Slashdot Mirror
Nasty Bad Men Are Using Encryption
ruebarb writes: "It appears that Osama Bin Laden and the majority of the Slashdot community have something in common - they love that free encryption! Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities. The article is available at cnn.com -- Expect the usual political outcry and demands for restriction of encryption technology to follow shortly hereafter"
And an unnamed correspondent writes: "USA Today has this report about how terrorists are using encryption to distribute secret mayhem instructions via the internet. Gee, you think?
What do you think -- is this part of a PR campaign to show John Q. Public how dangerous encryption is in any hands other than gov?" In related news, several of the major news networks are reporting that innocent-looking newspapers and circulars have been employed to form the ransom notes used by notorious kidnappers; calls to ban newspapers on that ground may face some opposition from extremists, but will no doubt soon reach the legislature.
I wrote about this professionally a number of years ago; it's funny how the 'experts' in the field, not to mention the researchers working for the publication, seemed to miss it. Just for fun, I even went to Google, and did a search for:
s e. pdf
"dead drop" cryptography terrorist
Sure enough, out pop a number of my papers. On the other hand, I really don't expect much more when I see iDefense involved in a story.
For those who are actually interested:
http://www.7pillars.com/papers/IntelNet.html
http://www.7pillars.com/papers/MT.html
http://www.7pillars.com/papers/Blueprint.html
These articles directly discuss the actual details that the news report hints at (poorly).
I would also recommend to the reader:
http://www.7pillars.com/papers/IntelligenceCour
http://www.7pillars.com/papers/Waging.html
A general list of various papers can be accessed through:
http://www.7pillars.com/pubindex.html
For the record, we've been pushing strong, unescrowed cryptography for a number of years. If groups like the FBI keep pushing scare stories out, much like the one that started this discussion thread, the aim is to keep crypto under control. It's already outside control (it isn't that information wants to be free, it's that information defies control), for the 'bad guys.' What the controls do limit, however, are integration of crypto into hardware and OSes at a basic service level. As a consequence, the good things that crypto would enable--like helping stop computer viruses, cracking of networks, identity theft, industrial espionage, in short, all the things that groups like the FBI should be more concerned about--are left unaddressed. If more information about -that- sort of thing interests you, take a look at
http://www.7pillars.com/papers/didfinal.htm
Michael Wilson
priesthood celibacy
Accually there is a passage in the bible encourageing priesthood celibacy. It is NOT a requirement, but it is encouraged. One of Paul's letters I belive.
There is a lot of scripture for sleeping only with your wife, and scripture for no divorce. Your right that there is little on celibacy by comparition so it is clearly of lesser importance. (In fact the little that can be used to imply it state clearly that it is the ideal, and most cannot do it, and there is nothing wrong with being amoung those who can't.
"To a greater and greater degree, terrorist groups, including Hezbollah, Hamas and bin Laden's al Qaeda group, are using computerized files, e-mail and encryption to support their operations," CIA Director George Tenet wrote last March to the Senate Foreign Relations Committee.
Surprise, America's Chief Spook doesn't like encryption, and won't give details to back up his claims. I'm sure someone would have noticed PGP blocks on cnnsi.com's discussion boards (or wherever).
Course, it's probably all a smokescreen. If he wandered around saying things like 'Oh, encryption doesn't really bother us. We just send it to our boys at Ft. Mead, and they tell us what it said.' it'd raise a few eyebrows.
Sometimes I worry, I really do.
Don Negro
Don Negro
Perl 6 will give you the big knob. -- Larry Wall
The made up language thing probably would not work for long. Patterns have a way of creaping in. And lets face it the bad guys already *HAVE* the encryption tech, so banning it probably will not help.
:)
Maybe someone should tell them that RSA was desinged by Jews, that might stop them.
Erlang Developer and podcaster
This reminds me of TV reports we frequently get after organised robberies. "The gang were very sophisticated, using mobile phones to organise their movements". We still keep hearing this even though over half the schoolkids in the country have a mobile phone and use it habitually.
People use crypto.
Criminals are people.
--
Seriously, the covert use of a public media to transmit military/paramilitary information is ancient.
The French Resistance, in WW2, often communicated with the Allied forces via coded messages in newspapers, etc.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
My sources are a special agent from the Florida Department of Law Enforcement with whom I worked on a computer crime case in 1998, and Robert D. Steele, former CIA case officer, founder of OSS Inc., and author of On Intelligence: Spies and Secrecy in an Open World. Good enough for me.
Incidentally, Mr. Steele's excellent talk at H2K is online in MP3 form here.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Consider the passphrase, for instance - much less entropy in a typical PGP pass phrase than in the key itself.
Or, how about advances in machine factoring a la TWINKLE.
If it's bugs you want, try the infamous ADK bug that went undetected for 3+ years, allowing third parties access to cleartext, a-la escrow.
Or the randpool bug of 1995?
I'd go on, but I'm bored of trying to pull heads out of sand.
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Most parts of science, be it pshycology, chemistry or mathematics, has a dual use. This is how the world we live in is made.
Sure, blame science. Outlaw science. And only ouwlaws will know science. Clearly, this is not a viable approach.
One would think that the broad audiece, the public, and even maybe politicians would realize this. But for some reason, which is beyond my comprehension, someone doesn't.
I have feet, and I have hands. And I am able to kill with those. I am also able to help others, using those same instruments. What makes me help others, rather than terminate their existance ?
Law, you may say. I would be punished, for using my instruments in a way disobedient to the law, given that my practice of so-called maljustice was discovered of course. From a personal point of view, I would say my odds of getting awaay with malpractice would be good. So what makes me a generally percieved nice person, and maybe even a to-the-heart nice person, given that I could probably get away with being otherwise ?
It is not law, clearly. It is not limitation in my possibilities in doing harm, either.
I am about to graduate with a master's degree, in half a year from now. Anyone with the slightest knowledge of basic phycics knows, that any engineer could assemble a crude nuclear weapon easily, given access to the proper materials and equipment. I suppose this makes me, and about a few million other people, a threat to the security not only of a nation that percieves itself as the only one in the world, but also a threat to humanity in general, to man kind... So why are we not hunted down like the witches and trolls we are ? Like we used to be ?
Accept, that with knowledge and skill, follows responsibility. Accept, that not all are equal. Accept, that some are born with a skill, and that others choose to achieve that skill thru hard work. But accept, that some has the knowledge, the ability, and the will to help. But accept also, that the possession of such abilities also implies, that the person in question may have the abiltiy to do harm.
Then, trust those people.
Thruout history, trust has been material in any relationship formed, and broken. World history is not likely to change, and basic principles of trust and relationships and even war, are not going to change anytime soon.
Get over that hump. Accept it. I'm a nice guy, and so are millions of others like me. Like you.
Am I the only one thinking "Duh"?
Send your friends messages of love at fuck-you.org
To: Osama Bin Laden:
The passphrase is "/."
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.0.4 (Linux)
Comment: For info see http://www.gnupg.org
jA0EAwMCZQtz4SsogXBgyUoINMfK7BSgYzT4L4ZxxLdfrGD
DlvBNKk1r5Y72jTzE0Hbw1cUBZ8spJhyoqG6mRWAKpKkFnB
=++Ya
-----END PGP MESSAGE-----
--
Why pay for drugs when you can get Linux for free ?
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
If you read the USA Today article, 2 of the 3 cases stated were broken for sure, for the other it's not said.
There is no place in the Quran or any other religious text that I'm aware of that recommends killing busloads of innocent children to complain about political acts halfway around the world.
There is also no place in the Christian Bible recommending the burning of witches, the killing of infidels, priesthood celibacy, drug banishment and many other things righteous christians do or have done in the name of their God. It is mostly a question of late interpretation.
The Islam deals explicitly the religious war problem, and the Jihad concept is fully developed. It was a necessary concept by the time Mohammed bought the main text to light and many islamic religious leaders think it remains necessary to this day, to face the western menace
While I agree with you that most of the conceptual knowledge will be concetrated at the top, as in any army, a practical encryption knowledge is needed throughout the organization. As Bruce Schneier always says, an encryption process is as strong as its weakest link. There is no point in the leaders using NSA-proof encryption to plan their acts and then communicating these plan to those who will carry them out in plaintext!
I think that my main point, since the first post, is that a western-centric view of the Middle East leads to grave distortions. Either we understand the historical and cultural background of the terrorists or we will never be able to deal with it
I think you are mostly right. I am not, I think, defending the Islam (or any other religion, for that matter), acts of terror in the name of a god or any kind of fanatism. If my post made you think otherwise it was my fault.
But I believe you are wrong in thinking that the religious rethoric is not sincerely acted by many, specially by those that will take their rethoric to its logical and ultimate consequences.
People who suicide-bomb school buses are usually very righteous, "pure" fanatics, the same kind of fanatic that bomb abortion clinics in the west.
These people will not only follow all their religious beliefs, they will follow those beliefs to the exact letter.
I really do not think these people will use porn pictures to communicate, specially when millions of perfect harmless pictures can be used.
Osama bin Laden is using encryption. Poor fool. With a couple of cracking Beowolf clusters (of Crays 'cause our government can afford the best,) his messages might as well be in clear text.
Using a one-time-pad code to transmit over a mobile Ham radio would get him better security. Come to think of it smoke signals would be more secure.
Some countries (like Britain, the US, Russia, Chine, India and Pakistan) started using one-time-pads before or shortly after world war two and still works fine to this day.
MSBPodcast.com The opinions expressed here are my own. If you don't like 'em... Think up your own stuff.
You are allowed to bear arms.
This is your constitutionally guaranteed right.
Encryption techniques are munitions (ITAR rules).
Therefore you are Constitutionally allowed to have and use encryption free of hinderence. Why is the American Citizenry allowed to bear arms? "Because they must be able to overthrow evil or unjust governments". It is for this very reason that the German Government not merely encourages the use of Cryptography but actively supports it. Quoting the Gnu Privacy Guard "The German Federal Ministry of Economics and Technology granted funds for the further development of GnuPG". I would just like to remind American readers and their Government that the Germans have more recent experience of "evil or unjust government" than anybody else.
The use of encryption as the modern day weapon against "Evil Government" is both far more effective and infinitely less fatal than the use of guns as permitted by an anachronistic Constitution.
It has come to our attention that the common household telephone has been a key component in numerous crimes, including plots to commit murder, kidnapping, acts of sedition, treason, and, yes, terrorism.
The threat to Our Great Nation (tm) is unacceptable. I hereby call for our congressmen to enact legislation as quickly as possible to eliminate this threat to Our Democracy (tm) and the Wellbeing of Our Children (tm) by banning any and all use of the telephone by unauthorized persons anywhere.
It is critical we do this quickly, lest the Bin Ladens of the world abuse Their Liberties (tm) take More Innocent Lives (tm). Remember, if you want A Safe And Secure America (tm) you must be willing to give up a few personal liberties. You didn't really need them anyway, did you?
The Future of Human Evolution: Autonomy
Osama Bin Laden and the majority of the Slashdot community have something in common -
;P
Zealotry and a desire for Jihad?
--K
Dateline Tampa, FL. - Sources close to the NFL, FBI and Tampa police state that upon review of the digital tapes of each attendee of the Superbowl, none exhibited any "suspicious" reaction to the Presidents accouncement. There were no "furtive glances" or "checking over the left shoulder" by the departing fans.
Police Chief Dan Glee Ballsak issued this statement concerning the event: "Yes, there were cameras there. But we emphatically deny that ANY tapes or recordings were made or currently exist. Which is a shame, as the resolution is good enough to apply J. Edgar Hoovers Phrenological Profile against the shapes of the attendees skulls to see if they will commit a crime someday. Now, if you'll excuse me, they're showing the flashing co-eds again."
Reporters were confused, but much reassured by his statement. "Digger" Smutch, a reporter for the Daily Dirt, made this statment, "That co-ed thing is kind of a weird thing to say, but anyone who can use 'emphatically' in a compound sentence must know his stuff."
Florida Democrats hailed the speech, admitting that Dubya, "Might be Okey-Dokey after all. After all we've done to abolish the 2nd Amendment, and freedom in general here in this country, the 1st Amendment didn't stand a chance. It is an encouraging sign that he recognizes the Unitaed States Governments divine mandate to rule, both in this country and abroad, in the material world and the spiritual world, and above all, regulate thought on the Internet"
The Democratic spokesman did let slip that fact that they do not know the number of fans cheering for New York during the game, but that they were, "Still counting," and hoped to have a hand-accurate count "Within 2 months."
--
--
"Outlook not so good." That magic 8-ball knows everything! I'll ask about Exchange Server next.
I'm surprised that no one else in this thread has mentioned the fact that encrypted transmissions have been hidden in newspapers at least since world war 2 -- the Japanese used some pretty clever crypto disguised as newspaper advertisements to inform their agents in the U.S. as to when the bombing of Pearl Harbor was due to go down.
I'm not surprised that the USA Today article failed to mention this interesting historical footnote.
And really, in some ways, its more secure to encode small amounts of data in a newspaper personal or want ad. Downloading a file with a hidden message will almost certainly leave an IP footprint -- buying a newspaper from a streetcorner vending machine is pretty much untraceable.
But it's not surprising to see this kind of scare-tactic propaganda used to make people mistrust encryption. (Oh yeah, and don't forget to be wary of foreigners, and their weird religions also.)
"The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own.
"
Actually, to roll your own without exposing yourself to side attacks is really difficult. How much entropy did the last random number generator you used/wrote have? Do you know? Would you know to know when rolling your own? Would a only 'reasonably' competent programmer know?
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
I cringe every time people start talking about crypto regulations-- why? Simple, for some reason it appears that U.S. citizens are incapable of believing that a country that isn't the U.S. (or at least isn't in a position that the U.S. can bully them) could create a mathematician with the skills required to develop strong cryptographic algorithms or the programmers required to implement said algorithms (along with the rest of the security chain). Its simple arrogance and it WILL bite us (I'm a U.S. citizen, what can I say?) on the ass eventually. Hard. Its not like this stuff is a nuclear weapons programs which at least takes a lab of some sort and readily identifiable "natural" resources (you gotta have a place to build bombs and you need stuff to put in the bombs). The crypto algorithms can be developed on a piece of paper and implemented on damn-near-anything (we could, of course, attempt to control every computer on the planet, but then most of the chip fabs aren't in the U.S. *whoops*). So what do crypto regs get us--- they hamstring U.S. companies in an internantion crypto market. This doesn't sound like a terrifically good idea does it? It also potentially exposes the average U.S. citizen in that massive personal crypto restrictions put us at a potential disadvantage (assuming a good chunk of the rest of the world responds to cries of restriction from the U.S. with a collective "Um, no? Wait, lemme think.... no"). This sounds like the opposite of what governments are put in place to do to me. Stupid.
But then, what can we expect of legislators trying to control something that they don't know enough about to even know they know nothing at all?
Maybe the goatse.cx and penis bird images are really encrypted terrorist communications! To be honest, I'd feel a lot better about that than if they were really there for their own sake. Yeesh.
Cheers,
IT
Power corrupts. PowerPoint corrupts absolutely.
Yes, I got the joke - most of us Americans (me included, even though I speak a little French) are regrettably monolingual. However, as you probably already know, the U.S. Government agencies involved in espionage & counterterrorism (NSA, CIA, FBI, et al.) are the largest employers in the U.S. (if not the whole world) of trained linguists and translators. Everything from French to Arabic, Persian and Urdu. After all, once you break the code, you have to understand the underlying message. And let's not forget the WWII Navaho code-talkers.... I wonder if they have any other "secret" languages up their sleeves?
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
This happens every year at about this time.
Paul.
You are lost in a twisty maze of little standards, all different.
Actually Adid was trained in the US, by the US Army
-- 73 de KG2V For the Children - RKBA! "You are what you do when it counts" - the Masso
Envelopes can be opened when there's cause; enctyption can't.
Firstly how do you know which envelopes to intercept in the first place? Even if you get that right you could end up with coded messages which simply cannot be atacked by cryptoanalysis.
Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation.
Actually the existance of such laws can easily make things less safe for the public. If an activity is illegal people enguaging it it have little to lose by breaking other laws. e.g. if the distribution and selling of drugs was legal then those involved would use lawyers instead of machine guns to solve their business problems.
After all, once you break the code
Except that codes, unlike cyphers, cannot be broken algorithmically.
And let's not forget the WWII Navaho code-talkers....
The langauge used here contained a large amount of "slang", such that even someone who knew the Navaho language could not understand the message.
A terrorist organisation (especially one linked to some kind of cult) is prefectly capable of comming up with their own slang and jargon.
Can the world be so simple that terrorism can be stopped by banning encryption ?
"Mr/Ms Criminal please don't break the law"...
I don't think so - could'nt we start off by banning terrorism, and see how it goes ?
You'd have to start by defining "terrorism", potentially highly embarrasing for many governments... (Most definitly including the US government.)
The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own.
You might just as well ask for something to be uninvented. Encryption is a technology several thousands of years old. Further it is far from the only way to send clandestine messages. Simply that it is a mechanism which lends itself well to automation.
There are some technologies, however, such as explosives, which although they have good uses, are mostly used for destructive purposes. Thus, they are tightly controlled by governments to restrict their getting into the wrong hands. Perhaps part of the problem is that because encryption, like explosives technology, is not widely used, many people see it as being only weapon.
The problem with control is that the technology to manufacture weapons is hardly secret. In some cases it's thousands of years old. A flint tipped arrow can be just as lethal as a bullet.
How do you infiltrate a terrorist organization made up of people who are relatives?
Using the same techniques the Americans and Italians use against the Mafia would be a good starting point.
Umm, what's the likelihood that "what's coming" is a missile versus something like a truck or van loaded with explosives?
The only kind of missiles terrorists tend to use are those of the very short range man portable variety.
There is perhaps a larger likelihood than you think. While improbable that Saddam will be lobbing his alleged nuclear arms at us in the near future, the U.S. should be vigilant in at least keeping tabs on what is going on where.
Senario 1, Iraq launches an ICBM. Before the engines even burn out the US has launched bombers and fed targeting data into land and submarine based missiles.
Senario 2, smuggle a bomb into the US, stick in on a truck and drive it to Washington.
Which senario do you think the average terrorist would go for...
Pity the poor loser with a win-gate proxy.
----
----
Am I the only one who thinks Microsoft is a misnomer? Perhaps Macrosoft would be a better fit?
Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.
I'd love to know who those informed sources were, and what the basis for their information is. Out-of-band attacks against systems are almost always cheaper, better and more effective than cryptanalytic attacks; after all, no matter how secure the pipe, it's still designed to leak at both ends.
Saying that "they'll only bother with cryptanalysis where out-of-band attacks are infeasible due to required time and labor" strikes me as highly specious. Out-of-band attacks are cheap, effective and fast. Cryptanalysis isn't.
Osama Bin Laden is the US's goverments blame child of the decade now that Castro, Qadhafi, etc are not longer a "threat". He is used as an example of why the terrorism needs to be fought and why the budget needs to increase.
For thouse that don't know, Bin Laden stole a great deal of money from the Saudi Goverment and built hospitals all over the Arab world. This has annoyed King Fahd who most lilky would have helped out anyway but this was done behind his back. Keep in mind that stealing large amounts of money in Saudi results in the death penalty. I suspect that Bin Laden was allowed to leave Saudi because of the good work that he has done there.
So why is the US got him listed on the top ten? Its because he feels that scnations aginst a country (Libya) are act of war and should result in people fighting back which he has done. They guy is an engineer and a good planner who feels his people (all Arabs) should be at war with those that have santions aginst any Arabs. He is also for a united Arab country. His work to bring western style hostpitals to the Arab world makes means that in many places in the world he has the type of respect that we would expect to be given to Mother Theresa in Inida.
If the US goverment did want to capture him, all they have to do is go to Ciaro and hang out in the Hilton and wait till he shows up. I know several people have have seen Bin Laden there.
It's an interesting parallel to what has happened with guns. As you think about this argument try to remain objective whatever your stance on gun control is. I bring it up for historical comparison not to start a political flamewar. The attitude of the media has been for some time now that only the government should have guns. Many people agree that citzens can't be trusted with firearms. Why should we have guns if the government is going to protect us?
What was done with the weapons of the past will now be done with the "weapons" of the future. It only makes sense to villify encryption. Without public outcry how can it be banned? The next step is to find some event that could have been prevented if terrorist X didn't have encryption. A recent office shooting prompted a slew of gun control legeslation by the Massachusettes state legeslature. Sooner of later the same thing will happen with encryption. When little Suzie gets blown up by a bomb that the FBI could have prevented if only carnivore had picked up the email and been able to decode it, then and only then will the real threat to encryption, privacy, etc. begin. If it happened with Colt it will happend with RSA. Remember that we DONT have a constitutional right to keep and bear encryption. Privacy rights advocates have a hard fight ahead of them.
"Damnit, boss, can't you see I'm working here, it only looks like I'm jacking off to g0at pr0n!"
- Some guy in Langley
Criminals, of course, simply won't obey the law. Duh.
Yep, and when crypto is outlawed, only outlaws will have crypto. Use of crypto will therefore expose one to surveillance because guilt can be presumed.
Amen. And it ain't the folks who want to outlaw crypto.
That's not about Johnny Badnote using crypto. That's about Johnny Badnote not being logged like he would be in the UK under RIP.
And from Badnote's point of view, it makes sense - if the "good guys" are targetting users of crypto for surveillance, then the best place to hide something is in plain sight.
After all, if you're a sports fan, are you likely to go to every Yahoo message board concerning football? Or just the ones that look like they have lots of active members and traffic?
From the black hats' perspective, all they have to do is misspell a few words (e.g. "fotball") and make it look like the message board and file repository is some lame kid's idea of cool, and nobody innocent will show up. (Any innocents who do show up will get bored and leave quickly.)
Six months down the road, someone finds that the photos of the high school "fotball" team are actually the photos of assassination targets, but by then it's too late.
Of course, the goal of the CNN article is to convince the sheeple that the "obvious solution" (namely crank up the intelligence community's version of Carnivore and have it sniff every packet that goes in and out of Yahoo, Hotmail, etc), a cure that's worse than the disease to most of us (myself included) reading this.
On the third hand, if it gets Carnivore out of the FBI's hands and turns it over to the intelligence community, maybe that's better than leaving it in FBI's hands.
(Paranoid conspiracy theory: The intelligence community is pissed at FBI for intruding onto its turf and is running this sort of article as part of a power grab ;-)
But the Lotus Notes backdoor story was true. Export versions of Lotus contained a 64-bit key, 24 bits of which were encrypted with NSA's secret key.
End result: A commercial eavesdropper would have had to break a 64-bit key, but NSA only had to break a 40-bit key.
My original point in defence of idefense.com still stands - idefense.com saying "don't trust products written in naughty countries" (because their core audience can't imagine "products" as meaning anything other than closed-source software purchased from vendors, and therefore don't see the security risks associated with closed-source vendors) or slashdot's perspective of "don't trust closed-source products because they're closed-source" (because our core audience can't imagine the country of origin as being a security risk) - are two sides of the same coin.
Surely all those billions the american taxpayers have been funnelling into the NSA's black budget have resulted in a system that is less that totally useless against terrorists using freely available tools..
Surely the gigantic investment made in the ability to listen in on most of the radio transmissions made around the world is going to prevent the US ever being 'taken by surprise' again.
Doesn't everyone know that underneath the pentagon there is a giant underground lake of liquid nitrogen in which 12 billion tons of supercomputing nodes are submerged, just waiting to crack Osama Bin Laden's encrypted messages??
I mean come on, the US have much more to fear from their own angry citizens (who have exactly the same tools and far better equipment at their disposal) than some guys in the Middle East who really just want to be left alone to fight their own battles without the intervention of some 'global policeman' whose only real interest is in ensuring a constant supply of oil and getting rid of that pesky radioactive waste by firing thousands of tons of it all over the battlegrounds.
Its like the US government is making out that encryption hasn't been used routinely at all levels of political structure for thousands of years, that is somehow a new 'weapon of terrorism' that must be combatted at all costs.
Do they really assume that everyone is as dumb as George Bush looks?
I gots ta ding a ding dang my dang a long ling long
The CIA employs a huge number of languistic experts. Don't believe me? Head over to cia.gov and look at the positions they're hiring for.
As for the latter, that's basically the same concept as a OTP- just less flexible (not any message can be sent), although equally impossible to break (without having a code book).
There's not much you can do to stop terrorists from communicating.
-bugg
You're right of course. For the vast majority of us there really isn't anyone who's out to get us. But that doesn't mean that there aren't certian things that we would rather keep private. Furthermore, it makes a big difference when the government starts telling you what you can and cannot write.
Encryption just doesn't matter that much.
Encryption matters a lot. It's not the encryption itself that matters but the fact that I want to have the choice to communicate privately in whatever form I see fit. I reserve the right to write letters in Latin (a language unreadable by many) or in ROT13 or PGP encrypted. The point isn't about the encryption but rather it's about telling me how my personal communications must be conducted. It's true that I rarely hit the encrypt button on my mail client, but I insist on having that choice.
encryption is not like putting a letter in an envelope for mailing, because the envelope doesn't protect the contents of the letter so much as it contains them from the rigors of mailing. If people could save 15c by not using an envelope, they probably would.
It's true that envelopes do offer some benefits that aren't necessary for e-mail. With an e-mail there isn't the need to bind together various documents inside a paper wrapper. On the other hand, it would be fine with the post office if you were to use envelopes made of transparent bond but no one does that. In fact a great many people use security envalopes which have printing on the inside to make it difficult to see what is inside the envalope without opening it. Your argument about people being cheap and unwilling to pay for the security that envalopes provide is baffling to me. People do save 14c by sending a post card rather than an envalope via the US Postal Service. In addition, they save another 2-7c by not buying an envelope in the first place.
living in a safe world _is_ a good thing, for those of you who are about to suggest that no freedom is worth giving up for safety. Anyone who hasn't been mugged or assaulted on the street may sit out of any discussion about the value of a safe world.
Of course living in a save world is a good thing. I doubt that there's anyone here who will argue with that. My question for you is how will restricting people's rights in anyway work to reduce street crime? My contention is that it simply won't. Overall, it would seem that there are more ways in which we will be vulnerable to crime without access to encryption than if it is not avaliable to the law abiding.
_____________
I don't want free as in beer. I just want free beer.
Suprizingly, terrorists no longer will use newspaper classifieds, telegraphs, and carrier pigeons for their nefarious communications. In other suprizing news, it turns out terrorists also use guns, bombs, biological and chemical weapons, instead of swords and clubs.
Someone you trust is one of us.
If we can cheer for anybody being replaced with the change of administration, Louis Freeh is it.
--
Knowledge is power
Power corrupts
Study hard
Time is Nature's way of keeping everything from happening at once... the bitch.
It's been fun the last few years watching the Republicans be the party advocating civil liberties, and the Democrats advocating National Security and giving the FBI whatever it wants. Now that there's a Republican administration, they've dumped figurehead Janet Reno but kept Louis Freeh, the Wiretapper Behind the Curtain, and the parties are moving back to their more traditional alignments.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The Genie's quite obviously out of the bottle, and although the Intelligence community apparently prefers not to work for a living, continued survelience of known terrorists and criminals is still the best prevention of their malfeasance.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Taken together, this is obviously collusion between the U.S. Government and the Media to garner public support for "key escrow" and other restrictions on encryption.
I do not deploy Linux. Ever.
Yes, American tax dollars at work, subscribing CIA agents to fetish sites so they can study their images for secret encoded messages. An extra 500 agents recruited fresh out of college to monitor sports chat rooms all day.
Now I'm trying to remember why I didn't join the CIA...
--
Perfect example. It's possible (in fact common) to write a PRNG which is quite good statisticaly while being quite poor cryptographically. A large LFSR is an example. Read Schneier's
- Applied Cryptography
for more.Wouldn't eating something count? (heh: consumption with intent to digest, public mastication, etc.).
--
Fuck Censorship.
News for Geeks in Austin, TX
Well, I can use a belt to choke someone and a pen to stab them in the neck. Gotta get rid of them... only the gov't can be trusted with pens! Paper and pens can also be used for encryption. Time to go back to carving stuff into rocks and clay!
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
Not really. Take a look at the RFC2040 description of the RC5 algorithm. It includes C reference implementations for just about every part of RC5, so that a programer would just have to stitch them together to create a useful program. Nor is this a singular example; IIRC part of the requirement for the new advanced encryption algorithm developed by the US was that there be a published, freely available reference implementation. I didn't bother to look, but I'll bet that there's similarly available information about well established asymmetric cyphers like RSA. This stuff is published and can't be unpublished.
There's no point in questioning authority if you aren't going to listen to the answers.
Interesting: The head of the CIA complaining to the US Senate about foreign nationals using crypto.....
Does he really expect the Senate to be able to prevent terrorists in another country from being able to use crypto?
How? Ban exports from the US? {Sarcasm!}Yeah, that worked so well in the decade....{/Sarcasm!}
Or maybe this is just a concerted effort by US Intel & Law enforcement agencies to re-assert some authority in a new administration?
WTF do I care, I live in the far more oppresive UK.....
"Mary had a crypto key, she kept it in escrow, and everything that Mary said, the Feds were sure to know."
Mathematically, RSA itself should take the age of the universe to brute-force- so I wonder what technique they were really using. The article doesnt give any hint what types of cryptanalysis was used.
Perhaps they merely tried to guess the passphrase- probably the easiest way since most people are simply going to use a handfull of ascii characters leaving a really small keyspace. Or maybe they know of a weakness in the random number generator their implementation used.
I bet they started with a dictionary attack, then tried common variations with capital letters, numbers and symbols mixed it( the goal being to decode his secret keyring ).
Regardless- the point seems to be that if they government whats to know whats on your computer they will find out- even if they cant do it casually and cheaply. The best way to send secret messages remains steganography and anonimity.
Any technology, the oldest (fire) included, can be used for the good of all or to destroy. When used in moderation any technology can be a good thing. Encryption can be used for good, as most of us Slashdot users can tell you. It can also be used for bad purposes. You cannot blame the circumstances on the technology, only on the person who misused it. Do not target the technology in your fight agains crime big gov! Target the badguys!
how exactly is banning encryption supposed to stop terrorists from using it?
Its not, its just supposed to give the monkeys in the suits a way to identify potential targets, and a legal basis on which to harras them if they so choose.
using Rubberhose. Make the government arrest us all get all the keys we can remember (and if fact all the keys we have) and they still can't prove that they have everything. That would be very cool and make it clear just how pointless trying to ban encryption is. The only way to put a end to this will be for a whole bunch of us to go to the mat for it. Should be fun if nothing else. :)
Cypherpunks: Civil Liberty Through Complex Mathematics. Those who live by the sword die by the arrow.
Is this a surprise? The modern media corporation's purpose is to provide information that makes people watch. The more people watch, the more ad dollars. What people don't realize is that alot of the time THERE ISN'T ANYTHING IMPORTANT TO REPORT! So, to keep the eyeballs glued to the set, the networks will embellish, overplay, overemphasize, or just make crap up in order to get people to find out about "the next big crisis". Without this opportunistic journalism style, the networks wouldn't be able to justify their size. The sad thing is, many small-time journalists (that I know) think that CNN still carries on the proud tradition of actually objectively reporting the news.
If I could think of something pithy to say, I'd put it here. No really.
http://csnation.counter-strike.net/cs2d/
It's all there including maps of terrorist bombing targets and hostage locations!
There's no such things as "good" or "bad" encrypted data. It's just a meaningless stream of 0 and 1's. So if you want to prevent terrorists, the mafia, kiddie porn traders, nazi groups and any other group you don't think should have unbreakable encryption from having it, you must put an escrow system in it, everywhere. Would political parties have something against this? Would corporations trading sensitive data? Would the military have something against it? Would freedomfigthers in non-democratic countries have something against this? Yes yes YES! Not to mention practical problems. First off, no government could make its own escrow system. Then I'd use Russian encryption in USA and vica versa, it'd have to be truly global, and I don't think all countries would like to share everything with everyone else, say Israel and the Arab world, Russia and the US, China and Taiwan to mention a few. Secondly, you cannot unrelease a program. The program, the source code, and the theoretical knowledge of how to make it exists and all copies can't be destroyed, and even if they were there'd still be people who know how to do it again. Thirdly, used wrongly a key escrow would clearly violate Article 12 of UN Human Rights Charter, which clearly states: "No one shall be subjected to arbitrary interference with his privacy, family, home or correspondence, nor to attacks upon his honour and reputation." Who would see to it that the government doesn't violate this, just because it can? Fourthly, most democratic countries would accept Article 19 about the freedom of expression to include the freedom NOT to say anything, the United Kingdom *not* included, see RIP bill. Kjella
Live today, because you never know what tomorrow brings
But the more basic, direct point is that encryption in the wrong hands can be dangerous. This is a fact: none of us want Osama's life to be any easier. It may not be possible to stop him from using encryption, with his very sophisticated global network, but encryption regulations would restrict less well-financed criminal operations. To me, this is a very tangible good.
I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation. Key escrow certainly could be reasonable.
Now I know most of us use encryption not because we need it but because we like feeling that we're more powerful than the government, but for lots of encryption uses, key escrow isn't so bad. That's just my opinion; what do you guys think?
One objection to this is that, by regulating encryption, we are changing are very society, and thus giving terrorists like bin Laden a victory. I don't really agree, but this is a reasonable point of view.
Another poster commented that chemistry should be restricted, and perhaps it should be in the sense that large fertilizer sales should be tracked (eg., by inserting chemical "tags" into the fertilizer).
Personally, I don't care. Phone taps and mail scans only catch a tiny number of terrorists and the ones that planted the bomb in Omagh, for example, which killed 29 people used clear-speech mobile phones to communicate and they still haven't been caught. The reason is that operation-time messages are just "At A", "Met J" style stuff which is no use to the phone-tapper or a court. Cells will always need to be infiltrated at planning-time to have any real effect. Meanwhile I want the ability to talk in private when I want to - not much to ask is it?
"Encyclopedia" is to "Wikipedia" what "Library" is to "Some people at a bus stop"
Where'd you get the stuff in bold? I'm curious to read the rest of it.
That's at Bin-Laden Interview.
Where, O where did you get YOUR info???
129 warplanes is about 25% of the US invading force[...] and somehow, the media MISSED THAT?
I wish I could say that S was near N on the keyboard... in any case, the best summary of NATO warplane losses that I can find in 5 minutes on Google is at NATO Warplanes used & lost. Note that the figures there are planes downed on Yugoslav territory... more were lost over non-YS territory...
There's better stuff out there (and in my bookmarks elsewhere)... the Canadian NATO commander, particularly, noted how incredible the YS pilots were... MiG-29s are nothing to sneeze at :)
Here's the real stats:
1. Cruise missiles with 30 percent hit ratios -- this is true
The point is that they were reported to the US public at over 90%; and that the Tomahawk development team had been given that as a goal. 30%, the publicity figure that the Pentagon pulled back to, was in fact the overall hit percent for Tomahawk targets -- meaning it doesn't reflect that it may have taken multiple Tomahawks to hit the target.
Untrue. It was local Somalians... and we actually had a 20:1 kill ratio...
There were a great number of Afganistanis there... and 20:1, if true, is pretty sucky against Somalis, compared to 200:1 in Iraq, no? Not that I'd believe Pentagon figures any more than I believe General Westmoreland's body counts...
only one manned plane was shot down.
See above. You were reading the US media, as it did its very poor job of serving the US people. The F-16 downs just didn't make the big papers.
Bin Laden has been using chat rooms, bulletin boards, email, and (presumably) PGP to plan his terrorist activities
Does anyone else think that America are using the "Terrorist Threat" to maintain fear in the minds of the public?
Does anyone else think that Bin Laden is some master evil mind bent on the destruction of America? -OR- is the supposed threat mainly used as a smoke screen to increase CIA, FBI etc operations, military spending, erosion of citizen rights and the like.
America is notorious for defining its self based on its present enemies - no one likes a 'bad guy' like a Yankee. It was the Square Heads and the Japs, then the Commie Reds, then Iraq, Iran and the rest of the Rag Heads, now its China and 'Terrorists'.
Why is America so pre-occupied with the people the think are 'out to get them'?
In a persons everyday life - how much time do you think is really necessary to worry about "Terrorists"? Give me a break. What a fucking joke.
Maybe Americans should stop and wonder why the world talks consistently as they do about America (over consumption, puritanism, imperialism, meddlers, etc etc). Does anyone ever think that the rest of the planet *just* might be right about this? Why must America consinstently act so contrary to the wishes of the rest of the world - and act as if they are have a divine correctness in world?
Please trust me when I say this is not flamebait or troll So if you'd like to mark it down because you dont agree with my assertions - Ill simply repost it. Ive got max karma.
Guess with China becoming the next big enemy, they want chinese taught to protental agents.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.
Heh... 129 US warplanes is about 25% of the US invading force of Kosovo, and somehow, the media MISSED THAT?
I remember watching the predator Unmanned aerial vehicle flights over Sarajevo a couple years back. Those planes couldn't dodge a well aimed bottle rocket, and the US never lost a single one of those to enemy fire.
That crack rock must have sure been good...
It obviously caused your mouth to gravitate to a more comfortable place for you to speak from.
krystal_blade
It will be easy to motivate our fellow man; there is hardly anything people treasure more than not being annihilated.
www.fourmilab.ch - get the entropy tester :)
The problem with capped Karma is it only goes down...
SIG: HUP
How long to terrorist's messages need to be, anyways?
What am I getting at? Well, an unbreakable encryption system has already been made, and it has been around for years, and could be implemented with a pen and paper. What you need is a once-used cipher that is longer than the text being transmitted (a random cipher).
So, joe terrorist could carry around a CD-ROM with 640 Megs of random ciphers and just about any message could be secretly transferred.
So what excactly is the point of banning encryption because of this instance, when it really doesn't matter? Certainly terrorists have CD-Burners and 20 year old books on encryption (and have read the first chapter)...
An excellent complementary notion. Thanks.
I do not have a signature
Don't forget, the embassy-bombing trial started today. Might be relevant? FBI PR folks whispering in reporters' ears on days they know Osama et al. are on their minds?
sulli
RTFJ.
IANAL, but I was wondering- would the DMCA make it illegal for the NSA to circumvent my personal use of encryption? What if I copyrighted every one of my emails that I sent, and said that PGP was copy protection? Or if I was a ceo in canada and I said that my encrypted emails were vital to my us-canadien buisness and that if the goverment of either nation was decryting my email- it would cost me millions and therefore i could sue/extort that much money from the canadian/us goverments under the conditions of NAFTA. What do you know, america? :)
So quick with fear you tiny fools!
"When they make encryption against the law, only (8erhnfd9(*9yh3^%$@@ IHDSFiED(#*)HR Y#(R$#HDHS#@(*Y..."
Fist Prost
"We're talking about a planet of helpdesks."
Fist Prost
"We're talking about a planet of helpdesks."
-Jaron Lanier
Actually if you study history a bit you will find that Bin Laden wa probably on our governments payroll. He was instrumental in fighting the Soviets when Afghanistan was fighting the Soviet Union. the U.S armed Bin Laden and other willing takers in their fight against "communism'. I guess now that the Government needs a scapegoat it might as well be Muslim's and Latin Amercian Narco traffickers.
If only the members of terrorist orgs know the signals then how do they know about it?
My guess is that they're tracking encrypted messages on the internet, telephone and wireless and then they probably try to figure out if the parties on either end are shifty characters via background checks or racial profiling. How else would they know this stuff?
Since most people probably don't use encrypted email or what not it would probably be a really useful technique for law enforcement agencies.
"sweet dreams are made of this..."
Time had an interview with him a while back. Found it here . He skirts questions about his culpability. A lot of it is still scary.
Either way, it is true that the US govt frequently claims that Bin Laden is the source of all evil with little to no evidence.
Which leaves me wondering: why is this being dredged up now? Is the administration preparing for another assault on cryptography?
I think it's important to put Bin-Laden's quote in context:
... Yanks don't like to see their casualties dragged through the streets ... basically, we had the strength but not the stomach ... war means death, on both sides. Get over it.
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.
There are lies, darned lies, and statistics.
Here's the real stats:
1. Cruise missiles with 30 percent hit ratios - this is true - dumb bombs with JATO pods ($500 for warhead and $2000 for pod) have a 99 percent hit ratio, whereas cruise missiles have a 30 percent ratio (it can go up to 80 percent in ideal conditions).
2. "In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia." Untrue. It was local Somalians and we actually had a 20:1 kill ratio in that particular battle, which most countries would regard as fantastic. But
3. "In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these." Wrong. Most of these are unpiloted or remote pilot drones, only one manned plane was shot down. There's a big difference between a $500 remote drone used for artillery spotting and remote scouting being shot down and a stealth fighter biting it.
Next thing you know you'll say that Bush won the US election, even though ballot analysis shows this was not the case, as all of Europe knows but our media won't cover.
--- Will in Seattle - What are you doing to fight the War?
I said:
Here's the real stats:
1. Cruise missiles with 30 percent hit ratios -- this is true
You said:
The point is that they were reported to the US public at over 90%; and that the Tomahawk development team had been given that as a goal. 30%, the publicity figure that the Pentagon pulled back to, was in fact the overall hit percent for Tomahawk targets -- meaning it doesn't reflect that it may have taken multiple Tomahawks to hit the target.
Again, I said the goal was 90 percent, 80 percent is under ideal conditions, 30 percent is battlefield - we both agree, although I said cruise missiles not Tomahawks - I worked in LRCSW at Boeing for a while, so I know the difference. Not all cruise missiles are tomahawks.
Untrue. It was local Somalians... and we actually had a 20:1 kill ratio...
There were a great number of Afganistanis there... and 20:1, if true, is pretty sucky against Somalis, compared to 200:1 in Iraq, no? Not that I'd believe Pentagon figures any more than I believe General Westmoreland's body counts...
Nope, just rumors. And 20:1 is still damned good, it's only that Yanks think noone should die. When you actually serve in a military and see a few dead bodies, we'll talk - until then, I still say this was a combat victory and a media loss - accentuated by a lack of proper support to achieve unrealistic goals.
only one manned plane was shot down.
See above. You were reading the US media, as it did its very poor job of serving the US people. The F-16 downs just didn't make the big papers.
No. You said US planes, not NATO planes, but you give NATO planes shot down. I say again, most downed planes were pilotless, very few had pilots but were drones and scouts that got hit. And the US downed plane count was in the single digits, no matter how you slice it.
Face it, the US doesn't care how many NATO planes were shot down - we only cared how many US planes were shot down. And from a media standpoint, that's all that counts.
--- Will in Seattle - What are you doing to fight the War?
ARLINGTON, Virginia (AP) -- Osama bin Laden and other Muslim extremists are using food and air to give them the sustenance they need to plan terrorist activities against the United States and its allies, USA Today reported Tuesday.
The paper said weeks of interviews with U.S. law enforcement officials and other experts disclosed details of how extremists take oxygen into their lungs and consume readily available foodstuffs.
The report said instructions for "respirating" and "aquiring calories" are apparently part of the earliest indoctrination that (potential) terrorists recieve.
"To a greater and greater degree, terrorist groups, including Hezbollah, Hamas and bin Laden's al Qaeda group, are eating, drinking and breathing to support their operations," CIA Director George Tenet wrote last March to the Senate Foreign Relations Committee.
USA Today said the testimony was presented at a closed-door hearing and made public later.
Following up on that report, the paper said it learned from various unnamed officials and investigators that life is sustained by using freely available air and nutritious consumables that are sold for a profit all over the globe.
"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper.
In a related story, the IRS has recently ruled that the cost of Windows upgrades can NOT be deducted as a gambling loss.
Possibilities include
h8z_USA
T3rr0r1zT_1234
Da_Bomb
!Luv_Saddam!
Muslim_Hunk873
Giggles
If you read this, Osama i was just kidding, ok? Don't "blow up" on me.
Given a reasonably level playing field, who would win a fight between a bear and a shark?
When I read this story in the Atlanta Journal-Constitution this morning, I couldn't help but think that there's going to be some politician out there calling for the banning of encryption. Never mind that a U.S. ban would accomplish absolutely nothing in this case, since the terrorists are based in Afghanistan. And even if you ban it, and even if the terrorists are U.S.-based, how is such a ban supposed to help? The software is already out there, and new products are being developed around the world, not just in the U.S. Hell, you can even hide messages in graphic files. Are we going to ban everything but plain ASCII text? If someone posts an encrypted message on a Web site or bulletin board, what good did that ban do? The message is already posted, and you may presume that someone has read it by the time law enforcement discovers it. And never mind the fact that if someone wants to cause mayhem badly enough, they're going to do it with or without encryption or even computers. People have been blowing up things for centuries. Still, logic has no role in politics, so we'd better brace ourselves. And one last thing. I love it how politicians always say that we will never give in to terrorists when we do just that every time some asinine proposal like this surfaces. Terrorists are ultimately out to destroy our quality of life, and the really ironic thing is that law enforcement agencies, by advocating such extreme measures, are helping them further that goal.
That light you see at the end of the tunnel might be from an oncoming train.
Unfortunately the choice just isn't that simple.
To make (strong) encryption (without keys for any gouvernment) illigal will not stop criminals from using it. The programs for this are already out there. Why should they not use them? The only way to find out what they're doing is to try and decrypt
- everything
on the internet. And to read it, of course, because I might hide illegal encryption by encrypting it a second time "legally" (e.g. with a key for the CIA).Do we really want this?
After all, who should hold the keys to internationally fight terrorism? CIA? They're spying on our economy already, no thanks. Mossad? KGB? Or maybe the UN, but then we could be sure that 1) it won't be used and 2) it will be hacked.
No, to make key-recovery-free encryption illegal won't stop a single terrorist from using it. It will, however, stop law-abiding companies from doing so, which in return will seriously reduce their chances in the future.
It's clear that the reporter didnt' bother to think about what he was writing. Ket Escrow is necessary, he implies, because Bin Laden can hide his files with crypto. But, in the same article, he explains the reason Bin Laden uses crypto now, namely the FBI is tapping is satphone.
Yathink, maybe, he might cotton to the whole key escrow thing, and start using Islamic Jihad crypto instead? The reporter went to great pains to explain how Bin Laden's people have sharp techs in their side...
Also: if the crypto is "uncrackable', as the reporter states, why are the terrorists bothering to hide the stuff in porn and chatrooms? It's uncrackable, right?
Wait, it's not uncrackable! "Phillipine police found the computer in [Ramzi] Yousef's Manilla apartment in 1995. US officials broke the encryption and stopped the planned attack. Two of the files took a year to decode, the FBI says."
The FBI ought to require Jack Kelley (the reporter)to pull his head out of his ass before writing this propaganda. At least it'd be internally consistant. A quick read conveys the message that crypto is bad, the FBI is your hero, and A-rabs are evil. A thoughtful read conveys the stupidity of Kelley and the anti-crypto movement in general.
Whatever happened to JonKatz?
Open technology and the rise of near-unbreakable encryption has allowed each individual to make their own decisions about privacy and to act upon those decisions without recourse to regulation or government interference. This is a wonderful thing in a nation where the government seems to increasingly view our Constitutional rights as something preventing them from doing their job.
But as with all things there is a flip side! Just as we can use encryption to ensure our private thoughts aren't available to every spook with a PC, terrorists like Bin Laden and rogue nations like Iraq or North Korea can use encryption to prevent our defenders in the CIA, NSA and so on from stopping their terrorist activities. And unless encryption breaking techniques make a quantum leap foward in the next few years, this situation is going to become the norm.
Now overall I would say that the privacy to be gained in this situation outweighs the relatively small number of terrorist uses of email and the net. But these agencies need to be able to do their jobs effectively! They're not just there for show, they do a valuable and worthwhile job in ensuring our citizens are protected. In order to offset the loss of information caused by encyrption, we need to ensure that several steps are taken.
Firstly, we need to to step up manned operations abroad, especially in known trouble spots. We'll need to recruit more people to do this, which means increasing budgets. And in the event that all of this fails, we're going to need the much-maligned national missile defence folks. When you don't know in advance what's coming, you have to be able to protect yourselves! It's no different from soldiers wearing a bulletproof jacket, and in these times when nuclear proliferation is a fact of life, America needs that jacket.
It's the Red Scare all over again.
I mean, come ON. These people are going to use cyphers or one-time pads if they can't get their hands on modern crypto. They'll assign meanings to quotes from the Koran, and print those. And heck, they don't need to use pr0n sites and sports chat... What's wrong with email, AIM, and IRC?
If the entire NSA and Pentagon can't outsmart a bunch of religious zealots with automatic weapons and explosives, crypto or no crypto, then we're all in trouble.
This story is a shamefully obvious attempt to manipulate the public into accepting continued restrictions on their use of strong crypto. It's clearly intended to support someone's agenda... whose? The USA Today's or someone else's?
I can see the fnords!
I would have thought that the obscurity provided by the massive amounts of information passing over the net would have been enough to communicate anything of necessity. And besides, if they can communicate in a different language (ie. one they made up), without a primer there's no way to tell what they're talking about anyway.
"Less well-financed criminal operations" == "a crook who can't afford a used 386 system with a 9600-baud modem"
I think /. folks shouldn't just have a knee-jerk reaction but should try to think of reasonable government encryption regulation.
Reasonable regulation means curtailing, not expanding, the powers of government agencies which establish a clear track record of abuse.
/.
/. If the government wants us to respect the law, it should set a better example.
It's 10 PM. Do you know if you're un-American?
From www.idefense.com:
We know this because we've already done stuff like this to our adversaries.
Or perhaps you didn't know about the Postscript hack we snuck into Iraqi HP Laserjets as part of the Gulf War.
Or perhaps you didn't know about the backdoors in Lotus Bloats that we used to steal European industrial secrets.
Or about the stuff about the French government's stated policy of using industrial espionage in the late 1980s, to which our Bloats backdoor was probably a response.
Make no mistake, these guys do have a vested interest, but they're emphatically not fruitcakes. They know whereof they speak. This particular threat is very real.
Before you moderate that as "Troll" - ask yourself what's the difference between:
- idefense.com saying to its audience "You know you've
embedded backdoors in stuff you sold to adversaries, now
they can do it to you?"
- Rabid
/.ers saying "Open source is more secure than
closed-source because it's harder to hide the backdoors".
Hint: None at all.It's the same risk, just viewed from a different perspective by a different audience with a different set of shared experiences and concerns.
(fsckin' Slashdot's on the fritz again, apologies for any multiple posts.)
Check out these fruitcakes they're quoting:
"It's something the intelligence, law-enforcement and military communities are really struggling to deal with," Ben Venzke of the cyberintelligence company iDEFENSE told the paper. "
ok, head on over to www.idefense.com, browse a bit, find some speeches, dig out the tasty quotes:
"We already know that some 30 countries are working on offensive information warfare programs and the principal target for each is the United States. We know, too, that if a US business buys hardware or software from such countries as Russia, China and France, there is a very good chance that they will be infected by bugs or various kinds. We also know that every day hundreds of American companies are attacked through cyberspace and that billions of dollars are lost through theft and blackmail.
"
"
For example, no American intelligence agency effectively mines open source data and shares it across federal agencies and with the private sector. Yet open source data could be a huge national asset. Real reform might mean the creation of a Central Analytical Agency that could collate and analyze all open source data and distribute it via the web to its customer base in the private and public sectors. Only secret intelligence would be the responsibility of the existing intelligence community. Not only would this create a significant and profitable national asset, but it would eliminate wasteful duplication in the intelligence community."
Read the whole thing, it's beautiful.
They even get to speak before congress now and then.
Good thing they don't have a vested interest in the whole thing.
At least they got hacktivist right.
--
What happens when you outlaw guns
What we're really talking about here is a balance between our personal privacy and the public safety - we should be be carefull not to race off and give away our privacy when in practice all it will mean is that the black hats will use different technology - if that happens we've all lost and the feds have gained nothing ...
I heard this story on NPR yesterday, and could think only one thing ...: Anytime a government agency is using propaganda to loby for a restriction of your rights -- something is seriously wrong.
Free Techno/Jazz/DNB/MI Music by guys obsessed with monkeys!
You mean fringe members like Yahoo, Amazon, most anyone else doing e-commerce on the web, and major financial institutions?
gorvernment used the news media like a precision weapon in control what was known, by whom and when
Its no secret to anyone who wasnt weened on American media that this is true - the 18:00 news programs are the worst offenders. Why arent *AMERICANS* capable of seeing this? When I mention it to an American they think Im nucking futz.
It couldnt be more obvious... its a goddamn circus.
The fact that the legislation will be totally pointless and do nothing to actually hinder the problem as stated from flourishing will not (indeed it never has before) prevent the US government from passing laws to protect the sheep^H^H^H^H^Hcitizens from purportedly dangerous elements.
Laws against drugs, alcohol, child pornography, murder, and a host of other perceived ills have had no visible effect on the rate of the occurrence of these crimes, nor is the public predictably safer from the incidence of these acts as a result of the legislation. The best the government can do is provide sanctions for those found guilty of committing said crimes within US jurisdiction and mete out punishment.
Sometimes well-intentioned laws are used a basis for creating special classes of criminals who, once suspected of the crimes, are conveniently divorced from their normal rights as citizens (witness the drug war and the FBI/McNaughton-style sting mania).
The end result of legislation like this is to feed the general trend of Americans to be cowardly and fearful, who feel it is better to let governments and corporations make up their minds for them (because after all, if we can ban the export of munitions-grade encryption, we must have produced it, right? so we're number one! yeah!), and in this case, will make sure that no citizens, for better or worse, will be keeping any secrets which would undermine that authority and control.
I do not have a signature
It's a program that will CORRUPT ANY FILE!! Whoa, that's phat with a capital PH!!!
Untitled.gif illegal softwarez!!!!!
Available for intel windows and alpha linux.
This software does not require the installation of photoshop 6.5. Consider yourself invaded by foreigners!!!!
"Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag
Don't be fooled by the religious rhetoric - it's bad enough that thousands of weak-minded teenagers (who happen to be Muslims) in the middle east are. Political Islam has nothing to do with religion. The Quran is an expedient tool used to manipulate people into following cynical leaders. In the US they would use the Bible.
A tricky thing with religion is that its reliance on the unseeable and unprovable makes it and its followers fairly ripe for manipulation. Once someone has demonstrated that they're willing to believe something just because a book says they should, any wanna-be despots have a ready-made self-selected audience to focus on.
Even then, the majority of people are sensible enough to recognize bargain-bin demagogery as just that, and steer well clear.
Just as most professed Christians are nice people you'd be happy to have as next-door neighbors, most Muslims are ordinary folks who want nothing more than to get through the day, have a good job, feed their family, and have an excuse to smile from time to time.
Anyway, the point is that anyone who manipulates a religion as a tool for motivating others to commit acts that stand against that religion's doctrines (as terrorism does against Islam), has already shown where they stand, and there's no particular reason to believe they're not watching the Playboy channel with a cold 40-ouncer sitting atop their copy of the Quran right this very moment.
"Patriotism is your conviction that this country is superior to all other countries because you were born in it." -- GBS
This is typical over-reaction by the media. Don't you love how every few weeks they get some new 'Techno-demon' that they need to exorcise? Of course they get a quote from some know nothing politico who wants a sound bite. If they took the time to understand encryption (or any other technology), there would be a lot less static on the airwaves... I weep for the state of modern journalism. Rant complete. IT
As has been said many times before, always remind your semi-digital, but public-spirited friends concerned with encrypting terrorists that Criminals of any kind use the same bathrooms and the ALL of rest of the infrastructure (Roads&Phones&Water&Electric&Mail etc.) that we we do, but no one suggests shutting those things down or severely impairing their usefulness because bad people use ordinary things for bad reasons. Helping create a fascist and paranoid state in response to terrorism polarizes the population -which is as important a goal for terrorists as terror is.
Besides, restrictions on encryption technology can't stuff this cat back into the bag; the software is out there, and that's that.
Intelligence and police agencies have been using other techniques to get around the use of encryption since the late '80s, from keystroke logging hardware slipped into a suspect's keyboard (what was that about a passphrase?) to the simple and ancient techniques of Van Eyck/TEMPEST monitoring (nabbing the cleartext from the RF emissions of the CPU or display).
Informed sources tell me the NSA has been breaking PGP for years, but they'll generally only bother in cases where side-channel attacks are unfeasible, due to the required resources in time and labor.
Someone's pushing an agenda with this article, but I rather suspect it's Gannett (owners of USAToday) and CNN.com, who's essentially paraphrasing the USAToday article. Sadly for us /. paranoiacs, it's probably no agenda more sinister than "attract readers with inflammatory stories", just like many other sites we know and love. :)
-Isaac
I am not a lawyer, and this is not legal advice. For Entertainment Purposes Only.
Is there any strong evidence that Bin Laden really exists, and is really the mastermind of a global anti-American plot? Sometimes I get the feeling that he is just the generic evil guy that the US drags out whenever it needs to push some agenda.
USA Today article is so filled with garbage and gaps, so clearly following an (no-very-well) hidden agenda that I don't even have the energy to debunk it all. So, just a few commented hightlights:
a) "Hidden in the X-rated pictures on several pornographic Web sites". The article starts with this major culturally ignorant phrase. All "bad men" quoted afterwards are fundamentalist muslins. These guys are as likely to found in pornographic sites as Mrs. Barbara Bush is likely to be photographed burning the flag.
b) "Uncrackable encryption is allowing terrorists ? Hamas, Hezbollah, al-Qaida and others ? to communicate about their criminal intentions without fear of outside intrusion," FBI Director Louis Freeh said last March during closed-door testimony on terrorism before a Senate panel. "They're thwarting the efforts of law enforcement to detect, prevent and investigate illegal activities." Please notice the "last March" expression. This panel was reported and fully discussed (See the news here. I believe it was even discussed in Slashdot, but I couldn't find the article)
c)"encryption has become the everyday tool of Muslim extremists in Afghanistan, Albania, Britain, Kashmir, Kosovo, the Philippines, Syria, the USA, the West Bank and Gaza and Yemen, U.S. officials say." I guess they also have radios, all forms of guns, phones, cameras. They also use cars, trains, buses. Let us ban all of those.
d)"All the Islamists and terrorist groups are now using the Internet to spread their messages," says Reuven Paz, academic director of the Institute for Counter-Terrorism, an independent Israeli think tank." This has absolutely nothing to do with encryption. Notice the equality achieved in the sentence between Islamist and terrorist. Rephrase to "All Southern Baptists and racists groups are now using the Internet". Think about it.
e)"They're hidden using free encryption Internet programs set up by privacy advocacy groups. The programs scramble the messages or pictures into existing images. The images can only be unlocked using a "private key," or code, selected by the recipient, experts add. Otherwise, they're impossible to see or read." We should throw all these "privacy advocacy groups" in jail and lose the key, shouldn't we?
f)"It's no wonder the FBI wants all encryption programs to file what amounts to a "master key" with a federal authority that would allow them, with a judge's permission, to decrypt a code in a case of national security. But civil liberties groups, which offer encryption programs on the Web to further privacy, have vowed to fight it." Of course, as we already know that all the enemies of the United States are a bunch dumb arabs, they obviously cannot develop their own software. So they will be forced use US-made software that automatically deposits their private keys with the FBI.
g)"Who ever thought that sending encrypted streams of data across the Internet could produce a map on the other end saying 'this is where your target is' or 'here's how to kill them'?" says Paul Beaver, spokesman for Jane's Defense Weekly in London, which reports on defense and cyberterrorism issues. "And who ever thought it could be done with near perfect security? The Internet has proven to be a boon for terrorists." Who ever thought a spokesman for a defense and cyberterrorism publication could be so dumb? To discover how does Mr. Beaver manages to keep his job, that would amaze me.
The discussion about the racist bias of the article is left as an exercise to the reader.
MSK
And THAT, my friends is precisely why the Americans leave us Canadians alone. (-:
Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store. Most online merchants destroy your credit card number after it's no longer needed, and keep only minimal records of it (4 first or last numbers). Compared to bricks-and-mortar shopping, where the store makes one or two copies for itself and one copy for you to lose, with 'customers' behind you that can look over your shoulder because of poor handling of the card, it makes me feel nervous. However, if you take away encryption from the equation, all bets are off, since a packet may travel through dozens of systems and routers before being recieved by the vendor you're trying to buy from.
How much freedom are you willing to sacrifice in order to gain safety? To me, the benefits that society gains from encryption far outweigh the evils that can be done with it. Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage. I'm glad to be living in Canada on this point -- there's never been any plans to stop private citizens from using or exporting encryption, with the exception of those products imported from the United States that employed 'high-grade' encryption that was banned from export from the United States. Why do you suppose the OpenBSD project, which uses encryption where ever possible, is based in Canada? ;-)
I used up all my sick days, so I'm calling in dead.
It's obvious, then, that if the government has a tight enough rein on the terrorists they're pointing out who use encryption, then obviously the government is good enough at tracking terrorists without being able to track their keys, and they simply don't need to worry about it!
Of course, the reality is that this is prime material for legislatures to begin convincing the less tech-savvy "common man" that they desperately need legislation in place to form a Key Escrow so that anyone's keys can be cracked by the government if they so desire.
Criminals, of course, simply won't obey the law. Duh.
Only outlaws will use encryption. I know it's an old saw, but how exactly is banning encryption supposed to stop terrorists from using it? The mathematical basis for most algorithms is still out there, and just about anyone reasonably competent at programming can roll their own. Not to mention that software can legally be written in countries other than the US, so unilateral action won't do any good anway. The genie is out of the bottle, and it can't be put back in.
There's no point in questioning authority if you aren't going to listen to the answers.
In a related story, cnn.com is also reporting that Osama Bin Laden and other terrorists are using this new technology called 'chemistry' to carry out their work.
'Chemistry' could be a new, important tool in the terrorists quest to stay one step ahead of authorities and commit mass-murder. The senate will soon debate a bill which bans the use or export of this 'chemistry' and proposes stiff new regulations.
Liberty.
What would happen if the NSA and the CIA and the FBI and all the Military intelligence communities get public key escrow and the right to snoop thru our email and web pages?
Answer - it would not affect them at all. The bad guys already have PGP and they can't crack it. The bad guys already have image encryption and they can't crack it.
All this will let them do is run roughshod over the constitution and pry even more into our private lives.
And, remember, Bush Sr. was Director of the CIA - don't for a second think that this is not a pretext to take even more of our civil liberties away.
--- Will in Seattle - What are you doing to fight the War?
Curses! Foiled again!
omega_rob
I think that this incident is precisely a government campaign to build public support for encryption regualtion. My grad instructor worked for the 'intelligence community' during the Gulf War; he implied without saying directly that the gorvernment used the news media like a precision weapon in control what was known, by whom and when. So much disinformation went through CNN, with their blessing, that it is amazing we know any 'facts' at all. Who knows, maybe Bin laden is on the government payroll...
There is no guarantee that the content has been read or understood.
Now, how are the mainstream to be convinced that using encryption is a good thing? This is what we all want to do, correct? Well, we won't manage it by trying to do so ourselves - being lectured at by the freaks will only make the public resist even more. I suggest that we embrace the criminals for this campaign. The fact that Bin Laden and criminals like the mafia use encryption make it into a sexy field again, like it was in the 1920's through 40's, say. If we wish to impress Joe Public, it is imperative that we use the tools of advertising, which uses sexy images and subliminal suggestions, and not reason, which bores the common man and causes him to switch off.
Much like antidrugs campaigns by the government can increase their appeal and use in many quarters, I suspect that any government campaign to convince people that encryption is evil because it is used by terrorists criminals will surely backfire, and increase the sexiness of the field and general usage statistics for encryption.
This is what encryption has needed to enter the mainstream.
They fuck you up, your mum and dad.
--Anticipation of a New Lover's Arrival, The
Late at night, Muslim terrorist headquarters...
General walks into a room unannounced.
General: Samir, what are you doing?!?
Samir (surprised, suddenly turning his attention from the computer): General!!! I-I-I didn't know you were here at this hour, sir!!!!
General: Samir, were you using Allah's network connection to visit porn sites?
Samir: No, General! Of course not! I was just -- I was just, eh, using the porn site's bulletin board to send terrorist messages, sir! (types in something random)
General: But I can't read any of it!
Samir: Of course not, General! You see, sir, they're encrypted! Yes, that's right, they're encrypted!
General: Very well, I'll let it pass this time.
Samir turns off the computer and the lights. Exeunt.
General: By the way, Samir...
Samir: Yes, sir?
General: I think "CIABoy935466" likes you.
To the editors: your English is as bad as your Perl. Please go back to grade school.
http://www.attrition.org/~wrlwnd/crypto/steanograp hy/jpeg-steg/
Maybe you could use this to tunnel IP over USENET porn?
I think it's important to put Bin-Laden's quote in context:
----> The US conducts Operation Desert Storm. The US media reports it is an enormous success -- highlighting the role of Patriot missles and other high-tech systems -- when in fact, MIT researchers later show that none of the Patriots hit their intended targets, cruise missle performance was dismal (30% ish), etc.
----> In 1992, a bunch of Bin-Laden trained hicks kick the US's butt in Somalia. Boy, we don't hear much about US military effectiveness in the media.
----> In Spring 2000, 129 US warplanes are downed in the Yugoslav/Kosovo conflict. The NY Times reports only one of these.
As an advocate of a truly strong military -- as opposed to a bloated, bureaucratic, budget-and-career-path grabbing mess -- I think we ought to be listening pretty strongly when Bin-Laden says America is run by "devils."
Why? Because what Bin-Laden is saying is that America is much weaker than is says it is. That it is run by a bunch of cowards who lie about just about everything -- including our military capacity. And that sort of lying has everything to do with the current case.
Instead of going out there and building a strong, honorable military that can defend Americans along with the ideal of freedom, the FBI and etc. are going out there and building a totalitarian state that prevents the flow of information and the development of ideas. It's saying that people can't have encryption, because we're too cowardly and lazy to defend against it, and playing to the weakness and fear of the public. This is the essence of unfreedom. This is what destroys republics.
It is also the direct opposite of the democratic ideal which protects our society. The idea of freedom of information is that we become strongest when ideas can flow without government restriction -- that we solve problems, build economies, develop new technologies, and learn to protect ourselves better in a free society. And it is for this reason that totalitarian societies are doomed to freedom.
Is Mr. Bin-Laden using encryption? Is he building a military force to fight the U.S. government? Is he hurting the U.S.? If so, then I say, as an American, thank you Mr. Bin-Laden. Thank you for pointing out how weak we have become, under the direction of Mr. Freeh, and Messrs. Bush, and Mr. Clinton. Thank you for showing us that our society is so weak, and so unfree, that it cannot defend itself from you. Thank you for pointing out the devils among us, and how unfree they have made us, and that they are liars.
And that the lie is, that it is good to restrict technology, restrict information, restrict DeCSS, restrict encryption. That it is good to not let Americans see when their planes are shot down, or when their soldier die because they are unprepared for real war, because it "maintains morale" and public support for the military. The lie is, that restrictions and lying and totalitarianism makes us stronger, when it weakens us, weakens our military, and weakens our democracy. The lie is, that this benefits anyone, other than the bastards telling the lie. And by that, I mean Louis Freeh, among others, in this case.
All I have left to say, is that it is time to get the bastards out of office.
When the Marines landed in the last days of 1992, bin Laden sent in his own soldiers, armed with AK-47's and rocket launchers. Soon, using the techniques they had perfected against the Russians, they were shooting down American helicopters. The gruesome pictures of the body of a young army ranger being dragged naked through the streets by cheering crowds flashed around the world. The yearlong American rescue mission for starving Somalians went from humanitarian effort to quagmire in just three weeks. Another superpower humiliated. Another bin Laden victory.
"After leaving Afghanistan, the Muslim fighters headed for Somalia and prepared for a long battle, thinking that the Americans were like the Russians," bin Laden said. "The youth were surprised at the low morale of the American soldiers and realized more than before that the American soldier was a paper tiger and after a few blows ran in defeat. And America forgot all the hoopla and media propaganda ... about being the world leader and the leader of
the New World Order, and after a few blows they forgot about this title and
left, dragging their corpses and their shameful defeat."
Oh yeah me and Osama go way back to the old school days of ef-net.. check out this old log i found:
:DDDD:D:D:D:D:D hey man! whats happening?
;)~~~
*** Osama888 has joined #metallica
<Osama888> wasssuuuuuupppppp >:D
*** UN sets mode: +o Osama888
<brakzilla>
<Osama888> man I was out shopping for nitrogen rich fertilizer at this damn store in al Kabarfi and this zit faced punk at the store was all up in my face
<brakzilla> hehehehe lol!!
<Osama888> hehe then I told the guy, "do you know who I am??" and he was like D:
<brakzilla> werd!
<Osama888> yea w3rd.. brb pizza
don't sweat the petty things and don't pet the sweaty things
It's supposed to be completely automatic, but actually you have to press this button.