Slashdot Mirror
Congress Considers Mandatory Crypto Backdoors
disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.
I have mixed feelings about this... It could be good in catching terrorists, but privacy avodocates will have a field day. What do you think?
"Black holes are where God divided by zero." - Steve Wright
without much fight. All the right words will be said for fear and fright
And if you fight against it you will probably lose... unfortunately. Maybe in a year. Or two. But the mood of the American people is quite frightening- cold rage.
Besides- who says the government CAN"T break them already? It probably just takes a bit more effort...
how is this going to stop hiding information within email attachments?
I'm sure some open-source (and even minor corporations) would never agree to this.
Especially those not in the US.
Do you like German cars?
This is what I am afraid of! :(
:(
Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this
The Price of Freedom
Jeremy
Those who give up essential liberties for temporary safety deserve neither liberty nor safety. - Benjamin Franklin
Slashdot 's editors are dickheads
Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.
Whatever djinni that was in the bottle is out now. Restricting cryptography and crypto research in the US will do nothing to prevent its further development abroad. The Congress' energies would best be spent elsewhere, I think.
This
Realistically, since the threat originates abroad, you would need to make all countries of the world follow this law. Also keep in mind that terrorists don't usually follow laws. Thirdly, home grown crypto is easy because Applied Cryptography (great book) costs $40.
Mandatory Crypto Backdoors: thats like saying that anything with the words "Top Secret" on it should be posted on every major website, and shown on TV. Stupid...
I think Congress just figured out the easiest way for the government to save money. Get backdoors into everything, and you don't need the huge expensive code-cracking supercomputers anymore.
.derf
This is all well and good but we have to remember where programs like PGP originated from. It would not be all that difficult for a terrorist/organized-crime to contract a programmer to write such an application based on RSA or IDEA. Even with backdoors, the U.S. will have to dive head first into stenography which is the clear alternative to encryption.
We all understand that security = 1/freedom and I hope that the government does not get way out of control. It is obvious that our airport security was not up to snuff and most part the internet is a fairly insecure place. I don't think that anyone watching the terror unfold had any doubts that their lives were going to be changed forever. Hopefully, some sort of balance between security and freedom will be reached even if it means being stripped of many of our freedoms in the short term.
it is merely and inconvenience and private threat to law-abiding citizens. any criminal with half a brain-cell will use their own crypto on top of any encrypted or open links. the technology is already out there and cannot be recalled.
how does the government propose to revoke bin laden's existing crypto? how will this new law possible stop him or others? that's right, it won't.
The cat is already out of the bag
The genie is out of the bottle
Humpty Dumpty is already broken
Etc.
What would this accomplish?
Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.
We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".
We can rest assured that all terrorists will promptly upgrade their crypto systems to use the backdoored versions. They are a patriotic and considerate bunch after all.
sheesh.
legislators.
And how is this supposed to stop Bin Ladin from encrypting his communications? Seems like the only people that would end up with these helpful 'backdoors' would be us citizens.
[PowerPoint] is a tool for capitalist presentation
Like the concept could possibly work. Why dont you just forbid terrorists from using oxygen? About as practical, and 100% effective.
And how, exactly, will this stop people
who live outside of the USA from using "real"
encryption? And how can they even detect people inside the USA from receiving and decoding "real" encrypted messages? It's like copyright - they
can't physically stop you downloading in violation of copyright (if you were that way inclined).
I guess what the world should do is come up with an acceptable compromise - have one encryption standard for communications, but get Adobe to come up with it...
Secondly, did anyone see this clip of Bush today? I mean... I think it speaks for itself.
All this means is foreign business will not buy American crypto, and secret plotting will be done (as it has been for thousands of years) in a hidden cave somewhere.
Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.
His sympathizers, on the other hand...
It seems to me that this has the same problem as the war on guns, if we outlaw cryptography programs with out back doors only criminals will use them.
Those who give up essential liberties for temporary safety deserve neither liberty nor safety. - Benjamin Franklin
Slashdot 's editors are dickheads
Sure, they want backdoors into email encryption now, and it seems harmless, but what will they want next? Why not have every home in America bugged; that way we can know when a burgaler is going to commit a crime. Cameras everywhere, low crime. Of course, the price will be the right of privacy.
And when your behaviors are available freely for government inspection, it's much easier for them to supress behaviors they do not approve of (cause they know when it happens, unlike now when it can be hidden behind closed doors). You know, meetings about how to reform government.
Of course the government will tell you that they'll use these backdoors only when they need to, national security type things. That's what the Dean at my old high school said, and then we caught him watching the monitors repeatedly for the fun of it.
Oh yeah, not that the government has to actually be watching for you to be good now. Think how different your ations would be if you thought that the government might be watching at all times. This is pure, hardcore social control. It's like a gaurd tower in a jail. If there are clear windows, you can always tell when you are watched and when you are not. If the windows are dark, then you never know if you are being watched, so you act as if you are always being watched.
They might as well run a wire into our head.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
Most crypto is made outside of the US, and as such they would have no control for adding back doors to it. They would have to create an import restriction so that US citizen's can only use US written crypto. And that wouldn't hurt Bin Laden at all. So don't worry...
Yeah, your right, This country was founded with the principles of freedom. To take away our Civil Liberties simply to hunt down a terrorist demeans us down to his level. And who's to say that, once lost our civil liberties will be regained? AOL has already sold out it's myriad of moron customers by handing over e-mail records, and i doubt there was a subpoena issuesd for those records.
-dcviper
ACLU
Ummm, err, say what, now?
...only outlaws will have strong crypto.
See also: it's nigh impossible to stuff that genie back in that teensy weensy bottle.
That said, if every politician was willing to come clean with every lobbyist they talk to and every single red cent of soft money their pockets are lined with, I might be a bit more willing to listen to them try and take away my selfsame right to freedom.
In the absence of that, they can, with all due respect, go frick themselves silly.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
freedom is something you fight for, not give away because you're scared.
From what I've heard, Osama Bin Laden doesn't use cryptography so much as he avoids using electronic communications at all. He has even (gasp) been reported to meet with his underlings *physically*, as in "lets all go into the same room and talk face-to-face".
Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.
Tarsnap: Online backups for the truly paranoid
Illustrious Baron Harkonen today decreed that
all citizens will be equiped with remote-controlled
heart-plugs. This will make us all safe, because
only the loving Baron will have the transmitter,
and he will only use it to protect us.
-I like my women like I like my tea: green-
Did you know, you can walk into almost any store and buy a knife WITHOUT ANY BACKGROUND CHECK? They should at least check the buyer for dark hair and skin, the signs of a terrorist.
And I understand that plans to make knives are available on the internet? It used to be, only a skilled craftsman could make one, now any punk in his mom's basement can craft a steel blade capable of hijacking an airplane and crashing it into a building!
I think the best reply one can give to the politicians who want to impose this is:
"And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"
I am a firm believer in the right to bear encryption.
The right to bear arms is there to protect us from the goverenment from becoming a tyranny. Tyrant in charge? Shoot em! Big brother in charge? Encrypt!
Slashdot is an anagram for Has Dolts, and I am Dolt number 468543
..the government can break current encryption methods - easily.
Maybe they want terrorists to think that the U.S. government is afraid of encryption and therefore encourage it's use amongst them. Meanwhile, we, the citizens, suffer however.
Probably not, but hey..
Stupider like a fox! - H.S.
Back in 1998 Rivest wrote Chaffing and Winnowing: Confidentiality without Encryption.
IMHO, this is just one more step towards a police state.
I do not deploy Linux. Ever.
I knew issues such as this would come up when I heard news reporters on Tuesday comment on how this attack was only possible because of our "open" society.
/. story is just part of a greater question we need to ask. Did we, as a country, get the balance of rights vs. safety wrong? In all seriousness, are some of the rights we hold dear REALLY that important now that we're forced to realize that tuesdays events are possible? Are we willing to give up some of our rights (not limited to privacy) to lessen the odds of this happening again?
The irrational way to look at this is "This is just another attempt by THE MAN to take our rights away". I think it is clear that in our society there is a balance between the rights of the individual citizen and the safety of the masses. Previously, most of us have asserted that this is not true without reason - that more rights does not mean less safety, and less rights does not mean more safety - because that is the "american way" and how we were brought up. I have been forced to admit in the past days that this just isn't true, on one end of the spectrum we can have zero rights and have our safety assured (strip searches at airports, every phone call monitored, 1984 etc etc) and at the other end we have anarchy and the ability to do whatever we want but our saftey is always in question.
I think this
If you are sitting there shaking your head and thinking I am a troll, what will it take to have you consider this question? Does someone need to walk into downtown LA or San Fransico with a suitcase mininuke and kill 300,000 people before you wonder if search and seizure without just cause is REALLY that big of a deal?
Just something to think about. In the meantime, the CIA is more than welcome to read my email and laugh at the list of porn sites I visit.
Those who would trade freedom for security deserve neither.
******
"What makes you think I care about your opinions?"
I, an American Citizen enjoy the security I have with crypto. I like knowing that the scriptkiddies that can see my traffic are unable to gain any information from my traffic that could be used against me, against my employer, or my friends.
Why bother to make more laws? I'm sure there is a large stack of computer related laws, but nearly none are enforced, except when they want to slam somebody who is doing something thats perfictly fine in our books, but that they just don't like.
I say we need to rally on this one, Crypto is good. It protects the common man from imtimindation, It protects companies private information, it aids in the protection of networks, that would otherwise be at risk of being hacked, by open logins, passwords, and secrets that cross the internet all the time.
If you want to detur use of encryption, just outlaw it, and only the unlawful will use it, the lawful are the ONLY people hurt by such ideas and possible laws.
Be reasonable, and Just. This is no time to be bickering anyway, nor is it time to take actions anywhere close to what the FAA has done.
If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them. It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns. Again, what the FAA has done, only hurts the lawful people.
IPSec & SSL Rocks!
The thing is that, if we'd all been using PGP for all of our email for the past five or ten years, it would be much, much harder to catch a terrorist using the system. You can do traffic analysis so much more easily when only a few percent of messages are encrypted.
So if they do ban crypto without back doors, the non-back-doored messages stick out and can them be ferried off to the NSA to be analysed with much less effort.
It's hard to argue with this, you know? I've personally stopped encoding my messages for the moment so as not to soak Echelon bandwidth - and I'm only half joking. We may have worse enemies to worry about right now than our goverment.
but I doubt the gov can crack them, but if they gave us the addresses or info on the systems that house terrorists, heh, well we could give them a go no?
While I realize that it is an invasion of our liberties...
If they want to read my email, let 'em.
If they want ot read email about confidential stuff that I work with that requires NDA -- who am I? I dont care...
What I want is for ('them' - The Gov't) to be able to monitor things, so that the bad guys go where they need to go. I get that they are not the most compenant people, but if this is what they want, they'll probably get it anyway...
Sorry, but thats my feeling.
Dave
Eviscerating the Bill of Rights, specifically the Fourth Amendment, will do nothing to stop terrorism. Passing laws banning secure crypto will not faze the terrorists; they're already outlaws!
Ben Franklin said it before, and I'm going to say it now: those who would trade liberty for safety deserve neither.
******
"What makes you think I care about your opinions?"
Adobe puts a back door into it's ROT-13.
If you disagree with this bill then turn yourself into the police now! You are indeed a terrorist. We need to get tough on terrorism and intellectual property theives. I feel that the rescue and cleanup operation in New York City should take a backseat to DMCA enforcement.
I haven't really followed the state of crypto freeware in years. Last package I used was PGP, which now seems to be commercial (www.pgp.com).
Time to get familiar with the free stuff again, I think. What's good and reputable? I have no idea where to start.
(Looking for Mac/Win desktop stuff, but wouldn't mind looking at Unix stuff too.)
The mildly paranoid will also only use compilers they have compiled themselves, and only use implementations that have undergone a line-by-line code review by a trusted person in their organization.
The truly paranoid will only run this crypto on isolated systems using chips that they have personally inspected the original die and have an established 'chain of custody' from original pressing to installation in this isolated workstation.
Osama Bin Laden will just have a few dozen of his faithful followers memorize 'one time pads', and a few hundred who can do 8-round Rijndael in their heads, and laugh at the silly Americans giving up essential liberties for a little temporary safety.
I do not deploy Linux. Ever.
Also, I'm sure the Chinese goverment would be happy to agree to such a scheme.
...richie - It is a good day to code.
There's no way a foreign company is going to put up with the US government being able to read their stuff like it was a plain text postcard. "Why no, Airbus, we didn't pass on the amount of your bid to the people at Boeing who donate millions to our campaign funds. You can trust us. Really."
Do they expect OBL to stop using whatever crypto he uses now and to change to the new improved with a backdoor built in version?
Bin Laden used to use cell phones and satellites, now he uses the internet the way it was originally designed to be used, as a military communications tool. If they can find his messages but not read them, will they shut down the internet to block his messages? What happens when AOL starts screaming about being put out of business? Or do they have a plan for a different type of internet, one where they provide and charge for the content, just like cable television, and all the user stuff sent back upstream goes through the NSA computers before the government allows it to get where it's supposed to go?
I see even classic Slashdot is now pretty much unusable on dial up anymore.
Then if all the new cryptos have backdoors, terrorists will just use old ones without.... Not like they will much care about using the new ones, who is going to force them to?
(Score:0, Interesting)
This is base grandstanding by a politician in the wake of tragedy. Saying that it needs international cooperation is tantamount to admitting that it can't be done and setting up to blame the rest of the world when it fails.
The constitution was written by a group of people that had visceral knowledge of what it means to need a revolution, in the bloodiest sense of that word. Our modern laws would be a lot better if they were informed by that same knowledge.
A Call for Open Standards
GPG (GNU PGP workalike) for your email, and OpenSSH for your secure shell needs (ssh, scp, sftp, spop, https, ...).
Liberty in your lifetime
It takes an incredible amount of conceit to imagine that the U.S.A. is the only possible source of encryption software in the world. What makes these idiots think that Bin Laden is going to continue to upgrade his software (and therefore subject himself to potential back doors which his current software lacks)? And back doors are useless against stenography anyway.
It would make more sense to put "backdoors" in airplanes to prevent crazy pilots from getting control of them in the first place! I can't think of any non-stupid way to implement this. (Do we really want airplanes to be remotely pilotable? But it can't be a worse idea than restrictions on cryptography.
Maybe they should pass a law that from now on, terrorists must encrypt their communications with CSS.
Shipped from Canada or Europe to avoid those pesky American laws.
And while you're at it, you can pick up the 'OpenBSD Globe' T-shirt with the very relevant slogan 'Make Crypto Not Munitions', and a timely quote from Ben Franklin.
OpenBSD will run on pretty much all of the same hardware that will run Mac/Win, and then some.
I do not deploy Linux. Ever.
"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- 4th Ammendment to the U.S. Constitution "[...]and every time we allow the government to grow in power at the expense of the people, we put ourselves in jeopardy of losing the ability to free ourselves of them if it goes too far." -- Thomas Jefferson (quotes taken from matthew rothenberg's 7/11/2000 article on the fbi's carnivore: http://www.zdnet.com/zdnn/stories/comment/0,5859,2 601960,00.html )
After the terrorist attack it looks like fear will be used to fuel what some legislatures have been wanting.
We don't want to lose our freedom or our lives to an aggressor. Likewise, we don't want to lose our freedom in our own country by our own government.
Already this attack has injected a healthy burst of cash flow into the military.
Now, they wish to limit our cryptography. Of course many threads have pointed out the fact the bad guys(tm) would never use these versions. This is simply using fear to gain what you have wanted all along.
What will fear be used to limit next? What will it be used to gain?
I would not doubt if there is already some conjecture to give more power to government agencies for search and seizure.
I'm all in favor of doing whats possible to strengthen our defences. A healhty checks and balance system must be obtained above all else. This was what our fundamental structure was built on and will continue to serve the needs of the people. Let us not see it destroyed out of fear.
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
After all, he's a law-abiding U.S. Citizen, is he not?
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
So, what does this mean for quantum encryption?
It can't be intercepted! Will the research be illegal now?
But until now I never had a coinage for the value of privacy.
How many lives is my complete privacy worth?
For me, not a single one.
--
Most lawmakers don't understand it, how it works, or why it is necessary for legitimate uses. They get briefings from staffers who don't understand it, who got briefed by people with an agenda. We need to put more efforts into Congressional education, IMHO.
Obviously, if an encryption scheme CAN be broken with a 100% working every-situation decrypt, it will be. It's only a matter of months.
Any encyption software like this, with a backdoor, would be ridiculous to even consider using for privacy. Even if you're not worried about the government reading it, you would be worried about malicious crackers reading it - the same people you didn't want reading it in the first place.
So if it can be cracked, it's not really encryption.. and nobody will use it.
The cat is out of the bag anyways... PGP and GPG and various other schemes available open source and abroad mean that there's no way to enforce something like this.
A libertarian utopia would provide the option to be MORE secure, at least for those wishing to invest in security apparatus.
Perhaps when Franklin or Jefferson were alive the equation held, but technology, both in terms of weaponry and information transfer, have voided the unity-product assumption.
I suspect it is more like security * freedom = money.
-- ac
I am REALLY pissed right now. All I hear on the news media is "oh... we should find out why these people felt the need to attack us. And we should try to understand their point of view and see if we or they can change our ways." and "oh... let's all stop now and think critically before we have an escalation of bombing attacks with these terrorists."
FUCK ALL THAT. What have we learned in history? Appeasement doesn't work. These people are under the control of corrupt are bloodthirty wanna-be-dictators. There is only one thing to do. Start destroying them now.
When they fight back. Destroy those who fight back. The Middle-East is not a big place and we have infinite resources relative to them. It's time to start churning out the Tomahawks, engaging in 24hr surviellance and destroying anything associated with terrorism.
This is NOT a complicated situation. This is simple.
What is the U.S. federal government going to do if terrorists continue to use secure cryptography to relay messages into and/or out of the U.S.? I mean, they're already criminals, right?
I guess that's why the feds want to be able to monitor EVERYBODY - then they can find out who isn't cooperating and arrest them. I guess that means we actually have two anti-privacy agendas coming in to play now: the right to use secure cryptography, and the right to communicate without the information being intercepted and archived by the federal government.
I wonder where the various factions of the federal government draw the lines (if anywhere) protecting those rights, and also where the corporate interests sit on these issues.
Arguing about vi versus Emacs is like arguing whether it's better to make fire by rubbing sticks or banging rocks.
i'm not 100% sure of the law in the UK, so i could just be talking out of my ass here. that said, the british idea that if they ask you for the password and you refuse to give it you're jailed + the american court system would be a Good Thing. if you believe the Gov'm't has not right to ask you for your passphrase, take it to a judge, who will likely side for the govt., especially if there's proof of some sort against you.
that aside, if you're keeping sensitive information (like life and death stuff,) anywhere other than your head, you're deluded and a fool.
the argument has been made in the comments that people will just use older non-govt-backdoor encryption systems that need huge keys (decades or centuries to break,) is faulty. these crypto systems will become obsolete, sooner rather than later.
it's quite possible that our corporate owners^H^H^H^H^H^H^Hleaders will actually help protect civil liberties here -- individuals, as a rule, do not have big money that would be threatened by loss of confidentiality of secrets.
-d.
FreeBSD for the impatient.
If they implement mandatory crypto backdoors, all it will do is FUTURE programs will have backdoors. Congress can't send out some massive cosmic ray which instantly patches a backdoor into every existing copy of PGP. The genie is already out of the bottle, there is absolutely no way to implement any form of crypto regulation which will stop "bad guys," it will just prevent the "good people" from having safe cryto.
Not only that, but can you imagine the havoc that would occur on society should the backdoor ever fall into the public domain? Now THAT would be a terrorist attack that cripples all important telecommunication.
The real ironic thing is that Gregg is the Senator from New Hampshire... You know, the "Live Free or Die" state?
P.S. I submitted this this morning and was rejected... oh well...
General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
They are really missing the point here. Our government has the NSA. Their website states things like:
NSA also made ground-breaking developments in semiconductor technology and remains a world leader in many technological fields.
Its workforce represents an unusual combination of specialties: analysts, engineers, physicists, mathematicians, linguists, computer scientists, researchers, as well as customer relations specialists, security officers, data flow experts, managers, administrative and clerical assistants.
These guys job is make things secure or attempt to break things that are secure. With all these skills and knowledge, they must know to attack the weakest point of the ENTIRE SYSTEM. PGP is not a system. it is a piece of software in a system. Brute forcing an PGP encrypted email is not the smart way to break it. You would think the NSA would know such things. Do you think Mr. Bin Ladin's decrypts emails that are sent to him? His PGP keys are stored somewhere. Find them. Pay off someone in his posse to email you a copy of his private key. There are MANY alternatives. The attack tree is some much broader than a brute force attack against the algorithm. I would think that the NSA would know such things...
mp3's are only for those with bad memories
Terrorists are going to use _secure_ encryption, legal or not. This is an opportunistic attack on freedom, taking political advantage of a tragedy.
If the FBI is going to eavesdrop on any of these guys, it'll be by snooping on the hardware at each end.
Xix.
"Everything is adjustable, provided you have the right tools"
After every mass murder with the least connection to firearms, some politician proposes extreme restrictions on civilian ownership, without regard for whether it would have prevented the particular incident in question. One of the first bills proposed after the OKC bombing was new gun control laws.
After every crime where the offender ever even saw a computer, let alone had an AOL account, some congressman will propose new 'Internet Crime' laws restricting freedom online.
The only saving grace is these rash proposals seldom become law.
I do not deploy Linux. Ever.
"If you make crypto illegal, then only outlaws will use crypto." Wait....isn't Bin laden and other terrorists outlaws already? Damn.
-Henry
"Useless organic meatbag" -HK-47
That misses the whole essence of 1984 (which is really a cool date because Orwell finishes the book in 1948). Being able to have a backdoor into all email is bad, but not 1984 bad. We'll move a lot closer to 1984 if Congress (w/out restraint from the Courts) is able to use laws like this as a springboard for more intrusions into privacy.
George Orwell's police state won't be here until we either know (or can't be sure of the contrary) that the government is watching us.
Then comes thought crimes - they can tell when we're thinking thoughts against the government and social norms (which will probably be set by the government).
Then schools will be places to indoctrinate kids into the army of the state that watches its parents for even the slightest sign of rebellion.
Then we won't remember if we're friends with this country and at war with another.
Then war is peace, freedom is slavery, ignorance is strength.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
"The battle of privacy and safety is going to begin in earnest now."
Mark those words. I agree wholeheartedly. I don't know if any of us really realize how significant an event this whole ordeal is quite yet. We are in the first war of the 21st century against an enemy we haven't really identified which will be used as an excuse to strip us of rights-- sometimes rightfully and necessarily so, though at the same time perhaps not for the better. The airports are just the beginning.
As I keep trying to do in this situation, I look for the positive. I can say that this event has unquestionably brought us closer as a nation-- I never considered myself much a patriot, but I do now, even with my normal libertarian anti-corporate bent. More importantly, though, this tragedy is making us face the limits and realities of technology. We are on the brink of a huge leap in where we can go technologically and what that will mean, and there has been virtually no public discussion of this. I think this event will force us to have that discussion as a nation, and we need to be very, very present for this battle.
I think it is indeed a war.
If its open source, all they need to do is re-compile with out the back door!
"Not my manner of thinking but the manner of thinking of others has been the source of my unhappiness." - M
According to Wired, Bin Laden didn't use cryptography so much as he used steganography. Story here. It's more creative than cryptography because it embeds a message within another message.
--------
Bleah! Heh heh heh... BLEAH BLEAH!!! Ha ha ha ha...
The USA is the USA and nothing more.
The USA (I'm a citizen) can pass any encryption law it likes, but it has no jurisdiction outside the USA. Other countries (like Australia, where I live) will likely pass similar laws to kiss ass with the USA, but what good is that? Terrorists DON'T CARE! For Fucks sake, they hijack planes and kill thousands, do you really think they'll care if the US passes a law requireing back doors in encryption software? PGP is ALREADY nearly unbreakable (in any reasonable time frame, anyway). Do you REALLY THINK that they'll use the new software because its required by some shit country that is on the other side of the world? NO. America is deluding itself and giving itself a false sense of security if it thinks that passing a law will stop terrorism, or even give its own government insight into terrorist activity.
The problem is the problem, and the problem is not that they encrypted their data. Requiring ack doors is treating a possible symptom, and not the problem.
I don't know what the problem is but it ain't encrypted data.
-abused angry citizen
What really concerns me is that bills like this may pass and become law. Mandating backdoored crypto will mean nothing to people who are willing to take hundreds to thousands of lives! I'm relatively certain that terrorists and potential terrorists don't even flinch at the thought of breaking U.S. laws.
Additionally, as somebody else already mentioned, there are many well documented crypto implementations--reimplimenting any of these (sans backdoor) would be a trivial task at best. I've even seen some Slashdot users agreeing that this might be a good idea! I heartily disagree: I can't really put my faith in any law that only serves to take away the freedoms of innocent citizens. I'm not even a huge privacy nut--I usually only encrypt sensitive information (passwords, etc.) and digitally sign my outbound mail--but nonetheless, the thought of this bill gives me the willies. I have a hard time trusting people in positions of power based on what I've seen in the past, and I certainly wouldn't trust them with the ability to get into my private data. I won't even go into the possibility of Joe Blow getting access to such a backdoor...
Finally, I think that this is just the beginning--I've already seen members of Congress using this disaster to back their own personal propaganda. I think that's positively disgusting (and I'm not easily appalled) and if I catch anyone from my state doing it, you can bet they won't get my vote when they're up for reelection.
Just my 0.02.
I think they are right to do it. Without going into what is feasible or not, i think a backdoor should be implemented in cryptos. How else could the government be aware of what is going on? At some point, they need to know, even if it take some of our freedom. Anyway, why would someone need to use crypted messages, except for bank accounts and e-commerce? I fail to see any good reason.
so it may take some of our freedom in exchange for national security. It is an easy choice for me.
-------------------
Killswitch
Fine. Personally, I am all for crippling Americans' personal freedoms in the interest of national security.
As soon as this legislation is passed, I hereby volunteer to deliver the latest build of PGP+NSA directly to Osama Bin Laden, and I have no doubt that he will immediately delete his old software and begin using NSA crippleware. While I'm there, I'll also politely ask him to stop crashing planes into our buildings. Riiiight.
Does anyone think someone who allegedly plots to hijack airliners and kill as many people as possible in a short period of time is going to think twice about using secure encryption because it is against the law in the very country he detests?
"How can I get message to my henchmen to kill all Americans on site?"
"Encrypt it sir."
"Can't do that, illegal."
That's a dream world. Sure, they could prohibit strong encryption algorithms from ever reaching him, but there are already plenty of good ones out there, and whose to say they couldn't make their own?
I think "Live free or die" is pretty good. Along with "Don't tread on me," and "the best we can hope for the people is that they are armed."
The revolutionaries who founded the United States of America are chock full of good quotes on freedom and defending freedom.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Kind of offtopic, but the book tells us a lot more.
A war will not be fought by everyone. Each system will have a bunch of people who will go against whatever the government decides and side with the enemy. They will become subversives, terrorist in their own country, for whatever cause.
So even if we enforce backdoors in encryption, cameras in every place and any other massive surveilance in the name of safety, there will always be a fraction of the population screaming about their liberties being violated.
This is not a bad thing in the grand scheme of things, but to the government (or any other body trying to "assure" safety) these people would be enemies. They'd have to be eliminated, either through brainwashing, incarceration or death.
I don't think anyone would want to live in such a society.
bart
And this from the "Live Free or Die" state's Senator. The irony is sublime. They need to change their plates to "Live in Chains or Die"...
Here's something for the conspiracy buffs. What could someone with a really twisted mind do to (a) show off strength, (b) finally get all those freedom-loving hacker hippies under control, together with the rest of "moron humanity" as someone else put it?
Yes, that someone could employ a strawman tactic and make you *think* that it is okay to bomb whoever and to restrict your rights to whatever for your own safety, and you would even support that!
In rhetoric and in real live, the more extreme the strawman you build, the better the results for your own agenda. Note that all this is hypothetical intellectual bullshit, but worth thinking about anyway before you form an opinion.
Signed, Dr. Mabusa
From what one reads here you get the impression all slashdotter's communications are so super secret and important that they need 8192 bit keys. For Pete's sake I want someone to tell me what data is so important that they encrypt it daily for fear of someone snooping.
For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.
End Result?
The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.
There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.
I do not deploy Linux. Ever.
How in the world can this be expected to prevent terrorists from using crypto?
The only advantage I can see is that it might thin out the traffic that authorities have to deal with. But terrorists can simply generate their own flood of spurious messages.
pr0n - keeping monitor glass spotless since 1981.
FUCK ALL THAT. What have we learned in history? Revenge doesn't work. Saddam's still around, all of the Mid-East conflicts are still around, Irish Protestants vs Irish Catholics is still around.
This is a complicated situation. This is NOT simple.
First - who do you bomb? It's currently unknown who did this.
Second - Let's assume you find out who to bomb, and it's Osama Bin Laden. How do you find him? There's no proof that he's even in Afghanistan anymore.
Third - Assuming you screw that and bomb Afghanistan anyway. You create a whole new legion of terrorists who see the US as bad as we see them - killing civilians without just cause.
When they fight back. Destroy those who fight back
And when more fight back? When your own countrymen turn against you because their families back home are being slaughtered? Or do you propose killing everyone who isn't white? I'd say that whatever you're fighting for in that case, you've already lost.
I don't expect many people will read this. I expect that the parent will be modded down soon anyway, but I hope that the original poster gets that this is not as simple as (s)he would like to think.
Last post!
And how many more drunken knife fights in bars would there be if everyone carried knives on a regular basis?
It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns.
Prove to me that there's "less crime." How measured, per incident, per captia?
Keep in mind that those towns are pretty small. How would this make my city of 3.5 million people safer?
It doesn't mean much now, it's built for the future.
only outlaws will have 'em.
Old age and treachery almost always overcome youth and skill.
I highly doubt that any law/regulation on encryption could ever work (well, the ones who'd abide by said law *probably* wouldn't be the ones to worry about anyways).
That said, Carnivore gives the authorities a very easy way to determine those people who *are* using encryption (seems reasonable to me, it's a public internet, no?) and then use that information to: obtain warrants, flag them for further investigation, etc... Seems like the only realistic way to go about things.
Of course, I'm saying this from the vantage point of someone who still trusts his government to do the right thing (most of the time, anyways). Am I too naive?
Oh my gosh, did terrorists use crypto? We'd better not let that happen again!
Hmm... I wonder if they used Windows?
You just know the sleazoids on the right will use this awful event as an excuse to step up surveillance, etc. A "strong response" will boost Bush in the polls. A wartime mentality is always good for conservative causes. Kiss social security good bye. New restrictions but, hey there's Free Cigarettes. Guns should be cheap and plentiful. And the constitution needed changing anyway.
=surfcow
Jerry Pournelle has some interesting comments on where we're headed, on his personal web site at www.jerrypournelle.com. He sees the US becoming essentially an empire and ceasing to be a republic in all but name. One symptom of that will be trading our freedoms for security.
Today we accept greater restrictions at the airports, tomorrow we'll let all personal communications be monitored, the day after that we'll willingly start to carry identification papers and clear our travel with authorities in advance.
This is not conspiracy theorizing - there is no secret THEM that will do this to us - we'll do it to ourselves, as a people.
No one will be protesting in front of the airports, against these wise new security measures.
And if the FBI had only been monitoring domestic cell phone calls, they surely would have stumbled upon this plot in time to stop it - and we'll be happy to give them the power to stop the next series of attacks.
Once the need to "know who is a true American" is carefully explained to us, we'll proudly accept our new "national passports" with only a modest amount of ineffectual debate, ending in agreement that "it's best" and "only extremists could oppose such sensible measures - it's really no big deal to call the police to let them know when and where we're planning to travel and just make sure it's safe to go".
I'm surprised it took this long for this to get reported. It was obvious from the start that this coordinated terrorist action would be used as justification to restrict cryptography. As expected, the knee-jerk reaction has come, creating another threat for informed people to worry about. Unfortunately though, in the current situation, all kinds of restrictive laws can be passed without any serious opposition in Congress in the name of defense.
So why is this such a problem? After all, the necessary decryption tools would only be made available under specific, government-controlled conditions. The problem comes in a few forms. First of all, the government needs to be treated as a trusted party in all of our communications. Regardless of the regulations, a corrupt government or certain corrupt individuals could bypass these regulations, resulting in a digital Big Brother. Even on a small scale, this is completely unacceptable. The worst case is that the people's right "peaceably to assemble, and to petition the Government for a redress of grievances" could be restricted by identifying and silencing anyone who tries to organize a coordinated protest and fears such a response to public expression of government opposition.
The more important problem here is that, like "access control mechanisms," these measures will not stop the intended targets. The first step would have to be a ban on non-compliant encrypted transmissions in addition to a ban on the distribution of hardware and/or software that can be used to produce such transmissions. Even if it were possible to filter out all non-compliant encrypted traffic (this process alone is scary), this can only work for encryption at the bit level (and even then only if non-compliant encrypted data wrapped in compliant encryption can be detected and rejected). A simple word substitution code could bypass this, and a more elaborate system (think industrial strength word level encryption) could be very secure and impossible to detect. Considering that only criminals would be developing and using such "illegal" encryption, a law against it will not act as a deterrent. The criminals will still have encryption, law-abiding citizens will have no privacy, and the government will continue to pass increasingly restrictive laws of this nature. In other words, nothing good can come from this.
They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety
Look I'm sorry but that quote, eloquent though it may be, appears in just about every discussion. It's starting to sound like the first post thing. May I suggest a new all-purpose quote:
"Government is not reason. It is not eloquence. It is a force, like fire: a dangerous servant and a terrible master".
-George Washington
You might consider an encrypted loopback with
the international patch to the Linux kernel as
well.
Another easy alternative which looks very good
and comes with source is BestCrypt. The Linux
version is free for non-commercial use, but
paying for it is good thing since it will
encourage the company to keep of with kernel
revisions (something that seems somewhat
problematic with the international patch).
My point was that the alternatives would still exist. These alternatives would be made by people not subject to our laws.
Do you like German cars?
Hiding messages in pictures or sound files does sound like a good way to beat any carnivore or e-mail survaillance systems. But are there any good stego client software that can be plugged into common email applications? IF worst comes to worst this could be the only way to have true secure email in the future.
Remember Pearl Harbor?
The Japanese were just as fanatical-- the term "kamikaze" comes to mind.
As for the terrorists being considered martyrs by their people, well as far as I'm concerned, we will obliterate the very people that would consider these terrorists martyrs.
We're not just going to strike some military installations to limit their capabilities like we did in the Gulf War. This time, we are taking no prisoners. We are going to wipe them out. We are going to unleash hell upon the governments that have been giving terrorists safe haven as well. At least that's what I hope we do. Yes, there will be a few left since it's impossible to eradicate everybody who holds a particular belief and is scattered around several countries, and they'll naturally be plotting their vengeance, but they will no longer have the numbers, leadership, or capability to do their will.
They will no longer have governments harboring them-- because those governments will fear us. They won't fear us because of our threats; they will fear that we will do again in the future what we are about to do to them now.
The terrorists are about the learn the same lesson that Japan did 60 years ago, as expressed by Yamamoto:
"I fear all we have done is to awaken a sleeping giant and fill him with a terrible resolve." He was right.
Japan as a military power ceased to exist after our devastating blow.
Get ready... this is it, this is the real deal, we are about to experience something that only existed in the faded memories of our parents or grandparents. Many Americans don't believe we have the guts or the capability, but that's only because they weren't around the last time we did it and haven't seen it for themselves.
-CausticPuppy "Of all the people I know, you're certainly one of them." -Somebody I don't know
When I worked for a major radio communication and semiconductor firm, we dealt with file transfers including HR data (salary, SSN, insurance claims), new CPU and other chip designs, bid information for contracts in the hundreds of millions, marketing, pricing, and profit projections, and much more they didn't tell me about.
How about the phone company? (Okay, I was only there two months) Sure, they have your credit information and the unlisted number for various celebrities. But they also have call detail information for every subscriber, and systems that allow real-time interception of all phone calls, including alarm circuits and the 911 system.
What about an online brokerage, mananging hundreds of millions in customer assets, and tens of millions in stock transactions each day?
Perhaps 'the government' can be trusted with backdoors giving them access to all of this information. But remember Nixon, Oliver North, or the many other cases of abuse of power and access to information by the people who make up the government?
Here's a real-life example where my personal data has value to the Feds and others: I find a new security hole in a popular corporate firewall project. I need to report this major security problem to the vendor, but I don't want it to be known to anybody who might exploit it to penetrate corporate networks. How do I communicate this problem to the vendor without strong encryption?
I do not deploy Linux. Ever.
The problem with a backdoor is that you never know who is using it. Sure, it may be the feds, or it may be J. Random Hacker, who just happens to be taking a Crypto class, and stumbled upon it.
Just think, cryptanalysts attack ciphers in order to find vulnerabilities...imagine how much more incentive you would have if you absolutely knew there was at least one.
It's a sobering thought, but just think of the damage that could be done if someone did find the Feds' backdoor.
I just want to take over the world...Why does that automatically make me EVIL?
HAH! HAH! Rate this post +5 FUNNY!!!
"moderators" - - READ?!?!? the articles....
FUUUUUUUUUUUUUUUNY!!!
If you're not on somebody's shit list, you're not doing anything worthwhile.....
read above.
If those pigs think they have a right to violate MY privacy in the name of "national security", then they'd better be able to bust down my door before I use the FDISK on my boot floppy to wipe my drives clean.
I'd rather lose data than freedom.
******
"What makes you think I care about your opinions?"
Comment removed based on user account deletion
... to use encryption with backdoors, 'coz they sure as hell won't do it voluntarily? I don't live in the US, and I'm not an American, but if I were, I would be writing to my elected representative about this. It is wrong.
14 September 2001
WASHINGTON: The Senate and the the ACLU came to terms on a groundbreaking new law which sets to forge a compromise on personal freedoms against Congressional needs for cryptographical backdoors to protect the innocent citizens of the United States.
"The solution," said Senator Hilary Clinton, "was so simple, we should have thought of it in the first place. Why force this crypto backdoor upon law-abiding citizens? The obvious solutions was to write a new law which only applies to lawbreakers."
The new law, Senate Resolution 11241, is expected to pass overwhelmingly in the House and be signed into law as early as Monday.
"What a bunch of morons," said Rev. Jesse Jackson, speaking on behalf of the ACLU, the NAACP, Greenpeace, and the Republics of Kuhanmar, Bhuganda, and Jabooti. "Do they even realise how stupid they look?"
The new law has language heretofore unseen in the legal ranks. It clearly spells out that the law "only applies to terrorists, anarchists, and communists", leaving areas such as pornagraphy and 'warez' clearly allowed to do whatever the hell they want.
-sam
The REAL sam_at_caveman_dot_org is user ID 13833.
This incident will surely lead to every right wing facist to come crawling out of the woodwork. The reality is that the encryption gremlin has been out and abouts for a long time, and there is absolutely no way that you will ever get it back in the bag. Period. This is not even remotely considerable. On the NIST site they even provide links to Twofish, Rijndael, etc, to which you can grab the source and roll your own. There is additionally absolutely no possibility WHATSOEVER that foreign nations will agree to US backdoors: They may feel remorse about this incident, but given Echelon they won't be imposing US laws in their land.
You know this all really is absolutely absurd. What happened at the WTC is an absolute travesty and hopefully there will be justice, but this heavy handed knee jerk reaction is unbelievable: It's the illusion of safety (see "Fight Club" regarding airline safety manuals). Who cares that the terrorists got on the planes likely with items that were 100% legal under US law (prior to the attack you could carry a 4" knife on US planes completely legally. For all we know they may have pulled them out and said "See? Like our knives?") : Pretend that the real issue is suitcase nuclear bombs and people sneaking over the border. I've seen on several pages the attempt to actually blame MS Flight Simulator for the tragedy: Flight Sim allowed them to train at hitting the WTC, and gosh darnit it even has the WTC so they could practice hitting. RIDICULOUS! Who cares about securing the pilot cabin or something actually useful: Ban Flight Sim! A similar situation came up with Microsoft Train Simulator with Union Pacific being outraged under the belief that this would lead to a nation of highly trained (no pun intended) train engineers who would go out and steal all the locomotives : Hey don't expect them to SECURE the locomotives in some fashion: Just hope that no one knows how to drive them. To say that these reasonings are the height of stupidity would be putting it lightly.
Anyways I'm sure we'll see all sorts of mentally deficient ideas such as these coming out over the coming day by fascists seeing the opportunity, again ignoring the absolute simplicity of this operation.
Appropriate commentary here, dated yesterday:
The main source of our strength is our freedom and open society. The United States already has the most powerful military in the world. We don't need the symbolic jaw, jaw, jaw of more laws, but the will to use our existing war power.
Paul Weyrich, head of the Free Congress Foundation, aptly wrote: "The truth is that if we further emasculate our Constitution the terrorists will have achieved the greatest victory imaginable. Their triumph won't just be the thousands of people they killed, the triumph will be if they see our democratic institutions crumble. If President Bush can navigate a responsible course where we make an appropriate response to those who have perpetrated these unspeakable crimes while at the same time protecting our essential freedoms in the process he will end up being the greatest President of the modern age."
Another essay from yesterday, "Freedom First", is also a worthy read.
Making laws like this will only distory our freedom and will not provide us with any protections. People are resouceful, law are not. Laws try to explain and control the law maker precieved the world to be. People understand the world is a changing place and anything can be done. Nothing, Nothing can stop me from sending a code or hiding something.
The journey is better then the end.
What about pro-choice activists trying to organize a (legal) protest while Republicans control the white house?
What about a small business working in physically diverse locations to write up a competitive bid against major corporations with huge budgets for 'industrial espionage?'
Perhaps you are organizing a political campaign against the incumbent? After Nixon and Florida, do you have any doubt that politicians in office would not use intelligence assets to intercept the communications of their political opponents?
I do not deploy Linux. Ever.
Can't european countries, like great britain, object because:
It's not Echelon, so they can't get an advantage.
it may hinder business/security of their citizens
it's only in the interests of the US?
Two points. First open source crypto with a back door is a joke. Everyone could see the back door and use it. This could be, at worst, the begining of the end of either crypto or open source in this country. Much more likely this will simply be another unenforced (or worse yet, selectively enforced) law.
/.'ers start sending pseudo-random garbage across the net at regular intervals. That should sufficiently bog down the man power of any evesdropping agency.
Second, this law will be even more difficult to enforce once all the
will want their representatives to have such legislation move full-steam-ahead in the wake of recent events. The terrorists will have also blown apart our privacy and made Big Brother, bigger.
The price of 'freedom' just increased.
A strange game. The only winning move is not to play. How about a nice game of chess? - Joshua (Wargames)
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
Is this an goatse circumvention device? In my browser the URL shows up by hovering the mouse over the link. If I don't want to go there, I don't click. Please educate me/us!
One, are they going decrypt all messages to make sure strong crypto isn't being used inside the one with backdoors? Otherwise all this will do is allow forensics teams to say, "Oh yeah, he also used strong crypto." It's not like strong crypto won't be available either. You can't take all of the software away from them, and unless you outlaw C compilers I doubt that this stuff will go away as computers become obsolete.
Two, how do you get this to be adopted as an international standard? Let's say I'm another country, why would I adopt encryption with a backdoor in it? If it is state run backdoors (like key escrow via government), then we'll start to see small countries selling non escrowed encryption as a revenue stream. Let's not mention that state sponsors would then also allow terrorist a secure communications.
If we don't get this adopted as an international standard then it will be useless. If nobody uses it, and standard crypto is outlawed, then there goes e-commerce, a lot of ASPs, and a serious blow to the economy is dealt.
We compare this to outlawing knives, which is probably a very accurate analogy (both can be made in one's home without anyone knowing). While this points out the ubsurdity to a techinical person, the lay community (read most everyone) doesn't see it that way. They are thinking in terms of Hollywood where all codes are crackable with hours or days and the correct intent of a large organization. I think it's time for education of the populace. It worked with DIVX and clipper, it can work again.
Expect politicians to very cynically use this tragedy to its fullest, and not just in the U.S. Apparently Russia has been making noises about joining in the fight against terrorism, which to them means killing more Chechens. China just signed a regional agreement to fight against "terrorism, seperatism, and extremism" -- yeah, kill some more Tibetan nuns before the bodies are even cold in New York.
Here in the U.S., it'll mean scary crypto laws, scary wire-tap laws, "anti-terrorism" laws that greatly extend the power of police to spy on and disrupt legal dissident groups, bigger defense budgets, bigger CIA/NSA/??? budgets, etc. That's what Bush means when he says "this is war." He means war as in concentration camps for Japanese-Americans during WWII, long prison sentences for disagreeing with government policies like during WWI, etc. Sure, he won't get all that he wants, at least not unless we have some more useful casualties in the U.S.
Of course, that's why we have to resist this every step along the way...
This is insane. It's not like anybody with a pen and a pad of paper can't construct an 'unbreakable' encryption scheme.
This whole 'Encryption is what bought down the WTC' is just absolute bullshit.
Does nobody even think about the fact that Osama Bin Laden was on the US Governments' payroll during the 'Cold War', carrying out terrorist activities against the Russians in Afghanistan WITH THE FINANCIAL SUPPORT AND APPROVAL OF THE US GOVERNMENT!?
If the your government is going to actually pay these guys to blow up buildings, and then pull out and leave them swinging in the wind with bloody revenge on their minds, surely encryption regulation is the least of your worries.
To Mr. Bin Laden, i doubt there is really much difference between blowing up a building in Afghanistan, and blowing one up in the US (to be fair, there is no publically available evidence that definitely points to Mr. Bin Laden as yet).
How can you consider terrorists acts planned, financed and supported by the US to be 'OK' while terrorist acts commited against the US to be 'Not OK'
The WTC bombing was a tragic and indefensible act of violent oppresion, but banning or modifying encryption software won't do a damn thing to prevent such attacks in future.
If you (the good ol' boys in the US of A) really want to prevent global terrorism, then stop financing, supporting and perpetrating it.
I gots ta ding a ding dang my dang a long ling long
Lets face the real problem. This is not a department of justice issue. Some scum bag did not just come murder a 7-11 clerk while taking some beer and Huggies, this was a blatant act of war. So, like with any action, it is not revenge or vindication, merely excising a cancerous tumor that is killing you. Take it out. Nuff said. Let us begin the surgery and then let the patient heal.
I seek not only to follow in the footsteps of the men of old, I seek the things they sought.
After all, they're just going to HAVE to fight this one..
That Jesus Christ guy is getting some terrible lag... it took him 3 days to respawn! -NJ CoolBreeze
Mandating "backdoor" keys to crypto will only be followed by law-abiding citizens. Knaves, rakes and reprobates will continue to use the strongest crypto possible.
This is another sign of the war on personal freedom. Guns, drugs, crypto: these aren't the enemy. Bad laws, frustrated cops and panicked constituencies are the pavement on the road to hell.
While I don't support ESR's call for an armed citizenry (THAT will quell domestic violence and road rage, don't you think!), I do suggest that we stop blaming instruments of terror and focus on the root cause of terrorism: people. What is their motivation? Is it just random sociopathic behavior? Is it our indiscrete wielding of world hegemony? The nauseating events of 9/11/2001 didn't require arcane knowledge or hi-tech equipment; we provided the tools of our own destruction. However, we also have the keys to our survival. It is our brains that got us into this mess and it is the careful application of that same organ that will see us through.
Adrenaline can't solve all our problems. As Frank Herbert's flawed novel _Dune_ reminds us, fear is the mind killer.
This attack was not about killing people and it wasn't about putting fear in the hearts of Americans, it was about getting the USA to destory itself. A common trick used in part of Europe before WW2 was to attack something in a way that the goverment would then attack back. Goverments are very bad at selective attacks and always hit more than they should. The result is that goverment starts making life unbearable for its citizens. In the past people have used these attacks to take over goverments.
The US's reaction to total lack of security at a few airports will to bring in a new world order but that isn't going to keep from happing again. Now that its clear what a jet will do to a building, when will someone try to steal a UPS jet to do the same thing? Most cargo planes are stitting around unlocked and with enough fuel to get in the air.
If the United States Government wants to restrict civil liberties for the purposes of keeping the populace safe, then they are admitting that a free people cannot be a secure people.
The Freedom Experiment has failed, my friends. Let us all run back to the warmth and security of the police state.
Nah. I'd rather die free.
Step 1: Legislation is passed unanimously in both the house and senate and signed by the President requiring all domestic encryption software to include a backdoor.
Step 2: SSSCA is passed unanimously, modified to include all current encryption software passed in Step 1.
Step 3: All non-government information security experts are rounded up and imprisoned for 5 years for using non-backdoored encryption technologies.
No one is left to assist in deterring the next terrorist attack: the one on our information infrastructure by those who have no concern for U.S. Law.
I hope the message can get through to our lawmakers and it's non-technical citizens, at this difficult time.
www.dedserius.com
VB != VisualBasic
A bulk head is bad due to structural pressure variances, but the compartment idea works.
You can rip out 2 rows from first class, weld in jail cell type door, anchoring it to the frame, and presto, marshall room. I think a retrofit would take about 4-6 hours after the first few are done.
Yes they can be pried up and out, but not before the marshall gets off a couple shots (nonpenetrating bullets dont decompress planes) and warns the pilot who can radio the situation in.
That would obvioulsy stop 3 of the 4 planes in this scenario from hitting, and possibly the first as well. The passengfers themselves are of course, dead either way if unlucky.
In the U.S. it's more and more like a favor the state gives to some people, some of the time, depending on how benevolent somebody feels that day. So bow to the demands of the spooks, make backdoors mandatory, give people long jail terms for circumventing them, and the terrorists win. They win bigger than they ever imagined by making life worse for ordinary U.S. citizens.
In the name of pride we have to win this without cheating. Cheating means using the same tactics as the bad guy. No murdering civilians. No spying on our own people. No cameras in the bedrooms.
Make cryptography a crime and only criminals will have cryptography.
Life's a bitch but somebody's gotta do it.
...is more specifically the hiding of sensitive information in something seemingly unthreatening. The carrier is often an image or sound file, although the general idea was used long ago with handwritten letters, encoding secret messages in the pattern of gaps between cursive characters. For that matter, isn't the watermarking stuff the RIAA et al. are so big on just a form of steganography?
"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759
The next thing you know the RIAA and MPAA will want us to use some kind of inferior crypto too!
I'll just stick my with ROT-13 thanks - it's safer!
[PowerPoint] is a tool for capitalist presentation
Yup, sure criminals around the world are going to obey this law just like they obey all the rest.
The two most common things in the Universe are hydrogen and stupidity. -- Harlan Ellison
I'm goingto play devil's advocate: why is crypto important to the average citizen?
I send a lot of e-mail, and sometimes I say bad things about people, but nothing that I wouldn't say to their face. I'll send my enemies copies of my e-mail if they wish. Actually, I don't have any genuine enemies, but I will extend the scope of the word to include people who just piss me off.
I am not planning any crimes, or adulterous relationships, so my wife, and my children, and the police can read my e-mail, as well.
I know that there are legitimate reasons for many people to send encrypted e-mail, but the word MANY does not encompass the word MOST. If you aren't a paranoid freak, or a criminal/adulterer/kiddie porn distributor, is it really that terrible that a law enforcement official protecting your family from terrorists might be reading the sexual fantasies that you are sharing with your girlfriend?
If you are sharing a trade secret with someone who has a need to know in your company, the feds aren't going to post it on the Internet. If you are leaking a trade secret to your competitors for money, then I hope the feds come knocking at your door.
The fact is, master criminals will be using whatever crypto the government hasn't cracked yet, or will sending messages by inconspicious conventional methods. Criminal fuckups will get their e-mail hacked and prevented from delivering that heroin to school children in Seattle.
Is that such a loss? Is freedom so important that it overshadows all other values? If I am free to watch what I want, read what I want, say what I want, eat what I want, fuck whom I want, and live where I want, is the loss of a little privacy really so critical?
Neopets - the best free game on the Int
This is totally lame, if people want to use encryption to go around being detected, there's enough groundwork posted on the internet to get source to make your own "unbrakable" algo... so why doing this? it's totally taking an excuse to put more strain to each legit individual/buisness, and spying on legitimate users.
This is like drugs, it's not because it's illegal, that it suddently ceased to exist!
I find it really hard when governing people think they are talking to a bunch of sheeps and clueless retards...
--- Metamoderating abusive downgraders since my 300th post.
God. I just read Levy's Crypto about a month ago, and I thought this was *over*. I can understand why Congress and other people would want to do this, especialy now, and I can even sympathize with them - a little.
But I also know that whereever there's a backdoor, there's the possibility that it could be mis-used. The U.S.'s history of intervention/harrasement of other parts of the world and our own citizens at times (McCarthey, WWII internment, etc) tells us that possibility.
I myself can't really see *now* how the government being able to snoop into people's email would be a problem - unless they started cracking down on DMCA protesters (and law-breakers), post-Napster users, anti-WTO folks, etc. I would hope that our government learned from the McCarthey era - forever, but then, maybe I'm just not paranoid enough..
But the biggest reason is that it's utterly pointless. Strong crypto is already out of the bottle, here and abroad. Other countries have developed strong crypto, so even if O. bin Laden couldn't get it here, he could get it somewhere else (Russia perhaps - wouldn't that be ironic). I don't know much about the mathematics of crypto, but even if PGP isn't secure now, couldn't you just re-compile it using some unGodly bug key size like 4096 bits.
What I'd *really* like to know - and probably what a lot of other people here like to know - is what encryption O. bin Laden used, and could we crack his codes.
Jim
In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.
Becomes...
Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack.
This is presented as an example of steganography - "The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography."
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Terrorists are criminals. The high encryption software was already out and they are using it. What does make Congress think thay these guys will use only the crippled software with backdoors?
¦ ©® ±
We want our old complacency back and we'll legislate to get it. Complacency more than anything else bred this disaster and if our paranoia level is elevated to an heretofore unknown high, well, we're just getting a taste of what much of the world lives with every single day. I've been waiting years for something to shatter that complacency. Most people think how horrible this disaster was. I think how much more horrible it could have been, had the terrorists also had access to nuclear, chemical or biological agents.
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Um.....the point of cryptography is to secure data......if you put some kind of back door in it it defeats the entire purpose of encrypting something. What are they trying to accomplish?
In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.
Interesting coming from a senator whose state motto is "Live free or die". Apparently he's following the "Give up freedom because of fear of death" version.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
Forgive the small rant, but this relates to the term floating around, "Nanny State" that seems to summarize the current ideology of most Americans. The term expresses exactly how the I see our country.
Any country that bans Peanut Butter and Jelly sandwiches from schools is in need of a major political overhaul.
I am a one of those people who hates authority, doesn't trust the one sided news sources, questions the unquestionable. Anything that remotely encroaches my personal freedoms becomes an instant battle to the death. I believe that people should have total freedom to live their lives without interference.
I'm a mix of different political beliefs, anarchist, green party and a republican. Less government, but still have an army to protect us from terrorists. A police force for the violent criminals. Legalize everything for consenting adults. Teachers to teach math not religion. Flat tax, school vouchers, legalized abortion, no affirmative action (everyone is the same). I believe in public assistance for the truly needy, medical for everyone, 7 day gun wait, gun locks, but not a gun ban. Personal privacy, no agency shared government database.
Basically, Live and let live.
-
A government that robs Peter to pay Paul can always depend upon the support of Paul. - George Bernard Shaw (1856 - 1950)
We used to have just this thing. 4th amendment lawsuits got expensive though, anfd the government decided to say a police officer's "trained eye" was enough for cause, and thus no need for compensation.
It was on slashdot about 3-6 months ago i think.
The battle of privacy and safety is going to begin in earnest now.
Typical response in political issues, and part of the reason politics is so devisive.
Battle *between* privacy and safety? Good god, are you saying we have to pick a side? "I'm for privacy!" "I'm for safety!"
Stop devoting your time to "winning battles." Start devoting your time to finding solutions "both" "sides" can be happy with.
One, it's the only way everyone will be happy.
Two, it'll come up with a better solution overall than either side will come up with individually.
Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose. This isn't something like the DMCA, where it's liberty vs. record companies. This is liberty vs. public safety, and for many people, in many instances, public safety will be more important.
Convictions are more dangerous enemies of truth than lies.
- Nietzsche
A lot of good points.
JET Program: see Japan, meet intere
First of all, most major companiess of the world sell products and have operations in the United States. This makes them subject to US law or makes them at the very least subject to wanting to be in the government's good graces.
Foreign governments tend to make treaties for laws that are mutually beneficial (Berne convention, etc). Those in power stand to benefit from having the ability to eaves drop on the people they govern so there's no reason to believe they won't be willing to make mutual treaties to enforce eachother's laws in this regard.
Those who choose to use illegal forms of crypto will stand out against the background noise of thousands of legitimately encrypted messages. It will make them much easier to track down and given the illegality of using that cryptography, you can prosecute them at will (whether they did anything truely criminal or not).
This sig has been temporarily disconnected or is no longer in service
Several of the officials speaking today said that sacrifices would be required of the American people in order to combat terrorism. Many of these sacrifices would just be the "conveniences" that we have all become accustomed to, such as curb-side baggage check at airports. I believe these are worthy sacrifices in the interest of public safety. It is agreed that some things must be sacrificed in order to have security. However, what "conveniences" should be sacrificed and what constitutes a liberty are a good question. Are encryption algorithms an inalienable right that no government should impose restrictions against. I would hope not, but I would hope that no nation would harbor criminals like bin Laden. However, these nations exist and even applaud Tuesday's acts of war (Iraq). It's not as easy as saying you cannot take away my GPG. I believe that the existence of Free software is another matter entirely, and we should always have the freedom to create software and share it with the community.
to do with a presumably terrorist attack?
How will having a backdoor to my computer help prevent terrorism? I don't communicate with terrorists.
BESIDES IT IS NOT GOVERNMENT'S JOB TO SOLVE THIS PROBLEM.
It's government's job to abide by their authority which a great number of people seem willing to allow them to do.
I don't know about anybody else but I'll manage my own personal security thank-you-very-much.
we are slowly turning into a police state, and I'm not being overly paranoid. the terrorists must be laughing a riot now, content that us government has passed a law that won't do anything to them but takes away freedom from the american people. Just remember that this is just the beginning, unless we stop it now!
Got Freedom?
Thinking?
read ^^^
Why does every congressman seem to feel that their accomplishments directly correlate with the number of bills they get passed?
They are constantly searching for so-called problems, and then they feel it is their duty to add a "patch" law to fix it -- almost always at the cost of freedom.
It's easy to see how they fall in this situation. Imagine you're a Senator after this terrorism act occurs. You feel that your people need you, and want action taken. After all, it is your job to legislate -- so why not find a remotely related source for the tragedy and try to fix it with Yet Another Bill? It's what all your Senators around you do, and it makes you look to be the good guy, furthering the advancement of your political career.
It is truly sad that this is how things seem to work. In my opinion, it would be much more preferable for congressmen to spend their time weeding out broken laws and refining existing ones to be more sane. There is a serious lack of ideology -- and an abundance of "patching" to a huge mess.
Am I alone here?
"You _like_ children, don't you?"
-Bob
Nobody will deploy Carnivore with the "master" decryption key in it, as it can be retrieved by untrusted ISPs and sold to the "bad guys".
The difference between the two is that the Japanese were soldiers. The terrorists are nowhere near as formal, operating in cells rather than a strict, centralized bombable hiearchy.
Backdoors are pointless. PGP in its current version offers excellent encryption. All a 'terrorist' has to do is use the existing programs that are out there. The only people the FBI would be able to 'catch' would be those that aren't very bright, and they can catch those guys without a backdoor.
Backdoors only weaken security and violate people's private lives. They should not be used.
Travis
As long as a single copy of a high encryption product exists in the hands of any current or future terrorist, it can be distributed among them.
Think, you congressional fools! Because the terrorists already have encryption, they will always have encryption! You in government can only take it away from the rest of us.
I'm all for backdoor in encryption if the info and key in is kept right next to or in the american football (Contains Nuclear launch codes).
Do you have to be a pathetic moron to be a legislator, or is it merely highly desirable?
Recent events have shown that the Usama Bin Laden terrorist cells have been using encrypted cellular phones. Recent events have shown that the combined efforts of the CIA, NSA, FBI and all the other alphabet soup agencies can't keep track of these people's communications. Bin Laden has some hundreds of millions of dollars at his disposal. He can hire programmers, on a contract basis, to build for his exclusive use an "uncrackable encryption system". When it is cracked, he can hire the same programmer or others to do another iteration and so on up to several hundred million dollars cost. Do they actually think that a multi-millionaire terrorist will use a USA-made off-the-shelf communications device? Are they truly this stupid, or do they have some hidden agenda? Terrorists seem to be much smarter than legislators! There also seems to be a pathetic notion that Bin Laden is the only one. In reality, Bin Laden is a very popular "Robin Hood" figure amongst the Islamic masses. If he was "terminated with extreme prejudice" the Moslem masses would have to create another "Robin Hood". Put two and two together!
Of what use can these backdoors be? All they can do is monitor the communications of naive private citizens. Not even large corporations will use software with these backdoors.
My advice to the CIA, FBI etc. is to get out there and do some real competent police investigation work. Stop relying on high-tech play-toys to do serious work from an armchair in an air-conditioned office with no effort and minimal cost. Get out there in the real world, learn the local language and make some genuine contacts among the natives. Infiltrate the terrorist cells. Stop looking for that magic bullet, it only exists for the moment!
Hire some real security agents for airports. Put air marshals on aircraft with real guns. No rent-a-cops!!! Re-regulate the airlines so that each and every employee must be security checked. Let passengers bear the cost.
Real security costs plenty and pays no attention to budgets, tax cuts, de-regulation or ideology. Come to think of it, these backdoors are really another kind of re-regulation.
First a caveat - this is moot at this point, because of the widespread availability of effective crypto technology - you can't close the barn door.
BUT... in the United States and every other country in the world that I am aware of, police are empowered, under appropriate circumstances, to eavesdrop on normally private conversations - whether telephone calls, conversations in a bugged car, or mail. This is not because of a nefarious desire of governments to snoop (at least not in the free societies) but because of the clear and present danger which criminals, traitors and terrorists represent.
Many have argued that the internet should somehow be exempt from the rules of the non-wired world - but that is a very short-sighted viewpoint. The internet is part of the larger world, and internet people need to recognize that reality. The internet is not virtual; the internet can be used for great real good, but it can also be used to facilitate terrible harm. The internet is real and has real effects on the non-virtual world, and thus considerations of that non-virtual world must be allowed to affect the internet world.
The only good weather is bad weather.
..because there's no way a terroroist could find an unaltered copy of gnupg anywhere.
Right.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
and saw the discussions on this. My jaw just hit the floor watching the debates - which Hatch(?) basically ranted on how we need to give our law enforcement agencies all the tools they could possibly use, damn the cost of freedom. Mind you, I'm Republican, and I watched in horror as he equated what happened with the hijacked aircraft at the same level as "cyber" terrorism. The judiciary chairman (?) was on the other side of the debate - he more or less resigned himself that this was going to be voted in, but commented
1)This affected all wiretapping, not just "terrorist" cases.
2)There are no guidelines for what a terrorist was.
3)Most frightening - any yahoo who was an "expert" could tell the judge they think it is connected
to a criminal activity and the judge would be forced to sign the warrant. These people did not have to be law enforcement personnel.
This was one of the few chances I've had to watch the Senate in action lately. I think I need to take a shower....
+++ UGUCAUCGUAUUUCU
I personally would not, I'd rather stand tall and go to jail. I have a right to crypto wether in law or not. Please reply.
Posted with LYNX
The United States government accidently defaced the Lincoln Memorial after it was mistaken for a 2000 year old statue of Buddha.
You do that, and they'll come back with something even more terrifying. Ebola, anthrax, take your pick.
Slashdot Hypocrisy at work?
If you look at the situation logically without the slashdot required kneejerk response you'll immediately recognize the flaws in any argument of "make X illegal for safety issues". If you make it illegal the only people that will have it are criminals. A couple semesters of calculus and computer programming will net you the expertise to write rudimentary encryption algorithms. Strong enough to take years to decode by which time it's far too late to be of any use at all. Does the government honestly believe that making it illegal to have non-Clipper encryption will keep people with illegal inclinations from using it? No they don't but propositions like this are meant to give the public something to make themselves feel more secure. Just remember the US government tried to ban booze and it backfired on them entirely.
I'm a loner Dottie, a Rebel.
I suspect that this is going to happen if we want it to or not. However, it's possible that, at this stage in the game, the groundrules can be changed.
What if we accepted this, and started thinking of what conditions would make this acceptable to the community at large? If you were crafting a bill with the goal of allowing governments to be able to read encrypted traffic, what restrictions would you have, and how would you implement it?
Personally, I know that the US government (or any other) can have my keys over my dead, cold keyboard. But what about this:
1) "Backdoor" keys are generated on a per-key basis. When I generate a key in PGP (or whatever), it generates a backdoor that indicates which key it's for, and sends it off (see #2).
2) Keys are not held by governments. They are held by not-for-profit 3rd party companies who's job it is to make sure that governmental key requests are legal. The board of said companies are selected by the keyholders (no more ICANNs!!).
3) One company per country. The software will ask which country you are in, and register the key with the registrar for that country.
4) Require the law enforcement agencies to go to an actual judge to get a warrant to get the key. They have to show valid cause. None of this "National Security matter" or FBI Committee.
5) If another country wants the key, they have to approach the local law enforcement for the country that holds the key, who goes to a judge. No out-of-country warrants, and this protects against international spying (Echelon, anyone?).
6) Explicitly ban the FBI or any other agency from monitoring traffic to/from the registrars. No Carnivore allowed. Not allowed to use any keys captured in a wiretap, separate warrant required. No NSA gobbling other nations key traffic.
There's some things that would still need to be worked out, like how to prevent people from registering their keys with, say, Denmark when they are in the US, and how to fund the not-for-profits (Matching funds from the Governments and the software makers? Governments and fees from the encryption user?), but you get the idea.
Thoughts?
-NapalmGod
There's an idea...encrypting a .gif file. You could conceivably pad a standard image (say of the U.S. flag) with your encrypted message, with the resultant file conformable to the .gif format. The image might come out looking like a picture of bin Laden playing Nintendo (i.e. a distorion, or non-image), but carnivore would have no way of knowing that the rendered streaks and blobs were not actually intended to be viewed as such.
Need a Linux consultant in New Orleans?
The truth is that everything changed tuesday. I'm a card carring member of the ACLU, but I'm now advocating extencive background checks for flights and even fingerprint scanners (to prevent mindless beaurocrats from just slowing things to a crawl). Honestly, I would now support crypto backdoors if they would do any good.
Unfortunatly, crypto backdoors would be essentually useless and even counter productive. Bin Laden wil stil tack a layer of crypto onto his communications, so our backdoors would be useless AND might slow of development of real counter measures.
If your going to spend any time making arguments against crypto backdoors then you should focus on the uselessness and counter productive aspects. We have now gone mad as a nation, so all arguments must be focused at helping us achieve our goal (the deaths of terrorists).
The Christian religion has been and still is the principal enemy of moral progress in the world. -- Bertrand Russell
A decent discussion of the history and use of the Ninth Amendment can be found here.
"Understand you're having a little Jimmy Page trouble."
Thinking aloud...
;-)
Terrorist organizations seem to thrive through anonymity and finding ways to circumvent traditional means of identity and authentication.
As others have said, the encryption cat is out of the bag; it's never going back. Even if they tried to back-door the "legal" tools, a message doesn't have to be encrypted to hide it's true meaning/contents. They can just as easily be hidden in plain sight/text.
...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers. All digital images must be taken on approved photographic equipment; tampering with image watermarks is a Federal offense. You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record. Hmmm... This is starting to sound a little like the language police over in Quebec...
We need better ways to ensure the authenticity of people's identity, not easier ways to watch who we think we might be watching but aren't sure because we're too lazy to authenticate the source and destination through other means.
While it's nice to be able to travel in anonymity, places with security concerns can't afford the risk any more. I'm NOT advocating tracking everyone's movement and action without legal warrant. Attempt to control access, not content. If you are who you say you are, there shouldn't be any reason to interfere with your travel plans.
Ultimately, it's a tough call. But from my own travels I know I get a little concerned when security DOESN'T ask me any questions. On my last trip they did ask about my multitool in with my laptop; it was allowed then, but after these events I don't think I'll be packing it any more. I value my safety more than my privacy in these situations...
Last thing we want is Gattaca though... An extreme in controlling access...
--The more you know, the less you know.
That was irony. IRONY!
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Backdoor? So, we won't need to use DeCSS anymore?
Gonna be funny to see which side wins, the backdoor proponants or the DMCA advocates.
- SBB
help me i've cloned myself and can't remember which one I am
People who say "crypto is irrelevant, because the terrorists only had knives" are missing the point completely. Notice all the talk describing this incident as a "massive intelligence failure?" That's because the terrorists appear to have used crypto to communicate between fifty people for over a year before they got close to any violent acts. If their calls had been intercepted (seeing as some appear to have had long-time, known bin Laden links, they could very well have been monitored), we might have known about this six months ago and stopped it.
Additionally, remember that the US government is limited by their ability to monitor local civillians. The FBI needs a wiretap warrant to conduct such an investigation, although the burden of suspicion is typically a bit lower than a physical search warrant, it still needs to be granted by a judge for each specific case.
That said, I think this legislation is probably a poor idea. There will be so many foreign companies providing escrow-free cryptographic plug-ins that US laws will be irrelevant. In the end, it's likely that only law-abiding citizens would possess the backdoor-enabled crypto software, which could still be compromised by a third party.
your post, viewed on netscape, is lttered with question marks where there should be single quotes. This is usually (tho not always) the result of using Microschlock software. See http://www.fourmilab.ch/webtools/demoroniser/ for more information. (And my apologies if you weren't using MS crapware.)
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
As others have already notices Bin Laden did two things, avoid electronic communication, and when he did use crypto, he certainly wouldn't be using back-doored software. So essentially, himself and the other terrorists wouldn't be slowed down, our American civil rights would be violated however.
Alright, now to the non-reduntant part of my post. On Tuesday, Tom Clancy was on CNN in the afternoon. CNN had Tom, because Tom wrote a book about terrorists chrashing a plane into the Capitol building, and killing both houses of Congress, and the President. Well, Tom said that the real problem we had in not seeing this coming is that the CIA employs some 20,000 people, and only about 800 of them are spooks. The only way to fight terrorism effectively is with a large, well-trained intelligence corps. We need at least twice, if not three or four as many spooks out in the field, infiltraiting these terrorist groups, so that we are aware of these plans before they something like Tuesdays events happen.
Cryptography isn't our problem, an incredibly small spy system is.
foxxtrot
-- this
There comes a time when we as a people must realize that freedom comes from having certain measures in place to allow us to have freedom. I consider the importance of human lives and families more important than someone's freedom to send encrypted messages that talk about personal matters all the way to pornography or terrorism (they are on the same level of insidious nature, but that is another topic). It is rediculous to think that anyone should have the freedom to allow them to send messages that would steal the freedom from other people, such as their very life. Freedom of anonimity in a "free" country is not of equal value when compared to the freedom to live or the freedom of religion. We must remember that we live in a time in which there are enormous numbers of people on this planet with very easy access to destructive measures. Please, before you wage a holy war for the freedom of press and communication, which I believe are very important principles, ponder upon the loss of human life when technology falls into the wrong hands and the greater value of the gift of life. We can all help protect the freedom to live if we make some correct decisions in the near future. If you are intelligent enough to send encrypted messages, you should be smart enough to know when to respect these higher values.
Backdoor to encryption protocols wouldn't have saved us from this terrorist attack.
The government knew about the terrorists, they even had files on them. Did the government put key loggers on their computers? Did the government suspect them? No, there was no red flags that said "terrorist here".
We know the FBI can bypass encryption, but they need a search warrant. The only way to be effective against terrorists is to scan everyone's email (Think carnivore). Backdoor encryption opens "warrantless" searches, which scares the hell out of me. You have nothing to hide right?
-
Power corrupts. Absolute power is kind of neat. John Lehman, Secretary of the Navy, 1981-1987
Please have some computer savy computer person on your staff explain the following "encrypted" message to you:
Jr, gur crbcyr, va beqre gb sbez n zber cresrpg havba, rfgnoyvfu
whfgvpr naq rafher qbzrfgvp genadhvyvgl, cebivqr sbe gur pbzzba
qrsrafr, cebgrpg gur trareny jrysner naq rafher gur oyrffvatf bs
yvoregl gb bhefryirf naq bhe cbfgrevgl qb beqnva naq rfgnoyvfu guvf
Pbafgvghgvba bs gur Havgrq Fgngrf bs Nzrevpn.
I was going to do this as uuencoded, but gave up on trying to post a uuencoded message.
JET Program: see Japan, meet intere
But what will they use to compile the compilers they're using to compile the compilers they compiled themselves? And how will they compile the compilers they're using to compile the compilers they're using to compile the compilers they compiled themselves? And you have to wonder how they're going to compile the compilers they're using to compile the compilers they're using to compile the compilers they're using to compile the compilers they compiled themselves! Not to mention-
* head explodes *
Uh, sorry about that. Hand me that eyeball, will you?
(Do not sign anything.) -- Fell, Planescape: Torment
While everyone here almost unanimously cries that mandatory backdoors wouldn't work, or that it would amount to tyranny. Think about this:
1) Your openess to this type of legislation depends on how willing you are to give up some of your freedom for security. Ultimately, governments always exist to restrict some freedom (some loony isn't free to kill people after all), in exchange for security. Any freshman anthropology class covers that. Maybe you haven't been affected directly enough yet to think it is necessary.
2) If you think this is some new type of breach of privacy. Come on. Postal mail is already this way.
3) If you think it won't work. As someone pointed out earlier, with Carnivore everywhere, people using encryption without backdoors can be detected (and located). Data hiding won't work for long either. I recently read that a prof. at a major university has developed a program that can make very accurate odds of whether a picture contains hidden information. It can't decode the information, but that just goes back to my last statement.
4) If you think the risk of abuse is too great. Maybe, maybe you're right. But if you're worried about financial information, think about how much goes through the postal system already. And as far as the bad employee abusing information, remeber far fewer human hands will touch your electronic data than your postal mail. Also this gets back to your sense of security. At some point you'll take the risk of your information being exposed to the government in exchange for the safety of not getting hit by a terrorist attack.
Ultimately, to be secure you must give up some privacy. The hard question is how much privacy must we give up in order to achieve that security. It's not an easy question, and I'm not sure where that line should be drawn.
But people, please don't be so naive to think that it simply goes without saying that encryption backdoors are unexceptable tyranny. It's just not so. I agree this may not be the first action that should be taken, and for technical reasons that many have pointed out, it wouldn't even work today. However, it can be made to work tomorrow. And someday, if the other measures we take to secure our world are still incomplete, far fewer of you will be so quick to denounce encryption backdoors.
I argee Completly, This issue is EXACTLY like gun control. Make laws to banning handguns, and the law abiding citzens give up their guns, but do the punks, robbers, murders, rapists, or terrorists give up the handguns? I don't think so, so if the source for GPG is out there, whats to keep them from just using current programmers. Do we think that if Osama is smart enough to use encryption, and get people trained in how to fly planes, that he is not smart enough to have programmers? I mean there has got to be somebody out in the desert that knows how use a AK-47 and a computer. I also don't think that he is going to be jumping up and down trying to get the NSA "patched" verison of PGP/GPG
I'm crystal clear on this one.
They can have my copies of (OpenSSL|OpenSSH|gpg|etc.) when they pry them from my cold, dead fingers.
That, and, as others have pointed out, the algorithms are known and not that difficult to implement. Any self-respecting terrorist would simply ignore encryption tools with backdoors built into them. It would (who am I kidding, will), generally speaking, only be the law-abiding folks who would (will) be injured by this.
And I continue to be amused by the way second amendment slogans seem so appropriate to the likes of DMCA, SSSCA, and crypto regulation...
This is one where I think it is critical!!! to write to your favorite congrsss clown and tell him the negative impact of this.
Please do it quickly!
The idea of putting pilots in an armed fortress of a cockpit is fine, and would probably have been done already (hijacking is not a new problem), except that there are other considerations other than just limiting access to the pilots.
For one, sometimes you *want* access to the pilot. The flight attendants are usually required to talk to the pilots to make sure that everything is going well, or maybe they need something. Pilots aren't just plane-flying automatons, either. They are in charge of the vessel, and sometimes need to leave the cockpit to deal with issues in the plane.
This brings up a point. I've read a report (and at this time, like most everything else, it's just a rumor) that the hijackers attacked the flight attendants and then coerced the pilots into leaving the cockpit where they could then be overpowered. Even if the cockpit was inpenetrable, I doubt that the pilots would stay ensconced inside if hijackers started threatening the passengers or flight attendants.
Sure, armed marshalls would probably prevent some of this (and I think that they're a good idea), but they're also expensive (are we going to put them on all of the THOUSANDS of flights everyday?), and will still not guarantee total safety. Really, nothing will.
My main point is that there are tradeoffs all the time, and it isn't as simple as making it tougher to get into the cockpit. Remember what the (rumors again) reports said, the hijackers on tuesday didn't force their way into the cockpits (which are locked on american planes anyways), but waited/coerced them to come out. Unless you made it impossible for the pilots to leave the cockpit (Something that I think would not go over well with the pilots themselves), you will always have this problem.
Yes, yes, all these things need encryption. But you seem to be confusing your threat model - none of this would interest the government one iota, not even Nixon.
You don't need strong encryption to send your message. You keep forgetting that no one is listening in the first place. Besides, rot-13 would be enough to foil the efforts of 99% of your threat - script kiddies...
Yes, what these terrorist scum perpertrated upon us is utterly horrible. Does it mean that I need to give up my liberties? Privacy? Freedom to communicate with those I choose in any manner I so desire?
NO NO NO NO NO NO! I absolutely DOES NOT.
Banning things does not keep them out of the hands of criminals. It doesn't even keep them out of the hands of the law-abiding. All it does is increase prison populations, and get people more and more pissed off at our government.
It didn't work for alcohol!
Hasn't worked for prostitution...
Hasn't worked for guns...
Hasn't worked for "some drugs"...
Won't work for encryption.
Encryption's been around since ancient times. Even if some terrorist can't get "strong" crypto - hell, they're speaking some ancient dialect that about 2 people know besides them - is that encrypted?
What about the WWII Indian Code Talkers?
I firmly believe that what is needed is a law or two making it a federal offense to use encryption in the furtherance of a felony, creating a catastrophe, or act of mass destruction.
Will it be harder to catch them - maybe. Does it mean that we'll have to work a bit harder? Yep.
Will some other things change? Yep. No flights over Washington DC - OK, seems reasonable. Aircraft carriers on each coast all the time - I wonder why they're not there now. No carry on luggage - GREAT IDEA! About f'in time! Leave me with my keys, wallet, and passport. Make the airlines responsible for each bag to the tune of $10,000 and they'll stop losing stuff. Make them hand it back to you when you disembark so it can't get stolen.
More intensive background checks for those wishing to emigrate to the US - OK. Changing the configuration of airplane cockpits? OK - I wonder why they didn't do that already.
But a wholesale stripping of our right to privacy because of some insane morons? NO WAY.
Tell your congresscritter to focus on eradicating the planet of this scourge but to leave our freedoms alone...
"Those That Would Trade Their Freedom For Some Perceived Security, Deserve Neither" - Ben Franklin.
The irritating thing about this (and laws like the SSSA-whatever)
is that they do little to actually provide protection...
it's as if you lived in glass houses, and _pretended_ that it was brick...
but not shatter the illusion, you never actually knocked
on the walls very hard.(or better yet,
with those paper-walls in some houses)
Law is, in general, little more than the collective agreement of a group of people.
In any large group, deviations become harder to catch,
and either the law fragment (ie separate nations, etc),
or it becomes enforced (police, whatnot).
While does work, there are limitations to what
we can do in the nature of the medium.
A law can't directly enforce itself on someone who ignores it.
If someone else decides to walk through
the glass walls of your house and steal your safe... you're screwed.
Once you give away your privacy,
you give away the all things that separated you as an individual from the rest of the world...
you are less yourself,
and more the one who lies in judgement of your thoughts.
or some such.
-Slackergod
Unknown Terrorist: "Hey Osama, I just installed
the latest version of..."
Osama: "Take this man outside and shoot him."
If a backdoor crypto law is passed, wait till everyone is using it, then crack the keys.
Decrypt all congresses personal email, post those neat little secrets, post thier love letters, bank accounts.
I bet they pass a law banning backdoor crypto and encrease personal privacy laws.
-
Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear. - Harry S Truman (1884 - 1972), August 8, 1950
Your phone rings at work. "Hello?", you answer. "This is the police, we have your daughter in custody." "What?", you exclaim.
"We were tipped off that your daughter exchanged secret encrypted messages, so we are placing her under arrest until we can get to the bottom of this".
8 months later, you find out she was practicing her alphabet.....
-Pat
All they'd have to do is hide no-backdoor encrypted messages within backdoor-encrypted messages, and it would be undetected unless Carnivore automatically decrypted all messages, which conflicts with what the lawmakers are saying -- "only under the oversight of a court".
God. I just read Levy's Crypto about a month ago, and I thought this was *over*.
The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.
We're talking about outlawing every copy of products like Windows 2000 and Lotus Notes, every router that implements VPN, and so on. The impact on US business would be horrendous. And the big money finance folks would just ignore the order.
Traditionally, the crypto issue has been framed as a rights issue with the cypherpunks against the feds. This neglects the significant commercial impact.
Business. Numbers. Money. People. Computer World.
See, I knew someone would say "strong crypto=guns", everybody should have the right to use strong crypto, and everybody should have the right to use guns.
Let me point out what I think is the fundamental difference between these two arguments: crypto, used in anger or accidentally, is not dangerous.
The saying "guns don't kill people, people kill people" is completely true. But guns make it really easy for people to kill. If a kid accidentally uses strong crypto, nobody dies. If a kid accidentally uses a gun, someone will probably be hurt or killed.
Another popular saying is "if guns are outlawed only outlaws will have guns". That's kinda the point. If a police officer sees someone with a gun, he doesn't have to wonder if it is legal or not. Anybody trading in guns is breaking the law, there is no grey area like there is with gun shows, etc. It also means that petty criminals will not easily obtain guns. While it's true that "if strong crypto is outlawed only outlaws will have strong crypto", this doesn't really help law enforcement. If somehow they manage to intercept communication and realize it's encrypted, that'll be as much as they can do. Any outlaw with any skill will pick a good crypto system and make it strong enough to defeat law enforcement. Crypto is easy to use, hide and copy, unlike guns. Anybody with anything to hide would be able to obtain complete privacy, but the average citizen would have none. That's just dumb.
Never mind whether or not making guns illegal is a good or bad thing. That's a different battle. But guns are not the same as crypto tools.
Despite recent comments bey Robert Reich, security is not worth living in a police state. Ever. Particularly when the best possible security is spotty. Israeli's have made the sacrifice of most privacy rights for security. Pretty secure huh? I think the better response to this would be to push for the grandady constitutional ammendment declaring a right of privacy, so that we stop living in a penumbra created by the Supreme Court, a penumbra that can be weakened, or eliminated at any time. Just my 2 bits. Well one more thing. Those folks in New Hampshire had more than a catchy slogan on their minds when they said Live Free or Die. Regards, and please excuse my embarrasingly poor spelling. It's late.
But what will they use to compile...
Easy -- compile the compiler by hand. Problem solved!
Gee, I was just reading and watching on the boob PBS's detailed look at Osama here. If you really read between the lines at things that the people who are bin Laden's supporters and the US gov't's, I really get the idea that the US gov't is full of shit. I definately get the impression that in general the long term goals of the US are to drain the worlds oil reserves, sit on our own supply until that time, and in the meantime deprive it's citizens of these little favored ammendment rights. Basically to control our freedoms. Let the cows continue to work and allow Big business to rule. Keep the poor poorer and the rich get richer. Look at this way, in a very longview: The US has immediate oil needs (ala 1920's) to become a major world power. The middle east is in a state of flux after finally throwing off the shackles of British colonialism. Look at Militant Islam, Oil and Fundamentalism in Central Asia (Salon review) by Ahmed Rashid in the first couple of chapters for that. This benefits the aims of the US to become a major super power. So cold war comes, advances the US as the average Joe needs something to fear (other than his gov't) and is more productive, as evidence by WWI & II. So the cold war ends and one of the major collapses of the enemy is the Soviet Union puts its big foot in the wrong place (Afghanistan) & the Muslim community kick the shit out of em. See the book & the site for more about that. So the 90's comes along & this whole oil thing is basically the big stupid US gov't wanting oil and pissing arabs off. Sadam was a retard. Muslim groups believed they could wipe the ground with Saddam. But we step in with our interests in oil (and in oil only.) And squash Saddam, but don't kill him. Why you ask? Look at a map. Iraq separates some of the major Muslim nations from each other. By keeping him in power we control the area indirectly. If we controlled it directly (we squashed Saddam and setup a puppet gov't) the Muslims would of been pissed and probably would of kicked us out. But instead we leave him in power. Keep a base of operations in Kuwait and there's your oil. Safe and secure. So we fast forward Muslims get pissed because we walk all over them, fund their corrupt leaders which makes it unfeasible for them to be overthrown. And basically they continue to get pissed off at Americans. They make threats, we don't respond. So they blow shit up. (Only the really pissed people.) This makes one guy who wants to be a leader, a leader. Because the most powerful nation in the world's president just mentioned his name 3 times on television. Now he does more and more to get attention. Meanwhile the US gov't just corrupt's what he does and says. Doesn't tell the truth. And basically Osama becomes the next boogeyman. "You can't use encryption because Osama will get you." "We have to have cameras with face recognition everywhere cause Osa will get you if we don't." It just continues and continues. Well the US finally declares war on old Osama and you know what? Much like most of the experts on CNN tell you, there's another Osama waiting to take his place. Well the next guy is Muhammed and the next is Ackmed and you know what? We live in safe society. Because the gov't tells us what to think, what to eat, where to go, what to do. And if we don't, they'll know. And then they'll send Osama to come get you.
This isn't sig. it's banner for advertising.
i am sickened to know that the goverment is already useing this attack as a excuse to remove personal libertys
No laws were broken until the last moment - when the terrorists were in the air. Till then, it was all legal.
Do we no longer have laws against conspiring to commit a crime?
I think its important that we be able to communicate without the government knowing what we say. I wasn't aware that this made me a terrorist!! I'm so upset! And I thought I loved my country! Where do I go to turn myself in? Could you help me out with directions on Mapquest maybe?
Also, something else I just realized - I haven't told my employer about some of the thoughts I've been having lately. I got a really neat idea, having to do with encrypted processing and secure software sales - shit I shouldn't say much more, cause I guess my employer owns my ideas and someone else might see them here and run us out of business! Then we're *all* fucked!
Those who are willing to give up freedom and liberty for safty deserve neither.
Om, nomnomnom...
Apologies if this seems a bit unorganized.
Encryption is for the securement of privacy,right?
e.g. Communications between government agents,joe and jane blow,terrorist cell one and two.
Reciprocal rights are important as well,right?
e.g The KKK can speak their hate as well as I can tell them they're idiots.
If so, do terrorist have the right to privacy?
The net effect of such a law will only be to send crypto into a much deeper and more sophisticated state of development. I refer to cloaked crypto -- crypto which rides within noise or haphazard datastreams or other paths, undetectable and to which therefore it is impossible to apply such legislation.
I'm sure he must. We should ban those too. That is of course, if he's truly behind these events.
I knew it!
That damn paperclip was working for the CIA all along!
I do not deploy Linux. Ever.
-- @rjamestaylor on Ello
Do you have any idea how many people sacrificed their lives to defend
the freedoms which you seem so willing to discard?
Where would America be now if everyone had been so spineless in 1776?
Or in 1941?
Make backdoor into law, then Osama (or whoever) has to install crypto software with backdoor, CIA/FBI can listen in and know when the next attack is going down. That's brilliant. Why didn't we thinkt of it before.
The fight for privacy and liberty is useless. The government will do what it wants and if it fears we won't agree, they'll manipulate events until the majority of us do and the rest of us just have to live with it. I'm not going to waste my energy protesting, because it's inevitable. It was nice knowing America while it was still land of the free. It sure was nice while it lasted.
What a horrible state of events.
Ok everyone, shut off SSH on your servers.
Shut off HTTPS for your bank transactions.
Remove GPG and PGP from your email programs. Only telnet is allowed.
This lets any script-kiddie (aka techo-terrorists) go and sniff your packets and steal your money and cause even more terror.
Oh well. Maybe there will be a new encryption method recommended by our governments that we can use instead of having to run everything plaintext. One that will give them backdoor access to your root accounts.
But betcha it will be closed source. And it will only be available on windows XP. And it will be ILLEGAL to use any other form of encryption on a computer connected to the net. It will be ILLEGAL to use any open source operating system securely.
I'm not really joking. Wait and see. GWB said that freedom is the biggest casualty. Welcome to the real new world order.
Special thanks goes to the A**HOLE TERRORISTS and the INCOMPETENT airport security people and the INCOMPETENT Air-traffic controllers and the INCOMPETENT Pentagon and the INCOMPETENT NSA AND CIA and the Senators who will use these events to push the world into a military state.
Learn to live with the way things are now.
I'm trying.
Here in Germany (I'm a Canadian by the way) privacy is a constitutionally guaranteed right. Too bad it isn't in the U.S.
And too bad freedom of speech isn't protected in Germany. I'll take our problems over there's any day of the week.
"And like that
From the recent poll on the Washington Post:
11. Would you support or oppose new laws that would make it easier for the FBI and other authorities to investigate people they suspect of involvement in terrorism?
Support: 92%
Oppose: 6%
No Opin: 2%
12. What if that meant giving up some of Americans' personal liberties and privacy---in that case would you support it or not?
Support: 71% (less liberty for more security)
Oppose: 24%
No Opin: 5%
Ben Franklin said something like... those who trade liberty for security will loose both.
In the United State, police are empowered to attempt to eavesdrop on normally private converstations.
There is nothing in US law (yet!) that prevents the parties to the conversation from taking steps to prevent the police from eavesdropping, including encryption.
As far as wiretap laws and police eavesdropping on telephone calls, there have been various levels of voice encryption products on the market for several decades, and there has never been any question as to the legality of their sale and use in the USA.
No, the internet should not be exempt from the rules of the physical world, but our rules only say that they police have to get a court order before they can legally attempt to intercept your conversation- nowhere does it say that the parties have to actively assist in violating their own privacy.
The proposed change would tilt the balance of power, mandating that you cannot take steps to conceal the content of your messages, just in case law enforcement might someday want to go over your communications.
Digital encrypted records can be stored indefinitely. I have no doubt that the backdoor key and a record over every message every 'interesting' person every sends will be stored on permanent media, just in case you or I turn out to be the next Martin Luther King Jr. and they need to pull up some blackmail material....
I do not deploy Linux. Ever.
The one thing that governments the world over do not (and sometimes will not) realise is that prohibition or restriction of anything (whether it's drugs, firearms, explosives or encryption) has not, and probably never will, work.
The main principle that I base this opinion on is that the law only regulates the behaviour of people who abide by the law. People who don't abide by the law aren't affected by any of these prohibitions because they don't affect them (unless they are caught and punished). What this means is that the only people that are really affected by prohibition are law-abiding citizens who, by principle, shouldn't be breaking the law in the first place. Therefore, while some lawbreakers are caught, many more are not and this makes the restrictions inefficient and inconvenient for the average person. The law itself is often not a deterrent for people to change their actions, especially if the action had previously been legal, rather it merely changes the method by which the action is performed. So if the government says that you can't do something, you simply do it when the government isn't looking.
For example, when the prohibition for alcohol (which had previously been completely legal) was introduced, people stopped drinking freely in their bars and in their homes and snuck off to "speak easys" (illegal drinking houses) that were often run by the mob or some other underground association. Therefore, prohibition didn't help the authorities and instead helped the underground. Furthermore, since alcohol was illegal this made the demand high and the supply low, so the quality went down and prices went up. People would be poisioning themselves on "drinks" that would contain large amounts of methanol (a chemical with similar effects to ethanol (alcohol) that is even more poisonous), so the incidents of death and blindness went up. Parallels can be spotted between this example and the drug debate that rages on in society today.
The fact that it's cryptography futher complicates the problem as you also being denied your right to privacy (where the government can't legally monitor your communications without just cause and a lot of paperwork - the NSA don't count as they themselves don't spy on US citizens, which is illegal, so they get other agencies to do it for them) but also your right to freedom of choice (the compulsory nature of these provisions means that the backdoors would be standard on all encryption products and backdoor-free versions could not be legally sold inside the United States). Add to that the prospect (which is more like an inevitability) of government abuse of these powers (one poster's example of the French government's "assistance" to French businesses using this power is a prime example) and you have a law that is so dangerous that its misapplication has the potential to completely erode the freedoms of the citizens of the United States. Furthermore, the rush introduction of this legislation after such the proposal of the SSSCA and the WTC/Pentagon/PA terrorist attacks, when the nation is still in shock and grasping for a way to prevent such an event occuring again (which is impossible to do), is inexcusable. The deaths of innocent citizens should never be used as an excuse to further erode people's freedoms in order to preserve "security" in the future (when it's obvious that there is no such thing as absolute or perfect security, only degrees of security).
My advice is, if you haven't already, to start a letter-writing campaign to your congresscritters now because by the time the Supreme Court rules this law as unconstitutional (which it most likely will - at least, it will if judges aren't being monitored 24/7), it may be too late. If enough people say something about it, then you never know how much effect it could have.
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
That's because most people don't realise what giving up your personal liberties and privacy involves. They are unaware of the consequences of letting the government interfere further in their lives. And when they do realise what the consequences are it will be too late. Given that the poll was taken so soon after the tragedy (while everyone is still in shock), it's not suprising that the result came out the way it did.
----------
When the pin is pulled, Mr. Grenade is no longer our friend.
Wanna bet?
One word proves you wrong: France
It is well known that the French government routinely used their 'key escrow' laws (recently liberalized) to collect inside information from foreign firms and pass this information on to French corporations for competitive advantage.
Who is to say that if you are sending confidential contract bid information to a colleage, that the Feds won't pass this date on to a competitor, one that just happened to be a major contributor to the winning party in the last election?
For every highly ethical person in government, there are a hundred G. Gordon Liddys, fifty J Edgar Hoovers, and a dozen Nixons.
I do not deploy Linux. Ever.
Raw data and meaningful statistics should be readily availible. And WE ALL HAVE TO RUN IT ON OUR MACHINES. WE have too or the FBI will hang our rights out to dry.
Internet Revolutionarys - White Hat
Crackers - Black Hat
Enablers through apathy to crackers. Squashed like grape. - Gray Hat.
Think about it, IF WE HAND THEM ALL NON-INVASIVE data they have a much harder case to make when tring to justify collection of INVASIVE DATA and we (freedom lovers) have a much better case to make.
Think about the consequences if noone ever reported gunshots outside their house ever again. That is what is happening right now, and that is why the Government is heading down the path of misery and death at our expense.
I do not know of such a program (or where to get my unencumbered data) If such a project currently exists please me/us to it so I can install it RIGHT NOW!
Novel theory: Modern Man evolved from psychopath
Encryption is the digital equivalent of an envelope. We don't think twice about putting personal letters in an envelope. "Hmmm... You must have something to hide. From now on all your letters have to be on postcards."
Perhaps the best use of encryption is for digital signatures. If governments have the backdoor to them, how can we trust who the message is from, even if it's sent without being encrypted.
As has been posted numerous times, encryption is already available and in source code as well. The bad guys aren't going to stop using it, if they really are.
The rest of this comment is a long rant. Read it at your own peril.
Our politicians are playing right into the hands of the terrorists. It is our freedoms that gives us our strengths. The freedom to assemble, the freedom to speak, the freedom to worship, the freedom to bear arms, and the freedom from unreasonable search and seizure. Our liberties have eroded over the decades. All in the name of security, most especially, our war on drugs. We cannot let our politicians take away from us what the terrorists have failed to do. Our liberties.
America isn't perfect. It has it's warts, but it's a damn sight better than any other country. Yes, we are hated around the world, but why then does everyone wants to come here.
We must take action not pass laws. We must prepare for a long and bitter struggle against those who would destroy America. We have the resources to do it. Americans have always risen to the occasion when in peril.
Shutting the barn door after the horses have escaped is a common strategy of politicians. Yes, we won't be able to conduct our daily lives the same as it was before, but we shouldn't rush to ad insult to injury. I think their should be a sixty day cooling off period before politicians consider passing a law in response to a terrible event.
"You'll get nothing, and you'll like it!"
This is a very nice statement of the problem, and of my position as well. I (like everyone) am apalled by recent events, of course, and am prepared to undergo reasonable (i.e. effective) changes in my life and behavior in response. But stupid, feel-good measures (like some of the new airport security rules) make me angry. As stated here so clearly, prohibitions and complicated rules that only affect the law-abiding population just make matters worse -- by ceding those very liberties we cherish.
The other particular problem with cryptography is that the big breakthroughs are nearly always at the theoretical level. So a new, super-secure product with a backdoor can always be replicated without such a backdoor by a sophisticated computer scientist. And there will always be somebody like that available to fix the inconvenience for the bad guys.
The rest of us will pay the price in reduced freedoms. In fifty years, we'll say the same thing we say today about income tax: "It was a temporary measure, just introduced to resolve a particular crisis."
So as far as I'm concerned, I'm pissed at the bad guys, and I am prepared for extreme measures as a result, on the part of my country and myself; but I hate the idea of extreme measures that are really just bullshit P.R. and politics. Leave the science to scientists.
-- Spiny
-- We all have enough strength to endure the misfortunes of other people. La Rochefoucauld
Cryptography is useless if it has a backdoor, and if it has a backdoor, who will use it?
Ousama will just use an older PGP, while were stuck with "regulated" cryptographic software. This goes against everything we've been working on for the past two decades!
Did the OpenBSD fish start floating belly up!? The idea is utter nonsense!
*moves to Canadia*
"Yeah...it was the numbers that were irrational, not the murderous cult of vegetarians...." -- Hippasus of Metapontum
I am getting so damn tired of people dumping "'Nuff said" into their posts. Most of the time there is a hell of a lot more to be said.
I'm not saying this doesn't exist in some classified gov't lab, but this further indicates our need for a new powerful paradigm in computing. Yes, quantum computers. Keep all the technology classified until it is perfected, then build up a scheme to monitor all electronic communication. I see this as the main objective of a government intent on preventing further incidents as those of late.
Think, without communication almost nothing is possible. If we know ~everything, we can prevent quite a bit from occurring. This is just a matter of perfecting our technology.
One of the main reasons mandkind gets into situations like this is that maintaining our freedoms is WORK.
Blood,sweat,and tears brought them fourth.
The same will be required to keep them.
neither is it some people accidentily living there. It is a people with a common culture and ideals. Freedom and protection of the individual, including its privacy, is one of the paramount ideals in the US of America. This culture is one of the greatest things, the USA exports. And this ideal of freedom is a bright light which the USA is holding high, and which Lady Liberty is a symbol of. Please let not that terrorist attack become an attack on those ideals as well!
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Considering the outrage in the EU about Echelon and the accusations of it being used for Industrial Espionage, i find it very unlikely that any EU country would encourage companies to use software that gives the US a backdoor!
Perhaps if a world-wide agreement was reached, in which each country required a backdoor, then it may be pallatable to other Governments, but i doubt you could gather that many short-sighted politicians in one place!
Even so, it would just mean the same old thing, Law abiding citizens and companies are less secure while criminals are untouched..
Very sad.
If any of you can remember taking American Government in school, one of the first things you learned(or should have) is that your rights *CAN* be restricted, in order to protect you and society. Try cracking a joke about your laptop being a bomb in your local airport... you'll see what I mean.
It is the function of the government to protect you and all citizens. When it is necessary for them to restrict your rights, in order to protect, then they may do so. Whining and complaining about it won't help. Its basically for the good of those affected.
You're nothing; like me.
Hey, if they put in Backdoors in encryption
programms, we all have access to all encrypted
traffic! (hackers break them, give them time...)
I can spy my friend's encrypted mails,
the encrypted vpn of his firma or credit card
numbers from his bank... rocks, huh?
Anthraxx..
OK. For a while, I've been reluctant to say this, but if they are going to punish innocent people with these stupid laws, I might as well go ahead and get myself labeled as a "subversive".
During the time period that 128-bit encryption was restricted, I used to fill out the online form with the following information:
Name: Hafez the Enforcer.
Address: 1 Jihad Way, Baghdad, AL
Of course, Iraq was never available as an option, so I always put Alabama which is kind of silly, but anyhow the point is this: How did they know I wasn't a foreign national who had just signed up for an ISP account? They didn't. That was my little protest against that stupid law.
This shit reminds me of what happened after OK City. They passed some kind of "anti terrorist legislation". Well... excuse me, but last time I checked it was already illegal to blow up a building and kill a whole bunch of people.
I dare say that it's our PARTIOTIC DUTY to violate these laws EN MASSE. Let's point the guns at Bin Laden and his kind, not ourselves.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
This is the height of stupidity.
First of all, the obvious fact that criminals simply won't "upgrade" to the back doored crypto has been mentioned already before.
But... Let's say for argument sake that the morons actually go through with legislation like this. Then what? So the U.S. gov't gets the keys to encryption software - but it could only be for cryptographic software originating in the good ol' USA. Do you honestly think the EU is going to give the U.S access to their encrypted messages especially after the whole Echelon thing a while back?
But ok... let's say that they're really scared right now with the terrorism and all that and decide to go with it. But of course, they are going to want their own back doors too. After all, sovereign nations being sovereign nations want are going to want to exercise well... "sovereignty" of all things, over their respective minions.
So now we have international treaties to regulate these back doors and keys and stuff - after all, the U.S. is going to want access to the same back doors as the EU has and vice versa or else the whole thing would be meaningless.Terrorists don't care about borders.
But do all EU governments get a key. How about other trustworthy friends like Japan? Surely they will want keys. In Japan gets keys, how about oh... Russia? India? If India gets keys, Pakistan is going to insist too. Eventually everyone wants keys and of course its only going to be effective if everyone has the potential ability to read everyone else's encrypted mail - after all terrorism is international, right?
How do you decide who doesn't get a key then? We have to be able to prevent rogues states from acquiring the keys after all. But what about the goold guys who become bad guys because of coups and stuff? Next thing you know even the bad guys have the keys and now they can enjoy reading my grandmother's encrypted mail to her online knitting pals.
But the whole scheme still depends upon bad guys cooperating by using the back-doored encryption software but they won't because it turns out Echelon and ilk can't eavesdrop on "smoke signals" so it makes a come-back in a big way.
in violation of the DMCA ...
Ya great.
thousands more will die just so you fags can download kiddie porn without THE GOVERNMENT (ooo spooky) snooping on you
nerds: cant live with them, cant fit them in that little slot in the shredder lid
Rush Limbaugh
Sure - the individual leader may not be a heavy user of technology... but it would seem, and simply make sense, that his people would make at least rudimentary use of modern communications devices. And in a manner that doesn't leave a tell-tale cable trailing back to Central HQ.
I wish I wasn't surounded by morons.
I wish I weren't...
This message is from an a competent programmer in general but does not have a strong knowledge of cryptography.
That being said, while looking at a book on encryption, I came up with a way of encrypting data that would be easy to implement and might be impossible to break. If implemented correctly, the two weakness this system would have are the initial setup of the involved systems and if one of the systems was penetrated.
Most any programming languages that have the ability to do bitwise operations would be able to implement these algorithms.
Most programmers competent with anyone of these languages, with the knowledge of bitwise operations and some knowledge of math and statistics would be able to understand and probably implement such a system with a reasonable expectation of success. This does not involve advanced math. The amount of memory and CPU power needed are not an issue.
I am aware that most attempts to create new methods of encryption are broken. But most attempts are based on complex concepts. This is simple.
I have not discussed this with anyone and to my knowledge it has not been discussed in any public forum. Up to now, it has been a intellectual curiosity that has not been acted upon.
The moral of this email is that it would be tough to stop people from coming up with new ways of encypting. I cannot be the only one to come up with new concepts.
Backdoors would
1) Let criminals see data
2) Not stop terrorists from sending data cryprographed
3) Could prevent defectors from having a safe route to transmit data to government authorities
This is a bad idea.
The only way to prove that I am sending an encrypted message is to decipher it.
Maybe I just like sending random data to my associates. Maybe I even wrote a cron job to do it automatically.
They have lost this battle, unless you can tell me how to factor 12189544019600288536924072270397577693299817741993 00853293127846357987309028331128460529120710499573 18295542141318685773155600611888540504125422854544 93727447082560288265994001735360945320220106708839 95232542954744643898012924709165655612461951328419 71681716075345296505057707227611390546545362662177 633491857.
They aren't claiming that it can be broken. Just that if it can't, we can bomb whoever wrote it, or at least kidnap them. Maybe torture them a bit to get them to decrypt it for us. Stuff like that. You never really believed we were above that sort of thing did you?
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
It emerges, that some prisoner in germany tried to warn the US government. he even got a phonecall to the White House, but was ignored because he was a prisoner and under psychiatric treatment. Sure, there are enough lunatics making wild claims every day, but nevertheless such hints should be passed on to the right authorities. Before sifting tons of encrypted e-mail, maybe they should consider to followup some cleartext-hints as well. Maybe next time someone wants to warn the government of something he better send some triple encrypted messages around via e-mail, instead of phoning them.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Instead of having easily beatable back doors I would like to see a project like SETI@HOME for tracking down terrorists. I would be more then happy to use everybit of computing power I have to tracking down these SOBs.
The French don't trust their citizens and for years banned all encryption (except some businesses, with them having to hand over keys). They may have, as you allege, used the intelligence in an underhand way. However, I think your reason for 'relaxing' their stance on encryption is mistaken, or only part of the reason. Upon discovering all about Echelon, and the extent to which the USA have been gathering intelligence on French business (and allegedly lost billions due to NSA handing key data for US businesses), it brought about the greatest 180 degree turn in crypto politics seen to date. From a complete ban to full support of strong encryption, with the encouragement of open-source software. To think things had steadily been improving since this article 2 years ago. It would be a blow to the memories of those lost if their sacrifice failed to make the world a better place.
Phillip.
Property for sale in Nice, France
...bin Laden and others like him have the means to get their hands on crypto software that doesn't have backdoors in them. The rest of us won't.
So what the american congress is suggesting is that normal people can't have secure communications anymore. And where is the point in that?
--DarkFrog
If the dead rise again, we're going to have some serious population control issues.
These parties, who aren't enamored of personal privacy, lobby for the abolition of the right to keep your thoughts private. Do they have any sense of the hopelessly overwhelming volume of data we already collect? Even if we outlawed strong crypto and everyone put the NSA in their CC field and wrote in plain, clear English, the spooks' task of defeating terrorism with electronic intelligence would be all but impossible because there's just too much data, and all the meaningful data is probably too ambiguous to stand out.
I think the intelligence community hopes that they can use those rudimentary techniques like keyword searches for a 90% solution. But do you think the terrorists are going to enter their real names and addresses when they sign up for Hotmail accounts? Are they going to spell out their plans in absolutely clear detail using those lovely government-sanctioned crypto programs, now New & Improved with Key Recovery! [After all, who are you going to call if you lose your keys???] No, they'll make their deadly points in completely innocuous language, under names like Fred and Sam and James. Assuming some minimal shared secrets between two or more parties (i.e. we're going to crash an airplane into a building), subsequent communications can be filled with meaning but appear totally innocuous:
"We're booked on flight 1234 to San Francisco this Tuesday for our presentation. Let's meet at 7:45 in the food court of terminal A to discuss the specifics of our pitch. If everything goes well, we'll also make presentations in New York and Washington."
"Okay, great, see you then. Don't forget to bring the visual aids. We want our presentation to make an impact! I understand that Max and Jim have arranged for the A/V equipment to be set up before we arrive for the presentation."
At my last company, I was responsible for cutting down on the volume of warez transmission and storage on our free service. Our traffic was only a small rivulet in a churning global sea of data but there was no way we could keep up. Abusive traffic was obvious at a glance but there was so much of it, we could only use crude, automatic filters to deal with the obvious offenders. To think that big brother's giant electronic ear will solve any problem -- that they will deduce every hidden shade of meaning and get the "inside joke" -- is folly. We had terabytes of data flowing through our system -- nice, neat, clean digital data -- and we were overwhelmed. We weren't even trying to deal with messy data like telephone audio. How many phone calls do we make in this country on an average day? How many are made throughout the world? How are they going to sift through all that data to find that needle in the haystack in time to save the day?
There's no way to stuff the encryption cat back in the bag, so it's high time for the intelligence community to drop their focus on the high tech toys and focus on human intelligence, just like regular cops. Regular cops deal with shady informants, they go undercover to infiltrate gangs and drug cartels and so on. Maybe the CIA and the NSA could partner up with some local cops to learn about good, old-fashioned footwork.
Simply have a large button in the cockpit that says, "Press in case of hijacking".
This button enables the NORMALLY OFF (and not remotely enablable) remote control system.
Just a quick point -
It is probable that most currently available commercially developed and Open Source encryption products already contain government-accessible decryption backdoors simply because of the fact that they are commonplace and predictable. Such a piece of legislation would only affect those who develop their own encryption products which have not yet been analyzed by the National Security Agency.
Why else would Congress to ban something already so prolific? The NSA is not worried about OpenSSH and PGP because they're so easily crackable. The danger is in intelligent, theoretically sound, grow-your-own solutions from competent cryptographers which they haven't seen before. That is the purpose of the proposed ban.
Do not rely on widely available cryptography for anything important, particularly if you're trying to hide your info from the federal government!
The funny part is that both the German and Japanese constitution was written by the American victors after WW2. Well at least the Japanese, I don't know about the German. The allies probably hade more influence there.
I have to laugh like hell... I'm sure if the question "Should the United States devote thousands of man-hours and upwards of $20 billion dollars NEXT WEEK with the intent to eradicate terrorism?" were on the slashdot poll anytime before tuesday, maybe ten people would have voted "yes."
Now that America's borders have been violated and her people murdered in large numbers, such a question would garner a much more positive response.
There's a problem. It's not possible to "can't let this happen." (a grammatical nightmare, but it illustrates my point. sorry.) The terrorists weren't following the rules when they hijacked commercial airliners with knives. This fact is being ignored by certain senators and essay-writers... and lots of other people, too. Some people seem to think the solution to terrorism is more rules - more hoops to jump through at airports, more prohibitions on encryption software that the government can't peek into. Perhaps that would work if terrorists cared about rules.
In "The Price of Freedom," the author's solution is to "make [the terrorists] afraid." Afraid of what? The 18 people who participated in Tuesday's events were so brainwashed that they thought the route to a joyous afterlife was by killing themselves and hundreds if not thousands of innocent people whom they did not know and who had done them no harm. We can kill the terrorists, or let them carry out their terrorist acts. Either way, they die.
I agree with a previous poster - I don't care how fanatics die, just so long as the number of innocent people that go with them is minimal. I just want them gone.
oh, jeremy, last thing -- your essay pre-empted what could have been an enlightening discussion about the evolution of privacy online, if such a thing exists... and it wasn't even that good.
They're called backdoors because you're not supposed to know they're there! It's not existing software the proposed ban is aimed at because they already contain the necessary backdoors.
The ban would be intended to prevent people from writing new encryption software which the NSA hasn't seen before and therefore might to be able to defeat quickly.
Do NOT use widely available encryption products if you're trying to hide anything from the federal government. The backdoors do exist.
If you really want to keep something secret, the only way to be reasonably safe is to create your own VERY VERY good random number generator, burn two CDs of random data, then exchange them and use them for one-time encryption/decryption.
"Do such and such and the terrorists win"
What nonsense. The terrorists do not wish to reform America's crypto policy. They wish to subject the world to Allah's will.
Also, keep in mind that the objective is to avoid losing (or at least, to minimize losses), not to prevent the other side from winning.
But that won't be where it stops. What good will that do to stop terrorism? Do you think any self-respecting terrorist would use a crypto product with a known back door in it?
No, the REAL agenda is to start there and after it proves to be totally ineffective (duh!), it will be "realized" that it must be made to be a crime to transmit any information that cannot be decrypted on demand (by whatever means). Just better hope you're not in the "random number research" field, when that day comes. You can already spend 2 years in the Graybar Hotel if you're a Brit and your "data" gets challenged.
I've listened to the "establishment" crying like babies for years now about how hard it is to fight crime and terrorism when (traitors?) citizens like YouKnowWho write and distribute free software like PeeGeePee. If a terrorist organizer can afford to send a number of recruits to flight training school, and provide their full financial support in addition to tuition, pay for all the logistical costs, etc. to pull such a thing off, I bet that organization can cobble together a "Pretty Good" crypto system to circumvent any silly back door.
It turns out strong encryption is a munition after all.
Now we all know what changed President Clinton's mind about this way back when. I hope God will forgive me for thumbing my nose at the man then, because today there are a lot of people who would not.
Popular movements can make unwise decisions just as governments do. I hope others will reconsider their apparently unconditional devotion to data privacy as a losing position that could generate disdain for related causes. The creation and defense of stumbling blocks for law enforcement is a circuitous, ineffective, and immoral way to combat unjust legislation.
www.gnupg.org
NOT made in the USA... open-source, compatible with PGP.
We are no longer safe. plain and simple. There are a million terrorist ideas any of us could think up. sprinkling kudzu in areas where its not, dumping caulerpa in the california coastline, pouring zebra mussels into the sewer, everyone has a magnetron gun in their microwave.
You cannot stop people from broadcasting stuff over the internet. Perhaps the world wasnt ready for the internet. I guess its like if somehow we invented time travel and it turned out to be cheap and easy to do and how many people would fuckup things.
The future of the internet is steganography engines. Running protocols over existing protocols disguised as other protocols. websites encoded to look like a chain letter or a popular mp3. The BBS's of the future will be encapsulated in other data. Unfortunetly the fucking terrorists will likely follow us there as well. Developing encryption will become treason. It's going to be one hell of a dark future.
Amen.
Yes, I'm left. You have a problem with that?
Encryption algorithms don't hide secrets from people, people hide secrets from people.
Just imagine the implications if firearms and ammunition could be replicated and distributed as easily as programs like GnuPG can. Gun laws would be moot (like they aren't already!), and in a sense the Second Amendment would be like the GPL, because who's gonna stop someone from having a GPL'ed piece of software?
If liberals treated the Second Amendment the way they treat the rest of the Constitution, everybody would be required to own a gun, ESPECIALLY criminals.
Unfortunately the dangers of crypto backdoors pales in comparison to the danger if lawmakers that are all too willing to blindly enact such a law.
- - You can't take something off the Internet! That's like trying to take pee out of a swimming pool.
The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.
Indeed such business makes far greater use of communications than would a terrorist organisation.
Such a law would never actually protect anyone from terrorism.
The same argument against gun control laws applies: anyone can use RSA to write a simple unbreakable encryption package very quickly so terrorists will not be forced to use commercial software. Therefore only terrorsits and other 'bad guys' would have powerful encryption, putting the 'good guys' at more risk. I'd argue that the logical extention of the 2nd amendment would translate into the right to encrypt.
Secondly, this is exactly what the terrorists want the US to do: turn into a police state. This makes the US no better than the countries were are currently deamonizing.
Its my guess Osama bin laden have his own coders/cryptografers that develop his software, i could not even believe in my wildest dreams that OBL would even consider using some Us export approved software. He's not stupid, if he were, he would be president of the MPAA.
If the gov't actually belive their own bullshit, they can go ahead and beef up crypto regulations. This will only be usefull to snoop on privacy citisens and that's what they wanted all the time, now they gonna get backing from Joe Average who haven't got a fucking clue.
How useful is this discussion? I have never seen a slashdot story with so many posts moderated to the 4 and 5 levels... The sad thing is every single one of them favors the exact same side of the story (no backdoors). So everybody sits here preaching to the choir is that the plan? -- lame
While I agree that the genie is out of the bottle on encryption and the government better just find another way to accomplish their security goals, I also think concern for privacy is way overrated. While I may not want my neighbor next door to know how much money I make, I don't mind filling out those surveys with all my demographic information at all. I mean, what are they possibly going to do with it...I am just a number to most of these people. The same thing goes for the police.
I can safely say that I couldn't care less if the police read every email I had ever written or received. It just doesn't matter...information about me simply isn't that useful and you are a fool if you think the information about you matters one iota.
For another perspective on eternal vigilance, David Brin's book The Transparent Society talks about the issues of ubiquitous cheap video cameras combined with cheap communications and computing. The recent face-recognition uses at Florida sports stadiums and the cheap X10 cameras with the annoying pop-up web ads are only the beginning.
Bill Stewart
New Fast-Compression-only CPR http://preview.tinyurl.com/dy575ks
The article that discussed carnivore on
The messages are encrypted and added to images etc
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Honestly it can't. It can be forgotton. It can be hidden. But once it exists and is spread. It will exist for all time.
Createing something new won't prevent the old from being used, nor will it prevent other countries from having differnt regulations.
And how many terrorists are actually going to listen to the law.
Never forget that.
If this "Big Brother" shit goes on, America has a good change of becoming one giant space, where nobody feels free.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Dammit, an airport is a public place. If I walk into an airport carrying a gun openly, people will see it and think, "oh he has a gun", and take appropriate actions based thereon (ie., not let me on a plane). From there it is a very SMALL step to metal detectors, to find out if I have a concealed gun. It is a public place and by the mere fact that others can see and hear what I do, I naturally have a lower expectation of privacy.
Compare to in one's home. If I send an email with GPG, no one can read it. I am innocent until PROVEN guilty in this country and my personal correspondence is MY business. Any private citizen tampering with my mail would be liable to prosecution for invasion of privacy. Now, from this situation it is a very LARGE step to automatically requiring the compromise of the privacy & security of ALL my personal correspondence for the sake of a POSSIBLE threat, since I am in a private place and no immediate threat from me is visible.
See the difference yet?
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
How do I communicate this problem to the vendor without strong encryption?
You'd be crazy to report a security flaw like that. If the company with the flawed product was vindictive or just stupid, they'd try to get you thrown in the slammer as some kind of computer terrorist. Security through Obscurity is a stone's throw from Security through Repression of the Facts and the Destruction of Those Who Would Reveal Us as Incompetent.
When it comes to computer security, the good Samaritan is an endangered species.
With Quantum Computing around the corner, no matter what Encryption technique is used, Quantum computers will be able to break it in a few pico- seconds anyway. So encryption will soon be pointless, and there isnt a damn thing anyone can do about it anyway.
l d.html for more details
Check out http://www.sciam.com/1998/0698issue/0698gershenfe
This sig is licensed under the Free Sig Foundation License, you may re-distribute it as long as you retain this notice
Great statistics - of course they're based on a sample of 609 morons who:
1) Didn't have caller ID and answered the phone
2) Were lonely and answered the phone
3) Thought it was some missing loved one calling from "Out of Area" and just wanted to talk
4) Were some nut cases who enjoy talking to telephone pollsters...
The poll doesn't say what portions of the country they talked to, how many were male/female/hermaphrodites/transsexuals, etc... so the whole thing is suspect...
Try calling some EDUCATED people, and paying them for their time, and see what kind of results you get
5000 people died because of terrorists. OK, there are 40,000 deaths each year just due to highways. So keeping things in perspective. I think this attack hurt our ego more than it did in damage. This is about ego, not about real damage in comparison to other leading killers that have definable causes.
I, Cringely's "A Man With a Hammer" is relevant I think.
Actually they make their jobs even harder because not only will terrorists use secure crypto, it will also be embedded in data files etc. So now the FBI can't even tell that someone is using crypto, so they can't even suspect them.
Left foot! Aim! Fire!
http://www.atomicmpc.com.au/news.asp?nid=411
I think it is a noble thing you are saying, that if you could save a life by giving up your privacy you would. I applaud that concept.
But giving up your privacy won't save any lives. Sad but true. Give up your privacy, people will continue to die, and you will just be a schmuck who gave up his privacy.
The whole point of 90% of these threads is this sort of bumbling treat-the-symptoms legislature has not a hope of protecting anyone from terrorism. All it is is a power snatch in a time when people are afraid and not at their mental best in critical thinking. Your noble sacrifice of your freedoms won't save a single life. So don't do it.
-Kasreyn
Kasreyn: Cheerfully playing the part of Devil's Advocate to hairtrigger
I think you are correct to doubt absolute statements.
But the invalid assumption here is that you can design an acceptable compromise and stick with it. Given any particular security system, if you look long and hard enough, exploits can be found. Then we have to trade more of our liberties for security in a neverending cycle of escalation.
The problem isn't that people can talk privately. They always could, and always will be able to. It's that they want and are able to kill us. We should work on those instead.
If we can truly convice their people that the attack on the US was wrong and that it was only against sinless people, that will greatly reduce the effect of the martyrs.
Attacking the country the terrorists came from will only create more terrorists. No, what we need to do is attack them with information, not bombs. We need to show that the people who died this week were brothers, sisters, fathers, mothers, and grandparents of the world. Not soldiers, but rather people who had nothing to do with the "war".
Information like that would have the impact of several bombs, but without the hatred and destruction. Why do you think the Taliban has banned the internet? Because they think you may find some naked chicks and that you can find how to make bombs on the net? No, the Taliban is afraid of find the truth.
The truth that the US is not out to kill every man, woman, and child in their country. The truth that the attack was un-provoked. Yes, they may disagree with our policy. Yes, they may have every right to do so. But sending planes full of innocent people into buildings full of innocent people is not the way to bring about their complaints.
The only way to stop terrorists is through education. Bombing them simply enrages them further. Explaining to them that human beings are still human beings will take a lot longer, but is also likely to have the most positive effect.
Benjamin Franklin didn't have terrorists walking onto airplanes and crashing them into buildings full of tens of thousands of people. I think you can safely say this situation is quite a bit different than anything anyone could have predicted 200 years ago.
As for "mandatory crypto backdoors", I think it's become a common saying that when encryption is outlawed, only outlaws will use encryption. This is a ridiculous time to be making any hot-headed decisions on something like this. Even if the US did make some inane law mandating backdoors in encryption there are plenty of free and completely open strong algorithms out there to use. What stops terrorists from using these other programs NOT made in the US or writing their own code?
This is the kind of thing that happens after every tragedy unfortunately. Emotional people start making emotional cries for immediate changes. After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people. Banning strong encryption is not going to stop criminals or terrorists from using strong encryption! Hijacking airplanes is also a crime but that didn't stop a bunch of whacked fundamentalist motherfuckers from doing it now did it?
What is exactly the point of the backdoor?
If opensource developer creates a program without the backdoor he will be arrested. But criminals have their own coders/hackers, if we knew who they were they would've been arrested already. What prevents terrorists from using current opensource projects or programs not stationed in the USA?
This is like giving a master key to every house in the states to the FBI. But criminals can still order their doorlocks from outside USA. I hope you all understand that this only let's Feds to prosecute terrosists from using illegal-programs. When they do that the terrorists just become more alert.
If bin Laden or whoever is 'a big crypto user', then how would it help to restrict the availability of encryption to US citizens? Isn't it just a little too late?
-- Ed Avis ed@membled.com
The strongest cipher also happens to be the simplest: the one-time pad.
A child can implement a one-time pad using a deck of playing cards, a pair of dice, or by simply flipping a coin repeatedly.
And the most advanced governments even if equipped with what is now only theoretically possible -- like the quantum computer -- would not be able to successfully cryptoanalyze a message so encrypted.
Are we going to classify playing cards as munitions? Dice too? What about coins: can we devise a currency that is crypto-safe?
Sometimes I feel like I'm drowning in monkeys.
Is this truly the only Earth I can live on?
I'm a Swede living in Japan and I have always been following the cryptography and digital copyright debate with a concerned interest.
The second thing that came to mind when I learned of the tragedy was what pro-regulative forces would take this golden oportunityto bring on all kinds of regulations to the US people, especially
in regard to encryption technology.
It is quite clear to me that 'the land of the free' is not close to as free as you'd like to think you are.
Where I come from,
1. Reverse engineering is not a crime
2. Software patents are not allowed
3. Regualtions on encryption has never been heard off.
Where I live, I've never heard of a cracker ever being prosecuted (there might have been I case or two that I have not heard of, but the point is, the government is NOT being paranoid about it).
I am not saying that lenient laws and or are always good, but they do tend to provide a greater amount of freedom.
Speaking of installing backdoors, it's pretty arrogant to think that encryption software can be made only within the us. Sure, most consumer
software (read M$, PGP) is made in the us, but the only real effect is that consumers will be exposed to backdoors and hardcore criminals will
use something else / write their own code. Especially well funded criminals that can pull of terror stunts like this one.
BTW, I read in Wired that the FBI were pushing carnevor installations to be used 'just for a few days' AFTER the attack, like, there would
be a lot of communication to listen to AFTER the attack? It looks like people are giving in on their principles already.
Anyway, I sincerely hope that America recovers fully both in body and mind, and do not allow this tragedy to be amplified by giving in to
those who might be using it to their own purposes.
Strength to you all.
How about the cold, dead fingers of the victims of terror, who aren't involved at all in your rhetorical exercise, and probably never heard of these programs, but the terrorist community that killed them might have?
I'm not saying I agree with this, but this rhetoric is distasteful, especially throwing around death analogies when you know perfectly well you wouldn't stand to be inconvenienced, let alone injured, let alone killed, for the software in question.
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
..because even if US makes strong cryptography illegal/backdoored, what prevents other countries to let their people use it freely? I'm not talking about the Nato nations, but about other countries that wouldn't obey the US 'suggestions' anyway; those countries one day may keep up with technology.
Think about it: let's suppose that in the US strong crypto will be illegal/need to have backdoor(s). This is a HUGE break point: what prevents those backdoor to be discovered and used against the US one day?
Obviously it would be very difficult to do such a thing. Right. Will it be as difficult as crash four US planes, coming from within the US, into the four center of the US power (military, economic, and -almost- political)?
-- There are two kind of sysadmins: Paranoids and Losers. (adapted from D. Bach)
Looks like the terrorists could win after all.
Destablize the US citizens trust in it's own government.
The terrorists are very well aware of their inability to physically defeat the United States, we are simply a gorilla. This attack was more psychological than a physical attack. By attacking a another country and causing panic, terror, fear, etc. will cause the targeted governement to impose restrictions to that countries population so that freedom and liberty diminish. After multiple occurances of this the citizens begin to rebel against their own government. This is classic behavior in making populations rebel.
If we fall into this trap we will most certainly win all the battles and lose the war.
My heartfelt prayers to the families and friends of lost loved ones.
"I must not fear. Fear is the mind-killer. Fear is the little-death that brings total obliteration. I will face my fear. I will permit it to pass over me and through me."
How many resources did the FBI waste on eavesdropping and what is the result?
There were OPEN hints about this assault - a suspect from Germany had warned the FBI weeks ago. But they did not listen.
They would rather trust information they get snooping on someone than open warnings.
The FBI needs to change its strategy!
..I must say that none of my collegues would use anything less than PGP and RSA even if it became illegal to do so. For one thing, a tiny sentence for using an illegal encryption system is nothing compared to frying for plotting to blow up a building or killing someone.
All that having backdoors in all crypto systems would mean is that me and my collegues would have a much easier time getting access to potential targets, as we could use the backdoors to track movements of important businessman and politicians, by breaking into systems of them and their collegues.
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Carnivore and Echelon won't work against terrorists.
Government even knew the dastardly attack was coming.
Quote: "THE U.S. NATIONAL Security Agency (NSA) engaged the so-called Echelon communications monitoring network, following on warnings of possible terrorist attacks, as long as three months ago, the Frankfurter Allgemeine Zeitung (FAZ) newspaper reported."
People were complacent - because they knew billions was being spent on Carnivore & Echelon for just this sort of problem.
Terrorists know they are being looked for by Carnivore and will get around it by other measures.
When not planning face to face - they would use personal couriers.
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.
I have always said - terrorism is just the excuse they use, the US to raise funds for Carnivore - the UK to justify R.I.P. bill - to spy on the people.
The "you've nothing to fear - if you are not breaking the law." argument is made to pressure people to acquiesce - else appear guilty.
It does not address the real reason, why they want this information - they want a surveillance society.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances available for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you - IT IS A LIE - TERRORISTS WILL GET AROUND IT.
The authorities hide simple solution to trademark and domain name problem to abridge your free speech rights. The US Government violate the First Amendment - WIPO.org.uk
Unless, of course, by freedom you mean freedom to express your singular viewpoint. That is not a freedom, that's a tyranny.
-- @rjamestaylor on Ello
I doubt it, "Oh dear crypto's illegal we'd better stop using it for planning all our illegal activities" :-)
I guess it will enable the law enforcement agencies to spot the supposed 'bad guys' easier, ie guilt by association. "You're using crypto so you must have something to hide"
Exactly how would an application sit in a world of free choice?
In order to be effective it would have to be binary only, and have anti-disassembly methods built in. Does it then follow that you'd only be able to run it on 'registered' OS'es and systems, which would have the same requirements placed on them?
Who would make this software I wonder????
It might be available gratis but there would be no way to determine that it did what it was supposed to or whether it was suitable secure that other parties couldn't crack the system.
These ideas are far from the idea that I have of freedom.
Terrorists force their ideals on people though fear and intimidation, don't let the government terrorise it's own citizens.
I disagree - now what ? I don't know if you all remember the RIP Bill that has now been made law in the UK. Take a quick look at the 3 minute guide at the Stand home page. The RIP Act relates to encrypted data such as email. Failure to decrypt your data when demanded to do so is a criminal offence and subject to a maximum penalty of two years. Forgetting or losing your password/key is no defence and you are presumed guilty. Please take a look at the 3 minute guide. I, like many others, disagreed with the RIP bill and faxed my MP asking him to oppose the bill. It still went through. In response to your question about what to do if you disagree. I still think you should contact your politician. Get your friends to do the same and be careful that lesser bills don't become law. Just my 2 pence.
I mean: How will they stop me (and Bin Laden) from writing my own crypto-software and use it for what ever i please, or even upload it to Debian-non-us? Does the US government really think Americans are the only ones who can write cryptography-software??? Now how dump is this?
They hit you pretty hard, are you too scared? You either create more terrorists or you try to wipe them all out, trying to wipe them all out wont work and what you are left with is a couple of determined people who no longer care about preserving life anywhere anymore.
Consider for a moment what a group of determined people with nothing left to live for and no lives to preserve anywhere anymore could do (think filo viruses).
Its not only a-moral, its just plain stupid.
Think about this:
When [guns|crypto|...] are/is outlawed,
only criminals will have [guns|crypto|...].
StarTrek.org Free Webmail
The best warning a terrorist organisation can think of - and the government gathered no
information...
and
The idea was always there that congress might have to restrict the freedoms of those living within the republic to protect the common good, especially where individuals were trying to provoke the unimaginable horrors of war. Sure you can have a long debate on exactly where to draw the line, you can disagree with where they are currently suggesting the line be drawn, but lets not pretend its quite as simplistic as your one quote implied.
If you disagree with what they propose then demonstrate alternatives or show why their proposal is worse than the threat faced by the USA. There are good arguments to be made, there are quite probably better ways of dealing with the threat but if all you do is run out old quotes then you are doing what Franklin said;
--
Nic (expecting to be moderated to -1000 but figures it needed to be said anyway)
Bad guys like /usr/bin/laden will not use non-backdoored crypto software if that is illegal by the law of the US...? Hey c'mon.. This sounds exactly as stupid as wondering how the terrorist can get into US when the immigration form asks "Are you terrorist?".
and I don't mean the bombings. I mean the chuzpe of people trying to profit from that. yes Mr. Congressman, I'm talking about you.
many people have pointed out that this was a low-tech attack and what the intelligence agencies need is more footwork instead of more high-tech toys to play with. that should be the rallying cry: stop playing with high-tech and do your work!.
I want to add that all background information on Bin Laden strongly suggests that all the talk about him being a crypto buff is very obvious bullshit.
the guy has had digital watches removed from his vicinity because he's afraid any and all pieces of high-tech might be used to pinpoint his position and/or kill him.
you should really make posession of a brain a mandatory requirement for your congresscritters.
Assorted stuff I do sometimes: Lemuria.org
I could agree that governments should be able to check
any media to track criminal communications, but since
it's incredibly easy to send secret informations on the
Internet without encrypting them, this will result in a
general limitation of civil rights for common and honest
people, while real criminals will continue to communicate.
And, believe me, there are -infinite- ways to hide
data in a way they won't look like encrypted.
NSA, FBI and others will throw away your money (I'm
European) to enforce unhetical (and unamerican) laws
that will take away your freedom without giving anything
back.
That's like blindly bombing the Afghanistan, killing
thousands of innocent people, to hit the few ones that
led the terrorists. It will work as it worked for Saddam
and many others: it will not work.
Besides that, my condolences to everyone lost their
relatives and friends in that catastrophe, and my tears
to everyone died. My heart is with you all.
--
Nic
Usually when key escrow and other backdoors comes up I use the following argument:
Why not just pass a law that says: You can use strong encryption for anything - unless you are a criminal.
This usually make people wake up and see the ridiculous in passing a law that prohibits strong crypto.
Carnivore was in at ISPs on Wednesday and will be into Tier 1's by now. Remeber to intercept 'net traffic you have to look at ALL the packets. To trap "encrypted" data whatever that may be you have to read 'em. Imagine the power to open ALL snail mail and read it to check if it's suspicious...
There's a distinct danger that this kind of monitoring will be installed, relatively unchecked, with Civil Rights groups unable to mount a credible defence due to the devastating nature of the terrorist attacks. This will happen not just in the US but easily in the UK, France and Australia who have similar laws or technology in place.
And once it's in, you can bet it won't come out again. Think 5 years down the line...
I for one agree totally with this. I believe ALL encryption software should have mandatory backdoors that are made known to the public. This should only be on the condition that _congress_ and all other government and military departments also have backdoors in their software and make them available to the public also.
This bill must include corporate systems such as CSS, WMA, and the digital rights management proposed in the SSSCA. This is the sort of law that will bring the USA into the 21st century. And, hopefully other countries will follow your wise lead in proposing similar laws, instead of taking advantage of the fact that they now know everything you say to each other, your corporate, military and government secrets, and the codes to your nukes.
Is congress mentally retarded or f*cking what?!?!? How do they hope to pull off such a b*ll sh*t plan? Why on earth would they think for a second that some terrorists would decide to do the legal think, and plan their attack using 'legal' crypto software?
Where do they get the MOTHER F***ING IDEA that they are the only f*cking people on the planet, and the only people who can write software. Why is this always the case in disaster movies? (no don't answer that i don't care) This is the sort of thing that gets me p*ssed off so much, that i wish to god that the hi-jackers HAD hit congress and put those dumb sh*ts out of their misery. You'd think that a government could have even the most basic understanding of technology that it and the world relies on. Please wake up to the fact that you are not the only country in the world. The laws that you make, have no effect on anyone else and just make them want to stay away from your slowly-becoming-socialist society (spelling?)
-tfga
This comment does not represent the views or opinions of the user.
They'll take my crypto when they pry it from my cold dead hands.
Of course they wouldn't. Any proposal to add such a back door is just a cynical attempt to coast it into law using this atrocity as a pretext.
So if terrorist would be using real-life mail-pigeons, it would be forbidden to use them, and be killed?
Famous last words:"but...."
..for legitimate law-enforcement surveillance is precisely:
Nada.
Eavesdropping at will, without warrants or warning is however, perfectly suited to the needs of a future J. Edgar Hoover seeking to harass and intimidate a future Martin Luther King.
Congress can *consider* requiring backdoors all they want. I, however, am one Jew who will not comply.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
It's not the idea so much as the potential to abuse the power. That what turns my stomach. It's one thing to prevent a disaster like happened Tuesday. It's another thing to use it to protect the profits of corporations. I just don't think we can trust them to do one and not the other... :(
As far as i know from reports i've read terrorists know very well not to rely too much on electronic communication, the US pubblicize a lot their technology abilities. As a result no terrorists probably use cell phones or email anymore. Plus i dont think europe union agrees on backdoors in encryption, that would make industrial espionnage too easy.
i'm sure the fbi had a thousand e-mails from bin laden, and they would have known about this terrible act for a couple of years, if only he hadn't used that damn encryption.
COME ON! the world needs to finally get rid of those conflicts in a dimplimatic way; encryption is NOT your enemy. but this wouldn't be the first time the u.s. government acted against their people (remember the dmca?)...
Although I have absolutely no use for cryto especailly for email, this doesn't make any sense. Think about it. All it means is that people will create non-mainstream private crypto programs for their own use?
Comment removed based on user account deletion
"Order number 83093058: ship 2,000 sprockets, part # 31416, and 1,000 cams, part # 2718, to arrive by September 11. Ship to our Chicago warehouse." (Translation: attack target 31416, World Trade Center, and target 2718, Pentagon, on September 11 at 9:30 local time. Use attack plan "Chicago", hijacking planes and crashing them into the targets.)
So on the one hand, we have no privacy, and on the other, the terrorists have to sneak codebooks into the country (except for the homegrown militia types, of course). Doesn't seem worthwhile to me...
There is abosolutely no point in trying to put a backdoor into encryption, for the purposes of spying on organizations such bin Laden's network. The simple fact is that a terrorist organization can simply right encryption software that does not have a backdoor in it, and with very little resources, I mean the source code for tons of encryption algorthims out there already. If a terrorist organisation can learn to fly large civilain planes, then it is really dumb to think that they can't write there own encryption software.
As a good example I managed to re-write my own public-key RSA based encryption system in about a month (all code algorithms written from scratch). And this is my spare time.
The only consequence is that the law-abiding ciztens and businesses will be using encryption based systems which are inheritally weak, and hence very prone to industrial espionage or crackers.
Indeed. Gun control is of limited use because people who really want a gun for illegal purposes will find a way to obtain one. Restricting encryption is similar but several orders of magnitude less useful because writing and copying encryption software is much easier and quicker than manufacturing and selling guns - and, as many posters have pointed out, you can hide it with steganography.
And how much was the Internet actually used by the group who attacked the WTC? Probably most important communications would be done in person. The US is so wrapped up in technology that they fail to see how low-tech methods can be just as effective.
Does anyone really thing a group clever enough to organise these attacks - they may be fanatical and totally insane, but they're not stupid! - would be significantly held back by such things?
The people we need to worry most about will find ways round this. It's only law-abiding citizens trying to protect their credit card numbers and at best minor petty criminals who will be inconvenienced.
As for people saying the government will pay anyone using encryption an unfriendly visit... well I'm sure there will be enough people who care about their privacy that they will spend a lot of their time chasing down people who aren't important. What can they do, put everyone using unlicensed encryption in jail?
It doesn't make much sense to demand that open source products would have to include a backdoor. After all, it would be trivial for anyone, including terrorists, to remove it should they want to do so.
So maybe this would only affect binary-only software.
The main problem I can see with coding a backdoor into crypto software is that it effectively forces one to fight using "security by obsfucation," meaning the security of the software relies totally on the ability to keep the backdoor secret, and since everyone would know the software had a backdoor by law, the number of people attempting to figure out ways to hack the backdoor for their own benefit would be staggering.
I can't believe how fucking stupid people are, how the fuck are backdoors going to do anything when the people who we need to track won't have backdoors in their software?
Plain fucking stupidity.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
I'm currently writing several quantum crypto algorithms and I'm no in the USA.
I believe that the slight possibility that criminals will use strong crypto is less an evil than big brother's thought police going through all email.
- Kaos games and encryption systems developer
Now you get to the difference between a code and a cypher. What we think of as cryptography, and often mislabel as a code, is really in the space of cyphers. Codes are something else - where there is not a one-to-one correspondence between visible and hidden messages.
I'm going to risk making an idiot of myself by misusing some terms, and say that crypto and cyphers are syntactical, where codes are semantic. In other words, you can apply crypto to any message. On the other hand, code is usually geared toward a specific set of messages. Your 6lb baby boy code could probably not be used to securely send your credit card number.
Cypher/crypto is more generally usable.
A code is more specific, may be more easily hidden, but would more likely fail in long-term usage.
It kind of interacts with the idea of a one-time-pad as explained in "Cryptonomicon", except that continually developing one-time codes that would retain innocent appearance seems like it would be awfully tough.
The living have better things to do than to continue hating the dead.
If this is going to fall away, I'd really rather see key escrow than back doors. A back door is a fundamental breach of security, can be discovered by someone other than the FBI/CIA, and essentially renders the crypto useless.
Key escrow on the other hand, retains the basic security of the algorithm, even though the FBI/CIA may have access to your keys. At least you are secure from others.
But from a different perspective, it is possible to gracefully back out of a key escrow situation. It is possible to cease requiring escrowed keys, and to generate new ones held by a different mechanism. What's key is that the industry built up around the algorithms can remain in place, and that part of the total solution can be trusted.
The living have better things to do than to continue hating the dead.
...but I posted on September 11 basically suggesting that this is exactly what was going to happen. The only way to effectively protect a nation against terrorist attack, short of major changes in foreign and domestic policy aimed at eliminating inequality, is establishing a police state.
Wave bye-bye to most of your rights if you live in the US. I'm willing to bet money that within a year, you're going to be looking back and calling 2000 and 2001 the glory days of privacy.
The terrorist could simply pack his message into Adobe eBook files and have everyone arrested who dares to decrypt his copyrighted work...
No matter how much we in the non-American sector need to bow to DC, surely we wouldn't go so far as to make everybody use crypto which the US can crack? It's bad enough that the US is bugging EU e-mail (with UK help) to the benefit of the corporations. What chance would non-US companies have if they can't keep company secrets?
...that the men and women in the USAF would be willing to employ F-16s and drop nuclear weapons on Des Moines, Los Angeles and Dallas? Especially considering that there may be only 10% of them who are "resisting"? And that many resisters are in charge of infrastructure items like dams, power plants, banking systems, and information technology?
Large weapons are good for large targets. A resisting populace is a bunch of little targets. F-16s and nuclear weapons are no good against your own people. You have to send the army in with guns. And locals armed with light arms ARE an OK match for that kind of warfare. As we proved in 1776.
324006
Linux vs BSD flamewars aside...
http://www.openbsd.org/images/tshirt-7b.jpg
By adding a backdoor you are adding a known weekness, chances are others will find it and will then be able to readd your email as well. They claim warants and things will be needed to use this backdoor, but thats really not going to stop a law enforcment agent or anyone else who manages to get there hands in the right place from reading your encrypted stuff. Do you really think the US government and military will feel confident enough in this system to use it themselves? I dont think so, and if they wont use it neither will I (and even if they did I would just laugh at their stupidity and keep using opensource crypto)
and what ever happened to capitalism? Munitions laws already push encryption companies over seas resulting in the loss of money for the US, this will just make it worse.
"They that can give up essential liberty for a little safety deserve neither liberty nor safety."
We must fight this.
only the outlaws will have guns. If US citizens can't have crypto sw, how will this keep terrorists from getting it? This is NOT a solution to a problem! It might help the FBI against the Mafia, but probably not. They are barking up the wrong tree here.
See the #2 question on the FAQ at the Jews For the Preservation of Firearms Ownership homepage for more info (A. Hitler did say something similar, though, and they have it there). I took off my Hitler quote bumper sticker as a result - no use giving the anti's more ammo.
cheers,
-J
http://carpediem.da.ru
How is a back door going to be used by the government only? If there is enough information in a signal alone for the government to decode a message, then someone, somewhere, will figure out a way to decode it too. Congress is simply asking for the impossible.
https is done through SSL normally. One could however use an ssh encrypted tunnel to get to a normal http site.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
This sort of thinking is insane. I know we're all computer geeks of one form or another, but to make the claim that we would rather have more spooks walking around than more spooks listening to our phone lines is pretty silly.
The argument is:
Govn't needs to know stuff, but we don't want them listening to OUR stuff, which they will, because they don't trust them.
But, if they use spies instead, they won't want to listen to our stuff anymore. Nosiree; I can't imagine an FBI/CIA/MI5/(insert TLA here) agent poking his nose into MY business! After all, I don't do anything bad.. why shouldn't I trust them not to spy on me!
I know that electronic surviellance is much more cost-effective and can be used indiscrimantely.. that's it's power. But we don't need to have technology to have a police state.
Incidentally, I can't see any argument about cryptography really going very far; I doubt many people right now really want to talk about technolgical issues.
In a way I have one slender hope in all of this which is that the US government remembers how it won the cold war - or perhaps just remembers the words of Jefferson again;
The US military is awesome and impressive but Coca-cola and Baywatch are probably more effective in the long run. To some extent I think OBL and his ilk are well aware of this fact and this is why they want to provoke a shooting war rather than face certain defeat against what they see as the softness and corruption of western culture and prosperity.
If you really want to destroy everything these people stood for then fight them on the same ground as the USSR was defeated - prosperity, freedom and frivolous consumer goods nobody needs but everyone wants[1].
[1] OK, tongue slightly in cheek on the last one but not entirely.
--
Nic
I agree completely that there is nothing stopping these people from writing their own encryption software. It seems that they had to come to the United States for their flight training. I don't think the same would be true for Mathematics or Computer Science - and the open nature of academia would make it nearly impossible to keep anyone with half a brain from writing good encryption software.
My only worry is that this open nature of academia, and perhaps more likely open source software, will come under attack after this tragedy. Let's hope the misinformation doesn't run too rampant.
My Karma was at 49, then they switched to words. All that work for nothing!
I just read "The Devil's Code" by John Sandford last week. It addresses backdoors for the gov't in encryption. Pretty scary remifications are possible, but of course this is just fiction. or is it? :)
You can check the book out at Amazon here.
Or just search for ISBN 0399146504.
Then I pray to God he isn't a Linux user too :)
--trb
'nuff said
Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber home page.
So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom.
The ideas behind public/private key exchanges are too well known in this day and age, and any experienced programer, could, in theory, replicate them as nessisary for his own use.
Or, completly re-structure them to be more complex and less friendly..
Mabye they ought to require all compilers to detect crypto-like tactics and put backdoors in them..
windex
the top guys get the gain of power and wealth, they are a very small minority. The leaders of terrorist supporting countries are not the top guys, they are being victimized also. There is nothing they would like better than to be left alone to rape and pillage their countries economies, but they realize that they have to pay for the privalage to do so to the real power brokers, the heads of the terrorist. The gov leaders are vulnerable to us through economic attacks, because they are money driven.
The majority of the people are just plain going along with the program so they'll be left alone with what ever they have. They know that there are a few but dangerous extremists who will not hesitate to destroy their lives for any opposition. They majority live their lives having money extorted from them, told where to go, what to say, and what to do to "support the cause" and they do for the gain of being alowed to keep what little they have.
The larger minority is the fanaticised, they are in it for the glory of "God". When they die they are taught that they go straight to heaven. These fanatics are used by the real top guys to enforce and protect their agenda. Their vulnerability is their religan!
The world needs to learn about Islam so that we can crediably quote the Koran and turn it against the fanatic. I'm sure that there is enough stuff in there that it can be twisted to mean anything that a competant oritor wants it to mean and we want it to mean things don't kill babies, don't shoot your brothers ect.
And if we fail at this we need to send the fanatic to the next world less a hand (for stealing that airplane), less a couple testicles for commiting evil in Allah's name (keeps'm out of heaven, removing his gain) and less a head for killing. Or at least make him beleive this will happen. I remember reading about an terrorist attack against the Soviets, they sent the terrorist finger to his next of kin, end of attacks.
Without the fanatic, the whole thing crumbles. The top guys loose their soldiers, and their is nobody to extort from the national leaders or the majority of the people living in those countries. And an other thing is, make no mistake about these clerics, presidents and terrorists leaders are no differant than any christian Bible thumpper. Just watch'em hard enough and long enough and the majority of them will prove to be hippacrites also.
Take out the legs (the fanatics), then the head (the few leaders that actualy profit). don't worry about the rest, they'll be happy to live their lives in a civalized manner.
Apocalypse Cancelled, Sorry, No Ticket Refunds
From what I understand, there will be one universal De-Crypto key for all cryptographic software.
Cool.
How about one master key for all the doors of the world?
I guarantee you that I will have a copy of that key (for the doors) within the year.
I'm sure they'll be for sale on every street corner in New York.
-S
We Apprentice Developers and Designers
If its a crime to carry a Blowfish, then only criminals will carry Blowfish.
Are you aware that in many areas a CHILD can purchase a THREE POUND baseball bat? There is NO purpose for such a heavy bat except for hitting things VERY hard. Now, I wouldn't interfere with people using a bat for sporting purposes, but they should be carefully regulated as well.
I was told that the sales of baseball bats in Scotland are very superior to the number of baseball players. Do you know some baeball team from Scotland?
__
Men with no respect for life must never be allowed to control the ultimate instruments of death.
GW Bu
Personally, I say so what?! Let them put backdoors into crypto software. Are we not programmers? Can we not program our own cyrpto software in just about any language?
You probably should be using your own crypto software and not someone elses anyway!
Playing Devils Advocate:
I personally have encryption schemes that I've written in c++... I have pgp attached to my e-mail and posteed my key on my site and slashdot.... I have never had anyone use it. I have never truly used it but once or twice just for fun. How many people actually use PGP? Really..... what do any of us have to hide? I've got nothing. Really your probably only using it if you do something illegal right?
The average Slashdot Reader:
I am also your average slashdot reader. I read it everymorning and post once in a while.... I don't have much karma and don't really care (karma = 18). I feel that we all need the right to privacy and do not like the idea of someone else reading my "personal" e-mails to my friends. I don't like the idea of big brother watching over my shoulder. Anyways, something like this will only hinder the honest people. The criminals will find other methods and ways around the system....
So which one are you?
Personally it sounds to me like the pro / anti gun movements...
Anti-gun people say it will only hurt more people in the long run... the pro-gun people say that the criminals will find another way to get guns and only the law abiding citizens will be hurt. Where to you stand?
I do not have the answer, and feel that there is no answer. But we are all programmers here, and we can program our own software and no one can stop us there. Therefore I don't see how any such law will stop the criminals if they can just get someone to program it for them....
Just my rambling thoughts
Linuxrunner
www.slightlycrewed.com - Because aren't we all?
After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people.
Yes, but there are a lot of guns out there, and it is really easy to get one. If having an armed population translates into a lower crime rate, then you would expect the US to be the safest place in the world. IIRC, there are some states where the guns outnumber the people. And yet compared to other first-world nations, the US has the most violent society, the highest crime rate, and the largest % of their population in prison.
Violence begets violence.
*** Where are we going? And what's with this handbasket?
...Any backdoor will be cracked within five minutes and decrease the barely acceptable security on the internet now, and could kill the concept of e-commerce.
Do you really think some justice department drone can write a crypto algorithm just weak enough that it can be broken only by the government but not by guys who want to steal credit card info by sniffing out Amazon.com?
A known backdoor will be exploited by everybody but the government, who'll probably end up needing a warrant to go in through the back door.
Wait, let me guess, Windows 2000 Service Pack 3 removes the high encryption feature... Failure to install = 20 years prison.
Great plan.
Who did what now?
I wonder if any of these over-reacting political figures have given thought to the fact that by putting backdoors in encryption schemes that we could be potentially endangering our social infrastructure? I mean, if backdoors are in place what is to say that someone could not steal the tech to unlock it, break the tech, or have a double agent in our government. If this took place then wouldn't all bank's, fund's transfers, private defense contractors, businesses, etc. encrypted transactions be vulnerable. Which are all potential targets for info-warfare. This could actually help terrorism, not hinder it. Some how I feel that the people who are arguing for back doors have not sat down and thought about this logically. We cannot stand to lose our freedoms by blind reactionism.
We need stronger encryption to protect us, not backdoors!
Anyone think of creating a system to do security surveillance voluntarily? That's the only way I can think of to give the feds what they want without letting go of our liberty. If we can put one in place ourselves, then hopefully we can do it right and not put ourselves at the mercy of the NSA's Echelon and key escrow.
Help me design such a system... I'm envisioning a community project, somewhat like a neighborhood watch. ISPs can attach it to their networks to collect and monitor plaintext traffic. The keywords that investigators are interested in will flip through the system (somewhat like freenet's searches) so 1) messages that match their search profile will bubble up to the top of their searches, and 2) the community can monitor what they're currently searching for and perhaps have some way to vote into how much info we return during their witchhunts.
As far as strong encryption goes, it's here to stay no matter what, but at least we can devise a tracking system based on the information we DO know (senders and recipients, sources and destinations, and causes and results of such transmissions) and perform statistical analyses to infer if something is about to go down (I'm most of the way through _Cryptonomicon_, if you haven't guessed).
At it develops, we might be able to spread it out into people's houses... How many of you people with webcams wanted to set up a home security system that would page you if it detects something suspicious? We could have our computer networks watching over our property, scan our parking lots and streets for vehicles reported stolen, and the best part is, if we can keep it open, we can control exactly how much it sees and how much of our lives we want to keep to ourselves.
This stuff is coming (it's already here in some parts of the world). I think it's up to us to make it our system, a friendly community neighboorhood watch program, and not The Man's.
Oh, and Netscape changed my email account to "RAndruscavage" when they merged with geocities way back when. So don't bother rwa2@netscape.net about it.
Mandatory backdoors and other invasive technology represent a far greater threat to freedom than any terrorist. Enacting big brother style government makes a mockery of all the things that this country has fought for since it's founding.
Friends don't help friends install M$ junk.
From the Washington Post article George Bush Sr says:
But I went to CIA at a time when CIA had been criticized properly for some things, but unfairly attacked for many things that it shouldn't have been attacked for. And what happened out of that period was that many of our human intelligence sources dried up. If they see there is some muckraker going out to CIA and considering everybody out there as doing something bad or naughty, and if they see the names of our intelligence sources released, those sources dry up.
And so, human intelligence is kind of a dirty business. And in it, you have to deal with unsavory people. People tried to make a lot out of the fact that at one point the intelligence community dealt with Manuel Noriega. Well, they did, but it isn't a nice, clean business. And if you're going to infiltrate some cell somewhere or a terrorist cell, you have to deal with people that are willing to betray their country, people that are willing to betray their friends, people that want money or other things. And it's not pleasant.
But if we're going to provide the president with the best possible intelligence, we have to free up the intelligence system from some of its constraints. You have got to always respect the privacy and right of an American citizen. But I think they ought to take a hard look now at whether we've gone too far in denying the people that run the intelligence community access to human intelligence.
You know, you can tell a lot from science. When I was president, during the Gulf War, they could tell me exactly how many troops were where on the front lines. They could say which direction they were moving. I remember getting a thing from Saddam Hussein via Gorbechev saying, ``Well they're pulling out.'' Yes, they were pulling out of where they were, but they were going south toward Saudi Arabia. We could tell that from intelligence.
But what we couldn't tell is the intent. And the only way you can measure intent in intelligence is if you have human intelligence, if you have people that are really willing to risk their lives for a cause--and sometimes they'll risk it for noble reasons, you believe in democracy and freedom--and sometimes they risk it for more selfish reasons like money or women, you name it.
And it's not pleasant, but I think we're going to find that we have to do more in the way of human intelligence and that means we're going to have to take a broad look at exactly what constraints the intelligence community, not just CIA, but the community itself, is operating under.
And I think it's important to recognize that all this new Internet technology that you guys know so much about has to be reviewed, in a sense, to see whether we're constraining our intelligence communities from getting after the culprits that may be American citizens. It's not pleasant.
I'm personally AGAINST encryption controls, but please choose your analogies more carefully -- do you think an envelope is "unbreakable"? Don't you think that your mail can be monitored and opened with the support of a warrant issued to law enforcement by a judge (or without that level of oversight for that matter)? I hope you can see the (admittedly imperfect) corollaries between the "quite-breakable" envelope and breakable encryption.
The idea isn't that we're going to hit terrorists individually, but states who sponsor terrorism.
What people often fail to realize is that sponsorship comes in many forms:
- Money
- Sanctuary
- "looking the other way" (ie. Yasser Arafat's "What terrorists?" face)
The point is that what happened in New York was a large, complex, expensive operation, and that more than likely there was another country involved giving either financial or actual help to the operation (training, etc). A country just participated in an attack where thousands of civillians were killed in the U.S. and you think we shouldn't do anything? The point is that any country that actively participates is the target, not just the terrorists.
In fact, it could be argued that the country is a more important target because it will become an example to Pakistan and Iraq, and anybody else that harbors terrorists.
Frankly, this is the right strategy, but we also need to change our diplomatic policies.
Translation: We can't walk around and talk like we own the place anymore, because we don't.
What Bush is doing with this coalition is the right course, but it needs to continue in other parts of our foreign policy.
The title "leader of the free world" is just an expression: You don't actually get to tell other countries what to do.
Who did what now?
I spoke with one of my professors in cryptography a month or two ago reguarding crypto algorithms that are being used. When the subject of terrorists and bin Laden came up, so did stenography. The idea: encode your message into a pornagraphy image, post it on the internet, tell your terrorist buddies that so-and-so has nice tits on some-porn-site.com. They know how to extract the data and we have no clue. There is no way the gub'ment could possible know where the message is or how to decode it. Therefore, rendering these backdoors on crypto algorithms useless.
hz
''It makes ice cubes!'' - Tripping the Rift
"It makes ice cubes." -Tripping the Rift
There ARE ways to make Stego hidden enough that most methods are ineffective. And that's the real point here- the Terrorists in the WTC/Pentagon attack didn't use unbreakable Crypto- they didn't use much of anyting as far as anyone's been able to tell at this point.
The terrorists seem to have won what they wanted- this country's using this as excuse to reduce our liberties and we're doing other things out of pure fear and demands for false security.
I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas
The government should give Area 51 a serious wireup, so that they can further implement Project Daedalus to easily catch all these damn terrorists. Congress should also increase the black projects budget to fund further research into an improved AI.
Then why is it that the states with the toughest gun laws have the highest crime rates and the states with the least gun laws have the lowest crime rates. You also failed to mention how Countries that have imposed an all out ban on certain firearms have seen an increase in Crime (England for example). I'm sorry but its not that simple, more guns do not equal more crime, and if you think that an armed citizenry does not deter some crime put a sign out in your front yard that says "Gun Free House" and wait and see how long it takes for you to get robbed.
"I would rather be exposed to the inconveniences attending too much liberty than to those attending too small a degree of it."
-- Thomas Jefferson to Archibald Stuart, 1791.
"He that would make his own liberty secure must guard even his enemy from oppression."
-- Thomas Paine
"Hypocrisy is both the hobgoblin of enslavable minds and the hallmark of their would-be slavemasters."
-- Rick Gaber
"[Oppose] with manly firmness [any] invasions on the rights of the people."
-- Thomas Jefferson: Draft Virginia Constitution, 1776. Papers, 1:338
"I believe there are more instances of the abridgement of freedoms of the people by gradual and silent encroachment of those in power than by violent and sudden usurpations."
-- James Madison
All it takes is one person pissing in the pool to ruin it for the rest of us...
---------- Hot Rats!
How do I make a back door for ROT 13?
- Ravnos
Kyndar: Exotic Imports, Jewelry, Candles, and Incense http://www.kyndar.com
It's not tough. Keep it in binary in a pattern that is not easy to decrypt without understanding mathematics or binary. Keep it non-linear encryption. Keep the binary heavily but not solely based on a password. Use a 128-256-bit number with only two prime factors required to decrypt it with with one person keeping on the receiving side keep one and the sending keep the other and use the multiplication of those two factors in addition to the password. Make sure the file has the ability to dynamically change size even a little bit(even if you occasionally add a few dummy bits.) Do not store the password within the encryption itself. If you need to verify it, store some verifying number in the file that could eliminate several billion cases but still maintain the possibility of several thousand cases. Be creative.
It really isn't that tough if you know what you are doing.
Just because a bunch of people believe or do something stupid, doesn't make it any less stupid.
This sort of reasoning proves nothing. Yes, the US has higher gun ownership and higher crime rates than other first world nations. But this gap is closing, and within the US, it's the states with the highest gun ownership that have the least crime. Also, look at what has happened to murder rates in states that have instituted "shall issue" concealed carry law: They've dropped.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
-Benjamin Franklin
That pretty much sums it up for me...
/rr
SMART MAN, find a solution.
My Sargent in the Army who had a 95% photographic memory and was very smart. ALWAYS said, a problem without a solution is a complaint, whining, and not acceptable.
If you have a problem, present the problem, but bring the solution or your whining.
Which is really what everyone here is doing, stop whining, help the goverment get these bastards and you then have a solution.
As for asking Bin laden to use other encryption? Unless he can do it in Hell, I dont think thats going to matter.
Quram says, to kill one of the faith, islam, is to be condemed to hell.
Those 2 embasies they bombed, almost all of those people that died were devote Islamic followers.
Guys be the solution not the problem, your all very smart, help them catch these guys/girls/kids.
Be a solution not a whining problem.
If you go to the southwest like arizona there are towns were people walk into the 7 eleven with guns in hip holsters. And yes, in those places, crimes commited with guns is extremely low. Who's going to try to hold up a 7 eleven when eight of the ten customers in the store are also armed?
Your statement collects up all the legal guns from the southwest and distributes them across the country to places like NJ, where its *extremely* difficult to legally get a handgun, and gun violence is extremely high (and law abiding citizens can't defend themselves).
I am very strongly in support of strong encryption, free of back doors. The problem here was a breakdown of the US "human" intelligence capabilities, aka spies. After 4 years of a Republican leader focused on foreign issues and the Gulf War, we had 8 years of a domestic-oriented leader who woke up the economy but let our defenses fall apart. No matter how much I hate G.W., I liked his father and I'm glad this happened under his watch. I always prefer the Republican way of handling foreign issues.
Intelligent Life on Earth
The problem with this approach is the target of the surveillance. Human intelligence (HUMINT) works againt large organizations, like countries, because within any large organization, you have malcontents, dissidents, and others whom for whatever reason, don't like the organization, and will help you. If these people exist, they can be identified and tapped. If, for some reason, they can't be found, a last-ditch solution is to find somebody who looks (physically) enough like the people being monitored, can pass for a local, and get him into the organization. With large organizations, this is always possible, because large organizations always need new members, and lack the ability to do a complete background screening on everybody.
Small organizations, like terrorist cells, have no such weaknesses. They are deliberately kept small for this reason--with every new member, you add another potential security hole. Members are screened very carefully, and are usually admitted as family members, or other such extremely close ties. They are a known quantity before they are invited to join. Their loyalty is unquestioned, and if it should ever come in to question, they are shot. No questions, just dead--that's the only thing the can do, as the stakes are so high. Dissidents don't exist. As for penetration, just forget about it. Again, the membership is essentially invite-only. You can't walk into a cell and say "hi, I'm new in town, and I'm looking for a fun-loving bunch of guys to cause a little mayhem. Are you accepting new members?" Somehow, I don't think you'd walk out of the meeting alive, assuming you could find it in the first place. The operational security on these groups is incredible, because it has to be. There is no realistic and reliable way to get operatives into a group like this. No operatives, no HUMINT. Oh, sure, you might get lucky, and have somebody have a change of heart, and volunteer his services to the local authorities, but that's a one-in-a-million chance.
I hate to say it, but communications intelligence (COMMINT) and signals intelligence (SIGINT) are the only way to gather operational data on these groups. We have satellites that can listen to their cell phones (and we use them), we can track their locations (to a degree) with photo/recon satellites, we can (attempt to) intercept their internet communications (we'll generally fail, but again, we might just stumble across something that was improperly encrypted...not likely, I know)...we really can't get inside information. The nature of their organization depends on strict operational security, and they know it. They take extreme measures to ensure that security.
More spooks in the field works well against a country, but it just doesn't work against a small, determined group. I don't know the government structure of Afghanistan well enough to make an informed prediction about it, but I would imagine that they keep things fairly secure, just because they have a long history of conflict (see Russia), and wouldn't want to take chances unnecessarily.
"Make it ten--I am only a poor corrupt official."
--Captain Louis Renault (Claude Rains), Casablanca
Come on, do you guys (some of you) really think government controled crypto backdoors could be safe?
Crackers and hackers will get the backdoor in no time, or it will leak out sooner or later. There is no way to control technology when anything is possible.
Nothing is foolproof or 100% secure, and no matter how smart the government crypto creaters are, there's always someone smarter out there to crack it for them.
Sure. Let's ban guns. Great idea. After all, we banned drugs and it's amost impossible to buy them anywhere now. We all know that the country's drug problem disappeared overnight once we passing a law banning drugs. Look at Northern Ireland -- they banned guns and it bacame the safest and most peaceful place on the planet.
</sarcasm>
We tried banning alcohol and it didn't work then. We are trying to ban drugs and it isn't working now. How likely is it that a ban on guns or crypto will be effective?
Guns, drugs, alcohol, and crypto are all very similar in that they are all easy to produce: all that is required is some basic knowlege, a few rudimentary skills, the appropriate raw materials, and the motivation to put it all together.
Anyone with some yeast and grain can make alcohol. Anyone can make LSD, PCP, ormethamphetamine with some common chemicals and a set of instructions. Anyone with access to a decent machine shop and some tool steel can make a gun. Anyone with access to fertilizer and gasoline can make a bomb. Anyone with access to a computer and a few textbooks can write a crypto program.
The genie is out of the bottle and you can't put it back in. The knowlege of how to make things is already out there, and the raw materials are everywhere.
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
actually, violent crime is reduced (in a statistically significant manner) after concealed-carry laws are implemented.
Furthermore, in countries where guns have been outlawed or extremely limited (England, Canada, etc), the crime rate actually increased following implementation.
There are a lot of factors affecting crime rate between countries. Culture. The amount of socialism. The amount of freedom afforded to citizens. The diversity of a population. Even the way statistics are collected and violent crime classified.
Your statement collects up all the legal guns from the southwest and distributes them across the country to places like NJ, where its *extremely* difficult to legally get a handgun, and gun violence is extremely high (and law abiding citizens can't defend themselves).
And yet the US is the most violent society on the planet. Have you compared the crime rate in major US cities to the crime rate in European cities? Compare the crime rate in the US to that of Canada. Per capita, the violent crime rate is much lower. Why do you think that is?
Spare us the NRA propaganda for a moment, and look at the big picture. Not only are the Europeans not armed, they also have progressive social policies designed to reduce the educational and economic disparities amongst the citizens.
If everyone could get a good education and a decent job, why would a rational person want live a life of crime?
Guns are part of the problem, they are certainly not part of the solution.
*** Where are we going? And what's with this handbasket?
There will be a meeting the evening of Saturday, September 15, 2001 in the Baltimore/Washington area to discuss the implications of the recent tragedy as it affects our civil and privacy rights, specifically impending legislation against unbreakable encryption.
For more information please see my article, "Post-WTC Privacy Rights Discussions in Baltimore/DC" on cluebot.com or contact me via e-mail with any questions.
Rob Carlson
We are both at fault here. I used Micros~1 word to spell check my post, but since I use Mozilla to browse, I don't have the ?'s issue when reading posts. I fired up NN 4.7 (solaris) and sure enough, it has some serious issues rendering. Try Mozilla, however, if you are still using a 4.x version of NN. It is MUCH better.
+++ UGUCAUCGUAUUUCU
Rejected subject: Privacy vs Privacy
I was just struck with a strange feeling. I was thinking about how I voiced my opinion here about supporting the face recognition cameras in Tampa and Borders, and then offering strong support of strong encryption.
In the Tampa comment, I indicated that I haven't commited a crime that would warrant the face cameras to start setting off alarms at the police HQ. And I certainly don't have a history of shoplifting and have nothing to worry about in Borders.
But when it comes to securing email and transactions, I want all the privacy I can get my grubby little hands on. 90% of my email never leaves the box my close circle of friends use, and we are required to ssh in. No, my Mom doesn't encrypt her email to me, but I would love to see AOL incorporate GnuPG into their product. Imagine their addressbook having a field for the public key, and a checkbox for "always encrypt for this recipient". Even if they water it down by reusing the login password as the gpg password, at least it'll be encrypted in transit.
I'm closing this without deciding whether or not I would support AOL including strong encryption with key escrow to the feds. If you want true, escrow-free encryption, get a real ISP. Do we really want to make it easy for 20 million people to immediately start encrypting email in such a way that the feds can't get to it? Is it *really* that bad that instead of just two people being able to read an email, we add a third reader whom we need right now more than ever? I don't know. With all the abuses of power, I don't know.
I'm telling you, in this era of keyboard loggers and key escrow, if I'm presented with the opportunity to obtain one of the Linux wireless webpads at work, I will get one. A fully self-contained Linux client with touch screen and an optional on-screen keyboard. Strong encryption will make that about the securest thing I could find right about now. I know 802.11 is vulnerable, but if all they get is SSH and gpg traffic, they can have it.
Intelligent Life on Earth
> Guns are part of the problem, they are certainly not part of the solution.
You imply an excluded middle. What if they're neither part of the problem, nor the solution (if it's merely that Americans are by culture more violent, removing guns won't reduce crime rates because criminals will simply use other means)? Or, what if they're both part of the problem and part of the solution? Don't be so quick to say that it's simply gun proliferation that's the root of all violent crime. There's nothing more solid than anecdotal evidence either way in most cases, simply because there's a huge dynamic at work and guns are only a part of that dynamic. For example, the proliferation of guns in Israel is large, and the amount of violent crime there is astronomical. The gun proliferation in Switzerland is comparable, but their crime rate is extremely low. Lots of guns in both places, but the difference in cultural attitude makes a big difference, don't you think?
Virg
P.S. You can't possibly imagine that the U.S. has the most violent society on the planet. Does your planet comprise only the U.S. and Europe? Perhaps you've never heard of Africa. Or Southeast Asia. Or the Middle East. Or perhaps Central America. Broad, indefensible statements like this do little to help your case.
I dont wish that this would have happened at all but enough with trying to hold the country in a total secure zone. We already are protected enough. To prevent this from happening would have taken; knowing about it before it happened, shooting down the plane in air ( but that would have taken know about it, or just something far from anything we could do. The government know whats to lock down the country and treat everyone as the enemy when there are very few of the enemy out there compared the good of the country. The acts of the few have gone way past just the death of the many. The mission of terorism is more than death it is to set in a state of choas and they have done that here in the US now. They have made us come together as a country but also has us looking as each other as the enemy also.
That is my thought. I could be wrong; gostf
if encryption is made to have holes in it, it will simply make it so that the government can read everything that we do at the cost of terrorists finding another way to communicate.
Today is the closing of a parenthesis opened before this sig, before this story, before this existence that is me (as if
Existing encryption methods don't contain backdoors (as far as I know).
Anyone or any group who can program and has the determination can create their own algorhythims, and encryption tools that simply don't contain backdoors. OSS would easily facilitate such an undertaking. Even if it is illegal, I'd work on it because I use encryption for many things and want to be able to confidently use encryption free of backdoors.
... only outlaws will have cryptography.
f5f28d82f3af0045004a6cf216cac7677a45c73def76b08122 7f0162e2a3867a
e 34 b012dbae8958ba
4 1f fb57bdae0cdb30
0 7f dfcd2208fde22b
1 c0 29f2cdb05bced9
0 73 e6b9c2923f90eb
3 a1 a155c1f4bb243f
0 92 7a015426fe54e6
7 9a 35e52c6b763ffd
d d1 9ff76a7de8c77c
f 05 40cbd7fa462d45
5 5e 4ea5f57eef7fa9
711c00e97f155aae88b8246ee26f308a0fe94f1943b0d60
1889a6a2e340f38dd583b4f02174df09543fcd9df63ae6f
0d9476ffd1a70dfaca52d991d4830a6e68332782f586fa4
56c3d55faed4378c979f3a0e7228348ffd2500e23cbad97
1b2c201e51e7c35ce2883ca08356869d9b34c915e120bf4
f7521ffe9fc8b6c78fac71d15f81ded586eaf81dd56a54c
7a9a40c248f9cf4d3c3aa2f664b900c1abd01ccd1b1b325
76f58286b7554a0c45ea33937d0e11a4fa48ed1dd2f55bc
9e6d8024c3f068242154cc85a90dce0b456816d22c95870
793fcb41da013be4b979cbb60f1c72a8d4192b43d429364
2cc3227190f263fcb1a477637c9bdaef4341f1904781175
93e00874c9c88895594b70f05ca1d1d659f9
In theory, the feds can never get your escrow key unless they have a warrant, so they can never detect that you are using 'double encryption' until they have some other reason to suspect you.
The primary reason I like the idea of using double encryption is because I know that under a key escrow system the escrow agency will eventually be compromised, and the Feds will start using the escrowed keys to conduct illegal 'fishing expeditions'.
If you doubt this, just read up on J. Edgar Hoover.
I do not deploy Linux. Ever.
Did anyone not see this coming after the "Attack on America"? People who favor these anti-privacy measures are in my opinion in the same category as those who attack American Arab Muslims, just another example of the fascist strain that has for centuries run thru some of us Americans. Recall the anti-communists of the fifties; they were so concerned with hunting american communists that they violated the rights of many law-abiding americans. They wanted apparently to avoid the Stalin Gulags. And yet at the same time in the America, there was widespread political oppression and terrorist againST black americans.
If everyone could get a good education and a decent job, why would a rational person want live a life of crime?
We are not European Socialist Drones. We are American Socialist Armed Drones. It's a big difference.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
Great idea! The more you can chop off him the better.
I'm not saying I agree with this, but this rhetoric is distasteful, especially throwing around death analogies when you know perfectly well you wouldn't stand to be inconvenienced, let alone injured, let alone killed, for the software in question.
Okay. I'm stumped. Please explain how something that had not been moderated at all can be over-rated?
"Enough of this wretched, whining monkey life." -- Marcus Aurelius, _Meditations_, Book 9, 37
Using electronic surveillance to track the flow of electronic communications between a web of people would be almost as informative as knowing what they said: locations of servers used, telephone numbers dialed from, sender and reciever, length of message, frequency of messages, this could all be pretty good stuff.
This was raised in Stephenson's Cryptonomicon.
And if "bad guys" are using electronic communications, why not just shut them down? Cell phones stop working, email gets "lost", servers get hacked, ISPs get bombed (how hard would it be to sever small mountainous country "A"'s electronic access to the outside world?)
Unless you have the resources to run your own cable, you are really at the mercy of other corporations, who can be bullied, and can't hide in a cave in the hills.
They'll simply amend the DMCA to outlaw cryto algorithm research, cracking software, and possession of non-government-issued decryption keys, software, or hardware.
I do not deploy Linux. Ever.
Whats all this talk about banning encryption? The hijackers used box cutters! Ban all box cutters and scissors and knives! THAT will stop hijackers from taking over a plane again. Course, the American public will have to get used to beards and eating steak with their teeth, but I'm sure everyone will get used to it, eventually.
This faulty logic is driving me freaking crazy:
If it is illegal to use cryptography, therefore criminals won't do this.
Now replace "cryptography" with "hijack planes and kill thousands of people":
If it is illegal to hijack planes and kill thousands of people, therefore criminals won't do this.
Now ask yourself why you think that actual criminals who engage in terrorism will obey _crypto_ laws when they have such careless regard for more serious laws.
Get real lawmakers!! Do something that will actually HELP the situation and not just do NOTHING except ERODE OUR RIGHTS!!!!!!
-core
AMENDMENT I
Congress shall make no law respecting an establishment of religion, or prohibiting the free exercise thereof; or abridging the freedom of speech, or of the press; or the right of the people peaceably to assemble, and to petition the Government for a redress of grievances.
What part of "Congress shall make no law...abridging the freedom of speech" does Judd Gregg not understand?
What good does restricting cryptography within the U.S. do?
Isn't the threat to National Security coming from OUTSIDE ?
I'm a 2000 man.
maybe chock full of quotes on pretty much every damn thing concerning them at the time...
But before you go jump'n on a slavery band wagon...Look at other countries such as Brasil who had about 5 times the number of slaves working in their coffee and sugar plantations than the U.S. had in tabacco and cotton...
Don't play this 'holier than thou' crap without all the facts being in place...
"Just Smile and Nod." --Huck
Dshield is a system that centralises collection of individuals' firewall logs. Personally, I don't think this approach is of much value, but of course YMMV.
My next sig will be ready soon, but subscribers can beat the rush
What would happen if someone were to discover how the backdoor works? (I'm thinking: unethical govt worker leaks info). Suddenly, no encryption using the new technology is safe. And if the govt obeys the law (yeah, right!) imagine what would happen if a terrorist happened to decrypt the message "the president will be giving a press conference at the WTC on Thursday at 3pm". No need to get past the Secret Svc -- just plant a bomb nearby ahead of time, and wait.
No Benjiman Franklin had what was the accepted government of the time kicking his doors down and threatening his life.
A waste of bandwidth.
If we go after the wrong guy or fuck this up I guarantee you will see a mushroom cloud over NYC. Now is the most important time that we keep our heads, remember revenge is a dish best served cold.
More to the fucking point, it's not just the impact on US business, it's the risk to US business.
We all know goddamn well that insecure systems will be cracked.
NSA, if you have any political power left with Congress, remember the second part of your mandate. Do not allow our companies' security to be compromised in response to a knee-jerk reaction. (Umm, and buy more supercomputers ;-)
If gun control can't stop bad guys from getting their hands on hunks of steel, how the fsck does Congress expect "bit control" to prevent the bad guys from getting their hands on bits?
Did anyone here have problems getting PGP in the early '90s? The s00per-s3kr1t $cientology skr1pturez during 1997? DeCSS last year? Anyone? Anyone?
At a guess, because you posted complete drivel without unchecking your score +1 bonus. (How you got that while posting stuff as utterly assinine as these two posts I have no idea.)
With any luck, the post I'm replying to will get marked offtopic, since whining and whimpering about moderation is *always* offtopic.
Actually, I'm an American citizen, and if my government responded to this attack by exterminating Afghanistan, I would take up arms against them, so you're not only wrong, you're short of vision. Besides, how does one determine "other offending countries"? By that definition, you'd need also to pancake Ireland (remember the IRA?), Israel (the Mosadi), the U.S. (Tim McVeigh and the Unabomber lived here), Russia, China, Germany, Brazil, and so on until the only livable place on Earth would be Antarctica. This wouldn't be a deterrent, it would be our undoing. Don't be such a troll.
Virg
What I think they should do? Find out who did it for sure, in the meantime have the UN sanction Afghanistan a little more for not extraditing Bin Laden for the first WTC bombing ... then if it does turn out it was him for sure go in there and get him with a minimum of casualties, and smart bomb another couple of terrorist camps ala Clinton (although I have this suspicion thats pretty futile).
Striking at them with a "devestating blow" and wiping "them out" (them meaning not only the terrorist, but also the government and anyone who is unlucky enough to be around) will accomplish nothing but even greater trouble. The only way to justify a full blown war is if you are going to replace the existing government, even then doing it with excessive casualties is likely to just make it harder for everyone down the line.
Looking for quick and easy "final solutions" like just "nuking" their capital and whereever you think Bin Laden is hiding is lunacy (which is what I read between the line of the guy I was replying too).
>US cities to the crime rate in European cities? >Compare the crime rate in the US to that of >Canada. Per capita, the violent crime rate is >much lower. Why do you think that is?
Yes, please do compare this. Because gun ownership in the two countries is actually quite similar. It's very easy to get a gun in much of Canada, just as it is in much of the US. Perhaps there might be something else going on?
About 7 or 8 years ago when i was a wee lad still in grade school, a young geek at the time all of 11-12 years old. The talk in the news was about the clipper chip so that goverment could poke around at your computer at will and be able to read the files that my beencrypted. Talk of that eventually died off, why im not sure. But it doesnt seem as if it will die off this time or at least it will make more progress than the clipper chip did.
what good would outlawing cryptography do. it would make many comunications illeal. No more pgp or gpg. My high school computer teacher was on a large commity that made college computer tests all the e-mails to the other people on that board were pgp'd to protect test questions and info from college students from getting hold of them by hacking a server someplace. This seems like a good use of crytolgogy, nothing illeagl here but would be come illeagl. What about people who are just paranoid x-files style and think everyone is after them? what about the students who just want to try it out to see how it works and to feel important or keep there roommate from readind ther e-mails?
I know there are plenty of bad people who use encryption but there are also plenty of criminals with guns out there but citizens still have guns and are not breaking anylaws by doing so. they sayh its for piece of mind and protection. why make it so everyone who owns a gun is a criminal when they are infact not. what if we do make encryption illegal and a police department or crimial/intelignce agency is about to bring a terrosist/child porn/drung ring down? and they fire off an e-mail saying its gonna be done and the ring has an inside guy who somehow gets it and gives them a heads up or the ring hacks the departments e-mail server and finds in sitting there in plane text???....
i think we must just do a better job of fining and indenifying terrosit and concentrate on them not simply makeing a tool illeagl.
I get livid when I hear things like this. The government is exploiting a tragedy here in order to pass another law to inhibit our freedoms. It is a travisty.
I'm going to start questioning this whole thing from a conspiracy standpoint. Haven't government anylists been saying all along that only a war could pull us out of this economic slump? Anyone notice that we closed our market, but the other world markets were negatively affected. The NIKKEI(sp) index dropped lower than the DOW for the first time since 1957, putting us ahead of the Japanese.
All a little suspicious to those who rightly don't trust our government. It would be just like them to, not only exploit this tragedy, but also perpetrate it. They don't garner my trust when they propose ridiculous laws like this one.
It makes no difference. It applies either way. We will not give permeneant freedom for temporary security. End of sentence.
Just because a bunch of people believe or do something stupid, doesn't make it any less stupid.
Gregg's speech (scroll down almost half-way, or search for Gregg)
If you feel strongly about this, do send hand-written, original mail to him. It still makes a difference even if you aren't from New Hampshire. His web site:
http://gregg.senate.gov/
Crime rates is not actually that high. It's the price of freedom and I'm willing to pay that price. Anti-gun advocates, don't try to turn this to your cause. If it weren't for the people and their guns, we would have a completely different government then we see today. If the people don't have the ability to defend theirselves from their government, they can't protect their other freedoms.
Just because a bunch of people believe or do something stupid, doesn't make it any less stupid.
"Apparently today someone tried to get onto a plane with fake pilot identification so this might be a real threat"
This has proven to be false. I'm sure at the time, the original poster didn't know that, but the person in question turned out to be an actual pilot. However, the scenario that he describes is still a threat to our safety.
You do that, and they'll come back with something even more terrifying. Ebola, anthrax, take your pick.
Hehe once again idiocy rears it's ugly head. Anthrax isn't nearly the threat that idiots on Slashdot seem to think it is. Certainly nothing compared to leveling a country.
So, when are they going to discuss forcing envelope producers to make resealable envelopes? These kind of "back doors" would be used by anyone with a will to do so.
would a no good, dirt bag, puzzle solver like myself be convicted at home if i 'barrowed' the funds in been-laiden's bank accounts? *grin*
About 10 hrs ago, before I went to work (I live in Europe) I wrote what I had just heard on local radio (all the media is still full of the events, of course - the campaigns for next week's elections for probably a new mayor of Hamburg have been interrupted) and submitted it as a /. story, which was
later rejected - I shall now post it as a comment, in case anyone is
interested.
Apparently, CIA may have been warned immediately before the attack. According to german newspaper Hannoversche Neue Presse (article in german - it was already slashdotted this morning, or so I think), an Iranian imprisoned in Hannover, Germany (Langenhagen, near the airport) has been reported to have called CIA officials to warn about the imminent assault. When they heard he was calling from jail, they just hung up. Subsequently, he desperately tried to get a fax through to GWB.
Attempt at correction of a babelfish translation follows.
Seems like someone among the terrorists' own ranks didn't think their plans were a good idea...Seems also that breaking crypto wouldn't have been able to tell them anything they couldn't find out by other means.
Kiwaiti
Member of the Legion Of Microsoft Haters
Having it gives you some control on the government, having guns doesn't give you this control anymore. The spirit of the Second Amendment is that people should have weapons comparable to those government has. Gun lobby don't fight for the Second Amendment anymore, only for they narrow interests. PGP and SSL users do.
Encryption is, of course, an important tool in the defense against out-of-control governments.
During the course of the Twentieth Century, governments deliberately killed over 170 MILLION civilians -- for the most part, their own citizens. This does not include military casualties.
In the last ten years, the U.S. government has killed 500,000 Iraqi children under the age of five with its sanctions against Saddam.
The terrorists who attacked on Tuesday killed 5000.
So from which pack of murderers do we need protection the most -- terrorists or governments?
Data compression is NOT data encryption but it can be impossible to read it.
Most compressed data streams rely on every byte of data sent before it to de-compress it. So if you didnt intercept the ENTIRE compressed archive its totally useless and its HIGHLY likely that you cant de-compress anything in it.
Would this mean that all but a few forms of data compression would be deemed illegal because it COULD be used a form of securing data? I hope not, but it may be a consequence.
Would all forms of protecting information require a backdoor or just encryption algorythms?
For example, a password protected Word Document?
Its not "encrypted" but its viewing is restricted.
How 'bout a passworded pkzip file?
This was a real question from a job interview! Q: What area of programming do you consider yourself not to be good in?
I don't know about you but compiling 50,000 different encryptions on top of each other is pretty damn hard to decrypt. Any good encryption you put without the original source file would take a long time to decrypt if you are creative and you multiple ideas upon a single encryption. The more non-linear(their are infinite ways but I really don't want to spew some of them I've came up with that would be nearly impossible to decrypt without a password on a public website) it is, the harder it is to decrypt. As soon as you plug an encryption on top of that one, you just made it exponentially harder because now you have to know what the encrypted file is suppose to look like. Keep plugging them on top of each other and it nearly becomes impossible. So, frankly, you don't what you are talking about.
Just because a bunch of people believe or do something stupid, doesn't make it any less stupid.
> Want secured communication, you can always use phone. Mail etc. They can't spy phones on the fly, it takes a warrant. They can't open first class mail, they need a warrant.
Those involved in industrial espionage don't generally apply for warrants. Those in government who abuse power also do not generally apply for warrants.
I've discovered that all of the arguments of the stripe of "only criminals need privacy" are ploys by those who benefit from their targets giving up privacy. The doctrine of "innocent until proven guilty" was established by the Founding Fathers because of the abuses they saw with their own eyes by British governors, and they put it in place so that the average citizen is not required to give up privacy just to prove he/she's not doing anything wrong. Privacy is required for many more things than most people think, and that's because it's taken for granted, and that's a good thing. Next time you decide that cryptography is only for criminals, think about how it would affect your life not to have privacy in medical records, or your borrowing history, or your finances. Also remember that a lot of people died (albeit long ago) so that we could have this privacy, and giving it away in trade for perceived security is doing those people a disservice.
Virg
I can't believe this.
Since all this crap on Tuesday, we have lost a ton of rights! This is possibly the worse. All the rights we have lost have to do with Privacy. The government even admitted to having recorded cell phone calls, for christ sakes. Also, the air ports are going to be a bunch of BS. I don't think we should let the events from Tuesday go without any changes, but the fact is, there is no such thing as total security, and the government needs to realize this.
Having one universal key for the government is going to cause a ton of trouble. All it's going to take is one "l33t hax0r" and we're all screwed. And, equally important, I don't want the government having one fucking byte of my data! They have no right seeing what I do on the internet... I don't care if those terrorists destroyed 3/4 of the USA, I will never willfully give the government (or anybody else for that matter) access to any part of any of my computers.
If this isn't an invasion of our privacy, I don't know what is. I hope nobody will stand for this. PROTEST THIS CRAP. This is BS!
The government wouldn't be dumb enough to use F-16s and nukes against its own population. Instead, they'll use the media. If everybody thinks you're a wacko, holed up on the mountainside, trying to resist the nice FBI troops who are just doing their job, ma'am...
A popular uprising depends on popular support. The media, forms public opinion. If CNN calls you "a wacko resisting arrest" then it's going to be you, all alone with your gun(s) resisting a few dozen FBI troops, snipers, and negotiators.
If people could be trusted to be responsible with their guns, arming the populace would be a good idea. But guns are too easy. People get mad and grab them without considering what they're doing. People forget to lock them up and kids take them. People untrained or unwilling to shoot properly simply give criminals another weapon to use. And having legal guns sure makes it easy for criminals to get them.
We are Americans (sorry other /. from other countries, but mostly it's true).
We must not give in on this. Our freedoms, our right to privacy, we must fight for this. It's like air travel - we must not stop taking planes, we must not stop investing, for if we do, we have let the terrorists win.
We are not Israel, we are not France, we are not England. Yes, we fight amongst ourselves constantly, but we now have a deadly purpose to wreak long and total vengeance on all those who caused this.
Perhaps we may acquiess and allow the placing of Carnivore to track terrorists a bit more than we did yesterday, but this is only for the duration of the War. I thought of getting friends to do new posters for WWIII based on the old WWII posters - We Did It Before, We Can Do It Again; Loose Lips Sink Ships; and so on.
But we must not give up our right to privacy, even though some of us will assist voluntarily where yesterday we would not - but this is for the War Effort. It is not something to set in stone, to legislate permanently.
That would be surrender to the terrorists.
And we shall never surrender.
--- Will in Seattle - What are you doing to fight the War?
relief in the form of actual medicine and supplies should be allowed to be given/sold to Iraq. However the Iraqi government seems to enjoy confiscating these for either selling or for just enjoying the ability to hurt its own children.
You can email Senator Gregg at
mailbox@gregg.senate.gov
or you can fill out a form at
http://gregg.senate.gov/body_e-mail.htm
If you are a New Hampshire resident, you can get a reply snail mailed to you.
Remember, New Hampshire natives, we are his constituients;
let him know what our interests are so he can better represent them!
Do you know how hard it is to buy a bazooka? I had to get one shipped in an unmarked box from Russia! I mean, I wanted to buy Amurikan, but I couldn't! The damn government doesn't want me to protect my house, or go hunting!
I mean, it's not like it's really dangerous or anything. I flipped through the instructions, it didn't look too hard, just push the red button! It's not like I might accidentally hurt myself or someone else! I keep the bazooka out of the way in the corner of my living room. And I make sure Junior knows "my bazooka is really cool, but it's only for home defence and hunting, don't touch it!" He's a good kid, I know he'll follow my instructions.
What's the government worried about anyhow? It's not like I don't have a good reason for wanting the bazooka! I need to defend my house! What if a criminal tried to do a drive-by shooting with an armored car? If all I had was my M16, M60 and pair of Desert Eagles I wouldn't be able to dent that thing, but with my bazooka, my home would be safe! And what about going hunting? Why should I be forced to spend long minutes hosing down the bushes with my machine gun when I can take one shot with my bazooka and nail that deer! It makes it much easier to take the head home as a trophy too -- I mean, I don't even have to worry about cutting up the body!
I sometimes worry about Lenny though. He's really whacked in the head, and I always see him eyeing that clock tower and muttering to himself. But if he stole my bazooka and went up there, I'm sure I could get him before he kilt too many people. On second thought, maybe I should tell Hank to get a bazooka too. That way, if Lenny steals mine then Hank can take him out.
For god's sake, technology is not at fault here. If so, then Microsoft Flight Sim should be illegal. It would be much harder to find an illegal replacement for a good flight Sim than it would be to find a replacement for crypto. Isn't it sick when liberals twist anything what they believe by using terror? Where are all the flag burning draft dodgers? The separation of church and state freaks? The persons that want the Pledge of Allegiance out of school idiots? I would like to know so that I may let them know that the country is much more unified, strong, and stable now that they are not to be found, so don't come back. God bless America
The use of oblique references is common by mobsters, bodda-bing, bodda-boom. It's even a cliche. Prosecutors have to go through the laborious process of proving that what they said meant X while the defendants say they were meaning Y, showing how X was impossible.
The example offered by driftingwalrus would, if entered in court, be an example of this kind of encryption.
Assume for a moment that Congress gets it's way on this. The amount of data that is transmitted across the internet each day is staggering: trillions of bytes of data is not easy to sift through.
If the U.S. Government gets it's way, we need to place the highest restrictions on what the government may do with the data, and when it may sift through that data. That allows the government to decrypt and get at data in extraordinary circumstances such as the destruction of the World Trade Center and killing of thousands of lives. But we should then come down on law enforcement like a ton of bricks if someone goes through the data for non-extra ordinary circumstances, or violates personal privacy.
I personally have no problems with being anonymous because the amount of data to track my computer usage is too large to make sifting through very easy. That is, I don't mind anonymonity through obscurity. But in extraordinary cases like this (and *ONLY* in extraordinary circumstances like this) should the government be permitted to sift through all the quadrillions of bytes of transmitted data to look for one or two e-mail messages and decrypt them.
A Petition Against Government Required Cryptography Backdoors
-core
"Benjamin Franklin didn't have terrorists walking onto airplanes and crashing them into buildings full of tens of thousands of people. I think you can safely say this situation is quite a bit different than anything anyone could have predicted 200 years ago."
You're right. He had British soldiers comitting acts of terror(why they weren't called terrorists is a study in modern dehumanisation tactics) against his people. I recall something about burning people alive in a church.
The only thing that's different are the names, the excuses given, and the technology used, the spirit of terrorism hasn't changed a bit.
Write your congress(wo)men. Write the President. Get the address here, and use paper and a stamp, or at least make a phone call. Do it now. It's time to stand up and be counted, before the knee-jerk reaction to this disaster gains momentum.
I've included a generic version of the letter I am writing. It is intentionally short and non-specific -- customize it to discuss the issues that concern you.
Dear XYZ,
Like you, I am aggrieved at the tragic loss of life resulting from the horrendous events of Sept. 11. Every American has been touched by this trauma which will linger forever in the memory of our nation.
Though I want to see the perpetrators of these acts brought to justice, I must beg you not to compromise American civil liberties in your pursuit of justice. The loss of American citizens' ability to move and communicate freely would be a greater casualty than the thousands killed Tuesday morning.
Benjamin Franklin said that those who give up necessary liberties for security deserve neither security nor freedom. I must echo his sentiment. Do not allow our sacred rights of freedom of speech, association or movement to be abridged in the coming days of difficult choices. America's enemies hate us precisely because we are a free and open society, and they fear the potential that that represents. Do not give them the victory they cannot themselves win by destroying the core of our society, our beloved liberties.
God Bless America,
"Research is what I am doing when I don't know what I am doing." -- Wernher von Braun
In post-DMCA america, it is illegal to try and break the encryption on messages, so they need a law to let them read these messages.
JET Program: see Japan, meet intere
I've started an online petition located here urging the government not to persue this line of thought any further. Please sign it and pass it along to any of your friends
If there's anything more important than my ego around here, I want it caught and shot immediately.
This is a dangerous first step. We must be sure that this "temporary recommendation" is indeed temporary and remains a recommendation.
Eternal vigilance, everyone.
"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759.
Myths are things that never were, but always are.
One for each person lost during the incident.
Just because a bunch of people believe or do something stupid, doesn't make it any less stupid.
The trouble is: When it comes to technology, they don't know their ass from their elbow. With a few exceptions, they're simply not qualified even to talk to their own children.
So they try to regulate the production of software they way they would with cars, or guns, or oil. The whole Open Source idea hasn't gotten through to them yet, and no wonder. How are these Congressmen going to digest the idea that they essentialy can't regulate software in any meaningful way.
And they're listening to all the wrong people. The only information they get comes from corporate lobbyists and special interest groups. Groups like the EFF are fighting an uphill battle counteraction all the bullshit spouted by the RIAA, MS, etc. We need more "Light Side" lobbyists, and we need them in a hurry.
I searched in the 2001 Congressional Record for any speeches made by Judd Gregg on Thursday, September 13th. (query was "GREGG AND ENCRYPTION")
Here is the entire speech, selected from the matching page.
I have bolded the snippets used in the Wired article.
Mr. GREGG. Madam President, I thank the chairman for yielding to me.
I appreciate his courtesy in my arriving in the Chamber a little late
for the beginning of this work, as a group of us were in a meeting on
how we are going to handle this bill and move it along, I hope.
I congratulate the chairman of the committee for this bill, which is
a soothsayer bill really. Long before the events of the day before
yesterday, which were so horrific and which reflected the threat of
terrorism to our Nation, our committee aggressively pursued the issue
of how to try to prepare for such an act.
We have held innumerable hearings over the last 4 or 5 years. One of
the lines that has flowed through all those hearings has been the fact
that our intelligence community--our communities focused on domestic
intelligence and our communities focused on international
intelligence--had concluded that it was more than likely, it was a
probability, that a terrorist event would occur in the United States
and that it would be of significant proportions. And it has occurred.
How have we tried to ready for this? Well, a lot of the response you
saw in New York--which has been overwhelming and incredibly
professional, and heroic beyond description, which has taken the lives
of many firefighters and police officers and just citizens who went to
help--a lot of that response was coordinated as a result of initiatives
that came out of the hearing process, and the question of first
responder, and how we get the people who are first there up to speed as
to how to handle this type of event. So in that area at least there has
been some solace.
But the real issue remains, How do you deal with an enemy who, as the
chairman just related, is willing to give their life to make their
point and who has, as their source of support, religious fervor, in
most instances--and I suspect this is going to be proved true
in this instance--a religious fervor which gives them a community of
support and praise which causes them to be willing to proceed in the
way that they did, which is to use their life to take other innocent
lives?
First, how do you identify those individuals because they function as
a fairly small-knit group, and it is mostly familial. It involves
families. It involves sects which are very insular and very hard to
penetrate.
But equally important, when you are trying to deal with that type of
a personality and that type of a culture, which basically seeks
martyrdom as its cause, as its purpose for life, and sees martyrdom as
part of its process for getting to an afterlife in terms of their
religious belief--how do you deal with that culture and group of
individuals without creating more problems, without creating more
people who are willing to take up the banner of hatred and willing to
pursue and use their life in a way to aggravate the situation?
I think we as a committee have concluded that the first thing you
have to do is have a huge new commitment to intelligence. And we have
made this point. We have dramatically expanded the overseas efforts of
the FBI as an outreach of this effort. But it involves more than that.
We have to set aside our natural inclination as a democracy to limit
the type of people we deal with in the area of human intelligence.
Unfortunately, the CIA in the 1990s was essentially limited and
defanged, for all intents and purposes, in the area of human
intelligence gathering because the directives and the policies did not
allow us, as a nation, to direct our key intelligence community to
basically go out and employ and use people who were individuals who
could give us the information we needed. Because of our reticence as a
democracy to use people who themselves may be violent and criminal, we
found ourselves basically sightless when it came to individual
intelligence.
So we have to recognize that in a period of war, which is what I
think everyone characterizes this as, and which it truly is, we are, as
a nation, going to have to be willing to be more aggressive in the use
of human intelligence, and we are going to have to allow our agencies
in the international community to be more aggressive.
Equally important, we, as a nation, because of our natural
inclination and our very legitimate rules relative to search and
seizure and invasion of privacy, have been very reticent to give our
intelligence communities the technical capability necessary to address
specifically encoding mechanisms.
The sophistication of encoding mechanisms has become overwhelming. I
asked Director Freeh at one hearing when he was Director of the FBI--
and I remember this rather vividly because I didn't expect this
response at all--what was the most significant problem the FBI faced as
they went forward. He pretty much said it was the encryption capability
of the people who have an intention to hurt America, whether it
happened to be the drug lords or whether it happened to be terrorist
activity.
It used to be that we had the capability to break most codes because
of our sophistication. This has always been something in which we, as a
nation, specialized. We have a number of agencies that are dedicated to
it. But the quantum leap that has occurred in the past to encrypt
information--just from telephone conversation to telephone
conversation, to say nothing of data--has gotten to a point where even
our most sophisticated capability runs into very serious limitations.
So we need to have cooperation. This is what is key. We need to have
the cooperation of the manufacturing community and the inventive
community in the Western World and in Asia in the area of electronics.
These are folks who have as much risk as we have as a nation, and they
should understand, as a matter of citizenship, they have an obligation
to allow us to have, under the scrutiny of the search and seizure
clauses, which still require that you have an adequate probable cause
and that you have court oversight--under that scrutiny, to have our
people have the technical capability to get the keys to the basic
encryption activity.
This has not happened. This simply has not happened. The
manufacturing sector in this area has refused to do this. And it has
been for a myriad of reasons, most of them competitive. But the fact
is, this is something on which we need international cooperation and on
which we need to have movement in order to get the information that
allows us to anticipate an event similar to what occurred in New York
and Washington.
The only way you can stop that type of a terrorist event is to have
the information beforehand as to who is committing the act and their
targets. And there are two key ways you do that. One is through people
on the ground, on which we need to substantially increase the effort--
and this bill attempts to do that in many ways through the FBI--and the
other way is through having the technical capability to intercept the
communications activities and to track the various funding activities
of the organizations. That requires the cooperation of the commercial
world and the people who are active in the commercial world. That call
must go forth, in my opinion.
Another thing this bill does, which is extremely positive and which,
again, regrettably anticipated the event, is to say that within our own
Federal Government we are not doing a very good job of coordinating our
exercise.
There are 42 different agencies that are responsible for intelligence
activity and for counterterrorism activity. They overlap in
responsibility. In many instances, they compete in responsibility.
Turf is the most significant inhibitor of effective Federal action
between agencies. Although there is a sincere effort to avoid turf, and
in my opinion, in working with a lot of these agencies, I have been
incredibly impressed by a willingness of the various leaders of these
agencies, both under the Clinton administration and under the Bush
administration, to set aside this endemic problem of protection of
one's prerogatives and allow parties to communicate across agency lines
and to put aside the stovepipes. Even though there is that commitment,
the systems do not allow it to occur in many instances.
This bill, under the leadership of the chairman, includes language
which has attempted to bring more focus and structure into the cross-
agency activities. One of the specific proposals in the bill, which may
not be the last approach taken and probably won't be but is an attempt
to move the issue down the field, is to set up a Deputy Attorney
General whose purpose is to oversee counterterrorism activity and
coordinate it across agencies and who is the repository of the
authority to do that. There is no such person today in the Federal
Government. Of these 42 agencies, everybody reports to their own agency
head. Nobody reports across agency lines. There is virtually no one who
can stand up and say, other than the President, ``get this done.''
The purpose of the Deputy Attorney General is to accomplish that, at
least within the law enforcement area and within much of the
consequence manager's area, especially the crime area, although it is
understood that this individual will work in concert with the head of
FEMA, the purpose of which is to actually manage the disaster relief
efforts that occur as a result of an event such as New York or where
you have these huge efforts committed.
That type of coordination is so critical. Would it have abated the
New York and Washington situation? No, it wouldn't have. But can it, in
anticipation of the next event, because this is not an isolated event.
Regrettably, whether we like it or not, we are in a continuum of
confrontation here.
As I mentioned earlier, there is not one or two people but rather a
culture that sees this as an expression of the way they deliver their
message for life, or after life for that matter. Regrettably, we have
to be ready for the potential of another event.
I do believe this type of centralizing of decision, centralizing
authority, centralizing the budget responsibility is absolutely
critical to getting the Federal Government into an orderly set of
activities or orderly set of approaches.
Just take a single example. If you happen to be a police officer in
Epping, NH, and you have a sense that you notice something that isn't
right, you know it isn't necessarily criminal but you think there is
something wrong, something that might just, because of your intuition
as an officer or your
knowledge as an officer, might need to be reported, you can call your
State police or you can call the FBI or you can call the U.S. attorney,
but there really is no central clearinghouse for knowledge. There is no
one-stop shopping. If you as a fire chief want to get ready in Epping,
NH, for an event, you don't have a place to go for that one-stop
shopping where you can find out how you train your people, where they
go for training, what your support capabilities are going to be, who is
going to support you. This should exist within the Federal Government.
It does not. This is an attempt to try to get some of that into a form
that will be effective and responsive to people.
Of course, when you get to the end of the line--we have talked about
all the technical things we can do as a government and all the
important things we can do to try to restructure ourselves and commit
the resources in order to improve our capacity to address this, but in
the end it comes down to a commitment of our people, understanding that
we are confronting a fundamental evil, an evil of proportions equal to
any that we have confronted as a nation, and that we as a nation cannot
allow those who are behind this evil to undermine our way of life and
our commitment to democracy.
We must make every effort, leave no stone unturned--regrettably,
these people live under stones to a large degree--to find these people
who are responsible and to bring them to justice. But we also must make
every effort to recognize that in doing that, we cannot allow them to
win by losing our basic rights and the commitment to openness as a
society and a democracy. Then they would be successful, if we were to
do that.
So as we rededicate ourselves, as we all continue to see the image of
those buildings collapsing and the horror that followed--and we all
obviously want retribution and we are all angered by it--we have to
react in the context of a democracy. We have to pursue this in the
context of what has made us great, which is that we are a people who
unite when we confront such a threat. We unite and we focus our
energies on defeating that threat. But we don't allow that threat to
win by undermining our basic rights and our openness as a society.
In summary, I appreciate all the efforts of the chairman of the
committee to bring forward a bill which, regrettably, understood that
this type of event could occur and attempted to address it even before
it did. Now I think it is important we pass this legislation. It does
empower key agencies within the Government who have a responsibility to
address the issue of counterterrorism not only with the dollars but
with the policies they need in order to be more successful in their
efforts.
There is still a great deal to do. There is still a lot of changes we
need to make, a lot of changes in the law we should make in order to
empower these agencies to be even more effective. Certainly there is
going to be a great deal more funds that have to be committed than what
are in this bill in order to give these agencies--the FBI and the State
Department--the resources they need to be strong and be successful in
pursuing the people who committed this horrific act and in protecting
Americans around the world and especially protecting our freedoms and
liberties here in the United States.
This bill is clearly a step in the right direction. I congratulate
the chairman for bringing it forward.
I use Mozilla often, but not exclusively. It tends to hang (or appear to hang) on large pages, and that's certainly the world we were in with Slashdot/WTC coverage. Thanks for the tip.
"that's not encryption - it's a new perl script that I'm working on..." - from some Matrix parody
The government has three problems with their idea to require backdoors:
1) The currently available, fairly unbreakable ciphers, are unsurprisingly already available. If criminals have access to these programs (gnupg, pgp, ssl/tls, etc,) then a requirement to have a backdoor is meaningless.
2) Foreign nations have learned about multiplication and software development. They could develop their own ciphers/software.
3) Even if the above 2 aren't true, there are books which legally can be distributed with printed source code for programs that implement the algorithms.
You can't close Pandora's box after it's been opened. All a "backdoor requirement" would do is limit the privacy rights of individuals.
> It is however, absurd to argue that more guns would act as a
> deterrent to crime. Violence only begets more violence.
Absurdity implies that there is hard evidence that my case is incorrect, and that hard evidence is in question. You need to consider the proofs of argument before assuming that either side is absurd. In my previous example, the case of Switzerland refutes your point, and without a strong argument for a less-apparent reason for their low crime rate, you cannot dismiss the idea that more guns can (at least in some cases) lead to lower crime rates. It's easy to say that violence only begets more violence, but that's an oversimplification of how violence works, and there's much evidence that certain levels of violence (and certain situations for violence) wherein violence begets peace. The best example I can present on short notice is our relations with Japan before and after WWII. Not a perfect example by any means, but certainly strong enough to rule out simple absurdity of the argument.
> IMHO, there is no question that of the Western or first world
> nations, the US has (per capita) the highest incidence of violent crime.
While you're quite rational in arguing, unfortunately your humble opinion (and mine, for that matter) don't count for much. I'd ask you to present numbers that would support your point as well.
> Furthermore, I have seen some UN-based statistics which indicate that the US has the highest percentage of their population incarcerated compared to all other nations.(Can't find a link though). I can only assume these people are not in jail for jaywalking...
Good assumption, but according the the Department of Justice, (see here for statistics), only half (51%) of the prison population was in for violent crimes. So, although the total number of inmates may be higher, I'd like to see the UN's breakdown of violent criminals in other countries' prisons before making judgements (pardon the pun).
Virg
So, they outlaw some sort of crypto.
What penalty to apply?
A fine will deter some behaviors, no doubt.
Serious stuff won't be deterred by less than the penalty for the crime itself.
Clearly, using outlawed crypto requires the death penalty to be applied in all cases.
Right. That will enhance the acceptance of our criminal justice system as being just!
Lew Glendenning
"The Constitution, the WHOLE Constitution, and nothing but the CONSTITUTION."
http://www.pgpi.com
I was going to leave it at that, however apparently that incites the "postercomment compression filter" so here's some added crap just to waste some space. BTW: That isn't freeware but rather it's non-commercialware. It includes a firewall and IPSec too.
I believe our intelligence agencies have become too preoccupied with their toys, and have forgotten that the most relevant communications occur in person.
I totally agree with this. I've heard two things on more than one occasion throughout the coverage of this tragedy: 1. The US government's ability to capture data has far outstripped its ability to analyze it. 2. One news reports suggested that members of groups like this often communicate about something significant, they do it in codes that have NOTHING to do with the crypto they're working to disable in Congress.
As has been stated so many times, if someone wants something kept from the prying eyes of the government, they'll figure out a way to do it. Just as someone I saw on the news comment about the absurdity of spending billions on Bush's renewed interest in Star Wars when all it takes is a well-planned hijacking (or four) to cause an unprecedented catastrophe, it's equally rediculous to think that all these high-tech toys are going to stop a determined, amorphic, terrorist organization. Everything these guys did, from their weapons of choice, to the planning, to the execution, slipped right under the radar - mostly because most of it was so incredibly low-tech and ordinary.
Morons don't realize how trivial coding basically unbreakable encryption is, Judd Gregg needs a major dose of clue.
What makes me sick is Bin Ladin and the filth that follows him are drilling for terrorism against civilians with full-auto AK47's with 30-50 round mags and Chinese pistols that probably carry around 15 rounds and even his abject poor sympathizers celebrating in the street firing junk AK's and SKS's. Because of the hopolophobia of this country and the philosopher-king "the law is for commoners" statists we keep "electing," in a free country a lawful citizen can't buy more effective weaponry than a semi-auto with a 10-round mag. It makes me beyond sick to think that the same group that passed the "assault weapons ban" is now SURROUNDED BY GUARDS SPORTING ASSAULT WEAPONS! Why the hell can't people see the elitist hypocrisy of our "representatives" in government? Thank GOD that 'assault weapons ban' sunsets in 2003, hopefully we'll have legislators who are American enough to let it die.
Regardless, if you accept the responsibility of being a private citizen and patriot (you don't expect your federal nanny to take care of you), if you believe national security begins with your home, if you're not a coward, and believe that the militia are not some fat jackasses in Montana who all call themselves "General" but all Americans, and believe this was an act of war, you are obligated to jump through whatever hoops your state makes you (including the People's Republic of Massachusetts and the Free Democratic Socialist Republic of New Jersey, two bastions of elitism and hypocrisy) and arm yourselves against this threat.
I hear it now: "But they don't have the resources to invade the US! My neighborhood is safe from terrorist attack, I don't need a gun! Citizens don't need to be armed, the second amendment only applies to the National Guard, we have the police, FBI, army, etc.!" You are brainwashed by the ruling elite of this country, and worse, you are potential future victims. You are in a feel-good dreamworld of peace, where nobody needs a gun. You are the people who two weeks ago would have said "that can never happen" if somebody said the twin towers in New York will be leveled by terrorists. So when you're driving to work and you see men armed with poorly concealed AK47's planting explosives on rail and highway bridges (to prevent the national guard from responding to the building they're planning to attack in a half hour), I hope you say to yourself "wait, that can't happen here." And I hope that when those bombs on the bridge are detonated, and all the police in your town are busy dealing with the crisis, you feel really good that you're completely defenseless against looters who might decide to take advantage of the situation. I hope you feel really good when the terrorists decide to hide out in your house, and you're not ready with at least a shotgun loaded with buckshot to inspire them to seek shelter elsewhere.
"None of that is going to happen." How the hell do you know it's not happening as we speak? There's a NETWORK of these bastards operating in this country! They have their act together enough to hijack 4 planes as CHECKED IN PASSENGERS, you think they don't have their act together enough to blow bridges you drive on to disrupt travel and then raze your neighborhood for good measure? Please wake up.
Don't worry at all. We all know it's extremely difficult to get across the border into the US. We all know there's no value in attacking low-profile targets like bridges, power generators and water supplies in suburban and rural areas. Now that the airports have double the people making $6 an hour checking the bags we're all safe on planes now. Now that we have to wait 2 hours longer to get on a plane, we're all safe now. Now that knives are formally banned on planes, nobody will ever hijack a plane again. Now the airports are checking everybody's photo ID. Those hijackers don't have photo Ids, therefore they won't be allowed on planes ever again. We all know these terrorists aren't very well organized or armed, and don't have the resources to do any real damage. We all know that the federal agencies can prevent any terrorist attack on our soil. No, we can be lax, and cowardly, and expect other people to take care of us. Nobody needs a gun (except for government agents, people guarding government officials, rich people, famous people, police officers, and the military).
These folks came into the country legally, boarded those plains in compliance with airline procedures, and hijacked the planes with knife-like weapons. They got their act together. You've seen the footage of kids and women dancing in the street, firing weapons in the air, and generally being quite psyched that Americans are dead. And you're happy being unarmed. Wow. Wake up.
And now, anonymous cowards will reply "troll, loser!" when they don't even know what troll really means, and this post will be modded down offtopic. No problem, I don't hold high hopes for most of you feel more secure with a cellphone hanging off your belt than a pistol and are willing to compromise your rights and liberty. But here's something you can relate to paraphrased from the Simpsons: "Here's a whistle, if terrorists try to take you hostage blow on it and I'll come help you."
AC's cheerfully ignored
If you see this, email me.
cheers
And here is the text of Senator Judd Gregg's speech which was referenced in the Wired article.
Well, I guess that's about all I have to say for today. It's all a pretty sad deal.I don't want free as in beer. I just want free beer.
Actually you're not much more than a common troll.
People made the same conspiracy accusations, saying the U.S. knew in advance about the attack on Pearl Harbor, and deliberately allowed it to happen. This sounds horribly improbable, and yet at least back then it would have served a purpose - getting the U.S. to help turn the tide in World War II. With a complacent U.S., the war might have gone badly for the Allies, which would have had a drastic affect on the freedoms we value so much.
Fast forward to the terrorist attack this week. Do you really honestly believe that U.S. agencies would keep such a thing under wraps? First of all, this is peacetime. There was no paranoia, and with all the petty bickering and backstabbing in Washington, someone is sure to have leaked this info if a coverup was attempted.
Second, there is no way such a thing would be attempted for a cause so petty as encryption or spying on our own citizens. Once again compare the two situations. Half a century ago, we were literally fearful that the world would be conquered. Nowadays, we're fearful that we might not be able to read someone's email?
Apples and oranges. There's an intel failure here to be sure, but a conspiracy: no.
- Govt. knew about a threat, but didn't know about all the vectors it was coming from. Recent news reports support this theory, considering that additional hijacking attempts were averted.
Enough said.
I only glanced over the article ["this article"] but I noticed several places with "word 0 word", anybody know if they mean something?
marotti.com
Well, he was inciting revolution. What do you expect a government to do? Even the US government would stop violent revolutionaries.
God save our Queen, and Heaven bless The Maple Leaf Forever!
bin Laden helped the Taliban take control of Afghanistan in the first place. He was instrumental in winning the Battle of Kabul for them by committing troops to their effort.
He is protected by Pakistani commandos. The Taliban government is neither motivated to tell the truth about nor able to affect the circumstance of Osama bin Laden. There are many that say he continues to orchestrate favors for the Taliban in exchange for safety within Afghanistan's borders.
To say we should let this go is absurd.
Who did what now?
Think there'll ever be a law against emailing large random numbers wrapped in GPG-like headers
around? If we start to flood the 'net with such beasts, then anyone can credibly plead that his message was random and law enforcement can't accuse him of using unbreakable crypto. A cron job should do it.
I'm sure this isn't a new idea, as it seems pretty obvious, but if things get really ugly, would it help?
"The biggest problem with communication is the illusion that it has taken place."
The article is here.
Babel fish is here.
CNN Spanish edition tends to have much broader worldwide content than CNN in English.
That which does not kill you, postpones the inevitable.
Why don't they just make an app similar to SETI@home that will help to crack bin Laden's encrypted messages and get the word out about it? I'm sure that the number of volunteers willing to run it would result in cracking the encryption rather quickly.
Steve
--- What?
An interesting point here is that either, all of this backdoor encrypted software would have a particular signature (given ciphertext C, there exists function F such that F(C)=k(mod b) for some constants k and b), or the government will be decrypting all that traffic.
The first is *very* difficult to do (as I'm sure most of you know). Although, I'm sure the NSA could come up with a couple ciphers to do it, any loss of this knowledge through espionage would put the US's electronic infrastructure in peril. It's interesting to note that all of the worst information leaks from out intelligence agencies have come from the NSA (ref. "Code Breakers", Kahn). This is mainly do to the deployment of confidential algorithms. They go out as hardware. Once in place, hardware is costly and difficult to replace in short time spans.
The second option brings us back to Carnivore, only it also needs to do look at the contents to see if they're encrypted as well.
...and this is assuming that that information is never kept...
-RB
"One man can change the world with a bullet in the right place."
- Mick Travis, "If..."
More importantly, keep in mind that stego alone is not enough. You want security in depth. First you encrypt, then you stego the encrypted message. Even in they break your stego, they still have to break your crypto.
The moral of the story is that stego is an encoding method, not an encryption method. You might uuencode your pgp encrypted file, but would you use uuencode instead of gnupg?. Use stego with crypto, not in place of crypto!
typical fuckwit. bring the gun argument in anything. FUCK OFF!
And Osami Bin Laden is going to be a good boy and send his email using a code that the CIA/NSA/FBI has a backdoor into.
Exceeding the recommended torque is not recommended.
And what if the encryption schemes being used by legitimate users and businesses, had backdoors.. which were then discovered by terrorists, they could use these backdoors for who knows what.. they could break into money handling systems and steal money to fund their terrorist activities, or maybe even worse. And just because something is illegal, won`t stop people doing it... terrorism is illegal.. terrorists still do it, what`s to stop them using an illegal encryption system?
http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Then why are there more weapons related crimes in the US then elsewhere?
But what will you use to compile the hand with?
Excuse me for pointing out the obvious. I haven't come across a post that spells it out. (And we should try to spell things out to the non-digerati.)
If there is a law requiring a backdoor to all encryption technology, that will include corporate email and tools like ssh.
As we all know, there is no such thing as a secure weakness. At some point, these backdoors will be hacked out, and that will be a goldmine for corporate espionage and penetration.
The FBI's zeal in making the public "safe" from external threats will be exchanged for foreign corporations ability to outcompete U.S. based corporations. Not to mention give an advantage to the Chinese.
There is no America. There is no democracy. There is only IBM and AT&T and DuPont, Dow, General Electric, and Exxon
I doubt very much the constitutional congress wanted to be shot by outraged citizenry.
This argument is specious.. a fantasy. The 2nd amendment was not created so that Pennsylvania farmers could march into colonial New York and assassinate the President because they disagreed with his tax laws, to make an extreme example.
And, since the Federal government always has a standing military force that could wipe out you, your shotgun, and the landscape around you for fifty miles, your Lone American Anti-Guvmint Hero scenario is just adolescent masturbation.
The terrorists can simply shoot passengers until the pilots open the door. That's why the armored door idea never surfaced even after the hijacking madness of the seventies. Not logical or possible without the willingness of the crew to sacrifice the passengers and the flight attendants.
There is no safety, not in guns or armor or guards, not against someone who wants to murder AND commit suicide. Just get used to it.
Hm. We could take a train.
IF we go through all these convolutions, we give up sanity and freedom, and the bastards win. AND IT WOULDN'T WORK ANYWAY. There is not a thing that could have stopped those planes from hitting those targets save the willingness of the passengers and crew to sacrifice themselves.
I hope that I can measure up to the heroism shown by the Pennsylvania plane's passengers. They are my gods now. Honor them.
...guns are designed to kill, which in some cases can be usefull (pest control), but usually is illegal (murder). And because of this design, it is very easy to kill: it's the ultimate 'point'n'click interface'.
l &ID=25
You, too, have that backward!
Here are numbers, and references to original (non-NRA) publications that paint _exactly_ the opposite situation:
http://www.nraila.org/articles.asp?FormMode=Detai
Guns are _usually_ used for pest control, much more seldom for murder. The illegal uses are the only ones that manage to make it onto your TV, because the people in charge of the signals broadcast to that TV (all of whom have armed bodygards to keep _them_ safe) don't believe you should own a gun, and want the public to shun armed citizens as a concept, just as they'll now ask you to shun strong cryptography.
And if you think the "point 'n click" interface of a firearm is "very easy" to use, I suggest that you go down to your local gunstore/range, rent a gun, buy a box of ammo and a couple of targets and _try_ to connect with something at about 20 yards. It's NOT all that simple.
Exceeding the recommended torque is not recommended.
May I recommend OpenBSD ... developed in Canada (which is not in the US in case you didn't realise).
It has integrated cryptography. Buy an OpenBSD CD and give it a whirl.
if I didn't know any better, I'd tell the US government that this idea is an obvious troll.
of course they didn't want to get shot, you dumbass, they wanted future dictators to get shot before they turned the new USA into 17th-and-18th-century Europe.
You're not thinking that these people would have realized that, in the future, there might be cowardly bastards that use the military as their own personal police and want to take all rights away from the citizenry and exploit the people. THEY WERE FROM EUROPE. Europe is the home of the Inquisition, Jus Primae Noctis, and other abuses of the general public by feudal lords. The feudal lords didn't allow the peasants to have arms or training in arms. The founding fathers made damn sure that other people could have them, in case the leadership of their new country got tainted somewhere down the line.
If you are afraid of being wiped out for 'fifty miles around', you've already been defeated. In the end, it's not about the gun and who lives and dies, it's about the spirit.
Who needs strong crypto anyway? We've got the DMCA...
Caveat Emptor is not a business model.
Stenography is the shorthand used to take dictation when only pen and paper is at hand.
Steganography is information-hiding.
Go look it up on Google.
Edith Keeler Must Die
Think about it. Our emails go through a filter. All encrypted emails with backdoors will simply be automattically opened, just like as if they were unencrypted. This effectively means encryption is rendered usely - a de-facto ban.
The CIA/NSA/FBI wants to be able to trawl through emails with their filters. Encryption gets in their way. They want to do this to monitor left-wing groups, environmentalists, enemies of big-business etc. The justification that it is to catch terrorists is rubbish. Terrorists will just send this messages encrpyted regardless of the law. This law is meant to enable the intelligence services to monitor ordinary people, so the the corporate cliche`s can continue to use the NSA/CIA as their own personal private investigators.
if the government would quit backing megacorps, and instead fund real research that became part of public domain, the Government would already have superior technology such that encrypted messages would be easy for them to crack. Instead, they're planning on legislating that software allow security holes for the public safety. This is bullshit.
News sites are stating how organized this attack was. I'm betting that anyone with a flight sim program can learn how to operate a plane (especially if your goal is to crash), and you don't need technology to co-ordinate the mission, just meet at denny's for lunch and keep your voices low. I feel that it's perfectly possible to not even need a knife, just your hands and some combat training. get up, snap the neck of one steward, then grab another by the throat and start making demands.
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Which is why you would have to train pilots to sacrifice passengers for the safety of people on the ground. Many commercial pilots are ex-military pilots, so they should be used to it...
Also, you could have a handgun in a lockbox in the cockpit, that could be opened in an emergency, so the door only needs to be strong enough to give the crew time to formulate a plan and open the lockbox.
Shit adds up at the bottom...
The thing that occurs to me is "who gets the key to the backdoor?"
... which means that these other countries must have the key too. So, we have every government in the world with the one key that cracks the backdoor of every communication in the world, which means that (for instance) the leaders of Afghanistan could read every single communication in the US as well as the inverse. Is this really what the government wants? If not, then it's not worth going after.
If this is only going to be US-based software that has the backdoor, then it is obviously pointless, which means for it to be effective against un-backdoored communications, every country in the world would have to go along with it...
Are these other countries going to let the US be the only one to have keys to every communication in the world? Of course not!
Actually, the pilots ARE trained to sacrifice the plane for the sake of the people on the ground. They just aren't mind readers. How do you know what kind of hijackers you have on board, the idiot kind or the kill-the-infidels kind? Do we automatically make a plane crash if someone grabs a steak knife? The pilots had little time, and there also was no precedent for such an attack before.. but now there is.
And the passengers on 93 decided to take the plane down rather than be used. As will all other planes in the future... this attack strategem is useless to Bin Laden and his clones now.