Poll Says Most Americans Favor Crypto Backdoors 931
Sideways The Dog writes: "According to this MSNBC article, "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks on New York's World Trade Center and the Pentagon in Washington, D.C." I realize that I'm preaching to the choir here, but it is scary how many people do not realize that the bad guys are not going to play fair here. Even granted that people may not realize the tools are already out there for the bad guys to use, I wonder what the polls will say when the backdoor gets compromised and 72% of people get their bank accounts wiped." Update: 09/19 19:26 PM GMT by T : Declan McCullagh adds a link to "the actual text of the question asked by the
pollsters, which Princeton Survey Research Associates describes here." Note the numbers on this page as well.
Hmm.. (Score:2)
Percentage Opposed To Secrets (Score:5, Insightful)
Should you be allowed to have secrets?
I imagine that we'd see considerably different results.
-Waldo
Re:Percentage Opposed To Secrets (Score:2)
and in related news... (Score:3, Insightful)
mandatory to use state-approved envelopes to send
all mail.
these new envelopes will be entirely transparent
when viewed under a federally produced lightbulb,
but there is no need to worry about these lamps
getting out to bad people, since it is time-tested
proof that all government employees are completely
honest and lack all self-serving traits present
in every other human being.
besides, it's for your own good and protection!
and if you have something to write that you don't
want everyone to read, maybe it's time for that
all-important self-examination to reveal your
underlying paranoia complex...
Re:Percentage Opposed To Secrets (Score:4, Insightful)
The poll in the article is about whether people thought it would of helped prevent the attack. Your post is about whether people want it. These are two different things.
A military dictatorship would of helped prevent the attack, but I don't want a military dictatorship.
A better survey (Score:2)
(Yeah, the last part is suppose to be part of a statement; it's a trick like that: instead of being asked what you think, by the end of the poll you're being told what to think).
F-bacher
This just in.... (Score:2)
Re:This just in.... (Score:2, Informative)
There are some well known very secure cryptosystems out there. Implementing them is VERY easy. Any competent programmer can do it. Disallowing encrypted traffic thru the net is impossible or at least insanely hard. Even if the structure of the internet were completely changed, so you could use only a well known services and you were limited to "official" protocols you could use covert channels. Modulating information is EASY. Option bits in packets, delay between packets, checksums, IP addresses... almost anything can represent a string of bits. Using very draconian measures in the net you may limit the banwidth of this covert channels a lot, but such a network would be so damn rigid, inefficient and expensive that the entire US economy would suffer it.
I believe most people involved in the poll is absolutely uneware of these facts.
FYI, I am a computer scientist and I work with two experts in cryptography (although it's not my field of research)
Crypto Backdoors or Key Escrow? Constitutionality? (Score:2)
I do not believe it would be constitutional for the Federal government to require any restrictions on individuals, groups, or businesses using crypto for transactions that do not cross state lines.
Re:Crypto Backdoors or Key Escrow? Constitutionali (Score:2)
That being said, it's unlikely, in my mind, that Congress actually has authority to enforce limits on crypto under the Commerce Clause because it would violate the 1st Amendment,and possibly your right against unwarrantable searches and seizures, but that's more of a stretch, IMHO.
On the other hand, the fact that crypto is classified as "munitions" (this means that seemingly harmless stuff, such as the Mozilla source code or the DeCSS T-Shirts are actually classified as munitions! scary stuff!) means that actually, Congress probably *can* regulate it via export control. But since you have a Constitutional right to bear arms (heh), they can't regulate it's use by citizens. So there's another reason Congress wouldn't have a leg to stand on.
Again, I'm not a lawyer, I'm just going on what I know from reading, experience and a Businss Law class or two.
Uh-huh (Score:2)
--Sideshow Mel.
Re:hmmmmm (Score:2)
You are correct. I pressed submit just as I noticed the error. Oh well...
Stupid poll questions? (Score:3, Insightful)
Of COURSE anti-crypto has a chance of helping catch terrorists.. if your doctor for example has encrypted files for one of them or something random like that. That doesn't mean I support it or think it's worth it! They're extrapolating people's opinions based upon the not-so-earthshattering observation that crackable crypto has a good shot of helping catch terrorists (and this, in itself, is debatable since they already have strong-crypto for their own internal communications)
Re:Stupid poll questions? (Score:2)
- j
Re:Stupid poll questions? (Score:2)
And the other 6% of statistics are made up the spot!
Cracking Down on Honest People (Score:2)
What about Non-US crypto? (Score:2)
Too Many Secrets (Score:2)
~~CrackElf
If backdoors are legally required ... (Score:2)
Re:If backdoors are legally required ... (Score:2)
Re:If backdoors are legally required ... (Score:3, Insightful)
In case anyone takes you seriously, I'll just point out that you first encrypt your message in you own 4096 bit MujaCrypt 3.0, then wrap that in the backdoored Fed-O-Crypt 1.0 and it all looks lovely and innocent.
(Or you use disposable phones, face to face meetings, mail drops and personals ads like they actually do...)
'Wiped bank accounts...' (Score:2)
Now we all know why they cry like hell when their house burns down...
New survey: (Score:2)
They get frustrated at how bad the information is when it refers to their center of competence/interests (therefor missleading the others who don't know much), but they forget that little detail rapidly when they watch information about something they are less familiar with, and gobble everything sent to them.
Encryption is not something common, everybody knows the word, but not everyone uses it or understand the technology, nor the fact that it won't change ANYTHING to put backdoor since there's a lot of stuff already available to create your own crypto package without backdoors. So, basically, if you're a terrorist, it's way too easy to bypass that system.
In that perspective, the govs. are only stepping in a little bit more onto you privacy, and 99% of the people will accept it because "it sounds good the way it's explained, and besides, who cares, doesn't affect them as individuals".
God I hate those terrorists, not only we suffer because of human loss, but we'll suffer because of paranoia and liberty loss too.
I would, too... (Score:2)
This may be an unpopular viewpoint on /., but I'd personally rather have the government able to read my email (with a subpeona, of course) than see another event where dozens of relatives were milling around outside a disaster zone clutching photos of their lost father/son/daughter/wife/etc.
Of course, the problem is that any moron with a mathematics education and a 486 can put together some pretty decent crypto on their own. Any smart terrorist (and it takes a smart, if not necessarily moral person to put something like this together) will use off-brand cryto without the back doors.
If there was a way to make the terrorists use standard, back-doored crypto, I'd be willing to force all crypto to have a back door.
Re:I would, too... (Score:2)
If crypto eventually falls into that category, you won't hear about it until long after it has happened.
Wrong (Score:2)
Re:I would, too... (Score:2)
Right, but there isn't. As you note, this cat has been out of the bag since before Clipper was a gleam in Bush Senior's eye. So there's no chance that such a ban would work, and I for one would gladly violate it, at least until it is found unconstitutional as a prior restraint on speech.
prior restraint (Score:2)
Re:I would, too... (Score:2)
But having a backdoor into the crypto algorithm has dangers too. If there is a backdoor there are chances that someone other than the govt will figure it out and exploit it. On the other hand, if the requirement for the backdoor was just that one always had to encrypt for multiple recipients and having the Justice Department (or whatever national ministry for other countries) as one of the recipients, it probably wouldn't be as bad from a software standpoint. However, other problems concerning the management of the global Federal encryption key will pop up.
Unfortunately, many of the policy makers view software as a commercial activity and would probably adopt some closed source set of software and using anything else could be considered illegal. All of which would help MS get more hooks into controlling everything. Which is not only bad from a freedom standpoint, it's also bad if the next wave of terrorists decides to fly some planes into the Redmond campus.
Re:I would, too... (Score:3, Interesting)
the problem is, there's just no correlation between deprivation of existing personal communications freedoms/rights and increased security. the 'bad guys' will continue to deploy what they have (or develop better) and the rest of us will have taken several steps backward in our civil rights.
stop appealing to pure emotion. the imagery of the WTC catastrophe and the slim benefit in security you'll gain by trashing personal freedoms isn't based on rational thinking, but purely on emotion. the lawmakers need to think long and hard about how effective it will be to further regulate the law-abiding population.
Enforcement? (Score:2)
who cares what lay people think would be usefull? (Score:2)
That is like advertising perscrition drugs on tv. Doctors are the only ones that can decide which drugs really need to be perscribed. It shouldn't matter which "brand" sounds better, or has a better commercial. "Such a catchy tune, I'm sure that my [fill in the blank] will be better with it!!" This is equivalent to "I am now scared, so I will do whatever to get that false sense of security back!!!"
We need a panel of experts to decide what would be helpfull. And not just FBI or DOJ experts, but ACLU types, and engineering types as well.
Important safety tip (Score:2)
Just think... if you sent a coded letter through the mail, nobody would give you a second thought. Everyone's complaining because the most convienent means (the 'net) is going ot be even more regulated than before.
Well, so are airplanes. I can't bring a gun on one. Now, I won't be able to bring a pair of tweezers or a nail-clipper on one. Are my rights being curtailed? Not at all. If I don't like it, I can always take a plane. I don't have to use the most convienent means available.
And that's the problem. Convienence has become synonymous with 'rights' these days. You have the right to watch movies whenever you want. Saying you have the right to encryption without a backdoor is like saying you have the right to smoke. You enjoy it, but the activity hurts other people.
Okay... rant mode off.
As Ben Franklin said... (Score:2, Redundant)
Re:As Ben Franklin said... (Score:2)
Re:As Ben Franklin said... (Score:3, Insightful)
With the current tapping abilities, both legal [eff.org] and illegal [igc.org], it looks like soon, if not already, warrants will be unnecessary for law enforcement to peruse all of your communications. Also, remember that your cell phone has a GPS chip in it, so you are carrying a "leaky" communications device with a tracking chip built into it.
Unreasonable search is what we're talking about here. If the government decides to allow tapping into 100% of my communications, even though I'm not conversin with people about illegal activities, I want to make sure that I have the right to avoid plaintext and keep what I talk about unavailable if I so choose.
This is my right. It is being trampled.
Did you notice that the cell phone calls that have been reported throughout this whole ordeal were recorded and traced? Doesn't that frighten you in the least? Don't you feel you have the right as an American to some modicum of privacy?
Re:As Ben Franklin said... (Score:2)
And since when did the Constitution not need Amended to reflect changing attitudes on what is essential?
Re:As Ben Franklin said... (Score:3, Interesting)
JOhn
Re:As Ben Franklin said... (Score:2)
The quote is topical and relevant, two qualities your post lacks.
Re:As Ben Franklin said... (Score:2)
Re:As Ben Franklin said... (Score:2)
But Jesus man, chill out. Worst-case scenario, everyone gets it memorized and drilled into their heads and maybe, just maybe, they'll begin to actually believe it.
Just looking for an answer.... (Score:2)
Usually when this happens (from my observation) people point fingers at the easy targets (muslims and arabs for example). This is just another case.
The majority of people (72%) just don't understand "new" technology in general and how it works. The possiblity of terrorists using encryption and e-mail and the internet scares the shit out of them. So it's very easy for them to say that modifying those technologies to allow police to easily "snoop on them" will help. When in fact they just don't know because they don't understand how it works.
This scares me because - with a few exceptions - in a democracy what the majority of the people want will happen (well in a true democracy it should anyway). So it won't surprise me if we see bills passed that will require this kind of thing to take place.
But I hope I'm wrong....
--
Garett
Congress lays blame (Score:3, Interesting)
Funny... and here I had thought that the primary reasons given for the massive intelligence failure were due to budget constraints and de-escalation of the intelligence community. Sources from the CIA and various government officials have come out and point blank stated that they have a severe lack of spies out there to actually infiltrate these terrorist cells...
So how do they jump from that to blaming it on encryption? Sheesh.
Re:Congress lays blame (Score:2)
It is MUCH cheaper to just outlaw crypto than to pay for 1000 spies. Also many of those spies will be some pretty evil people that we payoff for info. So they are trying to take the easy way out.
Re:Congress lays blame (Score:2)
Oh really? How much will it cost to send US Marshals into everyone's home and office to force us at gunpoint to "up"grade? Because that is what it will take to make such a law effective.
They don't! (Score:2)
Re:Congress lays blame (Score:2)
The CIA and various government officials are directly responsible for bin Laden (vs. USSR) and Saddam Hussein (vs. Iran) being where they are today. You'll pardon me if I say it sounds like they're passing the buck.
This is where I don't care ... (Score:2, Insightful)
And for what I want to keep really secret, the good old one-time pad will do nicely.
Chris
Tell MSNBC what you think: rate the article (Score:2, Interesting)
I selected "not at all".
CNN Has Almost the Same Poll on Their Page (Score:2, Informative)
Oh and I wouldn't put too much stock in outside governments not changing their laws to match. Most of them would love to and the current mood is that there are only two sides available in the fight against terrorism.
Don't just ask the experts either, though (Score:2)
Updated (Score:2)
Makes about as much sense.
terrible study-- and even worse article (Score:2)
"A poll in the United States has found widespread support for a ban on "uncrackable" encryption products." The only supporting statement it has, however, is this: "The Princeton survey found that more than half of the American public would support anti-encryption laws to aid law enforcement surveillance powers.". They don't bother to give us any details about the question. What sort of anti-encryption laws? Which branch of law enforcement? What were the allowed answers to the question?
This lack of detail is especially worrisome given the drastically misleading figure from the featured question: "72 percent of Americans believe that anti-encryption laws would be 'somewhat' or 'very' helpful in preventing a repeat of last week's terrorist attacks.". Wow, 72 percent of americans are anti-encryption! We're a week from the tragedy, with no details being released to us on how it was orchestrated. So, how do we know they would have been very helpful? For that matter, how do we know they would have not been helpful at all? "Somewhat" helpful is practically the default answer-- if you're pulling the answer out of your ass, pick the middle one.
Let's look at some of the other striking logic: "Only 9 percent of those questioned believed that tighter encryption restrictions would not prevent similar terrorist attacks in the future.". Of course, they don't bother to mention how many believed that tighter restrictions would prevent attacks. Here, the default answer is obviously "might". Do I know tighter restrictions wouldn't prevent a single attack? Of course not; I also don't know that they would.
Finally, of course, the most important number is the date this survey was taken: Sep. 13-14. To be fair to the author, she did mention that. Taking surveys during that time is a disgustingly opportunistic response to the attacks. You certainly could have garnered favorable responses to attacking just about any country in the middle east, killing civilians, locking up immigrants, etc. etc.. I simply can't believe that in the wake of the tragedy, these people wasted their time and everyone else's on pushing this stupid agenda.
How could this be possible? (Score:2)
I don't mean politically, but technically and practically.
Wouldn't a backdoor in something like PGP make it inherently insecure? I mean, wouldn't it be possible to find out how the Feds are decrypting, and use that method on ALL encrypted traffic?
This sounds analogous to someone finding a way to factor the product of two large primes back into the primes.
Or am I thinking about this all in the wrong way? Would it not be a "master" type key?
I just don't get it.
What they'll say (Score:4, Funny)
Surveys (Score:2)
You are reading it wrong (Score:3, Insightful)
Read it over and over again. It is not stating that 72 percent of people want their rights taken away. It just states that they think anti-crypto might of helped.
Redo the poll to:
How many people think that the attack wouldn't happen if the US was a cruel military dictatorship?
I bet it would be like 90 percent. Its true. It doesn't mean we want to be a dictatorship, just that it might of prevented it.
Stop knee-jerking, people.
On House Floor Barbra Lee warns of grave mistakes. (Score:4, Informative)
...
The Solitary Vote Of Barbara Lee
Congresswoman Against Use of Force
By Peter Carlson
Washington Post Staff Writer
Wednesday, September 19, 2001; Page C01
"We need to step back," said Rep. Barbara Lee (D-Calif.). "We're grieving. We need to step back and think about this so that it doesn't spiral out of control. We have to make sure we don't make any mistakes."
She was walking down a hallway in the Cannon House Office Building. A plainclothes police officer hovered a few steps away, looking very serious. The Capitol Police began guarding Lee on Saturday because of death threats she received after voting against a resolution authorizing President Bush to use military force against anyone associated with last week's terrorist attacks. The resolution passed 98-0 in the Senate and 420-1 in the House. Lee's was the sole dissenting vote.
"In times like this," she said, "you have to have some members saying, 'Let's show some restraint.' "
Led by her police bodyguard, she moved along quickly, slipping into her office and closing the door behind her. Inside, the phone lines had shut down under an onslaught of calls from all over the country -- many of them irate, some of them downright nasty -- and her voice mailbox was too full to take any more messages.
"We've gotten thousands of calls and thousands of e-mails," she said. "People are very emotional. . . . They're frustrated and they're angry."
She's 55, a small woman with short black hair. Normally, she has a bright smile, but these days she looks sad, worried, harried. She is quick to point out that she voted to condemn last week's attacks and to allocate $40 billion to fight terrorism.
"I'm just as American and just as patriotic as anybody else," she insists.
She does not rule out military action, she says, but she voted against the authorization to use force because she opposes giving the president the sole decision on when and where to make war. "I believe we must make sure that Congress upholds its responsibilities and upholds checks and balances. This is a representative democracy and it's our responsibility."
War, she believes, is not the most effective way to fight terrorism. "Military action is a one-dimensional reaction to a multidimensional problem," she says. "We've got to be very deliberative and think through the implications of whatever we do."
This is not the first time Lee has stood alone against war. In 1999, during the crisis in Kosovo, she was the only House member to vote against authorizing President Clinton to bomb Serbia. "I'm not a pacifist," she says, "but I don't believe military action should be the only action we embark on."
Fortunately for Lee, she represents one of the most liberal congressional districts in the United States -- California's 9th, which includes Berkeley and Oakland. It's the district that was represented by another antiwar dissident -- Ronald Dellums -- for nearly 28 years. Lee served as Dellums's chief of staff for a decade before she was elected to the California State Assembly in 1990. When Dellums retired in 1998, she won the election to succeed him, and was reelected last year with 85 percent of the vote.
"I would have voted the same way," says Dellums, now president of Washington-based Healthcare International Management. "We need to think this through and ask, 'Are there better ways to do this?' "
"I agonized over this vote all week," she says. "I searched my conscience. I talked to many people. Ultimately, on some votes, you have to vote the way your conscience dictates."
Her agony was exacerbated by the knowledge that her chief of staff, Sandre Swanson, was mourning the death of his cousin Wanda Green, who was a flight attendant on the hijacked United jet that crashed in Pennsylvania.
"I support her decision," Swanson says. "The principle on which she based her decision was that somebody should stand up and say that only Congress has the power to declare war. . . . People say she was unpatriotic. I think it was very patriotic."
"I admire the courage of Barbara Lee," says Rep. John Lewis (D-Ga.), who spent the 1960s in the front lines of the civil rights movement. "She demonstrated raw courage to stand up and vote the way she did. She stood alone -- one against 420. Several other members wanted to be there also but at the same time, like me, they didn't want to be seen as soft on terrorism."
Lewis voted to authorize military action but, he says, he came close to joining Lee in opposition. "I was probably 99 percent of the way there in my heart and my soul," he says, "but in the end I wanted to send the strongest possible message that we can't let terrorism stand."
Lee's vote is reminiscent of the first woman ever elected to Congress, Jeannette Rankin of Montana, who voted against the nation's entry into World War I and World War II. It also brings to mind Wayne Morse and Ernest Gruening, the two senators who voted against the 1964 Gulf of Tonkin resolution, which gave President Lyndon Johnson the power to wage war in Vietnam.
On the House floor last Friday night, Lee quoted Morse: "I believe that history will record that we have made a grave mistake in subverting and circumventing the Constitution of the United States." She added: "Senator Morse was correct, and I fear we make the same mistake today."
Out in Oakland, Lee's vote is the subject of much debate, some of it heated, says Don Perata, the Democratic state senator who represents Lee's district.
Perata calls Lee's vote "wrongheaded" and he isn't impressed with her explanation of it. "There wasn't a lot of clarity there," he says. "I would have cast a different vote. This is a time for a united front in America, particularly in Congress."
But, he predicts, Lee's vote probably will not affect her chances for reelection.
"The district is overwhelmingly Democratic," he says. "There are probably more people who are to the left of the Democrats than there are Republicans."
Also, he adds: "Barbara is very popular here. She's just a very, very nice woman -- and in this business that counts for a lot."
On Monday, Perata says, California talk radio was abuzz with callers denouncing Lee as a communist.
"I was wincing," he says, "because that's not Barbara. She did not cast that vote because she's unpatriotic. She loves this country and its opportunities as much as anybody."
Meanwhile, back in her office on Capitol Hill, Lee was furiously working the phones, talking to constituents and local media outlets.
"I hope that when I get my message out," she says, "people will understand why I did what I did. Whether they agree with me or not, they'll understand that I want to bring these [terrorists] to justice as much as anybody else does."
She declined to speculate on the effect her vote might have on her popularity. "This was not," she says, "a poll-driven vote."
Re:On House Floor Barbra Lee warns of grave mistak (Score:3, Insightful)
I find myself overcome with heartfelt respect and admiration for this brave, principled person. Perhaps there is hope for us after all. Thank you for posting this.
Re:On House Floor Barbra Lee warns of grave mistak (Score:3, Informative)
...
H.J. Res. 64
Whereas, on September 11, 2001, acts of treacherous violence were committed against the United States and its citizens; and
Whereas, such acts render it both necessary and appropriate that the United States exercise its rights to self-defense and to protect United States citizens both at home and abroad; and
Whereas, in light of the threat to the national security and foreign policy of the United States posed by these grave acts of violence; and
Whereas, such acts continue to pose an unusual and extraordinary threat to the national security and foreign policy of the United States; and
Whereas, the President has authority under the Constitution to take action to deter and prevent acts of international terrorism against the
United States:
Now, therefore, be it Resolved by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This joint resolution may be cited as the ``Authorization for Use of Military Force''.
SEC. 2. AUTHORIZATION FOR USE OF UNITED STATES ARMED FORCES.
(a) IN GENERAL.--That the President is authorized to use all necessary and appropriate force against those nations, organizations, or persons he determines planned, authorized, committed, or aided the terrorist attacks that occurred on September 11, 2001, or harbored such organizations or persons, in order to prevent any further acts of international terrorism against the United States by such nations, organizations or persons.
(b) WAR POWERS RESOLUTION REQUIREMENTS.--
(1) SPECIFIC STATUTORY AUTHORIZATION.--Consistent with section 8(a)(1) of the War Powers Resolution, the Congress declares that this section is intended to constitute specific statutory authorization within the meaning of section 5(b) of the War Powers Resolution.
The real question is... (Score:2)
Crypto will end up like drugs (Score:2)
Encryption Protects Against Terrorism, recycled (Score:2)
If you are feeling bad about the role encryption plays in allowing terrorists to act freely, perhaps some excerpts from this document will ease your mind and open your eyes to the usefulness of encryption systems in combating terrorism. Also keep in mind that this was written in the mid 1980s. I apologize in advance for not giving proper credit to the authors, but I'm sure that they understand why.
-- begin quote --
Adulteration, the accidental or deliberate injection of undesired material into a network, can cause serious problems. Accidental diversion of unintended liquids into a pipeline system, like accidental switching of a train onto the wrong track, sometimes leads to disastrous results...
...
Leakage from networks is at least...
...
MEASURES FOR RISK REDUCTION
Robustness
protective enclosures
solid construction
guards
deterrent laws
human engineering to reduce errors
operator training and practice
ENCRYPTION OF INFORMATION (emphasis added)
Ruggedness
redundancy
excess capacity
backup systems
error correcting coding for communications
emergency response teams
crisis training
alarm systems
automatic diagnosis systems
emergency subsystems
preplanned triage
public or customer emergency instruction arrangements
Resiliency
stores of critical spares
emergency recovery teams
training of recovery actions
insurance
procedures for sharing abnormal resource costs
pre-established plans for implementing improvements rather than return to status quo ante
-- end quote --
The measures listed above were to be encouraged in PRIVATE organizations and amoung the general public. I have reproduced the entire list because unlike the rest of the report it should be shared amoung as many people as possible, especially in business. As you can see public use of encryption is on this list.
It is important that businesses, and other organizations, be able to encrypt data securely so that critical vulnerabilities and response plans cannot fall into the hands of terrorists. It is important that businesses be able to encrypt and digitally sign communications so that false data or false orders cannot be transmitted that will cause their facilities to be damaged or an inappropriate action taken that could jeopardize lives and infrastructure. People need to be able to encrypt data and communications so that they will be less susceptible to blackmail (supposedly "no organization is secure from an operative who finds a well-placed secretary that is having an illicit affair") or assassination by terrorists.
Encryption is a powerful tool. It is as useful for protection from terror as it is the commission of terror. We cannot prevent the terrorists from having access to these tools; so we must seek to learn to use them better ourselves, and to make sure that they are in the hands of "the right people." With the ever-increasing reliance on data collected and sent over electronic networks in the making of critical decisions by all sectors of society, failure to use encryption and digital signature technology could be very bad.
The above comments were orignally made by me a few days ago to someone who had done encryption work and was now questioning whether our current privacy/security ratio would or should be changed. I apologize for using recycled electrons, but I thought the comments were equally applicable to this Slashdot story because they show the role that encryption can play in protecting people from terrorism (and espionage and vandalism and organized crime...) and I am leaving for a meeting so I don't have time to rewrite them.
Online Polling subject to whatever (Score:3, Interesting)
The mindless law-and-order rednecks who hang around at FreeRepublic.com [freerepublic.com] regularily post comments on their forums encouraging their members to "Freep" the poll (using their lingo). Now, if Slashdot had posted a notice requesting that *we* all 'Slashdotted' that poll - do you think the results may have been different?
Without the usual mention of The Three Greatest Lies (Statistics, Statistics and Statistics), I will mention that ONLINE polls even miss the basics of reasonable methods... like unbiased 'random' samples for instance.
It wasn't an online poll (Score:4, Informative)
Keyboard Capture (Score:2)
Key escrow is studid, but we need an alternative. There is no right to secretly plot to blow up buildings. The governement should gather probable cause and get wiretapping permission with a court order to target an individual. I think Ashcroft's idea to target people instead of devices makes sense, but I don't want weaker standards of judicial oversight.
Encryption absolutely can be defeated if, by physical or cyber processes, keyboard capture and screen capture are used. Since the bad guys aren't going to change their crypto, we have to do this anyway. It's been proven effective and it should be the focus of national efforts to defeat encryption.
Transmitting information without crypto (Score:2)
If someone wishes to pass information on to somebody else without anyone else knowing what is going on, putting backdoors in crypto packages and outlawing the rest isn't going to stop them.
The sheer volume of information sloshing around between machines means that you have to ignore something - processing all of it is verging on the impossible even if you don't have to decrypt. Say I wanted to tell Fred something important - "Free beer at John's house, 9pm" - and I was banned from using crypto. I could play with any number of obfuscations - I could encode the ASCII bits into the least significant bit of the red channel of an image. I could speak it and send it as an Windows executable with a MP3 component welded onto the end which could be extracted by knowing how long the original executable was. I could hide the message hidden spread through an MPEG file in some redundant byte in an MPEG frame header. Given a known random number generator and a given seed, you could XOR your message with the obfuscating signal. The number of ways to play this game is at least as complex as the number of data formats available.
So even if you had a complete and effective ban on encryption (which is impossible) you still couldn't process or intercept all the info flying through your checking portal. And even if the encryption ban stopped terrorists from passing information through the Internet, you haven't stopped them communicating - you have just made them use something else. Like encrypted packet radio or laser interferometry.
Cheers,
Toby Haynes
Societal Transparency. (Score:2)
i.e. if the police have a CCTV network, (a) it should be public access and (b) there should be public-access cameras on the police too.
This somewhat trite example generalises to more other domains too - e.g. no branch of government should not be allowed use crypto if the citizens aren't.
The answer to the quesion "Who will watch the Watchers?" should always be "The Watched".
*Asymmetric* flow of information increases one person's power over another. To preserve the balance of power in the event of anti-crypto legislation, it would be neccessary to further increase the transparency of governmental security operations.
David Brin (well known hard sci-fi writer, among other things) has analysed this is in an easy-to-read manner in his book "The Transparent Society", the first chapter of which is available on-line here [kithrup.com]
I strongly recommend reading it, it illustrates problems with the logic of both some privacy advocating positions and some privacy invasion advocating positions.
If legislation for backdoors passes it'll be... (Score:2)
This is their chance... (Score:2, Insightful)
One of these things is what is described here.
Also, some law written in the 70s (I believe) stated that America can not legally issue assasination orders. They want to repeal that.
Also, they wnat to make phone tapping much easier. The law right now is you have to not only get a warrant to tap a phone, but you can't monitor a person, just a specific phone line.
And finally, all military upgrades are going to be majorily supported by the public (can you see more republican support?) in the near future.
Lets not let our rage cloud our vision.
Politicians will always be politicians.
Problem is with the questions as asked. (Score:3, Insightful)
However, if the question was asked as "Do you support the government having unlimited backdoors into all crypto tools, even if it meant your ecommerce transactions were more vulnerable to hacking as an unintentional result?" - I HIGHLY doubt we's see 72% saying yes!
Re:Problem is with the questions as asked. (Score:3, Insightful)
How? You just crypto your stuff with a strong non-backdoored package, then wrap it in the Fed approved stuff. It doesn't even help you to spot it unless you habitually decrypt and examine the contents of all traffic.
Problems with backdoors (Score:2)
Banning Firearms (Score:2, Insightful)
72% of people get their identities stolen.. (Score:3, Funny)
NEWS FLASH: M$ RECOMENDS INSECURE TOOLS (Score:2)
Tune into MSNBC for more exciting details and developments. Dumb, Da-Dumb-Dumb, Dumb-Da-Dumb-Dumb, Dumb.
International Crypto (Score:2)
What would be wrong with a narrow law that said that if you are in the US on a visa that you cannot send encrypted messages across US borders without key escrow.
I'm very worried that a hard line stance on this will fail. A narrowed alternative may be something we have to propose.
Honest answers now, please! (Score:3, Interesting)
Okay: Everyone raise your hand who is willing to die for their right to use crypto. I mean really die -- or even suffer serious bodily harm -- standing up for your rights?
Whenever I see these topics come up, they're always accompanied by one-line comments "They'll only get my gpg when they pry it from my cold dead fingers!" Come on now -- would you let them kill you rather than give up your crypto?
You find out what people truly, honestly believe, deep in their hearts and souls, when they're faced with the raw reality of standing firm against inimidation and violence. Looking down the barrel of a gun is a damned good test of one's convictions...
Congress Links? (Score:2)
This is what we should be saying: (Score:2)
Should we require all encryption to have a backdoor?
A recent poll on MSNBC suggests that the vast majority of Americans would favor legislation requiring all encryption software to carry a "back door" allowing the government to read through it, as a means of preventing tragedies like the one that occurred on September 11th. This appears to be a legitimate attempt to protect the security of our nation, but let's look a little closer at what the effects would actually be.
On the internet, "encrypted" is the same as "secure". Remember when your web browser tells you you've gone to a "secure site"? Remember how everyone tells you never to enter your credit card number on the internet unless it's a secure site? That's right - the same encryption that evil terrorists use to plan killing people is what stops evil hackers from stealing your credit card number.
And remember, evil hackers are clever. If there's a hole in something, they'll find it. Remember all the viruses and worms you hear about? Those are all using holes that nobody even intended to put there - they were there by mistake. Imagine how much easier it would be to find a backdoor-sized hole that was put there on purpose!
Now the question seems a little harder to answer, doesn't it? Keep your credit card number safe from hackers, or keep your country safe from terrorists?
But it's even worse than that. The way encryption works is just math, and it's math that somebody with college-level mathematics knowledge can learn in a matter of hours. There's a page on the net that encourages every programmer to write his own encryption program just to learn how to do it - it only takes a few hours for a competent programmer. That knowledge is so widespread among programmers and mathematicians that it would be impossible to legislate it away - and any attempt to censor that knowledge would be laughed out of court on First Amendment grounds.
So why would a terrorist use a commercial encryption program with a known hole in it, when they can write their own in a couple of hours? Or even just keep hold of the copies they have now, which don't have the hole?
So what was the question again? Oh yes: should we make it easy for evil hackers to steal your credit card number, without actually stopping terrorists from communicating just as secretly as they already can?
Hmm... What do you think?
Think People, Think! (Score:2, Interesting)
People are screaming "WE MUST DO SOMETHING!". I agree 100%. We must do something, and that something is THINK. Quit trying to solve problems that don't exist or are just symptoms/side effects of the real problem.
We have to ask the question "Does this fix the problem?".
National ID Cards
What genius thought this one up? What problem is this going to solve? "Can I see your papers please?", "Uh I forgot my ID at home". Off to jail you go. I already have a "National ID", is called a Social Security Number.
Curb-Side Check-in Discontinued
What problem does this solve? Does anyone know if the terrorists even had luggage? I know that I have taken several trips with only a carry-on. The person doing the curb-side check-in still looks up my information on the computer and verifies everything before hand. This solves nothing, except to give the public a "Warm Fuzzy Feeling" that we have "Heightened Security".
Banning Knives, Box Cutters, etc..
Would this solve the problem? Doubtful. The problem is the conditioning of the public that if the plane is hijacked, the best thing to do is just sit there. The hijackers will make their demands, and eventually, we'll all get to go home. This incident changed that. The next time someone tries to hijack a plane, (hopefully) everyone on the plane will try to take them down.
Banning knives and such wont fix the problem. A pencil is just as good a weapon as a knife. Should we also ban these? What about people trained in Hand-to-Hand combat? People can kill with their hands, feet, etc...
Back-Doors in Encryption
How is this going to help? Has it even been proven that they used encryption? What type did they use? How did it help them? Everything I have read so far has been 100% speculation.
Do you think the Government is going to have back doors in THEIR encryption? I don't think so.
What chilling effects are going to come out of this? Banks encrypt their transactions such as money transfers, etc... Now what happens if that "Back-Door" falls into the wrong hands? What about e-Commerce? Will your on-line transactions be safe anymore? Faith in on-line transactions such as buying goods, paying bills, etc.. will plummet if the "Back-Door" becomes public knowledge.
But then again, as one radio talk show host here in Phoenix, put it "Who cares?". These are things about convenience, right? No, these things are about Freedom. The Freedom to do as we want when we want to. The only time we are not allowed to do that is when it infringes on the rights of others. This is true for the most part, however, there are plenty of exceptions to this rule, take the DMCA for example.
Again, how is this going to solve the problem? So we put back-doors in our encryption, now what? The terrorist simply change to other methods. They drop a letter in the mail, and it arrives at the destination in as little as a day. Are we going to allow the government to open every single letter that travels through the post office?
Who says they have to use typical Modern-day encryption? There are many ways to send "coded" messages that appear harmless to anyone looking at them.
Problem: Hijackers took over the controls of the plane
Solution: There are several that I have read about that actually make sense and would probably help this problem. Make the cockpit self-contained. No access to it AT ALL from the rest of the plane. If you can't get to the controls, you can't take them over and fly the plane into a building.
Problem: Hijackers take hostages and claim to have a [insert device here]
Solution: Everyone on the plane attack that person or persons. After the event on September 11, you would have to be stupid to just sit there.
Problem: Security check-points at the airport are a joke
Solution: Do not leave security to people who have no clue about it. The private sector is not interested in security; they are interested in the bottom line. The government either federal or local needs to be in charge of security. Pay the people who do the security better.
Problem: This person is a known terrorist
Solution: Kill them before they can do it again.
Before you go and piss away your rights, take the time to think about whether or not its actually going to help things, or just make life for most Americans that much more difficult. If it really had a good logical reasoning behind it, I'd take it into consideration, and might even vote for it. The problem is, is that everything that people have been suggesting is knee-jerk reactions that only give the perception of "Solving" a problem when in fact they actually don't solve anything.
Do we really need more laws? The government has already found 180+ people that might be involved with this with the laws we already have. Would adding new laws make that much of a difference? The terrorists worked with-in the system, and if the system changes, they will probably adapt as well.
People are stupid (Score:2)
Everybody considers themselves an expert at everything even though they are probably only an expert at zero to one things.
Contrasted to slashdot, where we know everything about law enforcement, the government, and defense. :)
bin Ladin... (Score:2, Interesting)
It would be funny if he has lobbyists in the US pushing for these bills.
The cat's already out of the bag... (Score:2, Insightful)
By this logic, we should also outlaw guns. They might be used for terrorist operations. We all know that passing a law against the use of guns will cause every one of the millions of guns in this country to vanish as well.
Asking the _public_ about crypto effectiveness? (Score:2)
What a useless survey. Since when does your average American know anything about encryption? Or how terrorits use encryption? Or about U.S. constitution for that matter... *sigh*
Even in non-tech world this is a no-brainer (Score:3, Insightful)
The media should quit talking about script kiddies and address the real threats: social engineering. I guarantee you that after working for a couple years in a financial, customer care workplace where we were making outbound calls to resolve financial matters for our customers, it wasn't the phone that was the limiting factor on obtaining information, it was the person on the other end of the line. Probably 1 time out of 15 I can get a customer service rep to give me more than enough info on someone given certain little bits of data. With smaller companies, sometimes just the name, and a well-meaning rep will be all I need to get more info than I could possibly even want (once in a great while I actually had to cut people off while they dropped all kinds of info because I was too busy to write it all down!). That's not to say that I would ever think of trying to breach security for my own personal illegal use, because I expect others not to misuse my personal data either, but let's quit cracking down on the technical factors, and crack down on the degenerate human factor instead...
How do they enforce this? (Score:3, Interesting)
Now, one of us uses a copy of PGP (pre-backdoor) or codes his own blowfish app and uses it to encrypt her letters to CyptoGRRL Magazine. How is the US going to stop her from doing this?
What do officials say?
"We were randomly sampling the crypto streams traversing the net and noticed that our backdoor key didn't work on your message stream. You are in violation of US Code BlahBlahBlah."
Doesn't that seem to open some other sticky questions? I mean, if I'm not breaking the law (other than using strong crypto), how are they going to tell or prosecute me?
It seems that you are protected by the chicken and the egg principle. To wit, to know that I am using "undefeatable" crypto, you have to get a wiretap (or a search warrant [slashdot.org]). To get a wiretap you have to prove that I am breaking the law by using undefeatable crypto.
Besides, development of Open Source versions of crypto programs would continue in other parts of the world. The US won't be able to stop that. I could just download the program from CryptoGRRL.de (as long as the server actually resided outside of the US).
Some Historical Perspective (Score:3, Interesting)
Today I'm sure that the majority of our leaders in government are honestly concerned about how to deal with how to thwart attacks like we all saw last week. To do this they see information gathering as a critical tool to use for these ends. To gather this information they wish to put together an infrastructure of snooping abilities that go far beyond issues dealing with cryptography. We're also looking at phone tapping and possible postal snooping. The majority of citizens at this moment are more than happy to give up these liberties to give law enforcement the tools they seek. Lives are at stake after all!
Okay, so what happens when there's no longer a terrorist threat to be dealt with? Does this infrastructure just vanish? Not bloody likely. I don't believe that there's any kind of conspiracy today from either the right or left side of the spectrum to misuse these tools. What about 10 years from now? 20? 50? Can we really entrust a governmental body we haven't even seen yet to only use these kinds of tools in an honest way?
To keep this non-partisan, let's say the "Widget" party takes a majority in both houses and the presidency. Once in a majority, what all stops them to increase this monitoring built on the infrastructure we are proposing today? How can we be assured that what they're monitoring isn't just criminals, but the opposition party campaigns? Rather than a tool for law enforcemnent we could be looking at a tool for political power.
As to the comparison I was referring to at the beginning of this post, I'm of course talking about the rise of the Nazi party to power in Germany. Too many similarities to be funny. Weak economy, terrorist attacks on urban areas, a populace all too willing to give up liberties to those that can deliver on the promise that they won't have to be afraid of a building blowing up on them. Oh, and a bit of a racial element tossed into the mix.
No, I'm not even beginning to suggest that the Nazis are looking to take over America. What I am saying here is that there is a precedent to how people are reacting to these recent events. The German people openly welcomed the kind of lock down the Nazis brought with them because they saw the streets truly get to be a safer place. Unfortunately, what they didn't see was the enormous cost of that safety until it was far too late. What I'm concerned about is that in our fear at this time we may very well not see the high cost we will end up paying decades down the road.
Death Tolls (Score:4, Insightful)
WTC death toll: ~5200
US weekly deaths attributable to smoking: ~9000
US weekly deaths attributable to traffic accidents: ~3400
US weekly deaths attributable to drinking: ~2300
Five thousand dead in a single accident is, indeed, highly tragic and morally outrageous: our anger is justified.
We have far, FAR more people dying of smoking, including a lot of deaths caused by second-hand smoke. Yet the government is doing nothing to protect the victims -- often children in a smoking household -- from this attack on their right to life.
We have far, far more people dying in traffic accidents, and it's very likely that nearly half those deaths are victims of another driver's idiocy. Yet the government is doing nothing to protect us from those drivers, even though the solution is as simple as instituting mandatory driver training and a higher quality of testing.
We also have too many people dying because of alcohol. Yet the government isn't serious about cracking down on, say, drinking drivers; nor does it get tough on violence that's been exacerbated by drinking.
My point? There are plenty of tragedies happening every day. But this time it's got people panicked, so it's far easier to get draconian laws in place.
Trust the government? No. It doesn't act rationally.
[Sources: US CDC, NHTSA]
Government doing nothing???? (Score:5, Insightful)
For traffic accidents:
There are seatbelt laws, vehicle safety standards, lighting standards, collision tests, traffic laws (that comprise whole chapters in most state legal codes), civil engineering to design highways that reduce accidents, and much more.
In fact, the red tape you need to go through to build a production motor vehicle is incredible... I would like to see you just try and get a few buddies to build a car, and try to give it away (with a helpful donation from somebody like Wm. Gates III or equivalent). Half of your development team would have to be doing nothing but dealing with government regulations and filling out paperwork.
Regarding drinking:
Ever heard of the 18th Ammendment to the US Constitution? Read it sometime. I would say that is a rather drastic approach to dealing with drinking, and there are substantial laws to deal with it, including one case where somebody who just killed somebody in an accident will now spend the rest of his life in jail because he was drunk while driving. What more do you want, the death peanalty for driving drunk? I'll admit though that I get surprised when I hear about people that have been arrested 30+ times for a DUI and somehow still keep their license (being a friend of the mayor, bribing judges, finding a loophole in the law, the arresting officer doesn't show up to the trial, etc.)
In some ways I regret that the 18th Ammendment was repealed, but even with that off the books now, there are still many regulatory laws controlling how alcoholic is produced and consumed... even if it is just going to be used in a fuel take on a car (complicating the issues I mentioned above).
Smoking:
Why do you think the tobacco companies setteled out of court with the law suits from most of the US states? Almost every state in the US now has some sort of "indoor clean air act" that prohibits smoking in public areas. Despite warnings from the US Surgeon General, countless piles of money spent on public service ads (including television, radio, newspaper, and magazine ads, not to mention billboards, posters, and anti-smoking programs for schools), a heavy public relations effort (including entire episodes of television news magazines like 60 Minutes or Dateline), millions of people still smoke.
********************
OK, I'll presume for a moment that you meant the United States Government. (I was presuming that you were an American... which isn't always good on
There is a difference between passing laws and actually getting them enforced. And in all of the cases I'll admit that we as citizens of this country can do more to help improve what we are doing in these areas.
But to say that the government is doing nothing is really stretching the imagination.
Re:Death Tolls (Score:3, Insightful)
US weekly deaths attributable to smoking: ~9000
US weekly deaths attributable to traffic accidents: ~3400
US weekly deaths attributable to drinking: ~2300
US weekly deaths of innocent people attributable to smoking: ~0
US weekly deaths of innocent people attributable to drinking: ~0
The outrage was the number of innocent people killed not just the number of deceased individuals. You put a cigarette in your mouth or a get behind a steering wheel after drinking and your death is your own fault.
p.s. Yes, I realize there are innocent people killed by drunks, too, but I'll assume they're listed under your extremely vague statistics for car accidents.
Re:Death Tolls (Score:4, Insightful)
Remember that respect when the first missile your military fires at a man who has yet to be proven guilty of anything kills some Afghan civilians.
I think this very much is the place to say things like this. Right about now, most of the western world is sounding altogether too trigger-happy. Your President talks of war, without knowing who the enemy is. Your media, and ours, freely accuse bin Laden, yet when the government of Afghanistan ask for evidence, nothing is provided. If anyone else did this at any other time, there would be outrage, cries of the US throwing its weight around, and calls for the head of the man who put aside due process and "innocent until proven guilty". Of course there are strong emotions right now, and people are justifiably upset and angry at those they perceive to be responsible. But the leadership and media of the western world appear to be dangerously forgetting themselves.
I'm as angry as the rest of you that terrorists should do this, but now is the time to remember your principles and keep things in perspective, not to forget or ignore or conveniently overlook.
Re:Most people agreed when... (Score:2)
Re:Most people agreed when... (Score:2, Funny)
It can't happen, cause the DMCA made that illegal, too. Those legislators think of everything. ;-)
Re:Most people agreed when... (Score:2, Insightful)
say the terrorists do that... so you now have a lot of people, some potencialy working on important places with no protection...
If the united states passes such law it will make them open to all outside bandits... even comercial ones...
Re:Most people agreed when... (Score:3, Insightful)
Anyway, it's MSNBC, which is crap. But it's an important wake-up call.
Re:Most people agreed when... (Score:3, Insightful)
Article says 'key escrow'. Return of 'Clipper'? (Score:2)
The article, and most every serious proposal for this type of application, including the 'Clipper chip' specifically suggest "key escrow" as a solution.
IOW, you do not have a "special police key that the data also is encrypted to, but rather, for every key you generate, you generate a second key and hand it to a trusted third party.
In theory, the government would need to obtain a search warrant or 'digital wiretap order' and present this to the trusted third party before they could obtain a copy of your key and decrypt your data.
The proble with "key escrow" is that, in theory, without a warrant the government should never have access to your keys, so until the day they get the warrant, there is no way to detect if you are filing bogus keys, or using an additional, non-escrowed, encryption layer before you encrypt with the "Government approved" crypto.
I have every reason to believe that the government will "go on fishing expeditions" to find such behavior, and that the "trusted third party" will be swiftly compromised by every three-letter-agency you can name, along with the mafia, big business, and anybody else with bribe money and an interest in obtaining your secrets, your credit card number, or your love letters.
Re:yea (Score:2)
uh... hate to break it to you, but polls definitely run the country. from election to gallup to nielson to this latest - the thing about polls is that people listen to them.
at least, politicians who value re-election over doing the right thing listen to polls.
-sam
Re:Private Agendas (Score:2)
These people are either contemptible for their raw opportunism, or pitiful for their sheer fanaticism and inability to see beyond their agendas.
I really hope that you don't think that you're better than those people in any way. You're basically using the same excuse they are to promote your anti-conservative opinions. You see it as an opportunity to bash some conservative viewpoints and trying to raise the level of outrage by tying it to "the dead bodies of those killed last Tuesday." Has your hypocrisy so consumed you that you can't even recognize how transparent your attempt to push your own agenda was? Only thing missing from your post was a sobbing "Have you no shame??!!"