Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Reports on Encryption

Posted by CmdrTaco on from the encrypt-this dept.

Loki writes "A few goverment reports on encryption. Mostly talking about the fears of letting the public have high grade encryption, and how that is a hindrance for law enforcment. " Somewhat older documents, and in .pdf format, but I guess that this is the FBIs justification. I'm so glad its all being challanged.

20 of 170 comments (clear)

  1. Enforcement is not the issue by Anonymous Coward · · Score: 2

    The government doesn't care about crypto with respect to law _enforcement_. How many times do you think they *really* run a DEScracker to sniff packets from somebody using 40-bit encryption?

    The _real_ issue is fear. When people know that the government *can* snoop on them, they are much more likely to stay in line. But if you hand them a mathematical proof that they cannot be snooped (assuming P=NP of course), the temptation to break the law is much greater.

  2. Crypto is defferent from doors, locks, and safes by Anonymous Coward · · Score: 2

    Doors, locks, and safes can be kicked down, cut off, or cut open with a torch. That's why the gov't doesn't care about all those deadbolts on your front door or your triple combination locked gunsafe. They can still get in when they need to. Even if your house is a fortress (armor plated walls, generators, stockpiled food and water, underground bunker, etc.) They can just cut off your water/power/gas and wait you out. You will have to come out eventually (recall the Montana freemen). But with strong crypto, the gov't is SCREWED. The info is locked away for the 1e35 years it would take to break it. No amount of brute force gets the data out. And if the one with the key in his head won't talk or is killed, well, that data is just random noise for all eternity.

    I've been toying with the idea of creating an encrypted filesystem for use under Linux (with strong crypto, not DES). You supply the password when you mount the FS (the password stays in memory to allow transparent access to the FS). If the FBI or other Bad Guys kicks down the door downstairs, you hit the power switch on your PC and *poof* your data is secure. Feds cannot mount your FS without the password and see noise otherwise. What am I trying to hide that requires this level of security you ask? That's not the point. It could be banking data, w4r3z, my personal phone book, or grandma's casserole recipe. The point is, my computer is an augment to my own brain and thoughts. And I have the right to protect it with the same level of security regardless of what I "might" be able to hide.

  3. Pot. Kettle. by John+Campbell · · Score: 2

    "republicans" ... "keeping thier butts out of private lives"...

    ROFLMAO!

    I'm not going to defend the Democrats, not after a Democratic President signed not one but two different CDAs into law. But remember, it was a Republican Congress that handed those bills to him to sign to begin with. Each of the major parties is exactly as bad as the other one. The differences at this point are nothing more than cosmetic.

    Screw 'em all. Vote Unarchist. Next time someone passes a law, stop and ask yourself, "Why am I obeying this law, anyway?" If you're honest about the answer to that question, you may surprise yourself...

    1. Re:Pot. Kettle. by John+Campbell · · Score: 2

      First incorrect assumption: That legality and morality necessarily have something to do with each other.

  4. M-x spook by copito · · Score: 2

    Emacs beat you to it.
    --

    --
    "L'IT c'est moi!"
  5. Re:How do they want to do this? by substrate · · Score: 2

    If crypto is illegal enforcing it before hand wouldn't be the goal. It'd be more workable enforcing it after the fact. You get picked up on some other offense, data on your hard drive is encrypted and an additional offense is added to the list. If you refuse to decrypt it there are probably present laws that they can already hit you with like interfering with a criminal investigation. It could end up being used a bit like tax laws were in the gangster days: We don't have the evidence to book you for murder, extortion, rape or racketeering but you were dumb and didn't pay your taxes. Off into the clink you go.

    OBDisclaimer: I'm not a lawyer and/or cop and to the best of my knowledge I'm not a criminal.

  6. Unbreakable encryption is easy, actually by grappler · · Score: 2

    I "invented" an unbreakable encryption scheme and used it with friends when I was, like, 10. It's very simple: Add the key to plaintext to get cyphertext. It's called a one time pad. Works perfectly, as long as you never use that key again. Impractical, but quite unbreakable. Of course, I was by no means the first person to come up with this - not by a long shot.

    Once you get into public key cryptography, I am convinced that there is always a shortcut to breaking it. It's just a matter of finding it.

    --
    Vidi, Vici, Veni
  7. Yeah but you can't export it by grappler · · Score: 2

    Subject says it all. They don't dispute your right to have it. But they don't want you to make it available to anyone overseas. That means it must be downloaded for a server that can tell the difference.

    It can't go into general use if it can't be exported.

    --
    Vidi, Vici, Veni
  8. One thing I forgot to say... by grappler · · Score: 2

    There was a article a couple weeks ago about the Linux OS winning first prize in a contest for computer art. The justification given by the judges was that they believe computer code is a form of artistic expression. If you want to use the bill of rights to justify strong crypto export, use that. Artistic expression is free from export controls, right? Computer code is art. Therefore... O.E.D. !!!!!!!!

    --
    Vidi, Vici, Veni
  9. Re:Freeh's Lame Arguments by Fizgig · · Score: 2

    "Would we allow a car to be driven with features which would evade and outrun police cars?" Well... yes, we would, unless high performance sports cars were banned while I wasn't looking.

    Don't forget radar detectors! Why are those things legal?

  10. Two points. by AJWM · · Score: 2

    ONe, it doesn't have to be random noise. Oh, if you're using something as simple as XOR, maybe it does so that the output is non-obvious. But with only a slightly more sophisticated one-time-pad lookup it could be an actual music CD, not just noise. The advantage is lower-obviousness during a physical search. (Mind, if they're really serious and suspect this is the technique you're using, they'll try to decrypt against every CD in your collection.)

    And you don't have to start with a new CD for each transmission, unless you're sending 650 MB at a shot. A single CD will cover a lot of message traffic. You just both (all involved) need to agree on which recording of which CD you're going to use.

    (The traditional low-tech version of this is using an agreed-upon edition of a mass market book, "Catcher In The Rye", say.)

    --
    -- Alastair
  11. Re:Strangely enough.... by AJWM · · Score: 2

    > without Gore [...]

    Problem is, if that gets repeated enough even in jest, people are going to end up believing it.

    Hell, it'd probably be horrifying to find out just how many people do believe it now (the ones that don't believe that Bill Gates/Microsoft invented the Internet.)

    --
    -- Alastair
  12. Re:Once encryption is outlawed only outlaws will.. by angelo · · Score: 2

    The point with crypto control is simple. If the "bad guys" have strong crypto, and the Gov't outlaws strong crypto, they can bust the "bad guys" for having crypto and get them off the street. Sound familiar? Ask the deceased Al Capone, who was "caught" for tax evasion.

    Go figure.

    --
    Lowmag.net
  13. How do they want to do this? by Moosbert · · Score: 2
    I have a few problems with this key recovery idea:
    • What algorithms do they want to use? An algorithm that has some sort of superkey can't be very good. Otherwise, would I have to send them a key everytime I encrypt something? (Of course I would do that over a secure connection, right? :)
    • Everybody knows that the stored keys will be used for unlawful purposes. The NSA is about the least trustworthy organization on the planet. Even those corporations that frequently pay it off know that.
    • They can't seriously believe that criminals will use their crappy endorsed products. Sure, many stupid ones will, but clever ones won't.
    • How do they plan on outlawing other encryption? There's an "unbreakable" encryption algorithm in chapter 12 of my math book; what prevents me from using it?
    As far as I am concerned, they'll never get away with that. Maybe laws will get passed, but this will never end up working.
    1. Re:How do they want to do this? by Stormin · · Score: 2

      I agree with the last point. Even if they pass legislation controlling crypto.. how the heck do they enforce it? If the cops come, I can just encrypt the crypto program with itself. Whos to say a random bit stream on my hard drive is encrypted data, and not just random leftovers from deleted temp files?

  14. NSA & Echelon by smutt · · Score: 2

    The only reason the US Intelligence community cares about encryption so much is because of Echelon. Echelon works in real time and the NSA has a finite amount of 'puter resources to throw at data interception. The feds need to insure that people don't use too strong of an encryption because then Echelon couldn't handle it. The NSA listens in to everything that enters or leaves the USA and the EU. If you don't believe me check out this link to an EU site.

    --
    The Information Revolution will be fought on the command line.
  15. Freeh's Lame Arguments by Steve+B · · Score: 5
    When reading " The Impact of Encryption on Public Safety", I noticed that Freeh cited several examples in which the bad guys were caught and convicted anyway. If anything, these cases are evidence against his position: they prove that the police simply do not need these additional powers.

    He then proceeds to silly analogies, such as "Would we allow a car to be driven with features which would evade and outrun police cars?" Well... yes, we would, unless high performance sports cars were banned while I wasn't looking.

    Freeh concludes with a complaint that strong encryption will "drastically change the balance of the Fourth Amendment". Well, perhaps so, but he is conveniently silent about technologies which have already tipped the balance in the other direction. The net effect of Freeh's position is to create a one-way ratchet -- technologies which degrade privacy (e.g. drug testing, look-through-walls IR, etc) are deployed as widely as possible, while technologies which enhance privacy (e.g. strong encryption) are restricted as tightly as possible.

    That said, there might be a case for mandatory key access if there were simply no other way for the police to surveil people who fall under legitimate suspicion. Fortunately, this is not the case -- just off the top of my head, I can think of three alternatives (planting a bug in the target's hardware, remote viewing of the target's monitor via Van Eck emissions, Trojan Horsing the target's crypto software).

    The fact that these alternatives are more work than sitting in one's office and pulling up the target's key is, frankly, not my problem. The fact that these alternatives do not scale nearly as well as the government's desired mandatory-key-access regime (and are thus unsuitable for mass surveillance), is, IMO, a feature. The fact that the government seems to regard it as a bug raises a big red warning flag.
    /.

    --
    /. If the government wants us to respect the law, it should set a better example.
  16. Re:Playing Both Sides by 1010011010 · · Score: 2

    Hey! Yeah! I we have a right to keep and bear arms, and encryption is considered an armament, we have a Constitutional right to have it!

    Someone call the NRA!

    --
    Napster-to-go says "Fill and refill your compatible MP3 player", which is a lie. It's not MP3. It's WMA with DRM.
  17. Playing with the Spooks' minds by Ristoril · · Score: 2
    A couple friends of mine and I have been mulling over the idea of placing encrypted sig files at the end of our email to each other to keep the NSA, FBI, or whoever busy. The idea, as my friend explained it to me, was to bog them down so much in cracking useless files that they stop, become more selective, or something.

    That, and placing words like 'bomb', 'allah', 'assassinate', 'president', etc. randomly in the body. That was after seeing Enemy of the State.

    We were bored college students, though.

  18. Government Against Ecryption? Ever wonder why? by Lord+Bitman · · Score: 2

    It's because they want us to believe them when they say that they wont invade privacy. When we dont trust them, and use encryption, Suddenly they cant know what we're talking about, And so they ask us nicely to stop Encrypting things, Not that they want to look at what a nice day you're having and how is your mother doing, They just dont want you to encrypt anything.. yeah.. that's logical, right?

    How do they even know when people are using "Illeagal" encryption unless they're violating privacy in the first place?

    What's next? will it now be illeagal to write letters in a language that the National Security Adviser doesnt understand?

    If it becomes illeagal to protect ourselves, that will only bring on better methods of doing so.

    But wait, Look at it this way: If you make using encryption illeagal, what will that do?
    Arent the people they want to catch, but cant, because of encryption, already breaking the law?

    This is just further proof that the Gov't just doesnt want encryption, so it can invade our privacy more easily.

    --
    -- 'The' Lord and Master Bitman On High, Master Of All