Poll Says Most Americans Favor Crypto Backdoors 931
Sideways The Dog writes: "According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C." I realize that I'm preaching to the choir here, but it is scary how many people do not realize that the bad guys are not going to play fair here. Even granted that people may not realize the tools are already out there for the bad guys to use, I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped." Update: 09/19 19:26 PM GMT by T : Declan McCullagh adds a link to "the actual text of the question asked by the
pollsters, which Princeton Survey Research Associates describes here." Note the numbers on this page as well.
Most people agreed when... (Score:0, Interesting)
Congress lays blame (Score:3, Interesting)
Funny... and here I had thought that the primary reasons given for the massive intelligence failure were due to budget constraints and de-escalation of the intelligence community. Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...
So how do they jump from that to blaming it on encryption? Sheesh.
Tell MSNBC what you think: rate the article (Score:2, Interesting)
I selected "not at all".
Online Polling subject to whatever (Score:3, Interesting)
The mindless law-and-order rednecks who hang around at FreeRepublic.com [freerepublic.com] regularily post comments on their forums encouraging their members to "Freep" the poll (using their lingo). Now, if Slashdot had posted a notice requesting that *we* all 'Slashdotted' that poll - do you think the results may have been different?
Without the usual mention of The Three Greatest Lies (Statistics, Statistics and Statistics), I will mention that ONLINE polls even miss the basics of reasonable methods... like unbiased 'random' samples for instance.
Re:As Ben Franklin said... (Score:3, Interesting)
JOhn
Honest answers now, please! (Score:3, Interesting)
Okay: Everyone raise your hand who is willing to die for their right to use crypto. I mean really die -- or even suffer serious bodily harm -- standing up for your rights?
Whenever I see these topics come up, they're always accompanied by one-line comments "They'll only get my gpg when they pry it from my cold dead fingers!" Come on now -- would you let them kill you rather than give up your crypto?
You find out what people truly, honestly believe, deep in their hearts and souls, when they're faced with the raw reality of standing firm against inimidation and violence. Looking down the barrel of a gun is a damned good test of one's convictions...
Think People, Think! (Score:2, Interesting)
People are screaming "WE MUST DO SOMETHING!". I agree 100%. We must do something, and that something is THINK. Quit trying to solve problems that don't exist or are just symptoms/side effects of the real problem.
We have to ask the question "Does this fix the problem?".
National ID Cards
What genius thought this one up? What problem is this going to solve? "Can I see your papers please?", "Uh I forgot my ID at home". Off to jail you go. I already have a "National ID", is called a Social Security Number.
Curb-Side Check-in Discontinued
What problem does this solve? Does anyone know if the terrorists even had luggage? I know that I have taken several trips with only a carry-on. The person doing the curb-side check-in still looks up my information on the computer and verifies everything before hand. This solves nothing, except to give the public a "Warm Fuzzy Feeling" that we have "Heightened Security".
Banning Knives, Box Cutters, etc..
Would this solve the problem? Doubtful. The problem is the conditioning of the public that if the plane is hijacked, the best thing to do is just sit there. The hijackers will make their demands, and eventually, we'll all get to go home. This incident changed that. The next time someone tries to hijack a plane, (hopefully) everyone on the plane will try to take them down.
Banning knives and such wont fix the problem. A pencil is just as good a weapon as a knife. Should we also ban these? What about people trained in Hand-to-Hand combat? People can kill with their hands, feet, etc...
Back-Doors in Encryption
How is this going to help? Has it even been proven that they used encryption? What type did they use? How did it help them? Everything I have read so far has been 100% speculation.
Do you think the Government is going to have back doors in THEIR encryption? I don't think so.
What chilling effects are going to come out of this? Banks encrypt their transactions such as money transfers, etc... Now what happens if that "Back-Door" falls into the wrong hands? What about e-Commerce? Will your on-line transactions be safe anymore? Faith in on-line transactions such as buying goods, paying bills, etc.. will plummet if the "Back-Door" becomes public knowledge.
But then again, as one radio talk show host here in Phoenix, put it "Who cares?". These are things about convenience, right? No, these things are about Freedom. The Freedom to do as we want when we want to. The only time we are not allowed to do that is when it infringes on the rights of others. This is true for the most part, however, there are plenty of exceptions to this rule, take the DMCA for example.
Again, how is this going to solve the problem? So we put back-doors in our encryption, now what? The terrorist simply change to other methods. They drop a letter in the mail, and it arrives at the destination in as little as a day. Are we going to allow the government to open every single letter that travels through the post office?
Who says they have to use typical Modern-day encryption? There are many ways to send "coded" messages that appear harmless to anyone looking at them.
Problem: Hijackers took over the controls of the plane
Solution: There are several that I have read about that actually make sense and would probably help this problem. Make the cockpit self-contained. No access to it AT ALL from the rest of the plane. If you can't get to the controls, you can't take them over and fly the plane into a building.
Problem: Hijackers take hostages and claim to have a [insert device here]
Solution: Everyone on the plane attack that person or persons. After the event on September 11, you would have to be stupid to just sit there.
Problem: Security check-points at the airport are a joke
Solution: Do not leave security to people who have no clue about it. The private sector is not interested in security; they are interested in the bottom line. The government either federal or local needs to be in charge of security. Pay the people who do the security better.
Problem: This person is a known terrorist
Solution: Kill them before they can do it again.
Before you go and piss away your rights, take the time to think about whether or not its actually going to help things, or just make life for most Americans that much more difficult. If it really had a good logical reasoning behind it, I'd take it into consideration, and might even vote for it. The problem is, is that everything that people have been suggesting is knee-jerk reactions that only give the perception of "Solving" a problem when in fact they actually don't solve anything.
Do we really need more laws? The government has already found 180+ people that might be involved with this with the laws we already have. Would adding new laws make that much of a difference? The terrorists worked with-in the system, and if the system changes, they will probably adapt as well.
bin Ladin... (Score:2, Interesting)
It would be funny if he has lobbyists in the US pushing for these bills.
How do they enforce this? (Score:3, Interesting)
Now, one of us uses a copy of PGP (pre-backdoor) or codes his own blowfish app and uses it to encrypt her letters to CyptoGRRL Magazine. How is the US going to stop her from doing this?
What do officials say?
"We were randomly sampling the crypto streams traversing the net and noticed that our backdoor key didn't work on your message stream. You are in violation of US Code BlahBlahBlah."
Doesn't that seem to open some other sticky questions? I mean, if I'm not breaking the law (other than using strong crypto), how are they going to tell or prosecute me?
It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant [slashdot.org]). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.
Besides, development of Open Source versions of crypto programs would continue in other parts of the world. The US won't be able to stop that. I could just download the program from CryptoGRRL.de (as long as the server actually resided outside of the US).
this is how 802.11b ended up the way it is... (Score:1, Interesting)
There ensued a debate about what was permitted and what was not. The NSA wanted something even weaker than what they were eventually negotiated up to (they wanted fixed IVs - those familiar with the debate will know how disastrous that would have been).
What the NSA got was something that they could crack easily in 1993, and which can now be cracked easily by absolutely anybody. If new laws get passed now, no doubt the next rev of security (802.11i - I'm active in that group) will get it's legs broken too.
There was supposed to have been an 802.11 meeting in Bellevue this week, but it got cancelled due to travel chaos. I'll be waiting eagerly to see if the NSA/FBI/whoeverelse turns up at the next (November) meeting and starts telling us we're not allowed to do it properly this time either.
oh, and I guess you don't need me to explain why I'm posting as an AC (I do have an account, btw...)
Some Historical Perspective (Score:3, Interesting)
Today I'm sure that the majority of our leaders in government are honestly concerned about how to deal with how to thwart attacks like we all saw last week. To do this they see information gathering as a critical tool to use for these ends. To gather this information they wish to put together an infrastructure of snooping abilities that go far beyond issues dealing with cryptography. We're also looking at phone tapping and possible postal snooping. The majority of citizens at this moment are more than happy to give up these liberties to give law enforcement the tools they seek. Lives are at stake after all!
Okay, so what happens when there's no longer a terrorist threat to be dealt with? Does this infrastructure just vanish? Not bloody likely. I don't believe that there's any kind of conspiracy today from either the right or left side of the spectrum to misuse these tools. What about 10 years from now? 20? 50? Can we really entrust a governmental body we haven't even seen yet to only use these kinds of tools in an honest way?
To keep this non-partisan, let's say the "Widget" party takes a majority in both houses and the presidency. Once in a majority, what all stops them to increase this monitoring built on the infrastructure we are proposing today? How can we be assured that what they're monitoring isn't just criminals, but the opposition party campaigns? Rather than a tool for law enforcemnent we could be looking at a tool for political power.
As to the comparison I was referring to at the beginning of this post, I'm of course talking about the rise of the Nazi party to power in Germany. Too many similarities to be funny. Weak economy, terrorist attacks on urban areas, a populace all too willing to give up liberties to those that can deliver on the promise that they won't have to be afraid of a building blowing up on them. Oh, and a bit of a racial element tossed into the mix.
No, I'm not even beginning to suggest that the Nazis are looking to take over America. What I am saying here is that there is a precedent to how people are reacting to these recent events. The German people openly welcomed the kind of lock down the Nazis brought with them because they saw the streets truly get to be a safer place. Unfortunately, what they didn't see was the enormous cost of that safety until it was far too late. What I'm concerned about is that in our fear at this time we may very well not see the high cost we will end up paying decades down the road.
Fascists in the woodwork (Score:1, Interesting)
Granted now I'm leaning toward Islamic fundamentalists as most of us have been, and as I have been since then but still the possibility isn't ruled out.
The mere fact that I'm considered unpatriotic and traitorous for not supporting every damn thing our government comes up with this past week just confirms my suspicion that people are trying to take advantage of the public's succeptibility to suggestion at times like this, at the very least.
Re:I would, too... (Score:3, Interesting)
the problem is, there's just no correlation between deprivation of existing personal communications freedoms/rights and increased security. the 'bad guys' will continue to deploy what they have (or develop better) and the rest of us will have taken several steps backward in our civil rights.
stop appealing to pure emotion. the imagery of the WTC catastrophe and the slim benefit in security you'll gain by trashing personal freedoms isn't based on rational thinking, but purely on emotion. the lawmakers need to think long and hard about how effective it will be to further regulate the law-abiding population.
Re:Education is the only way to fight ignorance... (Score:2, Interesting)
I think it would be better if we spared our representatives a bunch of repetitive letters that hit the same four or five buzzwords, and instead sent each of them a copy of a book like "Secrets & Lies" (by Bruce Schneier). That way they get a decent, in-depth analysis of computer security and why backdoors will actually make us more vulnerable.
As to the more important matter, should strong encryption be outlawed... how the hell are you going to tell if a message is "strong" encrypted or just weakly encrypted without decrypting it? Is a one time pad "strong" encryption? Considering it's supremely simple to implement (for one to one messages, where actors know each other and can share the pad securely beforehand), I can't imagine how it could be called "strong" anything. I'm guessing what most all of us would support is a law that makes it an offense to refuse to divulge keys when so ordered by a court under the same rules that govern search warrants for property.
I realize that physical search warrants can be effected without permission of the property owner, but if I'm facing 20 years in jail simply for refusing to divulge keys for data which would only get me 10. I'd pony up the keys in a hurry. Same as I'd open the door for the police if they had a warrant (as opposed to an armed standoff).
Encryption and Civil Liberties. (Score:2, Interesting)
I dont think that most people around here understand something. THE CONSTITUTION IS NOT GOING TO GO AWAY. Short of a constitutional ammendment repealing all of the ammendments in the bill of rights, your rights are secured. We have the power of checks and balances in this country, one of the most important of those is that the supreme court has the power of judicial review. Let me say that again in case you didnt get it.
THE SUPREME COURT HAS THE POWER OF JUDICIAL REVIEW.
What this means is if both the executive and legislative branches of our government lose their minds and start passing crazy laws, the judicial branch of our government can stop their enforcement if they find these laws to be unconstitutional. From what ive seen in the last 200 or so years in the history books they seem to be pretty good at it. They arent going away either.
A law can be enforced before it is found to be unconstitutional. This is a good and a bad thing. Say they pass this law and we are all arrested tomorrow for using encryption keys the Feds dont like. OH MY GOD WE ARE ALL GOING TO JAIL. This is also when the process of judicial review starts. You should all go read about this.
You think the FBI and the CIA arent watching those they find to be suspicious already? If you do youre pretty naive and a more trusting person than I am. All of that doesnt matter as long as they are unable to use it against you in criminal procedings, which is where judicial review comes in.
I have faith in this system, i learned all about it in school and i have seen it work in practice. If you dont believe me maybe you should start learning some American history.
To me the only issue here is constitutionality of these new laws. If they are unconstitutional i believe that they will be struck down, if they are not then what are all of you complaining about? If you cant tell me what ammendment in the bill of rights a new law on encryption would infringe upon then you have no basis to argue the issue.
My letter to Congress (Score:1, Interesting)
There have been proposals to limit encryption. These proposals are based on a fundamental misunderstanding of the technology.
The truth is, strong encryption is much too simple to be stamped out. It's just math, and the math has been published in books. One key encryption method, RSA, is so simple that people have tattooed it on their arms - and it's not a very big tattoo. Any computer programmer who knows this math can implement strong cryptography.
An encrypted file is just a random-looking string of numbers. It's extremely difficult to tell the difference between such a file, and a set of actual random numbers. Many non-encrypted files have a little bit of randomness - the static hiss in a sound file. By replacing the hiss with your encrypted file, you can hide the fact that you are using encryption. There have been reports that terrorists are already doing this.
Any terrorist who wants to use strong encryption will do so, undetectably, no matter what the law is. Or they'll use phone booths and code words. The only effect of such a law will be to weaken the security of Americans, making us more vulnerable to cyberattack. Many noted cryptographers, such as Bruce Schneier (a participant in the Advanced Encryption Standard process), have argued that key escrow will inevitably be exploited by hackers. What if the terrorists manage it?
Encryption is the foundation of online commerce. It is the basis for electronic signatures. It can help protect our critical infrastructure. Please don't take an action that will damage our economy, make us more vulnerable, and do nothing to make us safer.
The more we damage ourselves without hurting the terrorists, the more we'll encourage them.
Re:Percentage Opposed To Secrets (Score:1, Interesting)
"Americans are always willing to trade away a little more of their freedom for the feeling, the illusion, of security."
How true.