Greplaw Interviews Phil Zimmermann 111
LawGeek writes "The venerable GrepLaw crew has struck again, this time with Editor Mikael Pawlo interviewing PGP author and all-around encryption expert Phil Zimmermann. Pawlo discussed a number of topics with Zimmerman, including the current state of encryption export laws, DRM, and activism against erosion of privacy both in the U.S. and internationally. The interview is here."
The interview is encrypted! (Score:1, Funny)
Re:The interview is encrypted! (Score:2, Funny)
Re:The interview is encrypted! (Score:2)
I'd describe how this is done, but the margins of this message aren't wide enough
Re:The interview is encrypted! (Score:5, Insightful)
It's even more fun to post the couple-line C program that does xor encryption with another file, and point out that not only is this an unbreakable encryption scheme, but you can also use it to show that any file is an encryption of any other. Thus, your message and mine are both encryptions of any handy pornographic image, and the little xor program will quickly produce the decryption key. This tosses a really fun monkey wrench into any scheme to outlaw pronography in any digital medium.
There's a lot of absurdity flying about here
fingerprint scanners in police cars (Score:3, Insightful)
Re:fingerprint scanners in police cars (Score:2, Insightful)
Re:fingerprint scanners in police cars (Score:3, Interesting)
Re:fingerprint scanners in police cars (Score:5, Insightful)
Re:fingerprint scanners in police cars (Score:2)
Re:fingerprint scanners in police cars (Score:1, Troll)
Please elaborate.
Re:fingerprint scanners in police cars (Score:1)
Re:fingerprint scanners in police cars (Score:1)
Re:fingerprint scanners in police cars (Score:1)
Re:fingerprint scanners in police cars (Score:1, Redundant)
The funny thing is, compasses fail. Not often of course, but satellites are pretty reliable as well, so it probably won't be long before satellites ARE more reliable than compasses.
Re:fingerprint scanners in police cars (Score:5, Insightful)
______________________________
The Spiders are coming [e-sheep.com]
Re:fingerprint scanners in police cars (Score:1, Funny)
In other news... (Score:5, Funny)
Re:fingerprint scanners in police cars (Score:5, Insightful)
You leave your photograph in every store you go to, every public washroom you enter, every highway you drive on.
You're captured on film at least a dozen times a day. At least I am (and other people who go outside).
It's a lot less work to have a computer scan the tapes for the same face than to send crews to dust for fingerprints over the entire planet multiple times daily.
Noone cares where you go to take a dump.
Re:fingerprint scanners in police cars (Score:1)
Re:fingerprint scanners in police cars (Score:2)
aha!
Agoraphobics: 1 General population: 0
Take that!
Re:fingerprint scanners in police cars (Score:2, Funny)
Otherwise, we'll track you down via DNA testing!
Re:fingerprint scanners in police cars (Score:5, Interesting)
[off-topic]
I was just discussing the issue of this Muslim woman today. As a Muslim I think this woman is doing something kind of dumb. There is nothing in the Quran about covering a women's face. During prayers, in fact, her face must not be covered. So I haven't a clue where they get the idea that they need to wear a veil over their face. And this is specifically for a piece of identification. How the hell are you supposed to identify someone that's covering their face? In fact I've heard suggestions that maybe bin Laden escaped the US in Afghanistan by posing as a veiled woman. It's not beyond comprehension.
But if this woman refuses to be identified, then perhaps she should not be allowed the responsibility of driving. It makes it possible for her to abuse the system and others to abuse her. She could claim some other person wearing a veil caused an accident that she caused, or it's possible someone wears a veil and does something specifically to incriminate her. It's a very unnecessary complication.
[/off-topic] That being said, fingerprints are a bad idea. As another poster mentioned, you leave fingerprints everywhere. And just having them on file and being in the wrong place can make you suspect in something which you have no idea about. It gives far more opportunity for abuse by authorities, and it's naive to think they won't be more abusive the more opportunity you give them.
Veils and Driver's Licences. (Score:4, Interesting)
There is no right to drive in the US. It is a privilege imparted to citizens of the various states by the state's government. As such, the state may regulate conduct and licencing with regard to driving.
Too bad, so sad. No veils if the state says "no." The Supreme Court has held on numereous occassions that states have the right to protect their citizens. Where religous freedom contradicts state edicts, the SC looks to see if the edict is a right or a priviledge. Where it is only a priviledge, the state always wins.
Driving is a privilege. Enjoy it.
Re:Veils and Driver's Licences. (Score:2)
Re:Veils and Driver's Licences. (Score:2)
Oh boy. Here we go with that "it's not a right, it's a priviledge" crap. Nonsense. Prove to me it's not a right.
Any government has the right to restrict usage of its property. For example, you have no right to walk into the Whitehouse and run off with all the President's pens. You have no right to drive a car through the lobby of City Hall.
A car is a large and heavy piece of metal and plastic that is prone to move very fast. It puts wear on any road it moves on, and it puts an
Re:fingerprint scanners in police cars (Score:2)
Silly story, isn't it?
Re:fingerprint scanners in police cars (Score:2)
Just being in the wrong place can make you a suspect, holmes.
Re:fingerprint scanners in police cars (Score:2)
Re:fingerprint scanners in police cars (Score:3, Interesting)
The problem with any kind of biometric ID is that it's only as secure as the database that it checks against. Security based solely on biometric ID is very brittle -- because it's allegedly so "strong", once broken (by hacking into the database, by using someone else's eyeball) you have massive and nearly undetectable breaches of security.
The best security systems are not brittle. And for driver's licenses, photo ID does provide appr
Re:fingerprint scanners in police cars (Score:5, Insightful)
Yes, but the potential for abuse is much higher. Walking down the street some nights, the police think you look suspicious. They don't have any reason to take you in, but they could fingerprint you and find out your entire history in an instant.
Also, that would mean the police would have MANY more fingerprints on file. It's really just one step away from police finger printing every person in the country.
What's wrong with it? Well, it's a matter of opinion. If you believe in police states, nothing is wrong with it at all. If you believe even slightly in privacy, there is much wrong with it...
Re:fingerprint scanners in police cars (Score:3, Interesting)
Re:fingerprint scanners in police cars (Score:1)
Executing all muslims "might have prevented the dispute in court" as well. Do you advocate that?
from the article (Score:5, Interesting)
I havenâ(TM)t written code in many years. I am active in policy space rather writing code, doing a lot of public speaking. There is a lot of need for activism now in the shadow of the Patriot Act.
Interesting. I would have thought that hammering out the bugs in the law would have been the oldest form of coding.
___________________________________
The Spiders are coming. [e-sheep.com]
Social Engineering (Score:1)
If you take a body of 100 Senators and the House with several hundred, most with no experience in law, writing laws every day, it makes for buggy code. Even when they mean well.
Think about if you had the in-house lawyers writing your programs. Think they'd run?
That's why you get laws about encryption that treats it as a munition. Minds that do not understand a subject crafting a law in a way that does not adequately deal wi
Re:Social Engineering (Score:1)
I think most of them have far too much experience in law. Virtually all the senators were layweres or went to law school. Sure, there are a couple millionaire investment bankers, or millionare heart surgeaons, but they're a minority.
The house of reps has a lo more diversity, but just as much (or more) of them are career politic
Greplaw: In the spirit of Aimee Deep . . . (Score:3, Funny)
OMG! That is like the COOLEST QUESTION ! Wow, I'm like totally into law and stuff, and like did you look at my boobies? No, they're not real! OMG, as if!
Zimmerman's contradictory opinions (Score:5, Insightful)
Re:Zimmerman's contradictory opinions (Score:5, Informative)
I do not think Mr Zimmermann is corporate-hostile in general, though, since he makes his living selling his knowledge to companies striving to protect their data.
Regards,
Mikael
Two different problems. (Score:5, Insightful)
DRM is something else altogether. DRM is intended to allow a sender to control what a recipient can do with information. In this case, Alice is trying to use encryption to mark information for Bob's eyes only (on Bob's Alice approved OS or Bob's Alice approved player) regardless of how Bob feels about it. This is absurd. If Bob can see it then Bob can copy it. DRM's only true effect is to create varying degrees of inconvienience for Bob.
Is not at all hypocritical to favor technological means for privacy while being opposed to technological means on control. Email encryption: Privacy. DRM: Control.
Re:Two different problems. (Score:5, Insightful)
Re:Two different problems. (Score:2)
Re:Zimmerman's contradictory opinions (Score:5, Interesting)
I think you're missing the point. The companies utilizing DRM are using it to prevent you from making full use of the content which you purchase. This is in contrast to you encrypting mail which is simply to keep spying eyes from peering into your private life.
However, I did have one concern about a wholesale use of encryption for personal affairs. Suppose I keep a personal journal and I use encryption; who's to say that I won't get run over by a truck, thereby effectively locking that information forever? Ideally I'd like to think that my grandchildren and so forth could learn and appreciate me as a person by reading it when I'm gone. You can't really write down the password as you don't want it falling into the wrong hands (i.e. government), but there's a terrible risk that it may never be readable in the future. Ditto for personal email, which can also be important to future generations.
Re:Zimmerman's contradictory opinions (Score:1)
Re:Zimmerman's contradictory opinions (Score:1)
Kid: Hey look, gramp's journal. Hmm... encrypted with PGP, let's see, it will take my 13Ghz Dragon about 1 day to crack it. Or I could recruit some of my buds and grid it up with them and crack it in an hour. OK, here we go, let's see what was so important that it had to be encrypted.
==========
*CRASH* (door shatters)
Cop: Homeland Security! Nobody move! You are under arrest under Patriot Act 5/DMCA 3. Come with u
Re:Zimmerman's contradictory opinions (Score:1)
Re:Zimmerman's contradictory opinions (Score:5, Insightful)
Encryption, the way PGP works, is a way to prevent third parties from getting at data you don't want them to.
DRM is a way to prevent the user from using data that was given to him in "unapproved" ways.
Once you get an e-mail and read it with PGP, you can do anything you want with it. You can copy-paste it into a Word document, you can forward it to a million-member Yahoo mailing list, anything you want. DRM is fundamentally different in that it's not for protecting against unauthorized use by third parties, but for protecting against unauthorized use by the person who supposedly owns the data (or a license).
Re:Zimmerman's contradictory opinions (Score:5, Informative)
Actually, PGP (the new-ish versions, anyways) has an option when encrypting to only allow the decrypted message to be displayed in PGP's 'Secure Viewer', which prevents you from copying or saving the information (and, optionally, displays it in a grey on slightly-lighter-grey color scheme to try to prevent Tempest attacks). It also has other properties, such as preventing the message from being written to swap/page files (and windows hibernation files).
Of course, you can still just re-type it yourself, but it is distinctly DRM-like in that it requires extra effort to defeat the security, while not really offering any more protection. Of course, the difference is that when receiving a PGP message, the recipient generally *wants* the data to remain secure, and in DRM's case the recipient generally doesn't.
Re:Zimmerman's contradictory opinions (Score:1)
Further, it's there to prevent access by a licensee that the licensee may be entitled to.
In Australia, for example, we have a limited set of rights in relation to Computer Software in the Copyright Act 1968 (Cth) [digitalerection.com]; preventing a licensee from exercising rights by encryption is, in effect, trying to subvert the operation of the law; as much as DRM companies would like to think so, they do not have a monopoly in determining how their products can/shall/will be used.
I read it somewhat differently (Score:2)
I think the objection is not that companies encrypt data as part of DRM, its that the law prohibits you from decrypting without authorization from the owner with DRM.
Protection, it seems, that is not available to individuals using encryption.
The single greatest moral of the story (Score:3, Interesting)
Look at Waco for instance. I'm not a fan of cults like the Branch Davidians, but the use of military-grade hardware like small tanks against a compound that is guarded by a bunch of yokels with at best automatic weapons is a great cause for concern. What most people don't know is that Waco was so badly screwed up that it had to be deliberate. It is not a conspiracy theory to say that the FBI and other agencies wanted to make an example out of them because they had something like 6 months to a year where David Koresh walked everday to wal-mart for supplies. I come from a federal law enforcement family and both my parents agree that in light of how many opportunities they had to NOT make an explosive situation it was literally criminal what the feds did. Same goes for Ruby Ridge.
The majority of police working in these areas don't care about your freedom or your privacy anymore. If they did they'd have given up on bullshit like the Clipper Chip and export regulations. We live in a society in which it is not feasible to keep our technology under wraps. It would be trivial for Al Qaeda to smuggle PGP out of our country; all they'd have to do is get someone inside our country, buy a single copy and send it from a public library to the Middle East.
We can only lose by listening to these security chicken littles because if we did everything we could to make our country secure, we'd resemble a slightly right-wing version of the Soviet Union. There would be no public internet access, no freedom of mobility, no right to keep and bear arms (which saves more lives than all cops in America combined), no right to security in your house and person, no freedom of association, and probably no property rights either. I won't live like that and I consider anyone who would to be worthy of death. They aren't human and because they reduce themselves so low they are a disgrace to our species. Not that I advocate murdering them, but rather I only laugh my ass off at them when they get hurt or killed. Good riddance, we need more people that won't change their lives to accomodate the terrorists, whether they're associates of Al Qaeda, have a General Services rank or call themselves Representative or Senator.
Government can't protect you preemptively, that is the indirect moral of this story. The police can pick up the pieces and get justice, but that's usually about it. Here's a novel thought, let's legalize assassinating terrorists. But this was never about terrorism and national (or is it fatherland) security, it was about big government justifying its Cold War level of control over the people. The worst parts of Communism aren't dead, they're festering in the White House and most of the law and order Republican types can't see that they've already lost. Bob Barr was kicked out because he had the audacity to call out Bush on issues like TIPS where he said, "this program smacks of the very fascist and communist governments that we have faught for so long."
So it's not healthy to be a true patriot and political traditionalist in America anymore. You call for a modern form of the government we started out with (in other words, nothing like slavery) and you're called idealistic, short-sighted and soft-headed. The irony of it is that the true hard-headed people have always advocated limited government and a simultaneously isolationist and Machiavellian foreign policy. We'd be a lot more secure if we minded our own business and made people pay handsomely in blood for every single violent transgression against us. For example we'd have fewer problems with Saudi-funded terrorists if after every such attack against us, the CIA sent its SOG commandos into Saudia Arabia and blew up a few civilian targets. You want respect in war and politics? Show that if you have to choose between doing the right thing and surviving that the former never gets in the way of the latter.
Re:The single greatest moral of the story (Score:3, Insightful)
That's a new one on me. Maybe you should check your facts -- looks to me like the U.S.A. has the highest murder rate out of any country in the world. Other countries that don't have gun control seem to be able to keep their citizens from dying some other way, I guess.
philzimmermanrocks (Score:3, Funny)
Version: PGP 8.0.2
qANQR1DDDQQJAwKQORxFJ2eXpGDSwC8BX+3gT6C1eWdjGZc
Fv09JDOd3KLv1TXDs/bPdGLh5NQjjn8LK
H9g30N+9CSAovfMziE6m4CY61Gt+JmYfd
5SHtv5A80W34/A0y8ML/g+dhI4Kpfh1vm
CbPtlL2BfHayS69CAMPB2713nY5BC1x0E
MemlfqeANC5g8VaboKZa09BYgawx2Q==
-----END PGP MESSAGE-----
WOW! (Score:1)
Re:WOW! (Score:1)
Re:philzimmermanrocks (Score:2)
***[6/8/2003 11:52:29 AM] Cipher: AES256
***[6/8/2003 11:52:29 AM] BEGI
Re:philzimmermanrocks (Score:1)
e-mail isn't secure (Score:2)
Even if a standard encryption system for e-mail was created it's highly likely the government would require it to have several back doors.
Terrorism and PGP (Score:4, Insightful)
I'm just saying that PGP has done nothing to facilitate terrorism. If terrorists really wanted encryption, they could have used it at any point, regardless of PGP's existence. And anyway, historically it seems that terrorists never really used electronic encryption for most of their planning.
Re:Terrorism and PGP (Score:4, Insightful)
If anything, PGP makes life more difficult for the terrorist, unless we're suggesting that it's a good idea that potential targets use plaintext email when whey're planning their journeys, emailing hotels, etc.
"Blah blah blah, did I mention the [famous person's name] is visiting next thursday, blah blah.
I don't need to encrypt this do I? The government says that encryption is a bad thing.
I'll just email the rental company and check our boss' car, then plan a route on Autoroute Express and email it to the chicago office. No need to worry about security, I'll email to let the guy meeting him know the license-place to look out for.
Encryption? What's that? The news says that only bad people use encryption. I'd best send all this information plain-text.
Re:Terrorism and PGP (Score:3, Interesting)
Need for telephone encryption (Score:4, Interesting)
It seems there is a real need both for strong, open-source cryptographic solutions for VoIp applications and some kind of open-source hardware for telephone communications. Open source because presumably the problem with current telephony encryption is that its closed source implementation has made it easy for the government to crack, as Schneier points out.
Since PZ once wrote an PGPfone for encrypted VoIP communications I'd really like to hear his opinion on this topic.
Fingerprints not absolutely reliable (Score:3, Insightful)
Boo! (Score:3, Interesting)
There is a place for products under different licenses. There is a place for products under the GNU GPL, also cryptographic products. However, GNU GPL is not enough for everyoneâ(TM)s needs. Some software needs to be sold for profit. Some software can not depend on hobby-programming conducted on weekends and other spare-time by programmers having other day-jobs. There is a place for that. But PGP needs more focused development than that.
I'd really like to know how he feels about the GnuPG project, in that case.
It also kind of bothers me that he seems to think that the GPL prevents you from selling your code.
Re:Really (Score:1, Funny)
You might want some pretty good privacy for that insertion!
Re:Better than Aimee Deep (Score:5, Informative)
Patrik Faltstrom on IESG, IETF etc [harvard.edu].
Don Marti on free software, patents and the Internet [harvard.edu].
Cyberlaw profiles: Jennifer Granick [harvard.edu].
We try to interview interesting people who one way or another affect and form Internet law and policy. Feel free to suggest people we should interview.
Regards,
Mikael
Re:Better than Aimee Deep (Score:3, Interesting)
Regards,
Mikael
Re:Better than Aimee Deep (Score:2)
For an anti- or more preciley restriced- freedom viewpoint an interview with Parry Aftab of WiredPatrol (nee Cyberangels) would be interesting. Just beware that you won't get a word in edgeways - plesant but rather assertive