How Would Crypto Back Doors Work?

frantzdb writes "We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Simple

[nate1138]

Simple Answer:

Crypto backdoors won't work ;) (At least not for their intended purpose)

Re:Simple

The reason they are placing these backdoors is to stop terrorism and other crimes from occuring... now I don't know about you, but if I was to fly a plane into a large building I would be sure as hell to use my own crypto not some algorithm with a backdoor from the government. I mean please, people like bin laden have billions of dollars you don't think they could get a kid to code something for them? All this is going to do is make the government get on the backs of innocent people using "illegal" crypto.

There has been laws about sending anything international in certain crypto for years.. but people do that all the time.

Re:Simple

[imp]

The problem with weakening crypto is that anybody
may be able to recover the keys, not just the
folks that mandated the back door. Also, there
are long term issues with this. What if a trusted
party today becomes an untrusted party in the
future? What do we do when the current threat is
over? What if the bad guys figure out the backdoor? Would you have worse problems from them
than you have now with the folks blowing things up? What if the US government gets weird and
refused to give up the back door once the crisis
is over?

And finally: What about the huge delpoyed base of strong crypto?

One more finally: Little evidence has been given
that strong crypto is being used today as a shield
for the communications with this group. Why should we give up our rights based only on the
say so of the Government, one that has lied to
us in the past?

Re:Simple

[david.johns]

But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.

Ah. The question is not "How many do?" but, rather... "How many WILL?" ;)

BEGIN PGP MESSAGE

1985`jw6tioh2146;'4363n471=90ujq;abd' lkajhfg;)...

Re:Simple

Billions of dollars? I don't think so, more like $250 million. If he had billions he could've just bought the towers and kicked everyone out.

Re:Simple

[Hoi+Polloi]

Covert groups could just go back to one time use random number keypads.

Re:Simple

[Herman]

Actually I've been sending myself some random data recently to test some mime decoding. I generally choose between /dev/random and /dev/zero depending on my mood.
I guess if I thought I was going to go to jail I wouldn't do it but still I'm sure people do it sometimes. Perhaps by accident, perhaps to test things, try to break software. etc.etc. I'm sure there are reasons.

Re:Simple

If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.

What's to stop someone from creating two seperate encrypted messages? The one created with the real key will not decrypt with the Government key. The one that *WILL* decrypt with the Government key is a fake, with, say, fake financial data to fool Government agents.

Re: Simple

[dougqh]

Well compressed data also looks like a random bitstream. You can not assume that something that looks like a random bitstream is encrypted to protect the data. It could just be "encrypted" to compress the data.

Re:Simple

If all legal encryption schemes from USA had a backdoor, why would anyone already planning/committing crime use american encryption?

The only remotely possible chance to force someone who is hiding to use american encryption would be to have *insanely* high penalties for being caught using encryption without a backdoor.

Re:Simple

[shimmin]

> But how many people send random bitstreams to > each other? Somebody doing so would stand out > like a sore thumb against the usual traffic of > ASCII.

If you look closely, there's plenty of random-ish bits floating around. Besides the usual media for stego (spam, images, audioclips), there's data that is random by design.

How are you to say that there aren't secret messages encoded in the cards that are dealt by Yahoo's hearts server? Is the Irony Games dice server a terrorist front? Is the latency observed by pinging server x really indicative of network traffic, or is server x modulating its response to ECHO_REQUEST packets to try to tell you something? Heck, during Code Red, you could have had a communcations procotol encoded in the least significant bits of the timestamps of pakcets masquerading as Code Red infection attempts.

While none of these have enough bandwidth to support secretly throwing multimedia around the net, language doesn't require much bandwidth. If I recall, early American insurrectionists arranged protocols based on the transfer of a single bit. (One of by land, two if by sea.)

Re:Simple

[thatmoron]

You obviously don't know much about programming crypto:) I realize when you said "a kid" you probably really ment it to mean someone decent at programming. If not, the "kid" would most likely come up with (at best) a simple replacement or shift cipher. Unless you happen to find someone incredibly gifted, whatever scheme they try to develop will almost certainly be open to statistical analysis.
The best bet would be to follow the pattern of blowfish or another well documented open source encryption method.
Without a large background in math and programming the chances are whatever new crytpto you program will be worse than the one the government has the keys for.

Re:Simple

[einhverfr]

The reason they are placing these backdoors is to stop terrorism and other crimes from occuring... now I don't know about you, but if I was to fly a plane into a large building I would be sure as hell to use my own crypto not some algorithm with a backdoor from the government. I mean please, people like bin laden have billions of dollars you don't think they could get a kid to code something for them? All this is going to do is make the government get on the backs of innocent people using "illegal" crypto.

In addition, if the remote control features of the planes that they are talking about today were also in place and used legal cryptography, then if I were a terrorist, I would not even have to hijack the plane, if I obtained one of the master keys! This backdoor idea is about the least intelligent thing I have ever heard.

Re:Simple

[mrogers]

As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.

Buy it before they ban it.

Re:Simple

[Tim+C]

What if the US government gets weird and refused to give up the back door once the crisis is over?

"What if"? Why would they?

Why would they give up such a valuable advantage in the fight against <insert current object of villification>? Terrorists, drug smugglers/dealers, criminals, communisits, dissidents - all have had war declared on them at some point, by some country or other, and all could benefit from the unrestricted use of strong crypto.

Even if the war against terrorism is won, this legislation would stay in place, to aid the war against the next great evil.

What if a trusted party today becomes an untrusted party in the future?

That's exactly the problem I have with this, and all privacy-limiting developments. Here in the UK, as I'm sure you're aware, we have more than our fair share of CCTV cameras on the streets. Every argument in favour of them seems to revolve around the same core assumptions:

1) They help cut crime, thus making everyone safer
2) You can trust the Police and the Government

I have to agree, up to a point. They do cut crime, at least in the covered areas, and I can trust the police and government, now. How do I know I'll still be able to trust them in 20 years time?

I don't. I just have to hope that I will be able to, because the way things are going, if I can't, I'm going to be in serious trouble. The same is true in this case - if legislation like this is passed now, it makes a future rogue government's job all the easier.

What about the huge delpoyed base of strong crypto?

That's easy. It would become illegal to use it.

If the agency monitoring communications (NSA, MI5, KGB, whoever wherever you are) acquired a message that they could not read, you'd be arrested, and ordered to decrypt it. (There is already provision for pretty much this to happen in UK law, thanks to the Regulation of Investigatory Powers Bill)

At best, on proving that it's an innocent message, you'd get a slapped wrist and threats of bad things happening if you continued to use strong crypto. At worst, you'd do time just for using crypto they couldn't break.

Cheers,

Tim

Re:Simple

I coded my own rc4 based encryption. when I said get a kid to code it I ment get a kid to use an algorithm that doesn't have a backdoor. I didn't mean for the kid to come up with the algorithm. I should have stated this better.

but there are some extremely gifted 15 year old programmers out there.

Re:Simple

[peter]

Then there would be a message that didn't have the block cipher key public-key encrypted to Uncle Sam's key. Two messages with different recipients is different from one message with two recipients, because of the way PGP works. To add a recipient to a message, you add information to the message so that someone with the private key corresponding to the public key you are encrypting to can recover the block cipher key and read the text of the message.

with any luck,

[neo-phyter]

they wouldn't work.

Allan

Plain Text

[Evanrude]

Why even have encryption? Let's just make everything plain text. No more secrets!

Re:Plain Text

[Salsaman]

Good idea. What's your credit card number :-)

Re:Plain Text

[Water+Paradox]

No more secrets is quite viable. If you want to see when that idea is applied to software development, consider Open Source.

At his trial, Jesus said: "I always spoke in public; I did not speak in secret." (John 18:20)

Re:Plain Text

[Water+Paradox]

By the way, they promptly slapped him for saying that.

Re:Plain Text

[baptiste]

Good idea. What's your credit card number :-)

Just ask McGlen.com - they informed me yesterday that 'an unidentified individual gained access to certain protected files maintained by Mcglen.com through a security breach in Microsoft Internet Information Server.' and thus may have my credit card # - how comforting. Funny that they don't also take some of the blame for not keeping their servers patched current. Course serves me right for ordering from a site that uses IIS :) Cept, well, it wasn't me - it was my wife :)

Re:Plain Text

[crazycrackmunky]

setec astronomy?

Re:Plain Text

[gentlewizard]

Actually, plain text is quite workable by using CODES instead of CIPHERS. Innocent commercial transactions could carry information in the dollar amount charged, the name of the customer, variations in the address, etc. All one needs is a web site and a commerce server and information can be passed.

This is what makes the regulation of ciphertext an inadequate defense. There are just so many ways to communicate, only a few of which use encryption.

Re:Plain Text

[tshak]

Well, this is a poorly architected system if they can get your CC# through IIS. ALL web systems should be considered INSECURE, and your data should be secured even if a web server (or any server accessible by the public) was comprimised. Yes, the IIS exploits are embarassing at best, but I would blame the architects for poorly securing the data.

Re:Plain Text

[number+one+duck]

0123 4567 8910 1112

Infinitely more secure than spaceballs.

Escrow

[FatRatBastard]

I?d assume that one of the ideas would be to revive the idea of key escrow. All generated keys would have to be ?registered with the state.?

I can?t wait until I can purchase a ?You?ll get my 1024 bit private key when you pry it out of my cold, dead Palm? bumper sticker.

Re:Escrow

I can't wait till you learn to stop using the question mark.

Re:Escrow

That comes from using MS IE....

Re:Escrow

From an export point of view, strong encryption is considered "arms". Last time I checked the constituion, we have the right to bear arms and that right cannot be infringed. Perhaps we need some help from the NRA??? ;)

Re:Escrow

[rossdee]

My Keyboard has an ESC row

its where the function keys are...

Re:Escrow

[mi_cuenta]

Mine too!!! Is the govt. already spying over my shoulders? I had to laugh!

Re:Escrow

[fscking_coward_2001]

Those "smart quotes" look pretty dumb, don't they.

Re:Escrow

Actually, it's considered munitions. I have no idea what the technical difference is, but I would gather that "munitions" doesn't literally conflict with the 2nd Amendment. In any case, there are a lot of munitions that we're not allowed to have (and thank god for that.)

Imagine if the 2nd Amendment applied to all munitions... What could terrorists do with a couple of Claymore mines?

Re:Escrow

[InfoSec]

You asked for it!!

http://www.cafepress.com/cp/store/store.aspx?store id=linuxhi

Re:Escrow

So you're saying that because it's illegal for terrorists to possess things like Claymores, they won't have them?

Just like criminals won't get guns if we ban them. Right.

Re:Escrow

[jrockway]

Not as ``dumb'' as ``these''. hehe

Encryption back doors, or why I love govt

[WillSeattle]

All I know is that my hacker friends are hoping the government succeeds at getting backdoors in all the protocols, especially database ones, so they can run rampant through still more systems.

Re:Encryption back doors, or why I love govt

Here's an idea!!! Why not just publish your bank account information and make it public because if they do this there will be a gov. leak somewhere and then the hackers have fun. Look how fast XP was cracked. Who doesn't have a free copy of XP already any way that really wants one? The only people the universal key helps out is ?????

Re:Encryption back doors, or why I love govt

You mean Script Kiddie friends. I'll let it go this time... don't let it happen again.

How to detect encryption

[Kryptonomic]

See chapter 10.7. in Bruce Schneier's "Applied Cryptography":

You can obviously detect ASCII files (and TeX, C, Microsoft Excel etc.) simply by looking at the file.

Executables and compressed files usually have a standard header.Try uncompressing the file with as many algorithms as possible.

Try compressing the file. If it is ciphertext it should not compress appreciably (more than 1 or 2 percent). If it something else like a binary image or binary data file, it probably can be compressed.

Re:How to detect encryption

I believe the question was about random bits meaning "from a (pseudo)random number generator" which means that they would be indistiguishable from ciphertext. (unless, of course, you either know the cipher and key used to generate the ciphertext, or the ciphertext is a part of some larger file format (think "encrypted" word doc.))

Re:How to detect encryption

[skroz]

Congratulations on answering the question by not answering the question. Schneier is saying that encrypted data cannot be distinguished from random data because of the reasons you referenced. Enciphered data, at least that which is enciphered well, is indistinguishable from random data. Files like MS excel documents and ascii text files are not random... they're actually very, very regular.

Re:How to detect encryption

The question remains: why would you transmit random noise? Make that illegal, too. Call it obstruction of justice or something.

Re:How to detect encryption

That still does not distinguish between random data and encrypted data.

Random data cannot be determined by looking at it nor does it have a standard header, and if the data is truly random then on average it should not be compressible.

Re:How to detect encryption

[SL2C]

Hmm, shouldn't it be the other way around?
Text - low entropy - high compressibility
Truly random data - large entropy - no compression

Encryption should not change entropy, as it is reversible.

A question: how would you tell an encrypted gzipped text file from random data?

Schneier probably answers this, but I don't have the book :-(

Re:How to detect encryption

Compression is reversible, and that changes entropy. Back to Information Theory 101 for you, sir!

Re:How to detect encryption

Encryption does not change entropy - if you know how to decode it. Without the key or algorthm, you cannot extract any information from it. In information science, entropy is signal without information content.

Therefore, encryption, to the people who cannot decode it, has high entropy.

Ascii text has frequencies for letters. Binary images have consistent headers. Movies have frames, programs have headers, et al.

Its non-trivial to determine what is encrypted, but something that doesn't fall into the above information parameters = encrypted.

Re:How to detect encryption

[Lonath]

But what about storing the encrypted data as highpass information in a picture. :P Are you seriously telling me that the government will be able to tell if the details in a certain landscape are generated or real? I don't think so.

Re:How to detect encryption

[SL2C]

It changes entropy per bit, yes. I am sorry if I didn't use correct information theory terminology here, you are talking to a physicist :-)

But this is what I had meant: Increase entropy (density) by compression first, then encrypt (or vice versa), to make it look like random.

Re:How to detect encryption

[skroz]

Good luck enforcing that... transmission of random data can be done for many reasons, mostly related to testing of networks and compression techniques.

For that matter, good luck with this law PERIOD... you can't really outlaw a one-time-pad, and that's certainly "unbreakable cryptography"

Re:How to detect encryption

[Yokaze]

The most simple method to store data is to store them in the low order bits of an picture, but
the low order bits in an original picture are anything but random.

If you have a random distribution in the lower bits then you surely have hidden information in that picture.

There some are more sophisticated means to hide information in other information (steganography), like JSTEG.
But most steganographical systems are suspectible against statistical analysis.

AFAIK, there is currently no provable secure steganographical system.

Re:How to detect encryption

You could do some quick periodicity checks to see if the data is truly random or not.

Looking for ASCII? Then someone needs to make an algorithm that encrypts to ASCII text (i.e., chr(34)-chr(127).

Re:How to detect encryption

[HawkinsD]

Dude: PGP, in the forms that I've seen, permits output to ASCII. This is good for when you're trying to send encrypted e-mail messages, and you don't know what might happen to binary data.

Re:How to detect encryption

[sn00ker]

Its non-trivial to determine what is encrypted, but something that doesn't fall into the above information parameters = encrypted.

Or it's random. As many people have pointed out, truly random data is indistinguishable from encrypted data unless you know the key and the algorithm used for the encryption.

If I were to compose a data stream that was 50% data output from a strong encryption algorithm with a "strong" key and 50% random data from the RNG that's built into a P3 CPU, you wouldn't be able to tell the difference between the two bit streams.

Re:How to detect encryption

and not a HTML expert either

One key?

[Sir_Real]

I certainly hope not... My guess is that upon generating a key, a seperate key is also generated. This key (the other half of which the NSA has) could be used to encrypt the original sender's private key. This would allow the NSA (I don't know which tla will hold the keys, just substitute your favorite one in here...) to be able to retrieve the private key and decrypt the transmission... This is pure speculation...

Re:One key?

[Ballie]

In a public-key scheme, not the whole msg is encrypted with the public key; since the algoritme for this encryption is more complex (read slower) then encryption with a symetric-key formula.

The public key is used to hide the symetric key, which is used to encrypt the whole msg. The backdoor would be the symetric key, encrypted with the public key of "the government".

Re:One key?

I certainly hope so... When that key gets cracked and the financial world loses billions of dollars, the idiots in congress will be sure to repeal the law and never let such a thing happen again.

Private Key Registrations

[GrEp]

The government would either have to issue everyone a private key, or pass a law making it a crime not to hand over the keys. Although this only relates to detectable encryptions.

If you were a terrorist you would probably hide messages via a digital watermark in an image file/video file to get around this. Therefore making the laws useless.

Re:Private Key Registrations

[Salsaman]

"pass a law making it a crime not to hand over the keys"

Unfortunatley we already have this law in the UK - it's called the RIP Act. The penalty for not handing over a key, even if you have forgotten it, is a two year jail sentence.

Re:Private Key Registrations

[sulli]

But if it's a dynamic session key (as in IPSec) your PC will have long since forgotten it when some jackbooted government thug asks you for it!

Re:Private Key Registrations

yeah, or use your own encryption. i'm guessing that terrorist groups wouldn't use encryption that had backdoors for the US gov't. but i could be wrong...

Re:Private Key Registrations

If you were a terrorist you would probably hide messages via a digital watermark in an image file/video file to get around this. Therefore making the laws useless.

Just because a law can be gotten around doesn't mean it's useless. Do you suggest we eliminate the law against carrying guns on board airplanes since the hijackers will just use knives? Eliminate the law against knives because the hijackers will use pens? The problem with key escrow is that it makes it too easy for corrupt government officials to gain too much power.

Good question:

[Andrew+Miklos]

I don't have an answer for that, but I'm assuming that it would be something along the lines of a 3-key system: One private, one public, and one government. The government code would be constant all the way across, and would be able to decode all messages encoded with the public key. My only question would be: What happens if the government key somehow slips through security measures?

Re:Good question:

It WILL slip through. Osmosis is a natural phenomena. One example springing to mind is the Soviets being completely up to date with the US development of nuclear weapons during 2nd WW, eventhough everything was done to prevent it.

Merely Political Rhetoric

[Mad-Mage1]

The fact is that no matter how hard they try, they won't get all products to put in backdoors even if legislation is passed requiring it, hence the ones who want/need this level of security will merely migrate to those that are not "goverment compliant". The ones that do become compliant will be exploited by "non-authorized" parties and then the cry will go up about why we let this happen. In then end, it is merely more political spew, done to garner attention and to subvert the few freedoms that people CAN utilize. This argument is so old for those that follow it that I doubt any new light can be shed, much less actually achieved

Re:Merely Political Rhetoric

The fact is that no matter how hard they try, they won't get all products to put in backdoors...

You are wrong here. They will legislate it and it will be done. Anyone who violates the law will be locked up. It's kinda simple.

Re:Merely Political Rhetoric

No, you're "kinda simple". Since federal law applies to the WHOLE FREAKIN' WORLD, that will *REALLY* stop people in Europe (or China even) from writing non-approved crypto code. Congress is full of dumb-asses. Maybe you should run...

Re:Merely Political Rhetoric

[wbtittle]

This may be a simplistic answer, but the genie is out. They might be able to pass legislation to put back doors in, but it will do nothing to hinder the terrorists passing information. The Techniques in crypto can be a little obscure, but not so obscure that a moderately intelligent person can't figure them out and implement them. To even attempt to limit them we will have to commit the ultimate sin and take books off the shelves.

Censorship is bad. Bad. Bad. The books are already out there anyway. Let's not be stupid.

If they want to read terrorists mail, come up with a way to make the codes transparent. Quantum Computing... But even then it is a chancy thing. Review the history of crypto to see why....

Brad

How backdoors work

[Chakat]

A lot of the technology behind the last time congress/the prez tried to cram crypto backdoors down our throat is unfortunately classified, but the basic way it would work is that each key would have its own identifier it shouts out in the process of sending packets back and forth. Upon court order (or not, if there are crooked lawmen), the mandatory escrow part, which is how most what modern crypto backdoor setups work, is used to get the private key and decrypt the message.

Steven Levy's excellent book "Crypto", which was reviewed here a few months back has the basic gist of the technology. As the technology is mired in classified work and patents, it's a minefield that will have to be carefully traversed

Re:How backdoors work

[mickwd]

"As the technology is mired in classified work and patents....."

Odd that a process designed to keep something secret (classifying it) should be combined with a process designed to make something public knowledge (patenting it).

Re:How backdoors work

[Chakat]

These are patents on classified technology, which have very funky rules. Once a classified and patented item is declassified, the patent period begins, so whoever is the patent holder has an additional 17 years of pretty much a monopoly on this technology.

Believe me, the government makes sure that "those evil __________'s" don't get their hands on information they truly don't want to be widely known.

Green Eggs and Guvament Cheese?

[Nikoli]

The only way for the Guvament to have Backdoors is if we all comply with a guvament order to add crypo chips to handle crypto. Then the hardware would handle encoding/decoding. Any software solutions would be Cracked.

Re:Green Eggs and Guvament Cheese?

[saider]

But the crooks could still write their own crypto software and then run it through the crypto chip. Then when Johnny Law decodes the bitstream, he gets another bitstream that is indistinguishable from noise.

The government has a choice. Have crypto be available to law abiding and the crooks or to have the crypto available to only the crooks. As you can see, the crooks will always have crypto available to them.

The government cannot even stop someone from bringing cocaine into the country, how the hell are they going to stop a crypto program from spreading?

difference between encrypted and random data

duh. i guess sending random data will also become a crime.

Re:difference between encrypted and random data

[einhverfr]

If random data becomes outlawed, only outlaws will have random data.

Acutally, I think they would take a while to do this one. I think that it would be easier to simply write random 1's and 0's to a tcp connection and wait for the judge to ask how they know it is not encrypted, in which case you let them disassemble the program...

Or invent a new codec for sound files and start streaming those files to al your friends. it doesn't have to be pretty good, it just has to be unrecognizable from a casual perspective. One could probably even modify Ogg Vorbis to be immediately unrecognizable.

I would probably let others do these tricks, and simply use illegal encryption that was hidden through stenography. Yes, that RSA logo is, uh, just a JPEG....

Re:difference between encrypted and random data

[shking]

...better yet: xor a previously agreed upon innocent message with your encrypted message. When asked by the gov't for your key, you give them the encrypted message and tell them it's a on-time pad... lather, rinse, repeat

Re:difference between encrypted and random data

[einhverfr]

Perfect example of stenography in action!

And furthermore ...

[pointym5]

Assuming a bevy of approved escrow cryptosystems were somehow made available overnight, and made flexible enough to support the myriad distributed applications that rely on cryptographic software for their security, what's next? I mean, if I'm to be protected from the evil-doers who use cryptography to further their ends, what's the government going to do to stop them from constructing their own non-approved cryptosystems? I demand protection!

So you say that the government can just sniff for encrypted traffic that's not encrypted via the approved cryptosystems. But how will it know that? There are plenty of perfectly innocent compressed binary attachments flying around the net at any given instant. Any one of those could contain an encrypted message. Will somebody be cracking each one of those open, looking for an unapproved cryptosystem? The effort involved at tracking all those leads seems like an enormous misdirection of energy. And if they find the sender, what exactly are the charges? How would you prove that a block of apparently random binary data (which is what the output of a good cryptosystem looks like) is in fact an encrypted message? Do you just lock a person up until the spill the key or (if it's really just a random block of bits) rot?

Keep in mind that the bastards who attacked us last week were willing to (A) die and (B) train for years to be pilots. What is it about picking up a copy of Applied Cryptography and typing in one of the algorithms that's more challenging than either of those things?

Re:And furthermore ...

I presume that they won't be able to look at encrypted traffic without a court order, so if you don't give them any reason to be suspicious, they'll leave you alone. This will probably work like a wiretap or Carnivore and they'll need to show there's a good reason to sniff the encrypted traffic and decrypt it.

Re:And furthermore ...

[abdulwahid]

What is it about picking up a copy of Applied Cryptography and typing in one of the algorithms that's more challenging than either of those things?

Moreover, I think you will find that many of the terrorists have trainned in Western universities and that many of the terrorist groups will have access to much of the latest encryption techniques and protocols available. It wouldn't even suprise me if they had people inside the FBI, NSA etc. Quite frankly, any kind of system the governments want to introduce would be trivial for the terrorist to get round. I can't see anyone being inconvenienced by this type of law except your everyday innocent person.

Re:And furthermore ...

[BadDoggie]

"Keep in mind that the bastards who attacked us last week were willing to (A) die and (B) train for years to be pilots."

This is one of the most important points. You can't fight this sort fanaticism. There is nothing you can do that is bad enough or hard enough to deter such people. They're willing to die, and going out fighting is the best possible way -- it makes them martyrs.

I will point out that they needed a LOT less money than everyone seems to think. It took me about $4500 to get my basic pilot's license. A copy of FlightSim was another $80 or so. The hardest part of flying a 737 is getting it on the ground in one piece. The second-hardest part is getting it in the air. Everything else is basically "point the nose where you want it to go".

I suspect a couple of them went to flight school to learn about things like transponders (which they shut off), basic radio navigation and the special radio codes used to notify the ground you've been hijacked without actually having to say it out loud.

You really didn't need radio navigation to find the WTC. From inland US, you could just go east until you reached the ocean, then turn left. The buildings were visible (if you were a couple miles up) from more than 30 miles away.

So that this isn't completely OT, see this article in The Register. It seems bin Laden isn't using any technology now, and the Feds have no idea where he even is. They still want those back doors in crypto, and they have to push now before people start thinking a bit.

woof.

Can you find the stego'd message in this post?

Re:And furthermore ...

"How would you prove that a block of apparently random binary data ... Do you just lock a person up until they spill the key"

The Brits turned this one around. They say that if a) they can't decrypt it on their own, b) you won't give them "the key" then c) you go to the slammer for 2 years. The question of whether or not "it" is an encrypted secret message never enters the picture. It is assumed.

This is the only way any serious encryption control can ever be implemented. Basically, it gives the authorities carte blanche to lock up anybody they don't like.

But you have to send an encrypted message first before they can do this to you! right???

...or "they" just have to forge a block of random noise and make it look like it came from you. Then demand a key "they" know doesn't even exist!

This whole area of "law" is intrinsically an affront to any concept of due process.

I'm not saying "they" (aka our government) are corrupt enough to willy-nilly frame undesirables in such a manner. I'm just saying there's nothing (but honor) to stop it.

Re:And furthermore ...

> Moreover, I think you will find that many of
> the terrorists have trainned in Western
> universities and that many of the terrorist
> groups will have access to much of the latest
> encryption techniques and protocols available.

Heck, a pack of cards and "Cryptonomicon" will result in a hard to break, albeit slow, system.

Re:And furthermore ...

You demand protection? 100% security from harm? If so, then move to a parallel dimension, because there is no suchthing as 100% protection from ANYTHING. And it only takes a few to get through to cause tons of trouble, mainly sturring up the fools that think it is possible to be assured safety from anything. Yes they CAN ASSURE you, if you only want them to lie to you, which is apparently what a lot of people want. These people could have obtained the weaponry for this attack from their steak dinner; hell, all they would need to do is threaten the life of a stewardess...and considering there were three or more terrorist on each plane, it would be extremely easy to threaten the life of aomeone to gain access to the cockpit. Hell, he could have threatened to snap the hostage's neck...going to check people's appendages at the gate now? We need sensible legislation (in short supply) not dumb-shit solutions that are impossible, impractical, and none of this stupid shit that makes it seem impossible. You can't stop terrorism...but you can stem the tide and save a lot of lives. I say enough of the bullshit rhetoric...get on to actually accomplishing things.

Like Gun Control

[DestroyahX]

THe laws cripple the innocent and law-abiding, while nothing changes for the criminals except maybe (MAYBE) an extra nanosecond of paranoia.

The laws are a joke. WOrk on other ways of stoping terrorist communiques, such as email or Morse code.

When will the goverment get this? I am sick and tired of bumbling laws that injure the citizen's rights and abilities.

Re:Like Gun Control

[dcavanaugh]

I was wondering how we would force the terrorists to use crypto software that included gov't back doors. If we could force them to used crippled crypto software, why not just cripple their OS -- send them Windows XP and make them deal with product activation.

Key Escrow

[SirStanley]

The Government tried to implement Key Escrow A while ago.
Basically. When you generate your keys you must submit the key to the governement so they have a copy. Its kind of like your landlord.

You have a key for your apartment. So does he. If you get locked out he can come on in and let you back in. If you're growing a Pot Farm he can give it to the feds when they have the search warrant and let them in with out bustin no doors down.

Implementing a mechanical backdoor other than key escrow would suck. Short of the US Governement getting hacked your keys should be safe with them (unless of course you believe the US Governement's sole purpose in life is to get you) If you implement a mechanical back door just wait until it gets reverese engineered. All hell will break loose.

If Backdoors are implemented. Im a fan of Key Escrow.

However whats to stop a terrorist for writing their own version of a public cryptosystem such as RSA and not give anyone keys? Guess there will also have to be a law that says if your key isn't registerd and your communicating with it then the governement can arrest you.

Re:Key Escrow

[ocie]

You could use the government's public key to encrypt your private key, sort of like a registering your car, you would have to register your key. The problem is that you could send them any old crap and say it was your key. The only way they would know is if they tested it by decrypting a message.

This is all beside the point, because terrorists won't register their keys. If the US government can't stop spam, what makes them think they can stop encrypted messages?

Re:Key Escrow

[realdpk]

What I want to know is: As the government would pretty much have to encrypt their key escrow storage, would they need to provide a key to some other escrow agency/system? IE, wouldn't they be held to the same laws we are? If not, you have to wonder which government agencies would be exempt from these laws.

Re:Key Escrow

Implementing a mechanical backdoor other than key escrow would suck. Short of the US Governement getting hacked your keys should be safe with them (unless of course you believe the US Governement's sole purpose in life is to get you).

Or, you believe, quite rationally, as I do that the government is composed of many, many people, all of whom are just as prone to be dishonest, corrupt, and criminal as any other slice of the world's population. It doesn't require a government conspiracy for some underpaid schmuck to decide to steal by key from work and go looking for my credit card numbers.

Eric Berg

Re:Key Escrow

If the US government can't stop spam, what makes them think they can stop encrypted messages?

Umm, what makes you think the US government can't stop spam?

Re:Key Escrow

[ocie]

There have been several bills that try to impose a fine for spam, but this has not eliminated spam.

Re:Key Escrow

[natersoz]

This makes sense. I'm not particularly in favor of it, however, I can understand the reasoning.

What I find interesting is that the arguments for/against crypto are exactly those of the pro/anit gun forces:

1. The first/second amendment provides a guarantee of protection for my right to bear encryption/arms.

2. Criminals do not register encryption|arms.

3. When you ban/limit encryption/arms you only limit law abiding citizens, you do not limit law breakers.

4. And my personal favorite: The West/Net wasn't won with a registered gun/key.

What I really would like to know is this: are those who aggresively oppose limits on hard encryption also those who encourage limits on assault weapons and promote the registration of firearms? Somehow, I'm betting the answer is generally no - at least on /.

Re:Key Escrow

[sql*kitten]

However whats to stop a terrorist for writing their own version of a public cryptosystem such as RSA and not give anyone keys?

Why, nothing at all, of course. While terrorists (and paedophiles, the other usual suspects) are a problem for society, key escrow makes no more sense than a Federal law requiring the use of postcards and banning envelopes.

Don't imagine for a second that the government doesn't know this. Just as it is natural for a corporation to seek to expands its share of the market, it is natural for a government to attempt to take more and more control over its citizen's lives. But with a corporation, you are free not to buy its products - there are no armed guards forcing people to buy Gap clothes and McDonalds burgers. Governments, on the other hand, don't give you the choice.

Who gets to use the back door?

[actappan]

So, where the backdoors to be built in, who's to judge who is qualified to have access to those backdoors? Is any government allowed to use them?

Also, where there to be a back door, the entity with acess would still have to chose to use it in order to identify those communications which contained the pertinate information. wouldn't that simply mean that they would read everything? That doesn't sound particularly appealing.

Anyway, if there is a back door in any particular scheme - wouldn't you just utilize a scheme that didn't include such a back door?

How this would work

[markt4]

The way this has been proposed in the past, the government would hold in "escrow" the key parts for unlocking the "backdoor". The key itself would actually be in two or more parts and each part would be kept by a separate agency (one at the Justice Department, one at the Bureau of Land Management, one at the National Oceanographic and Atmospheric Agency, one at the Centers for Disease Control, etc.). To operate the backdoor would require each of the seperate agencies to provide their key part.

As to differentiating crypto from random binary data, this is very hard with good crypto, but not necessarily impossible. The frequencies of bit patterns will, at least with weak crypto, differ significantly from statistical expectations of random data. Sometimes these deviations can even be used to determine the method of crypto employed. With some crypto, I've heard of it being detectable sometimes because it is too random.

It will of course be trivial to identify crypto in those messages that have sections like: "My PGP public key is...". Or "begin encrypted data".

Re:How this would work

"The CIA is happy to work with EDS in implementing the US Government Key Escrow systems as mandated by Congress." --AP, Jan 2004

"In an era of consolidation due to budget restraints, the Department of Commerce has ordered that all key escrow systems be outsourced to EDS."
--Dept. of Commerce webside, Jun 2005

"Alfred P. Newman has been recently promoted to head of Key Escrow Management at EDS" -- Key Escrow Times, Aug 2005

"Millions of e-mail users' private communications hacked, fears of foreign agents gaining US Govmt escrowed keys" -- Slashdot, Oct. 2005

"Dudes, they were steganographically decoded from the cover of the Sept. 'MAD' Magazine and distributed on the latest AOLMSN 4.11 CDs!" -- AC, Slashdot, Oct. 2005

Or something like that.

They won't help

[levendis]

Crypto backdoors sound good, but in reality they won't help at all. The biggest part of the problem, as you pointed out, is just figuring out what is encrypted and what isn't. According to this article, the hijackers were sending each other unecrypted emails. If they couldn't even intercept unencrypted messages, how do they think backdoors will help?

One basic assumption of crypto backdoors is that people will actually use crypto that has the backdoor capability. Its like trying to limit encryption to 128 bits or 4096 bits or whatever it is these days. You can just write your own encryption program (or download & hack the source to some existing program) and create 65536 bit encryption if you want. Sure, its illegal, but if you don't want the feds to find out about your nefarious plans, so what?

Believe me, we can expect a lot more stupid, reactionary legislation in the coming weeks & months (am I the only one who doesn't feel any safer knowing that the guy on the plane next to me doesn't have his Bic disposable razors????). Thank god we haven't locked up all the Arab-Americans because they could be terrorists...

Re:They won't help

[AnotherBlackHat]

Crypto backdoors sound good, ...

No they don't.

Re:They won't help

[rob_from_ca]

Along the same lines, I wonder how feasible it would be to modify a cryptosystem so that when the government used their backdoor, the message decrypted into some aribtrary text chosen by the individual, but when decrypted through the proper channels, the message is the intended one... so when Agency X uses their backdoor key on your message, they see a love letter to your girlfriend, but when the proper recipent uses the right key, the actual message is revealed...

Re:They won't help

[iabervon]

Even more fundamental and larger is figuring out what is interesting and what isn't. The unencrypted emails you mention were probably exchanging flight info, planning when they wanted to fly, where they should go, where they would come form, and so forth. Reading the email in advance probably wouldn't give anything away to someone not part of the group-- it would be profoundly stupid for them to read email that could incriminate them in a public library, where, even if it weren't examined by the FBI, someone waiting for the computer could simply happen to look over their shoulder.

It's an essentially unbreakable end-to-end chaffing system: only say things that are just like what anyone would say if they were doing ordinary things, but have some shared understanding that only the people involved know about (like, when we're all on planes at the same time, we'll hijack them).

Re:They won't help

[coats]

...I wonder how feasible it would be to modify a cryptosystem so that when the government used their backdoor, the message decrypted into some aribtrary text chosen by the individual, but when decrypted through the proper channels, the message is the intended one...

Unfortunately, this involves solving simultaneous number-theory equations, multiple equations of the sort that would be necessary to break the code algorithmically in the first place by calculating private keys from public keys. If it is computationally infeasible to do that, what you suggest is far harder!

Re:They won't help

[Alsee]

>how feasible it would be to modify a cryptosystem so that when the government used their backdoor, the message decrypted into some aribtrary text chosen by the individual, but when decrypted through the proper channels, the message is the intended one

Quite doable, and there is an encryption program called Rubber Hose that sort of does that to and entire hard drive.
The problem is that the encrypted file length MUST (mathamatic proof) be approximatly the sum of the lengths of the two different decriptions. It is then obvious that there is (or at least could be) more than one message in there. This works fine for Rubber Hose because the entire harddrive is encrypted, and there is NO way to know how many valid messages are on there. It's useless in an e-mail because they can see it's a double length and know there's a second message.

There IS one encryption that does what you want called One-time-pads. Done properly it is a perfect uncrackable encrytion method. A message encrypted with a one time pad can literally decrypt to anything, even as a correct list of the world series winners for the next 50 years. One time pads are mostly useless. They require you to communicate the pad somehow, which is just as long as the encrypted file, and generaly just as hard to securely communicate.
If a base and submarine share a one time pad they can later communicate with perfect security a message up to the length of the pad. Any communication beyond the length of the pad is not only insecure, it may expose the first part of the message which was safe before.

Dream on...

[mnordstr]

I think that this will just be a very much discussed about topic, but nothing is going to happen. Sooner or later (if they don't already do) the government is going to realize that it just wont't work. They know that that would be a huge security risk, and they should know that the people (hackers) are always before the government when it comes to technology and knowledge.

And doesn't it sound a bit absurd, they remove our security to be able to provide security...

Who would use crypto with a backdoor?

[gilder]

People or groups that really want there data encrypted would just write their own crypto. Why would anyone plan world domination using crypto that has a know backdoor. Crypto backdoors will only create more tech jobs within secret organizations. Could stimulate the crypto tech sector.

gilder

Back doors

[statusbar]

#1 Only government approved crypto (with content copy protection built in as well as a back door) would be allowed over communication lines.

#2 With government being friendly to the law-breaking Microsoft, only Windows XP2 and Solaris will support this crypto.

#3 The crypto will be closed source. Therefore any GNU GPL'd O/S will be illegal.

#4 The system will be quickly and silently hacked and Bin Laden and his terrorist friends can wreak havoc on our economy and people AGAIN with a simple telephone call.

Just because a law is stupid and ineffectual does not mean it won't happen.

--jeff

Re:Back doors

[csbruce]

Standard operating procedure for corportations that don't want all of their trade secrets handed over to their competitors will be: PGP/GPG --> bitwise obfuscation --> ascii-ization/steganographization --> government-approved encryption.

Re:Back doors

Just because a law is stupid and ineffectual does not mean it won't happen..

Ahh. But it will be effectual, just not a help to it's original motivation.

Re:Back doors

[statusbar]

But that would be ILLEGAL with a massive jail sentence!

--jeff

Re:Back doors

[JCCyC]

You forgot...

#5 They'll blame #4 on those few remaining Evil Linux Communist Terrorist Hackers, and tighten the vise even more.

#6 goto #4

Re:Back doors

[zulux]

ascii-ization/steganographization -->

Argh! You mean all those Ascii Goatse.cx posts on Slashdot could have hidden messages - those sneaky bastards! Hiding information in someones bum is not nice!

They'll not focus on every bitstream

[Theodore+Logan]

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Probably, the focus will be on encrypted emails and the like. But, I hear some of you object, this won't prevent Ohama from hiding encrypted messages in porno pics, or whatever he's doing. You're right it wouldn't. But then again, is there even one slashdotter who actually believe this would in any way prevent terrorism? I think not. And I don't think those passing this act think so either. They are just passing as many Orwellian bills as possible in the wake of this tragedy, partly because they want to obtrude on the American people some false sense of security, and partly because they just want to snoop on you, for no real reason at all.

Well..

[cmowire]

For one, the government would most likely be going after the manufacturers of encryption software instead of the users of encryption software.

Which means the law will be useless because encryption is already out.

The backdoor will probably be in the form of a key or a series of keys that one or more entities has. To make it seem better, multiple authorities will have portions of the key, so that you can't just grab one repository.

You can do statistical analysises and generally figure out if something has a likelyhood of being encrypted. It's a cold-war technology that probably got much usage back then. But it's not the kind of thing you could deploy across the entire network.

Now, I'm not a privacy whacko. I don't encrypt my hard drive. I'm not anti-government. I'm generally pretty pragmatic. But even I don't think that we should have backdoors on encryption software. Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?

Re:Well..

[bloo9298]

I don't think backdoors in crypto software are a good idea either, but your comparisons could be improved:

Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?

They may not have them already, but it wouldn't take the government or cops years of effort to get into a safe or your apartment.

Re:Well..

[Jeffster98]

Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?

No, but if they get a warrant they can have your apartment door opened by your landlord and take that safe to a locksmith who can break it open if they can convince a judge that it contains evidence. What's different about encryption is that even if they do get a warrant to look at the data contained in an encrypted file, they can't break the encryption with current technology (at least in a reasonable timeframe). There's nobody to give them the key but yourself right now, and they can't force you to give it to them. Not a solution for a government that wants total control.

Re:Well..

[MrKevvy]

"Does the government have backdoors on our safes? Do the cops have a key to my appartment's door?"

They have oxyacetylene torches for your safe, and a battering ram for your door. This is why they are considering the legislation: there is no way of realiably cracking properly-done strong crypto in a reasonable amount of time (less than billions of years.) You can't force your way to a key, or buy it, like you can force a door or buy a better torch to get into safes faster.

The feds had Mitnick's laptop(?) for five years and made no progress in breaking the encryption he used...

Re:Well..

[aozilla]

What's different about encryption is that even if they do get a warrant to look at the data contained in an encrypted file, they can't break the encryption with current technology (at least in a reasonable timeframe).

50% of the time if they broke in the key would be right there unencrypted on the computer. 45% of the time the key would be protected by an easy to crack password. The other 5% of the time the police could plant a key capture device and get the password.

Key escrow is much much worse than the government having a key to your apartment. It is equivalent to having a ban on possessing private thoughts. Consider a simple encryption scheme which could be done in your head. This plan would make it illegal to memorize a number without telling it to the government. It's that scary.

Escrow?

[syrupMatt]

The workable solution that I would envision would be the oft proposed "key escrow" system, where the government would hold a copy of each person's secret key/password. A court order would be required in order to access the key, much like a search warrant process.

There are a few holes in this, though. Most obviously, are we actually expecting "mis-users" of encryption to hand over that information?

Given that, there really aren't all that many systems that seen workable to me.

A "skeleton key" for encryption? God forbid that ever get into the wrong hands.

Programmed back-doors? See above.

The whole problem with an encryption back door is it is basically like leaving a house key with someone. There has to be absolute trust that they will not allow it to be stolen/misused.

They wouldn't...

[rkischuk]

The fact here is that the lawmakers who are bringing this up don't understand what they're talking about. If they did, they'd realize that by providing a backdoor, you make cracking the backdoor the goal, not cracking the encryption head on. If they think they can keep our data secure by keeping the backdoor algorithm to themselves, they're mistaken (De-CSS).

The truth is, the people this legislation is targeted at will resort to other methods or ignore the law outright. Steganography looks just like standard data except to the sender and receiver. Meanwhile, the rest of us get our mail read. I'm going to get really pissed the first time someone gets prosecuted for sending an email to a friend saying "I downloaded off of Gnutella the other day." THAT is a search without probable cause, but they're already searching, so they might as well use what they find, right?

crypro backdoors?

[hex1848]

That completely dose away with the protective purpose of encrypting. If the government knows of a backdoor, joe-q-scriptkiddie wont be far behind. I know that this has been quoted a lot in the recent days but damnit its the truth:

"Those who give up essential liberties for temporary safety deserve neither liberty nor safety."
-- Benjamin Franklin

Re:crypro backdoors?

[majestyk2000]

Nothing on you personally, but I swear to God the next person that quotes that damn statement is going to get a visit from my friend Guido.

Re:crypro backdoors?

[Amazing+Quantum+Man]

I agree. But the goverment is under pressure (either real or imagined) to "Do SOMETHING! Do ANYTHING!" to make the people feel "safer".

Since they already had these proposals flying around, some since the days of Bush Sr., it was easier to dust them off than to do any actual thought.

Burden of proof

[sting3r]

The US governemnt can easily do for a "suspected cryptographic datastream" the same thing that the UK government has done for encryption keys: make it the suspect's burden of proof that they aren't using encryption.

Does this fly in the face of the "innocent until proven guilty" policy? Definitely. But these new laws aren't there for the citizens' benefit - they're there for the snoops, and the snoops don't care if you're sent to jail for 20 years because you couldn't prove you weren't using PGP.

-sting3r

government sponsored encryption

[CormacJ]

Anyone remember that the NSA years ago weakened the DES algorithm. People suggested that this was done to allow the NSA a good chance at cracking DES encryption.

Quite likely it will get to the stage where anyone sending emails with strong encryption will be deemed suspect and put on a watchlist.

Re:government sponsored encryption

[Defiler]

I like my encryption hard and my porn soft.

Re:government sponsored encryption

No, the concensus among top cryptographers (well, the ones who can talk about it publicly) is that the NSA strengthened DES by changing the S-boxes to prevent differential cryptanalyisis - a technique which was not publicly known at the time. Only years later when differential cryptanalysis was independently developed in academia were people able to make any sense of what NSA did to the S-boxes.

Re:government sponsored encryption

[jonathan_ingram]

No, you have it the wrong way around.

The NSA *strengthened* the DES specification to make it resistant to an attack (differential cryptanalysis) which was unknown on the 'outside', and remained unknown for about 15 years afterwards.

As with most laws to prevent crime...

[ConceptJunkie]

This will only stop the unsophisticated users. While the government is backdooring into some 1337 h4x0r script kiddies' communications, terrorists cells will be communicating through steganographic messages with non-government-approved encryption on the local pr0n site.

To educate yourself

[friday2k]

There is no easy answer to this question. It certainly depends on the alogorithms used. It depends on who implemented it, tamperfree devices, and much more. Here are a couple of links that might give the interested reader some points to start:

Peter Gutmann's excellent crypto tutorial
Some information on Blind Signatures
A very nice link page for privacy and encryption
Ron Rivest's (the R in RSA) homepage with an excellent link section
And a link to buy Applied Cryptography, even if the stories lack accuracy it is a good read

Happy reading!

back doors

[gumby42]

well, the system which was proposed a while ago would work like this: there is the ordinary key system which everyone uses, and then two other keys are generated, each of which would be distributed to a spereate governmental agency. both keys would be needed to open up the encryption. in this way, the only way (in theory anyways) any one in the government would be able to read it is if they get the proper documents and go to both different agenecies and get both halves of the keys. There have been other systems developed where any number of keys are required. how secure they are is still in research, as is any encryption technique. Howerver, even assuming the encryption all worked the way it was supposed to, and this was secure, I still wouldn't really trust the government enough to not be corrupt and just pass out keys under the table or something.

Answer: they could never work

[Gregoyle]

They could never work.

The simple reason is that as long as there is an algorithm that cannot be penetrated, either by force or by escrow, that algorithm can hide data. On this, at least, the cat is out of the bag.

One of the more likely scenarios which could possibly keep criminals away from data while allowing governments to have access would be an agreement worldwide on a data-encryption standard that included key-escrow. Likely this would be implemented with a large database of registered keys rather than a "skeleton key" approach simply because the "skeleton key" would be a ridiculously easy target. Of course, this whole scenario cannot work for catching dissidents and criminals, and therefore cannot serve the purpose of fighting terrorists.

The reason is that under any reasonable key-escrow scheme a government would be required to show evidence before using the person's key to find the data. This works fine for average citizens who only use the mandated encryption standard, but, Surprise! When the government uses the key of terrorist Tim to decode his messages, they find that not only did he use the mandated scheme, but he also encrypted his data with his own scheme, which, of course, is unbreakable with current technology. Terrorist Tim wins in two ways here, not only did his data remain secure, but he also managed to waste a large amount of the government's time and resources.

The fact that this is even being proposed shows the ignorance of technology rampant in Congress. I live in NH, maybe I'll write a letter to Senator Gregg.

Re:Answer: they could never work

[syrupMatt]

Here's an even bigger question.....who's to collect the keys?

Let's just assume for a second that Johnny Terrorist uses a program generating keys based upon the "approved" encryption standard. Does a gaggle of armed guards come to his door with a floppy instantly to collect the key?

A key escrow system is probably the most workable of all the insane schemes surrounding this. However considering the logistical/administrative nightmares of making such an escrow and keeping its contents current, I think it is as much vapor as the furor over this eventual/legislation.

Re:Answer: they could never work

[slashdot.org]

That is the answer, but also for a different reason: criminals will simply use a different crypto method.

Re:Answer: they could never work

[hauca]

---The fact that this is even being proposed shows the ignorance of technology rampant in Congress. I live in NH, maybe I'll write a letter to Senator Gregg.

This should not be a maybe, but a definately. Congress is controlled by people that do not know much if anything about technology let alone other important topics. Their role is represent the will of the people. If you choose not tell them your thoughts on this topic to your congressman or senator then some else with possible different thoughts on the topic will.

Re:Answer: they could never work

[Elwood+P+Dowd]

You say:

The reason is that under any reasonable key-escrow scheme a government would be required to show evidence before using the person's key to find the data.

But if you remember, the biggest issue in the Clipper Chip deal was that they changed the wording that created the "Fruit of the poison tree" doctrine that currently keeps illegally acquired evidence out of the courtroom. They might try to do away with the evidence requirement.

Re:Answer: they could never work

Terrorist Tim?

Shouldn't that be Terrorist Habib or Terrorist Abdul?

"Excuse me sir, but would you like a slurpie?"

Re:Answer: they could never work

[Sloppy]

They could never work

Of course, that depends on what the real purpose is. The purpose might be to create lawbreakers.

"There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible to live without breaking laws." -- Ayn Rand, "Atlas Shrugged"

Re:Answer: they could never work

Naw, I'm pretty sure the guy who blew up the building in OK City was named Tim.

Re:Answer: they could never work

[reverse+flow+reactor]

There are method of hiding data in plain sight. Just read "Chaffing and Winnowing: Confidentiality without Encryption" at http://theory.lcs.mit.edu/~rivest/chaffing.txt


Also, said Terrorist could use multiple techniques together:

- write message
- apply method of Chaffing and Winnowing (above) or method of hiding messages in spam.
- hide that message in favorite media with outguess.
- encrypt that with PGP or GnuPG.
- encrypt that with the mandated, key-esrowed, back-doored technique
Now there are several barriers to break down, but only the easy one is known about until an investigation is already under way.

Or:
- said terrorist could avoid electronic communications, and meet face to face in a public park or on a public bus or in a crowd

Ask a gardener how they deal with weeds. Do you just remove what you can see, or do you go after the roots? Ask a doctor how he/she deals with a disease. Does he/she treat the symptoms and hope for the best over time, or does he/she treat the source of the disease?

Yes, cutting off one of their means of communication would be an incovenience for people who have evil plans. But is there a better we that we can deal with their evil plans in the first place?

I don't know the answers, I just ask the questions.

Re:Answer: they could never work

Key escrow doesn't work either. Who is going to store all the keys? Do we trust them? Who will try to get at them?

What about algorithems that change keys every session? Doesn't SSH 3.0 change keys every 10 minutes?

It's a logistical impossibility.

Re:Answer: they could never work

Shut up, you lying diaper-head fuck.

Re:Answer: they could never work

I live in NH, maybe I'll
write a letter to Senator Gregg.

All it takes for evil to thrive is for good men to do nothing. Please do send that mail.

Re:Answer: they could never work

But if you remember, the biggest issue in the Clipper Chip deal was that they changed the wording that created the "Fruit of the poison tree" doctrine that currently keeps illegally acquired evidence out of the courtroom. They might try to do away with the evidence requirement.

They are trying to do away with the evidence requirement - and likely will in the next day or two. See here.

Re:Answer: they could never work

[khym]

Actually, it could work, assuming that it's only used after a warrant has been acquired. The feds get the warrant, try to decrypt the info, and can't. Or they decrypt it, and find antoher layer of encryption underneath. Then they can charge the terrorists with use of illegal encryption and send them to jail for a few years.

Re:Answer: they could never work

[Zenithal]

As much as I'm against the government having access to all of our private information, it's also important to note that just the fact that Terrorist Tim used a non-mandated encryption scheme will probably be a federal offence. Enough to arrest him anyway.

Re:Answer: they could never work

[Old+Wolf]

If a terrorists is willing to murder several thousand people, I don't think he is going to have any compunction about using illegal cryptography.

Compusory backdoors means that law-abiding citizens lose their privacy, and criminals are unharmed (or perhaps even have their position improved, because their target companies are all now backdoored).

Re:Answer: they could never work

[Fred+Ferrigno]

Everyone keeps saying that "if you ban cryptography, it won't stop the criminals from using it." That's not the point at all.

The point is to head off Slashdot's vision of the future where everyone uses cryptography for everything. If you ban cryptography, the criminals will still use it. This is true. However, they'll be the only ones using cryptography, and therefore be much easier to spot.

The NSA doesn't want to decrypt grandma's shopping list. It's a waste of time. Rather, if grandma starts using Government-Approved encryption, and the criminals keep using PGP, all Carnivore has to do is look for PGP, and whammo--you've found your criminals. They don't even have to decrypt it; simple use of real encryption is a sign of guilt.

Certainly, there are other reasons to oppose this legislation, very real reasons that we must not let this happen. But "it won't work" isn't going to cut it. Because it will work, just not in the way you think it will.

Re:Answer: they could never work

I don't live in NH, but I already sent an email to your senator a couple hours ago from here. The more letters the better, so I hope you have a chance to get one sent off:

I saw you speak on a cable news show this morning (Thursday, 9/20/01)
about upcoming legislation you are seeking to implement to counter the use
of computer encryption by criminals. I'm glad that you are willing to
stand up and take a proactive stance to solve the problems the FBI is
facing in their information gathering efforts, however your legislative
ideas unfortunately will be ineffectual in meeting the ends the FBI hope
to see. I hope you will find my thoughts insightful and helpful, and they
will lead in some small way to more effective laws.

The targets of your legislation are American software firms that develop
encryption-related technology, the main idea being that if their products
are designed to have a sort of master key that law enforcement agencies
can obtain in the event of an investigation, the good guys can decrypt
communications they otherwise wouldn't be privvy to, leading to
prosecutions and crime deterence. The assumption in this argument
however, which when disproven unravels the efficacy of the legislation, is
that the American firms have control over the availability and quality of
encryption software.

In reality, the technology behind almost all encryption tools (i.e. RSA
public-private key technology) is already available for free, and is
widely distributed around the globe, independent of any American or
foreign firm's oversight. Essentially, the technology is in the public
domain, and is a mundane, irrevocable part of the computer technology
landscape.

A large reason for the universal availability of the technology stems from
high-grade encryption algorithms historically really only being proven
effective by being tempered and stress-tested in a public way by
cryptographic academicians and enthusiasts around the world. The
development process is open, public, and scientific in nature, rather than
corporate and proprietary. The very process of developing strong
encryption is such that the resulting technology can't really be recalled
at a later time or altered to be weaker. This has resulted in mature,
near-perfect encryption software in use now on millions of machines.
People trust it, so they use it. The idea that people honestly interested
in keeping their data private will switch from these free, high-quality,
and secure solutions to non-free, non-secure solutions, and that passing a
certain piece of legislation can hope to lead to such a goal, is more
likely to give a false sense of security, and not create any new
protection.

Their marketing departments probably wouldn't highlight it, but what
software companies more typically are responsible for creating are only
the comfortable, easy-to-use interfaces, and the enterprise administration
tools that larger organizations can find useful. I personally don't care
for the bells and whistles, and like many other security professionals,
don't often see a reason to buy encryption software. I think it's only
realistic to assume likewise that the terrorists and criminals who are
smart enough to use encryption are also smart enough not to pay to use
software with keys that the US government control, when they can download
stronger, untampered stuff for free. The software companies add usability
features some people and companies need, since it can make their lives
easier and therefore save them some money in the long run. But regarding
strong encryption itself, in the real world the cat is already out of the
bag, and has been for some time. This needs to be faced as a basic truth,
rather than a dilemma that can be directly fixed with a new law.

Please, please season your legislation with more input from computer
professionals. I myself am not a NYC firefighter or a Red Cross worker;
I'm a computer guy, I develop secure networks to protect highly-sensitive
data in the pharmaceutical industry. If by way of this expertise though I
can be of some small service, and help to develop more realistic,
effective laws -- do my part -- I'd be interested in volunteering my time.
I'm sure there are thousands of other professionals in the country with a
similar willingness to put their knowledge to use for the greater good.
Please feel free to contact me if you or your aides care to further
discuss aspects of encryption technology.

Thank you for your time.

Re:Answer: they could never work

[egommer]

do agree,'The cat is out of the bag'. We all knew this
moment was going to come, when the government had an excuse to push for a
backdoor for Crypto. The underlying technology for crypto is available
worldwide. Once back doors are in place there will be many new schemes
created to replace it. This is similar in effect to all the computer
virus out in the wild right now. Algorithms will mutate much faster
than they can ever be decrypted. This attempt is futile as far as finding
and tracking terrorist or criminal activity.

This a time when head-on technology will only hinder our efforts to break
up these terrorist networks. I am a person who believes strongly
in the possibilities technology can provide but in this case nothing I believe
nothing but 'Old-fashioned footwork will be effective. It will be attacked
at the weakest point, the Human being. Electronic Emissions detection
methods will increase in popularity. Keyboard sniffers in the BIOS
and in many forms of hardware will be implemented in total secret.

If Microsoft wants to get out of hot water it will cave in to any government
request to embed backdoors deep into the OS via service pack updates ect.
Despite our arguments and cries we must all accept the fact that things as
of 9-11-2001 have changed the rules of privacy forever.

We will rebuild

Re:Answer: they could never work

[Dwonis]

They don't even have to decrypt it; simple use of real encryption is a sign of guilt.

Not really, it's a sign that you are using OpenSSH in a foreign country through a U.S. network (and if I were the head of the OpenSSH team, I'd make damn sure that OpenSSH is INCOMPATIBLE with any insecure algorithms -- even if it had widespread use in the U.S.)

Re:Answer: they could never work

[armb]

> When the government uses the key of terrorist Tim to decode his messages, they find that not only did he use the mandated scheme, but he also encrypted his data with his own scheme, which, of course, is unbreakable with current technology.

And is also illegal (under at least some proposed laws). So, lacking evidence of him being a terrorist, you can lock him up for breaking the crypto laws.

That kind of sucks if Tim isn't really a terrorist at all, but a dissident using encryption to detail human rights violations of his oppressive government, and the government are just looking for an excuse to shut him up but, hey, in that case he isn't an American so it doesn't really matter, and encryption might be illegal for him without any international pressure from America.

[Caution: Message may contain traces of sarcasm.]

Re:Answer: they could never work

[blight]

What almost everyone seems to be forgetting here is that good encryption is indistinguishable from randomly generated stream of bytes.

Just wait until someone creates a worm that spreads around and starts sending random streams around and see how easy the criminals are to spot then.

Real information by informed sources

This is a great report that was compiled after the whole Clipper chip fiasco by a number of people whole know WAY more about it than I do - including Bruce Schneier.

The bottomline is this - if all the public keys for all traffic in the US is locked in a single location it would become the new Fort Knox. Seriously - you hack that computer and you can open intercepted electronic bank transfers and government classified files.
Stupid, stupid, stupid idea....

=tkk

Encryption, Patriotism, and Nimda virus

[proclus]

NewsForge is running a story about an encryption paper from the GNU-Darwin crew. They interviewed Dr. Love, who says that PGP "could have prevented Nimda worm attacks" that are devastating email servers right now.

"Michael L. Love says the "open-signing" form of encryption that's available with encryption programs such as PGP and GnuPG would keep would-be terrorists from hijacking other people's email to send their messages. Under open signing, the text of the email is open for all to read, but the identify of the sender is authenticated."

There is also some discussion of .NET, and Love says that PGP keyservers could provide an authentication infrastructure to compete with Microsoft in the net services arena. Be sure to see the related Slashdot thread about Microsoft's new authentication proposals.

How the government might know

[ciurana]

"We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic? Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

There is no such thing as "random bits of data" streaming through the network. All data has redundancies and self-imposed structure in order to convey information. Read Shannon for details on information theory.

Most currently available cyphers create a data stream that appears extremely randomized. This, in itself, could be a way for the government snoops to detect encryption: A sample of data that is more random than other data.

You can try the "compression test" for encryption. Try compressing some data. Check the file size. Now, encrypt the same data and run your compression program. You'll notice that the "compressed" file is the same size or larger than the original. This is because the encrypted data is "extremely randomized", and the compression program cannot find patterns in it to compress it. The snoops can use a similar test to detect encrypted data streams, i.e. over time, the probability of any character appearing is 1/n where n is the length of the alphabet (0-255 for bytes).

Steganography and hiding cyphertext in cyphertext (see Applied Cryptography) would be a good way around encryption back doors.

Cheers!

E

Re:How the government might know

[Fruny]

Maybe, but just think of how many compressed files fly over the network?

How many times have you asked (nicely or not) for people to send you compressed files because you have a slow connection or a small mail quota ? And all those mp3s, mpgs, jpgs ARE compressed data.

So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.

Re:How the government might know

[dvdeug]

> You can try the "compression test" for
> encryption. Try compressing some data. Check the
> file size. Now, encrypt the same data and run
> your compression program. You'll notice that the
> "compressed" file is the same size or larger
> than the original. This is because the encrypted
> data is "extremely randomized", and the
> compression program cannot find patterns in it to
> compress it.

This is true of good random numbers, too. It's even more true of compressed data - this test will trigger on every gziped or zipped file to pass through the network. It's also trivial to use some sort of base64 (or more complex encoding that uses letters with English frequency) over your encryption to break this.

It also doesn't distinguish encryption permitted by the government, and cypto using illegal keys and methods.

Re:How the government might know

[ethereal]

Oh my God - the government's going to start using the postercomment compression filter! :) Hopefully they get a better implementation than /. has, at least...

Random text added for the purposes of U.S.C. I-31-B.297, all Hail the Party!

Re:How the government might know

[ciurana]

So your average data stream already has (or you may hope so) a rather high entropy. And the compression test does not work well.

The entroupy in a compressed data stream isn't as high as you think. Remember that you have additional data at the beginning of the stream (and possibly at the end) that indicates which compression program/algorithm is used.

A good way to add entropy would be to compress the data, then encrypt it, then compress it again, then transmit it. Most decent encryption software tries to compress the plaintext first anyway to reduce redundancies.

Cheers!

E

Re:How the government might know

[Fruny]

> Remember that you have additional data at the beginning of the stream (and possibly at the end) that indicates which compression program/algorithm is used.

Headers, and even dictionaries are not that big compared to the size of a compressed file. Plus you can always fake them, and it would be hard to tell wether you have a faulty archive or an encrypted file.

Re:How the government might know

[david.johns]

There is no such thing as "random bits of data" streaming through the network.

As I pointed out to someone above: <voice character="yoda">There will be. There will be</voice>

Re:How the government might know

[Sloppy]

You can try the "compression test" for encryption.

This won't work, because you can have false positives and false negatives.

The false positive case is obvious: if the data is already compressed, it will look like it's encrypted even if it's not. So some kid downloading Britney Spears' MP3s gets flagged as a terrorist.

You can also create false negatives by padding or otherwise injecting artificial redundancy. If "xyz" is entropic (doesn't compress, appears to be encrypted) then just send "xaayaazaa" (where the filler could be anything and you'll fool anyone who's looking for too much entropy. So Osama's packets go right through Big Brother's net and no one even notices that they're encrypted.

Re:How the government might know

[Matthaeus]

So some kid downloading Britney Spears' MP3s gets flagged as a terrorist.

And this is a bad thing how?

Instead of requiring crypto backdoors . . .

[Occam's+Nailfile]

Let's require all terrorist organizations to register with the US government, and submit to having an electronic tracking device strapped to each member's leg. We will know terrorists are in violation of the law (and therefore up to something devious) when we see them moving around without their tracking devices, and we can accept that as a violation of the law and take them into custody before they blow something up.

Outlaws...

[rkischuk]

Remember:

If you outlaw crypto, only outlaws will have crypto.

Re:Outlaws...

http://www.mp3.com/curvedspace

Why use crypto at all then?

[DanEsparza]

I think it's a stupid idea to even toss around the idea of a 'crypto back door'. I can understand why politicians are desperately attempting to dig up the 'silver bullet' that would have stopped the WTC tragedy (and will stop the next horrific event from happening) -- but they're barking up the wrong tree for several reasons.

Making crypto 'safe' with a back door effectively makes it useless. Why would anyone in their right mind use a cryptographic algorithm knowing that a perfect stranger has a 'backdoor pass' to their information? The whole point of crypto is to only allow the intended recipient to view the secret information.

This idea would weaken any cipher that this idea is applied to. Why? Simple. Key recovery in a datastream you haven't ever seen before depends basically on one of 2 things: Brute force, and a little ingenuity. If you know that the cipher has a 'universal backdoor' then each stream encrypted with the cipher will be that much easier to crack -- because the streams will have to be somewhat similar.

What happens when the wrong people get the 'back door' key? You don't think that someone dangerous is going to somehow either recover the key manually, or steal it? Think again. A 'back door' key (or set of keys) of this scope would be too good to pass up. Why bother attempting to recover a key that unlocks one stream, when you can unlock a whole set of streams?

The cat's already out of the bag Why would somebody who really wants to keep information secret use a cipher that didn't keep it secret -- especially when there are so many good ciphers (RC4, Twofish, etc.) that don't have a backdoor? In short -- this is a braindead thought process that will lead the U.S. straight into another disaster.

Re:Why use crypto at all then?

[SweenyTod]

It's not the algorithm you put a back door in at all, it's the system that implements the crytpo system you hack.

For example, I implement twofish or RC4 or AES perfectly, but make known to various 3 letter government agencies what the 1st 80 bits of the key will be (hello Lotus Notes).

Or I encrypt with two fullblown keys, and keep a copy of the second one, so I can always decrypt it when I need to.

Or I send the Bad Guy's computer a specially encoded message that tells my crypto system to start forwarding to the previously mentioned three letter agencies copies of all plain text.

Or I change the random number generator to generate a known series of random numbers.

There are many ways to backdoor a system. Security is more than the encryption algohrithm used, it's the system that implements it. Encryption plays only a part of the overall system.

Of course, all this would be close to impossible to do in an open source system, which is why we all use them, right?

turing software

try using the open source turing software... it works using an algo like they used to break enigma... in other words you need to have stold or fortunately stumbled upon an equivelent of your enemies german u-boat.

If you can't decrypt it, it must be terrorism...

[MrKevvy]

Simply, that the only way to prove that something was encrypted "legally" would be to automatically break it, all of it, as it passes through various communications channels.

But this is too large of a job for just one person, or a (fiscally feasible) number of people, as much traffic may not pass through a central point. Machines will have to do it automatically, and there will ave to be many o them. Who will make the machines? How will they guarantee that the backdoor isn't released? What if the machines themselves take a walk?

Steganography would be the only way around this, by hiding an encrypted snippet well enough that it doesn't look encrypted. What if someone posts a badly-encoded GIF of their cat on their personal page, and the so-called "Stego detectors" pick it up. Of course, the "message" isn't there. Therefore it can't be decrypted, and they will be flagged as a criminal... scary prospect.

As the technology progresses, only poorly done stego and innocent media would be caught. It's already possible to encode messages to be indecipherable from quantization noise by any theoretically possible system.

Encryption equivalent to income tax evasion

I don't think that the backdoor thing is going to fly - pretty soon people are going to realize that terrorists could commit far greater acts of terror by *having* and *exploiting* any back door the government puts into crypto products and ripping people off for millions upon millions of dollars.

However, I think govt can take the income tax evasion angle - Al Capone couldn't be convicted of murder (he was too good at hiding his tracks) - so they simply got him on how much money he had in the bank vs how much money he stated on his taxes.

Likewise, the government could say something like - after they get a search warrant - 'hand over the encryption keys that you used for a certain file'. Simple and enforceable - if the suspect of any crime refuses, you get them on encryption abuse. If they do give you the keys, then, well the law works.

All of this doesn't fly though in the face of embedding communications in images, etc. However,
it *does* work for things like monetary transactions, where the software is pretty standard and people need to use conventional software.

Ed

How can access to backdoor be restricted?

[sterno]

The biggest problem with this is what happens to thsoe backdoor keys the government has. I mean first of all, how can we be assured that they can only use the keys with a court order? Furthermore, even if there's a way to assure that, is there any ruling that indicates that's even a requirement. I mean it seems that the fourth amendment might prevent unauthorized access but until a court rules it's hard to say. They could pass a law giving back doors and then alter say that they can access them without court supervision (and the court may or may not support that)

The other problem is that if the government does start accessing things without a court order, how would you know? You could probably develop a crypto system that would leave obvious evidence if it has been accessed through a backdoor, but the government wouldn't want that because it might interfere with an investigation.

How it worked with one commercial product

Lotus has a 64-bit encryption. The "approved for export" product had only 40-bit encryption, however. The same 64-bit encryption still applied, however 24 bits of the encryption were held by the Feds. Thus the Feds could then easily crack a 40-bit encrypted message, but would have more difficulty with 64-bit.

Since this was all done several years ago, we can all safely assume that 64-bit encryption is easily crackable by the Feds, and that's why they agreed to allow 64-bit encryption to be exported.

Dig out your old Clipper chip documents

[BeBoxer]

The government has already done a lot of research into the area, and pretty much implemented a whole key-escrow system. Nobody used it and as a result it was a flop. To be honest, I don't know how much of the supporting infrastructure was actually deployed.

The basics of Clipper worked like this. The system was based on hardware encryption chips which implemented the protocol. No software versions existed AFAIK for obvious reasons. Each and every chip had a unique ID and "unit key". Each encrypted transmission had a Law Enforcement Access Field (or LEAF) prepended to it. The LEAF consisted primarily of the current session key encrypted with the unit key of the sending chip and it's ID number. I believe the whole LEAF was then encrypted with a single key shared by all chips.

On the law enforcement end, the DoJ was supposed to maintain a database of all the chip ID / unit keys. There was lots of fancy promises made about the security of the database, and how it would be split it two so that two separate agencies would have to cooperate in order to gain access to the database, etc. All very feel good but in the end un-auditable and basically BS since the regulations guaranteed that there would be no penalty for improper access to the keys.

Anyway, the LEAF field in combination with the database allows access to the session key and hence the plaintext of any message.

The whole scheme has so many problems it's not even funny. Not the least of which are: the whole protocol has to be keep top secret. If you know how to generate a legitimate LEAF field, you know how to generate a bogus LEAF field too. An AT&T researcher published a paper about how to get two Clipper chips to talk to each other with bogus LEAF fields. It took a fair amount of trying to get random LEAF's which had valid checksums, but it was quite doable. Presumably, they won't repeat that mistake. Software implementations are pretty much verboten, since they are far too easy to reverse engineer or tamper with. If you are trying to mandate back-doored encryption, you would pretty much just mandate that all encryption be performed using NSA designed and approved chips manufactured by a secure contractor.

As to what stops you from sending random data, one need only imagine the governments response when they detect that you are sending random data. Such random data would be presumed to be illegally encrypted data, and you would be arrested as such. It's quite possible that you would be freed once you had shown that the data was random. In the mean time, your face would be plastered on the front page of the paper as a "suspected terrorist". You might expect to be held without bail due to the extreme danger a suspected terrorist poses to society. The draconian penalties involved will serve to keep people in check, not any technical ability. Look at the penalties handed down for DMCA violations. Then compare the severity of pirating a movie versus flying an airliner into a building. Finally, scale the DMCA penalties accordingly. You can imagine the outcome.

Re:Dig out your old Clipper chip documents

[mce]

Hardware implementations can also be reverse engineered. I once talked to a chip designer who was an citizen of Eastern Germany before the wall came down. One of the things he had worked on, was to duplicate certain chips (from DEC, IIRC, so it could have been VAX cpus) based only on samples. They succeeded.

OK, Joe Random Haxor can't do this, but foreign governments certainly can.

Re:Dig out your old Clipper chip documents

[dragons_flight]

I have a friend who previously worked for a company (I forget the name) that does a sort of chip reverse engineering in the US. Essentially, they are paid to take chips apart and understand how they work in order to check for patent violations. Along the way they can also generate complete design schematics.

Pretty cool technology to be dealing with, but it does show that corporations as well as governments are perfectly capable of taking chips apart.

Re:Dig out your old Clipper chip documents

[arkanes]

Simple. It'll become illegal to send random data. Next time you're at an airport check out the little signs all over - It's all almost as illegal to pretend to try to hijack an airplane as it is to actually attempt it. Under the umbrella of that law, creating false positives in the encryption detection algorithms (mangled/partial compressed files, random noise, etc...) would be a felony. Finally, a way to even the race/class balance of our jails :)

Re:Dig out your old Clipper chip documents

[markmoss]

Simple. It'll become illegal to send random data. How about sending a JPEG of a Jackson Pollock painting? It sure looks like random data. (Pollock's usual method of creating "art" was to cover the floor with canvas, set a ladder in the middle of it, climb up with various colored paint cans, and fling paint.) But since some people will pay large sums for the original, it isn't random data and you could sue for false arrest.

Meanwhile, real terrorists will be sending the communications they need buried in innocuous-looking messages in the clear. Agree on a few code words at a face to face meeting, and then you can make all messages necessary for scheduling and coordination look like ordinary business communications -- e.g., send the target location, date, and time as the time and place for a meeting, an order for "staplers and staples" can refer to guns and ammo, ...

Or if they really have to send an incriminating message, there are lots of ways to hide it in an innocuous message. E.g., insert a letter here and a letter there as "misspellings". Flip a few bits in an image or audio file -- if the recipient has an unmodified copy of the file, just do an XOR to recover the hidden message. Or if you want something really sophisticated, hire some underpaid Russian mathematician/programmer.

Or after a decade or two of this sort of sh*t, you'll be able to hire impoverished Americans instead...

enforcement

How do we force our enemies to use encryption with our backdoors? How about those outside US jurisdiction (like Bin Laden)?

A backdoor will only allow the US to spy on itself. Even internal enemies won't use such.

Already exists

[11thangel]

That law is called obstruction of justice. If you have a key, it can be subpoena'd at any time, if they can prove to a judge that your encrypted data may include things necessary to procede with a trial. If you don't hand it over, or conveniently "lose" your copy, you get hit with obstruction of justice and you look like an incompetant fool who can't even keep track of his own crypto keys.

Re:Already exists

[ethereal]

Of course, the penalty for obstruction of justice may still be more palatable than the penalty for whatever the government is accusing you of. Not to mention the 5th Amendment problems with forced key turnover.

Re:Already exists

[krlynch]

Not to mention the 5th Amendment problems with forced key turnover.

I doubt that there is a 5th amendment issue here. Consider that there is no 5th amendment issue with taking fingerprints, court ordered blood tests in criminal cases, and required breathalyzer tests in suspected drunk driving cases, among other things. The 5th amendment protection, "nor shall [he] be compelled in any criminal case to be a witness against himself", has generally been very narrowly construed by courts, if I remember correctly, to be just that - they can't force you onto the stand in a criminal case against you; even then, once you have chosen to take the stand, you CAN in fact be forced to give testimony that is not in your favor. (IANAL and all that, but I do remember some of the things that I learned in civics classes :-)

Re:Already exists

[sealawyer]

"That law is called obstruction of justice. If you have a key, it can be subpoena'd at any time..."

If your key is written down, perhaps the government can get it via subpoena in some situations, but assuming that you are a criminal defendant, they can't make you recite your key if it isn't written down somewhere. Defendant's don't have to answer any questions (like "where did you hide the loot?" or "what is your passphrase") put to them by the prosecution.

A law requiring you to divulge an unwritten key would be unconstitutional IMO.

Re:Already exists

[ethereal]

I don't think those examples necessarily apply - you aren't testifying against yourself if the government takes your fingerprints or your blood sample. And breathalyzer tests can be refused; you just lose your license because that's the agreement you made in order to get a driver's license. I still say those are different circumstances than requiring you to state your secret passphrase if you know that doing so will result in more evidence being used against you.

IANAL, though, so even though I'm impassioned, I'm most likely wrong and/or legally inadmissible :)

Easy Ways to Avoid Backdoors

[Bonker]

If a normal guy like me can come up with these, you know that scary, insidious, Terrorist types are lightyears ahead:

1. Use existing crypto programs or write your own. Anyone with access to a high-level math textbook or a book on encryption and a little bit of coding experience can currently write crypto that is brute-forceable only by supercomputers. The same is true of the existing versions of PGP and other crypto programs available world-wide.

2. Steganography. Apps exist world-wide that will hide plain or crypted data in all sorts of things. Images, MP3's, Spam Mail, etc...

3. Use non government-controlled chanels to transmit data. Sneaker-net, by definition, is uncrackable without a spy in the house. No technology currently allows LEO's to read a CD without first placing it in a drive. This may not be far off, but it's still effective, so far as I know. Also, most phone companies can be persuaded to install 'burglar alarm' circuits that are just non-powered plain copper that between any two given locations.

4. XOR Crypted data in a manner so that if decrypted without first XORing it back, it will decrypt into useless, but not random information. I'm not a coder, but I can imagine that some talented hacker somewhere could come up with a scheme of encoding a crypted message so that it decrypted as Mom's cookie recipe if you didn't decode it properly.

5. For communications in which anonymity is more important than secrecy, use existing file-sharing networks to propogate messages. Freenet is the best example of this.

6. Transmit textual data in non-standard image formats. Ascii text is easy to detect. A compressed PNG of text data would be much more difficult to detect, especially by automated methods. A compressed or reencrypted raw bitmap would be even more difficult to detect. Existing image scanning programs work by scanning for a predertimined signature. Making images of text so that there is no signature possible is fairly easy in photoshop.

Re:Easy Ways to Avoid Backdoors

7. Use a combination of one-time pads and regular crypto. Send a *TON* of encrypted messages with lots of similar, evil data. 99.999% of the messages will be fakes. Only messages with a file number that matches a number on the one-time pad is real. Which one of thousands?

Re:Easy Ways to Avoid Backdoors

"4. XOR Crypted data in a manner so that if decrypted without first XORing it back, it will decrypt into useless, but not random information. I'm not a coder, but I can imagine that some talented hacker somewhere could come up with a scheme of encoding a crypted message so that it decrypted as Mom's cookie recipe if you didn't decode it properly."

Actually, this is not as easy as you think. Basically, you could do this, but the value you would have to XOR against would be as long as the message, and would have to be securely transmitted as well.

In other words, a one-time pad. If you're using a one-time pad, why bother with the other stuff?

(Actually, there's a company called D&G Sciences that sells a product using an algorithm they call "Leonardo". It purports to offer deniability, but there's no information on how the algorithm works [though it seems to have to do with pictures... hmmm...]. Snake oil, and lots of it. I wouldn't trust it.)

Re:Easy Ways to Avoid Backdoors

[c0rtez]

You can avoid backdoors, but you can't avoid the law (or so the reasoning behind the backdoor goes...) but anyway your points are all pretty valid. I'm just curious how #4 could be done... the XOR data (vector) would have to be almost as big as the unencrypted plaintext! How could you transmit the vector without letting the bad gov^H^Huys know it? It would change with every message.

Good thinking though.

Re:Easy Ways to Avoid Backdoors

[Bwerf]

If the xor key was a cookie recipe you could
prolly just mail it and noone would try xoring
the encrypted message with it. Then you just send
different recipes about half a day after sending
each encrypted message( or once every day and use
them just the days you get encrypted stuff).

yeah I know, security through obscurity and all,
but it's fun to speculate =). And if you were
only two peeps using it security through
obscurity could also work. It's just the
obscurity thing that's hard to maintain when the
group gets large.

Simple

[TrumpetPower!]

We've been hearing about adding crypto back doors for the govement to snoop on us, but how would they work? Would there be one key that could be cracked opening up all such traffic?

If you're talking about public key cryptography or some form of key exchange protocol (such as what happens with PGP, SSL, and the like), then, yes, there'll be more than one key that can decrypt the message. PGP already allows you to encrypt a message to more than one recipient; a simple solution would be to require all software to always encrypt to Uncle Sam's key in addition to the intended recipients.

The other solution is to weaken the encryption algorithm in some way. There are very subtle approaches, but the simplest is to limit the length of the key. A 40-bit key takes half as long to crack with brute force as a 41-bit key, and a 42-bit key takes twice as long again (all else being equal). If you have an application that uses 128-bit keys, it could be ``dumbed down'' to a 40-bit key by forcing all keys to start with 88 zeroes (or some other known pattern).

How to get people to use such software when there's a wealth of reliable strong cryptographic software readily available is left as an exercise to the reader.

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?"

Most encrypted streams have header information to make identifaction easy for the recipient. If you've ever gotten PGP-signed or -encrypted email, you've seen ``BEGIN PGP MESSAGE'' or some such at the top.

You could, of course, remove all such identification. If the encryption method is strong, what remains is provably indistinguishable from pure noise. If the recipient adds the identifaction back--if she puts ``BEGIN PGP MESSAGE'' before the bits--the result can be fed to the decryption proces without trouble.

But how many people send random bitstreams to each other? Somebody doing so would stand out like a sore thumb against the usual traffic of ASCII.

The most commonly accepted solution is steganography, the art of hiding secrets in plain sight. ``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word. Common modern methods of steganography include encoding the message in the low-order bits of a JPEG, but the field is still young and many techniques a bit crude. If ``they'' are already looking at you, ``they'' will have a good chance of finding the message.

As always, Bruce Scnhier's Applied Cryptography is a wonderful resource.

b&

Maybe not escrow...

[87C751]

An alternative to direct key escrow is the system used by Lotus Notes for their export versions a while back. Known as a "Work Factor Reduction Field", it's some fractional part of the key (Lotus used 24 of the 64 bits in their keys), encrypted with a system-wide key (usually half of an asymmetric key pair) and included in the transmission. Taken to an extreme, this could be the full session key, encrypted (ala Clipper). The main drawback is that you lose the requirement for several agencies to cooperate before an escrowed key can be recovered. Any agency with access to the systemwide private key could recover any crypted transmission. A policy to split-escrow the systemwide private key obviously fails after the first legitimate recovery order, since there's no way to prevent the recovery agency from retaining a copy of the master key. (this assumes the master key wasn't clandestinely retained before being split for escrow in the first place)

Re:Maybe not escrow...

[Tackhead]

> An alternative to direct key escrow is the system used by Lotus Notes for their export versions a while back. Known as a "Work Factor Reduction Field"

And how many billions of dollars would US businesses lose when their "secure" communications were cracked, not by NSA, but by foreign competitors?

Bin Laden may have made hundreds of millions of dollars by buying put options in airline and reinsurance companies two weeks ago.

Do we really want to give him and his associates access to that kind of money with the touch of a keyboard?

Do we really want to find out what our enemies could do with that kind of money if he could operate underneath the radar, possibly making several such transactions, over the course of ten years?

NSA isn't the only bunch of folks with access to supercomputers.

#include <beowulf_joke.h> /* ha ha, only serious /*

If anything can be cracked, it will be. Our financial system relies on the security and integrity of businesses' ability to communicate.

Just as the enemy can engage in asymmetrical warfare on the physical battlefield (lobbing 767s into our physical infrastructure, where we can't bomb Afghanistan to the Stone Age 'cuz the Russians beat us to it), they can also engage in asymmetrical warfare in the infosphere (destabilization through insertion of false transactions into our financial systems, a task greatly simplified through a reduction in cryptographic strength -- again choosing to fight where they have no comparable financial infrastructure that we can target in return).

If NSA still has any pull with Congress, I hope they'll be able to nip this one in the bud. I'd even go so far as to suggest that the second part of their mandate -- defending American communications from compromise -- obliges them to try.

Re:Maybe not escrow...

[vph]

>And how many billions of dollars would US businesses lose when their "secure" communications were cracked, not by NSA, but by foreign competitors?

How many dollars have non-US businesses already lost because of NSA giving information captured by Echelon to US companies? It would be hypocritical for US residents to complain of activities that they do themselves routinely.

Re:Maybe not escrow...

[Tackhead]

> How many dollars have non-US businesses already lost because of NSA giving information captured by Echelon to US companies? It would be hypocritical for US residents to complain of activities that they do themselves routinely.

Absolutely correct...

...which makes it all the more suicidal for us to knowingly re-expose ourselves to that risk (remember, the French did it to us too on behalf of one of their companies ;-) while other countries' corporate transmissions remain secure.

Re:Maybe not escrow...

[crucini]

I think you missed the point. The work factor reduction is only available to someone with the secret system key. Not Osama.

Re:Maybe not escrow...

[Tackhead]

> I think you missed the point. The work factor reduction is only available to someone with the secret system key. Not Osama.

Yeah. Not Osama. Someone we can trust, like the head of FBI counterintelligence. What was his name again?

Oh yeah, Robert Hanssen.

Dangerous to give up freedoms

[totallygeek]

We do not need more crypto laws or ID checks. All these terrorists had proper identification. Airline security has been harped on for years, but the consumers don't want more time spent at airports, and don't want searches. Every time someone purposes we use facial recognition software, the media goes on and on about how that invades privacy and is too "Big Brotherish".

America did not get what it deserved. However, we have turned a blind eye to terrorism throughout the world because it doesn't affect our lives here. Now, we have it here, and there are people blaming cryptography, movies, music, homosexuals, etc. The blame should be that we have not done anything to curtail the rise of terrorism.

As far as a backdoor to our encryption -- no way! A law will only serve against honest people. You think terrorists and drug smugglers will use encryption that has a backdoor?

Mark these words:

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."

-- Benjamin Franklin, 1759

Re:Exterminate Trolls. Destroy All Sporks

[A+Clockwork+Orange]

Hey! I like monkeys! There's nothing wrong with monkeys.

legal rather than technical

[eyeball]

first, i'm not a lawyer.

too much time is being spent thinking about the technical aspects of enforcement and use of 'backdoors'. what everyone's failing to realize is that the technical aspects of crypto laws are irrelevent. it's how they will be used htat's important. if any cyrpto laws are passed, they'll be used in prosecution and trial rather than proactively enforced.

picture this scenario: you are a criminal who has been sending encrypted mesages to someone else. you're busted, and on trial you are asked to decrypt the messages. you refuse. you are then thrown in jail for not complying with the crypto laws.

again, i'm not a lawyer, but it seems that if crypto laws will work in this manner, we are throwing away our 5th ammendment right to refuse to incriminate ourself.

Re:legal rather than technical

fine then. the supreme court will take care of that in due course if and when it comes up.

Re:legal rather than technical

[pointym5]

they'll be used in prosecution and trial rather than proactively enforced.

I agree, and that raises the question of how these laws protect me from terrorists. Surely it's not intended to frighten a terrorist into second thoughts because he now knows he might be prosecuted for illegal encryption in addition to mass murder.

Crypto Debate Links

[corky6921]

This debate has been around for a long time. In particular, things to note are:

• Britain has considered introducing a system whereby a key to decrypting the encrypted data has to be sent to the government. Here is more information from a dissenting group of privacy advocates in Britain.
• Microsoft has been accused of doing this (and I remember hearing about one time where they actually lost a server containing their only key.) There was a lot of debate over that; you can read some more abuot Microsoft's key structure here.
• Here is a long but rather interesting viewpoint of the debate about crypto.
• Don't forget (and please, tell your less technically-inclined friends) that crypto is NOT just used to send secret terrorist information. It is used by major retailers on the Internet to encrypt sensitive personal information such as credit card numbers.

A hypothetical example of my biggest personal fear regarding crypto follows:

An overzealous government tries to stomp out terrorism by requiring crypto backdoors. For the sake of argument, let's say it is the United States. Now, there are millions of hackers out there. A lot of them are smart enough to realize that if the government required keys to be kept in a central location, a hack of this location would be the biggest hack EVER. It would contain ALL keys to credit card numbers used by major Internet retailers. It would contain sensitive healthcare information. It would contain numerous trade secrets sent by company representatives.

Before we go any further, let's say that it was hacked. Now Joe Consumer knows his personal information was sent to Amazon.com. Amazon was required to give the key to decrypting it to the government. Now some terrorist has it. The government blames rogue hackers. "Well, whatever," Joe thinks to himself. "All I know is that they got my information from the Internet. I'm certainly not going to buy anything from there again."

You see, in this (albeit alarmist) scenario, the government has facilitated what could possibly be the biggest terrorist attack EVER, and ruined e-commerce in the process.

As an offhand note, do you think the government would use a system like Passport to do this? If so, we're in for a really tough ride. Just something to think about.

P.S. While I abhor the thought of keeping data in one place, I do support the idea of basic security regulations so that I know that when I purchase things online, my data IS actually being encrypted instead of being sent via plaintext email to the site owner.

Why is Decryption Needed by the Feds?

[scotpurl]

It's my primitive understanding of the court system that during a trial, the records of phone calls may be entered into evidence. This is not the actual content of the call, and who made the calls is not part of the evidence. Just the fact that one telephone called another telephone.

Why then must the Feds know what is in a message? If the fact of tranmission of a message is adequate, at least in the courts, then why does the content need to be known?

Also, why does the Government beleive that it should have the right to be a party to all conversations? If the Feds had a time machine, and could travel back in time and listen in on any conversation, I beleive that would be ruled an invasion of privacy. How then is decrypting a message any different?

Re:Why is Decryption Needed by the Feds?

Well actually what is presented in court depends of how the data was collected.
If data was collected with a DNR system then yes, if phone A call phone B it could be a sufficient proof.
But also, law enforcement can record the calls.

To resume, it all depends on what technology / system is used.

Re:Why is Decryption Needed by the Feds?

Actually why would they need the key anyway ? A person is persumed innocient until proven guilty.
The government should not be able to view anyone's messages unless they have a court order to do so in the first place. The NSA should have no problem cracking a particular message if they know which one need decrypting.

Random bits or encrypted data?

[rice_burners_suck]

The government could not possibly know whether a data stream is encrypted data or random bits. Think about it... If a standard encryption scheme is used, there might be header data that they can look at, but if you're a terrorist or a crook, you'll probably use a nonstandard encryption scheme, or even a standard one but with some data rearranged. For example, you could encrypt the data and then reverse it strrev()-style before transmitting it.

The idea of crypto backdoors is really stupid for several reasons. The biggest one is that once the backdoor(s) are found, all data is compromised, and if this legislation is passed, I firmly believe that a year or so down the road, there will be billions of dollars in damages caused by the compromise of data, from credit card numbers to trade secrets. The terrorists will either avoid using the Internet altogether or will simply work around the backdoors.

If the government decides to force crypto backdoors, that would be the most ridiculous thing on the planet! Terrorists could simply write their plans on a piece of paper, seal them in an envelope and mail them! How is the government going to respond to that? By opening and reading all our mail as well? What if the mail is written in a code language? Is written encryption going to be outlawed? Why not arrest children who make up their own codenames and codewords?

The trouble is that the government is so busy blaming things like encryption that they're leaving huge gaping holes elsewhere. A guy on 60 Minutes, for example, said that airport security is trained to look for very specific things in luggage, like a bomb in an otherwise empty bag. Interestingly, he said that a bomb is defined as a bundle of dynamite sticks with a big analog clock stuck on the side. I don't know about you, but I have a feeling that bombs don't look like the ones we see in cartoons.

That's just one example of typical government regulations. Just like OSHA making up rules that every industrial employee must break daily because it's impossible to get any work done while following them. I'm starting to believe that the real problem with security is the fact that they're trying to replace common sense with very specific written rules. I think the first place to begin with this war on terrorism is in our education system. Children are taught to follow directions. Don't even get me started on this because I'll write pages and pages on the subject. Children should be taught to think on their own--this isn't currently happening, despite activities teachers call "problem solving."

Encryption is the digital counterpart of an envelope, no more, no less. Trying to force backdoors on encryption is going to be a futile effort, and will only provide the government with one more impossible task to waste their time on. Tell your friends and neighbors.

Here's what I said to my political representatives

[Zwack]

This is a long post (for me)... It basically contains the majority of a letter that I sent to my representative and senators... It basically states a number of reasons that I think this proposal is inoperable. I encourage all of you to contact your elected representatives as well.

Adam/Zwack

As I feared when I first saw the attack on the World Trade Center, it has been reported (http://www.wired.com/news/politics/0,1283,46816,0 0.html) that "Sen. Judd Gregg (R-New Hampshire) called for a global prohibition on encryption products without back doors for government surveillance."

Media reports have made it appear that Osama Bin Laden may have used encryption, but it is more likely that he relied on a lack of technology. According to the media, Bin Laden held face-to-face meetings in a private room rather than trusting that the communications channel was not intercepted. One journalist who has met him had some newspapers with him and Bin Laden is reported to have pounced on them and read them as he was so out of touch with the outside world.

Even if there is a ban on encryption products, older encryption products already exist without those back doors. Writing encryption software is not too complicated (Applied Cryptography is about $40) and terrorists and criminals are not going to worry about breaking yet another law. So who would this effect? Criminals? No. Terrorists? No. Penry, The Mild Mannered Janitor? Could Be.

Anyone can do a little research and find out that there are other techniques that cannot be legislated against that are just as effective for secret communications.

Ronald Rivest, one of America's foremost cryptographers published a paper in 1998 called "Chaffing and Winnowing: Confidentiality without Encryption." (http://theory.lcs.mit.edu/~rivest/chaffing.txt) In it he describes a method for plain text communication which does not rely on encryption to hide the message. He then goes on to add more twists to the method, which mean that if someone demanded the actual message you could give them a completely false, and presumably inoffensive, message.

If that wasn't enough to make legislation on encryption pointless, then steganography, the practice of hiding one message inside another, could be used either independently or with "Chaffing and Winnowing". It is possible for messages to be hidden within pictures, movies, sound files and even Stream of Consciousness-like poems easily. The sophistication of some of the programs is astounding. One program (http://www.outguess.org/) actually performs a statistical analysis on the image first to ensure that in hiding the message it does not modify the image too much.

There are numerous other non-technological techniques that could make this law pointless. For example, the terrorists could choose a book, say Hamlet, and spell out their message with the words or letters in that book. A message like "42 23 17 65" is not going to mean much to anyone until they know that in a specific edition of a specific book they should read the twenty third word on page 42, the 65th word on page seventeen... and so on.

They could use a simple code where phrases mean certain things. So "I went to see the new production of Oscar Wilde's Importance of Being Earnest" might mean "The birthday cake arrives tomorrow". As long as only the parties involved know the code phrases, and their meanings this kind of communication is impossible to break.

If encryption software without back doors is outlawed, what will terrorists do? If they're paranoid they'll use illegal encryption to encrypt a code phrase, hide it in an image, and then mix it with several completely innocent, and some totally random streams using chaffing techniques.

That way, by the time the NSA have worked out which streams contain real messages, figured out that one or more of the images contains a steganographically hidden message and broken the encryption on it, they will have wasted weeks in order to get a perfectly normal sentence that isn't going to mean anything to them anyway.

In that same period of time, several companies who are obeying the law and not using encryption will have had their company secrets stolen by other companies, as they couldn't encrypt confidential messages between two of their office. The French Secret Service was known to pass trade secrets to French companies when the French government was strictly controlling encryption. Add to that the many completely innocent uses of encryption for security and confidentiality: communicating with banks, logging on to remote servers, protecting medical records, implementing Virtual Private Networks and so on. Banning encryption that the government can't decode is more likely to cause harm to the law abiding citizen than it is to stop or reduce terrorist or criminal activities.

In short, any attempt to regulate the free flow of ideas, whether encrypted or unencrypted is only going to hinder law abiding citizens, and effectively punish them, without providing any additional safety. Remember that these highjackings were very low tech, no computers were hacked, no high technology weapons were used, just people armed with knives and the willingness to die.

Remember the movie "Sneakers" ?

[cOdEgUru]

Maybe NSA has an encryption breaking scheme hardwired in to a chip, and all that takes is a blind guy with a young hacker to flip switches to decode all encrypted streams of data.

But seriously, thats probably what NSA/CIA/FBI has told the Congress and Senate before they got their approval.

What they probably might succeed at is that they would listen to traffic inbound from suspected terrorists / rogue states(god knows how they plan to figure that out) and try to descramble every piece of information. More of a scenario like, with ten thousand monkeys clammering on their keyboards, atleast one has the probability of writing a Shakespeare sonnet. So what do we have, some vague FBI spook listens in on data suspected to be a list of political leaders to be assasinated, and instead accidentally snoops on a recipe for Apple pie.

God Bless America.

Re:Remember the movie "Sneakers" ?

That must be some damn good apple pie if the recipe is encrypted ;)

Non-Compliant Crypto Programs

[stuffman64]

What is to stop people from writing thier own crypto programs, avoiding alltogether the need for a backdoor? If I wrote such a program, all I would need to do is snail-mail it to someone. We could communicate without worry of being monitored. Are their legal implications to doing this? If the FBI somehow figured out how to break my encryption scheme, would they be violating the DMCA?

Re:Non-Compliant Crypto Programs

Exactly - even if I wrote my own program that was horribly slow, if I really wanted to get something out there I would just deal with the time it took to generate keys or encrypt/decrypt. The basic math for these crypto systems is out there, so if you're dedicated enough, you can implement them yourself and have a nice clean, no back-doors crypto system.

Stupid congress people thing they can actually do something about cryptography....

Re:Non-Compliant Crypto Programs

Writing good crypto algorithm is difficult.
Writing software that does encryption from well know strong crypto algorithm is easy...

What stops me from using publically available binary files (eg. porno etc) and using the bit stream as a one time pad that is used to XOR my data encrypted by the goverment approved alorithm ?

Several options

[jd]

• Key Escrow, where some percentage of the private key is registered with the Govt.
  
• Synonyms (which requires weak algorithms), where a third "key" is generated, which is different from, but functionally identical to, the private key. One way to do this is to fix certain bits. This was accidently done in some early SSL implementations for Netscape.
  
• DH duplicates, where key exchanges are automatically forwarded by the hardware and/or software.
  
• "Skeleton Keys", where the hardware logs the keys used, and transmits them on request.
  
• A requirement to use Microsoft encryption code. Ooops, sorry, already covered. :)
  
• Plain-text logging by hardware, prior to all encryption, available on request.
  
• Requirement for HW manufacturers to build TEMPEST into all machines, with images forwarded.
  
• Keyboard loggers mandatory on all machines, with data stored and/or forwarded.
  
• A return to mainframe-style machine operation, where everything is handed over to approved operators. (So THAT's why certification programs are so popular....! :)
  
• A ban on all privately-owned computers, with all machines becoming dumb terminals to a central machine. One box to rule them all, and in the darkness BIND them...
  

Interesting turnaround...

[aralin]

So while many years it was illegal to export more than 56 bit encryption out of USA, now it will be illegal to IMPORT the same :)))

Wake up, America, the world is laughing at you.

How they'll *really* work.

[osorronophris]

The largest problem with mandating this is, of course, all the crypto that's already out there in the wild. What good is forcing backdoors when existing crypto is still relatively secure?

Fear not, good government. There is a solution. A beast exists called the "Outlook Virus" with such hypnotic power that no such matter of man or woman can contemplate not doing its bidding. Having seen the effectiveness of these, the crypto backdoors will most likely take the innocent seeming form of:

Fromt: 313373_98751@hotmail.com
Subject: ILOVEANAKOURNIKOVA --- XXX PIX
Attachments: virus.vbs

1 0wNz j00 5uX3R

Just recrypt...

[elemur]

The simplest problem is to assume that a fully functional key escrow system is deployed or that a backdoor/trapdoor encryption algorithm is generated. What if I pre-crypt my data in another algorithm, before encrypting it in the other system? Then I'm transmitting a valid (and legal) message.. but it would have to be decrypted and extracted and analyzed before any determination could be made. Of course, using stenographic techniques to hide the pre-crypted data in an image/etc would make it impossible to detect. And, since you are using the approved system, there isn't even a question of wrong doing.

The issue is meaningless

[UnrefinedLayman]

The issue is meaningless. The number of encryption programs out there, from Jim-Bob's Homebrew UltrAlgorithm, to PGP versions 1 through 7, is just staggering. In order to stop the use of non-authorized encryption programs, the government would have to either ban their use and have it be punishable by quite a hefty fine or imprisonment, or remove them from existence.

How many John Ashcroft's with jackbooted thugs do you think there are? They're not exactly going to go kicking down the doors of every person who uses an encryption program, nor are they going to damage the business sector by restricting use of encryption; even SSL would have to be modified on every web server from the -open source- Apache, to Microsoft's IIS. It's hard enough to get IIS system administrator's to patch their machines against exploits, do you think they'll really add a patch that would weaken security? Do you think knowledgable Apache administrators would install a patch and turn around and tell their customers and visitors that even though encryption between the website and customer is secure, the NSA has complete and total access to it?

Even further, the volume of open source encryption products is staggering. If the government did manage to force Network Associates, one of the biggest encryption providers out there whose business would be nearly gone without it, to modify the now-closed source PGP 7, the source code for PGP 1-6.5.8 is still out there. Even patched, it can be recompiled and reinstalled.

But why would we need to recompile and reinstall? Any server located in the US would need to do so if such daring legislation were passed, but www.pgpi.org isn't located here, and its express purpose is to provide encryption worldwide, freely, to anyone that wants it from any country.

People who would use encryption for "evil" purposes wouldn't bend over and take it from the government; in fact, these people would stop and think to themselves, "HOLY SHIT, Uncle Sam will be listening in on my encrypted conversations, and I'll be drawing attention to myself by even using encryption! Since few people use encryption, they only need to decode a small amount, which means I'll be caught in no time flat!" In other words, if you know you're being watched, you don't put your hand in the cookie jar. You get your cookies some other way--any way--and when the cookie jar is the size of the Internet, there are a lot of paths to the cookies, with a lot of roads around watchful eyes.

What is the purpose of key escrow/backdoors? The people demand action, and congress is giving it to them. The CIA and NSA say that with broader powers and the permission to get into encryption, they could have prevented this. The truth is, if ten years ago it had been forced upon us, it still wouldn't matter, because the products would still be made, because there would still be a demand. And if it happens today, the products will still be there whether or not there is demand. It's a saddening thing to note that congress is rushing into action, when the express purpose of the representative republic in the United States, as written through the constitution, is to delay the will of the mob so that decisions, especially those that infringe upon freedoms (constitutional freedoms, as well), are not made in a rash and emotional state. Unfortunately, rather than debate, the congress swept aside their knowledge from constitution college courses and rushed to give the president full military force to do whatever he sees fit, and are now rushing to squash civil liberties. Living in a prison free from attack is still living in a prison.

This is the exact same thing...

[WD_40]

as anti-gun legislation. The bad guys don't play by the rules. You put backdoors in crypto, they'll use their own. You restrict or outlaw guns, you take them out of the hands of honest citizens and the bad guys still get them anyway.

Government by nature is always trying to expand it's control and power, this is just another example of that.

Re:This is the exact same thing...

Jesus Christ, stopping whining about guns. In order to blow the shit out of things as is your way, you only have to register your gun, not give up your first born child.

What you're whining about is the fact that you can't kill someone with a gun without it being traced back to you. Well boo fucking hoo. I know I'm crying in my beer for you.

Re:This is the exact same thing...

heh. That's what I thought. Silly gun nuts.

Re:This is the exact same thing...

[wbtittle]

I thought this also until some right wing gun nut pointed me back to the constitution and the bill of rights. I went home and read it again. It is remarkably simple.

Jefferson made sure that we could own weapons, not so we could protect each other from ourselves, but so we could protect ourselves from the government.

You are the head of a Nation. Your populace has weapons. Happily, one of your predecessors managed to get the people to submit to registering all firearms. Look, it is a list. I wonder what you could do with it if you decided that the people might revolt against you.

Would the government, then, be violating DMCA...?

[edashofy]

Presumably, the emails and other stuff I write are copyrighted by me, whether I do it explicitly or not. Therefore, if the government wants to break or otherwise undo my encryption, they're in violation of the DMCA, right?

Detecting encrypted messages vs. Random bits

[ph117]

With a good encryption algorithm the ciphertext it produces should closely resemble random bits (that is, it should have all of the properties of random bits). It is likely that encrypted messages have some kind of standard header (which might be a recquired part of the protocol).

The thing is, who is likely to send large volumes of random text across the internet? Compressed data shares many properties with random bits, but it's usually identifiable by standard headers.

There's actually a lot that can be derived from communications, even if they are encrypted: details of the sender/receiver pair, the time/date that messages were sent and the size and frequency of the messages are all useful information to eavesdroppers. I'd bet that one of the tasks of Echelon is to build up huge networks of sender/receiver pairs for further analysis, even if the contents of the messages are encrypted.

Re:Detecting encrypted messages vs. Random bits

[TheSHAD0W]

This changes drastically if low-end crypto, even backdoored crypto, becomes used routinely for email traffic.

There are two reasons for this: First, it takes a significant amount of CPU time to break and decode an encrypted message, even if you have retrieved the key from the escrow agents. Decoding the traffic to and from a few selected email accounts is one thing, but having a system decoding and monitoring routine traffic is another matter entirely.

The second reason is that, if you take a message that's been encrypted using a military-grade cryptosystem, and then encrypt those results with a weak system (such as DES-40), it is impossible to tell that message apart from a routine message only encrypted with a weak system without decrypting both. In other words, there is no way to casually monitor lightly encrypted message traffic and pick out the people using unlawful encryption.

As a result, if weak encryption becomes common, people who wish to keep their messages secure can do so without tipping off the law. It is only if you are already suspect that your use of high-grade encryption would be discovered.

Answering The Question

[Steve+B]

How Would Crypto Back Doors Work?

1. The government requires the publishers of crypto software to install some sort of digital "skeleton key".

2a. Corrupt politicians use the back door to dig up dirt on their political opponents, like Filegate and COINTELPRO.

2b. Crooks compromise one of the agents who knows about the back door, and use it to forge big money transfers to themselves and a free ticket to the Cayman Islands.

2c. Terrorists get hold of the back door, and use it to forge all sorts of false communications to create chaos.

2d. An 3133t hacq3r d00d cracks the back door, and uses it to replace your bank records with a picture of Natalie Portman engaged in topless grits-wrestling.

Oh... you meant to ask how crypto back doors are supposed to work? Ask the people who came up with this hare-brained scheme.

Any number of ways...

[yggdrazil]

Crypto back doors could work any number of ways.

* Not use all possible bits in the algorithm (ie, only use 40 of 56 bits in DES, and always leave the last 16 bits zeroed out.)
* Flawed random number generators (flawed in a way they think only NSA would know about)
* All crypto keys must be generated by some authority, and of course, kept there.
* Algorithm is designed to have an internal weakness, or is implemented in such a way
* Symmetric key used to encrypt plaintext is encrypted with assymetric algorithm for both recipients and some agency
* etc... It's easy to weaken crypto. It's good security that is hard.

All in all, strong crypto is much more important for us in western democracies, because we are much more reliant on technology and communication. Outlawing strong crypto would only shoot our own security in the foot, and leave our own doors wide open, while terrorists still would have perfectly good crypto and steganography tools which they of course still would use.

key escrow functioning

[TheSHAD0W]

The way key escrow systems work is the decryption key is encrypted using a new randomly generated key. (This can be repeated for keys to be escrowed with more than two entities.) The new key(s) and the encrypted decryption key are then sent to different escrow agents. Since both the encrypted key and the key(s) used to encrypt it are required to recover the decryption key and decode messages, it requires the cooperation of all the escrow agents to gain such access.

All that is left is a method of preventing people from using key sets that haven't been escrowed; this can be done by designing cryptographic hardware to only use keys that have been digitally signed by the authority that generated the escrow keys.

Note that when using a general-purpose computer to perform encryption and decryption, there is no easy way to prevent people from using unescrowed keys. Software designed to check for such things can always be patched and disabled.

Definitly not escrow.

[MarkusQ]

An alternative to direct key escrow is the system used by Lotus Notes for their export versions a while back. Known as a "Work Factor Reduction Field", it's some fractional part of the key (Lotus used 24 of the 64 bits in their keys), encrypted with a system-wide key (usually half of an asymmetric key pair) and included in the transmission.

The problem here is that this system-wide key now becomes the sweet one-stop-shopping target for crackers that the whole escrow system seeks to avoid.

-- MarkusQ

Re:Definitly not escrow.

[87C751]

The problem here is that this system-wide key now becomes the sweet one-stop-shopping target for crackers that the whole escrow system seeks to avoid.

No doubt. But the escrow databases are also a sweet target. There is no non-problematic way to institute GAK.

Re:Definitly not escrow.

The Notes "Work Factor Reduction Field" is in escrow with the NSA, by the way (according to a technote they put out.)

How it will really work

[r_j_prahad]

In theory, a keylist will held in escrow by a division of the Supreme Court, and only released to investigators who can satisfy the same criteria needed for an ordinary wiretap.

In reality, the keylist will be posted on alt.hackers.malicious within 24 hours of being delivered under seal to the Supremes.

How to defeat encryption.

[dave-fu]

1) encrypt your original message
2) run it through Spam Mimic or something of the sort
3) send the encrypted, spamified message along

Bloats the message up? No question; it's also undetectably encrypted in plain sight.

+1 Hackish on the MQR standard

[MarkusQ]

From an export point of view, strong encryption is considered "arms". Last time I checked the constituion, we have the right to bear arms and that right cannot be infringed. Perhaps we need some help from the NRA??? ;)

In the spirit of free-as-in-chaos, I have instituted my own private moderation system. Under this system, I hereby give you +1 Hackish. If more people thought like this the world would be a much better place (IMHO).

-- MarkusQ

A greater question.

[Xenopax]

Who is this "govement" was and why they are concerned with "wether"?

Too many formulas

[scott1853]

I'm sure echelon can handle ROT13, but can it handle ROT14. One problem is a minor change in the encryption formula can make the governments efforts futile. Rotate the bits right, rotate them left, invert them, invert the high 4, rotate the low 4, there's lots of combinations. Even if they programmed all the different variations in, it would take a bit of time to process a single e-mail.

What about encryption formulas created in other countries? Didn't we just get past the point where we can export basic encryption. Are they going to ban importing (maybe they already did, I don't know).

I don't know the answers, unfortunately, neither does the government, but they're gonna pass some laws anyways.

Re:Too many formulas

[(void*)]

Actually, doing such things very likely makes the scheme vulnarable to crytanalysis.

Re:Too many formulas

[scott1853]

Explain...

Re:Too many formulas

[(void*)]

I refer you to Donald Knuth's Art of Computer Programming, Volume 3, where he talk about pseudorandom number generation. Although cryptography is not random number generation, many of the principle are the same. One thing is that choosing arbitrary operations to perform on an encrypted dataset does not necessarily strengthen a cryptographic algorithm.

Wouldn't this put CA's out of business?

[steevo.com]

If there were central government "escrow" crypto escrow, where is the need for a third party Certificate Authority?

All privacy issues aside, I think that VeriSign would not be happy with this arrangement.

Re:They won't help (solution)

[ciurana]

One-time pads + encryption du jour.

See Applied Cryptography 2nd ed. pp. 227-229 "Hiding Cyphertext in Cyphertext" and "Destroying Information"

E

E

Relevant Articles

[thrig]

Bruce Schneier has all sorts of stuff to say about crypto in "Applied Cryptology."

See also his webpage search thingy, which links to a bunch of articles specific to escrow.

The DMCA connection

[ocie]

The government really has no choice. Breaking encryption is now illegal, so these backdoors are the only way for them to try and read encrypted messages.

two algorithm

Simple. The government knows an unpublished
algorithm which can decrypt data in much less
time than the published algorithm. It is all
about mathematics.

F**K encyrption!

[Cro+Magnon]

If I were a terrorist I'd just send a plaintext message. "Achmed, meet me at the WTC at 9" Everything's out in the open except exactly what I meant by "meeting me" and the govt still wouldn't get it until after the fact. Assuming they even read the message.

Re:F**K encyrption!

[josepha48]

This is actually the best form of encryption.

Noone really knows what you mean....

Haven't you ever seen the movies.. the sky is pink.. it is a beautiful day to die.. but the birds are singing.. yet the clouds are gray.. sure it means nothing in an email, but if you have some secret "decoder ring" then these sentances can have new meanings.. meanwhile the FBI, CIA are all wondering why Akmed is talking about the F**k*** sky...

I remember hearing that in WWII they used other languages, like some american indian language to do encryption..

Re:F**K encyrption!

[Derleth]

I remember hearing that in WWII they used other languages, like some american indian language to do encryption.

They used Navajo, hence the Navajo Code Talkers. They were very highly regarded. At Iwo Jima, Major Howard Connor, 5th Marine Division signal officer, declared, "Were it not for the Navajos, the Marines would never have taken Iwo Jima." [Taken from the first link on my list.] Good websites are easily findable on Google:

The Navajo Code Talkers

Navy's FAQ on the Code Talkers.

Navajo Code Talkers' Dictionary Scroll to the end to see the Marine Hymn translated into Navajo.

The Code Talkers have their own permanent Pentagon exhibit.

still useful

[AnhZone]

Granted such a backdoor is useless against a skilled user trying to encrypt their data - they will just use a different algorithm without a backdoor.

An encryption backdoor still could be useful for law enforcement if, for example, in the future email is encrypted as a matter of course (which seems inevitable). Then a backdoor would allow easy access to email that was encrypted without special user effort, but is still slow to access without the backdoor.

This seems like a reasonable tradeoff - more secure email for daily use, but law enforcement access with a wiretapping subpeona. Paranoid users could still encrypt their messages with other algorithms before the standard email encryption was carried out.

Re:still useful

[dachshund]

This seems like a reasonable tradeoff - more secure email for daily use, but law enforcement access with a wiretapping subpeona.

But it's 180 degrees from where Congress wants to go: reducing the use of all encryption, or making it all hackable. Under our current system, the vast majority of email is unencrypted. This is great for law enforcement, as Carnivore can keyword-search through oodles of it without spending a lot of cycles decrypting. It is absolutely not in the gov'ts interest to promote any encryption standard unless they're prepared to make it the only standard.

Some good side effects

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?

Arguably, you'd have to supply the specs of your proprietary financial datafiles so the feds can decode it and see that's it's not an encrypted stream.

Therefore Microsoft will have to release the complete specs of their various file formats, because of course opening a .doc file in MSWord isn't sufficient to check it, the real data could be hidden in legacy substructures that just don't show up on the screen when you open the file.

A Simple Workaround

[jgerman]

It's easy enough to defeat the backdoor. Double encrypt your message. Once with software that the government does not have a key for and again with the approved method. This way any message that you send will look like gibberish when decrypted with the government key. This will have the added benefit of foiling sniffers that route messages encrypted by un-approved methods to an agency that sorts through them.

The root of this problem is that it can never, EVER work. Mainly because we have freedom of speech, they government can pass as many laws as it likes on legal encryption but they can't enforce them. Think of the civil-disobedient potenial. You could get thousand of people to send random encrypted gibberish to one another. Just because the government can't understand it doesn't make it illegal, what's the difference between that and encrypted meaningful information. The answer is none. This is all simply a case of communicating in a language that the government doesn't understand... all well within our rights.

Doesn't necessarily show ignorance

[hammy]

This proposal doesn't necessarily show ignorance it may in fact just show incredibly callous calculating cynical attempt to pass this ridiculous legislation. Under normal circumstances this legislation probably wouldn't pass but by saying it's "anti-terrorist" they'll be able to get whatever legislation they want passed. Who's going to vote against "anti-terrorist" legislation?

I'll say it again

[famazza]

As already said. This will affect only the normal user that has nothing with illegal pratices. All it'll do is get information about what normal people do.

Major terrorist will find a way to skip this dam pseudo-protection, if they can come to a country like US steel 4 airplanes and crash two of them at WTC imagine what can do! We techies know that it'll not work, and will only spend money that could be spent in a more intelligent way.

I wonder, do they have any kind of technical consulting?

Counterpane

[swagr]

Counterpane, a.k.a "Bruce Schneier's Headquarters" has an article about using a deck of cards for encryption here.

So I guess even playing a game of bridge will get you thrown in jail.

Add as part of SSCA hardware

So that way we fight terrorism and MP3 sharing at the same time?

Oh my god!

[juha0]

How about rot13? I guess you can only break that one with brute force, so using it would be illegal!!

The real question is...

[eam]

How will the US government convince terrorists to use crippled encryption?

Two copies of session key, separately encrypted

[Sloppy]

I have no idea if this is how the usual "key escrow" proposals work, but here is a way to do it:

The software generates a random session key, and block-encrypts the plaintext with it. Then it stores two copies of this session key along with the ciphertext. One copy of the key is encrypted with the user's secret key. The other copy is encrypted with the Big Brother's public key.

The decrypt the message, a "normal" user, who knows the user's secret key, uses that to get the session key, and uses the session key to get the plaintext. If Big Brother wants to read the message, he uses his private key to decrypt the other copy of the session key, and reads the plaintext that way.

Detection and the realities

[adturner]

Detection of encryption is generally pretty easy- while the data is random, generally you have headers/footers which make it obvious.

Of course, more sneaky people could easily strip the headers and send and the reciever put them back (generally the headers are pretty static).

Even more sneaky, would be to use a form of stenography which places the encrypted stream inside of a music, image, or movie file (mp3, jpeg, etc).

The reality though in my opinion is that key-escrow is doomed. Just too complicated/difficult to do/enforce. It's a lot more effective to just say "Give us your key or we'll throw you in jail for obstruction of justice until you do." At that point it's basically up to you to prove you don't have the key. (And how does one go about proving you don't know or have something anyways?) And from the government's postion, they prolly don't really care if you ever give it up- you're already in jail.

The reality is that there's enough strong encryption available today that doesn't have back doors that there's nothing to prevent criminals from using that. If they're smart enough to use encryption, they're not going to be dumb enough to use encryption that they know the gov't can break. All it does is criminalize perfectly law abiding citizens.

Two potential ways

[JohnnyX]

There are basically two ways that the government could implement crypto backdoors.

Option 1 (think Clipper Chip): The algorithm used to encrypt data has what is, in essence, a universal key. This can be done by not randomizing the full key. If the NSA/FBI/CIA/DoJ has most of the key, it becomes trivial to crack the rest.

To elucidate: Say we have a 25 character key. A random 25 character key would look something like:
jduHF456&#$HOUIMNYY$%#*kh
A quasi-random key would look more like:
SecretNSAPartJ788%$#%':kq

By knowing the first 12 characters, the NSA only has to crack through brute-force the last 13 characters.

Option 2 (escrow):
Whenever one generates a key, a copy or a complementary key is also generated, and held by the FBI/DoJ/CIA/NSA. If warranted, they can pull the key from escrow to decrypt messages you've encrypted.

Key escrow in general can be a good thing, say if one loses a key, or has it stored in a place struck by fire. Then one goes to the escrow agent, and all is well. This of course adds compromise risk, since there are now multiple copies of the key, only one of which is under your direct control.

The point that people are trying to make is that those who are likely to use encryption to do "bad things" are unlikely to use encryption products that are backdoored or have escrow features built into them.

Yours truly,
Mr. X

...hope that helps...

Another use for Linux on Linux

[dmaxwell]

Run a honeypot using Linux on Linux and give the government the keys to that. One could furthermore have the overall system (which is still secure) page the owner when the government key is used. Even better, there will be nice logs of anything nasty they tried to do while they were in there. I love the idea of posting one of their "high tech secret" keysniffers all over USENET. The idea of the goverment wanting secret access to my boxen is ludicrous. If all else fails, I can transparently pass all traffic through a box that logs the hell out of any traffic passing through it. If I want to know when they're messing around with my boxen then I will. I will regard the government the same as a script kiddy: something to be monitored and contained.

I imagine the need for monitored and logged physical access is obvious too. The agents will look GREAT on camera when they suspect all of this and try to lay hands on the machines themselves.

Re:Another use for Linux on Linux

[John+Allsup]

The bit of the program that sends the key will have a hardwired public key (specific to you) and only the government (that issued you with the key) has the private key. They could then make it an offense to send an encrypted email that doesn't carry the requisite 'authentication' information that (a) authenticates who sent the email and (b) lets them quickly and efficiently look up the key.

Forcing the use of backdoors to encryption isn't so hard, the problem is eliminating the use of subtle forms of steganography.

It's called "Key Recovery"

[kbonin]

There's several ways to do it, for example:

#1 "Key Escrow" - All your keys are simply registered with big brother. To reduce the logistical nightmare, you would likely just register special backdoor keys used to encrypt the session key, which would then be included with the message.

#2 Big brother publishes one or more public keys, to be used to encrypt each session key, which is then included with each message.

The BXA/NSA guidelines for getting permission to export strong crypto include full disclosure on your data formatting, headers, compression, etc. The review process includes submission and approval of test vectors.

It should be noted that once these are required by law, compliance testing could be automated by building systems holding the private keys and testing recovery on live data.

It should also be noted that since (1) no terrorists would use such software; and (2) terrorists are already using steganography to obscure their encrypted data from trivial recognition as ciphertext: This entire effort will have ZERO impact on real terrorism. Its just an attempt by the NSA/FBI to retain their historical ability to eavesdrop trivially on all ordinary civilians everywhere without warrants or oversight. Last weeks events were just the pretext they've been waiting for. Anyone telling you different is ignorant or has an agenda...

Manlobbi and the One Time Pad

Suppose Osama Bin Blownup sends an operative over to the U.S. with a list of random numbers shoved up his nether regions.

One day, Osama calls him up and says "21 4 8 34 7 41 10 19 22 6 etc." Manlobbi adds these numbers to his sequence of random numbers, destroys part of his list and then destroys the message. There is no software involved in this at all.

After recording and tracing the phone call and realizing that Manlobbi is a terrorist, the FBI hauls him into court, and demands that he reveal the contents of the message. He can make up anything he wants and there is no way to verify it because the list of random numbers is destroyed.

Now, instead of reading numbers, suppose they just have a conversation about cricket or football, where various words represent numbers. You'd have a tough time of even convicting someone of using encryption (assuming that you could make it illegal).

Re:Here's what I said to my political representati

Writing encryption software is not too complicated (Applied Cryptography is about $40) and terrorists and criminals are not going to worry about breaking yet another law. So who would this effect? Criminals? No. Terrorists? No. Penry, The Mild Mannered Janitor? Could Be.

So, what you're saying is "If encryption is outlawed, only outlaws will have encryption!"
Didn't you use to be with the NRA? :-)

or just send all your emails in Navajo

[abde]

anyone have any open-source Navajo language extensions to Pine or mutt ?

Not convinced

[Juju]

Hmmm,I think it could still work since most people would use the "standard encryption", they would be able to brute force the remaining encrypted stuff.
If only terrorist/criminals use encryption, they will also be easier to spot and track down.
It encryption becomes illegal in the US (which is what such a law would do) then they will be able to find people who use it...

But I agree that it is not possible to prevent people encrypting their message in some other way (like sending a mirror picture with the message writen on it in a small corner). Even if it is readable, chances are very low it would be found.

Re:Not convinced

[fatpenguin]

It would help nothing to detect terrorists.

The terrorists just have to encrypt their mails with a secure algorithm first and afterwards with the key escrow system.

All the government can see now is some legally encrypted mail. If they want to decrypt it, they need some kind of search warrant. If they have a terrorists under suspicion, they'll of course get such a warrant. But they will still not be able to decipher his message, because he also used a secure encryption scheme.

So what? Are they going to sue him because of the use of illegal encryption technologie? Nothing could be more stupid than that. He would instantly know that he is under suspicion. Of course his terror group would be warned too, and they could safely work out some alternative plan.

But for spying on average joe, such a legislative is good enough. And it looks like that's the real intention of some politicians.

Re:Not convinced

[Jason+Earl]

You must really think that terrorists are stupid. It would be a trivial matter for the terrorist to encrypt their information with real encryption (say GPG), and then encrypt it with the government sponsored fake encryption. The message would look like any other encrypted message, but the government still wouldn't be able to read it.

This also assumes that the terrorists aren't using stenography of some sort to hide their messages in pictures.

In other words the government's ant-crypto plan would only work against everyday, standard, run-of-the-mill, law-abiding, citizens. There is no way that key-escrow, crypto backdoors or any such measure is likely to work against terrorists. Unless, of course, the terrorists were blatant amateurs or idiots (in which case you could probably catch them without crypto back doors). The question then becomes. Why is the government so interested in spying on normal citizens? They know that the terrorists have crypto that they can't break; they likewise know that these terrorists are not likely to give up the use of this crypto.

My guess, because I am not overly paranoid, is that they are simply passing the law to make people feel better. Normal citizens will believe that these laws help combat terrorism, and they will sleep better (even though they are not really any safer).

It has also been shown that the U.S. does fairly extensive spying on legal (but non U.S.) corporations. Since the U.S. writes the bulk of the software used in the world, U.S. laws against strong crypto guarantee that law abiding corporations in other countries are all of a sudden vulnerable to the U.S.'s prying eyes. Since this type of activity is probably good for the U.S. economy, I would say that it is a bonus.

My European friends, on the other hand, would probably disagree. That is likely the reason that the German government is paying for the development of GPG.

Re:Not convinced

[dachshund]

My guess is that the long-term goal of this law is to slow and even eliminate private crypto research, and the development of new cryptosystems. With the hope that the existing systems will someday succumb to routine attacks.

This may not be the headline of the legislation, but I'll bet there'll be strong new restrictions on crypto research somewhere in the bill. This could eventually (say, 10 years from now) render terrorists' existing technology breakable. Although to make this ban effective, we would have to have cooperation from the rest of the world, and that's a little bit scary to think about. It'll be a nightmare for industry, as well. I hope some of the lobbyists get to work soon.

Re:Not convinced

[Jason+Earl]

Most commercial crypto research is currently being done outside the U.S. because of the U.S.'s past beliefs about exporting crypto. All such a law would do is guarantee that foreign nations would be first to have the advantage of new crypto research.

There is no way that "the rest of the world" is going to give up crypto research. Especially since there is no good way to make mathematics illegal. If the U.S. gives up on crypto research we will simply make way for some other country to move to the forefront.

What is more likely is that the U.S. simply wants to be able to continue to spy on non-U.S. companies that rely on U.S. software. They've done it before.

Re:Not convinced

[broter]

• My guess...is that they are simply passing the law to make people feel better.

Very insightful!

The only thing that concerns me is that this is about the same package they were planninng on pushing in the late 80's and 90's after CALEA.

I'd really like to know the mechanations behind this. I remember reading in the "Electronic Privacy Papers" that NSA/FBI was planning on pushing a ban on non-government encryption domestically after getting their CALEA wishlist from Pres Clinton. That didn't pan out.

What I find funny is that it's the media that's doing the pushing for them now.

-RB

Re:Not convinced

[peter]

> Are they going to sue him because of the use of illegal encryption technologie?

No, but that extra circumstantial evidence (that the sender had something to hide, thus she used illegal enc. inside the legal enc.) tells the feds that this is definitely someone to keep an eye on. They'll probably send in human spies after that, to see who she meets in coffee shops, etc.

As long as the penalty for using illegal encryption is harsh enough, not enough people will defy the law to achieve privacy, so use of illegal encryption would indicate someone worth spying on further. Needless to say, it would really suck to go to jail for a year for using SSH. (what if I SSH to my terrorist-friend's computer, and use talk(1) to communicate...)

However, I think steganography and/or chaffing are sufficient to make the above a moot point. If terrorists limited themselves to PGP inside weak-gov-cipher, then this would help. They're smarter than that.

Well how about this?

Privatize it. Make it illegal to use a key without giving it to someone else (probably a service) for archival first. The government would probably provide one of these on its own, but who trusts them. The benefit of having a private organization do the escrow is that they won't release the key without a proper subponea, and if they do, they will tell you about it.

As for the technical aspect of it, it really isn't all that hard. Just generate your public/private keypair, send them the public key, they create a random session key and send it to you, you open it up with your secrect key, encrypt you secrect key with it and send it back. How they store the keys as to not be hackerbait is their own problem. Those that do it better than others will get more customers. Perhaps some sort of n-way split, so that at least 4 out of 5 pieces must be retrieved from different locations with independant security to recover the key.

This way the government can get its keys, but is kept in check by the public nature of acquiring that key. They can't spy on your future, only your past. Of course, it won't actually do anything to stop the bad guys from using encryption and just not surrendering their keys. Especially if said bad guys aren't in the same country.

How they work

[bhurt]

Baiscally, the method the crypto backdoors work is by putting a known, designed-in weakness into the algorithm. For example, it could leak key bits into the encrypted stream. The goverment could then pick the keybits back out of the stream and use them to either directly decrypt the data, or use it to simplify a brute forcing ("OK, we know what a 112 bits of the 128 bit key are- know all we need to do is brute force the last 16.")

There is an obvious problems with this from the cryptological angle- the encryption algorithm has to remain secret. Once you figure out the encryption scheme, and notice where the key information is being leaked, you too can take advantage of the back door. It's the classic problem with master keys- once they get out and get duplicated, it quickly becomes worthless to have the locks. So not only do you not dare publish the algorithm, you do not dare let anyone reverse engineer it.

I just don't understand this idea in any way.

[patter]

Ok, so let me get this straight... The US government wants some way to be able to penetrate any encryption scheme that is devised.

Fine, us Canadians would likely go along with that, same for many friendly countries.

However, what is to say that terrorist groups won't then hire their own cryptography experts, get them to devise a new method, and then use that?

The end result is that we've given one government carte blanche to snoop into our private affairs (I believe in privacy, but am not a fanatic), and the bad guys still get to hide their stuff. Doesn't make sense to me. Maybe I'm just naive about cryptography, but I dont' see how this will help.

It's sad to say that anyone who is sufficiently resourceful cannot be stopped by sacrificing everyone's right to privacy. We have to put pressure on governments world-wide to stop harboring terrorists. period. Cryptography is not the problem, countries who don't recognize these criminals against humanity are.

That's my little opinion anyway

The back door doesn't need to work

[mikey504]

The government may not necessarily *need* to decrypt the data.

If someone encrypts an encrypted message as you suggest, he can be locked up just for hiding the message content. No need to prove he is a terrorist or mob boss-- we can just lock him up for refusing to decrypt his message for us and prove his innocence. It is this reversal of a fundamental principle (innocent until proven guilty) of our justice system that troubles me the most.

"Suitable" penalties for refusing to turn over encryption keys that really work to retrieve clear data could make any protection afforded by encryption moot.

Re:The back door doesn't need to work

[Gregoyle]

Whups, you guys just destroyed the key when you seized Tim's box. He has forgotten his password. He is a member of a terrorist organization who is willing to die (or go to prison) for his beliefs.

The purpose of gathering intelligence is not always to convict a criminal, often it's to get his compatriots or to leave open an intelligence channel that can be exploited at a later time.

Making it illegal to encrypt your data with unbreakable methods is something not very likely to happen. Holding someone in contempt of court for not supplying the key for evidence is much more likely. This doesn't help when you are intelligence gathering, though, as I have previously stated.

Re:The back door doesn't need to work

[Don+Sample]

So if I don't like John Doe I start sending him messages encrypted using an illegal encryption technique, and then phone in an anonymous tip to the local FBI saying he's a terrorist, and if they check out his computer they'll find a bunch of encrypted files proving it.

The mere fact that he has these encrypted messages sitting in his "deleted messages" folder, and won't tell the authorities how to decrypt them makes him a criminal.

Re:The back door doesn't need to work

TT: "...no really, my Outlook Express glitched and put random data on the end of my message. I can't decrypt it for you because it is random junk. "

Court: "ummmm... off with his head!"

TT: "uhhh... its Aunt Bessie's chocolate cake recipe... give me the message and a couple of days to come up with... err... remember the 'encryption' routine. By the way, do you have a chocolate cake recipe I could take a look at?"

It won't happen

[Vainglorious+Coward]

Raising the spectre (again) of backdoored crypto or escrow is simply kite flying; it's part of a wider set of measures which will be loudly trumpeted (if not implemented) to give reassurance that something is being done about "security". I have a dollar here says it will never be put into practice.

Recall why the crypto export regulations were lifted in 2000? Because US corporates were screaming that they couldn't compete globally, nor could they secure their communications with their foreign subsidiaries. There is a direct economic impact on companies if they are prevented from using crypto freely (and remember, the health of the economy is the single overriding most important thing to this administration, cf Kyoto et al). I can't believe that even with the lever of "terror prevention" that the gubmint can persuade corporate america to abandon crypto. And it *would* mean abandoning crypto - weakened algorithms aren't just "a bit less secure", they're nothing more than obscuration routines, and we all know the old saw about security and obscurity.

Summary : expect to hear lots of noise about this, especially from people who don't know what they're talking about. Expect even some "real" measures, changes in laws about wiretaps, immigrant detention etc. But I highly doubt that there will be a serious attempt to put the crypto genie back in the bottle. The administration simply isn't that stupid.

What's the point?

Even if the US gov't had crypto backdoors required in all US encryption software, people outside the US wouldn't use it.

It seems like the legislation is almost assuming that crypto software is only made in the US, or that the US is leading the field in encryption technology, or the persons protection is needed from are are US domestics, none of which are the case.

Encryption backdoors will not protect us from something like the WTC event happening again. Encryption is not required to stage events like that. Email is not required to stage events like that. It would be foolish to rely on encryption for it, in my opinion.

Look how low-tech the rest of the operation was. We don't have security measures for low-tech. How could this have been prevented if all the information was routed via trusted courier or in face to face conversations in unbugged areas?
Perhaps it was.

Why have crypto backdoors?

Fun begins with FU

[heliocentric]

I saw a presentation from a Dr. David Fu with the NSA and he talked (he had to get approval from his boss on the outline) about how one would look at a stream of data (radio pickup) and using statistic info, detect if this fits into the idea of "random" of if it falls into the other category. I would assume that real approaches use something beyond the simple math that was presented to our undergraduate minds, but I know it sure made me think. I didn't take notes at the time, but those of you in colleges and/or cool schools, contact the NSA and see if they might have a PR team, or a person working there who is a graduate of your institution who might want to come back and give a little talk.

E-mails or data

Since the standard of e-mails doesn't allow encryption of the header it's easy to see wat's random and what's a e-mail

It's really quite simple, really

[Water+Paradox]

Just use the back-door encryption method to send a file that's already encrypted without it. Then whoever intercepts it, decrypts it, only to find that it's encrypted even further.

Rinse. Lather. Repeat. I can envision a file that's encrypted forty-two times. Seems the only way to protect against this would be to make ALL ENCRYPTION except the backdoored stuff illegal. Whooh. Maybe we'll see that day, but it ain't here yet...

It is better to be a target

It is better to be a target and be free, than to be under strict control and be safe from terror.

govt measures call for citizen countermeasures

[abde]

to answer your question, the government backdoor would be the Secret Password : "joshua"

if the government tries to enforce this, just bookmark http://www.pgpi.com.

All I have to say about this is

[Dr.+Awktagon]

-----BEGIN PGP MESSAGE-----
jA0EBwMCqfZBng3VrnJg0nABTxB8dVsveql8FeH3E/0O50aY3/ X3Cw2z8/0wUj/3
umds2c5uH9w7ST4id0MwiWrCQ1qf81A+44SXhufxhkTQd0IAIm IA81RRhiqeL2uO
W+XE7EcSIhOrgnf2pwUm1rHpz6ey6gO3g+Vq4BvAEcNb
=6Njf
-----END PGP MESSAGE-----

Re:All I have to say about this is

[Defiler]

Please post your private key and passphrase so we can read your message.
Thanks for your cooperation.

Re:All I have to say about this is

[gid]

I think his point is that you can't read it. Very good encryptions schemes already exist, and no matter how you hard you try to outlaw encryption schemes, there's absolutely no way you can get rid of already existing/working programs. I have pgp and debian backed up on cdrom, just try and take that away from me. There's no way the computer saavy crow is going to accept/use a backdoored encryption scheme. You'll just force encryption underground much like alcohol in the 1920's. It WILL still exist.

Sorry most of this rant isn't at aimed at you. This is just a convenient place for me to vent. :)

Re:All I have to say about this is

[LMCBoy]

I think the poster was kidding. He was pretending to be the FBI. That's how I read it anyway...

home grown crypto

[Snuffub]

If i remember correctly by the second lecture of the introduction to computer systems course taught at my school we all understood the general principles behind modern encryption well enough to write our own software. What makes anyone in the government think that terrorists will use american comercial products when they could write their own or obtain it from a country without these sorts of laws.

How to Encrypt something

[Water+Paradox]

Export a typical text Word Document into HTML.

Try and read it in an ASCII editor.

Sufficiently encrypted.

What gets me is how fast the dangol browser can sift through all that junkmail. Takes me an hour just to get past all the font declarations that I never even use.

I'm telling ya. Use Word->HTML for your encryption package, and ain't nobody can read it, unless they have a browser. Just save it as a .TXT file, even browsers will fail on that one...

re: Crypto back doors, etc

If people wanted to email things back and forth
in safety, think ONE TIME PADS. Assuming the
physical security of the pads is not compromised,
the messages are secure.

Not the best way to handle megabits of information, but how much do you have to send
to start operations on xxx a day and yy:yy a time?

My current version of PGP

[Hoi+Polloi]

So, is the government going to confiscate every old piece of encryption software out there that doesn't have a backdoor? A good reason not to upgrade! I think certain congressmen pulled this idea out of their backdoor.

Sore Thumb

[chrae]

If the majority of people are forced into using the new incryption w/ backdoors it seems like the system would actually work. Think about it. If everyone has to use encryption w/ backdoor, all they'd have to do is scan for an encrypted stream that doesn't have key that works, as it would automatically be suspect. I'm sure they have the means to break encryption if they needed to, but breaking all the encryption on the net just isn't feasable. It seems like a good way to isolate the "juicy stuff" they're probably looking for.

I'm totally against this, but I cant help it making sense. Someone please provide arguements to the contrary.


"First they tell you you're wrong and they can prove it; then they tell you you're right but it isn't important; then they tell you it's important but they knew it all along."
-Charles Kettering

Olives!

[heikkile]

There is good reason to suspect that Osama bin Laden has used encryption while discussing plans for terrorism. This has prompted USA to consider laws to regulate encryption, so that the USA can always listen to such discussions.

There is even more reason to suspect that Osama bin Laden has been eating olives while discussing plans for terrorism. Therefore it would be much more effective to mandate all olive stones to carry a hidden microphone that would record and broadcast all discussions taking place in its vicinity, easily catchin the political opponents - I mean terrorists.

Some would say that it would be extremely difficult to make sure that every olive would carry its microphone. All it would take is an international treaty mandating microphones to be installed in all prepackaged olives, and outlawing any home production. Then some powerful international orgization - or the US government - could go out and bomb all olive producers who do not comply with the microphone directive. Soon nobody would dare to produce rogue olives!

Although this may sound like a totally unrealistic plan, it is many ways more likely to succeed than any plan limiting the use of encryption. For the first, olives, small as they are, are physical items that will have to be grown somewhere, pickled and processed, and marketed. All this leaves a physical trail of physical olives moving around. On the other hand, cryptographic tools are ethereal words, easily transmitted by whisper, by graffiti, and other totally intraceable means. Besides, most of them are already published in books all around the world! And once an olive is eaten, the stone is discarded, and a new olive must be acquired, hopefully from a compliant source. Not so with crypto tools, they can be used over and over again, so if the foreign competition - I mean the terrorists - have already managed to gain access to some crypto tools, they can keep using them for ever.

Besides, by betting its reputation on microphoning all olives, the US Government would make itself much less of a laughing stock than if they tried launch a campaign to limit the disucussion and use of encryption!

Re:Olives!

[jzap]

It's more important that a law be passed mandating the use of transparent materials for the walls of all homes. Opaque walls obviously can only impede the efforts of law enforcement to execute secret-surveillance search warrants issued by the courts. Since we cannot tolerate the possibility that such warrants may be frustrated, opaque walls have to go.

This should not be a problem, since only the guilty would want to hide things from the government. I mean, it's not as if a runaway
special prosecutor with a sympathetic judge is a realistic possibility under OUR system of party politics, right?

Didn' they try this before ?

[FooMasterZero]

I remember a long time ago like around NT 4 Sp4 or so when Microsoft inadvertnaly left debug symbols in the service pack and some discovered that there was a security back door for the NSA on all NT distros wether they liked it or not, and to my knowledge anyone who knew about it didn't like it.
however indesperate times calls for desperate measures.

Unfortunately i hope this doesn't promote this idea, but if the goverment seeks to have widespread backdoors everywhere, it really wouldn't be a matter of determining what bytes are encrypted and what bytes aren't encrypted.

It boils down to goverment possibly mandating how Operating systems are developed,much how there are laws when constructing a building and the like. Thus creating an orginization like FSA (Federal Software Assoc.) (*shudder*).. or something along those lines.

This could also potentially effect software development overall that is developed in the US that deals with or implements any kind of encryption.
Another potentially haneous thing that could arise out of this is making linux and such illegal since there isn't one single entity overseeing the product. This would make Microsoft happy since it can't seem to rid itself of the linux thorn, and any other company who can't afford to pay for any fees incurred with federal software compliance would be eliminated too. And to lock down the internet side amking AOL de-facto internet client and having back doors to monitor activity this way.

like i said i am not promoting these ideas i hope they never come to pass.

the fun and simple solution

[liquidsin]

There are plenty of laws that don't get enforced to their fullest extent, simply because it would just be ridiculously difficult to enforce them. Why don't they cite every jay-walker? Why don't they ticket you for driving 5km over the speed limit? I propose that everyone keeps on using their normal encryption (you do use it, don't you?) even if they implement a backdoor. Send all email encrypted. If it gets snagged and you get arrested, give them the key, so they can see that it's harmless. After the first few thousand such arrests, the gov't will quickly realize that there's no point to this, and they'll give it up. Or, don't give them the key, and we'll choke the prison system with our geeks ;) And as a side note, wouldn't they be in violation of the DMCA for breaking your encryption, even if it is through a known backdoor? Or would I be in violation of the DMCA for NOT using backdoored encryption, since it would have to be proprietary (can't open source the backdoor) and I would be knowingly circumventing it?

crypto backdoors

Is this some kind of trick?

Everyone knows crypto backdoors either don't work or aren't effective.

Also this would end GPL-compatible licenses for encryption programs. You think the government wants someone to be able to remove the backdoor?

Fair is fair

[heikkile]

If any backdoor or escrow scheme is to be acceptable for the rest of the world, it must make sure that foreign governments have access to any and all encrypted communications used by US agencies suspected of industial espionage.

Crypto Backdoors

[base2op]

I don't see how it would be possible to have a single key that allows one to decrypt any file encrypted under a given algorithm. If the data is directly employing the user-generated key then having one static key (the backdoor) that also encrypts the data would not be feasable. This would mean that all data encrypted under a given algorithm would be encrypted with the same static key. I believe this would cause to many similarities in the resulting ciphertexts. Thus allowing the plaintext to be easily compromised.

Also if the same static key is used to encrypt data under any given algorithm that would imply that the key would be hardcoded into the software encrypting the plaintext. This would be foolish as anyone willing to reverse engineer the software could obtain the static key.

Lastly, once that static key has been compromised the algorithm would be rendered useless (assuming the cracker disclosed the details). This would mean money spent in research and developement could be blown by one bored 14 year old russian. : P After this, why would anyone even bother creating new algorithms (commercially in the US)?

I don't know, perhaps it would be implemented differently then I imagine. However, the only other scheme I could picture would be some sort of key escrow system. That would just be rideculous - as no terrorist (espicially if outside the US) would ever register his/her key with the designated party.

</rant>

Off Topic (-1)

"Contemplate the mangled bodies of your countrymen, and then say, What should be the reward of such sacrifices? ... If ye love wealth better than liberty, the tranquillity of servitude than the animating contest of freedom - go from us in peace. Crouch down and lick the hands which feed you. May your chains sit lightly upon you." -Samuel Adams

Any good method would require signing all data

[sequence_man]

The only way the government could possible allow a little cryptography without giving away everything is to have EVERY message signed. that means every TCP/IP packet. Then the burden decrypting the message lies with the person who signed the message. If they double encrypt, they have to double decrypt when forced by the government. If they refuse, this would legally be taken as admission of guilt.

Then all the government has to keep track of are public keys. Of course all public keys would have to be registered to physical users.

Any scheme that has anoynomous trafic would be required to decrypt all messages just to check that they could be decrypted. This would then be equivalent to a no-crypto system as far as the government reading of message would be concerned.

Dean

RC4, 1337 d00dz, blonde bombs

[Gregoyle]

RC4 is not considered a "good" cypher by anyone. Its weakness is a lot of the reason WEP was cracked so quickly and thoroughly.

Also, crypto with a back-door would be useful against criminals, just not against governments. For example, you mostly use SSH so hackers can't sniff your packets to get logins and passwords. It's nice to know that governments would be equally hard-put, but that isn't the primary purpose.

Plus, governments have many more resources than 1337 d00dz. They can log your keystrokes, or use other channels (Tempest sheilding, keystroke timing, video cameras). Or they can just bribe your girlfriend. What, you don't have a girlfriend? Beware the next time some blonde bomb comes up to you and just can't get over your coding skills.

I hope more money goes into HUMINT of the latter variety than fruitless reactionary measures like key-escrow. Because I really am patriotic, but I want to be able to have some control over who reads my data.

Re:RC4, 1337 d00dz, blonde bombs

[tricorn]

RC4's "goodness" is very dependent on how it is used. Many of the attacks on WEP would work as well regardless of the stream cypher used; the problem was the poor implementation (e.g. the integrity check, weak key generation, small IV space). See, e.g. (In)Security of the WEP algorithm.

The "Weaknesses in the Key Scheduling Algorithm for RC4" paper (PDF or Postscript) also describes significant attacks on RC4. However, RC4 can be used in other ways; example would be to use RC4 output bytes as successive keys to a block algorithm (e.g. DES, or multiple DES with a separate key for each); there are other ways to use a stream cypher output in more secure ways.

The nature of regulations

[Teppy]

Ayn Rand said it best:

"Did you really think that we want those laws to be observed? We want them broken. You'd better get it straight that it's not a bunch of boy scouts you're up against . . . We're after power and we mean it. You fellows were pikers, but we know the real trick, and you'd better get wise to it. There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals, one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nation of law-abiding citizens? What's there in that for anyone? But just pass the kind of laws that can neither be observed nor enforced nor objectively interpreted [Frederick Mann: Obfuscation of meaning is a key element of the con games bureaucrats and politicians play.] - and you create a nation of law-breakers - and then you cash in on guilt. Now that's the system, Mr. Rearden, and once you understand it, you'll be much easier to deal with."

FTP

[The+Original+Atrox]

If a "terrorist" organization needs to communicate they most likely need a simple form of message communication (e-mail). Which, when it comes down to it, could simply be a file. When properly encrypted a file which contains text (or HTML or whatever comunication is needed) could be encrypted to look, and feel, like a binary file. Could even put the extension .exe and the proper headers on it if it made you feel better. Then just transfer the thing FTP with other misc files, unless you were under complete, and total (totalitarian) observation there would be no way of knowing that the file was not a binary exicutable. If you slaped the right header on it, it would look 100% legit, untill you tried to run it. Then it would look like a bad compile of a buggy program. Probably even crash the WinBlows box the feds were trying to use to run it. The person at the other end has information ahead of time what to do with the file, remove the header, and decrypt. With a private key which could be exchanged earlyer on diskette or something. (Allowing the damn key to be pretty freaking long if you want it to be). A back door couldent prevent such a form of message passing, because it looks like a regular download, or file passing between companies (e.g. developer to contract company).

-Atrox
-Security is mostly a superstition. It does not exist in nature. - Helen Keller

q33ny - its a code

This is a bit weird. Start MS word. Type in Q33NY (the flight number of one of the jets tragically crashed Sept 11) then hilight them and change the font to WingDing. The WingDing symbols look like a jet, two buildings, skull&cross bones, and a Star of David.

A bit wierd.

Re:q33ny - its a code

[ebonkyre]

Actually, the "buildings" are document icons. Try typing the other numbers in WingDings; several of them could look like buildings if you wanted them to.

This is a little freaky, but not new - it was pointed out long ago (in internet time, anyway) that "NYC" in WingDings is a skull&crossbones, a Star of David, and a thumbs-up sign.

This being Slashdot though, I'm sure someone will blame Microsoft for the attacks (to distract everyone from the antitrust suit) and hold this up as evidence. Actually, someone probably already has, and I just missed it.

Random bits

[BlueWonder]

Also, how would/does the government know wether a bitstream is random bits, or encrypted data?

The next logical step after requiring a back door for the government is to make the transmission of random bits illegal.

Why it might work

[The+Pim]

[Last time I wrote this, it was Flamebait, so I'll try to be more careful.]

Yes, it is generally agreed that modern encryption algorithms can hide data with virtually perfect security. But this alone is not relevant, as long as the government can detect the use of these algorithms.

All the government has to do to nail your "Terrorist Tim" is observe that he is using encryption, and check for the existance of a matching escrowed key. Presumably, any key escrow system would allow for verification that a message was encrypted using an escrowed key, without actually retrieving the key or decrypting the message. Thus, it is entirely conceivable to me that the government could enforce the use of key escrow: Whenever they see encrypted traffic that does not use an escrowed key, they trace the user via the ISP and prosecute him. And maybe they drop the connection, so you can't even get one message through then hide.

So, anyone who wants Internet privacy under this regime must hide the fact that they are hiding data. But, you say, there's a whole field dedicated to this end, called steganography, so the goverment loses again. While steganography is exciting and promising, it's not the knock-down argument that you seem to think.

First, I agree that it is easy to covertly communicate a small amount of information to someone with whom you have prepared ahead of time. Any simple system of code words or similar is probably secure for a brief message or two. But, ...

• People need to communicate more than a few messages on a predetermined subject. A naive system will not stand up to statistical analysis of many messages. For example, you might think that coding messages in the first characters of each word would be undetectable. Hardly--just look for anomalies in the letter frequencies of the first letters.

• People need to communicate without having arranged a system beforehand. Even serious steganography (at least the systems I know about and can imagine) requires a shared secret, implying major challenges in key exchange. In the age of public keys (now the lynchpin of virtually all secure communication), we forget about what an enormous breakthrough asymmetric cryptography was.

• Even serious steganography may be detectable! Just as the government can monitor for non-escrowed keys, they can monitor for any steganography system that they have broken. It is currently not known whether undetectable steganography can be developed.

• Steganography does not have the infrastructure, either in software or in familiarity and understanding, that encryption has. We all know that quality of implementation and good practices are as important as mathematical strength in the successful use of cryptography. Thus, people need to have software they can use and an understanding of do's and don't's. At least, it will take some time before steganography reaches the level of encryption in these regards.

(In the above, you may substitute "terrorists" for "people".)

The point: not that the government should or will do this; but that if they decide to do it, it is not futile! It really could (in addition to destroying the privacy of lawful citizens) slow down terrorist communications (assuming that terrorists use the Internet, which people seem to think they do). So we need a better argument against it than "this is stupid, it can't work".

Re:Why it might work

[rot26]

Presumably, any key escrow system would allow for verification that a message was encrypted using an escrowed key, without actually retrieving the key or decrypting the message

Nah.

Just re-encrypt the illegally encrypted data. No way to find out that the contents are unreadable without actually decrypting it. Thus the only way to spot verbotten encryption is to decrypt everything.

Re:Why it might work

Mod those both up - this is a reasonable argument, and an even better rebuttal. People should know the arguments.

Re:Why it might work

[dachshund]

A naive system will not stand up to statistical analysis of many messages. For example, you might think that coding messages in the first characters of each word would be undetectable. Hardly--just look for anomalies in the letter frequencies of the first letters.

Bin Laden's people have apparently used courier transfers of Zip disks to transmit messages in the past. One could imagine physical transfers of One Time Pad CD-ROMs. That would result in messages that are virtually indistinguishable from white noise. There's very little good statistical analysis can do against white noise, if it's incorporated properly. There are some details to work out, but I highly doubt that any mandatory encryption will stop this sort of transmission.

Re:Why it might work

[TastyWheat]

This is incorrect. You canot even tell if Terrorist Tim is using encryption. One random bit stream looks like another. Not only that, but he could hide his encryption inside a legite encryption. So you would have to open ALL legite streams to find the illegit ones, assuming you could tell a computer to tell the difference between one random stream and another, which you can't. End of story.

Re:Why it might work

[The+Pim]

Presumably, any key escrow system would allow for verification that a message was encrypted using an escrowed key, without actually retrieving the key or decrypting the message

Just re-encrypt the illegally encrypted data. No way to find out that the contents are unreadable without actually decrypting it. Thus the only way to spot verbotten encryption is to decrypt everything.

Oops, you're right. So the situation isn't quite as bad as I thought (since routine decryption would be a hard sell for the government).

Re:Why it might work

[Troed]

Another american who thinks US laws apply all over the world.

You can't prosecute the ones that don't give a f*ck about your laws - we don't live in the US. We'll just happily keep using cryptos without backdoors.

Re:Why it might work

So all we have to do is conquer and kill all inferior foreign nations?

Re:Why it might work

[Hobbex]

Oops, you're right. So the situation isn't quite as bad as I thought (since routine decryption would be a hard sell for the government).

There is a simple solution to this for the government - simply label the use of unescrowed crypto a terrorist act, that way if they get a warrant and find they cannot decrypt the data, they no longer need to look for further evidence.

Of course, what is really needed from message decryption is the ability to detect and prevent these sort of crimes before they occur, for which this would be useless - but let's not confuse what the world needs and law enforcement wants.

One thing is clear: any practical use of key escrow is deep in police state territory.

Re:Why it might work

How many innocent civilians did the USA nuke in Hiroshima and Nagasaki now again .. ?

Fewer than we did when we bombed Tokyo.

Overload the escrow with one time pads

One time pad encryption is certainly well known, and is likely impossible to outlaw. It also lets one create multple versions of the plaintext message, with multiple "keys," so long as the various interpretations are the same text length.

Image thousands of us sending thousands of emails a day, such as notes to ourselves, and giving the government the one time pad keys, maybe even multiple keys per message. The data storage problem would quickly overwhelm the system. Now, just pad each one time pad key with a few bits, and good luck to the poor SOB trying to read your plaintext. The logistics would be a nightmare.

The escrow concept would never work, even for those within our borders willing to follow the law. Which is of course a small subset.

More of the same, as we sleep and do nothing.

[Ouija]

Encryption is just an effort at privacy. We are now deluged into a reality where our government (with the applause of the unthinking, sheep-like masses) is actively working to reduce privacy. We can't have privacy and freedom right now- or ever- if we are to keep from having terrorist activities. That's the sales pitch.

But it doesn't stop there. We won't own our computers or electronic devices. We won't be allowed to alter them or configure them in some unique way. We won't be allowed to code our own software that allows us to access the things we have bought. Many of these things are already laws. More of the same shall be in the future. Consider the initative Intel has to encrypt the connection between your video card and monitor...

Road Runner: What kind of Windows do you run?

Me: X... er, I don't.

Road Runner: You have to have Windows to run RoadRunner.

Me: No, I don't. I'm a UNIX system engineer. Just drop the cable modem off here. Do I need PPPoE or DHCP?

Road Runner: Huh? Do you have Windows? We can't install it if you don't have windows.

Me: Okay... hmmm, sure I've got Win98. (on an unused HD, around here somewhere...)

no "random bitstreams" on the internet

[budalite]

This is not a only computer issue. It's also telecommunications issue. There are no "random bitstreams" on the Internet. Every message that moves between any two physically seperated entities must include an agreed-upon method of synchronization, which is "where is the start of the message?", be it synchronous or asynchronous. The Internet and all 802.xx communications are asynchronous, which means each datagram has the same sequence of bits at the start of its packet. Every level "into" the datagram has a similarly "hard-wired" beginning and, if there is not a problem, and ending sequence of bits. For instance: seven levels max, if the 7-level OSI Model is used, which is rarely. Everytime in every datagram. Only the real "data" in the core of the datagram can be encrypted. And if you folk think that NSA is going to have a tough time cracking anything you put out there, you may be in for a surprise. The final issue is one of time and money, not capability. The target must be worth expending the time and the money of critical resources. We folk are not worth the effort. Some of you might someday get that attention if your criminal career keeps progressing as nicely as it has. Cheers.

Other encrypted channels

[dpilot]

So far the discussion seems to center on PGP and email. That's a bunch of bunk, because in addition to everything that everyone else has mentioned, there are several other routes around a crypto-Carnivore.

1: Move to a different port: Conventionally, email is on port 25. Set up some email servers on some other port, and the content will sail right past Carnivore.

2: Use a different channel, and don't forget that other encrypted channels have their own algorithms.

2a: Use a different channel: Move files around with scp or sftp. Once again, doesn't register as email.

2b: Use a different channel. Use secure websites as intermediaries. When the lock closes in the lower-left corner, it's safe to type your credit card number. It's also safe to communicate other information. Either extra fields can be added, or existing fields can be used. It may even be possible to use innocent eCommerce sites, assuming you've already cracked them.

3: USB keyring hardfiles: Since these alternate channels don't leave encrypted files on the box, put the file on a USB keyring hardfile. Unplug from the system, and keep it on your keyring. If the G-men are after you, you have several options:
a: Take a hammer to it.
b: Scuff your feet, comb your hair, and zap it. They no doubt have ESD protection, but it's probably only good against accidents, not deliberately destructive ESD.
c: Throw it into the traffic.
d: Encrypt it using yet another algorithm - tcfs?

So aside from any other concerns, simply doing something to PGP clearly is not sufficient. You'd need to also weaken https: and SSH, and sniff a LOT more traffic.

But if SSH is given a back door, and we MUST assume that some black-hats or terrorists have recovered it, then how the heck to we do secure administration? We've just opened every remote-admin system to info-terrorism, as well as our eCommerce.

Between weakened/broken encryption and key escrow, I'd choose the latter every time. Both are silly, and would only convey a false sense of security. If it's that serious, I'd think simple traffic analysis would be more informative.

Imagine that A-crowd guy in high school or college you never liked, and always gave you a rough time. Then go through anonymizers, and start sending him encrypted datastreams. Fun, fun, fun.

My letters went to my congressional delegation today.

Secure Tunnel? (VPN)

[Neil+Watson]

What if Tim Terrorist uses a secure tunnel to send messages to Tom Terrorist?

How will Big Bro ..er.. I mean, the Authorities track that?

Proprietary Software

[Solidblu]

How is the government going to know if software I write for myself is encrypted or if its just Proprietary Software Protocalsending data back and forth in fonts in a row as text instead of plain text. THEY CAN'T this whole idea, I feel is for a false sense of security.

Take a look at DES...

[(codic)]

Some conspiracy theorists already claim that DES has a backdoor, even though there is no public evidence to support the theory and lots to suggest otherwise.

When DES was invented (by IBM, IIRC) and the government wanted to adopt it as a standard, the NSA took a look at it and changed around the S-boxes (where S, I believe, is for Substitution) for the version that is actually used. They offered no description of how they created their S-boxes or what features they offered that the other ones didn't, etc.

One possible explanation is that the NSA added a backdoor into DES that secretly weakened it some how (e.g., the ciphertext provides information about the key to make an exhaustive key search several orders of magnitude quicker) to the point where they could decrypt a document without necessarily knowing the key ahead of time with a reasonable amount of effort.

There is no public information about successful cryptanalysis of a full (16 round?) version of DES. That is, if such a backdoor exists, and if someone has found it, it's all very hush hush.

The concept of backdoors in cryptosystems is really very messy. It depends way too much on keeping crucial information about the cryptosystem secret. Chances are, if you disclose enough details to implement a cryptosystem and say it has a backdoor, people (good and bad) are going to find it*. If you don't provide information on how it works, it can really only be implemented in "tamper-proof hardware" (a concept almost as flakey as cryptosystems with backdoors), since any software implementation could be disassembled.

To answer your second question, they really can't (as I assume you suspected). So, if the sniffers found some data they couldn't decrypt, they would have to assume it is either, as you said, random data, or data encrypted with an outlawed (read "aparently secure") cryptosystem. In both cases, the sender must be trying to hide something from the government, and is therefore a threat and should be dealt with accordingly. Simple as that.

For anyone who missed it, the current call is for a global ban on strong crypto, not a national one. And in this case "global" means really global, not a "World Series" kind of global.

The next few weeks/months/years will potentially be filled with events and ideas, like this, that change the world we live in. I'm not afraid for our generation. Most of us know what freedom is like, and I really don't think it's something that can be taken away no matter how hard they try. But our unborn children and grandchildren don't. I don't want them living in a world where freedom and privacy are anything other than fundamental rights. I'm currently optimistic; I just hope that's not misplaced.

* And if DES does have a backdoor and no one has found it, then the NSA deserves a pat on the back because they've stumped us all! :)

what if..?

rnd() would return encrypted messages instead of true random data? Wouldn't that be random enough for most applications? Like playing lp records backwards to hear hidden messages, the hi-tech way!

Then every message, randomized or not could contain "BIG SECRETS!" for gov to snoop on!

If we could make terrorists use legal encryption..

If we could make terrorists use legal encryption...

... we could just make them not blow up stuff too :p

I explained this about a week ago but look here...

[Lostman]

I explained this to someone else today when asked why I am staunchly against a backdoor/etc in a crypto program.

A good crypto program is based on a function f[x] such that f[x1] = k, and you cannot find x1 if you know the function f[x] and the encrypted k. This, folks, is hardcore advanced mathematics!

To add in a regulation that there be some "backdoor" (eg: some function that will always take g[k] = x1 for an encrypted value k). Once that function g[x] is known by anyone (f[x] would have to be made in a way such that g[x] must exist btw.. it doesnt just happen) then the communications of everyone that uses that encryption algorithm is compromised.

Think of the problems -- no secure transactions (haulting "e-business"), no secure transmissions of trade secrets (look at france -- the companies just moved to a different country), and generally no information is secure.

Now.. to find a way to convince/explain this all in everyday words...

ideas?

easier ways out

[cowtamer]

They are probably way ahead of all of us.

If I were them, I'd simply have the legislation passed that would:

1) Make the use of "illegal" crypto more easy to prosecute. Once you prosecute several high profile cases, you'd scare most people (including most /.'ers, despite the rhetoric) into using weaker versions of crypto. Random seeming info would be easier to identify (and scrutinize).

2) Make the installation of other "backdoors" easier to justify. They could save themselves a lot of trouble if they mandated keyboard manufacturers to include hardware keystroke loggers. These could be remotely controlled. Tampering with this device would be like tampering with your odometer. If they promise to 'keep it safe' do you think they would have much opposition in the current atmosphere?

Of course, this may not keep the most paranoid from doing whatever they want, but they would have a lot easier time catching the average (non-computer-savvy) criminals.

go read _1984_ ...or, better yet, _A Brave New World_

This is not what I meant...

[Juju]

It seems people have problems to understand what I mean these days ;o)

That's the problem of not being a native english speaker and having been at work for more than 14 hours...
I agree that it's a useless law since there are always ways of bypassing any kind limitation. Stenography was the example I wanted to give but I couldn't bother finding out what the real name was.
My main point, was that the original argument did not stand since Terrorist would then be forced to use other encryption which would make their messages to be detected. I don't think that decrypting PGP is impossible. All you need is enough power to decrypt it and I believe the US can have enough power. The problem is only that if all messages are PGP encrypted, then the amount of data to decrypt is just to much.

But then, maybe the US could not make the difference between encryption and white noise...
Which would leave them with to many files to try to decrypt.

Concerning the last point you raise, I don't see it as a bonus even if I work for an American company. I think this is just plain wrong (but then, I am European ;o)
Besides, it's becoming slowly the usual thing to do to use PGP encryption even for casual talking, just in protest... We take privacy very seriously over here.

Re:This is not what I meant...

[Jason+Earl]

Precisely. To be honest your point is a good one, I re-read my original message and it was definitely worded too strongly. Sorry :).

And I understand what it is like conversing in a foreign language. I spent 5 years of my life in South America. Most of the time as the only Yanqui for miles and miles. It is very easy to be misunderstood in a language that isn't your native tongue, even if you are skilled in its use (which you clearly are).

Currently PGP encrypted messages stick out like a sore thumb, and so I can see why it is that you figure that PGP (or GPG) encrypted messages would be detectable from government sponsored messages. You are probably even correct. Heck, most PGP encrypted messages are ascii-armored and have a nifty header proclaiming how they were encrypted. However, terrorists would almost certainly either modify their software so that it output headers that matched the government sponsored crypto, or, even easier, they would simply re-encrypt their encrypted messages with the government sponsored tools.

The only way that the government would know the contents of your message would be to decrypt it (using precious cycles), and when they decrypted it all they would find was a GPG encrypted message!

In other words, if such a system became commonplace they would be worse off than they are now (where most email are simply plain text).

I also agree that using U.S. resources to spy for American companies is wrong. I should have used a smiley so that you would realize I was being sarcastic. Although I am a U.S. citizen until recently I worked for a non U.S. corporation.

Thanks for the discussion.

ATTCK

[waldoj]

``All the twenty clever kings'' could mean ``attack'' if you were to just look at the first letter of every word.

Only if you spelled badly.

;)

-Waldo

How would it work? Poorly.

[xah]

Let me provide a tactical summary.

1. Today, many of us civilians have crypto software, like PGP, that cannot be decrypted with or without brute force. (For the sake of argument, assume that quantum computing remains impractical.) We civilians have the ability and willingness to share this software with other civilians.
2. Suppose every government suddenly requires all civilian users of cryptography to provide additional decryption keys (ADK's) to the government. Any data encrypted with an ADK can be decrypted by the holder of the ADK. All ADK's will be kept in escrow by the applicable government.
3. Users keep using cryptography without ADK's.
4. Governments start intercepting random bits of Internet traffic. If any encyprted data is discovered, a script searches the escrow database for the ADK. If there's no ADK, the person who sent that data has committed a crime.
5. If there is an ADK, the script tries to decrypt the data with the ADK. If the ADK works, the government is happy.
6. If the ADK does not work, or if there was no ADK, that person is warned or thrown in jail. Many are thrown in jail in this way. Pretty soon, the script doesn't detect any data encyprted without ADK's that work.
7. The governments rejoice in defeating the free cryptography movement.
8. Actually, users have gotten smart. Any data they wish to encrypt is first encrypted by their copy of strong encryption software like PGP. Then, they encrypt the PGP output file (or other program's output file) with the weak encryption software with ADK.
9. The governments can dig only one level deep. Users are encrypting with to two levels deep. Governments have no way to fight this.
10. Freedom wins. Oppression loses.

Re: SSH/TLS fallacies

Doesn't SSH 3.0 change keys every 10 minutes?

No. If you're using 40-bit "export" crypto, that's easily broken. If you're using 128-bit "strong" crypto with RSA ciphers (the only ones in widespread use), the session key is basiclaly created by the client, encrypted with the server's public key. So anyone who gets the server's private key (and passphrase) can decrypt any SSL/TLS "strong" traffic that ever was, and ever will, use that server keypair. Most server keypairs are replaced only every 12 or 24 months.

Security of the master key

[Frank+T.+Lofaro+Jr.]

What if key escrow/back-door crypto becomes a reality, and the master key or the escrowed key repository gets compromised by a terrorist?

Wouldn't that represent a gravely serious threat?

The terrorist would have the ability to monitor, and perhaps disrupt, any encrypted communications, including that for critical infrastructure.

Let's increase the NSA's (*) staff and budget, not take knee jerk actions that help the terrorists.

(*) NSA is mostly code-breakers and the like. Not goons out to get you. Anyone that comes in the middle of the night to crack your head will almost certainly NOT be NSA.

Re:Security of the master key

I know this is offtopic, but as an NSA civilian employee, thank you for noting that we're code-breakers and code-makers.

Re:Security of the master key

[Anonymous+Coed]

and heart-breakers and love-makers from what I've heard.

Re:Security of the master key

Good point on the NSA. Lets give them the DEA's funding. All of it.

What is Encryption really?

[ArcadeNut]

Maybe we should be asking this question instead.

Who is going to define what encryption is?

Higher Frequency Bands

[VB]

"...how would/does the government know wether a bitstream is random bits, or encrypted data?"

Audio data looks random. MP3 data looks random. What's to stop someone from recording an analogue message in the high or low frequency range of a music recording, then bladeenc it to mp3 and transmit it in the clear? Still looks random.

How much mp3 traffic flows across the 'Net? >:)

That's a lot of random-looking bits.

Re:Higher Frequency Bands

[Basje]

Audio data looks random. MP3 data looks random. What's to stop someone from recording an analogue message in the high or low frequency range of a music recording, then bladeenc it to mp3 and transmit it in the clear? Still looks random.

Bad example. MP3 is lossy encryption. That means the source data is altered, to sound alike, but isn't binary identical. This goes esp in the ranges where you would typically hide a message, as these are the least audible.

For your scheme to work, it would have to be binary equal, for only a 1 bit alteration in a block would make it, and depending on the algorithm used the whole message, unreadable.

Thus, while MP3 can probably be used to hide a message, it can only work if it's added after compression, and not before.

Esperanto

[uigrad_2000]

Well, all that time I spent learning Esperanto won't be in vain now! After they use the key to decrypt, the fun will just be beginning!

Use those Christians, or THE NUMBER OF THE BEAST.

Once the government proposes a key escrow, or other similar system, we (nerdy people, libertarians, ACLU, et al) we begin shouting about how this is really the number of the beast and a sign of the apocalypse.
The Christian Right, hearing about how we'll need this number to buy or sell (online) immediately becomes your friend. Republicans will vote it down because of this. We win.

Were I a Black Hat...

...here's what I'd do:

Use the officially sanctioned back-doored crypto.

Send bland, believable looking messages, some
with Word, Excel, etc. attachments.
Bury my real message in the humongous gaps in
the MS Office files. Encrypt it using good,
non-backdoor crypto. In a big enough Excel doc,
they'd never even see it.

contra-ban language

[JDizzy]

If the goverment makes crypto systems agaisnt the law, then exactly how do they intend to enforce them? For example, if the goverment wants to listen to me communicate to my friend, and I say "Eick--Orck--Ack--A--a", they will not understand what I say. What I have said is "I love you" (see Jetsons cartoon), and there is no way anyone could know that. However, if the goverment didn't kwon how to decipher that text, I could go to jail.

SO what about people who type in a language from another country, that nobody in the FBI, or NSA undcerstand.... would this be a crypto system with out a back door?

IS it going to be against the law to stand on a soap box and shout giberish for hours... what is that giberish was a secret code, or not...

I would consider creating a new holiday: random day! Where we Americans do our god given right to bable mindlessly, in fact I might crank out a few Zeta functions to spew pure random data.... but wait.. my random number genrator will be illegal.. since a terrorist will have the ability to stand on a soap box and spew randon crud too.

Fuck backdoors

[toaster13]

I say fuck backdoors. The second I hear of any of my software implementing a backdoor I will never upgrade that product. Worst case scenario, we all have to use gpg since the government can't regulate it. The government can lick my sack.

Great point

[Gregoyle]

Great point,

I've been formulating a "conspiracy" theory with speed limits that is similar to this argument. The idea is that you make the speed limit so ridiculously low that everyone goes much much faster than posted, and thereby generate revenue for the city or town in speeding tickets.

Not quite as insidious, but more practical for that.

Re:Great point

[Dwonis]

One point though: speed limits I've seen are not rediculously low. They usually have everything to do with probability of survival in a collision.

Home-Grown Cryptography

[James+McTavish]

Gotta love politics. Somebody suggests somethng that is doomed to fail in order to simply grandstand and look like a hero for suggesting something. Then the rest of the elected sheep jump on the bandwagon.

There are penty of good reasons why it won't work that have been stated here (weakening security, easy to attack, blah, blah, blah) but the most important is that if someone who is going to be sending terrorist plans across the internet WON'T use the "approved" methods. All they would have to do is go and pick up:

Implementing Elliptic Curve Cryptography
Michael Rosing
ISBN 1-884777-69-4

It gives you not only the theory in plain english, but the implementation in C as well. Anyone who is remotely interested in STRONG encryption should pick it up. I knew the information was available before this, but I didn't expect it to be served up on such a nice silver platter.

-James McTavish

Never underestimate the power of stupid people in large groups.

Why would a T use backdoor encryption?

[LinuxDeckard]

Terrorist: Sir, the (insert country name here) has passed a law about crypto backdoors/escrow.

Osama Bin Laden: Really? How does this impact our long-term crypto strategy?

Terrorist: Well, in order for our organization to be compliant, we'll either have to stop using 3DES in favor of a new crypto method with a backdoor, -or- we'll have to send our private keys to the government.

Osama Bin Laden: Hmm, we'll I'd *hate* for us to be in violation, yet I want to avoid the expense of implementing a new data protection scheme. Let's just send them our private keys...

How would they work?

[Amazing+Quantum+Man]

Not very well, because Osama has turned off his phone.

Then why does DARPA fund OpenBSD, and SE-linux?

[JDizzy]

If John Ashcroft wants to prevent individuals in the USA from having strong crypto.... they why are they also pouring millions of Dollars into the Open source groups helping to blow cryptography wide open.

Secondly, In the wake of the Dimitry drama, will the USA make it a crime for European Crypo developes from travelling to the USA. I mean look at Theo from OpenBSD, he lives in Canada, receives cash from the US goverment, but since he writes, controls, or whatevger he has to do with OpenSSH... he could go to jail in this country.

So then, why is the goverment saying one thing, and doing another.... does it plan to force the same darpa developers to add the back doors? Am I in any risk of Theo stabbing me in the back on OpenSSH? We really need to know.

Commercial encryption == commercial jetliners

[TomRC]

Those claiming terrorists and criminals could simply use other encryption or hide their encryption inside legal encryption are overlooking the obvious.

Consider the analogy to jetliners. Sure, terrorists COULD lease their own jet, and no matter how tough we make it for them to take over a commercial jet, they probably could find a way. Does that mean we should throw up our hands and say "let's not do anything to make it tougher for them"? Or worse yet, "Let's make a new generation of easy-to-hijack jetliners!"

If a terrorist used commercial encryption without an escrowed key, or used non-standard encryption, that could be detected via automatic monitoring eqipment - getting them quickly detected, arrested for illegal encryption use, and investigated. Note that under current law, this could only be done for international traffic - domestic traffic would still require a court order even to record it.

Illegal encryption hidden within commercial encryption is slightly harder to detect - the message has to be decoded and filtered. At worst, if a terrorist came under suspicion on any other basis, their encrypted communications could be scanned and they would again be subject to immediate arrest.

Once arrested, a judge could order them to turn over the keys, and if they refuse, slap them in jail on a contempt of court charge while the investigation continues. So even if use of illegal encryption only carried a small fine, the terrorist couldn't just pay it and vanish.

Meanwhile, your innocent email will mostly only get attention from automated analysis software, if anything. The chances of any of your email getting read by a human spy would be maybe once in a lifetime, and they'd quickly dismiss it as uninteresting.

Again - this is NOT to claim that terrorists could not find alternatives - just that we don't have to make life easier for them by providing impenetrable commercial encryption.

There are certainly some checks and balances needed. Court orders for domestic communications should continue to be required. If the government ever extracts your keys from the escrow database, and can't pin anything on you, they should be required to inform you and compensate you for replacement costs, if any.

Re:Commercial encryption == commercial jetliners

[t_allardyce]

checks and balances? wow, you must be a politician. Sorry, but your post was too jucy to leave. I just have to pick it apart and put you down..

>"getting them quickly detected, arrested for illegal encryption use, and investigated. Note that under current law, this could only be done for international traffic - domestic traffic would still require a court order even to record it."

I'm lost here, surely anyone outside your country (yes there are other places other than America) would be (thankfully) immune to these laws, thus your government would have no power to arrest them (ignoring the skylarov case here)

Next, the rest of the world would be transmitting using illigal encryption, (not to mention the Americans who are not going to just sit there and watch their rights go) this will overload the feds' computer system and also mean that most of the non US population of the world will now have a warrent for their arrest as soon as they touch down on American soil.

Now, on a separate line: Lets imagine for a second, that the bush decides to do this. Ingnoring the fact that it would violate all sorts of freedom of speech stuff and cause up-roar in the US and the rest of the world (like Europe, where we care about our freedoms). Ok, so now encrypting with a non approved algorithm is a federal offence carrying fines and prison sentances. the major players like PGP would have to comply and add backdoors. These companies will immediately go bankrupt because suddenly no-one wants to use their software anymore. So, everyone says "F*ck you bush" and uses illegal encryption software.

The major military departments also decide that some of their more 'sensitive' communications should be kept away from bush's eyes and they revert to their more secure encryption methods. Oh, whats this, one of the major software companies that supplies the government has leaked details of the backdoor (they would have to have that information seeing as they put it in there them selves.. OH NO!! now the whole world knows everything that the law abiding Americans are secretly saying... whats that bush? you wrote a secret communication to your defence sec. saying what? "kill all islamic people!"!?!?! oh dear, now your in trouble. Oh but wait. thats nothing because now the US government, 50% of the population and the rest of the world have backlogged the feds' computer spy system with illegal, unbreakable encrypted messages. Oh dear, looks like everyones committed a federal offence...

Re:Commercial encryption == commercial jetliners

[TomRC]

>surely anyone outside your country immune to these laws, thus your government would have no power to arrest them

Major countries are starting to get very coordinated on this sort of thing. I would not be surprised to see international standards and extradition agreements.

And even if it only avoided lending the aid of cheap impenetrable commercial encryption hardware to domestic use by terrorists and criminals, that'd be worthwhile. As per my airliner analogy, which you conveniently ignored.

>Ingnoring the fact that it would violate all sorts of freedom of speech stuff and cause up-roar in the US and the rest of the world (like Europe, where we care about our freedoms).

Get real. Your free speech "stuff" would be no more at risk than it is today with the ability of police to do wiretaps of unencrypted lines.

>[encryption]companies will immediately go bankrupt because suddenly no-one wants to use their software anymore.

The biggest users of commercial encryption are and will continue to be corporations - secure web sites, transmitting proprietary information, protecting IP, etc. Encrypted cell phones would also be useful for corporate users. Do you really believe corporations will stop using encryption, or break the law in such an unambiguous fashion, merely to avoid the small chance that their government will spy on them? Nope. If anything, the law will stimulate new sales and create barriers to entry of competition, enriching the encryption companies.

Doesn't it give you a warm feeling inside knowing that the biggest beneficiary of impenetrable encryption will be multinational corporations?

>The major military departments also decide that some of their more 'sensitive' communications should be kept away from bush's eyes and they revert to their more secure encryption methods.

You really think military communications wouldn't be exempt from this law? (snicker) Of course they'll continue to use their own encryption!

>Oh, whats this, one of the major software companies that supplies the government has leaked details of the backdoor.

The best scheme would be some form of key escrow. Revealing how that works would not harm the encryption scheme.

Re:Commercial encryption == commercial jetliners

[(void*)]

If a terrorist used commercial encryption without an escrowed key, or used non-standard encryption, that could be detected via automatic monitoring eqipment - getting them quickly detected, arrested for illegal encryption use, and investigated. Note that under current law, this could only be done for international traffic - domestic traffic would still require a court order even to record it.

What you are proposing is impossible. You are telling me that JKHDSDFD and EHOQWSW, two encrypted messages, one made using legal crypto with backdoors, the other made using illegal crypto without, that these two message can be distinguished, by computer, without human intervention? What if JKHDSDFD decrypts to ALITALIA, and the computer, not knowing anything about Italian Airlines, flags that erronously as an unencryptable? Or worse,
it decrypts to "HAM AND EGGS", which looks innocuous, but has a steganographically encoded message within it?

Re:Commercial encryption == commercial jetliners

[t_allardyce]

Under this law, people could go to prison just for writing something like:

ewUebiEuieMewOqbBsNabLwKqqiaJagdYtwrEywGfjHdOd

You still ignored the fact that so many people would ignor this stupid legislation (including terrorists) (like so many people copy music) that it would be impossible to enforce. This is true thought-police style stuff that you only see in the most socialist countries or in Hollywood. Also the fact that somany people write encryption algorithems, how will you tell whats what? how can the system determine if what its reading is just a random stream? does that mean you would have random streams (like the one above) a federal offence. You can write a simple crypto algorithem in under an hour, there are 1000s of books filled with examples, you can encrypt something with a pen and paper or you can hide messages in messages. Terrorists could send a text message on their phones saying 'i had a late night' meaning the plane is 5 mins late taking off. This is stupid, i don't know why i evenbother arguing with such a stupid idea...

If you _really_ want to help, try restricting guns and weapons - ie the things that actually kill people

Don't ask Slashdot, instead...

[e-gold]

"Ask Aldrich Ames!"

(Sorry, but it had to be said.)
JMR

Speaking ONLY for myself, as always.

It depends on who issues the keys

[sup4hleet]

If M$ issues the keys then we can count on the back door being

123-1234567

it's a joke, laugh

Re:I explained this about a week ago but look here

[huckda]

In Every Day Words:

in order to have a backdoor into a crypto program
the crypto program become obsolete and you might as well send plain text instead of wasting vital CPU time encrypting something when that time can be used running ROBOCODE simulations =)

Hmm.

a) Terrorists aren't going to care about laws. :P

b) People other than the intended user find backdoors.

Taco help us all if something like this is enacted.

Good to see that we both agree after all ;o) [NT]

[Juju]

I said [NO TEXT] ;o)

Impossible

[Eric+Seppanen]

This is my way of explaining to non-geeks why crypto regulations will have near-zero effect:

Imagine that somebody comes up with a way to build a bomb using sugar cookies. A building is blown up. Congress decides to regulate the sale of sugar cookies.

Now any sane person will realize that this is pointless, because any idiot can make their own sugar cookies, and bypass all the regulations. So the regulations can only work if the ingredients are also regulated or banned (flour, sugar, eggs), or perhaps all the sugar cookie recipes are destroyed.

At this point it's pretty obvious that such a scheme would never work. But somehow nobody seems to follow this logic when it comes to encryption. The only ingredients for encryption are general-purpose computers. The recipes are encryption algorithms and computer source code. The recipes can be rediscovered or recreated by smart mathematicians and computer programmers.

So what are we going to do? Regulate computers? Mathematics? Encryption algorithms, dozens of which are published in textbooks around the world?

You could no more regulate computers, mathematics, and algorithms today than you could flour, sugar, eggs, and sugar-cookie recipes. Even if you tried, it would have near-zero effect on the bad guys, and would only increase the risk that grandma's bank account gets emptied, because her password wasn't properly encrypted.

Re:Impossible

[t_allardyce]

Mod that post up to max!

Thats the best way i've heard it put all week. But you missed a bit: You don't even need a computer to encrypt a message, if your just going for a simple symetric key based system and your not encrypting a 500-page novel, you could do it with pen and paper. Infact, you could probably train yourself to do it in your head (like those chinese kids do math).

Re:Impossible

[shking]

You've hit tha nail on the head. The people proposing this legislation are under the misapprehension that strong cryto software is something new and that it difficult and expensive to create

The RSA algorithm was published over 20 years ago. By 1986, thanks to Lloyd Miller and the FidoNet BBS you could download a program to RSA encrypt files on your 286 and send them to others. Any high school kid with a little programming experience, a computer and access the internet (or a library) has the tools to create something similar in a couple of days.

You can read about the fidonet crypto at http://195.226.109.55/jhassler/wif/doks/fnews/fido 305.txt and http://195.226.109.55/jhassler/wif/doks/fnews/fido 410.txt

RTFM

[proverbialcow]

When the government talks about "crypto backdoors" they aren't talking about a universal key that can open up traffic for a specific algorithm. How would you implement this on block ciphers such as DES and AES? And if you couldn't, would you then make AES illegal, after spearheading the years-long initative to create this standard?
They're talking about key escrow. Basically, any time something is encrypted, they want the encrypting software to report the key to the proper authorities, who would then use the key when necessary to decrypt a stream or file.
But as long as people can write their own code, this isn't a feasible alternative either. Perform an act of insubordination. Learn C today!

Why need crypto to send a message

"The Apples have been delivered" in a simple email works very well for communication if the recieving party knows what you are talking about. Decrypting or "back-dooring" crypto won't stop messages getting through, or someone communicating covertly.

2 cents

quantum crack

[zerone]

quack? .. if i were big and bad with billions to spend, i'd surely launch a skunky spooky manhatten-like project to find that quantum box asap that cracks your cherished pgp secrets in nano-seconds.. not that i'd tell you about it, though..

if, when we all get quantum crypto, expect all hell to really break loose.. seems unlikely these days, though, that freespace quantum crypto will land in the hand of the common man..

until then, i think i'll keep my secrets away from bits..

Crypto backdoors can't work

[JPS]

Putting a crypto backdoor in a piece of software is fairly trivial. There is quite a lot of litterature about it and inserting a backdoor in say SSL is a very good exercise for students.

Companies which take security seriously don't use windows for this reason and I doubt that any intelligence service would ever use any piece of software that has been created in an country other than its own. So how can one possibly imagine that "bad guys" would used backdoored softwares. They'll rewrite one of their own, that's all. Implementing a RC4 is a matter of hours...

People have to realize that the Internet sets information free. Any kind of information. From anyone. To anyone. And there is nothing you can do against this.

Off in the tall grass

I saw a brief interview with Gregg. Before the interview I thought he might be clueless, now I'm absolutely sure.

I'll paraphrase rather than quote. If I misstate something please correct me.

The interviewer asked him if what he was suggesting was for the SW companies to give the government the keys. His response was no, that approach might have Constitutional problems and besides nobody would want to buy that software.

He went on to describe a system where the backdoor keys were registered with the judicial system and access to the keys was subject to the same 4th protections as any other search ( IOW nearly none ).

He seemed to have entirely missed that his point about nobody buying the SW applied in both cases.

He also neglected the issue of what types of SW are available from where and how LEOs were going to control it all.

He's a clueless moron. There are others too.

m

A deeper look . . . and fundamental problems

[tmoertel]

It is impossible to prevent terrorists from using strong cryptography. Terrorists already use it and would continue to do so if it were illegal. However, if it were illegal, the number of messages that would be unreadable by law-enforcement personnel would be vastly reduced. Any remaining unreadable messages would provide strong evidence that the senders, and perhaps the intended recipients, are involved in some form of illegal activity, at the very least the illegal activity of using unapproved strong cryptography.

Thus the primary purpose of the proposed legislation is not to allow law-enforcement personnel to read terrorists' communications -- terrorists will continue to use unreadable, strong cryptography -- but rather to narrow the search space that law-enforcement personnel must examine when hunting for suspected criminals. One would presume that if a person were discovered to have used unapproved cryptography, such evidence alone would be sufficient to obtain warrants for full searches, wire-tapping, keyboard recording, and the like, and those additional measures would likely yield hard evidence of any additional illegal activities. Thus it is not necessary to decrypt the criminals' messages: The illegally encrypted messages alone are sufficient to reveal suspects, and then old-fashioned investigative methods are likely to be effective.

Of course, the effectiveness of this law-enforcement technique depends on having a practical and enforceable definition of "unapproved cryptography". The problem for law-enforcement personnel -- and law-abiding citizens who wish to protect their legitimate secrets -- thus becomes determining what constitutes an illegally encrypted message. It is well known that a message that has been encrypted with a one-time-pad cannot be distinguished from a string of random bits. Should the government also make access to true randomness illegal so that any string of bits that seems sufficiently random can be assumed to be an illegally encrypted message? Further, is it realistic to believe that covert channels and steganography are detectable?

If not, how will law-enforcement personnel detect illegally encrypted messages? And what if they can't? In that case, what real security have we citizens purchased by sacrificing our liberties?

Those are the questions I want my government to answer. Until they are answered -- and hard evidence provided to support the answers -- I must remain sceptical.

Re:A deeper look . . . and fundamental problems

[nofutureuk]

I completely agree with you, but I have to add a small comment.
If somebody uses cryptography, he may simply hide that he is transferring a crypted message.
there are some significant ways for hiding data. this is called stenography.
if you have a crypted message, you take for example a photograph of your dog, save it as a bitmap, use some sort of randomizing algorythm which hides the crypted message inside the photograph.

Such a photograph can easily be overseen by intelligence services.
And even if you tell me that stenography can be detected by scanning for example for data patterns or whatever, I would reply "now you have to scan all and really all again, even if there is a regulation..."
infos on stenography:
http://ise.gmu.edu/~njohnson/Steganography/

regards,
paul

Re:A deeper look . . . and fundamental problems

[(void*)]

You are right, and I don't disagree at all. But I just wanted to point out one futility in this plans:

Thus the primary purpose of the proposed legislation is not to
allow law-enforcement personnel to read terrorists' communications --
terrorists will continue to use unreadable, strong cryptography -- but
rather to narrow the search space that law-enforcement personnel must
examine when hunting for suspected criminals.

This "narrowing of the search space" is no longer viable, now that SSH is out there, RSA's patent has run out, Blowfish, and so on are all widely, freely available. To now advocate putting backdoors on encryption programs would be a step back.

Re:A deeper look . . . and fundamental problems

[mrogers]

Should the government also make access to true randomness illegal so that any string of bits that seems sufficiently random can be assumed to be an illegally encrypted message?

Good idea. Write to your congressman and suggest that they ban entropy. Entropy is the basis of all encryption methods, and encryption makes it possible for terrorists to discuss their evil plans in secret, right under the Government's nose. For the safety of the American people the Government should strive to reduce the amount of entropy in the world, and if possible eliminate it completely. In this time of knee-jerk patriotism, what elected official could oppose such an idea?

Mind you it's going to be awfully cold if they succeed...

DMCA and mandated backdoors

[Kushana]

What I'm waiting to see is the DMCA and backdoor legislation put in a locked room together so they can fight it out.

If DMCA proponent uses some form of watermarking (essentially steganography) then they have to provide ways for the goverment to get at the raw digital information. This means that the backdoor software violates the DMCA.

However, the backdoor software could be just a PGP decoder. Does that make all PGP programs illegal?

Backdoor != Key Escrow

Crypto backdoors and key escrow are two different concepts. A backdoor would be like a master key that the government (or any unscrupulous person who gets hold of it) could use to decrypt all communications encrypted with that software by anyone.

And all that is necessary to compromise your security (apart from government snooping) is that at some point in the future somebody cracks or steals the backdoor key; then all the secrets you previously locked up become an open book (unless also physically secure, which e-mail of course is not).

Backdoors Make Crypto Useless

[Ranger]

This is a long and rambling rant, more for my benefit (venting my spleen) than a feeble attempt to persuade others.

How is the world of crypto different from World War II and today? I'm sure anyone caught using crypto in the US during WWII not affiliated with the government would be considered a spy. Certainly they didn't have the technology that we enjoy today. I don't know what the answer is. There must be a balance, but giving the gov't cart blanche on my liberties isn't a balance.

Besides there is nothing from keeping people from double encrypting their messages. The first message would be encrypted with a known, secure, and trustesd crypto program and then encrypting it with the backdoor program.I know that I would like to have a key recovery system, but I'd have to store my access info with a secure and trusted third party, and that isn't with the government.

It is a sad commentary on certain people and certain agencies that would use an act of war to permanently cripple our rights to liberty and to privacy. Heaven forbid that America should be defeated and conquered but if it were then those backdoors would be in the hands of our enemies.

If Americans can keep their crypto and their guns it would make it far more difficult for an enemy to control us. Of course if they are merely bent on wiping us out then it wouldn't do us any good anyway. America has been generous to it's enemies after defeating them. Cynical observers might say we helped rebuild Japan and Germany to make them our allies against the Soviets. To some extent that was true.

We should do more to help our friends and if we must fight our enemies then fight them and defeat them. Then we must be generous to them.

So what does this have to do with backdoors. Not much really. So back to the topic.

There are plenty of legitimate and mundane reasons not to allow them. How can you trust a financial transaction that requires crypto if someone has a backdoor? What if you have travel plans to a friendly foreign country like England? You certainly don't want to advertise that you will be away from home. And finally with a backdoor, what is to keep an agency from using it as a fishing expedition because they don't know what it is they are looking for. Only stupid criminals and enemies are going to use compromised crypto.

Judd Gregg's call for "cooperation".

You can find Sen. Judd Gregg's comments regarding encryption in the September 13th edition of the Congressional Record ( http://thomas.loc.gov/cgi-bin/query/C?r107:./temp/ ~r107z8jAj4 ), under Senate, in the section discussing the appropriations for the biggest federal departments outside of the DoD.

I would like to note a few things:
* He calls for "cooperation", not "regulation"
* For a Republican, he really seems to like quoting favorite Republican whipping children Janet Reno and Louis Freeh.
* While he never uses the word "regulation", he does say that manufacturers "should understand, as a matter of citizenship, they have an obligation to allow us to have, under the scrutiny of the search and seizure clauses... to have our people have the technical capability to get the keys".

Basically, he wants the force a key-recovery mechanism. But he wants the industry to figure out how it should be done.

He does mention, amusingly enough, that the industry hasn't cooperated in the past (ya THINK?). He attributes this to "a myriad of reasons, most of them competitive."

What a fucking moron.

the real reason

[h4x0r-3l337]

It is obvious to anyone, including the people in the government, that these backdoors by themselves are useless, since criminals/terrorists will simply use non-crippled crypto. I believe the real reason for requiring a backdoor is so that people can be jailed for using unlicensed crypto, which would give law enforcement an extra weapon in the fight against crime and terrorism. Sort of like how Al Capone (?) was convicted of tax-fraud instead of the real crimes he (had) committed.

One Ring?

Nine keys for the secretaries fair,
Seven keys for the hackers scarce,
Five keys for the grads in smoky lairs,
Three keys for system source;

One key to rule them all, One key to bind them,
One key to all the files, and let the hackers grind them.

(Apologies to JRR et al)

Very, very cool

[p3d0]

That chaffing and winnowing article is the coolest thing I have read in a long time. I'm not joking. Everyone here would probably enjoy it. It discusses not only technical issues, but their legal and social consequences.

Thanks for the link.

Re:Very, very cool

[bartyboy]

I agree. It's a very neat idea.

I have a couple of questions, though - what if the chaff introduced by a third party contains (as unlikely as it may be) a MAC that could be authenticated as wheat? Would it cause an error in the reassembly of message? And would the error be continous or located at a specific part of a message?

SETEC ASTRONOMY

[Dog+and+Pony]

Or, "Too many secrets" - remember "Sneakers", anyone? I loved that movie.

Well, that would be the way then... a hardwired chip that broke all the codes - but then we would not need any backdoors.

Basically, for any backdoor to work, it has to somehow carry the data for it's own unlocking, right? So what we mean by backdoors is more or less impossible.

Could they mean a backdoor to your copy of PGP? Possibly. They trace whoever encrypted the message and then get the key from the backdoor.

Anyways, I have no idea what you need cryptos so badly for. I actually don't. WHat is it that is so critical that you know?

IT'S NOT GONNA FUCKING HAPPEN lowercase lowercase

Jeebus CRISPY people.


HI HALLO GOVARNMANT WE ARE TARRORISTS AND NO SORRIEY I DONUT HAEV TEH BACKDOOERS TO MYE SECRAT TRANMIAXXIONS WIETH 12-BET ENCRAPSHION, GO FUCK URSELF MASTIR PRSEDIANT.


lowercase lowercase lowercase lowercase lowercase lowercase lowercase lowercase lowercase lowercase lowercase lowercase

Backdoor probably isn't the right term...

[MuppetsCmdr]

how would they work?
Well, I woul call it a weak spot in the wall of your supposed-to-be-strong-fortress. It's not like you see the door and just need to try to find the right key. That's brute force on the frontdoor.
If an encryption algorithm is not completely 'clear', that is, it contains parts, whose design strategy/philosofy is a mistery, like the substitution boxes in DES, there is a risk it contains a backdoor. For DES: if one could find an analytical expression, that relates the input os the s-boxes to the output... you're a winner! Then you would have found the weak spot in the wall, just push gently, and you're in.

It's nice to be in Holland: we have a graduate course on Encryption (DES, RSA etc.) It seems this is sort of an impossibillity in the US.

And useless, too

[quartz]

Even if they *did* work, what's the purpose? To keep tabs terrorists? Bwahaha. Bin Laden is already one step ahead in the high-tech race. He <gasp!> turned off his cellphone, ditched the e-mail account and he's now communicating through human messengers!.

Crypto backdoors... Carnivore... Echelon... what a load of absolute crap.

They admit - it does not work

[Garry+Anderson]

My message a few days ago for FBI and CIA:

Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?

Perhaps you think Bin Laden cannot afford it - dimwits.

The Government use terrorism as excuse to spy on citizens. In my opinion, only those of low intelligence would believe otherwise.

THEY NOW EVEN ADMIT - IT WILL NOT WORK ON TERRORISTS

USATODAY article

WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.

Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.

Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.

All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.

The answer to trademark and domain name problems is at WIPO.org.uk

there is still some leverage there

[mikey504]

IANAL, but as far as I know, holding someone in contempt would enable a judge to keep him or her in prison indefinitely.

This might be even worse because you could extend this to apply to witnesses in a given case or grand jury proceeding, which would mean that the state would no longer have to bother to secure an indictment to put perceived bad guys in jail.

I concede the point that this may not get us any closer to the terrorist leader in another country or give us useful information to help disrupt a group's operations, but individual cells could be rendered inoperative based on their intercepted communications, even if we never obtain the clear text of the message. (Does the message appear to contain random data? If yes is there a proper key registered? If no, release hounds. If yes, decrypt. Are contents still random? If no, read message. If yes, release hounds.)

Understand that I don't have any illusions that this would be of net benefit to society. Like anti-terrorist sponsored civil rights violations in other countries, it is doomed to devolve into being used against Joe Average, because that is who it would be most effective against. Most likely it would be used against drug dealers and mafia types who have proven difficult to build cases against as a test case for extending it past its stated purpose. Then a little later against someone who is gay, or having an affair, or reading books that have been banned.

I believe completely that this should be resisted every step of the way, but I am not sure technical issues are the best platform from which to attack it. Attack it on the basis that it is fundamentally wrong.

Re:there is still some leverage there

[Panaflex]

ANAL, but as far as I know, holding someone in contempt would enable a judge to keep him or her in prison indefinitely.

At least in the federal courts, the judge can only hold you in court for as long as the grand jury is in session. (During indictment)

During a criminal case it is a couple of years, but I'm not sure.. Susan McDougle was in prison for a few years.

Pan

Back Door Crypto

[blitz77]

If the government tries to implement back door crypto using their own crypto, they would have to first make it pretty uncrackable. But that was what they said for 40-bit RSA, public key encryption, etc. There was this company that offered money for people who could crack these algorithms. Later they found new ways of searching for the keys that reduced the supposed polynomial time increase for each bit gradually down to just quadratic time. When the hardware improves, and the algorithms used can be reduced to a quadratic increase for each digit, its just a matter of time before its cracked. And then of course, with quantum computing coming soon, there also comes the use of superposition to solve the algorithms in linear time, until quantum encryption comes along, which'll be pretty damn chancy to crack, because of how it works.

Re:Exterminate Trolls. Destroy All Sporks

[Mojojojo+Monkey+Inc.]

Hey I'm a monkey. But I'm not a troll. I just scheme and plot.

Us innocent monkeys are going to be endangered by your anti-monkey hatred! Peace for all monkeys!

Most Systems Already Use 2 Keys... Add One

In a public key system such as PGP, a "random" symmetric key is generated for that message only. This key is then encrypted using the public key of the recipient. Assymetric crypto is slow, and this is an easy way to speed it up, and allow multiple keys. In the header of the message, you simply encrypt the message key to multiple recipients, in this case, one of them being a backdoor key. Then, when one wants to decrypt the message, they decrypt the message key in the header corresponding to their private key, and use the message key to decrypt the message.

The problem is, however, is that all cracking efforts could be concentrated on the [hopefully REALLY long] private key. Once this key is broken, all is readable.

Another issue is that in some systems encrypting the same data with multiple keys can be dangerous. In the case of public key crypt, the message key is very short, and it is probable that it could be broken with very simple cryptoanalysis. Once the short message key is recovered, the whole message can be decoded. The cryptoanalysis algorithm could be easily implemented, and would most likely be fast on the short data.

Bottom Line:
backdoors would make it useless....

Backdoors will fail - look at 'rubberhose.org'

[heretic108]

The ingenius system Rubberhose.org allows the creation of large, small or tiny disk images, containing random data, into which not 1, not 2 but n files can be embedded.
Once the disk image is created, there's no way to determine how many pieces of information are embedded, so rubberhose offers true plausible deniability.
Rubberhose disk images can be easily sent by email, http, ftp etc.
Forced key escrow on rubberhose images is a farce, because the owner can hand over one or two private keys which will yield up only the data the owner wants to hand over - there's no way to prove the image contains any more data.

All this aside, my conclusion is that the only way to stamp out illicit information is to ban the internet, as the Taleban has done. The problem with this, of course, is the growing sector of the economy that depends on e-commerce.

hmmm....backdoor DOS? =-)

[grape+jelly]

hmmm....assuming that since binary data and encrypted data theoretically should all look the same, the government would assumedly be forced to scan all binary data streaming across the 'net. No easy task. Could it be possible to perform a mass DOS on the system by registering tons of encryption systems with backdoors? Each additional encryption method would increase runtime pretty significantly. Anyone feel like another encryption challenge? Perhaps this time, to implement the backdoor that takes the longest time to calculate?

spammimic is gone?

[pclminion]

I can't get to www.spammimic.com. traceroute seems to show the packets going away somewhere inside psi.net. Is it just me? Is it just an outage somewhere? Or are the feds doing something...

Already law in UK, despite demo of this idea

[Chris.Boyle]

The Regulation of Investigatory Powers Act passed into UK law last year, despite a campaign by the website stand.org.uk based on this very idea (they called it "Operation Dear Jack", it was against the then Home Secretary Jack Straw).

There is now a penalty of 2 years in jail for failing to disclose a key, and 5 years in jail if you tell anyone you've been asked for a key! The full text of the law is available here.

I really need to know this.

[Lord+Bitman]

If the government makes a law requiring a backdoor to all crypto, would that make every secure program released previously to this law be illegal?
How many BILLIONS would be lost in trying to get ABSOLUTELY EVERYTHING made less-secure? Forget the problems this will cause everyone later on, once the change is made. How is the change to be made?
Is the government going to just make illegal all backwards-compatability to servers? to products? DVD for example?
Imagine when major companies come together in support of DeCSS in order that they need not lose their customers for having encryption which is Too Secure!

NSA

[Dermot+the+Forg]

Call me naive and paranoid, but I was always taught that the NSA were already sufficiently decades ahead in maths and processing power to decrypt most things any way.

Yes, U.S. Congressmen and Senators are traitors

[alienmole]

This proposal doesn't necessarily show ignorance it may in fact just show incredibly callous calculating cynical attempt to pass this ridiculous legislation.

You're absolutely correct. The elected officials who propose this sort of legislation are traitors to the United States Constitution and to the principles which make the U.S. a great country.

Night of the living dead?

[yusing]

how would/does the government know wether a bitstream is random bits...

They don't, which is why they'll have to be banned!

This, of course, will cause the death of AM Talk Radio.

Multi-Layer Encryption

[gweihir]

From the point of view whether a backdoor accomplished its task, the main point is not what kind of backdoor to use, but how to prevent/detect layered encryption. Let's have a look at the alternatives. I will comment the consequences for escrow and weak keys each.

1. Complete decryption:
   O.K., lets just look at everything and determine whether there is anadditional illegal layer of crypte below the legal one.
   General problem: How to recognize crypto? Make it illegal to send random data?
   Escrow: All the keys would be needed all the time. This would most likely be illegal or infeasible
   Weak Key: The keys would need to be so weak everybody could break them, because of the volume of messages.
2. Don't tell people that they have a backdoor:
   Problem: How to install the backdoor? A secret law that forces MS to include backdoors in it's products? Waht about OSS?
   Escrow: Would not work with this.
   Weak Key: Probably to easy to recognize.
3. Have draconian punishment for multil-layer encryption:
   General Problem: Would that be legal? And it does not help against terrorists who do not care.
   Escrow: A justification for taking the key out of escrow is still needed.
   Weak Key: A paradise for industrial espionage of any kind!

I am sure other options fall on their face in a similar way.

File formats illegal? - Our rights in this country

Uh, isn't the most basic definition of crytography that you change the data in such a way that it's hard to understand?

For example, ROT-13 could hardly be considered "encryption"... Is it encryption if I send my text file which uses that new big ascii thing from a big endian system, to a little endian system?

For those of you that don't know what that means, in layman's terms, it just means that integers are two bytes, and on some computers the first byte comes first and then the second, and on others the first byte is placed down after the second.

So that is a form of "encryption".

Encryption, as Adboe has proved by calling ROT-13 encryption, is not actually defined as making something IMPOSSIBLE to read without a key. It's not even defined as making it particularly hard to read without a key. Simply typing words by moving your finger one key to the right is a form of encryption.

And a .doc file is a way of encrypting text. You can't easily read the text in a word document. Heck, even COMPRESSION is a form of encryption.

If I compress a file with a program I wrote, and me, and a freind are the only one who has the uncompression software, am I now encrypting illegally because the govenrment doesn't have acess to the "key", which is really the program itself.

What about encryption which doesn't use a key? I think quantum encryption works that way. The datastream isn't actually "encrypted" in quantum encyption to my knowledge, it's just sent in such a way that if it's tapped by a third party, it gets corrupted.

Everyone seems to be talking aobut public key encryption, but nobody seems to be talking about all the other kinds of encryption there are in the world, besidees steganography, which has been discussed a lot.

Bbtw, is it stegnography if you send an image file where the message isn't stored in the image itself, but in a part of the file which isn't displayed when it's loaded? And if Steganography is made illegal, will it then be illegal to have "copyright 2000 ME" embedded in the header?

Hell, I just thought of something... what about watermarking? Will that be illegal if steganography is made illegal?
I haven't liked the idea of big brother monitoring people with camera's on street corners, but this requirement that we make all our communications open the the government is even more scary. For most of us,t he camera on the street corners will affect us a lot more than the government reading our encrypted emails, (but not more than hackers being able to cakc our encrypted credit card numbers) but it's still a lot more scary that the govermnet could force us to make our stuff visible to them. I don't even actually encrypt anything I send out and it worries me that that ability might be taken away.

I don't see how they can even be consdiering it. I mean the bill of rights says we have the right to privacy. It VERY clearly says that. I'm pretty damn sure that means the right to privacy of communication. Of course we gave up a bit of that freedom when we allowed the government to tap our phones if they think we're doing somethign illegal... and in a much as the right to provacy was specifically there to allow us to overthrow the government if we have a need to, and I'll quote a famous figure here:

"and every time we allow the government to grow in power at the expense of the people, we put ourselves in jeopardy of losing the ability to free ourselves of them if it goes too far." -- Thomas Jefferson

I do understand the need to be able to tap communications for certain things like terrorists from other countries. But I still think we give out these search warrants for american citizens way too freely these days.

But this is not tapping with a warrant. This is basically saying "You can't have a conversation which the government cannot get access to." Which is EXACTLY the kind of thing thomas jefferson warned us about.

Our government may not always be benevolent. Hell... what if we do get into a long and drawn out and bloody world war 3? One perhaps that does not involve ahnnilating outselfs with nuclear weapons. What if we have out back agaisnt the wall, and congress granted Mr. Bush a few bills that allow him to stay in office for as long as neccesary to "rid the world of evil". And what if they declare marshal law, which basically allows them to control where you go, when you go there, and who you meet with? Then we will be in a police state. And congress might pass all kinds of laws after the war "in the interest of preventing this from happening again". We might not be stuck with Mr Bush or whomever forever, I don't think it would be THAT easy for someone to become a dictator in the US, but we could be stuck with him a lot longer than 8 years with no choice in the matter really, and then all these laws curtailing our freedoms dramatically could be passed "in the interest of the people". Hell, since these terrorist attacks, they've basically prevented us from even leaving the country. No outbound commercial flights, no private flights and they closed off the borders. Are they even open again yet?

In a time of war, do you want to be prevented from taking your private plane or boat and getting the hell out of the country if you so desire? I sure don't.

Trust

[SiriusBlack]

These backdoor keys could bankrupt a company if disclosed to the wrong person. Would you trust the FBI, who recently admitted to losing hundreds of firearms and laptop computers, with YOUR key?

Re:Here's what I said to my political representati

Good - Someone finally read the Chaffing and Winnowing paper and realized what it meant. Everyone else replaying to this news item should spend more time reading rather than giving their uninformed opinion.

Encrytion and Stenography example ...

[martinbogo]

The following message is encrypted, the keyspace is 1024 bits, the method is a combination of public key encryption and winnow/chaff.

Using a non-constructive proof is not a problem; after all, the classes P and NP themselves are defned non-constructively. That we would presumably be unable to construct the DTM is thus no obstacle. However, the big aw is that the argument only applies for a specifc yes instance: the NDTM, arriving at some decision point, will presumably take diferent branches depending on the instance, so that we would have, not one, but many DTMs corresponding to that one NDTM. So, the logic is correct for a single instance|but we knew that a single instance is easy to solve anyway; and the logic completely fails for an innite collection of instances (we would have to guess which DTM to use at each point, bringing us right back to non-determinism).

It is really quite simple to add unique labels to each transformed instance: a trivial example is just to repeat the original instance as a postscript" to the transformed instance this certainly ensures a one-to-one transformation! Indeed, for many encoding schemes, each code is a valid instance, which means that each instance is its own index. Hence we can derive, using the Schroeder-Bernstein theorem, a bijection between the two problems. The problem is that this bijection may not be a polynomial-time isomorphism, i.e., it may not be a valid transformation anymore. To be a valid transformation, it has to respect two conditions: (i) polynomial-time feasibility and (ii) mapping yes instances to yes instances and no instances to no instances. But the Schroeder-Bernstein theorem only states that, given two 1-1 functions (not transformations), there exists a bijection. We do not know that the bijection in question bears much relation to the two injections developed by padding; it may neither be computable in polynomial time nor respect the yes-yes, no-no dichotomy. So aws may reside there. In fact, a aw appears even earlier: our padding does result in an injective mapping, but does it respect the yes-yes, no-no dichotomy? This is not at all certain; it may not even produce legal instance descriptions.

Cryptography and terrorism

[1000101b]

The goal of public key cryptography is to make it take so long to crack the encrypted message that by the time it was decrypted, the message would be useless. The algorithms must be publicly agreed upon or else they are useless to the public. Terrorists would be stupid to use some crypto system that has known vulnerabilities. If I were a terrorist I would develop some obscure system that only needs to be distributed to a few of my crazy friends. I could personally distrubite the algorithm(s) via disk or something. There is really no need for terrorists to even have to communicate with each other after one or two in-person meetings. The only way to stop terrorists from communicating with each other in privacy is to get rid of the terrorists and their reasons for existing. Oh yeah... to all you terrorists out there: (( oethluyIikanbprsd!wf))
(13,5,4)(23,43,4)(12,127,4)(21,213,4)(9,87,4)(33 ,2 48,4)(23,2,4)(14,149,4)(35,2,4)(30,14,4)(37,39,4)

If the government really wants to...

[Trejus]

If they really want to decrypt encrypted communications easily, all they really have to do is prove P = NP :)

Its too late

[thogard]

A common trick for export approved crypto is that the checksum (MD5/SHA/WhateverMD) is outside of the encrypted packet. That way if you can guess at whats inside, you can verify whats there without decrypting it. Once you have the plain text and the cypher text, the game is over for the rest of the data stream.

The most undetectable way to send a hidden message

[Behrooz]

Encrypt the message into a 20kbit sample porn jpeg, and spam it to 100,000 e-mail addresses... including the small group whom you actually wish to send the information.

Add a "visit www.hotsluts4u.com for the hottest sluts" message, and nobody looking for hidden information will even give it a second glance.

Extradition

[Gregoyle]

We can extradite anyone who has broken our laws in our country from any country with which we have extradition treaties. This includes most countries in the world

Your country can do likewise.

I'm not saying that this is a good thing, just that it is so.

Re:Extradition

[The+Milky+Bar+Kid]

We can extradite anyone who has broken our laws in our country from any country with which we have extradition treaties. This includes most countries in the world

Until Skylarov, I wouldn't have said this was an issue, as I'm sending a message from my country, using my software in that country - if someone from the USA reads it, not my problem.

Though this depends on the drafting of the law - is using the software an offence, or sending the message. If it's the sending of the message, I can imagine the US applying for extradition on the grounds someone sent an encrypted message into the US. If it's use of the software, they can't do anything about it.

Though moves like this have been talked about in Australia as well, so I could be stuffed either way (bring on winnowing & chaffing)..

Re:Extradition

[Troed]

I can break all the US laws I want when I'm in Sweden, without you being able to extradite me. Have sex with 15-year old girls as an example of the top of my head .. *g* (note to the offended, my real gf is 19)

Most countries couldn't care less about the US, we're actually getting quite fed up with the "we rule the world" crap.

Safe?!?

[SiriusBlack]

Short of the US Governement getting hacked your keys should be safe with them.

The FBI just admitted to "misplacing" hundreds of weapons and laptop computers. What's to keep them from "misplacing" my key?

Re:Safe?!?

[God!+Awful]

The way key escrow is supposed to work is that you break up your key into multiple pieces and submit them to multiple escrow agencies. Then, if the FBI gets a search warrant, they have to get one fragment of the keys from each of the escrow agencies. There are ways of splitting up the key so that you can't deduce any information with all of the fragments (or maybe you only need 2 out of 3 fragments).

-a

Perfect obfuscation

[Gregoyle]

The point I was making above was that if Tim encrypts his data using his own algorithm (say, RC5), and then encrypts it with Legitimate Encryption Standard v.2.3, there is no way to tell that he has encrypted his data until you decrypt the "legitimate" message.

This would presumeably require a court order (for a government to do it at least), which takes time and energy to get. The only way to systematically tell if people are using their own encryption under this scheme is to decrypt all messages that are passed. This is impractical, and would not likely stand in any society that purports to be "free".

That is why I label it futile. It is futile against those who don't go along with the system, unless they are in your power and fear jail time. For any sort of intelligence gathering such a scheme is essentially useless.

I think that when evaluating security proposals it is first necessary to find out if the proposal is practicable. This can save a lot of energy for step 2, which is finding out if it is Right.

You bozos...

[frickin-fred]

Two things have been buggin' me...

1) Random vs Encrypted -- Compression should make data fairly random, except for those annoying headers and markers in the resulting files that tell the software how to restore the data. Encrypted data should look fairly random except for the annoying headers and markers that make it easier for the software to determine if it has indeed decrypted the data correctly. And if we used raw streams... now there's an idea. Maybe you couldn't tell the difference.

2) Software vs Hardware cracking -- you can't implement algorithms in one that can't be implemented in the other. You give me a hardware algorithm, I'll code the software to do the same (but more slowly). Give me a software algorithm, and I'll have my friends build a little circuit that'll run circles around the software. Algorithms are algorithms no matter where implemented. And if they're rotten algorithms, then that's the weakness. If they're strong algorithms...well think about it.

backdoor in SSH

[PMan88]

if they put a backdoor in ssh (or did anything), they would have to release the source code. then anyone who wants to can look at the source, find the back door, and look at ssh traffic. i might be missing something, but it's obvious backdoors wouldn't work.

How is this going to stop Terrorism?

[jesseraf]

weren't the crimes done by foreigners who wouldn't be under US juristiction? Seems like capitializing on the public's outrage to do something they've wanted to do for a long time.

Re:How to detect algorithm

[ScottBob]

Suppose you had a file that you knew was encrypted. Is there a way to analyze the data and at least tell which algorithm was used (e.g. Triple-DES or Blowfish), whether or not you have the intention (or computing horsepower) to crack it?

National Anthem.

[Jarvo]

I guess a lot of Aussie geeks (as I am) would like an ad-hoc modification of our natioanl anthem:

Australians all let us rejoice,
For we aren't getting crypto restrictions shoved down our throats.

On the other hand, our laws say that any piece of information on an Australian web site that anyone complains (as being 'offsensive') must be removed.

Is there any place other that Sealand that doesn't have complete tools for lawmakers?

Difference very simple:

[Schoinobates+Volans]

"Honest citizens don't send random data around". So if it looks random, has no compression headers, it is encrypted. Obviously, this reasoning is utterly flawed, but I'm sure at least some law enforcer will make it.

Re:Difference very simple:

[drnomad]

Take a statistic approach:

How much of transmitted data is random bits, and how much of transmitted data has structure...

I'm positive that more than 99.9% has structure. Who would transmit random bits? Perhaps one of those organizations who'd like to fool the system, but it can't be the lion part.

am I missing something?

[e40]

1. We outlaw backdoorless crypto in the US, so terrorists purchase non-US crypto w/o backdoors. I know, I know, if X is outlawed, only outlaws will have X.

2. Let's say there is no crypto w/o a backdoor around anywhere. So, our terrorist does a google search on "blowfish" and finds the source code to the algorithm. No UI, just a couple of pages of C code. (It's currently the 3rd link returned by google, after 2 sex links.) He may not make some wiz bang UI on top of it, but he can surely hack something together quickly so he can send encrypted messages that no one can crack.

I just don't see how backdoors will improve our chances of catching anyone.

Re:am I missing something?

[PigleT]

Additional point:
3. Not only can anyone can grab the sources for GnuPG and carry on from the last Free version, even if the government outlaws it, but the sources can be verified for backdoors and cleaned if need be; the only way around that would be to get all your keys generated by a government agency, but that could at best only be voluntary as there is a Free GnuPG out there that generates perfectly good keys as well.

And as you say, we can't expect criminals to play fair anyway, so legislation along the lines of escrow is guaranteed to do no more than irritate the masses in the mistaken name of the few.

Two points I haven't seen mentioned...

[Colitis]

1) key escrow - what about tools that regularly change encryption keys (ie I think ssh session keys?). Would the US government have to be sent a new key for every SSH session every hour? How on earth would they store all this?

2) how on earth do they expect everyone to stop using the old encryption methods without backdoors? Intransigence aside, the same people that support encryption backdoors without understanding the issues are the ones that will still be using their old copy of Win 95 years from now and maybe just wondering why they can't seem to connect to the new SSL sites, assuming the servers have all upgraded to the broken encryption protocols, either that or they'll be blissfully unaware that they're breaking the laws of their country by connecting to a server overseas with strong encryption.

Basic freedom

[Alsee]

While there are a great many arguments demonstrating why back-door encryption is useless, I feel there's a much more fundamental argument.

I belive I have the RIGHT and FREEDOM to write anything I want for my own personal use. And to alter it in any way I see fit. If I write a poem, and decide to write it down backwards and swap the letters 'b' and 'd' everywhere that's my own bussiness. I also belive in the right to communicate any such message to anyone else so long as it causes no harm (threats, virii, or a remote format command would be covered under harm).

If I buy a movie and play it backwards, or swap the red and green colors, or run it through any other math function, it's nobody else's bussiness. And if I bought it I have the right to examine it as closely as I want.

Oh, wait a minute - All of that is illegal according to DCMA. I guess we may as well make math (encryption) illegal too.

Note that it's possible to do encryption in your head. No computer or even paper required. So we are also going to need a law against thinking. It's ok though - not many people think anyway, and the ones that do are dangerous.

Crypto backdoors *would* help

[plover]

Actually, crypto back doors would help immensely.

Consider this scenario: Micro$oft agrees to hide crypto backdoors in their latest "Outlook XP" or "Outlook.NET". For the sake of argument, let's pretend they might agree to do this in exchange for something of value. How about something like the DOJ agreeing to drop the breakup of the company in their civil suit... Micro$oft even gets another selling point out of the deal: they get to promote "OUTLOOK -- now with ENCRYPTED E-MAIL! It's SAFE, and SIMPLE, and your grandma could use it without even knowing it!" Woo-hoo, that's where I want to go today!

Soon the vast majority of the world "standardizes" on Micro$oft e-mail. (For proof that this could happen, I submit every single document sent by SirCam.) So J. Random Lusers everywhere start using "encrypted" Outlook. Including criminals and terrorists, who still aren't typically among the brightest bulbs on the planet.

Sure, as time passes really smart people like Schneier, Biham, et al., take the algorithm apart, and eventually find where it leaks some key bits. There's a brief hoopla that you might even hear on NPR some evening during the drive home, but for the average luser, they'll have forgotten to download the Outlook patch before they even pull into their garage. Questioning Micro$oft really doesn't happen in public, (despite how important those of us who read Slashdot think we are.)

As an extra added bonus, the DOJ/FBI/CIA/NSA can leverage the fact of encryption as a "red flag" indicating the message might be more interesting than an unencrypted one. They just set Echelon to search specifically for these Outlook encrypted messages. As long as they've been saving your leaked key bits, they've got your messages.

Micro$oft got to be their current size by not underestimating the power of inertia: they bank on the fact that if they keep shoveling it out the door, people keep buying it. If they want to provide leaky encryption, it'll be in the hands of millions of people world wide, and probably by tomorrow. And those people are already lining up to pay for the privilege.

Just remember to let Windows perform an "automatic upgrade" of your system tonight.

Disclaimer: this posting is the ficticious product of an overactive imagination that's two hours past needing sleep...

Re:Crypto backdoors *would* help

[sql*kitten]

Consider this scenario: Micro$oft agrees to hide crypto backdoors in their latest "Outlook XP" or "Outlook.NET".

This is pathetic. Can't slashbots discuss any subject without descending to Microsoft-bashing?

FYI, you want encryption in Outlook, just use the PGP plugin. Press the buttons to encrypt, sign and send your email if you want to. Even set it to encrypt all your email by default. When you receive a PGP encrypted email, it will prompt for your passphrase, then display the message in a window cunningly designed to defeat Van Eck snooping. It's a great product.

. Including criminals and terrorists, who still aren't typically among the brightest bulbs on the planet.

I pray you never get a job in an airport.

one word.

stenography

it would be a neat trick if someone
came up with robust detection and backdoor
access for that.

And how would this work internationally?

[Kjella]

...because everybody here seems to worry about the US. But are we going to get back to the "good" old days of US software (with US key), and international software (PGP & PGPi), or US and non-US hardware as I doubt a software solution would be sufficent. I dont think non-US businesses would ever give their keys away, theres been enough problems with Echelon already.

Kjella

Deniable encryption

[pallex]

"So, anyone who wants Internet privacy under this regime must hide the fact that they are hiding data"

Or hide that data inside a file which contains multiple encrypted data streams. Sure, theres encrypted data in it - you can even decrypt one stream to show that its just something harmless, but how many other streams are hidden in the same file? Check out www.rubberhose.org.

Once in a while...

[t_allardyce]

Once in a while, someone in a high position comes up with a law idea thats so dumb, ridiculous, misinformed and violatory of peoples basic rights, that everyone ignores it and breaks it. This makes it unenforceable, even the law enforcement sees how dumb it is, and the person who came up with it is taken out of power or theres a revolution.

Lets put it in dumbass terms:

Once upon a time, there was a King, lets call him George, who ruled over a big land. One day, the king was bored, so he decided to make some laws for fun. First he made a reasonable law, that the people would like, he made the law so that the rich couldn't take advantage of the poor. The people liked this law because only afew of them were rich, and the rich didn't mind it so much because it wasn't that restrictive and they could see that if they were poor, they would want it that way too. Then the king decided to make a dumb law to counterbalance the good he had done. He made the law so that no-one could write. Most people in the land couldn't write anyway, so they didn't mind. The king had all the pens and paper taken away and burnt and only the royal scribes were allowed to write. The people were starting to get a little pissed off with the laws but they didn't do anything. Then he made the 3rd law. This time he was really bored, so he decided that no-one could speak. He figured that if no-one could speak, then no-one could complain about the laws or organise a revolution. So he had his guards patrol the land making sure no-one could speak. People were forced to wear gags when they weren't eating, and anyone who spoke had their vocal chords removed. Sooner or later, the guards and the people and everyone else but the king decided that they had had enough, so they took off their gags, made pens and paper and hanged the king outside the palace and then danced on his grave.

~ THE END ~

And then there's trouble

[frog51]

It'll end up the same as we will have here in the UK soon - the RIP bill basically states that if you don't give up your encryption key when asked to by the police, you will be imprisoned. Even if you don't have the key! For example a consultant at a company I used to work for had been given a copy of a clients key to hold for safekeeping. The client lost theirs and so had my colleague. The RIP bill could send them both to prison, as the onus would be on them to prove they had lost it (HOW???).

Guilty until proven Innocent - sucks don't it!

The US Govt is just using the WTC incident as a scare to push some pretty heavy anti-freedom legislation through while everyone is still shocked.

Long live Steganography

Steganography in WWII

[MightyMicro]

Steganography was in use in WWII and probably before. The BBC in London would broadcast messages to agents in occupied Europe in plain text, before the news bulletins. The hypothetical comic example is "The blue cow has crossed the road". Which could, of course, mean "blow up the main Paris-Lyon railway on Friday".

MM

hardware backdoors (not internet)

[astafas]

The way this will probably work are hardware keys. I would think maybe something like cprm was being designed (and failed) to handle keys against copying media (songs and movies) from original cds would probably be what might get tried. The computer might keep an unencrypted copy of anything encrypted on a part of the hard drive not accessable to anything else for a while. The FBI or whoever would show up at your door and take your drive or analyze it right there and see what you sent encrypted. I can't see how else this could work

The main problem with DES (Re:Take a look at DES)

[goeb]

When Feistel invented DES, it (really) used a 64 bit key, but the NSA urged him to weaken the system in such a way that it uses 56 bits of the (seemingly) 64 bit key. This way, they were able to launch brute force attacks (i.e. check all possible keys).

There may be other security holes in DES, but there is no need to exploit them, since brute force definitely is feasible.

No Extradition? Try Kidnapping

[skribe]

I can break all the US laws I want when I'm in Sweden, without you being able to extradite me.

They don't have to extradite, in 1992 the US Supreme Court ruled that the United States was entitled to kidnap criminal suspects from foreign countries for the purpose of prosecuting them in the U.S.

I recently read about a Mexican doctor that was kidnapped by bounty hunters for the DEA. His kidnapping was deemed illegal (and he'd already been found not guilty of the alleged crimes anyway) but he spent two years in gaol before he was freed.

I've found and article that describes the events. I'm sure there are others.

skribe

Re:No Extradition? Try Kidnapping

[Troed]

They don't have to extradite, in 1992 the US Supreme Court ruled that the United States was entitled to kidnap criminal suspects from foreign countries for the purpose of prosecuting them in the U.S

The non-americans here know that the US is the biggest terrorist state of them all, yes.

THEY ADMIT IT WILL NOT WORK

[Garry+Anderson]

Are you all so stupid, that you deny the TRUTH?

THEY NOW ADMIT - IT WILL NOT WORK ON TERRORISTS

USATODAY article

WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.

Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.

Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.

All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.

The answer to trademark and domain name problems is at WIPO.org.uk

What about DVD?

[t_allardyce]

So all the CSS encrypted DVDs, players and recorders will have to be replaced?

if this happens, then someone will have to make T-Shirts with crypto-source code on them like with decss, then turn up at your local police station and demand to be arrested.

And then theres graphics:
Excuse me sir, thats illigal encryption technology, your going to have to come with me. "But officer, im just overlaying one image over the other in [gimp/photoshop/paintshop] and using the 'add' filter."

Bush, you silly dumbass, stop smoking your joints, and get your congress off crack.

Re:What about DVD?

[t_allardyce]

Oh sorry, my mistake, CSS already has a backdoor

Legal flaws

1) You create a public key, and escrow your private key with the government.

2) I create another public key, without escrowing the private key.

3) I send you an email, encrypted to the public key I created. Then delete the key I created.

4) The FBI knocks on your door and says "where's the private key?" You say, "I don't know, I didn't make that public key. I can't decrypt that file."

5) The FBI knocks on my door. I say "Of course I don't have the private key to someone else's public key. So I can't decrypt that file, and I deleted the original."

Either we can't prosecute due to reasonable doubt, or anyone can be easily framed. This idea isn't original with me - people actually did play games like this in Great Britain when they passed a law requiring decryption on demand. Of course if you do have the public/private key in question on your keyring, you can't deny it's your key - if you want deniability, you have to change keys frequently.

Steganography also has a legal flaw:

FBI: The defendant hid encrypted data in this music file and won't decrypt it for us.

Defense: Can you explain to us how you can tell?

FBI: No, that's classified. Besides, you'd need an advanced degree in statistics to understand.

Defense: So anyone who emails a multimedia file can be accused by you of illegal encryption, and we're supposed to convict just on your say-so, without any explanation of the evidence?

FBI: Ummm....yeah.

They way I see it, it could only work one way....

[linuxrunner]

Most the simple encryption methods use the actual "key" as the encryption method. I have always felt that this was the safest, making sure there was no back door into the program.

To do what the government wants, the program would have to be set up differently... The back door would have to be purposely placed into the code.... and that person would have to know the backdoor. (not very safe .... word of mouth goes a long ways.) Basically, the whole point of encryption would be worthless, and no one would use it, unless they programmed it themselves. The code is out there. I can do it, most of you can do it. We can code good encryption in just-about any fourth generation programming language, including some scripting languages like perl. You can never stop that. You can pass laws and try....., Like DMCA or the RIAA trying to stop file sharing.... but you can never, never get it all.

Those who have a reason to encrypt, will encrypt. And they will encrypt effectively.

Linuxrunner

Visit my site: http://www.mcarterbrown.com because its cool!

Re:The main problem with DES (Re:Take a look at DE

[(codic)]

The original Lucifer key size was 128-bits, but who's counting? I didn't mention this previously, since it really doesn't have anything to do with a trap door, though it is worthy of speculation. I've always assumed it was to keep speed up and the cost of hardware implementations down since, afterall, this was intended for widespread non-military use.

The record for brute forcing DES is, IIRC, 22 hours and 15 minutes (this was done in some RSA challenge or other), and at that, only recently. I personally feel that it is highly unlikely that the NSA had the facilities to crack the algorithm in any useful amount of time back in the 1970s when the system was adopted. But this isn't the point, either.

Any algorithm can be brute forced. DES uses small keys, so brute forcing it really isn't that hard, which is it's main weakness today. Modern algorithms (like most of the AES finalists) use (or have the ability to use) stronger keys. A true "backdoor" in a cryptosystem would secretly weaken the algorithm to make it many, many times easier to find the key than brute force. Special S-boxes could accomplish this. Something in the algorithm that canceled out most of the key, reducing the effective key length. Something in the algorithm that left traces of the plain text in an easily extractable form in the cipher text. Those are backdoors.

It's already been done for PGP ...

see http://www.cert.org/advisories/CA-2000-18.html

due to a 'bug' pgp can silently encrpt with a second key!

Already Done

[CrazySailor]

IBM/Lotus, in order to be able to export Notes with encryption, inserted a method that separately encrypted 40 odd bits of the key with an IBM-only key. End users had full keys, IBM could recover 40 bits, TLAs sould have to brute-force the rest of the key. An interesting compromise.

Re:Here's what I said to my political representati

[Marcus+Brody]

This man deserves to be modded up to 5:

Because, unlike the rest of us, he actually got up off his ass and sent the letter to his representative rather then just rambling on at slashodt.

Nice one!

Wrong!

All you have to do with an encrypted
file, then, is to 4-bit encode it so
it expands to 2x and will statistically
compress to nearly it's original size.

Better cat, better mouse...

The first Ayn Rand Quote....

That ever made sense to me,
amazing

Re:Exterminate Trolls. Destroy All Sporks

[A+Clockwork+Orange]

I don't like monkeys like that. I never even implied that I did. I think that reveals who the reveals who the real pervert is. It's been scientifically proven(tm) that monkeys are funny. If a joke isn't funny add a monkey....story isn't interesting...add a monkey.