Slashdot Mirror
Former FBI Chief Keeps Up Anti-Crypto Campaign
ganns.com writes "Former FBI director Louis Freeh is urging lawmakers to limit encryption products that don't include backdoors for government surveillance." Still urging, that is.
← Back to Stories (view on slashdot.org)
Ive got pig latin, paper and pencil, and too much free time on my hands. Lets see them decrypt my mail. Even I cant read my damn handwriting.
All Troll + "offtopic" mods are meta moderated as "Unfair", because you abused the system.
Still only urging, for now. I'm sure at some point one of our fine elected officials will introduce some 'anti-terrorism' bill that mandates government backdoors in crypto, in the interest of 'national security' and 'definding against terrorists', of course.
This has been a test. Had this been a real emergency, we would have fled in terror and you would not have been informed.
Seriously! What? It's like he lost the password to his encrypted pr0n archive, and ever since then he's just been bitter. Or maybe he's just jealous that the NSA could crack everything and his agency never could.
One piece at a time, the DOJ (which oversees the FBI) is pulling privacy and our rights out from beneath us.
But how will the govt know whether that is a terrorist using encryption, or a regular joe sending lots of encrypted personal messages, not realizing that personal stuff "should not" be encrypted?
And why should "personal, non-secret, communication" be not encrypted? Even if I am just sending my wife a grocery list or sending my aunt a christmas list, I don't want the hacker along the way to be able to read it!
10b||~10b -- aah, what a question!
Outlawing (or discouraging) encryption hurts innocent people far more than terrorist or your favorate evil of the day.
'SBEMAIL!' is better than a goat!!
When crypto is outlawed, only outlaws will have crypto.
Freeh needs to find a whipping boy for the failures of correlating the various peices intelligence datum, which occurred on his watch. Restricting legal access to crypto will only assist in the illicit observation of constitutionally protected speech by private individuals, and destroy what little competitive advantage is enjoyed by U.S. software industries over their counterparts in Israel and India.
The algorithms and the source will not go "back in the can."
Louis Freeh is responsible, in a large part, for the biggest intelligence failure in modern recollection. None of the failure in this effort was for lack of access to encrypted communications, but from standard failures of organization and communications within the concerned agencies.
The Heritage Foundation - not normally critical of the FBI's mission - has this to say:
Encryption wasn't used in this instance. No evidence for it has ever been found. Freeh has a broader, more insidious agenda here, involving free speech and civil liberties. Unfortunately, the record shows that deep, analytical thinking about these issues is outside the grasp of the majority of America's elected representatives."Flyin' in just a sweet place,
Never been known to fail..."
As a practical matter, basic encryption needs to be part of a lot of emerging systems. There is so much going on in digital wireless, and it isn't going to stop soon. With processors getting faster each year, you have to up the number of bits in your encryption just to stay ahead of what can be broken with commodity hardware and dumb software (brute force).
The government will always have access to the means to decrypt codes that wouldn't be practical for anyone else. The question becomes whether it makes any sense to limit most uses of crypto to a level between what is easy, and what the government can decrypt with some effort. They don't seem to be doing too well catching people who aren't using any crypto, so what's the point.
IMHO, the only thing that can be accomplished is to hurt commerce and individual privacy. It is often just a matter of setting parameters to set the length of keys and such, and they are going to make companies who do anything with encryption do extra paperwork and such to track it. And god forbid you want to user GnuPG for anything. I'm sure they want to outlaw that completely.
Hey, if Freeh managed to get a law enforcement backdoor into every crypto device and it applied to Palladium and other DRM systems implemented in hardware, then those systems would be considerably more vulnerable!
Maybe Freeh isn't so bad after all. :-)
I have posted similar comment a couple of times before - the logic is undeniable. Nobody has ever gave reasoned argument against it:
Ask Security Services in the US, UK or Indonesia (Bali) to deny this:
Internet surveillance, using Echelon, Carnivore or back doors in encryption, will not stop terrorists communicating by other means - most especially face to face or personal courier.
Terrorists will have to do that, or they will be caught.
Perhaps using mobile when absolutely essential, saying - Meet you in the pub Monday (human bomb to target A), or Tuesday (target B) or Sunday (abort).
The Internet has become a tool for government to snoop on their people - 24/7.
The terrorism argument is a dummy - bull*.
SURVEILLANCE WILL NOT BE ABLE TO STOP TERRORISTS - IT IS SPIN AND PROPAGANDA
This propaganda is for several reasons, including: a) making you feel safer b) that the government are doing something and c) the more malicious motive of privacy invasion.
Government say about surveillance - you've nothing to fear - if you are not breaking the law
This argument is made to pressure people into acquiescence - else appear guilty of hiding something.
It does not address the real reason why they want this information (which they will deny) - they want a surveillance society.
They wish to invade your basic human right to privacy. This is like having somebody watching everything you do - all your personal thoughts, hopes and fears will be open to them.
This is everything - including phone calls and interactive TV. Quote from CNET: "Whether you're just accessing a Web site, placing a phone call, watching TV or developing a Web service, sometime in the not to distant future, virtually all such transactions will converge around Internet protocols."
All your finances for them to scrutinize - heaven help you if you cannot account for every cent when they check on your taxes.
Do not believe the LIES of Government - even more of your money spent on these measures will not protect us from terrorists.
P.S. On the Domain Name System, big business steal words that belong to everybody - abridging what words you can use - violating the First Amendment. Corporations illegally abuse and expand their brand using domain names - above all smaller businesses who use similar words - violating Competition Law.
The authorities LIE - they know how to make these trademark domains unique and totally distinctive, as the LAW requires trademarks to be. They are aiding and abetting the pervertion of Law. Please visit the World Intellectual Piracy Organization - not connected with United Nations WIPO.org !
What's the point in encrypting anything if you leave a backdoor? wouldn't that be like building a HUGE S**TY wall around your town and leaving the gate shut without a lock. aren't any good crypto algo developed so that there's as little possibility as possible(zero) of that somebody finds a quick walk-around attack?(like just editing the header as i believe those pdf's cracked)
Wouldn't this only produce questionable algorithms? if the gov. can read it why wouldn't somebody else be able to read it too or just abuse the system(corp x says it's fbi connection there's a problem with individual y, fbi agent NOrman CLUE just pops out access for the corp x to y's keys.).
besides, the terrorists can either use already developed 'good' crypto soft or just code their own(oh well, maybe they're trying to turn coding into some thing only sanctioned guilds can do, wait a minute, that would be cool actually, if little perverse).
world was created 5 seconds before this post as it is.
Anything that helps the enemy while hurting the domestic front is typically called treason of some form or another. We know that it is logistically impossible for encryption to NOT fall into the hands of established terrorist groups. Therefore such regulations only weaken the ability of the US to defend its IT infrastructure from terrorist and/or beligerant activity. So that in mind, it is very logical IMO to argue that Freeh is not some "patriot" but rather an intellectual traitor to the US for arguing for the systematic weakening of critical US infrastructure.
I don't give a flying fuck what Louis Freeh urges, says, mandates, preaches, or invokes. I've got PGP, GPG, and several other crypto programs, as well as the full manuals and docs burned to high-quality CD-R in triplicate, stored in three geographically diverse locations.
Try to 'urge' those out of my possession.
Hey Taco! Looks like you're using the "infinite monkeys and typewriters" scheme to generate Ask Slashdots again...
I agree. I've also started flying only in the nude. The fewer clothed passengers there are in airports, the more time security officers can concentrate their searches on those who are potentially hiding something under their clothes.
If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
~~~~~~~
"You are not remembered for doing what is expected of you." - Atul Chitnis
If you encrypt only the sensitive stuff, anyone watching you knows when you do it. If you routinely send encrypted traffic, no one is going to know when one of your messages actually contains something you'd rather not have divulged.
The military does this all the time. They blast all kinds of noise on the band, and only rarely send any actual message, thus keeping their stuff hidden in plain sight.
There was even (in keeping with the latest trend on /.) a science fiction story that used this as a plot vehicle, which told of messages being received from distant planets where usually there was stellar noise. I want to say it was "The Mote in God's Eye", but don't quote me on that.
Need a Linux consultant in New Orleans?
Chief Concerns
The EFF's chief concerns with the USAPA include:
Expanded Surveillance With Reduced Checks and Balances. USAPA expands all four traditional tools of surveillance -- wiretaps, search warrants, pen/trap orders and subpoenas. Their counterparts under the Foreign Intelligence Surveillance Act (FISA) that allow spying in the U.S. by foreign intelligence agencies have similarly been expanded.
This means:
Be careful what you put in that Google search.
The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This application must be granted and the government is not obligated to report to the court or tell the person spied up what it has done.
Nationwide roving wiretaps.
FBI and CIA can now go from phone to phone, computer to computer without demonstrating that each is even being used by a suspect or target of an order. The government may now serve a single wiretap, FISA wiretap or pen/trap order on any person or entity nationwide, regardless of whether that person or entity is named in the order. The government need not make any showing to a court that the particular information or communication to be acquired is relevant to a criminal investigation. In the pen/trap or FISA situations, they do not even have to report where they served the order or what information they received. The EFF believes that the opportunities for abuse of these broad new powers are immense. For pen/trap orders, ISPs or others who are not named in the do have authority under the law to request certification from the Attorney General's office that the order applies to them, but they do not have the authority to request such confirmation from a court.
ISPs hand over more user information.
The law makes two changes to increase how much information the government may obtain about users from their ISPs or others who handle or store their online communications. First it allows ISPs to voluntarily hand over all "non-content" information to law enforcement with no need for any court order or subpoena. sec. 212. Second, it expands the records that the government may seek with a simple subpoena (no court review required) to include records of session times and durations, temporarily assigned network (I.P.) addresses; means and source of payments, including credit card or bank account numbers. secs. 210, 211.
New definitions of terrorism expand scope of surveillance.
One new definition of terrorism and three expansions of previous terms also expand the scope of surveillance. They are 1) 802 definition of "domestic terrorism" (amending 18 USC 2331), which raises concerns about legitimate protest activity resulting in conviction on terrorism charges, especially if violence erupts; adds to 3 existing definition of terrorism (int'l terrorism per 18 USC 2331, terrorism transcending national borders per 18 USC 2332b, and federal terrorism per amended 18 USC 2332b(g)(5)(B)). These new definitions also expose more people to surveillance (and potential "harboring" and "material support" liability, 803, 805).
Overbreadth with a lack of focus on terrorism.
Several provisions of the USAPA have no apparent connection to preventing terrorism. These include:
Government spying on suspected computer trespassers with no need for court order. Sec. 217.
Adding samples to DNA database for those convicted of "any crime of violence." Sec. 503. The provision adds collection of DNA for terrorists, but then inexplicably also adds collection for the broad, non-terrorist category of "any crime of violence."
Wiretaps now allowed for suspected violations of the Computer Fraud and Abuse Act. This includes anyone suspected of "exceeding the authority" of a computer used in interstate commerce, causing over $5000 worth of combined damage.
Dramatic increases to the scope and penalties of the Computer Fraud and Abuse Act. This includes: 1) raising the maximum penalty for violations to 10 years (from 5) for a first offense and 20 years (from 10) for a second offense; 2) ensuring that violators only need to intend to cause damage generally, not intend to cause damage or other specified harm over the $5,000 statutory damage threshold; 3) allows aggregation of damages to different computers over a year to reach the $5,000 threshold; 4) enhance punishment for violations involving any (not just $5,000) damage to a government computer involved in criminal justice or the military; 5) include damage to foreign computers involved in US interstate commerce; 6) include state law offenses as priors for sentencing; 7) expand definition of loss to expressly include time spent investigating, responding, for damage assessment and for restoration.
Allows Americans to be More Easily Spied Upon by US Foreign Intelligence Agencies. Just as the domestic law enforcement surveillance powers have expanded, the corollary powers under the Foreign Intelligence Surveillance Act have also been greatly expanded, including: General Expansion of FISA Authority. FISA authority to spy on Americans or foreign persons in the US (and those who communicate with them) increased from situations where the suspicion that the person is the agent of a foreign government is "the" purpose of the surveillance to anytime that this is "a significant purpose" of the surveillance.
Increased information sharing between domestic law enforcement and intelligence. This is a partial repeal of the wall put up in the 1970s after the discovery that the FBI and CIA had been conducting investigations on over half a million Americans during the McCarthy era and afterwards, including the pervasive surveillance of Martin Luther King in the 1960s. It allows wiretap results and grand jury information and other information collected in a criminal case to be disclosed to the intelligence agencies when the information constitutes foreign intelligence or foreign intelligence information, the latter being a broad new category created by this law.
FISA detour around federal domestic surveillance limitations; domestic detour around FISA limitations. Domestic surveillance limits can be skirted by the Attorney General, for instance, by obtaining a FISA wiretap against a US person where "probable cause" does not exist, but when the person is suspected to be an agent of a foreign government. The information can then be shared with the FBI. The reverse is also true.
"Flyin' in just a sweet place,
Never been known to fail..."