Slashdot Mirror
Dear Mr. Straw
Stand.org.uk has taken issue with the UK's proposed new e-commerce bill in a novel fashion. The Bill includes an assortment of new powers for law enforcement to combat the spread of that dread menace, cryptography. Police can demand that you decrypt and provide the keys for any encrypted communications in your possession - with a penalty of two years in jail. But what if you don't have the key? An excellent letter and even more excellent photo-essay. -- michael
I actually switched my party affiliation from Libertarian to Republican so as to vote for McCain in the primary. I think I hate him less than any national candidate in recent memory. As long as he doesn't get into 'family values' or other social-conservative territory I am all for him.
john mccain sounds like a good candidate, but i recall reading somewhere that he was anti-abortion and pro-big business..but i think he was the one who proposed a law to keep taxes off the internet forever.
Which is why the perfect repsonse to a request for a key is to claim that you used a one-time-pad :
"Yes officer, I'd be happy to hand over the key, but all you're likely to find is a list of risqué jokes..."
-- AC
Now if only there were a way to send people to jail for voting Republican...
I'm sure the current Administration is working on it...
The philosopher Austin wrote a very nice book ( How to do things with words) about precisely these sorts of "powerful" words, which he calls "speech acts" though in practice they may be written or spoken. It is certainly interesting to consider when and how digital communication may constitute new forms of speech act. Has anyone seen anything written on this?
No sir
The 5th amendment is 100% pure US juice. Nothing like that in anywhere in Europe. If you're ordered to hand some information, you have to comply, PERIOD.
Yet, if you're a suspect in a criminal investigation, you're not supposed (and you cna't) to take a oath: no grand jury or anything like that. That is: you can lie, say whatever you wan't and it's not a perjury. Also, in most EC countries, it's fairly easy to refuse to testify (which is a GOOD thing, much more protective than the 5th amendment BS).
Why don't they just rip the top off the shed? Oh crap, maybe the whole shed is made out of the same material as the lock. Never mind.
Thats a scary thought.
MS gave us WAV? Hmm... I think you may be giving them undeserved credit. WAV sure looks like a type of Electronic Arts/Amiga IFF format, with a few (gratuitous) changes thrown in for incompatability's sake.
Sure, but you can keep the clear text and the public key, and prove it matches the cyphered text.
... but even then, it means you have a big HD and a fast link, so you can pay for a backup, isn't it ?
Not a problem, really, except, if you mail 4 Tb messages every morning
> 4. Eric Clapton ("I shot the sherriff...")
that should be Bob Marley.... being true to the copyright
Now granted, real drunk drivers are slime. But we can't just push the constitution aside when starts protecting evil people along with the good ones, can we? How can the legal system reconcile their drunk driver policy with constitutional rights?
That was a submit :) *run*
Oh one more thing ..perhaps the submit could be
placed on the other side of the format selector
(is selector even a word?) to enhance the distinction between the two.
If you deny a breathalizer test in the US, you automatically lose your license for 6 months. Well, in Illinois at least. Certainly no warrant involved there. Nice, eh? So much for the consitution. That document gets ignored more and more as time goes on. Refusing a breathalizer is *definitely* trying to not self incriminate. But somehow, this assualt on the 5th amendment has been neatly sidestepped as if it were some absolete notion which is obstructing some sort of "progress". Laws like this sit like worms within an apple.
just call it a hack
If anyone thinks Jack Straw will understand that e-mail then they're seriously overestimating the intelligence of politicians. This is *WAR*. It's us vs them - and crypto is the best weapon we have. Of course they'll try to control it. But who cares? The nice thing about this bill is that it shows they're too stupid to have any chance of controlling it. It looks like we're winning. (A)
It's a nice idea in principle - something I've often thought about doing if I had some spare time. But is there already an established body of data on good ways to do this?
Oh, so to comply I have to keep plaintext of every document I public-key encrypt and send? I don't think I'll be doing that.
This is not necessarily annoying, except to the government...you could give them all a subject line like "PGP chaff," and autodelete all those messages. Then when you type a passphrase your PGP could check all the emails in your deleted folder for any that are intelligible.
The problem with stego is that it is only really effective when not a whole lot of people are using it. If _everybody_ had secret messages stored in innocent looking 30MB .wav files, it doesn't buy you much. I'm kinda hoping stego doesn't catch on too much, that's the best way for it to remain effective.
This is nothing. In Iran you are executed if you are caught with encryption software or encrypted data on your PC.
* * * * * * * *===========================
* * * * * * * *
* * * * * * * *===========================
* * * * * * * *
* * * * * * * *===========================
* * * * * * * **
===========================================
===========================================
===========================================
===========================================
I liked the chaffing comment made earlier -- a special key retrieves psuedo (non-incriminating) data.
Another neat feature would be some kind of auto destruct of the confidential data.
I imagine the man would be competent enough to make a r/o backup of your drive, though.
Maybe a destruction key you could punch in to scamble your data when they break through the door? you would need offsite storage and the ability to destroy the online data very quickly.
Good not only against the man, but professional espionage in general.
If you don't have a copy of the key, then they can't force you to give to to them even if you have it memorized (unless you arn't the person who is on trial). Of course depending on the type of encryption (ie memorizing is not an option) then the fact that you have the encrypted messages could be enough to get you on evidence tampering charges.
Or off to the looney bin for voting Democratic...
I suspect his relation to his goverment is rather similar to yours. (making an assumption that he is British & you are American here).
Author's Rebuttle:
This would give a lawyer more options. Saying that.
"I don't have the key to that file because the system generates the key randomly and never tells or records what key is for the file. It merely adds it to the list."
This way, you can legally say "I don't know what the key for that file is". And that's that. Furthermore, you could use something other than a LF to seperate the keys. Or steganographically hide the keys in a chapter of 'War and Peace' (be creative in your reasoning for keeping an encrypted chapter of war and peace).
BTW: Genius is an awesome program.
And as a kicker, send them whatever data/images/talk is illegal in their country. Do they "delete" their e-mail or shred it?
>You are simply allowing them to *collect* >information, similar to when a cop searches you >for weapons.
But still, that information will still be
used against you in court. Testifying is
giving information. The results of the
breathalizer *is* information. Why would
information provided inside a courtroom
be any different?
Even worse, you *won't have a lawyer*
next to the car with you. So it's like being
put on trial right there on the road sans
lawyer.
No, really? I thought the hidden guy was the solicitor!
The point was that knowing who the solicitor is makes it possible to put him under pressure to find out who the hidden guy really is.
How can you tell the difference between random data and encrypted data?q Gl + 01 7 Jy x C+ M ZR
:).
:).
/dev/urandom is for :).
e.g.
----- BEGIN SOMETHING -----
Lu3pTaG5QpLNf91qpYh70Hjmf2MN39Vvp+n6pUaOM72N45t
3ccwE62JRgnvTjOVM12rkPqg/9dNA6gPR/fRXodyDUbs3pF
xCHlIprdDSZflEqe701f3MWxYpgcE6EalBYB473uxc+G7wS
TV5MsgSoS9fFDXBo71BkWTeciNi0INEynko9mcIamNjdJnv
ig1iVVYL5K3UrweisxxelcuEzkQr0F9bgxfZ5WAteK7ooEI
----- END SOMETHING -----
If you happen to have a bunch of random bits[1] lying around, what happens if the Police ask you to decrypt them? Or what if you did a bad recording resulting in a crummy wavefile and the Police accuse you of doing encrypted steganography and ask you to decrypt it
Worse is if they "decrypt" stuff using their own custom one time pad - which "frames" you for some crime you didn't commit.
The only way then would be to come up with another one time pad which shows that it's some secret cookie recipe
It's a silly law. And unfortunately we have something like that in Malaysia too. They don't understand that encryption is different from a physical safe.
But I heard you US chaps have got a proposed law where people don't have to show how they got an encrypted message.. Heh so you guys are in big trouble- coz you can then be framed for all sorts of stuff.
Cheerio,
Link.
[1] Heh hope they understand what
The point of stego is that (when combined with encryption) nobody can _prove_ a .wav file contains data. Since the data is encrypted, it looks completely random without the key.
I thought it was 'Fucked up beyond all Recognition'.
Foobar is an alternate spelling, and also lends itself to becoming two variable names instead of one.
I hope you can excuse me for pointing this out but we are *NOT* citizens! We are in fact Subjects, and NO, we don't have a constitution or any formal right to privacy, and Yes we could be asked to incriminate ourselves.
:-)
Ho Hum, one day things will change, unfortunately I don't imagine Mr Straw will be the one to change them.
But at least it was WE who invented Monty Python
S.
One thing that I think most governments should remember is that they are the servants of the people, not the other way round.
People committing criminal acts in the name of fairer laws have not been tolerated since the Suffragettes, don't you know!
--- Coward is as Coward does.
Which is why the proposed leglislation enables the police to serve the order on the person with whose key you have encrypted it. From other discussions I have read, the intention is not to serve the orders on the suspects (or persons under observation), but on those with whom they correspond.
The point was that knowing who the solicitor is makes it possible to put him under pressure to find out who the hidden guy really is.
No can do. Solicitors are protected by law from revealing such information (even a high court judge can't demand the solicitor to reveal afaik)
Phillip.
Has anyone developed an encryption scheme where you can decrypt your file with either of several keys, and each key will decrypt the file to a different plaintext file? Then, when the police come knocking, demanding that you turn over the key, you can give them the decoy key, which will decrypt the file to something innocuous. (a letter to your Mom, maybe) Then the police move on, thinking there is nothing there, and stop harrassing you, and your "real" message is forever safe. Problem solved?
In Applied Cryptography by Bruce Schnier it details such a scheme. By it's nature such an encrypted message will be larger than normal and so convincing the police that there is no extra information hidden in the message will be your problem.
Phillip.
"If the police ask you keep the demand to hand
over the key secret, telling anyone would
render you liable to 5 years in jail."
Urgh. It took me about 6 passes to parse this sentence. At a minimum, there needs to be a "to" inserted after the first "you." At best, it needs to be re-written entirely.
http://www.stand.org.uk/dearjack /images/swear1.jpg
Given this carelessness, finding out who the 'mystery man' is becomes much easier. :)
There is no requirement that one has a knowlege of French to become a landed immegrant in Canada. Entry is based on a point system and you will get points for having English or French. If you have both, then more points (up to some maximum.)
For the record, only the federal, Ontario, New Brunswick and Manitoba governments are bilingual. All others (including Quebec are unilingual.)
Steemheet@hotmail.com who still can't get a password from slashdot!
it isn't handing over the crypto key that's the problem. it's that if you don't prove you don't have it you've got a problem, a jailable one. it's more as if they got a warrent and searched your shed for the bodies, found none, and then arrested you if you couldn't produce your family. no, that wouldn't last long in america, (i'd hope!) but i don't think it would be blasted out by the 5th. i would hope it would be blasted by the presumption of innocence. quinn@ambiguous.org
Encrypt a file of keys that you use, but you don't record which key goes to which file. That way you dont really have the key. But if you wanted to get back into a file encrypted with one of the keys, do a dictionary attack using the keys from that file. It shouldn't take too long.
10. O.J. Simpson
9. Ted Kennedy
8. Patrick Naughton
7. Kevin Mitnick
6. JonBenet's daddy
5. Whoever shot JR
4. Eric Clapton ("I shot the sherriff...")
3. But he didn't shoot the deputy...
2. Dr. Richard Kimble
1. Hemos and CmdrTaco (*they* killed Kenny!)
Hmmm... all that, and I didn't even *mention* Bill Gates!
The fundamentals of this law are good. Actually, this is probably the only acceptable middle ground about encryption. You can use whatever encryption you want as long you can provide the clear text to law enforcement official, given they have the proper warrant for that. There is the important point. No eavesdropping, no sweeping monitoring for pseudo national security enforcement. After all, police cannot search your homeplace just like that, but they can do it with a warrant, issued by a judge, isn't it?
But, sure, the current wording is really stupid and this letter does a great job to prove it. The obligation should apply exclusively to the messages / documents YOU encrypt. And penalties should be enforced only for voluntary destruction of key/clear text. What can you do if your hard drive crash ? And anyway, for the "no disclose" part of the law, even in UK, you cannot be denied a legal counsel at anytime in a procedure. So, this law is already dead.
Good idea, but redo your homework, Mr Straw
A.C.
I have huge files containing random data on my hard drive. They are the output of several RNGs I am doing statistical analyses on. Of course, one of the files MIGHT be an encrypted filesystem. So when MI6 kicks down the door and demands the "key" to decode the random data that they think is hidden information, what will happen? Floggings day and night until I "talk"? Jail time for "not cooperating"? But it's just random data! Really! But since I cannot "prove" this in any way (they can't "prove" me guilty either so there's no crime, but I am ruled in contempt of court and jailed on that. Oh Loverly!
One could make a strong arguement that the forcing one to divulge crypto keys IS a violation of the fifth amendment. In the US you have the right to not give ANY information that can incriminate you in a criminal case. You can not be compelled to testify against yourself. If a key is considered information, you can't be forced to give information that can incriminate you. Period. When you get arrested in the US you must be read your Miranda rights. The first of whice is "You have the right to remail silent." That means shut the fsck up! If you're innocent, they have to find evidence that proves otherwise. You have NO obligation to give it to them. The prosecution can't subpoena you to testify at your own trial. They can hit you with warrants and subpoenas all day long. You don't have to give them squat. If you have a padlock on your shed (yes the one with the bodies) they can't force you to give them the combination. They have to either hire a locksmith to get it or break in. They can legally break into that shed. Just as they can legally attempt to brute force your crypto. >>Sure the cops should be able to gather evidence, but they should have a warrant first. (The easy of getting a warrant is another issue, that deals with judical oversight (or lack there of).) The warrant would only give them the permission to legally attempt to crack your crypto. Nothing more, anything else would be unconstitutional. >>Personally I have no problem with the cops forcing me to decrypt a message. Then you don't get it. You can't be compelled to give ANY information that you don't want to. >>I don't like it, but it's no different than forcing me to unlock a safe. In the US you don't have to unlock your safe in a criminal matter. They can break it open, but you can't be forced to open it. They can brute force crack your crypto, but you don't have to give them anything. Know your rights under the US constitution, or kiss them goodbye. Anonymous because on this one I want to post AND moderate.
- A.P.
--
"One World, one Web, one Program" - Microsoft promotional ad
"Remember when the U.S. had a drug problem, and then we declared a War On Drugs, and now you can't buy drugs anymore?"
If I keep all my encrypted files on my ISP and access them remotely (though ssh), am I in possession of them?
It is tempting, if the only tool you have is a hammer, to treat everything as if it were a nail. - Abraham Maslow
Thesaurus.com. Also, see Dictionary.com.
--
I suppose the whole "Miranda rights" thing is used to be sure you don't "accidentally" testify against yourself, so I may not be entirely accurate when I say "witness" has been interpreted to mean a court testimonial, but the rest of my argument still stands.
Cops aren't *asking* you anything but administering a breathalizer test. You aren't *giving* them information by allowing it. You are simply allowing them to *collect* information, similar to when a cop searches you for weapons.
Constitutionally, this is *perfectly* legal. If you have any doubt about this, please by all means consult a lawyer. If ANY law in your area is unconstitutional, it's your OBLIGATION as a citizen to have this law contested and repealed.
Every time I hear somebody say "this is yet another example of laws passed that are unconstitutional," I just get this knot in my stomach. If your local legislature is busy passing laws that are *actually* unconstitutional, your local government has some serious problems and needs to be fixed or overthrown ASAP. (I recommend the former.)
Exactly, but this isn't a US law. I was making the comparison to show why it wouldn't qualify for 5th amendment US protections. Citizens in the UK have no such protections (well, not like ours is set up at least).
A law like this would not be passable in the US without suitable alterations.
I disagree. There's a very definite, legally acknowledged difference between a potentially self-incriminating statement or testimonial and allowing/forbidding an officer to investigate.
It's like a cop saying, "Hmm, that person lying in front of you appears to have been stabbed. Oh, my, is that a knife you're hiding behind your back? May I see it please?" You can't simply plead the 5th (or the 4th) and refuse to turn the knife over.
I'd suggest you consult a lawyer if any of this is unclear to you. He can probably better explain it than I can.
In cases like these, a breathalizer isn't considered an "unreasonable" search. Like I suggested elsewhere, you should probably ask a lawyer about all of this. He can probably explain these things better than I can.
IANAL, but after studying some of these URL's you gave me, I've come to the conclusion that these people aren't lawyers either.
I can't even hazard a guess why this is necessary, but I imagine it has something to do with the local government's ability to govern its citizens. By surrendering absolute ownership (you still maintain ownership in "cooperation" with the state, as I understand it), this gives the state the ability to do things like impound your car if you break laws, etc. But along that line of thought it would then be illegal for the state I'm in now to impound my car, since it's still registered in my last state of residence. So again, I'm not quite certain what all of this means.
It would be nice to get a lawyer's take on the matter.
In any event, all of the URL's you quoted deal with vehicle registration and the certificate of title, not driver's licenses or "invisible contracts". The third URL simply quoted a bunch of text from various decisions without giving any sort of background on the cases. For all you know these cases could be about bus terminals and airports barring a person from travelling without sufficient reason, which naturally would be illegal. (I just happen to notice that a couple of the defendants were names like Dulles (the airport?).)
In addition, International Driver's Licenses are only valid in member countries EXCEPT the country of origin. Thus, feel free to get an IDL, but it won't do anything for you while you're in the States.
You're not testifying. You're permitting law enforcement access to information. In the US, refusing would be equivalent to not allowing law enforcement access to your home, in spite of the court order/search warrant.
This has nothing at all to do with 5th amendment protections against self-incrimination.
You're right about FUBAR except for the R -- I believe it stands for Recognition, not Relief. FUBAR = Fucked Up Beyond All Recognition.
-----
New E-mail address! If I'm in your address book, please update it.
The real meaning of the GNU GPL:
"The Source will be with you... Always."
Ever since it was decided that being compelled to give blood/saliva/urine/etc. is not a violation of a person's 5th ammendment rights, I have been worried that the right to not self-incriminate is on its way out (along with the rest of the Constitution).
Just another example where the canadians seem to be exceptionally sensible. Know of anyone who needs an experienced UNIX geek there?
-- Slashdot sucks.
Geesh. What is it with me and homophones lately. Ugg. "Are writes".
Shoulda hit that preview button.
-- Slashdot sucks.
You're right. And as a libertarian, I know better.
Man, I really should have hit the preview button on that comment.
-- Slashdot sucks.
Oh. Don't get me wrong -- I fully recognize that sometimes are writes are written in dry sand on a windy day.
I just think its a hell of a lot better to have enumerated, hard to modify rights than to have the kind of wishy-washy mishmash that the British have. My impression is that Parliament could turn GB into a totalitarian state tomorrow and that nobody could do anything to stop them legally.
I think that is the peculiar genius of the american constituion: checks and balances, combined with two layers of law (i.e. statutory law and constiutional law). One is easy to change, and so we can adapt. The constitution is very difficult to change -- it is the bedrock of our society.
What scares me is the courts: they have grown more and more liberal. If they go south, then we may as well kiss the constitution goodbye.
-- Slashdot sucks.
Geesh. What is it with me and homophones lately. Ugg. "Are writes".
Shoulda hit that preview button.
-- Slashdot sucks.
That's what I love about the British -- on average, they are much better spoken and written than those of us on the western side of the Atlantic. They also have a gift for poetic understatement that is probably one of the funniest things on the planet.
/., a lot of people criticize the US. And that's a good thing: there are many areas where the US deserves to be criticized. But let's not forget that in some areas at least we are far ahead of the competition.
But I wouldn't want to live there. In the US, I could challenge such a bill on a number of constitutional grounds. I could claim that it violated due process, unreasonable search and ceisure, freedom of speech, and unnenumerated rights such as privacy. It wouldn't last six months (much like the late CDA did not). However, my understanding is that in Britain their are no such consitutional protections -- don't I remember hearing that they don't even have a formal consitution?
On
-- Slashdot sucks.
No, the UK does not have a freedom of information act. The government promised one when it was the opposition, but AFAIK the current proposals are so watered down as to be effectively useless.
no taxation without representation!
If you loose the key - you're foo bar'ed.
I'm really having a hard time understanding the point of this law: If I'm a terrorist, am I likely to be coerced by two years jailtime into revealing a key that will decode messages that will land me in jail for life? Terrorists may be stupid, but I doubt that they are THAT stupid.
On the other hand, if this were rigorously enforced, you could (anonymously of course) send people you dislike a random block of data and tip off the police that they have encrypted messages pertaining to a crime....
no taxation without representation!
Basically this relates to tipping off people about communication interception being illegal. I.e. if the police demand that you decrypt the email I have been sending you, you can't tell me (or anyone else) about it - otherwise it's straight to jail without passing go.
...
In itself that is fair enough - after all you don't want to allow one of the proverbial peadophiles/drug traffickers/international terrorists to tip off their colleagues. What is insidiuous is that the government under the current proposals will not be required to reveal the interception / decryption request even after the fact - not even in summary form. In other words, the government can claim that this law is very effective in preventing crime without ever having to prove it
I don't usually subscribe to conspiracy theories, but this is beginning to suck. But at least we still have the European Court of Human Rights to fall back on.
no taxation without representation!
I can just see it now. This bill passes in Parliment. Some terrorist organization decides to do some digging and gets a list of every wired citizen in the UK. Said terrorist organization sends an email with a PGP encrypted text to each wired citizen and then throws away the key. Every wired citizen is then a criminal and must be prosecuted. If the police do their job and the courts to their job, every wired citizen in the UK goes to jail for a number of years, and a big sucking sound is heard where a large part of the UK's work force used to be... What a moronic piece of work... If the police and courts don't do their jobs, the UK government is seen as hypocritical or negligent for not enforcing the rule of law, which is the foundation of a civilization and nation.
Five nabbed on charges of spying for N.K.
The National Intelligence Service (NIS) announced yesterday that it
caught five people who allegedly established a pro-North Korean
underground revolutionary group in the South on Pyongyang's
instructions and worked for the Communist regime.
The five former student activists were given secret names by North
Korea, and were ordered by Pyongyang to spread North Korea's juche, or
self-reliance, ideology among South Korean citizens in preparation for
a "revolution in the South," the NIS said.
They sent reports to North Korea and received orders from Pyongyang
through the Hotmail Web-based e-mail service, the NIS said.
---- "If we have to go on with these damned quantum jumps, then I'm sorry that I ever got involved" - Erwin Schrodinger
A really incredibly well done article. The photo essay was wonderful, I laughed so hard... Hopefully further articles/letters like this will help convince governments to adopt logical legislation about internet and cryptography legislation. Very nicely done, Stand.
-David Ziegler
-dziegler@hotmail.com
-David Ziegler
-
There is something very satisfying about this. This is an excellent, textbook quality example of how to make one's point on the net. That the issue is important is just gravy.
Warmest Congratulations to the parties responsible.
-- Jeff Paulsen
"Of course not.. It was Al Gore. ;)"
:)
Some would claim it was Bill Gates.
Actually, it was both.
The explanation of how it is possible that they both invented the same Internet independently of each other is a complex one the relies on several principles of Quantum Mechanics, a rare alignment of two distant stars and our planet, and the religious theories of a race of hyper-intelligent mice living in a space station orbiting Venus.
But trust me, it's the truth.
I may be talking out of an unnamed oriface here, but the fifth amendment doesn't apply if you're asked to provide information which incriminates someone else...i.e., the person could be required to hand over info which incriminates Mr. Clinton, but not info which incriminates herself. At least, that's how I understand it. Plus I think that the case you are talking about was a grand jury investigation, which has somewhat different structure than a regular court.
Does the UK not have similar protections for it's citizens?
--
Careful with this strategy. In addition to losing your license, you will get all the benefits of Probation, where you get to go to jail if you ever
test positive for marijuana, for instance. And Insurance? Probably won't be able to get it, or
you'll need a special expensive kind. And the thing that floors me, in Texas anyway, is that it's a severe impediment to renting an apartment.
No apartment on the Texas Apt Assn. will approve your lease if you've had a DWI or drug possession
*arrest*. Not a *conviction*, mind you. An *arrest*. I think I'm more afraid of the corporate entity than I am the government.
-fb Everything not expressly forbidden is now mandatory.
Speaking of Net Dot Activism:
There are plenty of things (e.g.: this, the 3-lines-of-Perl RSA sig, the publication in exportable book form of the PGP source code) that fall somewhere between protest action and Gedankenexperiment.
There should be a catchy generic name for these sorts of hijinks. Anyone care to step up?
spawn_of_yog_sothoth
Not necessarily - the file would have to be big enough to contain the porn pictures, the issues of Phrack _and_ the 'other information'; all they would have to do would be to recompress the porn and phrack and get a smaller file size and they could show by implication that there is more to the original file than meets the eye. It's enough to cast 'reasonable doubt' on a case. The only way out of this would be to invent a compression algorithm that wastes space, but who'd use that? Personally I want my Zip files to be as small as possible and I see no reason to adopt a deliberately lossy format just to protect criminals. Or am I looking at this the wrong way? Should I adopt a deliberately lossy format to protect my freedom? This in itself suggests I have something to hide.
So the original message was how to bankrupt Threadneedle's Old Lady? It gets encrypted with one-way encryption - hey presto, end of message. May as well have shredded the original document.
Wouldn't this fall under some sort of 'obstruction of justice' type law?
Ce n'est pas une signature automatique.
e-terrorism is an IBM e-business.
Humor alert. Attempts to paradory IBM's "e-whateverthefuck" campaign.
Has anyone developed an encryption scheme where you can decrypt your file with either of several keys, and each key will decrypt the file to a different plaintext file?
Then, when the police come knocking, demanding that you turn over the key, you can give them the decoy key, which will decrypt the file to something innocuous. (a letter to your Mom, maybe)
Then the police move on, thinking there is nothing there, and stop harrassing you, and your "real" message is forever safe. Problem solved?
I don't care if it's 90,000 hectares. That lake was not my doing.
Insightful and well-read for an AC! Yes, in fact, I was referring to Austin and Searle and a few others in my treatment of the post on Word Power. And I've written a small paper on how action words work on-line, and my thesis has a chapter or two on it.
Returned Peace Corps IT Volunteer
This reminds me of a /. post from earlier this year about the problems with distributing some highly revered religious texts (The Torah, IIRC) over the Net, in that copies cannot be destroyed without the appropriate ceremoney, etc.
The power of words and information is becoming increasingly tangible--here with this letter to Mr. Straw, with the Torah, and in similar things, like signs that say "Warning: Narrow Bridge" which perform actions of warning by sitting there looking yellow.
Expect some changes in general thought about words being 'just words' in everyday parlance. It's already in philosophy and has been most of the century.
Returned Peace Corps IT Volunteer
Yep, we're going from an age where everything must be encrypted, to an age where everything must be steganographically encrypted.
But steganography requires noise to hide in. Here I was, all happy that higher bandwidths, larger storage devices, etc. are becoming cheaper and more available, and now I realize that I'm going to have to use ten times as much of it, just to break even.
It kinda reminds me of the CPU advances vs bloatware situation. People are able to opt out of that by not using bloatware, and thereby ride the hardware technology wave. But will not using stegano really be an option?
---
Have a Sloppy day!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
where would we be without danny o'brien, eh? erm, probably doing more work on friday afternoons. that's where.
----
-- in china, chinese food is just called food.
for('activism','terrorism','protest','action','pol itihack'){$a =$_;for('cyber','e-','i-','net.','meta'){print;pri nt$a."\n"}}
----
-- in china, chinese food is just called food.
My passport says im a British Citizen, they got rid of the 'British Subject' bit sometime in the 80s
Also loving being British
Actually, this campaign season appears to be an unusually good one in that both major parties have candidates that are reasonably intelligent, thoughtful, and independant-minded. I'd be happy if either of them got nominated (McCain or Bradley), even though I don't agree with them in all cases. I'd be ecstatic if by some stroke of magic _both_ of them got nominated.
Depending on how "possession" is defined, it would seem that this bill essentially requires providers of hosting space for web pages to have access to the private keys of any encrypted data that they are hosting.
Not a good thing for the relationship between web hosting companies and their customers, I would imagine.
The government doesn't need to charge you with conspiracy. They have a nifty system in place already if you don't cooperate. They just charge you with contempt of court and throw you in jail for an indefinite amount of time. It happend to one of Clinton's supporters in the Whitewater investigation. She (I forget her name) refused to turn over some documents and was in jail for a number of years.
A Ron Rivest paper
and a postscript document on deniable encryption by Canetti, Dwork, Noir and Ostrovsky.
Happy hacking!
There was also a short piece on it in 2600 a few issues back, I think in enough detail to implement it if you know basic crypto programming. I think it mentioned some prototypical crypto-stego filesystems already available that use this idea.
IIRC, you divide the cyphertext into blocks, which are either chaff or real data. You use the key to scan along, decoding blocks until you get a decrypt that checks out, and then that block has some of the data and the key to the next valid block. Thus, depending on what key you start with, you can pull out any one of many embedded plaintexts. You can set the ratio of chaffing to be whatever you want, but it generally needs to be pretty high for it to be truly effective. I think, for example, that if you wanted a secure 2 GB filesystem, you'd want an 8 GB disk, with 2 GB of filesystem, 2 GB of alternate plaintext and 4 GB of random chaff. Not very effective or fast, but when you need to be secure...
So if Mr. Fed demands a key, you give him one, and it pulls a couple of porn pictures and some old issues of Phrack out of the cyphertext. You gave him a key, it produced plaintext from a cypertext- get out of jail free.
That there's another key that decrypts entirely other information from the file is impossible to prove, due to the chaffing.
Any sensible criminal would just use this type of encryption.
Your brain. Lovely little thing, isn't it? You have every expectation that the thoughts contained therein are yours alone, and you don't have to account for your thoughts to anyone, only your actions. Thoughts hurt no one by themselves.
Your hard drive. When you can't readily remember everything, you use your handy dandy computer to store it. At this point you have various expectations of privacy, but chances are anyone encountering a file that is encrypted will realize that it isn't for them to see.
Freedom of thought is an individual right, and it is no one's business but the thinkee what is being thought about. But like the schoolyard bully, the powers that be do not wish to be humbled by anything beyond their purview. Encryption is just one of the many tools available to the individual to protect this absolute right against oppressive forces, whether or not they operate under the banner of law.
Yes, the act of not cooperating would be obstruction of justice/contempt.
The conspiracy charge was only hypothetical if the Government decided, "Aw hell. We can't get him with on this with out the evidence. Let's see what we can charge him with....how about conspiracy?"
Of course it's MUCH more likely that they'd just let you rot in jail until you gave in. (Whether you're in jail for 20 years for contempt of court, or 20 years for the actual crime, it doesn't much matter to the Government. (Of course if you do cave in 20 years, they'll be more than happy to keep you in the can for 20 more years because of the original crime.)
The problem is that any mechanism that allows the cops to intercept your communications and use them against you as part of a valid law enforcement effort may also be used by non-police.
That's not exactly true. I can't tap phone calls.
What's to stop me from alleging that a business communication from one of my competitors contains evidence of illegal activity, then bribing the law enforcement officials to disclose the contents to me, thus gaining a competitive advantage?
That is HIGHLY illegal, and anti-corruption laws already exist to keep you from attempting to do this, and for the police from fullfilling your request.
Would Nixon have needed to send burgulars into the Watergate Hotel if he could simply tell the NSA to retreive the DNC's keys from key escrow, and intercept all their communications?
Again, that's corruption, and abuse of power. Anyway the whole point of the burgulry was to hide the fact that the Whitehouse was involved.
First off, I'm an American, so I don't know jack about the civil rights one has in the UK. I do know this, they're not enumerated and can be withdrawn by an act of parlament. (Just one of the many grievences that led to the American Revolution.)
Since I've already admitted that I'm not qualified to speak about British law, let's suppose that this law was passed in the United States. (Which isn't unlikely.) This law would be perfectly legal. When the government suppeanas information from you via a search warrant, you have to give it.
Turning over a crypto-key is no different than turning over the key to you shed where you stashed the dismembered corpses of your wife and children. (Claiming privacy for stashing a body doesn't cut it, and it doesn't for encrypting a document either.) It doesn't violate the 5th amendment (Freedom from self-incrimination, for all our non-American friends) because it's evidence gathering, not testamony.
Imprisonment for not retrieving the key is where American and UK law start to diverge. INAL, but I belive the governement can still imprison you under some sort of conspiracy law, but I'm not sure. (I really don't know alot about conspiracy law, except that they only have to prove intent, which has a very low threshhold. Also they don't need physical evidence, (thus the "Conspiracty to ______" charge rather than for "_______ing".)
I understand law enforcement's predicament when it comes to crypto, but it's no different than any other civil-rights vs. law-enforcement issue. Basically the crypto-issue reduces down to Search. Sure having cops rabndomly raid someone's home will prevent crime, but is it to much of a price to pay? Sure key-escrow/recovery will allow the cops to evesdrop on you and the criminals, but is it too much of a price to pay?
It's a classic predicament, and there isn't an easy answer. A long time ago, society decided "No, you can't let the cops barge in and search. They need warrant to do that." Later society decided, "No, you can't just let the cops evesdrop on phone conversations, they need a warrant to do that." Sure the cops should be able to gather evidence, but they should have a warrant first. (The easy of getting a warrant is another issue, that deals with judical oversight (or lack there of).)
Personally I have no problem with the cops forcing me to decrypt a message. I don't like it, but it's no different than forcing me to unlock a safe. (However. I would kind of like to see the FBI crack the crypto.) I also feel the US crypto-export laws should be repealed, because they're completly ineffective against curbing the spread of strong crypto, and only serves to hold back the software industry and e-commerce.
--
The following was just random line noise.
There are several interesting clauses in it, to my eyes, to be found at http://www.dti.gov.uk/cii/el ec/ecbill_part_III.htm onwards.
In particular, I notice sections 10 (2) where (a) and (b) might give grounds for defence / opting-out, but "require" towards the end stamps on our freedom & privacy.
(3) (b) seems to allow for any means the requirer sees fit - I wonder what happens if they choose PGP-signed mail?
(11)(2) and (3) appear to leave a loop-hole; if you're required to release information believed to be held under a key system, might you only have to release "useful information" ('in an intelligible form'), not necessarily the *actual* information you've encrypted.
Big deal? Why've I gone to the trouble of looking all this up?
Because while it will only apply if the police demand it, which will probably only happen if they suspect you of something, the problem is that if we don't *exert* the basic human right to *privacy*, then someone will trample all over it later and you'll wake up powerless to fix things.
~Tim
--
Rushing on down to the circle of the turn
... putting it right next to the "spelling" and "grammar" check buttons. :^)
Bob knows we need it!
+&x
I'm fairly anti-republican, but I admit to having respect for Fred Thompson. He was put in charge of investigating campaign contributions to the democrats and seeing if there was any hanky-panky. The problem came when he said he was going to be evenhanded and look at the republican campaign finance records. You should have heard the massive protests the Republicans put up when they heard he wanted to look in their cookie jars.
Ottawa appears to be a computer industry hotbed (eg. Ottawa Linux Symposium). A lot of tech companies are there, including IBM.
Here's a good site (remember that US$1 = CAN$1.50):
http://www.canadasearch.com/jobsearch/emp loy.htm
Personally, I like the Halifax area. They have a great music scene and people are actually nice. It's not too expensive to live there, either.
Just because government calls it something new doesn't mean it is. Words have meaning independent of their official use in propaganda. I suspect your relation to your government is fundamentally the same relationship it would've been before they "got rid of the 'British Subject' bit" and you're only fooling yourself to think otherwise.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
The consensus seems to be that digital representations of the words are not actually the words in the same way that analog ink-based writings are the actual words. Your point remains valid, though.
"If one is really a superior person, the fact is likely to leak out without too much assistance" -- John Andrew Holmes
I've been supporting Stand for a few months now. It's fairly painless work - just add a few lines to your webpage. They guess we'll have to send a letter to our MPs when the time comes, but that hasn't happened yet.
There are already a lot of MPs "adopted" into the scheme, so when the time for action does come, it should guarantee that a lot of politicians at least hear about the situation.
This is not legal advice... But I don't think you have to give them the combination to your shed here either. The difference is it may be in your best interest to give them the shed combination even if your are guilty. On the other hand you probably are better off fighting a 'obstruction of justice' case than a full criminal charge if the evidence they need to convict you is in the email. With the shed your not going to stop them from getting the information and the last thing you need is another charge but with the email they may not be able to get the critical info if you don't help them.
Actually, In both states I have lived in you can refuse the tests. The state then has a _MUCH_ weaker case. If you refuse the test then it is an instant suspension of your license for 6 months (if I remember correctly.) The bottom line is if you are going to fail the test then don't take it!!! The evidence then becomes stuff like 'the officer found empty bottles in the back of your car and smelled alcohol on your breath after pulling you over for driving funny' which is much easier to avoid (put the bottles in the trash and eat a lot of really strong breath mints). Of course if you refuse the test then you automatically get a night or two in jail along with your suspension, which you would get if you failed too.
This isn't legal advice either and may vary in other states.
Inferiority complex.
Think about, it was not the intellectual core of European society that left for America, but the bumms, the farm hands, the troublemakers, and the generally useless topsoil of society.
After 200 years as a country they have yet to even begin to form a culture that doesn't involve the god given right to shoot people down on sight.
They still think that a football is a bunch of guys fighting over a ball.
They still haven't learned to eat with a knife and fork.
They still use double negatives.
You would be touchy too.
PS Check the TLD before replying next time
PPS Go ahead, moderate me down, I've got the karma to spare.
-
Funny, I seem to think those are the two things that are RIGHT about america.
Pretty much everything else is wrong...
-
You know, thisis an excellent way to demonstrate a large flaw in the bill.
What would be even better, if they threw a lot of power behind it and cracked it, and it turned out to be something small, like littering or speeding, or something that would be of very little concequence.
I would find this very humerous. =-}
The letter is absolutely excellent reading, but I'm wondering about the first sentence of the sixth paragraph:
:-) What's to keep /every/ such key request from being "secret"? Is there provision in the bill such that certain extra circumstances must prevail in order for the demand itself to not be publicized?
"If the police ask you keep the demand to hand
over the key secret, telling anyone would
render you liable to 5 years in jail."
Perhaps somebody on the other side of the Pond could clear something up for this rebellious colonist.
You cannot apply a technological solution to a sociological problem. (Edwards' Law)
I guess it would be an option. Is there a law that says that you have to have the key to decrypt the stuff. Maybe the key is encrypted inside another encrypted message that you don't have the key for. I am new to the encrypted communication arena. I send an encrypted message to myself at another account that inside says that if you have the time to crack 2048 bit encryption crawl out from the cave that you live in and shoot yourself because this is a fake message. Then it gets forwarded to about 20 different mailboxes. Just my little way of saying f*** it.
Good is never enough, when you dream of being great!
It would seem that to enforce a law like this, law enforcement would have to first prove you were in fact in possession of encrypted data.
It's not too difficult to create a PGP like utility, that produced files without headers, consisting of a single, inscrutable globs of zero entropy data.
Such a file might bear a striking resemblence to ones used in the random number generation experiments, data compression tests, and background radiation measurements we will all be conducting real soon now...:)
Thats ok if they say that politicians and law enforcement are exempt, just send it to their spouse / other relative, and they cant say that all relatives are exempt, because people will be able to follow their family trees back to prove a connection to someone related to a politician (the old six degrees of seperation argument). In truth the government can do nothing to fight encryption, its already lost, and that scares them, they want control, and its slipping inexcerably through their fingers.
As for "Freedom of Information Act" the UK WAS supposed to get one, but they decided to vote on fox hunting or something. Just shows what control freaks politicians really are, even our own supposedly sensible UK ones. Although we do try to protect whistleblowers over here, but that doesnt always work.
Any sufficiently advanced man is indistinguishable from God
Smarter than everyone else? No -- just some of the Anonymous Cowards...
DO NOT LEAVE IT IS NOT REAL
I'm sure you have heard this quote before, and I heed it personally. That said -- where's your sense of humor?
DO NOT LEAVE IT IS NOT REAL
Oh well. At least there's Ralph Nader and the Green party. And Michael Moore, if he could ever be drafted to run for office.
Actually, here's a suggestion, kids -- support third party candidates, whatever your political slant is. If everyone went by the best candidate, and not the one more likely to keep you placated given the choice between options A and B, maybe we'd end up with a smarter, more dynamic government, where boneheaded laws like this wouldn't be so likely.
Interesting idea, no?
DO NOT LEAVE IT IS NOT REAL
I think this is what you call a clue-by-four.
You could also use info[demon]stration if you like corrupting languages.
Well done, Stand! We'll laugh 'em right back under their rocks.
I pretty sure that you are not required to speak conversational French to be a permanent resident. I've known quite a few people who immigrate here and don't speak French. Hell, my French (and English for that matter :) ) is rudamentary. I believe you are required to be able to speak *one* of our official languages with a reasonable comptenecy.
:)
The advantage to reading French is that the way stuff gets translated can be pretty odd, especially slogans/jingles on junk food
Dana
Hmm...it could be, having never had to immigrate to Canada, I was trying to think back to high school :) I'd look into it again and try to find a written policy.
I do know that, thanks to NAFTA, I am automatically allowed to work in the United States in high tech fields once I have finished my university degree and have a job lined up. I assume the law works in vice versa for Americans coming to Canada, although working in a country and immigrating are different things.
Dana
I found the Citizenship & Immigration website. Here is the link to some useful info.
The way I read it, you are assessed an elligibility score. You need a total of 70 (out of 100 possible) points, if you are fluent in both French & English, you get 15 points, if you are fluent in one of them, 9 points. Contact C&I for details about how the points are assessed, but it looks as though it is relatively easy to qualify, especially if you are young, have a degree (or other post-secondary training) or job experience in the computer field.
Hope that helps (and wasn't getting to far off topic)
Dana
Time and time again, I get to think, "Yay, I live in Canada". Here is an excerpt from John Manley (Canada's Industry Minister) outlining his governments crypto policy:
The policy allows Canadians to develop, import and use whatever cryptography
products they wish and does not impose mandatory key recovery requirements or
a licensing regime. "This policy is good for the Canadian economy," said Minister
Manley. "It supports the increased use of electronic commerce products and
services in Canada, as well as the export of Canadian information technologies to
other countries."
Wow! A consumer/industry friendly approach! The full article is here
Dana
Be careful with jokes. Some moderators have no sense of humor: example
You might want to read 'The Rape of the American Constitution.'
7 8/qid%3D938554118/002-4343024-5168459
http://www.amazon.com/exec/obidos/ASIN/15595012
It starts off listing _why_ the orginal ten articles of the Bill of Rights are what they are. The rest of the book shows cases where the corrupt US government has continually eroded the rights of the people.
The best part of the book is when they quote Jefferson saying (paraphrasing of course) "Why do we need to specifically list what rights the sovereign people have? Whatever rights they don't give to the government, they retain. If we list them, future government will assume those are the only rights people have." thus he included Article X of the Bill of Rights.
Its an easy read and you should be able to finish it off in a weekend.
Cheers
The SAFE act does update U.S. law in its application to technology. In effect, an encrypted (locked) file containing, for example, a list of drug distributors compiled by the local drug lab, will be treated the same as a locked closet or safe containing that same information. A search warrant is still required.
The prohibition on telling anyone is the same as in any other criminal investigation, it does not simply apply to encryption. You are generally guilty of interfering with a criminal investigation if you go telling people (your "known associates") that the FBI searched your house. The courts have rarely applied this to talking to a reporter or any other figure as long as it is clear that the subject was not trying to interfere with an investigation.
If the cops come to your house looking for someone, and you call that person after they leave and advise them to flee, your are guilty of obstructing justice, even if that person is later found innocent. This is the same idea.
That all being said. This is a ridiculous law, like many English laws regarding individual rights. They may have lit the first candle of some of these concepts in the modern era, but they have pathetic protections in the areas of Speech, Press, arrest and detention, civil procedure, and state security. That a society with such strong traditions fails so significantly in practice should give some insight to the origins of restrictive democracy in other homogenous countries (Singapore, Greece)
THE YEAR WAS 2081, and everybody was finally equal...
One bright spot here. I am a US citizen, and while I am disturbed by the almost daily threats to privacy and other civil rights in this country, what struck me while reading this is the resonance between the British citizens' problems and our own with similar attempts.
If nothing else, we at least are truly starting to talk about issues in this world without regard to traditional borders. It is becoming more of an attack on OUR rights, as opposed to their rights. Once people are the same side of the fence, they work together. What affects the rights of people "over there" affects people everywhere. With forums like this, the position of the world's repressionists is becoming more difficult. We must continue to think in terms of we, regardless of outdated borders and outdated ways of viewing people that many of us have grown up being taught (by our societies, families, churches, etc.). The purpose of free speach has always been to keep unpopular (to the gov't or to the people) opinions flowing so we don't stagnate in our thinking.Hurrah for Stand, for doing something. As long as we keep discussing and acting on these attempts to limit freedom, those who are afraid of everyone having the same freedom they have, will be unable to succeed. The more we incorporate the people of the world into the "we" of our mindsets, the more we move toward the world we all want.
We are agents of the free
That's right - it's the 4th amendment that should prohibit breathalyzers.
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
No comment at this time
Does the UK have anything akin to the U.S. "Freedom of Information Act?" I wonder if an entire Gov't agency could get into trouble for having information that's encrypted that the public should have access to but won't give up the decryption key?
-=-=-=-=-
-=-=-=-=-
My mom's going to kick you in the face!
hence the j/k addendum, this is a tried and true tactic we british use to wind up Americans. for some unknown reason they get rather defensive about this, can you enlighten me as to why?
stty erase ^H
If they offer you immunity to prosecution in order to bypass the 5th ammendment stuff and then find out that the letter contains something like that, tough luck for them, eh?
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
This is definitely the way to go. Decrypt on one passphrase and it pulls out some old pr0n jpegs, decrypt on another and it pulls out the plans to the bank robbery. No one could prove which was the correct data (Or for that matter how many keys there actually are.)
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
It's been a while since I read 1984 so the quote might not be exact...
I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
I don't think McCain is all that bad, so far. I, like many others, have suffered under the delusion that one party is liberal, and the other is conservative, when they are really just two like-minded groups fighting over the same piece of pie. ;)
~ Kish
I'd much prefer those offerings than that of Mr. "I invented the Internet.. Who's this Tim Berners-Lee guy?" or Mr. "My father was a loser who couldn't get a second term even though Clinton did but you'll vote me in because he's my father anyway".. Ugh. I might actually vote if McCain and Bradley get nominated. ;)
~ Kish
Damn straight. Companies like Nortel kind of scare me, though. I always did like Canada's less restrictive laws. Yet another reason why I want to move there. However, I'm a bit annoyed at the law that prevents one from becoming a permanent resident (barring special exceptions) unless you know conversational French. Seems like that would only make sense in Quebec (and who the hell wants to live there..? *ducks and covers*).. The only thing knowing French in Canada will save you from is Canadians who like to say "cute" things about Americans that they can't understand.. ;) Of course, if you do know French, you get to read everything.. twice.. (yes, this all assumes one knows English.. but then, you kind of have to in order to be reading this, right?)
~ Kish
I looked into it a while back, and though IANAL, it seemed to me that you had to be one of a few things: 1) a business person looking for new business oppurtunities (who doesn't want to boost their economy?) 2) someone with job skills immediately transferable to the Canadian job market (and who spoke enough conversational English /and/ French to get by) 3) someone fleeing their country due to some kind of prosecution (often religious or political) 4) if you have a relative in Canada who agrees to sign some stuff and "be responsible" for your financial well-being for up to 10 years.. The last of those 4 (presented in incorrect order, I believe) being the easiest.. If you have a relative in Canada. ;) Being your average person who wants to immigrate (sense 2) is, naturally, the most difficult way to get in.
Of course, if you only wanted short term residency, the options opened up quite a bit. Like if you wanted to go to school there. However, you got the boot as soon as you left school and there were some /harsh/ restrictions on what kind of jobs you could get (that is, only those revolving around your major ;).
If what I used to know now stands incorrect, that would certainly be exciting (I understand those laws are updated every 6 months to a year or so).. It would certainly open up my options as far as moving somewhere more hospitable is concerned.
~ Kish
Of course not.. It was Al Gore. ;)
No, the chances of getting a straight answer out of me on this thread are decidedly not good. Why? Because it's funny. So laugh. :)
~ Kish
"This is why such sober organisations as British Telecom, Hewlett Packard and Microsoft have publicly criticised the Bill at each stage of its development."
Microsoft doing some good in the world besides giving us the WAV format? Nifty. I'm still not sure I would refer to them as "sober" (they seem to prefer free beer to free speech.. most of the time, anyway ;).
~ Kish
As has allready been noted laws like this may push people into using steganographic techniques to hide their crypto.
Personally I don't have a problem keeping my pgp headers visible, but if they insist.
Hmm, what about UN*X passwords etc. with one way
encyption functions? You _can't_ decrypt them,
so will everyone running a such a box be a
criminal?
Methinks this needs some more thought...
--
Do people really read these?
See "The Stegonographic File System" Anderson, Needham and Shamir in Information Hiding Second International Workshop, IH '98 Portland Oregon, USA, April 1998 Proceedings
I am not a number! I am a man! And don't you
The problem is that any mechanism that allows the cops to intercept your communications and use them against you as part of a valid law enforcement effort may also be used by non-police. What's to stop me from alleging that a business communication from one of my competitors contains evidence of illegal activity, then bribing the law enforcement officials to disclose the contents to me, thus gaining a competitive advantage? Would Nixon have needed to send burgulars into the Watergate Hotel if he could simply tell the NSA to retreive the DNC's keys from key escrow, and intercept all their communications?
The problem here is that the massive potential for abuse here far outweighs the legitimate law enforcement needs. Besides which, if your want to see what is in an email you can always simply get a warrant and record the keystrokes as they are typed in, negating the need for anyone disclosing the key.
"Freedom means freedom for everybody" -- Dick Cheney