Slashdot Mirror
Senator Backs Down On Crypto Backdoors
evenprime writes: " Sen. Judd Gregg (Republican, New Hampshire)
was advocating mandatory backdoors in crypto on Sept. 13. Wired
is now reporting that Sen. Gregg has changed his mind. They say that Gregg's spokesman, Brian Hart, has said: 'We are not working on an encryption bill and have no intention to.'" As Rob Carlson is quoted at the article's close, though: "(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again."
"(Gregg) said he was definitely supporting it. Now he says he's definitely not. Maybe he'll say he's definitely supporting it again."
Our beloved solons are sometimes wrong, but never in doubt.
Who wrote letters about this? I congratulate you for your efforts - they seem to be successful at this point.
Don't you just love politicians who stand by their positions?
Got Rhinos?
From the Wired article:
I think if they put a crypto provision in this bill, it would have passed," Froomkin said. "Look at what the administration got."
Froomkin was talking about additional eavesdropping and surveillance powers requested by the Bush administration, which the Senate and the House overwhelmingly voted for last week. That bill is called the USA Act.
He backed off crypto backdoors because the government is going to get enhanced wiretapping powers, etc.
It's a little give and take, but it's nice to see the "give" this time.
This is the first time I can think of where some politico who was talking about some horrible piece of legislation which was opposed in an organized fashion by the open-source community actually changed his mind. Am I being wildly optimistic in thinking that the online petitions, EFF lobbying, etc. made a difference, and might make a difference in the future? Or was there some other factor at work here?
The correlation between ignorance of statistics and using "correlation is not causation" as an argument is close to 1.
I think some of us tech geeks ought to go to Capitol Hill and point out that "Secure" websites also use encryption. That banks transfer funds through encrypted channels, etc etc etc...
Isn't it strange how "Encryption" is bad, but "Secure" is good despite the fact that they are the exact same thing? Criminals encrypt their transmissions but Bankers make "secure transmissions"
The Dopester
"Yes, I'm a Karma Whore, but I'm doing it to pay my way through school."
Give Senator Judd a break! Just because he changed his mind on an issue is not a bad thing. He probably just came to his senses after hearing the facts about the issue. You should be happy. I am. Now if he did actually change his mind again, you might have cause to criticize.
What's far worse are politicians who don't change their mind at all. You might as well dismiss the entire concept of debate.
Criticism, as Slashdot readers have proven time and again, is easy and abundant. Taking a stand is much harder. Changing your stand after hearing the arguments is an important part of democracy and free will.
You know Martin Luther King Jr. and Gandhi? You know what they had in common? They both thought that their respective governments had unjust laws, so they disobeyed those laws and accepted the punishments for them, and it worked.
This particular story is good news, because it means that representatives do think and can be convinced that they're not right. However there are still things like the SSSCA and the DMCA. I believe these laws are unjust myself. So I disobey them. If I get locked up in jail one day, so be it. But what good is their law if nobody obeys? Let them throw all the nerds in jail. See what happens then.
This is a little crazy, but imagine if all of slashdot turned off all of our servers at home and work. Then we refuse to turn them back on until the unjust laws are repealed.
Yeah, it's crazy, but I just ate a giant pixy stick, and I'm excited because my new computer is coming today.
The GeekNights podcast is going strong. Listen!
It's kinda funny. For a long time now people have been saying "if you want your congress rep, senator, MP, friendly dictator, etc. to listen send them snail-mail". These days with the Anthrax scares, I'd say one way to guarantee your rep won't see what you wrote it to send it by snail-mail.
Will this result in more reps using email, and thus more influence for geeks? Or will this just mean phone calls and personal appearances become even more important.
One thing's for sure. If you want to write your rep a letter about something that matters to you -- put down that powdered sugar donut and wash your hands before you do do it!
Are you people never satisfied? You complain about how narrow minded people are, and when they change thier stance so that it aligns with yours, you complain that they change their stance. I can understand the distrust. However, blasting people that join your side doesn't do much to help your cause.
probably he was surprised that his IT department staff suddely smiled at him knowingly when passing by since he started an email flirt.
I seriously doubt that the Open Source movement or the EFF made any difference, but that big, American multinationals made all the difference. Remember, they require encrypted communications too, and the idea that a competitor or foreign government could pay someone off to secure access to the backdoor would sacre us, because it *might* cost our companies (good and bad) billions, as someone already pointed out.
When big or medium business is threatened by this style of legislation, you can pretty much count on it to die or be severely watered-down or exempted.
Ok, I'm sure none of us are surprised by this sort of political backpedalling, but it's still funny and sad at the same time.
Judd's actions were (IMHO) mostly a knee-jerk, "let's get some P.R. for our re-election campaign going" fear-based reaction. It's sick to see politicians using something as horrible as 9/11 for their own ends like this, but again, not surprising.
Here's another site discussing this stuff as well: Wartimelibery.com [yass].
As for the so-called poll results that were "supporting" his initial efforts to get this stuff rammed through into policy, they're just more evidence that the American public doesn't entirely grasp the full ramifications of this sort of thing. Now, I'm not blaming these people entirely. I'd be *completely* unqalified to talk about heart surgery, although I understand encyption.
Maybe its time for more public efforts aimed at educating the masses about how encryption really works. This might help reduce the position a lot of folks have taken recently that "it's a terrorism tool" and such. Yes, it can be used for evil, but so can the spatula I use to flip my pancakes on the stove. Nobody wants to outlaw cookware.
Anybody got links to projects in action *now* that are trying to accomplish this sort of thing?
The list goes on. Fortunately key escrow is opposed by the very people who run America - large corporations and lobbying groups. And that is why we need to worry about the crap in ATA/PATRIOT instead - because big companies don't care whether or not the government can snoop on anti-WTO activists, detain immigrants forever, or give life sentences to hackers.
-CT
Actually, I love politicians who change their mind after being exposed to new information and opinions. Sheesh. Sometimes, you can't win. If you're a politician who won't change your mind, you're "closed-minded." If you're a politician who changes his mind after further consideration, then you're "a shifty weasel without principles."
Politicians face the same challenges as the rest of us. What are "core principles" that should never be compromised and what are "practical principles" that need to be adjusted as situations change and/or new information becomes available?
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
Some of the backlash against the terrorist attacks have been horendous. I was very relieved to see the slashdot community's interest in matters of privacy and such. It seems that most human rights that have been gained over the past century were about to be thrown out a window. It's not to say that they won't be in the future, but the gestapo in Germany began little by little and look what hapened. In the end it adds up. The same goes for the opposite end of the spectrum, but by bit it can get better.
We need to be weary and vigilant when it comes to the policing any given government conducts on it's own population. More often that not the body being protected (as well all know too well) is that which amounts to the powers that be, all the while it is lightly covered with a transparent veil with big letters reading "public safety."
There may be many things which need to be rethought in the comming months and years. Liberty to speak and do (responsibly) should not be one of them, and I'm glad to see others agree.
A college political science professor once made a statement that stuck with me - "the U.S. system of government is intentionally designed to impede the popular will." In this case, it seems to have worked. Our entire system of government is designed to slow things down so that rash and unwise decisions don't get made too quickly. It doesn't always work, but the current crisis is exactly the kind of situation our government is designed to deal with.
The government doesn't always act as quickly as we would like - and that's a good thing.
** The opinions expressed here are my own, and do not reflect those of my employers - past, present, or future**
I should mention that this is discussed in the Cato Institute's Daily Dispatch today. It points to a longer discussion (from 10/11/01 when Mr. Gregg was proposing the legislation) that you may find relevant.
I guess somebody finally told him that the good guys would simply shrug their shoulders and the bad guys would have been forced into other, more secret, methods or implemented their own encrpytion. With "no backdoors" encryption in place investigators can at least gather some information about potential bad guys. E.g. that there _is_ secret information exchange taking place and/or they can detect patterns in the secret information exchange. Is there a rise in communication, followed by silence (somebody received orders, had questions and has now gone to sleep!?). You maybe not know the content of the message, but that might not be too important. Just imagine if the bad guys would now take a stego approach, doing it a little bit more clever than the "I hide a picture with content at eBay because it is soooooo secret" guys? Hide it in music, streaming videos, with your own algorithm, chunk it, ...
Nevermind, I know that the paranoid will now say that the NSA can compute any key length anyway. Maybe. Who knows? This is not a threat to me.
Perhaps we can use this to our advantage in other areas where we would like to influence legislation. Rather than lobbying the politicians directly, we simply need to formulate arguments for or against legislation that appeals to Big Money and lobby them instead.
This tactic is unlikely to work with respect to the DMCA and its decendants; I can think of no argument that would persuade the RIAA et. al. that these copyright laws are bad for business. But there are many other areas of online privacy and security which could be of great interest to Big Money if framed in the correct way.
Now there are two good things about the anti-terrorism act:
1. It prevents the RIAA/MPAA from being judge/jurty/executionar and destroying OUR networks or our computers, and imposes severe penalties for such. Unfortunately, it also imposes severe pentalties on individual hackers for minor offenses less serious than a traffic infraction.
2. The government has not gained the right to violate OUR right to privacy/anonymity by forcing us all to use backdoors on our encryption. The same type of thing can be said to be true of anonymity: anonymizing services also won't, by extension, be forced to give the government a backdoor entrance.
On the other hand, unfortunately, there are some troubling concerns with this bill in terms of search & seizure & warrants.
I believe this bill has language in it that would make a warrant granted in one state to tap someone applicable in another. This violates the sovereignty of individual states. If the government wants a nation-wide warrant to tap someone, they should go to federal court.
The other troubling feature of this bill is that it allows the government to legitimately spy on every website we're visiting, and gives them the right to tap into more of our communications without a warrant from a judge.
If the government wants to have the right to tap into OUR communications, they should have to go to a court and get a warrant. If they go to a state court, the warrant should be applicable only in that state; if a federal court, then throughout the nation.
I have no problem with the government monitoring/tappign the online activity of people who'm one could reasonably believe are criminals(i.e., mobsters like John Gotti Jr). However, they should have to go to a court, and at that court, a public defender should be there to defend the accused's rights(the public defendant would simply make the case against a tap, based on available knowledge, without informing the accused that he was being considered for a wire tap -- if the accused were informed, it would be pointless).
So, what about Sen. Judd Gregg? Well, I'll give him credit for recognizing the validity of keeping encryption strong. It is obvious that when he initially called for a ban on backdoorless encryption, he was ignorant of encryption issues and caveats. Now, it is clear that he is more informed and realizes that his formerly proposed idea would not solve any problems, and would violate civil liberties. Of course, he did not say he was ignorant -- no one wants to say they didn't know what the fuck they were talking about.
That said, there are two reasons why politicians propose such laws which flagrantly violate civil liberties and solve no problems: (1) They were ignorant of the issues; (2) They simply did not care, and were bought off by some powerful organization(i.e., BSA, RIAA, MPAA, AAA, MS, etc).
If the reason why politiians propose such laws is that they were ignorant of the issues -- as most all of them are on issues of science, intellectual property, and computer technology -- that can be solved by educating them. If the problem is that they did not care and were bought off, that could be solved by: a. Not re-electing them; b. Launching a publicity campaign agaisnt them.
Of course, sometimes the reason why politicians are "ignorant of issues" is because they've been educated by self-interested lobby groups like the RIAA/MPAA/BSA/AAA/MS. These groups are large and rich, and it is natural for politicians to listen to them. In order to counteract that, we need to make politicians aware of the flaws of the positions of such groups, and the utterly self-interested nature of such groups. Any time any of these groups talks about "rights" or "benefitting the public" its bullshit. They have no concern for the public, only their bottom line; as for rights, the only rights they're concerned about are their own(i.e., the RIAA/MPAA seem to support their right to put out sexually explicit movies/songs even if these may reach kids[a right I support], but seem to think that freedom of speech is irrelevant when it comes to linking to a website with DeCSS on it, or sharing files).
social sciences can never use experience to verify their statemen
I think somone hit him with a cluebat.
.. whenever I hear politicians talking about encryption it's always email when in fact 99% of my use of encryption is either SSL or SSH.
It's actually pretty funny
I used to intern in Senator Gregg's Washington Office, and I very much applaud his decision to back off this absurd position on encryption. While I am not informed about the exact circumstances surrounding his position change, I tend to think that he (and his staff) probably did react quickly and without detailed study of the issue out of genuine concern for the country. Then upon further study and consideration he has wisely and somewhat courageously backed off the issue.
Senator Gregg is an honorable and intelligent legislator, but he is also human and as we all know to err is human. That's what happened in this case and thankfully he and his staff have realized their error and corrected it. If all legislators were as conscientious and willing to examine and retract imprudent and ineffective positions as Sen. Gregg has proved he is in this case, IMHO this country would be a much better place.
One final note, at least when I interned on the Hill (about 4 years ago) snailmail was much more effective as a public lobbying tool than was email. The volume of e-mail (and faxes) was such that it was impossible for the staff to respond or even really note the contents of all the messages, while just about every peice of snail mail (at least from constituents) was answered. Keep this in mind for future letter campaigns.
Crypto backdoors DO solve some problems for some people. For example, if you are a terrorist, it DOES solve your problem of obtaining more money...
LedgerSMB: Open source Accounting/ERP
Good news: the former choice is available again!
sulli
RTFJ.
IN THE THIRD MILLENNIUM, THE WORLD CHANGED. CLIMATE, NATIONS, ALL WERE IN UPHEAVAL...THE INTERNET TRANSFORMED INTO A POISONOUS SCORCHED DESERT, KNOWN AS "THE CURSED EARTH"
MILLIONS OF SLASHDOTTERS CROWDED INTO A FEW MEGA ISPS. ISPS WHERE ROVING BANDS OF HACKERS CREATED VIOLENCE THE JUSTICE SYSTEM COULD NOT CONTROL. LAW AS WE KNOW IT COLLAPSED. FROM THE DECAY ROSE A NEW ORDER. A SOCIETY RULED BY A NEW 31337 FORCE.....A FORCE WITH THE POWER TO DISPENSE BOTH JUSTICE AND PUNISHMENT.... THEY WERE THE POLICE. JURY AND EXECUTIONER ALL IN ONE.
THEY WERE THE JUDDS.
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
I think it is because he cannot explain how putting in backdoors will stop terrorists communicating by other means e.g. personal courier and steganography.
Government say about surveillance - "you've nothing to fear - if you are not breaking the law"
This argument is made to pressure people into acquiesce - else appear guilty.
It does not address the real reason, why they want this information - they want a surveillance society.
They wish to invade your basic human right to privacy.
This is like having somebody watching everything you do - all your thoughts, hopes and fears will be open to them.
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the lies of Government - even more money spent on Carnivore will not protect you.
Incidentally, the United States Department of Commerce and the United Nations World Intellectual Property Organization know the solution to domain name and trademark problems.
You will find it at WIPO.org.uk
Then:
Two days after the Sept. 11 attacks, Gregg strode onto the Senate floor and called for a global prohibition on data-scrambling products without backdoors for government surveillance.
Now:
"We are not working on an encryption bill and have no intention to," spokesman Brian Hart said in an interview.
It's obvious what happened. Somebody from the CIA phoned the senator and said "hey dumbass, we already can descramble all the encrypted messages, shut up about it already." At least that's my take on things.
~ now you know
Having lived (free) 18 years in NH, I will tell you that one of the reasons Gregg might have backed down is the strong Libertarian group in that state. Many declared Republicans in that area are of the opinion that they don't want the government butting into any of their business, and this means no taxes, limited criminal laws, a citizen legislature, and a strong enforcement of the 4th amendment.
So what this means is that Gregg would lose significant numbers of votes in his state if he continued pressing for government snooping of Internet transactions. He's not brilliant, but he's also not as dumb as a brick.
Behind the scenes a major reason for the change is the considerable change in the standing of Freeh amongst Congress and in particular the GOP. When Freeh was supporting the GOP in their impeachment machinations he was flavor of the month. Since then there have been more and more questions about his effectiveness.
There are several in Congress who will behind closed doors blame Freeh for spending effort on his encryption obsession he should have spent stopping the 9/11 attacks. Even before 9/11 there were many complaints about FBI competence. The witholding of evidence in the Oaklahoma City bomb trials, the Wen Ho Lee incident, renewed questions about Ruby Ridge etc.
With Freeh gone and Mueller now in charge it is very unlikely he would want to resurect a crusade that is strongly associated with a successor now widely considered to have been a failure.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
What keeps this from working is there is no big union. For something like this to work you really have to have basically all the tech workers signed on. Even 60-70% would probably not be enough. Id' say you'd need at least 85% and maybe above 90%. Only then would there be enough immediate squeze to really make people listen. However, most geeks I know including myself have no desire to unionize. There are some benifits, but I think it's not worth it.
Traffic analysis (observing patterns in when information is exchanged) has a number of potential countermeasures; these include sending dummy information (ie. sending out a stream of random numbers daily, and sometimes incorporating an encrypted message), using collating remailers with random delays and crypto wrappers (which, if done right, can make it difficult to determine to whom and from whom a message is sent, and also prevent timing-related attacks).
For that matter, there's still on surefire way of telling when encrypted data is being moved. One could (for instance) hide it in the output of a RNG (such as one of the web-available atomic random number sources), in a compressed file (recall, the point of compression is to remove entropy -- making the data look as random as possible) or elsewhere. Strong stego also exists, and is certainly publicly available.
In short, this bill would do nothing more than force the developers of strong crypto out of the US (those that still are here) and force the users to get sneakier. It would not, however, be effective in its overall goal.
Is it just me or did anyone else misread "Judd Gregg" as "Judge Dredd?" I wondered what in the hell Sylvester Stallone would know about software backdoors...
Hmm... "shifty, closed-minded weasel without principles" does describe at least some of our Honorable Representatives... and, of course, Hilary Rosen, Jackie "The Fish" Valenti, and Ted Turner.
Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
But apparently can't refrain from making Shatner joke...
Virg
No they don't. I don't face the challenge of building a large War Chest for the Re-Election.
Slashdot: Failed Car Analogies. Amateur Lawyering. Anecdote Battles.
As a current resident of NH, I can tell you that Gregg is actually a pretty smart guy, even if he does get get too much of his information from special interests (but then again, what politician doesn't?). A lot of people think mandatory backdoors for encryption is a Bad Thing, and I bet several of them have told Gregg how they feel about it. An editorial was also run in the Union Leader, the state's biggest newspaper, calling Gregg "disappointing." I'm sure there are other examples as well. Try having a little faith in your elected officials instead of blindly insulting them.
the coolest club on
Here there are 1 out of 5 who emotionally support you, but since I know that the other 4 people could run things without me, what would I be proving?
(Well, what I'd be proving is that I'm ready for retirement.)
I think we've pushed this "anyone can grow up to be president" thing too far.
Seriously? The Senator has done something it seems people here actually consider reasonable. If you are a constituent of his, why don't you send him your thanks and tell him you did a good job? Lobbyists do not wait for a crisis; they're sending him mail 24/7.
If you want to tell him something additional along these lines (you feel that US crypto export controls only hamper the US, etc.) tell him it as well; he's much more likely to listen to your additional arguments as long as they go along with his current course of action.
Just a reminder that sometimes the sites we trust and love can present biased/inaccurate news. I love Slashdot and Wired but as they say, you can't believe everything you see/read.