Greplaw Interviews Phil Zimmermann

LawGeek writes "The venerable GrepLaw crew has struck again, this time with Editor Mikael Pawlo interviewing PGP author and all-around encryption expert Phil Zimmermann. Pawlo discussed a number of topics with Zimmerman, including the current state of encryption export laws, DRM, and activism against erosion of privacy both in the U.S. and internationally. The interview is here."

The interview is encrypted!

And I don't have the key! This will take decades to crack. Stupid PGP.

Re:The interview is encrypted!

fortunatly, It is encrypted with rot 26 :D

Re:The interview is encrypted!

[jc42]

Actually, they rot13-encrypted it. And then, to make double sure that the encryption was effective, they rot13-encrypted that. So the only way to read the actual interview is to doubly-decrypt it using the inverse of rot13.

I'd describe how this is done, but the margins of this message aren't wide enough ...

Re:The interview is encrypted!

also, youd probably violate the DMCA

Re:The interview is encrypted!

[jc42]

Heh, yeah. I've used that argument myself in a number of discussions, when I felt like making assorted security schemes look mildly silly. The idea that decrypting a rot13-encrypted message is a violation of the DMCA is one of the better examples of the absurdity of it all. And pointing out that rot26 is just rot13 applied twice (so decrypting rot26 is also a violation of the DMCA) adds a whole new level of fun to the absurdity.

It's even more fun to post the couple-line C program that does xor encryption with another file, and point out that not only is this an unbreakable encryption scheme, but you can also use it to show that any file is an encryption of any other. Thus, your message and mine are both encryptions of any handy pornographic image, and the little xor program will quickly produce the decryption key. This tosses a really fun monkey wrench into any scheme to outlaw pronography in any digital medium.

There's a lot of absurdity flying about here ...

fingerprint scanners in police cars

[AyeFly]

Whats wrong with that? It might have prevented the dispute in court over driver's license photos and muslim women wearing veils...with a fingerprint, you dont need picture ID, and its more reliable.

Re:fingerprint scanners in police cars

Yes, but then Big Brother will have everyone's fingerprints. That is more of an invasion of privacy than having my picture (especially since they would demand that too, you know, for carding at supermarkets and whatnot).

Re:fingerprint scanners in police cars

But is it just checking against a database of existing fingerprints, or does it then add you to the database once it has you scanned? And what about the next step in forensics, DNA? Would you like DNA scanners in police cars?

Re:fingerprint scanners in police cars

[Dr+Reducto]

...But technology can fail. Technology can also be "hacked". Technology should only be used as a supplement and taken wih a grain of salt when accuracy absolutely matters. Like the Naval saying: Satellites fail, compasses do not.

Re:fingerprint scanners in police cars

[seinman]

Nothing's wrong with it to the general public. But since slashdot (and geeks in general, it seems) are so fucking paranoid, any article that refers to such technology will instantly put a bad spin on it.

Too bad the /. crowd is also too lazy to get off their fat asses and do anything about the things they argue so strongly against.

Re:fingerprint scanners in police cars

Perhaps geeks in general understand technology enough to know how it can be exploited and abused?

Re:fingerprint scanners in police cars

[nounderscores]

The difference is that you don't leave your photograph on every door handle and toilet seat you touch... or at least I don't.

______________________________
The Spiders are coming

Re:fingerprint scanners in police cars

I do! Have you seen Memento? :)

Re:fingerprint scanners in police cars

[shaitand]

Actually in my experience compasses do in fact, fail.

Re:fingerprint scanners in police cars

[grumpygrodyguy]

Actually in my experience compasses do in fact, fail.

Please elaborate.

Re:fingerprint scanners in police cars

[stratjakt]

Bullshit.

You leave your photograph in every store you go to, every public washroom you enter, every highway you drive on.

You're captured on film at least a dozen times a day. At least I am (and other people who go outside).

It's a lot less work to have a computer scan the tapes for the same face than to send crews to dust for fingerprints over the entire planet multiple times daily.

Noone cares where you go to take a dump.

Re:fingerprint scanners in police cars

[csguy314]

It might have prevented the dispute in court over driver's license photos and muslim women wearing veils...with a fingerprint, you dont need picture ID, and its more reliable.

[off-topic]
I was just discussing the issue of this Muslim woman today. As a Muslim I think this woman is doing something kind of dumb. There is nothing in the Quran about covering a women's face. During prayers, in fact, her face must not be covered. So I haven't a clue where they get the idea that they need to wear a veil over their face. And this is specifically for a piece of identification. How the hell are you supposed to identify someone that's covering their face? In fact I've heard suggestions that maybe bin Laden escaped the US in Afghanistan by posing as a veiled woman. It's not beyond comprehension.
But if this woman refuses to be identified, then perhaps she should not be allowed the responsibility of driving. It makes it possible for her to abuse the system and others to abuse her. She could claim some other person wearing a veil caused an accident that she caused, or it's possible someone wears a veil and does something specifically to incriminate her. It's a very unnecessary complication.
[/off-topic] That being said, fingerprints are a bad idea. As another poster mentioned, you leave fingerprints everywhere. And just having them on file and being in the wrong place can make you suspect in something which you have no idea about. It gives far more opportunity for abuse by authorities, and it's naive to think they won't be more abusive the more opportunity you give them.

Re:fingerprint scanners in police cars

If you're inside a big giant steel ship (aircraft carrier, submarine, or any other naval vessel, for that matter), you can't exactly get a reading from inside the ship. If you put it outside the ship, then it can be affected by any number of electromagnetic phenomenon several of which could make the compass entirely useless by demagnetizing it.

Re:fingerprint scanners in police cars

It's a lot less work to have a computer scan the tapes for the same face than to send crews to dust for fingerprints

Really?
Are you an FBI expert ... or just an idiot on slashdot?
(My guess is the later.)
:)

Re:fingerprint scanners in police cars

Parent AC obviously means 'latter.'

Re:fingerprint scanners in police cars

[bheer]

> with a fingerprint, you dont need picture ID, and its more reliable.

The problem with any kind of biometric ID is that it's only as secure as the database that it checks against. Security based solely on biometric ID is very brittle -- because it's allegedly so "strong", once broken (by hacking into the database, by using someone else's eyeball) you have massive and nearly undetectable breaches of security.

The best security systems are not brittle. And for driver's licenses, photo ID does provide appropriate level of malleability.

Re:fingerprint scanners in police cars

[John3]

If you sprinkle when you tinkle, please be neat and wipe the seat.

Otherwise, we'll track you down via DNA testing!

Re:fingerprint scanners in police cars

As a Muslim I think...

As an atheist, I think you ought to stop worshipping a figment of your imagination. ~72 years of average life expectancy, and you choose to spend ~10 of them bowing to some ridiculous body of dogma -- and the remaining time plotting how to kill people who read a different fairy tale than you did?

Seems like an awful waste of time.

Re:fingerprint scanners in police cars

[pcwhalen]

Well, Microsoft does. The Microsoft Loo. Bill Gates cares.

Re:fingerprint scanners in police cars

There is nothing in the Quran about covering a women's face.

It is said that the woman should not display her "ornaments", and this word is interpreted as nearly everything, including every part of her body.

But, in fact, it was a very specific situation which made Muhammad forbid displaying of ornaments, and it were in fact ornaments in that situation, not skin or face or whatever.

Re:fingerprint scanners in police cars

[evilviper]

While driving down the street, the police can't look over and identify you based on your fingerprints... Even with fingerprint scanners in police cars, photos are needed.

with a fingerprint, you dont need picture ID, and its more reliable.

Yes, but the potential for abuse is much higher. Walking down the street some nights, the police think you look suspicious. They don't have any reason to take you in, but they could fingerprint you and find out your entire history in an instant.

Also, that would mean the police would have MANY more fingerprints on file. It's really just one step away from police finger printing every person in the country.

What's wrong with it? Well, it's a matter of opinion. If you believe in police states, nothing is wrong with it at all. If you believe even slightly in privacy, there is much wrong with it...

Re:fingerprint scanners in police cars

[evilviper]

Like the Naval saying: Satellites fail, compasses do not.

The funny thing is, compasses fail. Not often of course, but satellites are pretty reliable as well, so it probably won't be long before satellites ARE more reliable than compasses.

Re:fingerprint scanners in police cars

[Dr+Reducto]

Fortunately, not as often as batteries go dead!

Re:fingerprint scanners in police cars

[oobar]

Aside from the general tinfoil-hat paranoia, there are two large problems:

1. It's not as reliable as you'd think. There was a slashdot story a while ago about a study of the most common fingerprint readers on the market and the conclusions were quite horrifying. For one thing, it was found that the majority of them could be easily faked with easy-to-obtain materials like gummy bears and scotch tape.
2. If someone were to lift your prints off something you touched, and then commit identity theft, there's no easy way for you to get new fingerprints. I know this doesn't directly apply to the case of fingerprint readers in cop cars, but the point is that if that were to happen then law enforcement would become even more dependent on prints, moreso than they are now...perhaps to the point where they are solely dependent. If the ONLY ID you have is your fingerprints (as opposed to a passport, drivers license, etc.) then your life becomes significantly more complicated when identity theft or fraud is involoved.

Re:fingerprint scanners in police cars

[Planesdragon]

And just having them on file and being in the wrong place can make you suspect in something which you have no idea about.

Just being in the wrong place can make you a suspect, holmes.

Re:fingerprint scanners in police cars

[larry+bagina]

"it might prevent the dispute in court" is a poor reason for anything.

Executing all muslims "might have prevented the dispute in court" as well. Do you advocate that?

Re:fingerprint scanners in police cars

[larry+bagina]

maybe he was talking about those gradeschool things to draw circles with.

Re:fingerprint scanners in police cars

yeah, but afterwards, they get to live in heaven with 72 young virgin boys, and an unlimited supply of goats.

Sounds like a fair deal to me.

Salam al-Akbar.

Re:fingerprint scanners in police cars

[agurkan]

The tradition of wearing veils started in Turkey, in Ottoman Empire to be precise. Some Turkmens had just moved to the city of Bursa, the women among these group were very beautiful and Turkmens were less modest than the general population. This led to a "fetva" which forced these beautiful women to cover their faces. Pretty soon, it became a sign for beauty and it caught up with other women and other countries.
Silly story, isn't it?

Re:fingerprint scanners in police cars

[jericho4.0]

This woman converted 2 years ago. I have the feeling she was anoyingly 'devout' in whatever her religion was before. I wonder where exactly she put her interpertation of Islam together from. As I understand it, most places that insist on veils also don't let women drive.

Re:fingerprint scanners in police cars

[scubacuda]

I've found that many of them are thrown off my by magnetic personality.

Re:fingerprint scanners in police cars

[irc.goatse.cx+troll]

"You're captured on film at least a dozen times a day. At least I am (and other people who go outside)."
aha!

Agoraphobics: 1 General population: 0

Take that!

Re:fingerprint scanners in police cars

[Johnny+Pissoff]

Actually, it started much earlier, in Christian Byzantium among upper class women from whence it spread among Muslim women.

Re:fingerprint scanners in police cars

[Johnny+Pissoff]

There is a hadith (a saying of the Prophet Muhammad, or a report of his actions) which I believe is in Bukhari which makes it canonical that has the Muhammad pointing to the hands and the face as the two permissible areas to show uncovered.

Re:fingerprint scanners in police cars

[Johnny+Pissoff]

Incidentally, even the most conservative Muslim jurists and scholars, those who require the face veil to be worn, permit the face to be uncovered for the purpose of personal identification by legitimate authorities such as the police. See: For one example of such

Re:fingerprint scanners in police cars

You are going to hell.

Re:fingerprint scanners in police cars

stupidity is not a religion... ...religion is a stupidity.

from the article

[nounderscores]

# But you donâ(TM)t code any more?

I havenâ(TM)t written code in many years. I am active in policy space rather writing code, doing a lot of public speaking. There is a lot of need for activism now in the shadow of the Patriot Act.


Interesting. I would have thought that hammering out the bugs in the law would have been the oldest form of coding.

___________________________________
The Spiders are coming.

Re:Really

[Shriek]

Whats next a microchip in my sphincter?

You might want some pretty good privacy for that insertion!

Greplaw: In the spirit of Aimee Deep . . .

[Nix0n]

So Phil, what is your position on the question of balancing national security concerns against the civil rights of said nation's citizens, in the context of allowing citizens to use uncrackable encryption ?

OMG! That is like the COOLEST QUESTION ! Wow, I'm like totally into law and stuff, and like did you look at my boobies? No, they're not real! OMG, as if!

In other news...

[zakezuke]

Glove sales are up... and public restrooms are wondering why there are footprints on the flush control.

Zimmerman's contradictory opinions

[geekee]

When asked about encryption technology, he thought it was great that a person could control who read his data. When asked about DRM, he said it was bad that a person could restrict who reads his data. Or does Zimmerman have a bias against companies? A person should be free to encrypt data, but not a company? Or is is, you should be able to encrypt data unless you're selling it? DRM is encryption. I don't see why this guy thinks some people have the right to use it while others don't, just because he thinks it's bad for society somehow when some people use it. He didn't care that terrorists were using PGP, but was concerned about the music industry using DRM. That I find disturbing.

Re:Zimmerman's contradictory opinions

[mpawlo]

That is a good observation I should have made myself during the interview. However, I never posed a question in this respect - my mistake. Reading only from the transcript you may not reach the conclusion you suggest. Mr Zimmermann spoke of both DRM and encryption as problems for the future access to archives. If he hosts double-standards the way you suggests regarding DRM and enryption, I can not tell.

I do not think Mr Zimmermann is corporate-hostile in general, though, since he makes his living selling his knowledge to companies striving to protect their data.

Regards,

Mikael

Re:Zimmerman's contradictory opinions

[Rambo]

When asked about DRM, he said it was bad that a person could restrict who reads his data. Or does Zimmerman have a bias against companies?

I think you're missing the point. The companies utilizing DRM are using it to prevent you from making full use of the content which you purchase. This is in contrast to you encrypting mail which is simply to keep spying eyes from peering into your private life.
However, I did have one concern about a wholesale use of encryption for personal affairs. Suppose I keep a personal journal and I use encryption; who's to say that I won't get run over by a truck, thereby effectively locking that information forever? Ideally I'd like to think that my grandchildren and so forth could learn and appreciate me as a person by reading it when I'm gone. You can't really write down the password as you don't want it falling into the wrong hands (i.e. government), but there's a terrible risk that it may never be readable in the future. Ditto for personal email, which can also be important to future generations.

Re:Zimmerman's contradictory opinions

[HeghmoH]

It's not contradictory at all.

Encryption, the way PGP works, is a way to prevent third parties from getting at data you don't want them to.

DRM is a way to prevent the user from using data that was given to him in "unapproved" ways.

Once you get an e-mail and read it with PGP, you can do anything you want with it. You can copy-paste it into a Word document, you can forward it to a million-member Yahoo mailing list, anything you want. DRM is fundamentally different in that it's not for protecting against unauthorized use by third parties, but for protecting against unauthorized use by the person who supposedly owns the data (or a license).

Re:Zimmerman's contradictory opinions

He didn't care that terrorists were using PGP, but was concerned about the music industry using DRM. That I find disturbing.

It is not just DRM that is the problem here, it has a lot more to do with what companies do, that would prevent a person using the music to say play it on a persons's player (or if played on a computer, the OS) that does not support the super-duper-DMCA patented system used for encrypting the content.

Well, you would now say, 'If the player ain't supporting it the player is c***'. It is just possible that it is a proprietary format that is DMCA + super duper patented to prevent others from implementing it. You have no choice but to buy that company's player hardware or software addon for your player (at a pretty nasty price).

In the perfect world, we won't have the above problem, since all companies would follow the same DRM standards (non-proprietary, and set by an standardisation body like IEEE, ANSI, ISO, whatever). But, hey it is not gonna happen for following standards wont bring you revenue. 'Lock them in. Make them pay' is the motto of most companies, and rest will be able to make no difference since the Music Industry will follow the most-companies.

By the way, I think you are misinterpreting his words.

Re:Zimmerman's contradictory opinions

[vadim_t]

Easy, make keys for your children, and encrypt to them.

Re:Zimmerman's contradictory opinions

[Jade+E.+2]

Once you get an e-mail and read it with PGP, you can do anything you want with it. You can copy-paste it into a Word document, you can forward it to a million-member Yahoo mailing list, anything you want

Actually, PGP (the new-ish versions, anyways) has an option when encrypting to only allow the decrypted message to be displayed in PGP's 'Secure Viewer', which prevents you from copying or saving the information (and, optionally, displays it in a grey on slightly-lighter-grey color scheme to try to prevent Tempest attacks). It also has other properties, such as preventing the message from being written to swap/page files (and windows hibernation files).

Of course, you can still just re-type it yourself, but it is distinctly DRM-like in that it requires extra effort to defeat the security, while not really offering any more protection. Of course, the difference is that when receiving a PGP message, the recipient generally *wants* the data to remain secure, and in DRM's case the recipient generally doesn't.

Re:Zimmerman's contradictory opinions

That's the "For Your Eyes Only" magic filename, explained in the code as being a feature to prevent the recipient from *accidentally* leaving the plaintext on the clipboard or something. It is optional; GPG, for example, does not enforce it, nor do some of the ckt builds.

Re:Zimmerman's contradictory opinions

[malxau]

Further, it's there to prevent access by a licensee that the licensee may be entitled to.

In Australia, for example, we have a limited set of rights in relation to Computer Software in the Copyright Act 1968 (Cth); preventing a licensee from exercising rights by encryption is, in effect, trying to subvert the operation of the law; as much as DRM companies would like to think so, they do not have a monopoly in determining how their products can/shall/will be used.

Re:Zimmerman's contradictory opinions

[alakar]

Don't worry about your grandkids being unable to read your texts encripted with current tech.

Kid: Hey look, gramp's journal. Hmm... encrypted with PGP, let's see, it will take my 13Ghz Dragon about 1 day to crack it. Or I could recruit some of my buds and grid it up with them and crack it in an hour. OK, here we go, let's see what was so important that it had to be encrypted.
==========

*CRASH* (door shatters)

Cop: Homeland Security! Nobody move! You are under arrest under Patriot Act 5/DMCA 3. Come with us.
Kid: what! why?
Cop: we don't have to tell you what you did.

==========
OTOH, maybe you should worry.

Re:Zimmerman's contradictory opinions

[dasuridai]

I do not know if there are any working models to go by, but I have heard about the use of timestamped encryption, that would somehow unencrypt the data after a certain date. Unfortunately, I cannot remember where I saw that...

Re:Better than Aimee Deep

[mpawlo]

Here are links to more Greplaw interviews that you may find interesting:

Patrik Faltstrom on IESG, IETF etc.

Don Marti on free software, patents and the Internet.

Cyberlaw profiles: Jennifer Granick.

We try to interview interesting people who one way or another affect and form Internet law and policy. Feel free to suggest people we should interview.

Regards,

Mikael

The single greatest moral of the story

[ShatteredDream]

Is that the line between law enforcement officers as peace officers and law enforcement officers as oppressors is very thin in most situations. The federal law enforcement apparatus is slowly beginning to aspire to KGB-level power over the population.

Look at Waco for instance. I'm not a fan of cults like the Branch Davidians, but the use of military-grade hardware like small tanks against a compound that is guarded by a bunch of yokels with at best automatic weapons is a great cause for concern. What most people don't know is that Waco was so badly screwed up that it had to be deliberate. It is not a conspiracy theory to say that the FBI and other agencies wanted to make an example out of them because they had something like 6 months to a year where David Koresh walked everday to wal-mart for supplies. I come from a federal law enforcement family and both my parents agree that in light of how many opportunities they had to NOT make an explosive situation it was literally criminal what the feds did. Same goes for Ruby Ridge.

The majority of police working in these areas don't care about your freedom or your privacy anymore. If they did they'd have given up on bullshit like the Clipper Chip and export regulations. We live in a society in which it is not feasible to keep our technology under wraps. It would be trivial for Al Qaeda to smuggle PGP out of our country; all they'd have to do is get someone inside our country, buy a single copy and send it from a public library to the Middle East.

We can only lose by listening to these security chicken littles because if we did everything we could to make our country secure, we'd resemble a slightly right-wing version of the Soviet Union. There would be no public internet access, no freedom of mobility, no right to keep and bear arms (which saves more lives than all cops in America combined), no right to security in your house and person, no freedom of association, and probably no property rights either. I won't live like that and I consider anyone who would to be worthy of death. They aren't human and because they reduce themselves so low they are a disgrace to our species. Not that I advocate murdering them, but rather I only laugh my ass off at them when they get hurt or killed. Good riddance, we need more people that won't change their lives to accomodate the terrorists, whether they're associates of Al Qaeda, have a General Services rank or call themselves Representative or Senator.

Government can't protect you preemptively, that is the indirect moral of this story. The police can pick up the pieces and get justice, but that's usually about it. Here's a novel thought, let's legalize assassinating terrorists. But this was never about terrorism and national (or is it fatherland) security, it was about big government justifying its Cold War level of control over the people. The worst parts of Communism aren't dead, they're festering in the White House and most of the law and order Republican types can't see that they've already lost. Bob Barr was kicked out because he had the audacity to call out Bush on issues like TIPS where he said, "this program smacks of the very fascist and communist governments that we have faught for so long."

So it's not healthy to be a true patriot and political traditionalist in America anymore. You call for a modern form of the government we started out with (in other words, nothing like slavery) and you're called idealistic, short-sighted and soft-headed. The irony of it is that the true hard-headed people have always advocated limited government and a simultaneously isolationist and Machiavellian foreign policy. We'd be a lot more secure if we minded our own business and made people pay handsomely in blood for every single violent transgression against us. For example we'd have fewer problems with Saudi-funded terrorists if after every such attack against us, the CIA sent its SOG commandos into Saudia Arabia and blew up a few civilian targets. You want respect in war and politics? Show that if you have to choose between doing the right thing and surviving that the former never gets in the way of the latter.

Re:The single greatest moral of the story

For example we'd have fewer problems with Saudi-funded terrorists if after every such attack against us, the CIA sent its SOG commandos into Saudia Arabia and blew up a few civilian targets. You want respect in war and politics? Show that if you have to choose between doing the right thing and surviving that the former never gets in the way of the latter.

yep, an eye for an eye works perfectly, just ask israel

Re:The single greatest moral of the story

[Feztaa]

right to keep and bear arms (which saves more lives than all cops in America combined)

That's a new one on me. Maybe you should check your facts -- looks to me like the U.S.A. has the highest murder rate out of any country in the world. Other countries that don't have gun control seem to be able to keep their citizens from dying some other way, I guess.

Two different problems.

[dmaxwell]

Email encryption is intended to keep third parties out of private communication. With PGP nothing stops the other side from divulging his end of the conversation to others. Sure some corporate mail clients may try to mark mails unprintable, unsaveable and what not but that won't defeat a digital camera or even a Bic and piece of paper. Encryption just allows Bob and Alice to have a conversation with reasonable assurance Eve isn't listening in.

DRM is something else altogether. DRM is intended to allow a sender to control what a recipient can do with information. In this case, Alice is trying to use encryption to mark information for Bob's eyes only (on Bob's Alice approved OS or Bob's Alice approved player) regardless of how Bob feels about it. This is absurd. If Bob can see it then Bob can copy it. DRM's only true effect is to create varying degrees of inconvienience for Bob.

Is not at all hypocritical to favor technological means for privacy while being opposed to technological means on control. Email encryption: Privacy. DRM: Control.

Re:Two different problems.

[Dr+Reducto]

You are correct sir. Even if you have theoretically unbreakable encryption, or time consuming to break encryption, it is always breakable. There is the human factor. A computer to brute-force encryption algorithms costs millions, but a $1000 bribe can be just as effecive if you have a disgruntled employee who does not take security seriously.

Re:Two different problems.

[geekee]

Good Point. However, DRM is a more general form of PGP. Saying you shouldn't be allowed to control what the end user does with data you send him shows a lack of respect for intellectual property. Legally, I can send someone data under NDA. Why shouldn't I have a tool to help make sure the NDA isn't broken? Why limit encryption technology in such a manner? He opened pandora's box. If he really believes in freedom, he shouldn't be trying to tell people how they can use encryption technology. That's fundamentally limiting someone's freedom.

Re:Better than Aimee Deep

Feel free to suggest people we should interview.

Here's a novel idea:

Interview *anyone* who does not fit your ideological mold, perhaps even from the complete opposite side of a relevant debate. Perhaps even ( shock ) someone who actually knows something about the law.

For example, try the General Counsel for any one of the most-hated-by-harvard-hippies Evil/Globalist/Symbol-Of-The-Man/Pro-Intellectual- Property tech/entertainment-related Corporations that are in imminent danger of violating your nebulous and ill-conceived notion of whatever defines "privacy rights" this week..

BMG, EMI, Genentech, Microsoft, Sony, Vivendi, Monsanto, Oracle, the list could go on quite a while. Pick one. Call the General Counsel, or assistant general counsel, or 4th-tier paralegal in accounts receivable - anyone would be better than these idiots you trot out to talk about issues they are not qualified to have a meaningful opinion about.

philzimmermanrocks

-----BEGIN PGP MESSAGE-----
Version: PGP 8.0.2

qANQR1DDDQQJAwKQORxFJ2eXpGDSwC8BX+3gT6C1eWdjGZcE B0 lQ3KQ186ZcTNs1
Fv09JDOd3KLv1TXDs/bPdGLh5NQjjn8LK/ B9S0R1nOKNzYKi/M V1REVh9Yffffuy
H9g30N+9CSAovfMziE6m4CY61Gt+JmYfdm +XnP8fTdPKMCHfCp XdHxzLpflgYGJX
5SHtv5A80W34/A0y8ML/g+dhI4Kpfh1vm9 dOmdYGDyaBB1oAIx DUW2PxmJn4Zu8T
CbPtlL2BfHayS69CAMPB2713nY5BC1x0El HCcay5ATZTsxZNeC pxFWc8Nnr3yUJ3
MemlfqeANC5g8VaboKZa09BYgawx2Q==
=H5qE
-----END PGP MESSAGE-----

Re:philzimmermanrocks

[autocracy]

Yes, this is actually funny in some way... mostly that somebody posted it this way. Anyway, the point to it was that you had to decrypt it in PGP, and that the passphrase was the subject line. If you tried that and got the "no pgp data found" message, it's because you forgot to remove the spaces that /. adds in between long strings. Below is the messsage exactly was decrypted, complete with an error in the link syntax. Have a good one...

***[6/8/2003 11:52:29 AM] Cipher: AES256
***[6/8/2003 11:52:29 AM] BEGIN PGP DECRYPTED MESSAGE ***

Nice to see that Phil is still waving the banner for privacy rights, especially in light of the Patriot bill and other "anti-terrorism" legislation. Check out <a href="http://www.zmag.org/ZNET.htm"ZNet</a> for some great alternative news articles.
***[6/8/2003 11:52:29 AM] END PGP DECRYPTED MESSAGE ***

Re:philzimmermanrocks

[Sloppy]

I thought the part of the point of ascii-armor is that it makes the spaces not matter. But, as you say, they do appear to matter, at least with the version of gpg that I use. :(

Re:Better than Aimee Deep

[mpawlo]

I think that is a perfectly sensible idea (disregarding the "idiot" part of your submission) that I will pass on to the Greplaw editors.

Regards,

Mikael

Veils and Driver's Licences.

[pcwhalen]

Gosh this is offtopic but here goes....

There is no right to drive in the US. It is a privilege imparted to citizens of the various states by the state's government. As such, the state may regulate conduct and licencing with regard to driving.

Too bad, so sad. No veils if the state says "no." The Supreme Court has held on numereous occassions that states have the right to protect their citizens. Where religous freedom contradicts state edicts, the SC looks to see if the edict is a right or a priviledge. Where it is only a priviledge, the state always wins.

Driving is a privilege. Enjoy it.

Re:Veils and Driver's Licences.

[Johnny+Pissoff]

Yes but the issue boils down to whether the driver's licence is:

1) A document attesting to one's ability in the eyes of the state to competently handle a motor vehicle.
Or
2) A form of state-issued and certified identification.

If #1 obtains then what is the problem with using a non-photo driver's licence as some states do indeed issue (sometimes for reasons of religious, usually Christian, objections to being photographed). If the truth is that #2 is in fact the case, driver's licences having become de facto ID cards in the eyes of the state then shouldn't this requirement be upfront instead of piggybacking on the reasonable requirement that driver's be evaluated for competence and licenced accordingly?

Re:Veils and Driver's Licences.

[Arandir]

Actually, I have the right to drive my car on any road that I own. Unfortunately, I don't own many roads.

Re:Veils and Driver's Licences.

>There is no right to drive in the US

Oh boy. Here we go with that "it's not a right, it's a priviledge" crap. Nonsense. Prove to me it's not a right. I know, you're going to ask me to prove to you that driving is a right, right?

Okay, here goes.

Ninth amendment: The enumeration in the Constitution, of certain rights, shall not be construed to deny or disparage others retained by the people.

Tenth amendment: The powers not delegated to the United States by the Constitution, nor prohibited by it to the States, are reserved to the States respectively, or to the people.

That "priviledge" crap is touted by the DMV and the cops to let you know they can yank your right to drive if don't behave. But, they can yank your right to breathe also, if you don't behave. All they need is the correct due process lined up. We do it down here in Texas on a regular basis.

Re:Veils and Driver's Licences.

do you have the right to fly airplanes?

do you have the right to yell "fire"?

the courts have the power to decide where your rights leave off and public saftey takes precedence. and in this case, they've decided where that line is drawn.

Re:Veils and Driver's Licences.

That there are limits to rights does not deprive them of their status as rights. Few rights are absolute -- maybe none. The poster (in article 6140907) did not say that driving was an absolute right, just that it was not a priviledge.

Re:Veils and Driver's Licences.

[Gleef]

Anonymous Coward wrote:

Oh boy. Here we go with that "it's not a right, it's a priviledge" crap. Nonsense. Prove to me it's not a right.

Any government has the right to restrict usage of its property. For example, you have no right to walk into the Whitehouse and run off with all the President's pens. You have no right to drive a car through the lobby of City Hall.

A car is a large and heavy piece of metal and plastic that is prone to move very fast. It puts wear on any road it moves on, and it puts anyone else on that road in risk of physical harm. It is perfectly reasonable for the owner of a road to put restrictions on the use of cars on that road.

Most roads are owned by some government body or another, whether it's the municipality in which the road is located, the county or the state (if I recall correctly, US Route and Interstate roads are still owned by the State government, not the Federal, they just have more access to Federal funds).

Therefore, it is perfectly reasonable for the government to restrict and regulate the use of cars (driving) on its property (roads).

For more information, you might want to read the 1915 Supreme Court Decision in Hendrick v Maryland, and Hess v Pawloski. "The movement of motor vehicles over the highways is attended by constant and serious dangers to the public, and is also abnormally destructive to the ways themself...a state may rightfully prescribe uniform regulations necessary for public safty and order in respect to the operation upon its highways of all motor vehicles" (emphasis mine)

Disclaimer: I am not a lawyer, the above is not legal advice. Drive carefully and walk with reckless abandon.

Social Engineering

[pcwhalen]

You're right. It's the hardest code to debug. The United States Code, I mean.

If you take a body of 100 Senators and the House with several hundred, most with no experience in law, writing laws every day, it makes for buggy code. Even when they mean well.

Think about if you had the in-house lawyers writing your programs. Think they'd run?

That's why you get laws about encryption that treats it as a munition. Minds that do not understand a subject crafting a law in a way that does not adequately deal with the problem.

Gee, I wish /. had a spell checker. :)

Re:Social Engineering

[larry+bagina]

If you take a body of 100 Senators and the House with several hundred, most with no experience in law, writing laws every day, it makes for buggy code. Even when they mean well.

I think most of them have far too much experience in law. Virtually all the senators were layweres or went to law school. Sure, there are a couple millionaire investment bankers, or millionare heart surgeaons, but they're a minority.

The house of reps has a lo more diversity, but just as much (or more) of them are career politicians,a nd live in such contrived districts that losing a re-election means being caught with a dead girl or a live boy.

I think one problem is, all they have is a hammer, so everything looks like a nail. Listen to what some candidates are proposing. Their utopia generally means gov't dependence. (gov't healthcare! gov't retirement funds! gov't childcare! gov't ass-wiping!)

WOW!

[The+Creator]

I doubt that most people will get that joke to it's full extent. :)

Re:WOW!

[Aliencow]

I think I don't :( I need your help !

e-mail isn't secure

[Doppler00]

I've had PGP for quite awhile, but it's not very useful to me for sending e-mail because I don't know anyone else who uses it. I coudln't imagine trying to explain to my computer-challenged friends how encryption works and why it should always be used.

Even if a standard encryption system for e-mail was created it's highly likely the government would require it to have several back doors.

Re:e-mail isn't secure

You obviously need smarter friends.

Terrorism and PGP

[alpharoid]

Following the September 11-attacks, it was claimed in some reports that the U.S. authorities investigated if PGP was used to co-ordinate the attacks. Do you regret the decision to release PGP as freeware?

I don't really understand when people bring the subject of PGP being used by terrorists, and how this should weigh against the program. PGP is just a tool that makes encrytion easy for the regular user, and it's not something that suddenly brought encryption to terrorists. There has always been a very simple and effective encryption tool for strong cryptography, called the one-time pad.

I'm just saying that PGP has done nothing to facilitate terrorism. If terrorists really wanted encryption, they could have used it at any point, regardless of PGP's existence. And anyway, historically it seems that terrorists never really used electronic encryption for most of their planning.

Re:Terrorism and PGP

[blibbleblobble]

"I don't really understand when people bring the subject of PGP being used by terrorists, and how this should weigh against the program."

If anything, PGP makes life more difficult for the terrorist, unless we're suggesting that it's a good idea that potential targets use plaintext email when whey're planning their journeys, emailing hotels, etc.

"Blah blah blah, did I mention the [famous person's name] is visiting next thursday, blah blah.

I don't need to encrypt this do I? The government says that encryption is a bad thing.

I'll just email the rental company and check our boss' car, then plan a route on Autoroute Express and email it to the chicago office. No need to worry about security, I'll email to let the guy meeting him know the license-place to look out for.

Encryption? What's that? The news says that only bad people use encryption. I'd best send all this information plain-text.

Re:Terrorism and PGP

[Johnny+Pissoff]

Recently there have been a small number of cases in which terrorists using encryption have been in the news. In all the cases that I recall the terrorists generally did something like using the default Windows (not sure which version) encryption which is 56-bit or the like and it was broken. Once not even by the government but by the Wall Street Journal which obtained some encrypted hard drives in Afghanistan that they were able to crack.

Incidentally here's an interesting story about terrorists' use of encryption in Salon: The Encrypted Jihad

Re:Terrorism and PGP

[curious.corn]

Italian terrorist group "Red Brigades" militants responsible for the assasination of law professor Marco Biagi are said to have used encryption to store sensitive data on their Palm handhelds. Italian press mentioned something like symmetric key but nothing about key strenght (but our press is completely clueless when it comes to IT and some tech crime specialized policemen don't miss a chance to spread FUD). Sicilian Mafia bosses on the run have messengers carry carefully ironed and folded paper sheets to detect unauthorized access to the clear-text inside, while other use GSMs stolen or bought with false names. There's just an extremely wide array of information protection or obfuscation and singling one out just for the sake of 'calling enemy' is plain stupid... would you call Ford a criminal for helping bank robbers in their escape? The Wright brothers for making aeroplanes! Since dawn of mankind technology and scientific conceps have been used to kill people more efficiently but it doesn't mean we should turn back to berry-gathering.

Need for telephone encryption

[Johnny+Pissoff]

I'm surprised that the interview made no mention of the use of encryption in telephone communications. Recently Bruce Schneier in his Crypto-gram newsletter pointed out that based on the US governments report on wiretapping that telephone encryption was rarely encountered and even when it was encountered it never presented a problem to the government in obtaining the cleartext of such encrypted communications.

It seems there is a real need both for strong, open-source cryptographic solutions for VoIp applications and some kind of open-source hardware for telephone communications. Open source because presumably the problem with current telephony encryption is that its closed source implementation has made it easy for the government to crack, as Schneier points out.

Since PZ once wrote an PGPfone for encrypted VoIP communications I'd really like to hear his opinion on this topic.

Re:Need for telephone encryption

On a related note, there is a GPL program that now takes place of PGPphone to some extent. It is Speak Freely.

Re:Better than Aimee Deep

...anyone would be better than these idiots you trot out to talk about issues they are not qualified to have a meaningful opinion about

Personally, I like "ordinary" interviews over the "high profile" types.

Sure, their responses may not be polished, and sometimes their reasoning isn't completely solid. They're ordinary people who have in some way, shape, or form, been profoundly (and sometimes adversely) affected by cyber law/policy.

I'd rather listen to Joe Schmoe rant about the bogus cease and desist letters the RIAA is sending him over a silver-tongued RIAA lawyer any day of the week.

Fingerprints not absolutely reliable

[HermanAB]

As govs store more fingerprints, the odds of making identity mistakes increase enormously. So far, nobody cared about the relibility (or lack thereof) of fingerprint systems, since only criminals are fingerprinted. Once everybody is on file, it is sure to be a whole different story. If you are living on the west coast and gets picked up for a murder on the east coast, it may be possible to explain it away, but what if you live in the same neighborhood as the victim? So, eventually, all the information that is stored, will become full of entropy and noise and will be useless as a law enforcement tool.

Re:Fingerprints not absolutely reliable

>nobody cared about the relibility (or lack thereof) of fingerprint systems, since only criminals are fingerprinted (emphasis mine).

And anyone who applies for a Green Card, works for the Federal Government, etc, etc, etc.

for those to dumb to decript

Nice to see that Phil is still waving the banner for privacy rights, especially in light of the Patriot bill and other "anti-terrorism" legislation. Check out for some great alternative news articles.

Boo!

[Feztaa]

# Could [open source licenses like the GPL] have been an alternative for PGP instead of making it freeware?

There is a place for products under different licenses. There is a place for products under the GNU GPL, also cryptographic products. However, GNU GPL is not enough for everyoneâ(TM)s needs. Some software needs to be sold for profit. Some software can not depend on hobby-programming conducted on weekends and other spare-time by programmers having other day-jobs. There is a place for that. But PGP needs more focused development than that.

I'd really like to know how he feels about the GnuPG project, in that case.

It also kind of bothers me that he seems to think that the GPL prevents you from selling your code.

Re:Boo!

The GPL does prevent you from practically making the sold product different from the free one in terms of core functionality.

However, it does not prevent you from presenting and packaging the sold one differently (Ada Core Technologies does this, pretty successfully AFAIK).

Its for the public good

"So I haven't a clue where they get the idea that they need to wear a veil over their face"

These women do it because women from this part of the world have historically been "two baggers" and wear a heavy, stout veil to protect passer-by's against actual harm from looking at their "less-than-attractive" faces.

It could actually burn the retina, so its a good thing.

I read it somewhat differently

[tkrotchko]

"A person should be free to encrypt data, but not a company? "

I think the objection is not that companies encrypt data as part of DRM, its that the law prohibits you from decrypting without authorization from the owner with DRM.

Protection, it seems, that is not available to individuals using encryption.

Hey Anti-GPL Zealots listen up!

Giving away the source to your program doesn't prevent you from making a profit.

Repeat after me:
The source code isn't magic
The source code isn't magic
The source code isn't magic

Re:Better than Aimee Deep

[Realistic_Dragon]

A couple of favourites would be Ian Clarke (founder of the Freenet project) for a pro-freedom view (and the guy who runs CofE if you can track him down).

For an anti- or more preciley restriced- freedom viewpoint an interview with Parry Aftab of WiredPatrol (nee Cyberangels) would be interesting. Just beware that you won't get a word in edgeways - plesant but rather assertive :o)