Slashdot Mirror
Senator Backs Down On Crypto Backdoors
evenprime writes: " Sen. Judd Gregg (Republican, New Hampshire)
was advocating mandatory backdoors in crypto on Sept. 13. Wired
is now reporting that Sen. Gregg has changed his mind. They say that Gregg's spokesman, Brian Hart, has said: 'We are not working on an encryption bill and have no intention to.'" As Rob Carlson is quoted at the article's close, though: "(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again."
I didn't write to Gregg, though I did write to my own congressman and senators. I also sent E-mail to a whole bunch of friends encouraging them to write. (My wife wrote in, and got an E-mail back from the senator saying that yes, he too was strongly in favor of gun rights. Gotta love it when it's so bloody obvious that nobody reads these things.)
I doubt I can take much credit for this, though. I suspect that Gregg was swayed by either public opinion, or, more likely, by the usual suite of deep pockets in Washington who pointed out that these sorts of things would make life very difficult for big campaign donors.
Of course, there's recent rumblings from the RIAA and the MPAA that they think that privacy legislation is their biggest threat; wait for the "defense of copyright" bills which say that any encryption product must pass escrowed keys to the government and to the AAP, RIAA, and MPAA so that they can enforce their copyrights! Terrorism schmerrorism, the greatest threat to the USA is that somebody somewhere might be making copies of USA mass media products!!!!!.
-Rob
I think some of us tech geeks ought to go to Capitol Hill and point out that "Secure" websites also use encryption. That banks transfer funds through encrypted channels, etc etc etc...
Isn't it strange how "Encryption" is bad, but "Secure" is good despite the fact that they are the exact same thing? Criminals encrypt their transmissions but Bankers make "secure transmissions"
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
Give Senator Judd a break! Just because he changed his mind on an issue is not a bad thing. He probably just came to his senses after hearing the facts about the issue. You should be happy. I am. Now if he did actually change his mind again, you might have cause to criticize.
What's far worse are politicians who don't change their mind at all. You might as well dismiss the entire concept of debate.
Criticism, as Slashdot readers have proven time and again, is easy and abundant. Taking a stand is much harder. Changing your stand after hearing the arguments is an important part of democracy and free will.
You know Martin Luther King Jr. and Gandhi? You know what they had in common? They both thought that their respective governments had unjust laws, so they disobeyed those laws and accepted the punishments for them, and it worked.
This particular story is good news, because it means that representatives do think and can be convinced that they're not right. However there are still things like the SSSCA and the DMCA. I believe these laws are unjust myself. So I disobey them. If I get locked up in jail one day, so be it. But what good is their law if nobody obeys? Let them throw all the nerds in jail. See what happens then.
This is a little crazy, but imagine if all of slashdot turned off all of our servers at home and work. Then we refuse to turn them back on until the unjust laws are repealed.
Yeah, it's crazy, but I just ate a giant pixy stick, and I'm excited because my new computer is coming today.
The GeekNights podcast is going strong. Listen!
Are you people never satisfied? You complain about how narrow minded people are, and when they change thier stance so that it aligns with yours, you complain that they change their stance. I can understand the distrust. However, blasting people that join your side doesn't do much to help your cause.
I seriously doubt that the Open Source movement or the EFF made any difference, but that big, American multinationals made all the difference. Remember, they require encrypted communications too, and the idea that a competitor or foreign government could pay someone off to secure access to the backdoor would sacre us, because it *might* cost our companies (good and bad) billions, as someone already pointed out.
When big or medium business is threatened by this style of legislation, you can pretty much count on it to die or be severely watered-down or exempted.
Don't you just love politicians who stand by their positions?
This sort of comment bothers me. When we heard about this, there was a general cry on Slashdot: "Write letters so they understand how we feel and change their minds!" Well, he's changed his mind (perhaps because he now understands how his constituents feel, perhaps not). But don't we, in cases like this, really want our elected officials to do what we want them to? Maybe he really does have all of our interests in mind, he just needed to be educated?
He's in a no-win situation. If he didn't change his mind, it's: "He's listening to corporations! He's been bought! He's not representing us! Why won't he read our letters and change his mind?". But now that he did, it's: "no-good politicians can't stand for what they believe in!".
So you tell me: which way do you want it?
Actually, I love politicians who change their mind after being exposed to new information and opinions. Sheesh. Sometimes, you can't win. If you're a politician who won't change your mind, you're "closed-minded." If you're a politician who changes his mind after further consideration, then you're "a shifty weasel without principles."
Politicians face the same challenges as the rest of us. What are "core principles" that should never be compromised and what are "practical principles" that need to be adjusted as situations change and/or new information becomes available?
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
Some of the backlash against the terrorist attacks have been horendous. I was very relieved to see the slashdot community's interest in matters of privacy and such. It seems that most human rights that have been gained over the past century were about to be thrown out a window. It's not to say that they won't be in the future, but the gestapo in Germany began little by little and look what hapened. In the end it adds up. The same goes for the opposite end of the spectrum, but by bit it can get better.
We need to be weary and vigilant when it comes to the policing any given government conducts on it's own population. More often that not the body being protected (as well all know too well) is that which amounts to the powers that be, all the while it is lightly covered with a transparent veil with big letters reading "public safety."
There may be many things which need to be rethought in the comming months and years. Liberty to speak and do (responsibly) should not be one of them, and I'm glad to see others agree.
The MPAA/RIAA pointed out to him that they use encryption, and that there's no way they're going to trust their enforcement/collection division (US Government Inc.) with the keys?
This is presented frivilously, but it's a real possibility. There are plenty of corporate users of encryption who can easily afford to contribute a Mercedes or two to Senator Gregg's campaign fund to get this farcical idea off the table.
Holy heck, there's a nice hobby. Proactively inviting corporate bribes ("campaign contributions") by proposing dumb bills that will hurt them. Much more efficient than waiting for OmniGlobalHyperMegaCorp to come a-knocking on your door.
If you were blocking sigs, you wouldn't have to read this.
Now there are two good things about the anti-terrorism act:
1. It prevents the RIAA/MPAA from being judge/jurty/executionar and destroying OUR networks or our computers, and imposes severe penalties for such. Unfortunately, it also imposes severe pentalties on individual hackers for minor offenses less serious than a traffic infraction.
2. The government has not gained the right to violate OUR right to privacy/anonymity by forcing us all to use backdoors on our encryption. The same type of thing can be said to be true of anonymity: anonymizing services also won't, by extension, be forced to give the government a backdoor entrance.
On the other hand, unfortunately, there are some troubling concerns with this bill in terms of search & seizure & warrants.
I believe this bill has language in it that would make a warrant granted in one state to tap someone applicable in another. This violates the sovereignty of individual states. If the government wants a nation-wide warrant to tap someone, they should go to federal court.
The other troubling feature of this bill is that it allows the government to legitimately spy on every website we're visiting, and gives them the right to tap into more of our communications without a warrant from a judge.
If the government wants to have the right to tap into OUR communications, they should have to go to a court and get a warrant. If they go to a state court, the warrant should be applicable only in that state; if a federal court, then throughout the nation.
I have no problem with the government monitoring/tappign the online activity of people who'm one could reasonably believe are criminals(i.e., mobsters like John Gotti Jr). However, they should have to go to a court, and at that court, a public defender should be there to defend the accused's rights(the public defendant would simply make the case against a tap, based on available knowledge, without informing the accused that he was being considered for a wire tap -- if the accused were informed, it would be pointless).
So, what about Sen. Judd Gregg? Well, I'll give him credit for recognizing the validity of keeping encryption strong. It is obvious that when he initially called for a ban on backdoorless encryption, he was ignorant of encryption issues and caveats. Now, it is clear that he is more informed and realizes that his formerly proposed idea would not solve any problems, and would violate civil liberties. Of course, he did not say he was ignorant -- no one wants to say they didn't know what the fuck they were talking about.
That said, there are two reasons why politicians propose such laws which flagrantly violate civil liberties and solve no problems: (1) They were ignorant of the issues; (2) They simply did not care, and were bought off by some powerful organization(i.e., BSA, RIAA, MPAA, AAA, MS, etc).
If the reason why politiians propose such laws is that they were ignorant of the issues -- as most all of them are on issues of science, intellectual property, and computer technology -- that can be solved by educating them. If the problem is that they did not care and were bought off, that could be solved by: a. Not re-electing them; b. Launching a publicity campaign agaisnt them.
Of course, sometimes the reason why politicians are "ignorant of issues" is because they've been educated by self-interested lobby groups like the RIAA/MPAA/BSA/AAA/MS. These groups are large and rich, and it is natural for politicians to listen to them. In order to counteract that, we need to make politicians aware of the flaws of the positions of such groups, and the utterly self-interested nature of such groups. Any time any of these groups talks about "rights" or "benefitting the public" its bullshit. They have no concern for the public, only their bottom line; as for rights, the only rights they're concerned about are their own(i.e., the RIAA/MPAA seem to support their right to put out sexually explicit movies/songs even if these may reach kids[a right I support], but seem to think that freedom of speech is irrelevant when it comes to linking to a website with DeCSS on it, or sharing files).
social sciences can never use experience to verify their statemen
I want politicians who are smart enough to educate themselves before taking a position in the first place. Is that too much to ask?
"I can't learn anything from you I can't read in some fucking book." -- Sean in "Good Will Hunting"
I think the key here is that there was no reason given for his change of heart. If he had said "these people told me this, this, and this, now I understand why I was wrong the first time." then we would be happy. When a politician simply reverses policy without explanation we can't tell if the change was made for the right reasons, and if he changed his policy for the wrong reasons then we can't count on him sticking to the correct policy.
Having lived (free) 18 years in NH, I will tell you that one of the reasons Gregg might have backed down is the strong Libertarian group in that state. Many declared Republicans in that area are of the opinion that they don't want the government butting into any of their business, and this means no taxes, limited criminal laws, a citizen legislature, and a strong enforcement of the 4th amendment.
So what this means is that Gregg would lose significant numbers of votes in his state if he continued pressing for government snooping of Internet transactions. He's not brilliant, but he's also not as dumb as a brick.
Behind the scenes a major reason for the change is the considerable change in the standing of Freeh amongst Congress and in particular the GOP. When Freeh was supporting the GOP in their impeachment machinations he was flavor of the month. Since then there have been more and more questions about his effectiveness.
There are several in Congress who will behind closed doors blame Freeh for spending effort on his encryption obsession he should have spent stopping the 9/11 attacks. Even before 9/11 there were many complaints about FBI competence. The witholding of evidence in the Oaklahoma City bomb trials, the Wen Ho Lee incident, renewed questions about Ruby Ridge etc.
With Freeh gone and Mueller now in charge it is very unlikely he would want to resurect a crusade that is strongly associated with a successor now widely considered to have been a failure.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
Traffic analysis (observing patterns in when information is exchanged) has a number of potential countermeasures; these include sending dummy information (ie. sending out a stream of random numbers daily, and sometimes incorporating an encrypted message), using collating remailers with random delays and crypto wrappers (which, if done right, can make it difficult to determine to whom and from whom a message is sent, and also prevent timing-related attacks).
For that matter, there's still on surefire way of telling when encrypted data is being moved. One could (for instance) hide it in the output of a RNG (such as one of the web-available atomic random number sources), in a compressed file (recall, the point of compression is to remove entropy -- making the data look as random as possible) or elsewhere. Strong stego also exists, and is certainly publicly available.
In short, this bill would do nothing more than force the developers of strong crypto out of the US (those that still are here) and force the users to get sneakier. It would not, however, be effective in its overall goal.
As a current resident of NH, I can tell you that Gregg is actually a pretty smart guy, even if he does get get too much of his information from special interests (but then again, what politician doesn't?). A lot of people think mandatory backdoors for encryption is a Bad Thing, and I bet several of them have told Gregg how they feel about it. An editorial was also run in the Union Leader, the state's biggest newspaper, calling Gregg "disappointing." I'm sure there are other examples as well. Try having a little faith in your elected officials instead of blindly insulting them.
the coolest club on
Just a reminder that sometimes the sites we trust and love can present biased/inaccurate news. I love Slashdot and Wired but as they say, you can't believe everything you see/read.