, knowing the hidden signals, are able to extract the information."

That's not about Johnny Badnote using crypto. That's about Johnny Badnote not being logged like he would be in the UK under RIP.

And from Badnote's point of view, it makes sense - if the "good guys" are targetting users of crypto for surveillance, then the best place to hide something is in plain sight.

After all, if you're a sports fan, are you likely to go to every Yahoo message board concerning football? Or just the ones that look like they have lots of active members and traffic?

From the black hats' perspective, all they have to do is misspell a few words (e.g. "fotball") and make it look like the message board and file repository is some lame kid's idea of cool, and nobody innocent will show up. (Any innocents who do show up will get bored and leave quickly.)

Six months down the road, someone finds that the photos of the high school "fotball" team are actually the photos of assassination targets, but by then it's too late.

Of course, the goal of the CNN article is to convince the sheeple that the "obvious solution" (namely crank up the intelligence community's version of Carnivore and have it sniff every packet that goes in and out of Yahoo, Hotmail, etc), a cure that's worse than the disease to most of us (myself included) reading this.

On the third hand, if it gets Carnivore out of the FBI's hands and turns it over to the intelligence community, maybe that's better than leaving it in FBI's hands.

(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab ;-)

Re:ROFL!

[Tackhead]

Whups, my bad, the Iraqi postscript virus was debunked as an urban legend a long time ago.

But the Lotus Notes backdoor story was true. Export versions of Lotus contained a 64-bit key, 24 bits of which were encrypted with NSA's secret key.

End result: A commercial eavesdropper would have had to break a 64-bit key, but NSA only had to break a 40-bit key.

My original point in defence of idefense.com still stands - idefense.com saying "don't trust products written in naughty countries" (because their core audience can't imagine "products" as meaning anything other than closed-source software purchased from vendors, and therefore don't see the security risks associated with closed-source vendors) or slashdot's perspective of "don't trust closed-source products because they're closed-source" (because our core audience can't imagine the country of origin as being a security risk) - are two sides of the same coin.

But what about the NSA's 'giant supercomputers'?

[ikekrull]

Surely all those billions the american taxpayers have been funnelling into the NSA's black budget have resulted in a system that is less that totally useless against terrorists using freely available tools..

Surely the gigantic investment made in the ability to listen in on most of the radio transmissions made around the world is going to prevent the US ever being 'taken by surprise' again.

Doesn't everyone know that underneath the pentagon there is a giant underground lake of liquid nitrogen in which 12 billion tons of supercomputing nodes are submerged, just waiting to crack Osama Bin Laden's encrypted messages??

I mean come on, the US have much more to fear from their own angry citizens (who have exactly the same tools and far better equipment at their disposal) than some guys in the Middle East who really just want to be left alone to fight their own battles without the intervention of some 'global policeman' whose only real interest is in ensuring a constant supply of oil and getting rid of that pesky radioactive waste by firing thousands of tons of it all over the battlegrounds.

Its like the US government is making out that encryption hasn't been used routinely at all levels of political structure for thousands of years, that is somehow a new 'weapon of terrorism' that must be combatted at all costs.

Do they really assume that everyone is as dumb as George Bush looks?

How stupid can you get

[selectspec]

Suprizingly, terrorists no longer will use newspaper classifieds, telegraphs, and carrier pigeons for their nefarious communications. In other suprizing news, it turns out terrorists also use guns, bombs, biological and chemical weapons, instead of swords and clubs.

Re:Exactly

[Tau+Zero]

I think that this incident is precisely a government campaign to build public support for encryption regualtion.

Or maybe it's yet another rendition of the one song that Louis Freeh knows.

If we can cheer for anybody being replaced with the change of administration, Louis Freeh is it.
--
Knowledge is power
Power corrupts
Study hard

Meet the New President, Same As The Old President

[billstewart]

It's been fun the last few years watching the Republicans be the party advocating civil liberties, and the Democrats advocating National Security and giving the FBI whatever it wants. Now that there's a Republican administration, they've dumped figurehead Janet Reno but kept Louis Freeh, the Wiretapper Behind the Curtain, and the parties are moving back to their more traditional alignments.

Funny thing is...

[Greyfox]

A comment in the story goes something to the effect of "No wonder the FBI wants a mandatory central key repository" despite the fact that the terrorists already have the technology and also have the know-how to continue to develop it. You think Libya's going to pass a law that the terrorists have to deposit their keys in the repository? I don't...

The Genie's quite obviously out of the bottle, and although the Intelligence community apparently prefers not to work for a living, continued survelience of known terrorists and criminals is still the best prevention of their malfeasance.

Obviously this is a plot by the US to restrict enc

[Nonesuch]

There was an article in the Chicago Tribune about a week ago discussing the use of encryption by US Mafioso, and how the U.S. Government broke his PGP encrypted files by keystroke logging.

Taken together, this is obviously collusion between the U.S. Government and the Media to garner public support for "key escrow" and other restrictions on encryption.

They're using pr0n and sports chat rooms?

[alpinist]

It all at once strikes me as odd and funny. Now, why would Muslim extremists use pr0n sites and sports chat rooms to exchange encrypted messages? What are they going to use next, the Jewish Anti-Defamation League's web site for planning their next big car bombing?

Yes, American tax dollars at work, subscribing CIA agents to fetish sites so they can study their images for secret encoded messages. An extra 500 agents recruited fresh out of college to monitor sports chat rooms all day.

Now I'm trying to remember why I didn't join the CIA...
--

Re:NASTY BAD MEN ARE USING CHEMISTRY

[StandardDeviant]

Exothermic reactions will become illegal without a proper liscence.

Wouldn't eating something count? (heh: consumption with intent to digest, public mastication, etc.).

--
Fuck Censorship.

Uh oh

[BgJonson79]

Well, I can use a belt to choke someone and a pen to stab them in the neck. Gotta get rid of them... only the gov't can be trusted with pens! Paper and pens can also be used for encryption. Time to go back to carving stuff into rocks and clay!

Re:When Encryption is outlawed...

[rgmoore]

Actually, to roll your own without exposing yourself to side attacks is really difficult.

Not really. Take a look at the RFC2040 description of the RC5 algorithm. It includes C reference implementations for just about every part of RC5, so that a programer would just have to stitch them together to create a useful program. Nor is this a singular example; IIRC part of the requirement for the new advanced encryption algorithm developed by the US was that there be a published, freely available reference implementation. I didn't bother to look, but I'll bet that there's similarly available information about well established asymmetric cyphers like RSA. This stuff is published and can't be unpublished.

Change of government......

[ssimpson]

Interesting: The head of the CIA complaining to the US Senate about foreign nationals using crypto.....

Does he really expect the Senate to be able to prevent terrorists in another country from being able to use crypto?

How? Ban exports from the US? {Sarcasm!}Yeah, that worked so well in the decade....{/Sarcasm!}

Or maybe this is just a concerted effort by US Intel & Law enforcement agencies to re-assert some authority in a new administration?

WTF do I care, I live in the far more oppresive UK.....

Whats really scary

[Srin+Tuar]

Is the ease with with the encrypted files were broken. If you read the article, its says that the most it took the government to break a file, using their mathematicians and supercomputers, was 1 year- most being broken well within time to take action.

Mathematically, RSA itself should take the age of the universe to brute-force- so I wonder what technique they were really using. The article doesnt give any hint what types of cryptanalysis was used.

Perhaps they merely tried to guess the passphrase- probably the easiest way since most people are simply going to use a handfull of ascii characters leaving a really small keyspace. Or maybe they know of a weakness in the random number generator their implementation used.

I bet they started with a dictionary attack, then tried common variations with capital letters, numbers and symbols mixed it( the goal being to decode his secret keyring ).

Regardless- the point seems to be that if they government whats to know whats on your computer they will find out- even if they cant do it casually and cheaply. The best way to send secret messages remains steganography and anonimity.

Moderation is the key (no pun intended).

[SunCrushr]

Any technology, the oldest (fire) included, can be used for the good of all or to destroy. When used in moderation any technology can be a good thing. Encryption can be used for good, as most of us Slashdot users can tell you. It can also be used for bad purposes. You cannot blame the circumstances on the technology, only on the person who misused it. Do not target the technology in your fight agains crime big gov! Target the badguys!

Re:Moderation is the key (no pun intended).

[SubtleNuance]

used in moderation any technology can be a good thing

May have been better to say "used with wisdom and responsibility any technology can be a good thing

its not always an issue of quantity... just picking nits....

Re:When Encryption is outlawed...

[Suidae]

how exactly is banning encryption supposed to stop terrorists from using it?

Its not, its just supposed to give the monkeys in the suits a way to identify potential targets, and a legal basis on which to harras them if they so choose.

I think we all need to start

[SquadBoy]

using Rubberhose. Make the government arrest us all get all the keys we can remember (and if fact all the keys we have) and they still can't prove that they have everything. That would be very cool and make it clear just how pointless trying to ban encryption is. The only way to put a end to this will be for a whole bunch of us to go to the mat for it. Should be fun if nothing else. :)

Re:Encrypt this!

[RickG485]

Is this a surprise? The modern media corporation's purpose is to provide information that makes people watch. The more people watch, the more ad dollars. What people don't realize is that alot of the time THERE ISN'T ANYTHING IMPORTANT TO REPORT! So, to keep the eyeballs glued to the set, the networks will embellish, overplay, overemphasize, or just make crap up in order to get people to find out about "the next big crisis". Without this opportunistic journalism style, the networks wouldn't be able to justify their size. The sad thing is, many small-time journalists (that I know) think that CNN still carries on the proud tradition of actually objectively reporting the news.

Terrorist plans found!

[MrShiny]

http://csnation.counter-strike.net/cs2d/

It's all there including maps of terrorist bombing targets and hostage locations!

Privacy is for all or none

[Kjella]

There's no such things as "good" or "bad" encrypted data. It's just a meaningless stream of 0 and 1's. So if you want to prevent terrorists, the mafia, kiddie porn traders, nazi groups and any other group you don't think should have unbreakable encryption from having it, you must put an escrow system in it, everywhere. Would political parties have something against this? Would corporations trading sensitive data? Would the military have something against it? Would freedomfigthers in non-democratic countries have something against this? Yes yes YES! Not to mention practical problems. First off, no government could make its own escrow system. Then I'd use Russian encryption in USA and vica versa, it'd have to be truly global, and I don't think all countries would like to share everything with everyone else, say Israel and the Arab world, Russia and the US, China and Taiwan to mention a few. Secondly, you cannot unrelease a program. The program, the source code, and the theoretical knowledge of how to make it exists and all copies can't be destroyed, and even if they were there'd still be people who know how to do it again. Thirdly, used wrongly a key escrow would clearly violate Article 12 of UN Human Rights Charter, which clearly states: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation." Who would see to it that the government doesn't violate this, just because it can? Fourthly, most democratic countries would accept Article 19 about the freedom of expression to include the freedom NOT to say anything, the United Kingdom *not* included, see RIP bill. Kjella

gov't intervention is worth it

[breic]

Everyone on /. is (of course) worried about this, because they think now the government will take encryption away from them.

But the more basic, direct point is that encryption in the wrong hands can be dangerous. This is a fact: none of us want Osama's life to be any easier. It may not be possible to stop him from using encryption, with his very sophisticated global network, but encryption regulations would restrict less well-financed criminal operations. To me, this is a very tangible good.

I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation. Key escrow certainly could be reasonable.

Now I know most of us use encryption not because we need it but because we like feeling that we're more powerful than the government, but for lots of encryption uses, key escrow isn't so bad. That's just my opinion; what do you guys think?

One objection to this is that, by regulating encryption, we are changing are very society, and thus giving terrorists like bin Laden a victory. I don't really agree, but this is a reasonable point of view.

Another poster commented that chemistry should be restricted, and perhaps it should be in the sense that large fertilizer sales should be tracked (eg., by inserting chemical "tags" into the fertilizer).

Re:I don't see how this is relevant to ANYTHING

[nagora]

I'm from Northern Ireland and I can tell you that most terrorists are pretty thick and a one-time pad would be well beyond their ability to use. A system which automatically encrypts their email is of some use (assuming that at least the cell leader can install it for them) as they don't actually have to do anything much except remember a password (which they'll probably write on the computer).

Personally, I don't care. Phone taps and mail scans only catch a tiny number of terrorists and the ones that planted the bomb in Omagh, for example, which killed 29 people used clear-speech mobile phones to communicate and they still haven't been caught. The reason is that operation-time messages are just "At A", "Met J" style stuff which is no use to the phone-tapper or a court. Cells will always need to be infiltrated at planning-time to have any real effect. Meanwhile I want the ability to talk in private when I want to - not much to ask is it?

Re:Thank you, Mr. Bin-Laden!

[theNAM666]

OK, I'll reply to everything said in this message, and point people via links...:

Where'd you get the stuff in bold? I'm curious to read the rest of it.

That's at Bin-Laden Interview.

Where, O where did you get YOUR info???
129 warplanes is about 25% of the US invading force[...] and somehow, the media MISSED THAT?

I wish I could say that S was near N on the keyboard... in any case, the best summary of NATO warplane losses that I can find in 5 minutes on Google is at NATO Warplanes used & lost. Note that the figures there are planes downed on Yugoslav territory... more were lost over non-YS territory...

There's better stuff out there (and in my bookmarks elsewhere)... the Canadian NATO commander, particularly, noted how incredible the YS pilots were... MiG-29s are nothing to sneeze at :)

Here's the real stats:
1. Cruise missiles with 30 percent hit ratios -- this is true

The point is that they were reported to the US public at over 90%; and that the Tomahawk development team had been given that as a goal. 30%, the publicity figure that the Pentagon pulled back to, was in fact the overall hit percent for Tomahawk targets -- meaning it doesn't reflect that it may have taken multiple Tomahawks to hit the target.

Untrue. It was local Somalians... and we actually had a 20:1 kill ratio...

There were a great number of Afganistanis there... and 20:1, if true, is pretty sucky against Somalis, compared to 200:1 in Iraq, no? Not that I'd believe Pentagon figures any more than I believe General Westmoreland's body counts...

only one manned plane was shot down.

See above. You were reading the US media, as it did its very poor job of serving the US people. The F-16 downs just didn't make the big papers.

www.binladenmyass.com

[SubtleNuance]

Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities

Does anyone else think that America are using the "Terrorist Threat" to maintain fear in the minds of the public?

Does anyone else think that Bin Laden is some master evil mind bent on the destruction of America? -OR- is the supposed threat mainly used as a smoke screen to increase CIA, FBI etc operations, military spending, erosion of citizen rights and the like.

America is notorious for defining its self based on its present enemies - no one likes a 'bad guy' like a Yankee. It was the Square Heads and the Japs, then the Commie Reds, then Iraq, Iran and the rest of the Rag Heads, now its China and 'Terrorists'.

Why is America so pre-occupied with the people the think are 'out to get them'?

In a persons everyday life - how much time do you think is really necessary to worry about "Terrorists"? Give me a break. What a fucking joke.

Maybe Americans should stop and wonder why the world talks consistently as they do about America (over consumption, puritanism, imperialism, meddlers, etc etc). Does anyone ever think that the rest of the planet *just* might be right about this? Why must America consinstently act so contrary to the wishes of the rest of the world - and act as if they are have a divine correctness in world?

Please trust me when I say this is not flamebait or troll So if you'd like to mark it down because you dont agree with my assertions - Ill simply repost it. Ive got max karma.

Re:forget encryption...

[logiceight]

At my high school they taught Chinese. I was told once that they recieved a grant from the CIA to teach Chinese.

Guess with China becoming the next big enemy, they want chinese taught to protental agents.

Re:Thank you, Mr. Bin-Laden!

[krystal_blade]

Where, O where did you get YOUR info???

----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.

Heh... 129 US warplanes is about 25% of the US invading force of Kosovo, and somehow, the media MISSED THAT?

I remember watching the predator Unmanned aerial vehicle flights over Sarajevo a couple years back. Those planes couldn't dodge a well aimed bottle rocket, and the US never lost a single one of those to enemy fire.

That crack rock must have sure been good...
It obviously caused your mouth to gravitate to a more comfortable place for you to speak from.

krystal_blade

Re:When Encryption is outlawed...

[autocracy]

www.fourmilab.ch - get the entropy tester :)

The problem with capped Karma is it only goes down...

I don't see how this is relevant to ANYTHING

[fantom_winter]

Ok, I cannot believe someone hasn't beought this up yet, but I can't see how encryption technology is relevant to what terrorists are doing to pass on messages.

How long to terrorist's messages need to be, anyways?

What am I getting at? Well, an unbreakable encryption system has already been made, and it has been around for years, and could be implemented with a pen and paper. What you need is a once-used cipher that is longer than the text being transmitted (a random cipher).

So, joe terrorist could carry around a CD-ROM with 640 Megs of random ciphers and just about any message could be secretly transferred.

So what excactly is the point of banning encryption because of this instance, when it really doesn't matter? Certainly terrorists have CD-Burners and 20 year old books on encryption (and have read the first chapter)...

Re:Need a key escrow?

[ichimunki]

An excellent complementary notion. Thanks.

Re:Blatant FUD-mongering

[sulli]

Don't forget, the embassy-bombing trial started today. Might be relevant? FBI PR folks whispering in reporters' ears on days they know Osama et al. are on their minds?

DMCA to the rescue!

[john_locke]

IANAL, but I was wondering- would the DMCA make it illegal for the NSA to circumvent my personal use of encryption? What if I copyrighted every one of my emails that I sent, and said that PGP was copy protection? Or if I was a ceo in canada and I said that my encrypted emails were vital to my us-canadien buisness and that if the goverment of either nation was decryting my email- it would cost me millions and therefore i could sue/extort that much money from the canadian/us goverments under the conditions of NAFTA. What do you know, america? :)

Actually the quote goes...

[Fist+Prost]

"When they make encryption against the law, only (8erhnfd9(*9yh3^%$@@ IHDSFiED(#*)HR Y#(R$#HDHS#@(*Y..."

Fist Prost

"We're talking about a planet of helpdesks."

Re:Exactly

[teatime]

Actually if you study history a bit you will find that Bin Laden wa probably on our governments payroll. He was instrumental in fighting the Soviets when Afghanistan was fighting the Soviet Union. the U.S armed Bin Laden and other willing takers in their fight against "communism'. I guess now that the Government needs a scapegoat it might as well be Muslim's and Latin Amercian Narco traffickers.

Tracking Encrypted Messages

[Schwarzchild]

"The operational details and future targets, in many cases, are hidden in plain view on the Internet. Only the members of the terrorist organizations, knowing the hidden signals, are able to extract the information."

If only the members of terrorist orgs know the signals then how do they know about it?

My guess is that they're tracking encrypted messages on the internet, telephone and wireless and then they probably try to figure out if the parties on either end are shifty characters via background checks or racial profiling. How else would they know this stuff?

Since most people probably don't use encrypted email or what not it would probably be a really useful technique for law enforcement agencies.

Bin Laden interview

[RandomPeon]

Time had an interview with him a while back. Found it here . He skirts questions about his culpability. A lot of it is still scary.

Either way, it is true that the US govt frequently claims that Bin Laden is the source of all evil with little to no evidence.

a report on an article on a statement

[q000921]

CNN reports that USA Today reports that CIA Director Tenet wrote a letter last March (!) to the Senate Foreign Relations Committee that terrorists are using encryption? And that's news? The CIA has been claiming this for years. And, you know, it's probably true. So what? Terrorists use air and water as well, yet most people would agree that we shouldn't ban air and water.

Which leaves me wondering: why is this being dredged up now? Is the administration preparing for another assault on cryptography?

Re:Thank you, Mr. Bin-Laden!

[WillSeattle]

I think it's important to put Bin-Laden's quote in context:
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.

There are lies, darned lies, and statistics.

Here's the real stats:
1. Cruise missiles with 30 percent hit ratios - this is true - dumb bombs with JATO pods ($500 for warhead and $2000 for pod) have a 99 percent hit ratio, whereas cruise missiles have a 30 percent ratio (it can go up to 80 percent in ideal conditions).
2. "In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia." Untrue. It was local Somalians and we actually had a 20:1 kill ratio in that particular battle, which most countries would regard as fantastic. But ... Yanks don't like to see their casualties dragged through the streets ... basically, we had the strength but not the stomach ... war means death, on both sides. Get over it.
3. "In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these." Wrong. Most of these are unpiloted or remote pilot drones, only one manned plane was shot down. There's a big difference between a $500 remote drone used for artillery spotting and remote scouting being shot down and a stealth fighter biting it.

Next thing you know you'll say that Bush won the US election, even though ballot analysis shows this was not the case, as all of Europe knows but our media won't cover.

Re:Thank you, Mr. Bin-Laden!

[WillSeattle]

I said:
Here's the real stats:
1. Cruise missiles with 30 percent hit ratios -- this is true
You said:
The point is that they were reported to the US public at over 90%; and that the Tomahawk development team had been given that as a goal. 30%, the publicity figure that the Pentagon pulled back to, was in fact the overall hit percent for Tomahawk targets -- meaning it doesn't reflect that it may have taken multiple Tomahawks to hit the target.

Again, I said the goal was 90 percent, 80 percent is under ideal conditions, 30 percent is battlefield - we both agree, although I said cruise missiles not Tomahawks - I worked in LRCSW at Boeing for a while, so I know the difference. Not all cruise missiles are tomahawks.

Untrue. It was local Somalians... and we actually had a 20:1 kill ratio...

There were a great number of Afganistanis there... and 20:1, if true, is pretty sucky against Somalis, compared to 200:1 in Iraq, no? Not that I'd believe Pentagon figures any more than I believe General Westmoreland's body counts...

Nope, just rumors. And 20:1 is still damned good, it's only that Yanks think noone should die. When you actually serve in a military and see a few dead bodies, we'll talk - until then, I still say this was a combat victory and a media loss - accentuated by a lack of proper support to achieve unrealistic goals.

only one manned plane was shot down.

See above. You were reading the US media, as it did its very poor job of serving the US people. The F-16 downs just didn't make the big papers.

No. You said US planes, not NATO planes, but you give NATO planes shot down. I say again, most downed planes were pilotless, very few had pilots but were drones and scouts that got hit. And the US downed plane count was in the single digits, no matter how you slice it.

Face it, the US doesn't care how many NATO planes were shot down - we only cared how many US planes were shot down. And from a media standpoint, that's all that counts.

This just in: Terrorist breathe air and eat food!

[sporktoast]

ARLINGTON, Virginia (AP) -- Osama bin Laden and other Muslim extremists are using food and air to give them the sustenance they need to plan terrorist activities against the United States and its allies, USA Today reported Tuesday.

The paper said weeks of interviews with U.S. law enforcement officials and other experts disclosed details of how extremists take oxygen into their lungs and consume readily available foodstuffs.

The report said instructions for "respirating" and "aquiring calories" are apparently part of the earliest indoctrination that (potential) terrorists recieve.

"To a greater and greater degree, terrorist groups, including Hezbollah, Hamas and bin Laden's al Qaeda group, are eating, drinking and breathing to support their operations," CIA Director George Tenet wrote last March to the Senate Foreign Relations Committee.

USA Today said the testimony was presented at a closed-door hearing and made public later.

Following up on that report, the paper said it learned from various unnamed officials and investigators that life is sustained by using freely available air and nutritious consumables that are sold for a profit all over the globe.

"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper.

Bin Laden using chat rooms

[TheWhiteOtaku]

I wonder what his handle is?

Possibilities include

h8z_USA
T3rr0r1zT_1234
Da_Bomb
!Luv_Saddam!
Muslim_Hunk873
Giggles

If you read this, Osama i was just kidding, ok? Don't "blow up" on me.

Banning encryption

[SomeoneYouDontKnow]

When I read this story in the Atlanta Journal-Constitution this morning, I couldn't help but think that there's going to be some politician out there calling for the banning of encryption. Never mind that a U.S. ban would accomplish absolutely nothing in this case, since the terrorists are based in Afghanistan. And even if you ban it, and even if the terrorists are U.S.-based, how is such a ban supposed to help? The software is already out there, and new products are being developed around the world, not just in the U.S. Hell, you can even hide messages in graphic files. Are we going to ban everything but plain ASCII text? If someone posts an encrypted message on a Web site or bulletin board, what good did that ban do? The message is already posted, and you may presume that someone has read it by the time law enforcement discovers it. And never mind the fact that if someone wants to cause mayhem badly enough, they're going to do it with or without encryption or even computers. People have been blowing up things for centuries. Still, logic has no role in politics, so we'd better brace ourselves. And one last thing. I love it how politicians always say that we will never give in to terrorists when we do just that every time some asinine proposal like this surfaces. Terrorists are ultimately out to destroy our quality of life, and the really ironic thing is that law enforcement agencies, by advocating such extreme measures, are helping them further that goal.

It's not a simple choice.

[phooka.de]

Unfortunately the choice just isn't that simple.

To make (strong) encryption (without keys for any gouvernment) illigal will not stop criminals from using it. The programs for this are already out there. Why should they not use them? The only way to find out what they're doing is to try and decrypt

• everything

on the internet. And to read it, of course, because I might hide illegal encryption by encrypting it a second time "legally" (e.g. with a key for the CIA).

Do we really want this?

After all, who should hold the keys to internationally fight terrorism? CIA? They're spying on our economy already, no thanks. Mossad? KGB? Or maybe the UN, but then we could be sure that 1) it won't be used and 2) it will be hacked.

No, to make key-recovery-free encryption illegal won't stop a single terrorist from using it. It will, however, stop law-abiding companies from doing so, which in return will seriously reduce their chances in the future.

Logical errors in this report

[tdye]

It's clear that the reporter didnt' bother to think about what he was writing. Ket Escrow is necessary, he implies, because Bin Laden can hide his files with crypto. But, in the same article, he explains the reason Bin Laden uses crypto now, namely the FBI is tapping is satphone.

Yathink, maybe, he might cotton to the whole key escrow thing, and start using Islamic Jihad crypto instead? The reporter went to great pains to explain how Bin Laden's people have sharp techs in their side...

Also: if the crypto is "uncrackable', as the reporter states, why are the terrorists bothering to hide the stuff in porn and chatrooms? It's uncrackable, right?

Wait, it's not uncrackable! "Phillipine police found the computer in [Ramzi] Yousef's Manilla apartment in 1995. US officials broke the encryption and stopped the planned attack. Two of the files took a year to decode, the FBI says."

The FBI ought to require Jack Kelley (the reporter)to pull his head out of his ass before writing this propaganda. At least it'd be internally consistant. A quick read conveys the message that crypto is bad, the FBI is your hero, and A-rabs are evil. A thoughtful read conveys the stupidity of Kelley and the anti-crypto movement in general.

And this is

[sharkticon]

Open technology and the rise of near-unbreakable encryption has allowed each individual to make their own decisions about privacy and to act upon those decisions without recourse to regulation or government interference. This is a wonderful thing in a nation where the government seems to increasingly view our Constitutional rights as something preventing them from doing their job.

But as with all things there is a flip side! Just as we can use encryption to ensure our private thoughts aren't available to every spook with a PC, terrorists like Bin Laden and rogue nations like Iraq or North Korea can use encryption to prevent our defenders in the CIA, NSA and so on from stopping their terrorist activities. And unless encryption breaking techniques make a quantum leap foward in the next few years, this situation is going to become the norm.

Now overall I would say that the privacy to be gained in this situation outweighs the relatively small number of terrorist uses of email and the net. But these agencies need to be able to do their jobs effectively! They're not just there for show, they do a valuable and worthwhile job in ensuring our citizens are protected. In order to offset the loss of information caused by encyrption, we need to ensure that several steps are taken.

Firstly, we need to to step up manned operations abroad, especially in known trouble spots. We'll need to recruit more people to do this, which means increasing budgets. And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves! It's no different from soldiers wearing a bulletproof jacket, and in these times when nuclear proliferation is a fact of life, America needs that jacket.

Re:And this is

[RandomPeon]

Firstly, we need to to step up manned operations abroad, especially in known trouble spots. We'll need to recruit more people to do this, which means increasing budgets.

This might not work. How do you infiltrate a terrorist organization made up of people who are relatives? How do you infiltrate a terrorist organization in a country where most of the residents are at least somewhat sympathetic to the groups goals? Bear in mind that HUMINT has a pretty shitty track record. Investing in HUMINT is like investing in a dotcom - you may be wasting your money or you might get a huge payoff. Getting Congress to approve large cash payouts to shifty characters could be awfully difficult, especially in light of the Iran-Contra debacle not too long ago.

And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves! It's no different from soldiers wearing a bulletproof jacket, and in these times when nuclear proliferation is a fact of life, America needs that jacket.

Ouch! Head hurts! NMD = very stupid.

Why would anyone launch a missile at the US when much better delivery systems are available? The World Trade Center bombing, the Oklahoma federal building bombing, and so forth all involved very sophisticated car bombs. The USS Cole was hit by another boat, not a missile. There is no reason why any terrorist would use a missile as a delivery system - they're expensive, and it appears sneaking up on your target works just fine.

Some may say, well, just because a missile defense would not protect us against some attacks isn't a reason to build it. Implicit within this claim is a couple things:

1) Terrorists are fairly smart, they can build high-yield conventional weapons and possibly NBCs.

2) Terrorists are extremely stupid, if we build a missile defense system they will abadon in rental trucks and boats as delivery systems and switch to ballistic missiles.

Pick one or the other folks, it can't be both.

Blatant FUD-mongering

[bughunter]

How more obvious can they get? I just read the USA Today article and by the time I got to the second paragraph it was clear that the article had one purpose: scare the average crypto-ignorant citizen into seeing jihad messages everywhere, and begging the government to protect them from this bogeyman.

It's the Red Scare all over again.

I mean, come ON. These people are going to use cyphers or one-time pads if they can't get their hands on modern crypto. They'll assign meanings to quotes from the Koran, and print those. And heck, they don't need to use pr0n sites and sports chat... What's wrong with email, AIM, and IRC?

If the entire NSA and Pentagon can't outsmart a bunch of religious zealots with automatic weapons and explosives, crypto or no crypto, then we're all in trouble.

This story is a shamefully obvious attempt to manipulate the public into accepting continued restrictions on their use of strong crypto. It's clearly intended to support someone's agenda... whose? The USA Today's or someone else's?

Re:Blatant FUD-mongering

[mobiGeek]

Slightly off topic, and not to start a flame-war, but Bin Laden is to Islam as Karesh was to Christianity. Both use religion as an excuse, not a cause. Islam, which is built on Judeo-Christian roots, is just as much (or more?) a religion of peace as its predecesors.

It's kind of funny (but not too funny) how the Western World is as afraid of technology they don't understand (crypto) as they are of cultures they don't understand.

Alternatives

[debrain]

Ok, so terrorists don't have to pay for encryption. They could pay for it if they wanted to, but do you really think that a ban on freely accessible encryption will limit their access to it? (Open question. I don't know, honestly.)

I would have thought that the obscurity provided by the massive amounts of information passing over the net would have been enough to communicate anything of necessity. And besides, if they can communicate in a different language (ie. one they made up), without a primer there's no way to tell what they're talking about anyway.

Won't Do Any Good; Will Do Lots Of Evil

[Steve+B]

encryption regulations would restrict less well-financed criminal operations

"Less well-financed criminal operations" == "a crook who can't afford a used 386 system with a 9600-baud modem"

I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation.

Reasonable regulation means curtailing, not expanding, the powers of government agencies which establish a clear track record of abuse.
/.

Slashdot...

[Hard_Code]

"Who ever thought that sending encrypted streams of data across the Internet could produce a map on the other end saying 'this is where your target is' or 'here's how to kill them'?" says Paul Beaver, spokesman for Jane's Defense Weekly in London, which reports on defense and cyberterrorism issues. "And who ever thought it could be done with near perfect security? The Internet has proven to be a boon for terrorists."

Slashdot knew. And we told you. Silly.

Re:ROFL!

[Tackhead]

> Check out the fruitcakes they're quoting

From www.idefense.com:

We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds.

We know this because we've already done stuff like this to our adversaries.

Or perhaps you didn't know about the Postscript hack we snuck into Iraqi HP Laserjets as part of the Gulf War.

Or perhaps you didn't know about the backdoors in Lotus Bloats that we used to steal European industrial secrets.

Or about the stuff about the French government's stated policy of using industrial espionage in the late 1980s, to which our Bloats backdoor was probably a response.

Make no mistake, these guys do have a vested interest, but they're emphatically not fruitcakes. They know whereof they speak. This particular threat is very real.

Before you moderate that as "Troll" - ask yourself what's the difference between:

• idefense.com saying to its audience "You know you've embedded backdoors in stuff you sold to adversaries, now they can do it to you?"
• Rabid /.ers saying "Open source is more secure than closed-source because it's harder to hide the backdoors".

Hint: None at all.

It's the same risk, just viewed from a different perspective by a different audience with a different set of shared experiences and concerns.

(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)

ROFL!

[mwalker]

Check out these fruitcakes they're quoting:

"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper. "

ok, head on over to www.idefense.com, browse a bit, find some speeches, dig out the tasty quotes:


"We already know that some 30 countries are working on offensive information warfare programs and the principal target for each is the United States. We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds. We also know that every day hundreds of American companies are attacked through cyberspace and that billions of dollars are lost through theft and blackmail.
"

"
For example, no American intelligence agency effectively mines open source data and shares it across federal agencies and with the private sector. Yet open source data could be a huge national asset. Real reform might mean the creation of a Central Analytical Agency that could collate and analyze all open source data and distribute it via the web to its customer base in the private and public sectors. Only secret intelligence would be the responsibility of the existing intelligence community. Not only would this create a significant and profitable national asset, but it would eliminate wasteful duplication in the intelligence community."


Read the whole thing, it's beautiful.

They even get to speak before congress now and then.

Good thing they don't have a vested interest in the whole thing.

At least they got hacktivist right.

Remember wiretapping is (relatively) new ....

[taniwha]

Just about 100 years ago the cops couldn't tap phones to solve crimes, there weren't any - before that messages were carried by hand, or memorized ... the window during which they've had the chance to do this is relatively small in the grand scheme of things - just a couple of generations (just long enough to forget how things used to work :-). These days the terrorists could equally be using coded short wave radio transmissions - the net's just aconvenient whipping boy because the feds think they have chance of regulating it

What we're really talking about here is a balance between our personal privacy and the public safety - we should be be carefull not to race off and give away our privacy when in practice all it will mean is that the black hats will use different technology - if that happens we've all lost and the feds have gained nothing ...

Re:Need a key escrow?

[OmegaDan]

I heard this story on NPR yesterday, and could think only one thing ...: Anytime a government agency is using propaganda to loby for a restriction of your rights -- something is seriously wrong.

Re:Good news. Follow my logic and understand why.

[Erasmus+Darwin]

Only the fringe members of our society use encryption at present

You mean fringe members like Yahoo, Amazon, most anyone else doing e-commerce on the web, and major financial institutions?

Re:Exactly

[SubtleNuance]

gorvernment used the news media like a precision weapon in control what was known, by whom and when

Its no secret to anyone who wasnt weened on American media that this is true - the 18:00 news programs are the worst offenders. Why arent *AMERICANS* capable of seeing this? When I mention it to an American they think Im nucking futz.

It couldnt be more obvious... its a goddamn circus.

Re:Need a key escrow?

[ichimunki]

The fact that the legislation will be totally pointless and do nothing to actually hinder the problem as stated from flourishing will not (indeed it never has before) prevent the US government from passing laws to protect the sheep^H^H^H^H^Hcitizens from purportedly dangerous elements.

Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation. The best the government can do is provide sanctions for those found guilty of committing said crimes within US jurisdiction and mete out punishment.

Sometimes well-intentioned laws are used a basis for creating special classes of criminals who, once suspected of the crimes, are conveniently divorced from their normal rights as citizens (witness the drug war and the FBI/McNaughton-style sting mania).

The end result of legislation like this is to feed the general trend of Americans to be cowardly and fearful, who feel it is better to let governments and corporations make up their minds for them (because after all, if we can ban the export of munitions-grade encryption, we must have produced it, right? so we're number one! yeah!), and in this case, will make sure that no citizens, for better or worse, will be keeping any secrets which would undermine that authority and control.

Do-this-also-yourself at home!!!!

[foreigninvasion]

Here is an even more a fun for you and your kids!

It's a program that will CORRUPT ANY FILE!! Whoa, that's phat with a capital PH!!!

Untitled.gif illegal softwarez!!!!!

Available for intel windows and alpha linux.

This software does not require the installation of photoshop 6.5. Consider yourself invaded by foreigners!!!!

Re:So much garbage, so little space

[raju1kabir]

"Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag

Don't be fooled by the religious rhetoric - it's bad enough that thousands of weak-minded teenagers (who happen to be Muslims) in the middle east are. Political Islam has nothing to do with religion. The Quran is an expedient tool used to manipulate people into following cynical leaders. In the US they would use the Bible.

A tricky thing with religion is that its reliance on the unseeable and unprovable makes it and its followers fairly ripe for manipulation. Once someone has demonstrated that they're willing to believe something just because a book says they should, any wanna-be despots have a ready-made self-selected audience to focus on.

Even then, the majority of people are sensible enough to recognize bargain-bin demagogery as just that, and steer well clear.

Just as most professed Christians are nice people you'd be happy to have as next-door neighbors, most Muslims are ordinary folks who want nothing more than to get through the day, have a good job, feed their family, and have an excuse to smile from time to time.

Anyway, the point is that anyone who manipulates a religion as a tool for motivating others to commit acts that stand against that religion's doctrines (as terrorism does against Islam), has already shown where they stand, and there's no particular reason to believe they're not watching the Playboy channel with a cold 40-ouncer sitting atop their copy of the Quran right this very moment.

Encrypt this!

[Isosceles+Triangle]

This is typical over-reaction by the media. Don't you love how every few weeks they get some new 'Techno-demon' that they need to exorcise? Of course they get a quote from some know nothing politico who wants a sound bite. If they took the time to understand encryption (or any other technology), there would be a lot less static on the airwaves... I weep for the state of modern journalism. Rant complete. IT

Nasty Bad Men Use Roads&Phones&Water&Electric&Mail

[Glasswire]

As has been said many times before, always remind your semi-digital, but public-spirited friends concerned with encrypting terrorists that Criminals of any kind use the same bathrooms and the ALL of rest of the infrastructure (Roads&Phones&Water&Electric&Mail etc.) that we we do, but no one suggests shutting those things down or severely impairing their usefulness because bad people use ordinary things for bad reasons. Helping create a fascist and paranoid state in response to terrorism polarizes the population -which is as important a goal for terrorists as terror is.

Cat out of bag, horse long gone from barn...

[isaac]

Whatever Johnny Law might want, encryption is too essential to too many powerful industries to return to the bass-ackwards regulation we were subject to in years past.

Besides, restrictions on encryption technology can't stuff this cat back into the bag; the software is out there, and that's that.

Intelligence and police agencies have been using other techniques to get around the use of encryption since the late '80s, from keystroke logging hardware slipped into a suspect's keyboard (what was that about a passphrase?) to the simple and ancient techniques of Van Eyck/TEMPEST monitoring (nabbing the cleartext from the RF emissions of the CPU or display).

Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.

Someone's pushing an agenda with this article, but I rather suspect it's Gannett (owners of USAToday) and CNN.com, who's essentially paraphrasing the USAToday article. Sadly for us /. paranoiacs, it's probably no agenda more sinister than "attract readers with inflammatory stories", just like many other sites we know and love. :)

-Isaac

Does he really exist?

[Jeffrey+Baker]

Is there any strong evidence that Bin Laden really exists, and is really the mastermind of a global anti-American plot? Sometimes I get the feeling that he is just the generic evil guy that the US drags out whenever it needs to push some agenda.

So much garbage, so little space

[Pac]

USA Today article is so filled with garbage and gaps, so clearly following an (no-very-well) hidden agenda that I don't even have the energy to debunk it all. So, just a few commented hightlights:

a) "Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag.

b) "Uncrackable encryption is allowing terrorists ? Hamas, Hezbollah, al-Qaida and others ? to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Please notice the "last March" expression. This panel was reported and fully discussed (See the news here. I believe it was even discussed in Slashdot, but I couldn't find the article)

c)"encryption has become the everyday tool of Muslim extremists in Afghanistan, Albania, Britain, Kashmir, Kosovo, the Philippines, Syria, the USA, the West Bank and Gaza and Yemen, U.S. officials say." I guess they also have radios, all forms of guns, phones, cameras. They also use cars, trains, buses. Let us ban all of those.

d)"All the Islamists and terrorist groups are now using the Internet to spread their messages," says Reuven Paz, academic director of the Institute for Counter-Terrorism, an independent Israeli think tank." This has absolutely nothing to do with encryption. Notice the equality achieved in the sentence between Islamist and terrorist. Rephrase to "All Southern Baptists and racists groups are now using the Internet". Think about it.

e)"They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read." We should throw all these "privacy advocacy groups" in jail and lose the key, shouldn't we?

f)"It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it." Of course, as we already know that all the enemies of the United States are a bunch dumb arabs, they obviously cannot develop their own software. So they will be forced use US-made software that automatically deposits their private keys with the FBI.

g)"Who ever thought that sending encrypted streams of data across the Internet could produce a map on the other end saying 'this is where your target is' or 'here's how to kill them'?" says Paul Beaver, spokesman for Jane's Defense Weekly in London, which reports on defense and cyberterrorism issues. "And who ever thought it could be done with near perfect security? The Internet has proven to be a boon for terrorists." Who ever thought a spokesman for a defense and cyberterrorism publication could be so dumb? To discover how does Mr. Beaver manages to keep his job, that would amaze me.

The discussion about the racist bias of the article is left as an exercise to the reader.

The part that struck me...

[kaphka]

"They said the messages were scrambled using free encryption programs set up by groups that advocate privacy on the Internet." (an AP story)

So, basically, libertarian groups are aiding anti-American terrorists. You're laughing, I'm sure, but I find this terrifying. The public will swallow lines like this... and once it has been beaten into their brains enough, the government can dismiss any issue it wants to just by blaming it on "terrorists".

Re:forget encryption...

[TheTomcat]

And THAT, my friends is precisely why the Americans leave us Canadians alone. (-:

Re:ban envelopes, too

[Trepalium]

And in the millions of peices of mail that go through the postal system, you think they'll know which ones carry terrorist information and which ones don't? Are we going to demand that the postal service open and read each and every mail? Encryption can be broken, it just takes a lot of equipement and possibly time. Besides, I believe even wiretap regulations require that two of the three involved parties give their consent (carrier, sender, recipient), and there are devices that are much closer to a wiretap than forcing all users to conduct their business in the open clear of the safety of encryption.

Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store. Most online merchants destroy your credit card number after it's no longer needed, and keep only minimal records of it (4 first or last numbers). Compared to bricks-and-mortar shopping, where the store makes one or two copies for itself and one copy for you to lose, with 'customers' behind you that can look over your shoulder because of poor handling of the card, it makes me feel nervous. However, if you take away encryption from the equation, all bets are off, since a packet may travel through dozens of systems and routers before being recieved by the vendor you're trying to buy from.

How much freedom are you willing to sacrifice in order to gain safety? To me, the benefits that society gains from encryption far outweigh the evils that can be done with it. Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage. I'm glad to be living in Canada on this point -- there's never been any plans to stop private citizens from using or exporting encryption, with the exception of those products imported from the United States that employed 'high-grade' encryption that was banned from export from the United States. Why do you suppose the OpenBSD project, which uses encryption where ever possible, is based in Canada? ;-)

Need a key escrow?

[AMuse]

It's obvious, then, that if the government has a tight enough rein on the terrorists they're pointing out who use encryption, then obviously the government is good enough at tracking terrorists without being able to track their keys, and they simply don't need to worry about it!

Of course, the reality is that this is prime material for legislatures to begin convincing the less tech-savvy "common man" that they desperately need legislation in place to form a Key Escrow so that anyone's keys can be cracked by the government if they so desire.

Criminals, of course, simply won't obey the law. Duh.

When Encryption is outlawed...

[rgmoore]

Only outlaws will use encryption. I know it's an old saw, but how exactly is banning encryption supposed to stop terrorists from using it? The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own. Not to mention that software can legally be written in countries other than the US, so unilateral action won't do any good anway. The genie is out of the bottle, and it can't be put back in.

NASTY BAD MEN ARE USING CHEMISTRY

[7-Vodka]

In a related story, cnn.com is also reporting that Osama Bin Laden and other terrorists are using this new technology called 'chemistry' to carry out their work.
'Chemistry' could be a new, important tool in the terrorists quest to stay one step ahead of authorities and commit mass-murder. The senate will soon debate a bill which bans the use or export of this 'chemistry' and proposes stiff new regulations.

What if the NSA and CIA and Mil divs get it?

[WillSeattle]

What would happen if the NSA and the CIA and the FBI and all the Military intelligence communities get public key escrow and the right to snoop thru our email and web pages?

Answer - it would not affect them at all. The bad guys already have PGP and they can't crack it. The bad guys already have image encryption and they can't crack it.

All this will let them do is run roughshod over the constitution and pry even more into our private lives.

And, remember, Bush Sr. was Director of the CIA - don't for a second think that this is not a pretext to take even more of our civil liberties away.

forget encryption...

[omega_rob]

Forget encryption, even if you could take it away from the bad men they could always just discuss their evil plans in French or some other non-American language.

Curses! Foiled again!

omega_rob

Exactly

[tethal91]

I think that this incident is precisely a government campaign to build public support for encryption regualtion. My grad instructor worked for the 'intelligence community' during the Gulf War; he implied without saying directly that the gorvernment used the news media like a precision weapon in control what was known, by whom and when. So much disinformation went through CNN, with their blessing, that it is amazing we know any 'facts' at all. Who knows, maybe Bin laden is on the government payroll...

Good news. Follow my logic and understand why.

[Lover's+Arrival,+The]

This is the simple, and sad, state of affairs. Only the fringe members of our society use encryption at present - geeks, theives, terrorists, etc. This means that normal people are very naturally biased against encryption as a matter of course, by simple, if logically incorrect, association.

Now, how are the mainstream to be convinced that using encryption is a good thing? This is what we all want to do, correct? Well, we won't manage it by trying to do so ourselves - being lectured at by the freaks will only make the public resist even more. I suggest that we embrace the criminals for this campaign. The fact that Bin Laden and criminals like the mafia use encryption make it into a sexy field again, like it was in the 1920's through 40's, say. If we wish to impress Joe Public, it is imperative that we use the tools of advertising, which uses sexy images and subliminal suggestions, and not reason, which bores the common man and causes him to switch off.

Much like antidrugs campaigns by the government can increase their appeal and use in many quarters, I suspect that any government campaign to convince people that encryption is evil because it is used by terrorists criminals will surely backfire, and increase the sexiness of the field and general usage statistics for encryption.

This is what encryption has needed to enter the mainstream.

They fuck you up, your mum and dad.

Explanation

[Kaufmann]

Late at night, Muslim terrorist headquarters...

General walks into a room unannounced.

General: Samir, what are you doing?!?

Samir (surprised, suddenly turning his attention from the computer): General!!! I-I-I didn't know you were here at this hour, sir!!!!

General: Samir, were you using Allah's network connection to visit porn sites?

Samir: No, General! Of course not! I was just -- I was just, eh, using the porn site's bulletin board to send terrorist messages, sir! (types in something random)

General: But I can't read any of it!

Samir: Of course not, General! You see, sir, they're encrypted! Yes, that's right, they're encrypted!

General: Very well, I'll let it pass this time.

Samir turns off the computer and the lights. Exeunt.

General: By the way, Samir...

Samir: Yes, sir?

General: I think "CIABoy935466" likes you.

Do-it-yourself at home, too!

[Tom7]

Here's a fun program which allows you to store messages rather indetectably in JPEGS.

http://www.attrition.org/~wrlwnd/crypto/steanograp hy/jpeg-steg/

Maybe you could use this to tunnel IP over USENET porn?

Thank you, Mr. Bin-Laden!

[theNAM666]

I think one of the most revealing -- and relevant -- quotes about Bin-Laden's goals is from his Esquire/Frontline interview. (The quote is below my comment, please scroll; more excerpts are at Bin-Laden Interview).

I think it's important to put Bin-Laden's quote in context:
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.

As an advocate of a truly strong military -- as opposed to a bloated, bureaucratic, budget-and-career-path grabbing mess -- I think we ought to be listening pretty strongly when Bin-Laden says America is run by "devils."

Why? Because what Bin-Laden is saying is that America is much weaker than is says it is. That it is run by a bunch of cowards who lie about just about everything -- including our military capacity. And that sort of lying has everything to do with the current case.

Instead of going out there and building a strong, honorable military that can defend Americans along with the ideal of freedom, the FBI and etc. are going out there and building a totalitarian state that prevents the flow of information and the development of ideas. It's saying that people can't have encryption, because we're too cowardly and lazy to defend against it, and playing to the weakness and fear of the public. This is the essence of unfreedom. This is what destroys republics.

It is also the direct opposite of the democratic ideal which protects our society. The idea of freedom of information is that we become strongest when ideas can flow without government restriction -- that we solve problems, build economies, develop new technologies, and learn to protect ourselves better in a free society. And it is for this reason that totalitarian societies are doomed to freedom.

Is Mr. Bin-Laden using encryption? Is he building a military force to fight the U.S. government? Is he hurting the U.S.? If so, then I say, as an American, thank you Mr. Bin-Laden. Thank you for pointing out how weak we have become, under the direction of Mr. Freeh, and Messrs. Bush, and Mr. Clinton. Thank you for showing us that our society is so weak, and so unfree, that it cannot defend itself from you. Thank you for pointing out the devils among us, and how unfree they have made us, and that they are liars.

And that the lie is, that it is good to restrict technology, restrict information, restrict DeCSS, restrict encryption. That it is good to not let Americans see when their planes are shot down, or when their soldier die because they are unprepared for real war, because it "maintains morale" and public support for the military. The lie is, that restrictions and lying and totalitarianism makes us stronger, when it weakens us, weakens our military, and weakens our democracy. The lie is, that this benefits anyone, other than the bastards telling the lie. And by that, I mean Louis Freeh, among others, in this case.

All I have left to say, is that it is time to get the bastards out of office.

When the Marines landed in the last days of 1992, bin Laden sent in his own soldiers, armed with AK-47's and rocket launchers. Soon, using the techniques they had perfected against the Russians, they were shooting down American helicopters. The gruesome pictures of the body of a young army ranger being dragged naked through the streets by cheering crowds flashed around the world. The yearlong American rescue mission for starving Somalians went from humanitarian effort to quagmire in just three weeks. Another superpower humiliated. Another bin Laden victory.

"After leaving Afghanistan, the Muslim fighters headed for Somalia and prepared for a long battle, thinking that the Americans were like the Russians," bin Laden said. "The youth were surprised at the low morale of the American soldiers and realized more than before that the American soldier was a paper tiger and after a few blows ran in defeat. And America forgot all the hoopla and media propaganda ... about being the world leader and the leader of the New World Order, and after a few blows they forgot about this title and left, dragging their corpses and their shameful defeat."

Osama using the web...

[brakzilla]

Oh yeah me and Osama go way back to the old school days of ef-net.. check out this old log i found:

*** Osama888 has joined #metallica
<Osama888> wasssuuuuuupppppp >:D
*** UN sets mode: +o Osama888
<brakzilla> :DDDD:D:D:D:D:D hey man! whats happening?
<Osama888> man I was out shopping for nitrogen rich fertilizer at this damn store in al Kabarfi and this zit faced punk at the store was all up in my face
<brakzilla> hehehehe lol!!
<Osama888> hehe then I told the guy, "do you know who I am??" and he was like D:
<brakzilla> werd!
<Osama888> yea w3rd.. brb pizza ;)~~~

Re:Osama using the web...

[The+Tyro]

yeah, I remember that guy from #Netsex! he kept getting booted for all the "ru single?" messages... Not that *I* hung out on that channel, no sir! I graciously answered newbie questions in #wasteland...

ban envelopes, too

[new+death+barbie]

...and i understand that for years, pornographers and other criminals and have been using the mails, hiding their wicked messages from the righteous by using ENVELOPES.