Interview With DHS Head Michael Chertoff

This is an interesting read to me. Mr. Chertoff touches on such issues as storing data elsewhere until a laptop is through Customs/Security and having to provide the password for encrypted data.

http://blog.wired.com/27bstroke6/2008/08/chertoff.html

 

Interesting reading.

Though I must say, I am getting curious when he says that encrypted systems in which the users won't supply a password they will decrypt them.

I am wondering how they are planning to decrypt some of these "secure" methods. Are they running dictionary/brute force against passwords or what?

 

Well, that's the problem, we don't know and I have very high doubts they'll openly discuss it. We know brute force as we know it isn't gonna work against any decent algorithm. But will they exploit some flaw or just use some method we don't know about? That remains to be seen. The problem is, we can't merely count on what we THINK they have available such as resources or tech, we have to wonder about what is technologically possible even if we don't know it actively exists yet. I'm not making a political statement or bringing up any "Big Brother" theories, but there are as fact a number of "black" projects going on at any given time, whether in the NSA/CIA buildings in Washington or out at some remote military installation. Lockheed doesn't have a "Skunkworks" facility because they're dealing with smelly things. New tech is almost always a military project first that gets handed down to civilian applications.

So, the answer is, unless someone starts spilling beans so to speak, nobody knows their plans or what they can/can't do. All I can say is pray that legislation doesn't swing their way and allow them to make people turn over passwords. Because when that happens, you truly are left without many options.

 

That will happen.

As has been demonstrated time-and-time again, there are not enough of us informed, committed or involved enough to present a serious challenge to measures such as those - and the government knows it.

And apparently, the "iPatriot" Act is waiting in the wings: http://www.yff365.com/profiles/blog/show?id=2162281:BlogPost:5863 t鱸o tidy up the loose strings of whatever they've over-looked so far.

Happy trails, people. Pete

 

I personally agree legislation will pass to force password retrieval. We can go back and forth all day about the vast majority does or doesn't use it for crime (and please let's not for the sake of keeping the thread open), but the fact is that it IS used for it, and it's a simple and effective way to hide crime (if we keep out the theories that there are ways to get around it unknown to the public). So yes, I do see it coming, if not within a year or two, then not too far afterwards in my opinion.

I can only take as opinion the other article you linked since there is so far no proof readily available, but I do agree with the professor. The government has long known that the web is a prime target and it's entirely plausible they have an internet-based Patriot Act ready to roll. I don't however think that an attack will bring it in to action, I believe it will be put in place before one to attempt to prevent it. We'll see what happens in the next couple of years if that long.

 

The funny part of your point (and it isn't a bad one) is that government spending works in a really screwed up way. I have worked for them in the past, and I can tell you that money for THEM usually trickles in as leftovers from other spending. Also, depending on the organization, some are not even on the Internet. What the stories don't tell you is that these "lost" systems are usually merely victims of carelessness and not theft. Some are taken home, some are left in other places on the premises, some are accidentally put into storage. Believe me, crazy things go on in government facilities. They are VERY good at placing financial emphasis on pet projects.

You can place some of the blame on Congress, they are also very good at sending money for national security, but not government property security. It can be a funhouse