Slashdot Mirror
Legislating Insecure Encryption
firewort writes: "Sen. Judd Gregg (R-New Hampshire), who called for global backdoors in encryption products in a floor speech last week, is readying legislation. This is another push for backdoors - but it seems that Gregg wants them to be used cautiously, only with permission from a US Supreme court appointed commission, subject to normal search and seizure rules." Representative Goodlatte, who has supported strong encryption before, is one of the few people speaking out against this.
Does it bother anyone besides me that Congress is using the terrorist attacks as a blank check to take away civil liberties? As we all know, this bill has been proposed that would require back doors (or weaker encryption) in all encryption products, which is NOT okay in my book. I'm all in favor of heightened security carried out in an intelligent manner, but this is completely ridiculous.
Everyone knows that any law that the government can abuse, it will abuse. Can anyone dispute the fact that it'll be using these backdoors routinely, if illegally, a few years down the line?
BTW, SECOND POST BITCHES!!!
The truth about Michael
...is only as good as its weakest link.
Think of that what you will.
I am not worried about law enforcement reading my email per se. What I'm concerned about is my competitor, enemy, or boss having access to my personal communications.
Making a deliberate flaw in a scheme makes this more possible as we all know.
This sort of legislation will only hinder criminals that obey the law.
The problem with these tragedies is that everyone is scared of being for encyrption and privacy for fear of being seen as sympathetic to terrorism and not getting re-elected. I'm glad there are at least one senator that can see that this was a horrible tragedy, but that that shouldn't change everyone else's rights.
Go ahead and waste your life with your inhibitions, just don't ruin other people's lives with your intolerances.
Lemme tell you, I will not be re-electing this guy. He's always been the lesser of evils in the past, but I guess he didn't like second place.
There are four boxes used in defense of liberty: soap, ballot, jury, ammo. Use in that order.
Law enforcement officials are taking
advantage of the war on terrorism to get
everything they ever wanted.
___
By Damien Cave and Katharine Mieszkowski
Sept. 22, 2001 | Northwest Airlines kicked three Arab-American men off a flight from Minneapolis to Philadelphia Friday, simply because other passengers refused to fly on the same plane with them. The airline defended removing the men from the plane, saying that security rules gave it permission to "reaccommodate" passengers. The Council on American-Islamic Relations reacted immediately: "This is racial and religious profiling of the worst kind. Both the passengers and the airplane personnel should be ashamed of their actions."
[...]
more
And I will keep on saying it.
Now is the time to contact your representative, your senators and probably even your local media and tell them exactly how much damage this legislation could do.
Tell them about encryption used to protect your online banking transactions. Tell them about encryption used to protect company secrets. Tell them that this is bad for trade. Tell them that this is bad for innovation (unless you're Microsoft I guess)... Tell them how you feel about it.
Don't just sit back and let this go through. If nobody says "this is bad" then it will be passed...
While telling your congress critters, be polite, spell check before sending. Fax and/or write rather than e-mail. Call them and talk to them. But however you do it, make sure that your voice is heard.
Zwack.
p.s. Yes, I've already written to my congress critters.
-- Under/Overrated is meta-moderation, and therefore is Redundant.
What happens when regular script kiddies discover how to use it?
Worse, our enemys.
Wow, the script kiddies will just love it. A backdoor built in, no endless searching for bufffer overflows. Of course the criminals will just use OLDER versions of encryption. This is why people who have no clue shouldnt be allowed to make decisions for those who have clues. People are gonna be real pist when the key to this gets loose and all their credit card information banking information and medical records are wide open.
Greetings, I am from the American Federation of Anonymous Cowards (AFAC) here to reply to the article, titled "Legislating Insecure Encryption."
We here at the AFAC vehemently oppose passage of such a ludicrous idea.
We also proudly stand by Representative Goodlatte with confidence and are willing to provide any means necessary to guarantee that this idea does not pass.
Yours Truly,
Anonymous Coward AFAC Representative #2193
Perhaps we should pass a law specifically against crashing airplanes into buildings. As far as I know there isn't a law *specifically* against this, and we all know that *everyone* follows every law all the time. We probably need both a federal statute and numerous state and local ordinances to let would-be terrorists know we're serious.
creation science book
rotflmao
Judd Gregg was definitely around in the Senate when the last encryption debate went through, and all the same reasons we bring forth today were found valid and worthy.
The WTC disaster does not change the validity of a single one of those reasons, namely:
1) Strong encryption is vitally necessary to any digital communication involving business and finance.
2) Strong encryption is worthless if backdoors are placed into it- see Matt Blaze's skillful discovery of every single law enforcement key within the Clipper system.
So, why does this debate continue? My only guess is strong emotions combined with a fundamental misunderstanding of what is being discussed on the part of Mr. Gregg.
What we call folk wisdom is often no more than a kind of expedient stupidity.-Edward Abbey
If the problem is access to information, why not strengthen NSA's cracking computers. Not weaken the available encryption out there. weakening encryption allows little brother and big brother to have access. Strengthening cracking computers with raw power only allows big brother access to encryption.
Yep. Somehow it is utterly un-surprising that Congress is using this as an excuse to take away more of our basic rights. The day the WTC and Pentagon were hit I could tell instantly that Congress was going to take this and turn it in to "If you want more national security, you have to give up personal security." Anyway, we cannot allow this to happen. You can draw a parrallel:
Congress:People
Terrorists:USA
Because only will of the people will be able to overcome the legislation that congress proposes, just as the will of the USA and other countries would be able to overcome the terrorists. And both the terrorists and congress are going to end up taking our rights away, as Congress is using the terrorist's acts to "justify" taking away rights for "national security."
I end this with a note of hope: You elected your Congressmen (and Congresswomen), so now to maintain your rights, you need to call them or E-Mail them. They are there to represent YOU, so let them know how you feel!
Yeah, obviously W is a liberal media created myth as well. Who could believe a chimp could actually become president?
OpenBSD is developed in Canada for a reason:
To get away from US Government bullshit like this.
How about those of us using secure encryption now? Will using non-compromised versions of PgP be a felony? Will having a copy on your hard drive be dangerous?
The other day I was at the office store, puttzing around the crappy software (though Office Max is carrying various Linux distros.) and I noticed they were selling a nice boxed Pgp + firewall+ miscellaneous crap product from Macaffe called "network security" or something like that. Made me wonder how they are going to root all the sheeple out there that can barely maintain their windows boxen out from the supposed "terrorists".
Strange days indeed.
I remember something on CNN about people in bin Laden's network using ZIP disks insted of sending via the Internet. Which makes this useless. After all, it's the reason the started using disks insted of the Internet for transfering data in the first place.
So let me get this right, he wants to create legislation that won't stop bad guys because A) it only effects the US and B) the bad guys wouldn't bother using backdoored software AND he want's to mire it in quasi-judicial controls so that the bureaucracy will make use of the backdoor a rare and slow event (at least for legal government purposes).
If it wasn't for the fact that any such restrictions impose an extra burden on software/hardware manufacturers and limit the security of encryption, I'd start to think this was nothing but feel good legislation that would never accomplish anything. Sure doesn't seem to be accomplishing anything good.
It is actually Tom Christiansen. Nice to see people commemorating the work of osm, at any rate.
And how will anti-encryption laws stop terrorists who meet face to face?
On the issue of encryption Goodlatte is usually right on target. He has been vehemently oppose to laws which would limit its accessability to average Americans. However on other issues he is a total nut in my opinion. He is staunchly pro-DMCA and is proud that he took a part in its creation.
Yet as a Virginian I'm ashamed that someone from my state played a role in the creation of such an anti-American bill. Give the man kudos for defending crypto in Congress at a time like this, but don't think that he is a freedom-loving politician. He said at my high school (I'm a freshman in college now) that if he had it his way he'd abolish our lottery because there are "better uses" for people's money than a lottery. $1-$5 a week for the hope of striking it big is a bad thing? $1-$5 a week invested in further funding our state's infrastructure is a bad thing? $1-$5 more invested in an education system which is #7 in the nation in passing the AP tests is a bad thing? And finally $1-$5 a week invested in the same education system that has one of the highest passage rates in the nation on some of the most rigorous standardized tests in the nation?
Now is the time for us to be holding our republican values (and I don't mean the party) more dearly than ever. The purpose of establishing a republic and not a new monarchy for our people was to break the cycle of tyranny. Let's remember what happened to the Roman Republic. By the same token, let's learn from the lessons of the past so the American Republic doesn't go the same way.
During wartime, to the technically illiterate (most journalists and lawmakers), it feels morally unquestionable that innocent civilians should give up their right to privacy so that secret communications amongst terrorists be made as difficult as possible.
2 problems though:
1) Anti-encryption (and mandatory backdoor laws) simply won't work - terrorists will just get smarter at hiding/smuggling data. While the fanatical will is there, terrorists will find ways around any law.
2) Even if/when all terrorist groups are wiped off the planet, long after the first McDonalds opens up in downtown Kabul, no government is going to relax anti-privacy laws. The spectre of terrorism will persist in the American psyche for decades.
If the terrorists' aim was to wipe out America, then they have a long way to go and will most likely fail.
But if their aim was just to destroy much of the freedom average Americans enjoy, (jealousy?), then they have succeeded brilliantly.
-- In the beginning was the WORD, and the WORD was UNSIGNED, and the main(){} was without form and void...
the biggest problem i can see with backdoors in encrytion is misuse. if we legally must have these backdoors, then anything that prevents misuse is a good thing (tm). however, i can see that older versions of encryption software might become more and more popular if backdoors are legally required........
I would rather see cryptography banned outright than legislation to require back doors.
If there are back doors, they WILL be exploited by the wrong people while creating the ILLUSION of security. Crypto back doors create a huge opportunity for economic terrorism. If people know there is no security of data transmission, they will more likely treat the media accordingly.
Of course, this will spell the end of on-line business and be a huge hit on the economy both in the short and long term but why should that stop futile attempts to "do something" to stop terrorism?
How will this work in the open source comunity?. Does any one else here think that M$ is just jumping for joy and calling on their paid senators to intorduce legislation to do away with GNU/GPL software , as it is obviously dangerous to have the source codes of programs availible.
... think about it, this is nonsense.
.... how does this fight terrorism.
Or do we just write 'backdoor.h' for all new encryption progs?
This must be stopped. Also the test of the proposed new internet bills have little goodies like DNA databases for all felons and sex offenders?
Atty Gen Ashcroft and his ilk are just trying to turn the US into a police state on the backs of the victoms of the Sept 11 trajic events, and spit on the graves of every serviceman that died fighing for 'freedom'
The new White House press conference will no dought look like CLICK HERE TO SEE ----- THIS
* Carthago Delenda Est *
Check it out:
h tm l
http://www.startribune.com/stories/1576/706443.
Basically, Phil feels responsible for helping the terrorists.
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Congress has an opportunity to do something that they have wanted to do for some time - control public opinion about privacy and encryption. In recent years, as the use of the Internet for ecommerce picked up and became acceptable, the public opinion was strongly in favor of personal privacy and the tools used to ensure it. As we all know, encryption is one of the major tools that allowed people that privacy, security, safety and confidence. Encryption technology, from enigma to Zimmerman and PGP to the present, has been a problem for the intelligence agencies in the US and around the world. Congress tried to control it, but thanks to strong public opinion in favor of Privacy, encryption was winning the battle. The public demanded it and the industry gave it to them (sometimes).
Now, September 11th arrives and stuns the world. The country mourns, but Congress, like any good capitalist, seizes the opportunity to capitalize. They used media and the attack to sway public opinion. People now seem open to sacrificing their 1st amendment rights and eventually their personal privacy for a temporary safety.
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Benjamin Franklin
It appears, Congress has done an excellent job of swaying the public opinion about Privacy and used Sept. 11 as the slight of hand trick. Introducing the BACK DOOR policy to encryption is only another step towards 1984 in this database nation. I don't care how they state it in legislation or how they much it is supposed to abide by the normal search and seizure laws.
Here's where you can write your representative (House): http://www.house.gov/writerep/
Here's some tips on contacting your congresspeople: (both house and senate) http://nch.ari.net/advocate.html
From congress.gov's faq : http://thomas.loc.gov/tfaqs/02.htm (How can I communicate with a Member of Congress )
I would suggest sending more than just an email. One member of congress already said he would only respond to snail mail because of all the ?spam? he was recieving (can't find the particulars of that one though...)
I'm sure that a few other people can find plenty of coherent well thought out reasons why this won't work and is generally a bad a thing...
If Mr. Edison had thought smarter he wouldn't sweat as much. --Nikola Tesla
I can imagine it, now: Mr Terrorist uses the encryption product for which his local government (for example, the Taliban) holds the back door key. The U.S. court sez that it wants to read the mail. The U.S. then sends a nice, polite letter to the Taliban asking for that key...
When where freezes over?
-Eldurbarn
By saying that they want backdoors in encryption, they are basically saying that if this gets passed that there are atleast two ways in...and knowing that, i think many more people would try to crack it knowing that their odds of success have just doubled. Theres no feasable way to enforce this either unless they have something set up to decrypt everyones transmissions (using this backdoor) and flag those messages that cannot be decrypted. This would not only mean that they had the ability to read whatevery you send, but that they may actually be doing it in one form or another to all things! And this would be unlikable.
Could someone comment on the technicalities of implementing this in OSS? AFAIK this would now simply require someone with programming skills to remove the backdoor - or how has the master key in the first place?. How would this change the world?
.com junkies to find employment?
- A new place for
- Microsoft PR: Linux is a virus: Terrorists use Linux
He ripped that shit off from Woody Guthrie
I'd like to see someone create a web database on politicians' voting records on issues relevant within the technical community (ideally with some kind of interface for selecting which issues you care about, and even in which direction). Hopefully, this would help people make more informed decisions, and, just the public knowledge that such a database is being compiled and published might influence legislative decisions a bit.
0 .html
0 .html
g .html
0 .html
0 .html
Anyhow, here is a small start. I would encourage anyone with additional data to post it right here. I'll try to add it to this list, and perhaps someone more ambitious will be able to browse the follow-ups and start a real web database on this.
United States Senate:
CALIFORNIA: Diane Feinstein, Democrat, Bad
- Co-sponsored "Combating Terrorism Act of 2001"
http://www.wired.com/news/politics/0,1283,46852,0
o Elected in 1992 (short term), 1994, 2000, 2006
MICHIGAN: Carl(?) Levin, Democrat
+ Argued against "Combating Terrorism Act of 2001"
NEW HAMPSHIRE: Judd Greg, Republican, Bad
- Called for crypto key escrow after World Trade Center bombing
http://www.wired.com/news/politics/0,1283,46816,0
o http://www.senate.gov/~gregg/body_about_judd_greg
o Elected in 1998, 2004?
UTAH: Orrin Hatch, Republican, Mixed
+ Suggested mandatory licensing for online music copyrights
- Co-sponsored "Combating Terrorism Act of 2001"
http://www.wired.com/news/politics/0,1283,46852,0
o Elected in 1976, 1982, 1988, 1994, 2000?, 2006?
VERMONT: Patrick Leahy, Democrat, Good
+ Argued against "Combating Terrorism Act of 2001"
http://www.wired.com/news/politics/0,1283,46852,0
o 1974...1998, 2004?
United States House of Representatives:
Bob Goodlatte, Virginia, 6th District, Republican, Good
+ Co-sponsored lifting of encryption controls
+ Speaking out against encryption controls after World Trade
Center Bombing. http://news.cnet.com/news/0-1005-200-7249721.html
Zoe Lofgren, California, Democrat, 16th District, Good
+ Co-sponsored lifting of encryption controls
I have posted on this topic quite a few times before, but I must post again.
I enjoy working with encryption and number theory. I enjoy the theory behind encryption and why it works so successfully.. I will try to explain how it works (to a point) and this is a BIG reason why backdoored encryption can't work.
For this example: Assume use of RSA encryption
The way that this encryption works is it finds a function f[x] that is (to a point) one way. (NOTE: impossible [as of yet] to prove that it is a true one way function but the lower limit on finding the function has never been solved.. so for all purposes as of yet it is oneway). That is... f[k] == k' (k' being encrypted version of k). The way this works is that the function f[x] which is known by everyone and the value k' could be known by someone and still not be able to convert k' back to k. This is serious advanced number theory and requires very specialized hard-to-find functions.
To allow backdoors (that can be used without having a persons program but only the encoded message) is saying that the function f[x] must be modified to the point that there exists a function g[x] (for each SPECIALIZED function f[x] [that is, each persons f[x] is different, but g[x] must decode all of them]) that can decode any function f[x]'s input. Translation: f[k]==k' but g*[k']==k (for any function f[x] specialized). This function g[x] must be found when working out the base of the encryption product and once the function f[x] is worked out so g[x] exist, it stops being a one way function and therefor stops being useful.
So basically, if this happens, we might as all just encode our messages with rot13 and it will be the same as using any new "government approved" encryption... because someone somewhere WILL leak the functions g[x], whatever[x] (for each encryption product).
(For those who are curious, the reason each f[x] is tailored to a specific person is the picking of the keys allows a "trapdoor" as RSA puts it: another part of the function f[x] that is not mandated at production time. Of course, if a g[x] can decrypt the f[x] (no matter specialized) then the trapdoor theory is useless and serves no purpose therefor weakening it to a childs toy)
And yes, I know I am speaking to the choir here.. the thing is a long time ago I was reading slashdot when someone spoke about encryption and the basics of encryption theory.. it got me interested enough to look at it myself and now I am intrigued by it and am always learning more. My example may have small errors in it.. I hope someone can call me on them if they notice--> its always best to be factually correct...
Thanks.
Even if that's not true, how do you guard against the possibility of this happening?
I don't know why people keep saying that. If this were the law, criminals using strong encryption would immediately draw attention to themselves, which is the last thing they want. And by using the encryption they would already be breaking the law and could be arrested and further investigated for that.
Somebody needs to shine the Flashlight of Reason into the Dark Corner of Stupidity don't you think?
How can this possibly be enforced? I have books, and files on my computer, describing most common encryption and public key methods. I could almost write an RSA encryption program from memory, and I certainly could write a program to XOR with a LFSR or a one-time pad.
The dumbed down articles always talk about how "complex" and "sophisticated" encryption is, but it's not really that complex, once you know the formulas. Anyone with high-school math could probably understand many of the algorithms. You could explain a one-time pad in terms of adding and subtracting.
And what is a legal definition of encryption anyway? If I XOR all my files with a constant byte, or if my ISP or the FBI happens to be looking and they don't recognize the file format and somebody calls the cops, how the hell am I going to explain how it's not encryption? Or will it be like the DMCA, and encryption will be anything they feel like.
And are they going to somehow take away my SSH that I use almost every day to do work as a sysadmin? I get paid to secure systems, should I tell my clients "This encryption is difficult to crack. Except for the government and anyone else who figures out the back door. Sorry."
Totally crazy and impractical.
Sen. Judd Gregg also reintroduced legislation to make the value of pi equal to 3. "We cannot afford the inefficiencies resulting from the oddball values of pi some fringe academics have dreamed up. Our new wartime economy must be efficient, and to help with this effort, Congress will adopt legislation that will greatly simplify the design of common military hardware like wheels and gears," said Sen. Judd Gregg in a televised statement.
From the story referenced above:
"That's like telling people to take their house key down to the police station," Goodlatte said. "People are not going to have greater confidence in their security by doing that."
Good analogy. These things must be made simple, because most lawmakers have no technical education whatsoever. Did I say NONE at all? As in Duhhhh!
Secret U.S. government agencies control U.S. violence: What Should be the Response to Violence?
Bush's education improvements were
I dismissed privacy concerns as being currently out of fashion. I *wish* that I had done the same for practicality concerns, because we all agree that truly controlling the flow of such information is impossible.
I emphasized that there are many different crypto channels, and to be effective they'd have to weaken every one of them, because terrorists could simply shift to a different channel if, for instance PGP email were back-doored or weakened.
Then I explained that any inserted backdoor could be rediscovered within a reasonable time. I wish I had had access to the Clipper references mentioned here. But I was also struggling to keep this on one side of one page, so perhaps it doesn't matter.
Finally I added that the safety of our financial and network infrastructure depends on some of these alternate crypto channels, and to compromise them would put us at risk. SSH and https: were mentioned examples.
There, a case based on things other than privacy or practicality.
The living have better things to do than to continue hating the dead.
This second argument is specious for two reasons.
First, any law forbidding strong encryption without a back door could be binding on the sender of messages only. The receiver of a message encrypted without a back door could hardly be held legally liable for the action of another. Therefore, if the head of a terrorist organization outside of the US used strong encryption to send messages to terrorists inside the US, no law has been broken. The backdoor law is not extra-territorial and cannot ban someone outside the US from using non-backdoor encryption, and the receiver in the US cannot be held liable simply for receiving such a message.
Second, the argument assumes that law enforcement can somehow detect whether or not a message is encrypted using a backdoor program or not. The ability for law enforcement to archive messages and search through their contents is truly staggering, but it is not all powerful. It takes many many computer cycles to sift through unencrypted data searching for words or phrases in order to be useful at all. There is no indication that anyone would have the computational power to sift through archived messages to determine if a message is encrpted or not, yet alone whether it was encrypted with lawful or unlawful software. Making such a determination on the fly would be absolutely impossible.
Unless, of course, messages encrypted with compliant software contained flags set at specific bits to alert law enforcement to the presence of lawfully encrypted text. If that was the case, however, terrorist and other non-crypto-law abiding people could simply alter the open source code for their non-compliant crypto package to add the special bits. Law enforcement would still be unable to determine on the fly whether a message was lawfully encrypted or not.
That leaves them only one alternative. They would have to try to decode all encrypted messages on the fly in order to determine which were lawfully encrypted. That action in and of itself would violate the privacy rights of anyone whose message was decrypted simply to determine if it was lawfully encrypted.
Furthermore (or more precisely, once again), the ability to capture all messages and attempt to decrypt them on the fly in order to determine which where lawful and which were not is currently a technologically impossible task.
We all know that encryption is hardly used except by criminals and the paranoid. I am not trying to flame people, but it's the honest truth. Personally, I don't use it nor does anyone I know. However, I think it's ok if someone needs to send an email with some information that needs to be protected. The problem is that criminals are abusing these encryption systems to commit crimes. It's not like it will hurt Joe Linuxbob to send an unencrypted email to his friend Don Window. The ones it will hurt are the ones that are comitting crimes against the people of this country, and those who are escaping law enforcement. We hire these people to protect us, we pay them taxes, yet you don't want to allow them to do their jobs? Why? Why do you hate your fellow Americans so much that you would permit criminals to contact each other in private and murder thousands, as evidenced on the 11th.
It is your duty as an American to protect your country and love your fellow Americans. In order to protect all of us, we might have to allow the government, under strict, controlled circumstances, to view our email once in a while. Which would you rather have happen? Would you prefer to be ran into a building at 600+ mph and burn in a fiery inferno along with thousands of others, or perhaps be inconvenienced of the government seeing you send porn to your geek friends at school?
True freedom requires security of those freedoms. To be secure, you might have to give up some of your liberties.
Mas vale cholo, que mal acompañado.
This site appears to have the records while you are asking for a subset. I am sure somebody would be willing to assemble the data.
See http://web.lexis-nexis.com/congcomp
Select Members option.
It also has info on bills sponsored, campaign contributions, and more. Disclaimer: I am not affliated with this site.
To-do List: Receive telemarketing call during a tornado warning. Check.
1. One time pads
2. Easy to code your own software with the information available right now
3. Software from non-US countries
4. Code languages of different kinds
And just so you know, the blueberries are ripe on the east side of endor...
I'd contact my reps but i honestly don't care anymore. If they don't legislate it now, they'll do it next year or the one after that. We're fighting a losing battle.
Based in San Francisco, EFF is a donor-supported membership organization working to protect our fundamental rights regardless of technology; to educate the press, policymakers and the general public about civil liberties issues related to technology; and to act as a defender of those liberties. Among our various activities, EFF opposes misguided legislation, initiates and defends court cases preserving individuals' rights, launches global public campaigns, introduces leading edge proposals and papers, hosts frequent educational events, engages the press regularly, and publishes a comprehensive archive of digital civil liberties information at one of the most linked-to websites in the world.
And it needs our support to ensure that it is forever capable of supporting us against legislation that seeks to eliminate our rights and privacies.
The value of the US dollar is an illusion, not explicitly based on anything but the illusory values of other currency.
The new security measures they've put in place at airports are not more secure than before, they just provide stronger illusion. You could easily hide a knife in the sole of your shoe or elsewhere.
The US government inefficiently employs millions of people in needless jobs, thereby providing an illusion of stability.
Obviously US military security is an illusion if a jumbo jet can fly into its headquarters.
Belief in such lies keeps money moving and people placated, which are the two things that divide society from anarchy.
As long as an illusion holds, why take the effort to make it a concrete reality?
So let's pass this bill and perpetuate the illusion that governments can be trusted.
Here are the talking points against this abominations:
1. It's a total waste of time unless you have a plan to force the terrorists to use weak encryption.
2. Centralized key escrow creates a single point of failure for our national cybersecurity infrastructure.
3. Strong crypto can be defeated and has been defeated in the real world. You use existing wiretap laws to implement keyboard sniffers and the like to grab cleartext.
4. You have to be prepared to use keyboard sniffers ANYWAY, because the terrorists aren't going to comply with your law.
5. The bill violates the free speech rights of ordinary citizens and businesses. Conversion from already deployed strong crypto to crippled crypto is an effort comparable to Y2K.
6. Stop using this as an excuse for the intelligence failure. It's bogus. These terrorists made credit card purchases, airline reservations, flight school training, apartment leases using real names sometimes even on our "watch list".
7. Are we really willing to punish otherwise law abiding citizens who fail to register their crypto key? Who needs terrorists when the governement will destroy your rights for you?
8. Security cannot be achieved by weakening security. What is security if not the protection of citizen's rights?
9. The law cannot be enforced, and it's violation isn't even detectable. If you find an encrypted message, how will you know it wasn't made before the ban?
You sure this is Sen. Judd Gregg and not Judge Dredd?...
Is this the representative from Starbucks? Still, I support him in everything he does. And when he's up for re-election I'll vote for him. Everyone knows that Mayor McCheese is a crook.
Sweat
It breaks my pluginses, my precious!
let's hope microsoft doesn't get the contract...
Sorry, but this is stupid! Do Americans really believe there are not any other "bright guys" with encryption knowledge out in the world? Why should terrorists care about laws? Why should Non-Americans use encryption software with american backdoors as long as even echelon is mainly used for industrial espionage by the US? Why should we allow script-kiddies to access our private data?
The world should learn to approach the cause of terrorism and not just the symptoms. Thus support the formation of sustainable true democracies in the world instead of doing short-term opportunistic interest politics, fighting violence with violence or hurting our human right for privacy!
I'm working on Capitol Hill ATM, generally dealing with constituent mail. Here are a few observations...
Above all, though, don't be apathetic. Enough people making noise (with their reps or otherwise) can get results.
HTH,
Tom
Judd Gregg is incompetent and shouldn't be allowed such a high position. To get rid of him, use the media. Tell them that he is trying to make a law that will effectively ban what math you can do in your own home. which is technically true. You might want a picture of a little kid watching as his teacher is dragged away by the police with the blackboard in the background showing sums (1+1 = 2), get a newspaper to show it on the front page with the caption:
"Judd Gregg Bans Maths, Is HE In League With The Taliban??
Don't forget to include the bold bits. Then on the next page, put a picture of johnny (the little kid from page 1) being taken away by the police because he added 103400595 to 1004340350 in his book, (effectively encrypting the first number, using the second as a key (yes i know, but its all i could think of)). Ok, the last photo should show johnny's school being shut down and circled in yellow tape by the FBI, because they found a copy of 'Bobs secret messages puzzle book" in the library.
The induhviduals don't understand so you have to explain to them in terms they can get...
This comment does not represent the views or opinions of the user.
I can see this leading to some kind of restrictions on software development tools. Of course, this would be as hard to enforce as the crypto backdoor, but that won't stop them from making a law. Imagine if it gets out that the algorithms are understandable by most pretty smart people, and all that needs to be done is put it into code and compile it, all they'll have to do is restrict or regulate access to compilers/interpreters, right?
I can see the Open Source Community becoming the scape goat of the week on this and some pretty awful stuff coming down from Ceasar restricting the right of people to write their own software. There's no reason why they couldn't make it illegal for anyone but licensed programmers/CSci students from having access to compilers. The "Sheeple" wouldn't care one bit. They don't even know what a compiler is. Then what - ./configure, make, make install, becomes pretty hard to come by.
My Karma was at 49, then they switched to words. All that work for nothing!
Many, many problems with backdoors in encryption software have been discussed (privacy, search-and-seizure laws, security), but I've seen no mention at all of one point:
Bad guys can make their own encryption.
I won't try to pretend it's easy to make a really good encryption algorithm, but it is relatively easy for a money-rich organisation to create fairly basic encryption scheme that will be at the very least difficult to break.
What this means is that anyone who uses 'legitimate' encryption will have weak-to-no security (backdoors essentially remove security), while the bad people we want to keep from using encryption will have at least moderate protection of their communications.
Please let your congressman (and leaders of your respective countries) know this! The safety of data worldwide depends on flawed logic, eg. that terrorists always use exportable software rather than designing their own.
Wow! So the US *actually* want to create backdoors in US software that foreign states can exploit?
I can almost hear the non-US intelligence agencies shout with joy! =o)
Not that I have any reason to encrypt my mail, etc, but as a non-US citizen I'm glad to have that choice if I were to mail sensitive information sometime in the future.
I hope for the sake of the US that such a stupid law never is passed.
/.Mattsson - My native language is not English, so please don't whine over linguistic errors. (That's lame anyway...)
which is, specifically, that you're an idiot:
... Guess what? Ben Franklin was talking about you, you sniveling little proletarian.
We all know that encryption is hardly used except by criminals and the paranoid.
Do you bank online? Have you ever bought anything online? Does your company engage in e-commerce or EDI? Have you ever used Lotus Notes?
These are strong encryption applications, without any backdoors (yet). How will you feel about government-mandated encryption backdoors when some 31337 HaXoRs strip your bank and credit-card accounts? Are you so naive as to imagine that the government will make you whole? ("Gee, we're not responsible for losses due to criminal activity" say the cops.) Do you think that Judd Greg will recompense your life savings lost to backdoor crypto? You must be a troll, drunk, on crack, or all of the above, to have posted that moronic spineless garbage here. Just shoot yourself, it's painless.
"Those who would trade liberty for security deserve neither."
I didn't expect that Ben Franklin quote to appear in this story AT ALL! :P
It doesn't mean much now, it's built for the future.
The economy is hurting right now, what would having a potential security breach in all programs do to consumer confidence? I think it would be very bad, when you consider how much confidential business information is passed over the internet to reduce costs relative to leased lines, satelites etc (for the most part it is cheaper, not all cases).
The other big issue (Which I think is bigger than the economic aspects) is the privacy aspect. I also think that my views on the subject have been made numerous times on /., by me and by others who seem to have the same point, so I am not going into a whole longwinded speach about it.
Make people understand about it. Don't let them be ingnorant. Take away their excuses, and make them look at what is happening. Many a person has revised their opinion, based on exposure to what it means. I personally know of no technologially oriented person who approves of it. (this is excuding the /. people who are supposedly technologially oriented.)
hmm... i say let 'em put in the backdoors, then as soon as the government starts to use those backdoors, slap 'em with the dmca for "circumventing copy-protection mechanisms"! ;)
Senator John Edwards of North Carolina is a strong proponent of privacy. You can contact him via his web site. Suggest he align himself with Rep. Bob Goodlatte. Edwards is a good man and he actually reads his email...
"Straddling the sword of technology..."
Let me say that I'll have no obligation to observe these laws. Send your encryption products to me for resale. Don't let the rest of the world suffer because you're going to let your government remove your security. There will still be plenty of markets not touched by this legislation.
Get the Hell off my planet, you slimy mobster Bush!
Remember when Napster started facing legal trouble? People wanted to get away from Napster, but liked the concept. So, what did the legal action against Napster do? It caused dozens, hundreds, maybe thousands of Napster alternatives. Esentially, the RIAA, in their lawsuit, made things a million times worse for themselves.
Similarly, if the government builds a "back door" into most common encryption schemes, what's to stop my friend and I from writing our own scheme? Sure, it'd be "illegal," but so is downloading hundreds of songs that you don't own from Gnutella...
In essence, if this bill passes, all the stuff that's been mentioned will happen, in addition to something that will cause extraordinary problems for the government -- countless new encryption schemes will pop up, and the government won't be able to crack them. And don't you think that those who are trying to hide something "bad" will want to use those?
And, before you mention it, there really is no way to say "We noticed you're using encryption... Stop or you'll be shot." You see, how do they know it was an encrypted message? Couldn't it have been completely random bits that a Perl script spews out at random intervals?
________________________________________________
suwain_2
Just to add my 2 cents worth(which don't go very far nowadays), the EFF is organizing a letter writing/email campaign.
I don't think it helps, but do it anyways. Download PGP and any other encryption software that you can think of. Let people know why not giving up your rights is important. Our government is saying one thing, and doing something completely different (not at all unusual). If you value security over freedom you will have neither. The founding fathers valued freedom--not safety. Why should we do any less?
Damnit, Jim, I'm an anarchist, not a F@#$!^& doctor!
I live in NewHampshire, so in theory if I sent a letter to the senator it would be heard. But I'm not any sort of experienced writter, especialy in regards to political writing. Are there form letters available that clearly express my/our position on this matter and are written in the language of politics? I'd be more then happy to spend the money on a stamp and envelope if such a thing was available.
I want them to pass this legislation. Just to see what happens. It's gonna be funny watching them trying to enforce this law.
:)
They don't stand a chance, they can't stop drugs being imported. How the hell do they intend to stop people copying existing programs, or simply writing there own. Never mind try to enforce their policy abroad.
And how do they intent to check emails to see if they are encrypted with 'approved' algorythms, without decryption every single one? And how do they intend to distinguish illegal cyphertext from binary files???
It's gonna be a laugh
- PS. This is what part of the alphabet would look like if Q and R where eliminated.
http://gregg.senate.gov/
Horrible site. There is a cartoon animated gif moose running, and a WTC message in a scrolling marquee.. Horrible. I am 100% voting against this guy in the next election.
but rumour has it that the NSA can crack 128bit encryption (read: this has NOTHING to do with key size - a 128bit key or a 1024bit key, it's all the same). From a semi-reliable source the NSA has been funding a massive cryptology group to essentially find mathmatical weeknesses in many of our popular algorithms. Personally, I don't believe this is true, but it makes me think twice. If this is true, the reason this legislation is coming about is because the NSA doesn't share crap with the FBI, and very little with the CIA, and it's the FBI and the CIA that want it all. Food for thought.
There is no longer anything that can be done with computers that is nontrivial and clearly legal. -- Paul Phillips
In case anyone's interested, I work for an online service used by medical offices. Insurance companies FTP and email eligibility data to us. It contains social security numbers, names, birthdates, everything you'd need for an effective identity hack. We protect it with encrypted FTP or PGP. Plus our entire website uses https. I don't think we're paranoid.
Just caught a Drugereport blurb reporting Oracle's Larry Ellison volunteering to contribute to the creation of a national ID database system.
At the same time, Newt Gingrich blabbed on Fox News that a "secure national ID system" would make air travelers feel much more secure.
Looks like we're seeing yet another power grab.
*scoove*
If you copyright your encrypted communications, then wouldn't having the backdoor mean that it's a circumvention device and therefore illegal under the DMCA?
Consultancy: If you're not part of the solution, there's money to be made in prolonging the problem
Would decrypted communications be accepted as evidence in court? Will the encryption back doors be subject to defense-counsel cross-examination? Will be backdoor decryption mechanism be described in court, so defendants can contest this evidence?
I doubt it. Decrypted communications would be presented at their face value. Defendants would not be able to interrogate this evidence. Juries would be required to accept it.
Do you think police agencies ever manufacture evidence to convict people? Do you know how many imprisoned individuals have been set free in Los Angeles due to this sort of corruption in the Rampart division? Did you know an anti-gang worker was deported simply because the LAPD did not like his conciliatory attitude towards gangs? (The LAPD set him up with the INS...)
What do you think will happen when police departments are able to manufacture "decrypted" messages? Do you still think you have nothing to fear because you are innocent? If the back doors in crypto are a "national security secret", do you think anyone convicted on the basis of this evidence will ever see the light of day.
If your children ever found out how lame you are, they'd murder you in your sleep
Surely it is too late for this kind of legislation?
:(
Firstly, we all have PGP (well, most of us) including the terrorists. Sure you can shut down the key servers, but that can't really stop PGP, it just makes it harder to distibute the public keys. I can just use my trusted mate as a key server and ask that he either run a server, or (say that is illegal) just get him to email me keys, using the public key that I sent to him via Fedex/UPS/Royal Mail on a floppy.
This isn't going to stop determined terriorists - just the average Joes that don't know/use/understand encryption already...
Oh, and second point, the WTC is gone and doing this won't change that
--
Mike
-- Mike
...when they pry the keyboard from my cold, dead hands!!!
* The quatrain X.72 of Nostradamus, one of the world most famous persons from the 16th century: L'an mil neuf cent nonante neuf sept mois, Du ciel viendra um grand Roy d'effrayeur Ressusciter le grand Roy d'Angoulmois Avant après Mars regner par bonheur." Translated: the number 1 999 - a cryptic reference not necessarily the year 1999 - perhaps "the year of the millennium - 999" SEPT (the 7th month), from the sky will come a great frightning king. The great king of Angoulmois is revived. Before and after Mars reigns."
Actually according to "The Complete Prophecies of Nostradamus" (Henry Roberts, Straford Press, 1981, New York, pg 336), Roberts is referring to the 999 as the the inverse of 666.
Another thing since this is a biblical reference, it is said in the bible that often the devil would do things to deceive man by inverting things. For your entertainment and consideration, would it not be possible for that the number 666 is 999 or vice versa?
Southerners didn't free slaves until Union troops started invading and killing.
Many people thought prohibition was a good idea until they tried it.
Nobody started fixing the US economy until it collased in 1929.
Germany didn't respect its Jews until it killed 6 million of them.
The US Govt didn't get out of Vietnam until the people threatened a revolution.
And the US people didn't give the FBI, CIA and airport security the people and resources they needed until the WTC came down.
You can yell at the public all you want, but until they suffer for their folly, they won't listen. We may just have to suffer the absence of encryption until some terrorist wipes out a few million bank records, or until a few million PC users ignore the law.
When Bob Goodlatte shares the views of the geek community....it's AMAZING...
I mean, he's VERY pro-DMCA and other bits of legislature that we love to hate...so, if he's siding with us...WOW...
This is another excellent point. Someone with points please Mod "Back doors as legal evidence" up
Help fight continental drift.
The Bill of Rights in the US Constitution protects your right to say anthing, whether or not the government can grok it. It guarantees freedom from "the quartering of soldiers" which is loosely interpereted by the Supreme Court as an individual domain of privacy. I doubt they would miss the connection between quartering soldiers and/or quartering escrowed keys (agents of the Government).
--- Nothing clever here: move along now...
Instead of forging half a dozen identification documents, you'll just have to forge one and have a universal identification card proving that you are who you claim to be. This will be great for the criminals around the world!
You know somebody will probably figure out how toencode two different messages in one message. Decoding with the real key and the government backdoor will each give a different message.
Your argument is that we can only learn through suffering and through failure. While I'm sure I've left some teachers and professors with this impression of myself, I'd like to think that we can learn in other ways.
Whether it's a letter to your congresscritter, a conversation with friends and family, or upgrading your bosses IE to 128-bit and explaining encryption, you can educate those around you about the importance of protecting data and privacy. You may not convince any of them. Your actions may have no impact at all. But the mirror may be a little kinder if you're thinking "I tried" instead of "We need to suffer."
Wait... you mean you still haven't joined the ACLU?
Well then, create a better way of explaining encryption to non-technical people.
Do I have a right to speak to my woman friend or wife or children in private? If I do, then I have the right to unbreakable encryption.
There was one EXCELLENT way of fighting Osama bin Laden: Don't support the Taliban or the Saudis, as the U.S. government did for many years. Then they would fight someone else.
This encryption debate obscures the real issue: The U.S. government must stop being adversarial with the whole world.
Bush's education improvements were
nice rack.
Everyone that's blaming encryption for the failure to detect the preperations for these attacks should refer to the first page of the FBI website.
"Individuals who are interested in assisting us should now apply on-line at www.fbijobs.com. Please apply if you are proficient in English and one of the following languages: Arabic, Farsi, and Pashto. Details and specific requirements can be found on www.fbijobs.com."
If we lack sufficient translators to investigate the problem after the fact, how would an easily violated ban on strong encryption products have protected us before the attack?
Wait... you mean you still haven't joined the ACLU?
Well, I suppose since we now know that the Binch doesn't actually use cryptography, passing such a law is in fact less than useless. In fact, it has as much practical effect as passing a law not permitting people to "meet in groups" in secret without a full transcript or govt approved recording device that can be approved later, for that is essentially what such a law tries to do.
Curiously enough, such laws actually do exist in some forms. Anti-trust laws attempt to outlaw such secret/private discussions between vendors, for example. The key difference there is that the behavior being legislated against is one that people engaging in it at least must know is unethical to be doing so. A blanket law legislates against all including those that have perfectly valid, legitimate, and ethical reasons to engage in such behavior.
Basically, the problem is insufficient liberty.
Lameness filter encountered.
Your comment violated the postercomment compression filter. Comment aborted
Taco, get real, will you?
This seems to go against that motto those granite heads like to use. Whats the point of encryption if its not secure....
Let's take a pragmatic look at this. We can't even get people to upgrade their software after they've been 0wned by Code Red. How can we expect them to upgrade their encryption software?
Are all conservatives as nutty as you are?
The EFF makes a few good points and offers sample letters and links to your rep. and sen. Enjoy.
This has the ability to bring down the entire internet.
Here's how it works. Authentication is encryption, so it'd be subject to the backdoor laws as well. Someone _will_ figure out the backdoor, and then all someone has to do is write a worm that spreads by exploiting this backdoor.
The best part is, it would be illegal to patch against this worm, since doing so would require you to close the backdoor!
The end result is a worm that could take down the entire internet.
Isn't legislation great?
What makes these fools think that bin Laden and organizations like Al-Qaida are going to start using their escrowed encryption programs? The only people who are going to be using this escrowed encryption are your people, your law-abiding citizens. Not even terrorists who enter the US are going to use it, obviously. Most of them may be psychos, but they are not stupid of course. If they were, they would have met their end long ago. In the meantime, someone is going to reverse engineer how you do your key escrow, and then everyone in the world who doesn't have a DMCA-like law can read escrowed encryption traffic after they reverse engineer the new chip that provides it. It may require the resources of a large semiconductor corporation to do the reverse engineering, but once that has been done, end of story.
Hopefully the NSA will do everything to make sure that your escrowed encryption is as perfect as it can be, but given the Agency's track record, I would be wary. Besides, the civilian research into key recovery systems (mostly from Silvio Micali's research, to whom the government paid $1,000,000 for use of his patents in the old Fortezza/Clipper chip) has been somewhat unpromising, and there are many complex security problems involved. What if someone cracks the escrow agency's database? The keys are going to start circulating among the rest of the world's intelligence agencies and terrorist organizations by then.
In the meantime your largely ignorant populace is going to start taking active measures to make themselves available for surveillance, in the misguided belief that this will help the security of your nation. It won't, not in any meaningful sense, but makes it far easier for Big Brother to start listening in on everything. Welcome to the American Empire.
Qu'on me donne six lignes écrites de la main du plus honnête homme, j'y trouverai de quoi le faire pendre.
I prefer to die a fiery plane crash death than be inconvienenced BEFORE that same death.
Giving up liberty does not equate to security.
Besides, the government is there toprotect our LIBERTY not our lives.
* Sibyl of Prague, an old woman (17th century) "From the east a dragon will come, terrible to look at, because from its 9 times 99 eyes (1999?), mortal rays will be emitted and a poisonous air leaves its mouth".
She predicted the rise of Godzilla. Cool!
GODZIRRRRRRAAAAAAA!
Key escrow will work as a law enforcement tool in the following limited, but nonetheless useful, way.
It cannot actually prevent anyone from using cryptography that does not have a backdoor.
However, what it will do is allow law enforcement to stop, interrogate, hold and arrest a suspected terrorist on the grounds that the person has a cryptography program on their computer that does not have the approved backdoor. It will give law enforcement something to hold them on. This can be important. Let me make an analogy to the kife situation.
Prior to the events of 9/11, it was perfectly LEGAL to board an airplane with a knife with a blade up to 4 inches in length. If somebody was found trying to board an airplane, or on an airplane, with such a knife, there was no legal basis to question, much less arrest, them. Indeed, if someone was found with TEN such knives, there was no legal basis to hold them. They just walked away. Hell, you might not be able to keep them off the airplane.
Now, there is a new regulation banning ALL knives, no matter what the blade length. Will this new regulation prevent any determined person from carrying a knife on board? Given the current state of security, probably not. Unless you ban, or thoroughly search, all hand luggage, and frisk all passenengers, no. I'm sure right now I could probably carry an 8 inch (or ten 4 inch) glass, ceramic, or plexi-glass knife (knives) on board and get away with it. So, does that make the law useless?
No, because, compared to before, if they DO detect my 10 glass, ceramic, or plexi-glass knives with 4 inch blades, they can actually prevent me from boarding the plane, hold me, question me, interrogate me, and arrest me. They can pursue the matter.
Obviously, the anlogy to cryptographic software is far from perfect, but the principle is the same. No, you can't really PREVENT anyone from using such software w/o a backdoor if they really want to. But what it does do is give you a legal basis to stop, interrogate, and, if need be, arrest them.
Is it worth it? I'll leave it up to others to discuss that issue for now. But one cannot say it would serve absolutely NO purpose.
Only Women Bleed (Sex, Sharia remix)
and the attack seems to have succeeded. I guess is attackers 1, freedom 0.
/jarek
...you're fighting a losing battle, my friends.
According to a recent CNN poll, 57% of Americans say they would "willingly allow the government to read their email to help the fight against terrorism". I'd post the link but CNN's search engine sucks. It was on the Wolf Blitzer special report page yesterday, 9/20/2001.
We live in a democracy: clearly, if people here want to trade freedom for the illusion of security, that's what's going to happen. Especially if big corporations back the same laws, albeit for different reasons.
Between the people and corporations here in America, nobody really wants privacy. Nevermind little issues like your credit cards selling your purchasing habits; people are ready to live in glass houses and let the government and big business watch every bit of communication with the hope of making an arrest or a sale.
It's all for our own good, of course, since apparently Americans no longer believe that they are capable of taking care of themselves, and they no longer trust each other, and that massive government and corporate intervention is the only way to right matters.
It's a psychotic vicious circle: the more we abdicate responsibility, the more we need someone to take care of us, and the worse things get. What a surprise.
Sorry for the rant. Here's the bottom line: if you truly value freedom and privacy, the US is no longer the country for you. The aging population is tired of that sh*t, and has long since traded in principle for pragmatism. The odds of making a difference by writing letters are roughly the same as those of being suddenly turned into a 200 foot tall statue of the Marx Brothers.
So, write your letters. Make your calls. But when it really starts coming down, remember that you can vote with your feet: there are plenty of countries out there that are still civilized and that still respect the individual, and until the real exodus starts, almost every country will happily take the best and the brightest from the US, even if they are geeks / libertarians / gays / goths / vegans / anyone else who may not quite fit in to a mainstream police state.
-b
PS: don't bother replying with bogus patriotic "if you hate the US, leave" messages. In fact, I love the US, and have done more to demonstrate that than you'll ever know. But love does not necessitate blind jingoism, as some would have it.
If I wanted a sig I would have filled in that stupid box.
You know, most terrorists aren't going to bother 'upgrading' their encryption software to the new versions with backdoors.
Methinks they'll stick with their "old", non-US secure products.
Oh, and by the way, major news stations are reporting that the terrorists that were responsible for the World Trade Center were using plain-text Hotmail.
Since Hotmail doesn't save messages, it seems that our law enforcement agencies are out of luck... It would seem as though plain text is "secure" enough for most of the terrorists in this world, unfortunately.
It's obscure enough not to be tracked down by the FBI or other government agencies, at least...
Do you like German cars?
"Normal search and siezure rules" are covered under the 5th ammendment, along with due process, a fair and speedy trial, and protection from warrantless searches. While the american people like to defend the *first* ammendment to the death, they don't even think about the (some say) more essential liberties that they are afforded by the 5th.
If this time wiretapping laws were changed, the next terrorist attack will make all the due process they are promising for their insecure cryptography legislation -- which can't be guaranteed in the first place, given the technical skillz in the real world -- disappear. They used to make it a big deal when an investigation ignored due process and had an illegal wiretap. I imagine the outcry will be diminished every time they do this, as long as you have some semblance of free speech and expression.
You can say as much as you want in a system that makes it impossible or illegal to act.
"Look at me, I invented the stove!" -- Ben Franklin
This is insane...
Requiring backdoors in crypthograhic software won't solve anything. At most it will end up outlawing open source implementations.
Were do you guys get so stupid politicians from?
OK, so let's say that the US bans encryption without a backdoor. How likely are other countries to follow suit ? I'm hoping Australia isn't going to follow the US into this sort of really bad policy.
And what about interfaces ? Is an American allowed to have a copy of PGP on their computer to receive a heavily encrypted message that someone from a non-silly country sends him ?
For one of these congressional hearings, could a knowelgable person take the crypto bible with them and a porable computer with standard components and "implement" a simple crypto while the session is going on; just to demonstrate that this is common technology. I'm sure that they have some idea that there are N products out there by N companies and that people must buy one of these products; and that these companies can get together (like Microsoft) and force the world to upgrade to the new back-door enabled version. At least, I'm sure this is what Microsoft people are telling the legislature. So... they may not be technical, but they do trust their Microsoft lobbyist; after all, they've constructed the worlds best desktop operating system and tools, of course they know what they are talking about.
So, the government is that interested in making sure they can read your email ?
Well, there's an obvious solution.
Every email you send to someone else, cc: it to the government. If they really want to be able to read your email, then send it to them unencrypted. The next time you're asking your friend which movie you are going to see that night, or when he should pick you up to go the pub, cc: it to the FBI. When you're asking your wife what colour paint she just bought for the loungeroom walls, cc: it to the NSA. When you want to know how old Nelly is doing after her hip replacement, cc: it to the CIA.
Start now in cc:ing all your emails to those people who are in danger of allowing this bill to pass. Make sure you include an appropriate opening statement saying why they're getting cc:d your emails.
Who's with me ?
So to protect ourselves from terrorists we introduce a single point of failure for all our "secret" communication.
Claus
One person who would love this bill is my girlfriend.
Before I met her, I was planning on moving to the USA,
but after DMCA and this encryption thing, there is no way
that I'd give up my freedom here in Sweden.
I can't possibly be the only one who thinks like this, which
is probably intentional. The reason for the encryption
banning is not to make things hard for terrorists,
it's a way of making sure nobody in their right mind
would want to move over there, until it is as bad in
all other countries as well.
/Daniel
I got this email on Friday:
"Monday 9/24, noon, at the Mattin Center: U.S. Representative Constance Morella (8th District of Maryland) will talk regarding Information Security and Privacy."
The Mattin Center is the new arts building on the campus of Johns Hopkins University. I'll be showing up and a hope others will as well.
If you want directions or more info please respond to this post.
Could it be that the talking and typing monkeys out here can not comprehend that it is the result that counts, not monikers and lables? Can those talking illogical and hypocritical monkeys not police themselves, thus giving us the theme of "X is bad, unless it is performed by my 'side'". Real enlightened folks! Congrats on your application of toddler logic. Thanks for letting yourselves be sheep that just happily suck up your soma and do what you where told to do and think what you where told to think. Parrots, talking monkeys and sheep, combine them all and what do you get???? The self-labled intelligencia out there. Quit trying to SOUND intelligent and THINK!
The RISKS of Key Recovery, Key Escrow, and Trusted Third Party Encryption
Was that the Clipper document you were looking for?
Government are using this as propaganda to deny people the basic human right to privacy.
Do you not think - once back doors and greater surveillance are introduced, when not planning face to face, terrorists will just have to send personal couriers?
THEY EVEN ADMIT - ENCRYPTION WILL NOT WORK ON TERRORISTS
USATODAY article:
WASHINGTON (AP) -- Despite warnings from top government officials that terrorists would use exotic technology to communicate, suspected terrorist mastermind Osama bin Laden instead has used "no-tech" methods, foiling efforts to track him, former U.S. intelligence officials said.
Intelligence agents once could keep tabs on bin Laden when he used a satellite phone that could be picked up by U.S. spy gear and matched to his voiceprint. That capability leaked to bin Laden, so he swore off talking on the phone, according to Marc Enger, former director of operations at the Air Intelligence Agency, the Air Force's intelligence arm.
Madsen said the hijackers could have communicated by means of seemingly innocuous messages on Web sites, impervious to the most vaunted surveillance tools in use by U.S. intelligence.
All the Carnivores and all the Echelons in the world would do very little to hamper that kind of operation," referring to the FBI's e-mail surveillance box and a widely suspected NSA surveillance network.
The answer to trademark and domain name problems is at WIPO.org.uk
if you have a backdoor on anything, it will be exploited by hackers, no doubt. deliberately programming in a backdoor is just asking for your product to be hacked...
no text
Hiding tools from honest people only assures us that honest people suffer without benifit. Priciples of operation will always get out and the bad guys will always use those tools as they see fit. You can't hide crypto and we should all be using it to protect our privacy.
Here are some more people you can hate, if you still want to point a finger at Zimmerman:
The Wright brothers, for giving the terrorist a weapon.
Whittle, for developing the engines that powered that weapon.
Eifel, for giving the terrorist a target.
Diesel, for working out the use of heavier oil fuels that all jet aircraft use.
Oh yeah, don't forget that hideous man who invented the knife.
So go on and ban aviation, skyscrapers and knives as well as deadly crypto. The world will not be a better place!
Friends don't help friends install M$ junk.
Because quite a few of us will vote against congresscritters who do want the govt to read our email. It's a voting issue for us, and probably not for the other side.
The backdoor could work this way.
Joe tries to encrypt his e-mail using the recipient's public key (or a secretly exchanged key for other types of encryption). Before the software encrypts the message, a check is made to ensure that the decrypting key is escrowed with the government. For example, the key could be digitally signed by the government or perhaps the government would insist on generating all keys.
Using an unescrowed key for encryption would be illegal. I.e., if the government can't figure out what Joe's e-mail contains, he can be arrested, deported, etc.
I'm not saying that I'm for that or that it would be constitutional. It seems possible, though.
When I think about what the legislators are trying to do, closing stable doors after the horses have bolted comes immediately to mind. How are they going to persuade terrorists to use this form of encryption?
The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
For the kind of limited-scope communications involved in a terrorist mission (they've already decided the basic plan face-to-face; they only need to coordinate where and when to strike), they can just develop a small set of code phrases. This can be minimized to just two codes -- one for "go ahead" and one for "scrub the mission and meet to discuss new plans".
/. If the government wants us to respect the law, it should set a better example.
I say that if this passes, we should make a strong attempt to break and publish (in plain english) how to get at these backdoors. No schematics, no code, nothing that can't be backed by 1st amendment protection.
;)
Then we can point out that these keys could be used to break into banks, e-commerce, etc. and urge everyone to stop using these facilities in order to protect against terrorism
LedgerSMB: Open source Accounting/ERP
Judge Dredd is legislating? Isn't it mixing judiciary branch with legislative branch?