Slashdot Mirror
Encryption Exports: Small Step Forward, Big Step Back
Kathleen Ellis, editor of the Privacy News Portal, attended yesterday's press briefing about a proposed loosening of export restrictions, and wrote the following feature article about the current situation. Click below for more.
Actually, let me hit you with a few links before you get started:
- EPIC's page on the proposed Cyberspace Electronic Security Act
- Proposed text of the bill
- White House analysis of the bill - really an executive summary
- Wired coverage, by Declan McCullagh
- Update: Press statements, including briefing transcript
Encryption Exports: Small Step Forward, Big Step Back
by Kathleen Ellis
September 17, 1999
Prominent U.S. Government representatives yesterday announced at a White House press briefing that the President was proposing legislation on encryption policy, and that the Department of Commerce was revising its export restrictions on some encryption products. Last year, Vice President Al Gore vowed to further loosen restrictions and propose a solution to the encryption issue, which has been the subject of contentious debate for the past decade.
The legislation, known as the Cyberspace Electronic Security Act of 1999 (CESA), has been transmitted to Congress by President Clinton. The bill purports to strike a "compromise" between the needs of law enforcement for access to data and the needs of Internet users to secure and their e-mail, web transactions, and stored data from hackers or thieves. According to the text of the bill, "society's increasing reliance on information systems in this new environment exposes U.S. citizens, institutions, and their information to unprecedented risks." Despite this acknowledgement, the bill clearly gives consideration to the needs of law enforcement and intelligence agencies first; "The failure to provide law enforcement with the necessary ability to obtain the plaintext version of the evidence makes existing authorities useless."
One of the major provisions of CESA is to allocate $80 million dollars for an FBI "Technical Support Center", which would provide assistance to federal, state, and local law enforcement officials. The bill also reinforces the confidentiality of law enforcement intelligence techniques used to gather information about suspected criminals. "The Department of Justice has developed this legislation with the assistance of agencies in government," said Attorney General Janet Reno. "Law enforcement has tools at its disposal to fight crime, but those tools are rendered useless when encryption gets involved". Reno said that CESA "balances the needs of privacy and public safety".
Perhaps most the most noteworthy provision of the bill is the resurrection of key escrow, a solution long considered insufficient, insecure and obsolete by experts. Key escrow is a technology that entails entrusting one's private keys with a trusted third party, so that theoretically, a law enforcement official would be able to present that third party with a warrant in order to gain access to the plaintext of the encrypted data. Although the bill does not require domestic users to utilize an escrowed cryptosystem, the bill provides a legal framework to protect users from disclosure of their decryption keys by their trusted third party without a court order. The bill also proposes to implement strict guidelines outlining the circumstances under which a law enforcement agent may be granted access to a decryption key held by the third party.
This mention of key escrow worries privacy activists, who have heard the use of such language by the administration before. "This raises the specter of collusion between law enforcement and industry to build back door access into encryption products," says David Sobel, General Counsel for the Electronic Privacy Information Center. According to EPIC's statement, the bill will eventually "provide a legal framework for access to decryption keys," a prospect which worries many activists and internet users alike.
Sobel would rather see the Security and Freedom through Encryption Act determine the U.S. Government's encryption policy. Authored by congressman Bob Goodlatte, SAFE would essentially force the government to reverse its stance on the encryption issue. Unfortunately, passage of the SAFE Act now seems unlikely, in light of Deputy Secretary of Defense John Hamre's remark during the briefing that if the SAFE Act passes the House and Senate, "the Department of Defense will ask the President to veto it".
Also announced at the press conference were revisions to the Department of Commerce's encryption export policy. According to a report released at the briefing, the export requirements will be revised to allow software exports of products of any key length, after the product is first submitted for review by the Commerce Department, and as long as the manufacturer of the product meets strict guidelines for post-export reporting of any user or distributor who obtains the software directly from the licensee. Secretary of Commerce William Daley announced that that the Bureau of Export Administration would streamline the revision and reporting process, but was unclear about specific changes to the current procedure.
Two prominent industry groups are very enthusiastic about this proposal. "Today's decision articulates a policy that is good for America, good for our nation's high-tech industry, and good for the tens of millions of Americans who use computers and want them to be secure" says a press release from Americans for Computer Privacy, a group that has lobbied for legislative reform and is funded primarily by technology companies. In a statement published by the Computer Systems Policy Project, Sun Microsystems President and CEO Scott McNealy (who made headlines on Slashdot for his remarks telling reporters that the privacy issue was a "red herring" and that "you have zero privacy anyway...get over it") said "we applaud the Administration's recognition that the universal use of strong encryption will promote the benefits of a networked world while protecting Americans' privacy, safety and security,". CSPP is comprised of eleven CEOs from major Information Technology companies, such as IBM, Dell, and Intel.
James Steinberg, Deputy Assistant for National Security Affairs, opened the briefing by praising both groups for thier assistance in authoring the proposal, so it's no surprise that they're eager to ingratiate themselves to the Clinton Administration, while at the same time self-importantly emphasizing their effectiveness by declaring a victory. EPIC's David Sobel says "it appears that the FBI and large computer companies have reached an agreement on encryption, but that is not necessarily in the interest of the average computer user." Any compromise reached by these two groups could result in "less security than advertised, with hidden vulnerabilities the government can exploit".
Secretary Daley was repeatedly asked during the briefing what purpose the one-time review served, and under what circumstances an export license exception would be granted or denied; no clear answer was given. The U.S. Government may wish to allow exports only of flawed or escrowed encryption products using encryption above a certain key length, but have given up on explicitly pursuing that as a goal. Large software companies, the kind represented by ACP and CSPP, have lost a lot of business because of the export restrictions, and with each year that passes they may become less likely to object to making a few changes to their crypto modules in order to finally gain access to the foreign market.
In some ways, this proposal is good for the companies who have existed for so long without the ability to export their stronger security products at all until now, but for the rest of us, the proposal is neutral at best and abysmal at worst. As larger, wealthier proponents of crypto liberalization get what they want and contentedly back out of the debate on this issue (as American banks did when they were granted license exception to export security software to their overseas offices), further positive alterations to export policy start to seem less and less likely to happen. This is bad for American cryptographers who wish to discuss their work with their colleagues on the Internet. It's even worse for users, who may end up using insecure products without knowing it.
It's unclear what will happen at this point. The current congressional climate suggests that CESA will not pass without a significant push from the Clinton Administration. Even if the bill is defeated, however, Internet users around the world should continue to be cautious about purchasing commercial encryption products that originate inside the U.S.; you never know what may be lurking within.
Note the Bill of rights allows law enforcement in after serving you with a warrent that due process was performed and there is cause to search. Wire tap laws specifically are excepted from this by later legislation. Many interpretations of wiretap law show this is unconstitutional. Also this exception was allowed because of the ephemeral nature of phone calls. This is not the case for data and so the exceptions should not be allowed. Normal search and seizure rules should apply. Not this review the data, now I have some evidence lets convince a judge now method. -Duncan
It is not meant to be used against criminals. Anyone who is serious about security can get it if they really want to. It's really only effective against naive/ignorant people. The true use for restricting export of strong encryption is for industrial espionage trough the ECHELON network. (Lots of links: http://civilliberty.about.com/msubpech.htm Of special interest is the European Union report 'An Appraisal of Technologies for Political Control') Either that or the US is after 'law-abiding' criminals abroad, who won't use pirated software. -It's the EXPORT of strong encryption that's restricted! As for the 'Life outside US'- thread above, -about if the US is a democracy or not, a democracy is supposed to be run by the people, right? The US is run through lobbying. And also, the list of democracies overthrown by the US for financial gain, is rather extensive..
Trouble with gasoline fires is they're not reversible... strong encryption most likely cannot be broken even by the NSA, in any amount of time, no matter how many computers they throw at it, unless they've made some fundamental breakthrough like quantum computers. They might hack around it if the software is not written or used correctly.
The US government does not operate as a business. Losing market- and mind-share is completely meaningless. They have the power to control imports and exports, so if it suits them they can prevent the import of crypography in the same manner they control the export. The US population is largely made up of sheep-like followers and drone-like automatons so there will not be much of a fuss.
Fuck it. Who pays attention to laws anyway? And isn't strong foreign crypto readily available anyway? I mean the governments actions are total bullshit here, but it's like outlawing pot. Is it really so hard to get pot, anyway? It would be nice if such things (pot, crypto) were legal. But it's not a violation of your rights just to declare that you don't have them. The government isn't preventing anybody from doing anything.
The whole government argument is moot. It is relatively trivial to create a solid encryption scheme, just grab a DES text book, copy the code and make some custom changes to the encryptor. The thing that is funny is that the criminals are already criminals. If I was a criminal, I would just use my own encryption scheme. The only people that will use anything the govenment proposes will be the innocent people and so the only thing that results from this whole mess is that innocent / law abiding people have their security reduced while the criminals just purposefully design custom encryption.
With the repeated demonstrations by the U.S. Government that they don't understand crypto, ...
You don't get it. The government understands crypto perfectly. They know precisely what they are doing. They want to read any message you send, at any time, and they don't care if you want privacy or not. The interests of the individual American citizen are of no concern to them.
When it comes to the government (ANY government), never attribute to stupidity what is adequately explained by malice.
Damn straight. That is why they called it "the equalizer" round these parts for years, because it allowed a 97 pound woman to kill a 200 pound man and a fast man to kill six. You are right for not letting that go -- I never do either. If you repeat fallacies often enough, people will believe them.
Let's see: a completely innocent person is at home when the police arrive and seize his/her computer. (Why did the cops pick them? who knows... anonymous phone call, personal dispute with some other police officer, need on the part of the local prosecuter to get his/her name in the paper...) They take the computer back to Cop HQ, and load child porn onto the hard drive. Oh, they've also taken *everything* computer related -- including any backup tapes.
Innocent person is in court, as the cops display to the jury those nasty pictures that they "found" on the hard drive. Can the innocent person prove they weren't there before the cops showed up? Could YOU prove YOU weren't guilty? If you were on the jury, and a person said they were being framed by the cops in this way, would you believe them, or the cops?
If you think this isn't already happening, you're wrong.
Actually, the idea that a corporation is an "individual" is a legal fiction. It would be better if corporations had NO rights whatsoever. Corporations are collections of individuals -- the individuals have rights, the collection does not have any rights as a separate entity.
Corporations started as a way for investors to pool their resources while limiting their individual risk. And, money-wise, it's a great thing. However, the executives of the corporations have hidden behind the legal fiction of "I didn't do it, the corporation did". This is what needs to be removed... the individuals who make decisions would be responsible for those decisions under the law.
You're not dense, just looking at it from the wrong angle.
There are a great many people in the US today who are actively afraid of the government. This is a situation that many in the government find very useful... a scared population is a quiet population, and easier to rule.
One reason a lot of people are scared is that the ability of the feds to: read your mail, listen on your phone, tail you, etc. Now, if the population at large KNEW that there were means of communication that the government could not, in any way, tap into, then they'd feel safer. People who feel safe tend to be more demanding about what they want (because they don't think the risk of losing what they have is as great). Having a population who demands that government dance to the tune of the people (instead of the other way around, like it is now), is not desirable for many currently in government.
They're not so worried about terrorists and hackers -- both groups are already out of their control. They just don't want your Aunt Marge to feel safe talking about those poor burned children at Waco over the phone to her neighbors... because then more people might realize that a lot of other people are as fed up as they themselves are. That might lead to the people taking back their own lives... and many in the government really don't want that, since they like having power.
It's all about power, not crypto. (Sorry about the run-on sentences... it's a bad habit.)
So you advocate random violence for the cause of justice? Hmmm... I'd say, if it DID come out that the Littleton killers killed for crypto (a ridiculous scenario), crypto advocates would get such bad press and there would be a major witch-hunt. Few things worse could happen for liberty in America.
Like many, many, many things that Reno and Clinton have proposed, it is illegal. Remember, this is from an AG that is famous for having more cases than any other prosecutor in Florida reversed in higher court (including some nasty ones where people were sent to prison as child molesters on the basis of testimony from three year old children)(how would you like to be a convicted child molester in a Florida prison?) and from a president who decided that perjury was OK if it was a "personal" issue (despite the fact that perjury strikes at the heart of the entire rule of law). They don't care that it obviously won't work, any more than they care that they submitted an omnibus antiterrorism bill the same week that the president freed convicted terrorists to help his wife get elected. They don't care because they are all very bad people. At this point, this shouldn't even merit discussion.
I never thought that we would have a president worse than Bush. How silly of me.
I said strong encryption--like a minimum 1024 bit public key. I know about distributed.net, and I don't care how many people participate, that's too big to crack. Go to 2048 if you want to be paranoid, you can hook up every computer in the world for a million years and not crack it. Go to 3000, and you can use so many computers they soak up the entire energy output of the sun, and still not crack it. Barring fundamental breakthroughs, which includes breakthroughs in mathematics or cryptography. But it would have to be a pretty dramatic breakthrough, and brute force with seriously strong (ie not exportable) encryption is absolutely hopeless.
Encryption is now regulated under the Dept. of Commerce. Simplyfing things a bit, the DOC can regulate the exporting of any item from the US. Clinton moved encryption from the DOD to the DOC in a weak attempt to avoid a Federal Judge's ruling in Bernstein v. US, which said the DOD restrictions on encryption were unconstitutional. Check out last District Ct. opinion (Bernstein III) or the 9th Cir. appeals ct. decision for a nice explanation. So it's no longer considered a munition, and it would be very difficult to argue it should be to a judge. Also, the courts have ruled that you don't have a right to bear just any munition - no constitutional right to Bradly fighting tank in your backyard. In summary, the second amendment argument just really isn't there.
If the government ever came after me for any shit this stupid I'd fight back to the death of me. Anyone who doesn't is a fool. If your life is on the line then don't just give up and let them kill you, die with at least the dignity that you put up a fight and took some of them out as well. Maybe if more people did this with all the unjust shit going around it'd abruptly end. What if it came out that the two kids in Littleton killed because of the crypto export regulations? I'd bet we'd have a pissed off population since they'd have something to actively blame.
Of course I'm not advocating violence just blowing some steam. The government needs to fuck off and get out of peoples lives so damned much. Peace cannot exist when there is a continuous threat. Doesn't matter if it's foreign or domestic.
This only works if you limit the size of the keys. A 128-bit symmetric or 1024-bit RSA cannot be bruteforced even if every computer in the world does nothing else for years.
I was wondering that too. But what if they did this: "This guy has PGP on his drive. We have discovered that we can decrypt his files using his copy of PGP, or any copy that you provide, if we put in this key. We won't tell you how we found this key, but we can show you that it works."
Since they don't have to show the courts how they decrypted stuff, they can make things up.
"Yes, your honor, we had to burn down their compound with incendiary tear gas grenades. You see, this file, which looks like an mp3 on the outside, was really an encrypted message which said _fill in the blank_. Trust us."
What about the fifth-amendment right not to incriminate myself? "What is your passphrase!" "I take the fifth...."
'nuff said.
Yea, if Australia is so great then why do you have censorship.
Most Versions of PGP are already crackable by the US Government. In the early versions the RSA keys are weak. In the latter versions the DH keys are selected from a very limited set.
This would be viewed as "providing technical assistance", which is just as profoundly illegal here in the Land of Freeh.
The US government knows perfectly well strong crypto is being invented and developed in free countries, but since most of the largest software publishers are based in the US, banning exports has the useful side-effect of drastically impeding widespread adoption of useful (strong) crypto. In other words, everyone else has an excellent opportunity to write software our giants literally can't compete with and perhaps even make them irrelevant, so get on with it already. :-)
The problem is if the Government finds a file full of random bits, or something which doesn't make sense to them and claims it is an encrypted file.
/dev/urandom? :).
/dev/urandom :).
Then what do you do when you are asked to decrypt it? I mean anyone have the key to
Joe Public could be in deep trouble when that happens.
Of course us smart asses could always claim it is a one time pad, and produce the key (another bunch of bits) which when xor-ed together produce a "plausibly safe excuse".
Create two Scramdisk drives. One full of the secret stuff. One full of decoy stuff. Then XOR the two, and keep the result, delete the decoy file.
Link.
p.s. I sure hope they understand
My thoughts exactly. The only other countries you see around that have that much privacy-invading laws, and 3-letter-agencies are considered dictatorships, and undemocratic.
The definition of democracy is very interesting. Look it up in the dictionary, and then compare it to the current political situation in the US. Very interesting ...
The United States is not a democracy. It does not claim to be. It is a republic (sometimes called a "democratic republic" but it's still really a republic). Look up republic in the dictionary. Very different word. (This has nothing whatsoever to do with the Democratic vs Republican political parties, their names are both completely meaningless.)
Does no one in the government realize that anyone who gets serious about encrypting their stuff can easily do so now?
MICROSOFT TROLL! This site mainly tells congress that you SUPPORT microsoft's current business practices. I'll pass....but thanks for playing....
This article was written covering the same press briefing that the CNN and Washington Post articles cover. However, the mainstream media has taken the statements of organizations like ACP (mentioned in Kathleen's article above) at face value..like this is some kind of victory. The information presented in the article above is indeed current..it appears that Ms. Ellis has just gone deeper into the issue than mainstream press wonks.
Spread the word about ftp sites *not* located in the US (esp. http://www.replay.com -- located in the Netherlands). They have crypto stuff (and source!) for a lot of programs (esp. for Linux). Also, check out http://www.gnupg.org.
The Commerce department has always handled Crypto exemptions under ITAR. However the NSA (oh those guys) provide technical evaluations. Your tax dollars at work.
Where's the problem? Encrypt strong on your hard disk and put an XOR with some uncompromising data in your bank safe. Then, in court, if they present the plain text, point them to your floppy. This is a crude form of an encryption method called deniable encryption which, unfortunately, isn't developed/implemented enough yet. rws
"they allow the government to strong-arm companies into building backdoors into encryption products" Lets just call it what really is. It is not a back door, it might as well be called a second front door. They have basically looked us in the eye and said; hey, I know we work for you in theory but we dont trust you. Give us free access to your data or we'll take it. You know its funny how gaining unauthorized access to computer system is considered illeagal unless you work for the DEA, FBI, CIA, NSA, or any other group of three leters that are still classified. These people make me sick. The bend, twist, and mold our rights like play-dough. Anyone have a baggy I think I gonna hurl.
"Help me Obi-/.-Kenobi,your my only hope!" -$
Well you should feel better that the software has to be approved by the Dept. of Commerce. While the Defense Dept. might bitch and whine about the export of crypto, they don't have the time, money, or resources to send people over to the Dept. of Commerce and have them check it. Anyone know of any technical agencies under the Dept. of Commerce? Last I checked, almost all of the 3 letter acronyms that everyone is so paranoid about come from the Dept. of Defense, Justice, or Treasury. Yes it's the federal government, but they are different.
What you should do if you don't like the way this country is run is not MOVE, like everyone says (as if to imply that the best place to live is necessarily good enough), but to try your best to fix it. The government cannot actually prevent criminals from using strong encryption unless they outlaw it. Outlawing the production of that software is not enough... Criminals could simply use foreign encryption software. If the government wants to truly maintain its "right" to access all information held by all citizens, *all* encryption has got to go. I don't think anybody wants that. If the government really wants to spy on criminals they have that ability regardless of what encryption the criminal uses -- they can obtain a warrant allowing them to use physical force to obtain the private key. Crypto doesn't do shit for a criminal if you've got a camera on his monitor and physical access to the hard drive on which his key is stored. What getting rid of encryption would allow the government to do is scan all digital information for anything criminal. If the government already has enough on you to get a warrant, crypto backdoors are much less useful to them. If they've just noticed a few more hits to violent-anti-government-action.org than they are comfortable with, being able to break encryption is much more valuable. Keep in mind that the government is just a group of citizens. A group that is selected by the whole of citizens to serve the country. They don't have any rights that citizens don't have, though. Don't let them try usurp such "rights" as this. (If a law is unjust it is your duty to break it. Regardless of the actions of the government, USE CRYPTO, and send crypto code overseas in every news post you write.)
Just accept it. Wiretapping (which is what we're really talking about) is going to go away wheather you like it or not.
Just encrypt with Blowfish, PGP, or your preferred encryption scheme, then wrap it with whatever the makes gov't the happy. Problem solved.
Or you could follow the links at www.senate.gov and bypass the middleman.
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
I can open Emacs and write a letter to my mother. I can write a dissertation on mathematics, including the numbers to back my theories. I can write a program to look for patterns of alien life in data from a large radio telescope. I can give the source code to this software to people world-wide, so they can do cool things with their computers. I can be killed by my own government if I give them software to safely store their data because it's too effective.
--
Anyway, the Supreme Court can be very wimpy at times.
Triple-DES actually works great. It will take that $80,000,000 computer 2^56 times as long to break - fine for a few years yet.
What ever happened to the good old days, where
if you didn't like what your country (like the draft) was doing you could run away to Canada. Now we can't evern run there without paying money for owning a CD, or something equally innoquous (sp?)
Does it matter? you (effectively) no longer have a right to keep and bear arms either. If you don't believe me, read the Senat bill passed following columbine.
Get ready for the revolution guys -- as much as I detest most of milita people, they are pretty much RIGHT.
-- Slashdot sucks.
what criminal in his right mind would use government endorsed encryption anyway? the definition of a criminal is "someone who breaks the law". if he was breaking the law, do you think he would use encryption with a government back door? the u.s. government's agenda is obvious and transparent. they are trying to survail innocent citizens. this survailence leads to oppression. our days are numbered
"The lie, Mr. Mulder, is most convincingly hidden between two truths."
--
And Justice for None
I believe you're referring to GPG - Gnu Privacy Guard. Get it here.
Kythe
(Remove "x"'s from
Kythe
You've made a good point that many people always seem to forget. Like it or not, as soon as a distructive technology is created/discovered, the cat's out of the bag. The only thing that matters then is whether more good, moral people have that technology, or more bad, evil people have the technology.
Crypto isn't a distructive technology, but it is a defensive one. Offensive technologies (such as guns and other weapons) often become defensive technologies in the right hands.
One of the biggest problems here is that I sure as hell wouldn't trust the government with my keys. If they want evidence that I've encrypted de-crypted, how about slapping me with a court order to decrypt it? That way, I still know that my keys are safe. (Yes, I know there's holes in that proposal too, but it's far better than key escrow imho).
Please change this. We don't want people thinking that EPIC endorses this as much as the White House does.
errr... what's the word again? Parody.
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
Not that I trust any government's third parties, but... if I did, I'd only trust them if they could be trusted only to send my key to a law enforcement agency with a large enough key.
Hamish
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
You can have 'em, but you can't take 'em somewhere else. A bit like a license to sell alcohol to be consumed ON the premises.
Hamish
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
It's not just the rest of the world who think that the US government is behind the times - discussions like these on slashdot are visible proof that its own citizens are disgruntled.
Business can force the government's hand for exactly those reasons you mentioned, because the actual location of a business is becoming less and less important in today's global markets.
Likewise, if citizens are unwilling to relocate, ways will be found of working on crypto projects stored outside the US from within it. If even this proves impossible (which I doubt), they'll still be able to download GPG from Europe. If the legislation on import of strong crypto changes, we'll make weak crypto code with strong crypto hooks available. Et cetera.
Hamish
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
The way to bypass the need for a 'product' i.e., a software package that encrypts files; is for trusted users of a network to participate in VPN with IPSec and SSH. These keys change on a daily basis.
Then the members of the VPN would utilize a distributed.net that works in the inverse; i.e., it cranks out huge keys on the fly using the power of all the processors on the network.
The internet is a public place. We need to build up the private areas and make them fortified and barracaded.
In addition, these trusted servers (that would ulimately reside at various points on the globe would have colocation for one another's encrypted data. That way data could be transferred instantly around the globe upon the trigger of some event (i.e., 5 incorrect passwd entries) or some command (i.e., paging the server with a certain numerical code). Then the data on the investigated computer would be transferred to a safe location and the investigated box would be wiped.
Finally, we can take advantage of the 'bankers' exception to this bill by keeping banking and financial information on the home server. That is all credit card transactions would be routed through the home server to the participating banking institution; thus, making the home server function as an extension of the banking institution's computer network. Alternatively, we should found an online credit-union and make all our home servers part of that enterprise.
We know what to do and we are doing it.
I think if you carry your counterpoint to the conclusion, you will see more sense in the original post. Correct, guns, weed, etc. are physical objects. They can be physically stopped.
However, we haven't been able to. Drugs still wind up in penitentiaries fer cryin out loud. If we can't stop these, how the hell can we assume we can stop data?
My Suburban burns less gasoline than your Prius.
Forgive my ignorance, but wouldn't that be enough to keep a government at bay? At least until they try to unlock some of your communication, that is.
I'm probably being too simplistic about it, I know. Please enlighten me.
As I read it they may read what is written, and search and take your stuff, but they cannot force you to solve a riddle for them. Although I believe people have been held in contempt of court for not producing a decrypted version of, for instance, coded ledgers, all that law enforcement can (and should) be allowed to do is seize the information. The burden of proof should be on the State to show that the information is 1) relevant to an investigation and 2) incriminating. They can take it if they prove (1), and use it against you if they prove (2), but you can't be required to aid them in proving their case, nor should your refusal be incriminating (under Amendment V).
Don't like it? Complain. Vote for someone else. Exercise your citizenship, not your feet.
Finally..something good about living in Australia.
I suppose our extreme lack of encryption laws partially compensates for the incoming GST...
Perhaps the USA is not the greatest 'democracy', if the politicians don't listen to the people...
This is not a deterrent against abuse.
Where do you think the gub'mint gets their money anyway? Wouldn't it be the money of the people collected as taxes that they would be spending should they be fined? What might interest me is if individuals responsible be made to pay penalties out of their own pockets and receive jail sentences for said offenses.
bad anology, really..
guns and marijuana are physical objects. they take up space, and they have to be physically transported from one place to another. You can't "copy" a gun.
If you want to transport weed into the U.S., you have to actually physically take it across a border, usually passing somewhere heavily patrolled or like at the US/Mexico border,or at least a little booth where you show a passport and may be subject to random searches.
The internet has no borders. You just click the little box saying "i am in the U.S." and they don't know if you're lying or not. I've heard that they check your IP adress, and if it's clearly from a foreign country, you're denied downloading of most encryption products. So? Is it that hard to get a shell located in the U.S.?
And if you _do_ decide to physically take it across a border, it's a hell of a lot easier. If you have 3,000 pounds of cocaine you want to get across a border, that's going to take up quite a bit of space. If you have a copy of Netscape Navigator 4 on a computer hard drive, how the hell are they going to know that? If worst comes to worst you can just burn it to a CD-R and stick it in the car stereo. And since once you've got the copy of Netscape across the border you can make as many copies as you want..
i guess what i'm trying to say here is, smuggling software from point A to point B is totally effortless. Smuggling guns or drugs is different since it actually requires some amount of effort. If you know someone 20 yards away on the other side of the border is carrying weed you can stop them from crossing the border with it, by physically blocking their path if neccicary, but if they're sitting 20 yards across the border with a computer and telnet you can't stop them from getting a copy of PGP.
-mcc-baka
uhh.. mari-ju-ana is bad, mm-'kay?
Irritable, left-wing and possibly humorous bumper stickers and t-shirts
Why not create an encyption system, that enables you to pack as many messages into one single encrypted message as you like, having one private key for them each, and make it impossible to count the them, or in any way know which one is "the real one"? With this system, you could allways hand in some of your private keys, and allways include some harmless text, encrypted with some of the handed in keys, in your encrypted messages. I don't even think this would be hard to implement. Oh, and just an implementation note: Make all encrypted messages be in sizes that are multiples of some fixed size (1024 bytes?), so that it is impossible to see from the sizxe of the encrypted message, how many messages there are in it.
--The knowledge that you are an idiot, is what distinguishes you from one.
Whoops. Sorry about that. Anyway, regulations on crypto of ANY kind are bad, imho.
-- Veni, vidi, dormivi
Right, what's at issue here is export and carrying (e.g. on your notebook), not posession.
Also, a friend of mine who works for a defense contractor who does, in fact, have a license to carry munitions overseas told me that once you get it, you lose many freedoms; e.g. you can no longer travel to certain countries, even personal, etc. 'Course, in his case he designs missiles so I guess the issue is a lot less academic for his case.
-- "In order to have power, I must be taken seriously." -Mojo Jojo
The most important aspect of a firearm is that it is one of the great equalizers -- it doesn't take years of training or great physical skill to use it properly (especially at short range). In this sense, firearms help people defend themselves against aggressors they would otherwise be at a severe disadvantage against.
Guns are not used only for killing -- the primary use is as a deterrent by posing a potential lethal threat. (The difference is subtle but extremely important.) Some 97% or so of defensive handgun uses occur without a shot being fired (appx 2 million per year in the US).
I apologize for getting off-topic, but the previous author's fallacy couldn't be ignored...
To counter:
This is one of the biggest pieces of BS used to justify gun ownership. I am no less "equal" to you if neither of us have guns than I am if both of us have guns.
You mis-represent what I said. It's a dangerous world and there are people out there who know how to use force and are unafraid to use it for their personal ends. You really think, for example, an average woman is "equal" to an average rapist when it comes to defending herself against an attack? Nonsense. (Not to mention that situation is even more skewed because the rapist typically has the luxury of choosing his target...)
And frankly, I would rather live in a society where I don't have to carry a lethal weapon in order to be safe.
So would I. It'd be real nice, wouldn't it?
Besides, what about children? Should they be packing semi-automatic weapons so that they can be "equal" to the guy who decides to shoot up their preschool? This is a strawman argument. No sensible person would advocate giving children too young to handle the responsibility tools that are that dangerous. (This is the same type of reasoning that puts minuimum ages on drivers.) But I am all in favor of having staff members at the school armed and capable of defending themselves and the students.
And what about the the blind, or people with other disabilities? Firearms hardly qualify as the great equalizer for them.
This is a good point. Firearms do not require great skill to use, but there are some minimal requirements. There will always be some people who are physically unable to use any tool.
It appears that this article is based on old infromation. I would suggest that all read the Your Rights Online Artcile about Clinton relaxing crypto. If I read it correctly he has gotten rid of the key escrow idea, what appears to be the major issue here.....
- AMW
Actually, any unconditionally secure system I've ever so much as heard of breaks down to a one-time pad.
One-time pads are secure, but totally impractical. The definition of 'random' required for a one-time pad is much stronger than you'd think. Heck, the NSA broke Soviet 'One-time pads' which were reused as little as once, and even some which weren't reused but had been generated by secretaries hitting 'random' keys on a typewriter. That wasn't random enough.
So let's say you've got a one-time pad, and you'd like to encrypt your porn. You need, say, 22,000 random numbers. Which can't be computer generated (because they're not really random -- what you're doing is inputting a stream cipher), which can't be stored online (because then they're accessible), which probably shouldn't even be stored on magnetic media (ditto), and thus should be input by hand. And you'll have to type them in again to decrypt.
What, you missed one? Too bad, there goes your data.
Of course, if you keep it around and you get busted, that doesn't do you much good either. So it's good only to send to somebody else for a message which only has to be secure until it gets there, is a very short message, and who you have personal contact with to exchange very large sheets of random numbers on a fairly frequent basis. (OK, you could always use microfiche or something, but the basic problems remain.)
One-time pads are almost completely impractical for the real world, and are entirely impossible with people you only know virtually.
Are you nuts? You disagree with your own opinion. I quote: Perhaps a class in critical thinking can help.
Well, certainly, send a letter if you want. But a telegram is better than nothing. Personally, I'm going to send the telegram, send an e-mail, call, and send a letter. They *do* keep track of these things.
My congresswoman is a co-sponsor of SAFE, so I don't think she needs too much prodding from me to vote for it. However, I really think we all would benefit if people made a lot of noise and supported this strongly.
So, yes. do send the telegram, call AND send a letter. The more noise the better.
Sure, Clinton may veto it, but it would be nice if it got support in congress.
Folks in the US: Call your congresscritter. Write a letter. You can also send a free telegram by going to this site. It's easy and it's FREE. This service is provided by the Center for Democracy & Technology. If you have any interest in these kinds of issues, sign up for their e-mail announcements.
$50,000 would be cheap if you could continue exporting.
-- Virtual Windows Project
1. Any accessible system can be hacked.
2. Any key escrow system must be accessible.
:. any key escrow system can be hacked.
... and what a fitting target for Joe Hacker.
There are about 5 or so versions being bandied about. One of them is one we'd like passed. Several of them propose draconian restrictions and regulations. This is the way of congress.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
The second amendment is about keeping the general populace armed both to deter tyranny on the part of government and also to provide a pool of individuals to raise a militia from so as to provide for the common defence. Just because the government misclassifies crypto as a munition doesn't mean it actually is one or has anything to do with an armed citizenry.
You might have more luck trying to locate your right to crypto in the unenumerated substantive-due-process right to privacy, although good luck trying to find some courts to agree with you. The fourth and fifth amendments are also good places to try.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
Diplomacy and politics are all about mindshare. Economies are all about marketshare. If the US software economy starts to falter because of crappy legislation, then everyone suffers, including the government; less tax revenue, fewer trumps to play in foreign relations, etc.
Yes, Americans are sheep (hopefully they'll at least remain armed sheep...). But, government still can't quite dictate reality in the way it can in 1984, because we still have wars and real interactions with foreign states (both lacking in Orwell's world). It's probably the only Orwellian idea that hasn't come to pass (yet).
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
And there are good reasons why everyone should have the right to own guns, as the formers of the US constitution understood.
-- The act of censorship is always worse than whatever is being censored. Always.
I'm trying to figure out how that would work.
Prosecution: Yes I have found X on the computer hard drive.
Cross examination: How did you determine this?
Prosecution: I'm not going to divulge that information.
Judge: The witness will answer the question.
Prosecution: No.
What would the jury think?
Glad to hear some sane comment on this.
Escro is dead...RIP.
The world is beginning to embrace private ciphers.
Heck...a patriotic thought may prompt me to
expatriate and assist the encyption effort off
shore...
Hmmm...
oh....my!
'nuff said
--------
"I already have all the latest software."
I, like a lot of Slashdot readers, live in Canada, and this issue really bugs me (because things that happen in the US sometimes continue here), but what can I do? I have no U.S. congressman or anything else like that.
Does anyone know of a way that we (the international community) can put pressure on the US to grow up about encryption?
Also, the (U.S.) government is very good at avoiding the issue. They act like nobody is allowed to use strong encryption already, so they'll "compromise". They fact is that U.S. citizens want to export encryption devices, and this bill does absolutely nothing to address that. (You think the international community is going to send their keys to the U.S. government? I think not.)
--------
"I already have all the latest software."
This is the same with modern gun control legislation. Making guns illegal doesn't stop criminals from getting guns, only law-abiding citizens. There are now more guns in the US than their are people, and there is no stoping anyone from getting one. The same with weed, Same with computers, powerful microprocessors, and strong encryption. They can't be stopped!
Hmm... you're right. And similarly, by making murder illegal you're not stopping the bad people from killing the good ones, only stopping the good ones from killing the bad ones. So by that thought, we ought to make murder legal, right?
Encryption != guns.
There are many, many useful purposes for encryption. Sure, it's going to be used for some bad ones, but anything has nefarious purposes.
Guns, on the other hand, were invented and used for one thing - killing. To make sure large chunks of flesh are forcibly removed from a living creature.(No, they really didn't invent them to shoot clay disks) If you can't figure out that difference, you need to spend a little bit more time studying the two.
---
"You know your god is man-made when he hates all the same people you do."
This site upgrades netscape to 128 bit encryption and it is located outside the US. No control & no backdoor. Best of all, the source is available.
I can throw myself at the ground, and miss.
Actually, SAFE is the good bill. The one the Feds want vetoed if it passes Congress.
Roses are red, violets are blue. I'm a schitzophrenic, and so am I.
"strong encryption most likely cannot be broken even by the NSA, in any amount of time, no matter how many computers they throw at it, unless they've made some fundamental breakthrough like quantum computers." This is incorrect... For reference, please view the following: www.distributed.net. The problem with current encryption is that it can be broken through brute force, given that enough time and computing power is thrown at it. Furthermore, current encryption techniques have not been proven (nor will they likely ever be proven) to be NP complete, so its always possible that someone will discover a shortcut through current encryption that reduces the problems to polynomial time. (Or worse, constant time.)
--
"A mind is a horrible thing to waste. But a mime...
It feels wonderful wasting those fsckers."
I currently have no clever signature witicism to add here.
Better yet, let the public decide which keys shall be opened. Example: A terrible crime is committed, such as a major bombing, and a suspect is found -- yet it looks like the evidence is locked up in some encrypted files. Need to get inside? Try distributed computing. If the American public really cares about resolving this case, they will happily donate their computer time. If the majority of the people don't think that cracking the key is a worthwhile cause (e.g. it is a "political crime" that seems bogus) then people will ignore the government's request for CPU cycles.
As long as we have our open source crypto tools, distributed computing is really the only hope for opening up crypto keys.
A W S ----------- QABO : BALA
I agree with you 100%.
Another point is that the US Gov. is just harming the software indus. in the US. If we can't trust the software that's developed in our own country because it may have backdoors etc. in it, people (who have a clue) will get their software elsewhere.
I did. But not because I was paranoid, but I'm starting to become paranoid. The point is we don't need encryption software that comes from THIS country anyway, so why bother trying to control it. How damn stupid can you get.
Uhhgg, politicians are all idiots.
Sticking feathers up your butt does not make you a chicken - Tyler Durden
Your argument is an illogical strawman.
The possession of any of the items mentioned -- including guns -- does not deprive anyone else of life, liberty, or the pursuit of happiness. The action of murdering someone obviously deprives them of all three.
The two are fundamentally different in nature. Their possessing an item infringes on no one's rights, their using it unlawfully is a totally diferent matter.
"they allow the government to strong-arm companies into building backdoors into encryption products"
Lets just call it what really is. It is not a back door, it might as well be called a second front door. They have basically looked us in the eye and said; hey, I know we work for you in theory but we dont trust you. Give us free access to your data or we'll take it. You know its funny how gaining unauthorized access to computer system is considered illeagal unless you work for the DEA, FBI, CIA, NSA, or any other group of three leters that are still classified.
These people make me sick. The bend, twist, and mold our rights like play-dough. Anyone have a baggy I think I gonna hurl.
"Suits make my neck itch!"
"Help me Obi-/.-Kenobi,your my only hope!" -$
I question the constitutionality of this.
Under the Bill of Rights, one has the right to confront the witnesses against one.
Under more general laws against the admissibility of hearsay, one generally has the right to cross-examine statements of fact made against one.
For law enforcement to decline to state how it decrypted the file (or whatever) is to deprive one of the ability effectively to confront a witness used against one and is to constrict one's ability to cross-examine.
Read the Sixth Amendment:
"In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the Assistance of Counsel for his defence."
According to Findlaw :
"''The primary object of the constitutional provision in question was to prevent depositions of ex parte affidavits . . . being used against the prisoner in lieu of a personal examination and cross- examination of the witness in which the accused has an opportunity not only of testing the recollection and sifting the conscience of the witness, but of compelling him to stand face to face with the jury in order that they may look at him, and judge by his demeanor upon the stand and the manner in which he gives his testimony whether he is worthy of belief''"
This essay goes on to state that while the Confrontation Clause is not identical with the hearsay rule, it generally leads to exclusion of evidence when the defendant has no opportunity to challenge its soundness though cross-examination.
Clearly concealed decryption techniques cannot be cross-examined.
Another Sixth Amendment right is the right to compel witnesses to appear in one's defense. This might very well include those who decrypted the message, in the event their testimony might turn out to be favorable.
"''The right to offer the testimony of witnesses, and to compel their attendance, if necessary, is in plain terms the right to present a defense, the right to present the defendant's version of the facts as well as the prosecution's to the jury so it may decide where the truth lies. Just as an accused has the right to confront the prosecution's witnesses for the purpose of challenging their testimony, he has the right to present his own witnesses to establish a defense. This right is a fundamental element of due process of law,''"
Compulsory Process
The consequence of violating the confrontation clause would be exclusion of testimony. The consequence of denying compulsory process would be a reversal or a new trial.
Denial of right of cross examination.
Criminal law demands a "chain of custody" of the evidence. How do we know that the proffered evidence is the real thing?
Unless we can know all of the links in the chain of custody - along with the right to cross examine the validity of these asserted links - then we effectively are denied the right to confront the witnesses used against us.
This would violate the Sixth Amendment.
I'm not getting into this to talk about gun control. I'm just trying to say they are two TOTALLY different things.
You are right, they are two totally different things. Assuming encryption == privacy, firearms are more protected under the U.S. Constitution. Your privacy can be infriged upon by court order. The Constitution does not give the same right to the government concerning firearms.
Yet, there have been many infrigements on the right to bear arms in the United States. You better write your congressman and keep encryption out of government hands. It is obvious the Constitution won't do that.
If you reread that amendment again, you'll see that law enforcement DOES have the right to access your information if it is REASONABLE for them to access it.
There have been several cases where evidence that was siezed that pretty much nailed the guy for doing it was rejected because the search was deemed unreasonable. This also goes for searches without warrants, like when the cops pull you over and search your person or car w/o one.
Sorry to say, but the Bill of Rights does leave that loop hole for law enforcement to get into your private life. Don't like it? Try somewhere else.
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated"
Unless we think you are a drug dealer or a pornographer or a terrorist or have "strange" religious beliefs
When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl
_________
Sometimes, when I'm feelin' bored, I like to take a necrotic equine and assault it physically.
No, don't send e-mail to congress. Nothing gets ignored more than e-mail.
;-).
See my comments above on this same topic, but basically you should send a real physical letter. In fact, if you're *really* serious, name the congress critter on the outside of the envelope and send it Registered Mail.
This is the same service that the US gov't uses to send material classified up to SECRET (they use certified mail for material that is only CONFIDENTIAL), and the US Postal Service regulations and laws stipulate that *only* the named individual may receive the letter.
Violation of USPS regulations and laws regarding things like this is a *very* serious matter. You're talking jail time on the minimum conviction.
This is also a really good trick to pull on some corporate CEO if you're pissed off at the service that they provide and you want to complain -- they end up having to get pulled out of whatever meeting they're in, so that they can sign for the letter in person.
And it wouldn't hurt to send a carbon copy to the Better Business Bureau via certified mail (there's no need to piss them off
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
See my other comments above. In short, don't send e-mail, send a real physical letter.
In fact, if you're really serious, send it via certified or registered mail. That will most certainly get their attention.
Brad Knowles
http://daily.daemonnews.org/ -- if you're not
See Ueli Maurer's unconditionally secure "randomizing" stream cipher. Given a public source of random bits much, much longer than each message, the probability that a message can be decrypted can be made arbitrarily close to 0 even given unlimited computational resources.
/*
/* [ */
/* Use >16-bit temporaries */ /* at LEAST 16 bits, maybe more */
/* ideaExpandKey */
/* mulInv */
/* ideaCipher */
/* Do key schedule for encryption, can be converted later */
/* Make sure key schedule is in the right mode */
/* Do the operation */
/* Make sure key schedule is in the right mode */
/* Do the operation */
/* key1 = G >8);
/* Do the initial blocks of the hash */
/*
/* Do the first partial block - i 6) {
/* Re-schedule the key */
/* Blocksize */ /* Keysize */ /* Last one remembers encrypt vs decrypt */
/* Currently unused; left in in case of future need */
/* Test driver for IDEA cipher */
/* Make a sample user key for testing... */
/* Compute encryption subkeys from user key... */
/* Compute decryption subkeys from encryption subkeys... */
/* Make a sample plaintext pattern for testing... */
/* repeated encryption */ /* repeated decryption */
/* Now decrypted ZZ should be same as original XX */ /* error exit */ /* normal exit */ /* main */
/* 0 */
/* ] PGP_IDEA */
This export control stuff can't be anything to do with stopping crooks. It's more like allowing crooks to harm law abiding US citizens one way or another.
Don't worry about us "foreigners" we can get crypto code.
And what follows an example of how a foreigner can indirectly bring down a US server, without breaking any local laws. This could be easily done on USENET as well, anyone know what would happen? Shutdown of US USENET servers?
*/
/*
* pgpIDEA.c - C source code for IDEA block cipher.
* Algorithm developed by Xuejia Lai and James L. Massey, of ETH Zurich.
*
* $Id: pgpIDEA.c,v 1.16 1997/10/14 01:48:18 heller Exp $
*
* There are two adjustments that can be made to this code to speed it
* up. Defaults may be used for PCs. Only the -DIDEA32 pays off
* significantly if selectively set or not set. Experiment to see what
* works best for your machine.
*
* Multiplication: default is inline, -DAVOID_JUMPS uses a different
* version that does not do any conditional jumps (a few percent
* worse on a SPARC, better on other machines), while
* -DSMALL_CACHE takes it out of line to stay within a small
* on-chip code cache. (Not really applicable with current L1
* cache sizes.)
* Variables: normally, 16-bit variables are used, but some machines do
* not have 16-bit registers, so they do a great deal of masking.
* -DUSE_IDEA32 uses "int" register variables and masks explicitly
* only where necessary. On a SPARC, for example, this boosts
* performance by 30%.
*
* The IDEA(tm) block cipher is covered by a patent held by ETH and a
* Swiss company called Ascom-Tech AG. The Swiss patent number is
* PCT/CH91/00117. International patents are pending. IDEA(tm) is a
* trademark of Ascom-Tech AG. There is no license fee required for
* noncommercial use. Commercial users may obtain licensing details from
* Dieter Profos, Ascom Tech AG, Solothurn Lab, Postfach 151, 4502
* Solothurn, Switzerland, Tel +41 65 242885, Fax +41 65 235761.
*
* The IDEA block cipher uses a 64-bit block size, and a 128-bit key
* size. It breaks the 64-bit cipher block into four 16-bit words
* because all of the primitive inner operations are done with 16-bit
* arithmetic. It likewise breaks the 128-bit cipher key into eight
* 16-bit words.
*
* For further information on the IDEA cipher, see these papers:
* 1) Xuejia Lai, "Detailed Description and a Software Implementation of
* the IPES Cipher", Institute for Signal and Information
* Processing, ETH-Zentrum, Zurich, Switzerland, 1991
* 2) Xuejia Lai, James L. Massey, Sean Murphy, "Markov Ciphers and
* Differential Cryptanalysis", Advances in Cryptology - EUROCRYPT'91
*
* This code runs on arrays of bytes by taking pairs in big-endian order
* to make the 16-bit words that IDEA uses internally. This produces the
* same result regardless of the byte order of the native CPU.
*/
#include "pgpSDKBuildFlags.h"
#ifndef PGP_IDEA
#error you must define PGP_IDEA one way or the other
#endif
#if PGP_IDEA
#include
#include "pgpConfig.h"
#include "pgpSymmetricCipherPriv.h"
#include "pgpIDEA.h"
#include "pgpMem.h"
#include "pgpUsuals.h"
/* If IDEA32 isn't predefined as 1 or 0, make a guess. */
#ifndef USE_IDEA32
#if UINT_MAX > 0xffff
#define USE_IDEA32 1
#endif
#endif
#if USE_IDEA32
#define low16(x) ((x) & 0xFFFF)
typedef unsigned int uint16;
#else
#define low16(x) (uint16)(x)
typedef PGPUInt16 uint16;
#endif
/* A few handy definitions */
#define IDEA_ROUNDS 8
#define IDEA_KEYLEN (6*IDEA_ROUNDS+4)
#define IDEA_KEYBYTES (sizeof(PGPUInt16) * IDEA_KEYLEN)
/*
* Flags in priv array to record whether key schedule is in encrypt
* or decrypt mode
*/
#define IDEA_ENCRYPTION_MODE 0x11
#define IDEA_DECRYPTION_MODE 0x22
/* Private functions */
/* Expand a 128-bit user key to a working encryption key EK */
static void
ideaExpandKey(PGPByte const *userkey, PGPUInt16 *EK)
{
int i, j;
for (j=0; j> 7;
EK += i & 8;
i &= 7;
}
}
/*
* Compute the multiplicative inverse of x, modulo 65537, using Euclid's
* algorithm. It is unrolled twice to avoid swapping the registers each
* iteration, and some subtracts of t have been changed to adds.
*/
static uint16
mulInv(uint16 x)
{
uint16 t0, t1;
uint16 q, y;
if (x = 2, this fits into 16 bits */
y = 0x10001L % x;
if (y == 1)
return low16(1-t1);
t0 = 1;
do {
q = x / y;
x = x % y;
t0 += q * t1;
if (x == 1)
return t0;
q = y / x;
y = y % x;
t1 += q * t0;
} while (y != 1);
return low16(1-t1);
}
/*
* Compute IDEA decryption key DK from an expanded IDEA encryption key EK
* Note that the input and output may be the same. Thus, the key is
* inverted into an internal buffer, and then copied to the output.
*/
static void
ideaInvertKey(PGPUInt16 const EK[IDEA_KEYLEN], PGPUInt16 DK[IDEA_KEYLEN])
{
int i;
uint16 t1, t2, t3;
PGPUInt16 temp[IDEA_KEYLEN];
PGPUInt16 *p = temp + IDEA_KEYLEN;
t1 = mulInv(*EK++);
t2 = -*EK++;
t3 = -*EK++;
*--p = mulInv(*EK++);
*--p = t3;
*--p = t2;
*--p = t1;
for (i = 0; i >16;
return (b - a) + (b >16, \
x = (x-t16) + (x>16), \
(x-t16)+(x>8);
outbuf[1] = (PGPByte)x1;
outbuf[2] = (PGPByte)(x3>>8);
outbuf[3] = (PGPByte)x3;
outbuf[4] = (PGPByte)(x2>>8);
outbuf[5] = (PGPByte)x2;
outbuf[6] = (PGPByte)(x4>>8);
outbuf[7] = (PGPByte)x4;
}
/*
* Exported functions
*/
static void
ideaKey(void *priv, void const *key)
{
ideaExpandKey((const PGPByte *) key, (PGPUInt16 *)priv);
*((PGPByte *)priv + IDEA_KEYBYTES) = IDEA_ENCRYPTION_MODE;
}
static void
ideaEncrypt(void *priv, void const *in, void *out)
{
if (*((PGPByte *)priv + IDEA_KEYBYTES) != IDEA_ENCRYPTION_MODE) {
ideaInvertKey ((PGPUInt16 *)priv, (PGPUInt16 *)priv);
*((PGPByte *)priv + IDEA_KEYBYTES) = IDEA_ENCRYPTION_MODE;
}
ideaCipher((const PGPByte *) in, (PGPByte *) out, (PGPUInt16 *)priv);
}
static void
ideaDecrypt(void *priv, void const *in, void *out)
{
if (*((PGPByte *)priv + IDEA_KEYBYTES) != IDEA_DECRYPTION_MODE) {
ideaInvertKey ((PGPUInt16 *)priv, (PGPUInt16 *)priv);
*((PGPByte *)priv + IDEA_KEYBYTES) = IDEA_DECRYPTION_MODE;
}
ideaCipher((const PGPByte *) in, (PGPByte *) out, (PGPUInt16 *)priv);
}
/*
* Do one 64-bit step of a Tandem Davies-Meyer hash computation.
* The hash buffer is 32 bytes long and contains H (0..7), then G (8..15),
* then 16 bytes of scratch space. The buf is 8 bytes long.
* xkey is a temporary key schedule buffer.
* This and the extra data in the hash buffer are allocated by the
* caller to reduce the amount of buffer-wiping we have to do.
* (It's only called from ideaWash, so the interface can be a bit
* specialized.)
*/
static void
ideaStepTandemDM(PGPByte *hash, PGPByte const *buf, PGPUInt16 *xkey)
{
int i;
hash[2*i+1] = (PGPByte)xkey[i];
}
i = len;
while (i >= 8) {
ideaStepTandemDM(hash, buf, xkey);
buf += 8;
i -= 8;
}
* At the end, we do Damgard-Merkle strengthening, just like
* MD5 or SHA. Pad with 0x80 then 0 bytes to 6 mod 8, then
* add the length. We use a 16-bit length in bytes instead
* of a 64-bit length in bits, but that is cryptographically
* irrelevant.
*/
pgpClearMemory(hash+24+i, 8-i);
ideaStepTandemDM(hash, hash+24, xkey);
i = 0;
}
pgpClearMemory(hash+24+i, 6-i);
hash[30] = (PGPByte)(len >> 8);
hash[31] = (PGPByte)len;
ideaStepTandemDM(hash, hash+24, xkey);
ideaExpandKey(hash, xkey);
pgpClearMemory( hash, sizeof(hash));
}
/*
* Define a Cipher for the generic cipher. This is the only
* real exported thing -- everything else can be static, since everything
* is referenced through function pointers!
*/
PGPCipherVTBL const cipherIDEA = {
"IDEA",
kPGPCipherAlgorithm_IDEA,
8,
16,
IDEA_KEYBYTES + 1,
alignof(PGPUInt16),
ideaKey,
ideaEncrypt,
ideaDecrypt,
ideaWash
};
#if UNITTEST
/* Test driver proper starts here */
#include
#include
/*
* This is the number of Kbytes of test data to encrypt.
* It defaults to 1 MByte.
*/
#ifndef BLOCKS
#ifndef KBYTES
#define KBYTES 1024
#endif
#define BLOCKS (64*KBYTES)
#endif
int
main(void)
{
int i, j, k;
PGPByte userkey[16];
PGPByte priv[IDEA_KEYBYTES+1];
PGPByte XX[8], YY[8], ZZ[8];
clock_t start, end;
long l;
for(i=0; i16; i++)
userkey[i] = i+1;
ideaKey(priv, userkey);
#if 0
ideaExpandKey(userkey, EK);
printf("\nEncryption key subblocks: ");
for (j=0; jIDEA_ROUNDS+1; j++) {
printf("\nround %d: ", j+1);
if (j IDEA_ROUNDS)
for(i=0; i6; i++)
printf(" %6u", EK[j*6+i]);
else
for(i=0; i4; i++)
printf(" %6u", EK[j*6+i]);
}
ideaInvertKey(EK, DK);
printf("\nDecryption key subblocks: ");
for (j=0; jIDEA_ROUNDS+1; j++) {
printf("\nround %d: ", j+1);
if (j IDEA_ROUNDS)
for(i=0; i6; i++)
printf(" %6u", DK[j*6+i]);
else
for(i=0; i4; i++)
printf(" %6u", DK[j*6+i]);
}
#endif
for (k=0; k8; k++)
XX[k] = k;
printf("\n Encrypting %d bytes (%ld blocks)...", BLOCKS*16, BLOCKS);
fflush(stdout);
start = clock();
memcpy(YY, XX, 8);
for (l = 0; l BLOCKS; l++)
ideaEncrypt(priv, YY, YY);
memcpy(ZZ, YY, 8);
for (l = 0; l BLOCKS; l++)
ideaDecrypt(priv, ZZ, ZZ);
end = clock() - start;
l = end * 1000 / CLOCKS_PER_SEC + 1;
i = l/1000;
j = l%1000;
l = BLOCKS * 16 * CLOCKS_PER_SEC / end;
printf("%d.%03d seconds = %ld bytes per second\n", i, j, l);
printf("\nX %3u %3u %3u %3u %3u %3u %3u \n",
XX[0], XX[1], XX[2], XX[3], XX[4], XX[5], XX[6], XX[7]);
printf("\nY %3u %3u %3u %3u %3u %3u %3u \n",
YY[0], YY[1], YY[2], YY[3], YY[4], YY[5], YY[6], YY[7]);
printf("\nZ %3u %3u %3u %3u %3u %3u %3u \n",
ZZ[0], ZZ[1], ZZ[2], ZZ[3], ZZ[4], ZZ[5], ZZ[6], ZZ[7]);
for (k=0; k8; k++)
if (XX[k] != ZZ[k]) {
printf("\n\07Error! Noninvertable encryption.\n");
exit(-1);
}
printf("\nNormal exit.\n");
return 0;
}
#endif
#endif
/*__Editor_settings____
Local Variables:
tab-width: 4
End:
vi: ts=4 sw=4
vim: si
_____________________*/
I wonder if that part would stand up to Supreme Court review?
...phil
...phil
"For a list of the ways which technology has failed to improve our quality of life, press 3."
If law enforcement gains probable cause that I have illegal items, or evidence of illegal activity, in my lockbox, they can get a subpoena to force me to open the box. As you pointed out, if I refuse, I go to jail, and I can be kept in jail while the box is being forcibly opened.
Alternatively, with a search warrant the box can be seized as evidence and the law enforcement agency can break open the box without my cooperation. This breaking job would be a forensic activity, and I as the defendant, should the evidence within the box cause me to come to trial, have the right to question the officer who opened the box. The methods used to open the box are perfectly germane to discuss in court; many cases are sunk by reasonable doubt brought on by evidence mishandling.
The fact that my box is strongly or weakly locked should not matter, from a legal standpoint. It could be a massive, bank-quality safe, or an unlocked file cabinet; in either case, law enforcement must leave it alone unless they go through the proper channels to gain the right to sieze the evidence within the box. They certainly don't have the right to tell me how strongly I may lock my private documents - because, again, if it's beyond their capacity to open, they just get a judge to order me to, under penalty of prison.
Applying these principles to crypto, this means that a search warrant (or the equivalent, a wiretap approval from a judge) should be necessary to collect my information, either covertly or by direct siezure of the media on which the information lies. The two activities should be legally equivalent. Once the information has been legally siezed, the law enforcement agency may use its computational or cryptanalytical resources to crack my message, without needing another warrant to do so. (These attacks should only be allowed against data collected legally, of course.)
If it's beyond law enforcement's capacity to crack the crypto in question, or such a crack attack would take unreasonably long (hence denying me my right to a speedy trial), an order should be obtainable from a judge which forces me to decrypt.
If law enforcement took the first option, a cryptanalytic attack, when they bring the evidence gathered by that attack against me at trial, I should have the right to inquire, and get truthful answers, as to how the information was intercepted and how the decryption attack was performed. This goes back to questioning the methods of law enforcement, and it's perfectly valid for me to have this right. To have evidence thrown before me, and me not to have the right to question its source, is a gross infringement on my basic rights of due process.
I think this approach solves several problems with crypto law. The "decrypt it for us or go to jail" provision may seem heavy-handed, but remember that by the time I'm told that, a judge has been informed and has decided on probable cause. And I'm not just rotting in jail - presumably, my lawyer is appealing the order.
At the same time, accountability for law enforcement is maintained; evidence-gathering is subject to public scrutiny, and illegal wiretaps and decrypts of those wiretaps remain illegal, unusable at trial..
Government Authorities [Eyeing my big-ass, uncrackable safe]: Open that safe! We need the bad stuff you keep in there for evidence.
Me: No. Go to hell, pig.
G.A.: Ok, then, you go to jail for contempt of court until you open that safe!
----------------------
Scenario 2:
G.A. [Eyeing my encrypted HDD]: Decrypt that email! We need it for evidence.
Me: No. Go to hell, pig.
G.A.: Drat! We're useless without key escrow! Whinge whinge whinge... Me: Ha! Ha! I have won again...
Does this make any sense? Don't we already have laws for this? Hello?
----
We all take pink lemonade for granted.
There is no K5 cabal.
I am not the real rusty.
Better than that--certain cryptosystems (one-time pads are the most obvious example, but there are others) provide not only computational, but unconditional security when properly implemented.
Don't take my work for it; see D.R. Stinson, Cryptography: Theory and Practice , in which the information-theoretical underpinnings of unconditionally secure cryptography are explained in a way that anyone with a basic knowledge of probability can understand.
Then start doing your part to render the NSA irrelevant: Write Code.
spawn_of_yog_sothoth
I'm thinking that you're mixing up terms... 1024 bit assymetric encryption just involves big numbers, but it's no where near as hard to break as 128 bit symetric encryption... As factoring methods advance in combination with Moore's law, assymetic requirements will likely skyrocket However, symetric encrytion schemems (128-bit) will likely stand the test of time (so far as i understand it, barring and fundamental breakthroughs in computing)... 3000 bit assymetric keyts (like you find in PGP) are completely secure according to public knowledge today, and will be for the forseable future... even 768 bits is "good enough" for the next few years
The upshot? My (uninformed) prediction is this: There will still be 40-bit non-escrowed versions of the product going out the door. These will be shipped primarily to other countries and to paranoid individuals like slashdotters. Everyone else will run 128, but it will be a compromised breed of 128.
More likely, the rest of the world and the paranoid Slashdotters will use products developed outside the US, or products like Mozilla where we can bolt whatever crypto we want into the source and chuck any escrow that tries to creep in. The politicians seem to think the whole matter is a question of they can put the holes in they want. It isn't.
The open-source encryption software mentioned last week is called GPG (GNU Privacy Guard), and can be obtained from http://www.gnupg.org/. It was developed entirely outside the US, and therefore will be free from any restrictions bills such as SAFE place on crypto software.
-- Veni, vidi, dormivi
"The failure to provide law enforcement with the necessary ability to obtain the plaintext version of the evidence makes existing authorities useless...Law enforcement has tools at its disposal to fight crime, but those tools are rendered useless when encryption gets involved"
Perhaps I don't understand. Free software ALREADY exists to do as good an unbreakable encryption as you want. If you are breaking the law already, what's to stop you from breaking it again, and simply, oh.. not giving away your private key to the escrow service? Hmmm? What the heck would law enforcement do then? Not a damn thing, because the evidence is encrypted! hah!
Key escrow is one of those things that can only hurt those who are honest enough to put their keys in escrow. Criminals wouldn't give away the key to their protected info to the law, just in case the law needed it to bust them! It simply makes no sense.
Silly politicians, privacy is for everyone!
---
- Give a man a fire and he's warm for a day, but set him on fire and he's warm for the rest of his life.
This is one of the biggest pieces of BS used to justify gun ownership. I am no less "equal" to you if neither of us have guns than I am if both of us have guns. And frankly, I would rather live in a society where I don't have to carry a lethal weapon in order to be safe.
Besides, what about children? Should they be packing semi-automatic weapons so that they can be "equal" to the guy who decides to shoot up their preschool? And what about the the blind, or people with other disabilities? Firearms hardly qualify as the great equalizer for them.
For 95% of the US, firearms are an anachronism, but I'm afraid it'll take us another 100 years to realize it, if ever...
As the author said, the fight for looser encryption regulation is currently being led (and funded) by the commercial software industry lobby. If these guys become satisfied and drop out, there's no hope of ever getting US developers to be able to participate in GPG or other free encryption development projects.
JMC
You're absolutely right, the US govt does not operate as a business, but, what we see here in the UK is a country that is behind the times, and is full of its own self importance. The US controlling the export regulations of encryption software is a sort of "well, no one outside the USA is intelligent enough to write crypto software", which is patent bull****!
When the US Govt get a grasp on this fact, then things might start to happen. Market and mind share is important, but not in quite the way that you percieve. No company really wants to be strong-armed into doing something because the government forces them to. So, if they incorporate offshore, then they don't have to be subject to US export restrictions, and they can do pretty much what they like. I think we will see companies who care doing something like this.
it doesn't take years of training or great physical skill to use it properly
This is both a good AND a bad thing.
Learning a martial art gives you the ability to kill people, but along with it the discipline and understanding to keep you from using it in a moment of anger. A gun just gives you the ability to kill. And makes it easier to harm someone when you're upset.
Guns are not used only for killing -- the primary use is as a deterrent by posing a potential lethal threat. (The difference is subtle but extremely important.)
Nuclear weapons are not used only for killing -- the primary use is as a deterrent by posing a potential annihilatory threat. Doesn't make me change my mind about them. "Oh, it's ok that we have the potential to destroy all human life at the push of a button because we're not really going to use it." That doesn't cut it for me. The problem with having the threat is that it might be used. Especially that the threat might be used improperly.
And to bring it back around. You're still wrong. Guns are NOT the same as Encryption. You don't have to worry about someone stealing your encryption from you and harming people with it. You don't have to worry about your kids accidentally a hold of your encryption and killing themselves.
I'm not getting into this to talk about gun control. I'm just trying to say they are two TOTALLY different things.
---
"You know your god is man-made when he hates all the same people you do."
For information about SAFE (HR 850), as well as information about contacting members of Congress, check out the
Center for Democracy & Technology. If you put in your zip code, it will return information about your Rep. and how
to contact him/ her. Hope this helps!
Well, this article convinced me to try using the open source encryption software that was mentioned on /. a couple weeks ago... only problem is, I don't remember the name of it, or where to find it. Can anyone help me out?
/. has, we could make for a pretty strong grassroots lobby on issues like this (if you're under 18, they don't really need to know that ;). Problem is, no one ever really bothers to try. I really think, that instead of always complaining about how the government is constantly trying to invade our privacy, we should be trying to do something about it. At least then when we complain about it, we can say we've tried to do our part. There was a site posted a bit ago with the e-mail addresses of Congressmen listed on it. Can someone post that again as well?
Also, does anyone know anything about this SAFE bill? It sounds like something we should be telling our reps in Congress to support. Not that they ever really listen to us, but it can't hurt. It seems to me that with the readership that
Roses are red, violets are blue. I'm a schitzophrenic, and so am I.
I think I have a solution. Why not have every encrypted message use a secret key which, through a very lengthy process - several months, with several supercomputers at least - a government agency can break? That way, whenever they come across an encrypted message, if it is truly important, they can get into it, but the cost will be so prohibitive that they will never use it frivolously?
Oh - wait. That's pretty much the status quo, isn't it?
Anyway, don't real criminals have access to more secure methods of encrypting evidence, anyway? Like gasoline fires? I just don't see any reason for a backdoor that doesn't imply overly broad use.
-=Best Viewed Using [INLINE]=-
Key point: by removing the requirement to show in court how they found an encryption key, and by still requiring software companies to get encryption software approved, they allow the government to strong-arm companies into building backdoors into encryption products--backdoors which will not be revealed in court when the government uses them to break encryption.
What this legislation seems to demand is a total war by the community against commercial crypto packages. This means, for instance, that if MS gets a license to export a crypto package for IE and NT, then there must be an effort to 1. crack it, and 2. look very hard for any backdoor. The saaame goes for crypto from IBM, SUN, Apple, and the rest of the commercial world.
If anybody finds a backdoor in any commercial product, then commercial crypto from the US is d-e-a-d. Nobody anywhere in the world will ever trust any crypto software emerging from the US ever ever again. Then, there will only be open source software from the community and there will be untrustoworthy crap.
This is one of those cases where special interests converge to work against the interests of the American public. Bob Goodlatte (and also Sen. Slade Gorton) are really pushing to remove some of the silly restrictions that we have right now. This would be good for both businesses AND the average citizen.
However, we keep running into the situation where powerful people in Washington D.C. decide that widespread strong cryptography is not in their best interest. Often these people are not even ELECTED officials (e.g. Louis Freeh). Yet their voice manages to drown out the little guy.
Worse yet, they wrap it in a nice little story about protecting YOU from terrorists. We are your officials, and we know (better than you) what is in your best interest.
What's scary is that these people know damn well that a key escrow system would be swiftly denounced by foreign nations. They aren't concerned about protecting Americans from terrorists. They are concerned about protecting their ability to eavesdrop on Americans.
The kicker here is that the White House says one thing and does another. Gore vows to reduce crypto restrictions, and yet everytime something remotely similar to SAFE is discussed, Clinton vows to veto it. I'm pretty sure he would too. Clinton isn't running for office...
What can I say. Yeah I'm a bit cynical. But all the newsgroup heckling and grumbling isn't going to do a bit of good. I hope everyone who reads this will consider focusing their energy by:
- writing or calling your senator or representative. Explain how important this is to you.
- joining/helping an organization that works to support your view, such as the EFF.
Just don't be silent.
Thanks,
SEAL
...if the US government doesn't move quickly, it will seriously lose market- and mind-share in encryption products, without gaining any advantage in doing so (GPG and PGPi being freely importable).
To paraphrase a well-known comment:
"You have no access to our private communications anyway... get over it"
Hamish
"Wise men talk because they have something to say; fools, because they have to say something" - Plato
What always bothers me about these export laws is that if a Terrorist group really wanted to get a copy of some encryption software, they could have someone buy it in the US and mail a copy overseas, perhaps on a copied CD (or 10 different copies). I could think of a million other ways to do this. Mail it from Canada! Mexico! You can drive over without a thought. FTP it. XModem transfer it. How the hell is anyone going to know what is on it and that someone is breaking the law. Laws like this do not stop criminal elements from using the products, they just make it a tiny bit harder for them to get their hands on them.
This is the same with modern gun control legislation. Making guns illegal doesn't stop criminals from getting guns, only law-abiding citizens. There are now more guns in the US than their are people, and there is no stoping anyone from getting one. The same with weed, Same with computers, powerful microprocessors, and strong encryption. They can't be stopped!
If corporations are individuals, why do they get preferential treatment under the law, and effectively cast way more political influence than one vote? This "solution", a crypto review process not likely to be practicable for individuals or small businesses, or open source projects, is just the latest example.
This country seems to be falling into a dangerous mindset, optimizing law for corporations rather than individuals. Corporations need privacy. Individuals can't be allowed privacy (for their own good.)
Unfortunately, corporations are focused on making money in the short term no matter how expensive it proves to be for everyone else in the long term. Very little fundamental research is occurring in corporations as it once did at Bell Labs. Corporation mergers, acquisitions, and outsourcing have degraded our quality of life. A society organized for the sole benefit of the balance sheets of its corporations is not an optimal solution for individuals.
We should fight for equal rights for all under the law, individuals and corporations alike. One entity, one vote.
That the US government's muddled encryption policy has made US encryption products something to be wary of is the true failure of that policy.
That is a good point. I can assure you that the NSA doesn't care about J. Random Hacker. They only appeared on their radar screens in the early 80s. I know. I was one of them and had an ongoing relationship with them for several years because, frankly, I feel a lot more at home with them that with three-bong-hit revolutionaries who never bathe. I was struck then by a fact that made me grow up a lot, quickly. That is the fact that most people are, by definition, normal (yeah, really profound, I know), and that the curve that defines the vast majority of behavior is quite often steep and has very thin tails. This never varies. Never. Not across nations, cultures, or any other normal distribution. Never. The NSA, the FBI, the DPS -- whomever -- just don't care about 96-99% of all people because they don't and won't (ever) do anything really weird. Hackers fit into that same area, albeit with fatter tails on the curves. The NSA doesn't care because they know damned well that they don't have to. The CIA doesn't care because ... well, the CIA has its own problems, many of which they are having a hard time getting themselves out of. Suffice it to say that they aren't bugging your house either. That mathematical immutability of human behavior, apart from making the isolation of adolescence earier to cope with (I realized that I wasn't special, and that perverse fact made me feel much less isolated), is very well known to the spook community at large. They depend on it. They know it well. They also fear it because they know damned well that when they have a whole lot of people moving in one direction they are close to impossible to stop unless you use napalm. And that isn't very spooky.
The average cop on the beat (J. Random Officer), on the other hand, is not a math PhD. He probably has some college courses, possibly an undergraduate degree, limited classical education, and quite a bit of continuing education as a cop. The smart ones tend to move up -- the average cop has an IQ of 100-115, the average detective 130+, so most cops, generally, aren't too dumb, at leas these days, in larger departments, in larger cities. That does not, however, include cops who have been cops for twenty years, cops in many large cities who were hired for reasons other than competence (the old boy network, racial quotas, sex quotas, or the fact that the department needed people when they were out of work as a fry cook), cops in small town who never passed any formal screening, county/sherrif/constanble personnel, and that is still a lot of cops who will be in the system for years. That load of people for whom concepts like encryption are foreign will be much more of an issue because that, coupled with the fact that cops tend not to spend a lot of time learning (they are trying not to get killed or sued) and that they deeply mistrust anything new and complex due to years of experience with a liberal legal system screwing cops every chance it gets means that you are highly likely to run into someone who considers an encrypted partition to be prima facia evidence of wrongdoing should you ever run afoul of the law. I see this as a far greater issue than Ft. Mead listening to you talking to your love-muffin on your cell phone. The local PD and prosecutor are still easily able to out-spend most people, and defending your rights into bankruptcy is a real problem -- you should be able to, but suing people who have ruined you is hard if they work for the government is pretty tough. And most hackers aren't rich.
It will be interesting to see how this plays out. I would encourage all of you civic-minded hackers to offer to help your local police department. I have offered to help mine and give regular lectures on handling computers that are evidence, how not to handle hackers, and so on. It definitely has changed the attitude of a lot of the more senior and mossybacked cops who now see computers as less of a menace, and that is a good thing. Spread the information widely and offer to take the time to help and you will do a lot more good than if you complain bitterly and use 500000 bit keys, because the more people using encryption then the more chaff to sift, the more messages to log and batch, the more stuff to worry about -- and I can assure you that every cop I have lectured to is using PGP right now. Spread a little sunshine, like Linus did a few years back. It can only help.
See how the Administration likes the bill then. As it stands, do you really expect the DOJ to slap its own hand when it breaks the law on this point?
"My opinions are my own, and I've got *lots* of them!"
Testimony: "Your honor, as you can plainly see, the {kiddie porn, bombmaking instructions, drugmaking instructions, nuclear secrets} is on the client's hard drive. We just can't tell you how we decrypted it."
Reality: "Hey, Officer Crypto-Dude, can you XOR the suspect's scramdisk file of random noise with some {kiddie porn, bombmaking instructions, drugmaking instructions, nuclear secrets}? I really need a conviction, man!"
Hell, why bother creating a bogus one-time pad if you don't have to reveal the method? How about "Hey, Officer Crypto-Dude, gimme the files off the hard drive from the other guy we convicted last month."
If the prosecution doesn't have to disclose how it decrypted your files, the only defence you have against fabricated evidence is to give up your keys and divulge what was really on your hard drive. Damned if you do, damned if you don't.
As I wrote yesterday, I'm far more worried about corrupt cops than corrupt spooks. NSA knows it has better things to do with its time than invade your privacy. I'm not so convinced the same is true of Ms. Reno and Mr. Freeh.
Does anyone know how crypto's classification as a munition interacts with our constitutional granted right to bear arms?
Trees can't go dancing
So do them a big favor
Pretend dancing stinks!
"Law enforcement has tools at its disposal to fight crime, but those tools are rendered useless when encryption gets involved"
What bothers me most about comments like these is that they are based on the assumption that 'law enforcement' has an implicit right to have access to your information, as long as they feel the need. This is not so. A relevant passage:
"The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated"
Since when does building a back door into all communications qualify as secure? And a promise from law enforcement not to use it improperly is not security, even if they could make such a promise honestly; what happens when someone else figures out how to use the back door (and someone will)?
Another thing that I don't see being brought up much when statements like the above are being thrown about is history. People have been using various types of codes to encrypt sensitive communications for hundreds of years. Has law enforcement been 'useless' for all this time?
I find it (almost) amusing that one of the agencies screaming loudest about their need for this (the FBI) touts as their greatest victory the incarceration of a man who was convicted based on evidence they couldn't decipher. So what did they do? They offered the guy who knew what it meant a deal, and he did it for them. Is there some reason this doesn't work anymore?
I work in crypto QA for a major, evil software company. Guess which one. We've been crossing our fingers for legislation like this due to the extreme cost and instability of shipping both a 128 and a 40/56 bit version of every crypto product. Apart from the effort of testing everything four times (once for hi, once for low, once for interactions, once for upgrades) there is the simple fact that as test matrices grow, bugs proliferate. And some are not found.
We used to say, "If only some bolt of light would strike Clinton upside the head and get him to liberate export policies!" Our premise was that the cost and difficulty of testing would drop, and we would be better situated to promote our client overseas.
NOPE. Even if this law passes, the labor of testing may just go up. Implementing a "backdoor" or a key escrow mechanism necessitates cracking the CSP's (oops - gave away which company) and re-writing practically the entire code structure that selects and manages algorithms. Easy? No. In addition, what foreign company would be interested in purchasing a product they know the US Government can abuse like a bitch at its will? I certainly wouldn't tolerate it.
The upshot? My (uninformed) prediction is this: There will still be 40-bit non-escrowed versions of the product going out the door. These will be shipped primarily to other countries and to paranoid individuals like slashdotters. Everyone else will run 128, but it will be a compromised breed of 128.
In other words, this will accomplish nothing other than weakening crypto for US citizens.
This bill is bullshit! Call or email your congressional office today. I'm about to do that very thing.
-konstant
-konstant
Yes! We are all individuals! I'm not!
Yet another lovely step back in time by the Clinton administration. I wonder if any of the candidates for the next presidential election have gone on record for crypto policy.
The primary reason that the concept key escrow absolutely petrifies me is that the to be useful, the keys need to travel in one form or another from their central repository (which I would hope would be as tightly locked up as the NSA) to the law enforcement agency responsible for unlocking the message. With the repeated demonstrations by the U.S. Government that they don't understand crypto, what's even going to guarantee the safety of my key (and therefore my data) in transit?
Don't make me hand over my keys. I have them because they protect me. And you can bet that if key escrow becomes a requirement, I will not surrender my stock of open-source crypto software, but only begin to use it more.