Slashdot Mirror
DOJ wants Court to re-think Pro-Crypto Ruling
ptevis writes "There's a story over on Wired News about the DOJ asking the Ninth Circuit Court of Appeals to reconsider their decision in May's landamrk crypto case. It's got some interesting info about where the case may go from here and what the government may try to do. " This stems from the lawsuit from the University of Illinois professor who wanted to post one of his programs online. The DOJ/White House is claiming that this will make broadband listening too difficult, and that "this type of regulation is an executive branch policy decision involving 'extraordinarily sensitive' info that's too secret to disclose publicly." However, it seems unlikely that the court will change its' mind.
Its nice to know that the judicial branch can put the breaks on specious edicts like this when needed.
Americans should be very cautious of any law that is being challenged without full disclosure.
Use strong crypto.
It's fairly simple. The agents of the government have become used to being able to eavesdrop on the rest of us whenever they want; and they'd hate for anyone to be able to avoid that. Further, they are able to narrow the list of troublemakers by seeing who's using crypto, and if an international strong-crypto standard were to become established and widespread, they'd lose that discrimination.
I was reading about a guy that uses a Algorthim from Finland for his crypto. What makes us think that we (US) have the Crypto technolgy.
just a thought
What are some good email and binary encryption programs (opensource hopefully)?
thanks
The U.S. government acknowledges that the export-crypto policy is ludicrous, however, it clings on to every bit of foot-hold it has because its ultimate goal is to ban cryptography altogether.
Let us not forget Al Capone. The government will get its way by any means at its disposal. Americans live under an "The Ends Justify The Means" tyranny.
In light of the recent NSA naughtiness and the world's realization that we ARE listening in on all their communications, I think any court the DOJ could take this to would be very hostile to restricting crypto in any way, shape or form. It sounds like what Eschelon has done, with crypto restrictons in place, has been just as criminal (if not more so) than what the DOJ would be facing with no regulations in place. I'd suspect anyone saying otherwise of liking the current status quo because it gives their company a temporary advantage over foreign ones.
See the Wash ington Post's news.
What is this "asking to review" stuff? Some sort of back room dealing? Either file an official appeal and get this case to the US Supreme Court or shut the hell up and accept that unrestricted crypto is legal.
extraordinarily sensitive information that's too important to disclose publicly? Well I sure hope it's not encrypted, then other brances of the government might not be able to read it...
IMO, the translation is probably Echelon. The NSA and MI6 are probably worried about how pissed the US and Britain's allies will be when they find *exactly* how compromised their communications are. Possibly worried enough that they aren't sure how allied the allies would remain after discovering the truth.
In 1929 US Secretary of State Henry Stimson ended efforts to break other nations' secret codes on the grounds that, "Gentlemen do not read each others' mail." A pragmatist may mock him, but I think he was on to something -- two somethings, actually.
First, ethical conduct breeds trust, and the value of the trust is usually bigger than the immediate gain from dishonesty. ("Lies are for fools who have not the wit to be honest" -- Ben Franklin.)
Second, the real moral standards of an organization are shaped by its conduct, not by its words. Our leaders are human; if we sanction lying and cheating for the sake of "the national interest," then they will get used to it and think of it it as a normal response to problems. And then they will lie and cheat even when there is no "national interest".
Troll.
Even the FBI director himself has admitted, in writing, that their desire is for *The Public* not to have strong encryption.
Don't they have to go to the US Supreme Court next (where the issue can be let stand [not heard] and allow another appeal, or settled once and for all one way or the other)?
As long as there are people who need to hide info (EVERYBODY) there will be ways to hide it. If the DOJ is successful all we have to do is change how we encrypt. I read an piece a few years ago about hiding information inside of pictures and audio/video clips. If this becomes widespread, the government then must be able to prove any encrypted data is being transmitted all. Since the burden of proof lies with the accuser it would be very difficult to prove that grainy picture of Aunty May I emailed to a friend contains anything but a image data. In theory how much text base data could I hide in a video clip of my nephews school presentation on beavers that I post for download on my web site? Probably alot.
This IS the same FBI that once requested that phone companies switch back to copper from fiber optic, 'coz copper wire is easier to tap undetectably... heh. :-)
It is NOT an organization bent on protecting privacy in any way.
Bottom line: strong crypto is considered munitions and should be protected under the U.S. Constitution's 2nd amendment regarding the right to bear arms. The amendment was created, arguably, to empower the people against being goverened oppressively. I believe the intent was to ensure that the power rested with the people and NOT government. Crypto supports that intent.
You closest of all. What is this back room pressure crap! (When was the judge's personal life last vetted out? Ken Starr, where are you when we really need you.)
... wha peacekeeping?
Is this but a stepping stone to the next "out-of-territory" territory for US-NATO banking enforcement?
First, Iraq becomes a Nato "out-of-territory" exercise for American nashanul security.
Then, the Balkans, also a Nato "out-of-territory" territory for
DOJ's concept of free speach is not free speach. Nato's concept of peacekeeping is not peacekeeping. Both are staking out "out of territory" areas as new territory for national security.
Above all else, protect the banking system. That means, protect the big lie. And doj-irs:fed::nato:imf can't do that if the popular masses can encrypt the truth.
What a mess.
Suppose I encode my data with strong encryption, then encode it again with legal, weak encryption? Then by your argument, the government needs to illegally open the weak outer envelope, to determine whether or not they can legally open the inner envelope....
It's probably just a precautionary move/business as usual. If someone were to get information that the DOJ/NSA/etc. think should be secret, but public opinion - once the public has seen the information - would disagree with, then they would want to be able to legally clam that person up before the public can see the info and rally against the DOJ/NSA/etc.
A significant part of their power is based on secrets. Few human beings can bring themselves to willingly relinquish power, no matter how dear the cost - to themselves, or anyone else - of holding it.
No amount of export controls is going to stop real criminals, drug traffickers, and terrorists from using strong crypto. However, any law-abiding citizen who tries to send in anonymous tips about criminal activity will stand the very real risk of having those communications intercepted by criminals, who most likely will then hunt down and kill the informants... criminals don't obey laws -- that's why they're called criminals!
The worst possible world I can envision is one in which only an elite class has access to strong encryption, which they can use to dominate the masses who must be prevented from right to private communication "in the interest of national security".
Personally, I think I have as much right to listen in on the President's conversations as he has to listen in on mine...
Oligarchy? Proletariat? I don't see what these have to do with our crypto policy. I don't think the lower classes could care less about cryptography, and businesses don't favor the export controls.
This has a lot more to do with the unspoken rule that we individuals belong to the government, and hence we aren't allowed to do anything that gets in the way of our rulers' goals. That's not oligarchy... it's neo-monarchism.
I find it an interesting paradox that the crypto debate really centers on 2 arguments (the 2nd amendment, crypto as munitions, is bullshit made up by the government):
1st amendment - I am free to say anything to anybody.
4th amendment - I am secure from having to disclose anything to anybody.
I know the fascists will tell me that these only apply domestically. Have we given up on exporting our flavor of democracy? The point is that communication is what has made this country free, now we want to deny it to people in other countries. What will make the people in the rest of the world freer: The access to free communications, or the ability of a minority to restrict communications?
In the long run a terrorist or despot like Sudam Husen, will loose every time against someone like Ghandi who is allowed to tell the truth.
Typical... you favor gun restrictions, but your right to cryptography is sacrosanct.
Pick up the clue-phone: gun-control and crypto-control are both aimed at honest people. And on a personal level... if some people can't have rights, then neither should anyone else. Be pro-choice on everything!
When the case was decided, I read that there would be a 45-day waiting period before the ruling went into effect. Well, 45 days have passed, does that mean that it's now officially legal to post crypto source code?
Hmmmm. It'd be REALLY interesting if, say, the First Philanderer attempts to bypass the system by imposing an executive order. This President is not above trying to impose by executive order what he cannot by law, and as a man apparently without shame, he does not value privacy.
Also, the SC could simply refuse to review a case, and thus avoid setting precedent.
Incidentally, re: "despite" -- certain of the Court's more conservative members (Scalia, Rehnquist) aren't "right" in the oft-vilified Christian Right / Moral Majority sense; they're strict constructionists to a degree who have in the past shown disdain for expansive gov't.
I'd classify them roughly as:
Rehnquist, Scalia, Thomas:
Fairly strict constructionists; generally,
they'll defend the Bill of Rights w/o seeking
to expand beyond original intent. For instance,
they opposed a recent decision where the
following sequence is grounds for suing a
district:
1. Girl gets called names by boy.
2. Girl tells administrator/teacher.
3. Boy continues to call names.
4. Girl claims to be "hurt".
Boom, lawsuit -- against the boy AND the school.
This is the scenario that, apparently, Ginsburg
(who, IIRC, wrote the majority opinion) has no
problems with...
I expect that they would oppose encryption
controls if the Gov't argues on the basis that
it must be able to crack all communications.
Souter, O'Connor, Kennedy:
Mixed; depends upon the issue, they're both
somewhat middle-of-the-road. Souter, in
particular, is not known for voicing many
opinions in public. Perhaps a 2-1 split among
them. If at least 2 uphold, then with the
Conservative Triumvirate, that's already
enough.
Ginsburg, Breyer:
Both rather liberal, especially Ginsburg, who
seems to be quite a loose constructionist. Hm,
can you tell my preferences yet?
Damn. I'm missing one.
Stevens:
Not much in my memory 'bout him.
What if this isn't really about crypto at all?
:)
Let's grant that the govt is not totally clueless; that they know that source code for strong is freely available, etc. They are not _all_ idiots. Also, crypto is not as heavily politicized as the war on drugs. No congressman will be affected if he is "soft on crypto". Yes, they drag out the drug dealers and pedophiles as arguments against freely available crypto, but other than those secondary arguments, it doesn't stir up the masses. If this is the case, then why continue seeking a favorable ruling (for suppressing publication of crypto information in electronic format)? On the surface, it just doesn't make sense.
Therefore, it is not inconceivable that the desired end result of a favorable ruling for the DOJ isn't necessarily about crypto, but more on the lines of being legally empowered to prevent the rapid dissemination of some particular information. If a ruling is made that the DOJ is legally empowered to prevent dissemination of crypto information, that ruling could be used as a precedent to (in the future) prevent the dissemination of other "national security" information. Rulings/law made in one domain to be applied to one particular problem have been applied to other areas (I have in mind the RICO statutes, which were directed against organized crime but have since been used in civil proceedings against anti-abortionist/pro-life demonstrators. Whatever your opinion on the subject, I don't think any of them are Don Corleone
/begin paranoia mode/
So, what is the govt really trying to keep secret? Is is something the NSA has figured out, or is it in some other area?
/end paranoia mode/
It seems to me that the entire issue is here is that spooks won't be able to read everyones mail.
[Blink] Uh... [Cough] oh. So that's the problem. You can't read my mail, or intercept my private data. Isn't that the point of encryption in the first place?
If the Feds are able to read anything using "weak" encryption, doesn't it stand to reason that others can as well... at which point, isn't it pointless to use that weak encryption? (Typical packet sniffer aside?)
Reading other mail is a federal offense... What about reading others email? Why do the feds decide that reading information one way is worse than another? both are violations of my freedom..
> This will be bad for the NSA, the CIA, and
> the FBI
Do you think that the government uses weak crypto? Somehow I doubt that... I'd be willing to bet that the CIA uses encryption the NSA and FBI would have problems cracking, etc, etc...
I think they want to read our mail, and not for anyone to read theirs.
Hahahah...
Thanks for the laugh guys...
At the very least, it will all be developed in Europe (as it seems to be in large part, anyway) and still, the whole world will have it.
Eventually, they'll just have to face it: This is one way they won't be able to invade anyone's privacy.
My Freakin Blog
The only example I can think of is the GNU Privacy Guard. It's homepage and repository are based in Germany to avoid US crypto export restrictions.
My Freakin Blog
To give a touch of context here, that prof is Dan J. Bernstein, the ever-popular author of Qmail
Posted by generic kewl tech reference:
taxation and control, I do agree that the last thing the Feds want is all us proles using encryption.
I particularly like how they claim they're not discouraging free speech. "No, say whatever you'd like. We just want the right to be able to read any and all of it. And take notes."
List of things to do:
Download PGP.
Encrypt everything.
Posted by Lord Kano-The Gangster Of Love:
>>Even if the government does ban this, there is no way that they can enforce it. They would be better off not trying to control it at all. They would save money.
You're talking about a government that has wasted BILLIONS of taxpayer dollars to stop people from smoking dope. Dope isn't really my thing, but I like to drink beer. Beer for me, weed for someone else, whatever makes you feel good. It's stupid to waste money on something that can't be stopped.
LK
Posted by Lord Kano-The Gangster Of Love:
>> I'd rather that they be able to do a bit of policing in the computer world than that they be constantly stumped by encoded documents.
Privacy is more important than making the job of the police easier. Digital eavesdropping isn't the ONLY way to get evidence to arrest criminals.
What do you think L-E-Os did before so much communication was electronic? They worked for a living. John Gotti was brought down without reading a single piece of mafia e-mail.
This is about casual snooping. Not criminal investigations. If you're breaking the law there is real world evidence of it. If I'm plotting to murder someone the crime is in the commission of the act(although in somplaces conspiracy is enough to get you busted). If I sell crack to school kids, I have to buy/produce and then sell the stuff. There are ample opportunities for L-E-Os to catch the bad guys without screwing over the rest of us.
LK
Posted by Lord Kano-The Gangster Of Love:
Over the internet you have no reasonable expectation of privacy. The 4th amendment doesn't apply here.
LK
Posted by Lord Kano-The Gangster Of Love:
.sig?
>>I've yet to find a decision on which I agree with Scalia.
See my
LK
Posted by Reitzel:
They don't get it.
That horse is GONE. The days of pervasive government snooping are over. Anyone who wants their communications to be private can have them be private.
Any brain-dead moron that thinks that the goverment (or anyone else) can tie up the use of already pervasive algorithms is ignoring virtual reality and living in Oz.
Posted by Lord Kano-The Gangster Of Love:
NO, you are mistaken. Being that IP packets travel over multiple routers which are often owned by MANY differend groups of people. Any admin along that chain can run a packet sniffer and read anything that passes by.
Why do you think there is https? Why do you think Netscape and IE warn you when you submit forms? Because it's easy for the right person to watch packets go by. You have no expectation that at any given moment someone isn't watching. This is why crypto is important.
If I borrow a little from Phil Zimmerman (ok, borrow a lot) sending e-mail is like sending a postcard. Anyone along the way may read it. If you don't like the way that works, use an envelope. Crypto is that envelope. If you want privacy, ENCRYPT, ENCRYPT, ENCRYPT!
LK
The ITAR laws were designed to prevent the "enemy" from obtaining our crypto algorithms during WWII, etc. That was back when having the algorithm/implementation of a code allowed you to easily break that code.
Then came public-key. ITAR's original intent became useless, but the NSA/CIA/FBI and all their friends decided to use ITAR in a new (and much more ominous context). ITAR wasn't an evil law before public-key made it useless. Now it is.
retrorocket.o not found, launch anyway?
You can export source code in book form, but not in electronic form.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
[Castigation]mQGiBDdhX80RBADms5jreO0TqJabNLw6KkhaS pkTsYvUbZ3itr/acrpOIy4C8Agq[/Cast igation]
--
"L'IT c'est moi!"
Wassenaar "harmonization" threatens to make this true, but currently Finland atleast has very liberal encryption laws and hence is the source of ssh and the host of many open source encryption servers.
--
"L'IT c'est moi!"
You saw Foo. I saw something else. Funny how the human eye can pick patterns out of a field of randomness.
"The only good windmill is a tilted windmill."
subject says it
======== In the future, everything will be artificial. ========
It's not just a police issue, it's a privacy and a commerce issue. I have no objection to the govenment's being stumped by the challenge of reading my mail - my mail is not their business, anyways. It's mine. And if I'm a company, it's realistic to expect that if the government can read it, so can my competitors. That's just unacceptable.
Ultimately, think of data as obeying laws of fluid dynamics. data will naturally flow to where it has the most protections - and if we don't protect it, it'll flow somewhere that does.
Ultimately, the only person empowered to make calls on your privacy should be you.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
I agree with you as far as work email goes - I was "painting with a broad brush" the concept of email itself. But within the context of a company, my email should remain within my company, and not be accessible to government or the outside world without my and/or especially my company's consent.
-- Josh Turiel
"2. Do not eat iPod Shuffle."
If I use encryption, I have a "reasonable expectation of privacy". And I don't need some silly american law to back that up, I have a self-enforcing mathematical law to do that for me. "My" government has made privacy on the internet illegal for me, and the reasons that they have to are "secret" aka private. If I don't get any privacy, they don't either. Citizens are more important than govenment, in the same way that workers are more important than managers. Fuck the laws. I have a constitutional right to privacy, and the fact that I have a newfangled way to do it doesn't make them eligible to take that right away. Crypto laws are a sham, we all know it.
Is stating that a 'Vacuum Cleaner' approach is used, I would interpret that to indicate that electronic communications are being intercepted wholesale without the specific targeting that would be necessary to get a warrant. (The nice thing about such a metaphor is that it gives the impression of conveying information without providing anything concrete that someone could be prosecuted for)Can this be legal in a country with constitutional protection against unreasonable search and seizure?
An interesting consequence is that in the absence of conveniently availability of crypto software, there are several insecure systems ( eg using telnet as the primary login service ) , and no doubt several of these are government systems.
The DOJ's case should be shot down in flames.
I sincerely believe that we must begin a movement whereby every home houses it's own IP addresses and mail/http/etc servers.
The above poster is quite correct when he says that we ought to be aware that when our mail or any other information for that matter is posted via some corporation's servers, we ought to know that we have impliedly waived some of our personal expectations of privacy.
In fact, the courts have reinforced this notion with several of the cases that have eroded our rights under the 4th Amendment right against unreasonable searches and seizures. The courts have held that we have given up some of our privacy by driving cars and keeping our private property in public view (plain sight). (This is a simplifications so all the lawyers out there chill out).
The court will likely rule in a similar way in respect to information privacy. The court will protect privacy only insofar as we as the public at large have sought to take measures to protect our own privacy.
Having our information on public servers, or corporate servers is in a sense forfeiting a certain amount of privacy to expediency.
If we as a society are really serious about privacy we need to start to act on it. Most of us are following the internet revolution via commercial television advertisements. This is unacceptable. We need to become educated about the way that our information is used.
We need to take measures to protect our privacy. This means more than PGP. It means we need to house our own email servers, our own httpd servers, irc etc., etc.
The only thing left open to the public ought to be nameservers. Services like dhis.org, ddns.org, tzo.com, etc. allow home users to house their own servers.
At a minimum people who cannot afford the equipment should look seriously into forming organizations to achieve the same result, i.e., information privacy and active protection and maintenance measures.
Every American can afford a $3-400 pc. We need to teach people that they can use that equipment to run their own servers. They need to know what this means, and what it entails. We must inform the government that we are serious about our privacy and independence as a people. If we fail to do this, we will have failed ourselves. We will have subordinated our personal rights as individuals to the government's interests in control.
'extraordinarily sensitive' info that's too secret to disclose publicly
This argument completely misses the point. There is a difference between information that should be kept secret and the method for keeping it secret.
There can be no doubt that any information deemed truly secret by the government will be protected with strong encryption, (at least), even if we disregard the various procedural and physical protocols that are also used.
It is disingenous to argue that the mere existence of strong encryption (and the free dissemination thereof) is, in and of itself, a threat to security.
What the argument really breaks down to is this:
"We (the government) want to be able to easily read any transmission of information under the auspices of protecting ourselves from terrorists and other criminals, and barring the ability to easily read these missives, we want to be able to hold the use of strong encryption itself as a criminal act, so that we can prosecute anyone who uses it, even if we can't prove that they were otherwise engaged in criminal behaviour".
In other words, they want the existence of a strongly encrypted message to remove the presumption of innocence.
As stated in the article, if everyone used strong encryption, they would lose the ability to use strong encryption as a flag to identify potential targets, not to mention that it would be far more difficult (and resource intensive) to attempt to decode all of those messages. What this means is that the government really does want to read your e-mail and intercept your e-commerce, etc., and the idea that they might not be able to really bothers them, despite all their rhetoric about national security and protection.
The free speech qualities of source code in this venue, at least, are clear. It is contradictory to argue that the source code should be restricted while other methods that could be used (printed word, voice communication) would convey the same information, and are already considered protected speech.
I suspect that if it comes before the Supreme Court (likely), they will uphold the decision of the 9th circuit court.
Nunc Tutus Exitus Computarus.
A constitutional Amendment would not overrule them, provided they do their jobs.
Instead the commander-in-teeth would write up another executive order.
My Suburban burns less gasoline than your Prius.
I'm surprised that with Australia's announcing the Echelon project public that more people just don't get it.
Being that the Echelon project is a multinational project to listen into international communications both voice and data. It makes sense that the US would try to insure that it could listen to as many of the calls possible, thereby protecting itself and its citizens.
We already know that the government can break keys fast enough that crypto with small keys doesn't matter so much. It seems quite obvious that the widespread use of strong cryptography could make the Echelon monitoring almost useless.
I'm fully against the echelon project and attempts to waylay our use of strong cryptography but the possibility of terrorists being active in our country to a much greater extent and coordinating their efforts internationally is rather daunting.
I'm not saying it has or will happen, but the reality that it could is scary.
No, I'm certain the government uses very strong crypto, and I'm equally certain you are correct in saying that they want to read our mail, but not have us reading theirs.
However, the government does not exist in a vacuum. They have to tap the available talent pool. If that pool goes to zero (or becomes very, very small) because the expertise "moves" overseas, then they'll either have to bootstrap their own talent or recruit from abroad. The former means greater effort for equivelent capabilities, the latter has security repercussions of its own. Either way, killing the domestic pool of expertise the way they are doing is harmful, not just to private industry and the open source community, but ultimately to the very government agencies trying to restrict the technology.
The Future of Human Evolution: Autonomy
The encryption export policy of Reagan, Bush, Clinton, et. al. is one of the most disturbingly short-sighted and dangerous policies politicians have come up with in a very long time. I'll leave the free speach implications to others -- they have been discussed in great detail already.
The economic disadvantages of such a policy are also widely known and acknowledged, even by proponents of the policy. Foreign vendors (in particular European vendors whos governments have much more liberal cryptographic polices) can offer their customers unencumbered, strong, reliable encryption today. No American company can compete internationally. With more and more firms becoming international in scope, the marketplace for strong American encryption grows smaller, which means American presence in the industry growing smaller and weaker as time goes by. What does this mean? If you're a cryptographer, go to work for the government, or, ultimately, go work abraod. Since we can be sure that the percentage of people chosing to work for Uncle Sam will be less than 100%, this means a net brain drain on the United States.
But, there is an even more distressing trend which some would argue has already begun to develop. The impetus to develop new cryptographic algorithms, whether it be money via a commercial product, widespread recognition via an open source product, or even simple political idealism, has been largely destroyed in the United States by these restrictions. While the NSA may get some short term benefit from this, medium term the consequences are clear: more and more expertise will migrate abroad, not just in terms of the "brain drain" described above, but simply because less and less Americans have interest in working on something with such draconian governmental fetters attached to it, and such high personal risk in terms of legal and financial consequences. More and more breakthroughs will be made abroad rather than here, and the number of cryptographic experts abroad will continue to increase while in the United States the number will probably go down.
The only question is how long this scenerio will take to play out. Weeks? Unlikely. Years? Quite possibly. Within two or three decades? Almost certainly.
This will be bad for the NSA, the CIA, and the FBI, and can only grow worse over time as America falls further and further behind other nations in this critical technology. In the end, it will be the entire United States that will be playing catch up to the rest of the world. Not just private industry or private programmers, but the entire U.S. Government as well, including the NSA, CIA, and FBI, not to mention the various military branches which also have more than a passing interest in tapping dometic cryptographic expertise. These export restrictions promise to have a very profound long term impact on our national security, but not in the sense the various Executive offices would have us believe.
The Future of Human Evolution: Autonomy
The old "if you knew what we knew you'd want what we want, but we can't tell you what we know so you'll just have to trust us."
Yeah, sure.
I'm no expert on this, but I've read that this kind of policy has already had an effect on the firearms industry. According to what I read, the M-60 machine gun used by the armed forces is relatively problematic because of the lack of competition/vendors in this country due to the ridiculous number of regulations.
A free country? Not really...
Slashdot: Liberal News for Nerds. Liberal Stuff that Matters.
The NSA supplies crypto products to the US Govt. agencies.
Sometimes the relationship is hard to follow (big surprise!). For instance, the manufaturer of the crypto boxes (3-DES) that the FBI is using in their new CJIS-WAN has a CEO who just happens to be a former NSA Lead Cryptographer.
What a coincidence!
"...they may harpoon us, but they ain't gonna pick us up on no radar screen!"
There is no such thing as not posing a "real and substantial threat" to our freedom of speech. Any law or court ruling that in any way compromises freedom of speech, however small the compromise is one step closer to the loss of our constitutional rights. Our constitutional rights are slowly being eroded away, to let any of our constitutional rights be compromised in any way is highly dangerous. The founders of our country entrusted us with the responsibility to monitor and control our government that it would be "of the people, for the people." We must preserve our rights and fight any government action that defies them, we must never let the government control us, we as a people must control it. Just voting doesn't fulfill that responsibility, after all, with the electoral college the majority vote does not mean a thing.
"Trouble is, just because it's obvious doesn't mean it's true"
"Trouble is, just because it's obvious doesn't mean it's true"
--Terry Pratchett
It's not a matter of what's good, it's a matter of greed and insecurity on the behalf of the gov't. They know information is important to the advancement of careers, lives, human intelligence, and if they can corner the market on it, they can control it. Anything I've ever seen the Gov't. do is always a matter of control, from speed limits to J-Walking. It's a matter of perspective and the gov't insists it is always right. Bear in mind that there are people in the gov't who actually think crypto is not just a bad thing, it is wrong. This is the root of most of our troubles in this country. Our officials should not be deciding what is bad and good, moral/imoral, but rather if it is important enough to the people that it is worth defending because the People demand it is right.
Politicians, lawyers, and policemen, they are not in it for the 'other' they are doing it for 'self'. I know of no lawyer or politician, in our day and age, who has actually made a real sacrifice defending what the PEOPLE believe is right, as a whole. I'm not talking about kids killing each other in school, or gun control, or anything like that. Those issues are spikes in the graph of human development and which must be explained, tolerated, and ultimately fixed. Lest not we forget those who came before us and fought against the very gov't we are under today. Crypto is an issue that should be a simple RIGHT of the people because the people, you and I...all of us... decide it should be so. This simple fact makes a simple decision into an issue that inflames people, distorts the truth, and causes us not to think as clearly as we should about something that should be our right. The right to protect one's self from prying eyes, no matter WHO's eyes they are. The gov't has no more the right to read a written letter in a sealed envelope as does my next door neighbor. Thus is the way crypto should be treated, like an electronic envelope to keep prying eyes from invading our privacy. I'll get off my soapbox now, but I hope you all do read this and take it to heart. I'm sure some of my words will be misconstrued and if I said something in a not so good way, I apologize. But these things I speak of seem pretty simple to me. Thankyou
JaqBot
The gov't has no more the right to read a written letter in a sealed envelope as does my next door neighbor. >Actually, yes, they do. Letters from husbands >to mistresses have been drudged up througout the history of Civil Court Proceedings. Keep in mind, these letters were not simply intercepted while going through the mail, unless previous proof existed saying there was reason to believe these actions might be going on. That I can understand. The gov't has a habit of not telling people what it's doing. This is where my statement stems from. --JaqBot
Why not encrypt everything and have the courts issue warrants for keys when it is deemed necessary? Actually I quite agree. At least it would stop the argument, or make it not as arguable :) JaqBot
what i want to know is this: if i were to implement a prog in the US, and then fly to europe and reimplement the same prog there, and then have 2 different distribution points for the same software, where is the US govt. going to make out w/ these laws? we have to be missing somthing, cause its obvious to everyone but the Govt that this issue is moot anyhow. crypto is all in The Math, which is not bound by export to my knowledge, the implementation is irrelevant for the most part. my guess is that a US citizen can email a algorithim to a collegue in another country for peer review without getting his/ her door busted in by feds. thats all it takes, then The Secret is out. ~Darkfell
Dispite all the arguments, it seems that this is such a big issue that it should be heard by the Supreme Court. That is how the system is supposed to work, right?
Andrew
The DOJ can't have anything to say about court decisions. DOJ is executive branch; circuit court is judicial. There's a reason we've got checks and balances built into the system, folks -- it's so that one branch can't do something like that.
Pretend there is some witty statement here.
Doesn't it seem strange that the US Government is trying really hard to protect a law that says, in effect, that US software developers are not allowed to compete with international developers in making products that use strong encryption?
This law doesn't protect American interests. It just makes international customers reluctant to buy American software.
That's "Mr. Soulless Automaton" to you, Bub.
The applicable rules are quoted below in pertinent part:
Without going off on a rant, this is wildly untrue. Scalia and Thomas in particular are adamantly opposed to rights to abortion or sexual privacy, and have been -- at best -- inconsistent on questions of free speech and court supervision of police conduct. If these are the friends of civil liberties, I'd hate to see the enemies.
I'd classify them roughly as:
Rehnquist, Scalia, Thomas: Fairly strict constructionists; generally, they'll defend the Bill of Rights w/o seeking to expand beyond original intent. For instance, they opposed a recent decision where the following sequence is grounds for suing a district:
1. Girl gets called names by boy.
2. Girl tells administrator/teacher.
3. Boy continues to call names.
4. Girl claims to be "hurt".
Boom, lawsuit -- against the boy AND the school.
That's the conduct a majority found to be "so severe, pervasive, and objectively offensive that it effectively bars the victim's access to an educational opportunity or benefit" in violation of federal law. Disagree with their conclusion if you want, but get the facts straight.This is the scenario that, apparently, Ginsburg (who, IIRC, wrote the majority opinion) has no problems with...
In the interests of intellectual honesty, the reader should know that this is a wild mistatement of the facts of this case, erroneous right down to the identity of the author of the majority opinion (Reagan's nominee, O'Connor). Here's O'Connor's description of the salient allegations in the case:
"Couldn't decrypt it? Hmmm...what's your Genesis translation? I encrypted it with the King James version...your New International version would never be able to read it..."
--The basis of all love is respect
DOJ and other spooks are worried that encryption will prevent them from monitoring the activity of the terrorists, child pornographers, drug dealers, and other meanaces to society. The simple fact of the matter is, encryption is rarely used in these circumstances. Encryption is used primarily where it is needed, to keep something safe from prying eyes for such a time that by the time the encryption was decoded, the information would no longer be of any value.
Credit card numbers are an important example. It has been proven that 56 bit DES can be cracked in a day, with sufficient computing power. Retrieving an encrypted credit card number off the internet and decoding it a day later would result in a good number. If it took 20 years to decrypt the same number, it would no longer be of any use to the cracker.
People need to know that if they put their credit card number out on the internet, the only entity that will be able to decode it within a significant amount of time will be whoever the credit card number was specifically destined for, in this case, the merchant.
Now we have the government's argument that the loss of a few million/billion/etc worth in credit card numbers is insignificant compared to the child pornographer that they are unable to catch any other way. However, this only goes to display their incompetance.
There is a lot of evidence relating to pornography. Photographs need to be taken, then scanned. At this point, they are in an insecure format. There is at least 2 witnesses to this act. Data at this point could be encrypted while it is being stored and transfered, and original negatives and photographs could be destroyed, leaving no permanant evidence.
However, unless the pornographer is doing this for his own amusement and has no financial interest, there will at least be someone on the other end of the line who will want to see these pictures in a decoded format, as encrypted photographs of any type are not too exciting. And while this individual may also be storing all his information in an encrypted format, he at some point in time needs to decrypt the data to view it.
The government wants to rely on automated computer systems to discover, locate, and trace this data while it is in transit. This takes the job off of them and allows them to spend more time on whatever it is they want to do. The system would now be prepared to simply monitor everything and flag anything suspicious. Obviously, this isn't what they publicly are stating their intentions are, but don't be surprised if 20 years from now, they consider this to be important.
The fact is, there are other ways to obtain evidence beyond the easy decryption of data. For some time now the technology has existed to view the monitor and "listen" to the keyboard with such clarity that you would be able to know which key was being pressed simply by the sound. This technology has existed for decades now, and if someone is suspected of trafficing in pornography, and the warrants are obtained for survaillence, this technology can easily be put to use. You wouldn't NEED easy decryption as you could simply pick up the passwords as they're typed in. Granted, this might be an expensive solution, but that's not really our problem.
Terrorists and drug dealers can be delt with in the same way. Drug dealers who take their job seriously have long since discovered the police scanner, and the police realize this. Law enforcement has long since had the ability to scramble or encrypt their transmissions, and many police departments do, but in big cities, its quite likely that any radio shack scanner will pick up those transmissions. And if the police are coordinating a raid over the scanners and drug dealers get a 5 minute warning because of it, it could easily botch the entire operation.
Which is why the police don't USE their scanners during raids. They use their MDT units in their cars to communicate so nobody gets tipped off early.
It seems to me, that if law enforcement is going to be tracking criminals, they are unlikely to discover the criminal activity through encrypted messages anyways. After all, if they're not allowed to decode them without warrants anyways, how will they even know about the criminal activity unless they get information from some other source. And once they have appropriate survaillence set up, monitoring encrypted data will be unlikely to make or break the case.
-Restil
Play with my webcams and lights here
You refer to "your mail" in your comment. Most companies allow you to write a little personal mail on their time, but in the end it is their computer you are working on and their resources used to send the mail. If it stored on their computer they have a right to read it. I could care less what the majority of people think about privacy at work, it boild down to security for the company that employs you. Corporate espionage is big business these days, and the corporations need some guarantee that what you are sendig is not their classified information. When you are at work you have no privacy rights on the company's equipment, and that is the way it is. Human nature is in general bad, therefore companies police their employees, this is the way ii has to be. It does not matter what your personal morals are in the least, what matters is the companies right to protect themselves, if you want to write e-mail that yor company has no right to read, write at home, on your own time.
When will the Gov. understand good crypto is easy and most countries now/can have it?
Grrrr.... idiots!
It's a thankless job, but I've got a lot of Karma to burn off
Actually I think it's legal to export a _book_ detailing encryption methods, just not something that will actually do it. I could be wrong...
Now if only the Supreme Court knew of slashdot.
The ship sank. Get over it. (This sig was cut out from another's shirt and painstakingly hand-posted)
Anybody got the schmooze juice to pull it off?
The ship sank. Get over it. (This sig was cut out from another's shirt and painstakingly hand-posted)
"I would trade my right to loiter in the company of a gang member for the liberation of my neighborhood in an instant." Justice Scalia, dissenting in City of Chicago vs. Morales
I've yet to find a decision on which I agree with Scalia.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Thank you. With all this talk about encryption, I'm surprised there hasn't been more talk of other ways to hide information. I would be honestly surprised if the evil geniuses that the NSA etc. are nominally after would be deterred by any of this. There are too many other ways to hide data within data to make me think that this is anything other than laziness in the US sigint community.
The assumption of all of this is that the "encryption" lies in the source code. What if we were to write a programming language that interpreted the biblical (note lower case ;-) book of genesis as a usable RSA algorithm implementation? Would it be illegal to export the book of genesis then? It all comes down to the gov't restricting speech.
schlouse
I'm sorry, but that's a very foolish attitude. Even if our current government is, er, "trustable", we cannot guarantee that future governments will be. Nor can we guarantee that individuals within the government will never abuse their power.
Keep in mind that many of the worst tyrants of the 20th century began as elected officials. Milosivec, Mussolini(?), Hitler. Do you really believe that such a thing can never happen in America? The same America that was founded on the principal of a weak government, but who's government has been steadily accruing power ever since?
The only way to prevent tyranny is to limit the power of the government. And the best way to limit the government's power is to prevent it from finding out what we're doing in the first place.
--
Clear, Dark Skies
Why would it be developed in Europe? I thought many European countries have much more restrictive policies than the USA.
--
Clear, Dark Skies
First, being "adamantly opposed to abortion" doesn't make anyone an enemy of civil liberties. We are a nation of civilized people (or, at least, we claim to be), and civilized people can disagree on controversial topics.
Years ago, we had a Supreme Court Justice who was a member of the Ku Klux Klan. This Justice (can't remember his name, unfortunately) turned out to be a rabid and zealous defender of First Amendment freedoms, one of the loudest voices in defense of the First Amendment that the Court has ever possessed. Being on the wrong side of the prevailing political climate has nothing to do, whatsoever, with whether someone is a suitable defender of the liberties of the people.
I know Scalia and Thomas (met them briefly a couple of years ago), and have listened to Scalia's opinions both from the bench and from when he's addressed college students. I think both of them would disagree (emphatically, in Thomas' case) that they are "anti-sexual privacy". I think both of them would like nothing more than for Congress to pass laws elaborating on the privacy rights of the American people. It's accepted without question that these privacy rights exist, but Congress has done painfully little to give the courts guidance in these matters.
Unfortunately, the current law of the land -- the Fourth Amendment -- says nothing, absolutely nothing about sexual privacy; only that people have the right to privacy in their persons, papers and effects. Moreover, the Fourth Amendment only applies to the government -- the Federal Government in particular. (The Fourteenth Amendment forces state governments to adhere to the Fourth Amendment as well.)
Scalia and Thomas are very conservative, strictly constructionist justices. They read the law and apply the law, only the law, nothing but the law, while reading as little into it as possible.
There are still plenty of ways for them to proceed against legitimate targets. They can plant bugs to intercept communications outside the crypto envelope (i.e. before encryption going out and after decryption coming in) or to discover the target's passphrase. They can use van Eck monitoring to read the target's communications outside the crypto envelope from a distance. They can plant a Trojan Horse in the target's computer so that they'll have exactly the kind of "back door" they want -- but only for that target, not for everybody.
I can only think of two disadvantages to these approaches, from the Fed point of view:
1. It's more work than using a built-in back door.
2. It doesn't scale. Using these technlogies, the Feds can only monitor a relatively small number (on the order of a few thousand, given their current resources) of specific targets. Attempting to use these technologies against the population generally is prohibitively expensive, and makes it nearly certain that the Feds will be caught red-handed breaking the law.
As I said, these are the disadvantages from the Feds' POV. As far as I'm concerned, the former is irrelevant (if you want to sit in an air-conditioned office all day, maybe police work just isn't for you) and the latter is a positive benefit.
/.
/. If the government wants us to respect the law, it should set a better example.
I believe it protects the "right to bear arms" - not the right to a fire-arm. At the time the BofR was written, normal citizen could and did own some pretty high-power arms - everything from hand guns, up to and including cannon, mines, etc.
So, yes - I would have to say I should be allowed to own an ICBM or a ton of C-4 if I want. The crime shouldn't be in the owning of said arms, but in the use of (ie, owning C-4 would be legal, using it to blow someone's house up would, however, be against the law)...
Reason is the Path to God - Anon
Even if the government does ban this, there is no way that they can enforce it. They would be better off not trying to control it at all. They would save money.
/.. Please excuse any of the more obvious incongruities. Thank you.
You claim Amirica is a Democracy? It appears, to me, anyway, to be more of an oligachary. It would deny crucial information to the population with the excuse of "The proletariat could never understand, it's too 'secret'". Bah.
This is my first post on
If you think about it probably the best thing that can happen for us is to have the DOJ appeal the decision and lose in the Supreme Court. The only way to overrule the Court is to make a Constitutional ammendment.
The article quotes someone as saying that the worst case for the DOJ is to appeal and lose.
The Supreme Court in the past has been very strict on free speech issues. despite decades of being packed with conservatives by the republicans the Court has been unfailingly ruthless in upholding freedom of speech.
Just look at flag burning as an example. Most of the American public is behind an anti-flag burning law. but the Court has struck it down twice and Congress has tried and failed to make an Ammendment to overrule the Court.
So I say that we encourage the DOJ to appeal to the Supreme Court. They'll lose again and then there will be no further recourse for them.
"Understanding is a three-edged sword"--Kosh
They got some good stuff on the case over at the EFF for anyone who's interested.
extraordinarily sensitive information that's too important to disclose publicly? Well I sure hope it's not encrypted, then other brances of the government might not be able to read it...
When you look at it though, how is source code really different from speech? How is making the code availible different than speaking with a fellow programmer from a foreign country and discussing an algorithm, which they may even implement. If export of source code were to be illegal, and crypto to be truly blocked, the free exchange of ideas would also have to be blocked. Of course, that is also assuming that the United states is the only nation with programmers sophisticated enough to even dream of crypto, which is patently false. Oh, well, chalk one up for opponents of the US information economy.
>Most companies allow you to write a little >personal mail on their time, but in the end it >is their computer you are working on and their >resources used to send the mail. If it stored on >their computer they have a right to read it.
;)
At least in the Netherlands this is not true. If an employer wants to read an employees mail, it has to be announced in the contract, signed by the employee. ofcourse..I don't receive any of my mail at work, and store it all on external accounts. Guess I'm just paranoid
No one can understand the truth until he drinks of coffee's frothy goodness.
--Sheikh Abd-Al-Kadir, 1587
Very thorny issue, cryptology. I would have to agree with the DOJ on this one, though. I trust the government to make a few calls on personal privacy. I'd rather that they be able to do a bit of policing in the computer world than that they be constantly stumped by encoded documents. First post?
Wah!
The basic issue that they are deciding on is that source code is protected by free speech. That is a really important win for privacy advocates as well as the free source folks.
I think that another reasonable defense is that using crypto is just protecting your right not to testify against yourself and that the government demanding backdoors in crypto algorithms is an unreasonable search.
Personally, if the government wants to protect me from criminals, I'd much rather have them restrict access to guns than encryption. Encryption doesn't kill or hurt anyone. *Smile*
While I am wishing away, I hope that the EU forces the US to accept their better personal information laws. Currently, we have almost no protections against anyone selling information that they collect for legitimate purposes. I find the reports of government agencies selling income information to be horrid.