Slashdot Mirror
Poll Says Most Americans Favor Crypto Backdoors
Sideways The Dog writes: "According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C." I realize that I'm preaching to the choir here, but it is scary how many people do not realize that the bad guys are not going to play fair here. Even granted that people may not realize the tools are already out there for the bad guys to use, I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped." Update: 09/19 19:26 PM GMT by T : Declan McCullagh adds a link to "the actual text of the question asked by the
pollsters, which Princeton Survey Research Associates describes here." Note the numbers on this page as well.
When I wasn't logged in, for this article I got "Nothing for you to see here, please move along." Is this normal?
--
I'd like to see a new survey:
Should you be allowed to have secrets?
I imagine that we'd see considerably different results.
-Waldo
Poll says 72% of Americans technologically illiterate.
Vermifax
Logout
I do not believe it would be constitutional for the Federal government to require any restrictions on individuals, groups, or businesses using crypto for transactions that do not cross state lines.
I do not deploy Linux. Ever.
Then Joe Script Kiddie figures out how to get into the backdoor and then anybody can read everything you ever encrypted.. wonderful.
Free Mac Mini
"Sure, your guilt might force you to vote Democrat, but secretly deep down inside you long for the Republicans to lower your taxes, ignore the poor, brutalize prisoners, dictate what goes on in your bedrooms and rule you with an iron fist..."
--Sideshow Mel.
Yeah, right.
From reading the article, it seems the questions asked weren't "Do you support anti-crypto?" but instead "Do you think anti-crypto would help catch terrorists?"
Of COURSE anti-crypto has a chance of helping catch terrorists.. if your doctor for example has encrypted files for one of them or something random like that. That doesn't mean I support it or think it's worth it! They're extrapolating people's opinions based upon the not-so-earthshattering observation that crackable crypto has a good shot of helping catch terrorists (and this, in itself, is debatable since they already have strong-crypto for their own internal communications)
--
As usual, cracking down on honest people is a priority. It impresses the honest people (i.e., voters) that the authorities are on the job. If you only crack down on the bad guys, who notices?
InstaPundit! Ahead of the Curve Since 30 Minutes Ago
Anyway, it's MSNBC, which is crap. But it's an important wake-up call.
sulli
RTFJ.
Obviously it's not going to be affected by this silly law/requirement. So how is this going to affect in any way Joe Blow Terrorist in not using the latest version of Euro-PGP to be immune from FBI looking over their shoulder?
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
That is because most of the people in the security world do not take survays. :) It is always a flaw of survays that are voluntary.
~~CrackElf
"Blake is an idealist, Jenna. He cannot afford to think." - Kerr Avon, Star One, Blakes 7
... then it'll be easy to spot terrorists : it will be all those who have software with no backdoor. Do these people really think outlaws will use law-abiding software ?
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Now we all know why they cry like hell when their house burns down...
LFS. Have you built your system today?
Most north american watch too much tv and are ready to beleive whatever the media tells them.
They get frustrated at how bad the information is when it refers to their center of competence/interests (therefor missleading the others who don't know much), but they forget that little detail rapidly when they watch information about something they are less familiar with, and gobble everything sent to them.
Encryption is not something common, everybody knows the word, but not everyone uses it or understand the technology, nor the fact that it won't change ANYTHING to put backdoor since there's a lot of stuff already available to create your own crypto package without backdoors. So, basically, if you're a terrorist, it's way too easy to bypass that system.
In that perspective, the govs. are only stepping in a little bit more onto you privacy, and 99% of the people will accept it because "it sounds good the way it's explained, and besides, who cares, doesn't affect them as individuals".
God I hate those terrorists, not only we suffer because of human loss, but we'll suffer because of paranoia and liberty loss too.
--- Metamoderating abusive downgraders since my 300th post.
This may be an unpopular viewpoint on /., but I'd personally rather have the government able to read my email (with a subpeona, of course) than see another event where dozens of relatives were milling around outside a disaster zone clutching photos of their lost father/son/daughter/wife/etc.
Of course, the problem is that any moron with a mathematics education and a 486 can put together some pretty decent crypto on their own. Any smart terrorist (and it takes a smart, if not necessarily moral person to put something like this together) will use off-brand cryto without the back doors.
If there was a way to make the terrorists use standard, back-doored crypto, I'd be willing to force all crypto to have a back door.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
So how do you plan to enforce this backdoor rule? How do you keep me from using my copy of PGP that I've already downloaded from pgpi.org? If I take the results of encrypting my message with PGP and then further encrypt it with your backdoored protocol, you'll never even know I was using PGP unless you use my backdoor, and then you won't be able to read my messages. So how will this help anything?
So some percentage of uneducated, non-law enforcing people thing that it would help in solving this? bah. Who cares.
That is like advertising perscrition drugs on tv. Doctors are the only ones that can decide which drugs really need to be perscribed. It shouldn't matter which "brand" sounds better, or has a better commercial. "Such a catchy tune, I'm sure that my [fill in the blank] will be better with it!!" This is equivalent to "I am now scared, so I will do whatever to get that false sense of security back!!!"
We need a panel of experts to decide what would be helpfull. And not just FBI or DOJ experts, but ACLU types, and engineering types as well.
room101 -- how much can you stand before they break you?
(they always break you eventually)
Something that most people I know follow already... Don't use the net for anything important! If you use the anology of the 'net as the bad part of town, where any stranger can take your credit cards from your wallet if you bring them, then encryption is the mask over the stranger's face to most people. Sure, ordinary people may have lots of reasons to wear masks, but that doesn't mean they're allowed to. Anyone wearing a mask is usually asked to leave the bank, or the office, or whatnot. These people simply want to make sure we can see through people's masks.
Just think... if you sent a coded letter through the mail, nobody would give you a second thought. Everyone's complaining because the most convienent means (the 'net) is going ot be even more regulated than before.
Well, so are airplanes. I can't bring a gun on one. Now, I won't be able to bring a pair of tweezers or a nail-clipper on one. Are my rights being curtailed? Not at all. If I don't like it, I can always take a plane. I don't have to use the most convienent means available.
And that's the problem. Convienence has become synonymous with 'rights' these days. You have the right to watch movies whenever you want. Saying you have the right to encryption without a backdoor is like saying you have the right to smoke. You enjoy it, but the activity hurts other people.
Okay... rant mode off.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. "
It seems that people are just looking for a simple answer to a very complex question.
Usually when this happens (from my observation) people point fingers at the easy targets (muslims and arabs for example). This is just another case.
The majority of people (72%) just don't understand "new" technology in general and how it works. The possiblity of terrorists using encryption and e-mail and the internet scares the shit out of them. So it's very easy for them to say that modifying those technologies to allow police to easily "snoop on them" will help. When in fact they just don't know because they don't understand how it works.
This scares me because - with a few exceptions - in a democracy what the majority of the people want will happen (well in a true democracy it should anyway). So it won't surprise me if we see bills passed that will require this kind of thing to take place.
But I hope I'm wrong....
--
Garett
Congress was quick to blame sophisticated encryption methods for the massive intelligence failure last week and is proposing that government officials should have backdoor access to encryption products to aid national security.
Funny... and here I had thought that the primary reasons given for the massive intelligence failure were due to budget constraints and de-escalation of the intelligence community. Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...
So how do they jump from that to blaming it on encryption? Sheesh.
'Life is like a spoonful of Drain-O, it feels good on the way down but leaves you feeling hollow inside'
the government has announced that it will soon be
mandatory to use state-approved envelopes to send
all mail.
these new envelopes will be entirely transparent
when viewed under a federally produced lightbulb,
but there is no need to worry about these lamps
getting out to bad people, since it is time-tested
proof that all government employees are completely
honest and lack all self-serving traits present
in every other human being.
besides, it's for your own good and protection!
and if you have something to write that you don't
want everyone to read, maybe it's time for that
all-important self-examination to reveal your
underlying paranoia complex...
A year spent in artificial intelligence is enough to make one believe in God.
It can't happen, cause the DMCA made that illegal, too. Those legislators think of everything. ;-)
Your reality is lies and balderdash and I'm delighted to say that I have no grasp of it whatsoever. - Baron Munchausen
What the american people, states, of feds want. I will have my own encryption software without the backdoors. I will have encrypted backups, and encrypted filesystems. My business is not your business not the new "police" state.
And for what I want to keep really secret, the good old one-time pad will do nicely.
Chris
There's an option at the bottom about whether you'd recommend it for viewing.
I selected "not at all".
Do not spread "09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0" over the internet, thank you.
The article, and most every serious proposal for this type of application, including the 'Clipper chip' specifically suggest "key escrow" as a solution.
IOW, you do not have a "special police key that the data also is encrypted to, but rather, for every key you generate, you generate a second key and hand it to a trusted third party.
In theory, the government would need to obtain a search warrant or 'digital wiretap order' and present this to the trusted third party before they could obtain a copy of your key and decrypt your data.
The proble with "key escrow" is that, in theory, without a warrant the government should never have access to your keys, so until the day they get the warrant, there is no way to detect if you are filing bogus keys, or using an additional, non-escrowed, encryption layer before you encrypt with the "Government approved" crypto.
I have every reason to believe that the government will "go on fishing expeditions" to find such behavior, and that the "trusted third party" will be swiftly compromised by every three-letter-agency you can name, along with the mafia, big business, and anybody else with bribe money and an interest in obtaining your secrets, your credit card number, or your love letters.
I do not deploy Linux. Ever.
Oh and I wouldn't put too much stock in outside governments not changing their laws to match. Most of them would love to and the current mood is that there are only two sides available in the fight against terrorism.
You can only drink 30 or 40 glasses of beer a day, no matter how rich you are.
-- Colonel Adolphus Busch
I think someone mentioned that it's more important to ask educated people in the relevant field, rather than just the population at large. This is important, but we also need to ask educated, _compassionate_ people whether the question needs to be asked at all. By this, I mean question the goal. One of the problems with asking educated experts about things in their field is that their field is all they know and that's how they see the world. (If you're a crypto expert, you'll look for crypto solutions to problems, and if there's a better field to solve it, you won't necessarily recognize that.) Don't just assume that crypto stuff should be on the table and then ask crypto experts about it. Of course they're going to write you a very persuasive essay (one way or the other) on the topic. And the result is you'll think crypto is significant (regardless of which side you end up on). Or if you ask military advisors what type of war should be waged, well, you've already given them the assumption they need to give you an earful of expert opinions on war and before you know it, everyone hears this stuff and believes that war (of one type or another, depending on which side of the argument you side with) is relevant to the issue. So yes, get educated opinions from experts in the field, but also carefully ask if that field is relevant. Cause if it's not, you've just promoted it to that level.
Makes about as much sense.
"Provided by the management for your protection."
This is truly awful-- I suspect the author got hit hard by Namba and put up whatever he had lying around. Let's look at this.
"A poll in the United States has found widespread support for a ban on "uncrackable" encryption products." The only supporting statement it has, however, is this: "The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers.". They don't bother to give us any details about the question. What sort of anti-encryption laws? Which branch of law enforcement? What were the allowed answers to the question?
This lack of detail is especially worrisome given the drastically misleading figure from the featured question: "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks.". Wow, 72 percent of americans are anti-encryption! We're a week from the tragedy, with no details being released to us on how it was orchestrated. So, how do we know they would have been very helpful? For that matter, how do we know they would have not been helpful at all? "Somewhat" helpful is practically the default answer-- if you're pulling the answer out of your ass, pick the middle one.
Let's look at some of the other striking logic: "Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future.". Of course, they don't bother to mention how many believed that tighter restrictions would prevent attacks. Here, the default answer is obviously "might". Do I know tighter restrictions wouldn't prevent a single attack? Of course not; I also don't know that they would.
Finally, of course, the most important number is the date this survey was taken: Sep. 13-14. To be fair to the author, she did mention that. Taking surveys during that time is a disgustingly opportunistic response to the attacks. You certainly could have garnered favorable responses to attacking just about any country in the middle east, killing civilians, locking up immigrants, etc. etc.. I simply can't believe that in the wake of the tragedy, these people wasted their time and everyone else's on pushing this stupid agenda.
Could someone explain to me, in somewhat simple terms, how adding backdoors to things like public-key encryption could be possible?
I don't mean politically, but technically and practically.
Wouldn't a backdoor in something like PGP make it inherently insecure? I mean, wouldn't it be possible to find out how the Feds are decrypting, and use that method on ALL encrypted traffic?
This sounds analogous to someone finding a way to factor the product of two large primes back into the primes.
Or am I thinking about this all in the wrong way? Would it not be a "master" type key?
I just don't get it.
I wonder what those 72% of people will say when the other 28% of us are in jail for refusing to give up our crypto keys, and they need their servers fixed or their ISP connections troubleshot, and all us geeks are unavailable.
worst, another country without those encryption laws cracks the backdoor...
say the terrorists do that... so you now have a lot of people, some potencialy working on important places with no protection...
If the united states passes such law it will make them open to all outside bandits... even comercial ones...
I bet you could write a survey that got over 60% of Americans to favor repealing the First Amendment. It's all in how you write it.
sulli
RTFJ.
72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks
Read it over and over again. It is not stating that 72 percent of people want their rights taken away. It just states that they think anti-crypto might of helped.
Redo the poll to:
How many people think that the attack wouldn't happen if the US was a cruel military dictatorship?
I bet it would be like 90 percent. Its true. It doesn't mean we want to be a dictatorship, just that it might of prevented it.
Stop knee-jerking, people.
Good quote, too many chars. Seriously, the slashdot 120 char limit sucks!
According to the Washington Post, last Friday Barbra Lee (Democrat from California) said on the house floor: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." More details are below, copied from here.
...
The Solitary Vote Of Barbara Lee
Congresswoman Against Use of Force
By Peter Carlson
Washington Post Staff Writer
Wednesday, September 19, 2001; Page C01
"We need to step back," said Rep. Barbara Lee (D-Calif.). "We're grieving. We need to step back and think about this so that it doesn't spiral out of control. We have to make sure we don't make any mistakes."
She was walking down a hallway in the Cannon House Office Building. A plainclothes police officer hovered a few steps away, looking very serious. The Capitol Police began guarding Lee on Saturday because of death threats she received after voting against a resolution authorizing President Bush to use military force against anyone associated with last week's terrorist attacks. The resolution passed 98-0 in the Senate and 420-1 in the House. Lee's was the sole dissenting vote.
"In times like this," she said, "you have to have some members saying, 'Let's show some restraint.' "
Led by her police bodyguard, she moved along quickly, slipping into her office and closing the door behind her. Inside, the phone lines had shut down under an onslaught of calls from all over the country -- many of them irate, some of them downright nasty -- and her voice mailbox was too full to take any more messages.
"We've gotten thousands of calls and thousands of e-mails," she said. "People are very emotional. . . . They're frustrated and they're angry."
She's 55, a small woman with short black hair. Normally, she has a bright smile, but these days she looks sad, worried, harried. She is quick to point out that she voted to condemn last week's attacks and to allocate $40 billion to fight terrorism.
"I'm just as American and just as patriotic as anybody else," she insists.
She does not rule out military action, she says, but she voted against the authorization to use force because she opposes giving the president the sole decision on when and where to make war. "I believe we must make sure that Congress upholds its responsibilities and upholds checks and balances. This is a representative democracy and it's our responsibility."
War, she believes, is not the most effective way to fight terrorism. "Military action is a one-dimensional reaction to a multidimensional problem," she says. "We've got to be very deliberative and think through the implications of whatever we do."
This is not the first time Lee has stood alone against war. In 1999, during the crisis in Kosovo, she was the only House member to vote against authorizing President Clinton to bomb Serbia. "I'm not a pacifist," she says, "but I don't believe military action should be the only action we embark on."
Fortunately for Lee, she represents one of the most liberal congressional districts in the United States -- California's 9th, which includes Berkeley and Oakland. It's the district that was represented by another antiwar dissident -- Ronald Dellums -- for nearly 28 years. Lee served as Dellums's chief of staff for a decade before she was elected to the California State Assembly in 1990. When Dellums retired in 1998, she won the election to succeed him, and was reelected last year with 85 percent of the vote.
"I would have voted the same way," says Dellums, now president of Washington-based Healthcare International Management. "We need to think this through and ask, 'Are there better ways to do this?' "
"I agonized over this vote all week," she says. "I searched my conscience. I talked to many people. Ultimately, on some votes, you have to vote the way your conscience dictates."
Her agony was exacerbated by the knowledge that her chief of staff, Sandre Swanson, was mourning the death of his cousin Wanda Green, who was a flight attendant on the hijacked United jet that crashed in Pennsylvania.
"I support her decision," Swanson says. "The principle on which she based her decision was that somebody should stand up and say that only Congress has the power to declare war. . . . People say she was unpatriotic. I think it was very patriotic."
"I admire the courage of Barbara Lee," says Rep. John Lewis (D-Ga.), who spent the 1960s in the front lines of the civil rights movement. "She demonstrated raw courage to stand up and vote the way she did. She stood alone -- one against 420. Several other members wanted to be there also but at the same time, like me, they didn't want to be seen as soft on terrorism."
Lewis voted to authorize military action but, he says, he came close to joining Lee in opposition. "I was probably 99 percent of the way there in my heart and my soul," he says, "but in the end I wanted to send the strongest possible message that we can't let terrorism stand."
Lee's vote is reminiscent of the first woman ever elected to Congress, Jeannette Rankin of Montana, who voted against the nation's entry into World War I and World War II. It also brings to mind Wayne Morse and Ernest Gruening, the two senators who voted against the 1964 Gulf of Tonkin resolution, which gave President Lyndon Johnson the power to wage war in Vietnam.
On the House floor last Friday night, Lee quoted Morse: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." She added: "Senator Morse was correct, and I fear we make the same mistake today."
Out in Oakland, Lee's vote is the subject of much debate, some of it heated, says Don Perata, the Democratic state senator who represents Lee's district.
Perata calls Lee's vote "wrongheaded" and he isn't impressed with her explanation of it. "There wasn't a lot of clarity there," he says. "I would have cast a different vote. This is a time for a united front in America, particularly in Congress."
But, he predicts, Lee's vote probably will not affect her chances for reelection.
"The district is overwhelmingly Democratic," he says. "There are probably more people who are to the left of the Democrats than there are Republicans."
Also, he adds: "Barbara is very popular here. She's just a very, very nice woman -- and in this business that counts for a lot."
On Monday, Perata says, California talk radio was abuzz with callers denouncing Lee as a communist.
"I was wincing," he says, "because that's not Barbara. She did not cast that vote because she's unpatriotic. She loves this country and its opportunities as much as anybody."
Meanwhile, back in her office on Capitol Hill, Lee was furiously working the phones, talking to constituents and local media outlets.
"I hope that when I get my message out," she says, "people will understand why I did what I did. Whether they agree with me or not, they'll understand that I want to bring these [terrorists] to justice as much as anybody else does."
She declined to speculate on the effect her vote might have on her popularity. "This was not," she says, "a poll-driven vote."
How many non-americans are in favor of backdoors for US government? I don't think there'd be much support for that! From that point it just means: go get your software outside the US... Since the countries will never agree on "common backdoors" or things like that, forcing the US citizens to use encryption with backdoor would be totally useless.
Opus: the Swiss army knife of audio codec
Good thing polls don't run the country.
uh... hate to break it to you, but polls definitely run the country. from election to gallup to nielson to this latest - the thing about polls is that people listen to them.
at least, politicians who value re-election over doing the right thing listen to polls.
-sam
The REAL sam_at_caveman_dot_org is user ID 13833.
While IANAL, whether the transaction crosses state lines is immaterial. All that has to happen under recent interpretations of the Commerce Clause in the U.S. Constitution is that the activity *could* impact interstate trade, not whether or not it actually *does*.
:)
That being said, it's unlikely, in my mind, that Congress actually has authority to enforce limits on crypto under the Commerce Clause because it would violate the 1st Amendment,and possibly your right against unwarrantable searches and seizures, but that's more of a stretch, IMHO.
On the other hand, the fact that crypto is classified as "munitions" (this means that seemingly harmless stuff, such as the Mozilla source code or the DeCSS T-Shirts are actually classified as munitions! scary stuff!) means that actually, Congress probably *can* regulate it via export control. But since you have a Constitutional right to bear arms (heh), they can't regulate it's use by citizens. So there's another reason Congress wouldn't have a leg to stand on.
Again, I'm not a lawyer, I'm just going on what I know from reading, experience and a Businss Law class or two.
My journal has hot
If they implement back doors to crypto, or outright ban crypto, then crypto will go underground. The people who want the illegal crypto will pay through the nose to get it, and will pay the best coders to develop the best crypto. It will be like the drug dealers out-gunning the cops because they have more money to spend on guns.
www.lucernesys.comHorizon: Calendar-based personal finance
I have now on my desk a copy of a document prepared by a leading think-tank over a decade ago detailing our nation's vulnerabilities to terrorism and what should be done about it. In the wake of last week's tragedy I took the document out of its file and read it again with new eyes. Last week's attack could have been much worse. Thank God the people who wrote that document are on our side. It is a shame we didn't listen to them.
...Perhaps the most insidious form of adulteration is the accidental or deliberate entry of false data into a computer network because until the problem is detected incorrect decisions are made and once the problem is discovered user confidence in the system is shaken... ... identifying false information is a critical function that can be seriously complicated by adversaries' use of deception.
... But again, the most insidious form of the problem is associated with communications: tapping networks is a primary source of illicit information both in the business world and in foreign intelligence... ... so that communications and database security is of significant importance.
If you are feeling bad about the role encryption plays in allowing terrorists to act freely, perhaps some excerpts from this document will ease your mind and open your eyes to the usefulness of encryption systems in combating terrorism. Also keep in mind that this was written in the mid 1980s. I apologize in advance for not giving proper credit to the authors, but I'm sure that they understand why.
-- begin quote --
Adulteration, the accidental or deliberate injection of undesired material into a network, can cause serious problems. Accidental diversion of unintended liquids into a pipeline system, like accidental switching of a train onto the wrong track, sometimes leads to disastrous results...
...
Leakage from networks is at least...
...
MEASURES FOR RISK REDUCTION
Robustness
protective enclosures
solid construction
guards
deterrent laws
human engineering to reduce errors
operator training and practice
ENCRYPTION OF INFORMATION (emphasis added)
Ruggedness
redundancy
excess capacity
backup systems
error correcting coding for communications
emergency response teams
crisis training
alarm systems
automatic diagnosis systems
emergency subsystems
preplanned triage
public or customer emergency instruction arrangements
Resiliency
stores of critical spares
emergency recovery teams
training of recovery actions
insurance
procedures for sharing abnormal resource costs
pre-established plans for implementing improvements rather than return to status quo ante
-- end quote --
The measures listed above were to be encouraged in PRIVATE organizations and amoung the general public. I have reproduced the entire list because unlike the rest of the report it should be shared amoung as many people as possible, especially in business. As you can see public use of encryption is on this list.
It is important that businesses, and other organizations, be able to encrypt data securely so that critical vulnerabilities and response plans cannot fall into the hands of terrorists. It is important that businesses be able to encrypt and digitally sign communications so that false data or false orders cannot be transmitted that will cause their facilities to be damaged or an inappropriate action taken that could jeopardize lives and infrastructure. People need to be able to encrypt data and communications so that they will be less susceptible to blackmail (supposedly "no organization is secure from an operative who finds a well-placed secretary that is having an illicit affair") or assassination by terrorists.
Encryption is a powerful tool. It is as useful for protection from terror as it is the commission of terror. We cannot prevent the terrorists from having access to these tools; so we must seek to learn to use them better ourselves, and to make sure that they are in the hands of "the right people." With the ever-increasing reliance on data collected and sent over electronic networks in the making of critical decisions by all sectors of society, failure to use encryption and digital signature technology could be very bad.
The above comments were orignally made by me a few days ago to someone who had done encryption work and was now questioning whether our current privacy/security ratio would or should be changed. I apologize for using recycled electrons, but I thought the comments were equally applicable to this Slashdot story because they show the role that encryption can play in protecting people from terrorism (and espionage and vandalism and organized crime...) and I am leaving for a meeting so I don't have time to rewrite them.
Please, anyone who takes an online poll seriously is loosing his mind.
The mindless law-and-order rednecks who hang around at FreeRepublic.com regularily post comments on their forums encouraging their members to "Freep" the poll (using their lingo). Now, if Slashdot had posted a notice requesting that *we* all 'Slashdotted' that poll - do you think the results may have been different?
Without the usual mention of The Three Greatest Lies (Statistics, Statistics and Statistics), I will mention that ONLINE polls even miss the basics of reasonable methods... like unbiased 'random' samples for instance.
In the recent mafia case, PGP was defeated by using keyboard capture methods. I believe the people who answered this poll probably include this kind of "back door" in their yes response. I do. We need to emphasize these methods instead of the futile idea of having everybody change to new weak forms of crypto.
Key escrow is studid, but we need an alternative. There is no right to secretly plot to blow up buildings. The governement should gather probable cause and get wiretapping permission with a court order to target an individual. I think Ashcroft's idea to target people instead of devices makes sense, but I don't want weaker standards of judicial oversight.
Encryption absolutely can be defeated if, by physical or cyber processes, keyboard capture and screen capture are used. Since the bad guys aren't going to change their crypto, we have to do this anyway. It's been proven effective and it should be the focus of national efforts to defeat encryption.
MSNBC does.
sulli
RTFJ.
If someone wishes to pass information on to somebody else without anyone else knowing what is going on, putting backdoors in crypto packages and outlawing the rest isn't going to stop them.
The sheer volume of information sloshing around between machines means that you have to ignore something - processing all of it is verging on the impossible even if you don't have to decrypt. Say I wanted to tell Fred something important - "Free beer at John's house, 9pm" - and I was banned from using crypto. I could play with any number of obfuscations - I could encode the ASCII bits into the least significant bit of the red channel of an image. I could speak it and send it as an Windows executable with a MP3 component welded onto the end which could be extracted by knowing how long the original executable was. I could hide the message hidden spread through an MPEG file in some redundant byte in an MPEG frame header. Given a known random number generator and a given seed, you could XOR your message with the obfuscating signal. The number of ways to play this game is at least as complex as the number of data formats available.
So even if you had a complete and effective ban on encryption (which is impossible) you still couldn't process or intercept all the info flying through your checking portal. And even if the encryption ban stopped terrorists from passing information through the Internet, you haven't stopped them communicating - you have just made them use something else. Like encrypted packet radio or laser interferometry.
Cheers,
Toby Haynes
Anything I post is strictly my own thoughts and doesn't necessarily have anything to do with the opinions of IBM.
I'm not entirely against massive invasions of privacy... provided they're not one-sided.
i.e. if the police have a CCTV network, (a) it should be public access and (b) there should be public-access cameras on the police too.
This somewhat trite example generalises to more other domains too - e.g. no branch of government should not be allowed use crypto if the citizens aren't.
The answer to the quesion "Who will watch the Watchers?" should always be "The Watched".
*Asymmetric* flow of information increases one person's power over another. To preserve the balance of power in the event of anti-crypto legislation, it would be neccessary to further increase the transparency of governmental security operations.
David Brin (well known hard sci-fi writer, among other things) has analysed this is in an easy-to-read manner in his book "The Transparent Society", the first chapter of which is available on-line here
I strongly recommend reading it, it illustrates problems with the logic of both some privacy advocating positions and some privacy invasion advocating positions.
Choice of masters is not freedom.
...interesting to see if Internet traffic jumps sharply as people switch to using steganography to stuff their confidential emails inside mp3's and jpg's.
-- SIGFPE
Wiretaps require a warrant from a judge.
Best Slashdot Co
This is a chance for alot of politics to do things they always wanted to.
One of these things is what is described here.
Also, some law written in the 70s (I believe) stated that America can not legally issue assasination orders. They want to repeal that.
Also, they wnat to make phone tapping much easier. The law right now is you have to not only get a warrant to tap a phone, but you can't monitor a person, just a specific phone line.
And finally, all military upgrades are going to be majorily supported by the public (can you see more republican support?) in the near future.
Lets not let our rage cloud our vision.
Politicians will always be politicians.
However, if the question was asked as "Do you support the government having unlimited backdoors into all crypto tools, even if it meant your ecommerce transactions were more vulnerable to hacking as an unintentional result?" - I HIGHLY doubt we's see 72% saying yes!
I AM, therefore I THINK!
In the light of last weeks terror attacks and the obvious need for coordination on the attacker's side, most likely by the means of encrypted messages, I can understand the people's reaction. But let us have a look at what cryptography achieves. Cryptography achieves that an eavesdropper cannot read the content of a message. Cryptography does not mask the fact that there is a message being exchanged between two parties. The knowledge of a message interchange (and maybe a peak in activity) is an important piece of knowledge to criminal investigators. Sometimes it is not important to know what a message contains, but to know that there is a message. Now when you are implementing backdoors in popular cryptoolkits you are forcing people to use other means. For instance steganography. Hide the fact that you are sending a message at all. For instance use a webcam that shows the picture of a busy place in London. Now embedd a message in every 16th, 15th, 14th, ... (alternate it please) bit and send it to all viewers. One of the viewers knows that there is a message and the time of the broadcast. He will get the message, others won't. Yes, there _are_ methods to detect embedded messages, but these methods do not perform very well on a constantly changing stream of information. This would be method one. There are other possibilities. Even if you put a backdoor in a package like PGP, the algorithms are open, what will stop a terrorist from implementing his own PGP. This is not rocket science. What will stop him to exchange a shared secret (use the good old book-page method or whatever) and then use an insane amount of bits for a symmentric encyption? So I do not think that backdoors will do much good. They will stop Joe Blow "I hide Pr0n" but not somebody who is educated about cryptography and knows how to use (and implement) it.
The argument that we should have backdoors on everything crypto, is very simular to the logic "we should ban guns to keep the public safe." The problem of course, is that the criminal still has a gun, and you are unable to defend yourself.
.. spawning Microsofts new slogan.. who do you want to be today?
Only 'flamers' flame!
How does that keep you from speaking out? I've had letters to the editor published without using crypto. Hell, I'm not using it right now, in this message. Lack of crypto in slash certainly isn't restraining my speech.
Best Slashdot Co
Tune into MSNBC for more exciting details and developments. Dumb, Da-Dumb-Dumb, Dumb-Da-Dumb-Dumb, Dumb.
Friends don't help friends install M$ junk.
Coming to the US on a visa is a priviledge not a right. With suitable restrictions, perhaps a narrow restriction on strong crypto would fly.
What would be wrong with a narrow law that said that if you are in the US on a visa that you cannot send encrypted messages across US borders without key escrow.
I'm very worried that a hard line stance on this will fail. A narrowed alternative may be something we have to propose.
These people are either contemptible for their raw opportunism, or pitiful for their sheer fanaticism and inability to see beyond their agendas.
I really hope that you don't think that you're better than those people in any way. You're basically using the same excuse they are to promote your anti-conservative opinions. You see it as an opportunity to bash some conservative viewpoints and trying to raise the level of outrage by tying it to "the dead bodies of those killed last Tuesday." Has your hypocrisy so consumed you that you can't even recognize how transparent your attempt to push your own agenda was? Only thing missing from your post was a sobbing "Have you no shame??!!"
Okay: Everyone raise your hand who is willing to die for their right to use crypto. I mean really die -- or even suffer serious bodily harm -- standing up for your rights?
Whenever I see these topics come up, they're always accompanied by one-line comments "They'll only get my gpg when they pry it from my cold dead fingers!" Come on now -- would you let them kill you rather than give up your crypto?
You find out what people truly, honestly believe, deep in their hearts and souls, when they're faced with the raw reality of standing firm against inimidation and violence. Looking down the barrel of a gun is a damned good test of one's convictions...
All about me
You are correct. I pressed submit just as I noticed the error. Oh well...
Yeah, right.
Anyone have links to resoultions/bills/etc. that Congress has actually passed/put on the floor/whatever? I came up empty handed last time this was up on Slashdot.
I'm going to go back in my box and will think within the limits of my box: MS Sucks Linux Good I read too much Slashdot.
The following is written in the format of an editorial targetted at non-technical users. Anyone lobbying against crippling encryption is welcome to use it. It's (c) 2001 Stuart Ballard.
Should we require all encryption to have a backdoor?
A recent poll on MSNBC suggests that the vast majority of Americans would favor legislation requiring all encryption software to carry a "back door" allowing the government to read through it, as a means of preventing tragedies like the one that occurred on September 11th. This appears to be a legitimate attempt to protect the security of our nation, but let's look a little closer at what the effects would actually be.
On the internet, "encrypted" is the same as "secure". Remember when your web browser tells you you've gone to a "secure site"? Remember how everyone tells you never to enter your credit card number on the internet unless it's a secure site? That's right - the same encryption that evil terrorists use to plan killing people is what stops evil hackers from stealing your credit card number.
And remember, evil hackers are clever. If there's a hole in something, they'll find it. Remember all the viruses and worms you hear about? Those are all using holes that nobody even intended to put there - they were there by mistake. Imagine how much easier it would be to find a backdoor-sized hole that was put there on purpose!
Now the question seems a little harder to answer, doesn't it? Keep your credit card number safe from hackers, or keep your country safe from terrorists?
But it's even worse than that. The way encryption works is just math, and it's math that somebody with college-level mathematics knowledge can learn in a matter of hours. There's a page on the net that encourages every programmer to write his own encryption program just to learn how to do it - it only takes a few hours for a competent programmer. That knowledge is so widespread among programmers and mathematicians that it would be impossible to legislate it away - and any attempt to censor that knowledge would be laughed out of court on First Amendment grounds.
So why would a terrorist use a commercial encryption program with a known hole in it, when they can write their own in a couple of hours? Or even just keep hold of the copies they have now, which don't have the hole?
So what was the question again? Oh yes: should we make it easy for evil hackers to steal your credit card number, without actually stopping terrorists from communicating just as secretly as they already can?
Hmm... What do you think?
The more I read on here, other places, listen on the Radio, and watch on TV the more my blood boils.
People are screaming "WE MUST DO SOMETHING!". I agree 100%. We must do something, and that something is THINK. Quit trying to solve problems that don't exist or are just symptoms/side effects of the real problem.
We have to ask the question "Does this fix the problem?".
National ID Cards
What genius thought this one up? What problem is this going to solve? "Can I see your papers please?", "Uh I forgot my ID at home". Off to jail you go. I already have a "National ID", is called a Social Security Number.
Curb-Side Check-in Discontinued
What problem does this solve? Does anyone know if the terrorists even had luggage? I know that I have taken several trips with only a carry-on. The person doing the curb-side check-in still looks up my information on the computer and verifies everything before hand. This solves nothing, except to give the public a "Warm Fuzzy Feeling" that we have "Heightened Security".
Banning Knives, Box Cutters, etc..
Would this solve the problem? Doubtful. The problem is the conditioning of the public that if the plane is hijacked, the best thing to do is just sit there. The hijackers will make their demands, and eventually, we'll all get to go home. This incident changed that. The next time someone tries to hijack a plane, (hopefully) everyone on the plane will try to take them down.
Banning knives and such wont fix the problem. A pencil is just as good a weapon as a knife. Should we also ban these? What about people trained in Hand-to-Hand combat? People can kill with their hands, feet, etc...
Back-Doors in Encryption
How is this going to help? Has it even been proven that they used encryption? What type did they use? How did it help them? Everything I have read so far has been 100% speculation.
Do you think the Government is going to have back doors in THEIR encryption? I don't think so.
What chilling effects are going to come out of this? Banks encrypt their transactions such as money transfers, etc... Now what happens if that "Back-Door" falls into the wrong hands? What about e-Commerce? Will your on-line transactions be safe anymore? Faith in on-line transactions such as buying goods, paying bills, etc.. will plummet if the "Back-Door" becomes public knowledge.
But then again, as one radio talk show host here in Phoenix, put it "Who cares?". These are things about convenience, right? No, these things are about Freedom. The Freedom to do as we want when we want to. The only time we are not allowed to do that is when it infringes on the rights of others. This is true for the most part, however, there are plenty of exceptions to this rule, take the DMCA for example.
Again, how is this going to solve the problem? So we put back-doors in our encryption, now what? The terrorist simply change to other methods. They drop a letter in the mail, and it arrives at the destination in as little as a day. Are we going to allow the government to open every single letter that travels through the post office?
Who says they have to use typical Modern-day encryption? There are many ways to send "coded" messages that appear harmless to anyone looking at them.
Problem: Hijackers took over the controls of the plane
Solution: There are several that I have read about that actually make sense and would probably help this problem. Make the cockpit self-contained. No access to it AT ALL from the rest of the plane. If you can't get to the controls, you can't take them over and fly the plane into a building.
Problem: Hijackers take hostages and claim to have a [insert device here]
Solution: Everyone on the plane attack that person or persons. After the event on September 11, you would have to be stupid to just sit there.
Problem: Security check-points at the airport are a joke
Solution: Do not leave security to people who have no clue about it. The private sector is not interested in security; they are interested in the bottom line. The government either federal or local needs to be in charge of security. Pay the people who do the security better.
Problem: This person is a known terrorist
Solution: Kill them before they can do it again.
Before you go and piss away your rights, take the time to think about whether or not its actually going to help things, or just make life for most Americans that much more difficult. If it really had a good logical reasoning behind it, I'd take it into consideration, and might even vote for it. The problem is, is that everything that people have been suggesting is knee-jerk reactions that only give the perception of "Solving" a problem when in fact they actually don't solve anything.
Do we really need more laws? The government has already found 180+ people that might be involved with this with the laws we already have. Would adding new laws make that much of a difference? The terrorists worked with-in the system, and if the system changes, they will probably adapt as well.
Visit the Arcade Restoration Workshop @ http://www.arcaderestoration.com
It's not what they do with it now, when the only thing they care about is terrorism, but what they do 20 years from now or however long it is when all this terrorism stuff evaporates and the infrastructure is still in place that worries me. Then a bored intelligence infrastructure trying to justify its own existence will start abusing their resources and go after the trivial stuff that isn't worthy of such invasiveness. Many of the defenders of such a scheme that I've heard suggest that it'd have as stringent safeguards as wiretapping, and of course we all know how rluctant the courts are to give those sorts of warrants out.
Everybody considers themselves an expert at everything even though they are probably only an expert at zero to one things.
Contrasted to slashdot, where we know everything about law enforcement, the government, and defense. :)
Jack Valenti and the MPAA are to technology as the Boston strangler is to the woman home alone
would love to get his hands on these back doors.
It would be funny if he has lobbyists in the US pushing for these bills.
Should the government beable to obtain information about online conversations you've had related to events of national importance, that is whenever they feel it is of national importance to do so, that is whenever they want, that is they're going to expand their net of social control to incompass all forms of communication and thinking?
(Yeah, the last part is suppose to be part of a statement; it's a trick like that: instead of being asked what you think, by the end of the poll you're being told what to think).
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
The very idea of doing this is ridiculous not just from the standpoint of the loss of privacy, but because the technology for strong encryption is already all over the place. This isn't a situation where a law is passed and suddenly every existing crypto program self-destructs to make way for the new system. No terrorist in his/her right mind would use the system with the backdoor. They have people who are willing to commit a suicide bombing. Surely they wouldn't have a problem with bending the law and using an old unprotected crypto program.
By this logic, we should also outlaw guns. They might be used for terrorist operations. We all know that passing a law against the use of guns will cause every one of the millions of guns in this country to vanish as well.
Josh Woodward
The survey found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks
What a useless survey. Since when does your average American know anything about encryption? Or how terrorits use encryption? Or about U.S. constitution for that matter... *sigh*
The thing is, it makes it such that once you've cracked one key (NSA's key, in your example), you've cracked em all. The payoff is well worth the computation time involved, and someone will do it. It's an inherent problem with any backdoor system I've heard of so far.
Key escrow makes slightly more sense, since it gets rid of the fundamentally flawed logic of backdoored encryption. But, it has the additional problem of requiring an organization that can be 100% trusted, and I don't believe mankind is capable of that...at least not at this stage of the game.
"That's Tron. He fights for the Users."
The media should quit talking about script kiddies and address the real threats: social engineering. I guarantee you that after working for a couple years in a financial, customer care workplace where we were making outbound calls to resolve financial matters for our customers, it wasn't the phone that was the limiting factor on obtaining information, it was the person on the other end of the line. Probably 1 time out of 15 I can get a customer service rep to give me more than enough info on someone given certain little bits of data. With smaller companies, sometimes just the name, and a well-meaning rep will be all I need to get more info than I could possibly even want (once in a great while I actually had to cut people off while they dropped all kinds of info because I was too busy to write it all down!). That's not to say that I would ever think of trying to breach security for my own personal illegal use, because I expect others not to misuse my personal data either, but let's quit cracking down on the technical factors, and crack down on the degenerate human factor instead...
Now, one of us uses a copy of PGP (pre-backdoor) or codes his own blowfish app and uses it to encrypt her letters to CyptoGRRL Magazine. How is the US going to stop her from doing this?
What do officials say?
"We were randomly sampling the crypto streams traversing the net and noticed that our backdoor key didn't work on your message stream. You are in violation of US Code BlahBlahBlah."
Doesn't that seem to open some other sticky questions? I mean, if I'm not breaking the law (other than using strong crypto), how are they going to tell or prosecute me?
It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.
Besides, development of Open Source versions of crypto programs would continue in other parts of the world. The US won't be able to stop that. I could just download the program from CryptoGRRL.de (as long as the server actually resided outside of the US).
For those too lazy to check the link, highlights are:
Attack suspected terrorists like bin Laden even if we're not sure they're responsible for last week's attack?
Favor: 54%
Oppose: 40%
Attack terrorist bases and countries that support them even if there is a high likelihood for civilian casualties?
Favor: 71%
Oppose: 21%
Fav/Unfav Ratings ----Fav---- ---Unfav---
Very Mostly Mostly Very
Military 58% 36% 2% 2%
FBI 37 48 9 3
CIA 28 44 9 6
How Confident That National And Local Law Enforcement Can Stop Terrorist Plots In The U.S.?
Very: 32%
Somewhat: 42%
Not Too Confident: 17%
Not At All: 7%
How Much Would The Following Prevent Similar Terrorist Attacks?
Reduce encryption to aid CIA/FBI.
Very Much: 35%
Somewhat: 37%
Not Much: 12%
Not at All: 9%
Should Encryption Laws Be Reduced To Aid CIA/FBI Surveillance?
Yes: 54%
No: 39%
U.S. Put Arabs and Arab-Americans Under Special Surveillance?
Agree: 32%
Disagree: 62%
You are in a maze of twisty little relative jumps, all alike.
Note that the question is not 'Would you support backdoors in cryptography', but 'would backdoors be helpful?'
Two ENTIRELY different questions. The results of this survey have no relation to whether or not Americans actually SUPPORT said backdoors.
I think any one of us would be hard pressed to say that crypto backdoors wouldn't help the investigation. Simply admitting that doesn't mean you think it's right.
It seems that many of the terrorists didn't even encrypt their messages according to this article.
The reason for my suggestion is so that the NSA, FBI and equivalent agencies in other governments can separate the truly dangerous traffic from the uninteresting, and focus their efforts on the former.
Does this imply some degree of trust of the government? Yes, it does. As does giving weapons to an army or having a police force! If you don't have a government that can, in general (if not in every case) be trusted with measures needed to provide its citizens with security, then replace it with one you can trust, or go live in anarchy!
In the US we have a constitution which is given more than just lip service by these agencies. And we have popularly elected oversight bodies with built in incentives to expose misuse of these tools. It isn't perfect (what is?). But in general it works - and that's about all you can expect from any government.
I have things I want to hide from most readers (say - my credit card numbers) but I have no reason to hide them from the government. Nor do I have a constitutional right to do so in cases of adjudicated surveillance. The fourth amendment has the word "unreasonable" in it for a reason! The reason is to *allow* reasonable search.
So, if you care about the security of your fellow citizens, don't use encryption just to thumb your nose at the government! You shouldn't expect any more privacy on the internet than on your cell phone! You do *not* have a "right" to privacy on the internet, just a right to be secure from unreasonable surveillance.
Those who use encryption to intentionally burden the NSA and FBI are unwittingly helping the terrorists! To you people, I say: wake up! You have a moral responsibility to your fellow citizens, especially when war has been declared on your nation, your way of life and your civilian populace.
To those who way the terrorists will use uncrackable encryption or (more likely) steaganographic systems to evade these measures, I offer the following arguments:
To those who use the slippery-slope argument: all government is a slippery slope. If you don't want your freedoms on a slippery slope, go live in a state of anarchy. Otherwise, it is foolish not to recognize that you must and do give up certain freedoms in order to live in a civil society and gain some measure of protection from those who truly do mean to kill you or force you into their narrow way of life (for example, extreme Islam).
And to those who keep quoting Ben Franklin... kindly button it up! Repeating his statement without a considered understanding and discussion of the trade-offs is just silly. Ben Franklin certainly understood the necessity to give up some freedoms to purchase some security, or he would never have supported the formation of the US Government (or any government), or its constitution.
Finally, I pose the following not completely unrealistic choice: free encryption for everyone, and a military draft to fight the consequences; or some reasonable limitations on your privacy? It may come to that!
I grew up in the age of the draft, and we recognized that it was needed for our security then. I gave up enormous amounts of freedom when I served in the US Navy, and I did so voluntarily, because I believed that the country needed defending, and would do so again if I wasn't a graybeard with a family to take care of!
The only good weather is bad weather.
Defendent: I was using a built-in feature of the software, your Honor, for the purpose for which it was intended.
Prosecutor: Would you care to elaborate?
Defendent: Your Honor, all bank software is required to provide a back-door to the encrypted passwords, another to the encrypted personal accounts file and another to the encrypted transmisions, as per the Encryption Intelligence Law, 2001. As these are known, provided features, for the purpose of allowing outsiders to obtain this information, use of those features is implicitly authorised, and hence not computer misuse.
Prosecutor: Ah, but it's intended for proper authorities, to prevent criminal acts, not for criminals to commit them. Are you claiming to be a proper authority?
Defendent: Your honor, the law does not define a "proper authority", and the EULA for the software concerned does not place any actual limits. I would argue that a "proper authority", then, is only defined as someone who has access.
Judge: Are you saying that successfully hacking a computer is actually legal, under this law? And that only failing in the attempt is criminal?
Defendent: That is so, your honor.
Judge (after looking the law over): You would appear to be correct.
Prosecution (splutters): Admit, sir, that you at the very least pretended to be someone else, for the purpose of these transactions!
Defendent: No, sir. As all transactions were through mandated back-doors, there was no need to claim to be anybody.
Judge: I've heard enough. This court is required to enforce the law, not create it. That is the task of the legislature. If the law legalizes this, then that's the law I have to judge by. The defendent is found Not Guilty.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
It's not clear what form proposed legislation will take- key escrow or backdoors (by which the government could decrypt files and network traffic having a private key provided by the user or manufacturer). If users themselves are required to register private and symmetric keys then it would still seem to be legal to possess and use crypto, Open{BSD,SSH, SSL}, GNUpg, included- so long as you register keys (Would you have to register your key for every SSH session?) but if the onus is on developers to provide keys/backdoors, then it seems like any crypto source code would be illegal to distribute or possibly even possess in the United States. Would printed source (as in Applied Cryptography) be illegal? Pseudocode? Natural language explanations of algorithms?
1) This has been posted 5,000,001 times this past month, and it's getting old.
2) Note the key word "temporary." If this security would be longlasting (which it conceivably could be), then this statement would become nullified.
3) I wonder of BF thinks that all socialist contries deserve no safety? Hmm... maybe he means safety from future liberty losses.
4) Is complete online privacy as essential liberty that can never be abrdged? Hell no, it can be abridged with a court order as it has been done with wiretapping. Atleast it should be. That's why we have courts: to decide on a case-by-case basis which rights are most important. In this case, it is the right of life vs the right of privacy.
F-bacher
James Tiberius Kirk: "Spock, the women on your planet are logical. No other planet in the galaxy can make that claim."
In this CNN article talks about the failures in the intelligence agency as being bureaucratic. Note he didn't say anything about the need for anti-encryption laws.
...
WASHINGTON (CNN) -- A leading Republican senator said Wednesday that last week's terrorist attacks represented "a massive failure" on the part of the U.S. intelligence community, and he faulted federal law enforcement agencies for a lack of coordination in relaying key information to one another.
"I think it was a debacle," said Sen. Richard Shelby, R-Alabama, a member of the Senate Intelligence Committee, in an interview with CNN. "It was a real massive failure. I don't know what happened. I don't know how it happened, but at the end of the day, we know that we were not warned."
Shelby noted that some information on two suspected hijackers had been passed from the CIA to the FBI, which in turn passed it to the Immigration and Naturalization Service. But authorities failed to catch up with the men -- identified by sources as Khalid Al Midhair and Salem Alhamzi -- who were on board the hijacked jet that slammed into the Pentagon, according to the Justice Department.
"It's again, in my judgment, too many bureaucratic failures, not enough coordination between the agencies," Shelby said.
Shelby said the CIA director should be granted Cabinet-level status to elevate the agency's influence and prestige within a presidential administration. He said changes are needed at several agencies, including the CIA, the FBI and the National Security Agency. "We not only need more money, we need to change some things, and they've got to be changed at the top," Shelby said.
Shelby's comments come in the wake of revelations that the FBI had at least suspicions about the behavior of some individuals now tied to what may be a broader hijacking conspiracy.
One man being held in U.S. custody, Zacarias Moussaoui, was arrested August 17 in Minnesota on an alleged passport violation. Moussaoui was in custody at the time of last week's attacks, being held as a material witness.
Moussaoui had apparently raised suspicions because he sought training in flying commercial jets at an Oklahoma flight school despite having a lack of experience. FBI agents visited the Airman Flight School two weeks before the attacks, asking questions about Moussaoui.
The danger here is not a technical one, but a political one. It's a lesson history tried to teach us once before, but I haven't seen anyone really doing a comparison to a very similar set of circumstances that have happened prior.
Today I'm sure that the majority of our leaders in government are honestly concerned about how to deal with how to thwart attacks like we all saw last week. To do this they see information gathering as a critical tool to use for these ends. To gather this information they wish to put together an infrastructure of snooping abilities that go far beyond issues dealing with cryptography. We're also looking at phone tapping and possible postal snooping. The majority of citizens at this moment are more than happy to give up these liberties to give law enforcement the tools they seek. Lives are at stake after all!
Okay, so what happens when there's no longer a terrorist threat to be dealt with? Does this infrastructure just vanish? Not bloody likely. I don't believe that there's any kind of conspiracy today from either the right or left side of the spectrum to misuse these tools. What about 10 years from now? 20? 50? Can we really entrust a governmental body we haven't even seen yet to only use these kinds of tools in an honest way?
To keep this non-partisan, let's say the "Widget" party takes a majority in both houses and the presidency. Once in a majority, what all stops them to increase this monitoring built on the infrastructure we are proposing today? How can we be assured that what they're monitoring isn't just criminals, but the opposition party campaigns? Rather than a tool for law enforcemnent we could be looking at a tool for political power.
As to the comparison I was referring to at the beginning of this post, I'm of course talking about the rise of the Nazi party to power in Germany. Too many similarities to be funny. Weak economy, terrorist attacks on urban areas, a populace all too willing to give up liberties to those that can deliver on the promise that they won't have to be afraid of a building blowing up on them. Oh, and a bit of a racial element tossed into the mix.
No, I'm not even beginning to suggest that the Nazis are looking to take over America. What I am saying here is that there is a precedent to how people are reacting to these recent events. The German people openly welcomed the kind of lock down the Nazis brought with them because they saw the streets truly get to be a safer place. Unfortunately, what they didn't see was the enormous cost of that safety until it was far too late. What I'm concerned about is that in our fear at this time we may very well not see the high cost we will end up paying decades down the road.
The line must be drawn here. This far. No further.
I have always regarded crypto as a way for me to communicate with my family in private
I live in France, my brother in Ireland, and the rest of the family is way up north (66N)
I wonder what % of people belives in their right to a private communication.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
if I need to encrypt something, I'll go get encryption for dummies and write a script to scramble my messages.
so say I was a criminal, I'm sure I'd add some extra code and send a 'key' to the feds.
somebody turn on the lights!!!
"The Most Fun Possible on 4 wheels" is at SunBuggy in Las Vegas
Terrorists don't need good, convenient crypto to send their credit card numbers out of a standard web browser, or to send encrypted email seamlessly to their friends. If they did, maybe crypto restrictions would mean something.
Terrorists need to send occasional messages to their co-conspirators without them being detected. And what kind of idiot terrorist is going to use a convenient standard cryptography package for that? Even if your messages are encrypted, that PGP header is suspicious looking...
Terrorists don't need to send messages through SMTP! They're going to wrap their crypto in other data, steganographically... and since there are a million such ways to hide random data undetectably, the fact that the data they're hiding is the (header-stripped) output of an illegal encryption tool won't faze them one bit.
I find myself overcome with heartfelt respect and admiration for this brave, principled person. Perhaps there is hope for us after all. Thank you for posting this.
If you were blocking sigs, you wouldn't have to read this.
Dear Terrorist,
We at Macrosloth are proud to offer you our new Encrption Suite for all of your communication needs. The Macrosloth Encrption Suite is the easiest to use network aware tool set available. The Terrorist Edition is specially designed with your requirements in mind and includes advanced features such as Per Cell Key Management (tm).
Please contact your Macrosloth reseller for more information or to arrange a demo.
*Remember, all Macrosloth Encrytion tools are NSA approved!*
So could somebody please explain to me why someone planning a terrorist action would use a tool they know has a backdoor in it? You can say a lot of nasty things about these people and be right but nobody is calling them stupid.
The point is that this is unenforceable to begin with. If encryption contains backdoors, they won't use it. How would you prevent encrypted messages from going to some SMTP/POP3 server in some other country? All I need to send an email message is a message and a server. The receiving server could be the same as the sending server.
And all of this predicates on the idea that they are using this type of encryption at all! So far, I haven't heard anything that says that they are using it. There are plenty of types of encryption that aren't electronic and could be virtually unbreakable. e.g. A picture of a blonde naked chick followed by 3 redheads and one brunette could have a hidden meaning.
Furthermore, I don't like the idea of having a key to my bank account out there and not under very good control. At some point, one or more of the backdoors will surface in the wrong hands, sort of like what Xing did with their DVD player software. They had the encryption keys unencrypted. That was the main reason DeCSS happened. Oops.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated" (4th Amendment)
"Congress shall make no law [...] abridging the freedom of speech, or of the press" (1st Amendment)
Also, if you buy into the politicians' argument that strong crypto is a munition, there is always: "[...] the right of the people to keep and bear arms, shall not be infringed." (2nd Amendment)
And if that's not enough, "The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people." (9th Amendment) and " The powers not delegated to the United States by the Constitution, nor prohibited by it to the states, are reserved to the states respectively, or to the people"
Exactly which parts of "shall make no law", "shall not be violated", and "shall not be infringed" don't you understand? There are at least two, and possibly three amendments which explicitly say that we have a right to communicate with one another, and to do so in a manner secure from evesdropping. Furthermore, even if it was not explictly spelled out in the other amendments, the 9th would preserve our right to secure communications. Lastly, because the Constitution does not explictly delegate the Government the power to bar the use of codes and cyphers, the 10th Amendment prohibits it from doing so.
"WE hold these Truths to be self-evident, that all Men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the Pursuit of Happiness -- That to secure these Rights, Governments are instituted among Men, deriving their just Powers from the Consent of the Governed, that whenever any Form of Government becomes destructive of these Ends, it is the Right of the People to alter or to abolish it, and to institute new Government, laying its Foundation on such Principles, and organizing its Powers in such Form, as to them shall seem most likely to effect their Safety and Happiness." (Declaration of Independence)
Any questions?
Why is it that the proponents of "one nation under God" are so eager to get rid of "liberty and justice for all"?
The DeCSS code is 'illegal,' yet, about as easy to obtain as a pack of cigarettes
Dude I just walked to 7 - 11 and the guy was all, "DeCSS? I have to look. Nope I don't think we have that here." I'm like, "Come'on Apu! Everybody's got DeCSS." And he's all "Take your Open Source, hippy dreams and get going." So I was like, "Ok gimmie some Camels." And he was all, "Here you go. That'll be $90 bucks."
So you're sooo wrong!
This
Do you believe ``that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks?"
Nowhere is it mentioned whether those polled favor such laws, only that they believe such laws would be ``'somewhat' or 'very' helpful."
And there you go with the quote again. LOL !
BTW, I agree that crypto laws are meaningless, but I object to your opposition of face recognition.
What essencial right is lost by scanning your face before you enter an airplane ? By bundling these type of measures with the crypto debate, it's more likely you congressman is just going to dismiss you as a reactionary whiner and ignore your whole letter.
- sigs are for wimps.
In a surprising turnaround, tungsten was found to be the heaviest metal. In a recent survey, tungsten was found to be heavier than both gold and iridium, which were traditionally thought to be heavier than tungsten.
:-)
Physicists and metalurgists are surprised by the recent outcome, but in a spirit of democracy, have announced that they will honor the will of the people, and make the neccessary adjustments to the periodic table of elements.
Poll says 72% of Americans technologically illiterate. Yup. Ten-four, good buddy
A dingo ate my sig...
...hence they called it The Whopper, instead of The Third-Pounder (which is its uncooked weight).
Nate
-- Watch the REAL Jon Katz.
Why wait around? You can download GPG and a host of other open source applications right now. Until such time as the algorithms in that are broken, the main concern is implementation faults. The only way they could possibly ban these tools is to detect encrypted network traffic that doesn't contain some signal that indicates a compromised encryption client and then prosecute.
I do not have a signature
In this case, also write President Bush, and Vice-President Cheney. I'm suggesting this because this is a law enforcement issue, that's their ballpark, and I have some very good law enforcement reasons why we should not have backdoors.
Sure, we all figure that the law will be too easy for terrorists to ignore. Sure, we think that this is a Second Amendment issue. Sure, we think that this gives the lie to the argument that we shouldn't regulate Microsoft because we don't want the government messing with the future of software development. However, the reason below may be understood more by politicians.
Encryption with backdoors means that there is a master key, held by the government, that can decrypt anything the crypto package. This is similar to asking lock companies to make a master key that will open any of their locks, and to hand that key to the government.
The instant you do that, that key becomes an incredibly valuable item. What would be the black market value for the master key to Windows IE secure mode?
The black market value must be at least in the millions. With such a key, you can monitor internet traffic and suck down credit card data. You can listen in on corporate execs talking to each other over VPNs. In the wrong hands, this key will lead to massive mayhem.
And this key will fall into the wrong hands. For it to be useful, there will need to be a large group of people who have access to the key. Odds are, one of them is going to be on the take.
Even if that doesn't happen, it instantly becomes the cracking target for computer-savvy criminals everywhere (especially the terrorists suspected of using strong crypto). We would have to be extremely careful to make a key that could not be cracked with the current computing power of the US. Because that is what the criminals will have access to.
The internet community has already cracked keys in triple-DES and RC5, as part of contests sponsored by the key owners. They were cracked using distributed key crackers. The programs were downloaded by hundreds of thousands of volunteers around the world, and they used the spare clock cycles of desktop machines to try all possible keys.
A computer savvy criminal could take a distributed key cracker program, attach it to an email virus, and put a significant percentage of the Internet to work cracking this key. The White House knows the sort of nuisance attack it got from the Code Red virus; imagine the next Code Red silently cracking the master key rather than trying to topple a government Web server.
The key would get out one way or another. The terrorists would have it, organized crime would have it, the "script kiddie" high school students out for a digital prank would have it. No matter how much we trust the government, we don't trust everybody else.
--The basis of all love is respect
In 1776 it was the right to bear arms. In 2001 it's the right to control access to and distribution of your INFORMATION. Why is it that the folks in favor of no gun laws are carping for unhindered givernment access to broken crypto. They are the same damn thing separated by a hundred years. Weak crypto won't protect us against terrorists any more the erasure of gun control laws.
Please respond to the following statements by saying whether you strongly agree, somewhat agree, neith disagree nor agree, somewhat disagree, or strongly disagre:
1) Forbidding the sale of knives would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
2) Forbidding training of pilots would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
3) Forbidding immigration of arabs to the United States would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
4) Requiring that all airline passengers be handcuffed to their seats would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
5) Modifying building codes to require all new buildings to be made out of titanium would be helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington
This sig has been temporarily disconnected or is no longer in service
Please please.
This says it all very plainly.
Thank you for trying to dispell the FUD.
If you read the article, you'll find it was a regular poll, conducted by Princeton Survey Research Associates on Sept. 13 and 14.
The fact that there is no penalty for breaking the supreme law of the land is the fundamental problem.
These people are sworn to uphold the Constitution. Passing blatantly* un-Constitutional laws and letting the courts clean up their mess is malpractice. It's as if a surgeon didn't bother to keep track of his sponges (what the heck, another surgeon can always get them later).
/. If the government wants us to respect the law, it should set a better example.
Disclaimer: I am not denying that the WTC attack is a tragedy, I am not denying that something needs to be done. I am merely presenting some facts that may place things into a bit better perspective.
WTC death toll: ~5200
US weekly deaths attributable to smoking: ~9000
US weekly deaths attributable to traffic accidents: ~3400
US weekly deaths attributable to drinking: ~2300
Five thousand dead in a single accident is, indeed, highly tragic and morally outrageous: our anger is justified.
We have far, FAR more people dying of smoking, including a lot of deaths caused by second-hand smoke. Yet the government is doing nothing to protect the victims -- often children in a smoking household -- from this attack on their right to life.
We have far, far more people dying in traffic accidents, and it's very likely that nearly half those deaths are victims of another driver's idiocy. Yet the government is doing nothing to protect us from those drivers, even though the solution is as simple as instituting mandatory driver training and a higher quality of testing.
We also have too many people dying because of alcohol. Yet the government isn't serious about cracking down on, say, drinking drivers; nor does it get tough on violence that's been exacerbated by drinking.
My point? There are plenty of tragedies happening every day. But this time it's got people panicked, so it's far easier to get draconian laws in place.
Trust the government? No. It doesn't act rationally.
[Sources: US CDC, NHTSA]
--
Don't like it? Respond with words, not karma.
Well, I'd bother, but I've been waiting for a response to my Dmitry letter for something like two months now. Frankly, I've never received anything but double-talk and misdirection when I've written to people who are supposed to be running our government "of the people, by the people, for the people".
I think it would be better if we spared our representatives a bunch of repetitive letters that hit the same four or five buzzwords, and instead sent each of them a copy of a book like "Secrets & Lies" (by Bruce Schneier). That way they get a decent, in-depth analysis of computer security and why backdoors will actually make us more vulnerable.
As to the more important matter, should strong encryption be outlawed... how the hell are you going to tell if a message is "strong" encrypted or just weakly encrypted without decrypting it? Is a one time pad "strong" encryption? Considering it's supremely simple to implement (for one to one messages, where actors know each other and can share the pad securely beforehand), I can't imagine how it could be called "strong" anything. I'm guessing what most all of us would support is a law that makes it an offense to refuse to divulge keys when so ordered by a court under the same rules that govern search warrants for property.
I realize that physical search warrants can be effected without permission of the property owner, but if I'm facing 20 years in jail simply for refusing to divulge keys for data which would only get me 10. I'd pony up the keys in a hurry. Same as I'd open the door for the police if they had a warrant (as opposed to an armed standoff).
I do not have a signature
They won't laugh at all. They'll receive their instructions from the judge, that violating the ban on encryption without a backdoor is illegal regardless of the content, and that if they find you did create or use such encryption, they must find you guilty. You'll go to jail and you won't laugh either.
To require people to use government-approved cryptography packages only requires that the government get a large number of the services to require it, so that without it you have problems doing day-to-day mundane things like manage your bank account. Think what would happen if Microsoft had the capacity to enact legislation. How would they force everyone to use IE and ditch all other browsers if they had write-access to the lawbooks? Not by doing it at the consumer end, but by doing it at the vendor end of things and forcing sites to refuse browsers whose user agent string isn't "approved". (Then once they figure out that the user agent string can be faked, they'd make it illegal to falsify that information, and prosecute whomever they can find that has done so, to scare the rest.) This is the sort of tactic that works best.
No, I'm not saying the government is actually going to do this, just that it *could* be done and it means they don't really have to enforce it in each consumer's house for it to work.
Of course, then it only gets the ordinary citizens trying to do ordinary business and not those determined to communicate to each other with their own means, but I'm not gullable enough to believe that the terrorists are who the government is really after with this anyway.
Don't label something "offtopic" unless you know the topic well enough to tell what's on topic.
S'funny, the media in the UK recently quoted a UK government statistic that 72% of drivers want more speed cameras on our roads. Odd how I've never met a single one of them, then, isn't it?
If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
We should all agree with the statement that it would be very helpful in preventing terroist attacks. Of course it would be! So would random house-to-house searches! However, what was not asked was "Do you think we should?", "Would you be willing to trade this liberty away?", etc. Poll questions are oftentimes baited - remember they're looking for a story more than public opinion. Don't believe the hype. Thanks.
But seriously folks, WHY oh WHY should a software company have its own (joint) news service? There is no possible way that it could at all benefit the public with objective, balanced reporting, I say. A bit like a joint news venture with an ammunition company during wartime or a meat-packing company back in the '20s. It serves no useful purpose to society at large!
--hongpong.com
Should we have products that perform their stated function?
Of course not! says the American people. Most people will say yes to a poll question, which is why you have to ask the right questions in official surveys.
"Look at me, I invented the stove!" -- Ben Franklin
In all of the talk around here about civil liberties being taken away and encryption backdoors Ive heard little about how such laws would actually work in practice and what the reaction would be.
I dont think that most people around here understand something. THE CONSTITUTION IS NOT GOING TO GO AWAY. Short of a constitutional ammendment repealing all of the ammendments in the bill of rights, your rights are secured. We have the power of checks and balances in this country, one of the most important of those is that the supreme court has the power of judicial review. Let me say that again in case you didnt get it.
THE SUPREME COURT HAS THE POWER OF JUDICIAL REVIEW.
What this means is if both the executive and legislative branches of our government lose their minds and start passing crazy laws, the judicial branch of our government can stop their enforcement if they find these laws to be unconstitutional. From what ive seen in the last 200 or so years in the history books they seem to be pretty good at it. They arent going away either.
A law can be enforced before it is found to be unconstitutional. This is a good and a bad thing. Say they pass this law and we are all arrested tomorrow for using encryption keys the Feds dont like. OH MY GOD WE ARE ALL GOING TO JAIL. This is also when the process of judicial review starts. You should all go read about this.
You think the FBI and the CIA arent watching those they find to be suspicious already? If you do youre pretty naive and a more trusting person than I am. All of that doesnt matter as long as they are unable to use it against you in criminal procedings, which is where judicial review comes in.
I have faith in this system, i learned all about it in school and i have seen it work in practice. If you dont believe me maybe you should start learning some American history.
To me the only issue here is constitutionality of these new laws. If they are unconstitutional i believe that they will be struck down, if they are not then what are all of you complaining about? If you cant tell me what ammendment in the bill of rights a new law on encryption would infringe upon then you have no basis to argue the issue.
Follow the train:
1) This issue has come up because terrorists are using strong encryption in their communications across the Internet, hotmail, etc, and the US government cant decrypt it.
2) The article says US Government and citizens support putting backdoors into crypto products.
3) Unless you force the terrorists to "UPGRADE" their crypto products, to the new versions with crypto-backdoors, well then, they will still be using the same hard-to-crack encryption, wont they? (Loop back to point #1)
So, one more time, what is this supposed to accomplish?
I am a computer scientist and from my experience most computer scientists that do not specialise in security don't understand the specific questions. However they usually do know about this lack of knowledge and that it takes some time to fill it.
The technical questions are not for the public to decide on. The public should however listen to the experts what the impact of these measures on them and on terrorism would be and then decide about these impacts.
The problem is that a lot of politicians at the moment present a drastically simplified view of things. To me (being knowlegeable in computer security) it seems that backdoors in crypto would do exactly nothing against this kind of well executed operation. (Yes, these people don't qualify as civilized human beings, but thinking in abstract military terms the effort-to-gain ratio of the attack was close to optimum, and underestimating an enemy is a deadly mistake.)
Most ACs are not even worth the keystrokes to insult them. Be generically insulted and ignored otherwise.
Of course, all good terrorists are going to use or upgrade to United States, backdoored encryption software.
But what terrorists are good, exactly?
Do you like German cars?
A good cryptosystem adds a lot of attack-resistance for relatively little computational cost to the authorized encryptor/decryptor. Your proposal would probably not be good by this criterion. You would use a relatively large amount of computing resources while adding a relatively small amount of security. In addition, you blur key and algorithm. A successful cryptosystem must sharply separate the key from the algorithm so that the algorithm can be widely shared, studied, attacked and proven while the key for a particular session remains secret.
In the proposed scheme, the sequence of operations constitutes the key.
Anyhow, just encrypt the communication once with a proven system, optionally use steganography to disguise the message as non-crypto, then encrypt under the backdoored scheme.
...what does 'alot' mean?
But will it still be legal under US law to import strong crypto into the US- either by downloading it, or by mail ordering a CD from openbsd.org?
Terrorism originates disproprotionately from areas with autocratic governments, such as many arab countries, Afganistan, Iran and Iraq (there are exceptions, like Northern Ireland). To reduce terrorism in the long run, rather than changing our government to look slightly more like the governments that breed terrorism, we should instead try more ardently to change autocratic governments to be more democratic.
Looking back, imagine if we had had the guts in the Soviet-Afghan war to insist on also funding the more democratic elements of the Afghan resistance, against the wishes of Pakistan. Imagine if we had installed a democracy in Kuwait. Imagine if we did more to support democratic forces in Iraq. Granted, some of these operations might have taken longer, created some international tension, or even been less "successful" in the short term, but the balance of the results might have been better for our long term security. Democracies tend to be more moderate and a bit less fickle in their foreign policy (e.g,. look at the elected organs of the Iranian government).
Looking to the future, now that the pressures of the cold war have abated, we do not have to court dictatorships as much as before. We have the luxury to take some less expedient foreign policy positions to invest in our long term intersts, which I think would be served better by a world with more democratic governments.
Specifically, we ought to be financially and militarily backing democratic resistance organizations in the autocracies that bother us the most, even when the democratic groups may not be as well organized as less democratic factions. In cases where we directly militarily intervene on a large scale, we ought to bear in mind that, paradoxically imposing democracy by force actually works rather well as in Japan, Western Europe, Panama, and Haiti (I mean, the results we get are at least as good as we seem to get from imposing autocratic governments--e.g., our old Panama policy). We ought to be promoting democracy in our propaganda, and foreign aid programs. Along these lines, as John Gilmore pointed out at a PECSENC crypto advisory panel meeting a few years ago, we ought to be aggressively exporting cryptography. If the ordinary citizenry of foreign countries is using cryptography too strong for their governments to break, that is an extremely cost-effective way to promote more democratic and ultimately more moderate governments.
What do you mean by saying that the government is doing nothing?
/. to assume.) What more do you want?
For traffic accidents:
There are seatbelt laws, vehicle safety standards, lighting standards, collision tests, traffic laws (that comprise whole chapters in most state legal codes), civil engineering to design highways that reduce accidents, and much more.
In fact, the red tape you need to go through to build a production motor vehicle is incredible... I would like to see you just try and get a few buddies to build a car, and try to give it away (with a helpful donation from somebody like Wm. Gates III or equivalent). Half of your development team would have to be doing nothing but dealing with government regulations and filling out paperwork.
Regarding drinking:
Ever heard of the 18th Ammendment to the US Constitution? Read it sometime. I would say that is a rather drastic approach to dealing with drinking, and there are substantial laws to deal with it, including one case where somebody who just killed somebody in an accident will now spend the rest of his life in jail because he was drunk while driving. What more do you want, the death peanalty for driving drunk? I'll admit though that I get surprised when I hear about people that have been arrested 30+ times for a DUI and somehow still keep their license (being a friend of the mayor, bribing judges, finding a loophole in the law, the arresting officer doesn't show up to the trial, etc.)
In some ways I regret that the 18th Ammendment was repealed, but even with that off the books now, there are still many regulatory laws controlling how alcoholic is produced and consumed... even if it is just going to be used in a fuel take on a car (complicating the issues I mentioned above).
Smoking:
Why do you think the tobacco companies setteled out of court with the law suits from most of the US states? Almost every state in the US now has some sort of "indoor clean air act" that prohibits smoking in public areas. Despite warnings from the US Surgeon General, countless piles of money spent on public service ads (including television, radio, newspaper, and magazine ads, not to mention billboards, posters, and anti-smoking programs for schools), a heavy public relations effort (including entire episodes of television news magazines like 60 Minutes or Dateline), millions of people still smoke.
********************
OK, I'll presume for a moment that you meant the United States Government. (I was presuming that you were an American... which isn't always good on
There is a difference between passing laws and actually getting them enforced. And in all of the cases I'll admit that we as citizens of this country can do more to help improve what we are doing in these areas.
But to say that the government is doing nothing is really stretching the imagination.
I don't know where you went to school, but even in the redneck hick town I went, being a willfully retarded sped was definitely not seen as cool (except by the morons themselves, who everyone else pretty much just ignored).
Intelligence and curiosity are definitely cool, as is athletics. But without balance, none of it is good.
If the NSA designs the backdoor, it will not be vulnerable to third parties. I see a lot of ignorant speculation on this subject. Modern cryptography provides the building blocks for a secure, backdoored system. A system in which the existence of the backdoor does not provide any advantage to an attacker who lacks the government's key.
I think it's a bad proposal, but please discard the worthless argument that it would increase vulnerability to non-government hackers.
Banning encryption isn't like banning guns. If you accidentally use crypto nobody gets hurt. Crypto is a shield against someone looking at your private data. As a shield it is more like a bullet-proof vest. What the law-enforcement people are asking for is more like "nobody can buy a bullet-proof vest that can stop a bullet fired by a cop".
The problem with this is that you can't tell if someone's bullet-proof vest can stop a cop's bullet until the cop shoots. I.E. you can't tell if an encrypted message is decryptable until you try to decrypt it.
Properly encrypted text should be completely random, indistinguishable from random noise. It might have helpful headers on it saying "--- Begin US Government Cryptosystem Signed Message ---" but the body of the cyphertext will be gibberish. The only way you can tell if illegal encryption is being used is to decrypt the message and see if what you get is plaintext.
If the header is true and the message was truly encrypted by an approved cryptosystem that means nothing. The text that was encrypted by the Government Approved Cypher could start with "--- Begin Evil Criminal Unbreakable Cryptosystem ---". It could also simply be "The RED DOG barks at MIDNIGHT. 4 HERONS are BATHING". It could also contain a porn image, but that porn image could contain a hidden stego message.
To go back to the bullet-proof vest analogy. The government wants everyone to wear a vest that can't stop a cop's bullet. They might be identified by a red stripe running across the middle of the vest. Some criminals might get an illegal vest and paint a stripe across the middle. Other criminals might get an illegal vest and wear it underneath the government approved vest. Some of these fakes might be so convincing that they'd fool every cop.
Maybe a better question to ask people would be "Should the government shoot everybody to find out who is wearing the illegal cop-bullet-stopping bulletproof vest?"
Any sophmore in college can write an encryption program in a few days that has no back door and can't be cracked by anyone. All these laws will do is perhaps make it easier for the black hats to obtain sensitive information they might need to carry out their missions.
She voted against this resolution which gives G.W. Bush power to use "all necessary and appropriate force" against those "he deterimines planned, authorized, committed, or aided the terrorist attacks"
...
H.J. Res. 64
Whereas, on September 11, 2001, acts of treacherous violence were committed against the United States and its citizens; and
Whereas, such acts render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad; and
Whereas, in light of the threat to the national security and foreign policy of the United States posed by these grave acts of violence; and
Whereas, such acts continue to pose an unusual and extraordinary threat to the national security and foreign policy of the United States; and
Whereas, the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the
United States:
Now, therefore, be it Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This joint resolution may be cited as the ``Authorization for Use of Military Force''.
SEC. 2. AUTHORIZATION FOR USE OF UNITED STATES ARMED FORCES.
(a) IN GENERAL.--That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any further acts of international terrorism against the United States by such nations, organizations or persons.
(b) WAR POWERS RESOLUTION REQUIREMENTS.--
(1) SPECIFIC STATUTORY AUTHORIZATION.--Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution.
I know one person who has stronger beliefs in using crypto for everything than everyone else.
He was a minister behind the iron curtian many years ago. I'm not sure how he got across the iron curtian, everything I know about the former USSR says they wouldn't have allowed him in if they knew what he was really up to.
When you see what lack of encryption (remember this was the '80s, even today those countries don't have many computers) does to your ability to do your work it changes your perspective.
Congress cares. And they are the ones with the vote.
I think I'll stop here.
You do make some good points. However, I still disagree. I am not a big crypto user because most of my stuff is uninteresting and I could give a damn if you see it. If I thought it was important, I would take the proper steps.
However, I am a big crypto supporter. The reason being is because crypto is about more than hiding stuff. It is about verifying identity. It is about defeating the problem of digital storage (everything is copyable). It is about business transactions. It is about authentication.
These are all good reasons to support and use crypto. If I were a business, I wouldn't want backdoored crypto to ensure the immutability of my electronic legal documents. The fact that there is a backdoor leaves open the idea that the contract (or whatever) could have been changed. As we move closer and closer to paperless transfers (notice, I didn't say offices), we need strong crypto.
My final argument falls on the disagreement that anybody's job has to be easy. My job isn't and, sure, computer and network support would be a hell of a lot easier if my users were forced to never change anything on their computer and only do things in certain codified ways. But I'm realistic, it won't happen and that's why I get paid to do what I do. Law enforcement is in a similar boat. No one said that their job has to be easy and it is not my job to make it easier (as long as I am not actively obstructing justice... and I argue that my private use of crypto for legal means does not actively obstruct justice). In fact, there are laws in place to make law enforcement difficult in order to ensure and maintain the liberties that we enjoy as citizens.
.02 anyway...
My
(1) Congress forces backdoors in all encryption, including that used for corporate trade secrets, banking, etc. (2) The best hacker owns the world -- and tells Bill Gates to get off of his property... ;-)
What do you expect when you sort-of-elect a President that thinks there is too much freedom?
You bring up a good point. And I am not sure how one would solve it. It is entirely possibly that the "cat is out of the bag" completely on encryption, but I don't think so. One way to do this would be for the western democracies to make security agreements on this sort of thing - some scheme where the British could read traffic coming into Britain and Americans could do the same. This would take some thought. My point was mostly to argue (as you agreed with) that the unnecessary use of encryption burdens the government.
One thing that would help without any new measures is traffic analysis. If the government is watching where the messages go, they can use that in their priority setting for analysis and even decryption.
The only good weather is bad weather.
Don't post letters in here. We pretty much know what we need to say to them. Letters are better, but perhaps some e-mail actually gets read.
www.dedserius.com
VB != VisualBasic
Finally, you misconstrue my arguments. I do not mean to end encryption use. I asked to not abuse it! Certainly its use in authentication should be, if anything, increased! Better authentication leads to a better world.
The only good weather is bad weather.
"...what's so bad about the government having a backdoor on crypto? "
It's not the government having one that's the biggest problem. It's that there is one. Someone will find it. Possibly not the government.
www.dedserius.com
VB != VisualBasic
In EPIC Volume 8.17 September 17, 2001 Published by the Electronic Privacy Information Center (EPIC) Washington, D.C. there are many relevant quotes from our leaders...
/ 20 010911-16.html
e nt OnTerroristAttacks.htm
0 1/ 09/2001912907.html
1 /0 9/2001912C11.html
1 .h tml
= 42 5
... inconvenience. But we will not violate
l
r ro rist_attack.htm
m
... The
t m
4 8
... respect the civil
c e/ pr010913terrorattack.html
. ht m
m
y pe =News
2 01 .htm
l /w tcpr.html
m en t.shtml
"[On September 11, 2001,] our fellow citizens, our way of
life, our very freedom, came under attack in a series of
deliberate and deadly terrorist acts. . . . America has
stood down enemies before, and we will do so this time.
None of us will ever forget this day. Yet, we go forward to
defend freedom and all that is good and just in our world."
--President George W. Bush
http://www.whitehouse.gov/news/releases/2001/09
"[A]s we respond here at home to what we learn from these
attacks, is that this is a country that understands that
people have fundamental God-given rights and liberties and
our government is constituted to protect those rights. We
cannot -- in our efforts to bring justice -- diminish those
liberties. Clearly this is not a simple, normal criminal
case. This is an act of war, and those rules of warfare may
apply. But here at home and domestically, we need to make
sure that we're not tempted to abrogate any civil rights
such as habeas corpus, protections against unreasonable
searches and seizures, the freedom of expression and
peaceable assembly, or freedom of religion. And just
because somebody may come from an ethnic background, that
means nothing in the exercise of their rights as citizens.
They are American citizens. And so let's make sure that in
our anger and in our efforts to bring justice, we remember
our basic foundational civil liberties and not abrogate
them."
--Senator George Allen (R-VA)
http://allen.senate.gov/PressOffice/FloorStatem
"Some have said yesterday and today that all has changed,
all has changed for America. I know what they mean by that,
and I respect their view, but I pray that is not true. I
pray that is not true. I pray my junior colleague from
Virginia is correct when he says the one thing we cannot
allow to change is the values upon which this country is
built, for if that were to occur, then they would be able to
declare victory, genuine victory."
--Senator Joseph R. Biden Jr. (D-DE)
http://biden.senate.gov/%7Ebiden/press/release/
"Attacking this country is not enough to defeat it. It
never has been. That's something our enemies have
discovered again and again. America's history is the story
of a nation, of a people, that has repeatedly overcome what
seemed like insurmountable challenges -- fueled by our
individual liberty, our respect for the rule of law, and our
belief in the value of every human life. America began as a
nation by overcoming tyranny. We will continue by
overcoming terrorism. And we will do it without sacrificing
who we are as Americans. We will do it by upholding the
principles of 'liberty and justice for all.'"
--Senator Maria Cantwell (D-WA) http://cantwell.senate.gov/
"A time of crisis is one of the greatest tests of a
democracy. Our nation is rooted in the fundamental
principles of freedom and justice. It is during these times
of conflict, and fear, that we need to protect those
principles the most. These principles must guide our
actions in the days, weeks, and months to come. . . . We
must never allow terrorists to gain any victory over us by
diminishing our country's respect for individual liberty and
freedom. . . . Let us remember that the Constitution was
written in 1789 by men who had won the Revolutionary War.
They did not live in comfortable and easy times of
hypothetical enemies. They wrote a Constitution to protect
individual liberties in times of war as well as in times of
peace."
--Senator Russell Feingold (D-WI)
http://feingold.senate.gov/~feingold/releases/0
"Our values, our resolve, our commitment, our sense of
community will serve us well. I am confident that, as a
nation, we will seek and serve justice. Our Nation, my
neighbors and friends in Vermont demand no less, but we must
not let the terrorists win. If we abandon our democracy to
battle them, they win. If we forget our role as the world's
leader to defeat them, they win. And we will win. We will
maintain our democracy, and with justice, we will use our
strength. We will not lose our commitment to the rule of
law, no matter how much the provocation, because that rule
of law has protected us throughout the centuries. It has
created our democracy. It has made us what we are in
history."
--Senator Patrick Leahy (D-VT)
http://www.senate.gov/~leahy/press/200109/09120
"In truth, the people of this country are big in heart and
strong in character. We will maintain our open society and
fight terrorism around the globe with freedom loving peoples
everywhere. And we will prevail."
--Congressman Tom Allen (D-ME)
http://tomallen.house.gov/showart.asp?contentID
"There will be
people's basic rights as we make this nation more secure.
We can do that in democracies. It can't be done in
tyrannies, because tyrannies do not enjoy the general good
will and support of the people who are willing to suffer
inconvenience and good nature with a confidence that the
nation will protect their rights."
--Congressman Dick Armey (R-TX) http://www.freedom.org/
"What we must avoid, however, is the knee-jerk reaction to
pass more laws restricting the civil liberties of American
citizens. The tragedies of this attack will only be
compounded by giving the government more power at the
expense of our civil liberties. If we cannot stop this sort
of attack with all of the power our government agencies
already have, then we are in very serious trouble."
--Congressman Bob Barr (R-GA) http://www.house.gov/barr/
"In responding to this heinous attack, we must reaffirm our
commitment to uphold our Constitution, including the rights
guaranteed to every American in the Bill of Rights. These
precious rights have been secured by the blood and
sacrifices of Americans for more than 225 years. I am
confident in the ability of today's generation of Americans
to honor those sacrifices and the memories of those killed
in the attacks on September 11, 2001. We have an obligation
to overcome this latest challenge to freedom while honoring
our Constitution and preserving the rights it guarantees for
ourselves, our children, and our children's children."
--Congressman Roscoe Bartlett (R-MD)
http://www.house.gov/bartlett/pr010912.htm
"The challenge ahead will require strengthening U.S.
defenses and intelligence at home in ways consistent with
American values. Embassies and military bases must be
better defended along with domestic airports and other
civilian targets. But this does not mean that we can allow
terrorists to alter the fundamental openness of U.S. society
or the government's respect for civil liberties. If we do
so, they will have won."
--Senator Max Baucus (D-MT)
http://www.senate.gov/~baucus/maxstatements.htm
"[I]n the coming days, there may be some calls to assess
blame and to limit the individual liberties and freedoms we
enjoy as Americans. I urge my colleagues to resist these
efforts, no matter how well intended. The founding
principle of our nation is the right to pursue life, liberty
and happiness, and we must recognize the risks that we
assume with our freedom. The lives of each American [were]
changed forever by the awful acts carried out yesterday.
But we must not sacrifice our freedoms, and our way of life
in the name of fear to those who seek a weakened,
disconnected America. To use fear as a means to limit our
freedom will only serve the goals of those who undertook
these heinous attacks against America. Today is the day to
recognize the abiding strength of our nation and tell the
world, in particular those who seek to cause our nation
harm, that the Americans who perished on September 11, 2001
did not do so in vain.
--Congressman Ken Bentsen (D-TX)
http://www.house.gov/bentsen/prterror2.htm
"As the dust settles, we find ourselves confronting an enemy
that is both evil and elusive. But the world must know
that, today, America stands stronger than ever -- a nation
sworn to defend freedom, tolerance, diversity and democracy.
Those terrorists who attempt to extinguish our spirit must
know that these are ideals we Americans will never
surrender. I come from Michigan, home to hundreds of
thousands of Arab Americans and American Muslims. Already,
leaders in the community there -- patriotic Americans who
every day give so much to this country, who have condemned
these attacks, and who are as sickened by the carnage as
everyone else -- have been getting death threats. Such
hateful prejudice offends us all. Even as we struggle to
clear away the rubble and charred wreckage, heal our wounds,
mourn our dead and seek ultimate justice, Americans must
also stand together against this bigotry."
--Congressman David Bonior (D-MI)
http://davidbonior.house.gov/Speeches/091201_te
"We are a nation of law, and while our response must be
decisive, it also must be focused. The civil liberties of
all within our borders are paramount, regardless of who is
responsible for these acts of terror. If we undermine
individual rights in reaction to today's events, we may win
a battle, but hand a victory to the enemies of freedom
everywhere."
--Congressman Chris Cannon (R-UT)
http://www.house.gov/cannon/press2001/sept11.ht
"We must take the necessary precautions to safeguard our
lives and American interests, but we must not relinquish our
cherished freedoms."
--Congresswoman Eva Clayton (D-NC)
http://www.house.gov/clayton/
"Just as this horrendous act can destroy us from without, it
can also destroy us from within. Pearl Harbor led to
internment camps of Japanese-Americans, and today there is a
very real danger that this tragedy could result in
prejudice, discrimination, and crimes of hate against
Arab-Americans and others. The lesson Oklahoma City taught
us was the perpetrators of these acts of terror can be evil
men of every race, nationality and religion as are the
victims. We must ensure that these acts of terror do not
slowly and subversively destroy the foundation of our
democracy: a commitment to equal rights and equal
protection."
--Congressman John Conyers (D-MI)
http://www.house.gov/conyers/pr091201.htm
"Frisking everyone on the planet to find the one person with
the weapon is a high-cost, low-yield way to go. That's a
fair analogy to searching through everyone's e-mail. Not
only do such schemes threaten civil liberties, they are such
scattershot approaches that they're bound to fail.
notion that we can reorganize every aspect of civil society
to protect against terrorism is fool's gold."
--Congressman Christopher Cox (R-CA)
http://www.house.gov/cox/
"In striking at us, the terrorists sought to exploit the
openness of our society, and to shake the foundations of the
civilized order which America sustains. They will fail.
Our challenge now -- and the test of our democracy -- is to
harness our own raw anger and passion. To respond in a
manner that is firm, clear and just; that befits a great
nation; and that honors our own ideals."
--Congressman William Delahunt (D-MA)
http://www.house.gov/delahunt/terroristattack.h
"We must not direct our anger against innocent citizens of
Middle Eastern or South Asian heritage. Our nation is a
beacon of justice in the world and the freedom of our
peoples must not be degraded by any heinous acts of
violence. As a nation of a free and proud people, we must
not allow any terrorist attacks to justify violence or
persecution of our fellow citizens, whatever their heritage
may be."
--Congressman Benjamin Gilman (R-NY)
http://www.gop.gov/item-news.asp?N=200109131509
"We must be bipartisan, balanced, and calm. Panic and
partisanship are our enemies. And as one colleague said
this morning, the Constitution of the United States must not
be our next casualty. We must
liberties and intelligence of Americans. We are a generous,
courageous and resilient Nation. Given information,
resources and leadership, the American people will rise to
any challenge and fight down any assault to take from us our
way of life."
--Congresswoman Jane Harman (D-CA)
http://www.house.gov/harman/
Even at this painful time, we must remember that
international terrorism cannot be combated by turning our
free society into an armed fortress.
--Congressman Rush Holt (D-NJ) http://www.house.gov/rholt/
"As we move forward in the days to come, we must carefully
use words such as 'safety' and 'order,' and we must be
cautious when calling for actions that 'need to be taken for
the good of the people.' I encourage my colleagues to be
wary of any suggested government action that would infringe
on our freedoms. Any encroachment of our civil liberties is
a victory for the perpetrators of yesterday's heinous
crimes. We must continually bear in mind the words of
Benjamin Franklin when he had stated that 'those who would
sacrifice their essential liberty to seek a small portion of
temporary safety deserve neither liberty nor safety.'
Freedom is not our greatest liability, it is our greatest
asset."
--Congressman Timothy Johnson (R-IL)
http://www.house.gov/johnson/
"We take enormous pride in the freedoms we enjoy. Societies
without freedom find it easier to ward off attacks.
Yesterday we paid a great price for our freedom. We can and
will act to reduce the chances of these attacks in the
future, but we will never give up our freedoms."
--Congressman John J. LaFalce (D-NY)
http://www.house.gov/apps/list/press/ny29_lafal
"We will show our resolve to our enemies. America and its
citizens will not abdicate the values and freedoms that have
made this nation great. We unequivocally declare that today
America remains steadfast in its commitment to ensuring that
terrorism will not dim the beacon of liberty and freedom."
--Congressman John Linder (R-GA)
http://www.house.gov/linder/editorial_terrorism
"The terrorist forces against us would see us brought to our
knees and see us shaking in terror. They would have us back
away from the freedoms we hold dear. But they must be made
to understand that those freedoms are the result of 200
years of struggle. Nothing within the terrorists' power can
daunt this great democracy and its resolve."
--Congressman Ken Lucas (D-KY)
http://www.house.gov/kenlucas/PressRelease.2.ht
"The leaders of our country will now focus on ensuring that
justice is served. We should be rational about our
strategy, we will focus on protecting our future and promise
to uphold your freedom and your every liberty."
--Congressman Jim Matheson (D-UT)
http://matheson.house.gov/display2.cfm?id=733&t
"We must not act in haste -- rush to act out our vengeance
against fellow Americans -- because America is the world's
greatest melting pot, and in today's society, we simply
cannot guess at an individual's country of natural origin by
their appearance. We have to make sure that we make war on
terrorism -- not on Arabs! We must make a further
distinction between the war on terrorism and the war on
Americans of Near or South Asian descent. There have been
many references to a second Pearl Harbor, and while the
shock and anger certainly are similar and warranted, that
anger should not be directed towards our neighbors in ethnic
communities across the country. We do not need the
attitudes that will lead to a second wave of internment
camps."
--Congressman Jim McDermott (D-WA)
http://www.house.gov/mcdermott/Terrorist-FS.htm
"America must also stand firm, though, in its commitment to
civil liberties for all of our people. In the coming months
and years, all of us will have to make accommodations to
heightened security at our airports, Federal buildings, and
other large landmarks. We can and must make those
accommodations and in a manner that is wholly consistent
with the U.S. Constitution."
--Congressman James Moran (D-VA)
http://www.house.gov/moran/20010912b.htm
"[A]ll New Yorkers understand and feel empathy for those who
lost loved ones on hijacked flights. New Yorkers, and
indeed all Americans, will remember those victims at the
Pentagon, for putting their lives at risk and paying the
ultimate price, so that we can live our lives in freedom.
In the end, that is what this comes down to -- our freedom.
To the majority of the world, our nation stands as a beacon
of hope. To those who want to crush freedom, to have people
live in fear, our nation stands as a rebuke as well as a
threat. However, what those enemies of freedom fail to
understand is that no amount of physical damage can kill the
ideals for which this nation stands. Just as Pearl Harbor
roused the sleeping giant to crush those who attacked it,
this nation must crush those who have declared war on us
now. [...] Today, we stand united, to mourn our losses, but
determined to show the resolve upon which nation has always
prided itself, as we rebuild. We will show the strength
that can only be found in a free people. In the words of
Lincoln, today, "we here highly resolve that these dead
shall not have died in vain, that this nation under God
shall have a new birth of freedom, and that government of
the people, by the people, for the people shall not perish
from the earth."
--Congressman Jerrold Nadler (D-NY)
http://www.house.gov/nadler/hijackrelease.htm
"Demanding domestic security in times of war invites
carelessness in preserving civil liberties and the right of
privacy. Frequently the people are only too anxious for
their freedoms to be sacrificed on the altar of
authoritarianism thought to be necessary to remain safe and
secure. Nothing would please the terrorists more than if we
willingly gave up some of our cherished liberties while
defending ourselves from their threat."
--Congressman Ron Paul (R-TX)
http://www.house.gov/paul/press/press2001/pr091
"[W]e must not let these attacks on our country weaken our
resolve to maintain a free and open society that all
countries can emulate. We must now show the world that our
country will continue to stand strong in the face of
tragedy. We must show the cowards responsible that they
will not win."
--Congressman David Phelps (D-IL)
http://www.house.gov/phelps/
"It has been said that America will never be the same again
-- that we have crossed a threshold of innocence. That may
be so, but in our zeal to provide a new level of security,
we must guard against going so far that we trade away the
rights and privileges of a free society. In reacting to
this incident, we must not allow the hate of our attackers
to destroy our own decency and commitment to justice."
--Congressman Charles Rangel (D-NY)
http://www.house.gov/apps/list/press/ny15_range
"Additionally, as we consider legislation to address this
crisis, each proposal must be passed before the great lens
of the Constitution, the cornerstone of our Republic and our
freedoms."
-Congresswoman Lynn Rivers (D-MI)
http://www.house.gov/rivers/news_terroriststate
"As we console the families of the victims, as we remind
ourselves about the core American values of freedom and
democracy, and as we make plans to deal with the terrorists,
we must remember who we are as a people. We are the
participants of a great democratic undertaking, a national
project which stands as an example for the rest of the
world. We have a duty to perfect and protect our Nation,
and we must never be swayed from the road towards freedom
and democracy for ourselves and as a beacon for the planet."
--Congressman Ron Underwood (D-Guam)
http://www.house.gov/underwood/
"Finally, in the process of combating international
terrorism, we must neither abandon American civil liberties
nor express our fears and anger by indiscriminately striking
out against those with different names, skin color or
religion."
-Congressman David Wu (D-OR) http://www.house.gov/wu/
How do you know that this is not going to be just? If the current administration was only interested in venting frustrations or appeasing the voter's desire to 'get even' then don't you think they would have been dropping bombs on Kabul within the 1st 48hrs? Obviously they are more concerned about "getting this right" than you seem to be giving them credit for. Wait and see what our response is before you complain about it.
A good way to start a post. I would say the same about yours... and will in detail.
Either the NSA can factor or it can't.
This is naive. If you really think that the entire job of NSA is breaking strong codes, you truly do not have a clue about the electronic intelligence business! As I explained in my post, traffic analysis (look it up) is useful even when you cannot break the cyphers. But it is a lot more effective if you don't have every message out there cloaked and thus evoking equal suspicion. If my message is in the clear, the NSA can quickly determine that (other than steganographic techniques) and ignore the message.
Furthermore, as far as I know, factoring has never been proven to be NP complete. The best that has been proven for most encryption systems is that cracking them is of equivalent difficulty to factoring.
For all you know, the NSA, which employs some outstanding mathematicians, may be able to factor in polynomial time.
If they can, then using modern encryption doesn't really burden them. If they can't, then no amount of ass-kissing and not using encryption is going to let them break the encryption of the terrorists who are going to be using REAL software without the government-mandated backdoors (murder is illegal too; did they respect that law?).
Again, wrong. If not many people are using the strong encryption, then the strong encryption stands out like a red flag, allowing intelligence efforts to be focussed.
You need to do a little more research about modern crypto. We're talking about things like the heat death of the universe happening before all computers in the world could finish factoring numbers that large (if factoring is "hard").
Perhaps you shouldn't leap to assumptions about other posters' knowledge of encryption.
Also, you are making a big assumption about an unproven assertion: the practical difficulty of breaking such codes. For example, a very strong code can be broken by attacking the method of key generation. It can be broken by improper use - take a look at 802.11b. It can be attacked by previously unguessed means (such as the attack on RSA by timing information). Furthermore, the NSA and other agencies are highly classified. Do you really know what they can do? Could they have a working quantum computer (which can dramatically improve factoring)? Probably not, but they might! In which case allowing them to focus those assets on dangerous messages, rather than having to break your messages and mine only to discover they are uninteresting, would be a very good thing.
Are you aware that recent research has shown that DES was apparently designed to resist differential cryptoanalysis? That differential cryptoanalysis was invented in the last decade, but that the NSA approved DES in the 1970's? Don't underestimate or overestimate the NSA (or GCHQ or others) - we just don't know.
lawing encryption will not have any effect on these people. They don't respect our laws. The only effect will be to break the security of on-line transactions (over SSL for example). Backdoored schemes are broken schemes. A panel of a dozen great minds in the industry have already shown this: Rivest, Schneier, Diffie, etc. Read the paper here. [crypto.com]
Sigh. Why not respond to what was suggested, rather than making up a strawman. My post never advocated the outlawing of encryption. Furthermore, it did not advocate using the backdoor'd scheme that Schnier et. al. analyzed. It advocated not abusing crypto, and suggested that perhaps we should use crypto which the government can break, without unduly compromising security. I didn't say it was easy. Give it to the great minds to figure out how. I wish they would focus on how to do that, along with their silent peers at the NSA.
The only good weather is bad weather.
Apparently they're even incapable of processing what they already have. Apparently there where hints for this attack as early as 1995, including flight plans and flight routes to WTC, Pentagon and the White House. Obviously none of the TLA's was capable on following up on that hints. So what do they want increased input of information for, if they can't handle what they already have?
Also lack of success is a strange track record to present when asking for more money and more allowances.
"By the way if anyone here is in advertising or marketing... kill yourself." -- Bill Hicks
Except that a careless parent who left his strong crypto software out doesn't have to worry nearly as much about his emotionially troubled teen taking the stuff to school and hurting his classmates with it.
Not that I'm not also concerned about erosion of the rights you're talking about, but the analogy is a poor one.
What if they're already in the country? Deportion without trial? How spiffing.
Besides, it'd be bad for business, and it would let terrorists know someone was onto them (which is not always a good idea).
Why have completely open borders ?
Huh? The US doesn't have completely open borders. Do you think they would let Bin Laden waltz into America if he turned up tommorow?
Female Prison Rape in NY
Isn't rule by mass-media wonderful?
Well, ok, so it isn't perfect -- they are no utopias, right? ;)
Seastead this.
Something along those lines is in a letter I'm writing to both California Senators as well as my local Reps. You should probably do the same. Explain that anybody with even a shitty computer can write themselves a working encryption program. People have been writing Ceasars for years as sed macros, it's even easier than writing a block cypher. Very few common folk understand what the fuck encryption even is let alone how it works. Writing something to your represenatives giving them the lowdown on how easy it is to circumvent Clippers.
I'm a loner Dottie, a Rebel.
Let's say for argument you're going to give someone a backdoor into an RSA style crypto scheme. The output you broadcast won't let anyone infer the original input without having knowlege of the primes used to generate the output. Hence brute force cracking is needed to decrypt a message you're not supposed to know. To give someone a backdoor would be to give them one of the primes that was used to generate the output so they could take your encrypted output and run it backwards through the process and figure out your original input. The lack of security of the original generators means your crypto is basically useless. Laptops and hard drives have been stolen from some of the most secure government locations in the country, how safe do you think these backdoors really are? Then there are symmetric schemes like CSS on DVDs. All it would take is the leak of one key to figure out the rest of the keys and then your entire crypto scheme is shot to shit.
You're also underestimating the power of the law in this country. Search warrants and phone taps are decided by a judge who knows if he or she hands out warrants and wiretaps that are complete horse shit they'll be out of a job. They're also people that have come from defence backgrounds that realize what shit some investigators offer the judge to get a warrant. To make your phone untapable don't use it or use a black box so they don't know you've answered the phone. Look into the history of phone tapping to figure out how to get around it. A payphone and a handheld voice recorder works wonders.
I'm a loner Dottie, a Rebel.
You know what? Let them pass legislation like this. Several months will go by--or a year--and suddenly, some hacker in Russia or some other nice country will figure out the backdoor, and voila! Billions of dollars in business and legal damages. Patient records, trade secrets, copyrighted material... they'll all be compromised. That'll teach 'em a lesson.
Sure, if you're honest like most of us, this will be a huge problem for you. If you're a crook on the other hand, the legislation doesn't apply to you. Remember: when inlaws are outlawed, only outlaws will have inlaws.
Oh yeah, and don't even bother to try and stop this... the idiots in government will be convinced by some glossy shrink-wrapped corporation that the backdoor will be 100% secure against hackers. Just wait and see... it'll happen.
72% are in favor of backdoors...
73% are in favor of nuking the crap out of the entire middle east (if you stack your poll correctly)
84% believe that we can stop terrorism (wow what sheep)
and finally the doozie...
64% of americans cant tell you how many states we have.
The average american is pretty stupid. and when you ask about something as advanced as cryptography they probably though that it was some kind of new venerial disease.
ANY poll taken that isn't as simple as is this red ball red or green is horribly skewed or inaccurate. (and the red ball question will have a error of 6%)
I'm sorry, but of the poll was reprased to " are you in favor of the govt listening to your phone conversations, reading your email, and tracking where you go on the internet." I believe the result would be very different.
Do not look at laser with remaining good eye.
That is a common misunderstanding. Given a large enough sample, choosen to carefully reflect the divisions in the target group, the result will be pretty close to the one you would get using the whole target group in your survey. That is basic math, and works well in many areas.
The TV networks, for instance, have a very good idea of how many people are watching each one of them at any given time of the day. You do not think your TV set have a secret backdoor sending information back to the network, do you?
Usually, when a survey touchs political sensitive matters, this argument is heard over and over. Unfortunatelly, repetition doesn't make the argument more correct, as math is generally oblivious to human wishes.
I bet the entire NSA would laugh their asses off if someone came in and asked them to develop an encryption algorithm with a backdoor. As far as I'm concerned, we don't have much to worry about.
What?
Plus you have a bunch of airlines who after 20 years of gouging customers, selling crappy service and poor maintenance, weak security and high prices finally have an oligopoly that is so awful the fear is that ridership will drop off a cliff. So they go to the big bad gubmint and ask for a handout of between 15-24 Billion dollars. They cut service in half and use it as an excuse to cry poverty, say they can't provide security at any price to be borne by them.
The only diference between arlines and cigarettes is airlines have better PR.
You can figure that by this time next year there will be two US airines left and it will cost 1500 to fly from NYC to Miami and it will take 6 hrs to board the plane and we'll be told to be damn thankful.
I want to see a more rigorous poll conducted regarding this. If the results are anything close to these, I want to see a major educational campaign started to inform people about the true details of encryption. I want people to understand that the encryption code is already out there, and it will be impossible to stop criminals from using it. I want people to understand how vulnerable their emails and credit card numbers are without encryption. I want people to know the details about DeCSS, so they can see how easy it is for these backdoors to be leaked or cracked.
If people know the facts, and they still choose to support bans on encryption, then I guess I'll have to give up and become a criminal. But there's still time to educate the public before such issues get passed by congress, and the money we spend now will be save 1000 times over if we don't have to send lawyers to the supreme court to fight this.
I'll put $50 into an organization if it is used for such educational purposes. If you know of one, reply to this, or email me.
ok then your [sic] infringing on my copyright! Could you as [sic] me next time before STEALING my comments for your own?
As long as the experts don't conduct their discussions in private, and then present their reasoning in an open format that is accessible and understandable to laymen, then I'm OK with it.
If we get a bunch of experts, lock them in a top secret room, and then secretly implement their secret recommendations, we're asking for trouble.
You see? You see? Your stupid minds! Stupid! Stupid!
The point of this is not to boast about how I'm looking for a pissing contest with John Ashcroft. The point is that the odds are that they won't catch me, and if I'm willing to take the risk out of mere financial need and defiance to the state, a bunch of wild-eyed fanatics who aren't afraid to die certainly aren't going to be dissuaded either.
Of course, the idea that some laws are so completely unenforceable that they can be casually ignored is lost on these fools if the so-called "war on drugs" is any indication.
Proud member of the Weirdo-American community.
it's the american public, they don't understand. Here's some arguments that can help them understand, in your coctail conversations:
... they're already breaking the law anyway. Computers don't change anything, especially not for technophobes living in tents in afghanistan.
Would you give the police department a key to your home, so that they can protect you from crime? No. Think of why not - several reasons, like an out of control cop could terrorize you, etc. Meanwhile, anybody who's a criminal will NOT give the police a key to their home, or will give the wrong key, or will put on an additional padlock.
Why not strip search, for drugs, all people crossing the Mexican/US border at Tiajuana? Because it's a pain for those being searched. And, the real people smuggling drugs will drive a truck along a back road into arizona or new mexico. The stripsearch will be totally ineffective.
Why not make backdoors for encryption? Because that jepordizes all law abiding encryption users. The crackers will figure it out before the law is even passed. Meanwhile, no criminal or terrorist in their right mind will use that encryption, they'll use their own. Even if they have to break the law
Marketing-driven companies end up over-marketing their products. Engineering-driven companies end up over-engineering
If the FBI/CIA etc feels it needs to watch someone, then don't let them into the country.
Best also get Canada and Mexico to agree, since they have huge land borders with the US. Also plenty of other nations in the Carribean sea, maybe time to normalise relations with the largest.
There are some systems (mechanical) that can't be accessed from the cockpit and have no way of making them accessible form the cockpit.
If you sealed the cockpit who would stop the hijackers getting at them?
What percentage of security experts say that backdoor crypto is a safe thing? None? Thought so.
Here's a short discussion as to why backdoor crypto is not safe:
Basically, nobody is going to try to crash your 2048-bit RSA key any time soon, because even once it's technically feasible (given enough resources -- e.g. a Win32 virus that mimics distributed.net), it's not usually worth the effort and/or the risk. Further, if your key does get cracked (or compromised through easier means -- e.g. another virus), you're not happy, but you can just generate a new key and be on your way. However, if cracking that key would give someone access to a significant amount of sensitive data (like the data of an entire country over the course of a year), then the payoff is much greater, and so is the risk to society.
<rant>
Am I the only one who thinks backdoor crypto is like creating a master key to all the nuclear silos in the world, making a few hundred copies of it (giving these to certain government offices) and NOT expecting an "accident" or three?
</rant>
Yup. You are obviously NAL. :) The Commerce Clause can't be unconstitutional, because it's IN the Constitution. :-)
My journal has hot
According to this La Times story, Federal law enforcement authorities did not notify American Airlines that two men with links to terrorist Osama bin Laden were on a "watch list" before they helped hijack a flight from Dulles International Airport last week, according to individuals with direct knowledge of the matter. .
If they can't responsibly handle their current responsibilities with what information they *do* know, what makes us think that they will all of a sudden get better if we let them violate our privacy to boot?
Once again, good for Barbara Lee. This resolution seems to give Bush a dangerous level of power to "resolve" this situation. Here's one obvious possible consequence: let's say Osama bin Laden is located and killed without a trial. After a bit of hand-washing, Bush can claim that we're all done and can go back to business as usual. Sure, it won't be as simple as that in real life, but the point is that Bush has been given the ability to claim victory without that victory being visible to the American people. If anything, this measure provides a way to provide a "satisfying", but ultimately useless, "resolution" to the problem.
It seems to me that at a time like this is exactly when we want institutions of justice to work as usual, rather than giving crusading cowboys of questionable intelligence and maturity the power to do whatever the hell they feel like in response to such a serious attack.
If you are carrying a running TRANSMITTER around, expect the Feds, and hackers, and anyone with the right equipment to be able to:
1. Listen in
2. Find your location (triangulation is one method)
That should be common sense people.
Just because it CAN be done, doesn't mean it should!
I'd like to add, you have more to fear from the DEA than from the NSA.
Just because it CAN be done, doesn't mean it should!