Slashdot Mirror

← Back to Stories (view on slashdot.org)

U.S. Using Key Escrow To Steal Secrets?

Posted by CowboyNeal on from the security-through-obscurity dept.

Anonymous Coward writes "US/UK stealing industrial secrets?
Report: U.S. Uses Key Escrow To Steal Secrets "

4 of 207 comments (clear)

  1. Use strong crypto whether you need it or not by lutter · · Score: 5

    I'm appalled by these findings. I always dismissed stories of what the spooks are listening to as totally blown out of proportion. Not any more. After reading the technical details section in the report it seems clear that the NSA so far must be ecstatic with joy over the popularity of the Internet: less pesky voice recognition, less error-prone handwriting recognition, more digital food, easy to digest, high in information content and relatively easy to filter.

    I think the best way to make the spooks life harder is for as many people as possible to use strong crypto: the more well-encrypted messages they listen to the more resources they have to dedicate to the much harder task of breaking strong crypto rather than developing strong filters.

    If I were a company interested in keeping my stuff secret, I wouldn't buy any American software: the Lotus example in the report is ridiculous --- does the US government really need a convenient way of listening in on the Swiss governments internal dealings ?

    The only reasonable choice is Free Software. Use GPG, hit on it, beat on it, try to break it until we can believe it's reasonably secure.

    Fill the Internet with encrypted noise to get the spooks sweating. It's not important if they can break your 'Happy birthday, Mom!' message; but all those encrypted 'Happy birthday' messages might keep them from reading the stuff you really don't want anybody to read.

  2. Complete Report and Recommendations by Carl · · Score: 5

    The complete report has some nice recommendations. Such as:

    2. At the technical level, protective measures may best be focused on defeating hostile Comint activity by denying access or, where this is impractical or impossible, preventing processing of message content and associated traffic information by general use of cryptography.

    5. At the present time, Internet browsers and other software used in almost every personal computer in Europe is deliberately disabled such that "secure" communications they send can, if collected, be read without difficulty by NSA. US manufacturers are compelled to make these arrangements under US export rules. A level playing field is important. Consideration could be given to a countermeasure whereby, if systems with disabled cryptographic systems are sold outside the United States, they should be required to conform to an "open standard" such that third parties and other nations may provide additional
    applications which restore the level of security to at least enjoyed by domestic US customers.

    We could tell them that is already possible :)

  3. Re:perhaps I'm wrong, but... by garrettdm · · Score: 5
    Ever wonder why the F-117 (the "stealth fighter") is composed of flat panels, all at odd angles? For purposes of stealth aircraft, corners are bad ju-ju.

    I realize that this is off topic, but I felt I had to respond...

    The f-117, and all of its flat panels are actually based on the "hopeless diamond" design. It is a very angular geometrical shape that is completely invisible to radar. The math behind it was developed by some german scientist.

    When placed in a radar test chamber, the f-117 completely disappears. In fact, one of the sticking points in the development of the F-117 was figuring out how to hide the radar cross-section of the pilot's head through the window of the plane. The solution... Coat the window with a transparent film of gold.

    So, to sum up, the F-117 design was not due to lack of computing power, but rather the mathematics of stealth.

    --David Garrett

    --
    Never attribute to malice that which can be more easily attributed to stupidity -- Hanlon's Razor
  4. I feel the whole thing's overblown... by Kaa · · Score: 5

    I don't like key escrow at all and have strong feelings about my own right to privacy. However the article in question is just fluff. Think about it: it is a report generated from the bowels of European bureacracy which has repeatedly proved itself to be totally clueless, and has numerous axes to grind. Basically, the report says two things:

    One, the US/UK/etc. intelligence agencies collect data from the world communications network. So? Does this surprise anybody? Didn't we hear about it a zillion times before? Would anybody expect any intelligence agency with proper capabilities to do otherwise? So the UK spooks have a terabyte of Usenet data. Big deal. If I had a terabyte of storage handy I could have it, too. DejaNews likely has much more. Usenet is public forum anyway so I don't see any problems here.

    Two, US intelligence agencies use intercepted data for commercial advantage of US companies. Again, this is old news. The report doesn't add any new hard data except some vague allegations that I (at least) have heard before. Airbus has been bitching about being spied upon for years by now.

    In any case I don't see what this has to do with key escrow. It was a bad idea, it is a bad idea and it will stay a bad idea. *Of course* the spooks love it, but that's only to be expected and has been demonstrated numerous times before.

    So I guess I don't understand what the whole noise is about.

    Kaa

    --

    Kaa
    Kaa's Law: In any sufficiently large group of people most are idiots.