Slashdot Mirror
Blaming Encryption
EisPick writes: "Just as a previous generation wrestled with whether or not to blame physicists for The Bomb, there are some misguided folks who are blaming Phil Zimmermann for the ability of terrorists to communicate confidentially. He tells the Washington Post, 'It has been a horrific few days.'" Meanwhile, John Gilmore has posted far and wide a call to mirror encryption code outside the United States, since export regulations are making a comeback.
They should hate Boeing, too, then, and the construction engineers who figured out how to build a 100-story building.
Ooh, a sarcasm detector. Oh, that's a real useful invention.
Is there actually any evidence that the terrorists used public key cryptography to plan the attack on the World Trade Center?
Just wondering, because I haven't seen any reports with that sort of detail in.
Sounds like GnuPG is for you. You can download it from http://www.gnupg.org
That wasn't the guy who invented the protocol that was used....
--- begin secret encrypted text ---
Vg jnf gur thl jub vairagrq ebg13
--- end secret encrypted text ---
The next site to slashdot will be ready soon, but subscribers can beat the rush and start slashdotting it early!
How did Americans actually get the idea that American cryptography is the only possibility for terrorists to communicate in a secure way?
Russians had (and still do have) their own cryptographic algorithms, as do Germans, Australians, Italians. I mean, what's the difference? Do export regulations really make that much of a difference?
Everyday, all over the world crimes are being commited with the use of everyday tools and technologies. He isn't probably alive anymore, but do you see the inventor of the cigarette lighter crying because every day his invention is being used to ligth millions of cigarettes, causing illness and death for thousands of people? Bottom line is that almost every tool can be used for good and for evil. All in all I don't think that it isn't any good feeling bad about what few people think about this technology. I think PGP has done an a lot of good as well. So it is really the balance between the good and the evil use that counts.
If this article at the BBC is anything to by then the terrorists never even used encryption simply because it ran the possibility of sticking out like a sore thumb. Once again the only people who are likely to suffer from encryption back doors et al. is Joe public when the crackers find them.
Why use technology when nobody is looking at the plain and simple stuff? Looks like KISS works to the advantage of terrorists as well.
Jumpstart the tartan drive.
The principles allowing the creation of strong encryption are fundamental and simple enough that if it were not available freely it could be developed with minimal expense by anyone who wanted it. If it had been kept from the ordinary citizen the terrorist would still have it.
It Is the Nature of Information to Transgress Artificial Boundaries
"We must give up some of our freedoms to help combat terrorism."
The predictable words -- and actions -- are beginning to spew from political, military, and law enforcement officials and their supporters. For safety, for security, for the greater good, they somberly tell us, we must comply with their agendas. To be protected from terrorism we must submit to more restrictions -- on our ability to travel, our freedom from arbitrary searches, on the privacy of our communications, on our right to bear arms, on our ability to conduct business hidden from the prying eyes of government.
Sen. Judd Gregg (R-New Hampshire) has called for a global prohibition on encryption products without backdoors for government surveillance.
Travel regulators have banned knives on planes. (Does this mean even the pilots can't protect themselves and passengers against hijackers?)
ISPs who were reluctant to cooperate with the FBI's invasive Carnivore program are now rushing to comply.
The Senate has, in the wake of Black Tuesday, voted to increase the FBI's authority to tap the phones of anyone suspected of terrorism. As we've seen by all these other random restrictions, we are ALL suspects in the eyes of the U.S. government.
Perhaps most ominously of all, the Washington Post quoted House Democrat Leader Richard Gephardt (D-MO) as making the self-contradictory, but entirely predictable statement, "We're in a new world where we have to rebalance freedom and security. We can't take away people's civil liberties . . . but we're not going to have all the openness and freedom we have had." The Post then went on to describe how every war or crisis of the last 100 years has been use to increase government power -- often in the most draconian ways. More Data Here Freelance supporters of the Surveillance State are rushing to urge everyone to comply. One liberal talk show host responded to callers who complained that Big Brother policies at airports were a problem, "Big Brother is the only thing holding us together!"
He offered no evidence to show how Big Brother made us safe on Tuesday, September 11.
WE MUST THINK FREE, NOT PATRIOTICALLY JERK OUR KNEES
Soon we may be at war. And as always at such times, we'll be expected to "pull together," "do what our leaders tell us is necessary," and sacrifice more freedom in the name of "safety and security" or patriotism. And, as the reality of the Day of Horror seeps in, who doesn't feel an urge to strike back, to "get behind our government," to "show those murdering bastards they can't push Americans around," and to "do whatever it takes to defend the greatest country on earth"? -- even if that means sacrificing individual liberty to "the cause."
Whatever happens from here on out, we need to remember that Big Brother is NOT holding us together -- that he never can and never will. We must remember that the kind of restrictions on the liberties of ordinary Americans that were entirely ineffective in preventing the attacks of Tuesday, September 11, 2001 will not magically prevent future attacks merely because their severity is increased.
What did all of Big Brother's efforts do to prevent Tuesday's slaughter? The violations of freedom we've already been subjected to in the name of safety -- airport x-rays, ID checks, disarmament, body searches, and the whole gamut -- became a sick a joke when the day arrived that we needed them to protect the country against the world's worst criminals. In fact, Daniel Pipes of the Wall Street Journal was quick to point out how the government's reliance on mass eavesdropping and tracking actually diverted resources from more effective anti-terrorism methods, such as actually studying and infiltrating genuine terrorist groups.
Yet now the government proposes a giant national effort to do more of the same -- to impose more ineffective, wasteful, and oppressive mass surveillance and restrictions.
New restrictions on the freedoms of non-violent people will do nothing to make America or the world safer. They'll make us less safe, as well as less free.
There are at least two reasons for this.
The first is that more restrictions, and more power placed in the hands of government, will simply, in the long run, create more rage and therefore more desire to strike violently. (As we also saw, some restrictions, like those that forbid armed citizens on planes, also make it harder for Americans to protect themselves and their country.)
The second is something we observed, tragically, though cell phone calls from four doomed, hijacked planes: the fatal passivity and dependence that seems to be becoming the norm in American behavior.
THE PASSIVE, UNTHINKING AMERICAN
It appears now that a handful of heroic passengers on one flight, having learned via telephone that two other hijacked planes had already smashed into the World Trade Center, decided not to allow themselves to be used as weapons of war. These passengers on United Flight 93 attacked the hijackers who were in control of the plane. Doomed in any case, they ended up dying in the woods and fields of rural Pennsylvania, rather than passively allowing their captors to get away with an even more horrendous mass murder.
We also know that, on at least one other flight --American Airlines Flight 77, which smashed into the Pentagon -- passenger Barbara Olson learned from her husband, U.S. Solicitor General Theodore Olson, of the World Trade Center catastrophe. During two separate calls, Mrs. Olson (a well- known author and conservative television commentator) asked her husband what the pilot -- standing next to her in the back of the plane -- should do.
Picture that. Passengers and crew have been herded -- and note that word well, herded -- to the back of the plane. Even the pilot, the leader, the chief decision-maker, does nothing. Can't think what do to. Can't act. Instead of attempting to save their own lives and the lives of others on the ground, what do they do? They expect a federal government official to make the decision for them. THE EVIDENCE SAYS THAT THESE PEOPLE DIDN'T EVEN FEEL EMPOWERED TO DEFEND THEIR OWN LIVES WITHOUT FIRST ASKING THE ADVICE OR PERMISSION OF WASHINGTON, D.C..
And why should we have expected otherwise? Americans have been told repeatedly never to resist crime, always to submit to any demand a thug makes of them. Always go along -- for safety's sake. Go along in order to avoid angering the criminal. We've been told always to submit, as well, to any demand made by anyone who appears to be "in charge." These people on Flight 77 -- and presumably on two of the other flights -- were apparently so paralyzed by their conditioning that they couldn't assert themselves even when the alternative was certain death.
Even as pathetically disarmed as they were, they could have battered the hijackers with their briefcases, with their shoes, their purses. They could have overwhelmed them with sheer numbers of bodies. They could have gouged at their eyes with fingers or car keys. Could have knocked them unconscious with luggage from the overhead racks. Could have tripped them, stomped on them, tied them up with cords from audio headsets.
But except on United Flight 93, they apparently did nothing. And so three planes flew, sure and true, into the heart of three American landmarks, slaughtering thousands.
THE ONLY TRUE SECURITY MEASURE: A BILL OF RIGHTS CULTURE
We must take back America as a country. We must make it free and independent again -- no longer the would-be ruler of its own people, and no longer playing at being the world's supercop. Only by doing that will earn the world's peace and respect.
We must take our own individual lives and independent spirits back from would-be rulers and criminals, as well.
If we consent, passively, to give up more freedoms -- even "temporarily," or "as an emergency measure" -- we'll be doing the opposite. We'll be less safe, less free.
To restore American freedom and personal courage, we must restore the Bill of Rights -- in our country and in our hearts and minds. If we understand the Bill of Rights, we'll understand what we're fighting for -- and why. If we let it slip away what's left won't be worth fighting for.
This means not merely having an intellectual or legal understanding of the Bill of Rights. This means not merely memorizing the Bill of Rights or teaching it to our children. This means understanding the concepts of individual liberty that underlie the Bill of Rights -- then living those concepts, breathing them, eating the, dreaming them, holding them as the most central values of our lives, in the same place we hold our beliefs in the diety, or our dedication to our families, or to truth or justice.
We must behave as free people, expect and encourage others to behave as free people -- and have zero tolerance for anyone who abuses freedom or uses his authority to violate the Bill of Rights.
If there ever was a time in history to get behind the Bill of Rights and promote it, it is now. If we yield to this mushy thinking that the road to freedom and safety lies in GIVING UP freedom and the Bill of Rights, then we might as well bow down in defeat right now.
If we don't defend our rights, we'll have no rights. If we don't defend ourselves, our family members, and our fellow citizens -- AND defend their freedoms -- then our lives will be no more valuable than those of cattle and sheep. And the America we end up with won't be the America we thought we were fighting for.
If you want to be a passive herd beast -- obey whatever the authority of the moment, be that a bureaucrat or a hijacker, tells you to do. Listen to their lies about "safety and security" and obey, obey, obey.
But If you truly want to combat terrorism or terror-war, learn the Bill of Rights, teach the Bill of Rights, and enforce the Bill of Rights with every action of your life.
FIGHT BACK WITH THE BILL OF RIGHTS.
The Liberty Crew Jews For The Preservation of Firearms Ownership, Inc.
I believe Juanita
Monkey sense
Bin Laden and company are better known for using steganography. There's no indication that they use PGP in email; apparently their favorite method is to get free websites at e.g. GeoCities and embed messages in image files.
This isn't stopping those who would restrict our use of crypto, however. Idiots.
sulli
RTFJ.
When large numbers of our own citizens start to blame privacy for this act, the terrorists are already winning. I have heard talk of requiring back doors in all encryption software and routine scanning of all e-mail.
Let's look at what else might have enabled the terrorists:
1. Freedom to assemble in private.
2. Ability for private individuals to get pilot training.
3. Protection from random searches of homes.
4. Laws against descrimination based on race, religion, or national origin.
Are we take legislative action on those things next? I think that our country needs to stop, take a collective deep breath, and recognize what makes this country worth fighting for. If we take away the very freedoms that define America in order to make people feel safer, the terrorists will have struck a more crushing blow against us than I would ever have imagined possible.
"Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."
Zimmerman's hate e-mail told him "I hope you can sleep at night with the blood of 5,000 people on your hands." This person must be privy to proof that hasn't been released to the rest of us. But much more importantly, I hope that person sent an even stronger e-mail to every employee of American and United Airlines. And to all the service employees of several airports which were involved. And, hmmm, let's see, oh yes... also to everyone who works for companies who manufacture knives and box-cutters. And to all recent US sentors who have rejected spending more of the billions collected in air travel taxes on airport security rather than balancing the budget. There's probably a few thousand other people that are implicated before Phil Zimmerman.
Please, I can't believe that people actually believe that everyone who's involved in any tool the terrorists used is actually guilty of anything.
People who would more guilty than Phil;
- The manufacturers of the knifes and box-cutters.
- The airplane manufacturers.
- The printers of the airplane manuals in Arabic.
- The people who produced the food for the terrorists last meal.
Guilty by association? This is more like guilty by living in the same world.
The surprise isn't how often we make bad choices; the surprise is how seldom they defeat us.
You're coming under attack for your decision to provide strong crypto to the general public. Please do not falter. There is a definite need for this sort of thing and the fact that it might be misused is no reason to ban it.
Cars can be used to run over people. Hammers can be used to hit people. I don't think I need to mention guns. There are lots of things out there that can be used counter to their original purpose. I think in the coming age strong crypto at a personal level will be very important.
There will always be people who blame the inventors for some of the uses their inventions are put. Some people blame Einstein for the devastation of Hiroshima & Nagasaki. Is Einstein really at fault? If someone dies in a car crash, who should be blamed - Ford? Benz? Should the Wright brothers be partly held to blame for the events of September 11th?
Just because your tool was possibly used in a bad way doesn't make you guilty. If it's any comfort, since there is so much talk about heroes lately, know that you are one of MY heroes. I remember the early USENET discussions and your original profile in Wired. I've always thought that if I had more ability in math, I would've liked to be like you.
Please know that for many of us, you are not a bad guy by any stretch of the imagination, and for a few of us, you are one of the really good guys.
Thanks for listening.
www.gpg.org
www.winpt.org
Get the latest of both.
WinPT is an easy to use Windows front end to the GPG command line. It acts on the clipboard and lives in the Windows tray.
Select text, copy, click on winpt, encrypt clipboard, paste into document/email/news post etc.
Easy.
Deleted
Does anyone have a preprepared tarball of a veritable shiteload of encryption utilities -- ie everything you could possibly want, ssh, gpg, etc. I think somebody should create a tarball that we can mirror around, all the same, everywhere. And I'm too lazy to go create it myself, as I've already got a website up with a couple tools.
Just wait until I get my hands on the guy who invented Farsi. Those damn terrorists use this "encryption technology" as well, and not many in the U.S. government can break it! I even heard an announcement the other night where they were asking for supreme encryption experts known as "Farsi Speakers" to come in and help them decrypt this complicated technology!
"And like that
While the replies to this thread are all sarcastic and full of self-righteous indignation, let's not forget that a big part of why the US and its allies won World War II was the fact that we were able to break the enemy's encryption like the German Enigma -- and that they were unable to break ours.
We're all yelling and screaming about "what's next", taking away "more of our freedoms" and such like. Someone raised the point that the freedom to assemble in private, to learn to fly aircraft, to be free from random searches of houses, were also contributing factors to these terrorist acts. The problem is, if the government was able to monitor communications, restrictions on those activities wouldn't even be talked about -- the activities themselves are innocuous, but in the right combination they could indicate something sinister. This is the reason that people buying huge quantities of nitrogen-rich fertilizer are monitored because of its bomb making potential.
I'm not advocating "back doors" in encryption products, mainly because it's too late for those to be useful when perfectly effective encryption is already out there for terrorists and anyone else to use. But the fact remains that the ability of people to unbreakably encrypt their grocery lists does have consequences beyond merely ensuring their privacy.
Technology is not good or evil. It is the use of the technology which can be evil. I think it was Karl Marx who said that root cause is usually socio-economic inequality and stratification.
The existance of encryption is irrelevant. In fact one of the most secure forms of electronic information is a handwritten fax.
Just like how they should feel guilty for inventing airplanes.
Got friends?
I love the smell of Karma in the morning
The following message was encrypted with one of the simplest cyphers known. I took the text and a random, non-repeating pad and used XOR between the ASCII values of the two. I then base64-encoded the result so that /. could display it (note, this last step is reversable trivially).
5 w+lAsIAozQt6OMUCji4E2BInB+
W QJ AOkNb1LHm60vNbR5uNyrYgkNPY
Let this string be the line in the sand. If this can be decrypted, THEN we should worry about encryption software. If it cannot be decrypted, then any high school student can do strong crypto in their bedroom with the calculator they got for free for signing up for a mall card, and this discussion is just about invading privacy and enabling government to spy on businesses.
du+27XAFml4uYuezNwvsewJpwj+AElF6ySV7vgXjtdoMIHYVT
tZHoDscCzdoV2VjlT9zPwJtdfbmHrt3wABqINnfrRbTRppr
FyzyfS+Gp+/L+w3u04A=
Courtesy of the airlines who we all know are SO concerned with your security that they will actually pay someone minimum wage to put on a uniform and sit and pretend to look at a scanner! American and United might as well spare themselves some messy litigation and hand their companies over to the families of the victims.
You're using her as bait, Master!
The simple fact of that matter is that when peopel are distressed, depressed and overwhelmed with hate, anger and fear, fingers begin to get pointed.
If you recall the Colorado school masacre, you will remember the fact that the parents attempted to sue ID software for creating a game which, in their minds, influenced their children to go on a school masacre.
The situation here is very much the same, and Phil is now taking the blame. However, why stop there? Why not blame our roads for allows the terrorists for getting around? How about phones so they could reserve airline tickets and flight school courses? Why not blame computers as a whole for allowing the terrorists to communicate?
The truth is, people will hunt for a reason HOW. How was this allowed to happen? How could this have happened to ME? We resort to blaming others, whether it be the FBI, CIA or even someone like Phil Z.
Time will pass and people will begin to take notice of the real problems that allowed the terrorists to operate. Does Phil Z have the blood of 5000 people on his hands? Hardly.
To make a pun demonstrates the highest understanding of a language
Mayhaps if the U$ were not so interested in supplying money and arms to any twit who gives lip service to supporting U$ aims-- making the world one vast McDonalds-- this discussion wouldn't be occuring (no, this is not a troll).
Would you like fries with that....
Let's see, we could also blame:
- The people who make knives / box knives.
- The people who trained the terrorists to fly.
- The people who sold the terrorists the plane tickets.
- The people who made the planes.
- The people who made the plane fuel.
- The people who made the WTC.
Yes this is stupid.
"He was a wise man who invented beer." -- Plato
Sorry for the inflamitory subject line, but this kind of upsets me. If we are going to blame researchers for the misuse of their inventions then we may as well start with Boeing. One of the great modern problems it that the same technology that helps so many also can be misused.
It began, "Phil -- I hope you can sleep at night with the blood of 5,000 people on your hands." PGP has become a "weapon of war," the e-mail continued, leveling the playing field between powerful countries like the United States and "zealots."
[sarcasm]
Right on! How dare anyone give the victims of oppressive (and sometimes genocidal) US foreign policy a means to strike back at their oppressors!
[/sarcasm]
Besides, do people really think that had PGP NOT been available, that terrorists would have sent their messages in "clear"? Anyone thinking that needs to pick up a stick and whack themselves in the head with it..."Stupid (whack), stupid (whack), stupid (whack)!"
You're using her as bait, Master!
As an answer to 1):
No, we would likely also have nukes and lightbulbs if Edison and Einstein hadn't done their part. But PRZ is one of the Pioneers that did enourmous amount of work to bring the technology into our hands, and in a form wo could trust (with sourcecode).
Einstein did also have trouble sleeping at night after "The Bomb", even thought his part was only to write a letter to the president saying that it would be theoreticly possible to create such a thing.
2): No, but Zimmermann knows that China and other countries have already stated that they also want access to the escrov keys, to fight crimes and terrorists. And it's quite likely that they will get it. Resulting in still more human-rights abuses.
echo '[q]sa[ln0=aln80~Psnlbx]16isb572CCB9AE9DB03273snlbxq' |dc
Hah, but then they find the plaintext of the message, XOR it against the file they intercepted, and there it is! An image of the suspects. :)
These technologies should be heavily regulated:
Each of these played a key role in the attack. Once these technologies are under control, America will be safe from terrorists. I guarantee it.
Signed, John Q. Stupid, United States Congress
Watch out for sheep.. they can be real baaastards.. (ok that was goat, but still funny)
JOhn
Campaign for Liberty
...which ones? Can somebody provide links?
I can just hear it now:
Hillary: "Are you surfing porn again, Bill?!?"
Bill: "No...I'm...I'm...looking for...looking for terrorist messages! Yeah, that's it!"
You're using her as bait, Master!
what's the most commonly used Win9x compatable pacakge I can grab?
Grab GnuPG.
If you want nice, easy, email integration, get Eudora and EudoraGPG.
You can send me a test message if you want. My public key is on my slashdot user page. Use the email address in the key.
At least in this case, backdoors to PGP wouldn't have done any good at all (even if encryption was being used). Backdoors don't alert investigators to the activity of people they aren't investigating -- something else has to be suspicious first. Based on what I have read, only two of the terrorists were on the FBI's list and the FBI was only making a token attempt to track them down. Even if an investigation was being foiled by encryption, there should always be other investigative methods available to figure out what's going on. Any good conspirator will use a variety of communication methods, anyway. And use code words inside encrypted messages.
The fact of the matter is, people DID blame Nobel, and he did feel guilty for creating dynamite. For this reason, he died alone and friendless, though mighty rich. Most see the Nobel Prize as being his way of buying himself a good name in the history books.
I do agree with your point, though.
Although harder to use than public key because of the neccessity of generating and exchanging the pad (key) are there any user friendly programs out there that automate encrypted communications using one time pads?
The reason being that even if the US gov't intercepts such a communication they could never prove it is an encrypted email - for all intents and purposes, without the pad, it's random data.
-josh
Shortly after the great tragedy, I found myself wondering, "How long until the Media picks up on the Computer Gaming culture, and starts trying to blame that?". In the time since, I've heard people bandying around the idea that Microsoft Flight Simulator could have been used as a training tool to pilot a plane..
At that point, I knew the world had truly gone barking mad again.
It's the same with Crypto. Something that people don't understand is automatically to blame.
How we look back on the Luddites of the Industrial Revolution, and consider them unenlightened barbarians.
Going around and destroying the things they didn't understand because they felt threatened by it, without realising what they were truly rebelling against.
Now, have a look at what's happening to the Internet, science, and the digital age as a whole...
Each advance is slowly be destroyed by those that don't understand it, and can't work out how to control it, except this time, it's being done with a web of legislation and an army of lawyers.
Methinks in many years to come, these will be remembered as the Luddites of our current age.
Crypto is just one of the machines they're trying to break.
Malk
According to the reported from ABC (I have forgotten his name) who went over to Afghanistan a few years ago and interviewed bin Laden he DOES use crypto.
A few years ago he stopped using cell phones and satellite phones to communicate, knowing that those technologies could be monitored.
So what does he use now to send out secret orders?
Encrypted Zip disks sent by courier who secretly take the disks out of Afghanistan. It wasn't clear whether the disks were then sent by snail mail or whether the data on them was transmitted using the internet. It also wasn't clear if PGP was used. Is his network large enough for key distribution to be a big hassle? If not he could skip public key crypto entirely and just use 3DES with a list of keys or long passphrases.
For his edicts which are meant for public consumption he makes video tapes of himself and then sends them out to arab media outlets which then broadcast them.
Lasers Controlled Games!
Well, hell! Then all we need to do is make a law stating that it's illegal to fly a plane into a building. Since the terrorists will obey US laws re: encryption, they'll obviously obey that law too!
Fascism starts when the efficiency of the government becomes more important than the rights of the people.
You'd as likely find a strict Muslim eating pork rinds in a liquor store as you would surfing a pr0n site, for steganographic purposes or otherwise. The lives of these men are entirely constructed around a strict obedience to (what they misguidedly see as a correct interpretation of) their faith. Further, it as been noted by Western intelligence organizations that these terrorist organizations use very little technology at all (even phones) instead relying on classical "no-tech" spycraft, which is part of the reason that the increasingly-focused-on-electronic-surveillance agencies have a very hard time tracking bin Laden et al.
Even if you assume that they utilize information technology in their organization and steganography in particular, it is highly unlikely that pornographic images are being used.
Naturally and as usual the political elites are using an external threat to move against internal things they do not like, such as encryption and pornography. (An analogy would be how every new recreational pharmaceutical is called a Date Rape Drug. Yet, strangely, the most frequently used chemical in date rape is still available widely, namely ethyl alcohol. Crack would be legal too if crack dealers were beefy white guys, wearing suits with Rotary Club pins on the lapel, that gave campaign contributions.)
News for Geeks in Austin, TX
A secure quantum channel is really hard to set up.
***NEWSFLASH***
Bill Clinton hasn't been the President of the US for about 8 months now.
Unless you are inferring that they installed "Net Nanny" when George got into the Whitehouse to keep the bad stuff from him. In which case we should go after "Net Nanny" and their ilk for harboring terrorists.
Should Zimmerman feel guilty that his program was used for this? No, because he wasn't the one using it.
Should he feel guilty for making such a powerful tool available to anyone while naively assuming the use of this technology would be free expression, and ignoring the possiblity that it could be used by terrorists, criminals, and other unsavory people and organizations? You're damn right he should.
Technology, by its very nature, is amoral. It can be used for good or ill, depending on who uses it and how. Whether or not a technology is good is defined not by what it is, but by whom it is used and for what purpose.
PGP and similar programs enabled anyone to communicate electronically in perfect privacy, removing the balance of public scrutiny. And when you combine that with the facts that it is easier to kill and destroy than save and create, and that the world is full of people willing to do so for any number of reasons, it should have come as no surprise that those people would be significantly strengthened by this.
I suppose if Phil hadn't written PGP somebody else would have done it - but that doesn't change how naive he was to think that it would automatically make the world a better place. The road to hell is paved with good intentions. I wish people would learn that lesson.
cryptochrome
---If you can't trust a nerd, who can you trust?
We should blame him too!
You're using her as bait, Master!
...when they caught Arnold's (unwilling) female accomplice and began reading out her (trumped up) "crimes" to the audience...
You're using her as bait, Master!
In the wake of the terrorist attack, the US is making all sorts of bad moves. Well, bad to the people at least. For one, this whole encryption deal. People coming forth and saying encryption let this happen, encryption is bad! When all evidence points to the fact that all electronic communication was done unencrypted. One of the biggest complaints about bin Laden is that he didn't use technology enough to be tracked easily.
The government has been itching a long time to do this, and now they can use the misinformation of the common folk to make anyone who stands with encryption a villian and an accomplice to the terrorists.
Another thing I am not so sure about is the US approach to the Taliban. We are telling them to hand over bin Laden or we will destroy them, completely ignoring their reasonable call for proof. Right now, even though there is a lot of evidence against bin LAden, it is all circumstantial, and in a smaller case it would just be dismissed without further concrete evidence. The US is out for blood. This isn't a quest for Justice yet, it is one of blind vengeance. Once we had proof, then the vengeance would be justice.
That said, something should have been done about bin Laden long ago. If we were able to definitely connect him to the older trade center bombing, two US embassy bombings, and the bombing of a US Destroyer, why only now do we really get forceful? Any one of those former actions could be construed as an act of war, and if we had been more forceful at the time, we might just have prevented the WTC tragedy. But I guess the people who lost their lives then just weren't important enough to the American people to warrant justice..
In any event, I do think we need to get bin Laden, we cannot rightfully do it under the public pretense of justice for the WTC, but rather the more sensible pretense of trying to end terrorism, or even one of his numerous other crimes. The Taliban response may always be the same, but at least the US wouldn't look as bad when they do lower the boom.
XML is like violence. If it doesn't solve the problem, use more.
The whole idea of encrypting a message is that there is only one way to open it: with the password/key/pattern that was used to encrypt it. With a backdoor, there becomes two ways to open it: with a password/key/pattern, and a backdoor key. Now, you say, only the guvment has the key. This is true. But who's in the government? People just like you and me, people who are not incorruptable, people who steal evidence and sell confiscated drugs and who take bribes. Which is an interesting thing to think about: if people have the key, then it makes sense that other people will eventually get the key. It's not a physical structure, it's a copyable string of bits that would eventually trickle down until everybody in the world had a key to the encryption, and unlike a physical lock you can't just replace it with a new key. Backdoored encryption would be secure for no more than a few years, then it would be as open after a fashion as pig latin.
This is of course assuming there's one code that opens all or most encrypted files (one ring to rule them all). There's also the possibility that the government will just require you to submit any keys to a private repository, which would of course be hacked by Eaglesoft faster than you can say "ACLU."
And besides, how can you enforce this when 256-1024 bit encryption exists throughout the world already? You can't round up software, hell i can hide a copy of BestCrypt on my machine for future use and then make a dozen copies when i need to. Encrypted data can be hidden in plain site as noise in an mp3 file or the difference between planes of a graphic. Since criminals don't go to CrockUSA and buy the software they use to skulk about with, there would be no way to even know what they were using.
So we have useless encryption that isn't used, a huge instaled base of tough encrypters we can't stop and a group of people who our law doesn't affect. Why are we even arguing this? It's as stupid as, I dunno, declaring war against an enemy that doesn't exist yet or vowing revenge on a religion and people who had nothing to do anything. Sometimes the fucking reactionary know-nothings in this country make me wish I was in Canada, where nobody knows anything either but at least they don't have strong opinions about it.
Hey freaks: now you're ju
I wish a lot of things. I wish that people weren't so literal-minded that they can't comprehend the place of rhetoric. I wish that the smug bastards in every other country in the world would stop talking about "Americans" as if their summary of 300 million people in a single pithy phrase isn't just as much an example of blak-and-white thinking as anything they accuse us of. I wish that y'all would stop pretending ignorance to the fact that every developed country in the western world absolutely capitulates and cooperates with America at every level - multinationals are just that, you economies are completely intertwined with ours, your rich bastards get so investing in American companies, quite often investing in things that go contrary to your very proper civil, political and environmental stances you hypocritically hold in your own little patch of earth. I wish that there wasn't any debate about whether crashing fucking jet planes into buildings full of people constituted evil. And most of all I wish anonymous cowards without the balls to own up to their own opinions would just shut the fuck up.
It Is the Nature of Information to Transgress Artificial Boundaries
I understand the desire to exonerate Einstein from the morally grey activities that used his work. But it's silly to claim anyone totally clean in this day and age.
And from the opinion polls on the street, most American would gradly give up a number of perceived "freedoms", so I'm not alone. Crypto-lovers are fighting a losing battle.
We don't need to play defense on this issue. We can play offense.
The increased terrorist attacks underscore the need to strengthen our computer networks with strong unbreakable cryptography. Some well meaning but misguided inviduals may argue that we should weaken our computer infrastructure with back doors to ease law enforcement, but that weakening would create a greater opportunity for terrorists, as it is a virtual certainty that, with so many back door keys, some will fall into the wrong hands.
In foreign policy, we neeed to promote the use of strong cryptography abroad, not only to strengthen the computing infrastructure of free countries, but because strong cryptography in the hands of the citizenry could help undermine oppressive regimes and enable more internal efforts at democratic reform. Since it is from oppressive regimes where terrorism seems to originate most often, making these governments more democratic is likely to be one of the most cost effective ways of reducing the terrorist threat.
We need to pueblicize the idea that the governments of the free world should be actively promoting strong cryptography, both to guard against potential cyber-attack and to reduce terrorism at its source.
The use of a one-time pad is the key.
How is the pad itself shared by both nodes?
La via sola al paradiso incommincia nel inferno
It was because somewhat unsuprisingly the mathematical brains in Japan and Europe had managed to come up with their own encryption systems which COULD be sold in the US, thus meaning that US companies couldn't compete abroad and could get slammed at home.
Or was it that the NSA actually does have a working quantum computer ?
An Eye for an Eye will make the whole world blind - Gandhi
http://www.msnbc.com/news/632133.asp?0dm=C13OT
"The intellectual side of me is satisfied with the decision, but the pain that we all feel because of all the deaths mixes with this," he said. "It has been a horrific few days."
Ofcourse they blame encryption -
It's part of the dare I say 'arrogant' mindset of large organisations of unlimited power such a the NSA, the FBI and the CIA. They have failed, miserably, at doing their job, and they are clearly inept, as the terrorist attacks prove. Not only the fact that the terrorists got through without them noticing it, but the even more upsetting fact that parts of these organisations knew (some of) the suspects were terrorists, other parts knew a big attack on american soil was coming, yet atoher part knew some ofthem had pilot licences, and yet other parts had been warned by the French secret service that terrorists had been following pilot's training, and intended to hijack planes in the US.
It now appears that the heads of the security organisations don't know what the tails are up to, selectively ignore vital information because they believe French people are stupid, never succeed in preventing attacks, and are always suspiciously quick to point to the usual suspects, providing no evidence (supposedly top secret, cannot be revealed without compromising operations etc) to reassure the public that they have caught the culprits, and not just some minions while the master minds are still out there plotting new attacks.
In short: the FBI, NSA and CIA have failed miserably. In their eyes this is impossible, because they are omnipotent, so the only explanation is some random outside factor beyond even their control is to blame, and once they are allowed to bring that (back) under their control, everyone will be safe again.
Today's things not sufficiently under their control: encryption algorythms and the licence to make political assassinations.
Oh imagine how much safer we will all be feeling soon when we know that we can be prosecuted if they can't read our mail, and they can assassinate us at will.
Now I don't have the delusion that I am important enough for American espionnage organisations to snoop on me, or assassinate me, but just because it doesn't affect ME doesn't mean it is no problem!
The NSA and CIA would not have been in this mess of having to explain to the public why it is that they exist, and have an unlimited budget again, if they didn't waste 100% of that budget on industrial espionnage, spying on America's closest allies, ignoring all information that doesn't travel by satelite or sub marine cable, because it can't be worth a lot of money anyway.
That's lucky for me, as I have just invented a "Death Ray". Muahahaha!
I haven't heard any reports that the terrorists used any encryption or even email to communicate. In fact, it is well-known that bin Laden does not touch electronic devices for 2 reasons: he could be traced, and he prefers the trust he places in people.
We need to ban those things that we know the terrorists DID use: airplanes, knives, plastic, telephones, blue jeans, alcohol, cars, books, English, Arabic. Of course, outlaws will still have access to these things, but taking these things away from Americans will keep us safe.
Software sucks. Open Source sucks less.
Firstly, the reality is that Bin Laden apparently avoids technology wherever possible, sending people to deliver messages rather than bits (encrypted or not).
But even if it were to emerge that that the terrorists used PGP or similar software, and secure encryption was made illegal, can someone seriously suggest that terrorists bent on destruction would worry about complying with US encryption laws? Either they would go ahead and use secure encryption, or they would choose another form of communication.
In reality, the only people who the FBI would end up monitoring are the innocent, and the stupid (and Bin Laden's crew are definitely not stupid).
This is in addition to the not inconsiderable point that enforcement of these laws would be almost impossible.
Car accidents in the are one of the major causes of accidental death, it seems to me we should bomb Ford.
You can't handle the truth.
Even if the terrorists did use encryption, doesn't the DMCA make it illegal to circumvent it?
:)
If you send somebody a message specifying exactly how to generate the "one-time pad" needed to decrypt a given message, how exactly is that "hard to detect"? The problem is not how you share one-time pads, it's how you share them without the pads themselves being intercepted. Sending a plaintext message that says "the secret is on the third floor, room 306, under the third floorboard on the right" doesn't cut it.
Breakfast served all day!
That was established to investigate Echelon. Here's how it works: Most skimming is automatic eg. filters pull out email and other transmissions, unpack them and make an educated guess as to the contents. Keyword ident works on recogniazable text. So unless you have a human being staring at the fax image and they happen to understand the language you're writing in there is no automatic electronic ability to decode a handwritten fax message. And even with that it would typically have to be transmitted between two phone numbers someone cares enough about to monitor.
So next time think about what you write before you write it or someone will accuse you of the most stupidist thing they've ever heard.
Are you just retarded or do you not realize the scope of encrypted communication? Most shit transfered over an insecure medium is encrypted and rightly so. As soon as you put a backdoor into an encryption scheme you might as well not use it at all. This applies for everything from encrypteing and signing email to generating encryption keys for an ssh transaction. The argument about having nothing to hide is ridiculous. Do you mail letters without an envelope? Do you just have a bunch of novelty post card checks you use to pay your bills? Encryption is an electronic version of a security envelope.
I'm a loner Dottie, a Rebel.
More to the point, anyone with a semester or two of C and the ability to do first order differential calculus could write a good encryption algorithm since the basic principals are now widely known. It's kind of like the guy who build a replica of Sputnik1 for 100k in the late 90's, a feat that required the wntirety of the Soviet empire just forty years prior. The basis for encryption is now well known and fairly well explored which means anybody could write an encryption algorithm if they really wanted.
I'm a loner Dottie, a Rebel.
The bottom line is this: Just because they have a warrant, doesn't mean you should be forced to make it easy for them to decrypt your message.
With current wiretap orders they can tap your phone, but if you use a voice scrambler, there's nothing illegal about that, even though it makes their wiretap order worthless.
I do not deploy Linux. Ever.
Agree completely. I ammended my statement in this post. What I meant was, if they have a warrant and find your key, that's ok.. but you should never have to give it to them, whether through key escrow, backdoors, or anything else.
This is weak because you are using data which is not random enough. You're much better off using a good source of random data and then distributing CDs before your agent leaves on his (or her) multi-year mission to buy jelly donuts and bring them back to the true believers in the great Homer.
You can then send him an order to abort the mission and instead turn themselves into the police mid-mission and no one can read the message.
Hiding the encrypted message is another matter which has many solutions. The easiest would probably be some form of steganography, but there are plenty of obvious places that such info is traded (e.g. short wave numbers stations).
I believe we should blame them! Without knives the hijacking would not have been possible in the first place... Blaming encryption for this event is just plain absurd...
Then again, killing thousands of innocent people is even more against islam than pr0n, so don't be too sure of anything about these guys.
The bomb's ONLY purpose was for mass destruction
On the surface or in the air, maybe. Underground or on airless surfaces, it could be used for massive excavations. In space, it can be used for propulsion.
Really, there's almost no technology ever developed by mankind that doesn't have its up side as well as the downside. I'm having trouble coming up with a useful application for nerve gasses, but I'm sure there's one out there.
Dyolf Knip
Remember that PGP has saved lives, too. It has been used by humanitarian organisations to get information out of countries whose governments would rather not let information get out.
sub f{($f)=@_;print"$f(q{$f});";}f(q{sub f{($f)=@_;print"$f(q{$f});";}f});
For starters, you want to read RFC1750.
/dev/random, which will block when it's waiting to collect more random bits from the environment, or /dev/urandom which will never block, instead it will use the entropy pool to seed a pseudo-random number generator.
Of course, under Linux and many other modern OSes, you can simply read from
I've seen code that uses setjmp/longjmp timing, seek delays and many other sources of POSIX randomness. The key thing is to make sure that external influences do not remove your randomness.
Hardware devices exist as well.
The beauty of the one time pad is that the pad doesn't have to be truly random to be effective. There is still absolutely no way to know if you have decrypted the message "correctly."
;-)
That's a slippery slope, and many code-breakers would be thrilled to hear you say it (unless you were on their side
Problem is that you can tell if what you decrypt to makes any sense at all. The chances of that happening are *very* remote. If it does happen, based on some course of reason (not just random tries), then you probably have something.
It becomes a game of statistics, you see.
I think the example in Cryptonomicon is hooey. I don't think that knowing the pad is guaranteed to "seem" random to a human is going to buy you enough to make 1945 technology work. However, given computers that can look for patterns VERY fast, the weakness of non-random data is a problem.