RIAA Secret Meeting

[John Young]

Anonymous reports on a secret meeting of RIAA:

   http://cryptome.org/riaa-secret.htm

Excerpt:

"On Thursday October 4 there was a closed-door RIAA meeting at the
Ritz-Carlton, which was 'a direction setting' meeting. The individuals of
note attending were:

  Hillary Rosen - RIAA Chief
  Steve Heckler - Sony Music
  Strauss Zelnick - BMG
  Edgar Bronfman - Universal
  Gerald Levin - AOL Time-Warner
  Ken Berry - EMI
  Leonardo Chiariaglione - SDMI Chair (Leaving Soon)
  Francis Jones - Codex Data Systems
  Fritz Hollings - Senator
  Ted Stevens - Senator
  Michael Eisner - Disney CEO
  Jack Valenti - President, MPAA
  Andy Grove - Intel CEO
  Lou Gerstner - IBM
  Yoishi Morishita - CEO Matsushita
  Tsutomo Kawata - CEO Toshiba
  Jay Berman - IFPI Chair
  Paul England - Microsoft Advanced Cryptography research group

One particularly disturbing fact is that Codex Data System's DIRT 
software is supposed to be restricted to law enforcement agencies, 
yet the RIAA, MPAA, and IFPI have all purchased it, and use it 
routinely to monitor servers which are suspected of infringing 
content, yet are password protected such as servers which 
require one to sign up for a password account like hotline servers
that have no guest download."





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Kerchoff's principle

[GANATRA CHETAN /INFRA/INFOTECH]

Can any one tell me whats Kerchoff's principle

.chetan

[Moderator's note: It is a set of principles, actually, about how to
build crypto systems that are secure. The most important is that you
must assume that the adversary will eventually learn the details of
your cryptographic algorithms, so the security of the system must rest
entirely in the key selected and not in the details of the algorithm. --Perry]

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Dutch Government wants to regulate strong cryptography

[Axel H Horns]

http://www.heise.de/tp/english/inhalt/te/9763/1.html

- CUT -

Dutch Government wants to regulate strong cryptography  

Jelle van Buuren   09.10.2001  

Action plan to combat terrorism targets modern communication 
technologies  

The Dutch Government announced Friday it wants to regulate the public 
use of strong cryptography. The regulation of cryptography is one of 
the measures the government is proposing in its  action plan to 
combat terrorism.  

[...]  

- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: Kerchoff's principle

[Ariel Waissbein]

Look up his article "criptographie millitaire" (writen in 1883) at
http://www.tcs.hut.fi/~helger/crypto/link/history/index.html
it is quite interesting.

the prnciple basically states that a cryptographic protocol's
security should not relay on the knowledge of how does the 
protocol itself is, e.g., you should always suppose that the
algorithms and related data used during the protocol's execution
(other than specific private data such as private keys) are known
to the attackers.

This principle is considered a MUST in the construcion of 
cryptographic protocols and primitives.

Ariel

GANATRA CHETAN /INFRA/INFOTECH wrote:
> 
> Can any one tell me whats Kerchoff's principle
> 
> .chetan
> 
> [Moderator's note: It is a set of principles, actually, about how to
> build crypto systems that are secure. The most important is that you
> must assume that the adversary will eventually learn the details of
> your cryptographic algorithms, so the security of the system must rest
> entirely in the key selected and not in the details of the algorithm. --Perry]

-- 
[ CORE Security Technologies ]==
Ariel Waissbein
Researcher - Corelabs

Pgp Fingerprint: 8D5E 46CC A6DA C46F 1EBC  C3D3 210A 37F0 8A47 76AA

email :  [EMAIL PROTECTED]
http://www.corest.com
===

I was scared. Petrified. Because (x) hearing voices isn't like 
catching a cold, you can't get rid of it with lemmon tea (y) 
it's inside, it is not some naevus, an epidermal blemish you 
can cover up or cauterise (z) I had no control over it. It was 
there of its own volition, just stopped in and (zz) I was going
bananas.
-Tibor Fischer ``The Thought Gang"



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: AGAINST ID CARDS

[Bill McGonigle]

On Thursday, October 4, 2001, at 06:41 , Arnold G. Reinhold wrote:

> The licenses would still be issued by the states so there would be no 
> new bureaucracy.

> Thoughts?

We have the technology to implement a good electronic ID system, but it 
wouldn't solve any security problems:

---
http://www.washingtonpost.com/wp-
srv/aponline/20011004/aponline204714_000.htm


Pa. Jury Indicts 20 in License Scam

By Mike Crissey
Associated Press Writer
Thursday, Oct. 4, 2001; 8:47 p.m. EDT

PITTSBURGH –– Sixteen men from six states were indicted by a federal 
grand jury Thursday on charges of falsely obtaining Pennsylvania 
commercial driver's licenses.

The men were among 21 of Middle Eastern descent who were arrested last 
week as part of an investigation of a Pittsburgh licensing office where 
an examiner has told authorities he helped people fraudulently obtain 
licenses.

Four men from Washington state were indicted Wednesday.

Eighteen of those indicted had permits to transport hazardous chemicals.

They were arrested amid concerns about possible terrorist attacks 
involving chemical or biological weapons. Federal authorities have since 
said they found no link between the alleged scam and the Sept. 11 
attacks.

The only man arrested last week who has not been indicted is Elmeliani 
"Ben" Benmoumen, 36, of Pittsburgh. Federal prosecutors say Benmoumen 
was a middleman who helped others obtain the licenses from a 
Pennsylvania Department of Transportation employee for bribes.

Federal authorities are not identifying the employee, who has since been 
fired, but have said he is a cooperating witness in the case.

Benmoumen was scheduled for a hearing Friday at which the government 
must present their probable cause for arresting him.

U.S. Magistrate Kenneth L. Benson also may hold bail hearings or 
arraignments for some of the 20 other men Friday, but Benson's staff 
could not immediately say which of the suspects are likely to appear in 
court.

Some of the men are jailed in their home states or otherwise may be 
unable to travel to Pennsylvania immediately.

State transportation officials have canceled 111 commercial and 
noncommercial licenses traced to the alleged scam.

Federal authorities charged only those men who received commercial 
licenses because they have no jurisdiction over noncommercial licenses.

The men indicted Thursday were arrested in Pennsylvania, Illinois, 
Michigan, Missouri, Tennessee, and Texas.




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RIAA Secret Meeting

[R. A. Hettinga]

--- begin forwarded text


Status:  U
Date: Mon, 08 Oct 2001 23:24:40 -0700
To: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
From: John Young <[EMAIL PROTECTED]>
Subject: RIAA Secret Meeting
Sender: [EMAIL PROTECTED]

Anonymous reports on a secret meeting of RIAA:

   http://cryptome.org/riaa-secret.htm

Excerpt:

"On Thursday October 4 there was a closed-door RIAA meeting at the
Ritz-Carlton, which was 'a direction setting' meeting. The individuals of
note attending were:

  Hillary Rosen - RIAA Chief
  Steve Heckler - Sony Music
  Strauss Zelnick - BMG
  Edgar Bronfman - Universal
  Gerald Levin - AOL Time-Warner
  Ken Berry - EMI
  Leonardo Chiariaglione - SDMI Chair (Leaving Soon)
  Francis Jones - Codex Data Systems
  Fritz Hollings - Senator
  Ted Stevens - Senator
  Michael Eisner - Disney CEO
  Jack Valenti - President, MPAA
  Andy Grove - Intel CEO
  Lou Gerstner - IBM
  Yoishi Morishita - CEO Matsushita
  Tsutomo Kawata - CEO Toshiba
  Jay Berman - IFPI Chair
  Paul England - Microsoft Advanced Cryptography research group

One particularly disturbing fact is that Codex Data System's DIRT
software is supposed to be restricted to law enforcement agencies,
yet the RIAA, MPAA, and IFPI have all purchased it, and use it
routinely to monitor servers which are suspected of infringing
content, yet are password protected such as servers which
require one to sign up for a password account like hotline servers
that have no guest download."





-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to
[EMAIL PROTECTED]

--- end forwarded text


-- 
-
R. A. Hettinga 
The Internet Bearer Underwriting Corporation 
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: AGAINST ID CARDS

[Bill Stewart]

At 06:41 PM 10/04/2001 -0400, Arnold G. Reinhold wrote:
>I too am very nervous about the prospect of national ID cards.
>I have an idea for a possible compromise, but I have not made up my mind 
>on it.
>I'm interested in hearing other people's opinions.
>
>The idea is a federal standard for secure  drivers' licenses. These would 
>be cards containing a chip that stores an electronically signed and time 
>stamped data file consisting of the driver's name, date of birth, height, 
>address, photo, and scanned signature, as well as endorsements such as 
>truck, school bus, motorcycle and hazmat operator licenses. All this 
>information is contained in existing drivers' licenses, but in a way that 
>is too easy to forge.

It's a really, *really* bad idea.
It's politically much easier to successfully oppose an obviously bad thing,
like National ID cards and other internal pass laws,
than to successfully oppose incremental changes in existing systems.
And forcing states to use uniform practices means that you
can't find a place to have a driver's license merely
indicate your driving skills, as opposed to hundreds of other uses.

For instance, collecting SSNs for driver's licenses,
which makes it possible to correlate drivers databases with
most other databases in the country, was done back in the 80s,
and in many states the SSN is printed on the DL or IS the DL number.
(The Federal Privacy Act had little effect on this process -
it's just a law, so future laws can easily change it, and did so.)

Another big change in DL policies was the requirement for
citizenship papers to get permission to drive.
Here in California that was largely done to prevent the
clear and present danger of people speaking Spanish while driving,
and many other states have jumped on the harassing-immigrants bandwagon.
Since many jobs need driver's licences (or at least transportation),
immigrants now have a major financial incentive to get them,
so the price and supply of corruption in motor vehicle departments
has gone up substantially.  Before this, the main people who needed
high-quality driver's licenses were convicted bad drivers
who were trying to dodge the system, and that was easier to stop.
(There was also a demand for fake ID for underage drinkers,
but low-quality fakes are fine for that, and they don't need to be
databased.)

Driver's licenses have increasingly become tools of social control -
the common excuse is "deadbeat dads", and in many states
conviction for drug possession offenses also gets them suspended.
Until 9/11, you could still routinely travel without government ID,
though many airlines have a policy of training their people to lie
about "no, that's always been the policy".
ACLU Cards with pictures would have helped that - don't leave home
without one - but I doubt we'll have that freedom again for a while.

New Jersey, BTW, encodes lots of information in the DL number -
the S8235 at the beginning of mine was a Soundex for "Stewart",
the 5 digits at the end encoded birthdate and I think
race or eye color, and some of the middle six digits may have also
encoded that, though some were just serial numbers.
It provides some security against licenses forged by
people who don't know the rules.
 [They're also listed in plaintext.  The forms let you
 update your address, but not most of the personal data,
 so my weight still shows what I weighed when I was 22.]

As long as there's a driver's license number printed on the card,
it's a unique ID for database lookups attached to your name.
If the other certifications are encrypted, that means that
*you* don't know what they say, but cops who run the card
through a computer lookup will - and cops will *have* to
run the card through a computer lookup to use them,
whereas now they can just look at them if they want.
If you could get a card that just had your picture and the
certifications, and not your name or address,
that might be an improvement, but it ain't gonna happen.

And meanwhile, in many states you've got some flexibility about
whether the license lists the address where you get snailmail
or the address where you sleep or the address where you own land.
Expect any uniform standards to erase that.

What can the ability to do database lookups do?
Well, if the signatures indicate that you're black,
or a Registered Republican Voter, or a Welfare Recipient,
or a Registered Drug Offender, it's much easier for
anybody who wants to target you do do so.
If the databases are only accessible to authorized users,
that increases the demand for bribable authorized users,
especially if the expanded set of uses expands the set of
authorized users.  It's possible to keep the different sets
of information separate, if there's the technical skill
and political will to do so, but there's little enough of the former
and none of the latter among the kinds of people who'd
make the requirements for that kind of system.

 Bill Stewart