Slashdot Mirror
Is Crypto Solely for Criminals?
deran9ed writes: "Interesting outlook from an article on IDG detailing the use of encryption, and the negative campaigns against it. "When the Feds -- be they CIA, FBI, NSA, or Treasury Department -- discuss crypto, they make it sound as if anyone using it must be a child pornographer, drug smuggler, or terrorist." I wonder if the government feels the same about corporations encrypting their business plans in order to avoid having them stolen. Here's the article." The author has a point. SSL and SSH (or whatever it's called now) are widely used. But how many people routinely encrypt their email?
Encrypting material on mailing lists has a significant "what's the point?" factor. Most mailing lists are so easy to get on that encrypting traffic on the email list serves no useful purpose.
Any mailing list which is open to the public gets no benefit from encryption. Any mailing list which is closed only gets minimal benefit; the security of a message drops to the square of the recipients. If your intent is merely to protect mailing list data from casual eavesdropping along the way, though, here's a scheme.
1. Joining the list is done through the typical process, but a public key is given to the server as part of the process. (Out-of-band verification, etc., is assumed and won't be covered here.)
2. Whenever someone posts to the list, they sign the message and encrypt it with the server's public key.
3. When the server gets a message, it decrypts the message. It now has plaintext + signature. After verifying the signature, it sends the message out to each listmember, encrypting it for their specific key.
4. When a client gets a message, it decrypts-and-verifies that it came from the listserver. It then verifies that it came from the original sender.
... Note that this scheme is horribly naieve and is extremely vulnerable to attack. It also doesn't solve the key management issue; but instead of every listmember needing every listmember's key and all the assorted key management that entails, the burden is shifted entirely to the server.
It's a simpler scheme than every participant encrypting for every other participant's key, and simpler schemes tend to be more robust and secure. That doesn't mean that this scheme is robust and secure.
As I said, encrypting mailing lists has a large what's-the-point factor. There are so many ways to attack a mailing list that I doubt one could be secured.
Why the fuck would a government impersonate it's citizens????
Why the fuck a government attempt to screw it's citizens (unless, of course, it's been totally subverted) ???? And why citizens instead of ranting about that would actually do something about it, like vote them out of office????
Why those incredible assaults come from countries where individual rights are paramount???? France doesn't have as high a reputation for individual rights as anglo-saxon countries, yet there are no widespread perception of wholesale government spying on and impersonating their citizens!!!!
Must be some collective neurosis...
--
In this case it's interesting to note the difference between Canada and the US's stance on encryption. This is from the Goverment of ontario, and tells you that you SHOULD encrypt your email.
-- Don't make me replace you with a small shell script.
Good points. I agree with most, that is to say, you took the words right out of my mouth.
I would also add that if I want to encrypt email, all my friends have to as well (if I'm very strict about it).
Also, could we not put in a header in the mail to direct you to a server to get the public key?
Woz
It has to do with importance. If the only time you encrypt email is when it's important, then it becomes very easy for an attacker to say--"oh, hey! This fellow usually sends one encrypted email a week, but this week he's sent off 25. I wonder what's up?"
Simply knowing that a message is important can often be all the help an attacker needs. This is called "traffic analysis" (analyzing patterns in who talks to whom about what, whether the conversations are normal or priority traffic, etc).
By routinely encrypting all your traffic, that denies an attacker the ability to say "... hey, encrypted traffic is coming down the wire; something's up."
There's always been the principle of innocent until proven guilty. But as soon as there's anything electronic in the picture, it's suddenly the opposite; you're under suspicion for anything and have to prove your innocense, and nobody seems to complain.
--
"Oppression and harassment is a small price to pay to live in the land of the free." -- Montgomery Burns.
At our company we encrypt all email. Since a lot of the discussions are about patented or patent pending ideas, due dilligence requires that any email going over the net be encrypted. We expanded that to be all email to add to the noise factor should someone be watching.
An enormous part of the problem with having routinely encrypted email is that without taking basic manual security precautions it is impossible to eliminate man-in-the-middle attacks. If Alice has never sent email to Betsy, how does she go about getting her public key? From a PGP key server, say? How do you know the [insert government/industry black hat name here] isn't standing between you and them, replacing the real key for one they have the password to, and then passing on the email re-encrypted so Betsy would never know?
Perhaps you're smarter than I am, but every _transparent_ method of key verification I can think of is foiled by someone in control of your link to the outside world. In order to keep this from compromising your security, you'd need a different verification method. This would require, for instance, Alice calling Betsy over the telephone and having her read back her encryption key's fingerprint, and comparing it with the key she got over the net. This isn't something a casual computer user is willing to do regularly in order to check his security.
Why the fuck a government attempt to screw it's citizens (unless, of course, it's been totally subverted) ???? And why citizens instead of ranting about that would actually do something about it, like vote them out of office????
:-) and are granted immense powers with which to carry out this important duty.
Ok, I can't be bothered explaining this all in detail, so I'll be brief and over-simplify. Apologies for any innacuracies that result.
In the Real World, the government is elected, but it is not the government that does the dirty work. It's the various secret agencies charged with protecting National Interests (and any dirty laundry the government would prefer the voters not know about
Now the people who work in these agencies are NOT elected, and do not lose their jobs every time a government changes. They live in a world where secrecy is paramount, everyone is hiding something, and spies regularly turn up where you least expect them. The culture and atmosphere inside such an isolated group whose duty is to be paranoid, can get _very_ fucked up. (eg, such isolation that at least one agent thought that people who wore jeans were potential subversives.)
An example closer to (my) home: A person who campaigned against the New Right Economic theories (which were held to be completely above question at the time) had his house invaded by the SIS. Only by accident did he have any reason to suspect it was not a normal burglary, and only by several court trails did he even manage to get the SIS to cease their denials and admit they did it. Another man here was placed under survelience for 12 years (ending in a house search for spurious reasons) because he has writen some articles for a peace magazine. Back then, "peace" meant people who didn't like nuclear weapons, and surely the only people who could possibly have any reason to dislike nukes would be the commies. Ergo peace campaigners were the Red Commie Threat. And they were treated as such, dispite of their civil rights to free thought, speech, and association. (Only Decent Folk should have rights. It's ok to violate a Crim's rights in order to catch them and thus make society safer). So they had their rights abused regularly by enforcement agencies as a result. Nothing to do with the government, (though the government, like much of the public, would have had very little sympathy and considerable suspicion for such "peace" advocates.) People who were NOT criminal, but people who disagreed with the ideology of the day (and the twisted ideology of the agencies). That, and the fact that there is virtually always no recourse and no justice, is what is so scary.
In other words, the reason people are paranoid is because misdirected uses and abuses of power happen and happen regularly. If you know people who campaign on issues, or who are in activist circles, or who are protestors for a cause, then finding first-hand accounts of such abuses is unlikely to be difficult - agency activities are not even remotely as exotic as they seem to most citizens. And that's a huge part of the problem - the idiotically niave "Haha, she's obviously got an inflated sense of self importance to think the secret service is interested in her", thus denying victims even recognition of their injustice, and replacing sympathy with scorn.
It's a real problem, and if you can't be bothered contacting people who have been injustly targeted by agencies, at the very least do not scoff about it.
As to your questions, even the democratically elected governments have great restrictions on the information they can get on the activities of certain agencies, and more to the point, it's in both parties interests that the difficult questions simply don't get asked. So they don't.
Why those incredible assaults come from countries where individual rights are paramount???? France doesn't have as high a reputation for individual rights as anglo-saxon countries, yet there are no widespread perception of wholesale government spying on and impersonating their citizens!!!!
Yeah, not for at least a hundred years! Ok, 75. No? Would you believe 50? Ok, 50.
Sheesh, I know lots of people who are older than that. I hope to be older than that somebody, myself, and without having to live through my goverment spying on and/or impersonating me as they might well have done 50 years ago.
- Crypto software is hard to use.
- Public-key infrastructure is still mostly a myth.
- Crypto requires learning.
... Those reasons are the big ones for why more email isn't encrypted. 95% of the population lacks the technical skill to use encrypted email, and 95% of the population doesn't recognize the need to encrypt mail anyway.Before anyone even thinks of refuting this one, think about this: anything that requires more technical know-how than Outlook Express or Eudora is automatically going to fail in the marketplace. Why? Because 95% of the market finds their own technological skills tapped out at the level of using Outlook Express for basic email, to say nothing of doing something as advanced as (gasp) installing a crypto plug-in.
As long as crypto software has any kind of significant learning curve, crypto software is not going to be widely-used. SSH is widely-used today, mostly because for casual use it's indistinguishable from telnet--the sysadmin (who has tech savvy) takes care of key management and the users just have to be told "type ssh instead of telnet".
For all the millions which have been invested in PKI, it's mostly a crapshoot. The typical user still doesn't have a bat's chance in hell of using a public-key infrastructure properly. If Joe User wants to encrypt a message for John User, Joe doesn't know where to find John's public key, wouldn't know how to import the key even if he had it, and wouldn't know to do an out-of-band fingerprint verification before using it.
Sometime, take a look at the documentation that comes with PGP. It's pretty good, all things considered. It's also about the heftiest documentation I've ever seen for a consumer software product.
Users don't want to learn. Users think (not unreasonably) that programmers should make programs work the way the users think they should, instead of demanding that users learn the way the programmers think the program should work.
For the record, my public key is available on Slashdot. I encourage anyone who sends email to me to use it. Even without a fingerprint verification, it's better than nothing.
While I'm sure that your message is extremely interesting, informative, and thought provoking, I find that I am unable to legally decrypt it under the terms of the DMCA.
Would you please consider posting a message "in the clear" so we can all read the unprotected version, or is your message only for those who have licensed your decryption product so as to read your protected, copyrighted text? If the latter, where can we obtain such a license?
Sincerely, Jerf
Police have a hard job, but worst I think is the corrosive daily contact with criminals and their horrible acts. Without special precautions, they are sure to eventually see the world as made up of victims, perpetrators and cops [potential or actual].
A user of encryption doesn't much look like a cop, although in one way he is -- enforcing privacy and wiretap laws. A user of encryption doesn't look much like a victim, although they are potential victims of wiretap or other eavesdropping. So encryptors must be criminals.
One way to look at using crypto is that you don't send postcards discussing private matters, you put a letter in an envelope so the postman can't read it.
;)
I encrypt my email so only the recepient can read it - if the security services here in the UK want to read my email, they will use the RIP bill to get the private key and passphrase from me. At least then I'll know they are interested in me
...about 3 years ago, a bunch of us started pgp-ing our email at work, both internally and externally. Within a week, an email from the IT department went around asking people NOT to use encryption, as 'it is causing an undue load on the mail server'. Baloney, they just couldnt read our mail any more....
and send it to random friends all over the country, none of whom use encryption.
They have no idea what's in it, but more importantly, neither does the NSA!
--
Someone you trust is one of us.
- encrypted traffic is easy to detect and
- ppl tend to forget about temp files which can contain an unencrypted copy.
the first point doesn't bother me until the traffic is easy to decrypt. the second point is a common occurance [even though i hate to generalise]. the only simple solution i've found is an app called evidence eliminator [for which i do not work or hold any type of equity].this program is more paranoid than me [which is a healthy sign]. my fave feature is that it does clean out your windoze 9X or NT swap files.
if you work with information which is sensitive enough to require encryption then erasing [using multiple passes and re-writes to erase] your temp files is essential to guard against your HDD being compromised.
the issue of authenticating the recieptant wasn't dealt with in this article but a link to this story - http://www.infoworld.com/articles/ca/xml/01/03/12/ 010312camentor.xml called USPS delivers a digital, signature-certified mail system dealt with how the US Postal Service is dealing with identity authentication when sending email to a US Federal Govt address.
Personally, i'd be happy if the NZ IRD [Inland Revenue Department] issued me with a personal digital ID. my employer issuing a second for work email would also be great.
Regards Sinesurfer A Nerd is someone who lives for technology, A Geek is someone who lives for technology and loves it
The Holy Trinity for law enforcement is terrorsists, drug lord, and pedophiles. Whenever they argue for an expansion of power or a diminution of personal freedom they cite the Trinity and count on people like you to fall in line.
See, unlike (apparently) you, I don't happen to believe that the world is filled with wave after wave of pedophiles, held back only by the heroic efforts of American law enforcement. I believe that there are a few (relative to the hundreds of millions of Internet users of the world) who are some truly sick and demented bastards -- but I don't see how giving the government the authority to limit my encryption capability is going to reduce that.
I don't happen to believe that drug lords are a bigger threat to The American Way Of Life than the War On Drugs is. The wholesale discarding of the Bill of Rights (save the 3rd Amendment) in pursuit of the goal of eliminating a product that millions of Americans have decided for themselves is morally acceptable despite being illegal is what _I_ see as a threat. No one ever worries about Cotton Cartels and the evil ill-gotten gains of the textile lords. Make drugs a legal product whose business is conducted in the light of day with FDA and IRS oversight and the drug lord billionaires will go away. And it doesn't even require encryption limits!
Lastly, terrorists. This one got a huge boost after Tim McVeigh expressed his displeasure with American policy and the destruction of TWA Flight 800. The fact that 800 was destroyed in what was most likely a highly improbable but not impossible set of coincidental circumstances has had no effect on the certainty of many Americans that somehow, Moslem Extremists were involved. After all, planes with Americans on them never have anything bad happen to them unless there's a Moslem in the picture. McVeigh's actions, on the other hand, were horrible, evil, unjustifiable, and utterly unstoppable with limits on encryption. There was face-to-face communication with his partners and the purchases, truck rentals, etc. were all done in the light of day. Reductions on _our_ freedom could not have stopped him anymore than they could have stopped the men who bombed the World Trade Center.
Ah, you say, but some terrorist groups _have_ been caught when their coded messages have been intercepted and broken. We _have_ saved lives and preserved the order and safety of our American Way Of Life.
I don't care. I really don't. The fact that expansion of police power leads to expansion of arrests is a given; the question under discussion is "To what degree are we prepared to accept limits on our freedom and our privacy in exchange for the increases in a dubious public safety?" I say None. Yes, advances in technology make law enforcement's job harder. Tough titty. My life as a free man doesn't come with conditionals that can be dialed back if John Law finds himself having a tougher time. If encryption makes the time-honored wiretap (itself a disgusting violation of privacy) obsolete, then so be it.
Responding to your concluding comment that the crimes of the Trinity aren't important to fight: they are -- but they aren't nearly as important as the continuation of freedom and privacy. If my privacy means that one more child gets used in a porno flick made by a deviant, so be it. If it means that one more kilo of cocaine sneaks into the US undetected, bravo. If if means that US-Irish are able to raise money and ship it to Northern Ireland to further a bullshit revolution that kills innocents or that the bullshit revolution comes to my own soil, I can accept that. I do accept that. I would urge you to do so as well.
Learn to spell: nickel, missile, lose, solely, amendment, speech, kernel, probably, ridiculous, deity, hierarchy, versus