U.S. Is Working to Ease Wiretaps on the Internet

It wont and is why I said in my previous post that the government is fighting a losing battle. We have already been down this road in the 90's with Phil Zimmerman. Zimmerman won because of something called the 1st amendment. Things get really dicey when the government wants to stop a person from publishing a book.

They can't, and is again why they will lose. They might be able to make all American companies implement backdoors in their messaging protocols and smart phones, but they will have a VERY hard time convincing the courts that an individual cannot possess or write his own encryption software. Again, this is precisely what happened with Zimmerman in the 90's (inventor of PGP).

Yes a backdoor would compromise it. However, one good thing about PGP is that they allow their source code to be reviewed by anyone. Even better, though, would be to use GnuPG which is a PGP clone that has zero commercial interests and is developed in open by a community of volunteers.

You see, that's how the government (NSA) works -- they know they cannot overcome the first amendment, so they simply strong arm vendors and tell them they will go out of business if they don't implement backdoors. And the way they force them out of business is to deny them an export license (NSA has done this many times in the past).

Yep and the terrorists are much more motivated to find a way than those of us who want to avoid casual snooping. This is a losing battle. Human intel is much more important today because of it.

 

Welcome home. 27th Inf, 25th Div here, 1967-68

 

caspian! Similar thoughts for sure.

If those seeking this has legitimate concerns of illegal activity, then get a warrant for a suspect and install undetectable malware, you now have access to all his info being sent to whom and how.
They already do this so wiretapping the internet must have another agenda.

Once this becomes a required tech, they aren't going to wait for a warrant to use it. They will troll the internet seeking fish to justify the ability.

If LEO has trespassed peoples property to install a GPS beacon without a warrant it will occurr in this domain as well.
Give them an inch and they'll take two.
How can you say you're protectors of the Constitution when you try to subvert it. A man can not serve two masters, he will love one and hate the other.

 

Not just U.S. citizens A large percentage of people from all around the world, have for too long been distracted with plenty of garbage TV/Films/Games etc etc. They either don't know 99% of what's really happening, or incredibly don't care Just as long as they get their daily fix of adrenaline etc. It's like drug etc addiction only worse, they don't realise how it's taken over their lives

Unfortunately, far too many judges etc are Not independent/unbiased etc, and will not bite the hand that feeds them. Judges in the main, get their jobs given to them by like minded politicians etc, and as every year passes this whole system gets more and more corrupt.

The following in chronomatic's link from July 27, 1998 Yes 1998

As i've mentioned before and posted links with proof of the backdoors being discovered in Routers that your ISP give you just for example.

Remember, all this goes to 1998 and before. So imagine what it's like since then, and now !

*

Re terrorists.

If the politicians etc of the USA & other nations stopped interfering etc in other countries business, and also played fair at home, there would be NO such problems to worry about, or have endless Billions of your tax $ spent on equipment/systems etc etc to "supposedly" try and prevent it. Not that they really do, or want to, too much filthy lucre to share around between the "in crowd"

 

My father was 1st Cavalry (Airmobile) 2/12, Co. A from 66-67. He was in Bong Son province amongst other places. Screwed him up bad (PTSD). Oh the stories I have heard..

 

One of the most fascinating threads i've read hear at Wilders!

Excellent comments members

 

Apropos to this discussion

India’s Surveillance Plan Said to Deter Business
http://www.nytimes.com/2010/09/28/business/global/28secure.html?_r=1&hpw

"NEW DELHI — In the United States, law enforcement and security agencies have raised privacy concerns with a new proposal for electronic eavesdropping powers to track terrorists and criminals and unscramble their encrypted messages.

But here in India, government authorities are well beyond the proposal stage. Prompted by fears of digital-era plotters, officials are already demanding that network operators give them the ability to monitor and decrypt digital messages, whenever the Home Ministry deems the eavesdropping to be vital to national security.

Critics, though, say India’s campaign to monitor data transmission within its borders will hurt other important national goals: attracting global businesses and becoming a hub for technology innovation.

The most inflammatory part of the effort has been India’s threat to block encrypted BlackBerry services, widely used by corporations, unless phone companies provide access to the data in a readable format. But Indian officials have also said they will seek greater access to encrypted data sent over popular Internet services like Gmail, Skype and virtual private networks that enable users to bypass traditional telephone links or log in remotely to corporate computer systems.

Critics say such a threat could make foreigners think twice about doing business here. Especially vulnerable could be outsourcing for Western clients, like processing medical records or handling confidential research projects, information that is typically transmitted as encrypted data.

“If there is any risk to that data, those companies will look elsewhere,” said Peter Sutherland, a former Canadian ambassador to India who is now a consultant to North American companies doing business there.

S. Ramadorai, vice chairman of India’s largest outsourcing company, Tata Consultancy Services, echoed that sentiment in a newspaper column on Wednesday. “Bans and calls for bans aren’t a solution,” he wrote. “They’ll disconnect India from the rest of the world.”

 

Echelon revisited came to my mind when I first read the NYTimes article. The issue is very complex, as it was rightly pointed out, it is difficult to give even a personal opinion about a system that will affect significantly our way life, and right or wrong, its implementation seems inevitable from a security point of view.

What I find scary is that anything undertaken in the name of national security seems to have a divine right to operate "classified", which as a result will lead to potential wrongdoings. The US intelligence budget is classified (see link post #22 by spy1) why? For starters I'm glad I'm not an American taxpayer, but then it's not just money, the fact that these government agencies enjoy a very dangerous immunity towards the media and the justice system. Who guards the guardians?

 

Thread related article: FBI Drive for Encryption Backdoors is Déjà vu for Security Experts.

A good read!

-- Tom

 

Déjà vu is right. I remember the original Zimmerman fight well. I see no way that this could ever pass and even if done under some kind of Executive Order would be ignored and unenforceable. Tea being thrown overboard would look mild compared to the firestorm after this. This is clearly a trial balloon and so-far, so-good. The outrage is as expected and my guess is this goes nowhere. Famous last words?

 

The biggest Terrorist in the world is the US goverment itself, Thay are spreading senseles fear around the world.

The fear of terrorist attackst ist silly, as they are a 100 things more likely to kill you, liek for example cars, or influenza.

The sole reason behind promoting terrorism in he media is to get the world in a surveillance grip.

 

That's an interesting argument: spreading fear (of terrorism or whatever) as a control strategy is itself terrorism. Although I get the point, it seems odd to equate actual deaths of actual people with psyops/FUD -- even though the latter may do more long-term harm.

 

Dr. Kevin S. McCurley, now at Google, examined this divergence in the relationship between cryptographic models and communication models, in his 2006 paper, titled, "Language Modeling and Encryption on Packet Switched Networks." You can find the paper, and complementing PowerPoint, here. In the paper, he builds on the premise that "the structure of the Internet as we know it may actually preclude the existence of any reasonable model for completely secure encryption," and concludes, in his PowerPoint, that "absolute security for Internet communication is probably impossible." In regards to this relationship, he also shares the following closing thoughts -- those being, that "we need better definitions of knowledge and wisdom in order to advance cryptology" and "we need better models of communication in order to advance cryptology."

With Mackerel, what we're finding is that by tightening the relationship between cryptographic models and communication models, you, consequently, have a better understanding of what a cryptographic implementation should look like if it wants to stand resilient in the face of real-world threat models, in all of their inconsistent, uncertain, and textbook-out-the-window glory. Even though green cryptography is based on the most robust notions of confidentiality and integrity we have (i.e., IND-CCA2 /\ INT-CTXT), that doesn't mean much if it's not protecting the right stuff. And, as we've found, The Right Stuff(TM) isn't just the message that you're trying to communicate, for instance, but also the contextual and residual particles that give that message shared meaning between both particle -- enough so that if made available to an adversary, can leak enough in order to mount a viable attack.

The Internet is a nearly-living creature; a beast of intricacies, subtleties, and complexities that make this relationship -- cryptography and communication -- one in need of therapy. Mackerel may make marriage counselors out of us in the end.

 

Let's revisit Shannon's communication model in its original state:

Information.......Transmitter..........Channel.........Receiver..........Destination
Source

Forgive the primitive diagram, but obviously message transmission moves in a forward progression from information to destination, with noise impacting channel.

Warren Weaver’s three levels of communication:

Level A: How accurately can the symbols of communication be transmitted? (technical problem)
Level B: How precisely do the transmitted symbols convey the desired meaning? (semantic problem)
Level C: How effectively does the received meaning affect conduct in the desired way? (effectiveness problem)

And here, of the utmost importance, is Shannon's oft-repeated maxim that the semantic aspects of communication are irrelevant to the the engineering problem, or that Shannon's theory only impacts Level A.

Shannon’s theory was, in fact, an engineering theory that treats problems in source and channel coding. So why did he call it the mathematical theory of communication? For the answer, we need to look partially to Warren Weaver.

Weaver insists we can tie Shannon’s theory to Levels B and C. Why? He was a mathematician, and B and C takes him into very uncertain territory. And yet, his 1949 introduction to Shannon is very clear. It often gets lost as a "soft science" introduction to information theory. In other words, Weaver gets short shrift. But what he was really onto was a basis for communication theory. (A cite to his introduction to Shannon's theory ends this post. It is worth reading several times.)

His introduction ends with a provocative notion that both information entropy and thermodynamic entropy might be involved in introducing a notion of “context” to the machine in order to treat “meaning”:

Since binary machines are not good at reading context, we need to deal with context elsewhere, outside the machine. Context shows itself more clearly if we imagine that our system is a communication system with two components, us and the machine, rather than a closed information system. Then we can see that context also includes the context of the entire message. We cannot consider ‘meaning” without considering the message senders and receivers. How does the message fit into the information system? Who puts it there and why? Clearly, we do: we provide context to the message.

Level B, then, is where the machine meets the operator. It presents a place to meld information and communication theory. It is here that we can make decisions that impact whether we will be using a device to transmit information or whether we will use it to conduct communications.

So let's work the diagram like this:

Info...Transmitter...CA's...Channel...Receiver...CA's...Destination
Source

Where CA's are communications applications and actors. In other words, the place where encryption happens, because a human operator is required in order to determine what kind of security a message requires.

Now semantics continue to be a concern in layer 2. But semantics drive message delivery. In other words, "meaning" calls for a level of security or secrecy. Some messages can be transmitted precisely with no security or secrecy. But some messages cannot be transmitted "precisely" with no security because an interception will cause unintended consequence. There is no message "precision" if the message does not arrive "intact," which indicates it is delivered only to intended parties. So on a computer network, humans introduce communications applications like (most importantly) encryption, anonymity or other metacommunication applications not yet considered.

So I've reworked Weaver's level's like this:

Level A: How accurately can the symbols of communication be transmitted? (transmission of message)
Level B: How precisely do the transmitted symbols convey the desired meaning? (delivery of information, decision to use CA's in order to protect both transmission and "intent" required by the originator and receiver)
Level C: How effectively does the received meaning affect conduct in the desired way? (origin and receipt of message)

And that is one way a communication model might be reworked to serve green cryptography. That's just the beginning, too. Thank you for the link to Kevin McCurley's paper. Wish I could talk to him. And thank you so much, Justin Troutman, for the intro to Mackerel. It is exciting.

http://academic.evergreen.edu/a/arunc/compmusic/weaver/weaver.pdf

 

Just to tie this all back, Level 2 of Shannon's theory is where security and privacy concerns unfold, in all their messy incarnations. When I inserted communications applications into Shannon's seminal diagram, I could have also called them control applications. Weiner may or may not have said this explicitly, but communication is a control mechanism that is on, while control is a communication mechanism that is off.

That's why communications security problems will necessarily differ from information security problems, because we need to discuss who has their hand on the mechanism, and why, from a security standpoint. I know that's painful for you guys to hear But no more painful than how inadequate an internet communications linguist feels when trying to parse stuff like "the most robust notions of confidentiality and integrity we have (i.e., IND-CCA2 /\ INT-CTXT)" to get a working theory of communication going out of information theory. Whew! We need a project Mackerel on the communication side, too, to meet you in the middle!

 

The latest news, sort of related, is that the President can without Congressional approval shut down the Internet for up to 90 days if it outside attacks are suspected. Not if they're happening, just suspected.

So, does that mean the world internet or just the USA? And, what would that do to virtually everything - news, Internet reliant companies, etc?

 

Actually, that's not sort of related. It is entirely related. I'm not sure to exactly which version of the kill-switch scenario you refer, but that is a fundamental question of communication and control right there. Here is the ultimate security question, the one you need to answer before you can proceed to either code or communicate: is the information unit or the communication mechanism on or off?

 

I don't know about which scenario. All they said was he could bypass Congressal approval (which seems the norm with that guy) and shut down the Internet for 90 days. They said nothing about whether this was world wide or just USA. I can't imagine a world wide shutdown is even possible.

 

Well it is not, but thay can screw up the routing so that it wil tage hours if not days to restore rhe routing.
Also I'm not sure how the DNS system will respond to taking out the root zone

Fortunately P2P pirated does not care about DNS

But aside of this minor problems thay cant stop the internet.

 

I should add my take on this.

I entertain the idea of "absolute security" as a mertiful theoretical exercise; in practice, I simply look for the cleanest ways to capture a realistic threat model, full of compromise and mitigation throughout.

There's reason to be pessimistic, since the Internet isn't really evolving with security in mind, but I am optimistic about the potential for tailoring cryptography to fit this shape-shifting model of communication.

However, I have little doubt that those interested in breaking cryptographic protocols will always have a little "leaked" help that those making cryptographic protocols can't protect against; that's certain.

 

So you think the U.S. government is lying about how much is spent on foreign aid, and you have special knowledge of this? I am surprised that you would expect anyone here to believe that somehow all that we know from the Congressional Budget Office and other mainstream sources is wrong, and that you have special insider knowledge of this.

 

Ladies and gentlemen, Mr Bruce Schneier.

 

Well Brucey baby will get more attention than lots of others, not that i expect it will change much/anything

 

Exactly. And that is what they are after. This is all nothing more than a con game, and most Americans are too busy watching Jerry Springer and Wheel of Fortune to be bothered with it. I think it will take something bad to wake people up out of their stupor. Not that bad things haven't already happened. But I think it will take something *really* bad.

 

I posted some comments on other similar topics as this one so i am not going to write my view again i'll just post this link from a movie, it explains pretty much everything.

http://www.youtube.com/watch?v=chqi8m4CEEY

"there is something terribly wrong...."