Slashdot Mirror
EU To Counter Echelon With Quantum Cryptography?
jfruhlinger writes "An article on Security.ITWorld.com seems to outline a coming information arms race. The European Union has decided to respond to the Echelon project by funding research into supposedly unbreakable quantum cryptography that will keep EU data out of Echelon's maw. Leaving aside the question of whether such a thing is possible, the political implications are troubling, indicating a widening rift within the Western world. Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors."
Wouldn't it be a lot easier to just use SSL and/or IPSec with well peer-reviewed algorythms, and H.323 for voice communications so they too can be wrapped in IPSec?
Interestingly, the UK is part of the EU, but its intelligence services are among Echelon's sponsors.
The UK has its butt sitting on 2 chairs. On one hand they sort of behave like a US state, with Tony as governor, and on the other as a half-willing EU member, in large part thanks to Mrs Thatcher. One of these days they'll have to decide which continent they want to be part of.
And I have a feeling that, if the population has a say, they'll embrace the EU eventually. Of course, the population rarely has a true say in any country though...
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
My first thought was "if I was doing something like this I wouldn't say anything on a news site" and my second thought was "oh... they'd know anyway".
that the US spies on its "friends" in the first place.
It may be naive, but if you want respect you have to give respect.
If there is a "growing rift" in the Western hemisphere, who the fuck do you think is responsible for this -- the ones who are pissed off about the eavesdropping and are trying to do something to stop it (and think for a moment about the fact that they're trying encryption rather than attempting to convince the US et al. that it's a Bad Thing...what does that tell you about their chances of actually convincing anyone to stop anything?), or the countries and intelligence agencies that decided this was acceptable in the first place?
Sorry for the shouting, but this intellectual coyness does not become you.
Carousel is a lie!
Also, I don't think people realize how strong cryptography is today. There are cryptographic methods available to the public at large (such as RC5 and PGP) that are proven to require more computing power than is theoretically possible in the universe. Not just more computing power than is possible with current hardware, but the theoretical limits of computation given the entire resources of the universe. So really, it seems that a lot of ignorance is at play here, and I would hope someone clueful in the EU informs their EU government before they go off and waste a whole lot of taxpayer money on such a foolish project.
Software piracy is victimless theft.
As someone who lives in the UK, I think our stance on this is ridiculous, and a legacy of WW2. We're an important and influential member of the EU, and the last couple of years should have made it obvious that a close relationship with the US damages our relationship with the rest of Europe (and the wider world) and only benefits the Americans. In the post Empire world, Britain's role is as a democratic and decent European nation. We should not support pre-emptive war or the Israeli's mistreatment of the native Palestinians.
Oi, Blair! Sort it out.
Ronald Reagan, despite what anyone believes about his presidency came up with one good saying regarding communism. Trust - but verify. I more or less trust all our friends in the EU (well, except France). I trust them more when I have gone over all thier top secret communications and I know they aren't planning to nuke me.
Karma: SELECT `karma` FROM `users` WHERE `userid`=138474;
RSA 2048 is pretty much unbreakable, if they really cared so much about Echelon (which IMHO is a disgusting thing), they'd simply make it standard. The main advantage is that minor changes would be required to the existing infrastructure.
The Raven
Nope, quantum entanglement isn't used in Quantum Encryption.
As a matter of fact, you probably couldn't communicate reliably with quantum-based communication, much less quantum encryption or using quantum entanglement to communicate securely, as you hinted.
Also, I want to add a note that I personally think it shouldn't be called Quantum Encryption but "Quantum Key Distribution"(QKD), as it is a much better name for it. They use the property of quantum mechanics to exchange a key which allows them to use the one-time pad method to encrypt the message, which MUCH less logistical problems, and no way to intercept the key. The encryption algorithm is purely classical and not quantum-based. This makes QKD in such a way that it allows 2 people to communicate without anyone being able to intercept the keys with any known attacks/methods(timed, man-in-the-middle, etc.), they can only prevent them from exchanging a key and thus communicating(which in some case might be worst tho).
In regards the US experience:
WWI - the Belgian mistreatment was deplorable, but what drove the US into this war was the unrestricted submarine warfare and such stupidity as the Zimmermann note. There were no mutual interests really - Wilson tried to be almost quaintly fair in his peace terms which were summarily rejected by the rest of the Allies with their millions of corpses. Wilson came back, had his stroke, and that was it for internationalism in the US. Back to sleep...
WWII - We stayed out of the war for three years. I'm not going to say there was no sympathy for Britain, but there was no desire to get embroiled in a war anywhere. Even the sinking of US ships in the North Atlantic was insufficient: it required the attack at Pearl Harbor to drive us to war. Even then, there was no real solidarity with Europe. There was a job to be done, an danger to be eradicated. We did this, and formed the UN in an attempt to deter future war. Based upon formulae agreed upon at Yalta and elsewhere, we occupied the former Axis and maintained some troop strength there, which would not previously have been a normal American thing to do.
Cold War - The Cold War was once again fed by fear of Soviet aggression rather than any kind of solidarity with Europe. We assumed that fighting the Communists would be better done in Europe than on our own shores.
Now, please note that these events were similarly perceived elsewhere -i'm sure no British patriot thinks that us taking a pass on WWII for 3 years while they got pounded was a good idea, for instance.
My point simply is that US interests are not congruent with those of Europe and very likely never will be. Immediacy of threats has masked this for a long time , but it should not be mistaken. There never has been any kumbaya singing going on at either side of the Atlantic.
HBI's Law: Frequency of calling others Nazis is directly correlated with the likelihood of the accuser being Communist.
OK, some quick rules on statecraft.
1. There are no such things as friends. Only allies in a given struggle.
2. The goal of a government is self preservation, not preservation of a given alliance or treaty.
3. The fact that say France and Germany are not the same country should give you an idea that said people's have different ideas on what self preservation means. Therefore on the points of difference there needs to be vigillance.
4. Most governemnts are not moral agents (I can't think of any at this give time, though arguments can me made for theoracies), so don't expect them to act like one.
5. Because of the above there will always be:
5a. Secrets
5b. Worrying about Allies secrets.
QC doesn't even prevent a man-in-the-middle attack. All you need to do is splice your tap in to the fibre (or whatever) and do QC with the two ends.
Paul.
You are lost in a twisty maze of little standards, all different.
If conventional encryption and transmission is deemed sufficiently secure for transmitting the messages, a quantum exchange of keys does not add significantly to the security of the communication. It would surely be easier and cheaper to organize physical transfer of one-time pads than to install all the necessary infrastructure to support the key exchange.
The EP were obviously taken in by buzzwords, but at least the research will advance the state of the art.
flossie
Write now. Defend liberty
Economic espionage has caused serious harm to European companies in the past, Monyk said. "With this project we will be making an essential contribution to the economic independence of Europe."
Translated: "with this project, we can bribe third-parties without getting caught."
Or: "with this project, we will re-enable our large European multinational corporations to bribe rich but corrupt third-world governments without having to worry about Echelon-based 'allies' catching us."
(OK OK, don't take my cynical remarks too seriously. But if you haven't read about this angle, it is pretty close to the US position as outlined in this ex-CIA director's remarks on it here and here. Don't forget the ever-needed grain of salt with all things Echelon.)
--LP
Although quantum crypto secures the fiber, it does nothing for the equipment on either end. Routers, switches, ISP mail servers, etc. remain accessible.
Until Linksys sells a consumer quantum WAN interface, CISCO sells quantum Layer 3 switches, and all the telcos fiber-up with quantum crypto repeaters, the whole system is vulnerable to snooping.
Two wrongs don't make a right, but three lefts do.
I believe the answer is "Fahrenheit 451"
Seriously, when they start demonstrating that they can make use of the enormous amount of information they already have, then maybe I'll consider giving them more.
Instead they seem to produce a large amount of bullshit a lot of the time. Far as I can see the NSA and other 'intelligence agencies' around the world are full of creeps and lamers who get off on the idea of pretending to be James Bond and listening to your phone calls.
Perhaps, but then again, how many respected Nazi researchers believed that the allies had cracked the Enigma code?
It was not unreasonable for them to have suspected so. The integrity of Enigma relied heavily on keeping the machines and codebooks out of allied hands - had the Germans known that the allies had managed to get ahold of those things, the impressive effort of Turing & co. to go the last bit would not have been inconceivable to his German counterparts.
If the NSA can really crack any of our modern cryptographical methods, then they are at least forty fifty years ahead of the rest of world in both mathematics and computing. Is that conceivable? And if they are, then they can't really do anything with what they find anyways, since they would have to spend most of their energy keeping the secret.
Basically you are trying to score cheap points (read karma) but making a comparison that doesn't hold, but that plays on peoples emotions. It's the equivalent of responding to any comment advocating avoiding war with: "That's what Chamberlain thought."
from what I know people are making a huge deal out of irrelevant details.
who cares about tiny scraps of information like this when you're ignoring 1000 ft danger signs such as the 9/11 hijakers learning to fly in the US and specifically saying they don't care about learning how to land?
Parent is right, moderation is shit - it's not off topic. The Europeans won't really do anything that'll make it harder for the US to spy on them. They'll make some noise, but no one is really interested in going up against America. So yeah - look forward to biometrics, people. I really wonder, looking into the future...
How many of the people reading this today, 20 years from now, after leading a life of quiet desperation at seeing their world erode around them, will suddenly stop in the airport, or wherever, and say "No, you can't have my fingerprints, fuck you, I'm tired of putting up with your shit", and be taken away quietly-like, to the backroom with the nice people in masks holding needles. I really do wonder how many.
It is a basic fact that IF there is a technology that does something invasive and useful for governments that it will be used. No privacy group, or advocate of freedom will stop it. So people adjust, or rebel and die. There will be new ways of outwitting the technologies of course, and life won't really change - just take new forms. The dance will continue, one day without us. The only question is, how many of us today will die ``with our boots on'', or quietly in bed, at a ripe old age, with the bitter knowledge of being unable to have done anything.
Sorry to disapoint you: you are wrong. Let me explain a bit.
First, it's not Quantum Intrusion Detection. It's Quantum Key Distribution. It allows 2 people to exchange a randomly generated key as long as the message, used in a one-time pad scheme.
They trick is that the exchange of the key is unconditionally secure. Not only does it tells you when part of the key is intercepted, it also 'aborts'. The only thing an eavesdropper can do is to prevent you from communicating. If the communication is successful, then no one eavesdropped or got enough information on the key to jeopardize the exchange.
This is the beauty of it.
So no, it's not Quantum Encryption per see, as the encryption is done in classical term using one-time pad method, but it's not Quantum Intrusion Detection either. It's a very ingenious mix of both quantum and classical method which results in an unconditionally secure method of encryption.
And, I'd have to talk about Gilles Brassard(he teaches at the "Universite de Montreal" where I study). about stripping his degrees, as he's the co-inventor of quantum encryption and computing in general. I think he'd laugh but agree that Quantum Encryption is the resulting solution, not the means. "Encryption using quantum principles" might be more revelent, but quite longuer. Quantum Key Distribution is my personal favorite.
And what do you suppose this does for your Chinese friends? Perhaps put suspicion on them with the Chinese government that they are American SPIES? This probibly isn't a good idea for the health of your Chinese friends.
Better still, send unencrypted streams of data collected from a pure random source (white noise from a microphone placed next to the cooling fan is my favorite). Although, I'm sure they'll be able to decipher this, and find some meaningful message.
Echelon could have already been countered by Microsoft, but just like with VB-script worms and pop-up windows (which could also have been prevented) they didnt. I dont know if its stupidity or something else going on, but given the market share of Outlook if microsoft implemented encryption by default (could even be weak and tied to your current password) Echelon wouldnt have a hope in hell of decrypting everything for a keyword flagging, they might just manage a few choice emails that they were already watching and only if they stuck a good chunk of processing resources on it. You dont need very strong crypto, you just need everyone to be doing it.
This comment does not represent the views or opinions of the user.
The point isn't to use the quantum entanglement to directly pass information back and forth; rather it is to distribute a key for a one time pad.
There is no such things as "a key for a one time pad". The one time pad is the key. The needed part of the pad is also as long as the message itself, so you can't save anything by transmitting the pad excerpt instead of the message itself.
THERE IS NO OTHER NEWS!
... and it scares me to know that I'm the one opening their eyes to this.
Anyone else notice that no one in the U.S. of A knows what Echelon is? I've asked co-worker after co-worker, relative after relativc, friend after friend
What is this 10 years now that I've been raving about it. And not once EVER has there been at least a little 15 second side spot , or ticker note at the bottom about Echelon.
Love my Country:Fear my Government
*DrugCheese rants*
that is not necessrily true. it can be argued that 9/11 succeeded because there was so much information that they missed the important parts. it's clear from the investigation that there were numerous failings which had nothing to do with the amount of information, only its processing.
Everyone--from good hearted people to downright argumentative trolls--misses the point on spying.
I don't care about online privacy. I'm not worried about government spooks sifting through my e-mail or web surfing habits and finding out that I like brunettes with long legs, long hair, and almond shaped eyes. It really doesn't concern me. If it were some supercomputer sitting in a back room chewing through e-mail looking for "homicide, suicide, terror, assassinate, secret, password, 9/11" or some other stupid set of keywords or tracing kiddie porn that'd be fine by me. At least until the anti-pr0n people decide that moral righteousness has no bounds and start coming after willing adults with no real sex life and a speedy net connection.
Face it. We live in the real world. People in power let it go to their heads and they often use it for purposes other than those in which it was given to them for.
What I'm worried about is that the guy down the block is an FBI agent. Or CIA. Or NSA. Or some local politician who knows one. One day I'm walking down the street and a candy wrapper drops out of my pocket onto his lawn. Now this guy is such a straight laced Bible thumping tight a__ POS that he uses his political muscle to find out who I am and begin harassing me. "He dropped a candy wrapper on my lawn! He's a litterer! He's no good for society! Besides, I saw him carrying home a six-pack of beer! He must be an alcoholic as well!"
Where's the check and balance? There is none. Who could prove it? No one. Who can stop it? No one.
Echelon, Big Brother surveillance, the Anti-Terror bill. They all suck for the same reason that the Windows registry sucks: there's no way to secure them from people misusing them to hijack the system.
+++ATHZ 99:5:80
Every country with any capability at all has done this for all of recorded history.
The US spies on everyone because it has the technical means to do so. The USSR/Russia does it, France, the UK, everyone does it. It is sometimes used to feed information to big businesses (by all countries!).
Just realize that by and large, everyone reading this story lives in a country that does it, and that every country WOULD do it if they had the resources.
The strong do what they can, while the weak suffer what they must.
The US has NEVER had an educated public.
At that point they will adopt the euro, which will cause serious reverberations on Wall Street. Remember that the balance of trade deficit in the US can only be sustained as long as capital from Asia and Europe keeps flowing into the US at a rate of $1 B / day. The US ought to create a strategy to hold Britain else a huge amount of British capital is going to flow into European markets when they finally make the sensible choice.. Britain is the largest foreign investor state in the US.
Anyhow such a choice as Emmanuel Todd suggests could crash the dollar, but really it would be only the last straw; the balance of trade deficit will be what crashes the dollar, when they day comes that Frankfurt or Tokyo looks more stable than the US.
The point is to send the key first so you don't comprimise any of your data. If the key is ganked, then you know not to submit the message. Once the key transmission is complete and verified as successful, then you send your message. If the message is intercepted, but the key is not, the interceptor then has the non-trivial task of decrypting without a key.
Slashdot is proof that Sturgeon's Law applies to mankind.
I think this development need not be regarded with any sort of alarmism.
Plays violent online games as: Nerfherder76
"...(it would be against the laws of physics assuming the cryptography is implemented correctly)..."
Yeah, but, the "laws of physics" can be broken in a paradigm shift (ask Copernicus). So what the guy was saying is that in the future, today's laws may be yesterdays parametric theories. Heck we even know that the laws of physics break down in extreme environments, such as approaching singularity. So, since these laws are not infallible or completely Universal, it follows that Quantum Cryptography could possibly have a fault. Heck, that probability is even demanded by Quantum Theory itself.
Authority questions you. Return the favor.
You assume catching "regular" criminals is high-priority for the goverment, which it probably isn't. IF they can break it, it would be far more valuable to use it for military purposes and against terrorists, and keeping it a secret is worth more than catching some random mobster.
Catching a terrorist, or "unlawful combatant" or whatever the mot-du-jour is, using this technology, will NOT become common knowledge, since it's not like terrorists get anything resembling a fair and open trial on their island resort in the carribean, is it?
Not that I think they can break it quite that fast, at least not in bulk.
Be wary of any facts that confirm your opinion.
Yep. I too am somewhat alarmed at the immediate opinions expressed of "America" by kids here (Ireland). It's all well and good us University students debating current affairs and bashing US foreign (and domestic) policy, but when enough ill-feeling has spread that those who do not understand or follow all the issues are influenced - it's time to get worried.
As long as things continue as they are going, I'm sorry folks, but the US is going to be less and less respected in Europe. Unfortunately, people will also begin (continue?) to blur the line between the government and people.
In fact, I would be more Anti-American than I am now, were it not for making some American friends last year (during the Iraq invasion of all times!) and going over to the US for the first time to visit.
People will easily forget all the great and wonderful things about the US. Hatred and ill-feeling is much more persuasive.
The US government's direction needs to change. Probably more than just switching to Kerry! (A more democratic voting system would be a good start!)
-- *~()____) This message will self-destruct in 5 seconds...
The one that really gets me, though, is when you point out to a person a piece of the un-reported world, (like, say, point up at a nice chemtrail tic-tac-toe display being sprayed overhead), and see the person go through the following series of reactions. .
And you know, fair enough! I don't know what's really going on in the skies, or in the communications system, or anywhere else for that matter. The problem is that the signs and indications of nefarious weird shit are still there and are getting louder all the time. The difference between the two types of people is that some want to know what's really going on in the world and are willing to look and think and discuss and slowly build up a picture of the truth, while others prefer to hide from unsettling thoughts at all cost.
Nobody can force another's eyes open. As much as you might want to share your insights and wonder at the miraculous and startling world unfolding all around us, some people are simply going to prefer their TV reality.
I don't understand it and I find it hard not to grow disrespectful, but I've given up trying to change it. Abandon the fearful and get new friends; that's all you can do.
Best quote: "Those with the courage of a Lion will not have the fate of a Mouse."
-FL
That would be true for the FBI and police. The NSA and CIA don't really need to prosecute anyone or prove anything at court, though. They both gather intelligence, and tend to do so in any way the like - the latter generally through the wonderful methods of murder, torture, bribery, extortion, coups and blackmail, all in the interest of US national security. It is almost certain that if they had broken PGP the broad public would be unaware.
So, EU governments want "unbreakable" encryption - this will secure the data in transit. But what good is that, when the endpoints are Exchange servers and Cisco routers (products produced by companies under control of a foreign government).
A few years ago the swedish government went ballistic when they found out that the encryption software they used (to protect the secrecy of internal swedish government documents) was produced by a US company, and someone was kind enough to tell them that since it was a closed source proprietary product, then had no way of knowing that the secrets were in fact kept secret.
Having insecure endpoints make any transport encryption pretty pointless. But I guess this is not something one can expect a politician to understand.