Slashdot Mirror
Poll Says Most Americans Favor Crypto Backdoors
Sideways The Dog writes: "According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C." I realize that I'm preaching to the choir here, but it is scary how many people do not realize that the bad guys are not going to play fair here. Even granted that people may not realize the tools are already out there for the bad guys to use, I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped." Update: 09/19 19:26 PM GMT by T : Declan McCullagh adds a link to "the actual text of the question asked by the
pollsters, which Princeton Survey Research Associates describes here." Note the numbers on this page as well.
When I wasn't logged in, for this article I got "Nothing for you to see here, please move along." Is this normal?
--
They were told that the backdoors would only be used with a court order AND by the good guys to stop the bad guys..
UPS Sucks
I'd like to see a new survey:
Should you be allowed to have secrets?
I imagine that we'd see considerably different results.
-Waldo
I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped."
Probably that 100% of Slashdot readers are laughing uproariously.
--saint
... and it sounds as if there is alot of ignorance.
Its going to be a very difficult fight because their is alot of thinking with the heart, not with the head. These people were in the states for what, a year or two or more, previous. And that doesn't count anyone that helped them that was already here.
All you can do is write your congressman/congresswoman and suggest in a polite and professional manner.
Poll says 72% of Americans technologically illiterate.
Vermifax
Logout
The moment this becomes a law, I'll become a criminal as I'll be writing my own encryption software for my own uses WITHOUT any backdoors.
I do not believe it would be constitutional for the Federal government to require any restrictions on individuals, groups, or businesses using crypto for transactions that do not cross state lines.
I do not deploy Linux. Ever.
It may be the case that is if encryption software must have a backdoor (witch I guess is a special "police" key that the data also is encrypted to and not some general backdoor) the people not using encryption software with a backdoor has something to hide? Should be easier to spot WHO to go after.
.. and the "terrorists" will just have to encrypt twice, and/or use stegano.
...
"But, if they're caught doing this, they'll get a fine!!!"
I'm sure the fanatics who are willing to kill themselves for the djihad will care about getting caught using illegal encryption
Ban books and research on cryptography and discrete mathematics next?
It doesn't matter if the "official" software has backdoors as long as the algorithms and mathematics are available. But I guess the idea of someone making their own software is too far fetched for the general public: "The terrorists can't encrypt their messages if Microsoft doesn't sell encryption software our government can't decrypt!"
As I read in the new paper "the Gazette" in montreal quebec canada .... Most americans also beileve that arabs should hold special identification stating that they are arabs and be checks at airports more then the rest of you ....
... and what should be taken into consideration is not what most _poeple_ think but what most _educated_ poeple think.... by educated .. I mean educated in the field that the questions expands on...
I don't think that most americans are right
--=.=-- www.cyber2000.qc.ca
Most American's have a third grade reading level.
And, on average, half the people you meet are dumber than average.
Everyone else voted against the backdoor.
Misfit
And I'm sure that the terrorist will use the algorythm that hava backdoor in them instead of a custom made without that "feature"...
"Sure, your guilt might force you to vote Democrat, but secretly deep down inside you long for the Republicans to lower your taxes, ignore the poor, brutalize prisoners, dictate what goes on in your bedrooms and rule you with an iron fist..."
--Sideshow Mel.
Yeah, right.
Given their typical audience, I'm not terribly surprised. You've got to realize that the 72% probably didn't even know they might find encryption useful for themselves. In fact, the general perception is probably that crypto is only needed by people with something to hide - like criminals.
Too bad they aren't that trusting with everything. Heck, then if I'm ever homeless, I can just walk into anyone's house and grab a bite 'cause it takes just a little too long for the police to 'break' down a door when making a bust and locks have been outlawed.
*sigh*
Greg
Go ahead and mod this down (I would...) But doesn't this color scheme look like what a baby would shit after eating a gallon of musturd?
Andrew
BTW, they'd probably ban compilers next so I COULDN'T build my own. Or you'll need to use the government sanctioned compiler with built in backdoor routines.
From reading the article, it seems the questions asked weren't "Do you support anti-crypto?" but instead "Do you think anti-crypto would help catch terrorists?"
Of COURSE anti-crypto has a chance of helping catch terrorists.. if your doctor for example has encrypted files for one of them or something random like that. That doesn't mean I support it or think it's worth it! They're extrapolating people's opinions based upon the not-so-earthshattering observation that crackable crypto has a good shot of helping catch terrorists (and this, in itself, is debatable since they already have strong-crypto for their own internal communications)
--
And guess what, you will have to give the government root access to your box if you use ssh!
Of course making a law like this is stupid and ineffectual. But so are the laws agains drugs.
Right now, you could ask Americans if we should paint all tall buildings blue so terrorists would have trouble hitting them with a plane.
72% of Americans would cut off a major body part if someone offered to send them a 50 million dollar check in the mail.
As usual, cracking down on honest people is a priority. It impresses the honest people (i.e., voters) that the authorities are on the job. If you only crack down on the bad guys, who notices?
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
This always happens, and it's more than a little sick. Whenever something bad happens, somebody trys to push their own agenda. When there's a school shooting, all the gun control nuts materialize.
And now people are trying to use the dead bodies of those killed last Tuesday to crack down on crypto, and to kill missile defense, both of which have no real connection to what happened. Not to mention Jerry Falwell, the NRA, and all those nuts who're using it to promote Christian fundamentalism and arming everybody on the plane with an Uzi, in that order.
These people are either contemptible for their raw opportunism, or pitiful for their sheer fanaticism and inability to see beyond their agendas.
I will tell you. We are the people against cypto backdoors. I want my SECURE communications.
Great poll, but what good does weak encryption within the borders of the U.S. do for finding terrorists sending e-mail in Afghanistan?
Besides, the government can't regulate my speech whether or not it's encrypted.
72%... You know some 80% of people are in favor of this "war" we're supposedly having. Idiots. All of them.
Thanks.
I'm a 2000 man.
How would you feel if the government could figure out your credit card #'s because of mandated backdoor encryption?
Got Freedom?
Thinking?
72% of americans don't have any idea what encryption means, let alone a backdoor.
Obviously it's not going to be affected by this silly law/requirement. So how is this going to affect in any way Joe Blow Terrorist in not using the latest version of Euro-PGP to be immune from FBI looking over their shoulder?
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
That is because most of the people in the security world do not take survays. :) It is always a flaw of survays that are voluntary.
~~CrackElf
"Blake is an idealist, Jenna. He cannot afford to think." - Kerr Avon, Star One, Blakes 7
If you want to talk about doors, why not consider removing the doors to the cockpit of airplanes?
It should be 100% impossible for a passenger to enter the cockpit at any time. Pilots should enter the plane from a different outer door than everyone else.
I'm really getting sick of reading about the failures of airport security, digital security or intelligence efforts when this huge security problem was what actually made it possible for last week's tragedy to occur.
We can't let people take away civil liberties in the name of safety. Last time I checked, I didn't have the god given right to meet the pilot.
We have to assume the bad guys will not follow our rules, so we have to make it harder for them to use our infrastructure to damage our lives.
What they tend to forget is that probably 80% or more of the people that would be asked this question dont even realize that they are using encryption when they do, or what it would mean if the backdoor were hacked, or any of the other issues that those of us who are 'in the field' are concerned with. Most of the users I support dont know the difference between http and https, and even some of my better ones don't understand why I only allow access to internal systems from the outside via encrypted protocols (SSH & family) wherever possible.
Have you read the Moderator Guidelines yet?
... then it'll be easy to spot terrorists : it will be all those who have software with no backdoor. Do these people really think outlaws will use law-abiding software ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Now we all know why they cry like hell when their house burns down...
LFS. Have you built your system today?
Most north american watch too much tv and are ready to beleive whatever the media tells them.
They get frustrated at how bad the information is when it refers to their center of competence/interests (therefor missleading the others who don't know much), but they forget that little detail rapidly when they watch information about something they are less familiar with, and gobble everything sent to them.
Encryption is not something common, everybody knows the word, but not everyone uses it or understand the technology, nor the fact that it won't change ANYTHING to put backdoor since there's a lot of stuff already available to create your own crypto package without backdoors. So, basically, if you're a terrorist, it's way too easy to bypass that system.
In that perspective, the govs. are only stepping in a little bit more onto you privacy, and 99% of the people will accept it because "it sounds good the way it's explained, and besides, who cares, doesn't affect them as individuals".
God I hate those terrorists, not only we suffer because of human loss, but we'll suffer because of paranoia and liberty loss too.
--- Metamoderating abusive downgraders since my 300th post.
In other news, 72% of Americans believe handcuffing airline passengers before boarding would be "very" or "somewhat" helpful in reducing hijackings.
Lies about crimes
This may be an unpopular viewpoint on /., but I'd personally rather have the government able to read my email (with a subpeona, of course) than see another event where dozens of relatives were milling around outside a disaster zone clutching photos of their lost father/son/daughter/wife/etc.
Of course, the problem is that any moron with a mathematics education and a 486 can put together some pretty decent crypto on their own. Any smart terrorist (and it takes a smart, if not necessarily moral person to put something like this together) will use off-brand cryto without the back doors.
If there was a way to make the terrorists use standard, back-doored crypto, I'd be willing to force all crypto to have a back door.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
YRO deserves all the ridicule it can get
So how do you plan to enforce this backdoor rule? How do you keep me from using my copy of PGP that I've already downloaded from pgpi.org? If I take the results of encrypting my message with PGP and then further encrypt it with your backdoored protocol, you'll never even know I was using PGP unless you use my backdoor, and then you won't be able to read my messages. So how will this help anything?
So some percentage of uneducated, non-law enforcing people thing that it would help in solving this? bah. Who cares.
That is like advertising perscrition drugs on tv. Doctors are the only ones that can decide which drugs really need to be perscribed. It shouldn't matter which "brand" sounds better, or has a better commercial. "Such a catchy tune, I'm sure that my [fill in the blank] will be better with it!!" This is equivalent to "I am now scared, so I will do whatever to get that false sense of security back!!!"
We need a panel of experts to decide what would be helpfull. And not just FBI or DOJ experts, but ACLU types, and engineering types as well.
room101 -- how much can you stand before they break you?
(they always break you eventually)
Sorry, but yellow journalism does not get me to believe anything. Perhaps if some real security news forum reported this, I'd believe it. MSNBC belongs on the Tabloid rack at the Pic'n'Save.
Do not touch -Willie
The poll is elucidate here:
http://www.politechbot.com/p-02530.html
The poll was taken almost immediately after the attacks so it is right up there with the knee-jerk reaction of Congress. A poll taken next Wednesday, if nothing happens between now and then, would probably be more informative of actual (non-reactionary) public opion about this topic.
Something that most people I know follow already... Don't use the net for anything important! If you use the anology of the 'net as the bad part of town, where any stranger can take your credit cards from your wallet if you bring them, then encryption is the mask over the stranger's face to most people. Sure, ordinary people may have lots of reasons to wear masks, but that doesn't mean they're allowed to. Anyone wearing a mask is usually asked to leave the bank, or the office, or whatnot. These people simply want to make sure we can see through people's masks.
Just think... if you sent a coded letter through the mail, nobody would give you a second thought. Everyone's complaining because the most convienent means (the 'net) is going ot be even more regulated than before.
Well, so are airplanes. I can't bring a gun on one. Now, I won't be able to bring a pair of tweezers or a nail-clipper on one. Are my rights being curtailed? Not at all. If I don't like it, I can always take a plane. I don't have to use the most convienent means available.
And that's the problem. Convienence has become synonymous with 'rights' these days. You have the right to watch movies whenever you want. Saying you have the right to encryption without a backdoor is like saying you have the right to smoke. You enjoy it, but the activity hurts other people.
Okay... rant mode off.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. "
People don't kill people. Airplanes do.
Give a man a fish and he will eat for a day.
Teach him to eat and he will fish forever.
what is the square root of 4? will the world ever know?
It seems that people are just looking for a simple answer to a very complex question.
Usually when this happens (from my observation) people point fingers at the easy targets (muslims and arabs for example). This is just another case.
The majority of people (72%) just don't understand "new" technology in general and how it works. The possiblity of terrorists using encryption and e-mail and the internet scares the shit out of them. So it's very easy for them to say that modifying those technologies to allow police to easily "snoop on them" will help. When in fact they just don't know because they don't understand how it works.
This scares me because - with a few exceptions - in a democracy what the majority of the people want will happen (well in a true democracy it should anyway). So it won't surprise me if we see bills passed that will require this kind of thing to take place.
But I hope I'm wrong....
--
Garett
Congress was quick to blame sophisticated encryption methods for the massive intelligence failure last week and is proposing that government officials should have backdoor access to encryption products to aid national security.
Funny... and here I had thought that the primary reasons given for the massive intelligence failure were due to budget constraints and de-escalation of the intelligence community. Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...
So how do they jump from that to blaming it on encryption? Sheesh.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
the government has announced that it will soon be
mandatory to use state-approved envelopes to send
all mail.
these new envelopes will be entirely transparent
when viewed under a federally produced lightbulb,
but there is no need to worry about these lamps
getting out to bad people, since it is time-tested
proof that all government employees are completely
honest and lack all self-serving traits present
in every other human being.
besides, it's for your own good and protection!
and if you have something to write that you don't
want everyone to read, maybe it's time for that
all-important self-examination to reveal your
underlying paranoia complex...
A year spent in artificial intelligence is enough to make one believe in God.
"Should individuals and businesses be allowed to use encryption to prevent penetration of their computers and communications by terrorists?"
The results of the poll would have been very different.
Ask a question of extreme technical and political complexity, to people who have no clue of the in's and out's of the technology or the corruption of their .gov, and then the laws will pass and they won't know what the fuck hit them.
The land of the free, is soon to be no more (not that it ever really was).
Look at the bunny! Look, see the cute bunny!?!?
War crimes, torture, lies, illegal spying... Would someone give Bush a blowjob, already, so he can be impeached?
No they won't play fair, however encrypted traffic is identifiable, and I wouldn't want to be sitting infront of a computer using unauthorized encryption software when the FBI came barging in.
"And where is Adolf Hitler, now that we finally need him?" Hunter Thompson on Afghanistan
Other reports I've read indicated that the poll asked very leading questions...
If the backdoor is to attach our keys encrypted with NSA's public key, I don't see how this can be compromised without cracking RSA, or stealing NSA's key.
What the american people, states, of feds want. I will have my own encryption software without the backdoors. I will have encrypted backups, and encrypted filesystems. My business is not your business not the new "police" state.
And for what I want to keep really secret, the good old one-time pad will do nicely.
Chris
"Oooh well, whatever, nevermind."
Look at the other "polls" that Americans participate in with their hard-earned money:
In the music world, Britney Spears and 'N Sync are two of the top selling acts these days.
In the movie world, people pumped over $100 million dollars to see Jurassic Park 3.
The most broadly used internet service is AOL.
It should be quite obvious that Americans' answers to "polls" are a combination of whatever garbage and FUD has been fed to them by the media and whatever they've seen advertised the most.
Seen any BadMarketing lately?
Most americans like Britney Spears and NSync too. This just serves as further proof that most americans don't know what's good for them.
- A.P.
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
There's an option at the bottom about whether you'd recommend it for viewing.
I selected "not at all".
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
The article, and most every serious proposal for this type of application, including the 'Clipper chip' specifically suggest "key escrow" as a solution.
IOW, you do not have a "special police key that the data also is encrypted to, but rather, for every key you generate, you generate a second key and hand it to a trusted third party.
In theory, the government would need to obtain a search warrant or 'digital wiretap order' and present this to the trusted third party before they could obtain a copy of your key and decrypt your data.
The proble with "key escrow" is that, in theory, without a warrant the government should never have access to your keys, so until the day they get the warrant, there is no way to detect if you are filing bogus keys, or using an additional, non-escrowed, encryption layer before you encrypt with the "Government approved" crypto.
I have every reason to believe that the government will "go on fishing expeditions" to find such behavior, and that the "trusted third party" will be swiftly compromised by every three-letter-agency you can name, along with the mafia, big business, and anybody else with bribe money and an interest in obtaining your secrets, your credit card number, or your love letters.
I do not deploy Linux. Ever.
It's very simple, actually. The only people who will lose if there are encryption backdoors are the people who are willing to use those crippled encryption schemes. We won't catch terrorists. Why? There will always be some form of strong encryption available that doesn't have a backdoor.
What is the US going to do, start prosecuting people in Switzerland who publish a new encryption program that doesn't have a backdoor? Get real.
It sounds a lot more likely that the government is using the tragedy of last week to try to build public favor for encryption backdoors. Tasteless...
If you ask me, I think that backdoors for encryption would be helpful in thwarting terrorist attacks. In fact, if you suspended the entire Bill of Rights, it would be _VERY_ helpful in catching criminals. But, I don't think that it's good. Neither should the people who answered the poll. The poll question was poorly worded.
I bet a simular percentage wants to "Bomb the Shit out of the Middle East"
Good thing polls don't run the country.
-- www.globaltics.net
Political discussion for a new world
Car. If I don't like it, I can always take a car. Or bus. Or horse.
I hate when I hit 'submit' instead of 'preview'.
Lameness filer encountered. Reason: ASCII Art. Multiple times. Since when are some periods and a few quote marks in a bunch of text considered ASCII Art?
should include the questions asked, verbatim.
"Do you support backdoors to allow athorities to keep tabs on potential terrorist?" will yield quite a different result than "Do you support backdoors that would allow athorities to keep tabs on YOU and give hackers yet another way to access your data?
You can get the answer you want simply by the way you phrase the question.
It seems possible that a "back door" itself could be made in such a way as to avoid compromising cryptographic security. Perhaps this could be achievedthrough something along the lines of the NSA specified DES tables or the use of a public/private key encryption scheme to encrypt the key itself and include it with the cypher text. The private key could even be split ala a one time pad and half of it kept by a regulatory agency distinct from the government.
Admittedly this is a poor compronmise. The security of the message encryption is reduced to the security of the key encryption, and it still allows the government to read your encrypted documents, however it seems better than the classic "backdoor" method of just including the cleartext key with the cyphertext.
You were eaten by a grue.
38 Ye have heard that it hath been said, An eye for an eye, and a tooth for a tooth: 39 But I say unto you, That ye resist not evil: but whosoever shall smite thee on thy right cheek, turn to him the other also. 40 And if any man will sue thee at the law, and take away thy coat, let him have thy cloak also. 41 And whosoever shall compel thee to go a mile, go with him twain. 42 Give to him that asketh thee, and from him that would borrow of thee turn not thou away. 43 Ye have heard that it hath been said, Thou shalt love thy neighbour, and hate thine enemy. 44 But I say unto you, Love your enemies, bless them that curse you, do good to them that hate you, and pray for them which despitefully use you, and persecute you; (mat 5:38-44)
to me it seems that 70% of americans are just barbarians.. not that i think this ratio is much better here in europe..in any case: if most people do not understand that violence only leeds to more violence then we heading for extremly big troubles... mond.
I was just watching The Screensavers, a wannabe tech show on Tech TV for suburbanites who've just started exploring "this internet thing", and they showed statistics claiming only twenty-four percent of Americans were in favor of crypto backdoors, while seventy-six opposed them. Even accounting for different polls, I wouldn't think the disparity to be that huge.
That terrorists wear badges stating they are in fact terrorists.
I think it was sideshow bob. Mel was the placid replacement.
If voting could really change things, it would be illegal.
Instead of bleating on about it on /., talk to your friends, your family, your colleagues, and make sure they understand the issues.
Also don't forget to Sign the petitions.
Why is it that many people who claim to support standards have such atrocious spelling and grammar?
"The government will make use of these powers only insofar as they are essential for carrying out vitally necessary measures...The number of cases in which an internal necessity exists for having recourse to such a law is in itself a limited one,"
On September 11, 2001, the Reichstag Burned.
Those who give up Liberty for safety, deserve neither.
Farewell, land of the free, home of the brave. Looks like terror will win in the end.
Oh and I wouldn't put too much stock in outside governments not changing their laws to match. Most of them would love to and the current mood is that there are only two sides available in the fight against terrorism.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
This poll from excite shows that most people are not willing to give up any freedoms to combat terrorism (save freedom of travel which is more of a convenience than a freedom.)
That being said, I'm sure after reading an objective article on this backdoor idea most people will disagree with the it.
Why do I keep typing pythong?
Polls are usually a small set of people who give their opinion to represent all people. In this case, they must have interviewed only the government and CIA types and declared 70%+. Most average americans don't even know what encryption is let alone being able to comment on it. Moreover, one could say that the poll was really a measure of the DVD encryption statistics (70%+ respond to encryption of their movies) vs. ones private data which they would probably associate it to a movie called "This is my life/autobiography" take a good read. Sounds like the V-chip and Clipper chip argument all over know.
In a way, they do, don't they?
Basically, they ask a lot of people do you agree with answer (guy) a, or answer (guy) b?
A few days ago I sent a letter to my congressional representatives about this. I posted it under another topic here on Slashdot, but since it took more than 5 minutes to write, it was probably up too late for many of you to see it, so here it is again. If 72% of American's don't understand this stuff, the other 28% had better speak up.
Dear [representative's name]:
Like many Americans, I am very concerned that our country respond appropriately to the terrorist attacks of last week. I have been greatly encouraged by the tone and content of statements both by President Bush, and by our representatives from Utah, as well as many others. I agree strongly that we must act decisively, leaving no question that the United States of America is a very unwise choice of targets for terrorism. I agree that we must target our response carefully to ensure that we root out the source of the problem and destroy the ability of those who have committed terrorist acts to continue such activities, while at the same time ensuring that we do not participate in the terrorists' game of injuring and killing innocent people. I am in favor of greatly increased security at airports, even at the cost of convenience. I am even in favor of some controversial uses of technology which may assist us in fighting terrorism and crime, like using face recognition in public places to look for known criminals and terrorists.
However, I am also very concerned that we do not overreact. I am concerned that our united America go united in the right direction. I am concerned that in our determination to protect ourselves from future terrorism we do not give a free hand to those who would take advantage of an opportunity to expand the power of our government to intrude in the privacy of our citizens. The terrorist attacks of last week have been characterized as an attack on the freedom of Americans and free people everywhere. If our reaction to terrorism is to give away our freedoms in hope of greater security, then I fear the terrorists will have succeeded. I urge you not to be afraid of being called un-American by those who would erode our freedoms for opposing unwise or inappropriate measures at this time when our nation is so focused on unity and protection from physical danger. Please stand up for America by protecting not only our lives, but the chance to live our lives as free people.
I wish in particular to voice my strenuous opposition to two particular proposals which I have heard are being considered. First, a law requiring "back doors" in cryptographic software. Second, a law allowing internet wiretaps without a warrant.
The first, requiring "back doors" in cryptographic software, simply sounds like a bad idea. Why, while tightening security at airports in an attempt to protect ourselves, would we loosen the security of our communications by requiring an easy way to eavesdrop on them? We used to be confident that we could prevent hijackings in this country. Is there any reason to believe that we are not equally overconfident of our ability to protect back doors in encryption software? How can we be confident that no one will be able to compromise the back doors, gaining access to the strong encryption upon which we depend to protect our online credit card, banking, stock market and other transactions? If these systems were compromised, I fear the consequences to our nation may even be greater than what we have seen in the last week. The stock market was closed for a few days and is down sharply today, but our economy certainly has not been destroyed. Aside from the direct damage that might result from a serious breach of security in our online financial systems, it would almost certainly keep us off line for more than the few days that the markets were closed. The cost of recovering from such a breach would be enormous. For that matter, the cost of implementing the required back doors would probably be enormous.
Another argument against this proposal is that such a law seems certain to be obeyed only by those who the government has no need to listen in on anyway. Certainly not all criminals will be sophisticated enough to use cryptographic tools without back doors, but those who will are probably unsophisticated enough that they could be found by less drastic methods. This measure seems to carry too great a risk and too great a cost to justify the advantages in would provide.
The second proposal, allowing internet wiretaps without a warrant, appears to me to be a gross violation of our Constitutionally guaranteed right of freedom from unreasonable search and seizure. I admit I do not know much of the details of this proposal, but I cannot fathom how any such law could be Constitutional. And especially if coupled with the first proposal, I fear what might happen if our government crosses that line. The fact that our nation has stood strong so long is a testament to the sound foundation upon which it is built, not a small part of which is the limits which our Constitution places on the power of the government. It is said that power tends to corrupt. I believe that we have succeeded in limiting corruption in our government by limiting its power, and urge you to stand for the values upon which the Constitution is built in resisting the temptation to over-extend the power of government in a time when we are all looking for someone with the power to protect us.
In closing, I thank you for your service on behalf of the State of Utah and of our nation. It is encouraging to know that there are men and women of good will who are willing to carry the burden of public office, which I am sure is, especially at times like these, very great.
Sincerely,
[my name]
[my city], UT
Convert RSS to HTML - integrate webfeeds into your website
have fun doing absolutely nothing with your OpenBSD boxes then... what runs on those things? grep?
I think someone mentioned that it's more important to ask educated people in the relevant field, rather than just the population at large. This is important, but we also need to ask educated, _compassionate_ people whether the question needs to be asked at all. By this, I mean question the goal. One of the problems with asking educated experts about things in their field is that their field is all they know and that's how they see the world. (If you're a crypto expert, you'll look for crypto solutions to problems, and if there's a better field to solve it, you won't necessarily recognize that.) Don't just assume that crypto stuff should be on the table and then ask crypto experts about it. Of course they're going to write you a very persuasive essay (one way or the other) on the topic. And the result is you'll think crypto is significant (regardless of which side you end up on). Or if you ask military advisors what type of war should be waged, well, you've already given them the assumption they need to give you an earful of expert opinions on war and before you know it, everyone hears this stuff and believes that war (of one type or another, depending on which side of the argument you side with) is relevant to the issue. So yes, get educated opinions from experts in the field, but also carefully ask if that field is relevant. Cause if it's not, you've just promoted it to that level.
Makes about as much sense.
"Provided by the management for your protection."
72% of technically inept people believe crypto backdoor will/would be effective against a terrorist attack that probably didn't even use digital data communications in the first place.
The terrorists used their credit cards and cell phones with their real names, which the FBI and CIA had in their lists. The data WAS there for them to stop those terrorists and they didn't use it. What does digital data communications had to do with anything? The FBI and CIA are being opportunists in these sad times. Shame on them and shame on us for allowing these ideas to flourish in these dark times.
I see events such as last week's attacks as a black plague that spreads (in the form of fear) fast into the attacked population. In essence, it brings the darkest side of people to the surface.
I stand with Phil Zimmerman: it would be *very* difficult to create any such backdoor without adding vulnerability.
So who watches the watchers after all?
I wanna learn how to program. Somebody reply to this and teach me. Thanks.
Obviously, whoever conducted the polls were interested in a particular outcome, and not in obtaining empirically accurate data from which to formulate an optimal plan.
This is truly awful-- I suspect the author got hit hard by Namba and put up whatever he had lying around. Let's look at this.
"A poll in the United States has found widespread support for a ban on "uncrackable" encryption products." The only supporting statement it has, however, is this: "The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers.". They don't bother to give us any details about the question. What sort of anti-encryption laws? Which branch of law enforcement? What were the allowed answers to the question?
This lack of detail is especially worrisome given the drastically misleading figure from the featured question: "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks.". Wow, 72 percent of americans are anti-encryption! We're a week from the tragedy, with no details being released to us on how it was orchestrated. So, how do we know they would have been very helpful? For that matter, how do we know they would have not been helpful at all? "Somewhat" helpful is practically the default answer-- if you're pulling the answer out of your ass, pick the middle one.
Let's look at some of the other striking logic: "Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future.". Of course, they don't bother to mention how many believed that tighter restrictions would prevent attacks. Here, the default answer is obviously "might". Do I know tighter restrictions wouldn't prevent a single attack? Of course not; I also don't know that they would.
Finally, of course, the most important number is the date this survey was taken: Sep. 13-14. To be fair to the author, she did mention that. Taking surveys during that time is a disgustingly opportunistic response to the attacks. You certainly could have garnered favorable responses to attacking just about any country in the middle east, killing civilians, locking up immigrants, etc. etc.. I simply can't believe that in the wake of the tragedy, these people wasted their time and everyone else's on pushing this stupid agenda.
Are those guys going to outlaw open source software ? 'Cause a backdoor can be seen from miles, resulting in no security for those using open source, right ?
Could someone explain to me, in somewhat simple terms, how adding backdoors to things like public-key encryption could be possible?
I don't mean politically, but technically and practically.
Wouldn't a backdoor in something like PGP make it inherently insecure? I mean, wouldn't it be possible to find out how the Feds are decrypting, and use that method on ALL encrypted traffic?
This sounds analogous to someone finding a way to factor the product of two large primes back into the primes.
Or am I thinking about this all in the wrong way? Would it not be a "master" type key?
I just don't get it.
I wonder what those 72% of people will say when the other 28% of us are in jail for refusing to give up our crypto keys, and they need their servers fixed or their ISP connections troubleshot, and all us geeks are unavailable.
Just one thing that you have encrypted that is so important that the government's law enforcement agencies can't view it in the event they believe it may be related to a terrorist act?
I'm just really curious what it is that you have to hide. Don't be specific, but not too general so that I don't know what it is.
I bet you could write a survey that got over 60% of Americans to favor repealing the First Amendment. It's all in how you write it.
sulli
RTFJ.
That would be a great source of income for the bad guys and a great drawback for the US economy if the terrorist can gain access to this backdoor and YOU can't trust anybody on the internet with you credit card number. Very funny indeed if you have this (black) sense of humor.
Actually, somebody here mentioned of a "One backdoor to many", i.e. in the cockpit. A perfect example of terrorist gaining power by using a backdoor. You should use that example agains this poll.
...because my opinion will not be popular.
AMERICANS ARE STUPID.
I am staying that as an American. We don't think about what we say, we don't think about the consequences of what we do. We often try to force our culture on everyone else, inflaming reasonable people with different, vibrant cultures as well as idiots like bin Laden.
Since the American way is to get wrapped up in our own little lives and/or become corporate robots, we don't have the information needed to function in the world. Thus, when a government presents a simplistic solution that they say will solve all our problems, we go for it hook, line, and sinker. The reasonable voice doesn't even make it to the airwaves.
With just a little information and a little thought, anyone reasonable would understand that these restrictions would hurt law-abiding americans and not hurt terrorists at all. Creating software is not a godly act, and some Terrorists have brains. Create a version without a back door... duh! Create your own encryption scheme.. duh!
But Americans ane not thinking critically. It's sad, but sometimes you have to think that maybe we are not really living in a free country. We have an uninformed and supersitious population, we have media with a corporate agenda, and we have a government that loves to hand us B.S. because they know we're going to fall for it.
Scary thing is... America is better than anywhere ELSE right now...
Thank you Slashdot. This might be the only real journalism left, because it's smart person to smart person...
If this survey was done with "random people" from a small town in Georgia (where I'm typing this now) around noon in a resturaunt frequented by elderly people they would jump on the "down with crypto" bandwagon. If you ask techies in San Francisco, they would say "no".
Surveys can be bent to say what you want them to say, you just have to pick the people. It's all about journalism, public relations, and downright trying to get visitors or sell papers. I've worked with enough survey companies to see how results can be skewed.
m.kelley
life is like a freeway, if you don't look you could miss it.
Why is this modded as flamebait? It's 100% correct (and isn't flamebait). The simple reality is that there have been fascists hiding in the woodwork for some day who just dream of the day where Statzi patrol the streets checking DNAs and checking that people are following their early morning filed agenda. These people see this as a big opportunity to push their agenda, and unfortunately the American public has this foolish notion that in times of crisis everyone must simply agree with anything that any "lawmaker" says (to do otherwise is traitorous and unpatriotic!). Of course people usually agree as long as the measures impact the minority, but the problem is that when you have 10 measures all being passed by a different group of people, a good portion of them will screw YOU over, so when you voted that Arab's should have daily rectal exams you might want to think about that when you're wearing a 24/7 brain probe.
Democracy: The tyranny of the majority. When you have a group of people willing to vote in any invasion of civil liberties as long as the specific item doesn't affect them, you have a recipe for a police state.
72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks
Read it over and over again. It is not stating that 72 percent of people want their rights taken away. It just states that they think anti-crypto might of helped.
Redo the poll to:
How many people think that the attack wouldn't happen if the US was a cruel military dictatorship?
I bet it would be like 90 percent. Its true. It doesn't mean we want to be a dictatorship, just that it might of prevented it.
Stop knee-jerking, people.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
According to the Washington Post, last Friday Barbra Lee (Democrat from California) said on the house floor: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." More details are below, copied from here.
...
The Solitary Vote Of Barbara Lee
Congresswoman Against Use of Force
By Peter Carlson
Washington Post Staff Writer
Wednesday, September 19, 2001; Page C01
"We need to step back," said Rep. Barbara Lee (D-Calif.). "We're grieving. We need to step back and think about this so that it doesn't spiral out of control. We have to make sure we don't make any mistakes."
She was walking down a hallway in the Cannon House Office Building. A plainclothes police officer hovered a few steps away, looking very serious. The Capitol Police began guarding Lee on Saturday because of death threats she received after voting against a resolution authorizing President Bush to use military force against anyone associated with last week's terrorist attacks. The resolution passed 98-0 in the Senate and 420-1 in the House. Lee's was the sole dissenting vote.
"In times like this," she said, "you have to have some members saying, 'Let's show some restraint.' "
Led by her police bodyguard, she moved along quickly, slipping into her office and closing the door behind her. Inside, the phone lines had shut down under an onslaught of calls from all over the country -- many of them irate, some of them downright nasty -- and her voice mailbox was too full to take any more messages.
"We've gotten thousands of calls and thousands of e-mails," she said. "People are very emotional. . . . They're frustrated and they're angry."
She's 55, a small woman with short black hair. Normally, she has a bright smile, but these days she looks sad, worried, harried. She is quick to point out that she voted to condemn last week's attacks and to allocate $40 billion to fight terrorism.
"I'm just as American and just as patriotic as anybody else," she insists.
She does not rule out military action, she says, but she voted against the authorization to use force because she opposes giving the president the sole decision on when and where to make war. "I believe we must make sure that Congress upholds its responsibilities and upholds checks and balances. This is a representative democracy and it's our responsibility."
War, she believes, is not the most effective way to fight terrorism. "Military action is a one-dimensional reaction to a multidimensional problem," she says. "We've got to be very deliberative and think through the implications of whatever we do."
This is not the first time Lee has stood alone against war. In 1999, during the crisis in Kosovo, she was the only House member to vote against authorizing President Clinton to bomb Serbia. "I'm not a pacifist," she says, "but I don't believe military action should be the only action we embark on."
Fortunately for Lee, she represents one of the most liberal congressional districts in the United States -- California's 9th, which includes Berkeley and Oakland. It's the district that was represented by another antiwar dissident -- Ronald Dellums -- for nearly 28 years. Lee served as Dellums's chief of staff for a decade before she was elected to the California State Assembly in 1990. When Dellums retired in 1998, she won the election to succeed him, and was reelected last year with 85 percent of the vote.
"I would have voted the same way," says Dellums, now president of Washington-based Healthcare International Management. "We need to think this through and ask, 'Are there better ways to do this?' "
"I agonized over this vote all week," she says. "I searched my conscience. I talked to many people. Ultimately, on some votes, you have to vote the way your conscience dictates."
Her agony was exacerbated by the knowledge that her chief of staff, Sandre Swanson, was mourning the death of his cousin Wanda Green, who was a flight attendant on the hijacked United jet that crashed in Pennsylvania.
"I support her decision," Swanson says. "The principle on which she based her decision was that somebody should stand up and say that only Congress has the power to declare war. . . . People say she was unpatriotic. I think it was very patriotic."
"I admire the courage of Barbara Lee," says Rep. John Lewis (D-Ga.), who spent the 1960s in the front lines of the civil rights movement. "She demonstrated raw courage to stand up and vote the way she did. She stood alone -- one against 420. Several other members wanted to be there also but at the same time, like me, they didn't want to be seen as soft on terrorism."
Lewis voted to authorize military action but, he says, he came close to joining Lee in opposition. "I was probably 99 percent of the way there in my heart and my soul," he says, "but in the end I wanted to send the strongest possible message that we can't let terrorism stand."
Lee's vote is reminiscent of the first woman ever elected to Congress, Jeannette Rankin of Montana, who voted against the nation's entry into World War I and World War II. It also brings to mind Wayne Morse and Ernest Gruening, the two senators who voted against the 1964 Gulf of Tonkin resolution, which gave President Lyndon Johnson the power to wage war in Vietnam.
On the House floor last Friday night, Lee quoted Morse: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." She added: "Senator Morse was correct, and I fear we make the same mistake today."
Out in Oakland, Lee's vote is the subject of much debate, some of it heated, says Don Perata, the Democratic state senator who represents Lee's district.
Perata calls Lee's vote "wrongheaded" and he isn't impressed with her explanation of it. "There wasn't a lot of clarity there," he says. "I would have cast a different vote. This is a time for a united front in America, particularly in Congress."
But, he predicts, Lee's vote probably will not affect her chances for reelection.
"The district is overwhelmingly Democratic," he says. "There are probably more people who are to the left of the Democrats than there are Republicans."
Also, he adds: "Barbara is very popular here. She's just a very, very nice woman -- and in this business that counts for a lot."
On Monday, Perata says, California talk radio was abuzz with callers denouncing Lee as a communist.
"I was wincing," he says, "because that's not Barbara. She did not cast that vote because she's unpatriotic. She loves this country and its opportunities as much as anybody."
Meanwhile, back in her office on Capitol Hill, Lee was furiously working the phones, talking to constituents and local media outlets.
"I hope that when I get my message out," she says, "people will understand why I did what I did. Whether they agree with me or not, they'll understand that I want to bring these [terrorists] to justice as much as anybody else does."
She declined to speculate on the effect her vote might have on her popularity. "This was not," she says, "a poll-driven vote."
I'm sure the government already knows all of our credit card #'s. If not, they could easily scour the credit card companies for this information, I mean, damn, they're the government.
This is an amazing intrusion of privacy... I mean,[sarcasm] all other aspects of our day to day lives are so secure [/sarcasm], such as phone calls, travel arrangements, previous employment, day to day habits... oops, guess not.
My karma is -1 because I don't use AC posting. LOL.
How many non-americans are in favor of backdoors for US government? I don't think there'd be much support for that! From that point it just means: go get your software outside the US... Since the countries will never agree on "common backdoors" or things like that, forcing the US citizens to use encryption with backdoor would be totally useless.
Opus: the Swiss army knife of audio codec
What evildoer or malcontent is going to use semi-secure crypto?
Crypto systems are relatively easy to implement, why not just use RSA with large keys, or some other method.(I would submit that even significantly large RSA is not secure, but that's a matter for another discussion; There are methods other than brute force that aren't in the literature).
The only entities that are going to submit to such a policy would be law-abiding.
Implementing and enforcing such a policy will be practically impossible without significant resources in the first place!
Who will know the backdoors? first it'll be law enforcement, then certified systems engineers and sooner or later, it'll wind up on alt.2600. and like the article says, a LOT of people will start to lose the contents of their bank accounts.
A much better way would be to modify laws to make it easier for law enforcement to obtain the means to decrypt information from a particular individual. Similar to what they already go through to get a wire tap, they would simply get a court order, then show up and seize all the private keys to facilitate decryption.
If the FBI want my public keys and they have a warrent, its all theirs, but blanket backdoors are bad, because they cannot gaurentee who has access to the backdoor.
A good way to scare the uneducated away from this line of thinking is with this :
Encryption backdoors would be like the government banning locks in case they need to search your house. Sure, they'll have easy entry, but so would the burglers
...when they pry it from my cold, dead hands!
It's sponsored by Microsoft, what would you expect? Microsoft wants backdoor legislation because it's one step away from banning free software.
I guess they made the question in such a way that any average person would think encryption is used only by terrorists and terrorists would actually use the backdoored software... Yeah right...
The "poll" is just cheap propaganda on behalf of Microsoft.
Make even shorter URLs - 8LN.org
While IANAL, whether the transaction crosses state lines is immaterial. All that has to happen under recent interpretations of the Commerce Clause in the U.S. Constitution is that the activity *could* impact interstate trade, not whether or not it actually *does*.
:)
That being said, it's unlikely, in my mind, that Congress actually has authority to enforce limits on crypto under the Commerce Clause because it would violate the 1st Amendment,and possibly your right against unwarrantable searches and seizures, but that's more of a stretch, IMHO.
On the other hand, the fact that crypto is classified as "munitions" (this means that seemingly harmless stuff, such as the Mozilla source code or the DeCSS T-Shirts are actually classified as munitions! scary stuff!) means that actually, Congress probably *can* regulate it via export control. But since you have a Constitutional right to bear arms (heh), they can't regulate it's use by citizens. So there's another reason Congress wouldn't have a leg to stand on.
Again, I'm not a lawyer, I'm just going on what I know from reading, experience and a Businss Law class or two.
My journal has hot
If they implement back doors to crypto, or outright ban crypto, then crypto will go underground. The people who want the illegal crypto will pay through the nose to get it, and will pay the best coders to develop the best crypto. It will be like the drug dealers out-gunning the cops because they have more money to spend on guns.
www.lucernesys.comHorizon: Calendar-based personal finance
now you know how gunowner's feel. "...but it is scary how many people do not realize that the bad guys are not going to play fair here...". now I've seen everything. a little bit of your own medicine tastes good, eh?
I have now on my desk a copy of a document prepared by a leading think-tank over a decade ago detailing our nation's vulnerabilities to terrorism and what should be done about it. In the wake of last week's tragedy I took the document out of its file and read it again with new eyes. Last week's attack could have been much worse. Thank God the people who wrote that document are on our side. It is a shame we didn't listen to them.
...Perhaps the most insidious form of adulteration is the accidental or deliberate entry of false data into a computer network because until the problem is detected incorrect decisions are made and once the problem is discovered user confidence in the system is shaken... ... identifying false information is a critical function that can be seriously complicated by adversaries' use of deception.
... But again, the most insidious form of the problem is associated with communications: tapping networks is a primary source of illicit information both in the business world and in foreign intelligence... ... so that communications and database security is of significant importance.
If you are feeling bad about the role encryption plays in allowing terrorists to act freely, perhaps some excerpts from this document will ease your mind and open your eyes to the usefulness of encryption systems in combating terrorism. Also keep in mind that this was written in the mid 1980s. I apologize in advance for not giving proper credit to the authors, but I'm sure that they understand why.
-- begin quote --
Adulteration, the accidental or deliberate injection of undesired material into a network, can cause serious problems. Accidental diversion of unintended liquids into a pipeline system, like accidental switching of a train onto the wrong track, sometimes leads to disastrous results...
...
Leakage from networks is at least...
...
MEASURES FOR RISK REDUCTION
Robustness
protective enclosures
solid construction
guards
deterrent laws
human engineering to reduce errors
operator training and practice
ENCRYPTION OF INFORMATION (emphasis added)
Ruggedness
redundancy
excess capacity
backup systems
error correcting coding for communications
emergency response teams
crisis training
alarm systems
automatic diagnosis systems
emergency subsystems
preplanned triage
public or customer emergency instruction arrangements
Resiliency
stores of critical spares
emergency recovery teams
training of recovery actions
insurance
procedures for sharing abnormal resource costs
pre-established plans for implementing improvements rather than return to status quo ante
-- end quote --
The measures listed above were to be encouraged in PRIVATE organizations and amoung the general public. I have reproduced the entire list because unlike the rest of the report it should be shared amoung as many people as possible, especially in business. As you can see public use of encryption is on this list.
It is important that businesses, and other organizations, be able to encrypt data securely so that critical vulnerabilities and response plans cannot fall into the hands of terrorists. It is important that businesses be able to encrypt and digitally sign communications so that false data or false orders cannot be transmitted that will cause their facilities to be damaged or an inappropriate action taken that could jeopardize lives and infrastructure. People need to be able to encrypt data and communications so that they will be less susceptible to blackmail (supposedly "no organization is secure from an operative who finds a well-placed secretary that is having an illicit affair") or assassination by terrorists.
Encryption is a powerful tool. It is as useful for protection from terror as it is the commission of terror. We cannot prevent the terrorists from having access to these tools; so we must seek to learn to use them better ourselves, and to make sure that they are in the hands of "the right people." With the ever-increasing reliance on data collected and sent over electronic networks in the making of critical decisions by all sectors of society, failure to use encryption and digital signature technology could be very bad.
The above comments were orignally made by me a few days ago to someone who had done encryption work and was now questioning whether our current privacy/security ratio would or should be changed. I apologize for using recycled electrons, but I thought the comments were equally applicable to this Slashdot story because they show the role that encryption can play in protecting people from terrorism (and espionage and vandalism and organized crime...) and I am leaving for a meeting so I don't have time to rewrite them.
Please, anyone who takes an online poll seriously is loosing his mind.
The mindless law-and-order rednecks who hang around at FreeRepublic.com regularily post comments on their forums encouraging their members to "Freep" the poll (using their lingo). Now, if Slashdot had posted a notice requesting that *we* all 'Slashdotted' that poll - do you think the results may have been different?
Without the usual mention of The Three Greatest Lies (Statistics, Statistics and Statistics), I will mention that ONLINE polls even miss the basics of reasonable methods... like unbiased 'random' samples for instance.
Why can't a find a link of this "poll" at the site?
... ] helpfull" in
*I* certainly was not selected to provide input in
this poll.
Were 72 percent of Americans provided this poll?
Then where does this "72% of Americans believe that
anti-encryption laws would be [
preventing terrorist attacks?
More like, 72 percent of Americans that were
actualy polled, believe this to be true - we're
probably only talking 72 percent of a few thousand
individuals here.
As if that wasn't enough, the headline to that
trash of a story is: "Americans back encryption
controls"... ! wtf?
Believing that encryption control may help to
prevent terrorist attack in no way suggests that
encryption control is actualy thus being backed...
by 72 percent of Americans for chrissakes!
sheesh.
Yesterday, I found petition which was advertised in an earlier slash-dot discussion. Is there another petition for the security point? This one seems overly broad for this specific topic.
...
We the undersigned, endorse the following petition: CALL FOR PEACE & JUSTICE!
Target: George W. Bush President of the United States
Sponsor: Eve Lyn
URGENT! In the aftermath of the ruthless attack on the World Trade Center and Pentagon, we implore the leaders of the United States to ensure that justice be served by protecting the innocent citizens of all nations.
We demand that the President maintain the civil liberties of all U.S. residents, protect the human rights of all people at home and abroad, and guarantee that this attempted attack on the principles and freedoms of the United States will not succeed.
We plead for a thorough investigation of the terrorist events before any retaliation.
We call for PEACE and JUSTICE, not revenge.
In Solidarity,
The Undersigned
All back doors would do is compromise the security of the honest user. Allowing anyone from the FBI, CIA, KGB, or any hacker with a little time and intuition to gain access to your "thought to be secure" file. The people really trying to hide illegal activities with in encryption will be using "non approved" forms of encryption anyway if this legislation goes into effect..only hurting peopel like us who use it for peace of mind..not illegal activities. Encryption with backdoors completly goes against the whole reason to encrypt data in the first place. Calling encryption with backdoors secure makes just as much sense as a someone with a camcorder and the entire Real Doll collection calling himself a porn star ;)
"It's better to be a pirate then join the Navy"
Get over to www.rubberhose.org and check out the sort of thing you could do to defeat this.
(The idea being that 1 encrypted file has more than 1 pieces of encrypted data. You encrypt something plausible which you can reveal when the police ask you to decrypt it, but there are more encrypted messages in the same file. There should be no way of knowing how many encrypted messages exist within the one file.)
In the recent mafia case, PGP was defeated by using keyboard capture methods. I believe the people who answered this poll probably include this kind of "back door" in their yes response. I do. We need to emphasize these methods instead of the futile idea of having everybody change to new weak forms of crypto.
Key escrow is studid, but we need an alternative. There is no right to secretly plot to blow up buildings. The governement should gather probable cause and get wiretapping permission with a court order to target an individual. I think Ashcroft's idea to target people instead of devices makes sense, but I don't want weaker standards of judicial oversight.
Encryption absolutely can be defeated if, by physical or cyber processes, keyboard capture and screen capture are used. Since the bad guys aren't going to change their crypto, we have to do this anyway. It's been proven effective and it should be the focus of national efforts to defeat encryption.
MSNBC does.
sulli
RTFJ.
I already wrote my representatives a couple days ago about both crypto and allowing law enforcement carte blanche to monitor US citizens. Obviously I oppose both. If we create crypto controls in the US the Internet revolution will come to a grinding halt. I tried to couch in terms that they would care about, which in this case is about business and the economy. I can't mention how important it is to write your representatives and convince them how dangerous it is to try and take up this kind of flawed encryption system...
... unless We Don't, and someone else tries.
Because let's face it, we're the last ones they'll listen too. We're strange figures, and highly supspect already, and for those from there, probably very "unamerican" too.
Who knows what our motives are...
I know this might look like flamebait to some of you, but it is not the intention at least. Just think about it - we are not the people some highstrung conservative and technically illiterate politicians would listen to, no matter what issue.
So. Who should tell them, and how? This, I think, is worth pondering. Or?
Well, to prevent this I would suggest installing a "crypto backdoor".
Sorry, I couldn't resist.
law abiding citizens will follow the law. Criminals will break the law. pretty simple.
If someone wishes to pass information on to somebody else without anyone else knowing what is going on, putting backdoors in crypto packages and outlawing the rest isn't going to stop them.
The sheer volume of information sloshing around between machines means that you have to ignore something - processing all of it is verging on the impossible even if you don't have to decrypt. Say I wanted to tell Fred something important - "Free beer at John's house, 9pm" - and I was banned from using crypto. I could play with any number of obfuscations - I could encode the ASCII bits into the least significant bit of the red channel of an image. I could speak it and send it as an Windows executable with a MP3 component welded onto the end which could be extracted by knowing how long the original executable was. I could hide the message hidden spread through an MPEG file in some redundant byte in an MPEG frame header. Given a known random number generator and a given seed, you could XOR your message with the obfuscating signal. The number of ways to play this game is at least as complex as the number of data formats available.
So even if you had a complete and effective ban on encryption (which is impossible) you still couldn't process or intercept all the info flying through your checking portal. And even if the encryption ban stopped terrorists from passing information through the Internet, you haven't stopped them communicating - you have just made them use something else. Like encrypted packet radio or laser interferometry.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
Wow. I didn't know 28% of Americans have read Applied Cryptography!
:]
I'm not entirely against massive invasions of privacy... provided they're not one-sided.
i.e. if the police have a CCTV network, (a) it should be public access and (b) there should be public-access cameras on the police too.
This somewhat trite example generalises to more other domains too - e.g. no branch of government should not be allowed use crypto if the citizens aren't.
The answer to the quesion "Who will watch the Watchers?" should always be "The Watched".
*Asymmetric* flow of information increases one person's power over another. To preserve the balance of power in the event of anti-crypto legislation, it would be neccessary to further increase the transparency of governmental security operations.
David Brin (well known hard sci-fi writer, among other things) has analysed this is in an easy-to-read manner in his book "The Transparent Society", the first chapter of which is available on-line here
I strongly recommend reading it, it illustrates problems with the logic of both some privacy advocating positions and some privacy invasion advocating positions.
Choice of masters is not freedom.
...don't know how to pull there head out of their ass.
The two most common things in the Universe are hydrogen and stupidity. -- Harlan Ellison
...interesting to see if Internet traffic jumps sharply as people switch to using steganography to stuff their confidential emails inside mp3's and jpg's.
-- SIGFPE
Wiretaps require a warrant from a judge.
Best Slashdot Co
This is a chance for alot of politics to do things they always wanted to.
One of these things is what is described here.
Also, some law written in the 70s (I believe) stated that America can not legally issue assasination orders. They want to repeal that.
Also, they wnat to make phone tapping much easier. The law right now is you have to not only get a warrant to tap a phone, but you can't monitor a person, just a specific phone line.
And finally, all military upgrades are going to be majorily supported by the public (can you see more republican support?) in the near future.
Lets not let our rage cloud our vision.
Politicians will always be politicians.
People need to not listen to them. Any good poli-sci professor will tell you
straight off the bat the polls lie. More accurately, they reflect the public
response to the specific wording of the pollster's question. If I ask 1000
people "Should arabs be forced to carry special id and check in specially at
airports in order to minimize the terrorist potential in America?" i'd prolly
get 70% yes. If I asked "Do you consider it innapropriate to require people
of arab descent to be forced to carry special identification and be subject to
additional searches?" i'd probly also get a majority yes. Point being,
people, en masse, will respond more to the tone of the question than the heart
of the issue. Any poll that can be conducted can be trivially reworded,
without affecting the true issue being questioned, and get the exact opposite
result. Keep this in mind as the polls start flying in favor of decreased
civil liberties and criminalization of certain forms of encryption.
-k
:
99.9% of Americans when polled, believed that a total ban on flying would have prevented the WTC disaster.
The poll was conducted with a random sample of 1000 people on September 13th/14th. Followup questions revealed that the 1 person who dissented had not heard of the World Trade Centre terrorist attack.
Asked to comment, a source close to the statistics department said "it was a damn stupid question to ask, just like the earlier question on crypto. But hey! We have to spend our grant money somehow!"
Donte Alistair Anderson Roberts - hi son!
Karma: Chameleon
Whether you like backdoors or not, they will work as follows:
If you detect (automatically) illegally crypted traffic, you investigate the source and destination IP addresses, connection patterns, amounts of data etc. You may legally raid the offender's home. If it turns out to be an innocent Slashdotter, you'll just slap their wrist (confiscate the computer, block their IP access for a couple of years).
If the lead takes you to the real thing, you'll devote your precious attention on those contacts.
That'll make the terrorists abandon strong encryption and favor traditional security through obscurity, and hide their message in plain text.
Now it is possible to use generic, innocent-looking plain text as a carrier for strong encryption. How do you prove nonsense English transmissions to be against the law?
However, such simple regulation can work very effectively. That is the reason I still have to keep my wireless LAN (and my NFS file systems) open to the world -- Mandrake 8.0 doesn't have IPSec installed by default.
Marko
... while an accurate quote, it's becoming as annoying as the Nostradamous fake one. Please, no need to repeate it all the time on every thread !!!
- sigs are for wimps.
However, if the question was asked as "Do you support the government having unlimited backdoors into all crypto tools, even if it meant your ecommerce transactions were more vulnerable to hacking as an unintentional result?" - I HIGHLY doubt we's see 72% saying yes!
I AM, therefore I THINK!
In the light of last weeks terror attacks and the obvious need for coordination on the attacker's side, most likely by the means of encrypted messages, I can understand the people's reaction. But let us have a look at what cryptography achieves. Cryptography achieves that an eavesdropper cannot read the content of a message. Cryptography does not mask the fact that there is a message being exchanged between two parties. The knowledge of a message interchange (and maybe a peak in activity) is an important piece of knowledge to criminal investigators. Sometimes it is not important to know what a message contains, but to know that there is a message. Now when you are implementing backdoors in popular cryptoolkits you are forcing people to use other means. For instance steganography. Hide the fact that you are sending a message at all. For instance use a webcam that shows the picture of a busy place in London. Now embedd a message in every 16th, 15th, 14th, ... (alternate it please) bit and send it to all viewers. One of the viewers knows that there is a message and the time of the broadcast. He will get the message, others won't. Yes, there _are_ methods to detect embedded messages, but these methods do not perform very well on a constantly changing stream of information. This would be method one. There are other possibilities. Even if you put a backdoor in a package like PGP, the algorithms are open, what will stop a terrorist from implementing his own PGP. This is not rocket science. What will stop him to exchange a shared secret (use the good old book-page method or whatever) and then use an insane amount of bits for a symmentric encyption? So I do not think that backdoors will do much good. They will stop Joe Blow "I hide Pr0n" but not somebody who is educated about cryptography and knows how to use (and implement) it.
The argument that we should have backdoors on everything crypto, is very simular to the logic "we should ban guns to keep the public safe." The problem of course, is that the criminal still has a gun, and you are unable to defend yourself.
.. spawning Microsofts new slogan.. who do you want to be today?
Only 'flamers' flame!
Death to opensource. The any release of any sourcecode under any kind of license to anyone will now be illegal. Yeah. Bye bye linux and bsd and other lame shit.
You know, this got me thinking. I haven't had the time to read *all* 17,500 posts related to this tragedy. In the few thousand I have been through, I haven't seen anyone wonder about the future about the NSA's SELinux.
Now we all know that any government-sanctioned encryption scheme is going to be relatively weak, like 56-bit DES. When you add backdoors, all our data is going to be about as safe as an anti-aircraft gunner in Afghanistan next Friday -- not very. Now I realize that so far their project has focued on strong interprocess protection vs data security in the raw sense, i.e. strong encryption. BUT, with a name like "Security Enhanced Linux" one would think that strong encryption, still freely available so far, would become a focal point in their products down the road.h
What would happen if/when the NSA has to abandon the SELinux project because a) its illegal to use backdoor-free strong encryption, and b) they can't publish their distro without releasing the source code to their changes per the GPL.
If Linux goes to the skunkworks, we're going to need a new mascot. The dark sunglasses on tux won't cover it anymore.
In other news, I have been able to do POP3 over SSH in the past, but with ssh 2.9p2 on all my clients and servers, I try to port forward 25 for secure smtp, and I get:
channel_open_failure: 2: reason 1 bla bla bla
connection closed by foreign host
the remote host has ssh listening on a non-standard port, and ipchains blocks all other ports. When I ssh to the box I am able to connect to port 25 on localhost. I have the "no passphrase" ssh login working fine.
Any ideas, anyone?
Intelligent Life on Earth
How does that keep you from speaking out? I've had letters to the editor published without using crypto. Hell, I'm not using it right now, in this message. Lack of crypto in slash certainly isn't restraining my speech.
Best Slashdot Co
Tune into MSNBC for more exciting details and developments. Dumb, Da-Dumb-Dumb, Dumb-Da-Dumb-Dumb, Dumb.
Friends don't help friends install M$ junk.
Forgive my naivete, but I am wondering how such a law would affect those who already have an installed cryptography program. Did someone crack PGP when I wasn't looking? Assuming they haven't, then all one would need to do to make sure one's communications remain secure is NOT to upgrade their cryptographic software, methinks.
Almost 50% of Americans have a below-average intelligence.
Coming to the US on a visa is a priviledge not a right. With suitable restrictions, perhaps a narrow restriction on strong crypto would fly.
What would be wrong with a narrow law that said that if you are in the US on a visa that you cannot send encrypted messages across US borders without key escrow.
I'm very worried that a hard line stance on this will fail. A narrowed alternative may be something we have to propose.
Just re-encrypt your surreptitious crypto with your officially mandated backdoored crypto. Looks the same, and won't show its real nature until they get the subpoena - and find it useless. Oops.
Polls like this are the worst examples of manipulation. The polsters rely on the general public's ignorance, and go out of their way to perpetuate that ignorance. We went once around with this last time the WTC was attacked. And guess what.... the terrorists did _not_ use encryption then either.
"The terrorists responsible for the World Trade Center and Oklahoma City attacks did not use encryption. Furthermore, both the New York and Oklahoma City bombings were solved using traditional law enforcement methods of investigation, not electronic surveillance... Moreover, the validity of the government's demand for unprecedented power to invade privacy in its concern over terrorism has to be considered in light of other preventive efforts." [story here]
And [here] is an interesting story from [U.K. Yahoo] concerning the absolute futility of any effort to hurt terrorists by restricting crypto.
My recommendation: encrypt your snail mail.
-- "It was as if the paint factories had decided to deal direct with the art galleries." - Thursday Next
Let me think... I'm a crook. I need a gun to pull off my crimes-- but guns are illegal-- dang, time for plan b!
is just as likely as
I'm a terrorist. I don't want any governments or secret agents reading my message so I need to encrypt it-- but doh! crypto is illegal-- dang, time for plan b!
"You may all go to hell and I will go to Texas"
Sen. Davy Crocket to US Congress, Nov. 1, 1835
If it does go down that road and we all end up having "faulty encryption" I believe I will still find or write encryption that will not adhere to these terms, if they want to take me to court over it, let em. I'll then decrypt my grandma's cooking tips and recipese for those oh-so-tasty cookies of hers and see how much the jury laughs.
Seriously, convincing the public to provide back doors in security 'just in case' is like asking for a copy of their house key, and one of their safe deposite box. Come on!
---
ps -aux | grep mind
Okay: Everyone raise your hand who is willing to die for their right to use crypto. I mean really die -- or even suffer serious bodily harm -- standing up for your rights?
Whenever I see these topics come up, they're always accompanied by one-line comments "They'll only get my gpg when they pry it from my cold dead fingers!" Come on now -- would you let them kill you rather than give up your crypto?
You find out what people truly, honestly believe, deep in their hearts and souls, when they're faced with the raw reality of standing firm against inimidation and violence. Looking down the barrel of a gun is a damned good test of one's convictions...
All about me
According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C."
I think this comes under the heading of masters of the obvious. It's not the answer that's stupid, it's the question. M$ will now take this to congress and push their agenda.
I'd like to know what % of americans would feel safer if we had a truely free and independent press (mass media). I know I would.
When VPNs are outlawed, only outlaws have VPNs.
Anyone have links to resoultions/bills/etc. that Congress has actually passed/put on the floor/whatever? I came up empty handed last time this was up on Slashdot.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
That is why the government wants us all to use WINDOWS OS.
The following is written in the format of an editorial targetted at non-technical users. Anyone lobbying against crippling encryption is welcome to use it. It's (c) 2001 Stuart Ballard.
Should we require all encryption to have a backdoor?
A recent poll on MSNBC suggests that the vast majority of Americans would favor legislation requiring all encryption software to carry a "back door" allowing the government to read through it, as a means of preventing tragedies like the one that occurred on September 11th. This appears to be a legitimate attempt to protect the security of our nation, but let's look a little closer at what the effects would actually be.
On the internet, "encrypted" is the same as "secure". Remember when your web browser tells you you've gone to a "secure site"? Remember how everyone tells you never to enter your credit card number on the internet unless it's a secure site? That's right - the same encryption that evil terrorists use to plan killing people is what stops evil hackers from stealing your credit card number.
And remember, evil hackers are clever. If there's a hole in something, they'll find it. Remember all the viruses and worms you hear about? Those are all using holes that nobody even intended to put there - they were there by mistake. Imagine how much easier it would be to find a backdoor-sized hole that was put there on purpose!
Now the question seems a little harder to answer, doesn't it? Keep your credit card number safe from hackers, or keep your country safe from terrorists?
But it's even worse than that. The way encryption works is just math, and it's math that somebody with college-level mathematics knowledge can learn in a matter of hours. There's a page on the net that encourages every programmer to write his own encryption program just to learn how to do it - it only takes a few hours for a competent programmer. That knowledge is so widespread among programmers and mathematicians that it would be impossible to legislate it away - and any attempt to censor that knowledge would be laughed out of court on First Amendment grounds.
So why would a terrorist use a commercial encryption program with a known hole in it, when they can write their own in a couple of hours? Or even just keep hold of the copies they have now, which don't have the hole?
So what was the question again? Oh yes: should we make it easy for evil hackers to steal your credit card number, without actually stopping terrorists from communicating just as secretly as they already can?
Hmm... What do you think?
If i wrote a script that would post this overused cliche in reply to any article with the phrases "crypto", "civil liberties", or "big brother"?
Just about every story there is, someone goes "hey, it would be real clever of me to post that Ben Franklin quote! I bet nobody's used that quote before in a crypto argument!"
The more I read on here, other places, listen on the Radio, and watch on TV the more my blood boils.
People are screaming "WE MUST DO SOMETHING!". I agree 100%. We must do something, and that something is THINK. Quit trying to solve problems that don't exist or are just symptoms/side effects of the real problem.
We have to ask the question "Does this fix the problem?".
National ID Cards
What genius thought this one up? What problem is this going to solve? "Can I see your papers please?", "Uh I forgot my ID at home". Off to jail you go. I already have a "National ID", is called a Social Security Number.
Curb-Side Check-in Discontinued
What problem does this solve? Does anyone know if the terrorists even had luggage? I know that I have taken several trips with only a carry-on. The person doing the curb-side check-in still looks up my information on the computer and verifies everything before hand. This solves nothing, except to give the public a "Warm Fuzzy Feeling" that we have "Heightened Security".
Banning Knives, Box Cutters, etc..
Would this solve the problem? Doubtful. The problem is the conditioning of the public that if the plane is hijacked, the best thing to do is just sit there. The hijackers will make their demands, and eventually, we'll all get to go home. This incident changed that. The next time someone tries to hijack a plane, (hopefully) everyone on the plane will try to take them down.
Banning knives and such wont fix the problem. A pencil is just as good a weapon as a knife. Should we also ban these? What about people trained in Hand-to-Hand combat? People can kill with their hands, feet, etc...
Back-Doors in Encryption
How is this going to help? Has it even been proven that they used encryption? What type did they use? How did it help them? Everything I have read so far has been 100% speculation.
Do you think the Government is going to have back doors in THEIR encryption? I don't think so.
What chilling effects are going to come out of this? Banks encrypt their transactions such as money transfers, etc... Now what happens if that "Back-Door" falls into the wrong hands? What about e-Commerce? Will your on-line transactions be safe anymore? Faith in on-line transactions such as buying goods, paying bills, etc.. will plummet if the "Back-Door" becomes public knowledge.
But then again, as one radio talk show host here in Phoenix, put it "Who cares?". These are things about convenience, right? No, these things are about Freedom. The Freedom to do as we want when we want to. The only time we are not allowed to do that is when it infringes on the rights of others. This is true for the most part, however, there are plenty of exceptions to this rule, take the DMCA for example.
Again, how is this going to solve the problem? So we put back-doors in our encryption, now what? The terrorist simply change to other methods. They drop a letter in the mail, and it arrives at the destination in as little as a day. Are we going to allow the government to open every single letter that travels through the post office?
Who says they have to use typical Modern-day encryption? There are many ways to send "coded" messages that appear harmless to anyone looking at them.
Problem: Hijackers took over the controls of the plane
Solution: There are several that I have read about that actually make sense and would probably help this problem. Make the cockpit self-contained. No access to it AT ALL from the rest of the plane. If you can't get to the controls, you can't take them over and fly the plane into a building.
Problem: Hijackers take hostages and claim to have a [insert device here]
Solution: Everyone on the plane attack that person or persons. After the event on September 11, you would have to be stupid to just sit there.
Problem: Security check-points at the airport are a joke
Solution: Do not leave security to people who have no clue about it. The private sector is not interested in security; they are interested in the bottom line. The government either federal or local needs to be in charge of security. Pay the people who do the security better.
Problem: This person is a known terrorist
Solution: Kill them before they can do it again.
Before you go and piss away your rights, take the time to think about whether or not its actually going to help things, or just make life for most Americans that much more difficult. If it really had a good logical reasoning behind it, I'd take it into consideration, and might even vote for it. The problem is, is that everything that people have been suggesting is knee-jerk reactions that only give the perception of "Solving" a problem when in fact they actually don't solve anything.
Do we really need more laws? The government has already found 180+ people that might be involved with this with the laws we already have. Would adding new laws make that much of a difference? The terrorists worked with-in the system, and if the system changes, they will probably adapt as well.
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
"72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks..."
this is not the same thing "favoring" such a solution... i think that having every american citizen stopped at checkpoints every 10 miles on every highway would be 'somehwat' or 'very' helpful in preventing drunk driving, but i certainly don't "favor" it as a solution.
i abhor the idea of crypto backdoors, but i would've said "yes" on this poll as well...
Crypto backdoors probbably would not help prevent another large scale attack as terrorists encription will obviously not be created with government access to thier data in mind. The backdoor will however give anybody with enough tech savvy to exploit the backdoor unlimited access to any encripted files thay find which may include your personal details including credit card numbers!
I wonder if this was explained to people who took part in this poll or did they just rush in while the nation is still in shock to get the result they wanted.
The US government does not run the world. If the US does require a "backdoor" no one would buy any security product from a US company. Who, outside of US, would actually feel comfortable sending encrypted messages that the US government can decipher.
If I ran a US company that produces such a product, I would be fighting this "tooth and nail" fearing that I would lose all of my overseas clients.
How are crypto programs going to be open source and provide a backdoor?
include backdoor.h ???????
this is an afront on LINUX pushed by M$
* Carthago Delenda Est *
so I'm not for this in any way... but... yes, terrorists are not going to play fair here, which could be their downfall. Any transmission that couldn't be "backdoored" could be flagged and traced, leading to the bad guys. I know, that's easier said than done, and this backdoor is a dumb idea, and blah, blah, blah. Looking back, this post is terrible. Oh well, my $.02
Intel transfer the difficult from Hadware to software, for get more power, programmer need more technology. -- chinaitn
Imagine after passing such legislation domestically, the the US government might force similar laws upon other countries (otherwise they'd be 'harboring or aiding terrorists', and US'd threaten war and sanctions), or even went as far as to have all keys relinquished to some international anti-terrorism force controlled largely by the US?
The subject says it all.
Everybody considers themselves an expert at everything even though they are probably only an expert at zero to one things.
Contrasted to slashdot, where we know everything about law enforcement, the government, and defense. :)
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
The important point raised here is that the Java-based chat client (DigiChat) keeps no logs of the communication which goes through it, and in a forum as underused as Appinsider (have you seen their 'latest' update?) at times you could have an almost private, unmonitored communications facility simply through the underuse of the this part of the web.?
Unlikely as this may be, I guess the point is that terrorists could virtually teleconference without even using a technology which needs to be encrypted and most probably will not be being monitored by the government and federal agencies.
would love to get his hands on these back doors.
It would be funny if he has lobbyists in the US pushing for these bills.
Should the government beable to obtain information about online conversations you've had related to events of national importance, that is whenever they feel it is of national importance to do so, that is whenever they want, that is they're going to expand their net of social control to incompass all forms of communication and thinking?
(Yeah, the last part is suppose to be part of a statement; it's a trick like that: instead of being asked what you think, by the end of the poll you're being told what to think).
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
Is like letting sheep graze amonst wolves...
Next thing you know it's the wolves calling the shots and the wolves not going to give a shit about liberty.
Of course, let's not trade our ESSENTIAL liberties for a policy that ACTUALLY expects criminals to use an encryption scheme that gives the government a back door???
BTW, Did Ben Franklin even say that???
"Communism is like having one [local] phone company " - Lenny Bruce
The very idea of doing this is ridiculous not just from the standpoint of the loss of privacy, but because the technology for strong encryption is already all over the place. This isn't a situation where a law is passed and suddenly every existing crypto program self-destructs to make way for the new system. No terrorist in his/her right mind would use the system with the backdoor. They have people who are willing to commit a suicide bombing. Surely they wouldn't have a problem with bending the law and using an old unprotected crypto program.
By this logic, we should also outlaw guns. They might be used for terrorist operations. We all know that passing a law against the use of guns will cause every one of the millions of guns in this country to vanish as well.
Josh Woodward
Right now, you could ask Americans if we should paint all tall buildings blue so terrorists would have trouble hitting them with a plane.
Painting the cockpit windows in black would be less expensive.
The survey found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks
What a useless survey. Since when does your average American know anything about encryption? Or how terrorits use encryption? Or about U.S. constitution for that matter... *sigh*
...when people confused by the question realized that a crypto backdoor was *NOT* in fact having your backdoor look like that of a crypt.
Don't terrorists already have encryption programs? So how can those be made to have backdoors... Isn't this all just a tad late?
I think you'll have quite a time convincing terrorists to turn in their crypto for new, back-door enabled, crypto...
"When the going gets Weird, the Weird turn Pro." - HST
Even if they get every crypto software with backdoors, terrorists just have to use older versions (without backdoors). They could use steganography to hide this use.
No really, such a law would only prohibit _legal_ use of crypto without backdoors.
The media should quit talking about script kiddies and address the real threats: social engineering. I guarantee you that after working for a couple years in a financial, customer care workplace where we were making outbound calls to resolve financial matters for our customers, it wasn't the phone that was the limiting factor on obtaining information, it was the person on the other end of the line. Probably 1 time out of 15 I can get a customer service rep to give me more than enough info on someone given certain little bits of data. With smaller companies, sometimes just the name, and a well-meaning rep will be all I need to get more info than I could possibly even want (once in a great while I actually had to cut people off while they dropped all kinds of info because I was too busy to write it all down!). That's not to say that I would ever think of trying to breach security for my own personal illegal use, because I expect others not to misuse my personal data either, but let's quit cracking down on the technical factors, and crack down on the degenerate human factor instead...
Now, one of us uses a copy of PGP (pre-backdoor) or codes his own blowfish app and uses it to encrypt her letters to CyptoGRRL Magazine. How is the US going to stop her from doing this?
What do officials say?
"We were randomly sampling the crypto streams traversing the net and noticed that our backdoor key didn't work on your message stream. You are in violation of US Code BlahBlahBlah."
Doesn't that seem to open some other sticky questions? I mean, if I'm not breaking the law (other than using strong crypto), how are they going to tell or prosecute me?
It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.
Besides, development of Open Source versions of crypto programs would continue in other parts of the world. The US won't be able to stop that. I could just download the program from CryptoGRRL.de (as long as the server actually resided outside of the US).
Note that the question is not 'Would you support backdoors in cryptography', but 'would backdoors be helpful?'
Two ENTIRELY different questions. The results of this survey have no relation to whether or not Americans actually SUPPORT said backdoors.
I think any one of us would be hard pressed to say that crypto backdoors wouldn't help the investigation. Simply admitting that doesn't mean you think it's right.
That's because 72% of Americans are too stupid to know how to use crypto...
Just because I AM paranoid doesn't mean they're NOT out to get me.
It seems that many of the terrorists didn't even encrypt their messages according to this article.
For every bad use of encryption, there are thousands of legitimate uses that actually save people money and protect their information/privacy.
The fallacy with banning encryption is if you outlaw encryption, only outlaws will use encryption!
Gene Ruebsamen
Orange County Real Estate
ERA Champion Realty, Inc.
The reason for my suggestion is so that the NSA, FBI and equivalent agencies in other governments can separate the truly dangerous traffic from the uninteresting, and focus their efforts on the former.
Does this imply some degree of trust of the government? Yes, it does. As does giving weapons to an army or having a police force! If you don't have a government that can, in general (if not in every case) be trusted with measures needed to provide its citizens with security, then replace it with one you can trust, or go live in anarchy!
In the US we have a constitution which is given more than just lip service by these agencies. And we have popularly elected oversight bodies with built in incentives to expose misuse of these tools. It isn't perfect (what is?). But in general it works - and that's about all you can expect from any government.
I have things I want to hide from most readers (say - my credit card numbers) but I have no reason to hide them from the government. Nor do I have a constitutional right to do so in cases of adjudicated surveillance. The fourth amendment has the word "unreasonable" in it for a reason! The reason is to *allow* reasonable search.
So, if you care about the security of your fellow citizens, don't use encryption just to thumb your nose at the government! You shouldn't expect any more privacy on the internet than on your cell phone! You do *not* have a "right" to privacy on the internet, just a right to be secure from unreasonable surveillance.
Those who use encryption to intentionally burden the NSA and FBI are unwittingly helping the terrorists! To you people, I say: wake up! You have a moral responsibility to your fellow citizens, especially when war has been declared on your nation, your way of life and your civilian populace.
To those who way the terrorists will use uncrackable encryption or (more likely) steaganographic systems to evade these measures, I offer the following arguments:
To those who use the slippery-slope argument: all government is a slippery slope. If you don't want your freedoms on a slippery slope, go live in a state of anarchy. Otherwise, it is foolish not to recognize that you must and do give up certain freedoms in order to live in a civil society and gain some measure of protection from those who truly do mean to kill you or force you into their narrow way of life (for example, extreme Islam).
And to those who keep quoting Ben Franklin... kindly button it up! Repeating his statement without a considered understanding and discussion of the trade-offs is just silly. Ben Franklin certainly understood the necessity to give up some freedoms to purchase some security, or he would never have supported the formation of the US Government (or any government), or its constitution.
Finally, I pose the following not completely unrealistic choice: free encryption for everyone, and a military draft to fight the consequences; or some reasonable limitations on your privacy? It may come to that!
I grew up in the age of the draft, and we recognized that it was needed for our security then. I gave up enormous amounts of freedom when I served in the US Navy, and I did so voluntarily, because I believed that the country needed defending, and would do so again if I wasn't a graybeard with a family to take care of!
The only good weather is bad weather.
Not many people know this, but when the 802.11 committee began discussing crypto, back in 1993, the first thing that happened was that the NSA turned up. There are plenty of people that can verify this, and I was involved myself, but I'm sure most people here will not need too much convincing.
There ensued a debate about what was permitted and what was not. The NSA wanted something even weaker than what they were eventually negotiated up to (they wanted fixed IVs - those familiar with the debate will know how disastrous that would have been).
What the NSA got was something that they could crack easily in 1993, and which can now be cracked easily by absolutely anybody. If new laws get passed now, no doubt the next rev of security (802.11i - I'm active in that group) will get it's legs broken too.
There was supposed to have been an 802.11 meeting in Bellevue this week, but it got cancelled due to travel chaos. I'll be waiting eagerly to see if the NSA/FBI/whoeverelse turns up at the next (November) meeting and starts telling us we're not allowed to do it properly this time either.
oh, and I guess you don't need me to explain why I'm posting as an AC (I do have an account, btw...)
The posted article on MSNBC is wrong.. If you went to Washington, DC in search of the Pentagon you are going to be searching a long time.. The Pentagon is in Arlington, Virginia.. It's a stone's throw from DC but not in DC..
IS
I wonder if 72% even knows what encryption means. (And that they already use it.)
Defendent: I was using a built-in feature of the software, your Honor, for the purpose for which it was intended.
Prosecutor: Would you care to elaborate?
Defendent: Your Honor, all bank software is required to provide a back-door to the encrypted passwords, another to the encrypted personal accounts file and another to the encrypted transmisions, as per the Encryption Intelligence Law, 2001. As these are known, provided features, for the purpose of allowing outsiders to obtain this information, use of those features is implicitly authorised, and hence not computer misuse.
Prosecutor: Ah, but it's intended for proper authorities, to prevent criminal acts, not for criminals to commit them. Are you claiming to be a proper authority?
Defendent: Your honor, the law does not define a "proper authority", and the EULA for the software concerned does not place any actual limits. I would argue that a "proper authority", then, is only defined as someone who has access.
Judge: Are you saying that successfully hacking a computer is actually legal, under this law? And that only failing in the attempt is criminal?
Defendent: That is so, your honor.
Judge (after looking the law over): You would appear to be correct.
Prosecution (splutters): Admit, sir, that you at the very least pretended to be someone else, for the purpose of these transactions!
Defendent: No, sir. As all transactions were through mandated back-doors, there was no need to claim to be anybody.
Judge: I've heard enough. This court is required to enforce the law, not create it. That is the task of the legislature. If the law legalizes this, then that's the law I have to judge by. The defendent is found Not Guilty.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
If cryptography was banned, then only the criminals would have security!!!
WAKE UP PEOPLE!
It's not clear what form proposed legislation will take- key escrow or backdoors (by which the government could decrypt files and network traffic having a private key provided by the user or manufacturer). If users themselves are required to register private and symmetric keys then it would still seem to be legal to possess and use crypto, Open{BSD,SSH, SSL}, GNUpg, included- so long as you register keys (Would you have to register your key for every SSH session?) but if the onus is on developers to provide keys/backdoors, then it seems like any crypto source code would be illegal to distribute or possibly even possess in the United States. Would printed source (as in Applied Cryptography) be illegal? Pseudocode? Natural language explanations of algorithms?
1) This has been posted 5,000,001 times this past month, and it's getting old.
2) Note the key word "temporary." If this security would be longlasting (which it conceivably could be), then this statement would become nullified.
3) I wonder of BF thinks that all socialist contries deserve no safety? Hmm... maybe he means safety from future liberty losses.
4) Is complete online privacy as essential liberty that can never be abrdged? Hell no, it can be abridged with a court order as it has been done with wiretapping. Atleast it should be. That's why we have courts: to decide on a case-by-case basis which rights are most important. In this case, it is the right of life vs the right of privacy.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
In this CNN article talks about the failures in the intelligence agency as being bureaucratic. Note he didn't say anything about the need for anti-encryption laws.
...
WASHINGTON (CNN) -- A leading Republican senator said Wednesday that last week's terrorist attacks represented "a massive failure" on the part of the U.S. intelligence community, and he faulted federal law enforcement agencies for a lack of coordination in relaying key information to one another.
"I think it was a debacle," said Sen. Richard Shelby, R-Alabama, a member of the Senate Intelligence Committee, in an interview with CNN. "It was a real massive failure. I don't know what happened. I don't know how it happened, but at the end of the day, we know that we were not warned."
Shelby noted that some information on two suspected hijackers had been passed from the CIA to the FBI, which in turn passed it to the Immigration and Naturalization Service. But authorities failed to catch up with the men -- identified by sources as Khalid Al Midhair and Salem Alhamzi -- who were on board the hijacked jet that slammed into the Pentagon, according to the Justice Department.
"It's again, in my judgment, too many bureaucratic failures, not enough coordination between the agencies," Shelby said.
Shelby said the CIA director should be granted Cabinet-level status to elevate the agency's influence and prestige within a presidential administration. He said changes are needed at several agencies, including the CIA, the FBI and the National Security Agency. "We not only need more money, we need to change some things, and they've got to be changed at the top," Shelby said.
Shelby's comments come in the wake of revelations that the FBI had at least suspicions about the behavior of some individuals now tied to what may be a broader hijacking conspiracy.
One man being held in U.S. custody, Zacarias Moussaoui, was arrested August 17 in Minnesota on an alleged passport violation. Moussaoui was in custody at the time of last week's attacks, being held as a material witness.
Moussaoui had apparently raised suspicions because he sought training in flying commercial jets at an Oklahoma flight school despite having a lack of experience. FBI agents visited the Airman Flight School two weeks before the attacks, asking questions about Moussaoui.
While my own view is, don't worry unless you're a criminal (Come ON people, any jackass along the path of your e-mail can read it, and if you think the government can't break our crypto, you're fools.)..
;) Back doors, that's really, really smart. Oh yes, no script kiddy is ever going to find and exploit one. Well, maybe not find, some actual leet hax0r will do that, but the kiddies will be the one with their pre-compiled programs clicking on buttons and destroying billions in bank accounts. :P
:P)
:P Big Brother indeed, but if you don't trust your government, get the hell out of the country, because yer fscked if you don't. ;)
The thing about the bank accounts is right on.
Remember! Vote for backdoors in encryption, if you wish to see the downfall of the United States economy!
(Now there's a slogan, you say that, and all the flag waving gun toting NRA members will start shooting people who say bad things about encryption.
In reality, this is just a way for the government to be able to use information they've gotten by illegal means, legally, without them having to admit they can crack the average person's crypto.
So who cares what they think? Maybe they should vote on issues they're educated about. Do you think making encryption backdoors manditory will make all those terrorists comply and let the FBI look at all thier encrypted data? Of course not. They'll be the only ones with any privacy. In the meantime, we'll be thinking we did something usefull while instead we were just wasting our time. As we're tossing out civil liberties, we might as well do it in a benificial way, instead of a rash and ignorant way. And besides, these americans were polled as to whether they thought it would have stopped the terrorists or not? When the hell did the general public become experts on ANYTHING? Why don't we poll america to see what they think would be the best material to build a fusion reactor? The reason we don't is because the general public is at least 72% nimrods. At least, in the field of physics, encryption technology, and most other things that require a specific education.
"Question with boldness even the existence of a god." - Thomas Jefferson
The danger here is not a technical one, but a political one. It's a lesson history tried to teach us once before, but I haven't seen anyone really doing a comparison to a very similar set of circumstances that have happened prior.
Today I'm sure that the majority of our leaders in government are honestly concerned about how to deal with how to thwart attacks like we all saw last week. To do this they see information gathering as a critical tool to use for these ends. To gather this information they wish to put together an infrastructure of snooping abilities that go far beyond issues dealing with cryptography. We're also looking at phone tapping and possible postal snooping. The majority of citizens at this moment are more than happy to give up these liberties to give law enforcement the tools they seek. Lives are at stake after all!
Okay, so what happens when there's no longer a terrorist threat to be dealt with? Does this infrastructure just vanish? Not bloody likely. I don't believe that there's any kind of conspiracy today from either the right or left side of the spectrum to misuse these tools. What about 10 years from now? 20? 50? Can we really entrust a governmental body we haven't even seen yet to only use these kinds of tools in an honest way?
To keep this non-partisan, let's say the "Widget" party takes a majority in both houses and the presidency. Once in a majority, what all stops them to increase this monitoring built on the infrastructure we are proposing today? How can we be assured that what they're monitoring isn't just criminals, but the opposition party campaigns? Rather than a tool for law enforcemnent we could be looking at a tool for political power.
As to the comparison I was referring to at the beginning of this post, I'm of course talking about the rise of the Nazi party to power in Germany. Too many similarities to be funny. Weak economy, terrorist attacks on urban areas, a populace all too willing to give up liberties to those that can deliver on the promise that they won't have to be afraid of a building blowing up on them. Oh, and a bit of a racial element tossed into the mix.
No, I'm not even beginning to suggest that the Nazis are looking to take over America. What I am saying here is that there is a precedent to how people are reacting to these recent events. The German people openly welcomed the kind of lock down the Nazis brought with them because they saw the streets truly get to be a safer place. Unfortunately, what they didn't see was the enormous cost of that safety until it was far too late. What I'm concerned about is that in our fear at this time we may very well not see the high cost we will end up paying decades down the road.
The line must be drawn here. This far. No further.
I have always regarded crypto as a way for me to communicate with my family in private
I live in France, my brother in Ireland, and the rest of the family is way up north (66N)
I wonder what % of people belives in their right to a private communication.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Shit! i'll have to put a backdoor in my rot13lib.so! back to the drawing board...
- "Never let a computer tell me shit." - DelTron Zero
All you people ever do is whine and complain. If you don't like the idea of this, try to come up with a better solution! How does the FBI and CIA deal with criminals using high end crypto for communications? If it's not back doors, what is it??
-- "The best way to predict the future is to invent it."
if I need to encrypt something, I'll go get encryption for dummies and write a script to scramble my messages.
so say I was a criminal, I'm sure I'd add some extra code and send a 'key' to the feds.
somebody turn on the lights!!!
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Terrorist = AK-47's .22 over 10 rounds in California
/.'er out there that wants 15 minutes of fame to write de-crypto@home for the US decryption efforts.
Me = I can't buy a clip for my
Terrorist = Russian Crypto scheme with no back door.
Me = Back door crypto program that the terrorist use to steal my credit card # and go buy more AK-47's.
I'm for invasion of privacy during wartime, but do it the American way, WITH BRUTE FORCE. I don't believe there is such a thing as unbreakable crypto if you throw enough hardware at it. Time for some lucky
I was just mentioning the guns as a point, since terrorist are running around the country with ak-47's right now it is them with the brute force, not the citizens.
--toq
Terrorists don't need good, convenient crypto to send their credit card numbers out of a standard web browser, or to send encrypted email seamlessly to their friends. If they did, maybe crypto restrictions would mean something.
Terrorists need to send occasional messages to their co-conspirators without them being detected. And what kind of idiot terrorist is going to use a convenient standard cryptography package for that? Even if your messages are encrypted, that PGP header is suspicious looking...
Terrorists don't need to send messages through SMTP! They're going to wrap their crypto in other data, steganographically... and since there are a million such ways to hide random data undetectably, the fact that the data they're hiding is the (header-stripped) output of an illegal encryption tool won't faze them one bit.
Then along came the first Electrical Pioneer, Benjamin Franklin, who flew a kite in a lighting storm and received a serious electrical shock. This proved that lighting was powered by the same force as carpets, but it also damaged Franklin's brain so severely that he started speaking only in incomprehensible maxims, such as "A penny saved is a penny earned."
Eventually he had to be given a job running the post office.
I find myself overcome with heartfelt respect and admiration for this brave, principled person. Perhaps there is hope for us after all. Thank you for posting this.
If you were blocking sigs, you wouldn't have to read this.
And here I thought Microsoft was the main purpetrator of this tactic.
Do you feel the same way about the second amendment, and my right to bear arms ?, Or does my support for the entire constitution, including the second amendment make me some sort of nut ?
Remember the movie War Games? Although the movie was fictional, some of the storyline was real. The "backdoor" was how the high school student broke into the NORAD computer. I'm not sure exactly how true that was, but I'm sure that something like that could happen.
I'm a little scared having mandatory backdoors in any system, let alone ones that will perform financial transactions.
Having a backdoor into any system, just opens up another hole for someone to peep into.
Someone (who can write better than me) needs to s-p-e-l-l it out in non-geek english, on WHY forced "backdoors" is the fucking dumbest idea ever, while beign nice and politically correct.
Then we can all copy that letter and bombard CNN/FoxNews on the matter. If ONE major news station "gets it" they'll let the people know.
Some very good points, I admit.
:)
And lots of people on the net, and lots of americans too, generally confuse freedom with what they would like to do, be it drink beer, shoot people or use encryption.
I do agree it is very childish to encrypt all traffic "just because". What would you hide - and why? And if it is out of principle, grow up.
Consequently, my PGP installation was used twice, about half a year ago, when I tried it out. I haven't had the need since, and I'm still waiting for the time when I will...
Damn you moderators who encourage this form of senseless reiteration of quotes. I come to Slashdot to read things I HAVEN'T read. How about you?
You have to realize that the way you construct the poll determines what the response is. It's just simply cognitive psychology.
If I asked: How much should we raise the taxes in order to fund more police and intelligence officers? 1)1% 2)2% 3)5% 4)10% 5)more than 10%
I'm basically saying you can't raise taxes LESS than 1%.
And the way people think, they are so dumb, they'll say, hey 1% isn't enough money why not go for something like 5%, it sounds more reasonable, when in fact that is a ludicrous amount!
Oh well, like my roommate says. The first basic rule of human interaction is that humans are stupid.
At least it runs for more than three days straight, fanboy.
Well. As everybody here keeps repeating the line "he who gives up freedom for security...."
We also need to remember:
"Security is man's greatest enemy"
Prior to this event, America believed itself to be secure against threat. That illusion was shattered by the multiple terrorist attack. You could pass a law saying "make encryption illegal, and we will once again be secure." This is, of course, an illusion... that would only be shattered once again by a future attack. It's especially ridiculous since anyone with a grain of intelligence will realize that if encryption were illegal, or a back door required by law, that it would change NOTHING for anyone else other than already law-abiding citizens of the USA. If not making us even MORE vulnerable. Imagine if the terrorists cracked the back door..., and now they can know what everyone is saying.
This is, in it's essence, an outlawing of a particular type of speech ("this is how you encrypt"). As we know, outlawing speech is not only counter-productive, but in our day and age, next to impossible. The DeCSS code is 'illegal,' yet, about as easy to obtain as a pack of cigarettes.
Security is an illusion. It is that simple.
I have no doubt that the US government will pass some draconian law about encryption, that will have no effect other than put innocent people like Dmitry in jail (for say, producing software with no backdoor). Does nobody realize the ridiculousness of that?
Need I remind you all, the "leader of the free world" is also the leader of the incarcerated world.
Peace
When encryption is outlawed, only outlaws will use encryption.
He's responded to 5 of those who lambasted him for being redundant. AugustWest, we get it now! Thank you for making us all see the true light! We werent quite sure after the 999,999th time, but you finally put us over the top.
Its funny really.
I think (although Im not really sure) that its
illegal to crash a plane into a building on purpose.
Ok, the US decides that all crypto software must have
a backdoor in it. Ummm. I very sure that other countries
make crypto software too. Are they going to put in
backdoors that are the same as the US doors? No Way!
Not to mention all the current software that has no backdoor in it, is available.
Now, do you really think that these bad guys are going to
use that crypto software with a backdoor? I dont think so! Im more convinced than ever that
those running countries are as stupid as pig shit.
An optimist believes we live in the best world possible; a pessimist fears this is true.
This survey might make it look like most Americans are willing to give up liberties just because they're stupid, but if you knew the whole story you'd think otherwise.
64% of the responses were culled from the survey for being unreadable. The most common response was: 3kljFD(#lj kwj3- *(ED.
the only problem with that is, while physicly the bank may be across the street from you, logicly, however, you could end up going to a website that is hosted in tergikistan, or Iowa(or any other state that you don't live in). or your packet could be routed across state lines.
I am the Alpha and the Omega-3
...that most Americans find computers difficult to use and understand !
It doesn't surprise me... If theres one thing i have the least respect for, its people as a whole.. someone once said "a person is smart, but people are stupid"
I'm sure if the FBI had blamed the attack on their inability to scan the terrorists' hard drives, 72% of people would aprove a ban on storage media bigger than a floppy...
Hey, how about we ban airplanes? that certainly would prevent a repeat of tuesday's events, right?
baaaa
Dear Terrorist,
We at Macrosloth are proud to offer you our new Encrption Suite for all of your communication needs. The Macrosloth Encrption Suite is the easiest to use network aware tool set available. The Terrorist Edition is specially designed with your requirements in mind and includes advanced features such as Per Cell Key Management (tm).
Please contact your Macrosloth reseller for more information or to arrange a demo.
*Remember, all Macrosloth Encrytion tools are NSA approved!*
So could somebody please explain to me why someone planning a terrorist action would use a tool they know has a backdoor in it? You can say a lot of nasty things about these people and be right but nobody is calling them stupid.
The only crypto backdoors I wanna see are those that can be found in musty, dank and dark bathhouses.....
_IF_ you know what I mean.
*Wink Wink*
dkap.info
FYI, an encryption backdoor or key escrow service that lets the government read e-mail isn't going to let the bad guys hack your bank account. You don't have to escrow your authentication key.
Anyway, key escrow would presumably have to be used in conjunction with a law that makes it illegal to not use the service. Failure to reveal a key would land you in jail for contempt of court. This might work domestically, but I wouldn't count on getting any extradition treaties enforced.
-a
How to rationalize theft.
They main problem is that people do NOT understand technology.
:(
If we created a new poll:
"Should the FBI intercept and read all your mail at the US Postal Office?"
We would see a big NO!
Why? I am SURE this would reduce terrorism.
The problem is that people don't get it. People don't see why this a problem. After all, only geeks and terrorists use encryption.
Another one of the main problems is that encryption hasn't really lived up to its potential yet.
Sure SSL is cool and PGP mail is nice but things like ecash/digicash, freenet, and distributed reputation will really change the world.
I am sure they will pass a law. The supreme court has already ruled in the Bernstein case that we can not be restricted from publishing Open Source crypto (that pesky constitution and all).
I am sure congress will find a way around it. Heck they will just pass an unconstitutional law anyway so that it will take 5 years to get it to the supreme court.
ug
Of course, everyone here is going to complain how the American public doesn't understand cryptography, but I don't think that's fair. I think they know and they're happy with the tradeoffs.
The fact is, very little encryption is used in the world and it hasn't affected privacy much at all. Credit cards, wire transfers, in fact pretty much all financial transactions are unencrypted, as is the postal service, telephones, and the vast majority of email.
The world gets along fine, and in fact NO ONE CARES what you are using these for. For those of you who have run email servers for instance, when was the last time you tried to snoop on the email being exchanged? Chances are, if you did you gave up pretty soon because there is so much there and it's just not worth your time. The feds certainly have better things to do than invade your privacy for the sake whatever petty misdemeanors you might be guilty of.
Encryption alogrithms won't go away, but don't underestimate the impediment of not having _freely available_ software. Hell, most ENGINEERS I know can't even use PGP when it's preinstalled on their machines and with a manual. It would certainly make life much more difficult for terrorists, who tend to be poor and uneducated.
In short, count me among the 72%. I already have no privacy and I know it.
The use of
is like a haiku, you see.
Don't use autowrap!
Perhaps they could be forced to wear special armbands. I have heard so much reactionary crap from Americans and even other world leaders who are afraid to offend the most powerful certainly and most ignorant (probably in the western world). Yesterday I watched someone on the Seattle news talk teary eyed about the worlds best or strongest or something similar democracy when talking about a local election then heard voter turnouts of 30%. Beyond that Americans exercising it is even worse people in countries where they risk being shot at or hacked to death with machetes turn out in higher numbers. However I guess given the choice between the puppet on the right and the other puppet on the pretend not right might make cynicism run high. America's democracy is the most pathetic excuse for a democracy (Apparently dubya lost by not only popular but the gerrymandering electoral system but to prevent confusion those ballot boxes are sealed for ever). 72% thinks back doors should be allowed in cryptographic SW 85% probably could provide a meaningful explanation of what encryption was.
Sheesh
Lets look at some facts here and make a conclusion: (let me know if I am wrong!)
Fact: it is possible to bury a secret message in text that otherwise looks unencrypted and not related to the message intent.
Fact: To determine if there is embedded encryption in a otherwise normal looking text document would require a lot of computing power.
Fact: The same computing power needed to determine if a normal looking document is encrypted, would equal the power needed to decrypt a document without a key!
Conclusion: These laws and measures congress discusses and people seem to support, are USELESS!!
The point is that this is unenforceable to begin with. If encryption contains backdoors, they won't use it. How would you prevent encrypted messages from going to some SMTP/POP3 server in some other country? All I need to send an email message is a message and a server. The receiving server could be the same as the sending server.
And all of this predicates on the idea that they are using this type of encryption at all! So far, I haven't heard anything that says that they are using it. There are plenty of types of encryption that aren't electronic and could be virtually unbreakable. e.g. A picture of a blonde naked chick followed by 3 redheads and one brunette could have a hidden meaning.
Furthermore, I don't like the idea of having a key to my bank account out there and not under very good control. At some point, one or more of the backdoors will surface in the wrong hands, sort of like what Xing did with their DVD player software. They had the encryption keys unencrypted. That was the main reason DeCSS happened. Oops.
The reason people are complaining is because backdoors key size limits aren't even a bad solution, they're a NON-SOLUTION. Why the hell would terrorists comply? Only non-criminals would. What criminal would just hand the FBI a key to thier incriminating data?
Backdoors don't work...at all. Probably the only decent solution would be quantum computing and advanced number theory, which the CIA is hard at work with. Even this will probably be overcome, tho. Sometimes you just have to realize that some things suck, and that theres nothing you can do about it.
BTW, do you find it strange that you're whining, bitching, and complaining about people whining, bitching, and complaining? There's nothing wrong with voicing a critisism.
"Question with boldness even the existence of a god." - Thomas Jefferson
After all we're talking about requiring back doors in things. This means that 100% would get their bank accounts compromised.
I actually suspect that this law is the standard congress fare that they expect either to be impossible to implement, or unconstitutional. Many laws seem to be passed with the express purpose fo getting them defeated in the supreme court.
Why? Because it lets a contressperson say to his constituents "I voted for $FOO, it isn't my fault that the courts overturned it. I'm watching out for what YOU want so you'll reelect me and give me your money."
OK they don't actually say that, but you know that is what goes on in their heads. This is just a typical political game that they play. That doesn't make it any less amoral, it just explains the behaivor.
It would be nice to get this changed, the DMCA is another good example of a law that would be defeated by the Supreme Court were it pressed there, unfortunatly the nature of the DMCA makes it unlikely to ever be tried in court.
I also don't see how congress could require backdoors in anything but NEW crypto products. Requiring it in all crypto sounds good to those who are ignorant of crypto issues, but it isn't practical for larger (read large campaign contributors) companies etc, who have already invested a great deal in cryptographic systems that don't have backdoors.
I can honestly see congress passing some sort of bonehead legislation that does not really prevent the use of good crypto, won't stop terrorism, but will give the people a false sense of security.
A better response would be for congress to do something analagous to a declaration of war (the exact nature of this declaration is a matter of law with which I am not familiar), however a war declaration temporarily suspends most parts of The Constitution. When a state of war no longer exists, all laws or regulations enacted for the state of war revert to their original state.
This war declaration as I understand it was built into the constitution because during a all out war, there are problems with both being able to raise an army, fight the war, make sure the military gets the matierals they need etc, without permanantly hampering the citizens of the country.
Such a policy allowed the rationing that went on during World War II, without which we would not have possibly had the materials to support our soldiers in Europe and the South Pacific.
A temporary act would be far more likely to curtail much terrorist activity without permanantly impactig the liberties of the citizens.
There is a civil war coming in the United States. Remember which side has most of the guns
but the U.S. constitution is not the end all, be all, ultimate declaration of essential liberties. Just because a liberty isn't specifically outlined doesn't mean that citizens aren't entitled to it. More breaking news here, the constitution also doesn't outline the right for me to eat breakfast cereal in bed. I guess we don't have the right to do that either.
Shouldn't you be busy bashing away in the Jon Katz article?
I'm totally against putting back doors in crypto, for all the obvious reasons, but if asked whether I thought that back doors in crypto would have helped prevent what we saw 9/11, I'd have to say "Maybe." Reword the question "Do you think that all crypto should have backdoors in it?" and I think the response would be different.
- "That's just the kind of fuzzy-headed liberal thinking that leads to being eaten."
The new Plain Old Text
Default allows me to wrap
Without using <br>
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" (4th Amendment)
"Congress shall make no law [...] abridging the freedom of speech, or of the press" (1st Amendment)
Also, if you buy into the politicians' argument that strong crypto is a munition, there is always: "[...] the right of the people to keep and bear arms, shall not be infringed." (2nd Amendment)
And if that's not enough, "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." (9th Amendment) and " The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people"
Exactly which parts of "shall make no law", "shall not be violated", and "shall not be infringed" don't you understand? There are at least two, and possibly three amendments which explicitly say that we have a right to communicate with one another, and to do so in a manner secure from evesdropping. Furthermore, even if it was not explictly spelled out in the other amendments, the 9th would preserve our right to secure communications. Lastly, because the Constitution does not explictly delegate the Government the power to bar the use of codes and cyphers, the 10th Amendment prohibits it from doing so.
"WE hold these Truths to be self-evident, that all Men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the Pursuit of Happiness -- That to secure these Rights, Governments are instituted among Men, deriving their just Powers from the Consent of the Governed, that whenever any Form of Government becomes destructive of these Ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its Foundation on such Principles, and organizing its Powers in such Form, as to them shall seem most likely to effect their Safety and Happiness." (Declaration of Independence)
Any questions?
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
Isn't it obvious to everyone else that outlawing any crypto in the US is the kind of thing that is never supposed to happen, because of our Constitution? Did the United States suddenly forget why their nation is so important?
If you want to say something in the United States, you had better be able to say it, even if it's WNEKWOAYUKLAWKBNWLEKHWIOH. If an American citizen is not allowed to say that, you would call the disallowment "abridging freedom of speech", wouldn't you?
A very dangerous misconception is held here. The misconception is this: in order to protect America from catastrophe, this nation must prevent conspiracy. On the contrary, the Framers of the United States government clearly wanted to protect the ability of the people to exchange ideas without disclosure or to meet in secret. The Framers would have most definitely objected to the prohibition of secrets.
It would be horrifying to see any US lawmaker vote in favor of such a measure, and it is already greatly saddening to see that the American people are so ignorant of the importance of their own liberty that they would forego it.
Slashdot community take notice: you are the intellectuals of your generation. America needs you to fight for the ideals which have always made her great. You have a voice, let it be heard. Fight ignorance. Be politically active. Help save this country.
Let's face it. The governement desperatly wants our trust so they can do their job, but they can't trust us in the same way, because they have to assume we're bad (and they're not).
Asking for mandatory backdoors to cryptography is just another example of how authority figures abuse the honest law-abiding public with restrictions that they KNOW criminals will ignore (by using alternative, unregistered crypto). I think it is also safe to say that any backdoor will be compromised shortly after its introduction. The average citizen has no desire to try, but the criminals will put forth every effort to break it or steal it. They have everything to gain, and far more manpower than the government.
It's all well and good to say it's a short-term response to the current terrorist threat (which has been with us for more than 10 years, unnoticed by most). Do you really think they'll recind the law after the perceived threat is over?
No, add it to the same list that's given us joys like Macrovision, SecureROM, and dongles. More ways to harass the legitimate users and annoy them to the point of becoming outlaws.
Only outlaws will have digital security.
yadda
Do you believe ``that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks?"
Nowhere is it mentioned whether those polled favor such laws, only that they believe such laws would be ``'somewhat' or 'very' helpful."
It's funny. A whole bunch of power hungry geeks who somehow don't understand how people will do anything to protect their assets (and their asses). "They're making laws that won't help" you say.
And yet we put up firewalls to keep haX0rs out. We use ssh exclusively for remote login. We (hopefully) patch our software to eliminate flaws that can lead to exploits. Will our efforts eliminate computer break-ins? Of course not! But we do what we can to make it difficult for such an event to occur.
People will do just about anything to make it more difficult for terrorists to operate. The problem is that there is a work-around for just about any roadblock you throw up. It's boils down to how many roadblocks you're willing to force your opponent to overcome, and how many you're willing to deal with.
Many folks (as I) think the commerce clause itself is an unconstitutional expansion of federal power to regulate. IANAL too tho
And there you go with the quote again. LOL !
BTW, I agree that crypto laws are meaningless, but I object to your opposition of face recognition.
What essencial right is lost by scanning your face before you enter an airplane ? By bundling these type of measures with the crypto debate, it's more likely you congressman is just going to dismiss you as a reactionary whiner and ignore your whole letter.
- sigs are for wimps.
Does anyone truly believe that George W. Bush's "war to protect freedom" will really be anything but a war on freedom?
In a surprising turnaround, tungsten was found to be the heaviest metal. In a recent survey, tungsten was found to be heavier than both gold and iridium, which were traditionally thought to be heavier than tungsten.
:-)
Physicists and metalurgists are surprised by the recent outcome, but in a spirit of democracy, have announced that they will honor the will of the people, and make the neccessary adjustments to the periodic table of elements.
Poll says 72% of Americans technologically illiterate. Yup. Ten-four, good buddy
A dingo ate my sig...
Anti-encryption laws can't do anything to stop terrorism. The terrorists would simply encrypt their messages, hide them in an image file, and nobody would be the wiser.
For once Bill Gates is right about something.
In fact, one of the first thoughts that entered my head last Tuesday morning was the possibility this whole thing might have been engineered by some element within our own government in order to increase the scope of its power in the backlash.
Granted now I'm leaning toward Islamic fundamentalists as most of us have been, and as I have been since then but still the possibility isn't ruled out.
The mere fact that I'm considered unpatriotic and traitorous for not supporting every damn thing our government comes up with this past week just confirms my suspicion that people are trying to take advantage of the public's succeptibility to suggestion at times like this, at the very least.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
A technical and economic evaluation by eleven authorities including Ronald Rivest (the "R" in the RSA algorithm) outlining the dangers and impracticalities of key recovery schemes...
The Risks of Key Recovery, Key Escrow, and Trusted Third Party Encryption
...hence they called it The Whopper, instead of The Third-Pounder (which is its uncooked weight).
Nate
-- Watch the REAL Jon Katz.
We elected these idiots, now we have to support them in there hour of failure.
He's got a third grade writing level, and you've got a third grade emotional level. It's JUST A STUPID APOSTROPHE. CALM DOWN!
Send all of your friends random data. Lots of it!
I'm listening to congressman dryer right now (2:54 WAMU) on NPR's special covertage. His comments are...
1. We should continue to allow encryption.
2. Crypography is being used in pictures, etc., and it is hard to even know if something is encrypted.
3. It is possible that Ossama bin Ladin is using cryptography technology.
4. We will probably have registered, third-party back-door mechanism where you need a court order to get the required key.
In this case, also write President Bush, and Vice-President Cheney. I'm suggesting this because this is a law enforcement issue, that's their ballpark, and I have some very good law enforcement reasons why we should not have backdoors.
Sure, we all figure that the law will be too easy for terrorists to ignore. Sure, we think that this is a Second Amendment issue. Sure, we think that this gives the lie to the argument that we shouldn't regulate Microsoft because we don't want the government messing with the future of software development. However, the reason below may be understood more by politicians.
Encryption with backdoors means that there is a master key, held by the government, that can decrypt anything the crypto package. This is similar to asking lock companies to make a master key that will open any of their locks, and to hand that key to the government.
The instant you do that, that key becomes an incredibly valuable item. What would be the black market value for the master key to Windows IE secure mode?
The black market value must be at least in the millions. With such a key, you can monitor internet traffic and suck down credit card data. You can listen in on corporate execs talking to each other over VPNs. In the wrong hands, this key will lead to massive mayhem.
And this key will fall into the wrong hands. For it to be useful, there will need to be a large group of people who have access to the key. Odds are, one of them is going to be on the take.
Even if that doesn't happen, it instantly becomes the cracking target for computer-savvy criminals everywhere (especially the terrorists suspected of using strong crypto). We would have to be extremely careful to make a key that could not be cracked with the current computing power of the US. Because that is what the criminals will have access to.
The internet community has already cracked keys in triple-DES and RC5, as part of contests sponsored by the key owners. They were cracked using distributed key crackers. The programs were downloaded by hundreds of thousands of volunteers around the world, and they used the spare clock cycles of desktop machines to try all possible keys.
A computer savvy criminal could take a distributed key cracker program, attach it to an email virus, and put a significant percentage of the Internet to work cracking this key. The White House knows the sort of nuisance attack it got from the Code Red virus; imagine the next Code Red silently cracking the master key rather than trying to topple a government Web server.
The key would get out one way or another. The terrorists would have it, organized crime would have it, the "script kiddie" high school students out for a digital prank would have it. No matter how much we trust the government, we don't trust everybody else.
--The basis of all love is respect
I realize that what I'm saying here is going to be somewhat controversial, but it's my never-to-be-humble-opinion.
Comment forecast: Bits of genius surrounded by a sea of mediocrity.
Well, then, if it has a backdoor, then by definition it isn't encrypted, now is it?
Considering the fact that it didn't work for Microsoft, you would think that they would have learned. But then these policy makers probably aren't on that new fangled in-ter-naat.
-Alex
In 1776 it was the right to bear arms. In 2001 it's the right to control access to and distribution of your INFORMATION. Why is it that the folks in favor of no gun laws are carping for unhindered givernment access to broken crypto. They are the same damn thing separated by a hundred years. Weak crypto won't protect us against terrorists any more the erasure of gun control laws.
if most americans could be trusted, Al Gore would be president.
"i was saying gnu-rd"
Please respond to the following statements by saying whether you strongly agree, somewhat agree, neith disagree nor agree, somewhat disagree, or strongly disagre:
1) Forbidding the sale of knives would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
2) Forbidding training of pilots would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
3) Forbidding immigration of arabs to the United States would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
4) Requiring that all airline passengers be handcuffed to their seats would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
5) Modifying building codes to require all new buildings to be made out of titanium would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
This sig has been temporarily disconnected or is no longer in service
I would like to see the question to see how it's shaped. I don't believe for a minute, americans would sacrifice privacy for the promise of security.
Please please.
This says it all very plainly.
Thank you for trying to dispell the FUD.
If strong encrytpion is legislated out of existance, there are other ways to secretly send data over the internet. If I wanted to send a secret message that would get past carnivore or any other monitoring tool all I would need to do is post a jpeg or any other image comtaining a simple message scrambled with a rot(n) alogrythm run recursively. If well placed, this data will look like bits of an image. Now that's not secure but it is seemingly innocent and will be ignored.
How many other ways can you come up with to get a secret message to someone(s)?
The only way to stop secret messages is to tear down the Internet and the phone system and the postal system and lock everyone in sound proof rooms with no windows. i.e. pointless and fruitless.
Does anyone buy this? Could it be that we're being manipulatedby the media into giving away our privacy rights under the guise of patriotism? Bit my ass Microsoft and all your little pathetic loser companies.
Encryption isn't running for re-election :)
This sig has been temporarily disconnected or is no longer in service
If you read the article, you'll find it was a regular poll, conducted by Princeton Survey Research Associates on Sept. 13 and 14.
Gamingmuseum.com: Give your 3D accelerator a rest.
Do you think that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C.?
You have to answer "Yes". If all encryption had a backdoor, then maybe someone could have found out about it before it happened. The question is not "Should all encryption have backdoors for authorities?", but rather "Would it help?"
Anyone who answered "No" must think that reading people's encrypted email would not help stop the crime--this is clearly incorrect.
George,
Mary and I were thinking about how we felt about getting a gerbil recently. She heard that you have some experience with small pets, and so our minds naturally turned to you.
What do you say? Should we get a gerbil? Would a hamster be better? Hamsters are easier to feed, of course.
Notice the cool picture we took when we were on the ferry in NYC - I really like the view, it's one of my faves from this trip.
See you when we get back!
Nick
oh, make sure none of those kids are messing in our garden, ok?
--- Will in Seattle - What are you doing to fight the War?
I will tell you a FACT: Back doors in encryption, Carnivore and Echelon will not work against terrorists.
The attack was a shock, people were complacent, because of the LIE that surveillance will protect them.
It is an illusion of protection.
People knew billions was being spent on Carnivore & Echelon for just this sort of problem.
Terrorists know they are being looked for by Carnivore and will get around it by other measures.
Messages could easily be hidden in plaintext or encrypted in images or sound files.
But most likely, when not planning face to face - they would use personal couriers.
Perhaps give mobile for single message when required - just using message - go with plan a / b or abort.
I have always said - terrorism is just the excuse they use, the US to raise funds for Carnivore - the UK to justify R.I.P. bill - to
spy on the people.
The "you've nothing to fear - if you are not breaking the law" argument is made to pressure people to acquiesce - else appear
guilty.
It does not address the real reason, why they want this information. They want a surveillance society.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances available for them to scrutinize - heaven help you if you cannot account for every cent when they check on your
taxes.
Do not believe the lies of Government - these measures will not protect you.
TERRORISTS WILL GET AROUND IT.
ASK GOVERNMENT THIS: Do they deny that terrorists could just use face to face or personal couriers.
So, what if it makes it slightly more difficult for them? They will still do it - or get caught.
Government are immoral to use terrorism as excuse to push agenda - especially at this time.
It is evil to tell people that more surveillance will save them.
Another FACT: The United States Department of Commerce violates the First Amendment.
By using Internet domain names primarily as trademarks, they abridge free speech.
WIPO.org.uk - World Intellectual Piracy Organization
72% of Americans say that crypto backdoors would help prevent terrorism, but that doesn't automatically translate to 72% of Americans favor mandatory backdoors.
I do however agree that support for the backdoors is much higher now than it may have been 3 weeks ago, or 3 weeks from now for that matter.
After being in the Real World for a while, its good to see that I am not the only one who is unwilling to sign away all personal freedoms because of emotional reaction to tragedy.
in totally unrelated news, a survey released by CNN shows that 72% of Americans think "crypto" is that green stuff that kills superman.
Do 72% percent of people in this country even know what rot13 is? Let alone encryption? I can only assume they were told, "Terrorists used x to make their plans." Then they were asked, "Should the government have control of x?" What do you think they would say?
Let's get drunk and delete production data!
If you put it on the net, it's not private. Period.
You computer types say that all the time. That's why geeks won't ever endorse internet voting.
72% of Americans think it would be helpful.
72% of Americans are not Computer Science majors. (or whatever else would be applicable)
Kind of like that journalist whose knee-jerk reaction to email viruses(/worms) was to insist we all implement and use digital signatures. Evidently it never occured that we get the pathogens from our family and friends (they're sent to everybody in your address book) and thus the malicious packages would still be properly signed.
"I don't care about the Constitution!" --Bill O'Reilly, November 17, 2009
This doesn't mean that it was a good thing, or even that people really wanted it. They were just too afraid of life at the time and didn't understand the consequences.
I've heard a lot of people saying, "I don't care about crypto, face recognition, wire tapping, I have nothing to hide". Well, most Americans aren't criminals. And it's not an issue of hiding! In America we have a notion of freedom which we've fought for on many occasions. People don't realize the value, or at least have the appresiation yet for the freedom of privacy and judicial process.
The government already has the power to tap wires and intercept electronic messages. This authority is granted based on previously aquired information about criminal activities. This kind of invasion of privacy is generally accepted and IMHO doesn't need to be enhanced. The courts can already hold persons indefinatly for failure to turn over evidence (including crypto keys and PWs). What they don't need is the ability to intercept all E-mail, phone calls, etc, and then figure out if you've been naughty or nice later.
People say that this would curb crime. Well maybe, but so would martial law. Most people would agree that eliminating vandalism by detaining anyone that looks suspicious (by whatever that means) and shooting vandals on site is probably not the way to go, and not what America is all about. We could also equip every new car with a device that moniters speeding. Any time you are caught speeding by the system you're simply issued a ticket. This would probably get people's attention. And if all phone calls were tapped and you told your son, who was at a friends past dinner time, to get home or he wouldn't be able to sit for a week. A possibly idle threat, but which taken out of context or without inflection could send child welfare workers to your door or police to your place of business the next day. It's this kind of invasion that will hurt America in the name of security. Most innocent people will start to feel less secure due to the invasions perpetrated by the government.
Once gone freedoms are very hard to win back.
That's all well and good,
but 31337 h4x0r3z prefer
the classic <BR>
... Just how enlightened most of those who voted in the poll are in these mathers... Not at all would be my humble guess.
But wait . . . according to this article (www.msnbc.com/news/629356.asp) we need to Stop Polling and Start Thinking. I especially like this quote: "What America needs is some room to think about recent events, not more polling numbers masquerading as truth."
I think that MSNBC has such unbiased and objective reporting that we don't need to keep any secrets from the government. All of our hidden information should be wide open for all to see...err, that is all the information except source code of course.
Disclaimer: I am not denying that the WTC attack is a tragedy, I am not denying that something needs to be done. I am merely presenting some facts that may place things into a bit better perspective.
WTC death toll: ~5200
US weekly deaths attributable to smoking: ~9000
US weekly deaths attributable to traffic accidents: ~3400
US weekly deaths attributable to drinking: ~2300
Five thousand dead in a single accident is, indeed, highly tragic and morally outrageous: our anger is justified.
We have far, FAR more people dying of smoking, including a lot of deaths caused by second-hand smoke. Yet the government is doing nothing to protect the victims -- often children in a smoking household -- from this attack on their right to life.
We have far, far more people dying in traffic accidents, and it's very likely that nearly half those deaths are victims of another driver's idiocy. Yet the government is doing nothing to protect us from those drivers, even though the solution is as simple as instituting mandatory driver training and a higher quality of testing.
We also have too many people dying because of alcohol. Yet the government isn't serious about cracking down on, say, drinking drivers; nor does it get tough on violence that's been exacerbated by drinking.
My point? There are plenty of tragedies happening every day. But this time it's got people panicked, so it's far easier to get draconian laws in place.
Trust the government? No. It doesn't act rationally.
[Sources: US CDC, NHTSA]
--
Don't like it? Respond with words, not karma.
Terrorists will just come up with their own crypto free from backdoors. Criminals will find other ways to get guns if they can't buy them in a store.
C'mon people... think a little.
--
"What do you want me to do? Whack a guy? Off a guy? Whack off a guy? Cause I'm married."
The poll and story say two completely different things. To put it in the extreme, killing every US Pilot on Monday Sept 12 would also have been "somewhat or very effective in preventing Tuesday's attacks."
Just because it could have helped, doesn't mean it should be enstated. The world of "what-ifs" and the world of "law and liberty" are two very different places.
It all goes downhill from first post
...But then, he caved like the popularity-whore that he, and the rest of Congress, is. Nice to hear you admit that you have no backbone, Mr. Lewis, too bad I won't get the chance to vote against you. But at least you can admit that you were stampeded; most other representatives will take the rest of their lives to figure that out.
Your right to not believe: Americans United for Separation of Church and
Do I think that crypto backdoors would have helped catch the terrorists?
Course not, especially after the CIA finished training them how to use full strength crypto so the Russians couldn't listen in when we helped liberate them.
Honestly...
Too bad MSNBC's ass is hanging out on this one. Trust no one, especially if they're affiliated with Microsoft.
open bsd/ssh is developed in canada to protect against this sort of nonsense.
from : http://www.openbsd.org/goals.html
"OpenBSD is developed and released from Canada and due to Canadian law it is legal to export crypto to the world"
You put your important papers online? What's your IP address?
Here's a useful guide for those who don't.
Last post!
So you're saying that Americans are barbarians because they don't follow the teachings of the Bible? That's almost like calling them barbarians because they don't speak Greek.
To require people to use government-approved cryptography packages only requires that the government get a large number of the services to require it, so that without it you have problems doing day-to-day mundane things like manage your bank account. Think what would happen if Microsoft had the capacity to enact legislation. How would they force everyone to use IE and ditch all other browsers if they had write-access to the lawbooks? Not by doing it at the consumer end, but by doing it at the vendor end of things and forcing sites to refuse browsers whose user agent string isn't "approved". (Then once they figure out that the user agent string can be faked, they'd make it illegal to falsify that information, and prosecute whomever they can find that has done so, to scare the rest.) This is the sort of tactic that works best.
No, I'm not saying the government is actually going to do this, just that it *could* be done and it means they don't really have to enforce it in each consumer's house for it to work.
Of course, then it only gets the ordinary citizens trying to do ordinary business and not those determined to communicate to each other with their own means, but I'm not gullable enough to believe that the terrorists are who the government is really after with this anyway.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
S'funny, the media in the UK recently quoted a UK government statistic that 72% of drivers want more speed cameras on our roads. Odd how I've never met a single one of them, then, isn't it?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
Trying to capitalize on tradgedy to further their own interest, is as sick as the tradgedgy itself!
--Freedom is a state of mind
We should all agree with the statement that it would be very helpful in preventing terroist attacks. Of course it would be! So would random house-to-house searches! However, what was not asked was "Do you think we should?", "Would you be willing to trade this liberty away?", etc. Poll questions are oftentimes baited - remember they're looking for a story more than public opinion. Don't believe the hype. Thanks.
But seriously folks, WHY oh WHY should a software company have its own (joint) news service? There is no possible way that it could at all benefit the public with objective, balanced reporting, I say. A bit like a joint news venture with an ammunition company during wartime or a meat-packing company back in the '20s. It serves no useful purpose to society at large!
--hongpong.com
what they really meant to say was when polled 72% of americans said "what the hell is crypto?"
Should we have products that perform their stated function?
Of course not! says the American people. Most people will say yes to a poll question, which is why you have to ask the right questions in official surveys.
"Look at me, I invented the stove!" -- Ben Franklin
And they should ban locks on doors! And opaque envelopes! And shutters! If you have something to hide you must be one of THEM!!!
So what'll happen to all the encryption software that is now out there? And what foreign business or government will ever buy US software with backdoors built into it? Guess only US citizens don't deserve privacy.
No better time than a catastrophe to pull a fast one on the people.
Everyone is, and will be upset with what has happened in New York but it doesn't have anything to do with cryptography for the average joe american. Just like what is posted in the artical, a terrorist could find a back door in someones/corporate crypto much faster than they could decrypt the key ... and chances are many of the backdoors (all?) will be almost identical.
:-)) but it does allow tag on charges against those doing wrongful acts.
One thing that is possible is to say that crypto is against the law for terrorist use. Obviosly, this won't stop anyone from using it (thank God
Just an idea.
In all of the talk around here about civil liberties being taken away and encryption backdoors Ive heard little about how such laws would actually work in practice and what the reaction would be.
I dont think that most people around here understand something. THE CONSTITUTION IS NOT GOING TO GO AWAY. Short of a constitutional ammendment repealing all of the ammendments in the bill of rights, your rights are secured. We have the power of checks and balances in this country, one of the most important of those is that the supreme court has the power of judicial review. Let me say that again in case you didnt get it.
THE SUPREME COURT HAS THE POWER OF JUDICIAL REVIEW.
What this means is if both the executive and legislative branches of our government lose their minds and start passing crazy laws, the judicial branch of our government can stop their enforcement if they find these laws to be unconstitutional. From what ive seen in the last 200 or so years in the history books they seem to be pretty good at it. They arent going away either.
A law can be enforced before it is found to be unconstitutional. This is a good and a bad thing. Say they pass this law and we are all arrested tomorrow for using encryption keys the Feds dont like. OH MY GOD WE ARE ALL GOING TO JAIL. This is also when the process of judicial review starts. You should all go read about this.
You think the FBI and the CIA arent watching those they find to be suspicious already? If you do youre pretty naive and a more trusting person than I am. All of that doesnt matter as long as they are unable to use it against you in criminal procedings, which is where judicial review comes in.
I have faith in this system, i learned all about it in school and i have seen it work in practice. If you dont believe me maybe you should start learning some American history.
To me the only issue here is constitutionality of these new laws. If they are unconstitutional i believe that they will be struck down, if they are not then what are all of you complaining about? If you cant tell me what ammendment in the bill of rights a new law on encryption would infringe upon then you have no basis to argue the issue.
Either the very idea of prohibiting cryptography is trivially unconstitutional, or else the US is permitted to decide what languages can and cannot be spoken within its borders. IANAL, but I have difficulty in seeing how the latter could hold up. Not that logic has any importance in such matters, mind you.....
-Carter
Dear ...
There have been proposals to limit encryption. These proposals are based on a fundamental misunderstanding of the technology.
The truth is, strong encryption is much too simple to be stamped out. It's just math, and the math has been published in books. One key encryption method, RSA, is so simple that people have tattooed it on their arms - and it's not a very big tattoo. Any computer programmer who knows this math can implement strong cryptography.
An encrypted file is just a random-looking string of numbers. It's extremely difficult to tell the difference between such a file, and a set of actual random numbers. Many non-encrypted files have a little bit of randomness - the static hiss in a sound file. By replacing the hiss with your encrypted file, you can hide the fact that you are using encryption. There have been reports that terrorists are already doing this.
Any terrorist who wants to use strong encryption will do so, undetectably, no matter what the law is. Or they'll use phone booths and code words. The only effect of such a law will be to weaken the security of Americans, making us more vulnerable to cyberattack. Many noted cryptographers, such as Bruce Schneier (a participant in the Advanced Encryption Standard process), have argued that key escrow will inevitably be exploited by hackers. What if the terrorists manage it?
Encryption is the foundation of online commerce. It is the basis for electronic signatures. It can help protect our critical infrastructure. Please don't take an action that will damage our economy, make us more vulnerable, and do nothing to make us safer.
The more we damage ourselves without hurting the terrorists, the more we'll encourage them.
Is anyone here scared that someone other than the government may get the key to the backdoor? It sounds like the old master-key that was rumored to be posessed by students in my dorm. Whats to keep a spy from breaking into the CIA, FBI, or wherever we keep the software to instantly break the encryption and then viewing our messages, including probably the CIA's messages because our government will probably write in that they have to obey this law also.
in light of what just happened, it very much seems that something needs to be done so that we can preventthis in the future - yet this isn't the solution at all.
frustratingly enough, the american public doesn't know or care to know enough about crypto to get why this is bad - sothey are all for anything that would help prevent this disaster - but they can't see past their nose to see the broad picture.
it is analogous (sp?) in many ways to the way that eveyrone is talking about going after Bin and bombing the countries and such - when that is a very minor part, there are many other terrorist orgs, and there are many people to take his place after we martyrize (sp?) him....
I certainly don't have the answers, but I'll gladly point out problems in bad solutions.
There are some odd things afoot now, in the Villa Straylight.
Why is there no article on slashdot about the New NIMDA Virus? I submitted a couple of stories myself about it but they both got rejected. I think it's very newsworthy, considering I work for a top 50 company and it shut down our entire network... Anything to add anybody?
~ now you know
The sad truth it 99% of Americans will answer a poll or support or oppose a bill without knowing anything whatsoever about the issue.
Follow the train:
1) This issue has come up because terrorists are using strong encryption in their communications across the Internet, hotmail, etc, and the US government cant decrypt it.
2) The article says US Government and citizens support putting backdoors into crypto products.
3) Unless you force the terrorists to "UPGRADE" their crypto products, to the new versions with crypto-backdoors, well then, they will still be using the same hard-to-crack encryption, wont they? (Loop back to point #1)
So, one more time, what is this supposed to accomplish?
the update does help clarify it a bit... but not really. so they want to open communication a bit... that would imply that they woud still maintain other ways of encryption, not all... but if that is the case, then why not encrypt your communication via that method.... so that means in order to get around that, then you would have to open all crypto systems, which then gets us back to where we started - very bad things.
There are some odd things afoot now, in the Villa Straylight.
It seems that the majority of Americans are suffering from a severe cognitive disconnect. What they fail to realize is that criminals, by definition, fail to abide by the laws. Therefore, making more laws, expecially against things which are already illegal, rarely has any effect on criminal activity. In stead the primary effect is to criminalize innocent activity.
I'm glad ONE single member of Congress had the guts to say, "I'm as hurt by this as everyone else; I love this country as much as anyone does; and I'm voting according to my best judgment to this country the best leadership that I am capable of giving."
Those other reps who were "With her 99% but didn't want to look soft on terrorism" are hypocrites. Damn every single spineless one of them. I have more respect for those who followed their hearts and voted for war or against than these wishy-washy wimps.
Your 1337 h4x0r 5ki115 notwithstanding,
And agreement I'm sure not demanding,
But our points likely jive:
One stroke's better than five.
Such is why Intel still builds those NAND things.
Does anybody really think that implementing crypto laws now would really affect people like the ones who committed these acts? It would be just like gun laws today, they don't stop criminals like this from getting guns!
Backdoors and key escrow are not the only way...
.02
Super computers(do they exist anymore) highspeed clusters?
Custom Chips that are unknown to the general public?
They could already have the power to do realtime or near realtime decoding of messages.
AND ALL THEY ARE LOOKING FOR NOW IS TO MAKE IT LEGAL TO USE IT....
my
This is probably the only thought out post here. It's funny how predictable and knee-jerk the reactions are on /.
100% of the population losing their bank accounts? Sorry to say, these transactions are already unencrypted! The reason you still have your money is because of cenventional law enforcement enforcing century old laws. May not be as elegant as a cryptographic solution, but it's been working for decades and will continue to.
And as the bulletins come out each week on vulnerabilities in cryptographic products (yes, open-source too), I thank my lucky stars we're not resorting to these.
Don't use encryption. You don't need it, and the government doesn't care.
okay, let's say we allow backdoors in crypto devices:
1) Bin Laden & co. will continue to use their own RSA implementations.
2) All !US compagnies will continue to use non backdoored implementations.
3) US compagnies will use backdoored implementations.
4) !US Intelligences agencies will find out the backdoor key
5) US compagnies will start loosing international contracts because !US compagnies get to know their secrets
6) US just shot itseft in the foot.
As for the complete ban of cryptography, it's so dumb, I don't know what to say. The FBI will raid my house because I have a floppy with Netscape 1.1 (with SSL) at home? E-Commerce will stop? I guess this was proposed by people who don't know what cryptography means...
GFK's
There was an article posted yesterday about it.
There are two kinds of people: 1) those that need closure
are clearly displayed when polls like this are conducted. The more people you put in a room the dumber they get. You let large numbers of people make decisions and you get large numbers of dumb decisions.
I think Winston Churchill got it right: "Democracy is the worst form of government. Except for all the ones tried before it." (from memory some paraphrasing inevitable)
-Nails-
How many people in this survey understand what the encryption we use is for? How many people did they survey in industries that are affected by this?
My problem with all of this is simple. Let's ban the production of software with "uncrackable" encryption. Does that mean the government would have the ability to confiscate all copies of old software that violate this rule? Would they be able to prosecute people who have legally purchased old software based on the old standard?
This is reactionary crap. People don't want cameras capturing their image as they walk the streets of Tampa Bay.. but let's ignore privacy concerns in our coversations we think are being done in confidence with others.
This move does nothing to solve the problem. People are going to be doing illegal things with or without encryption software available at CompUSA..
This move does nothing to discuss the issue that criminals could write the software themselves. That isn't a stretch of the imagination. They spent thousands of dollars to send people to flight school in this country so they could fly 767s. Is it inconveivable that they could pick up a "how to teach yourself C++" and "Encryption Algorithm" books?
I think not.
I find this extremely disturbing..I am not willing to give up my rights as a US citizen. I have contacted my Senator and Congress Person on this particular question.. I don't want to live in an Orwellian state..This is what will happen if we do not express ourselves to our representative.
Those who think in the box have a small view.
Will we see American programmers emigrating to India? Without these sort of restrictions, India and other developing nations are likely to become software development powerhouses. We will become an economic also-ran, though of course we will be free from national security threats. Sort of like Albania in the old days..
In order to prevent terrorists from having private conversations, whispering should also be outlawed. All conversations should be required to maintain a 50db level at 10'.
tpm
"I can't learn anything from you I can't read in some fucking book." -- Sean in "Good Will Hunting"
Of course, all good terrorists are going to use or upgrade to United States, backdoored encryption software.
But what terrorists are good, exactly?
Do you like German cars?
The responses to the survey determined whether people thought anti-encryption laws would be useful in preventing terrorism. The MSNBC article then implied that this is synonymous with such laws being The Right Thing To Do. In fact, the question of whether anti-encryption laws would be useful in preventing terrorism is a very different question from whether anti-encryption laws are morally or ethically acceptable.
Or, to sink to the level of platitudes: the ends still do not justify the means.
Currently, if a US intelligence agency really wants to wiretap you, or log your keystrokes, or search your place of residence, they *technically* need a warrant. But they can get that warrant from the FISA courts, a special (and IMHO highly unconstitutional) court system. The FISA court is made up of federal judges hand-picked to side with the intelligence agencies. They do meet in secret, and their proceedings and records are *never* disclosed to the public. The target of the investigation is not permitted to defend himself; in fact he is never even made aware of the request for surveillance. Of the approximately 7500 "cases" they dealt with before WTC, they only ever rejected the intelligence agency's view on *one* occasion.
These guys travel around, right? They could use one time pads! It is easy to generate a key to make a bogus message while also transmitting a real message. When cops demand the key... sure here you go.
The point is that we need to get people inside terrorist organizations. Historically( before neato computers and crypto) these types of movements were sold out by PAID INFORMANTS.
...what does 'alot' mean?
But will it still be legal under US law to import strong crypto into the US- either by downloading it, or by mail ordering a CD from openbsd.org?
Terrorism originates disproprotionately from areas with autocratic governments, such as many arab countries, Afganistan, Iran and Iraq (there are exceptions, like Northern Ireland). To reduce terrorism in the long run, rather than changing our government to look slightly more like the governments that breed terrorism, we should instead try more ardently to change autocratic governments to be more democratic.
Looking back, imagine if we had had the guts in the Soviet-Afghan war to insist on also funding the more democratic elements of the Afghan resistance, against the wishes of Pakistan. Imagine if we had installed a democracy in Kuwait. Imagine if we did more to support democratic forces in Iraq. Granted, some of these operations might have taken longer, created some international tension, or even been less "successful" in the short term, but the balance of the results might have been better for our long term security. Democracies tend to be more moderate and a bit less fickle in their foreign policy (e.g,. look at the elected organs of the Iranian government).
Looking to the future, now that the pressures of the cold war have abated, we do not have to court dictatorships as much as before. We have the luxury to take some less expedient foreign policy positions to invest in our long term intersts, which I think would be served better by a world with more democratic governments.
Specifically, we ought to be financially and militarily backing democratic resistance organizations in the autocracies that bother us the most, even when the democratic groups may not be as well organized as less democratic factions. In cases where we directly militarily intervene on a large scale, we ought to bear in mind that, paradoxically imposing democracy by force actually works rather well as in Japan, Western Europe, Panama, and Haiti (I mean, the results we get are at least as good as we seem to get from imposing autocratic governments--e.g., our old Panama policy). We ought to be promoting democracy in our propaganda, and foreign aid programs. Along these lines, as John Gilmore pointed out at a PECSENC crypto advisory panel meeting a few years ago, we ought to be aggressively exporting cryptography. If the ordinary citizenry of foreign countries is using cryptography too strong for their governments to break, that is an extremely cost-effective way to promote more democratic and ultimately more moderate governments.
What do you mean by saying that the government is doing nothing?
/. to assume.) What more do you want?
For traffic accidents:
There are seatbelt laws, vehicle safety standards, lighting standards, collision tests, traffic laws (that comprise whole chapters in most state legal codes), civil engineering to design highways that reduce accidents, and much more.
In fact, the red tape you need to go through to build a production motor vehicle is incredible... I would like to see you just try and get a few buddies to build a car, and try to give it away (with a helpful donation from somebody like Wm. Gates III or equivalent). Half of your development team would have to be doing nothing but dealing with government regulations and filling out paperwork.
Regarding drinking:
Ever heard of the 18th Ammendment to the US Constitution? Read it sometime. I would say that is a rather drastic approach to dealing with drinking, and there are substantial laws to deal with it, including one case where somebody who just killed somebody in an accident will now spend the rest of his life in jail because he was drunk while driving. What more do you want, the death peanalty for driving drunk? I'll admit though that I get surprised when I hear about people that have been arrested 30+ times for a DUI and somehow still keep their license (being a friend of the mayor, bribing judges, finding a loophole in the law, the arresting officer doesn't show up to the trial, etc.)
In some ways I regret that the 18th Ammendment was repealed, but even with that off the books now, there are still many regulatory laws controlling how alcoholic is produced and consumed... even if it is just going to be used in a fuel take on a car (complicating the issues I mentioned above).
Smoking:
Why do you think the tobacco companies setteled out of court with the law suits from most of the US states? Almost every state in the US now has some sort of "indoor clean air act" that prohibits smoking in public areas. Despite warnings from the US Surgeon General, countless piles of money spent on public service ads (including television, radio, newspaper, and magazine ads, not to mention billboards, posters, and anti-smoking programs for schools), a heavy public relations effort (including entire episodes of television news magazines like 60 Minutes or Dateline), millions of people still smoke.
********************
OK, I'll presume for a moment that you meant the United States Government. (I was presuming that you were an American... which isn't always good on
There is a difference between passing laws and actually getting them enforced. And in all of the cases I'll admit that we as citizens of this country can do more to help improve what we are doing in these areas.
But to say that the government is doing nothing is really stretching the imagination.
I just hope this doesn't make anyone feel secure. That would be just plain silly.
Dont worry we will be finding out very soon if our politicians are lying to us and the US just experienced a coupe de tate.
The two dirty little secrets of the pollsters are that people lie (They don't trust assurances of anonymity. They say what they think they're expected to say), and many, many people refuse to answer.
The people who refuse to answer do not as a group have the same range of opinions as those who do answer the poll takers questions. The opinions of those who answer them do not accurately reflect the opinions of the people as a whole (they may not even accurately reflect the their own views). So poll results are skewed.
What arrogance to name our up-coming military retribution on "justice" let alone "infinite". How horrifying. As we enter WWW III it will indeed be infinite...
I mean, GnuPG is available to the world because it's available on servers outside of the U.S. and as such not affected by U.S. export laws.
So if the U.S. does pass a law regarding crypto backdoors, wouldn't this apply only to the U.S. and thus the crypto is still going to be available to people outside of the U.S.? Won't that then leave us at a disadvantage?
And what about mobile phones with the different crypto schemes. Weak as they may be, there's still no backdoor in them.
And what about DES or AES? These are standards that the government created. What happens to them?
This can only harm the U.S.
I always said they would good intention us to death.
If the NSA designs the backdoor, it will not be vulnerable to third parties. I see a lot of ignorant speculation on this subject. Modern cryptography provides the building blocks for a secure, backdoored system. A system in which the existence of the backdoor does not provide any advantage to an attacker who lacks the government's key.
I think it's a bad proposal, but please discard the worthless argument that it would increase vulnerability to non-government hackers.
Banning encryption isn't like banning guns. If you accidentally use crypto nobody gets hurt. Crypto is a shield against someone looking at your private data. As a shield it is more like a bullet-proof vest. What the law-enforcement people are asking for is more like "nobody can buy a bullet-proof vest that can stop a bullet fired by a cop".
The problem with this is that you can't tell if someone's bullet-proof vest can stop a cop's bullet until the cop shoots. I.E. you can't tell if an encrypted message is decryptable until you try to decrypt it.
Properly encrypted text should be completely random, indistinguishable from random noise. It might have helpful headers on it saying "--- Begin US Government Cryptosystem Signed Message ---" but the body of the cyphertext will be gibberish. The only way you can tell if illegal encryption is being used is to decrypt the message and see if what you get is plaintext.
If the header is true and the message was truly encrypted by an approved cryptosystem that means nothing. The text that was encrypted by the Government Approved Cypher could start with "--- Begin Evil Criminal Unbreakable Cryptosystem ---". It could also simply be "The RED DOG barks at MIDNIGHT. 4 HERONS are BATHING". It could also contain a porn image, but that porn image could contain a hidden stego message.
To go back to the bullet-proof vest analogy. The government wants everyone to wear a vest that can't stop a cop's bullet. They might be identified by a red stripe running across the middle of the vest. Some criminals might get an illegal vest and paint a stripe across the middle. Other criminals might get an illegal vest and wear it underneath the government approved vest. Some of these fakes might be so convincing that they'd fool every cop.
Maybe a better question to ask people would be "Should the government shoot everybody to find out who is wearing the illegal cop-bullet-stopping bulletproof vest?"
Any sophmore in college can write an encryption program in a few days that has no back door and can't be cracked by anyone. All these laws will do is perhaps make it easier for the black hats to obtain sensitive information they might need to carry out their missions.
Dude, I knew it. I was his bitch once. Yeah.
Given that the question was so badly worded, the conclusion is plainly false. In fact I do think that key escrow might have stopped the terrorists. I also think that key escrow is a terribly bad idea.
Anyway, I think any legislation involving key escrow would be very careful to only take liberty away from individuals, and not corporations, given that both Democrats and Republicans only really care about corporate interests now anyway. The wording would probably such that individuals communicating with each other are not allowed to use the usual forms of encryption, while banks and such would be allowed to continue to use RSA or whatever they liked, that has no back doors.
72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks
Read it over and over again. It is not stating that 72 percent of people want their rights taken away. It just states that they think anti-crypto might of helped.
What's the difference?
Redo the poll to:
(self-explanatory)
Anyway, that's all for now
She voted against this resolution which gives G.W. Bush power to use "all necessary and appropriate force" against those "he deterimines planned, authorized, committed, or aided the terrorist attacks"
...
H.J. Res. 64
Whereas, on September 11, 2001, acts of treacherous violence were committed against the United States and its citizens; and
Whereas, such acts render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad; and
Whereas, in light of the threat to the national security and foreign policy of the United States posed by these grave acts of violence; and
Whereas, such acts continue to pose an unusual and extraordinary threat to the national security and foreign policy of the United States; and
Whereas, the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the
United States:
Now, therefore, be it Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This joint resolution may be cited as the ``Authorization for Use of Military Force''.
SEC. 2. AUTHORIZATION FOR USE OF UNITED STATES ARMED FORCES.
(a) IN GENERAL.--That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any further acts of international terrorism against the United States by such nations, organizations or persons.
(b) WAR POWERS RESOLUTION REQUIREMENTS.--
(1) SPECIFIC STATUTORY AUTHORIZATION.--Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution.
54 Yes, would favor
39 No, would not
7 Don't know
54 + 39 + 7 == 100
So where do they get those 72 %
My stroke preference:
A lady's hand on schlong: five.
On the keyboard: one.
I support that. And I love Baywatch. And I love Lexx. I don't need to keep anything secret because my head is empty. I have one hand on my remote and the other hand on my...
Please...I'm eating.
I know one person who has stronger beliefs in using crypto for everything than everyone else.
He was a minister behind the iron curtian many years ago. I'm not sure how he got across the iron curtian, everything I know about the former USSR says they wouldn't have allowed him in if they knew what he was really up to.
When you see what lack of encryption (remember this was the '80s, even today those countries don't have many computers) does to your ability to do your work it changes your perspective.
Congress cares. And they are the ones with the vote.
I think I'll stop here.
That's an argument best resolved by the person doing the encryption - encrypt with a family members key or st. It is an incredibly paternalistic suggestion that we ought to adopt key escrow because somebody might encrypt something in a manner contrary to his or his estate's interests.
Wow! Is that the 72% who voted Bush then? oh, no, wait that can't be right, only 50% voted for Bush. The other 20% or so must of been the Bush voters who didn't understand the paper, so voted Gore by mistake.
I wonder who would be sick enough, to use a mass genocide as a platform to persuade people that their ways are best? Would that be the terrorists or the government. Who knows, by the looks of things (DMCA, SSSCA, Crypto Laws) they are one and the same.
This comment does not represent the views or opinions of the user.
http://anonymous.coward.isgay.com/
Our government will not be happy until 100,000,000 of us are laying dead in the street.
> Don't use encryption. You don't need it, and the government doesn't care.
You obviously have no real world experience in computer security.
http://george.bush.isgay.com/
They'll request legislation that would make it illegal for hackers to use the backdoors.
All program writers just don't but the fscking backdoor in the code! There. Its that simple. If nobody will put in the backdoor. What will the US gov do? Arrest all crypto programmers in the world?
Ive been working on a text based message program (uses port 3332) on TCP in which 2-4 users can chat over any UNIX boxen. It contains a 48 bit crypto algorythem. Its similar to YTalk with cryptography. I am not putting any backdoor in my software just because the US gov decides they don't like not being able to control the world. Its closed source(Please don't flame) but it is effective, but not yet finished.
I'm no punk bitch !!!
All you have to do to get the public to understand what encryption really does, is compare it to something they understand. Like guns. (Yes, they are nothing alike, but think conceptually for a sec)
The US has long resisted any sort of gun control for many reasons (among them, that they're "part of America"), but the one I'm focusing on is that the problem isn't with the law-abiding citizens, it's the law-breakers. Why should the law-abiding citizens be limited in their armament if a mugger wouldn't be? Ask the majority of Americans, and they disfavor more gun control. Convince the American people encryption control is equivalent to gun control, and I bet you'll see a sudden change in those statistics.
Kurdt
I'm not anti-social. Just pro-technology.
And since compiling acts as a form of encryption, let's outlaw the distribution of compiled programs unless the source is included.
You listening, Microsoft?
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
We've already proved that we can spell. "I want to vote for Al Gore ... hmm, B-U-C-H-A-N-N-O-N
Dude, you did that as a joke, right? *sigh* didn't think so...I got the point you were trying to make (har har) but just so you know, his name is spelled Pat Buchannan...
I would have to say that explosives are the most abused technology in all of history.
How about a survey on whether people would support giving the authorities keys to their doors, filing cabinets, etc.
There is a vast difference between what the poll question actually said and what people are interpreting the results to mean. People keep talking about 72% of Americans favoring encryption backdoors or favoring "a ban on 'uncrackable' encryption" [MSNBC], neither of which were mentioned in the poll question.
If the poll had mentioned anything about banning strong encryption or guaranteeing the government a legal right to read your personal email, the results would probably have been very different.
MSNBC left out the most obvious choice of all!!!!
CowboyNeal
badness 10000
That's all very well, but how can I, in a commercial evironment, trust someone else's government not to pass on any of my trade secrets? I understand that you are writing in the context of a US national speaking about your own government, but don't forget that companies from other countries might be less than happy for their communications to be intercepted by another government.
I agree with you in principle though, the only use of cryptography I use is ssh (I don't have a credit card). If I wanted to conduct some shady dealings, I certainly wouldn't want to use the internet for communication, too many records for that sort of thing.
Just my tuppence worth.
I can't see that the US putting backdoors into security products is going to make any difference at all to the security products that the criminals use. Already they don't bow to the law so what makes the law think that the criminals will say "Sure I'll use your security products with those backdoors in them!" DUH! I don't think so. The fact is that no matter what the US does to implement backdoors into security products there will always be a product outside of their scope that won't have any backdoors and this is what they'll use. Hell they could even write something themselves or pay someone to do it.
What really needs to be done is to work out what's causing all this crime and then solve that cause and not just fix the visual problem. Look at Windows for an example of fixing the visuals and not the actual problems/causes.
I can see too much money being dumped into this and too many companies rubbing their sweaty little palms as they seize the opportunity to profit from this and other disasters.
Fix the cause not the problem!!!
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
because it was already ruled unconstitutional! If it is already unconstitutional to allow people to come up with their own encryption schemes, how can the government enforce the law it's proposing?????
Got Freedom?
Thinking?
You do make some good points. However, I still disagree. I am not a big crypto user because most of my stuff is uninteresting and I could give a damn if you see it. If I thought it was important, I would take the proper steps.
However, I am a big crypto supporter. The reason being is because crypto is about more than hiding stuff. It is about verifying identity. It is about defeating the problem of digital storage (everything is copyable). It is about business transactions. It is about authentication.
These are all good reasons to support and use crypto. If I were a business, I wouldn't want backdoored crypto to ensure the immutability of my electronic legal documents. The fact that there is a backdoor leaves open the idea that the contract (or whatever) could have been changed. As we move closer and closer to paperless transfers (notice, I didn't say offices), we need strong crypto.
My final argument falls on the disagreement that anybody's job has to be easy. My job isn't and, sure, computer and network support would be a hell of a lot easier if my users were forced to never change anything on their computer and only do things in certain codified ways. But I'm realistic, it won't happen and that's why I get paid to do what I do. Law enforcement is in a similar boat. No one said that their job has to be easy and it is not my job to make it easier (as long as I am not actively obstructing justice... and I argue that my private use of crypto for legal means does not actively obstruct justice). In fact, there are laws in place to make law enforcement difficult in order to ensure and maintain the liberties that we enjoy as citizens.
.02 anyway...
My
(1) Congress forces backdoors in all encryption, including that used for corporate trade secrets, banking, etc. (2) The best hacker owns the world -- and tells Bill Gates to get off of his property... ;-)
What do you expect when you sort-of-elect a President that thinks there is too much freedom?
It looks like the poster has missed a thing in his logic(or maybe I am.) The 72% is the number of people who fell backdoors will help in stopping terrorists. Not the % that want the actual doors. I, for one, think that backdoors can help FBI or NSA or CIA or any intelligence with the keys to read mail between terrorists and thus stop them. But I would never want the Government to read my mail!
In my work (related to this industry), I'd be lucky to see that 72% of Americans even know what crypto is.
Give me a break.
Declare a holy war on smokers!
P.S. What's up with slashdot's stupid time limits. Wait 20 seconds after you hit reply before submitting a post or 2 minutes between posts. Heh, forget it, I won't post anymore.
Either the NSA can factor or it can't. If they can, then using modern encryption doesn't really burden them. If they can't, then no amount of ass-kissing and not using encryption is going to let them break the encryption of the terrorists who are going to be using REAL software without the government-mandated backdoors (murder is illegal too; did they respect that law?).
Think they just need a few more computers and a few less messages to sift through? You need to do a little more research about modern crypto. We're talking about things like the heat death of the universe happening before all computers in the world could finish factoring numbers that large (if factoring is "hard").
Outlawing encryption will not have any effect on these people. They don't respect our laws. The only effect will be to break the security of on-line transactions (over SSL for example). Backdoored schemes are broken schemes. A panel of a dozen great minds in the industry have already shown this: Rivest, Schneier, Diffie, etc. Read the paper here.
If you want stable and safe on-line transactions, you don't want the government mandating backdoors in encryption products.
I want to stop terrorists as much as the next guy, but let's thinks about measures that will actually HELP US DO THAT before acting. Things that are inconvenient and intrusive don't necessarily increase safety.
How should I know? I use lynx with the color turned off.
D/\ Gooberguy
Karma: Meh (Mostly from meh.)
You bring up a good point. And I am not sure how one would solve it. It is entirely possibly that the "cat is out of the bag" completely on encryption, but I don't think so. One way to do this would be for the western democracies to make security agreements on this sort of thing - some scheme where the British could read traffic coming into Britain and Americans could do the same. This would take some thought. My point was mostly to argue (as you agreed with) that the unnecessary use of encryption burdens the government.
One thing that would help without any new measures is traffic analysis. If the government is watching where the messages go, they can use that in their priority setting for analysis and even decryption.
The only good weather is bad weather.
I'm confused... MSNBC says 72%, but the email quoted in the second link says 54%...
how did MSNBC come up w/their number... or is the email earlier? It's very unclear...
here's what the second article says:
54 Yes, would favor
39 No, would not
7 Don't know
?
Place sig here.
Full text of the question shows people were given a false premise.
Question: These days, people's phone and e-mail communication is often encrypted to protect privacy and confidentiality. Would you favor reducing encryption of communications to make it easier for the FBI and CIA to monitor the activities of suspected terrorists --EVEN IF it might infringe on people's privacy and affect business practices?
54 Yes, would favor
39 No, would not
7 Don't know
These figures were high because people were told reducing encryption would make it easier for the FBI and CIA to monitor terrorists.
It is a lie. Back doors in encryption, Carnivore and Echelon will not work against terrorists.
Terrorists know they are being looked for by Carnivore and will get around it by other measures.
Messages could easily be hidden in plaintext or encrypted in images or sound files.
But most likely, when not planning face to face - they would use personal couriers.
So, what if it makes it slightly more difficult for them? They will still do it - or get caught.
Government are immoral to use terrorism as excuse to push agenda to monitor its people - especially at this time.
It is evil to tell people that more surveillance will save them.
Note msnbc propaganda, as update says, the support is a lot lower, nearly 20 percent less - at 54 percent.
-----BEGIN PGP MESSAGE-----
q Ph 3Vhi5iKXECXc73
D Vz BZrpcxe7YPNeht
n cI Vf6Vogkc8eJqWi
C Pa KpAOnepWSwzNwe
c TS 9YhE198nkzzk5/
Z B/ 9A7xZ3YkdhhA2Q
F li 4azuExyPGEXqjP
+ VY lu0wouX30KDkzu
d wi Psd7iEMIVXdpZK
I JU 5c7wdm6eDKcjfD
N NO b539njihJZ+hYP
h Ur DFaruclmyvV0UB
5 Ma WACwGTDvZ82/Q6
Z Si jVeE687QDZoCW+
2 d0 AH87cL9ecmLACb
e iy +/w+OnlNGbAMXh
k 9/ 0Sq2WidkgW6mxm
h r1 LuQOXZoLrPFi7f
L sp ZVD/x5IBRUCscc
Version: PGP Personal Privacy 6.5.3
qANQR1DBwU4Dzrt7A/Y1SykQB/0T/6tTHHXd26032bv/wYL
G7Q30eLDXw+eB5yBo9heJrORdkCcKnzL6B3UK9uIm7ul76k
CByMrx1FlYtZiRi/LX/vGY9LbXAmZfiQD6ZMLmp8RSDI4C2
Q4WRiev3QzTWMbdOPh1Cl19LYV9LXuyScvHhpPVHiFIHY8C
v5b5cWCRfGUc0QsHr7+WKx7ZH5NexqWc1Wz8cMB3Z9M+X0T
o3J/8R9cvOLVrXhmci1sZqnKDFabHUgp5KOZrqMK+qalIkO
rdMWsM6I2mmrcBdWAXIuKhy/g5kjtqZPyJoUwTyL6vfI1bk
X5TziHzeVllR5+VOG/nHkxqlU8RH53/gME++Ups6OsbD3W6
aEzFOlXtcDegBkGURleyusBF5m1hVQGraPuAaA3Q2mwwNTw
99NsssHtuGHmbkkJttEj+qmVwg0hH0cH9WqMADHCV+g4prX
KLl9CkO6bSAonUFDEfqbp5f6RoxqSNq/xD89e9K5eK4k1SW
c9XHqGvTycDXETkBmYisAipQzcDsPDpzPnwHC5/WWBKEgsz
nlvtRYyCkYCIWtpubz0P8AZ6jNmt0mwr6zT21jxYfZtxtmh
wztJ8ee1EFOhE358eb4uQ9X1jyk9I2/FK8PDTtZ5KsyB2OL
v/bVxHmQg862mihLNyV62YrYmQOI3Lb3lsZDYHeW0O3RsQO
I70nFzLC9KDGALqdkJZAuINFKIfa1bMIyP+F0r7MoVt9xOm
VOfe9w6cbdb5QT/g7DWZMRfn3tulpBrWVIwXNOpxPnclIot
jVDLmi9JzGeLcEB/Eaaq6lOijkCqlS0GJJi/+RvTtzLEix5
MqgacQ07hPpSK+t6tuLwS7ZEOQQyrZv2b68fU7NNUuO2+Hm
X/8BgCaz+m9N0SMTGaqsm1OnFRupomr7gLp4oqWyR9w=
=shOk
-----END PGP MESSAGE-----
Don't post letters in here. We pretty much know what we need to say to them. Letters are better, but perhaps some e-mail actually gets read.
www.dedserius.com
VB != VisualBasic
Finally, you misconstrue my arguments. I do not mean to end encryption use. I asked to not abuse it! Certainly its use in authentication should be, if anything, increased! Better authentication leads to a better world.
The only good weather is bad weather.
Okay, so I'm sure this will come across as a Troll, but what's so bad about the government having a backdoor on crypto?
And no fair talking about slippery slopes -- let's keep this focused on the question at hand.
Most of what I've heard in this thread so far is a basic distrust of government -- but it seems to me that ship has already sailed. If the government wants to search your house, or tap your phone, it can do so, and you possibly wouldn't even know it happened.
Sure, you absolutely have a right against unreasonable searches and seizures, but the things is: the government makes that call already. You don't get to make your house impermiable to a search warrant, nor do you get to make your phone untappable. So what's so different about crypto? My privacy is already in the government's hands, and probably in more ways than I realize.
So I guess what I'm getting at is this: Is there something about crypo that separates it from wiretapping and physical search warrants? Or is it just that the power happened to be in your hards to begin with, and you're unwilling to give it up?
Having backdoors in crypto programs won't stop terrorists (or at least ones intelligent enough to pull of anything big). I will enumerate some reasons:
1. Steganography (you can't decrypt what you can't find!)
2. Illegal encryption programs (terrorists won't have any qualms about using them!)
3. If the internet is bugged, terrorists won't use it.
In EPIC Volume 8.17 September 17, 2001 Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. there are many relevant quotes from our leaders...
/ 20 010911-16.html
e nt OnTerroristAttacks.htm
0 1/ 09/2001912907.html
1 /0 9/2001912C11.html
1 .h tml
= 42 5
... inconvenience. But we will not violate
l
r ro rist_attack.htm
m
... The
t m
4 8
... respect the civil
c e/ pr010913terrorattack.html
. ht m
m
y pe =News
2 01 .htm
l /w tcpr.html
m en t.shtml
"[On September 11, 2001,] our fellow citizens, our way of
life, our very freedom, came under attack in a series of
deliberate and deadly terrorist acts. . . . America has
stood down enemies before, and we will do so this time.
None of us will ever forget this day. Yet, we go forward to
defend freedom and all that is good and just in our world."
--President George W. Bush
http://www.whitehouse.gov/news/releases/2001/09
"[A]s we respond here at home to what we learn from these
attacks, is that this is a country that understands that
people have fundamental God-given rights and liberties and
our government is constituted to protect those rights. We
cannot -- in our efforts to bring justice -- diminish those
liberties. Clearly this is not a simple, normal criminal
case. This is an act of war, and those rules of warfare may
apply. But here at home and domestically, we need to make
sure that we're not tempted to abrogate any civil rights
such as habeas corpus, protections against unreasonable
searches and seizures, the freedom of expression and
peaceable assembly, or freedom of religion. And just
because somebody may come from an ethnic background, that
means nothing in the exercise of their rights as citizens.
They are American citizens. And so let's make sure that in
our anger and in our efforts to bring justice, we remember
our basic foundational civil liberties and not abrogate
them."
--Senator George Allen (R-VA)
http://allen.senate.gov/PressOffice/FloorStatem
"Some have said yesterday and today that all has changed,
all has changed for America. I know what they mean by that,
and I respect their view, but I pray that is not true. I
pray that is not true. I pray my junior colleague from
Virginia is correct when he says the one thing we cannot
allow to change is the values upon which this country is
built, for if that were to occur, then they would be able to
declare victory, genuine victory."
--Senator Joseph R. Biden Jr. (D-DE)
http://biden.senate.gov/%7Ebiden/press/release/
"Attacking this country is not enough to defeat it. It
never has been. That's something our enemies have
discovered again and again. America's history is the story
of a nation, of a people, that has repeatedly overcome what
seemed like insurmountable challenges -- fueled by our
individual liberty, our respect for the rule of law, and our
belief in the value of every human life. America began as a
nation by overcoming tyranny. We will continue by
overcoming terrorism. And we will do it without sacrificing
who we are as Americans. We will do it by upholding the
principles of 'liberty and justice for all.'"
--Senator Maria Cantwell (D-WA) http://cantwell.senate.gov/
"A time of crisis is one of the greatest tests of a
democracy. Our nation is rooted in the fundamental
principles of freedom and justice. It is during these times
of conflict, and fear, that we need to protect those
principles the most. These principles must guide our
actions in the days, weeks, and months to come. . . . We
must never allow terrorists to gain any victory over us by
diminishing our country's respect for individual liberty and
freedom. . . . Let us remember that the Constitution was
written in 1789 by men who had won the Revolutionary War.
They did not live in comfortable and easy times of
hypothetical enemies. They wrote a Constitution to protect
individual liberties in times of war as well as in times of
peace."
--Senator Russell Feingold (D-WI)
http://feingold.senate.gov/~feingold/releases/0
"Our values, our resolve, our commitment, our sense of
community will serve us well. I am confident that, as a
nation, we will seek and serve justice. Our Nation, my
neighbors and friends in Vermont demand no less, but we must
not let the terrorists win. If we abandon our democracy to
battle them, they win. If we forget our role as the world's
leader to defeat them, they win. And we will win. We will
maintain our democracy, and with justice, we will use our
strength. We will not lose our commitment to the rule of
law, no matter how much the provocation, because that rule
of law has protected us throughout the centuries. It has
created our democracy. It has made us what we are in
history."
--Senator Patrick Leahy (D-VT)
http://www.senate.gov/~leahy/press/200109/09120
"In truth, the people of this country are big in heart and
strong in character. We will maintain our open society and
fight terrorism around the globe with freedom loving peoples
everywhere. And we will prevail."
--Congressman Tom Allen (D-ME)
http://tomallen.house.gov/showart.asp?contentID
"There will be
people's basic rights as we make this nation more secure.
We can do that in democracies. It can't be done in
tyrannies, because tyrannies do not enjoy the general good
will and support of the people who are willing to suffer
inconvenience and good nature with a confidence that the
nation will protect their rights."
--Congressman Dick Armey (R-TX) http://www.freedom.org/
"What we must avoid, however, is the knee-jerk reaction to
pass more laws restricting the civil liberties of American
citizens. The tragedies of this attack will only be
compounded by giving the government more power at the
expense of our civil liberties. If we cannot stop this sort
of attack with all of the power our government agencies
already have, then we are in very serious trouble."
--Congressman Bob Barr (R-GA) http://www.house.gov/barr/
"In responding to this heinous attack, we must reaffirm our
commitment to uphold our Constitution, including the rights
guaranteed to every American in the Bill of Rights. These
precious rights have been secured by the blood and
sacrifices of Americans for more than 225 years. I am
confident in the ability of today's generation of Americans
to honor those sacrifices and the memories of those killed
in the attacks on September 11, 2001. We have an obligation
to overcome this latest challenge to freedom while honoring
our Constitution and preserving the rights it guarantees for
ourselves, our children, and our children's children."
--Congressman Roscoe Bartlett (R-MD)
http://www.house.gov/bartlett/pr010912.htm
"The challenge ahead will require strengthening U.S.
defenses and intelligence at home in ways consistent with
American values. Embassies and military bases must be
better defended along with domestic airports and other
civilian targets. But this does not mean that we can allow
terrorists to alter the fundamental openness of U.S. society
or the government's respect for civil liberties. If we do
so, they will have won."
--Senator Max Baucus (D-MT)
http://www.senate.gov/~baucus/maxstatements.htm
"[I]n the coming days, there may be some calls to assess
blame and to limit the individual liberties and freedoms we
enjoy as Americans. I urge my colleagues to resist these
efforts, no matter how well intended. The founding
principle of our nation is the right to pursue life, liberty
and happiness, and we must recognize the risks that we
assume with our freedom. The lives of each American [were]
changed forever by the awful acts carried out yesterday.
But we must not sacrifice our freedoms, and our way of life
in the name of fear to those who seek a weakened,
disconnected America. To use fear as a means to limit our
freedom will only serve the goals of those who undertook
these heinous attacks against America. Today is the day to
recognize the abiding strength of our nation and tell the
world, in particular those who seek to cause our nation
harm, that the Americans who perished on September 11, 2001
did not do so in vain.
--Congressman Ken Bentsen (D-TX)
http://www.house.gov/bentsen/prterror2.htm
"As the dust settles, we find ourselves confronting an enemy
that is both evil and elusive. But the world must know
that, today, America stands stronger than ever -- a nation
sworn to defend freedom, tolerance, diversity and democracy.
Those terrorists who attempt to extinguish our spirit must
know that these are ideals we Americans will never
surrender. I come from Michigan, home to hundreds of
thousands of Arab Americans and American Muslims. Already,
leaders in the community there -- patriotic Americans who
every day give so much to this country, who have condemned
these attacks, and who are as sickened by the carnage as
everyone else -- have been getting death threats. Such
hateful prejudice offends us all. Even as we struggle to
clear away the rubble and charred wreckage, heal our wounds,
mourn our dead and seek ultimate justice, Americans must
also stand together against this bigotry."
--Congressman David Bonior (D-MI)
http://davidbonior.house.gov/Speeches/091201_te
"We are a nation of law, and while our response must be
decisive, it also must be focused. The civil liberties of
all within our borders are paramount, regardless of who is
responsible for these acts of terror. If we undermine
individual rights in reaction to today's events, we may win
a battle, but hand a victory to the enemies of freedom
everywhere."
--Congressman Chris Cannon (R-UT)
http://www.house.gov/cannon/press2001/sept11.ht
"We must take the necessary precautions to safeguard our
lives and American interests, but we must not relinquish our
cherished freedoms."
--Congresswoman Eva Clayton (D-NC)
http://www.house.gov/clayton/
"Just as this horrendous act can destroy us from without, it
can also destroy us from within. Pearl Harbor led to
internment camps of Japanese-Americans, and today there is a
very real danger that this tragedy could result in
prejudice, discrimination, and crimes of hate against
Arab-Americans and others. The lesson Oklahoma City taught
us was the perpetrators of these acts of terror can be evil
men of every race, nationality and religion as are the
victims. We must ensure that these acts of terror do not
slowly and subversively destroy the foundation of our
democracy: a commitment to equal rights and equal
protection."
--Congressman John Conyers (D-MI)
http://www.house.gov/conyers/pr091201.htm
"Frisking everyone on the planet to find the one person with
the weapon is a high-cost, low-yield way to go. That's a
fair analogy to searching through everyone's e-mail. Not
only do such schemes threaten civil liberties, they are such
scattershot approaches that they're bound to fail.
notion that we can reorganize every aspect of civil society
to protect against terrorism is fool's gold."
--Congressman Christopher Cox (R-CA)
http://www.house.gov/cox/
"In striking at us, the terrorists sought to exploit the
openness of our society, and to shake the foundations of the
civilized order which America sustains. They will fail.
Our challenge now -- and the test of our democracy -- is to
harness our own raw anger and passion. To respond in a
manner that is firm, clear and just; that befits a great
nation; and that honors our own ideals."
--Congressman William Delahunt (D-MA)
http://www.house.gov/delahunt/terroristattack.h
"We must not direct our anger against innocent citizens of
Middle Eastern or South Asian heritage. Our nation is a
beacon of justice in the world and the freedom of our
peoples must not be degraded by any heinous acts of
violence. As a nation of a free and proud people, we must
not allow any terrorist attacks to justify violence or
persecution of our fellow citizens, whatever their heritage
may be."
--Congressman Benjamin Gilman (R-NY)
http://www.gop.gov/item-news.asp?N=200109131509
"We must be bipartisan, balanced, and calm. Panic and
partisanship are our enemies. And as one colleague said
this morning, the Constitution of the United States must not
be our next casualty. We must
liberties and intelligence of Americans. We are a generous,
courageous and resilient Nation. Given information,
resources and leadership, the American people will rise to
any challenge and fight down any assault to take from us our
way of life."
--Congresswoman Jane Harman (D-CA)
http://www.house.gov/harman/
Even at this painful time, we must remember that
international terrorism cannot be combated by turning our
free society into an armed fortress.
--Congressman Rush Holt (D-NJ) http://www.house.gov/rholt/
"As we move forward in the days to come, we must carefully
use words such as 'safety' and 'order,' and we must be
cautious when calling for actions that 'need to be taken for
the good of the people.' I encourage my colleagues to be
wary of any suggested government action that would infringe
on our freedoms. Any encroachment of our civil liberties is
a victory for the perpetrators of yesterday's heinous
crimes. We must continually bear in mind the words of
Benjamin Franklin when he had stated that 'those who would
sacrifice their essential liberty to seek a small portion of
temporary safety deserve neither liberty nor safety.'
Freedom is not our greatest liability, it is our greatest
asset."
--Congressman Timothy Johnson (R-IL)
http://www.house.gov/johnson/
"We take enormous pride in the freedoms we enjoy. Societies
without freedom find it easier to ward off attacks.
Yesterday we paid a great price for our freedom. We can and
will act to reduce the chances of these attacks in the
future, but we will never give up our freedoms."
--Congressman John J. LaFalce (D-NY)
http://www.house.gov/apps/list/press/ny29_lafal
"We will show our resolve to our enemies. America and its
citizens will not abdicate the values and freedoms that have
made this nation great. We unequivocally declare that today
America remains steadfast in its commitment to ensuring that
terrorism will not dim the beacon of liberty and freedom."
--Congressman John Linder (R-GA)
http://www.house.gov/linder/editorial_terrorism
"The terrorist forces against us would see us brought to our
knees and see us shaking in terror. They would have us back
away from the freedoms we hold dear. But they must be made
to understand that those freedoms are the result of 200
years of struggle. Nothing within the terrorists' power can
daunt this great democracy and its resolve."
--Congressman Ken Lucas (D-KY)
http://www.house.gov/kenlucas/PressRelease.2.ht
"The leaders of our country will now focus on ensuring that
justice is served. We should be rational about our
strategy, we will focus on protecting our future and promise
to uphold your freedom and your every liberty."
--Congressman Jim Matheson (D-UT)
http://matheson.house.gov/display2.cfm?id=733&t
"We must not act in haste -- rush to act out our vengeance
against fellow Americans -- because America is the world's
greatest melting pot, and in today's society, we simply
cannot guess at an individual's country of natural origin by
their appearance. We have to make sure that we make war on
terrorism -- not on Arabs! We must make a further
distinction between the war on terrorism and the war on
Americans of Near or South Asian descent. There have been
many references to a second Pearl Harbor, and while the
shock and anger certainly are similar and warranted, that
anger should not be directed towards our neighbors in ethnic
communities across the country. We do not need the
attitudes that will lead to a second wave of internment
camps."
--Congressman Jim McDermott (D-WA)
http://www.house.gov/mcdermott/Terrorist-FS.htm
"America must also stand firm, though, in its commitment to
civil liberties for all of our people. In the coming months
and years, all of us will have to make accommodations to
heightened security at our airports, Federal buildings, and
other large landmarks. We can and must make those
accommodations and in a manner that is wholly consistent
with the U.S. Constitution."
--Congressman James Moran (D-VA)
http://www.house.gov/moran/20010912b.htm
"[A]ll New Yorkers understand and feel empathy for those who
lost loved ones on hijacked flights. New Yorkers, and
indeed all Americans, will remember those victims at the
Pentagon, for putting their lives at risk and paying the
ultimate price, so that we can live our lives in freedom.
In the end, that is what this comes down to -- our freedom.
To the majority of the world, our nation stands as a beacon
of hope. To those who want to crush freedom, to have people
live in fear, our nation stands as a rebuke as well as a
threat. However, what those enemies of freedom fail to
understand is that no amount of physical damage can kill the
ideals for which this nation stands. Just as Pearl Harbor
roused the sleeping giant to crush those who attacked it,
this nation must crush those who have declared war on us
now. [...] Today, we stand united, to mourn our losses, but
determined to show the resolve upon which nation has always
prided itself, as we rebuild. We will show the strength
that can only be found in a free people. In the words of
Lincoln, today, "we here highly resolve that these dead
shall not have died in vain, that this nation under God
shall have a new birth of freedom, and that government of
the people, by the people, for the people shall not perish
from the earth."
--Congressman Jerrold Nadler (D-NY)
http://www.house.gov/nadler/hijackrelease.htm
"Demanding domestic security in times of war invites
carelessness in preserving civil liberties and the right of
privacy. Frequently the people are only too anxious for
their freedoms to be sacrificed on the altar of
authoritarianism thought to be necessary to remain safe and
secure. Nothing would please the terrorists more than if we
willingly gave up some of our cherished liberties while
defending ourselves from their threat."
--Congressman Ron Paul (R-TX)
http://www.house.gov/paul/press/press2001/pr091
"[W]e must not let these attacks on our country weaken our
resolve to maintain a free and open society that all
countries can emulate. We must now show the world that our
country will continue to stand strong in the face of
tragedy. We must show the cowards responsible that they
will not win."
--Congressman David Phelps (D-IL)
http://www.house.gov/phelps/
"It has been said that America will never be the same again
-- that we have crossed a threshold of innocence. That may
be so, but in our zeal to provide a new level of security,
we must guard against going so far that we trade away the
rights and privileges of a free society. In reacting to
this incident, we must not allow the hate of our attackers
to destroy our own decency and commitment to justice."
--Congressman Charles Rangel (D-NY)
http://www.house.gov/apps/list/press/ny15_range
"Additionally, as we consider legislation to address this
crisis, each proposal must be passed before the great lens
of the Constitution, the cornerstone of our Republic and our
freedoms."
-Congresswoman Lynn Rivers (D-MI)
http://www.house.gov/rivers/news_terroriststate
"As we console the families of the victims, as we remind
ourselves about the core American values of freedom and
democracy, and as we make plans to deal with the terrorists,
we must remember who we are as a people. We are the
participants of a great democratic undertaking, a national
project which stands as an example for the rest of the
world. We have a duty to perfect and protect our Nation,
and we must never be swayed from the road towards freedom
and democracy for ourselves and as a beacon for the planet."
--Congressman Ron Underwood (D-Guam)
http://www.house.gov/underwood/
"Finally, in the process of combating international
terrorism, we must neither abandon American civil liberties
nor express our fears and anger by indiscriminately striking
out against those with different names, skin color or
religion."
-Congressman David Wu (D-OR) http://www.house.gov/wu/
I think the questions that needed to be asked in response to the poll is: How many cases of criminal investigation, actual numbers and percentage of total, were hindered due to the use of encryption by the investigated parties? In how many cases did this change the potential outcome of the trial? Without the cold, hard numbers, the feds have no reasonable argument to enforce the requirement for back doors.
But then, I'm just a silly Canadian.
Doh! I should've checked the spelling before I posted. My bad. It's been one of those days (no, not an excuse, I know)
-
A good way to start a post. I would say the same about yours... and will in detail.
Either the NSA can factor or it can't.
This is naive. If you really think that the entire job of NSA is breaking strong codes, you truly do not have a clue about the electronic intelligence business! As I explained in my post, traffic analysis (look it up) is useful even when you cannot break the cyphers. But it is a lot more effective if you don't have every message out there cloaked and thus evoking equal suspicion. If my message is in the clear, the NSA can quickly determine that (other than steganographic techniques) and ignore the message.
Furthermore, as far as I know, factoring has never been proven to be NP complete. The best that has been proven for most encryption systems is that cracking them is of equivalent difficulty to factoring.
For all you know, the NSA, which employs some outstanding mathematicians, may be able to factor in polynomial time.
If they can, then using modern encryption doesn't really burden them. If they can't, then no amount of ass-kissing and not using encryption is going to let them break the encryption of the terrorists who are going to be using REAL software without the government-mandated backdoors (murder is illegal too; did they respect that law?).
Again, wrong. If not many people are using the strong encryption, then the strong encryption stands out like a red flag, allowing intelligence efforts to be focussed.
You need to do a little more research about modern crypto. We're talking about things like the heat death of the universe happening before all computers in the world could finish factoring numbers that large (if factoring is "hard").
Perhaps you shouldn't leap to assumptions about other posters' knowledge of encryption.
Also, you are making a big assumption about an unproven assertion: the practical difficulty of breaking such codes. For example, a very strong code can be broken by attacking the method of key generation. It can be broken by improper use - take a look at 802.11b. It can be attacked by previously unguessed means (such as the attack on RSA by timing information). Furthermore, the NSA and other agencies are highly classified. Do you really know what they can do? Could they have a working quantum computer (which can dramatically improve factoring)? Probably not, but they might! In which case allowing them to focus those assets on dangerous messages, rather than having to break your messages and mine only to discover they are uninteresting, would be a very good thing.
Are you aware that recent research has shown that DES was apparently designed to resist differential cryptoanalysis? That differential cryptoanalysis was invented in the last decade, but that the NSA approved DES in the 1970's? Don't underestimate or overestimate the NSA (or GCHQ or others) - we just don't know.
lawing encryption will not have any effect on these people. They don't respect our laws. The only effect will be to break the security of on-line transactions (over SSL for example). Backdoored schemes are broken schemes. A panel of a dozen great minds in the industry have already shown this: Rivest, Schneier, Diffie, etc. Read the paper here. [crypto.com]
Sigh. Why not respond to what was suggested, rather than making up a strawman. My post never advocated the outlawing of encryption. Furthermore, it did not advocate using the backdoor'd scheme that Schnier et. al. analyzed. It advocated not abusing crypto, and suggested that perhaps we should use crypto which the government can break, without unduly compromising security. I didn't say it was easy. Give it to the great minds to figure out how. I wish they would focus on how to do that, along with their silent peers at the NSA.
The only good weather is bad weather.
MJBST
You missed terrorists on American soil for years.
As you are so crap, here is a clue A=B, B=C etc.
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
Perhaps you think Bin Laden cannot afford it - dimwits.
I wrote a 400 bit encryption program in college. It was easy. You know what the difference between a 400 and an 800 bit program is? Nothing, you just need a faster computer, thats it. The hijackers I notice were all engineers and learned. By this legislation, all of us lawful users will be the only ones with backdoors to our stuff. The bad guys will have all the best security and will be able to play havoc with our stupid backdoors. Morons are going to put us in a worse security situation if this stupid law is allowed. I guess I'll be called un-american when next year our banking system is compromised, the intelligence community states they had no idea, and I say we had it coming. Well fuck you in advance retards.
Apparently they're even incapable of processing what they already have. Apparently there where hints for this attack as early as 1995, including flight plans and flight routes to WTC, Pentagon and the White House. Obviously none of the TLA's was capable on following up on that hints. So what do they want increased input of information for, if they can't handle what they already have?
Also lack of success is a strange track record to present when asking for more money and more allowances.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Considering the news was saying that most terrorists didn't even have electricity let alone computers? (at least in Afganistan) Eg. 3rd world countries are worried more about eating and having shelter than high-tech crypto.
Furthermore; the intellegence agencies said that Bin Laudon stopped using his Palm because it is easy to track.
So again who is it going to catch and how? Did they show that the terrorists are using encryption at all yet?
Sounds like pure paranoia talking to me.
make Linux, not Microsoft. sin(beast) = -0.809016994374947424102293417182819
after they install backdoors in encryption, they will disarm us and start stripping americans of our rights. Why dont you just give everyone access to our private information? could we be any more vulnerable then? Americans are only agreeing with this because the present threat of the moment is the spread of Terrorism on us soil. They are blind as to what this actually means if it is to happen.
Educating the public on basic rights is an uphill battle. Good luck.
I watch Brit Hume on Fox News
Most sheep prefer ground up bits of their own species in their feed. That doesn't mean it's good for them.
Would you all be in favour of crypto backdoors if it was the Australian government looking, or perhaps Canada? How about ...? American software will be a popular as a "poke in the eye with a blunt stick" if it has backdoors. Especially considering that American spy agencies are tasked with helping American business when they find things of interest.
An Australian.
The best form of cryptography is one, where Big Brother does not even know / cannot even see that cryptography is being used or that messages are being exchanged. The Telegraaf, the largest newspaper in the Netherlands, reported recently that the bad guys might as well communicate by manipulating a few of the many bits in an image. The example cited were porn pics posted in a newsgroup. To me it seemed not unlike the techniques used to watermark digital information.
So the next disaster may even be planned by posting tweaked images of the remains of the WTC!
-- The best way to accelerate a computer running Windows is at 9.8 m/s^2.
Terrorists are not stupid people, the planning and execution of this attack shows this.
Cells by definition act independently and so don't communicate alot, use of one time pads for all communications would stop any and all chances of decription and this type of encryption is suitable for short messages.
A suggestion.. If the FBI/CIA etc feels it needs to watch someone, then don't let them into the country. Why have completely open borders ?
As crypto code has long been considered considered "munitions", I'd forward the theory that the US constitution's second amendment implies that one may continue to "keep and bear" crypto code.
As an non-felonious, sane American, I am allowed to own a handgun or assault rifle, even a machine gun.
Why can't I own PGP?
Or whatever the series is originally called. Here in Germany, we just had a re-run of an episode with the words "The American people just voted off their freedom" in it. (Don't blame me if you don't recognize it, I'm translating it back on the spot. FYI, it's the episode in which Doors gets blamed for an assassination attempt on his competitor in the elections for President after which there's a big action against the resistance.)
Isn't it amazing how close to reality some of that stuff is when you think about it for some time? I sincerely hope and pray that other governments don't follow if something like this comes to pass, but when I see how stupid our current chancellor ist starting to act, talking of "military support", I wouldn't be amazed. The only politician I know who opposes this and changes of basic law (especially religious freedom) is someone from a party that was built from the remnants of the former Eastern Germany regimen. Go figure.
Fight hunger. Filet a politician and send him to a 3rd world country of your choice.
rm -rf /bin/laden
heh
In other news, the government, to deal with internal organ drug trafficking is now requiring a backdoor on people to make sure the government can quickly and easily check that you are not violating the laws of the day.
But seriously, 128bit encryption with a backdoor is as good as plaintext, but with a false sense of security. requiring a backdoor is worse than banning encryption. Secure communication in the future might involve exchanging jpg's of text as email attachments since carnivore wont pick that up.
Isn't rule by mass-media wonderful?
Well, ok, so it isn't perfect -- they are no utopias, right? ;)
Seastead this.
If the "people" favor crypto laws and backdoors to encryption software then lets ask this question: "Should the gov't have backdoor access to all of your checking, savings, and credit accounts, in case some trys to commit fraud with you identity?" Then the IRS could just take the tax at the end of the year. Are people really that dumb, or just poorly educated?
"Waitress I need two more boat-drinks..."
On the other hand, the fact that crypto is classified as "munitions" (this means that seemingly harmless stuff, such as the Mozilla source code or the DeCSS T-Shirts are actually classified as munitions! scary stuff!) means that actually, Congress probably *can* regulate it via export control. But since you have a Constitutional right to bear arms (heh), they can't regulate it's use by citizens.
Well.. not quite. There are plenty of cases where arms in the US are heavily regulated or banned. Handguns might be fine, but Ak-47s? Tanks? Bazookas? There are different grades or levels of munitions and they are all treated in different ways.
what the fuck is the point of crypto if it has widely known backdoors. Thats like locking the door to a house with no walls!!!!! Completely idiotic!!!!!!!!!!!!!!!
-This quite possibly mangled, stupid, demented comment was brought to you by Askii64.
You know what? Let them pass legislation like this. Several months will go by--or a year--and suddenly, some hacker in Russia or some other nice country will figure out the backdoor, and voila! Billions of dollars in business and legal damages. Patient records, trade secrets, copyrighted material... they'll all be compromised. That'll teach 'em a lesson.
Sure, if you're honest like most of us, this will be a huge problem for you. If you're a crook on the other hand, the legislation doesn't apply to you. Remember: when inlaws are outlawed, only outlaws will have inlaws.
Oh yeah, and don't even bother to try and stop this... the idiots in government will be convinced by some glossy shrink-wrapped corporation that the backdoor will be 100% secure against hackers. Just wait and see... it'll happen.
72% are in favor of backdoors...
73% are in favor of nuking the crap out of the entire middle east (if you stack your poll correctly)
84% believe that we can stop terrorism (wow what sheep)
and finally the doozie...
64% of americans cant tell you how many states we have.
The average american is pretty stupid. and when you ask about something as advanced as cryptography they probably though that it was some kind of new venerial disease.
ANY poll taken that isn't as simple as is this red ball red or green is horribly skewed or inaccurate. (and the red ball question will have a error of 6%)
I'm sorry, but of the poll was reprased to " are you in favor of the govt listening to your phone conversations, reading your email, and tracking where you go on the internet." I believe the result would be very different.
Do not look at laser with remaining good eye.
That is a common misunderstanding. Given a large enough sample, choosen to carefully reflect the divisions in the target group, the result will be pretty close to the one you would get using the whole target group in your survey. That is basic math, and works well in many areas.
The TV networks, for instance, have a very good idea of how many people are watching each one of them at any given time of the day. You do not think your TV set have a secret backdoor sending information back to the network, do you?
Usually, when a survey touchs political sensitive matters, this argument is heard over and over. Unfortunatelly, repetition doesn't make the argument more correct, as math is generally oblivious to human wishes.
..."if crypto is outlawed, only outlaws will use crypto (at least without back doors)..."
That's the "apostraphytic slippery slope" where, if you get an apostraphe out of place, it's not long before you're using "alot" as a single word, and pretty soon you descend into brainless monosyllabic 133ts93ak and no one can speak except on a third-grade level. It's a common fear in these modern times.
I bet the entire NSA would laugh their asses off if someone came in and asked them to develop an encryption algorithm with a backdoor. As far as I'm concerned, we don't have much to worry about.
What?
A recent poll shows that 28 percent of Americans know what "crypto backdoors" are...
Plus you have a bunch of airlines who after 20 years of gouging customers, selling crappy service and poor maintenance, weak security and high prices finally have an oligopoly that is so awful the fear is that ridership will drop off a cliff. So they go to the big bad gubmint and ask for a handout of between 15-24 Billion dollars. They cut service in half and use it as an excuse to cry poverty, say they can't provide security at any price to be borne by them.
The only diference between arlines and cigarettes is airlines have better PR.
You can figure that by this time next year there will be two US airines left and it will cost 1500 to fly from NYC to Miami and it will take 6 hrs to board the plane and we'll be told to be damn thankful.
Damn, I was hoping this was an online poll (there were some other recent ones like this one that were). We could all show them how unreliable/unscientific the results are when 500,000 Slashdotters all start voting the other way.
Liberty in your lifetime
I want to see a more rigorous poll conducted regarding this. If the results are anything close to these, I want to see a major educational campaign started to inform people about the true details of encryption. I want people to understand that the encryption code is already out there, and it will be impossible to stop criminals from using it. I want people to understand how vulnerable their emails and credit card numbers are without encryption. I want people to know the details about DeCSS, so they can see how easy it is for these backdoors to be leaked or cracked.
If people know the facts, and they still choose to support bans on encryption, then I guess I'll have to give up and become a criminal. But there's still time to educate the public before such issues get passed by congress, and the money we spend now will be save 1000 times over if we don't have to send lawyers to the supreme court to fight this.
I'll put $50 into an organization if it is used for such educational purposes. If you know of one, reply to this, or email me.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
It's at: http://businessweek.com/bwdaily/dnflash/sep2001/nf 20010914_2935.htm
Business Week is one of the more important and respected publications in business. While this isn't a scientific poll, I wouldn't be surprised to see it quoted, regardless of how it turns out.
On Friday, Sept 14, 2001 Congresswoman Barbara Lee of Berkley California was the sole dissenting vote against a resolution which gives G.W. Bush power to "use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks... or harbored such organizations or persons".
This is effectively blank-check authority to wage war anywhere in the world against what ever nations G.W. Bush so chooses without further congressional approval. This operation has started and has been named by Pentagon as "Operation Infinite Justice". This is no joke. If G.W. Bush wants to wage war against Iraq, Iran, Afghanistan, or even the IRA it may do so without further approval.
---
Joint Resolution of Congress H.J. Res. 64 September 14, 2001
Whereas, on September 11, 2001, acts of treacherous violence were committed against the United States and its citizens; and
Whereas, such acts render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad; and
Whereas, in light of the threat to the national security and foreign policy of the United States posed by these grave acts of violence; and
Whereas, such acts continue to pose an unusual and extraordinary threat to the national security and foreign policy of the United States; and
Whereas, the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the United States:
Now, therefore, be it Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE. This joint resolution may be cited as the ``Authorization for Use of Military Force''.
SEC. 2. AUTHORIZATION FOR USE OF UNITED STATES ARMED FORCES.
(a) IN GENERAL. That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any further acts of international terrorism against the United States by such nations, organizations or persons.
(b) WAR POWERS RESOLUTION REQUIREMENTS.
(1) SPECIFIC STATUTORY AUTHORIZATION. Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution.
(2) APPLICABILITY OF OTHER REQUIREMENTS. Nothing in this resolution supercedes any requirement of the War Powers Resolution.
---
Joint Resolution of Congress H.J. RES 1145 August 7, 1964
Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,
That the Congress approves and supports the determination of the President, as Commander in Chief, to take all necessary measures to repel any armed attack against the forces of the United States and to prevent further aggression.
Section 2. The United States regards as vital to its national interest and to world peace the maintenance of international peace and security in southeast Asia. Consonant with the Constitution of the United States and the Charter of the United Nations and in accordance with its obligations under the Southeast Asia Collective Defense Treaty, the United States is, therefore, prepared, as the President determines, to take all necessary steps, including the use of armed force, to assist any member or protocol state of the Southeast Asia Collective Defense Treaty requesting assistance in defense of its freedom.
Section 3. This resolution shall expire when the President shall determine that the peace and security of the area is reasonably assured by international conditions created by action of the United Nations or otherwise, except that it may be terminated earlier by concurrent resolution of the Congress.
As long as the experts don't conduct their discussions in private, and then present their reasoning in an open format that is accessible and understandable to laymen, then I'm OK with it.
If we get a bunch of experts, lock them in a top secret room, and then secretly implement their secret recommendations, we're asking for trouble.
You see? You see? Your stupid minds! Stupid! Stupid!
The point of this is not to boast about how I'm looking for a pissing contest with John Ashcroft. The point is that the odds are that they won't catch me, and if I'm willing to take the risk out of mere financial need and defiance to the state, a bunch of wild-eyed fanatics who aren't afraid to die certainly aren't going to be dissuaded either.
Of course, the idea that some laws are so completely unenforceable that they can be casually ignored is lost on these fools if the so-called "war on drugs" is any indication.
Proud member of the Weirdo-American community.
it's the american public, they don't understand. Here's some arguments that can help them understand, in your coctail conversations:
... they're already breaking the law anyway. Computers don't change anything, especially not for technophobes living in tents in afghanistan.
Would you give the police department a key to your home, so that they can protect you from crime? No. Think of why not - several reasons, like an out of control cop could terrorize you, etc. Meanwhile, anybody who's a criminal will NOT give the police a key to their home, or will give the wrong key, or will put on an additional padlock.
Why not strip search, for drugs, all people crossing the Mexican/US border at Tiajuana? Because it's a pain for those being searched. And, the real people smuggling drugs will drive a truck along a back road into arizona or new mexico. The stripsearch will be totally ineffective.
Why not make backdoors for encryption? Because that jepordizes all law abiding encryption users. The crackers will figure it out before the law is even passed. Meanwhile, no criminal or terrorist in their right mind will use that encryption, they'll use their own. Even if they have to break the law
Marketing-driven companies end up over-marketing their products. Engineering-driven companies end up over-engineering
Freep has far more people who distrust the gov't than are big on law and order. There is a large contingent of libertarians, and of course the tin-foil crew. Also, there are some excellent tech and science threads.
Besides, while dismissing them as rednecks, you do realize that on Usenet and other forums, Slashdotters are considered snot-nosed twits?
That 95% of american males like wild unprotected sex with cute underage girls. Repeal the statutory rape laws! Listen to people.
<^>_<(ô ô)>_<^>
This 'poll' is as about as useful as going to war with Canada over the silverfish dispute. (Something ~90% of Americans support BTW...)
Yes, these polls MEAN something. They mean that people are generally stupid and will answer any question off the top of their head like they know exactly what they are talking about.
Or as one pollster put it: they're valuable not to gather what people actually think (they really don't understand the issues, but that's okay, because we don't need them to...) they are valuable to gauge the emotional response of the people. To see if they get spooked.
"I think both sides have valid points in the silverfish dispute, and it's going to be a difficult negotiation. I wouldn't rule out military action, I just hope it doesn't come to that..."
What percentage of security experts say that backdoor crypto is a safe thing? None? Thought so.
Here's a short discussion as to why backdoor crypto is not safe:
Basically, nobody is going to try to crash your 2048-bit RSA key any time soon, because even once it's technically feasible (given enough resources -- e.g. a Win32 virus that mimics distributed.net), it's not usually worth the effort and/or the risk. Further, if your key does get cracked (or compromised through easier means -- e.g. another virus), you're not happy, but you can just generate a new key and be on your way. However, if cracking that key would give someone access to a significant amount of sensitive data (like the data of an entire country over the course of a year), then the payoff is much greater, and so is the risk to society.
<rant>
Am I the only one who thinks backdoor crypto is like creating a master key to all the nuclear silos in the world, making a few hundred copies of it (giving these to certain government offices) and NOT expecting an "accident" or three?
</rant>
Suppose we then use strong crypto for something important, say that remote control system that is being suggested as a measure against hijackers.
Whoops, sorry but the masterkey has been sold already to some strange bearded guy in a turban. All of the escrow systems proposed had failures.
Much of the timing information given in WWII by SOE to the French resistance to coordinate their attacks was given as ordinary 'personal' messages on the BBC.
With steganography and the use of ordinary messages with special meanings, tools like PGP become irrelevant for the terrorist to communicate. It then becomes a commercial risk instead.
What about the freenet project? If I'm not mistaken, freenet uses encryption and allows you to post stuff anonymously without people know where you're coming from. Is freenet going to be disallowed?
This would be an excellent opportunity for non-US software companies to develop and export real crypto products without backdoors. There was a good market in this stuff a few years ago when the US had more restrictive export controls.
Obviously any terrorist organisation would then use the international versions of such software rather than the US version!
One of the things that strikes visitors to your country, is the American attitude to alcohol.
You are all paranoid about alcohol and alcoholism!
You have the most draconian alcohol laws on the planet, with the exception of Arabic countries where it is completely forbidden.
A one banana problem.
don't want to pay tax
would like free hamburgers
the abolition of the metric system
and
cable channels that don't suck
But they don't GET ANY OF THEM
It's not the questions asked it's that seemingly noone here understands, that regulating cryptography in any way by us laws doesn't do anything except weakening US cittizens privacy and general securety in the US. 1. No cryptoregulation is enforcable because of steanography 2. No cryptoregulation is enforcable because other contries give a fuck about US-Laws. 3. Cryptoregulation is going to backfire because backdoors won't stay secret for long.
During the WWII, BBC was transmitting messages in short waves directed to the Italian resistance. The message were transmitted in AM in Italian.
A message like 'Aldo dice 26 per 1' is not understandable if the eavesdropper does not know what means the 26 and the 1. (if you want to know the meaning, google is your friend). Using face to face talkink, phone, normal mail and e-mail to trasmit secrets message makes difficult to track all of these pieces, especially if the phone call is made in a strange vernacular or using some odd slang. 'Dammi il ragioniere e la coda di topo' translates in 'Give me the accountant and the mouse's tail' but really means 'Give me the big hammer and the 3 mm circular file'
The average american is pretty stupid
And, taking the meaning of average, that means half the american population are even more stupid.
Encouraging isn't it?
Tarald - The Lord of Smeg
You're not drunk if you can lie on the floor without holding on
Anyway, who needs encryption - given that the FBI is currently trying to recruit Arabic speakers, all the terrorists have to do is send their messages in Arabic plain text.
Yup. You are obviously NAL. :) The Commerce Clause can't be unconstitutional, because it's IN the Constitution. :-)
My journal has hot
Leonid Mamtchenkov
The basic issue is one that I heard a pastor say: "You can have safety, or you can have freedom. I would much rather have freedom." He was refering to the continual invasion of privacy on the road (cameras at traffic lights, seat belt laws, etc.). The point is well taken even in this regard.
The one thing that stood out to me is that the decision that America came to in the 90's when there wasn't political pressure or tragedies was that encryption technologies were good for America. This was a public debate involving people from all facets of the encryption arena. The NSA was always for enabling a "back door"--which is currently infeasible. The whole issue came up again when we had the terrorist attacks. We should not respond emotionally about this topic at all.
The fact remains: Bin Laden does not use American cryptography technologies--he uses Russian cryptography developed for the mob. Even if America was able to pass this horrendous law, and cause other countries to follow suite, it would not solve the problem! What we would have is businesses in countries with the law would be crippled due to weak encryption until an algorithm that allowed an authorized third party to view the message was done correctly. That is not acceptible. The law would do more harm than good.
The whole definition of the encryption problem is how do you keep messages between two (2) parties safe from any outside observer. In my opinion three parties has one that is uninvited.
Being a student of mathematics, this is just ridiculous. Most encryption standards are based in some area of mathematics (Abstract Algebra, Number Theory, etc), so what are we going to do next? Ban all mathematics? Take the RSA encryption standard, it is so simple I learned it in an Abstract Algebra course within a couple of minutes. So should the government install backdoors into people who know how to write a cryptosystem program? Prevent said people from leaving the country? Or, better yet, we should stop teaching foriegners mathematics so that they can't develop new cryptosystems for their own country that we couldn't penetrate at all.
--elrog
A person who won't think has no advantage over one who can't think. --Paul Lutus
imagine if anyone of you would sacrifice privacy for a little surveillance camera in the toilet... hmm... think about it, fbi might be just having fun with voyeurism. :)
According to this La Times story, Federal law enforcement authorities did not notify American Airlines that two men with links to terrorist Osama bin Laden were on a "watch list" before they helped hijack a flight from Dulles International Airport last week, according to individuals with direct knowledge of the matter. .
If they can't responsibly handle their current responsibilities with what information they *do* know, what makes us think that they will all of a sudden get better if we let them violate our privacy to boot?
but to paraphrase the old NRA saw, if (strong) crypto is outlawed, only outlaws will have (strong) crypto. Asking the rest of us to give up our privacy without even the payoff that it is also denied to the bad guys is ridiculous.
Besides, software is easier to conceal than a firearm.
Once again, good for Barbara Lee. This resolution seems to give Bush a dangerous level of power to "resolve" this situation. Here's one obvious possible consequence: let's say Osama bin Laden is located and killed without a trial. After a bit of hand-washing, Bush can claim that we're all done and can go back to business as usual. Sure, it won't be as simple as that in real life, but the point is that Bush has been given the ability to claim victory without that victory being visible to the American people. If anything, this measure provides a way to provide a "satisfying", but ultimately useless, "resolution" to the problem.
It seems to me that at a time like this is exactly when we want institutions of justice to work as usual, rather than giving crusading cowboys of questionable intelligence and maturity the power to do whatever the hell they feel like in response to such a serious attack.
Learning from history
"
February 27, 1933
The German Parliament (Reichstag) burns down. A dazed Dutch Communist named Marinus van der Lubbe is found at the scene and charged with arson. [He is later found guilty and executed].
February 28, 1933
President Hindenburg and Chancellor Hitler invoke Article 48 of the Weimar Constitution, which permits the suspension of civil liberties in time of national emergency. This Decree of the Reich President for the Protection of the People and State abrogates the following constitutional protections:
Free expression of opinion
Freedom of the press
Right of assembly and association
Right to privacy of postal and electronic communications
Protection against unlawful searches and seizures
Individual property rights
States' right of self-government
"
Politicians do it ALL THE TIME.
Another issue is the validity of the claim for the past. Who here actually thinks that encryption laws would have stopped what happened last tuesday? Not many, I would assume. However, we are talking about the 'common man'. Regardless of education or socio-economic class, most people prove to be rather stupid every day. PROVE mind you. I would love to say "Hey, most people are stupid!" and then be proven wrong.
Like with other issues of processes and results, not only will you have armies of politicians and beurocrats that 'mean well' while they do NOTHING but say they did something, and the problem at the very very very best would just stay the same. (Minus the reduction of rights and privacy of course) Reality is that it will by its own merit make things worse. Then you have the secondary results, false accomplishment that leads to complacency and innaction. Finally the tertiary effects: Pisses a lot of people off that end up going too far the 'other way'. (i.e. No encryption for anyone or anything [Bye economy!] because "you must be guilty and hiding something if you are being private")
Face it everyone. This is one of the times to open up your history books. Take charge, or be charged. When you let Big Brother, Big Company or Big Special Interest Group do your thinking, then you become its slave (and ultimately your neighbors slave). This is the same complacency that caused people to sit around on their duffs while terrorists armed with BOX CUTTERS of all things to take down three aircraft and destroy many more lives and property/coslateral damage. Geez... box cutters. That is freak'n ridiculous. Have some sack people. Sitt'n like pathetic sheep in the gaze of a tiger. Grap that tiger by the trachea and colapse his cartiledge. That bastard will be too busy grasping for wonderful oxygen to worry about ANYTHING else. Then kill the others. Its not that hard people, and yes I have unfortunately had to be stabbed at, but fortunately we just jumped on the scum and no one got hurt. GET SOME SACK!!!
For those in the crowd who are members of the joke that is known as the DoD, aka 'the SELF-service', aka showboats'r'us, aka career before duty, aka superficial politiking before honor and courage, then I hope you will really reach down and get some. It could be a tough fight, and your pansy organizations are not prepared today to face it.
If you are carrying a running TRANSMITTER around, expect the Feds, and hackers, and anyone with the right equipment to be able to:
1. Listen in
2. Find your location (triangulation is one method)
That should be common sense people.
Just because it CAN be done, doesn't mean it should!