John Carmack may argue all he wants, but don't listen to him. He and his pet company id Software are part of a worldwide EVIL CONSPIRACY that is TAKING AWAY YOUR RIGHTS!
When your videocard's version is sent to id's server, the information is relayed to the NATIONAL SECRET POLICE located in EAST BOSNIA. The information is corellated with data collected by NATO WAR PLANES and compared with data collected through MULTINATIONAL CODE NAME FQAZBY-7. This videocard information is pivotal to a world takeover plot that will convert all free people into slaves! It must be stopped!
This conspiracy is more dangerous -- more damaging to YOUR privacy -- than the daily actions of credit card companies, banks, health insurance companies, the DMA, the NSA, the FBI, and other major violators of privacy. And thanks to Michael's honorable and trustworthy reporting, we now have the full scoop on what's REALLY going on! Please, set this MULTINATIONAL CONSPIRACY as a priority on your activism list. Write to your Congresscreature, telling him or her to FORGET ABOUT THE NSA and focus on investigating id! Write to the EFF and EPIC and tell them that, instead of protecting our freedom of speech and rights to the REAL privacy of encryption, they should be launching lawsuits against id Software! Tell the ACLU to forget about fighting the National ID card and focus on the real culprit: id Software!
THE TRUTH IS OUT THERE!!! BIG BROTHER IS IN QUAKE3 DEMO TEST!!!
-- Rene
[DISCLAIMER: The author of this post is not responsible for the actions of morons who misunderstand it.]
Unfortulately, there's one problem with your plan.
Criminal laws also apply to minors. Minors aren't legally allowed to export strong crypto any more than they're allowed to export guns, sell dope, buy porno, shoplift, or commit murder. Whether or not it's right (hint: it's not right), if a minor exported strong crypto the best he or she could hope for was a lighter criminal penalty than an adult would get.
This is not my opinion. I do not agree with it. It's just the law. (IANAL)
DVD's can be copied because they use extremely weak encryption. Any widespread usage of legally binding digital signatures would require that the U.S. relax its export regulations -- unless, of course, we want the rest of the world to leave us behind in yet another way.
Pen-and-paper signatures are laughably weak. I once had a boss who asked me to forge his signature at work; he was out of the office knew that any scribble that I made on the paper would count. (For the record, I flat-out refused.)
I use entirely random means of generating passwords. Computer programs generate most of my passwords; Diceware works well for passphrases, and a modified form can be used for simple passwords as well. During the time it takes for me to memorize the passwords, I place them in a PGP-encrypted file on a floppy; after they're safely locked away in my mind, I burn the disk, grind the ashes up, and throw them into running water. Although I'm not sure exactly how secure it is, Password Safe on Windows is good for managing low-security website logins.
But if I didn't use entirely random schemes, I wouldn't be telling anybody. Why are so many people here giving away their schemes?
Sure, I may be paranoid; if the scheme is good, describing it only reduces its efficacy, and not many crackers will take the time and energy to analyze a scheme of that sort to attack one person. But then again...
I already unloaded most of my comments on the subject in a hasty reply, but I thought I should point this out.
Over the past few years, human rights workers in extremely dangerous environments have written various letters to Phil Zimmerman. Not only do those letters thank him, but they essentially say that PGP -- and its availability abroad -- has saved lives. Strong PGP encryption in foreign countries has sometimes been the only barrier preventing perfectly good people from being murdered, raped, and otherwise hassled rather badly.
Now, of course, some of those human rights workers are indeed dissidents against their governments. Where they are, they break the law; they subvert the area governments' abilities to slaughter and suppress at will. But that's another discussion altogether.
I realize that you were only playing Devil's advocate, but there are a few problems with your logic.
The ability to intercept communications does not figure into the majority of criminal prosecutions. If you kill somebody, it doesn't matter if the government can't hear your phone call telling someone about the murder you just committed -- there's still a dead body sitting somewhere with your clothing fibres clinging to it, and a bullet traced to your gun sitting inside its skull.
Indeed, telephone wiretapping -- which the government says is equivalent to law enforcement cracking crypto -- is almost never used to combat serious crimes. According to the ACLU White Paper on the subject, "in the past eleven years, fewer than 0.2 percent of all law enforcement wiretap requests were made in the investigation of bombings, arson or firearms" while 83 percent of "...wiretaps and other forms of surveillance have been authorized in connection with vice crimes, like gambling and drug offenses..."
How different would the Microsoft anti-trust trial have been without any of the internal Microsoft documents? If strong cryptography were routinely used for everything, the Microsoft trial would have been a completely different affair.
This is the/. equivalent of the "Save the children!" argument: Point out one case that hits at most readers emotionally, and the whole argument is accepted without much thought.
I personally don't think that there should be any antitrust laws, or any case against Micro$not. I hate their products as much as anybody here does, but I'm a libertarian; they have a right to do what they want, and I have the right to do what I want. Just as I have a right to complain about Windows and/or switch to something else and/or create a competing product, they have a right to be assholes.
And in the end, you're forgetting about the three key points in favor of widely implimented strong cryptography: Privacy, corruption, and the criminals themselves. For the first, it doesn't matter if I'm not doing anything illegal; for my part, I don't want the anybody unintended, government or otherwise, having the ability to read my secret love letters, diaries, hopes and dreams, &c. The argument that those who don't commit crimes shouldn't care if they're watched doesn't hold up in my view; after all, in that case, why should I care if police can routinely come into my bedroom and check to see what I have in my bedside drawer, my dresser, and my closet?
Then, enter the issue of corruption. How likely is it that my weakly encrypted communications will only be cracked by the government under warrant?
And lastly, everybody seems to be forgetting that if the government can break it easily, so can criminals. I don't want Joe Ex-Con stealing my credit card number. I don't want Tom Voyeur reading my correspondance with my SO. I don't want Mr. Sleazy Dishonest Corporate Head Honcho finding out my business plans and potentially patentable ideas that I at least want credit for. And I want to be able to communicate those things with people that I want to, even if they happen to reside outside the United States. Every day I thank Phil Zimmerman for distributing PGP so that anybody could get it anywhere.
Restrictions on strong crypto increase crime far more than they prevent it.
These points should strongly outweigh any reason to restrict strong crypto. Really, would you trade all of the money in your bank account, your privacy, and your greatest ideas for the ability to litigate against Microsoft?
Slashdot Mirror
John Carmack may argue all he wants, but don't listen to him. He and his pet company id Software are part of a worldwide EVIL CONSPIRACY that is TAKING AWAY YOUR RIGHTS!
When your videocard's version is sent to id's server, the information is relayed to the NATIONAL SECRET POLICE located in EAST BOSNIA. The information is corellated with data collected by NATO WAR PLANES and compared with data collected through MULTINATIONAL CODE NAME FQAZBY-7. This videocard information is pivotal to a world takeover plot that will convert all free people into slaves! It must be stopped!
This conspiracy is more dangerous -- more damaging to YOUR privacy -- than the daily actions of credit card companies, banks, health insurance companies, the DMA, the NSA, the FBI, and other major violators of privacy. And thanks to Michael's honorable and trustworthy reporting, we now have the full scoop on what's REALLY going on! Please, set this MULTINATIONAL CONSPIRACY as a priority on your activism list. Write to your Congresscreature, telling him or her to FORGET ABOUT THE NSA and focus on investigating id! Write to the EFF and EPIC and tell them that, instead of protecting our freedom of speech and rights to the REAL privacy of encryption, they should be launching lawsuits against id Software! Tell the ACLU to forget about fighting the National ID card and focus on the real culprit: id Software!
THE TRUTH IS OUT THERE!!! BIG BROTHER IS IN QUAKE3 DEMO TEST!!!
-- Rene
[DISCLAIMER: The author of this post is not responsible for the actions of morons who misunderstand it.]
Unfortulately, there's one problem with your plan.
Criminal laws also apply to minors. Minors aren't legally allowed to export strong crypto any more than they're allowed to export guns, sell dope, buy porno, shoplift, or commit murder. Whether or not it's right (hint: it's not right), if a minor exported strong crypto the best he or she could hope for was a lighter criminal penalty than an adult would get.
This is not my opinion. I do not agree with it. It's just the law. (IANAL)
-- Rene
DVD's can be copied because they use extremely weak encryption. Any widespread usage of legally binding digital signatures would require that the U.S. relax its export regulations -- unless, of course, we want the rest of the world to leave us behind in yet another way.
Pen-and-paper signatures are laughably weak. I once had a boss who asked me to forge his signature at work; he was out of the office knew that any scribble that I made on the paper would count. (For the record, I flat-out refused.)
-- Rene
I use entirely random means of generating passwords. Computer programs generate most of my passwords; Diceware works well for passphrases, and a modified form can be used for simple passwords as well. During the time it takes for me to memorize the passwords, I place them in a PGP-encrypted file on a floppy; after they're safely locked away in my mind, I burn the disk, grind the ashes up, and throw them into running water. Although I'm not sure exactly how secure it is, Password Safe on Windows is good for managing low-security website logins.
But if I didn't use entirely random schemes, I wouldn't be telling anybody. Why are so many people here giving away their schemes?
Sure, I may be paranoid; if the scheme is good, describing it only reduces its efficacy, and not many crackers will take the time and energy to analyze a scheme of that sort to attack one person. But then again...
-- Rene
(Emphasis added)
Those who are the quickest to flame for speling andt gramatik erors...
- -- --- Rene --- -- -
I already unloaded most of my comments on the subject in a hasty reply, but I thought I should point this out.
Over the past few years, human rights workers in extremely dangerous environments have written various letters to Phil Zimmerman. Not only do those letters thank him, but they essentially say that PGP -- and its availability abroad -- has saved lives. Strong PGP encryption in foreign countries has sometimes been the only barrier preventing perfectly good people from being murdered, raped, and otherwise hassled rather badly.
Now, of course, some of those human rights workers are indeed dissidents against their governments. Where they are, they break the law; they subvert the area governments' abilities to slaughter and suppress at will. But that's another discussion altogether.
-- Rene --
I realize that you were only playing Devil's advocate, but there are a few problems with your logic.
The ability to intercept communications does not figure into the majority of criminal prosecutions. If you kill somebody, it doesn't matter if the government can't hear your phone call telling someone about the murder you just committed -- there's still a dead body sitting somewhere with your clothing fibres clinging to it, and a bullet traced to your gun sitting inside its skull.
Indeed, telephone wiretapping -- which the government says is equivalent to law enforcement cracking crypto -- is almost never used to combat serious crimes. According to the ACLU White Paper on the subject, "in the past eleven years, fewer than 0.2 percent of all law enforcement wiretap requests were made in the investigation of bombings, arson or firearms" while 83 percent of "...wiretaps and other forms of surveillance have been authorized in connection with vice crimes, like gambling and drug offenses..."
This is the /. equivalent of the "Save the children!" argument: Point out one case that hits at most readers emotionally, and the whole argument is accepted without much thought.
I personally don't think that there should be any antitrust laws, or any case against Micro$not. I hate their products as much as anybody here does, but I'm a libertarian; they have a right to do what they want, and I have the right to do what I want. Just as I have a right to complain about Windows and/or switch to something else and/or create a competing product, they have a right to be assholes.
And in the end, you're forgetting about the three key points in favor of widely implimented strong cryptography: Privacy, corruption, and the criminals themselves. For the first, it doesn't matter if I'm not doing anything illegal; for my part, I don't want the anybody unintended, government or otherwise, having the ability to read my secret love letters, diaries, hopes and dreams, &c. The argument that those who don't commit crimes shouldn't care if they're watched doesn't hold up in my view; after all, in that case, why should I care if police can routinely come into my bedroom and check to see what I have in my bedside drawer, my dresser, and my closet?
Then, enter the issue of corruption. How likely is it that my weakly encrypted communications will only be cracked by the government under warrant?
And lastly, everybody seems to be forgetting that if the government can break it easily, so can criminals. I don't want Joe Ex-Con stealing my credit card number. I don't want Tom Voyeur reading my correspondance with my SO. I don't want Mr. Sleazy Dishonest Corporate Head Honcho finding out my business plans and potentially patentable ideas that I at least want credit for. And I want to be able to communicate those things with people that I want to, even if they happen to reside outside the United States. Every day I thank Phil Zimmerman for distributing PGP so that anybody could get it anywhere.
Restrictions on strong crypto increase crime far more than they prevent it.
These points should strongly outweigh any reason to restrict strong crypto. Really, would you trade all of the money in your bank account, your privacy, and your greatest ideas for the ability to litigate against Microsoft?
-- Rene --