Slashdot Mirror
Ask Cryptome's John Young Whatever You'd Like
John Young of Cryptome, though trained as an architect, has garnered recognition in another field entirely. Since 1996, he's been publishing timely, trenchant news online as the mind behind crypto jya.com and Cryptome. ("Our goal is to be the most disreputable publisher on the Net, just
after the world's governments and other highly reputable bullshitters." ) This has put him on the forefront of various online liberty issues, from the MPAA's DeCSS crackdown on DeCSS (he fought the lawyers -- and won), to Carnivore, to Dmitry Sklyarov's continuing imprisonment, and now the several fronts along which electronic communications are threatened by current and upcoming legislation. He recently posted this to the front page: "Cryptome and a host of other crypto resources are likely to be shutdown if the war panic continues. What methods could be used to assure continued access to crypto for homeland and self-defense by citizens of all nations against communication transgressors?" Now's your chance to ask him about the fight for online freedom. Please pose just one question per post; we'll send 10-15 of the highest moderated ones on to John for his answers.
Immediately after the events of 11 September, lawmakers twiddled with the idea of backdoors in crypto products. Last week I read somewhere (not sure if it was on slashdot or some other news site) that lawmakers were backing down on this for some reason (can't remember why).
Is this 'backing down' accurate? What do you think caused the change of heart? And what is your opinion of backdoors in general? Do you think they would work as lawmakers intend them to?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
The current means of doing public/private key encryption (via large primes) seems pretty much universal. Should we be looking for an alternative if/when someone finds a way to break it?
Let's not stir that bag of worms...
Mr. Young,
Currently the vast majority of email travels unencrypted through the Internet, ripe for eavesdropping by Carnivore/DCS1000/Echelon/etc. This is a bit of a "last mile" problem, as I can't reasonably expect my grandmother on AOL to be able to read my PGP-encrypted messages to her unless encryption is made into a standard part of the infrastructure. Otherwise 99% of the users won't bother and that's the situation we have now.
What do you see as being the catalyst that forces the majority of software and service providers to make encrypted email standard equipment? Will it be public outrage over eavesdropping, bribery of ISPs and Microsoft by Verisign or Thawte, or something else altogether? And do you forsee more success for a decentralized standard, like OpenPGP, or for a centralized standard like S/MIME?
-CT
Do you believe that it is even possible for any kind of government--be it theocratic, totalitarian, or democratic--to coexist on peaceful terms with the existence of individual and corporate privacy and secure communications?
"Feel a glory in so rolling / on the human heart a stone" --E. A. Poe, "The Bells"
What's your opinion on Alan Cox's recient decision to censor security related fixes in his change log announcements on LKML? He cited the DCMA. Also, given that civil liberties are often the first casuality of war, and given that we're "at war" now with Afganistan, when if ever do you think we will see a sucessful court challange that will get this bad law (the DMCA) overturned?
But this is slashdot. A slashdoter who didn't build his own computer is like a Jedi who didn't build his own lightsaber!
1. What can normal people do to help out with mirroring important information (e.g., crypto information, documentation on civil liberties threats, reverse engineering and Fair Use securing tools, etc.)? How can we stay out of trouble with the law while we're helping out?
2. Have you ever considered providing a mirroring clearing house? That is, devoting a section of cryptome to listing, in an up-to-date manner, resources which need mirroring in various parts of the world?
Thanks!
"Cause there's 40 different shades of black, so many fortresses and ways to attack, so why you complainin'?"
Due to the current wave of anthrax troubles in the US, do you think a system will be developed somewhere to allow for Certified Email that employes the applications of crpyto to certifying digital signitures, certificate authority, etc? Even if such a service is funneled through a government agent like the Postal Service at like 5 cents per message to be certified, do you think such a service would be useful?
The One Rule Of Chess You'll Ever Need: Don't play someone who carries a kit in their bookbag.
I keep track of the kind of thing Cryptome covers. It affects you, after a while.
Overall, are you optimistic or pessimistic that we will eventually (call it 5-20 years) have a society that you would find reasonably acceptable? Or do you think we're destined for one form or another of effective totalitarianism?
I read Cryptome regularly, generally every day or so, and the only question that I can think of is, Where do you get your information from? I'd like to know os that I canstart researching things much the same way.
"See, we plan ahead! That way, we never have to do anything now."
Supporters of this program claim that such a program will allow day-to-day communications among law-abiding citizens to remain private, whilst still allowing the FBI and CIA to monitor the communications of suspected terrorists(with a warrant, of course).
The liberal media opposition to this initiative is claiming that by installing government accessible backdoors into encryption tools, we are giving up our right to privacy in favor of increased public safety. For the purposes of this post, I'm going to ignore the fact that nowhere in our Constitution or Bill of Rights, are we guaranteed anonimity or absolute privacy. It seems to me that if we cannot trust our policing agencies to be responsible with the power they have been given, the problem is not with the cryptography, but the government itself, and this problem needs to be addressed as such.
My question to you is: What is Cryptome's, and your personal, stance on government accessible backdoors installed in cryptography. Would the benefit to law enforcement, and the increased homeland security outweigh the possible implications to the loss of privacy. Do you think open-sourcing popular cryptographic tools would help alleviate people's fears about the integrity of their data security?
-atrowe: Card-carrying Mensa member. I have no toleranse for stupidity.
I know it's a basic question - but it seems to be at the heart of the Free-Crypto debate. Free speech should be free whether its in English, French, FORTRAN or Perl. What arguments do you hear against programming being protected as free speech? Can you use the First Amendment against DMCA, ITAR, etc?
There are 10 types of people in this world, those who can count in binary and those who can't.
Hi John,
What do you think of XP, particularly with regard to Passport and privacy concerns?
Thanks,
Al.
Given modern computing's advances, it's now much easier to encrypt casual traffic than it has been in the past. Have you ever considered providing https:// or some other encrypted form of access to your sites for the general public?
Indie rock lives! b-side!
Despite how everyone on /. talks a big storm about bucking the government, it's got to be pretty damn scary when the feds come knocking at your door. You've no doubt made some powerful, big-time enemies in both the private sector and the government.
Do you ever fear for your own or your family's saftey because of this. Have you ever been threatened? By whom, government agents or private individuals?
If you don't fear for your saftey, what factors about what you do make you feel 'immune' from being 'removed' clandestinely?
The next Slashdot story will be ready soon, but subscribers can beat the rush and slashdot the links early!
Are you ever worried about being shutdown / arrested / bugged / having a smear campaign run against you?
Do you think that all the muck flinging by both governments and corporations is going to lead to somone developing a virtual, anonymous, secure network running over the Net that will be untouchable by governments (i.e. legally secure from attack by dint of listening to the Harvard Law types and using their knowledge combined with technological solutions)?
Do you expect show trials by governments to show that the laws they areintroducing now (RIPA in the UK, USA-Patriot in the US etc) are effective, and how long do you think before there will be miscarragies of justice based on political expedeincy?
Any sufficiently advanced man is indistinguishable from God
Thanks for your efforts. My question was discussed recently on a thread regarding the decision by Thawte to discontinue selling CodeSigning certificates to individuals.
What are the biggest obstacles to a public CA which is supported and funded by, say, the FSF? Is such a thing possible for the Free software community? I guess insurance and certification would be the biggest stumbling blocks. Are there other dimensions to such an undertaking which have not been considered?
Is there any way you can think of that would help convince people (based on scientific principles) that centralised security services are a bad idea? That convenience should not come before security?
Soko
"Depression is merely anger without enthusiasm." - Anonymous
What do you do all day? From what I've read on Cryptome it's clear you remain interested in Architecture - do you still have any professional involvement (info in the on-site BIO tails off at 98)? If not, how do you pay the bills? How did you get from architecture to cryptome? Do you have any interest in computers and the internet other than as a tool (would you consider yourself a hacker, in the positive sense)?
I know, it's more than one question, but they're all in the same direction. I'm curious about the guy.
http://www.acooke.org
The theory of the panopticon state bounces around on Cryptome and Cartome quite a lot. It is interesting that Cryptome and JYA in a certain sense have been set up to watch the watchers and mitigate the power of the panopticon.
My question is: how aggressive can you/should you be in trying to detail the actions of the (insert three letter acronyms and governments here) pushing panopticonism as the solution to society's problems?
You are clearly willing to put yourself in legal peril, but surely there is a point of diminishing returns. How do you balance things, and have you withheld, or would you ever withhold, information that you would like to publish? (...and yes there are two question marks, but they are pretty related)
And thanks!!
John, I find the service that you provide as Cryptome to be essential. You remind me strongly of the title character in Vonnegut's short story
Report on the Barnhouse Effect. Your reporting keeps the entire world somewhat more honest; and I can't think that it's possible that governments are more careful knowing that someone is watching.
The end of the story, is, of course, of the passing of the torch to Barnhouse's apprentice. I am worried that there's nobody with the combination of integrity, fearlessness, and intelligence to carry on with your work, when your time to perform it is over. Do you worry about that, and are there people to carry the load?
thad
I love Mondays. On a Monday, anything is possible.
I've been watching the United States slow slide towards becoming a police state since the early 90's, when I discovered the Clipper Chip fiasco on comp.org.eff.talk. Thanks for your dedicated work to fight this trend, it won't be forgotten, even if it fails...
So, my question is: If the United States becomes a hostile place for freedom (DMCA, SSSCA, extreme anti-terrorism laws, etc.) where are some good places to flee to?
I write and use free software, and I expect I'll be leaving the US within a couple of years. (I've got a great job, otherwise I'd be leaving already). I don't mind learning a different language... Do you know of any comparative study of different countries of the world, considering at least:
- free speech
- free software
- software patents
- Privacy
- public awareness of the above issues (Most important, perhaps!)
- A just and fair, uncorrupted legal system
- Reasonable balance of taxation, government spending on useful things like education, health care, etc.
- High standard of living
Where would you go?
Torrey Hoffman (Azog)
"HTML needs a rant tag" - Alan Cox
John,
At some point you decided to run cryptome and publish controversial materials under your true identity rather than under a pseudonym.
What benefits and detriments have you found to using your real identity for your efforts instead of a pseudonym?
In your opinion, what will it take - either in terms of EFF-style activism or in terms of 1984-style government repression - to make the average person-on-the-street care about our digital freedoms?
In the current environment it seems that most people have adopted the attitude of Britain's John Major who said - as his Tories wired the UK with videocameras - ``If you have nothing to hide, you have nothing to fear.''
-Renard
Many people will undoubtably ask wide and far-reaching questions about civil-liberties, activism, and running cryptome.org. In contrast, I would like to ask a question perhaps trivial in comparison, but also in the hearts of so very many of your fans.
If this is really ask whatever we'd like ...
How in the world do you generate that unique hash of free-association, bafflegab, verbing, just-this-side-of-understandable wording (not sure which side), "Younglish" writing, for which you are reknowned?
Are consciousness-altering substances ever involved? Where they ever involved? Is it effortless, or do you work at it?
This is nowhere in the same league as DMCA, terrorism, and whatnot.
But believe me, inquiring minds want to know.
Sig: What Happened To The Censorware Project (censorware.org)
John,
Let me begin by thanking you for your unflinching adherence to the principals of disclosure and freedom of information. I am a great fan of your continuing work. My question follows:
You have in the past, and continue to, post "dangerous" information like names of former intelligence agents, details of government cover-ups, radically contrarian opinions, and open calls for subversive action.
A good example of this is Cryptome's continuing threads on the structural failure of the WTC and potential vulnerabilities of other landmarks. Some would claim that this kind of conversation should take place in closed-door meetings - that open discussion like this could only benefit evil and your support of such discussion is irresponsible.
What are the principals and moral guidelines you use when publishing Cryptome? Are there any lines you would not cross? What are the implications of shifting public opinion (70% favor a national ID card) and mounting US totalitarianism to Cryptome?
Also, during your talk at USENIX Security '01 you talked about different ways that you are keeping backups of your data. Including having other sites ready to host the data at a moment's notice, and sending out backups of the site to whoever wants copies. You had also mentioned work on a distributed storage system that would be more resistant to having one node shut off. Have you made any progress with this?