Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Encryption Security Your Rights Online

New Crypto-OS 157

gormanly writes: "m-o-o-t is a new open-source cryptography project begun to defeat the R.I.P. Act here in the U.K. "and make it look silly". The project aims to ship a new BSD-based OS on a bootable CD, which will disable all local storage and store encrypted user files in remote "data havens," split and hidden in random data for deniability. The government can't even know a user's sending e-mail, much less store it for 7 years." It's a nice idea, but right now, that's all it is.
This discussion has been archived. No new comments can be posted.

New Crypto-OS

Comments Filter:
  • by Anonymous Coward
    You're just looking for an excuse to hate the government and big corporations. The Holocaust never happened, nor did the killing fields, El Salvador, Guatemala, Stalin, and Rwhanda. It's all propaganda. You probably think also all authority figures act with machiavelian intent like some evil circus act where the clowns all wear happy cosmetic paint while picking your pockets clean.

    I'll take the telescreen and soma and live a happy smiley life, just like the song!

    Consent? Manufactured? Who? What? Where? When? Why? I'll take the Times, please.
  • by Anonymous Coward
    What you did`t understand is that encryption encryption is more about protecting yourself from hacker, pedophile, terrorist, ... Btw think about something, the gouvernement do use cryptography, do they have something to hide to us? if they do should we trust them? Do you really think you could prevent criminal to use cryptography? personally i don`t think we could. Do you think we could prevent honest people to use cryptography? yea i think it could be possible by making it illegal. So by those kind of protection you are helping criminal. btw thing about it... what do you want to be acused for: illegal use of cryptography, or a murder? personally i would prefer to be acused for illegal use of cryptography, that why ppl that want to keep stuff secret will continue to use cryptography even if it`s illegal.
  • by Anonymous Coward
    As many of you should know, if they archive traffic for 7 years, then this includes EVERYONE not just UK residents. Let's say your email is sent to someone and it goes through a UK server as one of the bounce points. Now your email is stored just as if you were in the UK.

    They cannot demand your key outside of the UK, but they CAN brute force your encrypted files since they are storing them for 7 years.

    I say we need more encrypted LOCALHOST file systems so that you always have it with you encrypted and hopefully not on some other archived server.

    Do yourself a favor:

    TCFS -- transparent crypto file system)
    (included since OpenBSD 2.8)
    encrypted swap
    (included since OpenBSD 2.6)
    IPsec IPv4 and IPv6 support for VPNs
    (included in OpenBSD since 2.0)
    OpenSSH
    (included in OpenBSD since 2.6)
    and strong encryption (GNU privacy guard)
    (not part of default install, in ports)

    and encrypt ~~EVERYTHING~~.
  • The origin of the quote in question lies with Ben Franklin. Establishing correctness, on the other hand, is a more difficult thing than origin.

    I may be able to win an OS debate, but I don't know how to convince a man to value his freedoms. Similarly, I find it most unlikely that someone would convince me to willingly give up mine.

    In any event, there was never any claim that his opinions were based on the quote, merely that it's nice and catchy and *does* help convince people (particularly if the subjects are Americans and Franklin's name is mentioned -- for whatever reason US citizens seem to have a particular fondness for "the Founding Fathers").

    I'll agree that failing to attribute the quote leaves its use rather weak, though.
  • That's like saying that you should ban cars because bank robbers use them to escape persecution.

    I think it's a fair principle that government should only invade an individual's privacy in the event that they have reason to believe it will yield proof of a crime. It does not make sense for the government to invade 100% of the population's privacy in order to prevent crimes committed by less than 0.1% of the population.

    One way to prevent crime would be to have the government keep everyone's money and to have all transactions of said money be cleared by some agency (of course, this assumes somehow this agency is immune to corruption). This would actually eliminate a wide variety of crimes. Of course, you won't see a lot of people arguing for that!
  • Quite how will it do that? If I'm a money-laundering, drug selling terrorist child-pornographer I'm not going to hand my keys over to the police, am I? I'll go to jail briefly for failing to hand over the keys, instead of doing 25 years for my real crimes.

    • How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
    This is a fairly good example of Argumentum ad hominem [infidels.org] and is just one of a range of fallacies that you'll see brought up whenever there is an emotive issue being discussed.
    Counters to this sort of thing should be structured with agreememt points aloing the way. I'd hearlty recomment reading the entirity of the Infidels.org [infidels.org] web site if you want to know more about logic, fallacies and structured debating.
    With regard to that specific point (Privacy vs "The Children") my best bet would be relying on proven fact only. Ask the arguer to produce evidence that privacy through encryption has compromised the successful capture of something that threatend "The Children". While there is a load of anecdotal evidence and people will say "It's _Obvious_!", but may falter when asked to produce real evidence.
  • The issue is one of privacy.


    If you're accused by someone of supporting terrorism, child porn or piracy simple because you're opposed to the RIP, pose this question: how would you feel if the police had the power to tap your phone or open your paper mail without a warrant? Does it then seem so reasonable to give the police powers to arbitrarily intercept any communication? This is not something the "free" western world has historically stood for.


    But this is effectively what the RIP does to electronic communication. By refusing to surrender your keys (and thus your privacy), you face a jail sentence, and if you attempt to talk to anyone about it, including your lawyer, you face a longer jail sentence.


    Is this worth it to stop the activities of criminals? Or is it just going to drive legitimate business activity elsewhere while not really affecting criminal activity in any way?


    www.stand.org.uk [stand.org.uk]

  • <a href="http://www.havenco.com/">here</a>, for us lazy people :) considering I just got this URL cause I was too busy reading about how people forge Sealand passports :)

  • Perhaps, even if I wouldn't care about the security of my mailbox concerning private email, there are other needs and concerns..

    Like, what if I have signed an NDA with a multinational corporation and agreed that all conversation where said corporation and I are both parties regarding subjects covered by the NDA are confidential and if in electronic form, must be encrypted with algorithms and keylengths agreed upon to provide required security.

    What does the government do? I can't give the key without breaking the NDA, so I must ask the government that if I am to give the key, it will be done in presence of said corporation and that the officials who will have the key will probably have to sign NDAs with said corporation to cover corporate security and trade secrets which would otherwise be compromised by giving the key to a third party.

    Lawsuits, anywhere?
  • Look,
    It seems pretty unlikely to me the an innocent person would ever need this. Beyond a reasonable limit, crypto only becomes useful to criminals and child pornographers. An encrypted hard disk is sufficient to protect buisness secrets from your competitors. It'll even protect you from really nosy marketers ;)
    If you need encryption that'll keep you safe from the government, you're probably doing something illegal.
    The laws in this country are just, and created by the public will. Anti government paranoia is downright unamerican.
    --Shoeboy
  • .... is to riot. You already forgotten the poll tax? Man, the crypto laws have been a little funky here in the U.S., but at least I don't have to contend with big brother any more, and I accomplish that to a large extent with crypto. My wife and I both have yahoo mail accounts, and I send more from mine. Yet who gets the most spam? It ain't me, 'cos you can bet your ass they can't read my email with a bot.
  • The law, as far as I can see it, states that you have to give them your passwords, or your guilty (well that's the short of it)... So what's the bloody point?


    --Gfunk
  • Public key cryptography requires only a reliable communication channel and not a secret one. All the Crypto-OS people need to do is publicize their public key. When a user wants to set up a secure session, he generates a symmetric key and encrypts it with C-OS's public key. C-OS proceeds to decipher it and start a symmetric encrypted communication session.

    Since the user has an account he would also want to authenticate himself by using his own private key; C-OS is in receipt of the user's public key.
  • The most dangerous child molesters are those who obtain positions of authority over vulnerable children. How better to indulge your vile desires than as a member of staff at a childrens home, or as a corrupt policeman with access to personal information that may identify target children through the mechanisms put in place to support RIP? As a corrupt policeman there should be no great problem avoiding the legal safeguards, and the worried parent will be in trouble under RIP if they try to complain that you are accessing data about their children.

    The danger of RIP is that it assumes that there are no corrupt police, nor even careless police. RIP creates a compelling reason for criminals to infiltrate any organisation that handles the data, and experience shows that criminals can and will find a way.

  • If you need encryption that'll keep you safe from the government, you're probably doing something illegal.

    Or - maybe the government is doing something illegal. Or maybe a corporation.

  • RIPAPart3 is the new law here in the UK that gives the Government the right to demand the plaintext and/or keys of "information protected by encryption".

    If you're still going to get arrested for not giving them the plaintext it's not that much fun.

  • If you need encryption that'll keep you safe from the government, you're probably doing something illegal.



    Why is it that this argument persists in societies that value free speach? There are some things that are illeagal and still not wrong.



    Besides the 4th Amendment protects me from incriminating myself. One might argue that this extends to the files I have stored away. My private diary, the one I store on my computer, should be kept away from the government at all costs. And courts in the USA would probably support this idea, but in the UK there is no Bill of Rights (constitutionally at least) to protect its citizens from the government.



    This new OS is designed for them. For people in a place where there is a law that punishes people for not (possibly) incriminating themselves by handing over encryption keys under court order.


    This OS certainly won't help those who are sending out incriminating emails to their friends, but it will keep the prying eyes of the government out of their private computer files.



    (BTW, is using 'incriminating' four times in one short post too many?)


  • From my understanding of the proposed monitoring system in Britain, all electronic communications travelling across the Internet will be archived. I don't think the intention was for the government to read messages sent to my girlfriend. The goal of this project is to help prevent terrorism and provide evidence needed to convict hackers/criminals.
    Given that ~10% of police officers at any one time are corrupt do you really want them to have access to an archive of you Net banking, CC details used for e-commerce transactions, etc? Imagibe whats going to happen if some corrupt officer collects 10,000 CC numbers and maxes them out at say £1000 ($1500) a time, thats a nice little earner, and who is going to come after them? You thing gov.uk wants to admit they made a law that allowed such a massive crime to happen? The worst case scenario is that they snarfed a large number of stockmarket trading account logins, sold all the stocks, and transfered the money, possibly causing a market crash, now would you trust them?
  • sure there is 100% encryption. the disadvantage is 0% decryption.

    //rdj
  • It's pretty scary that projects like this are even necessary.

    Good luck to all that join in on the project, but remember, "Big Brother is watching you".
  • by shomon2 ( 71232 )
    Naah. Look: they want cash for it, making money off the RIP act! Despicable!

    How much will m-o-o-t cost? We want it to be free, we don't yet know if it will be, it will be shareware price at most and a paid user (if there are any) can burn a CD for his friends to communicate with him. Apart from our time we have put in money and would like to get it back. Also the havens have to be paid for somehow

    Much better to just encrypt your mail with the spam mimic(tm) [spammimic.com]! ...and you never know if your recipient will also buy some printer toner or start working from home for you, to earn $$$ in 3 weeks.

    But seriously: it's good to see a quick response to this, but a single point of weakness lying in a central owner of a haven leads me to seek additional resources.
  • Unfortunately, what some governments believe to be "wrong" are not necessarily what I believe to be "wrong".

    Orwellian acquiesence to behavior accountability every second of every day is hardly necessary nor advisable. Privacy means exactly that, privacy, including privacy from intrusion by the government.

    Even if you are doing nothing "wrong" by "their" standars, will you be able to edit/review this archive of information about you to determine its accuracy and authenticity? Who will have access to this information as a normal responsibility of employment? What if something you do today is not "wrong", but in the future it is, will this be held against you, if only to defame you?

    No, I don't find the upside to this at all. This must be stopped, interferred with, circumvented and/or delayed as much as is possible.

    Perhaps we need to create a sight that documents all the abuses of this power that have occurred over time and link to it frequently.

    The point is simple, does archiving of your elove letters have any value other than to possible embarass you in the future? "Gee, Honey Dumpling, I can't wait to tie you to that tree again and pound you from behind." There is real value in having the government archive meaningless diatribe!!!

    I am in total disagreement with you about this laissev faire response to keeping a record of all my online behaviors and communiques. As intelligent as you appear to be, your naivete frightens and abhors me.

    What do you need to know to change your mind? Respectfully, /bigweenie There is no primeval forest, not even one tree, in the State of Georgia (my home). Are we to violate this planet completely, is that our destiny? I hope not.

  • Read the Sealand website. Sealand is located in international waters.

    No, even their own web site puts it within the 12 mile limit. But Sealand don't recognise that so it doesn't count. Duh!

    You are deliberately trying to mislead. Sealand recognises Britain's territorial waters. Sealand was located in international waters before it was settled, and thereafter has been located in Sealand's territorial waters. Parts of the Republic of Ireland are within 12 miles of the UK's coastline, but that does not make them part of the UK. (If they were, the UK could extend down the coastline of Ireland 12 miles per day, until it had assimilated every spot within 12 miles of the coast. And Sealand could do the same to Great Britain.)

    Sealand has either been a sovereign nation since its declaration of independence (as the lawyers think), or it never has. The retrospective extension of both countries' maritime claims has not altered the situation.

  • >The undoubtable fact is that the RIP act will reduce the exploitation of children, fraud, pornography, and more general crimes.

    I doubt it very much. It will help convict a few criminals, but it will open vast opportunities for others, especially when combined with the vast data-logging operations now proposed.

    The reason child sex abuse has so often gone undetected for years is not because the only evidence of it was encrypted logs. The evidence was right there in the victims' memories, but the abusers were in positions of power, often connected to schools or social services, and they exploited this power to blackmail their victims. Blackmail becomes much easier when your contacts can intercept the victim's communications. If you don't find anything damning, you can easily forge something now you have the private key.

    One of the main uses of cryptography is to prevent fraud. Now tens of thousands of officials can demand the keys your bank uses to keep your money safe (well, formerly safe). Do you think all of those people, and everyone working in or visiting their offices will be honest? And there's no law saying they must shred their printouts.

    I don't see how the RIP Act will reduce the amount of pornography, nor why that would be a good thing. If you want to get rid of pronography, ban top-shelf magazines, and employ more police officers to tackle the rise in rape, indecent assault, etc.

    Organised crime will be the biggest beneficiary. Gangsters have always maintained their impunity through blackmail - like spymasters, they know almost everyone has a guilty secret, and if not you can manufacture one. Soon they will be able to incriminate even the trickiest targets. That tax inspector will be only too willing to give you a judge's private key if you keep quiet about his sex life.
  • Well, you can ask them. But if they were genuinely investigating a crime they probably wouldn't be asking for trade secrets. Either they suspect you of concealing evidence of fraud or this is yet another of the countless acts of industrial espionage perpetrated by intelligence agencies the world over. (About 0.5 probability of each, I'd guess, and if they are spies, don't expect them to tell you that.) Either way, it is an offence to 'tip off' the company under investigation.

    This scenario was discussed before the law was passed. If you choose to hand over the key instead of going to jail, you will still be guilty of breaking the NDA. If this is a criminal investigation, there is a good chance of your perfidy being revealed in any ensuing trial. If this is a secret service operation, you can be confident they won't tell the victim ... as long as you do everything they tell you from now on, even if it's not strictly legal.
  • >They cannot demand your key outside of the UK, but they CAN brute force your encrypted files since they are storing them for 7 years.

    If a G7 government with a particularly large intelligence budget can brute-force your encrypted files in 7 years, your cryptography is weak. Too weak, if you intend your data to remain secret for 7 years.
  • Anti goverment paranoia is downright unamerican?

    Absolutely right! Why I'd wonder if maybe all those encryptors are actually pinko commie traitors.

    We'd better scan their mail and hard disks. We need to find out how many other communists they know.
    Hey wait a minute....

  • > People do not realise what is possible. The
    > increase in processing power grows daily. As
    > are storage costs coming down. This will be the
    > same as having somebody watching everything
    > you do.

    Comments like this are missing an important point: the big, bad, ugly government is simply not competent enough to do this. Personally, I'd be happy if I didn't have to fill in a tax return to give the government information that they could just as easily collect automatically.

    Yeah, I think encryption is a good idea, because it allows me to enforce ownership over data. I don't care about spooks watching me, because I really don't think I'm that interesting.

    Finally, I agree that RIP is bad, because it is WRONG. That doesn't mean that I think that our govenment is going to turn Evil overnight.
    -- Andrem
  • Read the Sealand website. Sealand is located in international waters.

    No, even their own web site puts it within the 12 mile limit. But Sealand don't recognise that so it doesn't count. Duh!

    Suppose for one moment you suspend all your sense of disbelief and suppose that Sealand is a sovereign state. It has no democracy, no independent judiciary...

    The government does pass some daft legislation from time to time. That's the price of being in a democracy.

  • You are deliberately trying to mislead...Sealand was located in international waters before it was settled, and thereafter has been located in Sealand's territorial waters That's what I said. Sealand's claim to be in international waters is bogus. It either is a soverign state and has it's own territorial waters, or it's within Britain's territorial waters.
  • Tell them that a wise man once said that a man who sacrifices his liberty for security deserves to have neither.
    And when they ask you what makes him wise, and why this implies he is necessarily correct, what do you answer? Attributing your opinions to an anonymous wise man is just a tad pat.
  • Hasn't the idea of "data havens" been discussed to death? It seems odd that we should debating this particular incarnation of the idea, now. The problems with data havens are manifold.

    • Your data is only secure when you know where it is and who has it.
    • If there's no local storage, where's the key to decrypt the data?
    • If it's static, doesn't that give outside parties long periods of time to try your key?
    • If it's dynamic, how do you change the key? How do you upgrade the encryption itself?
    • Remote servers doesn't mean remote routes.

    There are fundamental problems with trust in these schemes. These problems grow exponentially when there's issues with key storage. There's even more concerns about routes and bandwidth. There are probably resolutions to these problems, but does M-o-o-t address them? Can it?

    Maybe the biggest problem facing m-o-o-t aren't technical or trust-based at all. Maybe it's a simple question of feasibility. Can you build a data haven infrastructure without a clear way to ensure you're not compromising the people running the havens for you?

  • "Even if something *is* illegal, that doesn't make it wrong"
    That's what we have a court system for.
    No, the court system decides whether a person is guilty or not. The government decides which laws should and should not exist. What really iritates me is when people protest outside a court when someone is convicted fairly under a law they disagree with. They should be protesting to the government.

    I don't like the idea of a jury of 12 people deciding that a law is unjust and not inforcing it when a democratically elected government passed the law.

  • British Government: does not know that you're encrypting or even sending data
    you: happily keep doing what you were doing unless you give them a real reason to suspect you.

    You might want to look up the meaning of "deniability".

  • And again wrong...
  • In Germany once, the public will was to cook up Jews in ovens.

    Correction: the public will was to arrest those evil jewish-communist-capitalist conspirators who were plotting to destroy the German people, and send them somewhere where they wouldn't do any damage. Few cared about where that was and what happened to them there.

    Privacy tools like this are only a last line of defense. Real freedom is impossible unless people are educated enough to resist propaganda like the above. Unfortunately, this can't be achieved through any amount of coding.

  • Please. Anti-government paranoia is what made this country... shit, look at the Constitution.

    Umm... The story is about the UK not the USA. Sorry, you were probably just spamming...

  • Hi All,

    In the mad rush to help bologna farmers and debunk crypto laws, everyone has missed the most salient point here:

    How the hell is this thing going to connect to the multitude of modem and network boards? And once that is figured out, how will you connect to your ISP? Are you going to remember all of the IP addresses?

    Beyond that, technically, the damned thing is simply not feasible. Ever hear of TEMPEST? Better check it out if you haven't. Most monitors can be "viewed" from a couple hundred feet away using equipment designed especially for that purpose. And let's not forget about the signals spit out by that keyboard...

    Things just keep getting muckier and muckier, people. The key here is not to workaround the laws, but to change the bloody government. You'll be dealing with this until you've thrown down the self-serving, cotton-brained dolts that are controlling things.

    Sheesh. Come, people. Wake up. Politicians have one goal: To stay in control. To do that, they rely on your acceptance and the mindless fools who clamor for someone to control their lives (John and Jane Q. Idoit).

    I apologize if this sounds inflammatory or like a call for revolution -- Not. It's time for a change...

  • by Anonymous Coward
    We have the same in America, a government agency called CPS (Child Protective Services).
    CPS does have abusive powers, and stomps on everyones constitutional rights..

    CPS: Why would you object to CPS, we are here to protect the children... You must Have something to hide! We are taking your children, please file some paperwork to see them.
    (Does this sound like the RIP Act? You are automatically guilty...)

    You want secure email? You must be a terrorist..
    You want mp3s? You must be a pirate...
    You spank your kids? Your a child abuser...
    You are pro-choice? Your a baby killer...

    Welcome to the Nanny State, let the government spoon feed you..

  • and yes, I am stupid ;-) Boy I feel dumb eheh
  • Also, I wanted to mention that one of the things that disturbs me so much about this RIP act, is that I communicate with many people in the UK both personally and professionally and I don't like that communication to come at the cost of my personal privacy, by having my own data logged into Big Brother's records.
    ---
    seumas.com
  • If you don't think classic works of fiction such as 1984 contain very real warnings about the real world we inhabit, you're a moron.

    If you think that just because there were good (or at least not bad) intentions behind a certain piece of legislation, that piece of legislation won't be abused at some point, you are also a moron.

    In other words, if you agree with the above post, you are a moron.

    Mr. Atrwoe, of course, is a troll, not a moron.
  • So what does one say to the people that decry "You oppose the RIP act, so therefore you support pornography/child abuse/whatever" ?

    They are using the accusation as a way to stop you arguing with them. It means they are not interested in a rational discussion. They are only interested in "being right" by killing off any opposition to their narrow point of view. "Mess with us, and you'll get branded a child molester".

    How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?

    Recently the UK news reported about a children's home run by child molesting 'social workers'. So we know things are 'complicated'. Given we know the world is a complicated place, do ordinary people sitting in their homes think that they will personally become more safe with less privacy? Stalkers can already find out where you live etc. -- do you want them knowing more, because they've got access to a cracked government monitoring system? Will you feel safer when some weirdo sends you a transcript of a personal email you sent to your girl/boyfriend, (thanks to the efficient recording of all communications)?

    People may say, "stop muddying the issue!", but that's my point: We're so used to thinking in simple either/or ways, that 'we', generally speaking, lack the ability to think in terms of systems of systems, compexities, side effects, combinations of effects, and possible and supposedly 'impossible' outcomes.

    But if you want a simple answer from me, it's: I blame the schools.*

    * It's where most programming takes place. I say fix the bugs in the source.

  • > In my experience, those of you who "really care about privacy" are the suicide bombers, hackers, and child pornographers of the world.

    You've really had experience with suicide bombers, hackers, and child pornographers? Wow, I've had a sheltered life then compared to you! I've only met hackers (that's hackers, not crackers, which is a whole different argument).

    It's not only important what's on the mind of those proposing legislation (although that is important), it's what the legislation says, and how it can be used.

    I can think of several cases where I personally value privacy that are entirely above board:
    - I'm involved in contract programming, and need to be able to share source code securely, and I don't trust any government agency to have access to it for whatever reason (what if it 'leaks'?).
    - I'm a political activist. While I've done nothing illegal in that regard, I would be very uncomfortable about having every move monitored by a government that is essentially hostile to much of what I support - it would stifle communication. The present government will not do anything to harm me, but if something were to happen here like Nazism or McCarthyism (anti-Greenism?), I'm not too keen on archives being used to declare me a menace to society,
    - I'm don't like any more than necesary of my personal information getting into the hands of the big corporates. They'd only use it to try and sell me things.

    Now, if all monitoring could be guaranteed to be used only for a narrow intended purpose, was completely secure, and the collection agency was completely trustworthy, my only objections would be philosophical. Unfortunately, very few or no organisations live up to this.

    Oh one last thing - it might be argued that that monitoring can be done anyway, without legislation. At least in that case, I do have some legal recourse (whatever that is worth). A while back, someone took the SIS to court for illegally breaking into his house.
  • Don't even say it.

    I already feel so dumb.

    (Always read the WHOLE blurb!)

    Kevin Fox
  • Crypto-OS can and would destroy and regenerate the sshd private key periodically, like every hour. This is SOP for ssh. The sshd private key is not retained on the client side and is never transmitted in the session.

    Spooks can analyze that wiretapped session until forever, even after seizing the user's machine, and there is no known way to extract the plaintext version of the session.
  • What you are discussing, in monitoring that A talks to B is called "traffic analysis", and encryption does nothing to get around this - HOWEVER, there ARE ways around traffic analysis. Some examples?

    1)Blind drops - Things like the anon news groups - Let's say that you want to send a message to Mary. Mary KNOWS to check the drop, say, every other day for a message with the subject:

    98hy45hj9ljh (which is changed every time inside the encrypted message)

    Mary downloads the message (and probably a BUNCH of others - EVERY message in the drop works ) Now all they have is that you posted a message out to the drop. It'd be really hard to figure out everyone who downloaded that message from every usenet server in the world.

    Another way to make traffic analysis harder is to post "Noise". You send out email to a random n% of you mailing list (and probably some to people who have NO idea who you are). Most of these emails don't contain anything but random noise Your contacts are doing the same. Now you want to send an email - You put your real email into the cue, and the next time that person comes up in the n%, you put your message in, instead of the mail. Now you could also force the message to be in the next batch, BUT if you do this often, you start to end up with a non random pattern that can be cracked

    Another way around this is a DC net - I wish someone would finally get one of these working
  • If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?

    Because banning some of these just isn't politically correct and banning most of the others would be virtually impossible.
  • There's the concept of the slippery slope. One step down justifies the second step; using something akin to induction, the Nth step justifies the N+1 step, etc.
    So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals.


    More to the point the initial violations probably don't actually do much to either protect children or stop criminals.
    But the easy political option is then to take away more rights rather than question the dogma that taking away rights helps...
  • That's like saying that you should ban cars because bank robbers use them to escape persecution.

    Or paper, telephones, post, shoes, etc, etc. Just about any device or methodology ever invented can be used for criminal purposes. The concept of a "crime" is in itself an abstract concept...

    I think it's a fair principle that government should only invade an individual's privacy in the event that they have reason to believe it will yield proof of a crime. It does not make sense for the government to invade 100% of the population's privacy in order to prevent crimes committed by less than 0.1% of the population.

    very few (if any) governments have the support of 99.9% of their subjects. The number of people unhappy with some aspect of a government is much greater than the number of criminals. However the people doing the monitoring are likely to be so paranoid they have difficulty telling the difference between a criminal and someone excercising the freedoms of a democratic society. e.g. someone who thinks the current laws about drugs are nonsensical being regared as a drug dealer...

    One way to prevent crime would be to have the government keep everyone's money and to have all transactions of said money be cleared by some agency (of course, this assumes somehow this agency is immune to corruption).

    If the agency were to involve humans then corruption is certain anyway.
  • In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b

    Why risk police with a real criminal gang when it's safer to arrest people on made up charges.

    Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.

    Also remember that they were never charged with high treason either.
  • How can logging all communications prevent terrorism unless those communications are processed for content?

    This isn't even about monitoring all communications. It's about monitoring some types of communication. A terrorist can quite easily use alternatives...
  • You missed it.

    No, actually, you did. No matter how much you hide the data, no matter how much you encrypt the data, no matter how much you shuffle data around, it still doesn't change three basic facts:

    • 1. The data has to get to your PC somehow for you to use, manipulate, or deal with it in any way.

      2. The data which comes to and goes from your PC has address headers on it.

      3. The cops don't have to cryptanalyze the packets, or even know what's in them--they just have to know that you're sending traffic they want to monitor.


    As soon as the cops start taking a specific interest in you and what you're doing, you need a hell of a lot more than crypto and obfuscation. It doesn't matter if they're using one-time pads in a cryptographically perfect fashion; this entire system is fundamentally busted.
  • "In Germany, the Nazis came for the Communists, and I didn't speak up because I wasn't a Communist. Then they came for the Jews, and I didn't speak up because I wasn't a Jew. Then they came for the trade unionists, and I didn't speak up because I wasn't a trade unionist. Then they came for the Catholics, and I didn't speak up because I was a Protestant. Then they came for me, and by that time there was no one left to speak for me."
    attributed to Martin Niemoller
  • Gov.uk can still take it over if they wanted, no one is going to make a fuss, just like when the US invaded Grenada, no one cares whether its actually legal or not, the best way I have found so far of defeating the RIP Act is Rubberhose, the website is here [rubberhose.org] and if you're too lazy to click the link heres the synopsis -

    Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.
  • by SLC ( 56776 )
    <a href="http://www.sealandgov.com/">Sealand</a ><p>
    <a href="http://www.havenco.com/">HavenCo</a&gt ;<p>

  • I have about 50 floppies with random stuff on them. According to their methodologies, my data is one step towards being secure.

    ...until one of those floppies dies. Then I will sorely miss that unknown data.
  • As long as the party in the UK is communicating in good faith, you can do the communication so that it cannot later be revealed to a third party even if the data was sniffed and the person in the UK reveals their keys.

    i.e. If the communication is encrypted and sniffed in the UK, and then the person you were communicating with gives up their keys, the text of the communications still can not be decrypted. Check out the Paranoia link in my sig.

    Mike.
  • I see a lot of people softly admitting that this is probably too much protection for any law abiding citizen, and only needed by criminals. Perhaps. I see that there are a few technical issues with the system, but there are political ones I would rather bear out now.

    There are plenty of people throughout history who were criminals, some of whom were spied on by their government, such as MLK. With current trends, there undoubtedly will be uses for encryption by activists in the future.

    Remember, a criminal is someone who breaks the law. Well, what is a good citizen to do when most of the laws are patently unconstitutional? Become a criminal, if they're really serious about democracy. Note that I'm not talking about Napster and other BS that Slashdot drones typically view as civil disobedience. There are much more important issues in the world, and it's important we take into account that there are people who fear for their lives because they act in accordance with beliefs which most of us share.

    The only way to keep government even remotely just is to confound it at every turn with encryption, red tape, and other confusion. It certainly won't happen in McCongress or the Supreme Court w/ Cheese.
  • RF "sniffing" is easily defeated.

    Move your laptop or other high-confidentiality computer into a "container" (form-fitting skin, box, closet, or even a small room) covered in copper mesh. The only cables passing through the mesh should be 8-gauge 12VDC power cables and fiber-optic ethernet. The only data entering or leaving on the ethernet is encrypted. No high-frequency RF data will enter or leave on 8-gauge DC power cables.

    Problem solved. Cost, about $250 if you buy the copper mesh and AC-DC conversion hardware new, or a fraction of that if you can find everything as surplus or scrap. The FOTs (Fiber Optic Transceiver) are the expensive part.

    Or about $25,000 if you are a US Federal agency :-)

  • The scarey part is though the uk can try to go back and say that sealand belongs to theim

    Read the Sealand [sealandgov.com] website. Sealand is located in international waters. England has already tried to take the land back since they occupied it during the second world war. The case went to the supreme court and England LOST. The country is free of English jurisdiction.

    -----
    "People who bite the hand that feeds them usually lick the boot that kicks them"
  • Here's what you reply:

    If you dropped a nuclear bomb in the middle of every large city in the UK, that would reduce pornography/child abuse/whatever too, wouldn't it? I'm guessing that now you think we should all do that...

    And see what the think of it. Then explain to them that the RIP act allows the UK government to jail those that it dislikes for totally arbitrary reasons. It lets law enforcement do the same... And you can't even tell anyone why you've been imprisoned without facing even stronger sentances.


    -RickHunter
  • It's unfortunately only logical. With modern technology, it becomes increasingly possible, almost simple for governments to monitor their citizens completely, every minute of their lives. The society described in 1984 is positively lax and free compared with what is possible (but too expensive to bother doing - yet) right now. It is only logical that the same technology would also be used to develop methods to counter this threat.
  • "And courts in the USA would probably support this idea, but in the UK there is no Bill of Rights (constitutionally at least) to protect its citizens from the government. "

    I`m not sure actually - we (in the U.K.) recently incorporated the European Human Rights Act into UK law, which protects you from having to incriminate yourself, so a test case regarding the handing over of keys would be interesting.

  • I think it's justified to not trust a government that is disarming the populace and simultaneously arming it's police officers with guns for the first time.

  • >Anti government paranoia is downright unamerican.

    Saying that, you must not BE an American, or perhaps you are a troll.

    Anti-government paranoia is one of the MOST American things. The US was founded by people who were pissed off at ol' King George, and afraid of the future he would create for the Colonies.

    The Founding Fathers even put some really, really radical stuff in the Constitution to protect us from the government -- this is the reason for the 2nd Amendment (that's the guns one, for you non-Americans).

    One of the FFs, I think it was Jefferson, said something like, "Government is like fire -- a wonderful servant but a fearful master." I have probably misquoted it, but the essence is there, and it is an incredibly insightful statement.

    We SHOULD keep an eye on the government. It is the nature of such institutions to aggregate power, to exert always more control -- and citizens need to be ever vigilant to keep that in check. When the citizens get lazy, or complacent, they start to lose freedoms for "the greater good."
  • It seems that there are one or two individuals who believe that "only criminals" would seek to protect their data.

    That may be true, but fortunately, the constitution arguably agrees that the government does not necessarily have that right. Aren't your personal files which you created and stored on your computer the product of your own mind? And since the fifth amendment allows you to refuse to testify against yourself why can't you refuse to divulge the contents of your disk by simply pleading the fifth. Even if the argument were that the computer is simply evidence and that a court order requires you to turn it over how can the court order you to turn over the key which you argue might be incriminating? I realize that this is all academic in Britain but in the U.S. I think you could simply refuse to divulge your key on this basis and it would make for a very interesting Supreme Court case. Also to anonymous coward who posted: "The laws in this country are just, and created by the public will. Anti government paranoia is downright unamerican." Does this include the RICO laws? Anti government paranoia is quintessentially American. In fact i'd say it nearly defines 'American' particulary when contrasted with European viewpoints. But for anti government paranoia we would have Europes socialist structure. No, this wouldn't be all bad, but we wouldn't be nearly as competetive as we are today. Hooray for anti government paranoia!

  • What some people have said so far looks really good. I'd like to add my own bit. (I haven't given this before so it coupd probably be worded better.)

    Let's say you trust the government, the police, the IRS and social services, etc etc. For sake of argument, let's say they're not corrupt in any way and will not misuse the information they hold about you in any way whatsoever.

    Given that you trust them and through some magic it's been proven that collected information won't be misused or abused, and it will stop the child molesters and terrorists and make the world safer and more prosperous for everyone.. why shouldn't they be allowed to do this?

    The simple answer in my mind is What About Tommorrow?

    The problem with any sort of legislation is that it's much easier to put in place than it is to remove. What is there to guarantee that 30 years from now, corrupt people won't get into social services and run their own child pornographer's ring, for example? What is there to guarantee that a corrupt police officer - who isn't even born yet - won't abuse her privilege of having access to information about everyone?

    Exactly what information can be collected and everything it might be used for is up to the imagination. The point is that once in place, legislation is very hard to tear down. It seems to me that the lawmakers are making it for today, assuming they know the system today, but without putting due consideration into what could potentially happen tommorrow.


    ===
  • Simple.

    Ever heard of Sealand? It's a defunct Anti-air base formerly of Britain's that's actually in International Waters.

    Apparently, some guy moved in a few years back, declared it a separate country and proceded to set up secure data stoarage as the country's biggest (and only) industry.

    Can I get a link to back me up on this? I don't have one handy

    Averye0

  • Why did the Members of Parliament make RIP Act LAW? They do not understand the consequences of it. To say they are ignorant is an understatement.

    They believe any rubbish that they are told by their 'advisors'. By questioning it they think they look stupid.

    By not doing so, it makes them look more dumb. They are imbeciles in the extreme.

    Perverts and terrorists will find a way around these measures. Direct connected encryption or even blinking sending child porn CDs over postal service.

    Only an idiot would believe the massive infrastructure that Government introduce is for monitoring these few thousand people. It can only be for spying on the masses. What about the law of presumed innocence?

    People do not realise what is possible. The increase in processing power grows daily. As are storage costs coming down. This will be the same as having somebody watching everything you do. All your finances available for them to check - heaven help you if you cannot account for every penny when they check on your taxes. All your personal emotions in private emails, your fears about health worries and your personal quirks in web-sites you visit. All your inner-most secrets will be open to them.

    With New Labours Newspeak (having to use the word 'investment' instead of 'spending') and this RIP Act - Big Brother has finally arrived.

    skilful.com [skilful.com]

  • Sorry, fishebulb(that sounds Jewish), but your analogy is quite flawed. I lock my doors at night because I like my stereo and would like to continue listening to it when I get home. I don't encrypt my e-mails because

    1) More than likely, no one other that the intended recipient would want to read my e-mail, and
    2)If they did, I have nothing to hide.

  • I value my privacy as much as the next guy, but this seems a bit extreme to me. Is it really worth all that effort just to make sure no one is reading your mail?

    From my understanding of the proposed monitoring system in Britain, all electronic communications travelling across the Internet will be archived. I don't think the intention was for the government to read messages sent to my girlfriend. The goal of this project is to help prevent terrorism and provide evidence needed to convict hackers/criminals.

    It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes

  • Thanks. I must have been thinking of Gefilte Fish [jhom.com].
  • I certainly do. They are quite helpful in

    1)Keeping multiple sheets of paper together, and
    2)Affixing stamps to.

  • My karma is capped. I need some incentive to post insightful comments again.
  • It's not the flexible kind though.
  • Do you actually know anything about CPS? My father has worked there for 25 years and I personally know that he only removes a child from a home if THEY ARE IN VERY SERIOUS DANGER. Spanking alone does not warrant a CPS intervention, but if you are hitting your kids with objects and leaving multiple, visible marks on their bodies, then you aren't the best person for your kids to be around. And, btw, you are not "automatically guilty" you do get a trial where if you did act violently toward your kids, you will be found guilty; if you aren't committing a crime, you will be found innocent.


    ====
    All things in life are subjective. At least that's what I think.

  • Not a foolproof one, by any means, but an answer none-the-less

    There's the concept of the slippery slope. One step down justifies the second step; using something akin to induction, the Nth step justifies the N+1 step, etc.

    So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals. Well, why not a little bit more to stop hate-groups? Then a little bit more to stop the insane. Then a little bit more to stop the disgruntled office worker with a gun. Then a little bit more for the kid who always gets beat up after school, and trying to find a gun. And a little bit more for the guy trying to find some booze and drugs for his party...

    To address your statement, privacy is worth more than very many things. There will always be situations in which privacy is discarded (police search and seizure, warrant to enter, wiretap, etc), but on general grounds, any rights we have, once we give up, cannot generally be taken back without a fight.

    The argument against RIP is essentially that of innate rights and protections. In the US, at least, any right not enumerated by the Constitution or Bill of Rights is automatically granted to the people, or something like that. In otherwords, a right need not be explicit for it to be afforded protection and observance.

    I mean, the police services and such, in our best interest, want to protect us. That I can understand. The govt, I'm not so sure I trust, but let's give them some leeway. They can feel free to fund technology to decrypt, decode, decipher, and hack away at the security systems... but to intentionally allow a flaw in the system? Then what's to stop the not so scrupulous peoples from taking advantage of this? What's to stop the criminals?

    Geek dating! [bunnyhop.com]
  • You're right, most people do prefer security to possibility, freedom, and excitement ^^

    I did make as a parting comment the fact that someone not so scrupulous, who had access to this data, becomes the most feared and dangerous person around.

    Geek dating! [bunnyhop.com]
  • Ok, I've visited on their site and this is my take. I wouldn't touch it with a barge pole - if it makes RIPA look silly then it may serve some purpose, but not as a viable secure platform. Their entire approach is flawed in any case, good security should be built into all platforms, you shouldn't have to consider changing for what ought to be such a basic facility.

    m-o-o-t is an open-design, open-source cryptography project begun to defeat RIPAPart3

    This is very naive. You do not 'defeat' laws in code any more than you make crypto impossible by legislation. The two systems are completely orthogonal.

    As we consider all present protocols insecure against the new attacks brought about by legislation

    The law is not an attack on any protocols, it is a response to using those protocols if anything. You should also see the Snake Oil Warning Signs FAQ [interhack.net] where it warns specifically against mud-slinging against existing or competing techniques.

    hidden stenographically

    I rather suspect that had this site had anything to do with established cryptographers whose opinions I trust (well, I can't find the m-o-o-t team members' names anywhere on the site ("We aren't exactly secret but some of us don't want to be identified") so I'll keep a very reserved judgement on their credentials), it would be spelled slightly better. I've no idea what methods of shorthand typewriting have to do with secure computing platforms... (They get it right on a different page, to be fair.)

    There will only be one choice for each type of algorithm ... We think that most programs offer too much choice in this and thus lose security as people don't know what is happening or how secure the algorithms being used are, often they don't know what they are and they may be using eg export grade cyphers

    This will potentially sabotage security, not improve it. Assuming they use strong, time-tested, public algorithms, it is still possible one could suffer a fundamental break tomorrow. Unlikely, but possible. Or next week, or next year. If back-up algorithms are used and implemented well, users should not even be aware of the back-up algorithms. One would also hope that no serious security implementer would suggest using 'export grade' ciphers, the fact that they believe this is possible is worrying.

    Plod - a cryptographer's term for the Police

    The usual Dramatis Personae are Alice, Bob, Mallory etc. I've not seen any serious paper referring to 'Plod' and suspect it's just randomly offensive on their part. Their appeal to authority ("cryptographer's term") is bogus.

    we will use the CD as a large look-up table to ensure authenticity of the CD and prevent fake CD's with backdoors etc.,

    Don't believe this - it won't work.

    we will not do updates due do the insecurity of distribution methods and to avoid incompatibilities

    *choke*. So they're going to get it right first time, with absolutely no implementation errors possibly leading to security compromises. I wish they'd publish a paper on that alone, because it beats anything anyone has come up with in 50 years of software engineering research. (Hmm. If you can't trust the update how can you possibly trust the original?)

    The system also relies on you trusting your PC, and also possibly the data havens to some extent. We've already seen a story this week about the FBI installing bugs within the keyboard itself - other parts of the system can be similarly sabotaged with almost no chance of detection by the user - this is probably what any clued up LEA would want to do if they knew strong encryption was being used. Remember, if the end-point hardware has been tampered with all bets are off, for any security system.

    There is so much more, I could go on all day. The possibility that they might want to make money from this (but are considering using a Free OS, which they might not want you to make copies of - no wonder they don't want to be identified) is mildly interesting. Frankly they could as well be part of a multinational government conspiracy, but rather than get excessively paranoid I think I'll just assume they're seriously misguided.

  • My favorite line of text on the m-o-o-t site is this little diddy on their code page

    We haven't written most of it yet!

    It looks like this whole freaking project is a work fo FICTION. m-o-o-t, as far as a project is still in the "wouldn't it be cool" stage. Chances are it will go no where. It's a HOAX, I can't believe this is even on /.. Does anyone actually read the links submitted?!?!?!?!?!?!

  • As much as the need for complete security and privacy demands it, This moot-thingy just ain't gonna happen. First of all, it relies on external data-havens to store information. While there are many technically feasible ways to make this happen, it's not going to unless someone in a neutral country or Sealand just *gives* you a hell of a lot of diskspace and bandwidth.

    Even if such data-havens exist, their service by definition will only be poor, sporadic, and prone to failure.

    "Where's that subversive novel/treatise/pr0n I was writing on my m-o-o-t acount?" Oh, I'm sorry. One of the datahavens that was storing a chunk of your novel was raided by the FBI. Your data was not recovered but it *was* destroyed.
  • The government of Great Britian has now announced that in addition to storing all digital traffic across the internet for seven years, it will begin begin storing copies of all regular postal mail and phone conversations that are currently distributed through their country. The increased public safety resulting from this program, which will no doubt aid in catching and prosecution of evil doers is welcomed by all upstanding members of society.
  • by Seumas ( 6865 ) on Thursday December 07, 2000 @06:35PM (#574149)
    Tell them that a wise man once said that a man who sacrifices his liberty for security deserves to have neither.

    If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?

    The answer? -- it's easier to take away another man's liberty than your own.
    ---
    seumas.com

  • by Oneflower ( 7827 ) on Thursday December 07, 2000 @10:28PM (#574150)
    It's easier to hide in a city than a village.

    Encrypt everything. And send more bogus messages than real ones (a 10:1 ratio seems right).

    The idea is to swamp the snoopers so that they cannot keep up. It should be easy: there are more of us than them.

    The biggest worry for liberty is that any law that requires one to give up a key that exists only in your head erodes the right to not self-incriminate and the right to silence. (Both rights are, I believe, much weaker in the UK than elsewhere.)
  • by KFury ( 19522 ) on Thursday December 07, 2000 @06:27PM (#574151) Homepage
    I read the title, "New Crypto-OS" and I thought Wow! An operating system centered on cryptographic principles. That's so cool and temporally relevant!

    It could support a PGP encrypted USB and digital video interface for disabling tempest and keystroke attacks. It could be built to only support SSL, SSH or other wise secure TCP/IP protocols, possibly some kind of ISP program through Anonymizer (or anyone [webveil.com], really).

    Just think, a system based on the principle that the only place cleartext exists is on the CPU (and other minute pathways between crypchips and rasterizers, logic elements, etc...

    But no, it's just another open source project for people to mess with... Sigh.

    Kevin Fox
  • by mpe ( 36238 ) on Friday December 08, 2000 @02:45AM (#574152)
    We have the same in America, a government agency called CPS (Child Protective Services). CPS does have abusive powers, and stomps on everyones constitutional rights..

    The interesting question is does it do this just because it can or to draw attention away from it's failures?
  • by CoughDropAddict ( 40792 ) on Thursday December 07, 2000 @05:59PM (#574153) Homepage
    I don't think the intention was for the government to read messages sent to my girlfriend.

    Neither was the intention of the German census for Hitler to be able to find all the Jews. Your comments are incredibly naive. If you've never heard all the arguments and reasons why, then I suggest you do some reading. EPIC [epic.org] and the book 1984 would be a good start. If, on the other hand, you've heard all the arguments and still have a bubbly-eyed adoration and faith in your government, then go be the first on the block to voluntarily install a telescreen in your bedroom, but leave us who really care about privacy alone.

    --
  • while I don't want people to be able to pry on my files if I don't want them too, I also don't want to need to be on a network 24/7 just so I can access my files.

    They say that they'll pay for data havens from a small purchase price. That's usually unworkable, since you need to keep on getting new buyers all the time, meaning more storage-> more cost->more buyers->more storage->ad infinitum.

    So, for a sustainable service you either need to pay a data haven(s) yourself, or pay a subscription fee to m-o-o-t.

    On top of that you'll need a pretty quick connection, since (if I understand correctly) all your user files will be on the network somewhere (data haven). Costs are gonna get pretty high, pretty quick.

  • by TwP ( 149780 ) on Thursday December 07, 2000 @05:55PM (#574155) Homepage
    Their web page states that they are going to disable all local storage devices -- floppy drives, hard drives, zip disks, etc. -- and store all your encrypted files in a data-haven.

    I really don't see how this is going to help them. The UK law says that the governemnt will monitor and store all internet traffic for seven years as well as be able to demand files / PGP keys from citizen's computers. This system still relies on the internet to transport your information to and from the data-haven. The boys at Scottland yard will still have access to your files as they travel though the ether.


    -----------------

  • by vergil ( 153818 ) <vergilb@g[ ]l.com ['mai' in gap]> on Thursday December 07, 2000 @05:51PM (#574156) Journal
    How does Moot compare to an implementation like Freenet? I'm not well-endowed w/ programming skills, but it seems to me that Freenet inherently sidesteps having to store files locally or in pre-designated "remote locations" by -- in Freenet, files are always in flux, and their precise location is impossible to pin down.
    Then again, Moot is (or will be) an OS.

    Sincerely,
    Vergil
    Vergil Bushnell

  • by darthpenguin ( 206566 ) on Thursday December 07, 2000 @05:37PM (#574157) Homepage
    just out of curiousity, where are these "remote data havens"? Your data can only be as secure as where it is stored.

    -MSD.dyndns.org [sjs.org]
  • by Paul Crowley ( 837 ) on Thursday December 07, 2000 @11:23PM (#574158) Homepage Journal
    FWIW this does not strike me as a well-conceived project. They plan to deliberately exclude a whole bunch of useful comms software (like PGP, web browsers) because they don't meet their rather artificial standards of security. They claim "all existing protocols are insecure", which is not the mark of someone with a clue. Oh, and they think they can charge for it - see the FAQ. I do not believe they will build a product that will be useful to anyone.

    (and the "pro" thing? I've been a pro for less than a month but I couldn't pass up the opportunity to crow about it on /.!)
    --
  • by divec ( 48748 ) on Friday December 08, 2000 @12:18AM (#574159) Homepage
    The undoubtable fact is that the RIP act will reduce the exploitation of children, fraud, pornography, and more general crimes.

    I don't think this is true. If I was trafficking child pr0n, I wouldn't think "ooh, I might have to give up my passwords one day, so I'll just send everything unencrypted now instead". Come to think of it, I wouldn't give my passwords away to the police if and when they raided me - better to get charged under RIP than to get caught trafficking child pr0n.


    So genuine criminals won't change their behaviour because of this new law. The only people likely to be affected are the innocent, or those who have committed minor offences (illegal music copying?).

  • by xtal ( 49134 ) on Thursday December 07, 2000 @06:20PM (#574160)

    I value my privacy as much as the next guy, but this seems a bit extreme to me. Is it really worth all that effort just to make sure no one is reading your mail?

    Like other posters suggested.. I think you need to read some books, and 1984 is a good start. You must be young, or incredibly naive.. I'm not an old geezer, but I understand power. My history teacher in high school way back when used to have a huge poster above the board. It said: "Power: It ain't for the givin', it's for the takin'". Those in power will do anything to further it. It's a theme that has been played out since the beginning of recorded history. Do you know what power is? It's the ability to control YOU, the lowly serf. That doesn't sit to good with me.

    It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes

    There's another very famous quote about police dictatorships not being built up overnight. Not everyone values information and free thought the way the average person here on /. or kuro5hin might. If the populace is trained to accept blatant violations of their personal freedom - for instance, random searches in schools, gradual introduction of monitoring cameras in common areas - then eventually you can get total control. And that prospect scares the living shit out of me. I'm not even an american, but the whole concept of the United States of America was to devise a system whereby the people could be guaranteed freedom from this - the founders of that nation were very wise - and look at what has happened under the guise of "protection" from terrorists, drug dealers, insert-evil-guy here.

    People need to wake up and start to take responsibility for their lives and their freedom. Maybe we need a major war every generation. Watching friends die bloody violent deaths might wake a few people up about the true costs of freedom and make them think twice when those freedoms are given up for "protection".

    Arrgh, this must have been a troll, but I'm cranky and half in the bag. Get GPG while you can.

  • by guran ( 98325 ) on Friday December 08, 2000 @01:41AM (#574161)
    I wouldn't go with the slippery slope argument. It is too easy to turn around:

    "We take away the governments means to see the criminals encrypted data, then we can take away their (lawful) means of breaking the lock to the drawer where they keep their kiddie porn, then we take away their right to interfere when they suspect a child is being molested, all for the sake of 'priiiiivacy'"

    And don't go with that old "those who forsake a little privacy..." quote.

    Privacy matters less to people than safety. Period.

    You'll have to convince them that the sacrifice of privacy that goes with RIP et al actually makes them *less* safe. Get the picture into their head of a criminal (perhaps a child molestor) with access to the governments data files. Get them to think about a dishonest cop who knows *their* darkest secrets and is coming for *them* and their *children*.
    Fight fear with fear.

  • by Kiss the Blade ( 238661 ) on Thursday December 07, 2000 @05:51PM (#574162) Journal
    ...for those opposed to the RIP act (in whose numbers I include myself, I hasten to add). The undoubtable fact is that the RIP act will reduce the exploitation of children, fraud, pornography, and more general crimes. So what does one say to the people that decry "You oppose the RIP act, so therefore you support pornography/child abuse/whatever" ?

    How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?

    The problem I have is that, Prima Facie, the argument for RIP is a lot more convincing than the argument against.

    KTB:Lover, Poet, Artiste, Aesthete, Programmer.

  • by Anonymous Coward on Thursday December 07, 2000 @06:12PM (#574163)
    If you're not doing anything wrong, you shouldn't have anything to worry about?

    Bullshit. B-U-L-L-S-H-I-T.

    In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b

    This is the way all law enforcement has worked since the dawn of society. This is the way that law enforcement always will work. This is the reason why U.S. prisons are full of non-violent drug users while murderers and rapists are frequently given shortened sentances due to overcrowding.

    Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.

    Even if something *is* illegal, that doesn't make it wrong. Here's one for you DMCA ranters: If you use DeCSS to crack your DVD's to play under linux, you have commited a crime by circumventing the encryption on the disk. Is that wrong? Is it immoral? Will the FBI or RIAA come down on your ass if they find out?

    Large-scale disk storage and access is easy and cheap. If you think that U.K. law enforcement can't easily run a grep or equivalent on the whole mess they've collected and look for people who have discussed DeCSS, then you are quite sadly mistaken, and probably deserve what they'll do to you when they bust your ass on airy charges.
  • by rjh ( 40933 ) <rjh@sixdemonbag.org> on Thursday December 07, 2000 @06:09PM (#574164)
    First, the RIP act requires that communications be archived for seven years, draconian penalties for refusal to hand over decryption keys, etc., etc. Let's ignore the fact that the RIP probably violates the EU's human-rights agreement, of which the UK recently signed acceptance--after all, the UK seems to be ignoring it.

    So. Communications must be archived for several years, with decryption keys available on request. Supposing we had some ultrasecure OS which encrypted absolutely everything out there, as well as as much of the TCP/IP packet as is possible. That basically leaves only the address field and routing information unencrypted.

    Now we have a person using this machine, A, to communicate over a fundamentally insecure network (the Internet) with machine B. The authorities think that either A or B want to be doing something un-American (err--un-British?) like, I don't know, sharing the recipe for Colonel Sanders' secret blend of herbs and spices. What do the authorities do?

    They start listening on the machine, of course. So what if every packet is encrypted--they can still look at TCP/IP headers and discover where the packets are going. If, in fact, it turns out that packets are going out addressed for B, then that's a pretty clear sign the machines are communicating. Suddenly, B gets a knock on the door and a warrant served, and told to hand over those conversations "oh, and don't tell A a word of all this".

    That only covers direct peer-to-peer connections, though. The naieve counter to this is that relayed connections, such as email, are immune to this because they don't get sent directly to the target machine. Well, maybe... but that just means there are more points of failure for the authorities to exploit.

    Even something as dramatic as establishing an IPsec connection with a mail relay in Seahaven wouldn't be proof. The American government seems to think that using encryption is evidence of malfeasance (see the recent story about the FBI using a keysniffer to defeat PGP). The British government, which is even more behind-the-times than the American government when it comes to encryption, will probably take it as evidence of high treason, or something similarly melodramatic and groundless.

    If they can tell a judge, "look, milord, this bloke 'ere's got hisself a highly encrypted network with a rogue nation-state that's know t' be a haven f'r data pirates", the judge will probably spend all of three seconds before deciding that yes, you're a threat, and you really ought to hand over your decryption keys just so the government can be sure.

    In other words, this solves nothing.

    To every social problem, there is a technological solution which is hip, cool, sexy and broken. This is it.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...