Slashdot Mirror
Cyber Security Enhancement Act Passes Senate
XorNand writes "The Cyber Security Enhancement Act (which was attached to the Homeland Security Act) was overwelming approved by the U.S. Senate today. According the EFF this soon-to-be-law allows "any government entity (federal, state, or local) to request email and voicemail from your ISP or telephone provider without a warrant or probable cause." The passage of the Homeland Security Bill is covered here on CNN.com. Yippee."
We should fight back and use more cryptography. Even if it is somewhat weak, they can't decrypt ALL the encrypted e-mails going over the net, can they? :]
Definitely.
There's been a lot of talk about canning our current email system and going with a semi-p2p replacement. This replacement should include cryptography.
I'm sure the parent post is intended in jest, since 16Kbit RSA keys are not subject to any known attack; but if you have enough cpu power to perform rsa operations on longer keys (remember, decryption and signing are O(n^2 log n) operations), there's no reason to accept gpg's limits.
Writing a fully functioning RSA implementation from scratch is the work of a couple months; if you're really paranoid (which you must be if you want keys longer than 16Kbits) then you should be able to spare a couple months.
Tarsnap: Online backups for the truly paranoid
...Or is it unreasonable search and seizure if the material they obtain is not on your property or within your reach and control?
I swear Bush sounds more and more facist and like a smooth talking Hitler every day. "We're in danger. We'll protect you and preserve your freedom. All it will cost is your freedom."
There are two main things I find troubling about this: "ANY government entity" and "without a warrant or probable cause"
Think about the potential for abuse and misuse when it's put in that scope. The idea of just allowing an agency like the FBI the power to do this is daunting enough. But now were giving this power to regular cops.
This is insane. More email is delivered than first class mail in the US today. The interception of first class mail requires a federal warrant. How did this bill pass, in it's current state, with a 90-0 vote?!
This is exact the reason I gave up being a SQL DBA and went back to school to get a law degree.
Entrepreneur : (noun), French for "unemployed"
I was including the large integer arithmetic and proven strong prime generation. If you don't need to generate keys, and you already have a large integer arithmetic package, then yes, RSA can be implemented in a few minutes.
Tarsnap: Online backups for the truly paranoid
The sort of privacy rollbacks we're seeing have been hotly desired by certain groups for years. They probably already had their ideal statutes written up, ready for a quick edit in the wordprocessor. So it is more accurate to view this sort of legislation not as a kneejerk reaction but as a kneejerk opportunity for a long-simmering reaction. Many are exploiting the country's disarray to advance their law-and-order agendas, without even a pretense of any real advance in defending the nation against terrorism.
:).
As for the near-unanimous Senate vote, you can imagine the fear of those who had qualms -- in the next election they'd have someone shaking a finger at them, accusing them of undermined the nation's security. It would be ludicrous if only it didn't work. Amazing how much political mileage a few bastards with boxcutters can provide.
Encrpyt now! And when the FBI drops by to interview you (the ones I've met have been unfailingly polite), give them the number of a lawyer (it doesn't have to be *your* lawyer
Seriously, the privacy issue demands active engagement by U.S. citizens (non-condescending foreigners are welcome to weigh in, too). Pick your favorite advocacy group as your antenna and tune in, this ain't over yet.
This is a very important distiction.
Everyone seems intent on the government reading your email. This article seems to say a lot differently.
Indeed, the rights granted seem to make a little sense, even.
- (c) 2018 Hank Zimmerman
President Bush is not mentally capable of being a leader of a country. He only participates in selling parts of the government to the highest bidder. As Senator John McCain says, the U.S. government has been corrupted by money disguised as campaign contributions.
This is not meant to be excessively negative about George W. Bush. There are many people who are not mentally capable of being a leader of a country.
George Bush's performance is typical for someone who has been an alcoholic: 1) Many alcoholics are extemely likeable. 2) Alcoholics don't like conflict; they resolve conflict in crude ways. 3) Alcoholics don't like to be expected to think.
President Bush delivers the statements that are written for him. Have you noticed that the coherence of his statements has improved now that he has a staff of more than 5,000 in the White House? He didn't suddenly develop ways of thinking more clearly.
The U.S. is experiencing a social breakdown. Few good leaders are available. For example, President Clinton was the child of two alcoholics. His crude adjustment to sexuality is typical for a child of alcoholics. It must be said, however, that President Clinton was mentally capable of understanding the issues of running a government, and he also had spent many years teaching himself government policy.
Other aspects of the social breakdown in the United States are: 1) The U.S. has the highest percentage of obese people in the world. People in the U.S. eat when they are not hungry, a sign of unhappiness and social disfunctionality. 2) The U.S. has the highest percentage of its citizens in prison of any country in the history of the world. European countries have one-sixth the percentage of their citizens in prison. 3) The U.S. government lacks social skills. The government's answer to conflict is often violence. The U.S. government has bombed 14 countries in 33 years, killing more than 3,000,000 people directly. The number killed indirectly is credibly estimated to be more than 3,000,000 additional people. 4) The U.S. government has at least two world-wide police forces that are authorized to kill anyone anywhere -- the FBI and the CIA. This also shows poor social skills. 5) The U.S. government is the biggest manufacturer of weapons of mass destruction. The U.S. government is also the government that talks most about using its weapons.
This is the text of the part (d) of the "Cyber Security Enhancement Act of 2002", which is section 225 of the
(House of Representatives version) of H. R. 5710, the Bill in question.
Section 225 is found on page 51 of H. R. 5710
I've removed the line numbers, but kept the original lines breaks. The quoted text begins after the three dashes, and ends before the four dashes
---
(d) EMERGENCY DISCLOSURE EXCEPTION.--
(1) IN GENERAL.--Section 2702(b) of title 18,
United States Code, is amended--
(A) in paragraph (5), by striking ''or'' at
the end;
(B) in paragraph (6)(A), by inserting ''or''
at the end;
(C) by striking paragraph (6)(C); and
(D) by adding at the end the following:
''(7) to a Federal, State, or local governmental
entity, if the provider, in good faith, believes that an
emergency involving danger of death or serious phys-
ical injury to any person requires disclosure without
delay of communications relating to the emer-
gency.''.
(2) REPORTING OF DISCLOSURES.--A govern-
ment entity that receives a disclosure under section
2702(b) of title 18, United States Code, shall file,
not later than 90 days after such disclosure, a report
to the Attorney General stating the paragraph of
that section under which the disclosure was made,
the date of the disclosure, the entity to which the
disclosure was made, the number of customers or
subscribers to whom the information disclosed per-
tained, and the number of communications, if any,
that were disclosed. The Attorney General shall pub-
lish all such reports into a single report to be sub-
mitted to Congress 1 year after the date of enact-
ment of this Act.
----
Below is the text of Section 2702(b) of title 18, United States Code, as provided by findlaw.com. As I note below, the version found through findlaw differs slightly from the version to which H.R. 5710 appears to refer. Please unsderstand that nothing in this post should be construed as legal advice, and do not rely on the below as neccesarily accurate.
Italics indicate text removed from 18 United States Code 2702(b) by H.R. 5710, Section 225, part (d)
Boldface indicates text added to 18 United States Code 2702(b) by H.R. 5710, Section 225, part (d)
* United States Code
o TITLE 18 - CRIMES AND CRIMINAL PROCEDURE
+ PART I - CRIMES
# CHAPTER 121 - STORED WIRE AND ELECTRONIC COMMUNICATIONS AND TRANSACTIONAL RECORDS ACCESS
U.S. Code as of: 01/02/01
Section 2702. Disclosure of contents
(a) Prohibitions. - Except as provided in subsection (b) -
(1) a person or entity providing an electronic communication
service to the public shall not knowingly divulge to any person
or entity the contents of a communication while in electronic
storage by that service; and
(2) a person or entity providing remote computing service to
the public shall not knowingly divulge to any person or entity
the contents of any communication which is carried or maintained
on that service -
(A) on behalf of, and received by means of electronic
transmission from (or created by means of computer processing
of communications received by means of electronic transmission
from), a subscriber or customer of such service; and
(B) solely for the purpose of providing storage or computer
processing services to such subscriber or customer, if the
provider is not authorized to access the contents of any such
communications for purposes of providing any services other
than storage or computer processing.
(b) Exceptions. - A person or entity may divulge the contents of
a communication -
(1) to an addressee or intended recipient of such communication
or an agent of such addressee or intended recipient;
(2) as otherwise authorized in section 2517, 2511(2)(a), or
2703 of this title;
(3) with the lawful consent of the originator or an addressee
or intended recipient of such communication, or the subscriber in
the case of remote computing service;
(4) to a person employed or authorized or whose facilities are
used to forward such communication to its destination;
(5) as may be necessarily incident to the rendition of the
service or to the protection of the rights or property of the
provider of that service; or
(6) to a law enforcement agency -
(A) if the contents -
(i) were inadvertently obtained by the service provider;
and
(ii) appear to pertain to the commission of a crime; or or
(B) if required by section 227 of the Crime Control Act of
1990.
The copy of 18 US 2702(b) available through findlaw.com has no paragraph (6)(C)
''(7) to a Federal, State, or local governmental
entity, if the provider, in good faith, believes that an
emergency involving danger of death or serious phys-
ical injury to any person requires disclosure without
delay of communications relating to the emer-
gency.''
Opinions on the Twiddler2 hand-held keyboard?
does anyone else find the fact that "Fritz" Hollings voted against this bill kind of ironic given is track record so far?
:P
I would have figured that he would've loved to have more power to chase after pirates, especially in the name of "Homeland Defence"
Oh well, I guess he just didn't get his asking price this time round.
I'm sorry, but I really find it concerning that someone so vocal in his support of other laws that are just as draconian, would then turn around and vote against this one. It just doesn't seem to add up.
Once this step works, then outgoing emails could search for a public keys of recients, and if possible encrypt before sending. This would incrementally move the encryption closer to the sender, as adoption permitted.
I suggest using this along with features for verification of the sender as an anti-spam feature, to enhance adoption of the new protocols. An incremental approach is the only feasable one, IMHO.
--Mike--
My impulse is, of course, to be greatly concerned about my privacy with this. Not a bad thing, altogether. But I've done some looking around at what other people have to say on the matter.
On the one hand, I've heard a lot of folks on the radio and read no few columns by smart people saying we need to be paranoid. Rational paranoia's not a bad thing, I think. Just because you're not paranoid doesn't mean they're not out to get you.
On the other hand, another writer I like to read has pointed out that, as far as political, legal, and material freedoms goes, we're a lot more free than we have ever been in history, and the very fact that we have a number of people who are incredibly sensitive to violations of civil liberty means that civil servants have to keep on their toes about it. And the Heritage Foundation has published a memo explaining that DARPA's Total Information Awareness isn't quite what Safire of the NYT said it is, and it's not quite what everyone (rightly) fears.
Still, I won't budge from my first point. A little rational paranoia is a healthy thing to have. I've been doing my best to be 'safe', and to teach good habits to my not-so-tech-savvy friends. Now that I've got most of my family Back Home using PGP-friendly e-mail clients, I'm going to take some time to show them just how easy it is to use these nigh-impossible-to-forge signatures when I visit for the holidays.
Good judgment comes from experience.
Experience comes from bad judgment.
It was meant to be like the old usenet practice of adding "spook fodder" to the end of posts. Also, like type II anonymous remailers, it was designed to help thwart traffic analysis.
There'd be a set of scripts (or easy to compile programs) that would sit on a client machine. These scripts would have a list of email recipients (either static, or snarfed periodically from a current source), and it would send out an encrypted "message" to each address according to a set of rules defined coupled to that address.
Messges could be sent at random intervals or with a specific frequency.
The payload could either be encrypted, plaintext, or crypto-grade random garbage.
The encryption could be symetric, asymetric, or even with a throw-away one-time-pad (generated on the fly and then discarded).
The payload of encrypted messages could be plain text, garbage, or another encrypted message.
Of course, this could be done with the current anonymous remailers. But I've found the remailers to be already overloaded and unreliable. Because the project's goal is primarily to add noise to existing email traffic, it would lend itself to be served by clients with sporadic connections.
There's the possibility of propogating real messages in this system, but running SMTP servers on sporadic clients seems like a bad idea (even discounting the potential for abuse by spammers, etc.). I was thinking of a store-and-forward type of system, using P2P networks. The software could be a P2P client. It would queue a "real" message by sharing it out. Other clients would search for a designated string to find these messgaes and download them (there'd obviously need to be some sanity checking to prevent garbage inputs). Once the originating client knows that the message has been downloaded "x" number of times (some redundancy would be desireable, I would think), it would remove the message from the queue so the recipient doesn't get thousands of copies of the message.
I know, this idea is really rough around the edges. I had a really nice write-up a while back, but I lost it. The fact that my coding skills don't extend beyond half-page sed/awk/perl/bash scripts (don't laugh, I'm just a sysadmin) hasn't helped in my realization of this idea. :)
If anyone knows of a project that even remotely comes close to what I have described, please post links!
Method of processing duck feet
September 11th -- Bush's Reichstag fire. An attack on a national symbol that prompts the single-party control of the government, followed by the strengthening of the executive portion of the government and the establishment of unrestricted government powers. Sound familiar? Yup, same as the rise of the Third Reich. And Bush doesn't even need to dissolve the legislative branch as the Nazi party did, because his party managed to just seize control of it.
/me is very frusterated, but doesn't see any remedy...
I'm not even going to mention the fact that he's using national upset over a terrorist act against a national symbol to fuel lust for a totally fucking unrelated foreign war (Iraq). Same as Hitler.
Of course, the people being detained and having their civil rights as regards imprisonment ignored so far are Islamic, rather than Jewish. But it also took Hitler a while while in unopposed control of the government to gain complete control over the country.
If Islamic people start getting deported, then I'm going to start worrying. (And it's not like we haven't put a race in camps before -- we grabbed Japanese-Americans out of their homes and dumped them in big guarded, barbed-wire-fence-surrounded camps during WWII.) We hover a lot closer to serious nastiness than most people would like to admit.
I mean, for chrissake, we've a father and a son on the "throne" of the Presidency at the minute! Who buys into the "meritocracy" claims any more?
And we just established a massive domestic monitoring organization specifically built to bypass the restrictions placed on the FBI after decades of abuse of powers. Of course, this one can grab wiretaps w/o needing warrants, has the powers of the CIA, FBI, and INS, and is extremely well-funded.
Don't be so glad you don't live in the United States of America. France, Poland, and friends felt the brunt of radical German political changes as much as Germany. You get a shift towards a empire-building dictatorship (except this time bigger, with nukes and the most powerful military in the world) and you can be damn sure that it will impact you.
May we never see th