Slashdot Mirror
Blaming Encryption
EisPick writes: "Just as a previous generation wrestled with whether or not to blame physicists for The Bomb, there are some misguided folks who are blaming Phil Zimmermann for the ability of terrorists to communicate confidentially. He tells the Washington Post, 'It has been a horrific few days.'" Meanwhile, John Gilmore has posted far and wide a call to mirror encryption code outside the United States, since export regulations are making a comeback.
Eventually we might have some tech savvy politicians....(you know, in the next 150 some odd years)
I'm a complete newbie to encryption. I've never bothered to encrypt my e-mail before for the usual reasons -- the people I'm mailing don't have decryption tools, nothing I send would be of any importance to anyone except us, and so on.
But with the iron hammer of legislation threatening to come down, I think I'd better download an open source encryption package ASAP before they get banned.
So for folks who are keenly following this situation but not sure what the next step is... what's the most commonly used Win9x compatable pacakge I can grab? I'd like to make sure I meet community standards and not start employing some backwoods, obscure encryption system.
(Of course, once it gets banned, I'll be using contraband... and hopefully 'not having anything of importance' will be enough to keep me out of the spooks' watchful carnivores.)
They should hate Boeing, too, then, and the construction engineers who figured out how to build a 100-story building.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Is there actually any evidence that the terrorists used public key cryptography to plan the attack on the World Trade Center?
Just wondering, because I haven't seen any reports with that sort of detail in.
And in the millions of peices of mail that go through the postal system, you think they'll know which ones carry terrorist information and which ones don't? Are we going to demand that the postal service open and read each and every mail? Encryption can be broken, it just takes a lot of equipement and possibly time. Besides, I believe even wiretap regulations require that two of the three involved parties give their consent (carrier, sender, recipient), and there are devices that are much closer to a wiretap than forcing all users to conduct their business in the open clear of the safety of encryption.
Currently, I tend to feel SAFER buying stuff online from trusted merchants with my credit card than giving it to someone who works in a store. Most online merchants destroy your credit card number after it's no longer needed, and keep only minimal records of it (4 first or last numbers). Compared to bricks-and-mortar shopping, where the store makes one or two copies for itself and one copy for you to lose, with 'customers' behind you that can look over your shoulder because of poor handling of the card, it makes me feel nervous. However, if you take away encryption from the equation, all bets are off, since a packet may travel through dozens of systems and routers before being recieved by the vendor you're trying to buy from.
How much freedom are you willing to sacrifice in order to gain safety? To me, the benefits that society gains from encryption far outweigh the evils that can be done with it. Besides the fact that if they're already criminals, do you think they'll have any qualms about using 'illegal' encryption products? You'll only stop stupid ones, and they're rarely the ones that do the most damage. I'm glad to be living in Canada on this point -- there's never been any plans to stop private citizens from using or exporting encryption, with the exception of those products imported from the United States that employed 'high-grade' encryption that was banned from export from the United States. Why do you suppose the OpenBSD project, which uses encryption where ever possible, is based in Canada?
Look here.
The official, who is heading up the cyber-portion of the investigation, told reporters the bureau had obtained hundreds of unencrypted e-mail messages exchanged by the hijackers and their associates, dating as far back as 30 to 45 days prior to the Sept. 11 attacks.
mp3's are only for those with bad memories
While it makes a convienient analogy, comparing the bomb to crypto is wrong. The bomb's ONLY purpose was for mass destruction, while crypto can be used for great good as well as nefarious purposes.
Why not blame Turing, Watson, Gates, Jobs, Berry, Cray, Zuse or Babbage?
I'm sure they are just as responsible for this as Zimmermann is.
I suspect that some ancient cave man sharpened a piece of flint, affixed it to a stout stick, and his fellows used it to improve their hunting methods.
Then some sick bastard took the stick and used it for evil purposes. I betcha this happened then. It's happening now. It will happen again. Doesn't mean we should be blaming the inventor or the tool. Blame those responsible.
Didnt they? Actually tell everybody that there was no encrytion involved only plain old mails? in this yahoostory?
Somehow I had the impression that all these terrorists actually lived *in* the US. Not that I expect the government to recognize that...
Sig ?
That wasn't the guy who invented the protocol that was used....
--- begin secret encrypted text ---
Vg jnf gur thl jub vairagrq ebg13
--- end secret encrypted text ---
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
How did Americans actually get the idea that American cryptography is the only possibility for terrorists to communicate in a secure way?
Russians had (and still do have) their own cryptographic algorithms, as do Germans, Australians, Italians. I mean, what's the difference? Do export regulations really make that much of a difference?
Sadly a typical knee jerk reaction. its not like the organisers of these attrocities would be posting "lets fly a plane into a building" e-mails.
Coded messages would be as unfathomable to "the authorities" as any encryption but encryption now seems to be the scapegoat for the 11th.
Personally, I'd put lax security (just a random yahooed example) at the top of the list.
Get the EULA T-shirt
Everyday, all over the world crimes are being commited with the use of everyday tools and technologies. He isn't probably alive anymore, but do you see the inventor of the cigarette lighter crying because every day his invention is being used to ligth millions of cigarettes, causing illness and death for thousands of people? Bottom line is that almost every tool can be used for good and for evil. All in all I don't think that it isn't any good feeling bad about what few people think about this technology. I think PGP has done an a lot of good as well. So it is really the balance between the good and the evil use that counts.
If this article at the BBC is anything to by then the terrorists never even used encryption simply because it ran the possibility of sticking out like a sore thumb. Once again the only people who are likely to suffer from encryption back doors et al. is Joe public when the crackers find them.
Why use technology when nobody is looking at the plain and simple stuff? Looks like KISS works to the advantage of terrorists as well.
Jumpstart the tartan drive.
The principles allowing the creation of strong encryption are fundamental and simple enough that if it were not available freely it could be developed with minimal expense by anyone who wanted it. If it had been kept from the ordinary citizen the terrorist would still have it.
It Is the Nature of Information to Transgress Artificial Boundaries
Theo? I always wondered what he did after the Cosby show.
When asked where to go for great crpto code, a promenent expert (who's name escapes me) said "Anywhere but the US"
Why would the US cripple itself at a time like this!
mod me down if you want, but this is total bullshit. it's like blaming the inventor of the wheel for death caused by traffic accidents.
if you want to blame someone, blame the government organizations for not keeping abreast of bin laden's plans.
-teknopurge
Website Hosting
"We must give up some of our freedoms to help combat terrorism."
The predictable words -- and actions -- are beginning to spew from political, military, and law enforcement officials and their supporters. For safety, for security, for the greater good, they somberly tell us, we must comply with their agendas. To be protected from terrorism we must submit to more restrictions -- on our ability to travel, our freedom from arbitrary searches, on the privacy of our communications, on our right to bear arms, on our ability to conduct business hidden from the prying eyes of government.
Sen. Judd Gregg (R-New Hampshire) has called for a global prohibition on encryption products without backdoors for government surveillance.
Travel regulators have banned knives on planes. (Does this mean even the pilots can't protect themselves and passengers against hijackers?)
ISPs who were reluctant to cooperate with the FBI's invasive Carnivore program are now rushing to comply.
The Senate has, in the wake of Black Tuesday, voted to increase the FBI's authority to tap the phones of anyone suspected of terrorism. As we've seen by all these other random restrictions, we are ALL suspects in the eyes of the U.S. government.
Perhaps most ominously of all, the Washington Post quoted House Democrat Leader Richard Gephardt (D-MO) as making the self-contradictory, but entirely predictable statement, "We're in a new world where we have to rebalance freedom and security. We can't take away people's civil liberties . . . but we're not going to have all the openness and freedom we have had." The Post then went on to describe how every war or crisis of the last 100 years has been use to increase government power -- often in the most draconian ways. More Data Here Freelance supporters of the Surveillance State are rushing to urge everyone to comply. One liberal talk show host responded to callers who complained that Big Brother policies at airports were a problem, "Big Brother is the only thing holding us together!"
He offered no evidence to show how Big Brother made us safe on Tuesday, September 11.
WE MUST THINK FREE, NOT PATRIOTICALLY JERK OUR KNEES
Soon we may be at war. And as always at such times, we'll be expected to "pull together," "do what our leaders tell us is necessary," and sacrifice more freedom in the name of "safety and security" or patriotism. And, as the reality of the Day of Horror seeps in, who doesn't feel an urge to strike back, to "get behind our government," to "show those murdering bastards they can't push Americans around," and to "do whatever it takes to defend the greatest country on earth"? -- even if that means sacrificing individual liberty to "the cause."
Whatever happens from here on out, we need to remember that Big Brother is NOT holding us together -- that he never can and never will. We must remember that the kind of restrictions on the liberties of ordinary Americans that were entirely ineffective in preventing the attacks of Tuesday, September 11, 2001 will not magically prevent future attacks merely because their severity is increased.
What did all of Big Brother's efforts do to prevent Tuesday's slaughter? The violations of freedom we've already been subjected to in the name of safety -- airport x-rays, ID checks, disarmament, body searches, and the whole gamut -- became a sick a joke when the day arrived that we needed them to protect the country against the world's worst criminals. In fact, Daniel Pipes of the Wall Street Journal was quick to point out how the government's reliance on mass eavesdropping and tracking actually diverted resources from more effective anti-terrorism methods, such as actually studying and infiltrating genuine terrorist groups.
Yet now the government proposes a giant national effort to do more of the same -- to impose more ineffective, wasteful, and oppressive mass surveillance and restrictions.
New restrictions on the freedoms of non-violent people will do nothing to make America or the world safer. They'll make us less safe, as well as less free.
There are at least two reasons for this.
The first is that more restrictions, and more power placed in the hands of government, will simply, in the long run, create more rage and therefore more desire to strike violently. (As we also saw, some restrictions, like those that forbid armed citizens on planes, also make it harder for Americans to protect themselves and their country.)
The second is something we observed, tragically, though cell phone calls from four doomed, hijacked planes: the fatal passivity and dependence that seems to be becoming the norm in American behavior.
THE PASSIVE, UNTHINKING AMERICAN
It appears now that a handful of heroic passengers on one flight, having learned via telephone that two other hijacked planes had already smashed into the World Trade Center, decided not to allow themselves to be used as weapons of war. These passengers on United Flight 93 attacked the hijackers who were in control of the plane. Doomed in any case, they ended up dying in the woods and fields of rural Pennsylvania, rather than passively allowing their captors to get away with an even more horrendous mass murder.
We also know that, on at least one other flight --American Airlines Flight 77, which smashed into the Pentagon -- passenger Barbara Olson learned from her husband, U.S. Solicitor General Theodore Olson, of the World Trade Center catastrophe. During two separate calls, Mrs. Olson (a well- known author and conservative television commentator) asked her husband what the pilot -- standing next to her in the back of the plane -- should do.
Picture that. Passengers and crew have been herded -- and note that word well, herded -- to the back of the plane. Even the pilot, the leader, the chief decision-maker, does nothing. Can't think what do to. Can't act. Instead of attempting to save their own lives and the lives of others on the ground, what do they do? They expect a federal government official to make the decision for them. THE EVIDENCE SAYS THAT THESE PEOPLE DIDN'T EVEN FEEL EMPOWERED TO DEFEND THEIR OWN LIVES WITHOUT FIRST ASKING THE ADVICE OR PERMISSION OF WASHINGTON, D.C..
And why should we have expected otherwise? Americans have been told repeatedly never to resist crime, always to submit to any demand a thug makes of them. Always go along -- for safety's sake. Go along in order to avoid angering the criminal. We've been told always to submit, as well, to any demand made by anyone who appears to be "in charge." These people on Flight 77 -- and presumably on two of the other flights -- were apparently so paralyzed by their conditioning that they couldn't assert themselves even when the alternative was certain death.
Even as pathetically disarmed as they were, they could have battered the hijackers with their briefcases, with their shoes, their purses. They could have overwhelmed them with sheer numbers of bodies. They could have gouged at their eyes with fingers or car keys. Could have knocked them unconscious with luggage from the overhead racks. Could have tripped them, stomped on them, tied them up with cords from audio headsets.
But except on United Flight 93, they apparently did nothing. And so three planes flew, sure and true, into the heart of three American landmarks, slaughtering thousands.
THE ONLY TRUE SECURITY MEASURE: A BILL OF RIGHTS CULTURE
We must take back America as a country. We must make it free and independent again -- no longer the would-be ruler of its own people, and no longer playing at being the world's supercop. Only by doing that will earn the world's peace and respect.
We must take our own individual lives and independent spirits back from would-be rulers and criminals, as well.
If we consent, passively, to give up more freedoms -- even "temporarily," or "as an emergency measure" -- we'll be doing the opposite. We'll be less safe, less free.
To restore American freedom and personal courage, we must restore the Bill of Rights -- in our country and in our hearts and minds. If we understand the Bill of Rights, we'll understand what we're fighting for -- and why. If we let it slip away what's left won't be worth fighting for.
This means not merely having an intellectual or legal understanding of the Bill of Rights. This means not merely memorizing the Bill of Rights or teaching it to our children. This means understanding the concepts of individual liberty that underlie the Bill of Rights -- then living those concepts, breathing them, eating the, dreaming them, holding them as the most central values of our lives, in the same place we hold our beliefs in the diety, or our dedication to our families, or to truth or justice.
We must behave as free people, expect and encourage others to behave as free people -- and have zero tolerance for anyone who abuses freedom or uses his authority to violate the Bill of Rights.
If there ever was a time in history to get behind the Bill of Rights and promote it, it is now. If we yield to this mushy thinking that the road to freedom and safety lies in GIVING UP freedom and the Bill of Rights, then we might as well bow down in defeat right now.
If we don't defend our rights, we'll have no rights. If we don't defend ourselves, our family members, and our fellow citizens -- AND defend their freedoms -- then our lives will be no more valuable than those of cattle and sheep. And the America we end up with won't be the America we thought we were fighting for.
If you want to be a passive herd beast -- obey whatever the authority of the moment, be that a bureaucrat or a hijacker, tells you to do. Listen to their lies about "safety and security" and obey, obey, obey.
But If you truly want to combat terrorism or terror-war, learn the Bill of Rights, teach the Bill of Rights, and enforce the Bill of Rights with every action of your life.
FIGHT BACK WITH THE BILL OF RIGHTS.
The Liberty Crew Jews For The Preservation of Firearms Ownership, Inc.
I believe Juanita
"If using encryption becomes criminal, only criminals will use encryption."
Let's have a little perspective check here. If using solid, uncompromised encryption becomes illegal, how does this stop terrorists from using it? Gee, I guess terrorists best upgrade so the government has a backdoor to their communication. They wouldn't want to do anything illegal, now would they?
-WetDog
I think we should attack this from a different angle. Congress is in a position now where they're willing to suspend civil liberties in this war... we may have to accept that for now. Decisions have already been made, and will continue to be made, that will have a serious impact on our privacy and personal freedoms. Cries of first ammendment rights aren't going to cut it; the people have already spoken.
But businesses, businesses that already pretty much drive american politics anyway, will not be ignored. For the first time in my life, I find that big business may be an ALLY against reactive crypto regulations. IBM, MS, AT&T, etc, may be able to convince congress that they need strong crypto in order to conduct secure business.
Other allies may include the RIAA and MPAA, who are investigating the use of cryptography for secure digital formats. It was the ridiculous crypto laws of the early 90's, after all, that led to the weak encryption used in DVDs that was eventually cracked.
So I suggest not writing to your congressmen, but to your business leaders. Perhaps THEY, who have a stronger voice than most individual americans, can convince the government that good crytpo is a necessity.
-- Minds are like parachutes... they work best when open.
This post is encrypted using a highly advanced algorithm and unbreakable 2Gb key that produces a encrypted, but readable text message.
Only outlaws will have crypto.
--"Karma is justice without the satisfaction"
is a lobby as effective as the NRA or insurance agencies. The problem we have is that the groups who are interested in protecting the rights of geeks are usually not ones with deep pockets.
I think we need to put more support behind the EFF, and a lot more money. Start having conventions in Washington and paying lobbyists to pay visits to representatives and appear on the talk shows. We geeks do a great job of getting the word out to other geeks, but stall a bit when communicating to the non-geek world.
I mean, these terrorists didn't even use guns. They used non-metallic knives, or utility knives. They used probably hollow threats that certain packages were bombs. They abused the trust of our public that if you comply with the hijackers, you have little reason to fear.
They abused every social loophole possible to carry out these attacks. You don't need crypto to hijack a plane with tools like those.
Yet so many are convinced that crypto is partly to blame. I truly hope MSNBC's poll is badly skewed.
Go Lakers!
If the US makes strong encryption illegal, only the criminals will use strong encryption, while the everyday Joe can't protect his business e-mail.
The same thing will probobally happen, like what happened with guns. "Guns are bad, M'Kay..", or so they think. But the problem isn't the gun, it's the user of the gun. The everyday Joe who has a shotgun in his house (properly locked up from his kids of course) is not likely to get screwed around with by a burgler. Especially if it's advertised he is armed.
Let the encryption be free, and attack the real problem, the criminals themselves.
Besides, like it's been mentioned before, criminals who don't use the phone, send e-mail, or use any electronic communication have a lot of security right there. They don't need the hard encryption if the message is never intercepted.
The acts of 9/11 are no more the fault of Phil Zimmermann than of Boeing or Stanley Tools. Airplanes don't kill people, terrorists kill people. If PZ is to be crusified because he builds a tool that can be applied to a terrorist's cause, then any manufacturer of any product is similarly guilty. Stanley makes utility knives with blades substantially shorter than four inches - the prior standard of what could be carried aboard a flight. Is Stanley Tools guilty of supporting the terrorists? What about Cross pens? Did the terrorists ever write notes to each other? Is Eberhard Faber suddenly a terrorist supporter because they manufacture pencils?
One of the essential elements of the crime of conspiracy is that there must be an "overt act taken in furtherance of the conspiracy." The act need not be an illegal act per se, it only needs to further, in some way, the ends of the conspiracy. Simply because PZ published a very useful product does not make him a co-conspirator any more than Boeing is because it manufactured the aircraft used to kill thousands of innocent people. Believe it or not, airplanes are still very useful products.
Bin Laden and company are better known for using steganography. There's no indication that they use PGP in email; apparently their favorite method is to get free websites at e.g. GeoCities and embed messages in image files.
For the last week I've been feeling the same way: "Why do we have to blame someone?". "Why do we have to point a guilty to be jailed and executed?"
The terrorist attack seems to me like if a child in the neighborhood have broken a 7' tall glass in your house. Tell me, what can we do about this?
We are not even sure about who has done it. Ok, there are some evidences, but we are not sure (yet). So, what can we do?
Maybe is that boy who always find some troble aroud the neighborhood, we go to his parents house and ask them to do something. What can they do? They'll tell you that you must first prove that he did such a thing.
After a weed or two, we have already changed the glass, you dog that almost died due to the 'accident' is ok now. What would we do? Throw a stone in the neighbor house?
And if you start having trouble with the problematic parents, nobody in the neighborhood will like it.
Let's think about it. Let's discuss about it. Maybe we can find the right thing to do.
-=-=-=-=
I know life isn't fair, but why can't it ever be un-fair in MY favor!?
Does it mean that I can send hatemail to Boeing for making 757 and 767 because they were used as weapons?
How about sueing MS because the terrorists communicated through cybercafes in Pakistan, which probably ran Windows?
This isn't stopping those who would restrict our use of crypto, however. Idiots.
sulli
RTFJ.
When large numbers of our own citizens start to blame privacy for this act, the terrorists are already winning. I have heard talk of requiring back doors in all encryption software and routine scanning of all e-mail.
Let's look at what else might have enabled the terrorists:
1. Freedom to assemble in private.
2. Ability for private individuals to get pilot training.
3. Protection from random searches of homes.
4. Laws against descrimination based on race, religion, or national origin.
Are we take legislative action on those things next? I think that our country needs to stop, take a collective deep breath, and recognize what makes this country worth fighting for. If we take away the very freedoms that define America in order to make people feel safer, the terrorists will have struck a more crushing blow against us than I would ever have imagined possible.
So, would the person who wrote the e-mail quoted in this article have written the Wright Brothers too for inventing the airplane if they were still alive?
I think it's funny that the same law makers that claim that restricting guns would mean that only the criminals would have them are now supporting restrictions on encryption. Do they really think that this would not have happened or that intelligence officials would have known about the attacks if the Government had their magical back door? I'll still be installing back-doorless encryption on my box, US law or no, and I assure you that foreign terrorists will too.
And of course airplanes.
And postal service.
And other vehicles.
And electricity.
Books, pencils and paper.
And all the technology that's been invented in past 10000 years.
And by banning all personal freedom. No, banning encryption is clearly giving in for the terrorists. Their goal is to restrict our choices and our freedom. Ban encryption and they have attained part of their goals.
It's very simple and clear that terrorists can do the same as intelligence services have been doing forever: using totally unbreakable one time pads, such as carefully selected phrases that sound totally innocent, but which have secretly agreed other meaning.
WTC accident is *NOT* encryption's or Phil Zimmermann's fault.
It is trivial for terrorists to get strong crypto code. Once they have it they have it for good. Escrows are useless. Unless the NSA secretly knows of weaknesses in certain algorithms they aren't going to break anything encrypted with 128 bits (not by brute force anyway).
Perhaps they know of implementation weaknesses in popular crypto software which can make their taks "feasible".
If I were a terrorist (I'm not) I would be wary of downloading any crypto package without source now. Who knows if back doors are installed?
Intelligence is the core of any campaign. Previous successes, as in WW2, in part depended upon the successes of code breakers. That may not work now. What messages can they crack?
I hope we have an ace up our sleeve that is not obvious to anyone!
Don't you think that everyone is being just a bit too paranoid? If anything, stronger encryption should be sought after by the goverment, instead of banning it or requiring back doors. You would think that it would be obvious to anyone that opening back doors in anything can do more harm than good (I wouldn't want a back door in encrypted tax information being sent, that is for sure!).
Also, I don't think that encryption development can be banned totally. The US relies on encryption too heavily, and I don't think the business sector will allow such a threat to their transactions to exist for long. Ending strong encryption would be detrimental to all of the US leading industries, and hurt the US economy even more, as other nations' industries, either actively or passively, could and probably would find a way to use this gaping hole in security for their purposes.
The whole argment just seems like a contradiction to all the talk of increasing security everywhere. What good is it to beef up manpower if terrorists can break communications poorly encrypted?
Of course the suspected criminals could be jailed for using "illegal" encryption but that hardly makes up for the fact that all law abiding people no longer can use real encryption.
What is it they say, "When encryption is outlawed, only outlaws will have encryption".
"Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."
Zimmerman's hate e-mail told him "I hope you can sleep at night with the blood of 5,000 people on your hands." This person must be privy to proof that hasn't been released to the rest of us. But much more importantly, I hope that person sent an even stronger e-mail to every employee of American and United Airlines. And to all the service employees of several airports which were involved. And, hmmm, let's see, oh yes... also to everyone who works for companies who manufacture knives and box-cutters. And to all recent US sentors who have rejected spending more of the billions collected in air travel taxes on airport security rather than balancing the budget. There's probably a few thousand other people that are implicated before Phil Zimmerman.
the problem with this being discussed here is that everyone that reads slashdot is already a step (at least) more tech savvy than the usual joe user out there, and/or the average lawmaker.
basically it doesn't matter if we go on and on here about how it is wrong - it might make us feel good to all praise each other and pat each other on the back for good points, and point fingers at the idiots - but when it is all said and done, some dumbfuck in congress will have far more power with far less knowledge as to why one wants/needs it.
and then there is the conspiracy theory where they are taking advatage of this opportunity to do what they've wanted all along. they are out to get you, and your porn collection. (although I do feel that the whole anti-porn crusade that is/was on the net comes largely from the goverment wanting control over the net to tax it and such, and the dipshit religious right is so strong in the gov't and in america in general that porn is an easy target to get people behind them - this whole encryption thing is similar with the terrorists - doubtful they acutally did the act, but perhaps are taking advatage of it)
There are some odd things afoot now, in the Villa Straylight.
Last I checked, New Hampshire's State slogan is "live free or die." His latest demands on encryption are pretty hypocritical, dontcha think?
Why stop there? Why not blame the guy who created the HTML format. Or blame the US gov for developing Arpanet. Or Turing?
The word `algorithm` comes from an Arabian guy a long time ago...perhaps this will be used as an excuse too? Wouldnt be too suprised...
Steganography (information hidding, as in using unused bits in an image file) make the target almost impossible to hit anyway, regardless of whether the message was sent as an email or not
Don't forget that using massive "one-time pads" where there is virtually no discernable pattern are virtually impossible to break -- imagine taking a picture of yourself with the remote recipient -- give them a copy of the file on a floppy, and then xor all your communication with that person against that image file -- the key as it were, can be larger than the document itself.
Even Bruce Schneier of Counterpane agrees that Bin Laden is more than likely just using old-fashioned spoken word to direct his network. He is somewhat of a religious leader, and its pretty clear what his "will" is, so doing things within the bounds of that "end goal" can be done without really centralized management.
Think of the POPE -- and the catholics -- the Pope gives a speech, calling on the catholics to do X -- the goal is well known, but the pope doesn't tell the "how it gets accomplished"
Old age and treachery almost always overcome youth and skill.
Please, I can't believe that people actually believe that everyone who's involved in any tool the terrorists used is actually guilty of anything.
People who would more guilty than Phil;
- The manufacturers of the knifes and box-cutters.
- The airplane manufacturers.
- The printers of the airplane manuals in Arabic.
- The people who produced the food for the terrorists last meal.
Guilty by association? This is more like guilty by living in the same world.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
If ya ask me, the sp00ks staged the whole damn thing to give them a plausible reason to suspend civil liberties.
I'm telling you it's a fucking conspiracy....start stockpiling food, water, and ammo now if you know what's good for you.
What is the government going to do, ban Solataire and say that a pack of cards is "a weapon of mass descruction"?
Please see Cryptonomicon and Bruce Schreiner's playing card based strong encryption scheme.
An open letter to any criminals/terrorists..
Dear Mad Evil B@stards.
You are hearby orderd by a government
you probably say you don't recognize to
upgrade your cryptography software to V.1.1
with new added BackDoor(TM) technology.
If you do this in the next 30 days
you will recieve free support
on 1-800-GETREAL.
The only people the back doors will effect are law abiding citizens who governments shouldn't have much right to nosey in on what they are doing. The argument for back doors would have been relevant before the technology was released to the public. Now my friends (IMHO) it is too late. Non-back-door crypto is out there and to try and put it back would be akin to trying to placing the flatulence that come Katzs every orrifice back into his body.
Honestly, we all know that allowing crypto backdoors isn't going to help. As with cell phone, those with malicious intent STOPPED using them as soon as they realized they could be traced.
Every attempt the authorities make to stop communication will just yield a new method of communication. Are they going to ban snail mail? Couriers? Talking?
I think it's good that serious incidents cause people to think about the state of how we work, and take a good look at how things could be made better. I just hope that we don't go overboard because we're scared -- it won't make us any safer.
...is double ROT-13
You can grab PGP (Pretty Good Protection) from the following sites.
http://www.pgpi.com
http://web.mit.edu/network/pgp.html
http://www.pgp.com
In light of the latest discussions on backdoors in crypto, this may also be of interest. An excerpt from Phil when he left NAI regarding the state of the closed code on PGP (full text here for those that want more info: http://www.pgpi.org/files/PRZquitsNAI.txt):
"Let me assure all PGP users that all versions of PGP produced by NAI, and PGP Security, a division of NAI, up to and including the current (January 2001) release, PGP 7.0.3, are free of back doors. In all previous releases, up through PGP 6.5.8, this has been proven by the release of complete source code for public peer review. New senior management assumed control of PGP Security in the final months of 2000, and decided to reduce how much PGP source code they would publish. If NAI ever publishes the complete PGP 7.0.3 source code, I am confident that the public will be able to see that there are still no back doors. Until that time, I can offer only my own assurances that this version of PGP was developed on my watch, and has no back doors. In fact, I believe it to be the most secure version of PGP produced to date."
If we do this, use of encryption could be protected under freedom of religion. It's like praying, going to a Mosque, etc.
You're coming under attack for your decision to provide strong crypto to the general public. Please do not falter. There is a definite need for this sort of thing and the fact that it might be misused is no reason to ban it.
Cars can be used to run over people. Hammers can be used to hit people. I don't think I need to mention guns. There are lots of things out there that can be used counter to their original purpose. I think in the coming age strong crypto at a personal level will be very important.
There will always be people who blame the inventors for some of the uses their inventions are put. Some people blame Einstein for the devastation of Hiroshima & Nagasaki. Is Einstein really at fault? If someone dies in a car crash, who should be blamed - Ford? Benz? Should the Wright brothers be partly held to blame for the events of September 11th?
Just because your tool was possibly used in a bad way doesn't make you guilty. If it's any comfort, since there is so much talk about heroes lately, know that you are one of MY heroes. I remember the early USENET discussions and your original profile in Wired. I've always thought that if I had more ability in math, I would've liked to be like you.
Please know that for many of us, you are not a bad guy by any stretch of the imagination, and for a few of us, you are one of the really good guys.
Thanks for listening.
www.gpg.org
www.winpt.org
Get the latest of both.
WinPT is an easy to use Windows front end to the GPG command line. It acts on the clipboard and lives in the Windows tray.
Select text, copy, click on winpt, encrypt clipboard, paste into document/email/news post etc.
Easy.
Deleted
Reading the paper and scanning the web for news, most of what these guys did was without any encryption at all, they even used public libraries for e-mail access.
The fact that simple methods of encryption, use of public phones and free access, or steering away from traceable tech works pretty well, it's like trying to kill ants with a hammer. Like attacking Afghanistan will be.
A feeling of having made the same mistake before: Deja Foobar
... I blame their parents for manufacturing these humans. Obviously, they were defective and turned bad.
Does anyone have a preprepared tarball of a veritable shiteload of encryption utilities -- ie everything you could possibly want, ssh, gpg, etc. I think somebody should create a tarball that we can mirror around, all the same, everywhere. And I'm too lazy to go create it myself, as I've already got a website up with a couple tools.
Just wait until I get my hands on the guy who invented Farsi. Those damn terrorists use this "encryption technology" as well, and not many in the U.S. government can break it! I even heard an announcement the other night where they were asking for supreme encryption experts known as "Farsi Speakers" to come in and help them decrypt this complicated technology!
"And like that
Most digital media that is 'secured' uses encryption. This encryption would require a backdoor. This backdoor could be used to circumvent those protection measures. Since the backdoor would be part of the protection itself, using the protection scheme would be a violation of the DMCA.
Until quantum computing comes around, there will always be methods to encrypt securely. Hell, these terrorists probably have already made their own encrypted mail client. I'm pretty sure that they would *not* put a back door in there for the sake of meeting US encryption guidelines.
The bottom line is that we need quantum computing to decrypt anything and everything.
Life is the leading cause of death in America.
This is absolutely asinine. Is anyone shouting for
the banning of box cutters? How about banning airplanes?
Those, too, were tools that we used for evil.
Do we see Congress trying to ban guns? But THOUSANDS
are killed every YEAR by them? Or, could it be it's not the
guns, but it's the people who USE THEM.
The reason that encryption is being singled out is
that, unlike the gun lobby, there is no large and
well-funded group out there to "persuade"
(read: buy) Congress that it's the people they
should go after, not the tools.
It really is sad how uninformed our elected officals can be when it comes to technology (or any kind of tool for that matter, just look at how well all the gun laws have worked to prevent criminals from using them).
They don't understand that restrictions will only effect commerce and privacy. They will weaken my link to my bank, broker, partners in business, etc. It is obvious to any thinking person that restrictions on encryption will only be obeyed by law-abiding people not by criminals, who by definition do not obey the law!
It will also create a new class of criminal, along the lines of what the DCMA has done to programmers. I will be a criminal if they pass some of these laws -- not because I have commited a criminal act or plotted a crime, but because I use a piece of software that doesn't conform to Government imposed insanity.
Is this what a free country is about? No. Liberty and Freedom come first, not security or a police state. The burden is upon the government and law enforcement to work within the frame work of Liberty to do the best job they can, not to restrict our Freedom and Liberty to make their job easier.
I will NOT give up Liberty for Security. Life is not safe, and freedom has its price as well as its rewards. I am willing to accept that price. Are you?
Remember Lexington Green!
While the replies to this thread are all sarcastic and full of self-righteous indignation, let's not forget that a big part of why the US and its allies won World War II was the fact that we were able to break the enemy's encryption like the German Enigma -- and that they were unable to break ours.
We're all yelling and screaming about "what's next", taking away "more of our freedoms" and such like. Someone raised the point that the freedom to assemble in private, to learn to fly aircraft, to be free from random searches of houses, were also contributing factors to these terrorist acts. The problem is, if the government was able to monitor communications, restrictions on those activities wouldn't even be talked about -- the activities themselves are innocuous, but in the right combination they could indicate something sinister. This is the reason that people buying huge quantities of nitrogen-rich fertilizer are monitored because of its bomb making potential.
I'm not advocating "back doors" in encryption products, mainly because it's too late for those to be useful when perfectly effective encryption is already out there for terrorists and anyone else to use. But the fact remains that the ability of people to unbreakably encrypt their grocery lists does have consequences beyond merely ensuring their privacy.
Technology is not good or evil. It is the use of the technology which can be evil. I think it was Karl Marx who said that root cause is usually socio-economic inequality and stratification.
The article says Zimmerman struggled with how to respond to that one hate e-mail for an entire day... Hell, I read just a few sentences of it and immediately knew how to respond.
F U, you short sighted moron
Fire a great tool for cooking meat, keeping people warm, This tool allowed man to descover areas of the world where they were not able to survive before.
Fire a Horable Wepon. Used threw out the ages to burn down vilages and destroy.
Weel a great tool for moving things back and forth. It increase the human capasity to move large objects long distances.
Well a horable wepon. Used to Move large guns and troops many locations which were once considered unaccessable.
Pen a great tool for easily comunicating with people at times that you are not there.
Pen an Evil wepon where it can be use for propaganda to brainwash the mindes of millions.
Feather Duster a great tool for removing dust from areas. Improving air quality and visability.
Feather Duster A weapon that can be used to extract information from indivuals by using the light touch to create a sience of odd feeling (Tickle) in the persons body which is tourture after extened periods. Also the feather duster can create much pain if thrown at a person with force.
Basicly every tool can be used for good and evil. To stop making tools because it can be used for evil will stop making tools that can make greater good.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
1. Does he think he's so smart that we wouldn't have effective encryption today if he hadn't invented PGP? Is he sure the terrorists used PGP? Arrogant to say the least.
2. Does Zimmermann really think if he had given the government a backdoor they would have been scanning all PGP packages on every computer everywhere and would have caught the terrorists.
So now he's having a teary breakdown. Pussy and idiot I think.
What is it they say, "When encryption is outlawed, only outlaws will have encryption".
I though it was "When encryption is outlawed, #$xp 4po+ xoO2 p;@H c#[) (tH/1 GXw2", though I might be wrong.
Given one hour to live, the student replied: "I'd spend it with professor FP who can make an hour seem like a lifetime."
I try to blame the tax-and-spend war on (some) drugs, and its consequent misallocation of justice system (including jail, court, and cop-on-the-street law enforcement) resources. It's not just hindsight, I've been predicting violence as a result of this skewed set of priorities for a while. The government even went on a shooting binge at some hippies in a marijuana legal camp recently, because they had a few guns (and weren't using them, until the feds came!). It's as if we're ignoring dangerous foreign terrorists to concentrate only on domestic threats.
Don't get me wrong, Eric Rudolf (the Olympic Park, and Abortion clinic, bomber) is a bad guy, but the expenditure on him probably exceeded foreign intel expenses on the Taliban, etc. I think only one thing's for sure, and that thing is that if this becomes an all out war, the price of heroin will fall (think Contras & cocaine flights, it ALWAYS happens this way). The oddsman so predicts.
odds
It's funny to see that a country allowing anyone to wear weapons (which can be used directly do harm to people) is afraid of the dangers of encryption. Isn't this weird?
The existance of encryption is irrelevant. In fact one of the most secure forms of electronic information is a handwritten fax.
Crypto is a tool, the crimes are committed by the people who use the tool - not by those who create the tool.
In the case of the Bomb, those responsible for the destruction caused by it are those that order it dropped - not the scientists that invented it.
If the US clamps down on encryption, there are several possible results:
1. It's already out there - assuming the current stuff can't be cracked easily for a while there will be no effect until it can.
2. It will stimulate development of crypto technology in the rest of the world. A unilateral crippling of crypto in the US will just cripple crypto in the US - not the world.
3. If crypto does become crippled worldwide, criminals will just revert to older methods of passing messages confidentially - using couriers, etc.
I worked on some open source crypto software some time ago & distributed it freely. Most of the people that requested a copy from me & used it were in places like Russia or South America where free speech doesn't have the same kind of protection it has in the Western world. I found this showed that there are good solid requirements for strong crypto in the world & we shouldn't allow the use of it by terrorists to diminish that.
Just like how they should feel guilty for inventing airplanes.
Got friends?
I don't see why people can blame Zimmerman in even a round about way for what happened. Yes something horrific has happened. This doesn't however make what was a good decision before(releasing the PGP) into a bad decision. Simply because somebody took something someone made and used it for evil does not make the tool or the tool's creator evil. In fact it has NO reflection on the creator at all. The hijackers are suspected to have used carpenter's knives as well. Are the manufacturer's of carpet knives somehow responsible as well? What about the flight schools that trained the terrorists? Blaming this people is irrational and should not be tolerated by people. We need to stand together here folks.
I love the smell of Karma in the morning
i don't think phil has anything more to feel guilty about than the folks who made the box cutters the hijackers used. i bet the engineers at boeing don't feel guilty for designing flying bombs. should the people who design cell phones feel guilty because people talking on them crash their cars?
btw i'm not an anonymous coward, i just forgot my password and i can't access my email now.
cryptozoologist
The following message was encrypted with one of the simplest cyphers known. I took the text and a random, non-repeating pad and used XOR between the ASCII values of the two. I then base64-encoded the result so that /. could display it (note, this last step is reversable trivially).
5 w+lAsIAozQt6OMUCji4E2BInB+
W QJ AOkNb1LHm60vNbR5uNyrYgkNPY
Let this string be the line in the sand. If this can be decrypted, THEN we should worry about encryption software. If it cannot be decrypted, then any high school student can do strong crypto in their bedroom with the calculator they got for free for signing up for a mall card, and this discussion is just about invading privacy and enabling government to spy on businesses.
du+27XAFml4uYuezNwvsewJpwj+AElF6ySV7vgXjtdoMIHYVT
tZHoDscCzdoV2VjlT9zPwJtdfbmHrt3wABqINnfrRbTRppr
FyzyfS+Gp+/L+w3u04A=
Had this debate popped up two years ago (one year ago, even) I'd have been more than supportive to the idea of keeping strong crypto etc...
After DMCA, cryptografic content protection, and other depressing news of this sort, I am not so sure that the advantages of keeping crypto in the market really outweigh the disadvantages.
It looks like all the sound and the fury is about a technology way too cumbersome for common Joes to use - with all the gain going to the corporate content behhemot du jour. So, why bother?
Consider that all the copy protection plans that will wrestle from us (the public) the control of our hardware, software and of electronically published media in general, hinge critically over the wide availability of strong encryption software and skills.
Cheers, alf
186,282 mi/s...not just a good idea
Galileo: "The Earth revolves around the Sun!"
Score: -1 100% Flamebait
Sorry, i think it's naive to blame encryption.
picture this: everubody starts using snailmail again, but this time in the volumes of e-mail.
this would be very good for the economy, but as a side-effect it's absolutely impossible for FBI and other privacy-invading institutions to read all the mail.
Or would you like someone to open all snail mail, read it, copy it and put it in an archive manually??
Privacy is terrorism.
Courtesy of the airlines who we all know are SO concerned with your security that they will actually pay someone minimum wage to put on a uniform and sit and pretend to look at a scanner! American and United might as well spare themselves some messy litigation and hand their companies over to the families of the victims.
You're using her as bait, Master!
In other words, if you use encrypted messages, you are more likely to be careless about what you say, then if you use unencrypted means.
Has anybody implicated the open source movement yet? After all, it IS un-American (or so the say).
The simple fact of that matter is that when peopel are distressed, depressed and overwhelmed with hate, anger and fear, fingers begin to get pointed.
If you recall the Colorado school masacre, you will remember the fact that the parents attempted to sue ID software for creating a game which, in their minds, influenced their children to go on a school masacre.
The situation here is very much the same, and Phil is now taking the blame. However, why stop there? Why not blame our roads for allows the terrorists for getting around? How about phones so they could reserve airline tickets and flight school courses? Why not blame computers as a whole for allowing the terrorists to communicate?
The truth is, people will hunt for a reason HOW. How was this allowed to happen? How could this have happened to ME? We resort to blaming others, whether it be the FBI, CIA or even someone like Phil Z.
Time will pass and people will begin to take notice of the real problems that allowed the terrorists to operate. Does Phil Z have the blood of 5000 people on his hands? Hardly.
To make a pun demonstrates the highest understanding of a language
Come on now! Yes I think we can acknowledge that most humans can use tools made by other humans but does that mean that the originator of said tools is somehow to blame for their use?
Should we blame the makers of carpet cutters for those terrible days too?
Furthermore I can't see anywhere in that article where there's anything more than *speculation* that PGP was used.
Is anyone else suspicious about the timing of this article and the one on MSNBC mentioning how the majority of the people think that cryptogrpahic "backdoors" might prevent other attacks?
I'd be tempted to think that somebody is attempting to use these horrible events to further a polictal agenda.
Mayhaps if the U$ were not so interested in supplying money and arms to any twit who gives lip service to supporting U$ aims-- making the world one vast McDonalds-- this discussion wouldn't be occuring (no, this is not a troll).
Would you like fries with that....
Let's see, we could also blame:
- The people who make knives / box knives.
- The people who trained the terrorists to fly.
- The people who sold the terrorists the plane tickets.
- The people who made the planes.
- The people who made the plane fuel.
- The people who made the WTC.
Yes this is stupid.
"He was a wise man who invented beer." -- Plato
The people who send hatemail are the same kind of persons who hijack planes and crash them to skyscrapers.
Phil Z. wrote software. Software is like any other tool. Even if PGP had been used, does he really think that the person who made the cardboard box cutter cries every day because of "5000 people's blood is in their hands". I think not.
So Phil, let it go. It was not your fault.
Sorry for the inflamitory subject line, but this kind of upsets me. If we are going to blame researchers for the misuse of their inventions then we may as well start with Boeing. One of the great modern problems it that the same technology that helps so many also can be misused.
I didn't vote for him then, and I've already written him to remind him what our state's motto is and to suggest that if this bill designed to impinge on our freedoms does manage to pass that he might want to look into alternative employment when election day rolls around.
Easy does it!
This comment has been submitted already, 276865 hours , 59 minutes ago. No need to try again.
It began, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."
[sarcasm]
Right on! How dare anyone give the victims of oppressive (and sometimes genocidal) US foreign policy a means to strike back at their oppressors!
[/sarcasm]
Besides, do people really think that had PGP NOT been available, that terrorists would have sent their messages in "clear"? Anyone thinking that needs to pick up a stick and whack themselves in the head with it..."Stupid (whack), stupid (whack), stupid (whack)!"
You're using her as bait, Master!
If PGP is now the tool of terrorists, then I guess airplanes and box-cutter knives are just as evil too. We definately can no longer allow just anyone without written permission from the government to use anything that might aid terrorism in any way.
So if you need to use a sharp object in public, you'll have to have a license. (You already need a license to fly a plane).
And from what I've been understanding, face-to-face vocal communication was the most used method of communication for this particular tragedy, so we're going to have to curtail that as well.
Ben - I hope you can sleep at night with the blood of 5,000 people on your hands. Electricity has become a weapon of war, leveling the playing field between powerful countries like the United States and the zealots.
Tom - I hope you can sleep at night with the blood of 5,000 people on your hands. Free speech has become a weapon of war, leveling the playing field between the rulers of powerful countries and the zealots.
George - I hope you can sleep at night with the blood of 5,000 people on your hands. The United States has become a weapon of war, conducting proxy wars around the world, exporting armaments, and zealously promoting "democracy."
----
Best regards and most sincere thanks to Ben Franklin, Tom Jefferson, and George Washington for their revolutionary efforts.
[The airline pilot said over the PA:] "Sometimes a potential hijacker will announce that he has a bomb. There are no bombs on this aircraft and if someone were to get up and make that claim, don't believe him. If someone were to stand up, brandish something such as a plastic knife and say, 'This is a hijacking' or words to that effect, here is what you should do:
"Every one of you should stand up and immediately throw things at that person -- pillows, books, magazines, eyeglasses, shoes -- anything that will throw him off balance and distract his attention. If he has a confederate or two, do the same with them. Most important: get a blanket over him, then wrestle him to the floor and keep him there. We'll land the plane at the nearest airport and the authorities will take it from there."
"Remember, there will be one of him and maybe a few confederates, but there are 200 of you. Now, since we're a family for the next few hours, I'll ask you to turn to the person next to you, introduce yourself, tell them a little about yourself and ask them to do the same."
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Dear ...
There have been proposals to limit encryption. These proposals are based on a fundamental misunderstanding of the technology.
The truth is, strong encryption is much too simple to stamp out. It's just math, and the math has been published in books. One key encryption method, RSA, is so simple that people have tattooed it on their arms. Any computer programmer who knows the math can implement strong cryptography.
An encrypted file is just a random-looking string of numbers. It's extremely difficult to tell the difference between such a file, and a set of actual random numbers. Many non-encrypted files have a little bit of randomness - the static hiss in a sound file. By replacing the hiss with your encrypted file, you can hide the fact that you are using encryption. There have been reports that terrorists already do this.
Any terrorist who wants to use strong encryption will do so, undetectably, no matter what the law is. Or they'll use phone booths and code words. The only effect of such a law will be to weaken the security of Americans, making us more vulnerable to cyberattack. Many noted cryptographers, such as Bruce Schneier (a participant in the Advanced Encryption Standard process), have argued that key escrow and other "backdoors" will inevitably be exploited by hackers. What if the terrorists manage it?
I use encryption at work to protect medical records. It's the foundation of online commerce and electronic signatures. It can help protect our critical infrastructure. Please don't take an action that will damage our economy, make us more vulnerable, and do nothing to make us safer.
The more we damage ourselves without hurting the terrorists, the happier they'll be.
(This is already handwritten 3 times, I'm mailing them at lunch today.)
There was no encryption involved. It was mearly a case of e-mail being written in Arabic. The government did not understand what any of this random data was and assumed it was encrypted.
If they are classsing PGP as a weapon of war and using that as an excuse for banning it then air craft, tall buildings and such like should be banned as well.
Karl Marx said that the root cause is the dialectical nature of history. If that sounds like nonsense, it is.
I want my job to be examining porno for hidden messages! 2 *million* (Dr Evil pinky) porno pics!
These technologies should be heavily regulated:
Each of these played a key role in the attack. Once these technologies are under control, America will be safe from terrorists. I guarantee it.
Signed, John Q. Stupid, United States Congress
Watch out for sheep.. they can be real baaastards.. (ok that was goat, but still funny)
JOhn
Campaign for Liberty
Whenever a tragedy happens in the US, someone has to be to blame. Sure, it can't be the personal responsiblity of the direct perpertrators. Must be guns/music/dressing in black. Why do I get the feeling the x-files is far too popular?
...which ones? Can somebody provide links?
I can just hear it now:
Hillary: "Are you surfing porn again, Bill?!?"
Bill: "No...I'm...I'm...looking for...looking for terrorist messages! Yeah, that's it!"
You're using her as bait, Master!
So by analogy should we call for a ban of jetliners? Terrorist hijackers used them to perpetrate their attacks. If jetliners were banned then this couldn't happen in the future.
Last I heard, all the emails that had been recovered were plaintext....
also uses PGP to report on human rights abuses without fear of being detected. Often organizations like this leave the private key back in a safe country, and only carry the public key to encrypt their reports and notes.
We rely TOO MUCH on our technology, then blame it when we fuck up. Terrorism is a HUMAN, not a technological problem. If a drug dealer uses encryption to run his sales network, we can ban encryption without solving the problem of why his sales are so high to begin with. I was in an airport last year, and saw a young boy (too young to read) walk through a 'RESTRICTED' door, setting off an alarm. I watched for 5 minutes, and nobody came to investigate why the alarm was sounding. That is not a technological problem.
We need human solutions to crime. Like guards on the planes. Like law enforcement officials who listen to threats they receive. Like airport security that gets paid more and trained better than the McDonalds counter staff.
The fact that Phil Zimmerman is losing sleep over this is a sign that he is human, not that he did the wrong thing. I don't see the executives at Smith&Wesson losing any sleep over crimes committed with their products. I don't see any airline executives apologizing for their weak security which helped lead to this attack. And I don't see any apologies from the terrorist organizations.
Here's a simple question: how exactly does the government propose allowing people to write their own crypto and publishing the source, from which the backdoors will presumably be easily removed? How easy would it be to write a program with a -D NO_BACKDOOR option that still complies with the letter of the law? How on earth do they plan on keeping that very random Hotmail account holder from PGP/GPG encrypting their new algorithm and shipping it overseas? How about bouncing it off a remailer, first? The cat's been out of the bag for a decade, at least.
It began, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war,"
Begin Sarcasm ------> yea ! its all his fault! he killed those people.. now, lets go after the decendents of the Wright brothers too, cause their stupid invention has become a weapon of war too... hey, what about gillette? let's mob them too, they make razors, more weapons of war... we'd all be better off if we just rode around in horse-drawn carriages, or better yet, if we were in the stone age.
------end Sarcasm
Phil Zimmerman, the Big Brain behind the popular home PC encryption tool, Pretty Good Privacy (PGP), is taking flak for enabling the infrastructure used by the terrorists behind the WTC attack.
I think the argument is supposed to be something along these lines: Without publicly available, tough-to-crack encryption, the terrorists would never have been able to communicate effectively to orchestrate their dastardly plot. Mr. Zimmerman brought this technology to the masses, and was a strong proponent of easing restrictions on the dissemination of that self-same technology. That technology eventually made it into the hands of the Bad Guys, and now we see the results.
I've got to resist the urge to compare encryption tech to a weapon. "Where's the outrage against Smith and Wesson!" I would shout at the top of my lungs. "What about Molitov, or Winchester? Who should be rolling over in their graves?"
Those questions are just as easily directed against Boeing and Lockheed-Martin though. After all, those guys made the weapons used. And of course, the aerospace industry IS taking a lot of flak.
But I've got to break away from that mindset.
Encryption is not a weapon in and of itself. Zimmerman was concerned - rightly, I think - that the increasing pace of technology, snooptech included, threatened the privacy of the common man. It threatened the ideals of the U.S. Constitution. It threatened to aid in the creation of a police state. That's what he was fighting against.
Encryption was a stand against the encroaching invasion of civil liberty. It was a tool for ensuring freedoms - the freedom to speak, the freedom to communicate securely, and the freedom to conduct business. Many of Zimmerman's methods derived from, and are enchancements on, commerce transaction security technologies. Had your credit card number lifted lately? I have, and it's no fun.
Encryption was a method of keeping the law honest, of maintaining the spirit of the law in a time when the law had no words to use. Remember, PGP came about during the birth of the publicly-available Internet (has it only been 6 years?). The Internet was, and still is, a new medium of interaction, with borders and behaviors outside of the well-established Way of Doing Things that the laws were written for. We have laws for public gatherings. We have laws for telephone conversations. We have laws for sending mail and packages around the country and the world. We didn't have anything for the Internet, because it works like all of those at once, and more besides.
Metaphors of all kinds popped up to describe the way the Internet worked - it's a telephone conversation, it's a society unto itself, it's a giant hard drive where everyone has access, it's a division of autocracies where No Man Is King - but none of those metaphors were 100% legally applicable to the actual situation of the Internet. Without adaquate descriptions of the legal state of the Internet, the Internet HAD NO legal state - and thus was open to anarchy from all vectors, including that of the methods of law enforcement, and whether the law was even allowed to enforce anything.
Anarchy in the methods of law enforcement. Think about that for a minute.
A while back on this board, there was a big debate over the appropriateness of the 2nd Amendment, specifically the Right to Bear Arms. Over and over, the point was brought up that guns don't kill people, people kill people.
There are ways of organizing a conspiracy without relying on high technology. It's been done over and over, successfully, for at least 6000 years. Ask Brutus, or whoever shot Kennedy, or Judah.
Tools that build up can be used to tear down. It's an unfortunate reality of the bidirectional parity of things. I'd like to thank Phil for giving us a tool that enhanced our meaning of civilization, and encouraged questions about it.
Tatsujin
Blaiming Phil Zimmermann for coding PGP and releasing it to the public and saying that this makes terrorists attacks possible is a pretty naive (stupid?) train of thoughts. By the same reasoning we then have to blame Boing for manufacturing those airplane, because that enabled the terrorists to carry out those attacks.
It's just that we perceive flying as a necessity without which we (think we) cannot live/survive whereas the need for keeping communications confidential and protected has not yet made it into the mind of the general public. I certainly don't want to belittle what happened in NY/DC, but each year more people die in car crashs---do we ban driving?
This article deserves more coverage
At least in this case, backdoors to PGP wouldn't have done any good at all (even if encryption was being used). Backdoors don't alert investigators to the activity of people they aren't investigating -- something else has to be suspicious first. Based on what I have read, only two of the terrorists were on the FBI's list and the FBI was only making a token attempt to track them down. Even if an investigation was being foiled by encryption, there should always be other investigative methods available to figure out what's going on. Any good conspirator will use a variety of communication methods, anyway. And use code words inside encrypted messages.
. . . when they pry it from my cold, dead hands.
-B
It's because Canada is number 2. In fact, it's called America 2 by most, and as we all know, THE SEQUEL ALWAYS SUCKS.
Why don't we all who use PGP email Mr Zimmerman, so he knows all the good he has done to the world?
:)
I already wrote him about how PGP enables me to safely exchange patient information to foreign collagues for help and advice.
I believe this kind of "spam" would be well received
to computer security. A computer exists, therefore its insecurity also exists. Put it in a shielded lead box--its usefulness long since gone, there will still exist ways to get in. If you want security for it, destroy it, utterly, then it will be gone, and with it, its insecurity.
The US is the same, a country, it exists, it has insecurity. Create a police-state which is more secure than the present circumstance--its usefullness(freedoms etc.) gone, attackers could still find a way through. Is the price for more security worth it when, like insects evolving to attack a plant, and vice-versa, terrorists can always find a way to attack?
The US should be like the driver who continues to drive even realizing that she/he runs the risk of being injured in a crash. But because it contributes to their idea of happiness they do not stop. Better dead than unhappy. It also helps a semi-truck driver to not ram into other drivers that annoy him, as some kind of retribution will likely follow, eventually, and, even though his windows are bullet-proofed, someone will find a way through his security and successfuly attack him.
But it is idiotic to even suggest that any type of legal sanction against crypto would prevent access to this technology by the forces of evil.
This is off topic but.. I wish Americans would stop looking at the world through their "superhero glasses", it might at least stop you all from blundering around, stepping on everyones toes.
Take a look around you, the world has many colours, its not just black and white.
The fact of the matter is, people DID blame Nobel, and he did feel guilty for creating dynamite. For this reason, he died alone and friendless, though mighty rich. Most see the Nobel Prize as being his way of buying himself a good name in the history books.
I do agree with your point, though.
Although harder to use than public key because of the neccessity of generating and exchanging the pad (key) are there any user friendly programs out there that automate encrypted communications using one time pads?
The reason being that even if the US gov't intercepts such a communication they could never prove it is an encrypted email - for all intents and purposes, without the pad, it's random data.
-josh
I sure hope the farmers in the Midwest can still get to sleep at night.
I mean, just think, some of the food they grew was used to nourish terrorists. Probably a good portion of it. Plus some help from other farmers across the US. Hell, some of it probably made it to Afghanistan where it is nourishing our "enemies" (Insert your definition of who is our enemy).
Just think. If they wouldn't have grown that food, all those terrorists would have starved to death. It could have been so simple to stop them. If we just wouldn't have given them food, they wouldn't have lived much more that... what a month? Or they would be too weakened to fight even a single "infidel American".
Bah. Farmers. Terrorist sympathizers all of them.
- - - - - -
While that was satire, people like tmark should think a bit more before blaming anything other than the terrorists and the organizations that support them directly. Its as if they are saying:
No. They will just find another way. Terrorists aren't stupid or insane. There are many ways to communicate securely over an normal medium. Encryption just lets you communicate normally over a secure medium.
Shortly after the great tragedy, I found myself wondering, "How long until the Media picks up on the Computer Gaming culture, and starts trying to blame that?". In the time since, I've heard people bandying around the idea that Microsoft Flight Simulator could have been used as a training tool to pilot a plane..
At that point, I knew the world had truly gone barking mad again.
It's the same with Crypto. Something that people don't understand is automatically to blame.
How we look back on the Luddites of the Industrial Revolution, and consider them unenlightened barbarians.
Going around and destroying the things they didn't understand because they felt threatened by it, without realising what they were truly rebelling against.
Now, have a look at what's happening to the Internet, science, and the digital age as a whole...
Each advance is slowly be destroyed by those that don't understand it, and can't work out how to control it, except this time, it's being done with a web of legislation and an army of lawyers.
Methinks in many years to come, these will be remembered as the Luddites of our current age.
Crypto is just one of the machines they're trying to break.
Malk
The fact that the pilot and controls are protected by a curtain is more the problem, than terrorists telling eachother via PGP that american planes have no security, and planning to exploit that.
According to the reported from ABC (I have forgotten his name) who went over to Afghanistan a few years ago and interviewed bin Laden he DOES use crypto.
A few years ago he stopped using cell phones and satellite phones to communicate, knowing that those technologies could be monitored.
So what does he use now to send out secret orders?
Encrypted Zip disks sent by courier who secretly take the disks out of Afghanistan. It wasn't clear whether the disks were then sent by snail mail or whether the data on them was transmitted using the internet. It also wasn't clear if PGP was used. Is his network large enough for key distribution to be a big hassle? If not he could skip public key crypto entirely and just use 3DES with a list of keys or long passphrases.
For his edicts which are meant for public consumption he makes video tapes of himself and then sends them out to arab media outlets which then broadcast them.
Lasers Controlled Games!
If you want to stop terrorism you have to find the bottle neck - the place were there are the fewest things to control. Encryption is one of the furthest things from the bottle neck, blaming encryption would almost be like blaming speech. And controlling it would be no different. In this case, airline security is the bottle neck, there are fewer planes in the air than their are encrypted messages, therefore, planes should be controlled as to make them harder to hijack and crash into stuff. For example putting a camera outside the door so the pilots can see whos knocking, and train the pilots to turn off the camera, wear headphones and ignore the terrorists while they land.
Blaming Phil Zimmermann for this is even worse than attacking a paediatrician because your so dumb you think they are a pedophile (happened in england) people like this should not be allowed to vote. (bush is one of these people)
This comment does not represent the views or opinions of the user.
You'd as likely find a strict Muslim eating pork rinds in a liquor store as you would surfing a pr0n site, for steganographic purposes or otherwise. The lives of these men are entirely constructed around a strict obedience to (what they misguidedly see as a correct interpretation of) their faith. Further, it as been noted by Western intelligence organizations that these terrorist organizations use very little technology at all (even phones) instead relying on classical "no-tech" spycraft, which is part of the reason that the increasingly-focused-on-electronic-surveillance agencies have a very hard time tracking bin Laden et al.
Even if you assume that they utilize information technology in their organization and steganography in particular, it is highly unlikely that pornographic images are being used.
Naturally and as usual the political elites are using an external threat to move against internal things they do not like, such as encryption and pornography. (An analogy would be how every new recreational pharmaceutical is called a Date Rape Drug. Yet, strangely, the most frequently used chemical in date rape is still available widely, namely ethyl alcohol. Crack would be legal too if crack dealers were beefy white guys, wearing suits with Rotary Club pins on the lapel, that gave campaign contributions.)
News for Geeks in Austin, TX
Now, we all know that journalists have a propensity to twist peoples words, and not always present things as they are, but, IF the article about Zimmerman is true, that he does cry every day because his technology could have been used, I'd think that's pretty arrogant, and completely misinterpreting his own importance.
There has been a lot of talk of Steganography, but I have never heard a word that they have used PGP. I'd actually guess that they'd think it's not safe enough for one reason or another (detectability of usage if nothing else). If some one gets word on PGP usage, post a link please.
(PS. about the media in this issue, the celebrating palestinians shown to the world in TV, were NOT celebrating the attack as first reported. It was a set up (a german journalist actually tracked down ppl in the video sequence to double check). There's your media).
Don't give up your civil rights. I don't live in the us, but its a pain in the *ss to try to avoid using us software.
... we bring Peter Paul Mauser to trial now for the handgun! And lets go after the Chinese for coming up with gun powder.
Ceci n'est pas une sig.
So, let's ban PGP, guns, bombs, airplane, people, and knowledge.
So much for the "land of the free and home of the brave".
"values of beta will give rise to dom!"
Or look at a simple social reaction, if you are an asshole people help you as little as possible, if you are basically respectful and start a conversation with a smile it's pretty easy to get someone to 'want' to help you.
Or look at the wack-a-mole that happens everytime something like DeCSS pops up. The more they try to squeltch it the, more it gets mirrored.
The ironic thing is that this is the same mob mentality that is pushing these bad laws though, our Representatives see the threat to America the same way a hacker sees a threat to free speach, and the rep votes to pass laws to counter the threat with the same urgent need that a hacker starts mirroring code. Its hard to convice a hacker that there is no real threat, this new law isn't a threat; and, it will be hard to convince you're congressman that this won't protect anyone. And in the end more people will join the Underground, concort with worse criminals (like my friend, who all he learned in prison other than you can go to prison for being black in Idaho is how to pick locks). And more worlds will slip through fingers.
And remember in every revolution from the taxes on merchants in America to the crushing of the serfs in france, the violence and size of the revolution is proportional to the repression. Just like all explosions.
---
Whenever something bad happens, people have a hard time accepting it. Instead, they try to assign blame to anything and everything, without any rational thought. Some of this blame is deserved, but the sheer amount of blame going around can make figuring out the reality rather difficult.
Islam has been blamed for the fundamentalism that has been used to motivate these attacks, but the religion itself isn't at fault.
The US has been blamed for its actions in the middle east that have created some strong anti-American sentiment, but it takes opportunists and fanatics to go from hate to terrorism.
Airports, airlines, and the FAA have been blamed for not stopping the terrorists, but despite the actual security problems, a determined terrorist is almost impossible to stop every time - stopping dozens of organized terrorists is even less likely.
The architect of the World Trade Center has been blamed, but the fact that the towers remained standing so long after the impacts shows how unwarranted this blame is.
Building codes banning asbestos, the lack of regulations requiring special additives in jet fuel, etc. have also been blamed, despite the lack of any proof that any changes could have prevented this.
And now, as expected, encryption and people who develop encryption algorithms are being blamed, just because the terrorists might have used encryption.
All of this blame accomplishes nothing and only makes it more likely that we will do harm to ourselves rather than work towards recovery. At the same time, we want revenge, increasing the possibility of unfocused military actions in the middle east. As a nation, we need to calm down before taking any action; we need to give ourselves some time to let reality sink in so that we can think clearly and take action that will have the greatest chance of real success. This latest round of blame proves that we aren't quite there yet.
Washrooms should be banned since terrorists use them daily. Also, plane fuel was critical to the plane WTC disaster, so it too should be banned.
Anyone who supports washrooms or plane fuel must be treated as a terrorist sympathizer and must be dealt with severely.
***NEWSFLASH***
Bill Clinton hasn't been the President of the US for about 8 months now.
Unless you are inferring that they installed "Net Nanny" when George got into the Whitehouse to keep the bad stuff from him. In which case we should go after "Net Nanny" and their ilk for harboring terrorists.
Should Zimmerman feel guilty that his program was used for this? No, because he wasn't the one using it.
Should he feel guilty for making such a powerful tool available to anyone while naively assuming the use of this technology would be free expression, and ignoring the possiblity that it could be used by terrorists, criminals, and other unsavory people and organizations? You're damn right he should.
Technology, by its very nature, is amoral. It can be used for good or ill, depending on who uses it and how. Whether or not a technology is good is defined not by what it is, but by whom it is used and for what purpose.
PGP and similar programs enabled anyone to communicate electronically in perfect privacy, removing the balance of public scrutiny. And when you combine that with the facts that it is easier to kill and destroy than save and create, and that the world is full of people willing to do so for any number of reasons, it should have come as no surprise that those people would be significantly strengthened by this.
I suppose if Phil hadn't written PGP somebody else would have done it - but that doesn't change how naive he was to think that it would automatically make the world a better place. The road to hell is paved with good intentions. I wish people would learn that lesson.
cryptochrome
---If you can't trust a nerd, who can you trust?
He is about as guilty of helping this atrocity as the mechanics and engineers at boing who built the flight control systems on the jets used in the attack.
Still, its horrible to think that your creation may have helped in this.
Some people have been so badly hurt that they are looking for anything to lash out at. Their choices of target have been pretty poor.
The first thing we do, let's kill all the lawyers. Shakespeare, Henry VI, Part 2, Act 4, Scene 2
Einstein did not help build the bomb. He wrote an influential letter to Roosevelt supporting the bomb effort. He made some contribution to gaseous diffusion, which is used to refine Uranium into weapons-grade material. That was the extent of Einstein's contribution. He did not work on the Manhattan Project.
Another misconception about the bomb is that relativity theory (E=mc^2) is somehown necessary for the design or conception of a nuclear device. This is simply untrue. Follow this link if you doubt the veracity of the previous sentence. Bomb design is based on basic nuclear physics, and the energy release can be calculated from electrostatic considerations.
"Mit der Dummheit kaempfen Goetter selbst vergebens." - Schiller
Saying that he's at fault for creating the encryption standard that the terrorist use to communicate is like blaming Boeing for making the plane.
Probably much to the surprise of some Americans, there are smart people elsewhere in the world. They didn't need Phil.
There is no proof that encryption had any significant role in what happened. That claim is just a canard to clamp down on the Internet, and on you and me.
"You must try to forget all you have learned. You must begin to dream." -- Sherwood Anderson
However, I don't see how any American law would affect Bin Laden in Afganistan? Committing terrorist acts is ALREADY illegal here in the US. What effect is passing another hundred laws going to have, other than reducing the freedoms of law abiding citizens?
If congress banned encryption, it would only affect law abiding Americans, and would have no effect on outlaws or criminals.
Guru
ERA Champion Real Estate
We should blame him too!
You're using her as bait, Master!
Police departments know the old box cutter trick, tchnically it is not a knife, it is a "utility tool." AMAZING. Amazing that every police department in the entire United States realizes that half of their knife crimes involve box cutters, but the damned airlines let them on the planes. But then again, they would have used sharpened credit cards if necessary.
My condolences!
Hopefully you still have your nads.
Yeah, it just seems to be the late american theme to blame someone else for all your problems. We're becoming a country of burning straw-men. Correct me if I'm wrong, but isn't the richeous thing to take responsibility where and when you are responsible?
"Question with boldness even the existence of a god." - Thomas Jefferson
...when they caught Arnold's (unwilling) female accomplice and began reading out her (trumped up) "crimes" to the audience...
You're using her as bait, Master!
In the wake of the terrorist attack, the US is making all sorts of bad moves. Well, bad to the people at least. For one, this whole encryption deal. People coming forth and saying encryption let this happen, encryption is bad! When all evidence points to the fact that all electronic communication was done unencrypted. One of the biggest complaints about bin Laden is that he didn't use technology enough to be tracked easily.
The government has been itching a long time to do this, and now they can use the misinformation of the common folk to make anyone who stands with encryption a villian and an accomplice to the terrorists.
Another thing I am not so sure about is the US approach to the Taliban. We are telling them to hand over bin Laden or we will destroy them, completely ignoring their reasonable call for proof. Right now, even though there is a lot of evidence against bin LAden, it is all circumstantial, and in a smaller case it would just be dismissed without further concrete evidence. The US is out for blood. This isn't a quest for Justice yet, it is one of blind vengeance. Once we had proof, then the vengeance would be justice.
That said, something should have been done about bin Laden long ago. If we were able to definitely connect him to the older trade center bombing, two US embassy bombings, and the bombing of a US Destroyer, why only now do we really get forceful? Any one of those former actions could be construed as an act of war, and if we had been more forceful at the time, we might just have prevented the WTC tragedy. But I guess the people who lost their lives then just weren't important enough to the American people to warrant justice..
In any event, I do think we need to get bin Laden, we cannot rightfully do it under the public pretense of justice for the WTC, but rather the more sensible pretense of trying to end terrorism, or even one of his numerous other crimes. The Taliban response may always be the same, but at least the US wouldn't look as bad when they do lower the boom.
XML is like violence. If it doesn't solve the problem, use more.
Keep in mind that you are probably overemphasizing the "own language" or "plaintext" aspect of this solution -- or underempasizing the "modified vocabulary" part. These guys weren't just chatting in their own everyday language.
The Japanese were smart enough to know what was going on, and were even able to distinguish it enough to try and force a Navajo POW to translate for them. Because of the "code-like" aspect of the communications, the poor prisoner was never able to figure out what was being said (happily for the USMC).
I heard similar stories about Irish UN peacekeepers during the recent actions in the former Jugoslavia. In this case, certain units would communicate in almost plain language on open frequency using Irish-speakers. The unfortunate fact is that, because of the disuse of the language, many Irish probably couldn't have understood the communications, even if it were spoken straightforwardly.
Why not blame the founding fathers of boolean algebra and computer science? After all, if they hadn't publicized their findings, we wouldn't be in this pickle at all. Gosh, you may as well blame Alexander Graham Bell for inventing the telephone with which the communication was done, or blame Marconi for inventing wireless communication, which was almost certainly necessary to coordinate these attacks, or maybe even blame the pre-homo sapiens that invented a complex communication structure in the first place.
Anybody who can point a finger at the inventor of PGP for causing this needs to reevaluate their view of the entire human civilization. No matter how you look at it, the principles of irreversible encryption were laid down long before Phil Zimmerman came up with the idea. The mathematics was always there -- he just happened to be the first guy to show us how to use it in that way. If he hadn't done it, somebody else would have.
File under 'M' for 'Manic ranting'
Am I the only to notice the irony of this:
It would cause problems, for instance, for a rebel fighter in Kosovo, whose brother e-mailed Zimmermann to tell him the technology was being used to relay messages from command center to command center, eliminating the need for human couriers
I assume they're talking about the KLA, that have been carrying out attrocities. Of course, those attrocities are for the pro-U.S. side so they don't count. Gee, sort of like arming the crazy fundamentalists in Afganistan when it suited U.S. cold-war interests....
No, you're missing the point. You politicians and your businessmen both want to do the same things: Regulate encryption.
You can do whatever you want as long as your software contains backdoors for the government and look at the copying restriction bit mask.
In the thick of emotion and shock, certain federal agencies took advantage of the situation to shift the blame from their lack of vigilance to encryption communication. Evidence is showing irrefutably that these terrorist cells took great care to avoid electronic means that can easily be intercepted and monitored. The Bin Laden terrorist handbook says when in planning, the main means of communication and coordination is in person contact, which is why we see so many of these guys very busily travelling between key states and international countries. Bin Laden's organization knows FBI/CIA tactics intimately, and therefore knows how best to circumvent surveillence. They have not demonstrated the burden of proof that stricter encryption restrictions or "backdoors" would have helped them gather information at all.
If anything, I blame the FBI/CIA's dependence on technology surveillence, which they took to mean they could kick back while technology did all their work. All security, whether in national or in IT terms, requires constant vigilance, and anyone expecting tools to do their work for them are essentially allowing mischief to sneak in their "backdoors" while they kick back with their coffee and donuts.
Shame on the federal government for taking advantage of the emotions surrounding this event to further an agenda that in the end, will take away civil liberties and give a false sense of security.
Tell those assholes to go fuck themselves.
Like many Americans, Alexander Graham Bell, a stocky, 47-year-old inventor, has been crying every day since last week's terrorist attacks. He has been overwhelmed with feelings of guilt.
Bell is the inventor of a device called the Telephone, or Phone. He patented the tool 125 years ago; it was the first to allow ordinary people to communicate messages without traveling or sending mail. No government or law enforcement agency has been able to listen to all telephone conversations.
People warned Bell back then that he could be putting powerful technology into the wrong hands. He knew that was theoretically possible, but he also knew that the Phone could do good: His work created a way for people in oppressed countries to communicate without going to the other person's house.
Now the government is investigating whether Bell's technology or another communication tool was used by the hijackers to coordinate last week's attacks, and U.S. lawmakers are calling for new restrictions on the use and distribution of the technology.
Bell and other fathers of telephony say it may be too late, given that the technology has spread all over the world.
In a telephone interview from his home in Boston, Mass., Bell said he doesn't regret inventing the telephone. Yet he has trouble dealing with the reality that his device was likely used for evil.
"The intellectual side of me is satisfied with the decision, but the pain that we all feel because of all the deaths mixes with this," he said. "It has been a horrific few days."
Contributing to that is the hate e-mail he got Sunday night.
It began, "Alex -- I hope you can sleep at night with the blood of 5,000 people on your hands." The telephone has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."
Bell read the words over and over again the next day, trying to think of a way to respond. But in the end, the man who is known in the technology world for his scientific editorials didn't know what to say.
"He raises some points that many people are raising right now, namely that terrorists can use the technology," Bell said quietly. "But it overlooks the strong need for good conversation."
The open policy the United States has today toward telephones arose out of years of debate in the 1870s. Bell was among the most prominent figures in the discussions, fighting against a government that threatened to jail him for selling his devices to non-governments. He also launched a campaign to convince Congress to ease restrictions on exporting the technology to other countries. He won on both accounts.
Bell and other technologists now struggle with the Catch-22 that telephones present. If governments are given a backdoor or a master key to the world phone networks, as lawmakers like Sen. Judd Gregg (R-N.H.) have suggested, it would defeat the purpose of the technology.
It would cause problems, for instance, for a rebel fighter in Kosovo, whose brother telephoned Bell to tell him the technology was being used to relay messages from command center to command center, eliminating the need for human couriers.
Another telephone pioneer, Philipp Reis, said there are also practical reasons why the technology shouldn't be restricted. "I am extremely doubtful that this could be done without weakening phone networks, and the costs would be absolutely staggering," said Reis, a German inventor.
Then there are the civil liberties questions.
"We should be careful not to make any rash decisions in the heat of the moment" that could have a negative impact on privacy, human rights and First Amendment freedoms for years to come, Bell said.
or midgets?
There are some odd things afoot now, in the Villa Straylight.
Are you all so stupid, that you deny the TRUTH?
THEY EVEN ADMIT - ENCRYPTION WILL NOT WORK ON TERRORISTS
USATODAY article
WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.
Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.
Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.
All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.
********
I say, ask those that deny it this:
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
Perhaps you think Bin Laden cannot afford it - dimwits.
The answer to trademark and domain name problems is at WIPO.org.uk
Moreover.. those black helicopters you've been fretting about just happen to be crows.
The whole idea of encrypting a message is that there is only one way to open it: with the password/key/pattern that was used to encrypt it. With a backdoor, there becomes two ways to open it: with a password/key/pattern, and a backdoor key. Now, you say, only the guvment has the key. This is true. But who's in the government? People just like you and me, people who are not incorruptable, people who steal evidence and sell confiscated drugs and who take bribes. Which is an interesting thing to think about: if people have the key, then it makes sense that other people will eventually get the key. It's not a physical structure, it's a copyable string of bits that would eventually trickle down until everybody in the world had a key to the encryption, and unlike a physical lock you can't just replace it with a new key. Backdoored encryption would be secure for no more than a few years, then it would be as open after a fashion as pig latin.
This is of course assuming there's one code that opens all or most encrypted files (one ring to rule them all). There's also the possibility that the government will just require you to submit any keys to a private repository, which would of course be hacked by Eaglesoft faster than you can say "ACLU."
And besides, how can you enforce this when 256-1024 bit encryption exists throughout the world already? You can't round up software, hell i can hide a copy of BestCrypt on my machine for future use and then make a dozen copies when i need to. Encrypted data can be hidden in plain site as noise in an mp3 file or the difference between planes of a graphic. Since criminals don't go to CrockUSA and buy the software they use to skulk about with, there would be no way to even know what they were using.
So we have useless encryption that isn't used, a huge instaled base of tough encrypters we can't stop and a group of people who our law doesn't affect. Why are we even arguing this? It's as stupid as, I dunno, declaring war against an enemy that doesn't exist yet or vowing revenge on a religion and people who had nothing to do anything. Sometimes the fucking reactionary know-nothings in this country make me wish I was in Canada, where nobody knows anything either but at least they don't have strong opinions about it.
Hey freaks: now you're ju
As much as I like to whine about stuff like this, it just doesn't help. Stop bitching about it when you could do something. Write a letter to your Senator and tell him you're unhappy with the crypto bill.
I wish a lot of things. I wish that people weren't so literal-minded that they can't comprehend the place of rhetoric. I wish that the smug bastards in every other country in the world would stop talking about "Americans" as if their summary of 300 million people in a single pithy phrase isn't just as much an example of blak-and-white thinking as anything they accuse us of. I wish that y'all would stop pretending ignorance to the fact that every developed country in the western world absolutely capitulates and cooperates with America at every level - multinationals are just that, you economies are completely intertwined with ours, your rich bastards get so investing in American companies, quite often investing in things that go contrary to your very proper civil, political and environmental stances you hypocritically hold in your own little patch of earth. I wish that there wasn't any debate about whether crashing fucking jet planes into buildings full of people constituted evil. And most of all I wish anonymous cowards without the balls to own up to their own opinions would just shut the fuck up.
It Is the Nature of Information to Transgress Artificial Boundaries
Consider the fact that terrorists would love to crack the communications of free enterprise. If it becomes a criminal act to use encryption, then only criminals will use it. If this happens we might as well paint big bulls-eyes on our rumps and kiss them goodbye. We must defend our information if we want to salvage our economy. Nimda is currently teaching us what sorry shape our defense is in. The government should not be hampering our freedom of secret communication, but rather they should vigorously promote it as a front line of homeland security.
And from the opinion polls on the street, most American would gradly give up a number of perceived "freedoms", so I'm not alone. Crypto-lovers are fighting a losing battle.
We don't need to play defense on this issue. We can play offense.
The increased terrorist attacks underscore the need to strengthen our computer networks with strong unbreakable cryptography. Some well meaning but misguided inviduals may argue that we should weaken our computer infrastructure with back doors to ease law enforcement, but that weakening would create a greater opportunity for terrorists, as it is a virtual certainty that, with so many back door keys, some will fall into the wrong hands.
In foreign policy, we neeed to promote the use of strong cryptography abroad, not only to strengthen the computing infrastructure of free countries, but because strong cryptography in the hands of the citizenry could help undermine oppressive regimes and enable more internal efforts at democratic reform. Since it is from oppressive regimes where terrorism seems to originate most often, making these governments more democratic is likely to be one of the most cost effective ways of reducing the terrorist threat.
We need to pueblicize the idea that the governments of the free world should be actively promoting strong cryptography, both to guard against potential cyber-attack and to reduce terrorism at its source.
The use of a one-time pad is the key.
How is the pad itself shared by both nodes?
La via sola al paradiso incommincia nel inferno
It was because somewhat unsuprisingly the mathematical brains in Japan and Europe had managed to come up with their own encryption systems which COULD be sold in the US, thus meaning that US companies couldn't compete abroad and could get slammed at home.
Or was it that the NSA actually does have a working quantum computer ?
An Eye for an Eye will make the whole world blind - Gandhi
For some 200 odd years, Gun rights have been under attack. It's easier to notice the crypto-right attacks because those have increased dramatically over the past week.
To Attacks' Toll Add an Inventor's Grief
By Feenrith Gonkspur
Washington Ghost Staff Writer
Friday, September 21, 2001; Page E01
The tears have come in the kitchen, the car and the shower, too.
Like many Americans, Grep Panbottom, a stocky, 47-year-old CEO of a
boxcutter knife manufacturing firm, has been crying every day since last
week's terrorist attacks. He has been overwhelmed with feelings of guilt.
Panbottom is the designer of a small compact knife called a Boxcutter.
His simple design, a sturdy handle that accepts replacement blades was
the first to give ordinary people a safe and rapid opening of cardboard
boxes with a minimum of damage to their contents. The receiving departments
of no government or law enforcement agency can operate without them.
People warned Panbottom way back when that he could be putting powerful
technology into the wrong hands. He knew that was theoretically possible,
but he also knew that the knife could do good: His work created a way for
gloveless people in poor countries to open cardboard boxes without suffering
cardboard and strapping tape lacerations to their bare hands.
Now the government is investigating whether Panbottom's technology
or a similar boxcutter was used by the hijackers to coordinate last
week's attacks, and U.S. lawmakers are calling for new restrictions on
the use and distribution of the boxcutter knife technology.
Panbottom and other fathers of cardboard box openers say it may be too
late, given that the technology has spread all over the world.
In a telephone interview from his home in Mobile, Alabama, Panbottom
said he doesn't regret posting the design for his first practical boxcutter
knife on the Internet. Yet he has trouble dealing with the reality that his
boxcutter knife was likely used for evil.
"The intellectual side of me is satisfied with the decision, but the
pain that we all feel because of all the deaths mixes with this," he said.
"It has been a horrific few days."
Contributing to that is the hate e-mail he got Sunday night.
It began, "Grep -- I hope you can sleep at night with the blood of 5,000
people on your hands." The boxcutter has become a "weapon of war," the e-mail
continued, leveling the playing field between powerful countries like the
United States and "zealots."
Panbottom read the words over and over again the next day, trying to think
of a way to respond. But in the end, the man who is known in the boxcutter
manufacturing world for his jovial toasts and finding any means possible to
avoid laying off workers from his shop even during the dryest of economic
seasons didn't know what to say.
"He raises some points that many people are raising right now, namely that
terrorists can use the technology," Panbottom said quietly. "But it overlooks
the strong need for good boxcutter knives."
The open policy the United States has today toward boxcutters arose out of
years of debate in the 1990s. Panbottom was among the most prominent
figures in the discussions, fighting against a government that threatened to
jail him for selling his boxcutters in Home Depots and Lowes Hardware.
He also launched a campaign to convince Congress to ease restrictions on
exporting the boxcutter knives to other countries. He won on both accounts.
Panbottom and other light manufacturers now struggle with the Catch-22 that
boxcutter knives presents. If governments are allowed to dull the blades
manufactured within the U.S., like Sen. Judd Gregg (R-N.H.) has suggested,
it would defeat the purpose of the technology. It would also do nothing to
prevent terrorists from simply purchasing replacement blades manufactured
in other countries.
It would cause problems, for instance, for a rebel fighter in Kosovo, whose
brother e-mailed Panbottom to tell him the technology was being used to
open boxes containing much-needed medical supplies.
Another boxcutter pioneer, Thumb Retractor, said there are also practical
reasons why the technology shouldn't be restricted. "I am extremely doubtful
that this could be done without making it difficult to open boxes, and the
costs would be absolutely staggering," said Retractor, a researcher at
Cardboard Labs.
Then there are the civil liberties questions.
"We should be careful not to make any rash decisions in the heat of the
moment" that could have a negative impact on the freedoms of citizens to
open boxes without undue restriction for years to come, Panbottom said.
© 2001 The Washington Ghost Company
http://www.msnbc.com/news/632133.asp?0dm=C13OT
"The intellectual side of me is satisfied with the decision, but the pain that we all feel because of all the deaths mixes with this," he said. "It has been a horrific few days."
It's annoying that he didn't use paragraphs, but the points are right on.
I came to the same realisation recently, that I'm safer shopping with trusted online merchants than giving my check-card number to the local gas station. Who knows where those paper slips end up?
Let's all mail him telling him he has nothing to regret. Criminals killed 5000 people, just like in WWII when politicians (even more criminal than these) killed millions of japanese people. No American then complained to Einstein. Such hipocrisy.
Pedro Côrte-Real.
Most factors in the WTC atrocity are things which the general public accept because everyone understands their usefulness (planes, knives, etc.).
Cryptography is something whose benefits to civilization aren't so clearly understood, so it's an easy target to blame.
Ofcourse they blame encryption -
It's part of the dare I say 'arrogant' mindset of large organisations of unlimited power such a the NSA, the FBI and the CIA. They have failed, miserably, at doing their job, and they are clearly inept, as the terrorist attacks prove. Not only the fact that the terrorists got through without them noticing it, but the even more upsetting fact that parts of these organisations knew (some of) the suspects were terrorists, other parts knew a big attack on american soil was coming, yet atoher part knew some ofthem had pilot licences, and yet other parts had been warned by the French secret service that terrorists had been following pilot's training, and intended to hijack planes in the US.
It now appears that the heads of the security organisations don't know what the tails are up to, selectively ignore vital information because they believe French people are stupid, never succeed in preventing attacks, and are always suspiciously quick to point to the usual suspects, providing no evidence (supposedly top secret, cannot be revealed without compromising operations etc) to reassure the public that they have caught the culprits, and not just some minions while the master minds are still out there plotting new attacks.
In short: the FBI, NSA and CIA have failed miserably. In their eyes this is impossible, because they are omnipotent, so the only explanation is some random outside factor beyond even their control is to blame, and once they are allowed to bring that (back) under their control, everyone will be safe again.
Today's things not sufficiently under their control: encryption algorythms and the licence to make political assassinations.
Oh imagine how much safer we will all be feeling soon when we know that we can be prosecuted if they can't read our mail, and they can assassinate us at will.
Now I don't have the delusion that I am important enough for American espionnage organisations to snoop on me, or assassinate me, but just because it doesn't affect ME doesn't mean it is no problem!
The NSA and CIA would not have been in this mess of having to explain to the public why it is that they exist, and have an unlimited budget again, if they didn't waste 100% of that budget on industrial espionnage, spying on America's closest allies, ignoring all information that doesn't travel by satelite or sub marine cable, because it can't be worth a lot of money anyway.
Rhetorics places is in speeches/summary not in debate.
Are all the people on this board calling for the destruction of "evil" American? If not then mostly.
Nowhere did I state I feel all Americans think this way. Americans is a subset of Americans.
I do not agree with the policies of many governments, including my own. You do not know me or my beliefs, why even try to attack?
I wish the same thing about the planes, you do have my sympathy and my compassion.
I do not have a slashdot account, I see no need for one, either people will read and understand or they will not, what matters is what I write, not who I am.
Nevertheless, what I said stands. The world is not black and white. And I have never met a person whom I would call evil.
I haven't heard any reports that the terrorists used any encryption or even email to communicate. In fact, it is well-known that bin Laden does not touch electronic devices for 2 reasons: he could be traced, and he prefers the trust he places in people.
We need to ban those things that we know the terrorists DID use: airplanes, knives, plastic, telephones, blue jeans, alcohol, cars, books, English, Arabic. Of course, outlaws will still have access to these things, but taking these things away from Americans will keep us safe.
Software sucks. Open Source sucks less.
Firstly, the reality is that Bin Laden apparently avoids technology wherever possible, sending people to deliver messages rather than bits (encrypted or not).
But even if it were to emerge that that the terrorists used PGP or similar software, and secure encryption was made illegal, can someone seriously suggest that terrorists bent on destruction would worry about complying with US encryption laws? Either they would go ahead and use secure encryption, or they would choose another form of communication.
In reality, the only people who the FBI would end up monitoring are the innocent, and the stupid (and Bin Laden's crew are definitely not stupid).
This is in addition to the not inconsiderable point that enforcement of these laws would be almost impossible.
It makes as much sense. Encryption such as pgp
will always be a "two edged sword". There are>
lots of other things of that nature. Alfred Nobel invented something far more dangerous than
pgp. This is ridiculous.
It's obvious that the real culprits in this debacle are Orville and Wilbur Wright.
If God had meant man to fly, he would have given him wings.
If the NSA knows they're using public key tools, then can't we crack the transmissions with the same techniques that were applied to the various PK encryption challenges?
I'd leave my machines on 24/7 if it would help crack terrorist messages.
Of course, this would open the possibility for the NSA to slip in a few ACLU messages as well...
Car accidents in the are one of the major causes of accidental death, it seems to me we should bomb Ford.
You can't handle the truth.
That's right. There's an ex-CIA guy (forgot his name) that pointed out that for most people in a middle east terrorist operations usually only trust their family, et al. with sensitive information.
-RB
"One man can change the world with a bullet in the right place."
- Mick Travis, "If..."
The real problem with Phil and his situation is that we don't see all the times when PGP and his work has *prevented* bad things from being done.
We only hear when the CIA/FBI etc were stopped by encryption. We don't hear all the times when *terrorist* plans were *stopped* due to encryption use.
The good work of PGP goes unnoticed...
keep up the good work Phil!
We need *more* encryption, not less.
--
Simon
Correct me if I'm wrong, but back in WWI, there was an encoded telegraph sent by the Germans to the Mexicans which encouraged them to revolt against the U.S. so that they might distract the U.S. in order to help the Germans in their war on the European continent. The name given to this telegraph was the 'Zimmerman telegraph'. The British were able to crack the code and decypher the message, and thereby alert the Americans to the German plans. Seeing as though it took the Brits, to crack a coded telegram by Zimmerman to limit or stop a possible war on the U.S. continent, could not the same thing happen today? Could an ally of, or the U.S., help crack a Zimmerman code to help stop a (terrorist) war on the North American continent?.... It's just food for thought, but the paralells between the 2 stories are a little eye-opening...
Not your comment but the suggestion all together but...
Who would even imagine the blame going to Canada for THIER immigration policy, when Jerry Falwell clearly pointed out it was because of gays, abortionists and the ACLU ???
No wait, shouldn't we be blaming encryption? Left-wing tree-huggers? Right-wing oppressers?
Let's blame those non-partisan people for sitting on the fence. No-wing apathetics? The media-industrial-military complex?
I'm sorry for the satire, but it's really needed when the rediculous gets rediculous.
"Communism is like having one [local] phone company " - Lenny Bruce
Actually, after reconsidering your original post, I probably took it a little out of context. Apologies, I am too used (and a little scared of) the simplistic labeling thats going on.
Even if they did use PGP
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
The possibilities on how to transfer these are endless. Say I send somebody a message saying "I love Sting". That tells him to take the latest sting CD, rip whatever track is [Current Day] % [Number of Tracks], and gzip -9 it. There's your pad.
That's an obvious one, I'm sure there are any number of ways that are even harder to detect.
Even if the terrorists did use encryption, doesn't the DMCA make it illegal to circumvent it?
:)
Remember: Crypto doesn't kill people, people kill people.
This may of already been said but the foundations of the encryption algorithms used in RSA and PGP are found in basic concepts of Abstract Algebra (needing prime factorization of very large composite numbers). Anyone with a BS in Mathematics could program this basic encryption algorithm so that it make messages secure.
If you send somebody a message specifying exactly how to generate the "one-time pad" needed to decrypt a given message, how exactly is that "hard to detect"? The problem is not how you share one-time pads, it's how you share them without the pads themselves being intercepted. Sending a plaintext message that says "the secret is on the third floor, room 306, under the third floorboard on the right" doesn't cut it.
Breakfast served all day!
That was established to investigate Echelon. Here's how it works: Most skimming is automatic eg. filters pull out email and other transmissions, unpack them and make an educated guess as to the contents. Keyword ident works on recogniazable text. So unless you have a human being staring at the fax image and they happen to understand the language you're writing in there is no automatic electronic ability to decode a handwritten fax message. And even with that it would typically have to be transmitted between two phone numbers someone cares enough about to monitor.
So next time think about what you write before you write it or someone will accuse you of the most stupidist thing they've ever heard.
How do you figure out what messages are specifying the pads? For all we know Slashdot's sole purpose is to provide one-time pads to the Linux Terrorists.
It's not like I'd be writing a message saying "Hey, guys, my pad is generated by grabbing the Sting CD and...". Those clues were all set up in the coffee shop last year.
Can you honestly say that if you saw a message saying "I love Sting's new CD" you would look at that and say "Ahh, this guy's obviously an international terrorist telling people how to read his messages?".
Aside from the obvious clue that nobody in their right mind would listen to Sting's new album, that is.
...if you have nothing to hide (ie-are not doing anything wrong) then you have nothing to worry about! Ask some of the victims families if your right to protect the fact you like to wear womens panties justifies military strength encryption in everyday users hands. How many slashdotters are living an 'oppressive regime'???
Actually, the Luddites had good reason to feel threatened by their employers' policies, which in fact left them unemployed and starving. The Luddite phenomenon wasn't based on a simple-minded fear of machines -- this is a legend. Read Kirkland Sale's "Rebels Against the Future" for an in-depth account.
The true Luddites don't bear comparison with the various governments, the RIAA and other such entities in power -- or the general public. These people are not defending jobs but acting on their technophobia, their instinctive, irrational panic response to the way computers and the Net are changing everything -- *including power relationships*.
Particularly with John Q. Public, it boils down to the belief that computers and software are insidious, somehow sinister, creating evils that common people can't understand and which therefore are impossible to fight except by banning or at least controlling this newfangled technology. Thus, it's encryption, not boxcutters, that draws their ire.
This has happened before:
"The Lynds quoted the judge of the juvenile court in 'Middletown' as declaring that the automobile had become a 'house of prostitution on wheels,' and cited the fact that of thirty girls brought before his court in a year on charges of sex crimes, for whom the place where the offense had occurred was recorded, nineteen were listed as having committed it in an automobile." -- Frederick Lewis Allen, "Only Yesterday: An Informal History of the 1920s".
I just want to say that it always seems like I have mod points when I don't want them and never have them when I do want them. I wish I had some right now.
Please give your mod points to others, Im at the cap. They will appreciate it more
Yep, not too difficult for a terrorist to get hold of encryption from countries other than the US.
the matches, or should we blame the fire. Or the doctors who allow them to respire?
Sorry, couldn't resist a South Park joke.
Is that a real poncho? I mean, is that a Mexican poncho or is that a Sears poncho?
.... if you let me carry a gun wherever I go, without a license.....
Ah, well I'm a bit touchy too... But I should say I agree with the basic principle you're espousing. One problem of this monumental act of murder is that it significantly shrinks the space the recognition of grey areas affords. I get nervous when my congress starts turning out unanimous votes. I'm leery of the with us or against us rhetoric. So, sorry for the nasty reply.
It Is the Nature of Information to Transgress Artificial Boundaries
This paragraph is bullshit written because the comment failed the ultra-retarded postercomment compression filter. The only filter that makes the old lameness filter look like brilliant code.
Look it boils down to this...
Encryption, or lack of, in no way implies any level of physical security. All it does is make certain information undecipherable to some people. Physical security *requires* more than encryption. It requires, at least, authorization, authentication, physical barriers and a logical or physical environment that makes circumventing any of these *impossible* (or much, much too costly.)
The attacks that happened last week would have happened whether or not the information used to perpetrate the act was encrypted.
Authentication was non-existent. This enabled individuals to obtain and use fake identifications.
Authorization was poor; allowing these individuals access to areas they were not supposed to have access to (authorization is generally only as good as authentication; this added to the problems.)
The physical environment and barriers were also inadequate. This allowed individuals to ignore either authentications or authorization and force access to physical environments, such as the cockpits, that they should not have been able to get to.
You can put all the back doors into encryption that you want. The reality is that any nine year old with a decent grasp of basic math can devise and encryption system that is better than average. Prime numbers are easy to generate. Prime numbers multiply quickly to generate extremely large numbers. Extremely large numbers are considered impossible to factorize. Un-factorable numbers are the basis for a lot of encryption algorithms. Thus nearly anybody can create a decent one.
Really you don't even need this much knowledge. Just start writing down digits until you write out say 1000 of them. Use that as the basis for your key. It'll probably be pretty unfactorable.
Almost everything I've heard proposed to "insure" security in the future is crap! Almost all of it is based on the false deduction...
Assert: [A] is equivalent to encryption
Assert: [B] is equivalnet to 9/11/01 catastrophe
Terrorists used [A] (true.)
Terrorists caused [B] (true.)
Therefore [A] caused [B] (FALSE!!!)
If not [A] then not [B] (FALSE!!!)
I believe both of the false conclusions are actual examples of formal fallacies but I do not remember the names of all of the fallacies. In any case, They are false and they are misleading.
After some research:
The step from "Therefore [A] caused [B]" to "if not [A] then not [B]" is a fallacy termed "Denying the Antecedent". I'm uncertain as to the exact phallacy of the first false conclusion.
but certainly: any two fact A and B do not necessarily yield A->B. I think it is one of the Inductive or causal phallacies. Maybe some other logic scholar can fill this in.
The end of the story is I am tired of listening to people propose solutions based on patently false assumptions and ignorance of both the problem itself and of their own solution. This fatigue is further exagerated by the constant presence of typical "marketing" hype and phallacies in an attempt to trick me into buying their rediculous idea/product and giving up my liberties and freedoms.
I have a plane trip to make in a couple of weeks. I will have the same security then as I had three weeks ago. I will have the same [lack of] security a year from now based on all the false solutions I've heard thrown about with possibly the exception of armed air marshalls. I do believe I will have significantly less civil and humanitarian freedoms. In any event I am not irrationally afraid of the recent history repeating itself and will not allow such fear to overtake me and cause me to give up any liberties that I now posses.
I will never live for sake of another man, nor ask another man to live for mine.
Seriously, in my opinion, the US should blame their own foreign policy for this.
The embargo on Iraq has killed 1.5 million children, who didn't even know they were Iraqy, because of hunger and illnesses. In Europe, there is an action group of former European polticians who protest against this. They asked former US minister of foreign affairs Albright: "Is this the price we want to pay" and she answered "Yes, this is the price we want to pay".
So I'm not a muslim, and I'm surely a western guy from Europe, but in my opinion, I thing that a lot of people can get very angry with stuff like this.
Blaming the inventors of a technology is completely nonsense as any act is caused by comprehension and psycologiocal means.
I really do think that the USA should blame their foreign policy, and the New Zealand gouvernment has said this as well. Perhaps diplomatic processes could transform enemies into friends, taking away the motive to perform terrorist attacks.
Bizar technology?
From the NY Times report:
The F.B.I. has not yet found computer records or other documents left by the hijackers that help explain the plot. They say that there are few phone or other communications records showing that the four known hijacking groups communicated with each other.
Hell, if they didn't even use the phone much what's to say they used encrypted emails?
Why bother? You could just post it here as a troll or hidden in one of those stupid ASCII "art" posts.
The revolution will NOT be televised.
Here comes my pissed off rant.
/.
/. are young enough (not to mention talented enough) to volunteer for military service to fight off the threat of terrorism. After all, freedom does come at a price.
I have read a lot of valid complaints about the prospect of having some civil liberties taken away. Most I agree with. But, there is something that is really bothering me about the postings on
You talk of freedoms and liberties in a very bold, strong manner. So what are you are prepared to sacrifice for these freedoms? Be honest. I am sure many people on
Think of what our forefathers risked by originally declaring independence. Loss of life, property, family, etc. Also, think of those who went off in WWI and WWII. Many made the ultimate sacrifice.
So, before whining about your freedoms think carefully of what you would be willing to give up for those freedoms. If you answer your life, then you can bitch. If not, you don't deserve the freedoms in the first place. Put up or shut up, so to speak.
Just to remind all you arm chair freedom fighters, we were attacked last Tuesday. This did not happen in some far off land, but right here in our backyard. Thousands of human beings lost their lives because some whacko thinks their cause is more important than human lives. I would say those killed had their freedoms pretty much taken away from them by some very sick individuals.
Would I fight and die for these freedoms? Absolutely.
Just a rant.
-Fred
What follows is not encrypted
0000000 6562 6967 206e 3436 2034 6e65 7263 7079
0000010 2e74 7874 0a74 314d 5936 3c43 4547 3d50
0000020 4526 3b4f 2142 3c49 2152 3b4e 3057 3d40
0000030 4126 2845 2127 3b52 2956 394c 5436 284e
0000040 2122 3d2a 2d37 2854 2526 2853 3d26 3b55
0000050 2c47 0a40 394d 5c26 3b40 5d46 2854 4d26
0000060 3b49 5026 3c40 3526 3c4f 5126 2b45 2122
0000070 394e 4536 3a54 3526 2852 3126 284f 2d27
0000080 3e4b 2d37 3c43 2546 3950 2937 2b53 4960
0000090 0a4e 394d 4536 3a54 3526 2852 3126 284f
00000a0 2127 384c 5936 3c45 5052 3840 5936 2844
00000b0 5926 3a45 3137 3948 2837 3940 5d26 3c45
00000c0 2152 3c43 4547 3d50 5c26 224e 4940 0a25
00000d0 3b4d 2d46 3e52 2137 3a54 5d36 284e 2d26
00000e0 3b41 2142 3942 2132 3c50 3546 3953 5936
00000f0 3954 3036 3a40 5836 3b40 2536 3e4e 2132
0000100 3a44 3936 3946 2937 3b45 3047 0a40 3d4d
0000110 2556 3c59 5852 2840 3924 3c4f 2142 3e45
0000120 2526 3c4d 5126 2b45 2122 3b59 3457 3840
0000130 2556 284e 4126 3949 3426 3840 4930 3c43
0000140 3546 3a44 3037 3840 2556 0a52 394d 2122
0000150 3d4e 5536 3942 2837 2a40 5126 3d45 3d22
0000160 2853 2d27 3e41 6032 2c51 2c43 2b54 3033
0000170 2c53 2443 2d4d 3833 2e57 5422 2d58 3853
0000180 2855 3526 3c58 4526 0a52 394d 2c37 2c40
0000190 4023 2c4f 6043 2c50 4432 3b40 4526 394b
00001a0 2132 3b53 4853 222a 4540 3a28 2132 3a2d
00001b0 4d36 2b45 4860 222a 4134 3d41 4546 394e
00001c0 2152 2841 3d26 0a52 394d 2536 2854 3127
00001d0 3b49 3436 3a40 3526 3952 2132 3b4f 2142
00001e0 3856 2d36 3d41 4526 3b4f 5842 2840 4524
00001f0 2846 4527 3d4f 2132 3857 5936 2854 3127
0000200 284f 2d26 0a41 3b4d 5026 3c40 5d56 394d
0000210 3137 3b49 3436 2a40 4424 3c40 3557 3a43
0000220 4850 3829 3037 3d40 4527 3a50 5936 2847
0000230 3127 3b48 3557 3a47 3127 2853 4526 284e
0000240 3526 0a4d 384d 4536 2a4c 5032 3d40 4126
0000250 2845 5926 3b55 2936 3c45 2142 3948 2937
0000260 2845 4526 2853 3c23 2d58 5432 2c51 2c43
0000270 2b54 6042 3240 3836 3e40 5d36 2855 3d27
0000280 0a41 3b4d 3047 3d40 5c26 3840 3546 3c45
0000290 4860 3b29 3436 3a40 5936 3d53 3526 3941
00002a0 5022 3d40 4126 3d41 2122 3c49 6052 2e57
00002b0 3423 2d4d 2c23 2c52 5832 222a 4540 0a2c
00002c0 394d 2d37 3954 2837 3840 2556 394d 2132
00002d0 3e42 5032 3840 3547 2854 4526 2853 3d26
00002e0 3a4f 5936 2847 2926 3841 4c56 3a40 5d26
00002f0 394d 5832 2840 4525 3d4f 2132 0a4b 3b4d
0000300 5d46 2857 3127 3848 3037 3a40 3426 3b40
0000310 5d36 3956 3036 284e 2122 3928 2132 394c
0000320 3936 2854 5526 2245 4540 3a48 2c37 3b40
0000330 3546 2857 5926 3b55 2936 0a45 3c4d 6042
0000340 2c48 2443 2b54 3433 2d55 5432 2d55 3c43
0000350 2a58 5832 2840 4124 3c49 2152 394e 3c37
0000360 3940 5536 3a41 5036 3840 3136 3c44 3546
0000370 3c53 2152 3c49 2152 0a4c 3b4d 4033 2d57
0000380 3543 3a60 5d26 3b54 2536 3b49 5922 3b43
0000390 5456 224e 4540 2829 5526 3e41 2132 3942
00003a0 2132 3c57 5d46 394e 2152 3841 5d46 3d55
00003b0 2122 3a54 3426 0a40 394d 5536 3a41 5036
00003c0 2b40 5432 3a40 3426 3d40 5d26 394c 2122
00003d0 394d 2132 3d4f 3546 2852 2426 3840 3556
00003e0 3b4c 2122 3a50 5d26 394e 5832 2840 4525
00003f0 3d4f 2132 0a4b 3b4d 5d46 2257 4540 3943
0000400 5136 284c 2127 3b48 5956 3c45 2152 3d53
0000410 4526 3b4c 2122 3b44 5856 3d47 2122 3b57
0000420 2957 284b 3d27 3b45 5026 3a40 5836 2c40
0000430 6043 0a50 2c47 2432 222a 4540 382c 3137
0000440 3c45 5042 222a 4540 3d21 3d36 3c55 3057
0000450 222a 4444 3c40 3546 3d53 2122 3e4d 2132
0000460 3843 2d37 2b45 4840 0a2a 0a60 6e65 0a64
Click here or here.
Guess what: If crypto is outlawed, only outlaws will have crypto!
The bottom line is this: Just because they have a warrant, doesn't mean you should be forced to make it easy for them to decrypt your message.
With current wiretap orders they can tap your phone, but if you use a voice scrambler, there's nothing illegal about that, even though it makes their wiretap order worthless.
I do not deploy Linux. Ever.
Agree completely. I ammended my statement in this post. What I meant was, if they have a warrant and find your key, that's ok.. but you should never have to give it to them, whether through key escrow, backdoors, or anything else.
This is weak because you are using data which is not random enough. You're much better off using a good source of random data and then distributing CDs before your agent leaves on his (or her) multi-year mission to buy jelly donuts and bring them back to the true believers in the great Homer.
You can then send him an order to abort the mission and instead turn themselves into the police mid-mission and no one can read the message.
Hiding the encrypted message is another matter which has many solutions. The easiest would probably be some form of steganography, but there are plenty of obvious places that such info is traded (e.g. short wave numbers stations).
Disclaimer--This message is intended for the residents of Canada and the US ONLY! I will not be held responsible for nationals of other countries acquiring the software by these means nor do I encourage them to do so.
Unlike innocuous items such as razor blades, which have other purposes, or encryption, which is perfectly valid for business transactions and privacy, airline security measures have only one purpose: to prevent things like this from happening. It's perfectly valid to point out their flaws. Assigning blame is something people are liking to do much these days.
Is it silly to question the engineering designs that allow a plane to be crashed into a building ?
In this case, there are only two options. Don't build buildings, or don't build airplanes. So yes, it's very silly.
Allow me to reiterate the statement:
There is no way to prevent strong crypto.
Let's assume that PGP was banned. Completely. Why the hell are we to assume that Osama & Co. are going to say "Well, looks like we can't use PGP anymore. Guess we'll have to pack up. No more terrorism for me!"
Now, let's assume Osama goes to a bookstore and buys any book by Bruce Schneier. Or visits the Ciphersaber website(http://ciphersaber.gurus.com). Hell, maybe one of his friends buys a copy of Cryptonomicon for $5 and learns Solitaire. Banning PGP won't do a thing.
Now let's assume Osama is trapped in a small hole in the ground and can't access anything. If he has the intelligence to run a global terrorist organization, he might (just maybe) be able to make a simple KG cipher. They aren't hard. All you need is a random number generator. I was so bored I wrote a pencil-paper one in Gr. 9 Math. Neither my teachers nor the NSA can read my notes.
And hey, why blame Phil Zimmerman? RSA was around before him. Should we blame Whitfield Diffie? Or how about William Shockley, who provided us with the transistor? Maybe the guy who invented the one-time pad?
Get real, guys.
Quid latine dictum sit, altum viditur.
Anything said in Latin, sounds profound.
I. Am. Encrypting. All. My. Email. Now.
And the email I can't encrypt (like the kind sent to hotmail) will be digitally signed. And my email sig will have words to trip Carnivore sensors. If we can't keep them from reading our mail, maybe we can spam them into oblivion.
Remember, too much information is almost as bad as none.
Quid latine dictum sit, altum viditur.
Anything said in Latin, sounds profound.
I believe we should blame them! Without knives the hijacking would not have been possible in the first place... Blaming encryption for this event is just plain absurd...
Then again, killing thousands of innocent people is even more against islam than pr0n, so don't be too sure of anything about these guys.
Forgive me.. but DUH!! Napolean had this type of stuff.. its called a one time pad!!! The idea is simple.. Alice and Bob agree before hand on a truly random password longer (or as long) as your message and then use this "password" to encrypt and decrypt...
/.
anyone can do that..
try creating a secure Public Key Cryptosystem like Diffie and Hellman
i.e.: Alice has never met Bob before and wants to communicate securely just on the internet while
being wiretapped..
Solve that and post it on
(Hint.. its called PGP)
Slightly off-topic, but...
/.er's favorite ways of generating random noise? I have a few obvious (?) ones in my mind, but the hive mind is far more wise.
"You're much better off using a good source of
random data and then distributing CDs..." -- ajs
What are some
-Geiger Counter
-Analog to Digital Converter (like from a mike or a webcam)
-Time between keystrokes or mouse use (maybe use least significant bit here)
Are any of these adequately random, or could some military-grade number crunching find a pattern? What other methods have you guys got, especially those that don't need external hardware?
Remember that PGP has saved lives, too. It has been used by humanitarian organisations to get information out of countries whose governments would rather not let information get out.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
Let them ban one time pad. But in meantime, I can tell my friend, "drink today" and he will know what I mean. If the government is looking for an excuse to ban something, you can rest ensure that they are do it. so much for democracy. I am wondering why that I am even ashamed to share the same world as the americans. SO much for the real world. but now we are in the cyber world. Why not try something fun like decode the following?
2 69 46383195247107584106468610793104563825656410786751 481010158
10371424387110629253154781326284887591733494445
I am by no means affiliated with any terrorist org I hate what they did to the us but more than that I hate what they have done to others around the world (maybe 10 times the number of people killed on 9-11, just a guess). But our politicians will sit there and fuck around with this petty shit and go back to there old and what do you know next thing we see is 6 million dying in this country from a poisoned water supply. If we dont stand up and keep our own politicians on track they are going to good intention us all to death. Count on it.
... how many other people were behind this ?
</sarcasm>
Sorry, I guess I shouldn't be facetious about this, but people who blame Zimmerman are sickos every bit as out to lunch as Jerry Fallwell and Pat Robertson. Is there time yet to try to get some perspective rather than blindly mindlessly lashing out? Think about the guys who trained them how to fly - they have much more reason to feel bad. But are likely reasonable enough to know *they* did not kill those people and are not *guilty of anything*. They and Zimmerman are MUCH LESS responsible for this than the people who seem to think it is their job to spread *MAYHEM* in the middle east [The Independent] - and a sizeable number of those people are American politicians, security experts and cabinet secretaries. It is they who will dig the US deeper into doodoo while idiotic people run about blaming Philip Zimmerman.
Dear Phil, in comparison you have *nothing* to feel guilty about. Please instead feel proud and thank you.
A couple of years ago, I was being driven past independence square in Tashkent, Uzbekistan, a minute or so after we left the square, there was a tremendous explosion, shortly afterwards another. We arrived at our appointment in a government building to find it being evacuated just then another bomb went off by the headquarters of the National Bank, much further away, but it rattled the glass of the building we were visiting a couple of miles away. The National Bank was next to my hotel!
Coordinated bombings is one one of the hallmarks of Osama bin Laden and it was in an adjacent country (about five hours drive). It would not be surpising at allI lived and was uninjured, somebody a few minutes behind me was killed in their car by the blast on the square.
As one of the original porters of PGP and possibly almost a victim of Osama bin Laden (certainly of some Islamic fundementalist terrorists), I can better comment than most here.
Electronic intelligence gathering is a very good way of spending a lot of money, but it doesn't really work. Even if people do not use encryption, they can coordinate attacks using the personal columns.
Please remember that the sabotage attacks of the French resistance preceding D-day were co-ordinated using the BBC world service radio broadcasts! Terrorists can use personal columns
In the need we need human intelligance. Many of the persons best qualified to do this were born outside the US and have at least spent long periods of their lives travelling. These are not the regular people employed by the FBI or the CIA.
The alternative is that we bless these orgaisations with the master keys to our communications. And then watch whilst the people that the CIA and FBI do employ like Hansen sell it to whoever pays the most.
Phil gets upset about these things, please remember that he was also out in Nevada protesting against nuclear weapons testing.
Programs like PGP have helped aid organistaions tremendously, especially thouse concerned with human rights.
There were secret key programs before and after PGP, however what it did was more of an assistance to electronic commerce, i.e. solve the key distribution problem using public key encryption between two unrelated entities. Bin Laden's organisation is essentially one umbrella organisation, a bit like the Pentagon and this is a different world to where a program like PGP helps the most. Interestingly enough, GnuPGP forms the basis for encrypting and signing securities and cash transfer instructions now within Uzbekistan. I don't know whether it ever helped the terrorists there (I doubt it), but it certainly helps the economy. The countries that value it the most are those that have sufferred in the past from the most oppression.
Through a variety of means public key encryption has left the US. In any case, there are other schemes for authentication and privacy that come from outside the US. To bolt the door now will only harm the US commercially.
Ok, I've said my piece!!!!
See my journal, I write things there
NP. Heres hoping all goes well.
Noone thought this was funny? Sorry, but Slashdot moderation is random at best. Better luck next time. Other sites might appreciate it more.
My God, it's Full of Source!
OUTSIDE_IP=$(dig +short my.ip @outsideip.net)
Gzipped data, while certainly not random, has a very high entropy. In a crunch, I think it would work OK. On Linux, /dev/random is a good source of randomness. Unlike /dev/urandom, /dev/random is constantly re-stocked with fresh entropy from things like interrupt timings. It isn't as good as, say, a true entropy source that is constantly reseeded with cosmic ray timings and chaotic oscillators, but it's very close.
The beauty of the one time pad is that the pad doesn't have to be truly random to be effective. There is still absolutely no way to know if you have decrypted the message "correctly."
But you know, I really think that encryption's best use is to prevent computer crime; e.g., stealing credit card numbers or personal information. Anyone who wants to communicate secret plans will undoubtedly use something less technological but more difficult to crack: codewords agreed upon in secret (the military still uses this, even though encryption is very strong now); or body language signals.
Hell, even security through obscurity can work. We used the Navajo language in World War II. They never broke it. I can invent a code based on clicks and whistles (pseudo-dolphin-speak), then MP3 compress that, then gzip it, then encrypt it with PGP. I can invent a new language from scratch -- a linguist will eventually figure it out, but will he figure it out soon enough?
There are a million reasons why a bad on encryption is a ban plan. It'll only serve to further weaken our economy. If I knew my credit information was only weakly encrypted across-the-wire, I would never buy anything online again.
If anyone needs an example of the failure of our educational system, here's a good one.
The beauty of the one time pad is that the pad doesn't have to be truly random to be effective. There is still absolutely no way to know if you have decrypted the message "correctly."
;-)
That's a slippery slope, and many code-breakers would be thrilled to hear you say it (unless you were on their side
Problem is that you can tell if what you decrypt to makes any sense at all. The chances of that happening are *very* remote. If it does happen, based on some course of reason (not just random tries), then you probably have something.
It becomes a game of statistics, you see.
I think the example in Cryptonomicon is hooey. I don't think that knowing the pad is guaranteed to "seem" random to a human is going to buy you enough to make 1945 technology work. However, given computers that can look for patterns VERY fast, the weakness of non-random data is a problem.
From: "Sandy Sandfort" <sandfort@mindspring.com>
To: "Cypherpunks" <cypherpunks@lne.com>
Subject: PHIL ZIMMERMANN
Date: Fri, 21 Sep 2001 11:23:55 -0700
I just wrote Phil about the Washington Post interview. The following is his response:
It's hard to read these comments making fun of nyc wtc related things while every second people die all over the world. Oh, just think of the children!
what if wtc attackers were gay abortionists?! omg, can't even think of such a tebble possibility!