That's right. There's an ex-CIA guy (forgot his name) that pointed out that for most people in a middle east terrorist operations usually only trust their family, et al. with sensitive information.
My guess...is that they are simply passing the law to make people feel better.
Very insightful!
The only thing that concerns me is that this is about the same package they were planninng on pushing in the late 80's and 90's after CALEA.
I'd really like to know the mechanations behind this. I remember reading in the "Electronic Privacy Papers" that NSA/FBI was planning on pushing a ban on non-government encryption domestically after getting their CALEA wishlist from Pres Clinton. That didn't pan out.
What I find funny is that it's the media that's doing the pushing for them now.
-RB
Info from WWII mail censors vs. email scanning
on
Freedom Flees in Terror
·
· Score: 2, Interesting
Indeed, there's a long history of hidding messages in various forms. There's also a long history of catching it. As usual, I'll fall back on referencing David Kahn's "Code Breakers" for the particulars. Things such as hidding microfilm on a period in a letter, using the swing up vs. swing down in a cursive note have existed and have been caught by censors during various wars.
However, the main difference between that and systems like carnivore is that you used to have a human eyeballing these pages. Now it's impossible to get a staff that large (imaging trying to check every packet going over an MCI backbone).
Further, even if you wrote an expert system that could check the grammar and patterns of words in emails, it would most likely fail utterly, since the average person uses very individual (and odd) syntax in emails. Frequent misspellings, grammar missteps, and apreviations are everywhere. OTOH, conventional letters have a long history of established form where variation can be detected easily.
For that reason, such low bandwidth communicaion should be more that addiquate for the slow organization of terrorist cells. Virtually impossible to detect unless you're being targeted specifically (then you've lost anyway), and readily accessible. It's believed that important information is transfered face to face (ala the susspected meeting in Germany).
The funny part about the demands on civil liberties after 9-11 is that they haven't changed all that much since the days of CALEA. Then it was to save the children from kidnappers and child pornographers. Now it's to save the world from terrorists. I doubt either will be much affected by law enforcement's new toys.
An interesting point here is that either, all of this backdoor encrypted software would have a particular signature (given ciphertext C, there exists function F such that F(C)=k(mod b) for some constants k and b), or the government will be decrypting all that traffic.
The first is *very* difficult to do (as I'm sure most of you know). Although, I'm sure the NSA could come up with a couple ciphers to do it, any loss of this knowledge through espionage would put the US's electronic infrastructure in peril. It's interesting to note that all of the worst information leaks from out intelligence agencies have come from the NSA (ref. "Code Breakers", Kahn). This is mainly do to the deployment of confidential algorithms. They go out as hardware. Once in place, hardware is costly and difficult to replace in short time spans.
The second option brings us back to Carnivore, only it also needs to do look at the contents to see if they're encrypted as well.
...and this is assuming that that information is never kept...
Actually, not that many countries have any problem on the import of cryptography. The ones that do (Russia, China, et al.) already produce decent ciphers and security produces. And, the pages are easy to hide in luggage, or whatever.
In deed, it does appear to be unconstitutional to keep a bible club from using school facilities if yoiu allow non-religious clubs to. The kicker is would the school allow a Wiccan club?
Ask the Gnutella or FreeNet folks whether distribution of information requires a central directory. Ask the PGP folks whether trust requires a central authority. More decentralized means of distribution can (and do) work rather well for security information.
Okay, now you've pissed me off. These are not decentralized, controlled lists. All of the things you mentioned are very promiscuous in their inclusion of new members. As a matter of fact, they are specifically designed to become as open as possible.
Granted, there are ways of making a decentralized authority, such as making a shared secret (ie. a vote) that would make it necessary to get N people to agree to let another person on the list; but then you'd need to increase N each time otherwise a minority of people could decide to make it open (if there are N of em) and you be back where you began.
But even then, as you add people, you'd probably end up with full disclosure because as you add people, you only need to get the right N people on to make the list open.
Also, since most of these details exist in the underground community before the security professionals hear of them, I doubt your closed list would have any affect on the creation of malicious software.
Without money, would there be a
DMCA? Would there be massive RIAA lawsuits? Would we have elaborately engineered "streaming" media formats that don't let you save video to
disk? Would we have millions of sites full of crappy fixed-font "Flash" that only windows users with 1024x768 resolution can read?
The problem I see with that is that while the corporations smell a chance for a profit on an internet-like-network(TM) then they will fight like mad to suppress any "competator." So, "YES", if the corps didn't smell money on the Internet, then they never would have gone throught the trouble of stealing our rights; but, while there is any talk of an Online anything in boardrooms, we will never be free of Corporate entanglement.
-RB
Re:That's like MSFT saying it won't ship free brow
on
Adobe Backs Down
·
· Score: 1
The problem is that Adobe didn't give him authority to decrypt Ebooks, they just weaselled out of supporting his prosecution. Their statement was that "[the product in question] is no longer available in the US..." So, in essence, they are still supporting his prosecution; but not publically
Actually, like the Zimmerman case, Dmitry Sklyarov didn't break the law at all. Zimmerman did not distribute PGP outside the US, nor did he encourage anyone else to. It was completely legal to create and use any encryption scheme within the boundaries of this country at the time of PGP's dissemination (and still is, thankfully). They targetted him because he made a piece of software that they were, at the time, trying to get outlawed inside the US. (The FBI's attempt to outlaw crypto inside the US is outlined in the "Electronic Privacy Papers", Bruce Schneier, et al.).
What the FBI did in that case as well as the Dmitry case is to act outside the law to put pressure on others who would act against the FBI's political views, legally or not.
There is a long history of the FBI jumping far over the line of what's legal and what's outright illegal whenever they want. From before Hoover's time to Freeh's false testimony about Waco, the FBI has been out for itself.
Freedom cannot survive when the people supposed to protect it are the ones suppressing it.
-RB
Who pays for the spam...
on
ORBS Forks
·
· Score: 1
Although your suggestions are good; I'd like to point out that the previous poster did touch on some good points.
While unsolicited snail mail is paid for by the party sending the mail in proportion to the amount of mail sent (thereby adding capital to the system they are using), spammers pay a flat fee and use the system to its limits without giving any additional money to the internet infrastructure companies.
When over simplified (like I've done here), you can see that the US postal service can fourish while handling gobs of unsolicited mail while email servers are choking on the excess baggage. Likewise, while US Postal will do better with the income from bulk mail, email servers will not benifit at all from spam.
Although I'm an avid free speak suporter, I don't feel that spam qualifies as "opinions." Rather, they are an attempt to get more customers at a decreased price (ie. you're paying for it).
Just my two pense:)
Another possible proponent of this treaty
on
Harm From The Hague
·
· Score: 1
Who else would be pressuring so hard for this kind of screwy logic in applying laws?
There's only one other body you've missed, which is the FBI. It's been involved in exporting US laws for a very long time now. Examples include attempts to trick Pengo into coming to the US, the recent Russian hackers, and their involvement in the EU anti-hacking laws just over the horizon.
Unfortunately, they also have the backing of the US's check book which is huge!
Although I do agree that there should be a *temporary* ban on cloning, I think your statment about choice is a bit off.
If you know you have a dominant genetic disease, then it's 1:4 to 1:1 (double occurance of the gene) likely that your offspring will have it too. Yes, you're right, that is a far cry from 49:50, but it's still a CHOICE that you're bringing someone into the world with your fucked up genes. Since our genes tend to motivate us into replicating ourselves, any suggestion that we not bread like bunnies is seen as unnatural and hostile. Similarly (sp?), any suggestion that we bread like bunnies in a different way is also seen as unnatural.
It's too early to know what benifits or pitfalls await us down the human cloning path; so I'd like to see the decision of permanently banning it put off til a later day. The technology will improve, and new areas of medical research will be uncovered via cloning in general.
Back in the early ninties I and some of my friends got into magic, but quickly got out when we all came to the independant conclusion that it was "just another religion." By '95, almost all the the technically elite people I knew were atheist, non-mystic types.
Today, all of the technically competent people I know are atheist, non-mystic types.
It's worth noting that the circles I run in tend to be west coast (both bay area and LA), mostly ex-musician, math/EE geek types.
From my small corner of the world it looks like the current batch of digit-heads is rejecting the dualist view of the world (sometimes violently).
...you can totally jam (civilian) GPS for a few blocks
I agree with the previous reply to this. The sceme you propose would be totally ineffectual. A more appropriate solution might be wrapping a wire around the body part and running a decent current through it a the same frequency.
Even if my alternative works, you still have to worry about long term cancer:)
...the Japanese had to withdraw and regroup whenever a tactical plan met with an obstacle because of language ambiguities
As a previous reply stated, I've heard this from a number of people I in my Japanese class. This was certainly a problem for the American millitary intelligence when they were decrypting the Japanese declaration of war (Kahn, "Code Breakers"). However, the lack of security in there communications probably had more to do with millitary defeats than the languages. They sacrificed Midway and tons of merchant convoys (literally) to the god of bad security.
From what I've seen in my studies, there's a lot you can get across with implications in Japanese. I can't imagine designing a language that uses phrases like:
kudasai("boku_no_file.txt");
to open a file. But then, I'm not even semi-fluent in it.
This article on slashdot is interesting (some
parts of it, anyway), but would probably not be allowed by your score scheme.
You bring up a good point. Most of what we consider questionable material is context dependant. Making a decision tree (or fuzzy associative memory, or neural network...) to decide on p0rn and non-p0rn pulls in too much "common sense." We base our understanding of content off of the words and images around it. The general case of parsing a page to determine whether it is "offensive" or not is currently impossible (This is assuming you were given a clear definition of "offensive."
Pictures are in a similar boat. The difference between a clinical picture of breasts, buttocks, penises, and vaginas compared to p0rn is very small from the point of view of filtering algorithms.
In the end, your managers may end up putting a market censoreware package on there (which I don't condone) and putting a legal warning in clear view.
The only alternative is to get the US to grow up... Unlikely.
At the end of the 19th century, there was a leisure class(sp?). The rest of America was slaving away in company owned towns in lives where they'd never be out of dept to the people they worked for. This gave the employers great latitude in how they chose to treat their workers...
Another diturbing point is that when Director Freeh was pushing for CALEA he frequently used "electronic survalence" numbers when describing the need for "wire tapping." Also, he never actually sited one case where wiretapping made the difference in a conviction. Most of this information is in the "Electronic Privacy Papers".
Also disturbing is that after CALEA was passed as a _more_ balanced act, the FBI has continued to add demands that weren't in the origional, such as imediate location of all cell phone traffic.
Although I grudginly admit that wiretaps are a necessary evil for modern LEA's, I am rather worried about the manner in which our FBI and other federal agencies conduct themselves these days.
Ethics of the Human Genome project
on
Frankenstein Time
·
· Score: 1
...how can this information be unleashed in a society which hasn't even seriously considered these issues?
Although I do agree that most of the research will be patented by corporations for profit, I think the above statement is way off. Discussion of the ethics of altering human (and other animal's) genetics has been going on for years.
Although I'm sure someone has already posted it, here is a link to the Ethical, Legal, and Social Issues (ELSI) of the Human Genome Project page.
I haven't read the bill yet (finals coming up and all), but one of the problem I see here is what is the trusted database/mechanism for authenticating a digital signature.
A goverment database? I'm out.
A private corp? I'm out.
RSA as a digital signature? Only secure for a subset of messages (see IEEE press's Contemp Cryptography(?) for that attack).
If you're responsible for your own digital sig, how do you change it if/when a pratical attack comes out for your algorithm/protocol?
Slashdot Mirror
Microsoft may use this information solely to improve our products or to provide customized services or technologies to you.
Funny, this EULA doesn't limit the ways MS's "affiliates" may use that information.
-RB
That's right. There's an ex-CIA guy (forgot his name) that pointed out that for most people in a middle east terrorist operations usually only trust their family, et al. with sensitive information.
-RB
Very insightful!
The only thing that concerns me is that this is about the same package they were planninng on pushing in the late 80's and 90's after CALEA.
I'd really like to know the mechanations behind this. I remember reading in the "Electronic Privacy Papers" that NSA/FBI was planning on pushing a ban on non-government encryption domestically after getting their CALEA wishlist from Pres Clinton. That didn't pan out.
What I find funny is that it's the media that's doing the pushing for them now.
-RB
Indeed, there's a long history of hidding messages in various forms. There's also a long history of catching it. As usual, I'll fall back on referencing David Kahn's "Code Breakers" for the particulars. Things such as hidding microfilm on a period in a letter, using the swing up vs. swing down in a cursive note have existed and have been caught by censors during various wars.
However, the main difference between that and systems like carnivore is that you used to have a human eyeballing these pages. Now it's impossible to get a staff that large (imaging trying to check every packet going over an MCI backbone).
Further, even if you wrote an expert system that could check the grammar and patterns of words in emails, it would most likely fail utterly, since the average person uses very individual (and odd) syntax in emails. Frequent misspellings, grammar missteps, and apreviations are everywhere. OTOH, conventional letters have a long history of established form where variation can be detected easily.
For that reason, such low bandwidth communicaion should be more that addiquate for the slow organization of terrorist cells. Virtually impossible to detect unless you're being targeted specifically (then you've lost anyway), and readily accessible. It's believed that important information is transfered face to face (ala the susspected meeting in Germany).
The funny part about the demands on civil liberties after 9-11 is that they haven't changed all that much since the days of CALEA. Then it was to save the children from kidnappers and child pornographers. Now it's to save the world from terrorists. I doubt either will be much affected by law enforcement's new toys.
-RB
An interesting point here is that either, all of this backdoor encrypted software would have a particular signature (given ciphertext C, there exists function F such that F(C)=k(mod b) for some constants k and b), or the government will be decrypting all that traffic.
The first is *very* difficult to do (as I'm sure most of you know). Although, I'm sure the NSA could come up with a couple ciphers to do it, any loss of this knowledge through espionage would put the US's electronic infrastructure in peril. It's interesting to note that all of the worst information leaks from out intelligence agencies have come from the NSA (ref. "Code Breakers", Kahn). This is mainly do to the deployment of confidential algorithms. They go out as hardware. Once in place, hardware is costly and difficult to replace in short time spans.
The second option brings us back to Carnivore, only it also needs to do look at the contents to see if they're encrypted as well.
...and this is assuming that that information is never kept...
-RB
Actually, not that many countries have any problem on the import of cryptography. The ones that do (Russia, China, et al.) already produce decent ciphers and security produces. And, the pages are easy to hide in luggage, or whatever.
So, I think this proposal is still a crock.
In deed, it does appear to be unconstitutional to keep a bible club from using school facilities if yoiu allow non-religious clubs to. The kicker is would the school allow a Wiccan club?
-RB
Okay, now you've pissed me off. These are not decentralized, controlled lists. All of the things you mentioned are very promiscuous in their inclusion of new members. As a matter of fact, they are specifically designed to become as open as possible.
Granted, there are ways of making a decentralized authority, such as making a shared secret (ie. a vote) that would make it necessary to get N people to agree to let another person on the list; but then you'd need to increase N each time otherwise a minority of people could decide to make it open (if there are N of em) and you be back where you began.
But even then, as you add people, you'd probably end up with full disclosure because as you add people, you only need to get the right N people on to make the list open.
Also, since most of these details exist in the underground community before the security professionals hear of them, I doubt your closed list would have any affect on the creation of malicious software.
Just my two thoughts for the day...
-RB
The problem I see with that is that while the corporations smell a chance for a profit on an internet-like-network(TM) then they will fight like mad to suppress any "competator." So, "YES", if the corps didn't smell money on the Internet, then they never would have gone throught the trouble of stealing our rights; but, while there is any talk of an Online anything in boardrooms, we will never be free of Corporate entanglement.
-RB
The problem is that Adobe didn't give him authority to decrypt Ebooks, they just weaselled out of supporting his prosecution. Their statement was that "[the product in question] is no longer available in the US..." So, in essence, they are still supporting his prosecution; but not publically
-RB
Actually, like the Zimmerman case, Dmitry Sklyarov didn't break the law at all. Zimmerman did not distribute PGP outside the US, nor did he encourage anyone else to. It was completely legal to create and use any encryption scheme within the boundaries of this country at the time of PGP's dissemination (and still is, thankfully). They targetted him because he made a piece of software that they were, at the time, trying to get outlawed inside the US. (The FBI's attempt to outlaw crypto inside the US is outlined in the "Electronic Privacy Papers", Bruce Schneier, et al.).
What the FBI did in that case as well as the Dmitry case is to act outside the law to put pressure on others who would act against the FBI's political views, legally or not.
There is a long history of the FBI jumping far over the line of what's legal and what's outright illegal whenever they want. From before Hoover's time to Freeh's false testimony about Waco, the FBI has been out for itself.
Freedom cannot survive when the people supposed to protect it are the ones suppressing it.
-RB
Although your suggestions are good; I'd like to point out that the previous poster did touch on some good points.
:)
While unsolicited snail mail is paid for by the party sending the mail in proportion to the amount of mail sent (thereby adding capital to the system they are using), spammers pay a flat fee and use the system to its limits without giving any additional money to the internet infrastructure companies.
When over simplified (like I've done here), you can see that the US postal service can fourish while handling gobs of unsolicited mail while email servers are choking on the excess baggage. Likewise, while US Postal will do better with the income from bulk mail, email servers will not benifit at all from spam.
Although I'm an avid free speak suporter, I don't feel that spam qualifies as "opinions." Rather, they are an attempt to get more customers at a decreased price (ie. you're paying for it).
Just my two pense
There's only one other body you've missed, which is the FBI. It's been involved in exporting US laws for a very long time now. Examples include attempts to trick Pengo into coming to the US, the recent Russian hackers, and their involvement in the EU anti-hacking laws just over the horizon.
Unfortunately, they also have the backing of the US's check book which is huge!
Let's hope this gets shot down quickly.
Although I do agree that there should be a *temporary* ban on cloning, I think your statment about choice is a bit off.
If you know you have a dominant genetic disease, then it's 1:4 to 1:1 (double occurance of the gene) likely that your offspring will have it too. Yes, you're right, that is a far cry from 49:50, but it's still a CHOICE that you're bringing someone into the world with your fucked up genes. Since our genes tend to motivate us into replicating ourselves, any suggestion that we not bread like bunnies is seen as unnatural and hostile. Similarly (sp?), any suggestion that we bread like bunnies in a different way is also seen as unnatural.
It's too early to know what benifits or pitfalls await us down the human cloning path; so I'd like to see the decision of permanently banning it put off til a later day. The technology will improve, and new areas of medical research will be uncovered via cloning in general.
-RB
Back in the early ninties I and some of my friends got into magic, but quickly got out when we all came to the independant conclusion that it was "just another religion." By '95, almost all the the technically elite people I knew were atheist, non-mystic types.
Today, all of the technically competent people I know are atheist, non-mystic types.
It's worth noting that the circles I run in tend to be west coast (both bay area and LA), mostly ex-musician, math/EE geek types.
From my small corner of the world it looks like the current batch of digit-heads is rejecting the dualist view of the world (sometimes violently).
-RB
I agree with the previous reply to this. The sceme you propose would be totally ineffectual. A more appropriate solution might be wrapping a wire around the body part and running a decent current through it a the same frequency.
Even if my alternative works, you still have to worry about long term cancer :)
-RB
As a previous reply stated, I've heard this from a number of people I in my Japanese class. This was certainly a problem for the American millitary intelligence when they were decrypting the Japanese declaration of war (Kahn, "Code Breakers"). However, the lack of security in there communications probably had more to do with millitary defeats than the languages. They sacrificed Midway and tons of merchant convoys (literally) to the god of bad security.
From what I've seen in my studies, there's a lot you can get across with implications in Japanese. I can't imagine designing a language that uses phrases like:
to open a file. But then, I'm not even semi-fluent in it.
You bring up a good point. Most of what we consider questionable material is context dependant. Making a decision tree (or fuzzy associative memory, or neural network...) to decide on p0rn and non-p0rn pulls in too much "common sense." We base our understanding of content off of the words and images around it. The general case of parsing a page to determine whether it is "offensive" or not is currently impossible (This is assuming you were given a clear definition of "offensive."
Pictures are in a similar boat. The difference between a clinical picture of breasts, buttocks, penises, and vaginas compared to p0rn is very small from the point of view of filtering algorithms.
In the end, your managers may end up putting a market censoreware package on there (which I don't condone) and putting a legal warning in clear view.
The only alternative is to get the US to grow up... Unlikely.
-RB
Thus if you assume rent at US$300/mo...
Heh... I wonder how many people in Silly Con Valley are laughing at that... I couldn't find a studio for under $700/month anywhere in area.
At the end of the 19th century, there was a leisure class(sp?). The rest of America was slaving away in company owned towns in lives where they'd never be out of dept to the people they worked for. This gave the employers great latitude in how they chose to treat their workers...
Sound framiliar?
...why is kiddie porn the default reason to give LEA's more power?
Another diturbing point is that when Director Freeh was pushing for CALEA he frequently used "electronic survalence" numbers when describing the need for "wire tapping." Also, he never actually sited one case where wiretapping made the difference in a conviction. Most of this information is in the "Electronic Privacy Papers".
Also disturbing is that after CALEA was passed as a _more_ balanced act, the FBI has continued to add demands that weren't in the origional, such as imediate location of all cell phone traffic.
Although I grudginly admit that wiretaps are a necessary evil for modern LEA's, I am rather worried about the manner in which our FBI and other federal agencies conduct themselves these days.
They don't call 'em meat markets for nothin' :)
Although I do agree that most of the research will be patented by corporations for profit, I think the above statement is way off. Discussion of the ethics of altering human (and other animal's) genetics has been going on for years.
Although I'm sure someone has already posted it, here is a link to the Ethical, Legal, and Social Issues (ELSI) of the Human Genome Project page.
--RB
I haven't read the bill yet (finals coming up and all), but one of the problem I see here is what is the trusted database/mechanism for authenticating a digital signature.
A goverment database? I'm out.
A private corp? I'm out.
RSA as a digital signature? Only secure for a subset of messages (see IEEE press's Contemp Cryptography(?) for that attack).
If you're responsible for your own digital sig, how do you change it if/when a pratical attack comes out for your algorithm/protocol?
Just a thought. Please kick my ass if I'm wrong.