Comments on: Digital Fortress

By: Bill Snyder

Bill Snyder — Tue, 21 Sep 2004 00:44:41 +0000

You might think this is silly..but..Digital Fortress, Chapter 35, page 149 (paperback book) How did Rocio know his name was Becker?

By: Joe

Joe — Tue, 31 Aug 2004 15:53:52 +0000

The government already collected such information inside the US (maybe illegally) through agreements with the UK and Australian governments. The so-called ESCHELON network and international agreements. Did it prove effective in the past? Not really. Has the FBI, when using such powers (under Hoover), used them inappropriately? Yes. My conclusion: while the government has legitimate interests in protecting us, unchecked secret survellence of its citizens should not be allowed or tolerated as it will ultimately be used for purposes other than protection.

And there are several technical issues with backdoor requirements. Here's three: This essentially means the government will determine which types of encryption will be allowed - -do we trust government to tell us which technologies are better. A backdoor which can be used by the government can be used by other governments or individuals -- they can get the backdoor key from the manufacturer or from someone inside the government -- this is like putting all of the nation's eggs in a single basket with a known hole. Licensing terms on some products do not allow restricting users from making modifications (the GPL for example). There can be no effective Free Software implementations of backdoored encryption technologies.

Please, before ever making a decision on such issues think about the ways such powers have been abused in the past and what new ways they can be abused in the future.

By: anonymous

anonymous — Sat, 28 Aug 2004 17:29:13 +0000

end-point spying is very easy to foil with a little intelligence. If you're using
unbreakable encryption to send the message. simply store the message
in the same encryption on disk. Only read the message when disconnected
from any network, on a separate machine and then securely delete the
cleartext file from that machine's hard disk, or never write the clear text to
disk (locked memory pages) Same thing when composing the message,
use a dedicated non-connected off-site, hidden machine to compose
message. Transfer it encrypted to the sending machine by floppy or usb mem stick
and send it or send it from the public library.

By: Mojo

Mojo — Sat, 28 Aug 2004 01:16:49 +0000

Catherine; actually it was the Judge, not me, who referenced the idea that "the act of communication requires the revelation of thoughts and ideas to at least one other person". I actually agree with you on that matter and think Bruce knocked it out of the park earlier. I was referring to Anonymous 2's comments about encryption not preventing loss of privacy anyway due to things like flagging, traffic analysis and, most importantly, end-point intrusion. Basically that means that "they" can note that you're using "unbreakable" encryption which flags you as unusual, they review your communication patterns to see if you meet a threat profile and, if you do, they then go directly into your computer and/or those with which you're communicating and look at the unencrypted messages at the end-points. IMHO, since there is no technological means of guaranteeing privacy, we need to put more emphasis on using law and oversight to restrict governmental intrusion.

By: MichaelD

MichaelD — Fri, 27 Aug 2004 19:55:32 +0000

Why are we always trying to create Superman? Or, in this case a super-NSA - some sort of force for good that has the edge over the forces of evil allowing everybody to sleep better. Despite George Bush's assertion, good and evil don't exist as absolutes and I'm amazed that a judge, the one profession facing this fact every hour, is taking such a position.

Justice is a process that relies on ordinary people with ordinary skills and powers because we have already discovered that people with extra-ordinary skills or super-powers don't actually use them the way we desire. Even people whose heart is generally in the right place, the vast majority of people in the world, end up screwing up by having too much power.

This is even more true of policing and the intelligence services. James Bond, licenced to kill, makes good cinema - not good government policy. Look at the mess the CIA got into when it tried to dictate who deserved to live thirty years or so ago.

Unchecked senates don't make better laws. Bigger guns don't make better cops. Encryption trapdoors won't make better government agents.

By: Andrew Leifer

Andrew Leifer — Fri, 27 Aug 2004 18:22:36 +0000

"I think that people who worry a lot about invasions of communicative privacy sometimes overlook the fact that communications are never really private." -Judge Posner

Why is this relavent? Citizens have a right to not be searched without a warrent, even though their house may never really be private (e.g., satellite photos, nosy neighbors, etc). The same applies to the right to privacy, which has been a right since Warren and Brandeis spelled it out in 1890:

"The Right to Privacy" by Warren and Brandeis Harvard Law Review Vol. IV December 15, 1890 No. 5

"Political, social, and economic changes entail the recognition of new rights, and the common law, in its eternal youth, grows to meet the new demands of society. [...] Gradually the scope of these legal rights broadened; and now the right to life has come to mean the right to enjoy life, -- the right to be let alone; the right to liberty secures the exercise of extensive civil privileges; and the term "property" has grown to comprise every form of possession -- intangible, as well as tangible."
[....]
"Recent inventions and business methods call attention to the next step which must be taken for the protection of the person, and for securing to the individual what Judge Cooley calls the right "to be let alone""

By: Catherine

Catherine — Fri, 27 Aug 2004 16:29:22 +0000

The Judge suggests that to determine whether the NSA should be permitted analyze and archive an �enormous mass of unfiltered communications� without any judicial supervision, we should balance whether this �may be the only way of obtaining evidence of some terrorist or other enemy threat,� against whether this sort of mass surveillance will inhibit communication and cause psychological distress.

Another factor worth scrutinizing is the probability that terrorism will be successfully deterred through this approach. It is worth considering the low percentage of emails related to terrorist events (i.e. needle in a haystack), the strong incentive of terrorists to innovate and break the law to disguise their activities, and the potential ineffectiveness of a United States ban on impenetrable encryption in the absence of similar bans in other countries.

By: Catherine

Catherine — Fri, 27 Aug 2004 15:59:59 +0000

Mojo references the argument that �encryption doesn�t prevent loss of privacy anyway� because the act of communication requires the revelation of thoughts and ideas to at least one other person.

This conception of privacy as total secrecy seems wrong. One can confess one�s deepest, darkest fears to one�s therapist while still considering these facts private as to the rest of the world. The law is sensitive to this issue, for instance limiting when spouses can be forced to testify against each other. The price we willingly pay is the frustration of some number of criminal prosecutions.

By: Anonymous

Anonymous — Fri, 27 Aug 2004 14:05:31 +0000

Back doors are a bad idea, like many people said. Discovering them is all too easy. Once that happens everything except the terrorists will be vulnerable. The best thing is to tap the computers with a keystroke logger or something. It is much easier to do than breaking encryption, because the people have to type and read the info. It is less practical though becuase you need access to the system, not just the communications.

Otherwise there is also Steganography( Data hiding). So what happens when data is hidden and then encrypted? In this scenario it is a serous hurdle to find out where there is encryption. Lets say you send a message as a low bandwith movie(Divx, Xvid, even Windows media). How hard would it be to analyze for what is encoding artifacts as opposed to hidden data?

There is also the mostly anonymizing Freenet, which also makes it hard to find out who sent stuff and from where.

I think that security organizations should still rely primarily on old-fashioned detective work first. Analyzing all the internet traffic is impossible.

By: Tim Keller

Tim Keller — Fri, 27 Aug 2004 11:54:38 +0000

Am I on the right blog? I feel like I fell through a timewarp back to 1994 & into the middle of a battle^H^H^H^H^H^Hdiscussion with David Sternlight. Where's the nearest WAIS server? ;)

I don�t think that many people would be all that shocked that privacy is an equivocal good. Rather than �liberty� or �justice,� I think people would be more likely to compare �privacy� as a good to an equivocal good like �free speech.� Yes, we all recognize that �free speech� is valued, but we recognize there are certain limits to free speech.

I think we're all looking at it backwards. We've become so reflexively jealous of our right to privacy, nobody can see the possibility that there might be an upside to giving up some of it. We're entering a new age where banding together, sharing information & exercising collective intellligence is needed to overcome the challenges ahead of us. We need to learn news ways of taking down the walls that separate us, not new ways to build more walls.

Scott McNealy is right, we should get over it. Technology has advanced, the genie is out of the bottle & we'll never again have that privacy we crave. But we shouldn't simply cede the power to the government & corporations & get nothing in return. Whether we call it the Second Superpower, Emergent Democracy, Smart Mobs, Transparent Society, the Creative Commons or Self Organization, we need to work on harnessing the power of collective activity as a counterbalancing force to the ever-increasing power of government & corporations. Cause if we don't, we're screwed.

Tim
---
The Self Organization Project
"we've got math on our side"