Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Privacy Your Rights Online

Poll Says Most Americans Favor Crypto Backdoors 931

Posted by timothy from the never-mind-reality-we-want-perception dept.
Sideways The Dog writes: "According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C." I realize that I'm preaching to the choir here, but it is scary how many people do not realize that the bad guys are not going to play fair here. Even granted that people may not realize the tools are already out there for the bad guys to use, I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped." Update: 09/19 19:26 PM GMT by T : Declan McCullagh adds a link to "the actual text of the question asked by the pollsters, which Princeton Survey Research Associates describes here." Note the numbers on this page as well.
This discussion has been archived. No new comments can be posted.

Poll Says Most Americans Favor Crypto Backdoors More

Poll Says Most Americans Favor Crypto Backdoors

Comments Filter:

  • Hmm.. (Score:2)

    by nebby ( 11637 )
    When I wasn't logged in, for this article I got "Nothing for you to see here, please move along." Is this normal?

  • Percentage Opposed To Secrets (Score:5, Insightful)

    by waldoj ( 8229 ) <waldo@@@jaquith...org> on Wednesday September 19, 2001 @01:36PM (#2320721) Homepage Journal
    I'd like to see a new survey:

    Should you be allowed to have secrets?

    I imagine that we'd see considerably different results.

    -Waldo
    • Here here... That's a great point...
    • the government has announced that it will soon be
      mandatory to use state-approved envelopes to send
      all mail.

      these new envelopes will be entirely transparent
      when viewed under a federally produced lightbulb,
      but there is no need to worry about these lamps
      getting out to bad people, since it is time-tested
      proof that all government employees are completely
      honest and lack all self-serving traits present
      in every other human being.

      besides, it's for your own good and protection!

      and if you have something to write that you don't
      want everyone to read, maybe it's time for that
      all-important self-examination to reveal your
      underlying paranoia complex...

    • Re:Percentage Opposed To Secrets (Score:4, Insightful)

      by FortKnox ( 169099 ) on Wednesday September 19, 2001 @02:03PM (#2321016) Homepage Journal
      Its an entirely different poll.

      The poll in the article is about whether people thought it would of helped prevent the attack. Your post is about whether people want it. These are two different things.

      A military dictatorship would of helped prevent the attack, but I don't want a military dictatorship.
    • Should the government beable to obtain information about online conversations you've had related to events of national importance, that is whenever they feel it is of national importance to do so, that is whenever they want, that is they're going to expand their net of social control to incompass all forms of communication and thinking?

      (Yeah, the last part is suppose to be part of a statement; it's a trick like that: instead of being asked what you think, by the end of the poll you're being told what to think).

      F-bacher

  • Poll says 72% of Americans technologically illiterate.

    • Re:This just in.... (Score:2, Informative)

      by skeptikos ( 220748 )
      I could not agree more on this, but I will try to put your opinion in more explicit terms.

      There are some well known very secure cryptosystems out there. Implementing them is VERY easy. Any competent programmer can do it. Disallowing encrypted traffic thru the net is impossible or at least insanely hard. Even if the structure of the internet were completely changed, so you could use only a well known services and you were limited to "official" protocols you could use covert channels. Modulating information is EASY. Option bits in packets, delay between packets, checksums, IP addresses... almost anything can represent a string of bits. Using very draconian measures in the net you may limit the banwidth of this covert channels a lot, but such a network would be so damn rigid, inefficient and expensive that the entire US economy would suffer it.

      I believe most people involved in the poll is absolutely uneware of these facts.


      FYI, I am a computer scientist and I work with two experts in cryptography (although it's not my field of research)

  • The real question is do we implement backdoors in all available crypto (very dangerous and generally unsafe) or do we mandate 'key escrow' on all international or inter-state crypto transactions?

    I do not believe it would be constitutional for the Federal government to require any restrictions on individuals, groups, or businesses using crypto for transactions that do not cross state lines.

    • While IANAL, whether the transaction crosses state lines is immaterial. All that has to happen under recent interpretations of the Commerce Clause in the U.S. Constitution is that the activity *could* impact interstate trade, not whether or not it actually *does*.

      That being said, it's unlikely, in my mind, that Congress actually has authority to enforce limits on crypto under the Commerce Clause because it would violate the 1st Amendment,and possibly your right against unwarrantable searches and seizures, but that's more of a stretch, IMHO.

      On the other hand, the fact that crypto is classified as "munitions" (this means that seemingly harmless stuff, such as the Mozilla source code or the DeCSS T-Shirts are actually classified as munitions! scary stuff!) means that actually, Congress probably *can* regulate it via export control. But since you have a Constitutional right to bear arms (heh), they can't regulate it's use by citizens. So there's another reason Congress wouldn't have a leg to stand on.

      Again, I'm not a lawyer, I'm just going on what I know from reading, experience and a Businss Law class or two. :)
  • "Sure, your guilt might force you to vote Democrat, but secretly deep down inside you long for the Republicans to lower your taxes, ignore the poor, brutalize prisoners, dictate what goes on in your bedrooms and rule you with an iron fist..."
    --Sideshow Mel.

  • Stupid poll questions? (Score:3, Insightful)

    by nebby ( 11637 ) on Wednesday September 19, 2001 @01:40PM (#2320768) Homepage
    From reading the article, it seems the questions asked weren't "Do you support anti-crypto?" but instead "Do you think anti-crypto would help catch terrorists?"

    Of COURSE anti-crypto has a chance of helping catch terrorists.. if your doctor for example has encrypted files for one of them or something random like that. That doesn't mean I support it or think it's worth it! They're extrapolating people's opinions based upon the not-so-earthshattering observation that crackable crypto has a good shot of helping catch terrorists (and this, in itself, is debatable since they already have strong-crypto for their own internal communications)

  • As usual, cracking down on honest people is a priority. It impresses the honest people (i.e., voters) that the authorities are on the job. If you only crack down on the bad guys, who notices?
  • Obviously it's not going to be affected by this silly law/requirement. So how is this going to affect in any way Joe Blow Terrorist in not using the latest version of Euro-PGP to be immune from FBI looking over their shoulder?
  • That is because most of the people in the security world do not take survays. :) It is always a flaw of survays that are voluntary.
    ~~CrackElf
  • ... then it'll be easy to spot terrorists : it will be all those who have software with no backdoor. Do these people really think outlaws will use law-abiding software ?
    • But you can't search every home, to see who has illegal crypto. Even if you somehow can tell ssh-backdoor apart from ssh, you can't tell ssh over ssh-backdoor from ssh-backdoor without decrypting all transmissions.
      • then it'll be easy to spot terrorists : it will be all those who have software with no backdoor

      In case anyone takes you seriously, I'll just point out that you first encrypt your message in you own 4096 bit MujaCrypt 3.0, then wrap that in the backdoored Fed-O-Crypt 1.0 and it all looks lovely and innocent.

      (Or you use disposable phones, face to face meetings, mail drops and personals ads like they actually do...)

  • The county I grew up in, some people STILL use their ole mattress versus a bank account.

    Now we all know why they cry like hell when their house burns down...

  • Most north american watch too much tv and are ready to beleive whatever the media tells them.

    They get frustrated at how bad the information is when it refers to their center of competence/interests (therefor missleading the others who don't know much), but they forget that little detail rapidly when they watch information about something they are less familiar with, and gobble everything sent to them.

    Encryption is not something common, everybody knows the word, but not everyone uses it or understand the technology, nor the fact that it won't change ANYTHING to put backdoor since there's a lot of stuff already available to create your own crypto package without backdoors. So, basically, if you're a terrorist, it's way too easy to bypass that system.

    In that perspective, the govs. are only stepping in a little bit more onto you privacy, and 99% of the people will accept it because "it sounds good the way it's explained, and besides, who cares, doesn't affect them as individuals".

    God I hate those terrorists, not only we suffer because of human loss, but we'll suffer because of paranoia and liberty loss too.

  • If it were just a matter of adding backdoors which would exist in all crypto, I'd support it too.

    This may be an unpopular viewpoint on /., but I'd personally rather have the government able to read my email (with a subpeona, of course) than see another event where dozens of relatives were milling around outside a disaster zone clutching photos of their lost father/son/daughter/wife/etc.

    Of course, the problem is that any moron with a mathematics education and a 486 can put together some pretty decent crypto on their own. Any smart terrorist (and it takes a smart, if not necessarily moral person to put something like this together) will use off-brand cryto without the back doors.

    If there was a way to make the terrorists use standard, back-doored crypto, I'd be willing to force all crypto to have a back door.

    • One problem is that the current wire tapping practices do not require a judge to issue a subpoena. It's a closed-door process that happens in some darkened room in Washington, from what I hear.

      If crypto eventually falls into that category, you won't hear about it until long after it has happened.
    • If there was a way to make the terrorists use standard, back-doored crypto, I'd be willing to force all crypto to have a back door.

      Right, but there isn't. As you note, this cat has been out of the bag since before Clipper was a gleam in Bush Senior's eye. So there's no chance that such a ban would work, and I for one would gladly violate it, at least until it is found unconstitutional as a prior restraint on speech.

      • How does that keep you from speaking out? I've had letters to the editor published without using crypto. Hell, I'm not using it right now, in this message. Lack of crypto in slash certainly isn't restraining my speech.

    • But having a backdoor into the crypto algorithm has dangers too. If there is a backdoor there are chances that someone other than the govt will figure it out and exploit it. On the other hand, if the requirement for the backdoor was just that one always had to encrypt for multiple recipients and having the Justice Department (or whatever national ministry for other countries) as one of the recipients, it probably wouldn't be as bad from a software standpoint. However, other problems concerning the management of the global Federal encryption key will pop up.

      Unfortunately, many of the policy makers view software as a commercial activity and would probably adopt some closed source set of software and using anything else could be considered illegal. All of which would help MS get more hooks into controlling everything. Which is not only bad from a freedom standpoint, it's also bad if the next wave of terrorists decides to fly some planes into the Redmond campus.

    • but I'd personally rather have the government able to read my email (with a subpeona, of course) than see another event where dozens of relatives were milling around outside a disaster zone clutching photos of their lost father/son/daughter/wife/etc.

      the problem is, there's just no correlation between deprivation of existing personal communications freedoms/rights and increased security. the 'bad guys' will continue to deploy what they have (or develop better) and the rest of us will have taken several steps backward in our civil rights.

      stop appealing to pure emotion. the imagery of the WTC catastrophe and the slim benefit in security you'll gain by trashing personal freedoms isn't based on rational thinking, but purely on emotion. the lawmakers need to think long and hard about how effective it will be to further regulate the law-abiding population.

  • So how do you plan to enforce this backdoor rule? How do you keep me from using my copy of PGP that I've already downloaded from pgpi.org [pgpi.org]? If I take the results of encrypting my message with PGP and then further encrypt it with your backdoored protocol, you'll never even know I was using PGP unless you use my backdoor, and then you won't be able to read my messages. So how will this help anything?
  • So some percentage of uneducated, non-law enforcing people thing that it would help in solving this? bah. Who cares.

    That is like advertising perscrition drugs on tv. Doctors are the only ones that can decide which drugs really need to be perscribed. It shouldn't matter which "brand" sounds better, or has a better commercial. "Such a catchy tune, I'm sure that my [fill in the blank] will be better with it!!" This is equivalent to "I am now scared, so I will do whatever to get that false sense of security back!!!"

    We need a panel of experts to decide what would be helpfull. And not just FBI or DOJ experts, but ACLU types, and engineering types as well.
  • Something that most people I know follow already... Don't use the net for anything important! If you use the anology of the 'net as the bad part of town, where any stranger can take your credit cards from your wallet if you bring them, then encryption is the mask over the stranger's face to most people. Sure, ordinary people may have lots of reasons to wear masks, but that doesn't mean they're allowed to. Anyone wearing a mask is usually asked to leave the bank, or the office, or whatnot. These people simply want to make sure we can see through people's masks.

    Just think... if you sent a coded letter through the mail, nobody would give you a second thought. Everyone's complaining because the most convienent means (the 'net) is going ot be even more regulated than before.

    Well, so are airplanes. I can't bring a gun on one. Now, I won't be able to bring a pair of tweezers or a nail-clipper on one. Are my rights being curtailed? Not at all. If I don't like it, I can always take a plane. I don't have to use the most convienent means available.

    And that's the problem. Convienence has become synonymous with 'rights' these days. You have the right to watch movies whenever you want. Saying you have the right to encryption without a backdoor is like saying you have the right to smoke. You enjoy it, but the activity hurts other people.

    Okay... rant mode off.
  • "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. "
    • And since when does the Consitution state the right to create encrypted messages that the government can't read is an essential liberty?
      • There is no explicit mention of the word "privacy" in the constituion. The closest thing is in the 4th Amendment, which prohibits unreasonable search and seizure.

        With the current tapping abilities, both legal [eff.org] and illegal [igc.org], it looks like soon, if not already, warrants will be unnecessary for law enforcement to peruse all of your communications. Also, remember that your cell phone has a GPS chip in it, so you are carrying a "leaky" communications device with a tracking chip built into it.

        Unreasonable search is what we're talking about here. If the government decides to allow tapping into 100% of my communications, even though I'm not conversin with people about illegal activities, I want to make sure that I have the right to avoid plaintext and keep what I talk about unavailable if I so choose.

        This is my right. It is being trampled.

        Did you notice that the cell phone calls that have been reported throughout this whole ordeal were recorded and traced? Doesn't that frighten you in the least? Don't you feel you have the right as an American to some modicum of privacy?
        • And since when does the Consitution state the right to create encrypted messages that the government can't read is an essential liberty

        And since when did the Constitution not need Amended to reflect changing attitudes on what is essential?

    • I have kept my e-mail signature the same for over three years, but on the day of the WTC attacks I changed it to this quote. I think now more than ever we are in danger of losing the encryption war. Besides back door or not the criminal isn't playing fair. They will use their own encryption mechanisms. Its not hard to make one. Then again you all knew this.

      JOhn
  • It seems that people are just looking for a simple answer to a very complex question.

    Usually when this happens (from my observation) people point fingers at the easy targets (muslims and arabs for example). This is just another case.

    The majority of people (72%) just don't understand "new" technology in general and how it works. The possiblity of terrorists using encryption and e-mail and the internet scares the shit out of them. So it's very easy for them to say that modifying those technologies to allow police to easily "snoop on them" will help. When in fact they just don't know because they don't understand how it works.

    This scares me because - with a few exceptions - in a democracy what the majority of the people want will happen (well in a true democracy it should anyway). So it won't surprise me if we see bills passed that will require this kind of thing to take place.

    But I hope I'm wrong....

    --
    Garett

  • Congress lays blame (Score:3, Interesting)

    by weslocke ( 240386 ) on Wednesday September 19, 2001 @01:44PM (#2320826)
    Congress was quick to blame sophisticated encryption methods for the massive intelligence failure last week and is proposing that government officials should have backdoor access to encryption products to aid national security.

    Funny... and here I had thought that the primary reasons given for the massive intelligence failure were due to budget constraints and de-escalation of the intelligence community. Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...

    So how do they jump from that to blaming it on encryption? Sheesh.
    • So how do they jump from that to blaming it on encryption?

      It is MUCH cheaper to just outlaw crypto than to pay for 1000 spies. Also many of those spies will be some pretty evil people that we payoff for info. So they are trying to take the easy way out.
      • It is MUCH cheaper to just outlaw crypto than to pay for 1000 spies.

        Oh really? How much will it cost to send US Marshals into everyone's home and office to force us at gunpoint to "up"grade? Because that is what it will take to make such a law effective.

    • MSNBC does.
    • Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...


      The CIA and various government officials are directly responsible for bin Laden (vs. USSR) and Saddam Hussein (vs. Iran) being where they are today. You'll pardon me if I say it sounds like they're passing the buck.
  • What the american people, states, of feds want. I will have my own encryption software without the backdoors. I will have encrypted backups, and encrypted filesystems. My business is not your business not the new "police" state.

    And for what I want to keep really secret, the good old one-time pad will do nicely.

    Chris
  • There's an option at the bottom about whether you'd recommend it for viewing.

    I selected "not at all".
  • With almost identical results. Of course the only conclusion is that it's safe to say that the same demographic reads both sites. There's also a biting op-ed piece on the Washington Post [washingtonpost.com] by John Podesta that basically says that we techies are the ones who "don't get it" when it comes to encryption restrictions. If this is the prevailing mood in the country, then I think we've already lost.

    Oh and I wouldn't put too much stock in outside governments not changing their laws to match. Most of them would love to and the current mood is that there are only two sides available in the fight against terrorism.

  • I think someone mentioned that it's more important to ask educated people in the relevant field, rather than just the population at large. This is important, but we also need to ask educated, _compassionate_ people whether the question needs to be asked at all. By this, I mean question the goal. One of the problems with asking educated experts about things in their field is that their field is all they know and that's how they see the world. (If you're a crypto expert, you'll look for crypto solutions to problems, and if there's a better field to solve it, you won't necessarily recognize that.) Don't just assume that crypto stuff should be on the table and then ask crypto experts about it. Of course they're going to write you a very persuasive essay (one way or the other) on the topic. And the result is you'll think crypto is significant (regardless of which side you end up on). Or if you ask military advisors what type of war should be waged, well, you've already given them the assumption they need to give you an earful of expert opinions on war and before you know it, everyone hears this stuff and believes that war (of one type or another, depending on which side of the argument you side with) is relevant to the issue. So yes, get educated opinions from experts in the field, but also carefully ask if that field is relevant. Cause if it's not, you've just promoted it to that level.

  • According to this MSNBC article, "72 percent of Americans believe that anti-commercial passenger airliner laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C."

    Makes about as much sense.

  • This is truly awful-- I suspect the author got hit hard by Namba and put up whatever he had lying around. Let's look at this.

    "A poll in the United States has found widespread support for a ban on "uncrackable" encryption products." The only supporting statement it has, however, is this: "The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers.". They don't bother to give us any details about the question. What sort of anti-encryption laws? Which branch of law enforcement? What were the allowed answers to the question?

    This lack of detail is especially worrisome given the drastically misleading figure from the featured question: "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks.". Wow, 72 percent of americans are anti-encryption! We're a week from the tragedy, with no details being released to us on how it was orchestrated. So, how do we know they would have been very helpful? For that matter, how do we know they would have not been helpful at all? "Somewhat" helpful is practically the default answer-- if you're pulling the answer out of your ass, pick the middle one.

    Let's look at some of the other striking logic: "Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future.". Of course, they don't bother to mention how many believed that tighter restrictions would prevent attacks. Here, the default answer is obviously "might". Do I know tighter restrictions wouldn't prevent a single attack? Of course not; I also don't know that they would.

    Finally, of course, the most important number is the date this survey was taken: Sep. 13-14. To be fair to the author, she did mention that. Taking surveys during that time is a disgustingly opportunistic response to the attacks. You certainly could have garnered favorable responses to attacking just about any country in the middle east, killing civilians, locking up immigrants, etc. etc.. I simply can't believe that in the wake of the tragedy, these people wasted their time and everyone else's on pushing this stupid agenda.
  • Could someone explain to me, in somewhat simple terms, how adding backdoors to things like public-key encryption could be possible?

    I don't mean politically, but technically and practically.

    Wouldn't a backdoor in something like PGP make it inherently insecure? I mean, wouldn't it be possible to find out how the Feds are decrypting, and use that method on ALL encrypted traffic?

    This sounds analogous to someone finding a way to factor the product of two large primes back into the primes.

    Or am I thinking about this all in the wrong way? Would it not be a "master" type key?

    I just don't get it.

  • What they'll say (Score:4, Funny)

    by Syberghost ( 10557 ) <syberghost@@@syberghost...com> on Wednesday September 19, 2001 @01:55PM (#2320935)
    I wonder what those 72% of people will say when the other 28% of us are in jail for refusing to give up our crypto keys, and they need their servers fixed or their ISP connections troubleshot, and all us geeks are unavailable.
  • I bet you could write a survey that got over 60% of Americans to favor repealing the First Amendment. It's all in how you write it.

  • You are reading it wrong (Score:3, Insightful)

    by FortKnox ( 169099 ) on Wednesday September 19, 2001 @01:58PM (#2320962) Homepage Journal
    72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks

    Read it over and over again. It is not stating that 72 percent of people want their rights taken away. It just states that they think anti-crypto might of helped.

    Redo the poll to:
    How many people think that the attack wouldn't happen if the US was a cruel military dictatorship?

    I bet it would be like 90 percent. Its true. It doesn't mean we want to be a dictatorship, just that it might of prevented it.

    Stop knee-jerking, people.

  • On House Floor Barbra Lee warns of grave mistakes. (Score:4, Informative)

    by ClarkEvans ( 102211 ) on Wednesday September 19, 2001 @01:58PM (#2320964) Homepage
    According to the Washington Post, last Friday Barbra Lee (Democrat from California) said on the house floor: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." More details are below, copied from here [washingtonpost.com].

    ...

    The Solitary Vote Of Barbara Lee
    Congresswoman Against Use of Force
    By Peter Carlson
    Washington Post Staff Writer
    Wednesday, September 19, 2001; Page C01

    "We need to step back," said Rep. Barbara Lee (D-Calif.). "We're grieving. We need to step back and think about this so that it doesn't spiral out of control. We have to make sure we don't make any mistakes."

    She was walking down a hallway in the Cannon House Office Building. A plainclothes police officer hovered a few steps away, looking very serious. The Capitol Police began guarding Lee on Saturday because of death threats she received after voting against a resolution authorizing President Bush to use military force against anyone associated with last week's terrorist attacks. The resolution passed 98-0 in the Senate and 420-1 in the House. Lee's was the sole dissenting vote.

    "In times like this," she said, "you have to have some members saying, 'Let's show some restraint.' "

    Led by her police bodyguard, she moved along quickly, slipping into her office and closing the door behind her. Inside, the phone lines had shut down under an onslaught of calls from all over the country -- many of them irate, some of them downright nasty -- and her voice mailbox was too full to take any more messages.

    "We've gotten thousands of calls and thousands of e-mails," she said. "People are very emotional. . . . They're frustrated and they're angry."

    She's 55, a small woman with short black hair. Normally, she has a bright smile, but these days she looks sad, worried, harried. She is quick to point out that she voted to condemn last week's attacks and to allocate $40 billion to fight terrorism.

    "I'm just as American and just as patriotic as anybody else," she insists.

    She does not rule out military action, she says, but she voted against the authorization to use force because she opposes giving the president the sole decision on when and where to make war. "I believe we must make sure that Congress upholds its responsibilities and upholds checks and balances. This is a representative democracy and it's our responsibility."

    War, she believes, is not the most effective way to fight terrorism. "Military action is a one-dimensional reaction to a multidimensional problem," she says. "We've got to be very deliberative and think through the implications of whatever we do."

    This is not the first time Lee has stood alone against war. In 1999, during the crisis in Kosovo, she was the only House member to vote against authorizing President Clinton to bomb Serbia. "I'm not a pacifist," she says, "but I don't believe military action should be the only action we embark on."

    Fortunately for Lee, she represents one of the most liberal congressional districts in the United States -- California's 9th, which includes Berkeley and Oakland. It's the district that was represented by another antiwar dissident -- Ronald Dellums -- for nearly 28 years. Lee served as Dellums's chief of staff for a decade before she was elected to the California State Assembly in 1990. When Dellums retired in 1998, she won the election to succeed him, and was reelected last year with 85 percent of the vote.

    "I would have voted the same way," says Dellums, now president of Washington-based Healthcare International Management. "We need to think this through and ask, 'Are there better ways to do this?' "

    "I agonized over this vote all week," she says. "I searched my conscience. I talked to many people. Ultimately, on some votes, you have to vote the way your conscience dictates."

    Her agony was exacerbated by the knowledge that her chief of staff, Sandre Swanson, was mourning the death of his cousin Wanda Green, who was a flight attendant on the hijacked United jet that crashed in Pennsylvania.

    "I support her decision," Swanson says. "The principle on which she based her decision was that somebody should stand up and say that only Congress has the power to declare war. . . . People say she was unpatriotic. I think it was very patriotic."

    "I admire the courage of Barbara Lee," says Rep. John Lewis (D-Ga.), who spent the 1960s in the front lines of the civil rights movement. "She demonstrated raw courage to stand up and vote the way she did. She stood alone -- one against 420. Several other members wanted to be there also but at the same time, like me, they didn't want to be seen as soft on terrorism."

    Lewis voted to authorize military action but, he says, he came close to joining Lee in opposition. "I was probably 99 percent of the way there in my heart and my soul," he says, "but in the end I wanted to send the strongest possible message that we can't let terrorism stand."

    Lee's vote is reminiscent of the first woman ever elected to Congress, Jeannette Rankin of Montana, who voted against the nation's entry into World War I and World War II. It also brings to mind Wayne Morse and Ernest Gruening, the two senators who voted against the 1964 Gulf of Tonkin resolution, which gave President Lyndon Johnson the power to wage war in Vietnam.

    On the House floor last Friday night, Lee quoted Morse: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." She added: "Senator Morse was correct, and I fear we make the same mistake today."

    Out in Oakland, Lee's vote is the subject of much debate, some of it heated, says Don Perata, the Democratic state senator who represents Lee's district.

    Perata calls Lee's vote "wrongheaded" and he isn't impressed with her explanation of it. "There wasn't a lot of clarity there," he says. "I would have cast a different vote. This is a time for a united front in America, particularly in Congress."

    But, he predicts, Lee's vote probably will not affect her chances for reelection.

    "The district is overwhelmingly Democratic," he says. "There are probably more people who are to the left of the Democrats than there are Republicans."

    Also, he adds: "Barbara is very popular here. She's just a very, very nice woman -- and in this business that counts for a lot."

    On Monday, Perata says, California talk radio was abuzz with callers denouncing Lee as a communist.

    "I was wincing," he says, "because that's not Barbara. She did not cast that vote because she's unpatriotic. She loves this country and its opportunities as much as anybody."

    Meanwhile, back in her office on Capitol Hill, Lee was furiously working the phones, talking to constituents and local media outlets.

    "I hope that when I get my message out," she says, "people will understand why I did what I did. Whether they agree with me or not, they'll understand that I want to bring these [terrorists] to justice as much as anybody else does."

    She declined to speculate on the effect her vote might have on her popularity. "This was not," she says, "a poll-driven vote."

    • I find myself overcome with heartfelt respect and admiration for this brave, principled person. Perhaps there is hope for us after all. Thank you for posting this.

      • She voted against this resolution which gives G.W. Bush power to use "all necessary and appropriate force" against those "he deterimines planned, authorized, committed, or aided the terrorist attacks"

        ...

        H.J. Res. 64
        Whereas, on September 11, 2001, acts of treacherous violence were committed against the United States and its citizens; and

        Whereas, such acts render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad; and

        Whereas, in light of the threat to the national security and foreign policy of the United States posed by these grave acts of violence; and

        Whereas, such acts continue to pose an unusual and extraordinary threat to the national security and foreign policy of the United States; and

        Whereas, the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the
        United States:

        Now, therefore, be it Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,

        SECTION 1. SHORT TITLE.

        This joint resolution may be cited as the ``Authorization for Use of Military Force''.

        SEC. 2. AUTHORIZATION FOR USE OF UNITED STATES ARMED FORCES.

        (a) IN GENERAL.--That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any further acts of international terrorism against the United States by such nations, organizations or persons.

        (b) WAR POWERS RESOLUTION REQUIREMENTS.--

        (1) SPECIFIC STATUTORY AUTHORIZATION.--Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution.

  • How many non-americans are in favor of backdoors for US government? I don't think there'd be much support for that! From that point it just means: go get your software outside the US... Since the countries will never agree on "common backdoors" or things like that, forcing the US citizens to use encryption with backdoor would be totally useless.
  • If they implement back doors to crypto, or outright ban crypto, then crypto will go underground. The people who want the illegal crypto will pay through the nose to get it, and will pay the best coders to develop the best crypto. It will be like the drug dealers out-gunning the cops because they have more money to spend on guns.
  • I have now on my desk a copy of a document prepared by a leading think-tank over a decade ago detailing our nation's vulnerabilities to terrorism and what should be done about it. In the wake of last week's tragedy I took the document out of its file and read it again with new eyes. Last week's attack could have been much worse. Thank God the people who wrote that document are on our side. It is a shame we didn't listen to them.

    If you are feeling bad about the role encryption plays in allowing terrorists to act freely, perhaps some excerpts from this document will ease your mind and open your eyes to the usefulness of encryption systems in combating terrorism. Also keep in mind that this was written in the mid 1980s. I apologize in advance for not giving proper credit to the authors, but I'm sure that they understand why.

    -- begin quote --

    Adulteration, the accidental or deliberate injection of undesired material into a network, can cause serious problems. Accidental diversion of unintended liquids into a pipeline system, like accidental switching of a train onto the wrong track, sometimes leads to disastrous results... ...Perhaps the most insidious form of adulteration is the accidental or deliberate entry of false data into a computer network because until the problem is detected incorrect decisions are made and once the problem is discovered user confidence in the system is shaken... ... identifying false information is a critical function that can be seriously complicated by adversaries' use of deception.
    ...
    Leakage from networks is at least... ... But again, the most insidious form of the problem is associated with communications: tapping networks is a primary source of illicit information both in the business world and in foreign intelligence... ... so that communications and database security is of significant importance.
    ...
    MEASURES FOR RISK REDUCTION
    Robustness
    protective enclosures
    solid construction
    guards
    deterrent laws
    human engineering to reduce errors
    operator training and practice
    ENCRYPTION OF INFORMATION (emphasis added)
    Ruggedness
    redundancy
    excess capacity
    backup systems
    error correcting coding for communications
    emergency response teams
    crisis training
    alarm systems
    automatic diagnosis systems
    emergency subsystems
    preplanned triage
    public or customer emergency instruction arrangements
    Resiliency
    stores of critical spares
    emergency recovery teams
    training of recovery actions
    insurance
    procedures for sharing abnormal resource costs
    pre-established plans for implementing improvements rather than return to status quo ante

    -- end quote --
    The measures listed above were to be encouraged in PRIVATE organizations and amoung the general public. I have reproduced the entire list because unlike the rest of the report it should be shared amoung as many people as possible, especially in business. As you can see public use of encryption is on this list.

    It is important that businesses, and other organizations, be able to encrypt data securely so that critical vulnerabilities and response plans cannot fall into the hands of terrorists. It is important that businesses be able to encrypt and digitally sign communications so that false data or false orders cannot be transmitted that will cause their facilities to be damaged or an inappropriate action taken that could jeopardize lives and infrastructure. People need to be able to encrypt data and communications so that they will be less susceptible to blackmail (supposedly "no organization is secure from an operative who finds a well-placed secretary that is having an illicit affair") or assassination by terrorists.

    Encryption is a powerful tool. It is as useful for protection from terror as it is the commission of terror. We cannot prevent the terrorists from having access to these tools; so we must seek to learn to use them better ourselves, and to make sure that they are in the hands of "the right people." With the ever-increasing reliance on data collected and sent over electronic networks in the making of critical decisions by all sectors of society, failure to use encryption and digital signature technology could be very bad.

    The above comments were orignally made by me a few days ago to someone who had done encryption work and was now questioning whether our current privacy/security ratio would or should be changed. I apologize for using recycled electrons, but I thought the comments were equally applicable to this Slashdot story because they show the role that encryption can play in protecting people from terrorism (and espionage and vandalism and organized crime...) and I am leaving for a meeting so I don't have time to rewrite them.

  • Online Polling subject to whatever (Score:3, Interesting)

    by SubtleNuance ( 184325 ) on Wednesday September 19, 2001 @02:01PM (#2321002) Journal
    Please, anyone who takes an online poll seriously is loosing his mind.

    The mindless law-and-order rednecks who hang around at FreeRepublic.com [freerepublic.com] regularily post comments on their forums encouraging their members to "Freep" the poll (using their lingo). Now, if Slashdot had posted a notice requesting that *we* all 'Slashdotted' that poll - do you think the results may have been different?

    Without the usual mention of The Three Greatest Lies (Statistics, Statistics and Statistics), I will mention that ONLINE polls even miss the basics of reasonable methods... like unbiased 'random' samples for instance.

  • In the recent mafia case, PGP was defeated by using keyboard capture methods. I believe the people who answered this poll probably include this kind of "back door" in their yes response. I do. We need to emphasize these methods instead of the futile idea of having everybody change to new weak forms of crypto.

    Key escrow is studid, but we need an alternative. There is no right to secretly plot to blow up buildings. The governement should gather probable cause and get wiretapping permission with a court order to target an individual. I think Ashcroft's idea to target people instead of devices makes sense, but I don't want weaker standards of judicial oversight.

    Encryption absolutely can be defeated if, by physical or cyber processes, keyboard capture and screen capture are used. Since the bad guys aren't going to change their crypto, we have to do this anyway. It's been proven effective and it should be the focus of national efforts to defeat encryption.

  • If someone wishes to pass information on to somebody else without anyone else knowing what is going on, putting backdoors in crypto packages and outlawing the rest isn't going to stop them.

    The sheer volume of information sloshing around between machines means that you have to ignore something - processing all of it is verging on the impossible even if you don't have to decrypt. Say I wanted to tell Fred something important - "Free beer at John's house, 9pm" - and I was banned from using crypto. I could play with any number of obfuscations - I could encode the ASCII bits into the least significant bit of the red channel of an image. I could speak it and send it as an Windows executable with a MP3 component welded onto the end which could be extracted by knowing how long the original executable was. I could hide the message hidden spread through an MPEG file in some redundant byte in an MPEG frame header. Given a known random number generator and a given seed, you could XOR your message with the obfuscating signal. The number of ways to play this game is at least as complex as the number of data formats available.

    So even if you had a complete and effective ban on encryption (which is impossible) you still couldn't process or intercept all the info flying through your checking portal. And even if the encryption ban stopped terrorists from passing information through the Internet, you haven't stopped them communicating - you have just made them use something else. Like encrypted packet radio or laser interferometry.

    Cheers,

    Toby Haynes

  • I'm not entirely against massive invasions of privacy... provided they're not one-sided.

    i.e. if the police have a CCTV network, (a) it should be public access and (b) there should be public-access cameras on the police too.

    This somewhat trite example generalises to more other domains too - e.g. no branch of government should not be allowed use crypto if the citizens aren't.

    The answer to the quesion "Who will watch the Watchers?" should always be "The Watched".

    *Asymmetric* flow of information increases one person's power over another. To preserve the balance of power in the event of anti-crypto legislation, it would be neccessary to further increase the transparency of governmental security operations.

    David Brin (well known hard sci-fi writer, among other things) has analysed this is in an easy-to-read manner in his book "The Transparent Society", the first chapter of which is available on-line here [kithrup.com]

    I strongly recommend reading it, it illustrates problems with the logic of both some privacy advocating positions and some privacy invasion advocating positions.
  • ...interesting to see if Internet traffic jumps sharply as people switch to using steganography [tripod.com] to stuff their confidential emails inside mp3's and jpg's.

  • This is their chance... (Score:2, Insightful)

    by neema ( 170845 )
    This is a chance for alot of politics to do things they always wanted to.

    One of these things is what is described here.

    Also, some law written in the 70s (I believe) stated that America can not legally issue assasination orders. They want to repeal that.

    Also, they wnat to make phone tapping much easier. The law right now is you have to not only get a warrant to tap a phone, but you can't monitor a person, just a specific phone line.

    And finally, all military upgrades are going to be majorily supported by the public (can you see more republican support?) in the near future.

    Lets not let our rage cloud our vision.

    Politicians will always be politicians.

  • Problem is with the questions as asked. (Score:3, Insightful)

    by MO! ( 13886 ) on Wednesday September 19, 2001 @02:09PM (#2321077) Homepage
    I the poll simply asked "Do you think law enforcement having 'backdoors' in crypto tools would help reduce terrorism?" then of course a majority would say yes. It is true as well - it would help.


    However, if the question was asked as "Do you support the government having unlimited backdoors into all crypto tools, even if it meant your ecommerce transactions were more vulnerable to hacking as an unintentional result?" - I HIGHLY doubt we's see 72% saying yes!

      • I the poll simply asked "Do you think law enforcement having 'backdoors' in crypto tools would help reduce terrorism?" then of course a majority would say yes. It is true as well - it would help

      How? You just crypto your stuff with a strong non-backdoored package, then wrap it in the Fed approved stuff. It doesn't even help you to spot it unless you habitually decrypt and examine the contents of all traffic.

  • In the light of last weeks terror attacks and the obvious need for coordination on the attacker's side, most likely by the means of encrypted messages, I can understand the people's reaction. But let us have a look at what cryptography achieves. Cryptography achieves that an eavesdropper cannot read the content of a message. Cryptography does not mask the fact that there is a message being exchanged between two parties. The knowledge of a message interchange (and maybe a peak in activity) is an important piece of knowledge to criminal investigators. Sometimes it is not important to know what a message contains, but to know that there is a message. Now when you are implementing backdoors in popular cryptoolkits you are forcing people to use other means. For instance steganography. Hide the fact that you are sending a message at all. For instance use a webcam that shows the picture of a busy place in London. Now embedd a message in every 16th, 15th, 14th, ... (alternate it please) bit and send it to all viewers. One of the viewers knows that there is a message and the time of the broadcast. He will get the message, others won't. Yes, there _are_ methods to detect embedded messages, but these methods do not perform very well on a constantly changing stream of information. This would be method one. There are other possibilities. Even if you put a backdoor in a package like PGP, the algorithms are open, what will stop a terrorist from implementing his own PGP. This is not rocket science. What will stop him to exchange a shared secret (use the good old book-page method or whatever) and then use an insane amount of bits for a symmentric encyption? So I do not think that backdoors will do much good. They will stop Joe Blow "I hide Pr0n" but not somebody who is educated about cryptography and knows how to use (and implement) it.

  • Banning Firearms (Score:2, Insightful)

    by gatorBYTE ( 93755 )
    The argument that we should have backdoors on everything crypto, is very simular to the logic "we should ban guns to keep the public safe." The problem of course, is that the criminal still has a gun, and you are unable to defend yourself.

  • 72% of people get their identities stolen.. (Score:3, Funny)

    by josepha48 ( 13953 ) on Wednesday September 19, 2001 @02:11PM (#2321089) Journal
    .. spawning Microsofts new slogan.. who do you want to be today?
  • MAKES POLL [kuro5hin.org] TO PROVE PEOPLE LOVE M$ AND HATE PRIVACY, THEN MAKES ARTICLE TO TELL ABOUT IT.

    Tune into MSNBC for more exciting details and developments. Dumb, Da-Dumb-Dumb, Dumb-Da-Dumb-Dumb, Dumb.

  • Coming to the US on a visa is a priviledge not a right. With suitable restrictions, perhaps a narrow restriction on strong crypto would fly.

    What would be wrong with a narrow law that said that if you are in the US on a visa that you cannot send encrypted messages across US borders without key escrow.

    I'm very worried that a hard line stance on this will fail. A narrowed alternative may be something we have to propose.

  • Honest answers now, please! (Score:3, Interesting)

    by ChaoticCoyote ( 195677 ) on Wednesday September 19, 2001 @02:17PM (#2321136) Homepage

    Okay: Everyone raise your hand who is willing to die for their right to use crypto. I mean really die -- or even suffer serious bodily harm -- standing up for your rights?

    Whenever I see these topics come up, they're always accompanied by one-line comments "They'll only get my gpg when they pry it from my cold dead fingers!" Come on now -- would you let them kill you rather than give up your crypto?

    You find out what people truly, honestly believe, deep in their hearts and souls, when they're faced with the raw reality of standing firm against inimidation and violence. Looking down the barrel of a gun is a damned good test of one's convictions...

  • Anyone have links to resoultions/bills/etc. that Congress has actually passed/put on the floor/whatever? I came up empty handed last time this was up on Slashdot.
  • The following is written in the format of an editorial targetted at non-technical users. Anyone lobbying against crippling encryption is welcome to use it. It's (c) 2001 Stuart Ballard.

    Should we require all encryption to have a backdoor?

    A recent poll on MSNBC suggests that the vast majority of Americans would favor legislation requiring all encryption software to carry a "back door" allowing the government to read through it, as a means of preventing tragedies like the one that occurred on September 11th. This appears to be a legitimate attempt to protect the security of our nation, but let's look a little closer at what the effects would actually be.

    On the internet, "encrypted" is the same as "secure". Remember when your web browser tells you you've gone to a "secure site"? Remember how everyone tells you never to enter your credit card number on the internet unless it's a secure site? That's right - the same encryption that evil terrorists use to plan killing people is what stops evil hackers from stealing your credit card number.

    And remember, evil hackers are clever. If there's a hole in something, they'll find it. Remember all the viruses and worms you hear about? Those are all using holes that nobody even intended to put there - they were there by mistake. Imagine how much easier it would be to find a backdoor-sized hole that was put there on purpose!

    Now the question seems a little harder to answer, doesn't it? Keep your credit card number safe from hackers, or keep your country safe from terrorists?

    But it's even worse than that. The way encryption works is just math, and it's math that somebody with college-level mathematics knowledge can learn in a matter of hours. There's a page on the net that encourages every programmer to write his own encryption program just to learn how to do it - it only takes a few hours for a competent programmer. That knowledge is so widespread among programmers and mathematicians that it would be impossible to legislate it away - and any attempt to censor that knowledge would be laughed out of court on First Amendment grounds.

    So why would a terrorist use a commercial encryption program with a known hole in it, when they can write their own in a couple of hours? Or even just keep hold of the copies they have now, which don't have the hole?

    So what was the question again? Oh yes: should we make it easy for evil hackers to steal your credit card number, without actually stopping terrorists from communicating just as secretly as they already can?

    Hmm... What do you think?

  • Think People, Think! (Score:2, Interesting)

    by ArcadeNut ( 85398 )
    The more I read on here, other places, listen on the Radio, and watch on TV the more my blood boils.

    People are screaming "WE MUST DO SOMETHING!". I agree 100%. We must do something, and that something is THINK. Quit trying to solve problems that don't exist or are just symptoms/side effects of the real problem.

    We have to ask the question "Does this fix the problem?".

    National ID Cards
    What genius thought this one up? What problem is this going to solve? "Can I see your papers please?", "Uh I forgot my ID at home". Off to jail you go. I already have a "National ID", is called a Social Security Number.

    Curb-Side Check-in Discontinued
    What problem does this solve? Does anyone know if the terrorists even had luggage? I know that I have taken several trips with only a carry-on. The person doing the curb-side check-in still looks up my information on the computer and verifies everything before hand. This solves nothing, except to give the public a "Warm Fuzzy Feeling" that we have "Heightened Security".

    Banning Knives, Box Cutters, etc..
    Would this solve the problem? Doubtful. The problem is the conditioning of the public that if the plane is hijacked, the best thing to do is just sit there. The hijackers will make their demands, and eventually, we'll all get to go home. This incident changed that. The next time someone tries to hijack a plane, (hopefully) everyone on the plane will try to take them down.

    Banning knives and such wont fix the problem. A pencil is just as good a weapon as a knife. Should we also ban these? What about people trained in Hand-to-Hand combat? People can kill with their hands, feet, etc...

    Back-Doors in Encryption
    How is this going to help? Has it even been proven that they used encryption? What type did they use? How did it help them? Everything I have read so far has been 100% speculation.

    Do you think the Government is going to have back doors in THEIR encryption? I don't think so.

    What chilling effects are going to come out of this? Banks encrypt their transactions such as money transfers, etc... Now what happens if that "Back-Door" falls into the wrong hands? What about e-Commerce? Will your on-line transactions be safe anymore? Faith in on-line transactions such as buying goods, paying bills, etc.. will plummet if the "Back-Door" becomes public knowledge.

    But then again, as one radio talk show host here in Phoenix, put it "Who cares?". These are things about convenience, right? No, these things are about Freedom. The Freedom to do as we want when we want to. The only time we are not allowed to do that is when it infringes on the rights of others. This is true for the most part, however, there are plenty of exceptions to this rule, take the DMCA for example.

    Again, how is this going to solve the problem? So we put back-doors in our encryption, now what? The terrorist simply change to other methods. They drop a letter in the mail, and it arrives at the destination in as little as a day. Are we going to allow the government to open every single letter that travels through the post office?

    Who says they have to use typical Modern-day encryption? There are many ways to send "coded" messages that appear harmless to anyone looking at them.

    Problem: Hijackers took over the controls of the plane
    Solution: There are several that I have read about that actually make sense and would probably help this problem. Make the cockpit self-contained. No access to it AT ALL from the rest of the plane. If you can't get to the controls, you can't take them over and fly the plane into a building.

    Problem: Hijackers take hostages and claim to have a [insert device here]
    Solution: Everyone on the plane attack that person or persons. After the event on September 11, you would have to be stupid to just sit there.

    Problem: Security check-points at the airport are a joke
    Solution: Do not leave security to people who have no clue about it. The private sector is not interested in security; they are interested in the bottom line. The government either federal or local needs to be in charge of security. Pay the people who do the security better.

    Problem: This person is a known terrorist
    Solution: Kill them before they can do it again.

    Before you go and piss away your rights, take the time to think about whether or not its actually going to help things, or just make life for most Americans that much more difficult. If it really had a good logical reasoning behind it, I'd take it into consideration, and might even vote for it. The problem is, is that everything that people have been suggesting is knee-jerk reactions that only give the perception of "Solving" a problem when in fact they actually don't solve anything.

    Do we really need more laws? The government has already found 180+ people that might be involved with this with the laws we already have. Would adding new laws make that much of a difference? The terrorists worked with-in the system, and if the system changes, they will probably adapt as well.

  • Let me go put on my surprise face ...

    Everybody considers themselves an expert at everything even though they are probably only an expert at zero to one things.

    Contrasted to slashdot, where we know everything about law enforcement, the government, and defense. :)

  • bin Ladin... (Score:2, Interesting)

    by iggyflashbulb ( 244946 )
    would love to get his hands on these back doors.

    It would be funny if he has lobbyists in the US pushing for these bills.
  • The very idea of doing this is ridiculous not just from the standpoint of the loss of privacy, but because the technology for strong encryption is already all over the place. This isn't a situation where a law is passed and suddenly every existing crypto program self-destructs to make way for the new system. No terrorist in his/her right mind would use the system with the backdoor. They have people who are willing to commit a suicide bombing. Surely they wouldn't have a problem with bending the law and using an old unprotected crypto program.

    By this logic, we should also outlaw guns. They might be used for terrorist operations. We all know that passing a law against the use of guns will cause every one of the millions of guns in this country to vanish as well.
  • The survey found that 72 percent of Americans believe that anti-encryption laws would be "somewhat" or "very" helpful in preventing a repeat of last week's terrorist attacks

    What a useless survey. Since when does your average American know anything about encryption? Or how terrorits use encryption? Or about U.S. constitution for that matter... *sigh*

  • Even in non-tech world this is a no-brainer (Score:3, Insightful)

    by cavemanf16 ( 303184 ) on Wednesday September 19, 2001 @02:25PM (#2321218) Homepage Journal
    Doesn't anyone realize that just like in the non-technical world, humans are the single leading cause of a security breach? It's not how powerful a lock, how many escape routes you have, or how much digitally encrypted info you have. If one person starts bragging about their passwords or security access levels in a bar one night, you might as well throw all the tech out the window.

    The media should quit talking about script kiddies and address the real threats: social engineering. I guarantee you that after working for a couple years in a financial, customer care workplace where we were making outbound calls to resolve financial matters for our customers, it wasn't the phone that was the limiting factor on obtaining information, it was the person on the other end of the line. Probably 1 time out of 15 I can get a customer service rep to give me more than enough info on someone given certain little bits of data. With smaller companies, sometimes just the name, and a well-meaning rep will be all I need to get more info than I could possibly even want (once in a great while I actually had to cut people off while they dropped all kinds of info because I was too busy to write it all down!). That's not to say that I would ever think of trying to breach security for my own personal illegal use, because I expect others not to misuse my personal data either, but let's quit cracking down on the technical factors, and crack down on the degenerate human factor instead...

  • How do they enforce this? (Score:3, Interesting)

    by cascadefx ( 174894 ) <morlockhq@@@gmail...com> on Wednesday September 19, 2001 @02:25PM (#2321220) Journal
    My question stems from enforcement. Let's say that backdoor systems become the only form of crypto that is legally allowed to be used in the US. OK. So now we're all supposed to use it to encrypt our precious /. posts.

    Now, one of us uses a copy of PGP (pre-backdoor) or codes his own blowfish app and uses it to encrypt her letters to CyptoGRRL Magazine. How is the US going to stop her from doing this?

    What do officials say?

    "We were randomly sampling the crypto streams traversing the net and noticed that our backdoor key didn't work on your message stream. You are in violation of US Code BlahBlahBlah."

    Doesn't that seem to open some other sticky questions? I mean, if I'm not breaking the law (other than using strong crypto), how are they going to tell or prosecute me?

    It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant [slashdot.org]). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.

    Besides, development of Open Source versions of crypto programs would continue in other parts of the world. The US won't be able to stop that. I could just download the program from CryptoGRRL.de (as long as the server actually resided outside of the US).

  • Some Historical Perspective (Score:3, Interesting)

    by Metrol ( 147060 ) on Wednesday September 19, 2001 @02:37PM (#2321300) Homepage
    The danger here is not a technical one, but a political one. It's a lesson history tried to teach us once before, but I haven't seen anyone really doing a comparison to a very similar set of circumstances that have happened prior.

    Today I'm sure that the majority of our leaders in government are honestly concerned about how to deal with how to thwart attacks like we all saw last week. To do this they see information gathering as a critical tool to use for these ends. To gather this information they wish to put together an infrastructure of snooping abilities that go far beyond issues dealing with cryptography. We're also looking at phone tapping and possible postal snooping. The majority of citizens at this moment are more than happy to give up these liberties to give law enforcement the tools they seek. Lives are at stake after all!

    Okay, so what happens when there's no longer a terrorist threat to be dealt with? Does this infrastructure just vanish? Not bloody likely. I don't believe that there's any kind of conspiracy today from either the right or left side of the spectrum to misuse these tools. What about 10 years from now? 20? 50? Can we really entrust a governmental body we haven't even seen yet to only use these kinds of tools in an honest way?

    To keep this non-partisan, let's say the "Widget" party takes a majority in both houses and the presidency. Once in a majority, what all stops them to increase this monitoring built on the infrastructure we are proposing today? How can we be assured that what they're monitoring isn't just criminals, but the opposition party campaigns? Rather than a tool for law enforcemnent we could be looking at a tool for political power.

    As to the comparison I was referring to at the beginning of this post, I'm of course talking about the rise of the Nazi party to power in Germany. Too many similarities to be funny. Weak economy, terrorist attacks on urban areas, a populace all too willing to give up liberties to those that can deliver on the promise that they won't have to be afraid of a building blowing up on them. Oh, and a bit of a racial element tossed into the mix.

    No, I'm not even beginning to suggest that the Nazis are looking to take over America. What I am saying here is that there is a precedent to how people are reacting to these recent events. The German people openly welcomed the kind of lock down the Nazis brought with them because they saw the streets truly get to be a safer place. Unfortunately, what they didn't see was the enormous cost of that safety until it was far too late. What I'm concerned about is that in our fear at this time we may very well not see the high cost we will end up paying decades down the road.

  • Death Tolls (Score:4, Insightful)

    by FFFish ( 7567 ) on Wednesday September 19, 2001 @03:15PM (#2321583) Homepage
    Disclaimer: I am not denying that the WTC attack is a tragedy, I am not denying that something needs to be done. I am merely presenting some facts that may place things into a bit better perspective.

    WTC death toll: ~5200
    US weekly deaths attributable to smoking: ~9000
    US weekly deaths attributable to traffic accidents: ~3400
    US weekly deaths attributable to drinking: ~2300

    Five thousand dead in a single accident is, indeed, highly tragic and morally outrageous: our anger is justified.

    We have far, FAR more people dying of smoking, including a lot of deaths caused by second-hand smoke. Yet the government is doing nothing to protect the victims -- often children in a smoking household -- from this attack on their right to life.

    We have far, far more people dying in traffic accidents, and it's very likely that nearly half those deaths are victims of another driver's idiocy. Yet the government is doing nothing to protect us from those drivers, even though the solution is as simple as instituting mandatory driver training and a higher quality of testing.

    We also have too many people dying because of alcohol. Yet the government isn't serious about cracking down on, say, drinking drivers; nor does it get tough on violence that's been exacerbated by drinking.

    My point? There are plenty of tragedies happening every day. But this time it's got people panicked, so it's far easier to get draconian laws in place.

    Trust the government? No. It doesn't act rationally.

    [Sources: US CDC, NHTSA]

    • Government doing nothing???? (Score:5, Insightful)

      by Teancum ( 67324 ) <robert_horning&netzero,net> on Wednesday September 19, 2001 @04:09PM (#2321947) Homepage Journal
      What do you mean by saying that the government is doing nothing?

      For traffic accidents:

      There are seatbelt laws, vehicle safety standards, lighting standards, collision tests, traffic laws (that comprise whole chapters in most state legal codes), civil engineering to design highways that reduce accidents, and much more.

      In fact, the red tape you need to go through to build a production motor vehicle is incredible... I would like to see you just try and get a few buddies to build a car, and try to give it away (with a helpful donation from somebody like Wm. Gates III or equivalent). Half of your development team would have to be doing nothing but dealing with government regulations and filling out paperwork.

      Regarding drinking:

      Ever heard of the 18th Ammendment to the US Constitution? Read it sometime. I would say that is a rather drastic approach to dealing with drinking, and there are substantial laws to deal with it, including one case where somebody who just killed somebody in an accident will now spend the rest of his life in jail because he was drunk while driving. What more do you want, the death peanalty for driving drunk? I'll admit though that I get surprised when I hear about people that have been arrested 30+ times for a DUI and somehow still keep their license (being a friend of the mayor, bribing judges, finding a loophole in the law, the arresting officer doesn't show up to the trial, etc.)

      In some ways I regret that the 18th Ammendment was repealed, but even with that off the books now, there are still many regulatory laws controlling how alcoholic is produced and consumed... even if it is just going to be used in a fuel take on a car (complicating the issues I mentioned above).

      Smoking:

      Why do you think the tobacco companies setteled out of court with the law suits from most of the US states? Almost every state in the US now has some sort of "indoor clean air act" that prohibits smoking in public areas. Despite warnings from the US Surgeon General, countless piles of money spent on public service ads (including television, radio, newspaper, and magazine ads, not to mention billboards, posters, and anti-smoking programs for schools), a heavy public relations effort (including entire episodes of television news magazines like 60 Minutes or Dateline), millions of people still smoke.

      ********************

      OK, I'll presume for a moment that you meant the United States Government. (I was presuming that you were an American... which isn't always good on /. to assume.) What more do you want?

      There is a difference between passing laws and actually getting them enforced. And in all of the cases I'll admit that we as citizens of this country can do more to help improve what we are doing in these areas.

      But to say that the government is doing nothing is really stretching the imagination.

    • Re:Death Tolls (Score:3, Insightful)

      by Gruneun ( 261463 )
      WTC death toll: ~5200
      US weekly deaths attributable to smoking: ~9000
      US weekly deaths attributable to traffic accidents: ~3400
      US weekly deaths attributable to drinking: ~2300


      US weekly deaths of innocent people attributable to smoking: ~0
      US weekly deaths of innocent people attributable to drinking: ~0

      The outrage was the number of innocent people killed not just the number of deceased individuals. You put a cigarette in your mouth or a get behind a steering wheel after drinking and your death is your own fault.

      p.s. Yes, I realize there are innocent people killed by drunks, too, but I'll assume they're listed under your extremely vague statistics for car accidents.

Slashdot Top Deals

"If it ain't broke, don't fix it." - Bert Lantz

Close