New Crypto-OS 157
gormanly writes: "m-o-o-t is a new open-source cryptography project begun to defeat the R.I.P. Act here in the U.K. "and make it look silly". The project aims to ship a new BSD-based OS on a bootable CD, which will disable all local storage and store encrypted user files in remote "data havens," split and hidden in random data for deniability. The government can't even know a user's sending e-mail, much less store it for 7 years." It's a nice idea, but right now, that's all it is.
Malcontent. (Score:1)
I'll take the telescreen and soma and live a happy smiley life, just like the song!
Consent? Manufactured? Who? What? Where? When? Why? I'll take the Times, please.
Re:What's the point? (Score:1)
RIP hurts everyone, encrypt now! (Score:1)
They cannot demand your key outside of the UK, but they CAN brute force your encrypted files since they are storing them for 7 years.
I say we need more encrypted LOCALHOST file systems so that you always have it with you encrypted and hopefully not on some other archived server.
Do yourself a favor:
TCFS -- transparent crypto file system)
(included since OpenBSD 2.8)
encrypted swap
(included since OpenBSD 2.6)
IPsec IPv4 and IPv6 support for VPNs
(included in OpenBSD since 2.0)
OpenSSH
(included in OpenBSD since 2.6)
and strong encryption (GNU privacy guard)
(not part of default install, in ports)
and encrypt ~~EVERYTHING~~.
Re:I have a question... (Score:1)
I may be able to win an OS debate, but I don't know how to convince a man to value his freedoms. Similarly, I find it most unlikely that someone would convince me to willingly give up mine.
In any event, there was never any claim that his opinions were based on the quote, merely that it's nice and catchy and *does* help convince people (particularly if the subjects are Americans and Franklin's name is mentioned -- for whatever reason US citizens seem to have a particular fondness for "the Founding Fathers").
I'll agree that failing to attribute the quote leaves its use rather weak, though.
Re:I have a question... (Score:1)
I think it's a fair principle that government should only invade an individual's privacy in the event that they have reason to believe it will yield proof of a crime. It does not make sense for the government to invade 100% of the population's privacy in order to prevent crimes committed by less than 0.1% of the population.
One way to prevent crime would be to have the government keep everyone's money and to have all transactions of said money be cleared by some agency (of course, this assumes somehow this agency is immune to corruption). This would actually eliminate a wide variety of crimes. Of course, you won't see a lot of people arguing for that!
Re:I have a question... (Score:1)
Re:I have a question... (Score:1)
-
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the
supporters of RIP, who blather on about 'the children' at every opportunity?
This is a fairly good example of Argumentum ad hominem [infidels.org] and is just one of a range of fallacies that you'll see brought up whenever there is an emotive issue being discussed.Counters to this sort of thing should be structured with agreememt points aloing the way. I'd hearlty recomment reading the entirity of the Infidels.org [infidels.org] web site if you want to know more about logic, fallacies and structured debating.
With regard to that specific point (Privacy vs "The Children") my best bet would be relying on proven fact only. Ask the arguer to produce evidence that privacy through encryption has compromised the successful capture of something that threatend "The Children". While there is a load of anecdotal evidence and people will say "It's _Obvious_!", but may falter when asked to produce real evidence.
Re:I have a question... (Score:1)
If you're accused by someone of supporting terrorism, child porn or piracy simple because you're opposed to the RIP, pose this question: how would you feel if the police had the power to tap your phone or open your paper mail without a warrant? Does it then seem so reasonable to give the police powers to arbitrarily intercept any communication? This is not something the "free" western world has historically stood for.
But this is effectively what the RIP does to electronic communication. By refusing to surrender your keys (and thus your privacy), you face a jail sentence, and if you attempt to talk to anyone about it, including your lawyer, you face a longer jail sentence.
Is this worth it to stop the activities of criminals? Or is it just going to drive legitimate business activity elsewhere while not really affecting criminal activity in any way?
www.stand.org.uk [stand.org.uk]
Re:Sealand (Score:1)
Re:What's the point? (Score:1)
Like, what if I have signed an NDA with a multinational corporation and agreed that all conversation where said corporation and I are both parties regarding subjects covered by the NDA are confidential and if in electronic form, must be encrypted with algorithms and keylengths agreed upon to provide required security.
What does the government do? I can't give the key without breaking the NDA, so I must ask the government that if I am to give the key, it will be done in presence of said corporation and that the officials who will have the key will probably have to sign NDAs with said corporation to cover corporate security and trade secrets which would otherwise be compromised by giving the key to a third party.
Lawsuits, anywhere?
Probable cause (Score:1)
It seems pretty unlikely to me the an innocent person would ever need this. Beyond a reasonable limit, crypto only becomes useful to criminals and child pornographers. An encrypted hard disk is sufficient to protect buisness secrets from your competitors. It'll even protect you from really nosy marketers
If you need encryption that'll keep you safe from the government, you're probably doing something illegal.
The laws in this country are just, and created by the public will. Anti government paranoia is downright unamerican.
--Shoeboy
Only answer to Brit govt. (Score:1)
This is bloody stupid (Score:1)
--Gfunk
That is a silly thing to say (Score:1)
Since the user has an account he would also want to authenticate himself by using his own private key; C-OS is in receipt of the user's public key.
Re:I have a question... (Score:1)
The most dangerous child molesters are those who obtain positions of authority over vulnerable children. How better to indulge your vile desires than as a member of staff at a childrens home, or as a corrupt policeman with access to personal information that may identify target children through the mechanisms put in place to support RIP? As a corrupt policeman there should be no great problem avoiding the legal safeguards, and the worried parent will be in trouble under RIP if they try to complain that you are accessing data about their children.
The danger of RIP is that it assumes that there are no corrupt police, nor even careless police. RIP creates a compelling reason for criminals to infiltrate any organisation that handles the data, and experience shows that criminals can and will find a way.
Re:Probable cause (Score:1)
Or - maybe the government is doing something illegal. Or maybe a corporation.
Maybe I'm missing something.. (Score:1)
RIPAPart3 is the new law here in the UK that gives the Government the right to demand the plaintext and/or keys of "information protected by encryption".
If you're still going to get arrested for not giving them the plaintext it's not that much fun.
Re:Probable cause (Score:1)
Why is it that this argument persists in societies that value free speach? There are some things that are illeagal and still not wrong.
Besides the 4th Amendment protects me from incriminating myself. One might argue that this extends to the files I have stored away. My private diary, the one I store on my computer, should be kept away from the government at all costs. And courts in the USA would probably support this idea, but in the UK there is no Bill of Rights (constitutionally at least) to protect its citizens from the government.
This new OS is designed for them. For people in a place where there is a law that punishes people for not (possibly) incriminating themselves by handing over encryption keys under court order.
This OS certainly won't help those who are sending out incriminating emails to their friends, but it will keep the prying eyes of the government out of their private computer files.
(BTW, is using 'incriminating' four times in one short post too many?)
Re:What's the point? (Score:1)
Given that ~10% of police officers at any one time are corrupt do you really want them to have access to an archive of you Net banking, CC details used for e-commerce transactions, etc? Imagibe whats going to happen if some corrupt officer collects 10,000 CC numbers and maxes them out at say £1000 ($1500) a time, thats a nice little earner, and who is going to come after them? You thing gov.uk wants to admit they made a law that allowed such a massive crime to happen? The worst case scenario is that they snarfed a large number of stockmarket trading account logins, sold all the stocks, and transfered the money, possibly causing a market crash, now would you trust them?
Re:If I really had something to hide... (Score:1)
//rdj
Neal Stephenson, George Orwell (Score:1)
Good luck to all that join in on the project, but remember, "Big Brother is watching you".
Bah! (Score:1)
How much will m-o-o-t cost? We want it to be free, we don't yet know if it will be, it will be shareware price at most and a paid user (if there are any) can burn a CD for his friends to communicate with him. Apart from our time we have put in money and would like to get it back. Also the havens have to be paid for somehow
Much better to just encrypt your mail with the spam mimic(tm) [spammimic.com]!
But seriously: it's good to see a quick response to this, but a single point of weakness lying in a central owner of a haven leads me to seek additional resources.
Re:What's the point? (Score:1)
Orwellian acquiesence to behavior accountability every second of every day is hardly necessary nor advisable. Privacy means exactly that, privacy, including privacy from intrusion by the government.
Even if you are doing nothing "wrong" by "their" standars, will you be able to edit/review this archive of information about you to determine its accuracy and authenticity? Who will have access to this information as a normal responsibility of employment? What if something you do today is not "wrong", but in the future it is, will this be held against you, if only to defame you?
No, I don't find the upside to this at all. This must be stopped, interferred with, circumvented and/or delayed as much as is possible.
Perhaps we need to create a sight that documents all the abuses of this power that have occurred over time and link to it frequently.
The point is simple, does archiving of your elove letters have any value other than to possible embarass you in the future? "Gee, Honey Dumpling, I can't wait to tie you to that tree again and pound you from behind." There is real value in having the government archive meaningless diatribe!!!
I am in total disagreement with you about this laissev faire response to keeping a record of all my online behaviors and communiques. As intelligent as you appear to be, your naivete frightens and abhors me.
What do you need to know to change your mind? Respectfully, /bigweenie
There is no primeval forest, not even one tree, in the State of Georgia (my home). Are we to violate this planet completely, is that our destiny? I hope not.
Re:data storage (Score:1)
Sealand has either been a sovereign nation since its declaration of independence (as the lawyers think), or it never has. The retrospective extension of both countries' maritime claims has not altered the situation.
Re:I have a question... (Score:1)
I doubt it very much. It will help convict a few criminals, but it will open vast opportunities for others, especially when combined with the vast data-logging operations now proposed.
The reason child sex abuse has so often gone undetected for years is not because the only evidence of it was encrypted logs. The evidence was right there in the victims' memories, but the abusers were in positions of power, often connected to schools or social services, and they exploited this power to blackmail their victims. Blackmail becomes much easier when your contacts can intercept the victim's communications. If you don't find anything damning, you can easily forge something now you have the private key.
One of the main uses of cryptography is to prevent fraud. Now tens of thousands of officials can demand the keys your bank uses to keep your money safe (well, formerly safe). Do you think all of those people, and everyone working in or visiting their offices will be honest? And there's no law saying they must shred their printouts.
I don't see how the RIP Act will reduce the amount of pornography, nor why that would be a good thing. If you want to get rid of pronography, ban top-shelf magazines, and employ more police officers to tackle the rise in rape, indecent assault, etc.
Organised crime will be the biggest beneficiary. Gangsters have always maintained their impunity through blackmail - like spymasters, they know almost everyone has a guilty secret, and if not you can manufacture one. Soon they will be able to incriminate even the trickiest targets. That tax inspector will be only too willing to give you a judge's private key if you keep quiet about his sex life.
Re:What's the point? (Score:1)
This scenario was discussed before the law was passed. If you choose to hand over the key instead of going to jail, you will still be guilty of breaking the NDA. If this is a criminal investigation, there is a good chance of your perfidy being revealed in any ensuing trial. If this is a secret service operation, you can be confident they won't tell the victim
Re:RIP hurts everyone, encrypt now! (Score:1)
If a G7 government with a particularly large intelligence budget can brute-force your encrypted files in 7 years, your cryptography is weak. Too weak, if you intend your data to remain secret for 7 years.
Re:Probable cause (Score:1)
Absolutely right! Why I'd wonder if maybe all those encryptors are actually pinko commie traitors.
We'd better scan their mail and hard disks. We need to find out how many other communists they know.
Hey wait a minute....
Re:MPs are STUPID (Score:1)
> increase in processing power grows daily. As
> are storage costs coming down. This will be the
> same as having somebody watching everything
> you do.
Comments like this are missing an important point: the big, bad, ugly government is simply not competent enough to do this. Personally, I'd be happy if I didn't have to fill in a tax return to give the government information that they could just as easily collect automatically.
Yeah, I think encryption is a good idea, because it allows me to enforce ownership over data. I don't care about spooks watching me, because I really don't think I'm that interesting.
Finally, I agree that RIP is bad, because it is WRONG. That doesn't mean that I think that our govenment is going to turn Evil overnight.
-- Andrem
Re:data storage (Score:1)
No, even their own web site puts it within the 12 mile limit. But Sealand don't recognise that so it doesn't count. Duh!
Suppose for one moment you suspend all your sense of disbelief and suppose that Sealand is a sovereign state. It has no democracy, no independent judiciary...
The government does pass some daft legislation from time to time. That's the price of being in a democracy.
Re:data storage (Score:1)
Re:I have a question... (Score:1)
Data Havens (Score:1)
There are fundamental problems with trust in these schemes. These problems grow exponentially when there's issues with key storage. There's even more concerns about routes and bandwidth. There are probably resolutions to these problems, but does M-o-o-t address them? Can it?
Maybe the biggest problem facing m-o-o-t aren't technical or trust-based at all. Maybe it's a simple question of feasibility. Can you build a data haven infrastructure without a clear way to ensure you're not compromising the people running the havens for you?
Re:What's the point - Illegal doesn't mean 'Wrong' (Score:1)
I don't like the idea of a jury of 12 people deciding that a law is unjust and not inforcing it when a democratically elected government passed the law.
Wrong. (Score:1)
you: happily keep doing what you were doing unless you give them a real reason to suspect you.
You might want to look up the meaning of "deniability".
Re:Again (Score:1)
Re:Probable cause (Score:1)
Correction: the public will was to arrest those evil jewish-communist-capitalist conspirators who were plotting to destroy the German people, and send them somewhere where they wouldn't do any damage. Few cared about where that was and what happened to them there.
Privacy tools like this are only a last line of defense. Real freedom is impossible unless people are educated enough to resist propaganda like the above. Unfortunately, this can't be achieved through any amount of coding.
Re:Probable cause (Score:1)
Umm... The story is about the UK not the USA. Sorry, you were probably just spamming...
You've all forgotten something (Score:1)
In the mad rush to help bologna farmers and debunk crypto laws, everyone has missed the most salient point here:
How the hell is this thing going to connect to the multitude of modem and network boards? And once that is figured out, how will you connect to your ISP? Are you going to remember all of the IP addresses?
Beyond that, technically, the damned thing is simply not feasible. Ever hear of TEMPEST? Better check it out if you haven't. Most monitors can be "viewed" from a couple hundred feet away using equipment designed especially for that purpose. And let's not forget about the signals spit out by that keyboard...
Things just keep getting muckier and muckier, people. The key here is not to workaround the laws, but to change the bloody government. You'll be dealing with this until you've thrown down the self-serving, cotton-brained dolts that are controlling things.
Sheesh. Come, people. Wake up. Politicians have one goal: To stay in control. To do that, they rely on your acceptance and the mindless fools who clamor for someone to control their lives (John and Jane Q. Idoit).
I apologize if this sounds inflammatory or like a call for revolution -- Not. It's time for a change...
Welcome to the Nanny State... (Score:2)
CPS does have abusive powers, and stomps on everyones constitutional rights..
CPS: Why would you object to CPS, we are here to protect the children... You must Have something to hide! We are taking your children, please file some paperwork to see them.
(Does this sound like the RIP Act? You are automatically guilty...)
You want secure email? You must be a terrorist..
You want mp3s? You must be a pirate...
You spank your kids? Your a child abuser...
You are pro-choice? Your a baby killer...
Welcome to the Nanny State, let the government spoon feed you..
Re:Sealand (Score:2)
Re:I have a question... (Score:2)
---
seumas.com
Re:What's the point? (Score:2)
If you think that just because there were good (or at least not bad) intentions behind a certain piece of legislation, that piece of legislation won't be abused at some point, you are also a moron.
In other words, if you agree with the above post, you are a moron.
Mr. Atrwoe, of course, is a troll, not a moron.
Re:I have a question... (Score:2)
So what does one say to the people that decry "You oppose the RIP act, so therefore you support pornography/child abuse/whatever" ?
They are using the accusation as a way to stop you arguing with them. It means they are not interested in a rational discussion. They are only interested in "being right" by killing off any opposition to their narrow point of view. "Mess with us, and you'll get branded a child molester".
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
Recently the UK news reported about a children's home run by child molesting 'social workers'. So we know things are 'complicated'. Given we know the world is a complicated place, do ordinary people sitting in their homes think that they will personally become more safe with less privacy? Stalkers can already find out where you live etc. -- do you want them knowing more, because they've got access to a cracked government monitoring system? Will you feel safer when some weirdo sends you a transcript of a personal email you sent to your girl/boyfriend, (thanks to the efficient recording of all communications)?
People may say, "stop muddying the issue!", but that's my point: We're so used to thinking in simple either/or ways, that 'we', generally speaking, lack the ability to think in terms of systems of systems, compexities, side effects, combinations of effects, and possible and supposedly 'impossible' outcomes.
But if you want a simple answer from me, it's: I blame the schools.*
* It's where most programming takes place. I say fix the bugs in the source.
Really? I'm impressed! (Score:2)
You've really had experience with suicide bombers, hackers, and child pornographers? Wow, I've had a sheltered life then compared to you! I've only met hackers (that's hackers, not crackers, which is a whole different argument).
It's not only important what's on the mind of those proposing legislation (although that is important), it's what the legislation says, and how it can be used.
I can think of several cases where I personally value privacy that are entirely above board:
- I'm involved in contract programming, and need to be able to share source code securely, and I don't trust any government agency to have access to it for whatever reason (what if it 'leaks'?).
- I'm a political activist. While I've done nothing illegal in that regard, I would be very uncomfortable about having every move monitored by a government that is essentially hostile to much of what I support - it would stifle communication. The present government will not do anything to harm me, but if something were to happen here like Nazism or McCarthyism (anti-Greenism?), I'm not too keen on archives being used to declare me a menace to society,
- I'm don't like any more than necesary of my personal information getting into the hands of the big corporates. They'd only use it to try and sell me things.
Now, if all monitoring could be guaranteed to be used only for a narrow intended purpose, was completely secure, and the collection agency was completely trustworthy, my only objections would be philosophical. Unfortunately, very few or no organisations live up to this.
Oh one last thing - it might be argued that that monitoring can be done anyway, without legislation. At least in that case, I do have some legal recourse (whatever that is worth). A while back, someone took the SIS to court for illegally breaking into his house.
Re:Damn. Got all excited... (Score:2)
I already feel so dumb.
(Always read the WHOLE blurb!)
Kevin Fox
yes you are missing something (Score:2)
Spooks can analyze that wiretapped session until forever, even after seizing the user's machine, and there is no known way to extract the plaintext version of the session.
Re:A solution? Yes. To the wrong problem. (Score:2)
1)Blind drops - Things like the anon news groups - Let's say that you want to send a message to Mary. Mary KNOWS to check the drop, say, every other day for a message with the subject:
98hy45hj9ljh (which is changed every time inside the encrypted message)
Mary downloads the message (and probably a BUNCH of others - EVERY message in the drop works ) Now all they have is that you posted a message out to the drop. It'd be really hard to figure out everyone who downloaded that message from every usenet server in the world.
Another way to make traffic analysis harder is to post "Noise". You send out email to a random n% of you mailing list (and probably some to people who have NO idea who you are). Most of these emails don't contain anything but random noise Your contacts are doing the same. Now you want to send an email - You put your real email into the cue, and the next time that person comes up in the n%, you put your message in, instead of the mail. Now you could also force the message to be in the next batch, BUT if you do this often, you start to end up with a non random pattern that can be cracked
Another way around this is a DC net - I wish someone would finally get one of these working
Re:I have a question... (Score:2)
Because banning some of these just isn't politically correct and banning most of the others would be virtually impossible.
Re:I have an answer ^^ (Score:2)
So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals.
More to the point the initial violations probably don't actually do much to either protect children or stop criminals.
But the easy political option is then to take away more rights rather than question the dogma that taking away rights helps...
Re:I have a question... (Score:2)
Or paper, telephones, post, shoes, etc, etc. Just about any device or methodology ever invented can be used for criminal purposes. The concept of a "crime" is in itself an abstract concept...
I think it's a fair principle that government should only invade an individual's privacy in the event that they have reason to believe it will yield proof of a crime. It does not make sense for the government to invade 100% of the population's privacy in order to prevent crimes committed by less than 0.1% of the population.
very few (if any) governments have the support of 99.9% of their subjects. The number of people unhappy with some aspect of a government is much greater than the number of criminals. However the people doing the monitoring are likely to be so paranoid they have difficulty telling the difference between a criminal and someone excercising the freedoms of a democratic society. e.g. someone who thinks the current laws about drugs are nonsensical being regared as a drug dealer...
One way to prevent crime would be to have the government keep everyone's money and to have all transactions of said money be cleared by some agency (of course, this assumes somehow this agency is immune to corruption).
If the agency were to involve humans then corruption is certain anyway.
Re:What's the point - Illegal doesn't mean 'Wrong' (Score:2)
Why risk police with a real criminal gang when it's safer to arrest people on made up charges.
Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.
Also remember that they were never charged with high treason either.
Re:What's the point? (Score:2)
This isn't even about monitoring all communications. It's about monitoring some types of communication. A terrorist can quite easily use alternatives...
Re:A solution? Yes. To the wrong problem. (Score:2)
No, actually, you did. No matter how much you hide the data, no matter how much you encrypt the data, no matter how much you shuffle data around, it still doesn't change three basic facts:
1. The data has to get to your PC somehow for you to use, manipulate, or deal with it in any way.
2. The data which comes to and goes from your PC has address headers on it.
3. The cops don't have to cryptanalyze the packets, or even know what's in them--they just have to know that you're sending traffic they want to monitor.
As soon as the cops start taking a specific interest in you and what you're doing, you need a hell of a lot more than crypto and obfuscation. It doesn't matter if they're using one-time pads in a cryptographically perfect fashion; this entire system is fundamentally busted.
Re:What's the point? (Score:2)
attributed to Martin Niemoller
Re:data storage (Score:2)
Rubberhose transparently and deniably encrypts disk data, minimising the effectiveness of warrants, coersive interrogations and other compulsive mechanims, such as U.K RIP legislation. Rubberhose differs from conventional disk encryption systems in that it has an advanced modular architecture, self-test suite, is more secure, portable, utilises information hiding (steganography / deniable cryptography), works with any file system and has source freely available. Currently supported ciphers are DES, 3DES, IDEA, RC5, RC6, Blowfish, Twofish and CAST.
Sealand (Score:2)
<a href="http://www.havenco.com/">HavenCo</a>
Random Data Storage? (Score:2)
...until one of those floppies dies. Then I will sorely miss that unknown data.
Re:I have a question... (Score:2)
i.e. If the communication is encrypted and sniffed in the UK, and then the person you were communicating with gives up their keys, the text of the communications still can not be decrypted. Check out the Paranoia link in my sig.
Mike.
Criminals? (Score:2)
There are plenty of people throughout history who were criminals, some of whom were spied on by their government, such as MLK. With current trends, there undoubtedly will be uses for encryption by activists in the future.
Remember, a criminal is someone who breaks the law. Well, what is a good citizen to do when most of the laws are patently unconstitutional? Become a criminal, if they're really serious about democracy. Note that I'm not talking about Napster and other BS that Slashdot drones typically view as civil disobedience. There are much more important issues in the world, and it's important we take into account that there are people who fear for their lives because they act in accordance with beliefs which most of us share.
The only way to keep government even remotely just is to confound it at every turn with encryption, red tape, and other confusion. It certainly won't happen in McCongress or the Supreme Court w/ Cheese.
Not everybody has forgotten TEMPEST. (Score:2)
Move your laptop or other high-confidentiality computer into a "container" (form-fitting skin, box, closet, or even a small room) covered in copper mesh. The only cables passing through the mesh should be 8-gauge 12VDC power cables and fiber-optic ethernet. The only data entering or leaving on the ethernet is encrypted. No high-frequency RF data will enter or leave on 8-gauge DC power cables.
Problem solved. Cost, about $250 if you buy the copper mesh and AC-DC conversion hardware new, or a fraction of that if you can find everything as surplus or scrap. The FOTs (Fiber Optic Transceiver) are the expensive part.
Or about $25,000 if you are a US Federal agency :-)
Re:data storage (Score:2)
Read the Sealand [sealandgov.com] website. Sealand is located in international waters. England has already tried to take the land back since they occupied it during the second world war. The case went to the supreme court and England LOST. The country is free of English jurisdiction.
-----
"People who bite the hand that feeds them usually lick the boot that kicks them"
Re:I have a question... (Score:2)
Here's what you reply:
If you dropped a nuclear bomb in the middle of every large city in the UK, that would reduce pornography/child abuse/whatever too, wouldn't it? I'm guessing that now you think we should all do that...
And see what the think of it. Then explain to them that the RIP act allows the UK government to jail those that it dislikes for totally arbitrary reasons. It lets law enforcement do the same... And you can't even tell anyone why you've been imprisoned without facing even stronger sentances.
-RickHunter
Re:Neal Stephenson, George Orwell (Score:2)
Re:Probable cause (Score:2)
I`m not sure actually - we (in the U.K.) recently incorporated the European Human Rights Act into UK law, which protects you from having to incriminate yourself, so a test case regarding the handing over of keys would be interesting.
Re:What's the point? (Score:2)
I think it's justified to not trust a government that is disarming the populace and simultaneously arming it's police officers with guns for the first time.
Re:Probable cause (Score:2)
Saying that, you must not BE an American, or perhaps you are a troll.
Anti-government paranoia is one of the MOST American things. The US was founded by people who were pissed off at ol' King George, and afraid of the future he would create for the Colonies.
The Founding Fathers even put some really, really radical stuff in the Constitution to protect us from the government -- this is the reason for the 2nd Amendment (that's the guns one, for you non-Americans).
One of the FFs, I think it was Jefferson, said something like, "Government is like fire -- a wonderful servant but a fearful master." I have probably misquoted it, but the essence is there, and it is an incredibly insightful statement.
We SHOULD keep an eye on the government. It is the nature of such institutions to aggregate power, to exert always more control -- and citizens need to be ever vigilant to keep that in check. When the citizens get lazy, or complacent, they start to lose freedoms for "the greater good."
Plead the fifth (Score:2)
That may be true, but fortunately, the constitution arguably agrees that the government does not necessarily have that right. Aren't your personal files which you created and stored on your computer the product of your own mind? And since the fifth amendment allows you to refuse to testify against yourself why can't you refuse to divulge the contents of your disk by simply pleading the fifth. Even if the argument were that the computer is simply evidence and that a court order requires you to turn it over how can the court order you to turn over the key which you argue might be incriminating? I realize that this is all academic in Britain but in the U.S. I think you could simply refuse to divulge your key on this basis and it would make for a very interesting Supreme Court case. Also to anonymous coward who posted: "The laws in this country are just, and created by the public will. Anti government paranoia is downright unamerican." Does this include the RICO laws? Anti government paranoia is quintessentially American. In fact i'd say it nearly defines 'American' particulary when contrasted with European viewpoints. But for anti government paranoia we would have Europes socialist structure. No, this wouldn't be all bad, but we wouldn't be nearly as competetive as we are today. Hooray for anti government paranoia!
Re:I have a question... (Score:2)
What some people have said so far looks really good. I'd like to add my own bit. (I haven't given this before so it coupd probably be worded better.)
Let's say you trust the government, the police, the IRS and social services, etc etc. For sake of argument, let's say they're not corrupt in any way and will not misuse the information they hold about you in any way whatsoever.
Given that you trust them and through some magic it's been proven that collected information won't be misused or abused, and it will stop the child molesters and terrorists and make the world safer and more prosperous for everyone.. why shouldn't they be allowed to do this?
The simple answer in my mind is What About Tommorrow?
The problem with any sort of legislation is that it's much easier to put in place than it is to remove. What is there to guarantee that 30 years from now, corrupt people won't get into social services and run their own child pornographer's ring, for example? What is there to guarantee that a corrupt police officer - who isn't even born yet - won't abuse her privilege of having access to information about everyone?
Exactly what information can be collected and everything it might be used for is up to the imagination. The point is that once in place, legislation is very hard to tear down. It seems to me that the lawmakers are making it for today, assuming they know the system today, but without putting due consideration into what could potentially happen tommorrow.
===
Re:data storage (Score:2)
Ever heard of Sealand? It's a defunct Anti-air base formerly of Britain's that's actually in International Waters.
Apparently, some guy moved in a few years back, declared it a separate country and proceded to set up secure data stoarage as the country's biggest (and only) industry.
Can I get a link to back me up on this? I don't have one handy
Averye0
MPs are STUPID (Score:2)
They believe any rubbish that they are told by their 'advisors'. By questioning it they think they look stupid.
By not doing so, it makes them look more dumb. They are imbeciles in the extreme.
Perverts and terrorists will find a way around these measures. Direct connected encryption or even blinking sending child porn CDs over postal service.
Only an idiot would believe the massive infrastructure that Government introduce is for monitoring these few thousand people. It can only be for spying on the masses. What about the law of presumed innocence?
People do not realise what is possible. The increase in processing power grows daily. As are storage costs coming down. This will be the same as having somebody watching everything you do. All your finances available for them to check - heaven help you if you cannot account for every penny when they check on your taxes. All your personal emotions in private emails, your fears about health worries and your personal quirks in web-sites you visit. All your inner-most secrets will be open to them.
With New Labours Newspeak (having to use the word 'investment' instead of 'spending') and this RIP Act - Big Brother has finally arrived.
skilful.com [skilful.com]
Re:What's the point? (Score:2)
1) More than likely, no one other that the intended recipient would want to read my e-mail, and
2)If they did, I have nothing to hide.
What's the point? (Score:2)
From my understanding of the proposed monitoring system in Britain, all electronic communications travelling across the Internet will be archived. I don't think the intention was for the government to read messages sent to my girlfriend. The goal of this project is to help prevent terrorism and provide evidence needed to convict hackers/criminals.
It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes
Re:What's the point? (Score:2)
Re:Do you use an envelope when sending snail-mail? (Score:2)
1)Keeping multiple sheets of paper together, and
2)Affixing stamps to.
Re:Don't waste your +1, you dolt. [nt] (Score:2)
Re:What would be REALLY cool (Score:2)
Re:Welcome to the Nanny State... (Score:2)
Do you actually know anything about CPS? My father has worked there for 25 years and I personally know that he only removes a child from a home if THEY ARE IN VERY SERIOUS DANGER. Spanking alone does not warrant a CPS intervention, but if you are hitting your kids with objects and leaving multiple, visible marks on their bodies, then you aren't the best person for your kids to be around. And, btw, you are not "automatically guilty" you do get a trial where if you did act violently toward your kids, you will be found guilty; if you aren't committing a crime, you will be found innocent.
====
All things in life are subjective. At least that's what I think.
I have an answer ^^ (Score:2)
There's the concept of the slippery slope. One step down justifies the second step; using something akin to induction, the Nth step justifies the N+1 step, etc.
So we violate a *little* bit of privacy to protect children. Then we violate a little bit more, to stop criminals. Well, why not a little bit more to stop hate-groups? Then a little bit more to stop the insane. Then a little bit more to stop the disgruntled office worker with a gun. Then a little bit more for the kid who always gets beat up after school, and trying to find a gun. And a little bit more for the guy trying to find some booze and drugs for his party...
To address your statement, privacy is worth more than very many things. There will always be situations in which privacy is discarded (police search and seizure, warrant to enter, wiretap, etc), but on general grounds, any rights we have, once we give up, cannot generally be taken back without a fight.
The argument against RIP is essentially that of innate rights and protections. In the US, at least, any right not enumerated by the Constitution or Bill of Rights is automatically granted to the people, or something like that. In otherwords, a right need not be explicit for it to be afforded protection and observance.
I mean, the police services and such, in our best interest, want to protect us. That I can understand. The govt, I'm not so sure I trust, but let's give them some leeway. They can feel free to fund technology to decrypt, decode, decipher, and hack away at the security systems... but to intentionally allow a flaw in the system? Then what's to stop the not so scrupulous peoples from taking advantage of this? What's to stop the criminals?
Geek dating! [bunnyhop.com]
I have to concede (Score:2)
I did make as a parting comment the fact that someone not so scrupulous, who had access to this data, becomes the most feared and dangerous person around.
Geek dating! [bunnyhop.com]
Claims on their site (Score:2)
Ok, I've visited on their site and this is my take. I wouldn't touch it with a barge pole - if it makes RIPA look silly then it may serve some purpose, but not as a viable secure platform. Their entire approach is flawed in any case, good security should be built into all platforms, you shouldn't have to consider changing for what ought to be such a basic facility.
This is very naive. You do not 'defeat' laws in code any more than you make crypto impossible by legislation. The two systems are completely orthogonal.
The law is not an attack on any protocols, it is a response to using those protocols if anything. You should also see the Snake Oil Warning Signs FAQ [interhack.net] where it warns specifically against mud-slinging against existing or competing techniques.
I rather suspect that had this site had anything to do with established cryptographers whose opinions I trust (well, I can't find the m-o-o-t team members' names anywhere on the site ("We aren't exactly secret but some of us don't want to be identified") so I'll keep a very reserved judgement on their credentials), it would be spelled slightly better. I've no idea what methods of shorthand typewriting have to do with secure computing platforms... (They get it right on a different page, to be fair.)
This will potentially sabotage security, not improve it. Assuming they use strong, time-tested, public algorithms, it is still possible one could suffer a fundamental break tomorrow. Unlikely, but possible. Or next week, or next year. If back-up algorithms are used and implemented well, users should not even be aware of the back-up algorithms. One would also hope that no serious security implementer would suggest using 'export grade' ciphers, the fact that they believe this is possible is worrying.
The usual Dramatis Personae are Alice, Bob, Mallory etc. I've not seen any serious paper referring to 'Plod' and suspect it's just randomly offensive on their part. Their appeal to authority ("cryptographer's term") is bogus.
Don't believe this - it won't work.
*choke*. So they're going to get it right first time, with absolutely no implementation errors possibly leading to security compromises. I wish they'd publish a paper on that alone, because it beats anything anyone has come up with in 50 years of software engineering research. (Hmm. If you can't trust the update how can you possibly trust the original?)
The system also relies on you trusting your PC, and also possibly the data havens to some extent. We've already seen a story this week about the FBI installing bugs within the keyboard itself - other parts of the system can be similarly sabotaged with almost no chance of detection by the user - this is probably what any clued up LEA would want to do if they knew strong encryption was being used. Remember, if the end-point hardware has been tampered with all bets are off, for any security system.
There is so much more, I could go on all day. The possibility that they might want to make money from this (but are considering using a Free OS, which they might not want you to make copies of - no wonder they don't want to be identified) is mildly interesting. Frankly they could as well be part of a multinational government conspiracy, but rather than get excessively paranoid I think I'll just assume they're seriously misguided.
Re:What's the point? (Score:2)
We haven't written most of it yet!
It looks like this whole freaking project is a work fo FICTION. m-o-o-t, as far as a project is still in the "wouldn't it be cool" stage. Chances are it will go no where. It's a HOAX, I can't believe this is even on /.. Does anyone actually read the links submitted?!?!?!?!?!?!
Why m-o-o-t won't work: (Score:2)
Even if such data-havens exist, their service by definition will only be poor, sporadic, and prone to failure.
"Where's that subversive novel/treatise/pr0n I was writing on my m-o-o-t acount?" Oh, I'm sorry. One of the datahavens that was storing a chunk of your novel was raided by the FBI. Your data was not recovered but it *was* destroyed.
People Government Relations (Score:2)
Re:I have a question... (Score:3)
If people are really so eager to save children (the battle-cry for EVERY cause in the world), then why don't they ban smoking, driving, sharp objects, divorce, low-paying-jobs, teasing, flammable materials, deep water and everything else that potentially damages children?
The answer? -- it's easier to take away another man's liberty than your own.
---
seumas.com
Safety in numbers (Score:3)
Encrypt everything. And send more bogus messages than real ones (a 10:1 ratio seems right).
The idea is to swamp the snoopers so that they cannot keep up. It should be easy: there are more of us than them.
The biggest worry for liberty is that any law that requires one to give up a key that exists only in your head erodes the right to not self-incriminate and the right to silence. (Both rights are, I believe, much weaker in the UK than elsewhere.)
Damn. Got all excited... (Score:3)
It could support a PGP encrypted USB and digital video interface for disabling tempest and keystroke attacks. It could be built to only support SSL, SSH or other wise secure TCP/IP protocols, possibly some kind of ISP program through Anonymizer (or anyone [webveil.com], really).
Just think, a system based on the principle that the only place cleartext exists is on the CPU (and other minute pathways between crypchips and rasterizers, logic elements, etc...
But no, it's just another open source project for people to mess with... Sigh.
Kevin Fox
Re:Welcome to the Nanny State... (Score:3)
The interesting question is does it do this just because it can or to draw attention away from it's failures?
Re:What's the point? (Score:3)
Neither was the intention of the German census for Hitler to be able to find all the Jews. Your comments are incredibly naive. If you've never heard all the arguments and reasons why, then I suggest you do some reading. EPIC [epic.org] and the book 1984 would be a good start. If, on the other hand, you've heard all the arguments and still have a bubbly-eyed adoration and faith in your government, then go be the first on the block to voluntarily install a telescreen in your bedroom, but leave us who really care about privacy alone.
--
inconvenient + subscription fees? (Score:3)
They say that they'll pay for data havens from a small purchase price. That's usually unworkable, since you need to keep on getting new buyers all the time, meaning more storage-> more cost->more buyers->more storage->ad infinitum.
So, for a sustainable service you either need to pay a data haven(s) yourself, or pay a subscription fee to m-o-o-t.
On top of that you'll need a pretty quick connection, since (if I understand correctly) all your user files will be on the network somewhere (data haven). Costs are gonna get pretty high, pretty quick.
am I missing something (Score:3)
I really don't see how this is going to help them. The UK law says that the governemnt will monitor and store all internet traffic for seven years as well as be able to demand files / PGP keys from citizen's computers. This system still relies on the internet to transport your information to and from the data-haven. The boys at Scottland yard will still have access to your files as they travel though the ether.
-----------------
Comparison Question (Score:3)
Then again, Moot is (or will be) an OS.
Sincerely,
Vergil
Vergil Bushnell
data storage (Score:3)
-MSD.dyndns.org [sjs.org]
A professional cryptographer writes... (Score:4)
(and the "pro" thing? I've been a pro for less than a month but I couldn't pass up the opportunity to crow about it on
--
Re:I have a question... (Score:4)
I don't think this is true. If I was trafficking child pr0n, I wouldn't think "ooh, I might have to give up my passwords one day, so I'll just send everything unencrypted now instead". Come to think of it, I wouldn't give my passwords away to the police if and when they raided me - better to get charged under RIP than to get caught trafficking child pr0n.
So genuine criminals won't change their behaviour because of this new law. The only people likely to be affected are the innocent, or those who have committed minor offences (illegal music copying?).
Re:What's the point? (Score:4)
I value my privacy as much as the next guy, but this seems a bit extreme to me. Is it really worth all that effort just to make sure no one is reading your mail?
Like other posters suggested.. I think you need to read some books, and 1984 is a good start. You must be young, or incredibly naive.. I'm not an old geezer, but I understand power. My history teacher in high school way back when used to have a huge poster above the board. It said: "Power: It ain't for the givin', it's for the takin'". Those in power will do anything to further it. It's a theme that has been played out since the beginning of recorded history. Do you know what power is? It's the ability to control YOU, the lowly serf. That doesn't sit to good with me.
It seems to me that for most people, this should not even be an issue. If you aren't doing anything wrong, you shouldn't have anything to worry about. The only people who need to use encryption are those who have something to hide. Maybe we should be snooping around in these people's inboxes
There's another very famous quote about police dictatorships not being built up overnight. Not everyone values information and free thought the way the average person here on /. or kuro5hin might. If the populace is trained to accept blatant violations of their personal freedom - for instance, random searches in schools, gradual introduction of monitoring cameras in common areas - then eventually you can get total control. And that prospect scares the living shit out of me. I'm not even an american, but the whole concept of the United States of America was to devise a system whereby the people could be guaranteed freedom from this - the founders of that nation were very wise - and look at what has happened under the guise of "protection" from terrorists, drug dealers, insert-evil-guy here.
People need to wake up and start to take responsibility for their lives and their freedom. Maybe we need a major war every generation. Watching friends die bloody violent deaths might wake a few people up about the true costs of freedom and make them think twice when those freedoms are given up for "protection".
Arrgh, this must have been a troll, but I'm cranky and half in the bag. Get GPG while you can.
No, not the slippery slope argument. (Score:4)
"We take away the governments means to see the criminals encrypted data, then we can take away their (lawful) means of breaking the lock to the drawer where they keep their kiddie porn, then we take away their right to interfere when they suspect a child is being molested, all for the sake of 'priiiiivacy'"
And don't go with that old "those who forsake a little privacy..." quote.
Privacy matters less to people than safety. Period.
You'll have to convince them that the sacrifice of privacy that goes with RIP et al actually makes them *less* safe. Get the picture into their head of a criminal (perhaps a child molestor) with access to the governments data files. Get them to think about a dishonest cop who knows *their* darkest secrets and is coming for *them* and their *children*.
Fight fear with fear.
I have a question... (Score:4)
How does one frame the argument that privacy is worth more than child abuse (to be provocative, for a moment) in a concincing manner to the supporters of RIP, who blather on about 'the children' at every opportunity?
The problem I have is that, Prima Facie, the argument for RIP is a lot more convincing than the argument against.
KTB:Lover, Poet, Artiste, Aesthete, Programmer.
Re:What's the point - Illegal doesn't mean 'Wrong' (Score:5)
Bullshit. B-U-L-L-S-H-I-T.
In the U.S. and in the U.K., I'm certain, overzealous law enforcement will do anything they can to a) raise the number of arrests, b) promote their own financial, moral, or religious interestes, and c)justify that they need more power to accomplish a and b
This is the way all law enforcement has worked since the dawn of society. This is the way that law enforcement always will work. This is the reason why U.S. prisons are full of non-violent drug users while murderers and rapists are frequently given shortened sentances due to overcrowding.
Case in point: Maybe you've heard of the McCarthy trials? Communism and being communist is *not* illegal in the United States, regardless of how much the wwii and boomer generation wishes it was. In fact, the right to assemble and belong to organizations such as the Communist Party is guaranteed under the U.S. constitution. That sure as hell didn't stop Hoover and the FBI from illegally tapping phone lines and extracting confessions of communist involvement under duress in the 50's and 60's.
Even if something *is* illegal, that doesn't make it wrong. Here's one for you DMCA ranters: If you use DeCSS to crack your DVD's to play under linux, you have commited a crime by circumventing the encryption on the disk. Is that wrong? Is it immoral? Will the FBI or RIAA come down on your ass if they find out?
Large-scale disk storage and access is easy and cheap. If you think that U.K. law enforcement can't easily run a grep or equivalent on the whole mess they've collected and look for people who have discussed DeCSS, then you are quite sadly mistaken, and probably deserve what they'll do to you when they bust your ass on airy charges.
A solution? Yes. To the wrong problem. (Score:5)
So. Communications must be archived for several years, with decryption keys available on request. Supposing we had some ultrasecure OS which encrypted absolutely everything out there, as well as as much of the TCP/IP packet as is possible. That basically leaves only the address field and routing information unencrypted.
Now we have a person using this machine, A, to communicate over a fundamentally insecure network (the Internet) with machine B. The authorities think that either A or B want to be doing something un-American (err--un-British?) like, I don't know, sharing the recipe for Colonel Sanders' secret blend of herbs and spices. What do the authorities do?
They start listening on the machine, of course. So what if every packet is encrypted--they can still look at TCP/IP headers and discover where the packets are going. If, in fact, it turns out that packets are going out addressed for B, then that's a pretty clear sign the machines are communicating. Suddenly, B gets a knock on the door and a warrant served, and told to hand over those conversations "oh, and don't tell A a word of all this".
That only covers direct peer-to-peer connections, though. The naieve counter to this is that relayed connections, such as email, are immune to this because they don't get sent directly to the target machine. Well, maybe... but that just means there are more points of failure for the authorities to exploit.
Even something as dramatic as establishing an IPsec connection with a mail relay in Seahaven wouldn't be proof. The American government seems to think that using encryption is evidence of malfeasance (see the recent story about the FBI using a keysniffer to defeat PGP). The British government, which is even more behind-the-times than the American government when it comes to encryption, will probably take it as evidence of high treason, or something similarly melodramatic and groundless.
If they can tell a judge, "look, milord, this bloke 'ere's got hisself a highly encrypted network with a rogue nation-state that's know t' be a haven f'r data pirates", the judge will probably spend all of three seconds before deciding that yes, you're a threat, and you really ought to hand over your decryption keys just so the government can be sure.
In other words, this solves nothing.
To every social problem, there is a technological solution which is hip, cool, sexy and broken. This is it.