Congress Considers Mandatory Crypto Backdoors

disappear writes: "Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack. 'Nuff said." This will be the next battle -- especially in the wake of this week's tragedies, and the the allegations that the prime suspect Osama Bin Laden is a heavy crypto user. The battle of privacy and safety is going to begin in earnest now.

Mixed feelings

[Gangis]

I have mixed feelings about this... It could be good in catching terrorists, but privacy avodocates will have a field day. What do you think?

Re:Mixed feelings

[napir]

Crypto algorithms are well-documented and not difficult to implement. Circumventing backdoors would be as simple as writing your own software, or use an older version of open source software such as GPG that doesn't support government-known backdoors. Sure, it'd be illegal in the U.S., but is that going to stop terrorists? All this will do is make it difficult for law-abiding corporations and individuals to keep data secure.

Re:Mixed feelings

[Ivan+the+Terrible]

I can't see that any terrorist with a quarter of a brain will use a crypto scheme with a backdoor. So, the only people who can be spied upon are those who are law-abiding, and the only people who can't are law-breakers.

Re:Mixed feelings

[iamblades]

Does anyone think that terrorists like Bin Laden can't afford to hire someone to build them their own encryption technologies?

If this does happen, it will only harm american citizen's privacy...

Re:Mixed feelings

[number+one+duck]

No, no, the funny thing to think about is all the terrorists going and *upgrading* their current encryption software because of a change in the word doc formats... inadvertently installing a backdoored compliant version. Microsoft will save the day, yet again!

Re:Mixed feelings

[ttyRazor]

I think the point that some on TV have made that there is a significant lack of "human' intelligence (i.e. spies) is a lot more important than the lack of electronic surveillance and crackable crypto. I believe our intelligence agencies have become too preoccupied with their toys, and have forgotten that the most relevant communications occur in person.

On top of that, they already have the tools, and putting mandatory backdoors on future products is not going to affect existing software. What would they do to them for using unauthorized software? arrest them?

If this even gets close to being implemented, we need some sort of pledge from the intelligence community, backed by strict legislation, that any such system can ONLY be used or the purpose of national security and anti-terrorism, and any use beyond that would be strictly prohibited, and any other information obtained shouldn't leave the place it was intercepted from.

Just my 2 cents, right now I do not feel any of us really is in any position to make a real judgement about this. Keep that in mind when forming some opinion that you would be unwilling to comprimise, as a few of us here often do.

Re:Mixed feelings

[Sniser]

Exactly. Makes you wonder if the folks in congress haven't thought of something utterly obvious like this? Makes you wonder if it's about terrorism at all.

"Of course it's about terrorism and defending liberty and democracy", you say. "It's fucking heartless to think this is some plot to handcuff us. Come on, thousands of innocent people DIED in the WTC, we've got to DO something, QUICK!"

Right now, I'm not worried about terrorism at all.


"This year will go down in history. For the first time, a civilized nation has full gun registration. Our streets will be safer, our police more efficient, and the world will follow our lead into the future."

Adolf Hitler, 1935



You see, even IF there was complete security, this isn't a good thing, as long as the govermnent isn't really democratic (look it up, there IS no democracy on planet earth... it's representative democracies, which is an oxymoron). Because your safety always depends on the govermnent not to screw you over.

So I'm asking you, do you feel lucky?

Americans and Europeans (me being german, and for me being the answer a "no", and a very resounding one after the things I heard our politicians say in the last 2 days), do you trust your governments completely, blindly, and does that "no time for criticism now, we have to stand together as the civilized nations of the free world, we'll do what we have to do (and we'll tell you what that is when it's already underway)" help to increase that trust?

Re:Mixed feelings

[Evro]

This is the same argument that crypto supporters have been using all along. Corporations were complaining that they had to compete with foreign companies' products that had much stronger encryption while they were limited to 40/56/whatever-bit encryption for exported products. The argument appears to have fallen on deaf ears for the last 10-20 years. I don't see why now it would be any different.

And good luck to the government getting people to dump all their current SSL/SSH software in favor of this new awesome backdoored version. Especially with products like OpenSSH which will remain downloadable from any number of sites for quite a while.

Re:Mixed feelings

[jdriller]

Pledge so just used in emergencies? Ha ha ha...
My x brother in law wrote an article in left wing Z magazine about the special federal circuit court that is specifically set up to approve wire taps. I forget the year and the exact numbers but they rejected something like 4 out of 23.7 THOUSAND. We ALREADY have a guarantee against unreasonable search and seizure and right to liberty. It is the basis of all our law. It is the Constitution. Pledge of restraint and honesty? You have me rolling on the floor!!!
Oh, and by the way he had a white van outside his house for a week - night and day. My nieces even brought the spooks cookies....yeah, and he was a real threat. He is a newspaper sports writer mostly.

Re:Mixed feelings

This thread reminds me that I need to credit the folks over on alt.folklore.urban with helping me shoot down that bogus Hitler quote praising gun registration. For those a.f.u.'ers who don't remember (it_was_a couple of years ago), the story goes like this:

"This year* will go down in history! For the first time, a civilized nation has full gun registration! Our streets will be safer, our police more efficient, and the world will follow our lead into the future!"
--falsely attributed to Adolf Hitler (1889-1945), "Abschied vom Hessenland!" ["Farewell to Hessia!"], ['Berlin Daily' (Loose English Translation)], April 15th, 1935, Page 3 Article 2, Einleitung Von Eberhard Beckmann [Introduction by Eberhard Beckmann]

This quotation, often seen without any date or citation at all, suffers from several credibility problems, the most significant of which is that the date given (*in alternate versions, the words "This year..." are replaced by "1935...") has no correlation with any legislative effort by the Nazis for gun registration, nor would there have been a need for the Nazis to pass such a law, since gun registration laws passed by the Weimar government (in part to address street violence between Nazis and Communists!) were already in effect. The Nazi Weapons Law (or_Waffengesetz_) which further restricted the possession of militarily useful weapons and forbade trade in weapons without a government-issued license was passed on March 18, 1938. The citation usually given for this quote is a jumbled mess, and has only three major clues from which to work. The first is the date, which does not correspond (even approximately) to a date on which Hitler made a public speech, and a check of the texts of Hitler's speeches does not reveal a quotation resembling this (which is easily understandable when you realize that "Hitler" is commenting on a non-existent law). The second clue is the newspaper reference, which if translated into German resembles the title of a newspaper called _Berliner Tageblatt,_ and a check of the issue for that date reveals that the page and column references given are to the arts and culture page! No Hitler speech appears in the pages of_Berliner Tageblatt_on that date, or dates close to it, because there was no such speech to report. Finally, the citation includes a proper name "Eberhard Beckmann," which is sometimes cited as "by Einleitung Von Eberhard Beckmann," which is an important clue itself, because it reveals that the citation was fabricated by someone who had so little knowledge of the German language that they were unaware that "Einleitung" isn't the fellow's first name! The only "Eberhard Beckmann" which has been uncovered thus far did indeed write introductions, but he was a journalist for a German broadcasting company after WWII, and he wrote several introductions to_photography books,_ one of which was photos of the German state of Hesse (or Hessia), which may be the source of the curious phrase "Abschied vom Hessenland!" which appears in the citation. This quotation, however effective it may be as propaganda, is a fraud

Re:Mixed feelings

[indycam]

Gotta love a knee-jerk reaction

There's two main thing to consider here.
First they've already got it, and if the agencies can't break it why would they chnage the algorithm they've already got.
Secondly, one nation, and once again it's the US, can't make a global poilicy no matter how good their intentions. I'm Australian, and glad of it. Our governments a complete bunch of muppets, but they're ours and should be able to decide policy for our country. Of course they can't, but we keep hoping that one day one of our politicians will make a decision other than what to have for lunch (that's when they're not in parliment, in which case they eat what ever is on the menu)

So here it is: How fucking stupid does the US senate have to be to ask ever nation in the world to subscribe to the idea of encryption software that allows other nations agencies to gain entrance, especially if that back door is maintained by one government.

The answer, I hope, is not that stupid.
Besides, a backdoor will only help you if you know what transmissions to intercept, and if you know that then human intelligence would probably be a better alternative.

Just my 2 cents ($AU24)

Re:Mixed feelings

[epine]

Sigh. The vast majority of signals intelligence is devoted to traffic analysis: figuring out who people are talking to. Think about this. Do you think they have the resources to read all the stuff they can capture?

Once they decide that an individual is connected into too many suspicious circles (drugs, munitions, political activism, voting democrat, etc etc) only at that point do they consider devoting resources to decyphering the content of the traffic exchanged. Compared to the total volume of traffic exchanged on global networks, they have the resources to crack only a tiny sliver of those communications.

If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.

It's very important to limit the total volume of strongly encrypted traffic. If they manage to limit strong encryption to 1% of the population consisting entirely of /. geeks, terrorists, and kiddie pervs that makes the expense and difficulty of their job at least an order of magnitude more bearable.

In no way whatsoever do the objectives of this initiative depend upon Bin Laden adopting an American approved backdoor technology.

Arguing that the American government thinks this is the objective of their backdoor policy is juvenile circularity invented to justify our _premise_ that the government is too stupid to be trusted in anything.

Let me try to paint a picture of how things work based on what I believe to be the existing American capability in rough factors of ten.

I would think that the Echelon system maintains a unique identity for 1 billion of the world's 10 billion people. This group would include the majority of people who have used a telephone at some point in their lives, and not many who haven't. We can think of this group as the "literate and connected" group.

Out of of this roster of one billion "known" individuals, 100 million would be identified as belonging to the sphere of national interests. Anyone with a degree in metalurgy, who has ever travelled to the middle east or the eastern block, who has ever held a pilots license or owned an airplane, people involved in international trade, people trained to operate weaponry of any kind, people on the inside of national infrastructure grids, etc etc. What they are looking for at this level is overlap between the groups motivated to cause trouble and the groups with the skills or resources to cause trouble. The only thing they need to identify about people in this group is the various spheres of influence each person belongs to.

Out of this group 10 million people are identified who have a significant presence in groups representing both means and motive. If you are in this group, Echelon problably knows your great grandmother's maiden name. Your location is monitored and the people you communicate with are identified and recorded. Your traffic will be subjected to keyword analysis and correlation beyond what the bulk filters are capable of processing. A select ten percent of your communications are permanently recorded in case they become interesting at a future point in time.

Out of this group, 1 million people are identified who combine means+motive+opportunity. It is this group of people where they become very interested in digesting the _contents_ of your communications. Perhaps 1% of this is selected for a few seconds of human attention.

Our of this group, 100 thousand people are subject to exhaustive scrutiny and human analysis.

Out of this group, 10 thousand individuals are actively operated against. If you are in this group, there are white vans parked in your street, your cigarette lighter contains a satellite transponder, your keystrokes are monitored by devices that can only be seen under an electron microscope. To belong to this group you need to have your fingers stuck into more than one pie. These people are the tendrils that bind shadowy worlds together.

Out of this group, you have 1000 people designated as the world's primary disruptors of shit. If you are in this group there is someone in the intelligence service who knows more about your life than you know about yourself. Your continued existence is reviewed daily. It's a good practice to surround youself with equally despicable proteges who are eager to take your place.

Out of this group, there are 100 people who's continued existance is considered bothersome. These are the people who out so well protected or removed from American influence that nothing much can be done about it.

Out of this group, 10 people are nominated by American politicians to play the part of celebrity terrorist. These are the "forces of evil" who constantly invoked to sway public opinion on any issue where it allows the government to get what it wants.

Take a good look at that pyramid and decide whether it matters to the American intelligence service whether ten million people use strong crypto or whether one hundred million people use strong crypto. The intelligence service needs to know enough about this group of 100 million people to determine which subset of 10 million people deserve the next layer of surveillance.

But no, if Bin Laden alone uses strong encryption, the entire government agenda against the strong encryption is ridiculed as being completely bogus. A fine example of /. rhetoric.

Re:Mixed feelings

[Znork]

Perhaps you've missed this, but it appears that Echelon is mostly used to spy on non-US corporations to the advantage of US corporations. The kickbacks are better for the snoopers that way. It sure has proven good for getting those airplane construction contracts, but how good has it proven for preventing terrorism?

Re:Mixed feelings

[pmc]

Maybe one day a president will get a brain tumor...

Surely not a concern with the current president?

Re:Mixed feelings

[TomV]

I think the point that some on TV have made that there is a significant lack of "human' intelligence (i.e. spies) is a lot more important than the lack of electronic surveillance and crackable crypto.

I'm in the UK, so, tragically, have had to be a bit more aware of terrorism for the last 30 years.

The Guardian newspaper made a similar point yesterday, citing the example of IRA standard operating practice where operational information has almost never been passed using telephones, fax or more recently email. The procedure most widely known has been for the two terrorists to get onto the same bus from different stops, talk quietly on the top floor, and get off at different stops.

Crypto back doors, satellites, phone taps, the whole panoply of technological measures, whilst reassuring, can never have a useful impact on this sort of approach.

OTOH, if, in fact, the CIA have 10,000 agents of middle-eastern origin under deep cover throughout the world, I don't want to hear them proclaim the fact to get out of a bad PR situation. Rather better to take the PR hit and leave the agents in place doing the job.

TomV

Re:Mixed feelings

[choco]

Your argument is one I have seen before. But it is fundamentally flawed.

The first thing to consider is the "trust" question. Do people trust their governments? The unavoidable answer is that here in the UK, in the USA and in many other countries, a very significant part of the population very obviously do not fully trust their governments.

Arguments about whether this attitude is well founded aren't relevant. All that counts is the existence of enough such people.

The next thing to consider is the praticalities - can it be made practically dificult for those who distrust their governments to obtain software without backdoors. Even in a "closed source" world this is going to be very dificult or even impossible - too many people already have the tools and the knowledge and it is very easy to spread the information around. In a world where "Open source" software is permitted I reckon it is simply impossible.

So we have a number of people who wish to prevent government snooping - or simply wish to reach the maximum level of security they can achieve. If those people choose to use techniques without backdoors - they can do so.

Can you "persuade" such people not to use encpryption without back doors ?

I don't think you can do it by force. The first problem is detecting them. Such People will simply encrypt their files securely and then encrypt the results again using an "approved" method.

How are you going to tell that people are using "double" encryption ?

Maybe the security services will be allowed to do audits - use their backdoors on randomly selected messages to check that people aren't hiding unapproved encryption ? Do you think that would be publically acceptable ?

What happens when security services encounter a file format they don't understand ? Can they demand that all file formats be explained to them to ensure you're not encrypting data ? Will that be universally publically acceptable ? Is it even practical ?

So if you enfore encryption with back doors all the security services will see is an apparent mass of files encrypted using the approved methods - with no practical, publically acceptable or easy method of picking out the interesting messages or recipients.

>If everyone out there is using nearly unbreakable encryption they simply don't have the resources to sift through everything they want to look at.

... and because of the above they still won't have the resources to sift it.

The only way to tell which of your 100 Million people are using unapproved crypto is to routinely open the "back door" to the privacy of all 100 million - with all the practical and political problems that follows. Even then you aren't much further forward.

What's even worse is that the REAL terrorists will be busy uploading and downloading beautiful, original, high definition photos of huge flower arrangements and landscapes - with the real (heavily encrypted) messages hidden within using stego. So while the security services are busying trying to determine which of their 100 million make it onto the next list and then the next list - they've already eliminated from further study the ones they're after. Use stego correctly and it is near to mathematically undetectable as really makes no difference.

Re:Mixed feelings

[youreanidiot]

Unfortunately... according to an ex-cia officer interviewed in this article, not only don't they have 10,000, they don't have any. He goes on to explain from an operational point of view the difficulties in infiltrating an organization such as the one that orchestrated the attack against the WTC.

It's an interesting read, and like most things is better than senseless speculation. No offense intended.

People will hand it over

[purduephotog]

without much fight. All the right words will be said for fear and fright

And if you fight against it you will probably lose... unfortunately. Maybe in a year. Or two. But the mood of the American people is quite frightening- cold rage.

Besides- who says the government CAN"T break them already? It probably just takes a bit more effort...

Re:People will hand it over

[Erasmus+Darwin]

"Besides- who says the government CAN"T break them already?"

The fact that they're passing legislation to add mandatory backdoors is a pretty big clue that they probably can't break some crypto already. A known backdoor significantly decreases confidence in a crypto-system and will cause the bad guys to be more vague and/or use the uncrackable but less convenient "one time pad".

Re:People will hand it over

[Malcontent]

" without much fight. All the right words will be said for fear and fright'

And if they do they won. They not only stopped all air traffic for a couple a days, closed wall street for a week, and cost billions of dollars they also just made America a less free nation. That ws probably their goal more then anything else.

Re:People will hand it over

[csbruce]

I think that the U.S. government will have a very difficult time convincing the terrorists that they should be using the government-crackable encryption rather than the easily available hard-to-crack kind. I guess the U.S. is determined not to be a relevant player in cryptography research or commerce.

Re:People will hand it over

[Frank+T.+Lofaro+Jr.]

Either that, or perhaps they CAN break it, but they want people to think that they can't.

Re:People will hand it over

[Dutchie]

Uhm yeah, but it also means that if Joe Blow is using the backdoored version, it's easy to assume that the non-backdoored ones must therefore be of some 'secret' nature. Intelligence does not neccesarily ONLY need to know the actual contents, but just finding out who is intentionally sending uncrackable messages is relevant information.

Re:People will hand it over

[TomV]

They know who is responsible, and they know where they live.

They have a pretty clear idea who is responsible, and they are aware that those people are spread thinly across many nations, including the USA itself, most of europe as well as the middle east, sharing cities and countryside with the overwhelming majority who utterly abhor their actions.

This calls for a good old fashion ass whooping. Kill them.

I'd certainly agree that the people responsible for this cannot be allowed to remain at large, able to repeat this atrocity at will, and I concur that this will likely involve kiling them. I'd prefer to see lawlessness countered with lawful arrest and very public trial, but it does seem unlikely that a group of suicide bombers would allow themselves to be taken alive.

flatten the whole fucking countryside and then burn them out of their stinking rotten holes in the ground.

I understand the pain. I have been bereaved in a non-related incident this very week, and I live in the UK where we have had ongoing domestic terrorism for 30 years - believe me I know the pain right now. But to avenge the deaths of thousands of innocent civilians trying to go about their lives by taking actions that would kill thousands of innocent civilians trying to go about their lives would be exactly the worst thing to do right now. When a group of terrorists attemt to show that world that indiscriminate slaughter is more powerful than the rule of law and justice, to counter their actions with more indiscriminate slaughter is to show that they have won the argument. The US has become a target specifically BECAUSE it has gone around the world, 'meddling in other countries affairs', to uphold the very principle that law is higher than force. Such is sometimes the terrible price of goodness.

Yes, this is rage. I would question the patriotism of anyone who ISN'T outraged at this point. 90% of Americans see this as an act of war. We will accept nothing less than war against the people that perpetrated this atrocity.

It's not even a matter of patriotism, rather the same underlying principle but applied to humanity rather than to a nation. I would question the very humanity of anyone who isn't outraged at this point. But to fight a war, you need an enemy, and weapons. When the Japanese Air Force bombed Pearl Harbour, it was clear that the enemy was the Japanese nation, that the target was the Japanese armed forces, and that the war could be ended by use of heavy military personnel and equipment to force the surrender of the islands of Japan. In the current situation, we don't know how to easily identify the enemy, they aren't uniformed, their bases are widely distributed, their structure is non-hierarchical, so just taking out Osama won't do it, you can't measure progress in the battle, and there is no readily identifiable point at which it is possible to say 'the war is won'. Slaughter every living terrorist, and more will appear to avenge them.

Police action on an unprecedented scale is needed now, but so is a rethink of the very principles of foreign policy by every nation on earth.

What a ghastly world we live in since Tuesday. These people want to start World War 3. Let's all do everything we can to make sure they don't succeed.

TomV

Well...

[Scoria]

I'm sure some open-source (and even minor corporations) would never agree to this.

Especially those not in the US.

My essay

[jallen02]

This is what I am afraid of! :(

Please read my essay and if you like it pass it on to people. We can't let this happen. I have been saying this since day one. Please please think about this :(

The Price of Freedom

Jeremy

Re:My essay

[Supa+Mentat]

I agree with a lot of what you had to say. But the idea that we could possibly hit them so hard that no one would ever again DARE to do something like this is absurd. A strike that powerful does not exist. Why would terrorists like these ever fear us? Because we're going to kill them if they try anything? Perhaps you forget that they died doing this. Religious fanatics don't give a damn what you can do. If they die they are going cloaked in the glory of their God and will forever be considered martyrs by their people. We have to respond with something but there will never be a thing we can do to keep religious fanatics and other suicide terrorists scared enough of us as to prevent them from attacking us.

Re:My essay

[jallen02]

Done, People complained it was aligned left, I like it aligned left better anyways.

So back it goes to the left ;)

Jeremy

Re:My essay

[Gen-GNU]

This has been said many times. It has been said many ways. One of the most repeted is &quot The price of freedom is eternal vigilance. &quot

Unfortunately, every generation it seems must learn this for themselves. I do not believe that it is a coincidence that the US has a major war every 20 - 30 years.

I believe that as more people reflect on this tragedy, and consider our options going forward, more people will come to understand the true meaning of the above statement. I also fear that too many will, as Ben Franklin said, be willing to give up essential freedoms for perceived safety.

This is /. As such, it has a generally young audience, who have never before seen first hand tragedy or tyranny on this scale. I hope that each person realizes, as you have, the choice is either to stand up for the freedoms we all say we cherish, or to bow and cower as our freedoms are stripped.

Re:My essay

[fishbowl]

> I also fear that too many will, as Ben Franklin said, be
>willing to give up essential freedoms for perceived safety.

I'm not convinced that Ben Franklin actually said this, since
it appears to be credited to several different people. However, it has been often said. And if Franklin or anyone else saw a need to say it then, it stands to reason that there was a prevailing move to surrender freedoms to government
then, just as now.

I think we may be hitting some type of wall in accordance with human nature...

Re:My essay

[Malcontent]

"I do not believe that it is a coincidence that the US has a major war every 20 - 30 years. "

Actually the war cycle is much shorter these days. Every four to eight years we gear up for some conflict or another. I suspect the election cycle has something to do with that.

Think about the last 40 years or so. What was the longest time that the US did not involve itself with some military conflict? I am not counting funding wars like in south america or afghanistan I am talking about actually sending in american troops someplace and killing some people.

Re:My essay

[Reality+Master+101]

But the idea that we could possibly hit them so hard that no one would ever again DARE to do something like this is absurd.

That's why you hit the countries that harbor them. No base of operations means no large scale attacks.

I honestly don't see why people are so pessimistic about getting these people. There aren't that many of them. If you think "they're all like that", then you are thinking in a racist manner. If we got serious about it, we could eliminate most of the problem. And quite frankly, I don't care whether they are afraid to die or not, as long as they die (or get locked up forever).

Are we going to eliminate them all? Probably not. But we can definitely prevent these large scale attacks. It's only our tolerance up until now that has allowed it to happen.

Re:My essay

[Reality+Master+101]

Indeed, and well said. It is amazing how many people will get up in arms when the US government wants to be able to monitor criminal e-mail communications (with the permission of a judge), yet will roll over and cower in fear when a REAL LIVE BAD GUYS come along who do far worse than read your e-mail.

It's as if people don't believe that there really are bad people in the world, who really do want to take away your freedom, and not just in a theoretical, "free speech" sense.

Re:My essay

[Gen-GNU]

True, the us is involved in conflicts much more often. However, I was speaking of large scale warfare. I define this as either wars involving a draft, or wars that lasted long enough for a person to join the military, and have them still going when the person had received basic training.

~1860 Civil War

~1900 Spanish American War

~1920 WWI

~1940 WWII

Late 50's through 70's Korea and Vietnam. These are different, both in timing, as well as motive. There was not a large public support for either.

These are generalizations, aproximations, etc. It does seem to me at least to be a repeating pattern however.

Re:My essay

[Reality+Master+101]

As Thomas Jefferson once said, "The tree of liberty must be refreshed from time to time with the blood of patriots & tyrants."

Unfortunately, too many people think this is figurative, and not literal. Yes, we can't bomb the ones hiding in civilian cities, but we can bomb their training camps. We can bomb the military of countries that harbor them. We can make countries root them out using their own police forces and hand them over.

The root of the problem lies in the countries that sponsor and allow terrorists to hide within them. If you eliminate that problem, then you've eliminated a lot of the problem.

Yes, many people will be killed. And I really believe that someday none of this will be necessary, because all the countries of the world will finally be stable democracies. But we're not there yet, and the tree of liberty is looking a little dry.

In fact, I think I might use T.J. as my sig, as much as I like my "sheriff" sig.

Re:My essay

[mpe]

It is amazing how many people will get up in arms when the US government wants to be able to monitor criminal e-mail communications (with the permission of a judge)

How effective do you really think such a thing will be against organised paramilitary organisations? Such organisations can easily design their communications with the assumption that they will be intercepted. With out real intelligence you can't understand coded communications or separate plausable disinformation from real information. Assuming that these people cannot enguage in an "information war" is underestimating them.
What makes you think only the "good guys" will be able to use such "back doors".

Re:My essay

[H310iSe]

If you don't understand where things come from you can't possibly deal with them effectively. Bombing/attacking/controlling/intervening has gotten us where we are and Ben Ladin whoever-he-is was *made* by us.

This hatred for the U.S. did not spontaneously arise, it's not based on some 1,500 year old text or 2,000 year old vendetta. It comes from the very recent very real actions of our country. We supported him when he was fighting the Russians in Afghanistan and I imagine he might have even been fond of us then. He later saw us support the Israelis committing crimes against the Palestinians (regardless of what you think about that conflict you can't deny the actions of Israel have been at times nothing short of criminal and we've (US) whitewashed over these 'little indiscretions') and saw us meddling in the affairs of Middle Eastern states (which we feel compelled to do a) because we're the big kid on the block and b) because our insane need for oil makes the mid-east essential to our ... lifestyle) and was turned against us.

If he was behind this, certainly he deserves no better fate than he's given to others. HOWEVER if we want to stop this cycle I guarantee that committing further violence in our typical manner will only outrage more people and ultimately give him more followers in death than he ever had living. He could become a martyr.

Think about every conflict where a larger force squares off against a determined resistance. The resistance doesn't always win but it *always* grows in proportion to the force applied against it.

Poverty and other indirect forms of violence create instability. We need to change our policies, not blow shit up, if we want to live in a secure world. Well, ok, we still have to blow some things up (it's kinda fun anyway) but ... mostly we need to change our actions.

Re:My essay

[loraksus]

I do belive the Jewish Revolts were put down by the Romans after crucifying most (jews, not necessarily revolters) of them by main roads and razing the entire province.
Moreover, they never got their land back until 1948.
Not to say this would be an acceptable solution, but just to point out that you can do something so violent that people won't Dare to revolt.

Re:My essay

[Malcontent]

Well the entire nature of warfare has changed in the last couple of hundred years. I don't think you can compare the world of 1940 to the present time.
Along with that our war cycle has reduced to four to eight years (if not shorter). In the clinton administration we deployed troops to bosnia, haiti, somalia and probably a few other places I have forgotten. We also have bombed iraq on a almost daily basis. I suspect that Bush will pretty much have a continuing war for the next four years (I really don't think he will get re-elected). He will probably have non stop deployment of troops someplace or another and will bomb some country or another for four years. I heard Colin Powell speak today and he indicated that he was going to go after countries that had nothing to with WTC after he got bin laden. He specifically mentioned iran and iraq although I suspect libya, algeria, lebanon, syria and morrocco are also on his list (he will probably leave the palestenians to israel they seem to do a good job killing them). That's a lot of countries to bomb and lots of people to kill. A big to do list and only three and a half years to go.

Re:My essay

[PD]

You can imagine that Bin Laden was fond of us when we were supporting him, but he wasn't necessarily. Remember, in his view, the United States did him no favors. He won the war because of his holiness and the holiness of his cause. Bin Laden doesn't appreciate infidels from North America any better than he appreciated infidels from the USSR. We're all infidels to him. If he can get support from one infidel to fight another infidel, then he probably thinks that's funny.

We can stop Bin Laden from attacking America without destroying his organization. That is definitely possible. All we have to do is dismantle our liberal democracy, and institute an Islamic theocracy in its place. We must destroy all our Disneylands, Paramount Pictures, Exxon and Mobil, Microsoft (nobody's ALL bad), and the State Department. Simple. Until we do all that, we are infidels.

The only hope for minimizing the damage here would be for Afghanistan to harshly deal with their terrorists internally, and turn all of them over to us. Same goes for Iran, Libia, Iraq, etc. I wish that would happen, because it would save a lot of innocent and good people.

Re:My essay

[SurfsUp]

the idea that we could possibly hit them so hard that no one would ever again DARE to do something like this is absurd. A strike that powerful does not exist. Why would terrorists like these ever fear us?

If anybody in the command chain is bright enough to realize it, there can be a natural and beneficial evolution to events in Afghanistan. Assuming the Taliban don't hand OSM over, and I don't think they will - they'll keep talking about it but they'll never do it - then the only thing left to do is kick the taliban out. Remember, they're not the legitmate government of Aghanistan anyway.

But note: bombing isn't going to do it. Rockets and strafing are not going to do it. That stuff will ake out lots of civilians, sure, but Afghanistan withstood worse for *years* against the soviets, partly because of the terrain, but more because of how the people are. And there is no industrial infrastructure in Afghanistan worth hitting.

So it has to be a ground operation. Sound dangerous? You better believe it. The place is mountainous and riddled with tunnels. The fighters are skilled and don't give a shit. It's hard to operate tanks there, and rockets just move the rocks around. This should be done together with Amadshah Masood the "lion of Panjhir" who represents the interests of the legitimate government of Afghanistan. And actually, he's a cool guy, besides being the consumate military strategist he holds a firm belief in democracy, is moderate in his faith, sees women as equal in society (!) builds schools, real schools, and on the face of it is just completely upstanding. Quite apart from the succession of thugs and crazies we've seen in Afghanistan. Oh, and he's not aiming to be the guy in charge either, he's the defense minister. President Rabbani is in exile. (Time for him to return by the way.) Anyway, the thing to do is land there, in Masood's territory and work with him. Any other strategy is going to be horribly costly in terms of time, money and life. Not to mention that this guy deserves the support, and is already getting it from Russia (whom he defeated before) and India. So lets exercise a little sanity this time, shall we? Look at the situation, learn its structure and work with that instead of against it.

Ideally the result would be not only an Osama-less Afghanistan but a free and democratic Afghanistan, where the rights of women are repected and people can watched tv without receiving lashes for it. Then Afghanistan should be reconstructed. A happy healthy, free Afghanistan means no more Bin Ladens there again, ever. Not only is this just inherently enlightened and moral, it's also the cheapest and fastest strategy.

By cutting off support for the Taliban from Pakistan and backing Masood the whole Afghanistan campaign could be over in a couple of months. Again, assuming the Taliban is crazy enough to play games about turning over OBL, which I think is a pretty safe bet.

Re:My essay

[PD]

I was born on December 6th, 1968, just three hours before NBC aired the episode of Star Trek called "The Empath" for the first time. That should clear things up for you.

Re:My essay

[PD]

Western thinking does not allow us to understand any military organization other than a hierarchical chain of command.

Bullshit. I can understand it just fine. You comment reminds me of two other things:

1) The idea that programming in BASIC damamges you for life and

2) The idea that if you take words out of the dictionary, you can't conceive of the idea represented by the word. (1984)

I repeat. Bin Laden has an organization. It is the set of people who are willing to perform terrorist acts because of his leadership, existence, or influence. That set has a life of it's own too, so after Bin Laden is dead, you can still associate terrorists with a particular set of terrorists. We are all aware that this is not heirarchal, but has a network topology.

We can all understand the structure of the internet, so why can't Westerners imagine the structure of Bin Laden's organization? Hell, I think that we INVENTED that structure.

Re:My essay

[fishbowl]

>Bullshit. I can understand it just fine.

Then could you please explain to President Bush and the Joint Chiefs of Staff that bombing the Middle East won't stop terrorism, Osamist or otherwise?

Re:My essay

[Dyolf+Knip]

But better airline security would

Oh? How? You're sure as hell not going to keep people from bringing knives onto a plane; it's hard enough keeping out bomb and guns. Put a guard on every flight? Guess who'd be the first to die in a hijacking. Make the cockpit door impenetrable? Pilots gotta open the door sometime during the flight, so terrorists would just have to have good timing.

Interestingly enough, the only effective force in all this was the thing that would be on the plane in any event: passengers. These terrorists may have ruined it for other would-be hijackers. From now on passengers on hijacked flights will know that there's a good chance that the hijackers are on a suicide mission. It'd have been better if the Pennsylvania flight had not crashed, but I know that I for one will simply not let a flight I'm on be hijacked and crashed into a building by some punks with knives. If I'm gonna die, I'll choose to do it on my own terms and to take them with me.

However, I do agree that it's hard to make a suicide fighter afraid. The suicide bomber is beyond fear for himself, but fear for the death of his cause is certainly there. The terrorist usually has financial or political backers who are not quite as willing to throw their lives away. They must be made to fear what will happen to them if they support terrorism.

I think I speak for slashdot when I say

[Mdog]

Those who give up essential liberties for temporary safety deserve neither liberty nor safety. - Benjamin Franklin

I don't think so.

[stuccoguy]

Make it illegal to have crypto with no back doors and all law abiding crypto users will use back-door laden crypto and their law abiding messages will be an open book to law enforcement agencies.

Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.

Re:I don't think so.

[The+Pim]

Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.

Think harder: With carnivore, the government sees all traffic. They see crypto they can't break, they trace it with help from the ISP, they pay someone a not-so-friendly visit.

Please stop convincing yourself it can't work. It can work, and pretending otherwise will only make it more likely.

Re:I don't think so.

[DahGhostfacedFiddlah]

There are too many things that encrypted information can be sent in. A simple "Coke sends this free drink tray" windows binary could probably have a code hidden in it.

If someone wants to hide information, they will, period. All this law would do is make our own information - our credit card numbers and personal information - less secure.

Lets face it : if the feds can break it, so can crackers.

Re:I don't think so.

[Zagadka]

With carnivore, the government sees all traffic. They see crypto they can't break, they trace it with help from the ISP, they pay someone a not-so-friendly visit.

But encrypted data can be hidden in non-encrypted data, in ways that make it virtually impossible to detect, using steganography. So the criminals could send photos to eachother, or even have a web-cam feed with data steganographically encoded into the frames.

Take a look at OutGuess, for example. You might also find this article to be interesting, particularly the part with the photos of the Statue of Liberty.

Re:I don't think so.

[Corner+Carver]

_IF_ you read the article you should have clicked the link to this article,titled "Bin Laden: Steganography Master?"

For those who don't know "... steganography, is the practice of embedding secret messages in other messages --
in a way that prevents an observer from learning that anything unusual is taking place. Encryption, by contrast, relies on ciphers or codes to scramble a message." (quoted from the wired article).

Its a good article. Seeing steganographyin (more obvious) use is kinda weird. Check out some of the results of this google search. Read a few of the first hits and see what you notice.

Phil

Re:I don't think so.

[denshi]

The whole "terrorists of the future" techno-fear bunk completely misses the lessons given over the last few days. Let me repeat:

A small band of essentially unarmed men captured 4 airplanes by playing to passengers & pilots fears. They then drove these planes into tall buildings, killing several thousand. Their total cost was rudimentary flight training, plane tickets (did they buy in advance?), and room & board while planning. They brought no advanced weapons, hacked no computer systems. Once again, it has been shown that the unaided human mind is the most dangerous weapon in the known universe.

There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks. Just victims' fear and the terrorists' willingness to die. These are social problems, and all the techno-fear 'solutions' that have been bandered about over the last few days both here and in the mainstream media, are completely ineffective to affect these social problems.

How does changing our crypto laws fix that?? Take as an example bin Laden, which the investigation is leaning towards. Where is the ambiguity there? In 1996 he issued a fatwah declaring war on the United States. How could we assume that that was nothing; that something like this wouldn't eventually happen? There are so many ways to infiltrate these groups, there are existing ways to harass their activities both within the US and without. How does attacking the civil liberties of US citizens to use technology freely aid the capture of a group whose men can perform such audacities without the aid of technology??

Re:I don't think so.

[The+Pim]

Take a look at OutGuess, for example.

And you might look at Stegdetect, by the author of OutGuess. He claims to detect many other popular steganography techniques. The feds throw stegdetect onto carnivore, and you can expect using steganography to earn you one of those unpleasant visits.

Steganography is a long, long way from offering the practical security of encryption. Is it really possible to create a system that is undetectable even if the algorithm is public? Nobody's sure yet. Do the bad guys have the means to create their own effective algorithms and keep them secret? Questionable. Can they use a stego system correctly on a wide scale? Unlikely at present, since there is no popular, easy (for non-technical users) software, nor is there the widespread understanding of how to use stego that there is about crypto (these things do matter when it comes to the successful implementation of any security scheme).

The point is, the government can (by imposing on everyone's liberty) effectively stop criminals from communicating privately. Therefore, we need to come up with a better argument than "it won't work", in order to prevent it.

Re:I don't think so.

[adamsc]

While I agree that they certainly would do that and it would be effective at stamping out things like PGP / GPG, it'd fall prey to simple codes ("The dog quacks at midnight") and steganography, which includes other things beside images - do they have the storage to capture all traffic to analyze possible channels hidden in ICMP packets or, say, the timing / ordering of IMG requests in a web page. For that matter, would their scanner catch something hidden in what looks like a Sircam outbreak?

Re:I don't think so.

[SurfsUp]

There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks. Just victims' fear and the terrorists' willingness to die. These are social problems, and all the techno-fear 'solutions' that have been bandered about over the last few days both here and in the mainstream media, are completely ineffective to affect these social problems.

Thanks, you expressed it far more eloquently than I ever could.

Re:I don't think so.

[The+Pim]

If someone wants to hide information, they will, period.

The history of cryptography has shown that the seemingly simple goal of transmitting hidden information is actually really, really hard. The suggestion that if the government outlaws the well known digital privacy schemes, people will come up with others just as good, is naive. It's the same reasoning that says that secret encryption algorithms should be more secure than public algorithms. It grossly underestimates the techniques available to detect and break poorly designed systems.

If the author of OutGuess can detect most steganography, I would not feel at all secure using your "hide the encrypted message in an executable" trick.

Re:I don't think so.

[MarkusQ]

Please stop convincing yourself it can't work. It can work, and pretending otherwise will only make it more likely.

The people who are pretending are the ones that claim it can work. Crypto, as an arms race, is over. Given sufficient computational power on both sides, there is a guaranteed win for the encryptor.

Claiming otherwise is like claiming the second player can force a win in Naughts-and-Crosses (aka Tick-Tack-Toe). It simply isn't true. The effort to hide information grows O(log2(N)) for parameters N for which the effort to find the information can not be bounded by a polynomial. In English: as the game gets more complex, it gets harder to encrypt at a much slower rate than it gets harder to decrypt.

At some point (say, now) encryption has such a lead that it isn't even possible to say what contains encrypted data and what doesn't. Even the fact of encryption becomes hidden. From that point on, the decryptor is left with social tools (infiltration, hoping the bad guy slips up, etc.). Technology (and legislation about technology) can't help.

-- MarkusQ

Re:I don't think so.

[Jeremi]

When all the lawful crypto users are using back-door laden crypto, the criminals and terrorists will walk right through those back doors to wreak more havoc. How does that help anyone?

Re:I don't think so.

[quintessent]

There was, save the existence of airplanes, no technology whatsoever in Tuesday's attacks.

How do you coordinate those efforts without communication technology? The government frustrated similar terrorist efforts on more than one occasion (including New Year's Eve) by being able to intercept and decrypt their communications. So, yes, if you forget that the point of encryption is being able to communicate, then you might have some kind of point. But communication is needed. How do you say, you get on this flight, watch out for this, the president is likely going to be here, oh wait, this flight was delayed or canceled, reschedule this thing a week later, wait, they seem to suspect us, call everything off until two months from now. How do people in remote locations give each other the kind of encouragement and coordination necessary to hijack four planes at once for suicide missions, if there isn't communications technology? The media has reported that steganography has become a central part of Bin Laden's "terrorist training camps." Authorities believe that terrorists have been using images on porn and other sites to hide encrypted messages. A better question to ask is:
Does curbing encryption work in spite of the steganographic techniques they have been using? But the technology issue can't just be tossed aside. It is key to the actions of modern terrorists.

Re:I don't think so.

[jfunk]

That was exactly my first thought. Actually, it always is whenever this comes up.

If the US enforces these backdoors, that will mean that there *are* backdoors. Do you honestly think the US military will use the same encryption schemes?

Just as they have to protect themselves from their enemies, we have to protect ourselves from our own enemies.

The worst thing, of course, is that they will essentially force the rest of us (I'm Canadian) to use their garbage as well, if we want to communicate securely to Americans.

I've read stories about the NSA et al. doing intelligence on foreign companies and relaying the data to American ones. That scares the shit out of me.

Re:I don't think so.

[Frank+T.+Lofaro+Jr.]

Here's another crypto fact. It is very easy to make bad crypto (XOR 67, rot13, CSS are 3 real world examples that come to mind), but very hard to make good crypto. And if you don't know what you are doing, you can't tell bad crypto is bad. It will still appear to "work", i.e. encode to something apparently meaningless and decode to the original data. But people with the right knowledge can decipher it.

Bad crypto looks good to all but experts. Really bad crypto of course is easy to spot; however flawed but complex crypto can look quite good yet be quite weak.

Re:I don't think so.

[Frank+T.+Lofaro+Jr.]

Sometimes a good old fashioned wiretap and bugging operation will accomplish far more than trying to intercept and decrypt electronic communications.

There are also infiltration tactics, which can be quite useful.

The most high tech solution to a problem is NOT always the best.

Re:I don't think so.

[mpe]

But encrypted data can be hidden in non-encrypted data, in ways that make it virtually impossible to detect, using steganography. So the criminals could send photos to eachother, or even have a web-cam feed with data steganographically encoded into the frames.

You are assuming high tech, codes have been used for thousands of years. They can also be very low tech. Even if you intercept something like "red group to strike target beta" how much does that tell you?

Re:I don't think so.

[mpe]

At some point (say, now) encryption has such a lead that it isn't even possible to say what contains encrypted data and what doesn't. Even the fact of encryption becomes hidden. From that point on, the decryptor is left with social tools (infiltration, hoping the bad guy slips up, etc.). Technology (and legislation about technology) can't help.

Simple technology has never been sufficent anyway. Station X, which was the beginnings of mass interception of encrypted traffic, relied very much on luck and poor usage of cypher machines.
Not that a cell based terrorist paramilitary terrorist organisation has much need for encryption anyway. There simply isn't a huge hierarchy directing day to day operations. Most communications may well be face to face or through very low tech methods.

Re:I don't think so.

[mpe]

The history of cryptography has shown that the seemingly simple goal of transmitting hidden information is actually really, really hard. The suggestion that if the government outlaws the well known digital privacy schemes, people will come up with others just as good, is naive.

Assuming the bad guys are using contempoary computer based cypher machines in the first place. Other cypher mechanisms (assuming they are ever using cyphers) may be more secure, simply because they are not what is being looked for.

Re:I don't think so.

[mpe]

it'd fall prey to simple codes ("The dog quacks at midnight")

It's trivial to come up with a better code, which dosn't stand out by having questionable pragmatics. e.g. "Little boy to visit Washington" or even "send 3 more please".

Re:I don't think so.

[Prior+Restraint]

... O(log2(N)) ...

FYI:
O(log2(N)) == O(log(N)) == O(ln(N))

Identifying the base is unnecessary.

Re:I don't think so.

[mpe]

How do you coordinate those efforts without communication technology?

This could be very old communications technology. It dosn't need to be encrypted either. Unless you have intelligence or infiltration then "we start it today" dosn't tell you much. More to the point how do you distinguish such a communication between terrorists from the same communication between members of an advertising agency?

Re:I don't think so.

[mpe]

Think harder. If I send you a file called foo.mp3 that has the mp3 signature, how on earth do you know if it's music or an encrypted file?

Maybe they are spending ages examining the file when sending the file is a "go code"... But unless the evesdroppers already know what is being planned they still don't know much.

Re:I don't think so.

[quintessent]

More to the point how do you distinguish such a communication between terrorists from the same communication between members of an advertising agency?

How have they managed to thwart so many previous terrorism attempts? We forget the unsuccessful attacks because no lives are lost, no terrible pictures broadcast. Just one or a few people being arrested and a few comments in passing. Our anti-terrorism organisations are quite good at what they do. This time, unfortunately, the combination of encryption, steganography, and strictly minimal communication was enough to get past the usual interception methods.

Re:I don't think so.

[MarkusQ]

Got me, dead to rights. I was thinking of a particular example (to check my logic before posting) and wound up over specifying.

Thanks!

-- MarkusQ

Re:I don't think so.

[AndersonClass77]

What makes every one think that terrorists need off the shelf products? Here is a case of a terrorist group gathering information and training they needed to commit such horrendous acts. Could they not write ther own encryption programming? And how will we/technoguardians be able to handle all the messages in the ether anyway? Every one applauds the shrinking of the world, and enabling the individual to do so many things with his/her Dick Tracy Radio/TV/wristwatch due to technology. Such things as terror attacks orchestrated using this same technology are a certain and now proven biproduct. Kinda like atomic waste, ya know guys? I am neither in favor of becoming a troglodyte, nor sticking our collective heads in the sand, nor a "technology rules cheerleader." If this was a case of lax security (I assume that metal detectors were not used at the gates, else these knives, being metal would have shown up. If the knives were plastic, then a frisking would have been helpful, yes? If there were knives purloined from the kitchenettes aboard the planes... it goes on and on and on) then security must be tightened (well, duh!) in all phases of transportand become an obstacle course for those who desire the downfall of whichever servant of satan/communism/fascism/fur fashion industry/butterflycatchers is to be targetted. Some less thoughtful individuals elsewhere in the threads have suggested that every one must be armed in order for such things to be stopped. My question is: if some yahoo sees a jet overhead and one is armed to the teeth wherever one goes, what will keep said yahoo from shooting down the jet with a rocket launcher (witness: a couple years back when a motocycle group in Norway got a hold of one such device) in the off chance that there is a terrorist aboard and holding a butterknife to the captain's throat, just because the yahoo thinks it might be the case? And then of course we need to have each passenger seat equipped with a lever which will drop napalm on a suspected yahoo, if there is a suspicion of a ground-dwelling yahoo is under the plane. Don't you love the absurdity? What other answer might there be than to have an army state such as Sparta where every citizen is required to serve in the military and become accomplished in hand to hand combat in tight places, or...? What is a "Super Power" to do?

Re:I don't think so.

[Steeltoe]

The point is, the government can (by imposing on everyone's liberty) effectively stop criminals from communicating privately. Therefore, we need to come up with a better argument than "it won't work", in order to prevent it.

Not really. Ever heard of talking? How about talking in codes across the phone? Etc, etc. Are you going to invade other countries every time you suspect stenography?

Even if this stopped terrorists, which it won't. If I were to live in a police/military state like this, I would move out. Unless you start imposing restrictions on emigration too. Then people will shoot their way out.

Amazing how violence and force breeds more violence and force, isn't it?

- Steeltoe

Re:I don't think so.

[Troed]

US laws are valid in the US, and the US only. Terrorists (and normal citizens in other countries) can use backdoor-free crypto as much as they like - the FBI can't do nothing about it.

Do _all_ US citizens think your laws apply all over the world? ...

Re:I don't think so.

[pallex]

"it really possible to create a system that is undetectable even if the algorithm is public?"

What if you used a `rubberhose` type system, where there are (possibly) multiple encrypted streams within a single block of data? Yes, theres a message in there. But is there 2, or 3 or 20?

Re:I don't think so.

[Rogerborg]

• With carnivore, the government sees all traffic

Carnivore is a crock. Sure, it will pick up plaintext, but who's going to be idiotic enough to use plaintext (unless they're making a final point, like the murderers on the planes)?

But do you really think that it can scan all traffic? And that anything that isn't provably innocent will be handed on to a MiB for analysis?

So, my binary file, "abstract_art.jpg". Is that an image, or an encrypted text file wrapped in jpg headers? Do you really think that the FBI can vet every attachment and piece of data flying around the 'net?

Re:I don't think so.

[Rogerborg]

Sure. It's political grandstanding, but there is also the issue that it frees up resources to focus on decrypting the messages that you can now easily identify as being from dangerous criminals like terrorists, paedophiles, drug dealers, GNU/Linux/BSD users and/or 4th/10th Amendment crackpots.

Re:I don't think so.

[driftingwalrus]

If I where to send an e-mail that something like this:

Hi George, how's the family? We're doing great over here, Lisa just gave birth to a baby boy, 6 lbs. We're planning on visiting New York September 12th, and hope we can see before heading home. Will you be in the area? Maybe we can get together for lunch.

Would you know that the sender was REALLY telling the reader to set off a fire bomb(baby boy), approx. 6lbs in weight charge, September 12th at ? Or how about a numbers station?

They quote numbers indicating page and word number in a certain book. m Like fourth word on the third page. The receiver then looks it up and reconstructs the message. This, my friend, is steganography. I honestly don't see how a computer could pick this stuff out.

Re:I don't think so.

[mpe]

Sure, it will pick up plaintext, but who's going to be idiotic enough to use plaintext (unless they're making a final point, like the murderers on the planes)?

Or it is disinformation. Let alone that it's fairly trivial to come up with a code which involves plain text, but will not be spotted by any machine.

But do you really think that it can scan all traffic? And that anything that isn't provably innocent will be handed on to a MiB for analysis?

If anyone even thinks this is possible they need to take a visit to Berlin. Where there are people who can tell them first hand it simply won't work.

Re:I don't think so.

[Fred+Ferrigno]

But do you really think that it can scan all traffic? And that anything that isn't provably innocent will be handed on to a MiB for analysis?

I doubt this is how Carnivore works (or is planned to work). More likely, Carnivore logs all plaintext communication traffic (email, AIM, IRC), and logs that you sent a binary file "abstract_art.jpg".

Then, when the FBI raids your house and finds out "abstract_art.jpg" is really an encrypted message, they know who you sent it to. Or, if they suspect that you're sending messages, they'll just flip a switch and log everything coming from you and pick it apart later.

Re:I don't think so.

[The+Pim]

If I where to send an e-mail that something like this:

Hi George, how's the family? We're doing great over here, Lisa just gave birth to a baby boy, 6 lbs. We're planning on visiting New York September 12th, and hope we can see before heading home. Will you be in the area? Maybe we can get together for lunch.

Would you know that the sender was REALLY telling the reader to set off a fire bomb(baby boy), approx. 6lbs in weight charge, September 12th at?

You're right that you can get a few important messages on a pretedermined subject through undetected. But try expanding that scheme to wide-scale use. You get into all the problems of key exchange, but worse, since you're not using a key per se but a secret algorithm, which is much bigger to communicate. And, you start to become vulnerable to statistical attacks: the enemy notices that you use some works with unusual frequencies.

Re:I don't think so.

[ReelOddeeo]

Even if you intercept something like "red group to strike target beta" how much does that tell you?

What if you intercept something like...

Hi Aunt Ruth. Joey started 2nd grade today, and his worst subject is trigonometry.

Now what does this tell you? Its true meaning might be "red group to strike target beta", but this is less obvious.

Re:I don't think so.

[ReelOddeeo]

Except that an actual audio CD is a very poor choice. The pad _needs_ to be random

IANAC, but I'll put my <body part> in my mouth here...

I understand. But in practice, I'm not so sure that it needs to be truly random so much as it simply needs to be unpredictable with no repeating pattern. Audio might well have a reasonable approximation of this characteristic. Or the xor of several audio cd's, with some of them in reverse order.

The truly random one time pad is unbreakable for all time. But something that is simply unpredictable is still not easily breakable. There is no pattern to detect, as if from psuedo random generator. [Okay, well some modern RIAA fare might be nothing but a repititious droning pattern :-), but you get my point.]

Furthermore, it doesn't have to be breakable for all time. It only has to remain unbreakable until after the message no longer has any value. If terrorist A says to terrorist B, "We stroke tonight", it doesn't matter if the government is able to break the message after spending big $$ and several years.

But then, "we stroke tonight", might simply be two friendly guys arranging a meeting. Puzzles within puzzles.

Re:I don't think so.

[JanneM]

IANAC either (though I have a few years of university math):

The point is, the pad needs to be aptternless, or it becomes very easy to break (no years or even days to break it). What you would do is add two patterns over each other, while with a random pad you would add a pattern with a non-pattern that destroys the original pattern totally.

Take the (admittedly ridiculous) case of encrypting Beatles "Abbey Road". As it happens, the key is Beatles "Abbey Road". The result is a file of all zeroes. Now, if an opponent got to know that a part of the message was a few bars from one of those songs - and the encrypted file was all zero, it doesn't take a genius to guess what the pad key for the rest of it is.

In a similar (but more complicated) manner, if the opponent can guess a part of the message (for economic espionage, some of the words "Pricing", "offer" or "profit" can be assumed, for example). Try these words out on the encrypted text. If the key is non-random, you will find a part of the key that can be searched for to recover the rest of the key. As an aside, this can be done even when the random distribution isn't perfect; once you can guess that some random values are more likely than others, you can take a large step forward in breaking the crypto. This is BTW also why you shouldn't use the same random key more than once.

With a truly random key system, on the other hand, breaking a part of the message (or using hints) will not help you recover any other part.

Many of the methods you can use to do this kind of analysis can be automated, so for a weak pad, you might talk about a breking time of minutes or hours, rather than weeks.

/Janne

Re:I don't think so.

[Fesh]

What about using reverse steganography to generate the key? To wit, use the difference between successive bytes as the key instead of the actual CD values? You can even specify which bits to check... Compare each byte to the last, or every other byte, or every sixteenth byte... I think there's probably an endless amount of variations one can use to generate a key from a nonramdom dataset, as long as only the communicating parties know exactly how the data is used as the key. (Hmm. Getting flashbacks to SDMI and watermarking here...) I know it still wouldn't be strictly nonrandom. But if one makes it just hard enough to break that the authorities can't read the message until it's too late to act on its contents, then the (theoretical) communication has had its intended result.

One final thing (and I know this could be considered offtopic, but it really needs to be said)... Things like this proposal to mandate backdoors is tantamount to a presumption of guilt, and should not be tolerated in a free society. It may seem heartless and cruel for me to say it, but as deplorable and sickening Tuesday's event was, it's the price we all have to pay for Freedom, and each one of the victims is a martyr to the cause. I personally am not going to let this change the way I live my life. If I am to be wounded or killed in such a determined, vicious, and deadly attack in the future, there is virtually nothing I can do to prevent it, even after submitting to draconian limits on my personal liberty. One of the tautologies of life is "Shit happens."

With that in mind, who has lived a fuller life in the end? One who goes on with life recognizing the risk that this can always happen again, or one who huddles cravenly behind illusory protections and refuses to take the risks that make life worth living? If you want to reduce your quality of life in order to gain some sort of ephemeral sense of security and safety, be my guest. But don't you dare force me to do the same. (And I know somebody's going to come back with a flame to the tune of, "Don't you dare risk my safety by demanding your liberty!" To you I say, "Stuff it." )

I'm not saying we should do nothing. Far from it. But demonstrating that we are not the weak and stupid people that some believe us to be would be far preferable to proving them right.

Re:I don't think so.

[iabervon]

You could initially set this all up in person, using published airline schedules. There's no evidence that they altered their plans due to circumstances: the president wasn't in washington but rather was at a public appearence in Florida; the pentagon and the WTC don't move around much. The extent of coordination needed at the time would probably be determining if the flights were going to be sufficiently on time. But that's not hard to determine without any direct communication, and even if you communicated directly, you don't have to say anything particularly suspicious; people in airports probably call each other to ask if planes are on time pretty frequently.

All of the planning involved would be about the same as planning a family reunion or a business meeting on the west coast: you have to get a bunch of people from different locations on planes at the same time.

The encouragement would come from within each group; this is what has to be well coordinated. But these people will be in the same place, and can talk to each other in person. We don't, at this point, know if there were groups that chickened out and didn't try to hijack the planes they were on. Additionally, each group probably wouldn't care too much whether the other attacks worked. It could easily have been that they wanted 4 chances to succeed, and planned for different targets so that they wouldn't get in each other's way.

Re:I don't think so.

[hearingaid]

With carnivore, the government sees all traffic. They see crypto they can't break

The crucial part of this phrase is "they see."

It's that part which stego is designed to break down.

Organized crime has been using stegonography for centuries: the famous writing commands on a paper napkin technique (to prevent audio bugs from picking them up) is just the latest example.

What's more, since it's used by the copyright folks so heavily in watermarking, stego research is unlikely to be strongly attacked.

Also, there's the time-tested technique of cracking people's PPP accounts, and not using your own dialup. God knows, there are enough stolen cellphones out there; I can't imagine how many unlimited-access PPP accounts are getting "borrowed."

Re:I don't think so.

[Puk]

Oops. You just made the exact same argument they will use in favor of said law.

Make it illegal to have crypto with no back doors and all law abiding crypto users will use back-door laden crypto and their law abiding messages will be an open book to law enforcement agencies.

Criminals, on the other hand, will continue to use widely available crypto packages with no back door and will still be able to transmit messages without threat of law enforcement decrypting them.

If only criminals use the illegal encryption, then we can arrest said criminals on "no-back-door-encryption-use" charges even if we can't prove they've done anything else wrong (since they've been using this tough encryption stuff). Of course, people with no crimes to hide will use "big brother" encryption, and so are in no danger of being oppressed. *cough*. It's kind of like getting mob bosses on income tax fraud. You do want us to arrest mob bosses, don't you?

The problem is, I don't want big brother reading my emails, even if I'm not doing anything illegal. Do you?

-Puk

p.s. If all of this was the actual intent of your post, please excuse me. :)

Re:I don't think so.

[Dwonis]

Even if this stopped terrorists, which it won't. If I were to live in a police/military state like this, I would move out.

I'm sort of on the other side of the fence with this. I'm a Canadian, and I've refused job offers from the U.S., saying basically to "fix your copyright and cryptography laws, then I'll consider it."

I encourage other non-US techies to do the same.

Re:I don't think so.

[Dwonis]

What about using reverse steganography to generate the key? To wit, use the difference between successive bytes as the key instead of the actual CD values? You can even specify which bits to check... Compare each byte to the last, or every other byte, or every sixteenth byte...

This is known as a restricted algorithm, a.k.a. security through obscurity. It would work for small groups, but widespread use would make this useless.

Re:I don't think so.

[Dwonis]

A small band of essentially unarmed men

WTF do you call knives and box-cutters? People die quite easily from single stab wounds, you know.

Re:I don't think so.

[Datafage]

What proof do you have they used encryption and steganography?

Re:I don't think so.

[denshi]

Judging from your stance on this, I can confidently say that if you attacked me with a knife, I could kill you with my bare hands. If you have any training, or if you just outnumber the guy with the knife, you should consider it essentially equivalent to skilled hand-to-hand technique. A knife has similar range; within this range he can be disarmed; a crushing bare-hands blow to the throat or base of the sternum can kill as easily as a stab wound.

Fighting someone with a gun is totally different. The gunwielder has enormous range, each bullet is crippling, and he requires almost no training to wield it effectively in close combat. That would be a good time to run away.

When you realize that a knife and skilled empty hands are essentially equivalent, you grasp the audacity here -- that essentially unarmed men captured 4 planes and killed thousands of people. And that no amount of scanners and x-rays can stop that.

As an aside, a japanese translation: empty -> kara; hand -> te; empty hand -> karate.

Re:I don't think so.

[Dwonis]

You are being overly optimistic about the capabilities of a human being. Let's consider your scenario. First of all, you would be reacting to me; I wouldn't have to do near as much reacting. Reaction time alone will put you at a disadvantage. Second, especially on a plane, you are as good as dead if I stab or even slash you in one of the MANY vulnerable places on the human body. Even with pure luck, I'm likely to kill you.

This is why policemen will draw their guns (as opposed to their pepper-spray or knightsticks) against guys with knives. Do you have any idea how many people die from single stab wounds? Ask your doctor how fragile the human body is. You'll be quite surprised, since movies don't come close to being realistic in this respect.

Also, weapons are better than hands in compelling someone to do something, just because of fear.

But anyway, though I agree that sufficiently skilled, unarmed people could probably have done the same thing, I still say that the hijackers were armed.

Re:I don't think so.

[denshi]

The reason policemen draw their guns when someone draws a knife is because that is the protocol of a fight: when you draw a weapon, you announce intention of lethality, which gives everyone else right to draw their weapons, which may be far more powerful than your own. Thus the phrase 'never bring a knife to a gun fight'.

I am not being optimistic about the capabilites of a human being. Take some serious martial arts classes. Secondly, such training will give you reaction time far superior to an untrained person, allowing you to easily disarm him/her of the knife. And even if you suck, the hijackers were vastly outnumbered, and only a few people with some training could have defeated them.

Oh gee, as if I didn't study medicine long enough. I am quite aware of how a stab wound can kill. I didn't need a movie to disavow me of that notion. Now you go look into deaths via beatings. And then remember that skilled martial artists tend to have discipline enough not to enter most fights. This is all besides the point anyway; I don't think we were trying to prove that hands or knives are harmless.

Your only correct point; yes, weapons in hand are scary. Primarily because of the above, the protocol.

I still say the hijackers were unarmed -- particularly in comparison to our expectations of weaponry. Their tools were equivalent to a shiv or a pointy stick. Once again, they conquered those planes solely by fear, and no amount of technology can change that.

Re:I don't think so.

[quintessent]

No proof. Just pretty good evidence. Go read the news.

It's too late

[KilljoyAZ]

Whatever djinni that was in the bottle is out now. Restricting cryptography and crypto research in the US will do nothing to prevent its further development abroad. The Congress' energies would best be spent elsewhere, I think.

This will do little good.

[ThePurpleBuffalo]

Realistically, since the threat originates abroad, you would need to make all countries of the world follow this law. Also keep in mind that terrorists don't usually follow laws. Thirdly, home grown crypto is easy because Applied Cryptography (great book) costs $40.

The cat is already out of the bag

[Waffle+Iron]

The cat is already out of the bag
The genie is out of the bottle
Humpty Dumpty is already broken
Etc.

What would this accomplish?

Clock It! 2001-1984=17 Years Late

[Col.+Panic]

The price of safety is too high if we are to reveal all communications to a government body. I am reminded of the arguments to register all firearms and the corresponding cry, "You can have my gun when you pry it from my cold, dead fingers!"

Carnivore is one thing, but a backdoor to all crypto is yet another. Financial transactions from private organizations are routinely encrypted for obvious reasons. Are we to trust government employees with all financial transactions merely because we elect them? I think not.

We cannot allow the government a "skeleton key" to all crypto if only for the reason that it can then be compromised by others for whom access was not intended. Urge your congresscritter just to say "no".

Re:Clock It! 2001-1984=17 Years Late

[1010011010]

They couldn't figure out a complicated plot to blow up three or four buildings involving 50 or so people. I'm sure they won't let the backdoor slip out into the open...

Re:Clock It! 2001-1984=17 Years Late

[Katravax]

I don't think so, because other munitions are restricted. You can't have an automatic, for example.

I'm agreeing we should hope the gov't does not require back doors, but I don't think classifying it a munition earns it a get out of jail free card.

backdoor v2.0

[Anonymous+Admin]

We can rest assured that all terrorists will promptly upgrade their crypto systems to use the backdoored versions. They are a patriotic and considerate bunch after all.

sheesh.

legislators.

Re:backdoor v2.0

[zhensel]

Well, if the government can make most encrypted traffic suceptible to the backdoor, it can filter it out and find suspicious activity, which can be traced and or given a greater share of decryption computing power (though I doubt even the NSA could do this - the tracking and manual check method would be better). Not that I'm for this. Quite the opposite actually, just clearing up the other side of the issue.

Huh

Like the concept could possibly work. Why dont you just forbid terrorists from using oxygen? About as practical, and 100% effective.

Heavy crypto user?

[Glytch]

Are they nuts? This guy lives isolated in mountain camps. I doubt he's even a heavy electicity user.

His sympathizers, on the other hand...

Re:Heavy crypto user?

[gad_zuki!]

He's a millionare that runs a sophisticated terrorist network consisting of cells all over the world.

Yes, Dorothy, there are computers in the third world.

Re:Heavy crypto user?

[Glytch]

I wasn't saying anything about computers in the third world. I was referring (which I should have pointed out, now that I think about it) to an interview on CBC today of a journalist who is one of the few westerners to ever personally interview bin Laden. This man (forgot the name) recounted the three times he had seen bin Laden. When he described their last meeting in Afganistan, he was carrying a several newspapers. Bin Laden saw them, grabbed them, and sat in a corner to read through them all because he was so out of contact with the rest of the world.

BTW, did anyone else see the interview? I'd like to get this guy's name. It was on Newsworld about 3pm AST, I think.

Re:Heavy crypto user?

[Malcontent]

"Yes, Dorothy, there are computers in the third world"

Not in afghanistan and certainly not in areas controlled by the taliban and most certainly not wherever bin laden is hiding out. I heard he moves three times a week. I doubt he is dropping in on the nearest coffee shop to send his messages.

Re:Heavy crypto user?

[mpe]

I can't think of how you could encrypt a message without using technology, that if found, can't be decrypted by a computer in less than a minute.

IIRC Enigma is actually rather difficult to attack with digital computers, because it isn't binary based. Also the version used by the German navy used a book of tables too.

Re:Heavy crypto user?

[Rogerborg]

• He's a millionare that runs a sophisticated terrorist network consisting of cells all over the world

Addenda: Bin Laden was CIA trained and funded during the Russian (nee Soviet) occupation of Afganistan. Dear god.

Re:Heavy crypto user?

[Tim+C]

That's exactly what I'd have done in his position - made the world think that I was out of touch, with a primitive communications infrastructure at best.

Appear to be less of a threat than you are, and you get left alone, and can choose your battles. Appear to be gaining in power, knowledge and skill, and someone will have a go at taking you out for their own good.

I'm not saying that that's the case here; just that that's what I'd do (and I'm no crimincal mastermind :) )

Cheers,

Tim

Re:Heavy crypto user?

[GC]

To be honest if the "secret messages" were to be simply embedded in GIFs of bitmaps without heavy encryption algorithms then I doubt that US intelligence would have caught on at all, especially if those pictures were not "sent" via email, but just posted on a some porn website somewhere pre-arranged by terrorists.

There are simply far too many ways for clandestine communication (It's like trying to find a microdot in a haystack).

If the US authorities try to impose laws on encryption then some company in a more liberal, non-US affiliated state is going to make billions of dollars selling hard encryption devices.

The blueprint for these devices is quite easy. Take an OSOS such as BSD or Linux, stick on FreeSWAN, develop it into an embedded device and sell it.

Re:Heavy crypto user?

[cybrthng]

He lives in the mountains but he obviously has high tech survalence equipemnt, ENCRYTPED satelite phones and internet access in countries that strictly forbade such access.

Governments are side tracking there own laws to provide for these terrorists. It is sickening. Bin laden can just be the icon for everyone else fighting the war, but that doesn't mean we shouldn't go after him.

Just like when you poison the anthill in your backyard, you feed the worker ants to bring the poison to the queen ant from which the whole hill will die. That is what we have to do to terrorism since that is what terrorists are trying to do with us.

Re:Heavy crypto user?

[mpe]

There are simply far too many ways for clandestine communication (It's like trying to find a microdot in a haystack).

There is also the problem that mass interception can turn into a matter of being unable to see the wood for the trees. Certainly this was the case in the GDR...

Re:Heavy crypto user?

[hearingaid]

I heard the same interview; can't remember the guy's name, but he was with the Independent (U.K.)...

There seem to be two images emerging of bin Laden. One is of a technologically obsessed mastermind, sitting on his mountaintop surrounded by computers, controlling an international network of terrorists via email. The other is this deranged multimillionaire, issuing occasional pronoucements from his mountaintop, and perhaps giving random terrorists money. The second one makes more sense, given that he's cooperating with the Taliban, who ban all Internet access from Afghanistan. Also, the second one seems less like someone in a James Bond movie, and therefore is probably more realistic. ;)

Re:Heavy crypto user?

[Cato]

The interview was by Robert Fisk, who has written many extremely thoughtful pieces on the Middle East, including one recently on how the suicide bomber is a weapon against which the West has essentially no defence and no equivalent. That article is online at www.zmag.org - most of his articles should be online at www.independent.co.uk.

I suspect that a low-tech approach is more than enough for organising the attacks on Tuesday - it seems that bin Laden acts almost as a venture capitalist, funding and putting groups together, then lets them get on with it. I don't see why such groups would have needed encryption to communicate.

How far down the slippery slope will we go?

[Ghoser777]

Sure, they want backdoors into email encryption now, and it seems harmless, but what will they want next? Why not have every home in America bugged; that way we can know when a burgaler is going to commit a crime. Cameras everywhere, low crime. Of course, the price will be the right of privacy.

And when your behaviors are available freely for government inspection, it's much easier for them to supress behaviors they do not approve of (cause they know when it happens, unlike now when it can be hidden behind closed doors). You know, meetings about how to reform government.

Of course the government will tell you that they'll use these backdoors only when they need to, national security type things. That's what the Dean at my old high school said, and then we caught him watching the monitors repeatedly for the fun of it.

Oh yeah, not that the government has to actually be watching for you to be good now. Think how different your ations would be if you thought that the government might be watching at all times. This is pure, hardcore social control. It's like a gaurd tower in a jail. If there are clear windows, you can always tell when you are watched and when you are not. If the windows are dark, then you never know if you are being watched, so you act as if you are always being watched.

They might as well run a wire into our head.

F-bacher

Re:How far down the slippery slope will we go?

[kin_korn_karn]

that's right. here's what you do to keep it from happening:

Go to wal-mart. go to that counter in the back with all the funny-looking thin things sticking up. there's a cash register back there and a cabinet, against a wall, that has these wood and metal things in it that you've probably seen. They're guns. Now that you're back at this weird counter in wal-mart, buy a gun (if you're 21 and otherwise legal to buy one). You'll want a 12 gauge shotgun, and a box or two of #4 rounds, 2 3/4 inch (standard) size.

Now, take it out to the country. Load it. fire it. nobody will notice right now. get used to firing it. shotguns kick hard, but they kill fast and you don't have to aim very well with them.

Why did you do this?

See, when you can own guns, you have power over the government. They even wrote it into the law of the land, the Constitution, to ensure that the american people could have guns for cases just like this one that this thread describes. And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights, like James Madison and Thomas Jefferson knew we would have to.

You're probably sitting there thinking, "what a crackpot." Hey, it's your freedom, I plan to keep mine.

Re:How far down the slippery slope will we go?

[iamblades]

I thought you only had to be 21 to buy handguns, but rifles and shotguns are legal for 18+ year olds to own...

Either way, I agree completely. If this law, or anything remotely similar to it are passed, then the terrorists will truly have won.

Aside from that, has anyone seen the changes to security the FAA is making. Incredibly stupid if you ask me. What is so difficult about putting a reinforced steel bulkhead in between passengers and the cockpit. Or put a small room in between passenger compartments and the cockpit with a couple armed air marshalls in it. It really doesn't seem like the government thinks very much any more, does it?

Re:How far down the slippery slope will we go?

[skater_stu]

I think it's interesting to note how our government (the CIA no less!) through voice of america is promoting encryption and anonymous web browsing in china. It's quite a contradiction. Would we want to share our backdoors with china so they could monitor terrorist activitys within the PRC? http://dailynews.yahoo.com/h/ap/20010830/tc/voa_ch ina_1.html

Re:How far down the slippery slope will we go?

[JoeShmoe]

Blocking off the cabin is not an good option. What if the pilot kills the co-pilot and wants to go sucicidal? Apparently today someone tried to get onto a plane with fake pilot identification so this might be a real threat. What if there is a fire, toxic gas or similar? Heck, what if they have to use the bathroom or need to eat or stretch their legs? I really don't think this will ever happen.

Now regarding the other idea...so you put this jail cell in with a couple marshalls. What do you do when terrorists in the back of the plane start slitting the throats of women, children, or babies? You have to leave your cushy little cage to get to them, whoops sorry that's what they wanted. Do you really think the marshalls would be able to resist the temptation to leave the cage as one-by-one the passangers are all slaughtered? Do you think any of them would still have a job after the public got wind of it? It doesn't matter if they were preventing a crash, the public will still say they should have done something. It's a lose-lose situtation.

No, marshalls should be unfettered and undercover. That way, the terrorists need to have a lot more people on the plane to take it over. A trained gunner can easily take out two or three individuals before they have an opportunity to react.

I think personally what we need to develop is an emergency lockout. A panic button that when pressed will lock the plane on autopilot programmed to land at the nearest airport. If that's not technically possible, it should circle the nearest body of water or uninhabited area (using GPS). The only way to override this lockout would be with a code from ground control. This system would be that difficult to implement. It wouldn't be foolproof, but it wouldn't be something two or three men armed with forks would be able to disarm. Worst case scenario is that the plane runs out of fuel and makes a crash landing in the middle of a field. Hopefully with no fuel, people would survive that. As tech improves, it should be possible to land flawlessly.

But anyway, regardless of what changes are made...I don't think they will be necessary. The reason this happened is because no one conceived of the possibility. Everyone did what the law enforcement agencies have always said: be cooperative and don't fight back. But look what happened in PA. People will fight back now. No one is going to let themselves become a flying bomb.

God help any Arabic person who forgets to put down his pencil/fork/toothbrush before standing up in the aisle. He's likely to be tackled and beaten by a panicing mob of passengers.

- JoeShmoe

Re:How far down the slippery slope will we go?

[scrytch]

The only way to override this lockout would be with a code from ground control. This system would be that difficult to implement

Was a good plan until then. The very last thing you want to design into an airplane is an automatic control system that cannot be manually overridden.

Re:How far down the slippery slope will we go?

[Jeremi]

And once it gets to Orwellian levels, where the government is truly oppressing you and denying you your rights as an American citizen, you can pick up your gun and fight for your rights

I never quite understood this argument. Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?

Re:How far down the slippery slope will we go?

[jacobito]

There were a number of farmers' revolts following the American Revolutionary War. They were put down. There were isolated labor uprisings in West Virginia and Colorado during the late 1920s, I believe. They were put down.

There's a big difference between a professional army and a mob with rifles and shotguns. I'm not a big fan of guns, but, hey, if anyone wants to exercise his/her right to bear arms, be my guest -- fat lot of good it will do you.

Just my $0.02...

Re:How far down the slippery slope will we go?

[JoeShmoe]

Absolutely not. Because then people will get killed until it is manually overridden!

It is no different than timed safes or safes you see at convenience stores that say in big bold letters "Cannot Be Opened By Employee". If you have a local override, then you risk having someone coerced into using it.

If you put it in the hands of the ground controller or some outside authority, they can't be threatened in the same way. Ground controllers would hate to lose a plane but they would be able to make the tough call perhaps more easily than the pilot thinking about his wife and kids at home.

- JoeShmoe

Re:How far down the slippery slope will we go?

[IronChef]

Sure, in the 1700's, people with shotguns might have been a credible threat to the government. But have you noticed that the US government today enjoys the use of such toys as F-16s and nuclear weapons? How will owning a shotgun help defend you against that?

The F16 and the nuke are weapons of mass destruction. For the government to PACIFY the people, they will have to OCCUPY our cities -- not destroy them. And an occupying force is terribly vulnerable to resistance.

In the worst case scenario of a US revolution, the army will be rolling in with tanks and ranks of guys with rifles... and that's the kind of enemy that Joe Average with a Gun can in fact take on.

Look at Chechnya. The Russians had to shell Grozny into a smoking pile of rubble because the Red Army could not deal with rebels with rifles. If it was Moscow that was to be pacified, they probably wouldn't have gone to such extreme measures; the Russians HATE the Chechens.

I do not believe the American armed forces would pull a Grozny on an American city. Remember, the soldiers are our countrymen, and if average people were pissed off enough to take part in a revolution, that's going to include military folks too. They aren't the enemy... they are US.

If some faction within the gov't started NUKING our own cities, I believe that the vast majority of our people, military and civilian, would unite to take the bastards out. And we'd do it too, with our Glocks and hunting rifles and fighting spirit.

Anyway, it comes down to this: if the military tries to suppress or pacify an American revolution, they are vulnerable and I believe ultimately they will lose. If they try to utterly destroy us with nukes... well, ok, my shotgun won't help. But that isn't a revolution we're talking about there... it's genocide. I doubt things would ever come to that. We probably won't be nuking anybody as a result of the WTC attack, and that was a provocation worse than Pearl Harbor... so talk of nuking ourselves is pretty far out there.

Re:How far down the slippery slope will we go?

[Danse]

When things get bad enough, the military may not side with the government. Remember, they're people too. They have families just like us. Some may side with the government. Others may side with the populace. It's called a civil war. Happens quite often around the world. It could happen again here too. You generally don't nuke your own country. You're trying to get control of the country, not a radioactive wasteland. F-16s are only good if you have people willing and able to fly them and kill their countrymen. The idea of a civil war is not so far-fetched.

Re:How far down the slippery slope will we go?

[mpe]

Now regarding the other idea...so you put this jail cell in with a couple marshalls. What do you do when terrorists in the back of the plane start slitting the throats of women, children, or babies?

They don't need to kill anyone to threaten the marshalls (and pilots). All they need to do is pull the cabin ceiling down and go under the cabin floor. It's hardly a secret where the flight control systems run in commercial aircraft.

Re:How far down the slippery slope will we go?

[Rogerborg]

• See, when you can own guns, you have power over the government. They even wrote it into the law of the land, the Constitution, to ensure that the american people could have guns for cases just like this one

Bollocks. Read your own Constitution. US citizens have a right to have and bear arms for the formation of militias, the clear intention being to create an armed populace to fight foreign powers, not the American government.

I actually agree with you, but don't kid yourself that the Consitution is on your side.

Re:How far down the slippery slope will we go?

[Rogerborg]

• The very last thing you want to design into an airplane is an automatic control system that cannot be manually overridden.

Been on an Airbus recently? Pilots hate them, because the safety autopilot overrides the pilot, not the other way around.

Re:How far down the slippery slope will we go?

[Rogerborg]

• if you read the writings of those who framed the constitution you'll see time and again they included taking up arms against your own govt

Sure, if you accept that at the time of writing, "government" meant "the other guy".

Re:How far down the slippery slope will we go?

[JoeShmoe]

First: Timed safes are used in nearly every major banking institution around the world, guarding billions. They cannot be opened outside business hours. There is no override for this. On occasion people have accidentally been locked inside timed vaults and thankfully they had enough air inside to last until morning.

Second: Systems fail. Life sucks. Grow up and deal with it. Engines fail, landing gears fail, wings fail...things fail. Pilots make mistakes. Which is better? Losing one plane in a million due to system failure or losing the plane AND thousands of people on the ground because terrorists can use it as a flying bomb?

- JoeShmoe

Re:How far down the slippery slope will we go?

[JoeShmoe]

Fine, but terrorist incidents can't compared to normal in-flight situations. You are assuming that in the case of an in-flight emergency, you'd rather have a human at the controls than a computer. Maybe for some situations, that is a true statement. Sometimes the sensors are malfunctioning and the pilot has a better picture of the real situtation than the autopilot.

But in a terrorist situation, the opposite is true. You don't want the plane to be in control of a human because if the wrong human is at the controls, the plane becomes a flying weapon. Any "pilot" override can be used by a trained terrorist and not just the guy we hired to get the passengers to their destination safely.

Pilots may hate autopilots because in most situations, they want to keep control. But ask those same pilots if they'd like to keep control when there's a terrorist is in the cockpit. Or would they rather be able to say "there is nothing that can be done, the plane is automatically going to land now, kiling me or anyone else can't change that now."

- JoeShmoe

Re:How far down the slippery slope will we go?

[JoeShmoe]

Uh, what would be the point of that? There's a big difference between knowing where the flight control systems are and having the technical knowledge to patch into them to take control of an airplane away from the cockpit.

If their intent is to crash the plane and kill everyone, they can already kill everyone except the caged marshalls and pilots. They could also open up the emergency exits or start a fire in the cabin if they wanted to take out the plane.

Losing the plane and its passengers is always a possibility. The goal is to keep the destruction and loss of life capped to the plane itself, and not any other highly-populated target on the ground.

- JoeShmoe

Re:How far down the slippery slope will we go?

[JoeShmoe]

If there's no ground control in range

My understanding is that there is no spot in North America that isn't covered by ground control. The whole continent is divided up into regions and each region has to hand control of a plane over to a neighboring region when it crosses a border.

you'd need some kind of algorithm to scan for an open area

Not really, you'd just have to make a GPS priority list. Put the coordinates for major urban areas (cities and capitals) on the "DO NOT LAND" side of the list, and coordinates for major lakes and plains on the "SAFE TO LAND" side of the list. Perhaps every county could set aside a specific area full of sand and water pits within easy access to medical resources, kind of like how some mountain freeways have great big gravel ditches to catch runaway trucks.

Or, if GPS is too difficult to implement, planes already know how to use approach radar to guide pilots during foggy weather, so all they would need is a big approach radar near a safe landing zone that the plane could home in on and then follow to safety.

Video cameras in the cockpit would also be a good idea

Not really too useful. There are already panic buttons that pilots can press to alert ground control there is a situtation. Having a video camera doesn't really provide much more information than the existing voice recorder. It might help with identification later, but then they should probably just film everyone as they go down the walkway to the plane. Plus, if they are suicidal like these terrorists, having pictures of them after they have killed themselves really doesn't do much.

- JoeShmoe

Re:How far down the slippery slope will we go?

[Rogerborg]

• Fine, but terrorist incidents can't compared to normal in-flight situations

What the fuck is wrong with this site? I am so sick and tired of everything that I post having imaginary context added to it, and attacked on a point of principle.

All I was saying is that planes already have autopilots that override the pilot. That's it. That's all I fucking well said . You want to pick a fight, go ahead, punch your monitor out. Go on, take a good hard swing.

Re:How far down the slippery slope will we go?

[JoeShmoe]

Jesus, dude, take a valium.

You didn't just say "planes already have autopilots that override the pilot". You also added the comment "pilots hate them" which I took as a counterpoint to my original argument.

And imaginary? WTF? Since Tuesday an in-flight terrorist incident can hardly be called an "imaginary" context. It's a very real possibility that needs to be considered and accounted for in the design of a plane.

I stand by the site and my ability to refute an argument I see presented there.

- JoeShmoe

They can't

[Nicodemus]

Most crypto is made outside of the US, and as such they would have no control for adding back doors to it. They would have to create an import restriction so that US citizen's can only use US written crypto. And that wouldn't hurt Bin Laden at all. So don't worry...

Re:frp

[dcviper]

Yeah, your right, This country was founded with the principles of freedom. To take away our Civil Liberties simply to hunt down a terrorist demeans us down to his level. And who's to say that, once lost our civil liberties will be regained? AOL has already sold out it's myriad of moron customers by handing over e-mail records, and i doubt there was a subpoena issuesd for those records.
-dcviper


ACLU

How would that help?

[cperciva]

From what I've heard, Osama Bin Laden doesn't use cryptography so much as he avoids using electronic communications at all. He has even (gasp) been reported to meet with his underlings *physically*, as in "lets all go into the same room and talk face-to-face".

Cryptography wouldn't really help terrorists much anyway, because electronic surveillance can still pick up who is talking to whom; the real problem is when people avoid electronic communications, because then you can't do anything without spies on the ground.

Baron Harkonen and the Heart-plugs

[aminorex]

Illustrious Baron Harkonen today decreed that
all citizens will be equiped with remote-controlled
heart-plugs. This will make us all safe, because
only the loving Baron will have the transmitter,
and he will only use it to protect us.

Forget Crypto, how about KNIVES?

[Dr.+Awktagon]

Did you know, you can walk into almost any store and buy a knife WITHOUT ANY BACKGROUND CHECK? They should at least check the buyer for dark hair and skin, the signs of a terrorist.
And I understand that plans to make knives are available on the internet? It used to be, only a skilled craftsman could make one, now any punk in his mom's basement can craft a steel blade capable of hijacking an airplane and crashing it into a building!

Re:Forget Crypto, how about KNIVES?

[1010011010]

Well, and this is obvious, so please forgive me, it's because the hijackers strapped deadly crypto to themselves and threatened use it. *Of course* the Feds want to ban Crypto, and other sharp and/or explosive devices. They love us and want to protect us. This time.

They had better legislate tender steak too, because we'll all be eating with plastic spoons next.

Re:Forget Crypto, how about KNIVES?

[pete-classic]

Finally, someone understands.

I am trying to gain support to put together an organization I plan to call "Boxcutter Control, INC."

The role of the unregulated boxcutter supply has been downplayed for far to long. Perhaps the one good thing to come out of this tragedy will be that we will reach the long over due conclusion that there just isn't a place for private boxcutter ownership in our society.

I am also concerned about the baseball bat situation. Are you aware that in many areas a CHILD can purchase a THREE POUND baseball bat? There is NO purpose for such a heavy bat except for hitting things VERY hard. Now, I wouldn't interfere with people using a bat for sporting purposes, but they should be carefully regulated as well.

Sure, this might be inconvenient, but if just ONE CHILD is saved, won't it be worth it?

-Peter

Re:Forget Crypto, how about KNIVES?

[IronChef]

I would like to talk more with you about my plans to implement airline ticket waiting periods. It's a sensible measure, wouldn't you say?

Ultimately we may be able to move to some kind of national "instant check" system, where air travel plans could be delayed as little as 3 days.

THINK OF THE CHILDREN!

Re:Forget Crypto, how about KNIVES?

[zenyu]

Have you ever tried to buy a box cutter in New York?
I had to show 3 forms of i.d. to buy one a couple months ago.

I'm packing for a hoped for flight back home, I decided to put my fountain pen in the checked baggage. I'm keeping my housekeys unless they complain. Terrorists always win :/

Best reply

[Todd+Knarr]

I think the best reply one can give to the politicians who want to impose this is:
"And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?"

Re:Best reply

[lie+as+cliche]

`I think the best reply one can give to the politicians who want to impose this is: "And Osama Bin Laden is going to throw away his foreign-developed, non-backdoored encryption software and buy US-made backdoored encryption software exactly why?'"

I don't.

The objective here isn't to stop the guy. They could've if they'd wanted to. About a week before the attack the U.S. Postal Service stopped delivering air mail to the region. They knew something we didn't, and opted not to stop it. And I think I know why.

We hear a lot about terrorism against the U.S.. We don't usually hear the other side's complaints. Obviously they don't think of it as terrorism, they think of it as some sort of a protest. I wonder what they're protesting, and why. If our government did something unjust to them, I wouldn't trust our media to tell us about it. But as a tiny little group of malcontents going up against the U.S., about their only recourse is an attack like this. Given that the U.S. government knew about it beforehand, they didn't bargain to prevent it for one of two reasons. Either the price was considered too high, or the U.S. government thought that an attack like this would end up working in their favor. They've been looking for an excuse to nullify cryptography for years now. Anybody remember the Clipper chip? The legislation keeps being defeated, because people are siding with the need for privacy. Now they've been able to demonstrate a supposed need for the U.S. government to know everything that's being said anywhere in the country. Perhaps they think it will sway the common consensus in favor of their legislation.

Galling, isn't it. More impressive (from a logistical standpoint) than crippling a nation with a store-bought knife and their own planes, is the prospect of prying your way into a nation's cryptography with someone else's store-bought knife, someone else's plane, and a bunch of lives you don't care about because you think of them as "your citizens", in the same usage as "your house" and "your car". Oh, and a temporary economic setback which you mitigate by printing more baseless currency. Clever.

Re:Best reply

[Katravax]

Do you have links to some documentation for the USPS bit? I'd like to read more about that.

Re:Best reply

[IronChef]

I am quite a conspiracy buff, and the world's hugest cynic, but I do not believe that our government would sit back and allow an attack like this would happen. So you do; that's fine. I don't want to argue that point. Difference of opinion... still legal is 43 states.

But I want to ask you this: if you believe that the government allowed the WTC attack to happen, do you not consider that an act of war against the populace? Is that not sufficient reason to depose the government by any means necessary?

Wouldn't that be enough to start another civil war, if everyone knew and believed?

If you really believe this, what do you propose doing next? Are you just going to sit back and take it?

Re:Best reply

[Danse]

Ok, you got my attention. Can you explain a bit further about the USPS. How do you know? Why doesn't anyone else seem to know, or if they do, why haven't they made the connection? Is there really a connection, or is it some kind of coincidence? Any info or links would be appreciated.

Re:Best reply

[hearingaid]

This sounds like something you should send to the FBI... ideally with the name of the coworker included.

don't forget Rivest's "Winnowing and Chaffing"

[siraustin]

Back in 1998 Rivest wrote Chaffing and Winnowing: Confidentiality without Encryption.

Re:don't forget Rivest's "Winnowing and Chaffing"

[scrytch]

> Back in 1998 Rivest wrote Chaffing and Winnowing: Confidentiality without Encryption [mit.edu].

Massively informative. But the intent to maintain privacy is still there, and let's not kid ourselves, that's what they really want to eliminate. It'll be just as illegal as any crypto to use this. They may as well just make it mandatory to put the NSA on the cc: line.

Re:don't forget Rivest's "Winnowing and Chaffing"

[eldurbarn]

There's a problem with the concept of using an innocent message as the chaff... releasing the authentication key for the innocent message (to cooperate with law enforcement) tags the chaff of the "real" message. The remaining packets would contain the "real" message.

You'd still need random chaff to keep it secure.

Re:I think I speak for slashdot when I say...

[Ghoser777]

The real question: is privacy a fundamental liberty? It's never touched on in the constitution. The right to be left alone is flat out left out.

The reason? Our founding fathers had no idea how large cities and communities and government would get. How oculd they forsee the future conflicts of privacy vs safety?

I generally lean toward protected privacy, but it almost seems like it has to be dealt with on a case-by-case basis.

Of course, who's the one who's doing the deciding?

F-bacher

They can, rather easily- make crypto criminal.

[Nonesuch]

The concept is that if you are caught using non-backdoor-enabled crypto software, then they don't need to prove that you are a terrorist, they can just throw you in jail for a few dozen years based solely on the easily proven charge of 'possession of illegal munitions (crypto)".

IMHO, this is just one more step towards a police state.

Re:They can, rather easily- make crypto criminal.

[spitzak]

Nonsense. You encrypt your strong-encrypted result with the governments encrypter. They can look at it, determine it checksums correctly (or whatever to prove you used their algorithim) and they will think it is ok.

No Crypto, Fine.... enforce your damn laws!

[LWolenczak]

I, an American Citizen enjoy the security I have with crypto. I like knowing that the scriptkiddies that can see my traffic are unable to gain any information from my traffic that could be used against me, against my employer, or my friends.

Why bother to make more laws? I'm sure there is a large stack of computer related laws, but nearly none are enforced, except when they want to slam somebody who is doing something thats perfictly fine in our books, but that they just don't like.

I say we need to rally on this one, Crypto is good. It protects the common man from imtimindation, It protects companies private information, it aids in the protection of networks, that would otherwise be at risk of being hacked, by open logins, passwords, and secrets that cross the internet all the time.

If you want to detur use of encryption, just outlaw it, and only the unlawful will use it, the lawful are the ONLY people hurt by such ideas and possible laws.

Be reasonable, and Just. This is no time to be bickering anyway, nor is it time to take actions anywhere close to what the FAA has done.

If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them. It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns. Again, what the FAA has done, only hurts the lawful people.

IPSec & SSL Rocks!

I can see it now...

[de+Selby]

Adobe puts a back door into it's ROT-13.

So what open source app should I get while I can?

[IronChef]

I haven't really followed the state of crypto freeware in years. Last package I used was PGP, which now seems to be commercial (www.pgp.com).

Time to get familiar with the free stuff again, I think. What's good and reputable? I have no idea where to start.

(Looking for Mac/Win desktop stuff, but wouldn't mind looking at Unix stuff too.)

Only use encryption you have compiled yourself...

[Nonesuch]

The mildly paranoid will only use encryption software they have compiled themselves, from source code they can trust, written to follow specifications by respected people in the crypto community.

The mildly paranoid will also only use compilers they have compiled themselves, and only use implementations that have undergone a line-by-line code review by a trusted person in their organization.

The truly paranoid will only run this crypto on isolated systems using chips that they have personally inspected the original die and have an established 'chain of custody' from original pressing to installation in this isolated workstation.

Osama Bin Laden will just have a few dozen of his faithful followers memorize 'one time pads', and a few hundred who can do 8-round Rijndael in their heads, and laugh at the silly Americans giving up essential liberties for a little temporary safety.

Will they turn off the internet?

[unitron]

Someone should explain that whole horse-barn door thing to Congress.

There's no way a foreign company is going to put up with the US government being able to read their stuff like it was a plain text postcard. "Why no, Airbus, we didn't pass on the amount of your bid to the people at Boeing who donate millions to our campaign funds. You can trust us. Really."

Do they expect OBL to stop using whatever crypto he uses now and to change to the new improved with a backdoor built in version?

Bin Laden used to use cell phones and satellites, now he uses the internet the way it was originally designed to be used, as a military communications tool. If they can find his messages but not read them, will they shut down the internet to block his messages? What happens when AOL starts screaming about being put out of business? Or do they have a plan for a different type of internet, one where they provide and charge for the content, just like cable television, and all the user stuff sent back upstream goes through the NSA computers before the government allows it to get where it's supposed to go?

Re:I think I speak for slashdot when I say...

[Tachys]

4th Admendment?

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

This was inevitable, but it's still sad...

[FangVT]

In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance. "This is something that we need international cooperation on and we need to have movement on in order to get the information that allows us to anticipate and prevent what occurred in New York and in Washington," Gregg said, according to a copy of his remarks that an aide provided.

This is base grandstanding by a politician in the wake of tragedy. Saying that it needs international cooperation is tantamount to admitting that it can't be done and setting up to blame the rest of the world when it fails.

The constitution was written by a group of people that had visceral knowledge of what it means to need a revolution, in the bloodiest sense of that word. Our modern laws would be a lot better if they were informed by that same knowledge.

Re:This was inevitable, but it's still sad...

[Evro]

In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.

New Hampshire state motto: Live Free or Die :

The motto was part of a volunteer toast which General Stark sent to his wartime comrades, in which he declined an invitation to head up a 32nd anniversary reunion of the 1777 Battle of Bennington in Vermont, because of poor health. The toast said in full: "Live Free Or Die; Death Is Not The Worst of Evils."

My, how things have changed.

Re:This was inevitable, but it's still sad...

[sulli]

This guy is an idiot if he thinks such a ban will be enforceable, or constitutional, or effective, or followed by anyone. What, does he think we'll all just kill our copies of PGP? Moron.

Re:So what open source app should I get while I ca

[J'raxis]

GPG (GNU PGP workalike) for your email, and OpenSSH for your secure shell needs (ssh, scp, sftp, spop, https, ...).

OpenBSD CD set includes full source code.

[Nonesuch]

My suggestion, pick up the Current OpenBSD CD set while you still can.

Shipped from Canada or Europe to avoid those pesky American laws.

And while you're at it, you can pick up the 'OpenBSD Globe' T-shirt with the very relevant slogan 'Make Crypto Not Munitions', and a timely quote from Ben Franklin.

OpenBSD will run on pretty much all of the same hardware that will run Mac/Win, and then some.

gladly giving away our civil liberties?

[solipsists]

"They that give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin, 1759. "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized." -- 4th Ammendment to the U.S. Constitution "[...]and every time we allow the government to grow in power at the expense of the people, we put ourselves in jeopardy of losing the ability to free ourselves of them if it goes too far." -- Thomas Jefferson (quotes taken from matthew rothenberg's 7/11/2000 article on the fbi's carnivore: http://www.zdnet.com/zdnn/stories/comment/0,5859,2 601960,00.html )

We were all afraid of this...

[Cylix]

After the terrorist attack it looks like fear will be used to fuel what some legislatures have been wanting.

We don't want to lose our freedom or our lives to an aggressor. Likewise, we don't want to lose our freedom in our own country by our own government.

Already this attack has injected a healthy burst of cash flow into the military.

Now, they wish to limit our cryptography. Of course many threads have pointed out the fact the bad guys(tm) would never use these versions. This is simply using fear to gain what you have wanted all along.

What will fear be used to limit next? What will it be used to gain?

I would not doubt if there is already some conjecture to give more power to government agencies for search and seizure.

I'm all in favor of doing whats possible to strengthen our defences. A healhty checks and balance system must be obtained above all else. This was what our fundamental structure was built on and will continue to serve the needs of the people. Let us not see it destroyed out of fear.

Re:We were all afraid of this...

[jflynn]

"I would not doubt if there is already some conjecture to give more power to government agencies for search and seizure. "

According to Sen. Leahy on Lehrer News Hour today, the senate (Orrin Hatch and some others were named) was indeed working on that very thing today. Leahy, to his credit, was extremely upset about the unseemly haste to politically profit from the disaster at the expense of civil liberties.

I'm sure Osama will use backdoored encryption

[1010011010]

After all, he's a law-abiding U.S. Citizen, is he not?

Re:I'm sure Osama will use backdoored encryption

[Arandir]

I'm sure he will. Why, if we ban the use of explosives, he won't use those either. And if we ban handguns there will be no murder.

Worried about carton knives on airplanes? Just ban them!

Oh, if only all of life's problems were this easy to solve.

Re:Independant Crypto Software

[reverius]

"Stenography which is the clear alternative to encryption"...

umm, "stenography" is "The art or process of writing in shorthand." according to dictionary.com.

I think what you meant was "steganography", which is "The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography.".

Re:Give it up...

[dmaxwell]

Sorry, I hate to be disrespectful but that is plain idiotic. While you're at it why don't you drop off copies of your house and car keys at the police station. You can also put cameras in every room of your house too. There is NO difference. You then can bask in a feeling of safety and security as a jumbo jet plows your neighborhood down. You know why? These kneejerk big brother laws won't do a thing to stop it. Those animals were disciplined and coordinated. Crypto surveillance would have done NOTHING to prevent this. NOTHING. So why does this sound good to you?

I for one am NOT handing over the bonafides to my personal boxen. I think it's time the Law Enforcement Honeypot Howto is written.

Ridiculous

[talonyx]

Obviously, if an encryption scheme CAN be broken with a 100% working every-situation decrypt, it will be. It's only a matter of months.

Any encyption software like this, with a backdoor, would be ridiculous to even consider using for privacy. Even if you're not worried about the government reading it, you would be worried about malicious crackers reading it - the same people you didn't want reading it in the first place.

So if it can be cracked, it's not really encryption.. and nobody will use it.

The cat is out of the bag anyways... PGP and GPG and various other schemes available open source and abroad mean that there's no way to enforce something like this.

Irony

[sconeu]

The real ironic thing is that Gregg is the Senator from New Hampshire... You know, the "Live Free or Die" state?

P.S. I submitted this this morning and was rejected... oh well...

Opportunistic politics

[xixax]

Terrorists are going to use _secure_ encryption, legal or not. This is an opportunistic attack on freedom, taking political advantage of a tragedy.

If the FBI is going to eavesdrop on any of these guys, it'll be by snooping on the hardware at each end.

Xix.

Climbing the bodies of innocents as a soapbox.

[Nonesuch]

Using this sort of tragedy to advance a political career or a particularly opressive agenda is disgusting, but is also standard procedure for many politicians, American or otherwise.

After every mass murder with the least connection to firearms, some politician proposes extreme restrictions on civilian ownership, without regard for whether it would have prevented the particular incident in question. One of the first bills proposed after the OKC bombing was new gun control laws.

After every crime where the offender ever even saw a computer, let alone had an AOL account, some congressman will propose new 'Internet Crime' laws restricting freedom online.

The only saving grace is these rash proposals seldom become law.

Not yet

[Ghoser777]

That misses the whole essence of 1984 (which is really a cool date because Orwell finishes the book in 1948). Being able to have a backdoor into all email is bad, but not 1984 bad. We'll move a lot closer to 1984 if Congress (w/out restraint from the Courts) is able to use laws like this as a springboard for more intrusions into privacy.

George Orwell's police state won't be here until we either know (or can't be sure of the contrary) that the government is watching us.

Then comes thought crimes - they can tell when we're thinking thoughts against the government and social norms (which will probably be set by the government).

Then schools will be places to indoctrinate kids into the army of the state that watches its parents for even the slightest sign of rebellion.

Then we won't remember if we're friends with this country and at war with another.

Then war is peace, freedom is slavery, ignorance is strength.

F-bacher

Re:Not yet

[DGolden]

So start pushing NOW for Reciprocal Transparency - e.g. if the police have a CCTV network, make sure it's public access, and that there are cameras in the police stations too, so that the watched may watch the watchers.

This is the only practical way to avoid the emergence of a 1984-style hell, and is a natural extension of current democratic systems.

David Brin, acclaimed hard sci-fi author covers this in detail in an approachable manner in his book "The Transparent Society: Will Technology Force us to Choose Between Privacy and Freedom?", chapter one of which is available on his web page here

I don't think so BECAUSE

[ConsumedByTV]

If its open source, all they need to do is re-compile with out the back door!

Re:I don't think so BECAUSE

[mizhi]

The backdoor they're talking about is less a programmatic backdoor than a numeric or algorithmic backdoor.

Re:I don't think so BECAUSE

[Raphael]

If its open source, all they need to do is re-compile with out the back door!

And as soon as the NSA or FBI or any other agency starts seeing encrypted messages that have no backdoor, the sender and receiver are immediately identified as potential criminals. Since they would be among the few who would use these illegal encryption techniques, the men in black suit can pay them a visit and arrest them (or do something worse to them).

As others have pointed out, steganography is not a good solution either. Most of these information hiding techniques can be detected. It is not trivial, but possible.

Re:I don't think so BECAUSE

[Rogerborg]

• If its open source, all they need to do is re-compile with out the back door

Thanks for raising a good point. If I write an encryption program for my own use, do I get locked up?

lack of jurisdiction

[Naikrovek]

The USA is the USA and nothing more.

The USA (I'm a citizen) can pass any encryption law it likes, but it has no jurisdiction outside the USA. Other countries (like Australia, where I live) will likely pass similar laws to kiss ass with the USA, but what good is that? Terrorists DON'T CARE! For Fucks sake, they hijack planes and kill thousands, do you really think they'll care if the US passes a law requireing back doors in encryption software? PGP is ALREADY nearly unbreakable (in any reasonable time frame, anyway). Do you REALLY THINK that they'll use the new software because its required by some shit country that is on the other side of the world? NO. America is deluding itself and giving itself a false sense of security if it thinks that passing a law will stop terrorism, or even give its own government insight into terrorist activity.

The problem is the problem, and the problem is not that they encrypted their data. Requiring ack doors is treating a possible symptom, and not the problem.

I don't know what the problem is but it ain't encrypted data.

-abused angry citizen

Re:um bad idea

[reverius]

Well, it's different from outlawing guns. It's a lot harder to do.

Imagine you could anonymously and freely give somebody a copy of your gun, any time, anywhere in the world, without anyone knowing but the two parties involved.

Now that's something you can easily do with an outlawed crypto system - email it to somebody.

Even if you can read the e-mail, it's still impossible to keep encryption programs from spreading while you theoretically can keep guns from spreading (what with them being physical objects and all...) :)

I volunteer

[CaptainSuperBoy]

Fine. Personally, I am all for crippling Americans' personal freedoms in the interest of national security.

As soon as this legislation is passed, I hereby volunteer to deliver the latest build of PGP+NSA directly to Osama Bin Laden, and I have no doubt that he will immediately delete his old software and begin using NSA crippleware. While I'm there, I'll also politely ask him to stop crashing planes into our buildings. Riiiight.

New Hampshire

[1010011010]

I think "Live free or die" is pretty good. Along with "Don't tread on me," and "the best we can hope for the people is that they are armed."

The revolutionaries who founded the United States of America are chock full of good quotes on freedom and defending freedom.

Re:I think I speak for slashdot when I say...

[1010011010]

I guess that real question is whether Congress will uphold those [4th Amendment] rights.

The answer is no.

Mandatory backdoors -- french tried, gave up.

[Nonesuch]

The government of France tried this. They outlawed all forms of encryption without providing the keys to the french government.

For example, I worked for a major semiconductor and radio communications corporation. We encrypted all private circuits to all remote offices, in the US and abroad, except that in France we had to provide the keys to the French government.

End Result?

The French intelligence agencies would hand over to major french businesses the 'competitive intelligence' collected from foreign corporations operations in france, allowing them to underbid competitors, etc.

There are several well-documented cases of government abuse of this information. In France the level of distrust got so bad that they eventually relaxed this policy due to foreign based companies withdrawing their business.

Impractical and Scary

[Flowbie]

The obvious sentiments

• How do you put the genie back into the bag now that it is out?
• It only punishes the innocent user as criminals are likely to continue using it
• How do you enforce it? Do you enact a law similar to the U.K. where you are obligated to give up your keys upon request? Again, only punishes the innocent as a criminal is less likely to oblige as it would further incriminate themselves. What about a Constitutional issue of self-incrimination?
• Wouldn't it create a "standards" barrier with the rest of the world who won't necessarily have to follow the U.S. cipher?
• What would be done to insure the new "cipher" was improved as technology advanced. We all saw the problems the 40 and 56 bit cipher restrictions caused in just a few years time. Even 128 bit encryption is coming close to being easily broken. Let's not talk about DeCSS.
• How will the government insure that their backdoor will not be used by third parties to compromise the "secure" transaction? Would you feel comfortable knowing that Banks were using a cipher with a known backdoor? How long would it take before this knowledge became common knowledge.

Specious argument

[Pope]

If everybody had a knife on those planes, do you think the hijackers would have even tried to take over the flight, if they knew everybody on board could cut them, or stab them.

And how many more drunken knife fights in bars would there be if everyone carried knives on a regular basis?

It's just like towns in Texas that everybody carries guns in, there is nearly no crime in those towns.

Prove to me that there's "less crime." How measured, per incident, per captia?
Keep in mind that those towns are pretty small. How would this make my city of 3.5 million people safer?

Re:Specious argument

[IronChef]

Keep in mind that those towns are pretty small. How would this make my city of 3.5 million people safer?

I live in Seattle, where anyone can carry a gun as long as they have these 2 things:

1. $60
2. Nothing bad on their record

Is Seattle famous for its high violent crime rate?

MOST US states have similar "shall-issue" weapon permits... if there was a correlation between such laws and increases in crime, wouldn't someone have pointed it out by now? The states and Feds collect a lot of crime data. Surely it would be obvious by now. There are enough people with an anti-gun agenda, wouldn't Brady or someone like that have presented the irrefutable proof that gun permits cause carnage?

It's strange, I wouldn't trust the average guy on the street to fix my hamburger right. But I'll be damned if they don't manage to carry a gun responsibly most of the time when they are given the right to do so. Pretty weird.

You might want to read this summary of Gary Kleck's study on defensive gun use.

This page has a summary of crime stats that relate to CCWs. Quick factoid: Florida's homicide rate has declined 21% since adopting a permissive CCW law in 1987. This is not an unusual kind of result.

I realize that figure does not PROVE that concealed weapons reduce crime. But it does seem to indicate that a CCW law doesn't turn a state into a bloodbath.

Give your fellow American a little more credit. Surprisingly, they seem to deserve it.

And who didn't know this was going to happen?

[mttlg]

I'm surprised it took this long for this to get reported. It was obvious from the start that this coordinated terrorist action would be used as justification to restrict cryptography. As expected, the knee-jerk reaction has come, creating another threat for informed people to worry about. Unfortunately though, in the current situation, all kinds of restrictive laws can be passed without any serious opposition in Congress in the name of defense.

So why is this such a problem? After all, the necessary decryption tools would only be made available under specific, government-controlled conditions. The problem comes in a few forms. First of all, the government needs to be treated as a trusted party in all of our communications. Regardless of the regulations, a corrupt government or certain corrupt individuals could bypass these regulations, resulting in a digital Big Brother. Even on a small scale, this is completely unacceptable. The worst case is that the people's right "peaceably to assemble, and to petition the Government for a redress of grievances" could be restricted by identifying and silencing anyone who tries to organize a coordinated protest and fears such a response to public expression of government opposition.

The more important problem here is that, like "access control mechanisms," these measures will not stop the intended targets. The first step would have to be a ban on non-compliant encrypted transmissions in addition to a ban on the distribution of hardware and/or software that can be used to produce such transmissions. Even if it were possible to filter out all non-compliant encrypted traffic (this process alone is scary), this can only work for encryption at the bit level (and even then only if non-compliant encrypted data wrapped in compliant encryption can be detected and rejected). A simple word substitution code could bypass this, and a more elaborate system (think industrial strength word level encryption) could be very secure and impossible to detect. Considering that only criminals would be developing and using such "illegal" encryption, a law against it will not act as a deterrent. The criminals will still have encryption, law-abiding citizens will have no privacy, and the government will continue to pass increasingly restrictive laws of this nature. In other words, nothing good can come from this.

Alternatives

[Scoria]

My point was that the alternatives would still exist. These alternatives would be made by people not subject to our laws.

Re:Alternatives

[Frank+T.+Lofaro+Jr.]

Even Russians (Sklyarov comes to mind) appear to be subject to our laws. Whether you agree with it or not, just living outside the US doesn't mean you can break US law and get away with it. I am just making a political observation, not trolling here.

It's called "extraterritorial jurisdiction" if I remember correctly.

Re:Alternatives

[GC]

Russians (and the other 95% of the world's population) are only subject to your laws when they are in your country.

To be honest, depending on how Bush handles this US crisis I may make a point of never traveling to the US again.

Re:Our "Open" society

[Dyolf+Knip]

Does someone need to walk into downtown LA or San Fransico with a suitcase mininuke and kill 300,000 people before you wonder if search and seizure without just cause is REALLY that big of a deal?

And making it so The Man no longer needs a search warrant will help with that scenario how? Are cops going to start doing random checks of briefcases on the street? Can you conceive of how bad the situation would be if any cop could walk into your house and take whatever he wanted without need of a warrant and not violate the law in doing so?

Please note that this catastrophe was done with knives. Knives. Millions of dollars spent on x-ray equipment to find guns and bombs and they kill 10,000 people with some fucking Ginsu's. Logically, the only way to prevent it from happening is to outlaw knives. That sound effective to you?

It's very, very, very hard to defend against terrorism. You've got a massive amount of area/people/buildings/vehicles to defend while the terrorists can concentrate their actions at any point. Classic offense/defense scenario. The best way to prevent terrorism is to make it clear that terrorist actions will be ineffectual and that retribution for such actions will be swift, awesome, and inevitable.

Re:oooooh

[J'raxis]

Well, lets see. How about root access on the servers at my place of employment (a rather large university in Massachusetts)? Not to mention my own box.

My personal data? Maybe. My employer's? Absolutely

[Nonesuch]

Perhaps most of my personal work isn't that interesting (but you'd be suprised). But the data my employer transfers over various networks can be worth millions.

When I worked for a major radio communication and semiconductor firm, we dealt with file transfers including HR data (salary, SSN, insurance claims), new CPU and other chip designs, bid information for contracts in the hundreds of millions, marketing, pricing, and profit projections, and much more they didn't tell me about.

How about the phone company? (Okay, I was only there two months) Sure, they have your credit information and the unlisted number for various celebrities. But they also have call detail information for every subscriber, and systems that allow real-time interception of all phone calls, including alarm circuits and the 911 system.

What about an online brokerage, mananging hundreds of millions in customer assets, and tens of millions in stock transactions each day?

Perhaps 'the government' can be trusted with backdoors giving them access to all of this information. But remember Nixon, Oliver North, or the many other cases of abuse of power and access to information by the people who make up the government?

Here's a real-life example where my personal data has value to the Feds and others: I find a new security hole in a popular corporate firewall project. I need to report this major security problem to the vendor, but I don't want it to be known to anybody who might exploit it to penetrate corporate networks. How do I communicate this problem to the vendor without strong encryption?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Wow

[ergo98]

This incident will surely lead to every right wing facist to come crawling out of the woodwork. The reality is that the encryption gremlin has been out and abouts for a long time, and there is absolutely no way that you will ever get it back in the bag. Period. This is not even remotely considerable. On the NIST site they even provide links to Twofish, Rijndael, etc, to which you can grab the source and roll your own. There is additionally absolutely no possibility WHATSOEVER that foreign nations will agree to US backdoors: They may feel remorse about this incident, but given Echelon they won't be imposing US laws in their land.

You know this all really is absolutely absurd. What happened at the WTC is an absolute travesty and hopefully there will be justice, but this heavy handed knee jerk reaction is unbelievable: It's the illusion of safety (see "Fight Club" regarding airline safety manuals). Who cares that the terrorists got on the planes likely with items that were 100% legal under US law (prior to the attack you could carry a 4" knife on US planes completely legally. For all we know they may have pulled them out and said "See? Like our knives?") : Pretend that the real issue is suitcase nuclear bombs and people sneaking over the border. I've seen on several pages the attempt to actually blame MS Flight Simulator for the tragedy: Flight Sim allowed them to train at hitting the WTC, and gosh darnit it even has the WTC so they could practice hitting. RIDICULOUS! Who cares about securing the pilot cabin or something actually useful: Ban Flight Sim! A similar situation came up with Microsoft Train Simulator with Union Pacific being outraged under the belief that this would lead to a nation of highly trained (no pun intended) train engineers who would go out and steal all the locomotives : Hey don't expect them to SECURE the locomotives in some fashion: Just hope that no one knows how to drive them. To say that these reasonings are the height of stupidity would be putting it lightly.

Anyways I'm sure we'll see all sorts of mentally deficient ideas such as these coming out over the coming day by fascists seeing the opportunity, again ignoring the absolute simplicity of this operation.

On this very subject (link)

[Brian+Stretch]

Appropriate commentary here, dated yesterday:

The main source of our strength is our freedom and open society. The United States already has the most powerful military in the world. We don't need the symbolic jaw, jaw, jaw of more laws, but the will to use our existing war power.

Paul Weyrich, head of the Free Congress Foundation, aptly wrote: "The truth is that if we further emasculate our Constitution the terrorists will have achieved the greatest victory imaginable. Their triumph won't just be the thousands of people they killed, the triumph will be if they see our democratic institutions crumble. If President Bush can navigate a responsible course where we make an appropriate response to those who have perpetrated these unspeakable crimes while at the same time protecting our essential freedoms in the process he will end up being the greatest President of the modern age."

Another essay from yesterday, "Freedom First", is also a worthy read.

Re:On this very subject (link)

[Rimbo]

Bingo. This is the first response to get it right.

If we sacrifice the civil liberties we enjoy as Americans to fight terrorism, even if we destroy every terrorist to a man, they will have won. This is a country based on ideals. If we give up those ideals, we are destroyed utterly, even if the institutions and individuals that make up the country remain.

We're at war. But this is what we're at war against: Ourselves.

Re:Don't their license plates say...

[J'raxis]

Yes, and I hard numerous politicians on TV yesterday talking about placing restrictions on certain rights to protect our precious freedom. (Thats a damn-near verbatim quote, too.)

Expressions like those are mere slogans to inspire the people much as police states like China label everything The Peoples.

Re:Damn IT

[fishbowl]

>we should find out why these people felt the
>need to attack us

They want a different answer besides the truth.
There are always at least 30 wars raging in the world, and the US calls it peace.

Re:question

[J'raxis]

Bin Ladin does make his own. He relies more on steganography (cleverly hiding information in other ostensibly benign places) more than cryptography.

Foreign countries

[mr100percent]

Can't european countries, like great britain, object because:

It's not Echelon, so they can't get an advantage.

it may hinder business/security of their citizens

it's only in the interests of the US?

Gaffney kind of gets it

[1010011010]

He said, and it's true:

Gaffney said that he's unsure, however, if a global encryption-restriction regime is wise: "I'm not sure if I'm in favor of trying to foster an international regime whereby hostile goverments, or for that matter governments that may not be hostile at the moment but may be hostile in the future, can take advantage of backdoors."

Two problems.

[color+of+static]

One, are they going decrypt all messages to make sure strong crypto isn't being used inside the one with backdoors? Otherwise all this will do is allow forensics teams to say, "Oh yeah, he also used strong crypto." It's not like strong crypto won't be available either. You can't take all of the software away from them, and unless you outlaw C compilers I doubt that this stuff will go away as computers become obsolete.

Two, how do you get this to be adopted as an international standard? Let's say I'm another country, why would I adopt encryption with a backdoor in it? If it is state run backdoors (like key escrow via government), then we'll start to see small countries selling non escrowed encryption as a revenue stream. Let's not mention that state sponsors would then also allow terrorist a secure communications.

If we don't get this adopted as an international standard then it will be useless. If nobody uses it, and standard crypto is outlawed, then there goes e-commerce, a lot of ASPs, and a serious blow to the economy is dealt.

We compare this to outlawing knives, which is probably a very accurate analogy (both can be made in one's home without anyone knowing). While this points out the ubsurdity to a techinical person, the lay community (read most everyone) doesn't see it that way. They are thinking in terms of Hollywood where all codes are crackable with hours or days and the correct intent of a large organization. I think it's time for education of the populace. It worked with DIVX and clipper, it can work again.

Oddly, criminals rarely obey laws

[jjohn]

Mandating "backdoor" keys to crypto will only be followed by law-abiding citizens. Knaves, rakes and reprobates will continue to use the strongest crypto possible.

This is another sign of the war on personal freedom. Guns, drugs, crypto: these aren't the enemy. Bad laws, frustrated cops and panicked constituencies are the pavement on the road to hell.

While I don't support ESR's call for an armed citizenry (THAT will quell domestic violence and road rage, don't you think!), I do suggest that we stop blaming instruments of terror and focus on the root cause of terrorism: people. What is their motivation? Is it just random sociopathic behavior? Is it our indiscrete wielding of world hegemony? The nauseating events of 9/11/2001 didn't require arcane knowledge or hi-tech equipment; we provided the tools of our own destruction. However, we also have the keys to our survival. It is our brains that got us into this mess and it is the careful application of that same organ that will see us through.

Adrenaline can't solve all our problems. As Frank Herbert's flawed novel _Dune_ reminds us, fear is the mind killer.

Re:Oddly, criminals rarely obey laws

[1010011010]

Do you support James Madison's call for an armed citizenry? George Washington's? Thomas Jefferson's?

So the attack worked

[thogard]

This attack was not about killing people and it wasn't about putting fear in the hearts of Americans, it was about getting the USA to destory itself. A common trick used in part of Europe before WW2 was to attack something in a way that the goverment would then attack back. Goverments are very bad at selective attacks and always hit more than they should. The result is that goverment starts making life unbearable for its citizens. In the past people have used these attacks to take over goverments.

The US's reaction to total lack of security at a few airports will to bring in a new world order but that isn't going to keep from happing again. Now that its clear what a jet will do to a building, when will someone try to steal a UPS jet to do the same thing? Most cargo planes are stitting around unlocked and with enough fuel to get in the air.

3 Steps

[VB]

Step 1: Legislation is passed unanimously in both the house and senate and signed by the President requiring all domestic encryption software to include a backdoor.
Step 2: SSSCA is passed unanimously, modified to include all current encryption software passed in Step 1.
Step 3: All non-government information security experts are rounded up and imprisoned for 5 years for using non-backdoored encryption technologies.

No one is left to assist in deterring the next terrorist attack: the one on our information infrastructure by those who have no concern for U.S. Law.

I hope the message can get through to our lawmakers and it's non-technical citizens, at this difficult time.

Do this and the terrorists win

[SurfsUp]

Here in Germany (I'm a Canadian by the way) privacy is a constitutionally guaranteed right. Too bad it isn't in the U.S.

In the U.S. it's more and more like a favor the state gives to some people, some of the time, depending on how benevolent somebody feels that day. So bow to the demands of the spooks, make backdoors mandatory, give people long jail terms for circumventing them, and the terrorists win. They win bigger than they ever imagined by making life worse for ordinary U.S. citizens.

In the name of pride we have to win this without cheating. Cheating means using the same tactics as the bad guy. No murdering civilians. No spying on our own people. No cameras in the bedrooms.

Make cryptography a crime and only criminals will have cryptography.

Re:Do this and the terrorists win

[1010011010]

Here in the U.S., privacy is a consitutionally guaranteed right, says so right in the 4th and 10th Amendments.

Unfortunately, the federal government doesn't give a fried fart what the constitution says.

Re:Do this and the terrorists win

[SurfsUp]

Here in the U.S., privacy is a consitutionally guaranteed right, says so right in the 4th and 10th Amendments.
Unfortunately, the federal government doesn't give a fried fart what the constitution says.

It says "security" ...of... "papers". It doesn't say privacy. In Germany it comes right out and says privacy. Guess they knew what it's like to live without it.

But I'd tend to agree with the fried fart part.

Probably redundant but

[tcc]

This is totally lame, if people want to use encryption to go around being detected, there's enough groundwork posted on the internet to get source to make your own "unbrakable" algo... so why doing this? it's totally taking an excuse to put more strain to each legit individual/buisness, and spying on legitimate users.

This is like drugs, it's not because it's illegal, that it suddently ceased to exist!

I find it really hard when governing people think they are talking to a bunch of sheeps and clueless retards...

slashdot articles are encrypted

[aozilla]

In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.

Becomes...

Wired news reports that Congress is considering restrictions on crypto software in the wake of the terrorist attack.

This is presented as an example of steganography - "The art of writing in cipher, or in characters which are not intelligible except to persons who have the key; cryptography."

Re:We've defeated suicide terrorists before

[Tsian]

As for the terrorists being considered martyrs by their people, well as far as I'm concerned, we will obliterate the very people that would consider these terrorists martyrs

Yes... lets kill those damn civillians. That'll teach them never to mess with the United "We are Freedom" States of America. Let's take away their choice to have beliefs, because their beliefs are WRONG! Hell, why don't we just run jumbo jets into their embassies... or would that bear too striking a resemblance to the attack itself?

If you want to kill civillians then you are no better then the terrorists... so does that mean we should kill you too?

Sheep

[Greyfox]

And of course the American Public at this point will be more than happy to hand over another personal freedom for a guarantee from Congress that this will never happen again. After all, how could 50 people (That was the last estimate I heard on how many were directly involved in hijacking the planes) have kept their operations secret from the FBI and CIA and coordinated their activities without the use of strong encryption? At this point the American Public would probably agree to cameras in every room of their houses if it meant they could get back on an airplane without wondering if this is the trip they're going to die.

We want our old complacency back and we'll legislate to get it. Complacency more than anything else bred this disaster and if our paranoia level is elevated to an heretofore unknown high, well, we're just getting a taste of what much of the world lives with every single day. I've been waiting years for something to shatter that complacency. Most people think how horrible this disaster was. I think how much more horrible it could have been, had the terrorists also had access to nuclear, chemical or biological agents.

New Hampshire State Motto

[aozilla]

In a floor speech on Thursday, Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without backdoors for government surveillance.

Interesting coming from a senator whose state motto is "Live free or die". Apparently he's following the "Give up freedom because of fear of death" version.

Re:New Hampshire State Motto

[sulli]

Seriously. Fortunately we have the first amendment, and this would be prior restraint on speech, so this bluster is just that - bluster.

Typical, the Nanny State strikes again.

[BrookHarty]

Forgive the small rant, but this relates to the term floating around, "Nanny State" that seems to summarize the current ideology of most Americans. The term expresses exactly how the I see our country.

Any country that bans Peanut Butter and Jelly sandwiches from schools is in need of a major political overhaul.

I am a one of those people who hates authority, doesn't trust the one sided news sources, questions the unquestionable. Anything that remotely encroaches my personal freedoms becomes an instant battle to the death. I believe that people should have total freedom to live their lives without interference.

I'm a mix of different political beliefs, anarchist, green party and a republican. Less government, but still have an army to protect us from terrorists. A police force for the violent criminals. Legalize everything for consenting adults. Teachers to teach math not religion. Flat tax, school vouchers, legalized abortion, no affirmative action (everyone is the same). I believe in public assistance for the truly needy, medical for everyone, 7 day gun wait, gun locks, but not a gun ban. Personal privacy, no agency shared government database.

Basically, Live and let live.

-
A government that robs Peter to pay Paul can always depend upon the support of Paul. - George Bernard Shaw (1856 - 1950)

Typical Kneejerk Response

[mech9t8]

The battle of privacy and safety is going to begin in earnest now.

Typical response in political issues, and part of the reason politics is so devisive.

Battle *between* privacy and safety? Good god, are you saying we have to pick a side? "I'm for privacy!" "I'm for safety!"

Stop devoting your time to "winning battles." Start devoting your time to finding solutions "both" "sides" can be happy with.

One, it's the only way everyone will be happy.

Two, it'll come up with a better solution overall than either side will come up with individually.

Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose. This isn't something like the DMCA, where it's liberty vs. record companies. This is liberty vs. public safety, and for many people, in many instances, public safety will be more important.

Re:Typical Kneejerk Response

[bnenning]

Start devoting your time to finding solutions "both" "sides" can be happy with.

The problem is that this isn't possible. It is either legal to use unbreakable encryption, or it's not. There isn't a middle ground.

Three, if you try to fight the concrete consequence of 5000 people dead versus what most will perceive as the largely abstract consequences of the government being able to read your encrypted data, you're going to lose.

Not necessarily, people have become much more aware of privacy issues in recent years. There appears to be much more of a desire to exterminate the terrorists who did this than there is to adopt police state tactics in an attempt to increase security.

Mod Parent up...

[ocie]

A lot of good points.

It it possible...

[sterno]

First of all, most major companiess of the world sell products and have operations in the United States. This makes them subject to US law or makes them at the very least subject to wanting to be in the government's good graces.

Foreign governments tend to make treaties for laws that are mutually beneficial (Berne convention, etc). Those in power stand to benefit from having the ability to eaves drop on the people they govern so there's no reason to believe they won't be willing to make mutual treaties to enforce eachother's laws in this regard.

Those who choose to use illegal forms of crypto will stand out against the background noise of thousands of legitimately encrypted messages. It will make them much easier to track down and given the illegality of using that cryptography, you can prosecute them at will (whether they did anything truely criminal or not).

Re:It it possible...

[WolfWithoutAClause]

>First of all, most major companiess of the world sell products and have operations in the United States. This makes
>them subject to US law or makes them at the very least subject to wanting to be in the government's good graces.

You happen to know which company it was that bombed the World Trade Center?

The country I know that has gone down the path of basically banning encryption was France. They used it so they could spy on any foreign owned company that went there. Boeing lost a lot of money that way.

>Those who choose to use illegal forms of crypto will stand out against the background noise of thousands of legitimately
>encrypted messages. It will make them much easier to track down and given the illegality
>of using that cryptography, you can prosecute them at will (whether they did anything truely criminal or not).

Absolutely. Anyone involved in terrorism (i.e. bombing, killing and maiming) will be so worried!

And cryptography is soooo easy to spot. Not. "The rain in spain stays mainly on the plain." can be a code phrase, or a recital of a phrase from "My Fair Lady"; depending on context.

Re:Our "Open" society

[fishbowl]

> Can you conceive of how bad the situation would be if any
>cop could walk into your house and take whatever he
>wanted without need of a warrant and not violate the law in
>doing so?

There are only two ways for this to go.
One, it leads to a WHOLE LOT of dead cops.
The other, it leads to us becoming our own
worst enemy....

Our Congress is fucked up

[nd]

Why does every congressman seem to feel that their accomplishments directly correlate with the number of bills they get passed?

They are constantly searching for so-called problems, and then they feel it is their duty to add a "patch" law to fix it -- almost always at the cost of freedom.

It's easy to see how they fall in this situation. Imagine you're a Senator after this terrorism act occurs. You feel that your people need you, and want action taken. After all, it is your job to legislate -- so why not find a remotely related source for the tragedy and try to fix it with Yet Another Bill? It's what all your Senators around you do, and it makes you look to be the good guy, furthering the advancement of your political career.

It is truly sad that this is how things seem to work. In my opinion, it would be much more preferable for congressmen to spend their time weeding out broken laws and refining existing ones to be more sane. There is a serious lack of ideology -- and an abundance of "patching" to a huge mess.

Am I alone here?

A good idea but too late.

[mesocyclone]

I'll probably get mod'ed into the mud for this, but I believe that if were practical, a properly protected crypto backdoor system would be appropriate, and I have said so for a long time.

First a caveat - this is moot at this point, because of the widespread availability of effective crypto technology - you can't close the barn door.

BUT... in the United States and every other country in the world that I am aware of, police are empowered, under appropriate circumstances, to eavesdrop on normally private conversations - whether telephone calls, conversations in a bugged car, or mail. This is not because of a nefarious desire of governments to snoop (at least not in the free societies) but because of the clear and present danger which criminals, traitors and terrorists represent.

Many have argued that the internet should somehow be exempt from the rules of the non-wired world - but that is a very short-sighted viewpoint. The internet is part of the larger world, and internet people need to recognize that reality. The internet is not virtual; the internet can be used for great real good, but it can also be used to facilitate terrible harm. The internet is real and has real effects on the non-virtual world, and thus considerations of that non-virtual world must be allowed to affect the internet world.

This will work...

[fanatic]

..because there's no way a terroroist could find an unaltered copy of gnupg anywhere.

Right.

I was watching CSPAN

[(H)elix1]

and saw the discussions on this. My jaw just hit the floor watching the debates - which Hatch(?) basically ranted on how we need to give our law enforcement agencies all the tools they could possibly use, damn the cost of freedom. Mind you, I'm Republican, and I watched in horror as he equated what happened with the hijacked aircraft at the same level as "cyber" terrorism. The judiciary chairman (?) was on the other side of the debate - he more or less resigned himself that this was going to be voted in, but commented
1)This affected all wiretapping, not just "terrorist" cases.
2)There are no guidelines for what a terrorist was.
3)Most frightening - any yahoo who was an "expert" could tell the judge they think it is connected
to a criminal activity and the judge would be forced to sign the warrant. These people did not have to be law enforcement personnel.

This was one of the few chances I've had to watch the Senate in action lately. I think I need to take a shower....

Download (open)PGP,GPG,OpenSSL Now

[mlafranc]

One of the first things I did when I heard about the bombing was to download PGP for Palm, this even though I don't have a palm device; I'm looking at getting a handera with a IBM Microdrive. When any threat of terrorism comes about, we always hear of lawmakers wanting to crack down on crypto. I'd be interested to know: If you were required to hand over your keys and passphrases to law enforcement officers, would you?

I personally would not, I'd rather stand tall and go to jail. I have a right to crypto wether in law or not. Please reply.

Posted with LYNX

And in other news today, at the Washington Mall

[Ukab+the+Great]

The United States government accidently defaced the Lincoln Memorial after it was mistaken for a 2000 year old statue of Buddha.

Everyone hears every word we say

[Graymalkin]

If you look at the situation logically without the slashdot required kneejerk response you'll immediately recognize the flaws in any argument of "make X illegal for safety issues". If you make it illegal the only people that will have it are criminals. A couple semesters of calculus and computer programming will net you the expertise to write rudimentary encryption algorithms. Strong enough to take years to decode by which time it's far too late to be of any use at all. Does the government honestly believe that making it illegal to have non-Clipper encryption will keep people with illegal inclinations from using it? No they don't but propositions like this are meant to give the public something to make themselves feel more secure. Just remember the US government tried to ban booze and it backfired on them entirely.

Re:Everyone hears every word we say

[beanerspace]

Good points. Aside from that, what happens when these criminals take a page out of the U.S.' playbook and futher obfuscate their messages with native dialects as did the U.S. with their Navaho codetalkers ?

Re:Everyone hears every word we say

[Graymalkin]

Exactly. Any encryption book you ever buy has at least four chapters devoted to encoding scheme that obfuscate your messages so they can't be easily filtered.

Think pre-emptive

[NapalmGod]

I suspect that this is going to happen if we want it to or not. However, it's possible that, at this stage in the game, the groundrules can be changed.

What if we accepted this, and started thinking of what conditions would make this acceptable to the community at large? If you were crafting a bill with the goal of allowing governments to be able to read encrypted traffic, what restrictions would you have, and how would you implement it?

Personally, I know that the US government (or any other) can have my keys over my dead, cold keyboard. But what about this:

1) "Backdoor" keys are generated on a per-key basis. When I generate a key in PGP (or whatever), it generates a backdoor that indicates which key it's for, and sends it off (see #2).
2) Keys are not held by governments. They are held by not-for-profit 3rd party companies who's job it is to make sure that governmental key requests are legal. The board of said companies are selected by the keyholders (no more ICANNs!!).
3) One company per country. The software will ask which country you are in, and register the key with the registrar for that country.
4) Require the law enforcement agencies to go to an actual judge to get a warrant to get the key. They have to show valid cause. None of this "National Security matter" or FBI Committee.
5) If another country wants the key, they have to approach the local law enforcement for the country that holds the key, who goes to a judge. No out-of-country warrants, and this protects against international spying (Echelon, anyone?).
6) Explicitly ban the FBI or any other agency from monitoring traffic to/from the registrars. No Carnivore allowed. Not allowed to use any keys captured in a wiretap, separate warrant required. No NSA gobbling other nations key traffic.

There's some things that would still need to be worked out, like how to prevent people from registering their keys with, say, Denmark when they are in the US, and how to fund the not-for-profits (Matching funds from the Governments and the software makers? Governments and fees from the encryption user?), but you get the idea.

Thoughts?

-NapalmGod

Re:Think pre-emptive

[clare-ents]

"
3) One company per country. The software will ask which country you are in, and register the key with the registrar for that country.
"

So the terrorists merely have to register their software to Iraq / Afghanistan then....

Everything changed tuesday

[Weezul]

The truth is that everything changed tuesday. I'm a card carring member of the ACLU, but I'm now advocating extencive background checks for flights and even fingerprint scanners (to prevent mindless beaurocrats from just slowing things to a crawl). Honestly, I would now support crypto backdoors if they would do any good.

Unfortunatly, crypto backdoors would be essentually useless and even counter productive. Bin Laden wil stil tack a layer of crypto onto his communications, so our backdoors would be useless AND might slow of development of real counter measures.

If your going to spend any time making arguments against crypto backdoors then you should focus on the uselessness and counter productive aspects. We have now gone mad as a nation, so all arguments must be focused at helping us achieve our goal (the deaths of terrorists).

Re:We've defeated suicide terrorists before

[Malcontent]

Nice. Let's commit genocide that will make us feel so much better. What you advocate makes hitler look a saint doesn't it.

I heard a few people were arrested in germany today will you bomb german civillians too? After all they were harboring these terrorists. I heard some lived in canada will you bomb canadian citizens too? I heard some lived in Miami will you bomb miami too.? I suspect not. I suspect that the thought of actually killing white innocent people will not sit as well as killing brown innocent people.

Strengthen encryption, for reliable authentication

[Tekmage]

Thinking aloud...

Terrorist organizations seem to thrive through anonymity and finding ways to circumvent traditional means of identity and authentication.

As others have said, the encryption cat is out of the bag; it's never going back. Even if they tried to back-door the "legal" tools, a message doesn't have to be encrypted to hide it's true meaning/contents. They can just as easily be hidden in plain sight/text.

...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers. All digital images must be taken on approved photographic equipment; tampering with image watermarks is a Federal offense. You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record. Hmmm... This is starting to sound a little like the language police over in Quebec... ;-)

We need better ways to ensure the authenticity of people's identity, not easier ways to watch who we think we might be watching but aren't sure because we're too lazy to authenticate the source and destination through other means.

While it's nice to be able to travel in anonymity, places with security concerns can't afford the risk any more. I'm NOT advocating tracking everyone's movement and action without legal warrant. Attempt to control access, not content. If you are who you say you are, there shouldn't be any reason to interfere with your travel plans.

Ultimately, it's a tough call. But from my own travels I know I get a little concerned when security DOESN'T ask me any questions. On my last trip they did ask about my multitool in with my laptop; it was allowed then, but after these events I don't think I'll be packing it any more. I value my safety more than my privacy in these situations...

Last thing we want is Gattaca though... An extreme in controlling access...

Irony

[Greyfox]

That was irony. IRONY!

Err...

[SmurfButcher+Bob]

Backdoor? So, we won't need to use DeCSS anymore?

Gonna be funny to see which side wins, the backdoor proponants or the DMCA advocates.

- SBB

Re:OT: get a new quote

[BadDoggie]

The problem is that almost everyone gets the quote wrong and I've only ever once seen it properly attributed. It was not Jefferson or Franklin or Einstein or any of the other dozen names I've seen attached to it. The earliest reference to such a quote was from Ludwig Thoma. Franklin never even stole it for Poor Richard's Almanac (that anyone can definitively show).

The sad fact is that we will indeed lose freedom, not for security, but for the perception of security. All kinds of measures will be taken, laws enacted, procedures implemented. Getting on a plane will be a nightmare, but while everyone will be at least inconvenienced, no real prevention will occur.

People want action - they want something done. It doesn't matter if it helps or not. The perception is that anything is better than nothing. I had to go to Bethesda Naval Base today. Only one entrance was open, you had to show ID, another guard had a mirror-onna-stick to look under the cars, another guy was walking around with a shotgun. Looks good, seems secure. Except...

Except a shotgun is only useful within 50 yards at best, the mirror is useless because no one is hanging onto the undercarriage of a car (and you put explosives on the floorboards and in the trunk, not under the car), and although they demanded an ID from me as a passenger, they didn't actually look at it carefully, much less check it with NCIC.

So how much freedom are you (or realistically, is your mother or neighbour) willing to give up?

woof.

Misunderstandings

[JohnZed]

People who say "crypto is irrelevant, because the terrorists only had knives" are missing the point completely. Notice all the talk describing this incident as a "massive intelligence failure?" That's because the terrorists appear to have used crypto to communicate between fifty people for over a year before they got close to any violent acts. If their calls had been intercepted (seeing as some appear to have had long-time, known bin Laden links, they could very well have been monitored), we might have known about this six months ago and stopped it.

Additionally, remember that the US government is limited by their ability to monitor local civillians. The FBI needs a wiretap warrant to conduct such an investigation, although the burden of suspicion is typically a bit lower than a physical search warrant, it still needs to be granted by a judge for each specific case.

That said, I think this legislation is probably a poor idea. There will be so many foreign companies providing escrow-free cryptographic plug-ins that US laws will be irrelevant. In the end, it's likely that only law-abiding citizens would possess the backdoor-enabled crypto software, which could still be compromised by a third party.

Off Topic - please don't post w/ MS crapware

[fanatic]

your post, viewed on netscape, is lttered with question marks where there should be single quotes. This is usually (tho not always) the result of using Microschlock software. See http://www.fourmilab.ch/webtools/demoroniser/ for more information. (And my apologies if you weren't using MS crapware.)

We MUST lobby against this

[foxxtrot]

As others have already notices Bin Laden did two things, avoid electronic communication, and when he did use crypto, he certainly wouldn't be using back-doored software. So essentially, himself and the other terrorists wouldn't be slowed down, our American civil rights would be violated however.

Alright, now to the non-reduntant part of my post. On Tuesday, Tom Clancy was on CNN in the afternoon. CNN had Tom, because Tom wrote a book about terrorists chrashing a plane into the Capitol building, and killing both houses of Congress, and the President. Well, Tom said that the real problem we had in not seeing this coming is that the CIA employs some 20,000 people, and only about 800 of them are spooks. The only way to fight terrorism effectively is with a large, well-trained intelligence corps. We need at least twice, if not three or four as many spooks out in the field, infiltraiting these terrorist groups, so that we are aware of these plans before they something like Tuesdays events happen.

Cryptography isn't our problem, an incredibly small spy system is.

foxxtrot

Re:We MUST lobby against this

[schussat]

Cryptography isn't our problem, an incredibly small spy system is.

That explains a lot; those great big Lincoln town cars are really just compensation for a little tiny spy system!

-schussat

Backdoor Encryption wouldnt have helped.

[BrookHarty]

Backdoor to encryption protocols wouldn't have saved us from this terrorist attack.

The government knew about the terrorists, they even had files on them. Did the government put key loggers on their computers? Did the government suspect them? No, there was no red flags that said "terrorist here".

We know the FBI can bypass encryption, but they need a search warrant. The only way to be effective against terrorists is to scan everyone's email (Think carnivore). Backdoor encryption opens "warrantless" searches, which scares the hell out of me. You have nothing to hide right?

-
Power corrupts. Absolute power is kind of neat. John Lehman, Secretary of the Navy, 1981-1987

Dear Congress...

[ocie]

Please have some computer savy computer person on your staff explain the following "encrypted" message to you:

Jr, gur crbcyr, va beqre gb sbez n zber cresrpg havba, rfgnoyvfu
whfgvpr naq rafher qbzrfgvp genadhvyvgl, cebivqr sbe gur pbzzba
qrsrafr, cebgrpg gur trareny jrysner naq rafher gur oyrffvatf bs
yvoregl gb bhefryirf naq bhe cbfgrevgl qb beqnva naq rfgnoyvfu guvf
Pbafgvghgvba bs gur Havgrq Fgngrf bs Nzrevpn.

I was going to do this as uuencoded, but gave up on trying to post a uuencoded message.

Re:Mixed feelings -- not me

[MadDog+Bob-2]

I'm crystal clear on this one.

They can have my copies of (OpenSSL|OpenSSH|gpg|etc.) when they pry them from my cold, dead fingers.

That, and, as others have pointed out, the algorithms are known and not that difficult to implement. Any self-respecting terrorist would simply ignore encryption tools with backdoors built into them. It would (who am I kidding, will), generally speaking, only be the law-abiding folks who would (will) be injured by this.

And I continue to be amused by the way second amendment slogans seem so appropriate to the likes of DMCA, SSSCA, and crypto regulation...

By analogy...

[slackergod]

The irritating thing about this (and laws like the SSSA-whatever)
is that they do little to actually provide protection...
it's as if you lived in glass houses, and _pretended_ that it was brick...
but not shatter the illusion, you never actually knocked
on the walls very hard.(or better yet,
with those paper-walls in some houses)

Law is, in general, little more than the collective agreement of a group of people.
In any large group, deviations become harder to catch,
and either the law fragment (ie separate nations, etc),
or it becomes enforced (police, whatnot).
While does work, there are limitations to what
we can do in the nature of the medium.
A law can't directly enforce itself on someone who ignores it.
If someone else decides to walk through
the glass walls of your house and steal your safe... you're screwed.

Once you give away your privacy,
you give away the all things that separated you as an individual from the rest of the world...
you are less yourself,
and more the one who lies in judgement of your thoughts.

or some such.

-Slackergod

Humm, I have an Idea.

[BrookHarty]

If a backdoor crypto law is passed, wait till everyone is using it, then crack the keys.
Decrypt all congresses personal email, post those neat little secrets, post thier love letters, bank accounts.

I bet they pass a law banning backdoor crypto and encrease personal privacy laws.

-
Once a government is committed to the principle of silencing the voice of opposition, it has only one way to go, and that is down the path of increasingly repressive measures, until it becomes a source of terror to all its citizens and creates a country where everyone lives in fear. - Harry S Truman (1884 - 1972), August 8, 1950

I can't think of a subject

[PatJensen]

Imagine.. your 6 year old daughter in Kindergarten.

Your phone rings at work. "Hello?", you answer. "This is the police, we have your daughter in custody." "What?", you exclaim.

"We were tipped off that your daughter exchanged secret encrypted messages, so we are placing her under arrest until we can get to the bottom of this".

8 months later, you find out she was practicing her alphabet.....

-Pat

Sorry, it doesn't work that way

[MattW]

All they'd have to do is hide no-backdoor encrypted messages within backdoor-encrypted messages, and it would be undetected unless Carnivore automatically decrypted all messages, which conflicts with what the lawmakers are saying -- "only under the oversight of a court".

Re:People will hand it over - crypto's already out

[IntlHarvester]

God. I just read Levy's Crypto about a month ago, and I thought this was *over*.

The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.

We're talking about outlawing every copy of products like Windows 2000 and Lotus Notes, every router that implements VPN, and so on. The impact on US business would be horrendous. And the big money finance folks would just ignore the order.

Traditionally, the crypto issue has been framed as a rights issue with the cypherpunks against the feds. This neglects the significant commercial impact.

guns != crypto

[Merk]

See, I knew someone would say "strong crypto=guns", everybody should have the right to use strong crypto, and everybody should have the right to use guns.

Let me point out what I think is the fundamental difference between these two arguments: crypto, used in anger or accidentally, is not dangerous.

The saying "guns don't kill people, people kill people" is completely true. But guns make it really easy for people to kill. If a kid accidentally uses strong crypto, nobody dies. If a kid accidentally uses a gun, someone will probably be hurt or killed.

Another popular saying is "if guns are outlawed only outlaws will have guns". That's kinda the point. If a police officer sees someone with a gun, he doesn't have to wonder if it is legal or not. Anybody trading in guns is breaking the law, there is no grey area like there is with gun shows, etc. It also means that petty criminals will not easily obtain guns. While it's true that "if strong crypto is outlawed only outlaws will have strong crypto", this doesn't really help law enforcement. If somehow they manage to intercept communication and realize it's encrypted, that'll be as much as they can do. Any outlaw with any skill will pick a good crypto system and make it strong enough to defeat law enforcement. Crypto is easy to use, hide and copy, unlike guns. Anybody with anything to hide would be able to obtain complete privacy, but the average citizen would have none. That's just dumb.

Never mind whether or not making guns illegal is a good or bad thing. That's a different battle. But guns are not the same as crypto tools.

I disagree - now what?

[Troy2000]

I think its important that we be able to communicate without the government knowing what we say. I wasn't aware that this made me a terrorist!! I'm so upset! And I thought I loved my country! Where do I go to turn myself in? Could you help me out with directions on Mapquest maybe?

Also, something else I just realized - I haven't told my employer about some of the thoughts I've been having lately. I got a really neat idea, having to do with encrypted processing and secure software sales - shit I shouldn't say much more, cause I guess my employer owns my ideas and someone else might see them here and run us out of business! Then we're *all* fucked!

We're going to have to pass some laws...

[Nonesuch]

Takmage writes:

...If we're going to control encryption usage then I'm sorry but we're just going to have to pass some laws to force people to use authorized spell and grammar checkers.
...
You will also be interogated by an AI on every message you craft to determine your true intent; non-standard word usage will be flagged and noted on your record.

I knew it!
That damn paperclip was working for the CIA all along!

Freedom was attacked and Freedom will be Defended

[rjamestaylor]

Do we sacrifice our freedoms for security, or do we build on our freedoms? These are not easy answers. That's why the level of commitment behind them is so important. Our freedom is who we are and what our nation is founded on. Our freedom is the fabric of our success as a country. Our freedom is an essential element within each and every one of our spirits - the American spirit - and it is what we must hold onto during this time of what feels like unbearable shock.

For this country to be put back together and resume its lofty place, for this country to become even stronger than what it was, is going to require the people of this country doing what they've always done in the past during times like this. We must band together and defend our freedom, which is what separates us from our enemies. Our freedom was attacked and our freedom will be defended. On that, my friends, I am utterly confident - you can stake your life on it.

Rush Limbaugh, Sep 13, 2001.

brilliant

[jarek]

Make backdoor into law, then Osama (or whoever) has to install crypto software with backdoor, CIA/FBI can listen in and know when the next attack is going down. That's brilliant. Why didn't we thinkt of it before.

At least they got it half right

[tswinzig]

Here in Germany (I'm a Canadian by the way) privacy is a constitutionally guaranteed right. Too bad it isn't in the U.S.

And too bad freedom of speech isn't protected in Germany. I'll take our problems over there's any day of the week.

Re:At least they got it half right

[SurfsUp]

Here in Germany (I'm a Canadian by the way) privacy is a constitutionally guaranteed right. Too bad it isn't in the U.S.

And too bad freedom of speech isn't protected in Germany. I'll take our problems over there's any day of the week.

No, you're way wrong:

Article 5 [Freedom of Expression]

(1) Everyone has the right to freely express and disseminate his opinion in speech, writing, and pictures and to freely inform himself from generally accessible sources. Freedom of the press and freedom of reporting by means of broadcasts and films are guaranteed. There will be no censorship.

(2) These rights are subject to limitations in the provisions of general statutes, in statutory provisions for the protection of the youth, and in the right to personal honor.

(3) Art and science, research and teaching are free. The freedom of teaching does not release from allegiance to the constitution.

Listen, this is one of the big problems the world has with Americans. Can't look beyond their own borders, think they're the only people in the world that can stand tall. Cannot take or understand criticism from anyone but another American. And worse, don't realize that the entire rest of the world perceives them this way. Hey, don't take offense. I'm just passing this along, not making it up. Just know that the *only* way this is ever going to change is by first recognizing the problem.

By the way, there is a statutory prohibition of any kind of typically Nazi symbolism, which is often attacked on the strength of this clearcut constitutional.

Re:At least they got it half right

[tswinzig]

No, you're way wrong


I am? Try wearing a shirt with a swastika in Germany, or otherwise try to promote Nazism. Germany does not have guaranteed freedom of speech.

There is a saying that fits the U.S. quite well. "I do not agree with what you are saying, but I will fight for your right to say it."

No matter how distasteful it is, you are free to say it, as long as it does not infringe on others rights to life, liberty, pursuit of happiness.

92% give FBI more power; 71% say less liberty ok!

[ClarkEvans]

From the recent poll on the Washington Post:

11. Would you support or oppose new laws that would make it easier for the FBI and other authorities to investigate people they suspect of involvement in terrorism?

Support: 92%
Oppose: 6%
No Opin: 2%

12. What if that meant giving up some of Americans' personal liberties and privacy---in that case would you support it or not?

Support: 71% (less liberty for more security)
Oppose: 24%
No Opin: 5%

Ben Franklin said something like... those who trade liberty for security will loose both.

American wiretap laws- LE can _attempt_ to listen.

[Nonesuch]

You missed one important caveat:

In the United State, police are empowered to attempt to eavesdrop on normally private converstations.

There is nothing in US law (yet!) that prevents the parties to the conversation from taking steps to prevent the police from eavesdropping, including encryption.

As far as wiretap laws and police eavesdropping on telephone calls, there have been various levels of voice encryption products on the market for several decades, and there has never been any question as to the legality of their sale and use in the USA.

No, the internet should not be exempt from the rules of the physical world, but our rules only say that they police have to get a court order before they can legally attempt to intercept your conversation- nowhere does it say that the parties have to actively assist in violating their own privacy.

The proposed change would tilt the balance of power, mandating that you cannot take steps to conceal the content of your messages, just in case law enforcement might someday want to go over your communications.

Digital encrypted records can be stored indefinitely. I have no doubt that the backdoor key and a record over every message every 'interesting' person every sends will be stored on permanent media, just in case you or I turn out to be the next Martin Luther King Jr. and they need to pull up some blackmail material....

The Dangers Of Prohibition

[Self+Bias+Resistor]

The one thing that governments the world over do not (and sometimes will not) realise is that prohibition or restriction of anything (whether it's drugs, firearms, explosives or encryption) has not, and probably never will, work.

The main principle that I base this opinion on is that the law only regulates the behaviour of people who abide by the law. People who don't abide by the law aren't affected by any of these prohibitions because they don't affect them (unless they are caught and punished). What this means is that the only people that are really affected by prohibition are law-abiding citizens who, by principle, shouldn't be breaking the law in the first place. Therefore, while some lawbreakers are caught, many more are not and this makes the restrictions inefficient and inconvenient for the average person. The law itself is often not a deterrent for people to change their actions, especially if the action had previously been legal, rather it merely changes the method by which the action is performed. So if the government says that you can't do something, you simply do it when the government isn't looking.

For example, when the prohibition for alcohol (which had previously been completely legal) was introduced, people stopped drinking freely in their bars and in their homes and snuck off to "speak easys" (illegal drinking houses) that were often run by the mob or some other underground association. Therefore, prohibition didn't help the authorities and instead helped the underground. Furthermore, since alcohol was illegal this made the demand high and the supply low, so the quality went down and prices went up. People would be poisioning themselves on "drinks" that would contain large amounts of methanol (a chemical with similar effects to ethanol (alcohol) that is even more poisonous), so the incidents of death and blindness went up. Parallels can be spotted between this example and the drug debate that rages on in society today.

The fact that it's cryptography futher complicates the problem as you also being denied your right to privacy (where the government can't legally monitor your communications without just cause and a lot of paperwork - the NSA don't count as they themselves don't spy on US citizens, which is illegal, so they get other agencies to do it for them) but also your right to freedom of choice (the compulsory nature of these provisions means that the backdoors would be standard on all encryption products and backdoor-free versions could not be legally sold inside the United States). Add to that the prospect (which is more like an inevitability) of government abuse of these powers (one poster's example of the French government's "assistance" to French businesses using this power is a prime example) and you have a law that is so dangerous that its misapplication has the potential to completely erode the freedoms of the citizens of the United States. Furthermore, the rush introduction of this legislation after such the proposal of the SSSCA and the WTC/Pentagon/PA terrorist attacks, when the nation is still in shock and grasping for a way to prevent such an event occuring again (which is impossible to do), is inexcusable. The deaths of innocent citizens should never be used as an excuse to further erode people's freedoms in order to preserve "security" in the future (when it's obvious that there is no such thing as absolute or perfect security, only degrees of security).

My advice is, if you haven't already, to start a letter-writing campaign to your congresscritters now because by the time the Supreme Court rules this law as unconstitutional (which it most likely will - at least, it will if judges aren't being monitored 24/7), it may be too late. If enough people say something about it, then you never know how much effect it could have.

Consequences

[Self+Bias+Resistor]

That's because most people don't realise what giving up your personal liberties and privacy involves. They are unaware of the consequences of letting the government interfere further in their lives. And when they do realise what the consequences are it will be too late. Given that the poll was taken so soon after the tragedy (while everyone is still in shock), it's not suprising that the result came out the way it did.

I'm from the gov't, and I'm here to help you.

[Nonesuch]

you are sharing a trade secret with someone who has a need to know in your company, the feds aren't going to post it on the
Internet. If you are leaking a trade secret to your competitors for money, then I hope the feds come knocking at your door.

Wanna bet?

One word proves you wrong: France

It is well known that the French government routinely used their 'key escrow' laws (recently liberalized) to collect inside information from foreign firms and pass this information on to French corporations for competitive advantage.

Who is to say that if you are sending confidential contract bid information to a colleage, that the Feds won't pass this date on to a competitor, one that just happened to be a major contributor to the winning party in the last election?

For every highly ethical person in government, there are a hundred G. Gordon Liddys, fifty J Edgar Hoovers, and a dozen Nixons.

The illicid traffic daemon

[Odinson]

WE, or more specificly, programmers and freedom lovers need to fight this with the best tool we have, code. It's time open source took a SERIOUS swing at writing a daemon that records IP/port numbers and type of attack of all hacking and breakin attempts and sends the data back to somplace like securityfocus.com for public review.

Raw data and meaningful statistics should be readily availible. And WE ALL HAVE TO RUN IT ON OUR MACHINES. WE have too or the FBI will hang our rights out to dry.

Internet Revolutionarys - White Hat

Crackers - Black Hat

Enablers through apathy to crackers. Squashed like grape. - Gray Hat.

Think about it, IF WE HAND THEM ALL NON-INVASIVE data they have a much harder case to make when tring to justify collection of INVASIVE DATA and we (freedom lovers) have a much better case to make.

Think about the consequences if noone ever reported gunshots outside their house ever again. That is what is happening right now, and that is why the Government is heading down the path of misery and death at our expense.

I do not know of such a program (or where to get my unencumbered data) If such a project currently exists please me/us to it so I can install it RIGHT NOW!

Digital Envelopes

[Ranger]

Encryption is the digital equivalent of an envelope. We don't think twice about putting personal letters in an envelope. "Hmmm... You must have something to hide. From now on all your letters have to be on postcards."

Perhaps the best use of encryption is for digital signatures. If governments have the backdoor to them, how can we trust who the message is from, even if it's sent without being encrypted.

As has been posted numerous times, encryption is already available and in source code as well. The bad guys aren't going to stop using it, if they really are.

The rest of this comment is a long rant. Read it at your own peril.

Our politicians are playing right into the hands of the terrorists. It is our freedoms that gives us our strengths. The freedom to assemble, the freedom to speak, the freedom to worship, the freedom to bear arms, and the freedom from unreasonable search and seizure. Our liberties have eroded over the decades. All in the name of security, most especially, our war on drugs. We cannot let our politicians take away from us what the terrorists have failed to do. Our liberties.

America isn't perfect. It has it's warts, but it's a damn sight better than any other country. Yes, we are hated around the world, but why then does everyone wants to come here.

We must take action not pass laws. We must prepare for a long and bitter struggle against those who would destroy America. We have the resources to do it. Americans have always risen to the occasion when in peril.

Shutting the barn door after the horses have escaped is a common strategy of politicians. Yes, we won't be able to conduct our daily lives the same as it was before, but we shouldn't rush to ad insult to injury. I think their should be a sixty day cooling off period before politicians consider passing a law in response to a terrible event.

A country is not only a patch of land, ...

[gotan]

neither is it some people accidentily living there. It is a people with a common culture and ideals. Freedom and protection of the individual, including its privacy, is one of the paramount ideals in the US of America. This culture is one of the greatest things, the USA exports. And this ideal of freedom is a bright light which the USA is holding high, and which Lady Liberty is a symbol of. Please let not that terrorist attack become an attack on those ideals as well!

Absolute Bollocks.

[istartedi]

OK. For a while, I've been reluctant to say this, but if they are going to punish innocent people with these stupid laws, I might as well go ahead and get myself labeled as a "subversive".

During the time period that 128-bit encryption was restricted, I used to fill out the online form with the following information:

Name: Hafez the Enforcer.

Address: 1 Jihad Way, Baghdad, AL

Of course, Iraq was never available as an option, so I always put Alabama which is kind of silly, but anyhow the point is this: How did they know I wasn't a foreign national who had just signed up for an ISP account? They didn't. That was my little protest against that stupid law.

This shit reminds me of what happened after OK City. They passed some kind of "anti terrorist legislation". Well... excuse me, but last time I checked it was already illegal to blow up a building and kill a whole bunch of people.

I dare say that it's our PARTIOTIC DUTY to violate these laws EN MASSE. Let's point the guns at Bin Laden and his kind, not ourselves.

How smoke signals will regain popularity...

[forgetmenot]

This is the height of stupidity.

First of all, the obvious fact that criminals simply won't "upgrade" to the back doored crypto has been mentioned already before.

But... Let's say for argument sake that the morons actually go through with legislation like this. Then what? So the U.S. gov't gets the keys to encryption software - but it could only be for cryptographic software originating in the good ol' USA. Do you honestly think the EU is going to give the U.S access to their encrypted messages especially after the whole Echelon thing a while back?

But ok... let's say that they're really scared right now with the terrorism and all that and decide to go with it. But of course, they are going to want their own back doors too. After all, sovereign nations being sovereign nations want are going to want to exercise well... "sovereignty" of all things, over their respective minions.

So now we have international treaties to regulate these back doors and keys and stuff - after all, the U.S. is going to want access to the same back doors as the EU has and vice versa or else the whole thing would be meaningless.Terrorists don't care about borders.

But do all EU governments get a key. How about other trustworthy friends like Japan? Surely they will want keys. In Japan gets keys, how about oh... Russia? India? If India gets keys, Pakistan is going to insist too. Eventually everyone wants keys and of course its only going to be effective if everyone has the potential ability to read everyone else's encrypted mail - after all terrorism is international, right?

How do you decide who doesn't get a key then? We have to be able to prevent rogues states from acquiring the keys after all. But what about the goold guys who become bad guys because of coups and stuff? Next thing you know even the bad guys have the keys and now they can enjoy reading my grandmother's encrypted mail to her online knitting pals.

But the whole scheme still depends upon bad guys cooperating by using the back-doored encryption software but they won't because it turns out Echelon and ilk can't eavesdrop on "smoke signals" so it makes a come-back in a big way.

The Modern Age

[_Sprocket_]

In this article, a former CIA operative Reuel Marc Gerecht writes:

According to Afghan contacts and Pakistani officials, bin Ladin's men regularly move through Peshawar and use it as a hub for phone, fax, and modem communication with the outside world.

Sure - the individual leader may not be a heavy user of technology... but it would seem, and simply make sense, that his people would make at least rudimentary use of modern communications devices. And in a manner that doesn't leave a tell-tale cable trailing back to Central HQ.

Hrmm

[NitsujTPU]

Backdoors would
1) Let criminals see data
2) Not stop terrorists from sending data cryprographed
3) Could prevent defectors from having a safe route to transmit data to government authorities

This is a bad idea.

You don't understand...

[Danse]

They aren't claiming that it can be broken. Just that if it can't, we can bomb whoever wrote it, or at least kidnap them. Maybe torture them a bit to get them to decrypt it for us. Stuff like that. You never really believed we were above that sort of thing did you?

Re:You don't understand...

[Danse]

Yes I have, and as others have pointed out, there are programs to detect most popular methods of steganography. Don't misunderstand me. I'm not supporting the idea of banning encryption, I'm very much against it. I just think it might accomplish what they're wanting to some extent. I'm just not willing to lose my privacy to give them that ability. The terrorist groups would have to write their own software easy enough for their members to use if they wanted to make any real use of steganography.

Re:You don't understand...

[peccary]

And as others have pointed out, there is no means of distinguishing encrypted data from random numbers.

use a random number, go to jail.

Why didn't they listen to cleartext?

[gotan]

It emerges, that some prisoner in germany tried to warn the US government. he even got a phonecall to the White House, but was ignored because he was a prisoner and under psychiatric treatment. Sure, there are enough lunatics making wild claims every day, but nevertheless such hints should be passed on to the right authorities. Before sifting tons of encrypted e-mail, maybe they should consider to followup some cleartext-hints as well. Maybe next time someone wants to warn the government of something he better send some triple encrypted messages around via e-mail, instead of phoning them.

French tried - it backfired

[horza]

The French don't trust their citizens and for years banned all encryption (except some businesses, with them having to hand over keys). They may have, as you allege, used the intelligence in an underhand way. However, I think your reason for 'relaxing' their stance on encryption is mistaken, or only part of the reason. Upon discovering all about Echelon, and the extent to which the USA have been gathering intelligence on French business (and allegedly lost billions due to NSA handing key data for US businesses), it brought about the greatest 180 degree turn in crypto politics seen to date. From a complete ban to full support of strong encryption, with the encouragement of open-source software. To think things had steadily been improving since this article 2 years ago. It would be a blow to the memories of those lost if their sacrifice failed to make the world a better place.

Phillip.

Trouble is...

[^DA]

...bin Laden and others like him have the means to get their hands on crypto software that doesn't have backdoors in them. The rest of us won't.

So what the american congress is suggesting is that normal people can't have secure communications anymore. And where is the point in that?

Re:Interesting method of encryption

[IronChef]

Enjoy this conversation while you can. It will probably be illegal to talk about this inside of a year.

I am surprised that no one has proposed an airline ticket waiting period yet. It would help just as much as this stupid crypto law.

Bill of Rights

[darkfrog]

Article the sixth [Amendment IV]

The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.

Seems to cover it to me... to bad our founding rights that the country were built on are now the founding documents that our government walks all over now!

The US wrote that...

[Gorimek]

The funny part is that both the German and Japanese constitution was written by the American victors after WW2. Well at least the Japanese, I don't know about the German. The allies probably hade more influence there.

GnuPG

[Betcour]

www.gnupg.org

NOT made in the USA... open-source, compatible with PGP.

Re:Our "Open" society

[IronChef]

I'd be willing to give up some privacy freedoms to prevent this sort of thing from happening - random search and siezure for instance.

Please god, tell me you don't vote. That's crazy talk. It's seriously OK with you if the Black Jumpsuit Gang busts your door down at 3AM for no reason at all?

Re:It's not so simple.

[mpe]

Sure, armed marshalls would probably prevent some of this (and I think that they're a good idea), but they're also expensive (are we going to put them on all of the THOUSANDS of flights everyday?), and will still not guarantee total safety. Really, nothing will.

Also if they are always there, these terrorists will simply add to their plan "identify marshall(s)". You need a lot of marshaalls since they need to appear to be ordinary passangers.

Re:People will hand it over - crypto's already out

[mpe]

The reason this was *over* in the past is because the FBI is blissfully unaware that strong crypto is standard operating procedure for US corporations, and is only used by nefarious bad guys.

Indeed such business makes far greater use of communications than would a terrorist organisation.

The Price of Liberty is Eternal Vigilance....

[billstewart]

"The price of freedom is eternal vigilance" means us watching the government - not the other way around. Sometimes they get out of hand, and need to be reminded, like Senator Gregg, R-NH, whose speech started this discussion. We spent the whole Clinton Administration beating up on the NSA and the export bureaucrats and doing EFF lawsuits and anti-Clipper petitions and building DES-crackers to get the Feds to acknowledge that neither the First, Fourth, and Fifth Amendments nor the economics of computer technology were on their side, and generally it was the Democrats supporting the anti-civil-rights side (not too surprising) and the Republicans playing good guys (unusual, but it happened to align with business interests and oppose the administration.) Now that the Republicans are in control of the Presidency, we're seeing them start to switch sides (not too surprising, unfortunately, and there was always a split between the more pro-business Republicans who were mostly pro-crypto and the more social-conservative pro-police ones who were against it.)

For another perspective on eternal vigilance, David Brin's book The Transparent Society talks about the issues of ubiquitous cheap video cameras combined with cheap communications and computing. The recent face-recognition uses at Florida sports stadiums and the cheap X10 cameras with the annoying pop-up web ads are only the beginning.

Nope, yesterdays article says no.

[AftanGustur]

The article that discussed carnivore on /. yesterday clearly stated that rerrorists (bin laden) have already started to use steganography to communicate.
The messages are encrypted and added to images etc .. and are then available to everybody on a public website.

Re:bye bye civil liberties

[IronChef]

Clearly, what we need is DENIABLE crypto. "I swear, officer, the password was 'sexgod123'. Yes, I DID encrypt my mother's apple pie recipe. It is a family secret. I am cooperating fully though, aren't I? Prove I'm NOT, YOU SMUG BASTARD! Oops, did I say that out loud?"

Meanwhile, someone else can decrypt the file with password #2, revealing the actual secret data. The crypto would have to hide the very presence of the "real" data, giving up the false data when the right passphrase was used.

I presume there is no math stating that such a system is impossible, but I'm no Doc Crypto.

Freedom is a state of mind.

[AftanGustur]

Never forget that.

If this "Big Brother" shit goes on, America has a good change of becoming one giant space, where nobody feels free.

Difference between an airport and an email!!

[Kasreyn]

Dammit, an airport is a public place. If I walk into an airport carrying a gun openly, people will see it and think, "oh he has a gun", and take appropriate actions based thereon (ie., not let me on a plane). From there it is a very SMALL step to metal detectors, to find out if I have a concealed gun. It is a public place and by the mere fact that others can see and hear what I do, I naturally have a lower expectation of privacy.

Compare to in one's home. If I send an email with GPG, no one can read it. I am innocent until PROVEN guilty in this country and my personal correspondence is MY business. Any private citizen tampering with my mail would be liable to prosecution for invasion of privacy. Now, from this situation it is a very LARGE step to automatically requiring the compromise of the privacy & security of ALL my personal correspondence for the sake of a POSSIBLE threat, since I am in a private place and no immediate threat from me is visible.

See the difference yet?

-Kasreyn

Re:My personal data? Maybe. My employer's? Absolut

[IronChef]

How do I communicate this problem to the vendor without strong encryption?

You'd be crazy to report a security flaw like that. If the company with the flawed product was vindictive or just stupid, they'd try to get you thrown in the slammer as some kind of computer terrorist. Security through Obscurity is a stone's throw from Security through Repression of the Facts and the Destruction of Those Who Would Reveal Us as Incompetent.

When it comes to computer security, the good Samaritan is an endangered species.

Re:Winning has nothing to do with it

[SurfsUp]

"Do such and such and the terrorists win"

What nonsense. The terrorists do not wish to reform America's crypto policy. They wish to subject the world to Allah's will.

And what better way to start than by making the U.S. a less desirable place to live in?

Understand this simple fact of guerilla warfare: the first objective is to limit the enemy's mobility by making him take cover. So, he attacks, target responds by discarding its societal freedoms. People don't want to go there any more, or conduct their business there. Good start.

Not alone

[jflynn]

I, Cringely's "A Man With a Hammer" is relevant I think.

You misunderstand.

[Kasreyn]

I think it is a noble thing you are saying, that if you could save a life by giving up your privacy you would. I applaud that concept.

But giving up your privacy won't save any lives. Sad but true. Give up your privacy, people will continue to die, and you will just be a schmuck who gave up his privacy.

The whole point of 90% of these threads is this sort of bumbling treat-the-symptoms legislature has not a hope of protecting anyone from terrorism. All it is is a power snatch in a time when people are afraid and not at their mental best in critical thinking. Your noble sacrifice of your freedoms won't save a single life. So don't do it.

-Kasreyn

Security is not a static defense

[jflynn]

I think you are correct to doubt absolute statements.

But the invalid assumption here is that you can design an acceptable compromise and stick with it. Given any particular security system, if you look long and hard enough, exploits can be found. Then we have to trade more of our liberties for security in a neverending cycle of escalation.

The problem isn't that people can talk privately. They always could, and always will be able to. It's that they want and are able to kill us. We should work on those instead.

Re:We've defeated suicide terrorists before

[Malcontent]

There is no such thing as "harboring" it's a meaningless term. Sure bin laden lives in afghanistan but it's a big country with huge tracts of rugged mountains where bin laden lives. You think anybody could just walk up to him and arrest him? Of course not. Nevertheless kabul will be bombed and all those people who had nothing to do with anything will die. I guess it will make you feel better though and that's the real important thing.

Only outlaws will have encryption.. blah blah blah

[drsoran]

Benjamin Franklin didn't have terrorists walking onto airplanes and crashing them into buildings full of tens of thousands of people. I think you can safely say this situation is quite a bit different than anything anyone could have predicted 200 years ago.

As for "mandatory crypto backdoors", I think it's become a common saying that when encryption is outlawed, only outlaws will use encryption. This is a ridiculous time to be making any hot-headed decisions on something like this. Even if the US did make some inane law mandating backdoors in encryption there are plenty of free and completely open strong algorithms out there to use. What stops terrorists from using these other programs NOT made in the US or writing their own code?

This is the kind of thing that happens after every tragedy unfortunately. Emotional people start making emotional cries for immediate changes. After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people. Banning strong encryption is not going to stop criminals or terrorists from using strong encryption! Hijacking airplanes is also a crime but that didn't stop a bunch of whacked fundamentalist motherfuckers from doing it now did it?

Too late

[Ed+Avis]

If bin Laden or whoever is 'a big crypto user', then how would it help to restrict the availability of encryption to US citizens? Isn't it just a little too late?

Decrypt this

[corebreech]

The strongest cipher also happens to be the simplest: the one-time pad.

A child can implement a one-time pad using a deck of playing cards, a pair of dice, or by simply flipping a coin repeatedly.

And the most advanced governments even if equipped with what is now only theoretically possible -- like the quantum computer -- would not be able to successfully cryptoanalyze a message so encrypted.

Are we going to classify playing cards as munitions? Dice too? What about coins: can we devise a currency that is crypto-safe?

Sometimes I feel like I'm drowning in monkeys.

Freedom and Encryption in the US.

[An9n]

I'm a Swede living in Japan and I have always been following the cryptography and digital copyright debate with a concerned interest.
The second thing that came to mind when I learned of the tragedy was what pro-regulative forces would take this golden oportunityto bring on all kinds of regulations to the US people, especially
in regard to encryption technology.

It is quite clear to me that 'the land of the free' is not close to as free as you'd like to think you are.

Where I come from,
1. Reverse engineering is not a crime
2. Software patents are not allowed
3. Regualtions on encryption has never been heard off.

Where I live, I've never heard of a cracker ever being prosecuted (there might have been I case or two that I have not heard of, but the point is, the government is NOT being paranoid about it).
I am not saying that lenient laws and or are always good, but they do tend to provide a greater amount of freedom.

Speaking of installing backdoors, it's pretty arrogant to think that encryption software can be made only within the us. Sure, most consumer
software (read M$, PGP) is made in the us, but the only real effect is that consumers will be exposed to backdoors and hardcore criminals will
use something else / write their own code. Especially well funded criminals that can pull of terror stunts like this one.

BTW, I read in Wired that the FBI were pushing carnevor installations to be used 'just for a few days' AFTER the attack, like, there would
be a lot of communication to listen to AFTER the attack? It looks like people are giving in on their principles already.

Anyway, I sincerely hope that America recovers fully both in body and mind, and do not allow this tragedy to be amplified by giving in to
those who might be using it to their own purposes.

Strength to you all.

Re:Freedom was attacked and Freedom will be Defend

[rjamestaylor]

If you're for continued freedoms it would behoove you to band together with like-minded folk regardless of agreements on freely expressed ideas. If you truly believe in "I'll fight to the death your right to say it" then you'll put aside your opinions to fight togther for the basic right to be free.

Unless, of course, by freedom you mean freedom to express your singular viewpoint. That is not a freedom, that's a tyranny.

Re:We've defeated suicide terrorists before

[JimPooley]

I've just been wondering if we're going to bomb America for funding the IRA...

Well, if we're talking about being tough on supporters of terrorism, that's a perfectly fair statement.

Maybe, lets hear what Jefferson had to say

[nichughes]

"The criminal attempts of private individuals to decide for their country the question of peace or war, by commencing active and unauthorized hostilities, should be promptly and efficaciously suppressed."

and

"That individuals should undertake to wage private war, independently of the authority of their country, cannot be permitted in a well-ordered society. Its tendency to produce aggression on the laws and rights of other nations, and to endanger the peace of our own is so obvious, that I doubt not [Congress] will adopt measures for restraining it effectually in future."

The idea was always there that congress might have to restrict the freedoms of those living within the republic to protect the common good, especially where individuals were trying to provoke the unimaginable horrors of war. Sure you can have a long debate on exactly where to draw the line, you can disagree with where they are currently suggesting the line be drawn, but lets not pretend its quite as simplistic as your one quote implied.

If you disagree with what they propose then demonstrate alternatives or show why their proposal is worse than the threat faced by the USA. There are good arguments to be made, there are quite probably better ways of dealing with the threat but if all you do is run out old quotes then you are doing what Franklin said;

Any fool can criticize, condemn and complain and most fools do.

--

Nic (expecting to be moderated to -1000 but figures it needed to be said anyway)

Defending Freedom by reducing it...

[lverrall]

It looks like the first casualty of this "War" on anti-freedom anti-democracy Terrorists is to remove personal Freedom through monitoring and, potentially, usurp the democratic process of what can be monitored by and by who.

Carnivore was in at ISPs on Wednesday and will be into Tier 1's by now. Remeber to intercept 'net traffic you have to look at ALL the packets. To trap "encrypted" data whatever that may be you have to read 'em. Imagine the power to open ALL snail mail and read it to check if it's suspicious...

There's a distinct danger that this kind of monitoring will be installed, relatively unchecked, with Civil Rights groups unable to mount a credible defence due to the devastating nature of the terrorist attacks. This will happen not just in the US but easily in the UK, France and Australia who have similar laws or technology in place.

And once it's in, you can bet it won't come out again. Think 5 years down the line...

Re:Defending Freedom by reducing it...

[MikeBabcock]

The question I want congress to answer is why do they believe that mandatory restrictions on crypto software in the US or even in NATO countries would restrict the availability of current secure software in the hands of terrorists. Why does Congress believe that terrorists (or other major crime rings) will obey the new laws in the first place? They're criminals.

Cynical exploitation

[DrXym]

Hands up all those people who think terrorists like Bin Laden would use encryption with a back door in it?

Of course they wouldn't. Any proposal to add such a back door is just a cynical attempt to coast it into law using this atrocity as a pretext.

The usefulness of crypto backdoors..

[jcr]

..for legitimate law-enforcement surveillance is precisely:

Nada.

Eavesdropping at will, without warrants or warning is however, perfectly suited to the needs of a future J. Edgar Hoover seeking to harass and intimidate a future Martin Luther King.

Congress can *consider* requiring backdoors all they want. I, however, am one Jew who will not comply.

-jcr

*Maybe* I wouldn't mind being snooped if...

[weave]

My stance is softening -- a bit. I wouldn't object so much to being snooped on if it was only for national security purposes. Unfortunately, we can't trust the government to do just this. Stupid commercial interests would leverage it in some way so they'd also be snooping in to find people who loaned a CD to a friend, for example.

It's not the idea so much as the potential to abuse the power. That what turns my stomach. It's one thing to prevent a disaster like happened Tuesday. It's another thing to use it to protect the profits of corporations. I just don't think we can trust them to do one and not the other... :(

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:It will be USELESS for catching terrorists!

[budgenator]

As much as I can determine, present terrorist, drug cartels ect. all seem to opperate on the French Resistance model of WWII;

1. Use of cells (small groups of about 5 -7 people) so that each part of the operation doesn't know who is in the other cells. this limits compromise even when tortured.
2. Each cell only know a small subpart of the mission and is trained for it. again limiting compromise.
3. Each cell is controled by a handeler who in turn only knows how to contact a few cells and is himself is handeled. This way if a handler is compromised only a few drop sites become known. The handler may never come into direct contact with or actualy know the pick-up mule for any given cell.
4. communications are often in the clear, but with hidden meanings such as

   Aunt Sally is getting married, the wedding will be on the 11th of Aug the wedding will be at St. Johns at 4:30 and the reception is at the community center at 7:00 pm the same day. The Bridal registry is at National Dept. store

now if anyone can explain how being able to decrypt a message like this will let the authorities know that planes will be hyjacked and flown into buildings by people who don't know each other at a particular date and time, I'd appreciate it.

Hah

[return+42]

Oh, sure. Let's put Carnivore on everything. Let's outlaw encrytion without backdoors. Let's monitor every binary for stego. No one in the US will have any privacy at all online. And terrorists will simply use messages like this:

"Order number 83093058: ship 2,000 sprockets, part # 31416, and 1,000 cams, part # 2718, to arrive by September 11. Ship to our Chicago warehouse." (Translation: attack target 31416, World Trade Center, and target 2718, Pentagon, on September 11 at 9:30 local time. Use attack plan "Chicago", hijacking planes and crashing them into the targets.)

So on the one hand, we have no privacy, and on the other, the terrorists have to sneak codebooks into the country (except for the homegrown militia types, of course). Doesn't seem worthwhile to me...

fucking retarded

[Ender+Ryan]

I can't believe how fucking stupid people are, how the fuck are backdoors going to do anything when the people who we need to track won't have backdoors in their software?

Plain fucking stupidity.

code vs cypher (crypto)

[dpilot]

Now you get to the difference between a code and a cypher. What we think of as cryptography, and often mislabel as a code, is really in the space of cyphers. Codes are something else - where there is not a one-to-one correspondence between visible and hidden messages.

I'm going to risk making an idiot of myself by misusing some terms, and say that crypto and cyphers are syntactical, where codes are semantic. In other words, you can apply crypto to any message. On the other hand, code is usually geared toward a specific set of messages. Your 6lb baby boy code could probably not be used to securely send your credit card number.

Cypher/crypto is more generally usable.
A code is more specific, may be more easily hidden, but would more likely fail in long-term usage.
It kind of interacts with the idea of a one-time-pad as explained in "Cryptonomicon", except that continually developing one-time codes that would retain innocent appearance seems like it would be awfully tough.

Re:code vs cypher (crypto)

[mpe]

I'm going to risk making an idiot of myself by misusing some terms, and say that crypto and cyphers are syntactical, where codes are semantic. In other words, you can
apply crypto to any message.

Cyphers involve taking "plaintext" and applying some kind of algorithm render it into something which is meaningless to someone who cannot decrypt it. Cyphers both lend themselves well to being operated by machines and in being able to exchange arbitary messages.

On the other hand, code is usually geared toward a specific set of messages. Your 6lb baby boy code could probably not be used to securely
send your credit card number.

Except that for paramilitary operations you may only need quite specific typs of communications.

Back door vs key escrow

[dpilot]

If this is going to fall away, I'd really rather see key escrow than back doors. A back door is a fundamental breach of security, can be discovered by someone other than the FBI/CIA, and essentially renders the crypto useless.

Key escrow on the other hand, retains the basic security of the algorithm, even though the FBI/CIA may have access to your keys. At least you are secure from others.

But from a different perspective, it is possible to gracefully back out of a key escrow situation. It is possible to cease requiring escrowed keys, and to generate new ones held by a different mechanism. What's key is that the industry built up around the algorithms can remain in place, and that part of the total solution can be trusted.

Re:So what open source app should I get while I ca

[GigsVT]

https is done through SSL normally. One could however use an ssh encrypted tunnel to get to a normal http site.

I just read a book that addresses this issue..

[Dman33]

I just read "The Devil's Code" by John Sandford last week. It addresses backdoors for the gov't in encryption. Pretty scary remifications are possible, but of course this is just fiction. or is it? :)

You can check the book out at Amazon here.

Or just search for ISBN 0399146504.

Remember CipherSaber

[victim]

Sorry I slept too late and didn't get this in until the wastelands of the later articles, but...

Any decent programmer can write their own encryption in a matter of minutes. Go look at the CipherSaber home page.

In George Lucas' Star Wars trilogy, Jedi Knights were expected to make their own light sabers. The message was clear: a warrior confronted by a powerful empire bent on totalitarian control must be self-reliant. As we face a real threat of a ban on the distribution of strong cryptography, in the United States and possibly world-wide, we should emulate the Jedi masters by learning how to build strong cryptography programs all by ourselves. If this can be done, strong cryptography will become
impossible to suppress.

So get out there and write build yourself a saber. Then use it to encrypt a short reply to this article with the key freedom.

You are missing something.

[viper21]

From what I understand, there will be one universal De-Crypto key for all cryptographic software.

Cool.

How about one master key for all the doors of the world?

I guarantee you that I will have a copy of that key (for the doors) within the year.

I'm sure they'll be for sale on every street corner in New York.

-S

Re:Protection for the masses

[SuiteSisterMary]

Considering the rather amusing American legal system, which I believe still classifies cryptographic technology as a 'munition' I wonder if one couldn't make a rather amusing constitutional argument about the right to bear arms?

Bats in Scotland

[Pseudonymus+Bosch]

Are you aware that in many areas a CHILD can purchase a THREE POUND baseball bat? There is NO purpose for such a heavy bat except for hitting things VERY hard. Now, I wouldn't interfere with people using a bat for sporting purposes, but they should be carefully regulated as well.

I was told that the sales of baseball bats in Scotland are very superior to the number of baseball players. Do you know some baeball team from Scotland?

Re:Only outlaws will have encryption.. blah blah b

[why-is-it]

After a school shooting people call for a ban on guns. People, shooting another person is already illegal! Banning guns are not going to stop a *criminal* from shooting people.

Yes, but there are a lot of guns out there, and it is really easy to get one. If having an armed population translates into a lower crime rate, then you would expect the US to be the safest place in the world. IIRC, there are some states where the guns outnumber the people. And yet compared to other first-world nations, the US has the most violent society, the highest crime rate, and the largest % of their population in prison.

Violence begets violence.

Re:We've defeated suicide terrorists before

[Reality+Master+101]

You're ignorance is, quite frankly, shocking.

You think Afghanistan is innocent here? Even if we grant that they don't have the resources, they can allow others to go in and get them. But up until now, they have not allowed it. The US has time and time again told them they will be held responsible for any terrorist attacks.

They are not "people who had nothing to do with anything". They are conspirators.

Re:We've defeated suicide terrorists before

[Reality+Master+101]

By the way, just for your education, read this article. I quote: "He says the Taliban have isolated bin Laden and have taken away his fax machine, satellite phone, cell phone, computers, and his Internet access.

Really sounds like people who don't know where he is and have nothing to do with him, doesn't it? But the US government probably made it up and told CNN what to write.

Extreem Example of Un-American Activity.

[twitter]

Correct me if I'm wrong, but I don't think that the US government has ever censored the mail of combat troops. If that's not a life treatening, national security priority, I'm not sure what is.

Mandatory backdoors and other invasive technology represent a far greater threat to freedom than any terrorist. Enacting big brother style government makes a mockery of all the things that this country has fought for since it's founding.

Re:Extreem Example of Un-American Activity.

[Tetsujin28]

The U.S. military has routinely censored the mail of combat troops -- certainly in World War I and II, and I believe as recently as the Gulf War.

(Which seems reasonable to me. It does not seem reasonable to restrict the rights of civillian citizens to communicate in whatever way they choose.)

George Bush Sr on intelligence and the CIA...

[ClarkEvans]

From the Washington Post article George Bush Sr says:

But I went to CIA at a time when CIA had been criticized properly for some things, but unfairly attacked for many things that it shouldn't have been attacked for. And what happened out of that period was that many of our human intelligence sources dried up. If they see there is some muckraker going out to CIA and considering everybody out there as doing something bad or naughty, and if they see the names of our intelligence sources released, those sources dry up.

And so, human intelligence is kind of a dirty business. And in it, you have to deal with unsavory people. People tried to make a lot out of the fact that at one point the intelligence community dealt with Manuel Noriega. Well, they did, but it isn't a nice, clean business. And if you're going to infiltrate some cell somewhere or a terrorist cell, you have to deal with people that are willing to betray their country, people that are willing to betray their friends, people that want money or other things. And it's not pleasant.
But if we're going to provide the president with the best possible intelligence, we have to free up the intelligence system from some of its constraints. You have got to always respect the privacy and right of an American citizen. But I think they ought to take a hard look now at whether we've gone too far in denying the people that run the intelligence community access to human intelligence.

You know, you can tell a lot from science. When I was president, during the Gulf War, they could tell me exactly how many troops were where on the front lines. They could say which direction they were moving. I remember getting a thing from Saddam Hussein via Gorbechev saying, ``Well they're pulling out.'' Yes, they were pulling out of where they were, but they were going south toward Saudi Arabia. We could tell that from intelligence.

But what we couldn't tell is the intent. And the only way you can measure intent in intelligence is if you have human intelligence, if you have people that are really willing to risk their lives for a cause--and sometimes they'll risk it for noble reasons, you believe in democracy and freedom--and sometimes they risk it for more selfish reasons like money or women, you name it.

And it's not pleasant, but I think we're going to find that we have to do more in the way of human intelligence and that means we're going to have to take a broad look at exactly what constraints the intelligence community, not just CIA, but the community itself, is operating under.

And I think it's important to recognize that all this new Internet technology that you guys know so much about has to be reviewed, in a sense, to see whether we're constraining our intelligence communities from getting after the culprits that may be American citizens. It's not pleasant.

Re:George Bush Sr on intelligence and the CIA...

[Catbeller]

But... George Sr... how exactly would monitoring our email, phone calls, public places, and having a backdoor into all our encrypted systems...

HAVE DONE A DAMNED THING TO STOP THOSE PLANES??

Stenography

[hz+is+a+freak]

I spoke with one of my professors in cryptography a month or two ago reguarding crypto algorithms that are being used. When the subject of terrorists and bin Laden came up, so did stenography. The idea: encode your message into a pornagraphy image, post it on the internet, tell your terrorist buddies that so-and-so has nice tits on some-porn-site.com. They know how to extract the data and we have no clue. There is no way the gub'ment could possible know where the message is or how to decode it. Therefore, rendering these backdoors on crypto algorithms useless.

hz

''It makes ice cubes!'' - Tripping the Rift

OutGuess 0.2 can't be detected w/Stegdetect...

[Svartalf]

There ARE ways to make Stego hidden enough that most methods are ineffective. And that's the real point here- the Terrorists in the WTC/Pentagon attack didn't use unbreakable Crypto- they didn't use much of anyting as far as anyone's been able to tell at this point.

The terrorists seem to have won what they wanted- this country's using this as excuse to reduce our liberties and we're doing other things out of pure fear and demands for false security.

Re:Anything that doesnt kill them

[cybrthng]

"Consider for a moment what a group of determined people with nothing left to live for and no lives to preserve anywhere anymore could do (think filo viruses). "

SO letting them run free to do what they wish against any democratic nation is better then fighting a war against these people?

The world is for humanity, these few terrorists are not. This is a war for humanity. This wasn't a strike against a powerfull nation, it was a strike against civilians, humanity, and against there own people. These murderers have to realize that yes, they destroyed an american icon, but at the same time they killed hundres of italians, hispanics, brits, irish and MANY MANY OF THERE OWN PEOPLE. Yet they show no remorse.

The US isn't going to hijack there own planes and send them crashing into civilian workplaces. Were just going to send in our military to kill people who try to kill us.

We don't fight terrorism now, we never will. People for years have tried to politically, educationaly and motivationaly help other countries with absolutely NO RESPONSE. Throwing books, preaching values and ethics gets no where for countries, nations and people WHO DON'T VALUE LIFE OR HUMANITY TO BEGIN WITH.

PEOPLE WHO DON'T VALUE "HUMANITY" ARE NOT PEOPLE. PEOPLE IN PAKISTAN AND AFGHAN SHOULD STAND UP FOR HUMANITY AND FIGHT TERRORISM THEMSELVES.

But they don't. THey choose to live like rats. I can't say it any other way. It isn't about what america does/did or WILL DO. IT IS ABOUT HOW THESE SO CALLED NATIONS WILLL PROTECT THEMSELVES AND PROTECT HUMANITY.

NO matter your race, skin color, nationality or religion, we are all humans. THESE PEOPLE DON'T RECOGNIZE THAT FACT and therefore don't recognize education, politics, humanity and respect as a solution to there problem, and they NEVER WILL.

I guess you just want to let them run rampant to have there own problems. Well, once the afghans and terrorists start another war with pakistan and get control of there SUCESSFULL NUCLEAR STOCKPILE it will be TOO LATE FOR US TO REACT. We already know they don't value there own life, so they would be happy to wear these devices and blow up cities with NO problem.

Believe me, war is *NEVER* the solution to any problem, but you can't FIGHT A WAR WITHOUT DECLARING ONE AND IT IS ABOUT DAMN TIME WE DECLARE A WAR AGAINST THE CRIMES OF HUMANITY AS THIS HAS NOTHING TO DO WITH HOW THE UNITED STATES IS POLITICALLY.

Everyone has life all wrong. You aren't born into slavery, you adapt it. YOU HAVE THE CHOICE FOR YOUR OWN PATH. If these people are strong because they kill themselves for there faith then WHY CAN'T ANYONE ELSE STAND UP FOR THEMSELVES. Why can't the people of iraq see that Sadam is simply not fit for rulership and oust him? They have arms, they have legs, they supposedly have a brain to think for themselves, but the only thing they do is follow anti us and western propaganda.

Its time we put an end to the misery. Be it war, special ops or whatever, the middle east has to be settled, countries have to be establish and militaries have to be won or defeated. For christs sake, afghan isn't really its own country, but territories fought over by people who don't care about humanity. There are no civilians in war, only the death of innocence.

Benjamin Franklin on liberty

[rootrot]

"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
-Benjamin Franklin

That pretty much sums it up for me...
/rr

Spooks won't help

[BarefootClown]

The problem with this approach is the target of the surveillance. Human intelligence (HUMINT) works againt large organizations, like countries, because within any large organization, you have malcontents, dissidents, and others whom for whatever reason, don't like the organization, and will help you. If these people exist, they can be identified and tapped. If, for some reason, they can't be found, a last-ditch solution is to find somebody who looks (physically) enough like the people being monitored, can pass for a local, and get him into the organization. With large organizations, this is always possible, because large organizations always need new members, and lack the ability to do a complete background screening on everybody.

Small organizations, like terrorist cells, have no such weaknesses. They are deliberately kept small for this reason--with every new member, you add another potential security hole. Members are screened very carefully, and are usually admitted as family members, or other such extremely close ties. They are a known quantity before they are invited to join. Their loyalty is unquestioned, and if it should ever come in to question, they are shot. No questions, just dead--that's the only thing the can do, as the stakes are so high. Dissidents don't exist. As for penetration, just forget about it. Again, the membership is essentially invite-only. You can't walk into a cell and say "hi, I'm new in town, and I'm looking for a fun-loving bunch of guys to cause a little mayhem. Are you accepting new members?" Somehow, I don't think you'd walk out of the meeting alive, assuming you could find it in the first place. The operational security on these groups is incredible, because it has to be. There is no realistic and reliable way to get operatives into a group like this. No operatives, no HUMINT. Oh, sure, you might get lucky, and have somebody have a change of heart, and volunteer his services to the local authorities, but that's a one-in-a-million chance.

I hate to say it, but communications intelligence (COMMINT) and signals intelligence (SIGINT) are the only way to gather operational data on these groups. We have satellites that can listen to their cell phones (and we use them), we can track their locations (to a degree) with photo/recon satellites, we can (attempt to) intercept their internet communications (we'll generally fail, but again, we might just stumble across something that was improperly encrypted...not likely, I know)...we really can't get inside information. The nature of their organization depends on strict operational security, and they know it. They take extreme measures to ensure that security.

More spooks in the field works well against a country, but it just doesn't work against a small, determined group. I don't know the government structure of Afghanistan well enough to make an informed prediction about it, but I would imagine that they keep things fairly secure, just because they have a long history of conflict (see Russia), and wouldn't want to take chances unnecessarily.

The genie is out of the bottle

[Tassach]

Sure. Let's ban guns. Great idea. After all, we banned drugs and it's amost impossible to buy them anywhere now. We all know that the country's drug problem disappeared overnight once we passing a law banning drugs. Look at Northern Ireland -- they banned guns and it bacame the safest and most peaceful place on the planet.
</sarcasm>

We tried banning alcohol and it didn't work then. We are trying to ban drugs and it isn't working now. How likely is it that a ban on guns or crypto will be effective?

Guns, drugs, alcohol, and crypto are all very similar in that they are all easy to produce: all that is required is some basic knowlege, a few rudimentary skills, the appropriate raw materials, and the motivation to put it all together.

Anyone with some yeast and grain can make alcohol. Anyone can make LSD, PCP, ormethamphetamine with some common chemicals and a set of instructions. Anyone with access to a decent machine shop and some tool steel can make a gun. Anyone with access to fertilizer and gasoline can make a bomb. Anyone with access to a computer and a few textbooks can write a crypto program.

The genie is out of the bottle and you can't put it back in. The knowlege of how to make things is already out there, and the raw materials are everywhere.

Re:The genie is out of the bottle

[VivianC]

Why are we talking about guns? Some of the people here are unbelieveable! This week has just shown that 19 determined people could kill more Americans with knives and box cutters in one day than guns have killed all year.

You are talking about banning a tool. Get a grip. A gun on a table, a knife in a drawer, a van in a garage and a plane on a runway all have potential good uses, potential bad uses and potential neutral uses. It's up to individuals to decide how they will be used. Such is freedom.

Re:Only outlaws will have encryption.. blah blah b

[why-is-it]

Your statement collects up all the legal guns from the southwest and distributes them across the country to places like NJ, where its *extremely* difficult to legally get a handgun, and gun violence is extremely high (and law abiding citizens can't defend themselves).

And yet the US is the most violent society on the planet. Have you compared the crime rate in major US cities to the crime rate in European cities? Compare the crime rate in the US to that of Canada. Per capita, the violent crime rate is much lower. Why do you think that is?

Spare us the NRA propaganda for a moment, and look at the big picture. Not only are the Europeans not armed, they also have progressive social policies designed to reduce the educational and economic disparities amongst the citizens.

If everyone could get a good education and a decent job, why would a rational person want live a life of crime?

Guns are part of the problem, they are certainly not part of the solution.

Re:Echelon is back to steal your secrets!

[Fesh]

"Even so, it would just mean the same old thing, Law abiding citizens and companies are less secure while criminals are untouched."

Even more so... What happens when the backdoor gets compromised? What we're talking about here is a deliberate weakening of an encryption scheme, which flatly contradicts the purpose of encrypting anything in the first place!

Privacy Rights Discussions in Baltimore/DC

[vees]

There will be a meeting the evening of Saturday, September 15, 2001 in the Baltimore/Washington area to discuss the implications of the recent tragedy as it affects our civil and privacy rights, specifically impending legislation against unbreakable encryption.

For more information please see my article, "Post-WTC Privacy Rights Discussions in Baltimore/DC" on cluebot.com or contact me via e-mail with any questions.

Re:Off Topic - MS & NN 4.7 crapware

[(H)elix1]

We are both at fault here. I used Micros~1 word to spell check my post, but since I use Mozilla to browse, I don't have the ?'s issue when reading posts. I fired up NN 4.7 (solaris) and sure enough, it has some serious issues rendering. Try Mozilla, however, if you are still using a 4.x version of NN. It is MUCH better.

Logic Failure

[virg_mattes]

> Guns are part of the problem, they are certainly not part of the solution.

You imply an excluded middle. What if they're neither part of the problem, nor the solution (if it's merely that Americans are by culture more violent, removing guns won't reduce crime rates because criminals will simply use other means)? Or, what if they're both part of the problem and part of the solution? Don't be so quick to say that it's simply gun proliferation that's the root of all violent crime. There's nothing more solid than anecdotal evidence either way in most cases, simply because there's a huge dynamic at work and guns are only a part of that dynamic. For example, the proliferation of guns in Israel is large, and the amount of violent crime there is astronomical. The gun proliferation in Switzerland is comparable, but their crime rate is extremely low. Lots of guns in both places, but the difference in cultural attitude makes a big difference, don't you think?

Virg

P.S. You can't possibly imagine that the U.S. has the most violent society on the planet. Does your planet comprise only the U.S. and Europe? Perhaps you've never heard of Africa. Or Southeast Asia. Or the Middle East. Or perhaps Central America. Broad, indefensible statements like this do little to help your case.

Re:Logic Failure

[why-is-it]

P.S. You can't possibly imagine that the U.S. has the most violent society on the planet. Does your planet comprise only the U.S. and Europe? Perhaps you've never heard of Africa. Or Southeast Asia. Or the Middle East. Or perhaps Central America. Broad, indefensible statements like this do little to help your case.

First off, I would agree with much of your response, there is certainly a cultural component at work. It is however, absurd to argue that more guns would act as a deterrent to crime. Violence only begets more violence.

IMHO, there is no question that of the Western or first world nations, the US has (per capita) the highest incidence of violent crime. I would welcome any statistics from an independant, objective organization which would argue the contrary.

Furthermore, I have seen some UN-based statistics which indicate that the US has the highest percentage of their population incarcerated compared to all other nations.(Can't find a link though). I can only assume these people are not in jail for jaywalking...

Re:Logic Failure

[jazman_777]

P.S. You can't possibly imagine that the U.S. has the most violent society on the planet. Does your planet comprise only the U.S. and Europe? Perhaps you've never heard of Africa. Or Southeast Asia. Or the Middle East. Or perhaps Central America. Broad, indefensible statements like this do little to help your case

The right to own guns in the US is basically the right to defend your life, liberty, and property. From a government, and from criminals (can be, and has been, the same thing at times). It is interesting to note that the majority of fatal violence in the last century was perpetrated by governments against their own and others' (unarmed) populations.

When people try to remove guns, they are saying you do not have the right to defend your life, liberty, and property, and the US founders considered life, liberty, and property (aka "pursuit of happiness" but we can argue that last one...) INALIENABLE rights. These rights are typically taken away by the state. And they were saying, especially in the 2nd amemndment, that the people are justified in resisting the attempted removal of those rights. Since they are INALIENABLE, no government is justified in taking them away (though they do, typically with...guns!), and if a government does, the people are justified in resisting. That's the justification for our rebelling against England, and for the 2nd amemendment in our constitution.

Europeans don't see things this way. That's OK, they are permitted to live in servility if they want to. Lots of Americans don't see it that way, too, and that's a real problem for liberty.

Re:Logic Failure

[why-is-it]

Why do you continue to assume that owning a gun makes you violent?

I don't assume or suggest that. I do not see any reason to believe that having more guns out there will make anyone safer. Why do you assume that more guns = less crime?

When the US and soviet Union finally had enough weaponry so as to assure the planet would not be left for anyone in th event of war, peace arrived as the only solution. Tremendous amounts of fear led us towards peace.

Well, that is one interpretation. Another interpretation is that the people in charge came to their senses. As the song by Sting goes, "I hope the Russians love their children too".

I only suggested the would-be criminal turning around and walking out when he saw all the guns on the other patrons' hips. This has already been proven in the biggest way.

Show me a study that demonstrates this!! It has NOT been proven at all. Please prove this is not a fallacy perpetuated by the gun lobby.

Some people have suggested that European nations are too homogeneous to be a valid comparison. For the sake of argument, I will grant that point. Consider Canada then. Handguns are virtually impossible to get, and all other firearms must be registered with the government. Canada is a far more heterogeneous nation than the US. It is officially multicultural and diversity is encouraged and celebrated. The violent crime rate in Canada is significantly lower per capita. In fact, the crime rate is is at it's lowest point in twenty years. Admittedly the culture there is not a violent one, but it seems to discredit the notion that arming the population reduces crime rates. Guns are not violent.

Tell me, what legitimate use does a handgun have, other than to kill people? Handguns are not good for hunting or target shooting because the barrel is too short and they are not accurate at anything other than short distances.

Re:Logic Failure

[why-is-it]

And yeah, I know, that's the NRA so you won't believe _them_, even though the references are complete enough to track them to their original sources _outside_ the NRA

I am amused by the irony of it all. The subject line is "Logic Failure". I ask for references to studies that indicate whether the more guns argument will lead to a reduction in the crime rate to prove this is not a myth perpetuated by the gun lobby, and all of your links are from the NRA website...

You are correct, I do not believe a single word they have to say, because they are biased and I have no reason to believe that any study they have commissioned or refer to has any academic validity.

Tell me, would you go to the website of big tobacco to find out the health risks of using their products?

There's gobs of less-scientific, anecdotal evidence to suggest that guns have major defensive utility in the hands of law-abiding citizens:

BFD! If you are inclined to believe such "evidence", there is a lot of "evidence" to suggest that people are being abducted by aliens...

The liberal mainstream press chooses to ignore all this data. Really! But it's nontheless out there.

Bravo! Spoken like a true conspiracy theorist!

Come on folks, its not hard. 13min for me.

[victim]

f5f28d82f3af0045004a6cf216cac7677a45c73def76b08122 7f0162e2a3867a
711c00e97f155aae88b8246ee26f308a0fe94f1943b0d60e 34 b012dbae8958ba
1889a6a2e340f38dd583b4f02174df09543fcd9df63ae6f4 1f fb57bdae0cdb30
0d9476ffd1a70dfaca52d991d4830a6e68332782f586fa40 7f dfcd2208fde22b
56c3d55faed4378c979f3a0e7228348ffd2500e23cbad971 c0 29f2cdb05bced9
1b2c201e51e7c35ce2883ca08356869d9b34c915e120bf40 73 e6b9c2923f90eb
f7521ffe9fc8b6c78fac71d15f81ded586eaf81dd56a54c3 a1 a155c1f4bb243f
7a9a40c248f9cf4d3c3aa2f664b900c1abd01ccd1b1b3250 92 7a015426fe54e6
76f58286b7554a0c45ea33937d0e11a4fa48ed1dd2f55bc7 9a 35e52c6b763ffd
9e6d8024c3f068242154cc85a90dce0b456816d22c95870d d1 9ff76a7de8c77c
793fcb41da013be4b979cbb60f1c72a8d4192b43d429364f 05 40cbd7fa462d45
2cc3227190f263fcb1a477637c9bdaef4341f19047811755 5e 4ea5f57eef7fa9
93e00874c9c88895594b70f05ca1d1d659f9

Easy defeat of 'Key Escrow' systems

[Nonesuch]

You are correct. Your suggestion is the most basic way to defeat the proposed 'key escrow' proposals, where you create an additional decryption key for your private key, and hand that key over to an escrow agency.

In theory, the feds can never get your escrow key unless they have a warrant, so they can never detect that you are using 'double encryption' until they have some other reason to suspect you.

The primary reason I like the idea of using double encryption is because I know that under a key escrow system the escrow agency will eventually be compromised, and the Feds will start using the escrowed keys to conduct illegal 'fishing expeditions'.

If you doubt this, just read up on J. Edgar Hoover.

Re:We've defeated suicide terrorists before

[Malcontent]

"You think Afghanistan is innocent here?"

Afghanistan is a country. It is not "responsible" like a human being would. In your rush to punish a country you will kill thousands of actual real live people who had nothing to do with bin laden, WTC, or America. The same people who are suffering horribly under the rule of the taliban govt (which BTW was funded and trained by american tax dollars if you do some research you will find out that bin laden was most likely recurited by the US govt to aid in the fight against russia there).

Now if you are willing to kill innocent civilians in order to punish a country and to make a political statement you are absolutely no better then the terrorists you are trying to fight.

More then whatever damage the terrorists did they made you into the same vile creatures they are. They caused you to throw away all of your core values and embrace death. They won this war before it even started.

Re:Mixed feelings -- not me

[UberOogie]

How about the cold, dead fingers of the victims of terror, who aren't involved at all in your rhetorical exercise, and probably never heard of these programs, but the terrorist community that killed them might have?

I'm not saying I agree with this, but this rhetoric is distasteful, especially throwing around death analogies when you know perfectly well you wouldn't stand to be inconvenienced, let alone injured, let alone killed, for the software in question.

Okay. I'm stumped. Please explain how something that had not been moderated at all can be over-rated?

information flow

[ejw]

I'm curious how much useful information could be gleaned by looking at the flow of say, email messages (or telephone calls, etc.), between two or more sources.

Using electronic surveillance to track the flow of electronic communications between a web of people would be almost as informative as knowing what they said: locations of servers used, telephone numbers dialed from, sender and reciever, length of message, frequency of messages, this could all be pretty good stuff.

This was raised in Stephenson's Cryptonomicon.

And if "bad guys" are using electronic communications, why not just shut them down? Cell phones stop working, email gets "lost", servers get hacked, ISPs get bombed (how hard would it be to sever small mountainous country "A"'s electronic access to the outside world?)

Unless you have the resources to run your own cable, you are really at the mercy of other corporations, who can be bullied, and can't hide in a cave in the hills.

Re:We've defeated suicide terrorists before

[Malcontent]

Bin Laded suposedly moves three times a week (according some news report I saw). And according to your link he has no means of communicating with the outside world. Odd how some peripatetic (look it up), blind, deaf organization is able to coordinate such sophisticated and intricately organized terrorist attacks.

BTW you really think CNN is unbiased and that the US govt has no influence on American media? Whatever happened to all those republicans who kept refering to CNN as the Clinton News Network and refused to believe anything heard on CNN. We live in an odd country don't we.

They'll just ban brute-force cracking.

[Nonesuch]

If they pass a key escrow or 'backdoor' law, and the crypto community follows this by proving weaknesses introduced by the government requirements make encrypted communications easier for a fourth party to crack, the legislative response is obvious...

They'll simply amend the DMCA to outlaw cryto algorithm research, cracking software, and possession of non-government-issued decryption keys, software, or hardware.

Re:We've defeated suicide terrorists before

[Reality+Master+101]

Afghanistan is a country. It is not "responsible" like a human being would.

When one talks about "Afghanistan is responsible", one is referring to the current leadership controlling the country.

In your rush to punish a country you will kill thousands of actual real live people who had nothing to do with bin laden, WTC, or America.

Yes, and we punished thousands of innocent Germans who didn't necessarily support Hitler, but who got caught up in the war. Does that mean we should have just let Hitler take over the world? Read my sig below. It's time to take a stand against tyrants (the original word Jefferson used), and the Taliban is a pretty damn good definition of a tyrant. I believe that freedom and liberty are worth fighting for.

We have the world you want. We have been tolerating terrorism for decades, and not punishing the countries that support and allow it. Where has it got us? I'll tell you where: Jumbo jets flying into towers, killing thousands, if not tens of thousands of people.

I'm sorry that innocents are going to get caught up in this, but sacrifice for a greater good is necessary. As a wise man once said, to make an omelette, you have to break some eggs.

Why restrict *US* ?

[eples]

What good does restricting cryptography within the U.S. do?

Isn't the threat to National Security coming from OUTSIDE ?

Re:People will hand it over - crypto's already out

[Tackhead]

> We're talking about outlawing every copy of products like Windows 2000 and Lotus Notes, every router that implements VPN, and so on. The impact on US business would be horrendous. And the big money finance folks would just ignore the order.

More to the fucking point, it's not just the impact on US business, it's the risk to US business.

We all know goddamn well that insecure systems will be cracked.

NSA, if you have any political power left with Congress, remember the second part of your mandate. Do not allow our companies' security to be compromised in response to a knee-jerk reaction. (Umm, and buy more supercomputers ;-)

If gun control can't stop bad guys from getting their hands on hunks of steel, how the fsck does Congress expect "bit control" to prevent the bad guys from getting their hands on bits?

Did anyone here have problems getting PGP in the early '90s? The s00per-s3kr1t $cientology skr1pturez during 1997? DeCSS last year? Anyone? Anyone?

Your Answer

[virg_mattes]

Actually, I'm an American citizen, and if my government responded to this attack by exterminating Afghanistan, I would take up arms against them, so you're not only wrong, you're short of vision. Besides, how does one determine "other offending countries"? By that definition, you'd need also to pancake Ireland (remember the IRA?), Israel (the Mosadi), the U.S. (Tim McVeigh and the Unabomber lived here), Russia, China, Germany, Brazil, and so on until the only livable place on Earth would be Antarctica. This wouldn't be a deterrent, it would be our undoing. Don't be such a troll.

Virg

Illegal immigrant apparently warned of the attack

[kiwaiti]

You don't need to break crypto if what you need to know is told to you by renegades disagreeing with their own organization's insanity.

About 10 hrs ago, before I went to work (I live in Europe) I wrote what I had just heard on local radio (all the media is still full of the events, of course - the campaigns for next week's elections for probably a new mayor of Hamburg have been interrupted) and submitted it as a /. story, which was later rejected - I shall now post it as a comment, in case anyone is interested.

Apparently, CIA may have been warned immediately before the attack. According to german newspaper Hannoversche Neue Presse (article in german - it was already slashdotted this morning, or so I think), an Iranian imprisoned in Hannover, Germany (Langenhagen, near the airport) has been reported to have called CIA officials to warn about the imminent assault. When they heard he was calling from jail, they just hung up. Subsequently, he desperately tried to get a fax through to GWB.

Attempt at correction of a babelfish translation follows.

"US-Government doubted warning from Hannover

It is a shock. The tracks of terror also lead to Hanover: An Iranian extradiction prisoner in Langenhagen wanted to warn the american president and his secret service. Nobody took him serious.

Mystery around Ali S. (29) from Iran. The man who entered Germany illegally weeks ago. He had been arrested by the police in Goslar and was to be sent back by November 6. For one month he pressed officials of the extradiction detention Langenhagen.

"I have got important information for the USA", he told JVA officials. He must call there urgently.

Finally, he was permitted. Consequence: In the White House [the phone] was hung up when Ali S. identified himself as a prisoner.

For the Secret Service the warnings of the man were only twaddle. Ali S. had however specifically named this week for assaults that would "change the world order".

The Iranian was estimated in Langenhagen as psychologically unstable. He however did not relent, on passed Friday he urgently contacted the responsible chief of department. He said he knew that in the coming week something would happen.

Hours before the two machines rammed the towers of the World Trade Center and an airplane fell on Pentagon, Ali S. still spoke about information on an endangerment of the world order. He wanted to send a fax to the American president. That was rejected. The JVA Langenhagen thought he was just posing.

After NP information the investigators now assume the Iranian actually looked for contact to governmental institutions of the USA. It is possible that he had information which could be important for investigation on the assaults.

Only on Wednesday the Ministry of Justice of Lower Saxony learned of the telephone calls. The Ministry of the Interior in Hanover was informed. It contacted the Schily Ministry (Schily is the German Minister of the Interior (is it really called that? well, he is responsible for all police and prisons)) in Berlin.

On Thursday Secret Service agents and Chief Federal Prosecutor interrogated the Iranian. Results unknown.

LANGENHAGEN, BY KLAUS GEMBOLIS"

Seems like someone among the terrorists' own ranks didn't think their plans were a good idea...

Seems also that breaking crypto wouldn't have been able to tell them anything they couldn't find out by other means.

Kiwaiti

Without Insult

[virg_mattes]

> Want secured communication, you can always use phone. Mail etc. They can't spy phones on the fly, it takes a warrant. They can't open first class mail, they need a warrant.

Those involved in industrial espionage don't generally apply for warrants. Those in government who abuse power also do not generally apply for warrants.

I've discovered that all of the arguments of the stripe of "only criminals need privacy" are ploys by those who benefit from their targets giving up privacy. The doctrine of "innocent until proven guilty" was established by the Founding Fathers because of the abuses they saw with their own eyes by British governors, and they put it in place so that the average citizen is not required to give up privacy just to prove he/she's not doing anything wrong. Privacy is required for many more things than most people think, and that's because it's taken for granted, and that's a good thing. Next time you decide that cryptography is only for criminals, think about how it would affect your life not to have privacy in medical records, or your borrowing history, or your finances. Also remember that a lot of people died (albeit long ago) so that we could have this privacy, and giving it away in trade for perceived security is doing those people a disservice.

Virg

This is wrong - we are Americans, and mustn't bend

[WillSeattle]

We are Americans (sorry other /. from other countries, but mostly it's true).

We must not give in on this. Our freedoms, our right to privacy, we must fight for this. It's like air travel - we must not stop taking planes, we must not stop investing, for if we do, we have let the terrorists win.

We are not Israel, we are not France, we are not England. Yes, we fight amongst ourselves constantly, but we now have a deadly purpose to wreak long and total vengeance on all those who caused this.

Perhaps we may acquiess and allow the placing of Carnivore to track terrorists a bit more than we did yesterday, but this is only for the duration of the War. I thought of getting friends to do new posters for WWIII based on the old WWII posters - We Did It Before, We Can Do It Again; Loose Lips Sink Ships; and so on.

But we must not give up our right to privacy, even though some of us will assist voluntarily where yesterday we would not - but this is for the War Effort. It is not something to set in stone, to legislate permanently.

That would be surrender to the terrorists.

And we shall never surrender.

I know this may sound unpopular here but...

[w3woody]

Assume for a moment that Congress gets it's way on this. The amount of data that is transmitted across the internet each day is staggering: trillions of bytes of data is not easy to sift through.

If the U.S. Government gets it's way, we need to place the highest restrictions on what the government may do with the data, and when it may sift through that data. That allows the government to decrypt and get at data in extraordinary circumstances such as the destruction of the World Trade Center and killing of thousands of lives. But we should then come down on law enforcement like a ton of bricks if someone goes through the data for non-extra ordinary circumstances, or violates personal privacy.

I personally have no problems with being anonymous because the amount of data to track my computer usage is too large to make sifting through very easy. That is, I don't mind anonymonity through obscurity. But in extraordinary cases like this (and *ONLY* in extraordinary circumstances like this) should the government be permitted to sift through all the quadrillions of bytes of transmitted data to look for one or two e-mail messages and decrypt them.

Re:Government Exploiting a Tragedy

[Steve+B]

I get livid when I hear things like this. The government is exploiting a tragedy here in order to pass another law to inhibit our freedoms.

Precisely. Such attempts to exploit a crisis degrade the ability to excersize effective leadership during the next crisis. Just as an army with a corrupt and cowardly officer corps cannot fight effectively no matter how many high-tech toys it issues, a nation with a cynical and exploitative political leadership cannot pull through a crisis no matter how many high-tech police tools it fields.

Senator Gregg, Osama bin Laden and the Taliban thank you for your service to their cause.

Re:Our "Open" society

[IronChef]

Are you aware that in those raids sometimes PEOPLE get broken? Sometimes the Feds come in and someone gets shot... and it is later revealed that they were at the wrong address. Bungles like that are not exactly rare.

Inviting more rambo-style searches is one of the worst things you can do for our society.

Here is the letter I wrote

[Once&FutureRocketman]

It has already begun. The "War on Terrorism" will supplant "saving the children" as a catchphrase to justify an increasing level of government control over daily life. It will start with an increase the interception of electronic communications and a new push for encryption key escrow. We could even see restrictions on movement and a mandatory national ID card. Don't doubt for an instant that law enforcement and government officials would like to see this happen -- because these things would in fact make their jobs easier. Whether or not these things come to pass is going to depend entirely on whether or not the public will tolerate it. If you care about your liberty, get ready to fight for it.

Write your congress(wo)men. Write the President. Get the address here, and use paper and a stamp, or at least make a phone call. Do it now. It's time to stand up and be counted, before the knee-jerk reaction to this disaster gains momentum.

I've included a generic version of the letter I am writing. It is intentionally short and non-specific -- customize it to discuss the issues that concern you.

Dear XYZ,

Like you, I am aggrieved at the tragic loss of life resulting from the horrendous events of Sept. 11. Every American has been touched by this trauma which will linger forever in the memory of our nation.

Though I want to see the perpetrators of these acts brought to justice, I must beg you not to compromise American civil liberties in your pursuit of justice. The loss of American citizens' ability to move and communicate freely would be a greater casualty than the thousands killed Tuesday morning.

Benjamin Franklin said that those who give up necessary liberties for security deserve neither security nor freedom. I must echo his sentiment. Do not allow our sacred rights of freedom of speech, association or movement to be abridged in the coming days of difficult choices. America's enemies hate us precisely because we are a free and open society, and they fear the potential that that represents. Do not give them the victory they cannot themselves win by destroying the core of our society, our beloved liberties.

God Bless America,

What do you expect?

[ocie]

In post-DMCA america, it is illegal to try and break the encryption on messages, so they need a law to let them read these messages.

Re:Off Topic - MS & NN 4.7 crapware

[fanatic]

I use Mozilla often, but not exclusively. It tends to hang (or appear to hang) on large pages, and that's certainly the world we were in with Slashdot/WTC coverage. Thanks for the tip.

Phrasing Failure

[virg_mattes]

> It is however, absurd to argue that more guns would act as a
> deterrent to crime. Violence only begets more violence.

Absurdity implies that there is hard evidence that my case is incorrect, and that hard evidence is in question. You need to consider the proofs of argument before assuming that either side is absurd. In my previous example, the case of Switzerland refutes your point, and without a strong argument for a less-apparent reason for their low crime rate, you cannot dismiss the idea that more guns can (at least in some cases) lead to lower crime rates. It's easy to say that violence only begets more violence, but that's an oversimplification of how violence works, and there's much evidence that certain levels of violence (and certain situations for violence) wherein violence begets peace. The best example I can present on short notice is our relations with Japan before and after WWII. Not a perfect example by any means, but certainly strong enough to rule out simple absurdity of the argument.

> IMHO, there is no question that of the Western or first world
> nations, the US has (per capita) the highest incidence of violent crime.

While you're quite rational in arguing, unfortunately your humble opinion (and mine, for that matter) don't count for much. I'd ask you to present numbers that would support your point as well.

> Furthermore, I have seen some UN-based statistics which indicate that the US has the highest percentage of their population incarcerated compared to all other nations.(Can't find a link though). I can only assume these people are not in jail for jaywalking...

Good assumption, but according the the Department of Justice, (see here for statistics), only half (51%) of the prison population was in for violent crimes. So, although the total number of inmates may be higher, I'd like to see the UN's breakdown of violent criminals in other countries' prisons before making judgements (pardon the pun).

Virg

Re:Our "Open" society

[Dyolf+Knip]

I'm sure that they said the exact same thing as they planned the hijacking

They either thought that they wouldn't be caught or that if they were, the revenge would be light or nonexistent, or that they would accomplish something worthwhile with it. If they had government support, that government evidently thinks that we'd not be willing to hurt them. That attitude needs to change. Obviously there's still a large group of people crazy enough to think that they're invincible and that destroying two buildings would bring the US to its knees, but if their financial backers knew that doing so would mean death for them, failure of their cause, and ruin for their country, would they give out money so easily? This is why bin Laden is particularly dangerous; crazy and self-funded.

Some of the actions abroad of our own agencies in the past few decades have been utterly reprehensible, but they were perfectly willing to do them because they knew that about the worst they'd get would be bad PR back home.

How can you trust the US Government irrevocably and without question on one issue, then say I'm not going to upgrade my encryption to the backdoor version because you can't trust those jerks in Washington!

Who said anything about trusting them implicitly? I'll be damned if the government doesn't at least tell us what the hell they're up to in this. I can fairly well trust them on this topic because of the massive amounts of media attention. Look at how fast the fighting in Kabul was reported. If the government undertakes anything big enough (and something big is the only thing the populace will accept for this), we'll find out about it.

Besides, the situations are totally different. Back doors in encryption programs, aside from being ineffective and unenforcable, puts power over how you use your computer in the hands of FBI agents who can barely turn their PC's on. Same for the DMCA, UCITA, son-of-DMCA, (whatever its name was, /. archive is down), CDA, and every other piece of techno-legislation. The people who wrote them chose not to actually talk to anyone who knew anything about computers and the result is bad and getting worse.

Actual Speech and Response letter

[lizrd]

It's probably too late for anyone to actually read this, but I've done a little bit of work here and I'd like to share it. Here is the text of a letter that I'll be mailing to the two Senators from my home state.:

Dear Senator,

I am writing to express my concern in regard to the comments made by your colleague Senator Gregg on Thursday the 13th of September. In his speech (beginning on page S9356 of the congressional record) he calls for the abolition of encryption software that is not easily defeated by the various law enforcement agencies. These kind of reactions to terrorist activities are misguided and strongly against the American way.

In the wake of tragedy it would be extremely foolhardy to even consider that measures such as disallowing the use of locks on doors and filing cabinets would serve to increase the security of the nation. Why then would anyone even consider that mandating the weakening of the systems that protect our computerized data would be desirable? It is clear that this is not the course that we would want to take.

As we enter a new digital age, let us not become confused by new technologies. The fundamental rights and needs of human beings have not changed. Humans still have the fundamental right to be secure in their persons and belongings and to remain free from constant searches.

Naturally my concern for freedoms extends far beyond this single issue. We as a society must continue to emphasize the importance of upholding our freedoms. This is truer than ever in this time of national crisis. Over the past few days I have heard our President quoted on the new repeatedly on the news calling America the "brightest beacon of freedom in the world." I strongly urge you to take all steps necessary to ensure that this is a true statement.

Do not be tempted to allow tyranny to appear as suitable response to terrorism. We must hold sacred the rights that are affirmed by our Bill of Rights. Remember that our rights are not given to us by our government and historical documents, but rather that they are fundamental rights which are given to all humans by the Creator and merely affirmed by our Constitution.

Freedom can no longer be defined in terms of being less oppressive than Stalin's USSR. Freedom is a challenge that must be embraced by both our government and our people, for without it we are all lost. I challenge you to take the lead in the Senate in advancing and extending the freedoms that Americans enjoy even while others may seek to restrict them under a false conception of bringing security.

Sincerely,


Adam M. Bumpus

And here is the text of Senator Judd Gregg's speech which was referenced in the Wired article.

Madam President, I thank the chairman for yielding to me. I appreciate his courtesy in my arriving in the Chamber a little late for the beginning of this work, as a group of us were in a meeting on how we are going to handle this bill and move it along, I hope.

I congratulate the chairman of the committee for this bill, which is a soothsayer bill really. Long before the events of the day before yesterday, which were so horrific and which reflected the threat of terrorism to our Nation, our committee aggressively pursued the issue of how to try to prepare for such an act.

We have held innumerable hearings over the last 4 or 5 years. One of the lines that has flowed through all those hearings has been the fact that our intelligence community--our communities focused on domestic intelligence and our communities focused on international intelligence--had concluded that it was more than likely, it was a probability, that a terrorist event would occur in the United States and that it would be of significant proportions. And it has occurred.

How have we tried to ready for this? Well, a lot of the response you saw in New York--which has been overwhelming and incredibly professional, and heroic beyond description, which has taken the lives of many firefighters and police officers and just citizens who went to help--a lot of that response was coordinated as a result of initiatives that came out of the hearing process, and the question of first responder, and how we get the people who are first there up to speed as to how to handle this type of event. So in that area at least there has been some solace.

But the real issue remains, How do you deal with an enemy who, as the chairman just related, is willing to give their life to make their point and who has, as their source of support, religious fervor, in most instances--and I suspect this is going to be proved true in this instance--a religious fervor which gives them a community of support and praise which causes them to be willing to proceed in the way that they did, which is to use their life to take other innocent lives?

First, how do you identify those individuals because they function as a fairly small-knit group, and it is mostly familial. It involves families. It involves sects which are very insular and very hard to penetrate.

But equally important, when you are trying to deal with that type of a personality and that type of a culture, which basically seeks martyrdom as its cause, as its purpose for life, and sees martyrdom as part of its process for getting to an afterlife in terms of their religious belief--how do you deal with that culture and group of individuals without creating more problems, without creating more people who are willing to take up the banner of hatred and willing to pursue and use their life in a way to aggravate the situation?

I think we as a committee have concluded that the first thing you have to do is have a huge new commitment to intelligence. And we have made this point. We have dramatically expanded the overseas efforts of the FBI as an outreach of this effort. But it involves more than that.

We have to set aside our natural inclination as a democracy to limit the type of people we deal with in the area of human intelligence. Unfortunately, the CIA in the 1990s was essentially limited and defanged, for all intents and purposes, in the area of human intelligence gathering because the directives and the policies did not allow us, as a nation, to direct our key intelligence community to basically go out and employ and use people who were individuals who could give us the information we needed. Because of our reticence as a democracy to use people who themselves may be violent and criminal, we found ourselves basically sightless when it came to individual intelligence.

So we have to recognize that in a period of war, which is what I think everyone characterizes this as, and which it truly is, we are, as a nation, going to have to be willing to be more aggressive in the use of human intelligence, and we are going to have to allow our agencies in the international community to be more aggressive.

Equally important, we, as a nation, because of our natural inclination and our very legitimate rules relative to search and seizure and invasion of privacy, have been very reticent to give our intelligence communities the technical capability necessary to address specifically encoding mechanisms.

The sophistication of encoding mechanisms has become overwhelming. I asked Director Freeh at one hearing when he was Director of the FBI--and I remember this rather vividly because I didn't expect this response at all--what was the most significant problem the FBI faced as they went forward. He pretty much said it was the encryption capability of the people who have an intention to hurt America, whether it happened to be the drug lords or whether it happened to be terrorist activity.

It used to be that we had the capability to break most codes because of our sophistication. This has always been something in which we, as a nation, specialized. We have a number of agencies that are dedicated to it. But the quantum leap that has occurred in the past to encrypt information--just from telephone conversation to telephone conversation, to say nothing of data--has gotten to a point where even our most sophisticated capability runs into very serious limitations.

So we need to have cooperation. This is what is key. We need to have the cooperation of the manufacturing community and the inventive community in the Western World and in Asia in the area of electronics. These are folks who have as much risk as we have as a nation, and they should understand, as a matter of citizenship, they have an obligation to allow us to have, under the scrutiny of the search and seizure clauses, which still require that you have an adequate probable cause and that you have court oversight--under that scrutiny, to have our people have the technical capability to get the keys to the basic encryption activity.

This has not happened. This simply has not happened. The manufacturing sector in this area has refused to do this. And it has been for a myriad of reasons, most of them competitive. But the fact is, this is something on which we need international cooperation and on which we need to have movement in order to get the information that allows us to anticipate an event similar to what occurred in New York and Washington.

The only way you can stop that type of a terrorist event is to have the information beforehand as to who is committing the act and their targets. And there are two key ways you do that. One is through people on the ground, on which we need to substantially increase the effort--and this bill attempts to do that in many ways through the FBI--and the other way is through having the technical capability to intercept the communications activities and to track the various funding activities of the organizations. That requires the cooperation of the commercial world and the people who are active in the commercial world. That call must go forth, in my opinion.

Another thing this bill does, which is extremely positive and which, again, regrettably anticipated the event, is to say that within our own Federal Government we are not doing a very good job of coordinating our exercise.

There are 42 different agencies that are responsible for intelligence activity and for counterterrorism activity. They overlap in responsibility. In many instances, they compete in responsibility.

Turf is the most significant inhibitor of effective Federal action between agencies. Although there is a sincere effort to avoid turf, and in my opinion, in working with a lot of these agencies, I have been incredibly impressed by a willingness of the various leaders of these agencies, both under the Clinton administration and under the Bush administration, to set aside this endemic problem of protection of one's prerogatives and allow parties to communicate across agency lines and to put aside the stovepipes. Even though there is that commitment, the systems do not allow it to occur in many instances.

This bill, under the leadership of the chairman, includes language which has attempted to bring more focus and structure into the cross-agency activities. One of the specific proposals in the bill, which may not be the last approach taken and probably won't be but is an attempt to move the issue down the field, is to set up a Deputy Attorney General whose purpose is to oversee counterterrorism activity and coordinate it across agencies and who is the repository of the authority to do that. There is no such person today in the Federal Government. Of these 42 agencies, everybody reports to their own agency head. Nobody reports across agency lines. There is virtually no one who can stand up and say, other than the President, ``get this done.''

The purpose of the Deputy Attorney General is to accomplish that, at least within the law enforcement area and within much of the consequence manager's area, especially the crime area, although it is understood that this individual will work in concert with the head of FEMA, the purpose of which is to actually manage the disaster relief efforts that occur as a result of an event such as New York or where you have these huge efforts committed.

That type of coordination is so critical. Would it have abated the New York and Washington situation? No, it wouldn't have. But can it, in anticipation of the next event, because this is not an isolated event. Regrettably, whether we like it or not, we are in a continuum of confrontation here.

As I mentioned earlier, there is not one or two people but rather a culture that sees this as an expression of the way they deliver their message for life, or after life for that matter. Regrettably, we have to be ready for the potential of another event.

I do believe this type of centralizing of decision, centralizing authority, centralizing the budget responsibility is absolutely critical to getting the Federal Government into an orderly set of activities or orderly set of approaches.

Just take a single example. If you happen to be a police officer in Epping, NH, and you have a sense that you notice something that isn't right, you know it isn't necessarily criminal but you think there is something wrong, something that might just, because of your intuition as an officer or your knowledge as an officer, might need to be reported, you can call your State police or you can call the FBI or you can call the U.S. attorney, but there really is no central clearinghouse for knowledge. There is no one-stop shopping. If you as a fire chief want to get ready in Epping, NH, for an event, you don't have a place to go for that one-stop shopping where you can find out how you train your people, where they go for training, what your support capabilities are going to be, who is going to support you. This should exist within the Federal Government. It does not. This is an attempt to try to get some of that into a form that will be effective and responsive to people.

Of course, when you get to the end of the line--we have talked about all the technical things we can do as a government and all the important things we can do to try to restructure ourselves and commit the resources in order to improve our capacity to address this, but in the end it comes down to a commitment of our people, understanding that we are confronting a fundamental evil, an evil of proportions equal to any that we have confronted as a nation, and that we as a nation cannot allow those who are behind this evil to undermine our way of life and our commitment to democracy.

We must make every effort, leave no stone unturned--regrettably, these people live under stones to a large degree--to find these people who are responsible and to bring them to justice. But we also must make every effort to recognize that in doing that, we cannot allow them to win by losing our basic rights and the commitment to openness as a society and a democracy. Then they would be successful, if we were to do that.

Well, I guess that's about all I have to say for today. It's all a pretty sad deal.

What do thoes 0's mean?

[hodeleri]

I only glanced over the article ["this article"] but I noticed several places with "word 0 word", anybody know if they mean something?

Ex-KGB suggests U.S. needs more LOW TECH espionage

[Beta+Master]

CNN has an article (Spanish only, but babelfish does a reasonable translation) quoting an ex-KGB agent saying the CIA and FBI need to focus on less high-tech espionage, and get back to the nuts and bolts of infiltration and direct observation.

The article is here.
Babel fish is here.

CNN Spanish edition tends to have much broader worldwide content than CNN in English.

Yeah, sure

[BattyMan]

And Osami Bin Laden is going to be a good boy and send his email using a code that the CIA/NSA/FBI has a backdoor into.

The law is a threat to U.S. (economic) security.

[slashdot_commentator]

Excuse me for pointing out the obvious. I haven't come across a post that spells it out. (And we should try to spell things out to the non-digerati.)

If there is a law requiring a backdoor to all encryption technology, that will include corporate email and tools like ssh.

As we all know, there is no such thing as a secure weakness. At some point, these backdoors will be hacked out, and that will be a goldmine for corporate espionage and penetration.

The FBI's zeal in making the public "safe" from external threats will be exchanged for foreign corporations ability to outcompete U.S. based corporations. Not to mention give an advantage to the Chinese.

Re:Osama is a heavy crypto user?

[Catbeller]

Osama does not use cell phones, radio, land lines, or PC's. He eliminated them from his ops years ago,

Strangling our privacy does nothing to him at all.

It gives control freaks what they want, tho. The ability to watch everything, all the time... a policing dream come true. Until someday you are the target, or the Church of Scientology or your boss or your neighbors get a hold of the info that allegedly only the Good Guys get to see.

Don't Tread on Me. Good advice to murdering scum and also for the opportunistic bastards who want to take advantage of this situation to get Christmas early this year.

Founding Fathers pictured themselves being shot?

[Catbeller]

I doubt very much the constitutional congress wanted to be shot by outraged citizenry.

This argument is specious.. a fantasy. The 2nd amendment was not created so that Pennsylvania farmers could march into colonial New York and assassinate the President because they disagreed with his tax laws, to make an extreme example.

And, since the Federal government always has a standing military force that could wipe out you, your shotgun, and the landscape around you for fifty miles, your Lone American Anti-Guvmint Hero scenario is just adolescent masturbation.

Excuse us? Open door please, or we shoot the baby.

[Catbeller]

The terrorists can simply shoot passengers until the pilots open the door. That's why the armored door idea never surfaced even after the hijacking madness of the seventies. Not logical or possible without the willingness of the crew to sacrifice the passengers and the flight attendants.

There is no safety, not in guns or armor or guards, not against someone who wants to murder AND commit suicide. Just get used to it.

Hm. We could take a train.

IF we go through all these convolutions, we give up sanity and freedom, and the bastards win. AND IT WOULDN'T WORK ANYWAY. There is not a thing that could have stopped those planes from hitting those targets save the willingness of the passengers and crew to sacrifice themselves.

I hope that I can measure up to the heroism shown by the Pennsylvania plane's passengers. They are my gods now. Honor them.

Re:We've defeated suicide terrorists before

[Malcontent]

"When one talks about "Afghanistan is responsible", one is referring to the current leadership controlling the country."

But you will not kill those actually responsible you will kill civilians. That is the pattern of US agression for the last hundred years. Why do you think these people are so mad at you?

"Yes, and we punished thousands of innocent Germans who didn't necessarily support Hitler, but who got caught up in the war."

Apparently you are under the impression that this is some sort a war that you can fight and win. Apparently you think that if you just killed bin laden and ten thousand innocent afghans the terrorism will just stop. That's great keep buying into that delusion as long as you can because it will justify in your mind the rightness of bombing city after city full of people who did nothing to harm you.

Perhaps you should think about it this way.
Our forefathers defeated the british even though the british were better armed and better trained. They did this by fighting guerilla style something the brits didn't see coming. This next war you just entered is just like that except that we are the british. We will go off to war with our superior airplanes and guns, we will annihilate entire cities and kill hundreds of thousands of people but it will be all for moot. First of all it will not satisfy our bloodlust because bloodlust is never satisfied but also because one day you will lift your head up and look into the mirror to find what kind of a monster you turned into.
Worse then that while you are off someplace having fun killing the dark people someone will release a biological agent in some airport and kill half of the population of the united states. Unless you make a commitment to destroy the lives of every single arab, north korean, chinese, russian, and south american then your nightmare scenario will come true. All those people that we screwed over for years and subjected to dictators of our choosing have grudge and that grudge will not be solved by killing more of them.

You still haven't told me how you planned to deal with dark skinned people living here in the US or in Canada or Europe yet? How do plan on killing them? Will you round them up and send them into the ovens or are you willing to risk lives of white people by bombing vancouver?

Maybe just maybe you ought to consider that. Maybe you ought to ask yourself "How come these people hate us so much"? I'll give you a clue. Their loved ones were killed and tortured because of your tax dollars.

"I'm sorry that innocents are going to get caught up in this, but sacrifice for a greater good is necessary."

Oh how ironic. I bet they said the exact same thing. But neither you nor bin laden care a flying fuck about innocents. You didn't care when bombs were falling in iraq, you didn't care when they were falling on palestenian children, you didn't care when the taliban were beheading women and children and you don't care now. You only care about your sense of vengence which is coincedentally the exact same thing the bin laden cares about.

"I believe that freedom and liberty are worth fighting for."

If we were actually fighting for liberty and freedom then nobody would want to harm us. We never fight for liberty or freedom. We fight to make ourselves richer, we fight for cheaper oil, we fight to keep our chosen dictators in place, and we fight to keep regions unstable and easily controlled. Along the way we fund, arm and train monsters like Idi Amin, Pinochet, Bin Laded, and sharon. Those people institute nations based on torture and murder to serve our needs. Liberty and freedom my ass why don't you pick up a history book for a change. Try this one first.

"As a wise man once said, to make an omelette, you have to break some eggs."

Well let's hope that's not you or someone you know (although it would be an ironic form of justice).

Re:We've defeated suicide terrorists before

[Malcontent]

No you missed the point entirely.
Here I'll try and explain to you again.

you don't believe tha taliban when they told you that they took away his phones right? Why is that? Probably because the taliban are liars right? Ok then here comes the hard part.

If they are lying about taking away his fax machines why do you believe them when they say they know where he is or that they have any influence on him whatsoever?

You see they are liars. You can't believe anything they say. Do you get it? I hope I didn't tax you too much there sport go back to your regularly scheduled programming now.

Re:We've defeated suicide terrorists before

[Malcontent]

They are liars do you understand that?

They were lying when they said they took away his fax machines.

They were lying when they said they knew where he was.

They were lying when they claimed that they had any conrol over him whatsoever.

They are liars and liars lie.

The idea that some man living in the remotest part of the world where most of the country does not have electricity let alone phones and internet co-ordinating some international terrorist organization is just absurd. Just think a few minutes willya.

Not Stenography -- Steganography

[kindbud]

Stenography is the shorthand used to take dictation when only pen and paper is at hand.

Steganography is information-hiding.

Go look it up on Google.

superior technology

[BroadbandBradley]

if the government would quit backing megacorps, and instead fund real research that became part of public domain, the Government would already have superior technology such that encrypted messages would be easy for them to crack. Instead, they're planning on legislating that software allow security holes for the public safety. This is bullshit.
News sites are stating how organized this attack was. I'm betting that anyone with a flight sim program can learn how to operate a plane (especially if your goal is to crash), and you don't need technology to co-ordinate the mission, just meet at denny's for lunch and keep your voices low. I feel that it's perfectly possible to not even need a knife, just your hands and some combat training. get up, snap the neck of one steward, then grab another by the throat and start making demands.

Re:Excuse us? Open door please, or we shoot the ba

[Catbeller]

Actually, the pilots ARE trained to sacrifice the plane for the sake of the people on the ground. They just aren't mind readers. How do you know what kind of hijackers you have on board, the idiot kind or the kill-the-infidels kind? Do we automatically make a plane crash if someone grabs a steak knife? The pilots had little time, and there also was no precedent for such an attack before.. but now there is.

And the passengers on 93 decided to take the plane down rather than be used. As will all other planes in the future... this attack strategem is useless to Bin Laden and his clones now.

Re:OT: get a new quote

[Sodium+Attack]

The problem is that almost everyone gets the quote wrong and I've only ever once seen it properly attributed. It was not Jefferson or Franklin or Einstein or any of the other dozen names I've seen attached to it.

Bartlett's Familiar Quotations, generally regarded as the definitive reference work on quotations, attributes it to Benjamin Franklin. Here is the citation from the 1919 edition.

Franklin never even stole it for Poor Richard's Almanac

Well, you got that part right, at least. Franklin used it as the motto of his Historical Review of Pennsylvania, published in 1759, and not in Poor Richard's Almanac.

The earliest reference to such a quote was from Ludwig Thoma.

I see. I suppose this would be the same Ludwig Thoma who was born over a century after the publication of the Historical Review of Pennsylvania?