Slashdot Mirror
Congress Considers Mandatory Crypto Backdoors
disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.
This is what I am afraid of! :(
:(
Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this
The Price of Freedom
Jeremy
Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.
We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".
Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.
His sympathizers, on the other hand...
From what I've heard, Osama Bin Laden doesn't use cryptography so much as he avoids using electronic communications at all. He has even (gasp) been reported to meet with his underlings *physically*, as in "lets all go into the same room and talk face-to-face".
Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.
Tarsnap: Online backups for the truly paranoid
Back in 1998 Rivest wrote Chaffing and Winnowing: Confidentiality without Encryption.
I think "Live free or die" is pretty good. Along with "Don't tread on me," and "the best we can hope for the people is that they are armed."
The revolutionaries who founded the United States of America are chock full of good quotes on freedom and defending freedom.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.
End Result?
The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.
There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.
I do not deploy Linux. Ever.
`I think the best reply one can give to the politicians who want to impose this is: "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?'"
I don't.
The objective here isn't to stop the guy. They could've if they'd wanted to. About a week before the attack the U.S. Postal Service stopped delivering air mail to the region. They knew something we didn't, and opted not to stop it. And I think I know why.
We hear a lot about terrorism against the U.S.. We don't usually hear the other side's complaints. Obviously they don't think of it as terrorism, they think of it as some sort of a protest. I wonder what they're protesting, and why. If our government did something unjust to them, I wouldn't trust our media to tell us about it. But as a tiny little group of malcontents going up against the U.S., about their only recourse is an attack like this. Given that the U.S. government knew about it beforehand, they didn't bargain to prevent it for one of two reasons. Either the price was considered too high, or the U.S. government thought that an attack like this would end up working in their favor. They've been looking for an excuse to nullify cryptography for years now. Anybody remember the Clipper chip? The legislation keeps being defeated, because people are siding with the need for privacy. Now they've been able to demonstrate a supposed need for the U.S. government to know everything that's being said anywhere in the country. Perhaps they think it will sway the common consensus in favor of their legislation.
Galling, isn't it. More impressive (from a logistical standpoint) than crippling a nation with a store-bought knife and their own planes, is the prospect of prying your way into a nation's cryptography with someone else's store-bought knife, someone else's plane, and a bunch of lives you don't care about because you think of them as "your citizens", in the same usage as "your house" and "your car". Oh, and a temporary economic setback which you mitigate by printing more baseless currency. Clever.
When all the lawful crypto users are using back-door laden crypto, the criminals and terrorists will walk right through those back doors to wreak more havoc. How does that help anyone?
I don't care if it's 90,000 hectares. That lake was not my doing.
Blocking off the cabin is not an good option. What if the pilot kills the co-pilot and wants to go sucicidal? Apparently today someone tried to get onto a plane with fake pilot identification so this might be a real threat. What if there is a fire, toxic gas or similar? Heck, what if they have to use the bathroom or need to eat or stretch their legs? I really don't think this will ever happen.
Now regarding the other idea...so you put this jail cell in with a couple marshalls. What do you do when terrorists in the back of the plane start slitting the throats of women, children, or babies? You have to leave your cushy little cage to get to them, whoops sorry that's what they wanted. Do you really think the marshalls would be able to resist the temptation to leave the cage as one-by-one the passangers are all slaughtered? Do you think any of them would still have a job after the public got wind of it? It doesn't matter if they were preventing a crash, the public will still say they should have done something. It's a lose-lose situtation.
No, marshalls should be unfettered and undercover. That way, the terrorists need to have a lot more people on the plane to take it over. A trained gunner can easily take out two or three individuals before they have an opportunity to react.
I think personally what we need to develop is an emergency lockout. A panic button that when pressed will lock the plane on autopilot programmed to land at the nearest airport. If that's not technically possible, it should circle the nearest body of water or uninhabited area (using GPS). The only way to override this lockout would be with a code from ground control. This system would be that difficult to implement. It wouldn't be foolproof, but it wouldn't be something two or three men armed with forks would be able to disarm. Worst case scenario is that the plane runs out of fuel and makes a crash landing in the middle of a field. Hopefully with no fuel, people would survive that. As tech improves, it should be possible to land flawlessly.
But anyway, regardless of what changes are made...I don't think they will be necessary. The reason this happened is because no one conceived of the possibility. Everyone did what the law enforcement agencies have always said: be cooperative and don't fight back. But look what happened in PA. People will fight back now. No one is going to let themselves become a flying bomb.
God help any Arabic person who forgets to put down his pencil/fork/toothbrush before standing up in the aisle. He's likely to be tackled and beaten by a panicing mob of passengers.
- JoeShmoe
-- I wonder which will go down in history as the bigger failure: the War on Drugs or the War on Filesharing
Raw data and meaningful statistics should be readily availible. And WE ALL HAVE TO RUN IT ON OUR MACHINES. WE have too or the FBI will hang our rights out to dry.
Internet Revolutionarys - White Hat
Crackers - Black Hat
Enablers through apathy to crackers. Squashed like grape. - Gray Hat.
Think about it, IF WE HAND THEM ALL NON-INVASIVE data they have a much harder case to make when tring to justify collection of INVASIVE DATA and we (freedom lovers) have a much better case to make.
Think about the consequences if noone ever reported gunshots outside their house ever again. That is what is happening right now, and that is why the Government is heading down the path of misery and death at our expense.
I do not know of such a program (or where to get my unencumbered data) If such a project currently exists please me/us to it so I can install it RIGHT NOW!
Novel theory: Modern Man evolved from psychopath
Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?
The F16 and the nuke are weapons of mass destruction. For the government to PACIFY the people, they will have to OCCUPY our cities -- not destroy them. And an occupying force is terribly vulnerable to resistance.
In the worst case scenario of a US revolution, the army will be rolling in with tanks and ranks of guys with rifles... and that's the kind of enemy that Joe Average with a Gun can in fact take on.
Look at Chechnya. The Russians had to shell Grozny into a smoking pile of rubble because the Red Army could not deal with rebels with rifles. If it was Moscow that was to be pacified, they probably wouldn't have gone to such extreme measures; the Russians HATE the Chechens.
I do not believe the American armed forces would pull a Grozny on an American city. Remember, the soldiers are our countrymen, and if average people were pissed off enough to take part in a revolution, that's going to include military folks too. They aren't the enemy... they are US.
If some faction within the gov't started NUKING our own cities, I believe that the vast majority of our people, military and civilian, would unite to take the bastards out. And we'd do it too, with our Glocks and hunting rifles and fighting spirit.
Anyway, it comes down to this: if the military tries to suppress or pacify an American revolution, they are vulnerable and I believe ultimately they will lose. If they try to utterly destroy us with nukes... well, ok, my shotgun won't help. But that isn't a revolution we're talking about there... it's genocide. I doubt things would ever come to that. We probably won't be nuking anybody as a result of the WTC attack, and that was a provocation worse than Pearl Harbor... so talk of nuking ourselves is pretty far out there.
Benjamin Franklin didn't have terrorists walking onto airplanes and crashing them into buildings full of tens of thousands of people. I think you can safely say this situation is quite a bit different than anything anyone could have predicted 200 years ago.
As for "mandatory crypto backdoors", I think it's become a common saying that when encryption is outlawed, only outlaws will use encryption. This is a ridiculous time to be making any hot-headed decisions on something like this. Even if the US did make some inane law mandating backdoors in encryption there are plenty of free and completely open strong algorithms out there to use. What stops terrorists from using these other programs NOT made in the US or writing their own code?
This is the kind of thing that happens after every tragedy unfortunately. Emotional people start making emotional cries for immediate changes. After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people. Banning strong encryption is not going to stop criminals or terrorists from using strong encryption! Hijacking airplanes is also a crime but that didn't stop a bunch of whacked fundamentalist motherfuckers from doing it now did it?
Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber home page.
So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom.
Your argument is one I have seen before. But it is fundamentally flawed.
The first thing to consider is the "trust" question. Do people trust their governments? The unavoidable answer is that here in the UK, in the USA and in many other countries, a very significant part of the population very obviously do not fully trust their governments.
Arguments about whether this attitude is well founded aren't relevant. All that counts is the existence of enough such people.
The next thing to consider is the praticalities - can it be made practically dificult for those who distrust their governments to obtain software without backdoors. Even in a "closed source" world this is going to be very dificult or even impossible - too many people already have the tools and the knowledge and it is very easy to spread the information around. In a world where "Open source" software is permitted I reckon it is simply impossible.
So we have a number of people who wish to prevent government snooping - or simply wish to reach the maximum level of security they can achieve. If those people choose to use techniques without backdoors - they can do so.
Can you "persuade" such people not to use encpryption without back doors ?
I don't think you can do it by force. The first problem is detecting them. Such People will simply encrypt their files securely and then encrypt the results again using an "approved" method.
How are you going to tell that people are using "double" encryption ?
Maybe the security services will be allowed to do audits - use their backdoors on randomly selected messages to check that people aren't hiding unapproved encryption ? Do you think that would be publically acceptable ?
What happens when security services encounter a file format they don't understand ? Can they demand that all file formats be explained to them to ensure you're not encrypting data ? Will that be universally publically acceptable ? Is it even practical ?
So if you enfore encryption with back doors all the security services will see is an apparent mass of files encrypted using the approved methods - with no practical, publically acceptable or easy method of picking out the interesting messages or recipients.
>If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.
... and because of the above they still won't have the resources to sift it.
The only way to tell which of your 100 Million people are using unapproved crypto is to routinely open the "back door" to the privacy of all 100 million - with all the practical and political problems that follows. Even then you aren't much further forward.
What's even worse is that the REAL terrorists will be busy uploading and downloading beautiful, original, high definition photos of huge flower arrangements and landscapes - with the real (heavily encrypted) messages hidden within using stego. So while the security services are busying trying to determine which of their 100 million make it onto the next list and then the next list - they've already eliminated from further study the ones they're after. Use stego correctly and it is near to mathematically undetectable as really makes no difference.
AJB