15 replies to this topic

[jednorozec]

We're slowly losing our freedoms in the name of security. Big Brother is watching you.

[billzo]

It is highly disturbing.  I know that the government can brute force encrypted data and has successfully done so.  In one case it took the government five or six years to crack the encryption on some guy's illegal files.  This is going way to far.  We might as well turn over keys to our homes and apartments to the government.

After checking out this post I went to download the latest version of PGP.  I had not downloaded a version of that in years.  It does not look like it is free any more.  Symantec purchased PGP earlier this year.  PGP was a great little program.    

Someone somewhere is going to keep developing encryption programs without back doors whether the United States allows it or not.

Edited by billzo, 28 September 2010 - 08:46 AM.

[IBBoard]

billzo: Have you checked out GPG (Gnu Privacy Guard)? It'll be Linux-centric, but it looks like there's a Windows version.

On the wider point, there was a great point that I read in this article:

Quote

So now I'll get to the "what is so laughable if it weren't so disturbing" part. The software developers reading this will know immediately what I mean when I call out the following little aspect in the proposed regulations: "Developers of software that enables peer-to-peer communication must redesign their service to allow interception." For those of you who aren't current software developers, or just haven't had your morning coffee yet, I'll spell out the implications.

So, for direct point-to-point communication, they want some way for a centralised organisation to break in? That'll mean we have to redefine "peer-to-peer" as "peer-to-peer-with-the-possibility-of-going-via-a-central-node-which-basically-makes-it-server-based-again".

Also, they go on a bit of a "slippery slope" adventure. They're occasionally spurious arguments, but they do give a "well where do you stop" and "well look at the obvious flaw, which is best displayed in the extreme" example:

Quote

As one example, a tool that is seeing explosive growth in the development community is "git", which provides a completely decentralized version control system. Now, one would have to be an especially dumb bad guy to use a version control system for planning criminal activities! But for that reason, git makes a nice extreme case of the implications of these regulations. If the policy is really to apply to every possible case, then that means that anyone developing any kind of software that does not go through a centralized service must provide a secure, undetectable back door for surveillance. (Word to the EGit and Mylyn developers -- might as well get cracking now!)

Thank goodness I'm in the UK...hang on, we're probably nearly as bad as that, and our government likes to bend over for the Americans. Damnit.

Edited by IBBoard, 28 September 2010 - 02:05 PM.

[jednorozec]

billzo, on 28 September 2010 - 08:45 AM, said:

We might as well turn over keys to our homes and apartments to the government.

The government doesn't need the keys -- they'll just break down the door.

billzo, on 28 September 2010 - 08:45 AM, said:

Symantec purchased PGP earlier this year.  PGP was a great little program.    

Symantec destroys everything they get their hands on. Norton Utilities used to be really good and so did IBM AV.

[billzo]

jednorozec, on 28 September 2010 - 03:40 PM, said:

billzo, on 28 September 2010 - 08:45 AM, said:

We might as well turn over keys to our homes and apartments to the government.

The government doesn't need the keys -- they'll just break down the door.

And the government can brute force encryption, and have done so successfully.  But giving them the keys makes it less labor intensive for them.  

jednorozec, on 28 September 2010 - 03:40 PM, said:

billzo, on 28 September 2010 - 08:45 AM, said:

Symantec purchased PGP earlier this year.  PGP was a great little program.    

Symantec destroys everything they get their hands on. Norton Utilities used to be really good and so did IBM AV.

Norton, what a pain in the butt that program was.  I used to use it.  Twice it screwed up my registry preventing my computer from booting.  The first time it happened, it took me 7 hours to figure out what the problem was.  

As for the UK, I understand that it is illegal to refuse to turn over passwords to law enforcement authorities conducting an investigation.  True?  America has strong legal protections preventing the government from forcing people to become witnesses against themselves.  Not all countries do.

If there is a back door in encryption and other programs, wouldn't it just be a matter of time until some hacker cracks it and has access to it?

[jednorozec]

billzo, on 28 September 2010 - 11:12 PM, said:

Norton, what a pain in the butt that program was.  I used to use it.  Twice it screwed up my registry preventing my computer from booting.  The first time it happened, it took me 7 hours to figure out what the problem was.  

That must have been after Symantec bought it. Norton Disk Editor saved me many times. In the last version of the Norton Utilites that I have, Symantec removed the link to Disk Editor even though the program was still there.

[NyteOwl]

Clipper chip idiocy all over again.

[Rogue]

Quote

As for the UK, I understand that it is illegal to refuse to turn over passwords to law enforcement authorities conducting an investigation.

the forensic teams that deal with electronic data is a separate force to the main police,

the team may ask the person in question if there are any passwords (this is general ofc , the person may have been a victim of a crime) and to record the accurately

but there's always the fact that if you've been arrested for a crime and you refuse it may show your guilty , or if you weren't they can always slap you with wasting police time

[IBBoard]

Yeah, there is now some legislation to force you to hand over keys on request. Apparently it was there since 2000 but not enforced until the last year or so. I'd hope that they need some kind of court order to demand keys, in much the same way as they need a court order to break into your house and get you to open doors in the case of searching for physical evidence, but I wouldn't be sure. From the looks of it then it isn't clear cut as to whether you could be compelled or not in the US - you can be compelled to hand over keys to safes, but some judges have ruled that passwords are somehow different.

Still, what difference does it make whether *you* are compelled to hand over your key (which you know occurs) compared to your government having almost free reign on a back door that will almost certainly be exploited by hackers and criminals at some point?

[Rogue]

http://www.dailymail...e-password.html

just saw this on Digg , very interesting

[jednorozec]

That story makes me very glad that I don't live on that side of the pond.

[IBBoard]

Meh, from what I've read then it doesn't bother me - if nothing else, that story is from the Daily Mail. The only paper I can think of that is worse is the Sun. Eight requests and four convictions in three years, all seemingly during existing investigations (i.e. not just an arbitrary "give us your keys because we say so"), or a government that wants full access to everything that goes over the wire via a backdoor that'll leave all the encryption vulnerable? I'll take the former, thank you

[billzo]

IBBoard, on 01 October 2010 - 01:30 PM, said:

From the looks of it then it isn't clear cut as to whether you could be compelled or not in the US - you can be compelled to hand over keys to safes, but some judges have ruled that passwords are somehow different.

The Fifth Amendment to the United States Constitution prevents the government from compelling a person to be a witness against himself.  A criminal suspect has no obligation to answer any questions, cooperate in any way with investigators, or turn over passwords.  A search warrant can be used to search for things such as keys to safes, but I don't think the government can force you to tell police where they are.  In a civil case, the Court can force you to turn over evidence against yourself during the process of discovery (something I disagree with highly).  But they cannot do so in a criminal case.

http://en.wikipedia....es_Constitution

Edited by billzo, 09 October 2010 - 01:38 PM.

[IBBoard]

Fair enough, I was just going of what I'd read about a court case that somehow decided that encryption keys were subject to different rules to safe keys, i.e. safe keys had been compelled from someone in the past, but the encryption keys weren't, even thought they're both just keys to unlock things.