Ask Cryptome's John Young Whatever You'd Like

John Young of Cryptome, though trained as an architect, has garnered recognition in another field entirely. Since 1996, he's been publishing timely, trenchant news online as the mind behind crypto jya.com and Cryptome. ("Our goal is to be the most disreputable publisher on the Net, just after the world's governments and other highly reputable bullshitters." ) This has put him on the forefront of various online liberty issues, from the MPAA's DeCSS crackdown on DeCSS (he fought the lawyers -- and won), to Carnivore, to Dmitry Sklyarov's continuing imprisonment, and now the several fronts along which electronic communications are threatened by current and upcoming legislation. He recently posted this to the front page: "Cryptome and a host of other crypto resources are likely to be shutdown if the war panic continues. What methods could be used to assure continued access to crypto for homeland and self-defense by citizens of all nations against communication transgressors?" Now's your chance to ask him about the fight for online freedom. Please pose just one question per post; we'll send 10-15 of the highest moderated ones on to John for his answers.

Turnaround on backdoors?

[jeffy124]

Immediately after the events of 11 September, lawmakers twiddled with the idea of backdoors in crypto products. Last week I read somewhere (not sure if it was on slashdot or some other news site) that lawmakers were backing down on this for some reason (can't remember why).

Is this 'backing down' accurate? What do you think caused the change of heart? And what is your opinion of backdoors in general? Do you think they would work as lawmakers intend them to?

Encryption

[JMZero]

The current means of doing public/private key encryption (via large primes) seems pretty much universal. Should we be looking for an alternative if/when someone finds a way to break it?

Encrypting email

[CmdrTroll]

Mr. Young,

Currently the vast majority of email travels unencrypted through the Internet, ripe for eavesdropping by Carnivore/DCS1000/Echelon/etc. This is a bit of a "last mile" problem, as I can't reasonably expect my grandmother on AOL to be able to read my PGP-encrypted messages to her unless encryption is made into a standard part of the infrastructure. Otherwise 99% of the users won't bother and that's the situation we have now.

What do you see as being the catalyst that forces the majority of software and service providers to make encrypted email standard equipment? Will it be public outrage over eavesdropping, bribery of ISPs and Microsoft by Verisign or Thawte, or something else altogether? And do you forsee more success for a decentralized standard, like OpenPGP, or for a centralized standard like S/MIME?

-CT

I don't do anything illegal

[Anonymous Coward]

I do nothing illegal in my life (okay, a little speeding) and don't really care if some government worker who I will never meet reads my e-mail. Should I be concerned about any of this stuff the gov't is trying to push?

Government and Privacy

[AlephNot]

Do you believe that it is even possible for any kind of government--be it theocratic, totalitarian, or democratic--to coexist on peaceful terms with the existence of individual and corporate privacy and secure communications?

Hi John

[Scott Lockwood]

What's your opinion on Alan Cox's recient decision to censor security related fixes in his change log announcements on LKML? He cited the DCMA. Also, given that civil liberties are often the first casuality of war, and given that we're "at war" now with Afganistan, when if ever do you think we will see a sucessful court challange that will get this bad law (the DMCA) overturned?

Certified email?

[jeffy124]

Due to the current wave of anthrax troubles in the US, do you think a system will be developed somewhere to allow for Certified Email that employes the applications of crpyto to certifying digital signitures, certificate authority, etc? Even if such a service is funneled through a government agent like the Postal Service at like 5 cents per message to be certified, do you think such a service would be useful?

Optimistic or pessimistic overall?

[Jerf]

I keep track of the kind of thing Cryptome covers. It affects you, after a while.

Overall, are you optimistic or pessimistic that we will eventually (call it 5-20 years) have a society that you would find reasonably acceptable? Or do you think we're destined for one form or another of effective totalitarianism?

Sources?

[SupahVee]

I read Cryptome regularly, generally every day or so, and the only question that I can think of is, Where do you get your information from? I'd like to know os that I canstart researching things much the same way.

Question:

[atrowe]

John, I've heard a lot of debating lately on Slashdot and other discussion sites regarding the US governments recent initiative to include a government accessible "back door" into all new crypto tools.

Supporters of this program claim that such a program will allow day-to-day communications among law-abiding citizens to remain private, whilst still allowing the FBI and CIA to monitor the communications of suspected terrorists(with a warrant, of course).

The liberal media opposition to this initiative is claiming that by installing government accessible backdoors into encryption tools, we are giving up our right to privacy in favor of increased public safety. For the purposes of this post, I'm going to ignore the fact that nowhere in our Constitution or Bill of Rights, are we guaranteed anonimity or absolute privacy. It seems to me that if we cannot trust our policing agencies to be responsible with the power they have been given, the problem is not with the cryptography, but the government itself, and this problem needs to be addressed as such.

My question to you is: What is Cryptome's, and your personal, stance on government accessible backdoors installed in cryptography. Would the benefit to law enforcement, and the increased homeland security outweigh the possible implications to the loss of privacy. Do you think open-sourcing popular cryptographic tools would help alleviate people's fears about the integrity of their data security?

Is Coding Free Speech?

[EccentricAnomaly]

I know it's a basic question - but it seems to be at the heart of the Free-Crypto debate. Free speech should be free whether its in English, French, FORTRAN or Perl. What arguments do you hear against programming being protected as free speech? Can you use the First Amendment against DMCA, ITAR, etc?

DIY hardware crypto

[Guns n' Roses Troll]

Any advice for people who might be interested in DIY hardware crypto boards? Is it possible to easily make them? Would you be able to buy parts without raising flags?

Appealing to the masses

[mttlg]

The main problem when dealing with all of these technical/legal issues (legal access to encryption, fair use, privacy, etc.) is that the masses simply don't care. Many people will gladly give up their future rights to ever record a television broadcast again for the chance to watch higher quality (picture-wise, not content-wise) Friends reruns. My question is this - at what point will enough people say "Keep your laws out of my data!" to create a movement that is likely to change the way legislators look at these issues?

Passport and Windows XP Privacy concerns

[Alrocket]

Hi John,

What do you think of XP, particularly with regard to Passport and privacy concerns?

Thanks,
Al.

general encryption and anonymity

[b-side.org]

Given modern computing's advances, it's now much easier to encrypt casual traffic than it has been in the past. Have you ever considered providing https:// or some other encrypted form of access to your sites for the general public?

Fear and Personal Saftey...

[Bonker]

Despite how everyone on /. talks a big storm about bucking the government, it's got to be pretty damn scary when the feds come knocking at your door. You've no doubt made some powerful, big-time enemies in both the private sector and the government.

Do you ever fear for your own or your family's saftey because of this. Have you ever been threatened? By whom, government agents or private individuals?

If you don't fear for your saftey, what factors about what you do make you feel 'immune' from being 'removed' clandestinely?

A few questions

[xmedar]

Are you ever worried about being shutdown / arrested / bugged / having a smear campaign run against you?

Do you think that all the muck flinging by both governments and corporations is going to lead to somone developing a virtual, anonymous, secure network running over the Net that will be untouchable by governments (i.e. legally secure from attack by dint of listening to the Harvard Law types and using their knowledge combined with technological solutions)?

Do you expect show trials by governments to show that the laws they areintroducing now (RIPA in the UK, USA-Patriot in the US etc) are effective, and how long do you think before there will be miscarragies of justice based on political expedeincy?

Public CA

[imrdkl]

Hi,

Thanks for your efforts. My question was discussed recently on a thread regarding the decision by Thawte to discontinue selling CodeSigning certificates to individuals.

What are the biggest obstacles to a public CA which is supported and funded by, say, the FSF? Is such a thing possible for the Free software community? I guess insurance and certification would be the biggest stumbling blocks. Are there other dimensions to such an undertaking which have not been considered?

If you have nothing to hide...

[thryllkill]

In your opinion Sir, what would be the best response to those who feel this monitoring should be fully funded and supported? My personal feelings are just if it is my business, it probably isn't any of yours.

Also, since most e-commerce is conducted on so called "secure" connections, how would the installation of government backdoors effect e-commerce. If a government back door was hacked and my credit information stolen and exploited, who would the blame fall on? The credit card company, the business I ordered from, or the government agency who installed a faulty back door?

How will world government deal with an AI economy?

[Mentifex]

Extremely serious efforts are underway to create artificially intelligent minds, such as at http://sourceforge.net/projects/mind [sourceforge.net] -- just one of 365 open-source projects in artificial intelligence (AI). Do you expect that the World Trade Organization (WTO) or other allances -- either governmental or corporate -- will attempt to control the emergence of AI technology and of an AI-based cybernetic economy?

As an architect, do you have any interest in the architecture of the mind?

Is there any likelihood that AI research will be outlawed or otherwise subjected to illiberal control?

Passport.

[Soko]

Is there any way you can think of that would help convince people (based on scientific principles) that centralised security services are a bad idea? That convenience should not come before security?

Soko

Personal Background

[andrew cooke]

What do you do all day? From what I've read on Cryptome it's clear you remain interested in Architecture - do you still have any professional involvement (info in the on-site BIO tails off at 98)? If not, how do you pay the bills? How did you get from architecture to cryptome? Do you have any interest in computers and the internet other than as a tool (would you consider yourself a hacker, in the positive sense)?
I know, it's more than one question, but they're all in the same direction. I'm curious about the guy.

The Panopticon

[der raketemensch]

The theory of the panopticon state bounces around on Cryptome and Cartome quite a lot. It is interesting that Cryptome and JYA in a certain sense have been set up to watch the watchers and mitigate the power of the panopticon.

My question is: how aggressive can you/should you be in trying to detail the actions of the (insert three letter acronyms and governments here) pushing panopticonism as the solution to society's problems?

You are clearly willing to put yourself in legal peril, but surely there is a point of diminishing returns. How do you balance things, and have you withheld, or would you ever withhold, information that you would like to publish? (...and yes there are two question marks, but they are pretty related)

And thanks!!

Absolute Right to Privacy

[Anonymous Coward]

Should citizens' have a right to keep personal documents/data private from anyone, including their government?

John Young and _The_Barnhouse_Effect_

[Thagg]

John, I find the service that you provide as Cryptome to be essential. You remind me strongly of the title character in Vonnegut's short story
Report on the Barnhouse Effect [http]. Your reporting keeps the entire world somewhat more honest; and I can't think that it's possible that governments are more careful knowing that someone is watching.

The end of the story, is, of course, of the passing of the torch to Barnhouse's apprentice. I am worried that there's nobody with the combination of integrity, fearlessness, and intelligence to carry on with your work, when your time to perform it is over. Do you worry about that, and are there people to carry the load?

thad

What countries are still free?

[Azog]

I've been watching the United States slow slide towards becoming a police state since the early 90's, when I discovered the Clipper Chip fiasco on comp.org.eff.talk. Thanks for your dedicated work to fight this trend, it won't be forgotten, even if it fails...

So, my question is: If the United States becomes a hostile place for freedom (DMCA, SSSCA, extreme anti-terrorism laws, etc.) where are some good places to flee to?

I write and use free software, and I expect I'll be leaving the US within a couple of years. (I've got a great job, otherwise I'd be leaving already). I don't mind learning a different language... Do you know of any comparative study of different countries of the world, considering at least:

- free speech
- free software
- software patents
- Privacy
- public awareness of the above issues (Most important, perhaps!)
- A just and fair, uncorrupted legal system
- Reasonable balance of taxation, government spending on useful things like education, health care, etc.
- High standard of living

Where would you go?

Benefits/ Detriments of Real Identity

[Tucan]

John,
At some point you decided to run cryptome and publish controversial materials under your true identity rather than under a pseudonym.

What benefits and detriments have you found to using your real identity for your efforts instead of a pseudonym?

what will make people care?

[renard]

Dear Mr. Young,

In your opinion, what will it take - either in terms of EFF-style activism or in terms of 1984-style government repression - to make the average person-on-the-street care about our digital freedoms?

In the current environment it seems that most people have adopted the attitude of Britain's John Major who said - as his Tories wired the UK with videocameras - ``If you have nothing to hide, you have nothing to fear.''

-Renard

"Younglish" - How do you DO it???

[Seth Finkelstein]

Dear John:

Many people will undoubtably ask wide and far-reaching questions about civil-liberties, activism, and running cryptome.org. In contrast, I would like to ask a question perhaps trivial in comparison, but also in the hearts of so very many of your fans.

If this is really ask whatever we'd like ...

How in the world do you generate that unique hash of free-association, bafflegab, verbing, just-this-side-of-understandable wording (not sure which side), "Younglish" writing, for which you are reknowned?

Are consciousness-altering substances ever involved? Where they ever involved? Is it effortless, or do you work at it?

This is nowhere in the same league as DMCA, terrorism, and whatnot.

But believe me, inquiring minds want to know.

Sig: What Happened To The Censorware Project (censorware.org) [sethf.com]

Convincing the unwashed masses

[phiz187]

Invariably the first argument encountered when I go on a tirade about the choking off of our civil liberties, someone responds to the wiretap question with: "So what,? I don't do anything wrong." In my mind I know they are completely missing the point, but I have yet to come up with a quick, pithy, persuasive argument to open up their mind. What are the dangers of widespread monitoring that the average american (that hasn't read 1984)can grasp?

USA vs Usama Bin Laden, Part II

[Introspective]

I've been an avid cryptome reader for some time, even to the extent that I followed most of the USA-vs-UBL trial transcripts - that was a great effort on your behalf.

My question is - do you think that you will be in a position to publish the transcripts for the trial of the Sept.11 events ?

Assuming, of course, that at least some of the perpetrators are brought to trial and that this will probably be well into the future.

The "security" of the State vs. the individual

[Anonymous Coward]

John,

Let me begin by thanking you for your unflinching adherence to the principals of disclosure and freedom of information. I am a great fan of your continuing work. My question follows:

You have in the past, and continue to, post "dangerous" information like names of former intelligence agents, details of government cover-ups, radically contrarian opinions, and open calls for subversive action.

A good example of this is Cryptome's continuing threads on the structural failure of the WTC and potential vulnerabilities of other landmarks. Some would claim that this kind of conversation should take place in closed-door meetings - that open discussion like this could only benefit evil and your support of such discussion is irresponsible.

What are the principals and moral guidelines you use when publishing Cryptome? Are there any lines you would not cross? What are the implications of shifting public opinion (70% favor a national ID card) and mounting US totalitarianism to Cryptome?

Re:What countries are still free?

[t_allardyce]

The UN Freedom Index:

"This is a devastating statistic for those who believe that America's greater commitment to individualism translates into greater individual freedom. In reality, the social democracies of Northern Europe are the freest societies in the world."

Places America pretty low on the freedom scale
(google: UN freedom index)

Also, a very interesting node on e2:
http://www.everything2.com/index.pl?node_id=3855 79 &lastnode_id=124
were Sweden came out top and America didn't even make number 10 lol :)

Looks like your too late, you better hope someone anthraxes Bush before he does any more damage

Transition from Architecture to Technology

[Dynedain]

As an architecture student who is also a geek - I'm curious as to how you made the transition to the technology sector. What prompted you to make the change and how did you do it? Was there anyone instrumental in providing you an opportunity? Do you still try to make a connection back to your architecture roots?

Backups?

[rsimmons]

Also, during your talk at USENIX Security '01 you talked about different ways that you are keeping backups of your data. Including having other sites ready to host the data at a moment's notice, and sending out backups of the site to whoever wants copies. You had also mentioned work on a distributed storage system that would be more resistant to having one node shut off. Have you made any progress with this?

freenet and/or freeweb mirror?

[Anonymous Coward]

Dear Mr. Young;

I've been a long time fan of your site, and I hope it never gets shut down and/or censored. There's not much you can do if you get shut down, but have you considered using freenet and/or freeweb to mirror your content? Once content is on those systems, it won't come down until nobody wants it.

If not, why not? Are there any changes in those systems that would make you reconsider?

Thanks for talking to /.!

Information and protests.

[Irvu]

In recent years we have seen a raft of laws that, under one guise or another, act to limit speech and dissemination of information. Your own experience with DeCSS is a prime example. Since September 11 there has been a renewed push in Governmental circles not only to restrict information by refusing to comply with FOIA requests [aclu.org] but to demand information by increasing surveillance [aclu.org].

As someone who has dealt with this and won, how do you see it progressing? Do you think that this will pass and these laws will be overturned? Or do you see this as only the beginning?

Trends in legislation

[AntiNorm]

With recent legal pushes such as the DMCA and proposed SSSCA, what do you see in the future of our legal system? Do you see more pro-corporate laws being passed or do you see potential for a change in the government's traditional bend towards protecting corporate interests? It seems that you are in a position that would grant more insight into this than most of us would have.

Re:Encryption

[Zeinfeld]

it's been shown that the NP-complete problems all reduce to each other.

Err no, not even close. While there is a large class of NP complete problems which can be transformed into each other in polynomial time this is not the case for all NP complete problems.

Futhermore a compromise of a security algorithm is a much weaker condition than solving an NP complete problem for the general case. There are many NP complete problems that have subsets that can be solved in polynomial time. The superincreasing knapsack problem for example.

An attack that compromised only 5% of RSA keys would be very serious - a factoring algorithm that depended on smooth numbers or the like but it would not be a solution for all NP complete problems.

In fact the DSA algorithm can be shown to be slightly more secure than RSA in that it only depends on the discrete log problem for security while RSA depends on discrete log and factoring. This is not a particularly big problem however since most atacks on factoring also tend to be convertable to discrete log.

Mirror policy question

[leto]

Mr Young,

I appreciate your site a lot (not only because you have posted some of my own material on it :)

Your site hosts obvious controversial papers. Yet you clearly don't want to have your site mirrored. You state so on your website and your robots.txt disallows it. Why don't you want the information on cryptome and jya to be mirrored? I noticed you changed this policy briefly after the sep 11 attacks,and ofcourse immediately grabbed a copy.

But I'd still like to have a synchronised copy. Not even to publish now, but just to have in case cryptome disappears for whatever reasons.

Paul Wouters