Slashdot Mirror
Zimmermann, Encrypted VoIP, and Uncle Sam
An anonymous reader noted that Phillip Zimmermann and his VoIP encryption software are the subject of a NY Times article today. The article touches on the FCC, privacy, and related issues. Given all the suspicious behavior of the Bush Administration relating to wiretaps and phone records, this sort of thing is all the more important to be very aware of.
From another NYTimes article, Bush Aide Defends Eavesdropping on Phone Calls(emphasis mine):
So why exactly is the government getting their knickers in a twist over Zfone? After all, the program is just intended to compile a database of call information, not actually listen to the content of the conversations. Doing that, as the administration has repeatedly told us, would require a court order.
So if you have a person you suspect from the numbers he's connected with, and you do obtain that court order, and it turns out he's using Zfone, there are other ways of getting the content of that conversation (hint: it has to be unencrypted at some point, so the 'terrorists' can understand each other). Arduous, sure, but since this will be done on only a select few, it's not that much of a hardship.
No, the reason the government doesn't like Zfone is because they want perform blanket surveillance on all American citizens; to listen to all our calls, all the time. By utilizing speech-recognition software and an ever growing list of suspect words and phrases, they will be able to keep tabs on the unruly U.S. population, weeding out terrorists, political dissidents, environmentalists, Democrats, and other 'undesirables'.
____
~ |rip/\/\aster /\/\onkey
Very true. But whenever technology gets involved in a discussion, people's eyes sort of glaze over. No one knows what's going on, they just hear Internet phone calls, terrorism, and encryption. While you and I know that anyone intercepting a packet (encrypted or not) can tell where it came from and where it's going, America doesn't. They probably think it's an effort at parity between VOIP and normal phone calls (if they know what VOIP is).
For the same reason I keep the curtains drawn in my bedroom windows at night, esp. when the s/o gets frisky.
Just because me and my s/o's bedroom activities are perfectly legal doesn't mean I want everyone else (let alone the government) monitoring it.
Quo usque tandem abutere, Nimbus, patientia nostra?
Terrorists are already using encryption to protect their privacy. Don't you think you should as well?
If he's still using the system he presented last summer at BlackHat, he's actually doing something rather clever:
The system does a standard Diffie-Hellman key exchange between the two softphones, and hashes that exchange to words that each caller is supposed to read to the other (you see what they're supposed to say, and they see what you're supposed to say). So, unless the man-in-the-middle can also impersonate your voice, MITM'ing the connection is very difficult.
Also, the hashes used to generate that vocal exchange are stored for each destination you call for every call, and fed into the new hash generation. So, even if you skip a round of comparing the hashes, if you do it for a later call & it works, you can be assured that the *previous* call was also clean.
Before you launch into yet another tirade against the president, bear in mind that our divided Congress consistently allows things like this. This isn't a Bush thing or a Republican thing. This is a beaurocratic, ivory tower, professional politician thing. This happens because we elect the very wealthy from both parties, so that the majority of our elective government has very little connection with their constituents. We create political dynasties, voting for celebrities rather than leaders. Our current political situation isn't due to one man or one party, but rather one entire nation ignoring its own wellbeing in favor of the candidate with the best sound-bites and the stiffest hair. We might as well be getting our political news from E!: who cares how they voted, let's find out which congressman is cheating on his wife this week and what Hillary wore to session today.
120 characters for a sig? That's bloody useless.
If they have sufficient evidence to meet a reasonable probable cause standard, why not just let them into the house to bug the device itself? There are devices out there for keyboards which have a few hundred KB of memory and that sit between the keyboard and the port on the back of the PC.
They don't need to block encryption, except to keep tabs on people that wouldn't meet the legal requirements. If they can't meet the legal requirements for a warrant to break into the suspect's house and bug them, then chances are the person hasn't committed a crime.
From "The Eternal Value of Privacy" by Bruce Schneier in Wired (http://www.wired.com/news/columns/0,70886-0.html
"... accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect."
Free minds. The greatest chilling effect of universal surveillance doesn't come from men in black vans. It comes from being unveiled as a Commie, or an Islamic Sympathizer, or even A Guy Who Googled for "Fatties" in front of your friends/employers/relatives/whatever. The greatest force against freedom in our society is us.
Not one of Sen. McCarthy's victims was actually thrown in a gulag. Think about that. They weren't fired by the government. They were fired by PHBs who acted in blind sympathy with loudmouthed bureaucrats. There would have been no McCarthyism if the public had not been willing to punish itself for unpopular thought and/or speech.
We need a society in which there's no difference between what's illegal and what harms others, and holds all other things not only legal, but acceptable. Once we have that society, people who have done nothing to harm others really will have little to fear. But there's one more thing: If we're going to use public safety as an excuse for universal surveillance, we have to give the power of surveillance to everyone, not just government.
Privacy advocates might cringe at that last statment, but consider this: People are getting more wired, surveillance is getting easier and cheaper, and that trend may never reverse. There may be nothing we can do to stop privacy from dying. Maybe we should start thinking about what we're going to do when it does.
Step into a huge movement. Don't Tread In Me.
The problem is, far Far FAR FAR more often it is not.
But it is ALWAYS subject to abuse.
Being Free means that we accept the risk that the "bad guys" will abuse that Freedom to hurt/kill some of our citizens.
But they will never defeat us. Only we can do that by surrendering our Freedom for the illusion of "safety".
You sir, are a hero. Thank you for your work.
Then why do you insist on having people register in order to download, instead of providing a simple link?
For better or worse, people interested in this type of technology also have a vested interest in anonymity.
> By utilizing speech-recognition software and an ever growing list of suspect words and phrases,
> they will be able to keep tabs on the unruly U.S. population, weeding out terrorists,
> political dissidents, environmentalists, Democrats, and other 'undesirables'.
Those evil Republicans! Except, wait... wasn't it the Clinton Administration that launched a 3-year criminal investigation of Phil Zimmerman in 1993?
And wasn't that the same President who championed the Clipper chip, so the government would have the keys it needed to decrypt your phone calls?I contend that they can find Bin Laden, but don't really want to. The minute he's captured, any (remaining) support for continuing the "War On Terror" goes right out the window. As long as he's out there, the administration can yell "9/11" to justify anything they want and the sheeple will buy it.
Flame me if you want, but the Bush Administration is EVIL. I'm not saying that Bush himself is evil (he's not that smart), but his policies and cronies - you know it baby.
It must have been something you assimilated. . . .
Sorry but the idea that we all have to give up our freedom to be safe and free is just beyond stupid.
Thanks to eating disorders most chicks are reasonably good looking these days.
If your key is long enough, #3 would require super-computers larger than The Sun. No government is as powerful as exponential growth :-)
You should study crypto before posting.
A slashdotter who didn't build his own computer is like a Jedi who didn't build his own lightsaber.
"Is the government enforcing a law that terrifying to you?"
Depends on the law. A substantial fraction of the recent ones are, in fact, pretty terrifying.
Why yes, I AM a rocket scientist!
why would people with nothing to hide want to encrypt their conversations.
Because it's none of your fucking business that's why
Seven puppies were harmed during the making of this post.
So, you don't use envelopes for mail either, do you?
Why yes, I AM a rocket scientist!
You're right - my post was an oversimplification. Talking loudly in a movie theater steps on the toes of other moviegoers, and you should be able to snark at those people without having them arrested. I guess my point was that "your freedom ends where my nose begins," is a system that works better when people are less nose-y.
Gay marriage is a perfect example. When this subject comes up, people turn out in droves to vote against other people's freedom. And then they complain when the majority votes to outlaw their rifle collection, or to make their smoking habit ruinously expensive, not realizing that by voting to manage someone else's behavior, they've just legitimized society's power to manage theirs.
And that gets back into the power of law, but the same principles apply to what people accept or don't accept in each other. If I establish that it's okay for me to fire someone purely for being gay/Commie/whatever, then I've also established that it's okay for you to fire me for being ugly/Democrat/whatever.
Step into a huge movement. Don't Tread In Me.
From TFL:
Your going to a lot of trouble for just about no gain at all. This system can and probably does not in any substantive way impede anyone from a blacklisted nation from downloading the software. It only alienates people who are casually interested, i.e. your main user base.
I can understand your situation. You're in a country where it is effectively illegal to publish online any piece of software that contains even the most basic of encryption algorithims. The situation is of course ludacrious, as such algorithims have long been in the public domain, at least as far as knowladge is concerned.
The purpose of the law of course, is not to prevent the export of encryption to forgein countries. They already have these algorithims. Nor is it to prevent access to the terrorist boegyman. They either don't use it, or can easily get access to encryption.
No. The purpose of the law is to hang the sword of damocles over the head of anyone who wants to bring safe and secure communication to the masses. The government doesn't want the masses to encrypt their traffic, and they use this law to impede the distrobution of your software and others like it.
I think you need to give up the ghost here. If your government wants to shut you down. they will, regardless of how much you try to comply with export restrictions it will never be good enough. I think you need to stop playing by rules where you can't possibly win and simply go all out in an effort to get as many people using zfone as possible. All out. Unrestricted downloads, ease of use, ad campaign, browser plugins, whatever. Just do anything to get as many people using encrypted VOIP as you possibly can, because until then, your software will remain one the fringe where it's easier to shut down.
If everyone and the Senator's daughter is using secure VOIP, it's only then that people will realise they have somthing to lose, and you'll have a better defense. Before that everyone who uses SVOIP is "aiding terrorism", not protecting people's privacy. Until Aunt Tillie is using your software, this angle can and will be played. You should do everything to get her onside ASAP.
May the Maths Be with you!
The OFAC list is seriously fscked as it is orientated purely around latin representations of names. From many languages (i.e., Arabic, Cyrillic) there are multiple latin transliterations. The data is usually of dubious provenance and there may be discrepancies between the same entity listed in two diffent places.
See my journal, I write things there