-{ Quote: "WASHINGTON — Federal law enforcement and national security officials are preparing to seek sweeping new regulations for the Internet, arguing that their ability to wiretap criminal and terrorism suspects is “going dark” as people increasingly communicate online instead of by telephone. Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages." }-

http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1&ref=global-home

There is just no end to this is there >:(

The jist of the article says that everything will have to have a backdoor built-in. So "let's strip away the rights of 99.999% of the public in order to catch the few".

How about instead, they just do a better f*#@+!^ job.

-{ Quote: "There is just no end to this is there >:(

The jist of the article says that everything will have to have a backdoor built-in. So "let's strip away the rights of 99.999% of the public in order to catch the few".

How about instead, they just do a better f*#@+!^ job." }-

Very easy to say when you're not involved in it. Unlike what most think, the agencies involved have budgets, tight, rather pitiful budgets. Are you aware more is spent on foreign aid, "stimulus" packages and "pork" than military defense and national security? That isn't a political rant, that is a fact straight from the mouths of those in the know. The ugly truth is, it is "going dark" out there. Contrary to wannabe couch spy beliefs, the reality is that it can be very difficult to get cooperation from foreign-based ISPs, server hosts, VPN providers and other privacy-based service providers. This is especially true when such foreign-based services are hosted in countries that are on less than friendly terms with the U.S, and anyone else for that matter. And, increasingly, these indeed are the countries that are being used to hide activity.

Is there a major problem going on with privacy and other rights? You bet there is, and not just in this country. However, neither you nor anyone else will stop it. You may delay it, but you won't stop it. We're nearing the time, but that's another subject. On topic, those these problems with rights are occurring, do realize what is involved in day to day intelligence and other security matters before condemning anything and everything the government does.

I believe we live in a day, and age where unfortunately this is necessary. Its like choosing the greater of two evils. You have to decide between a balance of public safety, and privacy. My belief is that if the Government wants to Wiretap any form of communication device then they should be required to get a warrant. To get a warrant they should have to provide evidence or a reasonable suspicion that a felony is being committed. The one exception to rule would be if there was an overwhelming amount of evidence that would suggest that peoples lives are in immediate danger that would not allow time to get a warrant. I know this is providing a loop hole for abuse, but lt's choosing the greater of 2 evils. We are always at war with terrorism, and we always will be.

Yeah. Forgive me for not getting all weepy over whether the IC has a hard time with my encryption and anonymity. Let's put it like this: attribution and built-in back doors for LE's convenience will happen over my dead body.

NSA is a lawbreaker. USCYBERCOM will operate as a domestic military monitor. These organizations are a bigger threat to democracy than any other entity on the planet. The billions of $'s flowing into the private security sector are tainted. If you don't have a problem with your government having unfettered access to all you do, how about Booz Allen? Do you care if they do? The problem is too monumental to be detailed here in a small space. Let's just say that anonymity and encryption are communications applications and stem from natural communication rights. Don't be so quick to hand them over to LE. And don't forget that Norbert Weiner, Robert Taylor and Warren Weaver, et al, some of the major figures in information theory and the internet itself, could see the the problem taking shape way back when. That why cybernetics is called an issue of communication and control.

While you have some valid points there, and trust me, it's going to get BAD, you wouldn't HAVE security without these agencies breaking laws.

NIX, i suppose i misspoke on the issue of backdoors. I wasn't really even thinking of backdoors when i was speaking in the previous post. I'm acqually against mandatory backdoors in encryption, and security devices like hardware firewalls. I don't believe it should be mandatory for a company to provide a backdoor.

DW

These agencies have unlimited power and "unlimited budgets" and if you did any reading at all, you would of known that the 911 attacks could of been prevented if not for the one-up-manship and competition and failure to share info between these various agancies - "they didn't do their job"!

They tracked the perpetrators to just a few miles of the secret NSA headquarters where they were staying in a motel but because of resisting to share information between agencies, they lost them :thumbd:

DW, forgive me for being glib. It's the female in me. And the lawyer, too. But really? I wouldn't have security without LE breaking a few laws?

Well, the corollary to that is that you're not going to have privacy without me breaking a few laws, either.

How's that sound?

-{ Quote: "DW

These agencies have unlimited power and "unlimited budgets" and if you did any reading at all, you would of known that the 911 attacks could of been prevented if not for the one-up-manship and competition and failure to share info between these various agancies - "they didn't do their job"!

They tracked the perpetrators to just a few miles of the secret NSA headquarters where they were staying in a motel but because of resisting to share information between agencies, they lost them :thumbd:" }-


Tobacco, don't confuse me for a couch potato watching the 11pm news and/or listening to and nodding my head like a bobblehead to my favorite political party and deciding that makes me a security expert. Actually, the truth is that they DON'T have unlimited power and budgets. Why? Because of the politics of the very people they are working for. You need to do a bit more reading. It's VERY easy to scroll through the privacy forums here and pick a random blog off the internet and decide that these "omnipresent" people are out to get us and have infinite resources to do so. The ugliness is that their own people handcuff them.

As far as 9/11, that WAS an intelligence AND Administration failure. There IS a problem of "one up-manship" and not sharing amongst intelligence agencies. But that is far from a U.S problem, that happens everywhere.

-{ Quote: "DW, forgive me for being glib. It's the female in me. And the lawyer, too. But really? I wouldn't have security without LE breaking a few laws?

Well, the corollary to that is that you're not going to have privacy without me breaking a few laws, either.

How's that sound?" }-

It doesn't have to do with you being female or a lawyer, if you've not dealt with these kinds of issues before, then of course you wouldn't know. Neither human nor electronic intelligence has come without spying, without infiltrating organizations, groups of people, buildings, and so on. All of these things are illegal. Infiltrating means trespassing and/or hacking, spying is illegal, the most effective means of intelligence gathering is illegal. If you did not have that though, you'd have an even scarier world than you have now.


It's extremely easy to judge situations from the outside. The truth these days is hidden with politics, scare-tactics (usually political themselves), and media organizations shoving "facts" down the throats of citizens that don't know any better and hunger for even a shred of truth of what is going on in their world. Intelligence, as we see often in this forum, can take on some pretty ugly forms when the wrong people are involved. But take it away, and you'll quickly see how ugly things can get.

Edit: Just so I'm following along correctly, I assume by "LE" you mean law enforcement. Law enforcement and the jobs of the CIA and NSA are on completely different planets. Don't confuse them. Which is what I believe is going on with some people.

DW, my job is to analyze privacy concerns from a legal perspective. I'm well aware of the myriad of players involved, both public and private.

My point is a mirror of yours. If we are to tolerate illegal activities in pursuit of "security", then we had better be prepared to tolerate illegal activity in the protection of individual liberty. Because for many people, it will come to that.

-{ Quote: "DW, my job is to analyze privacy concerns from a legal perspective. I'm well aware of the myriad of players involved, both public and private.

My point is a mirror of yours. If we are to tolerate illegal activities in pursuit of "security", then we had better be prepared to tolerate illegal activity in the protection of individual liberty. Because for many people, it will come to that." }-

That is where you and I agree, and, unfortunately, it's coming to that sooner than we'd like to hope.

-{ Quote: " Are you aware more is spent on foreign aid, "stimulus" packages and "pork" than military defense and national security? " }-

Foreign aid?

http://static.globalissues.org/i/aid/2010/oda-since-1990.png

http://upload.wikimedia.org/wikipedia/en/7/7a/U.S._Federal_Spending_-_FY_2007.png

Well, then consider the cybercrafts launched and we'll do a postmortem when the static dissipates.:-X

DW

These agencies "break the laws" all the time in the name of security. Current laws "do not apply" to them.

Don't think it is possible to get court orders for each and every of the 1.7 billion emails, cellphone calls and other forms of communication that they intercept, store and analyze "each and every day"

What the president is now going to try and do is make it so they "aren't" breaking any laws!

-{ Quote: "I believe we live in a day, and age where unfortunately this is necessary. Its like choosing the greater of two evils. You have to decide between a balance of public safety, and privacy. My belief is that if the Government wants to Wiretap any form of communication device then they should be required to get a warrant. To get a warrant they should have to provide evidence or a reasonable suspicion that a felony is being committed. The one exception to rule would be if there was an overwhelming amount of evidence that would suggest that peoples lives are in immediate danger that would not allow time to get a warrant. I know this is providing a loop hole for abuse, but lt's choosing the greater of 2 evils. We are always at war with terrorism, and we always will be." }-

Bingo! Get a legitimate warrant, and with oversight....checks and balances. There is only one reason to try and avoid this. Abuse! That is the *ONLY* reason to subvert the Constitution.

-{ Quote: "Foreign aid?

http://static.globalissues.org/i/aid/2010/oda-since-1990.png

http://upload.wikimedia.org/wikipedia/en/7/7a/U.S._Federal_Spending_-_FY_2007.png" }-

Why did you bother to show me an image of U.S spending from last year? If you think that graph is even anywhere within the solar system of being accurate..um, I'm not certain what to tell you. Foreign aid includes a hell of a lot more than food to Africa or some such things. There's a hell of a lot more you aren't going to find in some graph on Wikipedia or some guys personal blog. It's hard for me to understand why some do this. What exactly do you think you're going to find by looking at a handful of sources? What exactly do you think you'll find without digging into and reading bills passed, what on and how your senators and reps are voting, researching defense-related websites and experts? Nothing, that is what you'll find. I'm not going to try and change the minds of anyone, it's your responsibility as a citizen to make an effort to find out what is happening around you.

-{ Quote: "DW

These agencies "break the laws" all the time in the name of security. Current laws "do not apply" to them.

Don't think it is possible to get court orders for each and every of the 1.7 billion emails, cellphone calls and other forms of communication that they intercept, store and analyze "each and every day"

What the president is now going to try and do is make it so they "aren't" breaking any laws!" }-

The confusion between what actual security agencies do and how they work, and the political power being hungrily devoured by the power players, is quite evident in this thread. The power players are as corrupt as it gets, and yes, they certainly do want to watch every move you make and control everything you do. That's been the plan for decades. That is a fact and an entirely different problem that can't be even delayed until these certain ones are booted from their positions. Unfortunately, the clock is ticking, votes and threats of "over my dead body" aren't going to stop what is already set in motion. Much of the damage is already done, look to the U.K, that is the future of the U.S. And, that's just the beginning.

This is probably a dumb question. The internet is more than just America, and American laws don't apply all over the world.

So, if this moronic idea becomes law, how do they stop us from going overseas and downloading a foreign encryption software from a nation that still respects personal privacy? I use GPG for Win right now for some email. I'm assuming a pgp backdoor would compromise it, since it is pgp.

I know there are other email encryption softwares available. Bottom line, a free people will find a way.

-{ Quote: "This is probably a dumb question. The internet is more than just America, and American laws don't apply all over the world.

So, if this moronic idea becomes law, how do they stop us from going overseas and downloading a foreign encryption software from a nation that still respects personal privacy? I use GPG for Win right now for some email. I'm assuming a pgp backdoor would compromise it, since it is pgp.

I know there are other email encryption softwares available. Bottom line, a free people will find a way." }-

By the eventual outlawing of encryption, that's how, and that's coming. As I said previously, intelligence agencies suffer from this very problem, of foreign companies being difficult to get information from. However, it's not as difficult as one would think to change that. The U.N itself is developing ideas and tossing around suggestions to keep track of the worlds population, some Middle Eastern nations such as Saudi Arabia have already killed encryption on devices like Blackberries. These small things can change everything, and change it quickly. You forget that there are very few modernized countries in this world, and fewer that can be said to be "free". The U.K was one, and look what happened there. The U.S is becoming the U.K, Germany's laws are being eroded, the Middle East was never free and the few privacy laws they have are being dealt with right now. We have seen what Sweden has been doing, Canada is changing, China has no freedom. It takes nearly nothing for the world to change, and it happens often before anyone has realized it.

http://www.globalsecurity.org/intell/library/budget/

Wish I were that "under-funded"! ;)

-{ Quote: "http://www.globalsecurity.org/intell/library/budget/

Wish I were that "under-funded"! ;)" }-

Absolutely, Spy1. This old argument comes up when even mainstream media sources confuse all annual federal outlays with true "discretionary" spending in an annual budget. It's not fair to put allocated and paid for things like Social Security into a pie chart for spending (just one example). Take that stuff out and you have a discretionary budget that looks like this. (From 2005, but you get the idea).

CNET has also covered this story. Linky here. (http://www.thinq.co.uk/2010/9/24/gchq-spooks-top-uk-linux-installations/)

Overall, I think the US govt. is fighting an uphill battle here. We have already been down this road a couple of times in the 90's and the govt. lost the fight then. First we had the whole Phil Zimmerman and PGP debacle; they prosecuted him for exporting crypto technology (munitions), but he was slick and exported the source code in book format. The courts eventually upheld his 1st amendment right to publish books filled with academic info.

And then a few years later we had the whole "clipper chip" debate where the government said they would supply us good citizens with strong crypto technology designed by NSA. The catch, however is that all keys would be held in escrow only obtainable by the govt. with a warrant. This quickly died after all the outrage from privacy advocates. As a result, the NSA eventually released that secret encryption algorithm known as SKIPJACK (it is indeed a strong cipher and gave the public world a look at how well NSA can design ciphers. The precision with which they implemented the number of rounds was most interesting; SKIPJACK has had all rounds broken but one, which means NSA probably knows more than the public world about how many rounds are needed). However, even the most secure ciphers do no good when there is key escrow.

So, in the end, they will lose this fight too. Even if they get the legislation, the cat is out of the bag -- people will simply use open-source software like GnuPG and Truecrypt. They will have no control over these products since they have no commercial interests and can't be forced to do anything.

And you believe that U.S. citizens will stand by when laws are passed to "outlaw" encryption and anonymity? The impassioned rhetoric is warranted. How will such a thing possibly work? Will private enterprise be willing to let gov't have free theoretical access to all their data? How will businesses secure their own networks? In fact, what about legitimate LE activity? Will we outlaw encryption for them, too? Maybe we'll have encryption and anonymity "licenses" for the good guys only.

Let's not forget that the internet is first and foremost a communication system. The old saying that data wants to be free doesn't even begin to cover it any more. The fact is, communication needs to be free. Communication theory is complicated. Information theory is just the beginning. Forget about the information age. This is the communication age.

Here's a quote from another current thread on Wilders, by poster Justin Troutman:

"Green cryptography reflects on the real-world notion that cryptographic failure almost always occurs at the implementation level and exploits the gap of understanding between cryptographers, developers, and users. We're working on another project now, dubbed Mackerel, which not only looks at the relationship between cryptographic implementation and its stewards -- cryptographers, developers, and users -- but also cryptography's relationship with communication, and how the two diverge, much to security's dismay."

http://www.wilderssecurity.com/showthread.php?t=282596&highlight=microsoft

Now that's smart. That's the kind of thinking that will lead us toward the future. That is the nexus between information theory and communication theory.

-{ Quote: "This is probably a dumb question. The internet is more than just America, and American laws don't apply all over the world. " }-

It wont and is why I said in my previous post that the government is fighting a losing battle. We have already been down this road in the 90's with Phil Zimmerman. Zimmerman won because of something called the 1st amendment. Things get really dicey when the government wants to stop a person from publishing a book.

-{ Quote: "So, if this moronic idea becomes law, how do they stop us from going overseas and downloading a foreign encryption software from a nation that still respects personal privacy? " }-

They can't, and is again why they will lose. They might be able to make all American companies implement backdoors in their messaging protocols and smart phones, but they will have a VERY hard time convincing the courts that an individual cannot possess or write his own encryption software. Again, this is precisely what happened with Zimmerman in the 90's (inventor of PGP).

-{ Quote: "I use GPG for Win right now for some email. I'm assuming a pgp backdoor would compromise it, since it is pgp." }-

Yes a backdoor would compromise it. However, one good thing about PGP is that they allow their source code to be reviewed by anyone. Even better, though, would be to use GnuPG which is a PGP clone that has zero commercial interests and is developed in open by a community of volunteers.

You see, that's how the government (NSA) works -- they know they cannot overcome the first amendment, so they simply strong arm vendors (http://www.cnn.com/TECH/computing/9807/27/security.idg/) and tell them they will go out of business if they don't implement backdoors. And the way they force them out of business is to deny them an export license (NSA has done this many times in the past).

-{ Quote: "I know there are other email encryption softwares available. Bottom line, a free people will find a way." }-

Yep and the terrorists are much more motivated to find a way than those of us who want to avoid casual snooping. This is a losing battle. Human intel is much more important today because of it.

-{ Quote: "My first involvement with the intelligence community...as a foot soldier in SEAsia...we were being briefed on a recon op and I remarked to the "Captain" about the high quality of the info. I asked him what kind of resources "they" had.

"Let your imagination run wild. Completely outside the box. Now factor that by 2." That was in the late 60s.

Anyone who wants to research can find an amazing amount of information. I would strongly urge you to let your imagination run wild. Then factor that by five.

And you still wouldn't be close. :wacko:" }-

Welcome home. 27th Inf, 25th Div here, 1967-68

-{ Quote: "Bingo! Get a legitimate warrant, and with oversight....checks and balances. There is only one reason to try and avoid this. Abuse! That is the *ONLY* reason to subvert the Constitution." }-
caspian! Similar thoughts for sure. ;D :thumb:

If those seeking this has legitimate concerns of illegal activity, then get a warrant for a suspect and install undetectable malware, you now have access to all his info being sent to whom and how.
They already do this so wiretapping the internet must have another agenda. :lurking:

Once this becomes a required tech, they aren't going to wait for a warrant to use it. They will troll the internet seeking fish to justify the ability.

If LEO has trespassed peoples property to install a GPS beacon without a warrant it will occurr in this domain as well.
Give them an inch and they'll take two.
How can you say you're protectors of the Constitution when you try to subvert it. A man can not serve two masters, he will love one and hate the other.

-{ Quote: "Originally Posted by nix

And you believe that U.S. citizens will stand by when laws are passed to "outlaw" encryption and anonymity?" }-

Not just U.S. citizens :o A large percentage of people from all around the world, have for too long been distracted with plenty of garbage TV/Films/Games etc etc. They either don't know 99% of what's really happening, or incredibly don't care :( Just as long as they get their daily fix of adrenaline etc. It's like drug etc addiction only worse, they don't realise how it's taken over their lives :(

-{ Quote: "Originally Posted by chronomatic

but they will have a VERY hard time convincing the courts that an individual cannot possess or write his own encryption software." }-

Unfortunately, far too many judges etc are Not independent/unbiased etc, and will not bite the hand that feeds them. Judges in the main, get their jobs given to them by like minded politicians etc, and as every year passes this whole system gets more and more corrupt.

The following in chronomatic's link :thumb: from July 27, 1998 Yes 1998 :o

-{ Quote: "The industry is facing a year-end deadline to add a government-approved back door into network gear. Vendors that don't provide this access risk losing export privileges." }-

As i've mentioned before and posted links with proof of the backdoors being discovered in Routers that your ISP give you :o just for example.

-{ Quote: "It's gotten to the point where no vendor hip to the NSA's power will even start building products without checking in with Fort Meade first." }-

Remember, all this goes to 1998 and before. So imagine what it's like since then, and now !

-{ Quote: "But the Clinton administration a year and a half ago said it would allow the export of products with stronger encryption keys by any vendor that agreed to add a "key-recovery" feature to its products by year-end - giving the government access to encrypted data without the end user's knowledge.

http://edition.cnn.com/TECH/computing/9807/27/security.idg" }-

*

Re terrorists.

If the politicians etc of the USA & other nations stopped interfering etc in other countries business, and also played fair at home, there would be NO such problems to worry about, or have endless Billions of your tax $ spent on equipment/systems etc etc to "supposedly" try and prevent it. Not that they really do, or want to, too much filthy lucre to share around between the "in crowd"

-{ Quote: "Welcome home. 27th Inf, 25th Div here, 1967-68" }-

My father was 1st Cavalry (Airmobile) 2/12, Co. A from 66-67. He was in Bong Son province amongst other places. Screwed him up bad (PTSD). Oh the stories I have heard..

One of the most fascinating threads i've read hear at Wilders!

Excellent comments members:thumb:

Apropos to this discussion

India’s Surveillance Plan Said to Deter Business
http://www.nytimes.com/2010/09/28/business/global/28secure.html?_r=1&hpw

"NEW DELHI — In the United States, law enforcement and security agencies have raised privacy concerns with a new proposal for electronic eavesdropping powers to track terrorists and criminals and unscramble their encrypted messages.

But here in India, government authorities are well beyond the proposal stage. Prompted by fears of digital-era plotters, officials are already demanding that network operators give them the ability to monitor and decrypt digital messages, whenever the Home Ministry deems the eavesdropping to be vital to national security.

Critics, though, say India’s campaign to monitor data transmission within its borders will hurt other important national goals: attracting global businesses and becoming a hub for technology innovation.

The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services, widely used by corporations, unless phone companies provide access to the data in a readable format. But Indian officials have also said they will seek greater access to encrypted data sent over popular Internet services like Gmail, Skype and virtual private networks that enable users to bypass traditional telephone links or log in remotely to corporate computer systems.

Critics say such a threat could make foreigners think twice about doing business here. Especially vulnerable could be outsourcing for Western clients, like processing medical records or handling confidential research projects, information that is typically transmitted as encrypted data.

“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who is now a consultant to North American companies doing business there.

S. Ramadorai, vice chairman of India’s largest outsourcing company, Tata Consultancy Services, echoed that sentiment in a newspaper column on Wednesday. “Bans and calls for bans aren’t a solution,” he wrote. “They’ll disconnect India from the rest of the world.”

Echelon revisited came to my mind when I first read the NYTimes article. The issue is very complex, as it was rightly pointed out, it is difficult to give even a personal opinion about a system that will affect significantly our way life, and right or wrong, its implementation seems inevitable from a security point of view.

What I find scary is that anything undertaken in the name of national security seems to have a divine right to operate "classified", which as a result will lead to potential wrongdoings. The US intelligence budget is classified (see link post #22 by spy1) why? For starters I'm glad I'm not an American taxpayer, but then it's not just money, the fact that these government agencies enjoy a very dangerous immunity towards the media and the justice system. Who guards the guardians?

Thread related article: FBI Drive for Encryption Backdoors is Déjà vu for Security Experts (http://www.wired.com/threatlevel/2010/09/fbi-backdoors/).

A good read!

-- Tom

-{ Quote: "Thread related article: FBI Drive for Encryption Backdoors is Déjà vu for Security Experts (http://www.wired.com/threatlevel/2010/09/fbi-backdoors/).

A good read!

-- Tom" }-

Déjà vu is right. I remember the original Zimmerman fight well. I see no way that this could ever pass and even if done under some kind of Executive Order would be ignored and unenforceable. Tea being thrown overboard would look mild compared to the firestorm after this. This is clearly a trial balloon and so-far, so-good. The outrage is as expected and my guess is this goes nowhere. Famous last words?

The biggest Terrorist in the world is the US goverment itself, Thay are spreading senseles fear around the world.

The fear of terrorist attackst ist silly, as they are a 100 things more likely to kill you, liek for example cars, or influenza.

The sole reason behind promoting terrorism in he media is to get the world in a surveillance grip.

-{ Quote: "The biggest Terrorist in the world is the US goverment itself, Thay are spreading senseles fear around the world.

The fear of terrorist attackst ist silly, as they are a 100 things more likely to kill you, liek for example cars, or influenza.

The sole reason behind promoting terrorism in he media is to get the world in a surveillance grip." }-
That's an interesting argument: spreading fear (of terrorism or whatever) as a control strategy is itself terrorism. Although I get the point, it seems odd to equate actual deaths of actual people with psyops/FUD -- even though the latter may do more long-term harm.

-{ Quote: "Let's not forget that the internet is first and foremost a communication system. The old saying that data wants to be free doesn't even begin to cover it any more. The fact is, communication needs to be free. Communication theory is complicated. Information theory is just the beginning. Forget about the information age. This is the communication age.

Here's a quote from another current thread on Wilders, by poster Justin Troutman:

"Green cryptography reflects on the real-world notion that cryptographic failure almost always occurs at the implementation level and exploits the gap of understanding between cryptographers, developers, and users. We're working on another project now, dubbed Mackerel, which not only looks at the relationship between cryptographic implementation and its stewards -- cryptographers, developers, and users -- but also cryptography's relationship with communication, and how the two diverge, much to security's dismay."

http://www.wilderssecurity.com/showthread.php?t=282596&highlight=microsoft

Now that's smart. That's the kind of thinking that will lead us toward the future. That is the nexus between information theory and communication theory." }-

Dr. Kevin S. McCurley, now at Google, examined this divergence in the relationship between cryptographic models and communication models, in his 2006 paper, titled, "Language Modeling and Encryption on Packet Switched Networks." You can find the paper, and complementing PowerPoint, here (http://www.mccurley.org/papers/traffic/). In the paper, he builds on the premise that "the structure of the Internet as we know it may actually preclude the existence of any reasonable model for completely secure encryption," and concludes, in his PowerPoint, that "absolute security for Internet communication is probably impossible." In regards to this relationship, he also shares the following closing thoughts -- those being, that "we need better definitions of knowledge and wisdom in order to advance cryptology" and "we need better models of communication in order to advance cryptology."

With Mackerel, what we're finding is that by tightening the relationship between cryptographic models and communication models, you, consequently, have a better understanding of what a cryptographic implementation should look like if it wants to stand resilient in the face of real-world threat models, in all of their inconsistent, uncertain, and textbook-out-the-window glory. Even though green cryptography is based on the most robust notions of confidentiality and integrity we have (i.e., IND-CCA2 /\ INT-CTXT), that doesn't mean much if it's not protecting the right stuff. And, as we've found, The Right Stuff(TM) isn't just the message that you're trying to communicate, for instance, but also the contextual and residual particles that give that message shared meaning between both particle -- enough so that if made available to an adversary, can leak enough in order to mount a viable attack.

The Internet is a nearly-living creature; a beast of intricacies, subtleties, and complexities that make this relationship -- cryptography and communication -- one in need of therapy. Mackerel may make marriage counselors out of us in the end.

Let's revisit Shannon's communication model in its original state:

Information.......Transmitter..........Channel.........Receiver..........Destination
Source

Forgive the primitive diagram, but obviously message transmission moves in a forward progression from information to destination, with noise impacting channel.

Warren Weaver’s three levels of communication:

Level A: How accurately can the symbols of communication be transmitted? (technical problem)
Level B: How precisely do the transmitted symbols convey the desired meaning? (semantic problem)
Level C: How effectively does the received meaning affect conduct in the desired way? (effectiveness problem)

And here, of the utmost importance, is Shannon's oft-repeated maxim that the semantic aspects of communication are irrelevant to the the engineering problem, or that Shannon's theory only impacts Level A.

Shannon’s theory was, in fact, an engineering theory that treats problems in source and channel coding. So why did he call it the mathematical theory of communication? For the answer, we need to look partially to Warren Weaver.

Weaver insists we can tie Shannon’s theory to Levels B and C. Why? He was a mathematician, and B and C takes him into very uncertain territory. And yet, his 1949 introduction to Shannon is very clear. It often gets lost as a "soft science" introduction to information theory. In other words, Weaver gets short shrift. But what he was really onto was a basis for communication theory. (A cite to his introduction to Shannon's theory ends this post. It is worth reading several times.)

His introduction ends with a provocative notion that both information entropy and thermodynamic entropy might be involved in introducing a notion of “context” to the machine in order to treat “meaning”:

Since binary machines are not good at reading context, we need to deal with context elsewhere, outside the machine. Context shows itself more clearly if we imagine that our system is a communication system with two components, us and the machine, rather than a closed information system. Then we can see that context also includes the context of the entire message. We cannot consider ‘meaning” without considering the message senders and receivers. How does the message fit into the information system? Who puts it there and why? Clearly, we do: we provide context to the message.

Level B, then, is where the machine meets the operator. It presents a place to meld information and communication theory. It is here that we can make decisions that impact whether we will be using a device to transmit information or whether we will use it to conduct communications.

So let's work the diagram like this:

Info...Transmitter...CA's...Channel...Receiver...CA's...Destination
Source

Where CA's are communications applications and actors. In other words, the place where encryption happens, because a human operator is required in order to determine what kind of security a message requires.

Now semantics continue to be a concern in layer 2. But semantics drive message delivery. In other words, "meaning" calls for a level of security or secrecy. Some messages can be transmitted precisely with no security or secrecy. But some messages cannot be transmitted "precisely" with no security because an interception will cause unintended consequence. There is no message "precision" if the message does not arrive "intact," which indicates it is delivered only to intended parties. So on a computer network, humans introduce communications applications like (most importantly) encryption, anonymity or other metacommunication applications not yet considered.

So I've reworked Weaver's level's like this:

Level A: How accurately can the symbols of communication be transmitted? (transmission of message)
Level B: How precisely do the transmitted symbols convey the desired meaning? (delivery of information, decision to use CA's in order to protect both transmission and "intent" required by the originator and receiver)
Level C: How effectively does the received meaning affect conduct in the desired way? (origin and receipt of message)

And that is one way a communication model might be reworked to serve green cryptography. That's just the beginning, too. Thank you for the link to Kevin McCurley's paper. Wish I could talk to him. And thank you so much, Justin Troutman, for the intro to Mackerel. It is exciting.

http://academic.evergreen.edu/a/arunc/compmusic/weaver/weaver.pdf

Just to tie this all back, Level 2 of Shannon's theory is where security and privacy concerns unfold, in all their messy incarnations. When I inserted communications applications into Shannon's seminal diagram, I could have also called them control applications. Weiner may or may not have said this explicitly, but communication is a control mechanism that is on, while control is a communication mechanism that is off.

That's why communications security problems will necessarily differ from information security problems, because we need to discuss who has their hand on the mechanism, and why, from a security standpoint. I know that's painful for you guys to hear ;) But no more painful than how inadequate an internet communications linguist feels when trying to parse stuff like "the most robust notions of confidentiality and integrity we have (i.e., IND-CCA2 /\ INT-CTXT)" to get a working theory of communication going out of information theory. Whew! We need a project Mackerel on the communication side, too, to meet you in the middle!

The latest news, sort of related, is that the President can without Congressional approval shut down the Internet for up to 90 days if it outside attacks are suspected. Not if they're happening, just suspected.

So, does that mean the world internet or just the USA? And, what would that do to virtually everything - news, Internet reliant companies, etc?

Actually, that's not sort of related. It is entirely related. I'm not sure to exactly which version of the kill-switch scenario you refer, but that is a fundamental question of communication and control right there. Here is the ultimate security question, the one you need to answer before you can proceed to either code or communicate: is the information unit or the communication mechanism on or off?

-{ Quote: "Actually, that's not sort of related. It is entirely related. I'm not sure to exactly which version of the kill-switch scenario you refer, but that is a fundamental question of communication and control right there. Here is the ultimate security question, the one you need to answer before you can proceed to either code or communicate: is the information unit or the communication mechanism on or off?" }-

I don't know about which scenario. All they said was he could bypass Congressal approval (which seems the norm with that guy) and shut down the Internet for 90 days. They said nothing about whether this was world wide or just USA. I can't imagine a world wide shutdown is even possible.

-{ Quote: "I can't imagine a world wide shutdown is even possible." }-
Well it is not, but thay can screw up the routing so that it wil tage hours if not days to restore rhe routing.
Also I'm not sure how the DNS system will respond to taking out the root zone :wacko:

Fortunately P2P pirated does not care about DNS ;)

But aside of this minor problems thay cant stop the internet.

-{ Quote: "Probably busted? I didn't know that this was arguable." }-

I should add my take on this.

I entertain the idea of "absolute security" as a mertiful theoretical exercise; in practice, I simply look for the cleanest ways to capture a realistic threat model, full of compromise and mitigation throughout.

There's reason to be pessimistic, since the Internet isn't really evolving with security in mind, but I am optimistic about the potential for tailoring cryptography to fit this shape-shifting model of communication.

However, I have little doubt that those interested in breaking cryptographic protocols will always have a little "leaked" help that those making cryptographic protocols can't protect against; that's certain.

-{ Quote: "Why did you bother to show me an image of U.S spending from last year? If you think that graph is even anywhere within the solar system of being accurate..um, I'm not certain what to tell you. Foreign aid includes a hell of a lot more than food to Africa or some such things. There's a hell of a lot more you aren't going to find in some graph on Wikipedia or some guys personal blog. It's hard for me to understand why some do this. What exactly do you think you're going to find by looking at a handful of sources? What exactly do you think you'll find without digging into and reading bills passed, what on and how your senators and reps are voting, researching defense-related websites and experts? Nothing, that is what you'll find. I'm not going to try and change the minds of anyone, it's your responsibility as a citizen to make an effort to find out what is happening around you." }-

So you think the U.S. government is lying about how much is spent on foreign aid, and you have special knowledge of this? I am surprised that you would expect anyone here to believe that somehow all that we know from the Congressional Budget Office and other mainstream sources is wrong, and that you have special insider knowledge of this.

Ladies and gentlemen, Mr Bruce Schneier. (http://www.schneier.com/blog/archives/2010/09/wiretapping_the.html)

-{ Quote: "@ nightrace

Ladies and gentlemen, Mr Bruce Schneier." }-

:thumb:

Well Brucey baby will get more attention than lots of others, not that i expect it will change much/anything :thumbd:

-{ Quote: "

Once this becomes a required tech, they aren't going to wait for a warrant to use it. They will troll the internet seeking fish to justify the ability.

If LEO has trespassed peoples property to install a GPS beacon without a warrant it will occurr in this domain as well.
" }-

Exactly. And that is what they are after. This is all nothing more than a con game, and most Americans are too busy watching Jerry Springer and Wheel of Fortune to be bothered with it. I think it will take something bad to wake people up out of their stupor. Not that bad things haven't already happened. But I think it will take something *really* bad.

I posted some comments on other similar topics as this one so i am not going to write my view again :) i'll just post this link from a movie, it explains pretty much everything.

http://www.youtube.com/watch?v=chqi8m4CEEY

"there is something terribly wrong...."

Snuggly the Security Bear speaks on Internet Wiretapping:

https://www.eff.org/deeplinks/2010/10/snuggly

-{ Quote: "So you think the U.S. government is lying about how much is spent on foreign aid, and you have special knowledge of this? I am surprised that you would expect anyone here to believe that somehow all that we know from the Congressional Budget Office and other mainstream sources is wrong, and that you have special insider knowledge of this." }-

I don't care what you or anyone else thinks about what I say to be very honest. Your little "Wiki pic" means nothing when, if you bothered to look, proved that more than 3 measly billion was spent last year. And, foreign aid, come on, are you really that naive? You've had great posts here before showing that you AREN'T stupid, yet you seem to only consider what is publicly reported as spent as the only money spent. I seriously think you know MUCH better than that. "All that we know"?...Caspian, please, do you seriously think "we" know much of anything? Mainstream sources are the exact ones feeding people all of the nonsense, the lies, and the scare tactics.

If your "mainstream sources" were really telling you what was going on, you'd want to overthrow multiple governments and the U.N as fast as you possibly could. To be more on-topic, the government HAS to ease wiretaps, they HAVE to invade any and everyone's privacy, they HAVE to bypass Congress and others who get in the way, and, they have absolutely no choice but to do all this in the name of security. Otherwise, they wouldn't have a chance in hell of a world government, which is EXACTLY what you are seeing happen.

Scaring you, me, and everyone else into giving up our rights and letting the government take over almost every aspect of our lives, is the only way they'll get away with what they are doing. The U.S is not alone in this, the U.K is way ahead of the U.S in this plan. Every supposed "victory" there or here in the States, is no victory at all, it's simple, intentional backpedaling by the governments. I once gave an example of gas, you get used to cheap gasoline, the government suddenly raises it sky high. You and many others throw fits, and, slowly, it goes back down. Months and months pass by, gas is raised slightly, but not to where it was when you complained.

No one complains, the price stays this way for months more. Then, it is raised again, and this process continues until the price is where it was when you complained. Except, now, no one is complaining. Why? You got used to higher prices, you just couldn't handle it all in one shot. The same thing is happening with security and privacy. The public can't handle that kind of intrusion to that extent in one go, they have to be conditioned. There's one problem right now though, President Obama. Remember everyone claiming George Bush was a "cowboy"? Well, you've got the same thing in Obama. The only difference is, Obama is not afraid to stare you straight in the eye and tell you what he's going to do.

Obama is a great asset to have to the U.N and others looking for the one world government. He's completely on-board the idea and is making a lot of progress in furthering the goal. However, his "in your face" tactics are a bit much even for them, let alone his own citizens. Congress, even though there are many in there like him, does not like being tossed aside either and shown as irrelevant. His controlling and strong-arm tactics are going against him, which is the reason he almost assuredly will not be back for another term. Does that matter? No. The damage has already been done, the laws have already been passed. Even if the U.S got the best President we've ever had since creation of the country, it would take decades to "right the ship" so to speak.

I personally think Obama knew he was in for a short ride, it would explain very easily the attitude he has towards public opinion and even Congress. He cares what the U.N thinks, which is very telling to me. Even unions and the major advocacy groups that got him into office in the first place, have suddenly started backing away slowly but surely. In my mind, he's served his purpose, and another, "more kinder, gentler" leader will take the reigns and continue where he left off, albeit working more slowly towards the final goal. Obama was the Mafia "leg breaker", the guy who shows up at your door telling, and, showing you that the boss was displeased. I truly believe the bosses are on their way.

@ dw426

Lots of nice points in there :thumb:

The gasoline topic is a good one. A perfect example of how "They" do it, and keep doing it to us, over and over, year after year :thumbd: And what do they then spend ALL those tax $ on, yep spying etc on us and invading etc the world, whilst enriching themselves and their buddies/families etc :thumbd: Well it's got to stop, and it will before too long, but not before a hack of a lot of **** happens in the meantime. So get prepared for the ride, which Will be very bumpy.

It's just good cop / bad cop. Con game.

Well, we're all on the same page today:D

From Clone Ranger:

Well it's got to stop, and it will before too long, but not before a hack of a lot of **** happens in the meantime.

I know that's a typo, Clone, but it still gave me a big smile ;)

-{ Quote: "@ dw426

Lots of nice points in there :thumb:

The gasoline topic is a good one. A perfect example of how "They" do it, and keep doing it to us, over and over, year after year :thumbd: And what do they then spend ALL those tax $ on, yep spying etc on us and invading etc the world, whilst enriching themselves and their buddies/families etc :thumbd: Well it's got to stop, and it will before too long, but not before a hack of a lot of **** happens in the meantime. So get prepared for the ride, which Will be very bumpy." }-

I'm afraid we disagree there, Clone. What we're seeing right now is merely the "foreplay". We haven't even reached Britain's level of spying and privacy loss yet, never mind the end goal of those behind the plan. I sometimes sit back and watch, amazed at people. I hear all of the discussions about Truecrypting drives, chaining proxies, the freedom cries, the "I'll be damned if they invade me" speeches. For some reason, people, especially in the U.S, think they are somehow special and that they can't be controlled, that they have much more power because they can run over to the nearest elementary school and vote, and everything will be just fine because THEY chose who got to go to Washington. They think the Constitution protects them and that Iran, China, Libya, any number of less than free countries can't happen to them.

They're so confident in their "plans to fool the Man" and their rights, that they are completely oblivious to the fact that their "nightmare scenario" is already here. They don't understand that they aren't the ones with the say so anymore, and haven't been for many years. The U.S government doesn't report to them anymore, they report to the U.N. The U.S has involved themselves in so many outside affairs, cashed in so many favors, made so many deals, that even its own government is ruled by outsiders. Will things get better eventually, they sure will. But, you're not going to enjoy the times beforehand.

-{ Quote: "Absolutely, Spy1. This old argument comes up when even mainstream media sources confuse all annual federal outlays with true "discretionary" spending in an annual budget. It's not fair to put allocated and paid for things like Social Security into a pie chart for spending (just one example). Take that stuff out and you have a discretionary budget that looks like this. (From 2005, but you get the idea)." }-

Still, the graph you put there is dubious, and inflated to essentially be "anti-military" since there is "Foreign aid" in the defense budget. One elephant in the room is the countless military subsidies we have given to Europe since WWII. They could have never had their massive income transfer programs without them.

The main issue still is about surveillance, and how far our liberties and rights should be protected. From what I know about intelligence, the issue is more about too much garbage information, and not enough pertinent information. Like for example, ECHELON gives out so much useless stuff, what ever crime or terrorist attack or act of war that it may record may be filtered out by some schmuck at the NSA when its too late.

OK, so this is OT, except as an alternate reading of the title.

How hard are fiber taps to install? And how hard are they to detect? Just curious.

-{ Quote: "Originally Posted by nix

Well, we're all on the same page today" }-

Glad to hear it :)

-{ Quote: "I know that's a typo, Clone, but it still gave me a big smile" }-

Yes it was, but it could also have been a freudien slip ;D Anyway good to see you :) and it has me too ;)

-{ Quote: "Originally Posted by dw426

I'm afraid we disagree there, Clone." }-

I don't see how, as i was agreeing with you ?

-{ Quote: "What we're seeing right now is merely the "foreplay" - never mind the end goal of those behind the plan." }-

Yes i know, and FULLY understand "Their" MO and who the players in front, and More importantly behind the curtain, are etc etc. I just don't want to say too much about it all on here, due to you should know why, Without actually saying it ;)

-{ Quote: "Will things get better eventually, they sure will. But, you're not going to enjoy the times beforehand." }-

And i had already posted this

"Well it's got to stop, and it will before too long, but not before a hack of a lot of **** happens in the meantime. So get prepared for the ride, which Will be very bumpy."

Which is in agreement with you.

@ Pfipps

ECHELON is old hat these days, but i know what you mean ;)

What people should be Really concerned with & get >:( about is, what info they do Actually get, and do NOT act upon on Purpose. Thereby ALLOWING all sorts of bad things to happen against the people "They" are "supposed" to be protecting, with our tax $ Find out why "They" do that, and you'll be shocked to the core :o

-{ Quote: "Originally Posted by hierophant

How hard are fiber taps to install? " }-

Easy peasy, and they are now Already installed at various locations around the USA, and elsewhere. ALL pipes in/out of the USA are now tapped :o And NOT just in the USA but Lots of other coutries too :o There is a Massive datacenter being built right now by the NSA to help feed through etc and store ALL the info etc.

-{ Quote: "And how hard are they to detect? Just curious." }-

We can't directly, as these are optical taps, not like the old days, so they appear invisable to us. But look in your FW logs and do some reverse DNSing on what you see, you'll be Amazed at "Who" you find :o

-{ Quote: "Easy peasy, and they [fiber taps] are now Already installed at various locations around the USA, and elsewhere. ... " }-
Could we install our own? I mean, with thousands of miles of fiber, there must be relatively unsecured areas.

-{ Quote: "Glad to hear it :)



Yes it was, but it could also have been a freudien slip ;D Anyway good to see you :) and it has me too ;)



I don't see how, as i was agreeing with you ?



Yes i know, and FULLY understand "Their" MO and who the players in front, and More importantly behind the curtain, are etc etc. I just don't want to say too much about it all on here, due to you should know why, Without actually saying it ;)



And i had already posted this

"Well it's got to stop, and it will before too long, but not before a hack of a lot of **** happens in the meantime. So get prepared for the ride, which Will be very bumpy."

Which is in agreement with you.

@ Pfipps

ECHELON is old hat these days, but i know what you mean ;)

What people should be Really concerned with & get >:( about is, what info they do Actually get, and do NOT act upon on Purpose. Thereby ALLOWING all sorts of bad things to happen against the people "They" are "supposed" to be protecting, with our tax $ Find out why "They" do that, and you'll be shocked to the core :o" }-


Sorry, Clone, I didn't read clearly enough, though perhaps our idea of when things will get better may differ. I personally don't see any "light at the end of the tunnel" being visible for at least a couple of decades, and that's being a bit optimistic AND after a semi-decent President who gets us out of the United Nations and away from their control. Getting away from the U.N is about the only hope the U.S has of even beginning to change things around.

-{ Quote: "Could we install our own? I mean, with thousands of miles of fiber, there must be relatively unsecured areas." }-

Install your own lines? I suppose you could, sure. However, we're leaving out the ugly fact that SOMEBODY has to provide internet service, and that is where the control, privacy, and security issues show up. We can talk about "borrowing" Wi-Fi all we want, but there may not be any Wi-Fi to "borrow" in an "unsecured area" meaning out in the middle of nowhere.

-{ Quote: "Originally Posted by hierophant

Could we install our own? " }-

Good luck on that ;D That tech is only available to you know who, and would cost a Lot of $ They pay for it with Your tax $ :(

Anyway supposing you knew some clever person with the skills to build one, and install it, where would you place it ? how would you get in ? and how would you link to it ? what would you tapping ? and why ?

-{ Quote: "I mean, with thousands of miles of fiber, there must be relatively unsecured areas." }-

More than thousands !

Depends what you mean by Unsecured ? When you connect to the internet it has to go through your ISP, that's the weakest link, and where the tapp feeds etc are located. The bidirectional feeds are then linked to you know who.

-{ Quote: "Good luck on that ;D That tech is only available to you know who, and would cost a Lot of $ They pay for it with Your tax $ :(

Anyway supposing you knew some clever person with the skills to build one, and install it, where would you place it ? how would you get in ? and how would you link to it ? what would you tapping ? and why ?



More than thousands !

Depends what you mean by Unsecured ? When you connect to the internet it has to go through your ISP, that's the weakest link, and where the tapp feeds etc are located. The bidirectional feeds are then linked to you know who." }-

In other words, there's nowhere to hide. Just because nobody is questioning you or knocking on your door,, doesn't mean you aren't being watched.

-{ Quote: "Install your own lines? I suppose you could, sure. However, we're leaving out the ugly fact that SOMEBODY has to provide internet service, and that is where the control, privacy, and security issues show up. We can talk about "borrowing" Wi-Fi all we want, but there may not be any Wi-Fi to "borrow" in an "unsecured area" meaning out in the middle of nowhere." }-
No, I mean tapping into trunk lines, and using long-distance mesh wifi.

-{ Quote: "No, I mean tapping into trunk lines, and using long-distance mesh wifi." }-

Oh okay. But still (not having a clue how such a setup works), I would be concerned about the ability to watch these. It still boils down to access and who provides that access. The parts we can't control are the ones that do us in. In my opinion, encrypted connections and data are all well and good, but only for as long as these methods are legal. It doesn't take much for things to change, all that has to be done is for a government to deem these methods detrimental to security, and with a snap of a finger, they are legally gone.

You of course still have the option to illegally use them in such a case, however, outside of this forum and other security-minded venues, it will be much harder to find those willing to risk incarceration or more for doing so. In my view, these methods already are cause for suspicion for most ISPs and especially law enforcement and government. Our tools aren't very hard to take away, whether we want to believe that or not.

-{ Quote: "Oh okay. But still (not having a clue how such a setup works), I would be concerned about the ability to watch these. It still boils down to access and who provides that access. The parts we can't control are the ones that do us in. In my opinion, encrypted connections and data are all well and good, but only for as long as these methods are legal. It doesn't take much for things to change, all that has to be done is for a government to deem these methods detrimental to security, and with a snap of a finger, they are legally gone." }-
Yes, that is a serious issue.

-{ Quote: "You of course still have the option to illegally use them in such a case, however, outside of this forum and other security-minded venues, it will be much harder to find those willing to risk incarceration or more for doing so." }-
Perhaps so, perhaps not. It depends on what people come to expect. Making stuff illegal doesn't stop people from doing it. Indeed, the result may be decreased respect for the law, with broader consequences. How effective has the Drug War really been, except in inflating prices and producers' profits?

-{ Quote: "In my view, these methods already are cause for suspicion for most ISPs and especially law enforcement and government. Our tools aren't very hard to take away, whether we want to believe that or not." }-
That may be so. It may be necessary to better hide encrypted traffic, and use some sort of unattributable routing model (Tor on steroids, or whatever). Hey osifer, we're all just gaming with our friends, and trading legal pr0n -- nothing to see here ;)

-{ Quote: "In my view, these methods already are cause for suspicion for most ISPs and especially law enforcement and government. Our tools aren't very hard to take away, whether we want to believe that or not." }-

Just as an example, encryption is used everyday by just about everybody working in the healthcare industry that handles patient files. Nobody eyes this with suspicion. When I turn in expense reports and other documents to my company, they must be encrypted. I just don't believe, with the number of encrypted files transferred everyday, that anybody eyes them with suspicion.

I also remember many people saying the same kinds of things that you wrote regarding the Clipper Chip for voice transmission and when the Clinton administration wanted mandated backdoors for encryption software. The outcry was loud and they had no choice but to back down. If that was true then, it will be 10X that today because of the widespread use of encryption by business and individuals. Those who were pessimistic back then (I remember them on the Compuserve Security Forums and Usenet) were saying just what you are now. They were wrong then and I think a real proposal for any such thing would prove the pessimists wrong again.

-{ Quote: "That may be so. It may be necessary to better hide encrypted traffic, and use some sort of unattributable routing model (Tor on steroids, or whatever). Hey osifer, we're all just gaming with our friends, and trading legal pr0n -- nothing to see here ;)" }-

But then you run into the issue of how does a regular joe know how to better hide encrypted traffic? How does he know how to even use encryption to begin with? It's these people that are in the most danger. How much better can we hide to begin with? You can only use so many tools before the technology just comes to a standstill and there is nothing better. Also, the harder you try to hide, the more red flags that get thrown up, and the more attention you get. I know quite a few will call that FUD, but I only invite them to look, truly look at what is going on around them, and how quickly we've reached the point where we even need to discuss such things.

Speaking of these services such as VPNs and proxies, I for one no longer believe running their IP through a "whois" and reading their privacy policy deems them trustworthy. I don't know the people personally who run these companies, I don't know who their business partners really are, I'm not inside their office to see if there is a big server routing data to a 3 letter agency or someone else. Are we really naive enough to think a government won't set up a simple little service, type up an innocent looking policy, and maybe even plant reviews in search engines? Yes, that makes me sound paranoid, but it is easily and legally done. If fronts are set up by criminals on a daily basis, what on earth makes us think a government won't do it?

It's no longer a situation of "I'm not doing anything illegal, they don't have an interest in me". That was the 90s and it was before a lot of other things happened. 2010 and beyond is an entirely different ballgame.

-{ Quote: "Just as an example, encryption is used everyday by just about everybody working in the healthcare industry that handles patient files. Nobody eyes this with suspicion. When I turn in expense reports and other documents to my company, they must be encrypted. I just don't believe, with the number of encrypted files transferred everyday, that anybody eyes them with suspicion.

I also remember many people saying the same kinds of things that you wrote regarding the Clipper Chip for voice transmission and when the Clinton administration wanted mandated backdoors for encryption software. The outcry was loud and they had no choice but to back down. If that was true then, it will be 10X that today because of the widespread use of encryption by business and individuals. Those who were pessimistic back then (I remember them on the Compuserve Security Forums and Usenet) were saying just what you are now. They were wrong then and I think a real proposal for any such thing would prove the pessimists wrong again." }-

You at home are not a health care business (I assume). They ARE going to wonder why some guy at his house is surfing the net via VPN and proxy servers from some other country. Government has backed down many, many times due to "uproars", but take a trip down memory lane and think about what was said back then would never happen, and has either already happened or is happening. It's not easy to force things on people, the government knows that. They trip up from time to time, but, if they "nudge" people into things slowly, people don't even realize what is going on until it's over with. What did not happen in the 90s has no bearing on what has happened, can happen, and will happen now. In the 90s, there wasn't world-wide daily terror alerts. A good scare changes everything.

In the 90s, there were no "supercookies", there was no data storage forever (thanks, Google), there wasn't a lot of things. But, as you plainly see, all that changed. Never, ever, ever think something can't happen just because there may be an outcry. How many outcries were there over the AT&T/NSA issue? How many over the Patriot Act? Lots, right? They still happened and are still going on right this minute.

-{ Quote: "You at home are not a health care business (I assume). They ARE going to wonder why some guy at his house is surfing the net via VPN and proxy servers from some other country. Government has backed down many, many times due to "uproars", but take a trip down memory lane and think about what was said back then would never happen, and has either already happened or is happening. It's not easy to force things on people, the government knows that. They trip up from time to time, but, if they "nudge" people into things slowly, people don't even realize what is going on until it's over with. What did not happen in the 90s has no bearing on what has happened, can happen, and will happen now. In the 90s, there wasn't world-wide daily terror alerts. A good scare changes everything.

In the 90s, there were no "supercookies", there was no data storage forever (thanks, Google), there wasn't a lot of things. But, as you plainly see, all that changed. Never, ever, ever think something can't happen just because there may be an outcry. How many outcries were there over the AT&T/NSA issue? How many over the Patriot Act? Lots, right? They still happened and are still going on right this minute." }-

I hear what you're saying, DW; good points all. I still think that encryption touches a lot more people in their day-to-day affairs than the broad PATRIOT Act and the AT&T "closet." On top of that, there's an overall feeling that their has been some over-reaching. However, you may be proved right. Speculation is all we can engage in. In the end, I truly believe the practical difficulties of barring some of these things would prove it unenforceable.

-{ Quote: "They ARE going to wonder why some guy at his house is surfing the net via VPN and proxy servers from some other country." }-
Yes, we're going to have to stop doing that.

-{ Quote: "A good scare changes everything." }-
It surely does.

-{ Quote: "I still think that encryption touches a lot more people in their day-to-day affairs than the broad PATRIOT Act and the AT&T "closet."" }-
Right -- finances, shopping, pr0n, file sharing, etc.

-{ Quote: "In the end, I truly believe the practical difficulties of barring some of these things would prove it unenforceable." }-
People will figure out how to be free. I'm sure of it. Consider the Soviet samizdat. They had carbon paper, and some mimeograph machines. We have the internet.

Honestly, Lockbox, you're likely correct when you say some forms of encryption will remain, as checking for things like Truecrypt'ed files on every computer would require a truly "1984"-type of scenario. Not that that is completely unrealistic, but let's stay with more pressing matters. What I see going away are the Xerobanks of the world, the TORs, encrypted emails, that sort of thing. We might be able to encrypt data once it is in our hands, but if they can intercept and snoop on it mid-transmission, it's game over anyway.

Hierophant, you're also right in that people will try to find ways around it up until there just is no way around it. The unanswered question is at what price, and, how many average citizens are willing to pay it?

-{ Quote: "Hierophant, you're also right in that people will try to find ways around it up until there just is no way around it. The unanswered question is at what price, and, how many average citizens are willing to pay it?" }-
No offence meant, and current conditions in some places approximate "worst-case" scenarios for those of us in less-repressive areas. Some of us might have first-hand experience to contribute. For example, can users in mainland China reach VPN entry nodes? Does VPN traffic lead to unwelcome visits?

-{ Quote: "Oh okay. But still (not having a clue how such a setup works), I would be concerned about the ability to watch these. It still boils down to access and who provides that access. The parts we can't control are the ones that do us in. In my opinion, encrypted connections and data are all well and good, but only for as long as these methods are legal. It doesn't take much for things to change, all that has to be done is for a government to deem these methods detrimental to security, and with a snap of a finger, they are legally gone." }-

I don't see this ever happening. If anything the laws (if passed) will only pertain to those providing services (like RIM or AT&T, etc.). They will have a huge problem with the courts if they make the use of encryption by individuals illegal. For one, it's a 1st amendment issue and, for another, how can they prove something is actually encrypted? Random data could be random data. A PGP e-mail could just be jibberish. What are they going to do? Pass a law against sending jibberish emails? For example:

10DCB7143ADCA9E9371FC6D6616F118E05F1EA03B935DCAB35E3DD4CF8C13

Prove the above is an encrypted document or file. You can't (and it isn't -- it is just a random hex string). Do they really think they can get away with making the above string illegal?

-{ Quote: "... 10DCB7143ADCA9E9371FC6D6616F118E05F1EA03B935DCAB35E3DD4CF8C13

Prove the above is an encrypted document or file. You can't (and it isn't -- it is just a random hex string). Do they really think they can get away with making the above string illegal?" }-
Probably not ;) And perhaps they could make the software illegal. I believe that it's illegal to possess printers that can counterfeit currency, for example. Even with the Second Amendment, many types of guns are illegal. Does the Fourth Amendment confer the right to possess encryption software? I don't have a clue (and I'm dubious).

-{ Quote: "Probably not ;) And perhaps they could make the software illegal. I believe that it's illegal to possess printers that can counterfeit currency, for example. Even with the Second Amendment, many types of guns are illegal. Does the Fourth Amendment confer the right to possess encryption software? I don't have a clue (and I'm dubious)." }-

This is always where problems crop up. My right to this, my right to that. And what exactly do these rights mean when one chooses to ignore them completely or play favorites with them? Your supposed rights are ignored all the time. Obama doesn't care about Congress and goes over their heads or leaves them out of discussions period. What makes people think the Constitution is any different? That's a case of ignoring rights.

A case of playing favorites is free speech. Let's take (probably only U.S citizens will know about these people) Westboro "Baptist Church" as an example. For those of you who don't know, these are the ones who show up to private military funerals and shout, scream, and threaten about soliders dying and going to hell because of America's tolerance of homosexuals. They claim the First Amendment. No one stops them because of the First Amendment. However, when does it stop being a case of that and a case of hate speech, which IS prosecuted?

Let's take another example, religion. (Mods, bear with me, I'm not turning this into a religious thing, just giving a single example). Crosses on the side of a road, "In God We Trust", many examples of one religion, banned. However, Muslim classes are being taught in school, Muslim women are being allowed to cover their faces for drivers license photos, "Sharia law" is being allowed to be set up in Muslim communities. Where is the fairness in that? (No, I am NOT attacking Muslims, I blame government and advocacy groups, not them).

Your rights mean absolutely nothing to a leader or government that does not care. Public opinion is ignored by the administration of the U.S, why on earth would they care about your claimed rights? If you're looking for the court to champion your cause, I'm laughing right now at the thought. The courts are being filled up with like-minded people. Increasingly federal courts are on the side of government. The Supreme Court is your last hope, and there are very, very few of the 9 judges left who aren't the same way.

As to how the government is going to know the difference between "jibberish and encryption", that kind of a thought is simply a last hope type of thought, a "surely this can't happen" wishful thinking mindset. In other words, a false hope. Tell me something, how often do "jibberish" emails and data get transmitted by your average citizen? How often are they sending out hex data? How many of them even know what the hell "hex data" is? I hope you don't think that you and those that are like you that have an interest in privacy, security, and know how to use encryption tools, make up any tangible amount of the population that would allow your idea to work.

Your little world is small, a tiny little fraction of the planet. The rest of the world sends out data in unencrypted, easily intercepted traffic. So please, drop that "they can't tell the difference" nonsense. I didn't mean for all that to come off so snobby, but too many won't face reality. "They" can do whatever they damn well please because "they" put people in place to back them up and "they" think your precious Constitution is outdated at best, an antique toilet paper at worst.

-{ Quote: "This is always where problems crop up. My right to this, my right to that. And what exactly do these rights mean when one chooses to ignore them completely or play favorites with them? Your supposed rights are ignored all the time." }-
Yes, my rights to drive 200 km/h doing good blow are totally dissed :'(

-{ Quote: "Obama doesn't care about Congress and goes over their heads or leaves them out of discussions period." }-
That's his job. Guns and butter. He's the butter. For you know what. More guns coming. Capital leaving, gone. Don't speak Chinese. So it goes.

-{ Quote: "What makes people think the Constitution is any different? That's a case of ignoring rights." }-
Wasn't there a recent president who said it's "just a piece of paper"?

-{ Quote: "However, Muslim classes are being taught in school, Muslim women are being allowed to cover their faces for drivers license photos, "Sharia law" is being allowed to be set up in Muslim communities. Where is the fairness in that? (No, I am NOT attacking Muslims, I blame government and advocacy groups, not them)." }-
There are some pretty strange Hasidic communities too.

-{ Quote: "Your rights mean absolutely nothing to a leader or government that does not care. Public opinion is ignored by the administration of the U.S, why on earth would they care about your claimed rights?" }-
For one thing, it's a common misconception that the USA is a democracy. It's not. It's a republic. Pure democracies can devolve into mob rule. Leaders need to ignore public opinion sometimes.

-{ Quote: "If you're looking for the court to champion your cause, I'm laughing right now at the thought. The courts are being filled up with like-minded people. Increasingly federal courts are on the side of government. The Supreme Court is your last hope, and there are very, very few of the 9 judges left who aren't the same way." }-
Courts are part of the government. And think it through -- judges are successful lawyers. With good business and political connections. Whose interests do you think they favour? Ultimately, who has the money?

-{ Quote: "Tell me something, how often do "jibberish" emails and data get transmitted by your average citizen? How often are they sending out hex data? How many of them even know what the hell "hex data" is? I hope you don't think that you and those that are like you that have an interest in privacy, security, and know how to use encryption tools, make up any tangible amount of the population that would allow your idea to work." }-
Well, encryption is pretty pervasive in web browsing, and most people probably don't notice -- they just click the links. For whatever reasons, encrypted email hasn't caught on. We need email apps that make encryption and signing transparent, not some plugin that's complicated to configure.

-{ Quote: ""They" can do whatever they damn well please because "they" put people in place to back them up and "they" think your precious Constitution is outdated at best, an antique toilet paper at worst." }-
You're probably correct. And, within limits, so can we.

I probably shouldn't have brought up the Muslim/Christian issue, but it is, in my view, a great example of how in the U.S and increasingly more countries, it's okay for one side, but for another. There WAS a President who said the Constitution was just a piece of paper, and I'm thinking that it was said privately, perhaps by Obama himself. That I need to research though as I don't remember who actually did say it. It could have been Bush. I don't think driving fast and doing good blow is the best example of rights being ignored, lol, but I did find that pretty funny.

We've got to understand that the government doesn't think like we do. To us, rights and freedoms are an essential part of human living. To them, it's a nuisance that just gets in their way and delays them. If we keep assuming they won't come against us, if we keep having the mindset that our Constitution is some magical, unbreakable wall they can't get through, then we as a people will lose, and we will lose badly. The "days gone by" are exactly that, gone.


Edit: The "piece of paper" comment was attributed to George Bush back in 2005, reported by a Doug Thompson who stated it was told to a roomful of Republican leaders, during a meeting on the Patriot Act. However, there is no evidence to support it, and Mr. Thompson has relied on untrustworthy sources a number of times who turned out to be wrong. Is it entirely possible it was said? Of course. There is plenty of evidence today that such a statement is believed by the current administration.

@dw426

So, can we agree that repressive governments don't work for us?

PS - Although administrations come and go, they are merely figureheads, IMHO.

-{ Quote: "@dw426

So, can we agree that repressive governments don't work for us?

PS - Although administrations come and go, they are merely figureheads, IMHO." }-

We certainly can agree, and you're right, the President and their administration is just one part of the overall picture.

-{ Quote: "Edit: The "piece of paper" comment was attributed to George Bush back in 2005, reported by a Doug Thompson who stated it was told to a roomful of Republican leaders, during a meeting on the Patriot Act. However, there is no evidence to support it, and Mr. Thompson has relied on untrustworthy sources a number of times who turned out to be wrong. Is it entirely possible it was said? Of course. There is plenty of evidence today that such a statement is believed by the current administration." }-
For sure. They're giving up no power, and grabbing as much more as they can. The sorts of technologies discussed here may be our only hope for freedom.

-{ Quote: "Probably not ;) And perhaps they could make the software illegal. I believe that it's illegal to possess printers that can counterfeit currency, for example. Even with the Second Amendment, many types of guns are illegal. Does the Fourth Amendment confer the right to possess encryption software? I don't have a clue (and I'm dubious)." }-

The 4th amendment wouldn't really apply. It's more of a 1st amendment issue (free speech). This is exactly what happened with Phil Zimmerman in the 90's -- the Feds arrested him and charged him with exporting munitions (encryption software). However, he went and published the code in book form and said "I dare you to try and stop me. If you do, you will be trampling on my first amendment right to publish academic texts). They dropped the charges. And later the export laws were loosened. Things get really dicey when the government wants to suppress speech, and encryption manuals/books are speech.

Now, one might argue "well certain software is illegal, things like viruses, etc.). Well, first of all, I don't think it is illegal to possess virus source code (or at least I don't think it is, though I do think it is illegal to write them with the intent of causing harm -- someone correct me if I am wrong). Encryption software is not meant to cause harm or damage to someone else's property, thus I think it will be very hard to lake it illegal.

-{ Quote: "The 4th amendment wouldn't really apply. It's more of a 1st amendment issue (free speech). This is exactly what happened with Phil Zimmerman in the 90's -- the Feds arrested him and charged him with exporting munitions (encryption software). However, he went and published the code in book form and said "I dare you to try and stop me. If you do, you will be trampling on my first amendment right to publish academic texts). They dropped the charges. And later the export laws were loosened. Things get really dicey when the government wants to suppress speech, and encryption manuals/books are speech.

Now, one might argue "well certain software is illegal, things like viruses, etc.). Well, first of all, I don't think it is illegal to possess virus source code (or at least I don't think it is, though I do think it is illegal to write them with the intent of causing harm -- someone correct me if I am wrong). Encryption software is not meant to cause harm or damage to someone else's property, thus I think it will be very hard to lake it illegal." }-

You make an extremely good point regarding the book issues. However, once code takes on software form, then you run into law (if encryption software were outlawed.) We can talk about it all we want, speech freedom covers that, it's when we practice it that issues would arise. Perhaps they would run into problems outlawing the actual software, due to it's many legitimate uses, that's a fair and reasonable argument. However, a law easily could be passed requiring actual transmission of data over the internet to remain unencrypted, able to be intercepted and traceable. This would apply to surfing via proxy/VPN and emails. That right there is a huge amount of security and privacy gone.

As far as I'm aware, possession of virus code isn't illegal, but, to be very honest, I'm not sure existing laws are specific enough to say for sure. Right now we are in a somewhat decent place due to existing laws not keeping up very well with technology. However, that started being fixed during the Bush administration and is being pushed hard under Obama.

-{ Quote: "a law easily could be passed requiring actual transmission of data over the internet to remain unencrypted, able to be intercepted and traceable. This would apply to surfing via proxy/VPN and emails. That right there is a huge amount of security and privacy gone.
" }-

I heard on the news a long time ago that people in the Netherlands (or somewhere over there) were selling child porn through the mail. You could just order it like any other mail order. Maybe people will start doing that kind of thing again. It may actually end up being easier to commit crimes through the mail.

-{ Quote: "I heard on the news a long time ago that people in the Netherlands (or somewhere over there) were selling child porn through the mail. You could just order it like any other mail order. Maybe people will start doing that kind of thing again. It may actually end up being easier to commit crimes through the mail." }-

That could be a possibility in other countries, but here in the U.S, I'm not so sure. For one thing, mail here is looked at pretty thoroughly. Also, postal workers themselves are notorious for being snoops, and then you have the identity thieves grabbing mail out of boxes, dumpster diving, and all that. It COULD work, but that would be one hell of a risk. In a country where you have to show I.D, use your social security card and everything else to do just about everything but breathe, I certainly wouldn't risk it if I were that type of person. I sure as hell wouldn't have things like that sent to my home.

The only good thing would be that through the mail, it isn't some untraceable foreign website that there is no hope of finding out whether it's law enforcement or not. It worked in the 50s, 60s and 70s, I guess it could work now.


Edit: Considering there are no huge server farms to collect physical mail as there are digital data, no software to run that data through to check for "red flag words" and other things that are possible with digital data, you may very well be right. Not even the government has the manpower to go through every single piece of mail sent from every single citizen inside the country, let alone mail coming into the country. Unless of course they outright ban paper, and now we're REALLY stretching ideas, lol.

-{ Quote: "
Edit: Considering there are no huge server farms to collect physical mail as there are digital data, no software to run that data through to check for "red flag words" and other things that are possible with digital data, you may very well be right. Not even the government has the manpower to go through every single piece of mail sent from every single citizen inside the country, let alone mail coming into the country. Unless of course they outright ban paper, and now we're REALLY stretching ideas, lol." }-

That is what I have been thinking. So just as criminals on the net might use tor or a proxy to hide who they are and what they are sending and receiving, the U.S. Mail and/or other services could be sort of "proxied" in way to obscure what type of mail it is and who it is for. And as you mentioned, they do not have a way to scan every single piece of mail. Plus the laws are more concrete for the U.S. Mail, as far as I know. It is a crime to even open someone's mail box.

-{ Quote: "That is what I have been thinking. So just as criminals on the net might use tor or a proxy to hide who they are and what they are sending and receiving, the U.S. Mail and/or other services could be sort of "proxied" in way to obscure what type of mail it is and who it is for. And as you mentioned, they do not have a way to scan every single piece of mail. Plus the laws are more concrete for the U.S. Mail, as far as I know. It is a crime to even open someone's mail box." }-

Well, a crime for you and I. The government can choose to ignore "troublesome laws", so we always must remember that. However, I think they've focused TOO much on the digital age, and perhaps left a gigantic hole to be exploited the "old fashioned" way. I cracked a bit of a smile thinking of this, but just imagine people using encryption methods from the 1800s on back to the earliest centuries. They are expecting Tor, they are expecting Truecrypt, PGP. What they aren't expecting is invisible inks, substitution ciphers, and hieroglyphics, lol. Now I will certainly grant you that none of those methods are truly secure. If they suspect something, the jig is up as computers alone would make something like a substitution cipher a joke.

However, it's MORE than enough to make your local postal worker shrug his or her shoulders and pass it along without a second thought.

-{ Quote: "They are expecting Tor, they are expecting Truecrypt, PGP. " }-


What do they do in these cases? Hack the computer? Send a key logger through that antivirus companies white list, and then capture their passwords?

The Case For Wiretapping The Internet (http://www.darkreading.com/security_monitoring/security/government/showArticle.jhtml?articleID=227900053).

-{ Quote: "The directors of National Intelligence and the FBI say tech-savvy extremists pose a growing threat, setting the stage for a national debate over the need for Internet eavesdropping" }-

-- Tom

This article is itself a perfect example of extremist terrorism ;)

P.S. See the fnords?

-{ Quote: "The Case For Wiretapping The Internet (http://www.darkreading.com/security_monitoring/security/government/showArticle.jhtml?articleID=227900053).



-- Tom" }-

What I don't understand is that they already do this. NSA, as we all know, has hardware installed at the ISP backbones that filter through every e-mail and webpage visited on the Internet. Of course, the FBI and NSA are separate entities, but they are supposed to be sharing information now (that was the whole point of the Director of National Intelligence).

Moreover, the FBI itself can already tap into the ISP's office with a warrant (CALEA), so I am not sure what else they want. I guess they just want warrantless wiretaps. Typical big government tyranny.

Here's a thought :D

Maybe the NSA/CIA etc etc can now tap into each others pipes ;D That should keep em busy spying on each other ;)

I wonder how they keep track of who's who?

It's easy. NSA guys like a little Kraftwerk playloop going on, while CIA prefer them some Rammstein :D .

Those are both rather old-school. Me, I'm rocking to "Whittling" by Vibesquad ;D

-{ Quote: "It's easy. NSA guys like a little Kraftwerk playloop going on, while CIA prefer them some Rammstein :D ." }-

All I can say to that is :thumb: to the CIA, lol.

-{ Quote: "Those are both rather old-school. Me, I'm rocking to "Whittling" by Vibesquad ;D" }-

Here's old school doing something a little newer.

http://www.youtube.com/watch?v=X4U7B_ctnJM