http://www.steganos.com/en/cng/

2002-05-22 Thread Axel H Horns 

http://www.steganos.com/en/cng/

In view of its crypto properties, is "Steganos Crypt & Go" a usable 
alternative to PGP or GnuPG? Or is it snake oil?

Now, where PGP Desktop isn't available any longer for any commercial 
use, some of the very few guys who use crypto for e-mails now switch 
over to steganos. I have serious doubts on the hardness of that tool.

Any URLs with further insights available?

I would like to pass any reliable info to several of my colleagues 
who are interested in tools for e-mail encryption.

Thanks!

Axel H Horns
Patentanwalt


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] UK: Paxman returns Enigma machine

2002-04-01 Thread Axel H Horns 

http://news.bbc.co.uk/hi/english/uk/england/newsid_1904000/1904795.stm

--- CUT 

Monday, 1 April, 2002, 07:52 GMT 08:52 UK  

Paxman returns Enigma machine  

[...] 

Newsnight presenter Jeremy Paxman is officially returning the Enigma 
machine to its home at Bletchley Park to mark the second anniversary 
of its theft.  

[...]

--- CUT 



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] The implications of the UK Export Control Bill

2002-03-29 Thread Axel H Horns 

http://www.heise.de/tp/english/inhalt/te/12191/1.html

 CUT 

Knowledge Transfer Controls and Academic Freedom  

Ashley Benigno   28.03.2002  

The implications of the UK Export Control Bill  

A controversial bill that extends export controls on armaments from 
hardware to intangible goods is currently before the British 
Parliament. The  Export Control Bill has been viewed by some quarters 
as carrying serious implications for academic freedom, by curtailing 
research and collaboration through the adoption of transfer controls 
and the introduction of a licensing regime.  

The aim of the Bill, as outlined in its introduction, is to "make 
provision enabling controls to be imposed on the exportation of 
goods, the transfer of technology, the provision of technical 
assistance overseas and activities connected with trade in controlled 
goods; and for connected purposes". As defined in the Export Control 
Bill, "'technology' means information (including information 
comprised in software)". In fact, one of the primary objectives of 
the Bill is to extend current export control laws that cover only 
physical goods to include intangibles such as software.  

While the Bill is seen by the Government as an additional tool in its 
fight against international terrorism, some academics view the 
proposed law as being so widely drawn that it would provide ministers 
with the power to review and suppress any scientific paper prior to 
its publication, and to license foreign students (not just at British 
Universities, but students taught by UK nationals anywhere in the 
world).  

According to  Ross Anderson, a Cambridge University professor and 
chairperson of the Foundation for Information Policy Research, the 
effects of the Export Control Bill would be felt across the fields of 
science and technology, impacting both research and education:  

"The new law would cover most of our research in computer science 
(fast networks, high performance computing, neural networks, real-
time expert systems, hardware and software verification, reverse 
engineering, computer security, cryptography) and could even force a 
rewrite of lecture course and project material. The Department of 
Engineering would be hit by the listing of numerically controlled 
machine tools and fibre winding equipment, robots, optical 
amplifiers, software radios and aero engine control systems, as well 
as many lasers, gyros, accelerometers and similar components. The 
restrictions that previously only applied to physical hardware 
objects will be extended to the software used to design, test, 
control or operate them, or to integrate them into larger systems."  

The proposed law would also negatively impact transnational 
collaborative projects. A simple action such as sending an email to a 
foreign collegue relating to a research issue could end up requiring 
a special licence. Just like the teaching of many subjects to foreign 
students would fall under a licensing scheme. It is easy to envisage 
the administrative nightmare this would entail, the damaging effects 
on the overseas student contingent and on the development of academic 
work in general.  

In Anderson's opinion, opponents of the Bill may "argue that while 
one may well decide to curtail long-established academic liberties 
because something bad has happened, it is excessive to do so because 
a bad thing might happen, but hasn't. (Al-Qaida isn't an excuse, 
unless even basic aerospace engineering is to be reclassified as a 
technology relevant to weapons of mass destruction)". In the 
meantime, the Cambridge professor has proposed an amendment to the 
proposed law exempting research and teaching, which has received the 
backing of  Universities UK and the  Association of University 
Teachers.  

 CUT 



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] How we can save PGP - Zimmermann

2002-03-08 Thread Axel H Horns 

http://www.theregister.co.uk/content/54/24336.html

-- CUT ---

How we can save PGP - Zimmermann  

By Andrew Orlowski in San Francisco  

Posted: 08/03/2002 at 07:44 GMT  

PGP inventor Phil Zimmermann says PGP can be saved, and has outlined 
how in an interview with The Register yesterday.  

"PGP is an institution that's bigger than any single company, or 
codebase, or product," says Zimmermann. "It's in limbo right now, and 
limbo is a bad place to be."  

Network Associates Inc wrote to customers last week informing them 
that it was ceasing development on PGP Desktop, and while promising 
to honor existing support contracts, said no bugfixes or updates 
would be issued. PGP staff were being transferred to Network 
Associates other business units. The company, which bought PGP Inc in 
1997 for $36 million announced it wanted to find a buyer for PGP last 
November, but hasn't found an acceptable offer yet.  

Zimmermann said he wanted NAI to release the source code, suggesting 
a Berkeley-style license, and hoped to encourage development around 
the Open PGP standard:  

"The demise of the PGP business unit at NA is not the demise of the 
open PGP standard; there are other companies that implement the 
product that use the standard. Go to OpenPGP.org and you'll find a 
lot of concerned people that want to fill this niche."  

"Anyone interested in helping should contact me," he added.  

Zimmermann said he'd welcome a big name sponsor - we suggested an 
Apple, or an HP - to back OpenPGP development. Right now, he 
admitted, the free software versions needed a slick GUI to bring them 
up to the fit and finish of the PGP equivalents.  

PGP's Desktop, a slick and well-regarded personal privacy suite which 
included an encrypted file system for Windows and the Macintosh, and 
integration with ICQ, is no longer available for download, and you 
can't find anything except the enterprise products at PGP's 
"evaluation" page.  

This leaves Mac OS X and Windows XP users in a fix, as the current 
PGP products aren't compatible with the new operating systems.  

And what's scandalous is that NAI has OS X and XP-ready versions, but 
won't ship them.  

Zimmermann first published Pretty Good Privacy in 1991, and left 
Network Associates a year ago. He declined to comment on NAI's 
stewardship of the software, although Register readers, including 
many PGP users, haven't been nearly so diplomatic.  

It's a good time to remind NAI of its responsibilities to its 
customers, to the PGP community, and remind potential purchasers of 
the value of privacy software. ®  

-- CUT ---



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: NAI puts PGP into Maintenance

2002-03-02 Thread Axel H Horns 

On 28 Feb 2002, at 7:50, R. A. Hettinga wrote:

> However, effective immediately Network
> Associates will cease new development on these products, and not sell
> additional licenses, services and support agreements. 

Does that mean that single-user commercial PGP from these off-the-
shelf-boxes aren't available any longer?

So, if, for example, an attorney decides to use PGP for encrypting e-
mail on his business PC, he will be out of luck unless he decides to 
use the non-commercial version?

Regards,

Axel H Horns
Patentanwalt

-- 
Patentanwalt Dipl.-Phys. Axel H Hornse-Mail [EMAIL PROTECTED]
Web www.ipjur.com  Voice ++49.89.30630112  Fax ++49.89.30630113
My PGP RSA Key ID = 0xD8433289 http://www.ipjur.com/pubkey.php3
PGP Pubkey Fingerprint C5D2 5E53 D241 4988  17E4 904D 9467 31BC


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] (Fwd) FC: Senate Democrats love SSSCA -- but GOP says not so fast

2002-03-01 Thread Axel H Horns 

See also

http://www.theregister.co.uk/content/54/24262.html

--- CUT 

Senator brutalizes Intel rep for resisting CPRM  

By Thomas C Greene in Washington  

Posted: 01/03/2002 at 14:41 GMT  

Entertainment industry lapdog Senator Fritz Hollings (Democrat, South 
Carolina) lashed out at Intel executive VP Leslie Vadasz who warned 
that the copy-protected PCs Hollings is obediantly promoting on 
behalf of his MPAA and RIAA handlers would stifle growth in the 
marketplace.  

"We do not need to neuter the personal computer to be nothing more 
than a videocassette recorder," Vadasz said in testimony before the 
Senate Committee on Commerce, Science and Transportation Thursday.  

[...]

--- CUT 



--- Forwarded message follows ---
Date sent:  Fri, 1 Mar 2002 11:23:11 -0500
From:   Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject:FC: Senate Democrats love SSSCA -- but GOP says not so fast
Send reply to:  [EMAIL PROTECTED]

Politech archive on Sen. Hollings' SSSCA:
http://www.politechbot.com/cgi-bin/politech.cgi?name=sssca

Letter from SSSCA opponents:
http://www.politechbot.com/docs/sssca.opponents.letter.022702.html

Intel letter to Hollings:
http://www.politechbot.com/docs/intel.hollings.letter.022802.html

Draft text of the SSSCA:
http://www.politechbot.com/docs/hollings.090701.html

---

http://www.wired.com/news/politics/0,1283,50754,00.html

   By Declan McCullagh ([EMAIL PROTECTED]) and Robert Zarate

   2:00 a.m. March 1, 2002 PST
   WASHINGTON -- A Senate debate over embedding copy protection
   controls in all consumer electronic devices took a sharply partisan
   turn on Thursday.

   During a packed hearing before the Senate Commerce Committee,
   Democrats appeared far more eager for the government to intervene
   in what has become a highly visible tussle between Silicon Valley,
   which advocates a laissez-faire approach, and the Hollywood firms
   lobbying Congress to step in to prevent piracy.

   "When Congress sits idly by in the face of these activities, we
   essentially sanction the Internet as a haven for thievery,"
   committee chairman Fritz Hollings (D-South Carolina) told a panel
   of witnesses that included Walt Disney chairman Michael Eisner,
   News Corp. President Peter Chernin and Intel Executive Vice
   President Leslie Vadasz.

   [...]

   "We might need to legislate," said Sen. John Kerry
   (D-Massachusetts), though he emphasized that he would prefer the
   private sector reach an agreement on how to protect copyrighted
   electronic content.

   "Unfortunately, one issue seems close to an impasse -- how do we
   keep files from being illegally shared and distributed over the
   Internet?" complained Sen. Barbara Boxer (D-California).

   Republicans appeared much more skeptical of the SSSCA -- which is,
   after all, championed by a Democratic committee chairman -- and
   argued legislation would be too interventionist.

   In the 2000 election cycle, the entertainment industry gave
   Democrats a whopping $24.2 million in contributions compared to
   $13.3 million to Republicans, according to figures compiled by
   opensecrets.org.

   [...]



--
--- POLITECH -- Declan McCullagh's politics and technology mailing
list You may redistribute this message freely if you include this
notice. Declan McCullagh's photographs are at
http://www.mccullagh.org/ To subscribe to Politech:
http://www.politechbot.com/info/subscribe.html This message is
archived at http://www.politechbot.com/
--
---

--- End of forwarded message ---


-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Encryption in Company Networks Foiled

2002-02-27 Thread Axel H Horns 

http://www.heise.de/english/newsticker/data/anw-26.02.02-007/

 CUT -

Encryption in Company Networks Foiled  

The encrypting of e-mails in company networks is foiled if it is done 
in a Microsoft Exchange/Outlook 9x/200x environment. In a POP3/IMAP4 
environment this is not the case. In answer to a question by heise 
online Microsoft confirmed that appended files encrypted with crypto 
plug-ins are transmitted in an unencrypted form from client to server 
even when the encryption function of the plug-in has been activated.  

[...]  

 CUT -



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: PGP & GPG compatibility

2002-01-15 Thread Axel H Horns 

On 3 Jan 2070, at 9:41, Nicholas Brawn wrote:

> What's the state of the game with PGP and GPG compatibility?

Interesting question.

I'm using PGP 6.5.8 for my professional confidential e-mails and 
sometimes I get complaints from GnuPG users saying they can't use my 
Pubkey. 

Currently I'm preparing an article on Internet security issues 
related to the businesses of attorneys-at-law and patent attorneys. 
In this context, it is already a hard job to promote usage of e-mail 
encryption, and such incompatibilities between various versions of 
PGP and GnuPG marke it even harder.  

Is there any URL available where I might get more detailed info?

Thanks.

Regards,

Axel H Horns

-- 
Patentanwalt Dipl.-Phys. Axel H Hornse-Mail [EMAIL PROTECTED]
Web www.ipjur.com  Voice ++49.89.30630112  Fax ++49.89.30630113
My PGP RSA Key ID = 0xD8433289 http://www.ipjur.com/pubkey.php3
PGP Pubkey Fingerprint C5D2 5E53 D241 4988  17E4 904D 9467 31BC




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Re: MS Patent for DRM OS [US-A-6,330,670]

2001-12-13 Thread Axel H Horns 

On 12 Dec 2001, at 23:16, John Young wrote:

> Microsoft's patent for a Digital Rights Management
> Operating System was awarded yesterday:
> 
>   http://cryptome.org/ms-drm-os.htm
> 
> Abstract

More relevant than the abstract: The independent claims of the patent.

--- CUT ---

1. A computerized method for a digital rights management operating 
system comprising:  

assuming a trusted identity;  

executing a trusted application;  

loading rights-managed data into memory for access by the trusted 
application; and  

protecting the rights-managed data from access by an untrusted 
program while the trusted application is executing.  

[...]

17. A computer system comprising:  

a processing unit;  

a system memory coupled to the processing unit through a system bus;  

a computer-readable medium coupled to the processing unit through a 
system bus; and  

a digital rights management operating system executed from the 
computer-readable medium by the processing unit, wherein the digital 
rights management operating system causes the processor to create a 
trusted identity for the digital rights management operating system.  

[...]

22. A computer-readable medium having computer-executable 
instructions for a digital rights management operating system stored 
thereon comprising:  

obtaining, from a computer processor, a first value for a monotonic 
counter;  

presenting, to a trusted time server, the first value for the 
monotonic counter;  

receiving, from the trusted time server, a certificate binding the 
first value of the monotonic counter to a time on the trusted time 
server;  

obtaining, from the processor, a second value for the monotonic 
counter before loading a trusted component;  

calculating, using the certificate and the second value, a trusted 
current time;  

comparing a time stamp on a trusted component with the trusted 
current time; and  

determining whether to load the trusted component based on the 
comparison.  

[...]

--- CUT ---

H havn't checked that yet but I can hardly believe that those 
subject-matters as granted by USPTO *really* were novel and inventive 
on January 08, 1999 ...   

Axel H Horns
Patentanwalt




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Man jailed over Enigma machine

2001-10-19 Thread Axel H Horns 

http://news.bbc.co.uk/hi/english/uk/newsid_1609000/1609168.stm

 CUT -

Friday, 19 October, 2001, 16:54 GMT 17:54 UK  

Man jailed over Enigma machine 

The Enigma machine was one of only two in the world A former antiques 
dealer has been jailed for 10 months for handling a stolen wartime 
Enigma encoding machine.  

[...]

 CUT -



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Dutch Government wants to regulate strong cryptography

2001-10-09 Thread Axel H Horns 

http://www.heise.de/tp/english/inhalt/te/9763/1.html

- CUT -

Dutch Government wants to regulate strong cryptography  

Jelle van Buuren   09.10.2001  

Action plan to combat terrorism targets modern communication 
technologies  

The Dutch Government announced Friday it wants to regulate the public 
use of strong cryptography. The regulation of cryptography is one of 
the measures the government is proposing in its  action plan to 
combat terrorism.  

[...]  

- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] How the terror trail went unseen

2001-10-08 Thread Axel H Horns 

http://www.heise.de/tp/english/inhalt/te/9751/1.html

--- CUT -

How the terror trail went unseen  

Duncan Campbell   08.10.2001  

Scientists and politicians row over whether it was planned using hi-
tech or lo-tech  

Investigations into how the terror attackers managed to evade 
detection are producing the unusual situation that statements from 
the FBI have become more trustworthy than those in the press.  

In two successive briefings, senior FBI officials have stated that 
the agency has as yet found no evidence that the hijackers who 
attacked America used electronic encryption methods to communicate on 
the internet. But this has not prevented politicians and journalists 
repeating lurid rumours that the coded orders for the attack were 
secretly hidden inside pornographic web images, or from making 
claiming that the hijacks could have been prevented if only western 
governments had been given the power to prevent internet users from 
using secret codes.  

The latest evidence from the FBI suggests that the hijackers easily 
hid under the noses of the American government, not by using advanced 
technology but by being as American as apple pie.  

[...]  

--- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

RE: [FYI] Antiques man guilty of Enigma charge

2001-09-26 Thread Axel H Horns 

On 26 Sep 2001, at 13:39, Trei, Peter wrote:

> > The machine was one of only three in the world An antiques dealer
> > has admitted handling a stolen code-breaking Enigma machine, worth
> > £100,000.  
> > 
> > [...]
> > 
> Only 3 in the world? I don't think so. At the last RSA conference, the
> NSA had a historical 'museum', including an enigma. The woman running
> it said there were at least 40 still around. 

Perhaps there are only three of the four-wheel-machines left?

"The stolen device, an Abwehr Enigma G312, is a rare four-rotor 
version, one of only three still known to be in existence."

Of course, there are a lot of other Enigmas. One I've seen at 
Deutsches Museum in Munich, another in a museum in Berlin.

Axel H Horns

-- 
Patentanwalt Dipl.-Phys. Axel H Hornse-Mail [EMAIL PROTECTED]
Web www.ipjur.com  Voice ++49.89.30630112  Fax ++49.89.30630113
My PGP RSA Key ID = 0xD8433289 http://www.ipjur.com/pubkey.php3
PGP Pubkey Fingerprint C5D2 5E53 D241 4988  17E4 904D 9467 31BC



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Antiques man guilty of Enigma charge

2001-09-26 Thread Axel H Horns 

http://news.bbc.co.uk/hi/english/uk/england/newsid_1564000/1564878.stm

-- CUT -

Wednesday, 26 September, 2001, 15:25 GMT 16:25 UK  

Antiques man guilty of Enigma charge 

The machine was one of only three in the world An antiques dealer has 
admitted handling a stolen code-breaking Enigma machine, worth 
£100,000.  

[...]

-- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] FITUG urges political leaders to defend citizens' freedoms

2001-09-18 Thread Axel H Horns 

http://www.fitug.de/news/pes/fitug-010918.en.html

--- CUT -

FITUG e.V.  

Förderverein Informationstechnik und Gesellschaft  

FITUG urges political leaders to defend citizens' freedoms  

Tuesday's terrorist attacks were not only targeting human lives, but 
also the basic values of open societies. In these dark hours of grief 
and wrath, political leaders are called upon to protect both: 
Citizens' lives and citizens' freedom.  

Terrorists' attack on open societies cannot be completed but with 
help from ourselves, and from our political leaders. This must not 
happen.  

In the ongoing debate on how terrorism is best fought, one option 
proposed by certain circles comprieses strenghtening signal 
intelligence capabilities. According to these circles, the 
eavesdropping capabilities available to law enforcement and the 
intelligence community are insufficient for uncovering and monitoring 
communication of today's distributed and highly organized groups of 
terrorists and criminals.  

Availability of virtually unbreakable encryption products to the 
general public is perceived as a major obstacle in the current battle 
against terrorism.  

This perception is highly misleading. Any legislative activity based 
on it will inevitably fail to reach its goal. Instead, such activity 
would undermine basic values of free and open societies, such as 
citizens' right to privacy and private communication.  

Such legislative activity would ignore the ample evidence that the 
problem of today's intelligence is not a lack of signal intelligence, 
but a lack and neglection of human intelligence and intelligent 
interpretation of the material collected.  

Even the most sophisticated signal interception technology available 
will hardly be able to thwart stone age style secure channels used by 
terrorists, such as human couriers and confidential face-to-face 
meetings.  

Cryptography is a key enabling technology for a safe information 
society. Obstructing the use of practically unbreakable encryption as 
a means of securing electronic communications will make our modern, 
information-based economies and societies even more susceptible to 
cyber criminals' and terrorists' attacks.  

Stopping the spread of strong cryptography would amount to blasting 
holes into the civilized world's already-thin defense shield against 
digital harm.  

We therefore urge political leaders and policy-makers not to restrict 
citizens' and businesses' freedom to communicate privately, using the 
best technology available.  

Our societies and economies need this technology and its widespread 
use in order to defend against tomorrow's digital attacks.  

About FITUG  

FITUG creates connections to the virtual world of new media and data 
networks. From our statues: "The association's purpose is the 
fostering of the integration of new media with society, public 
education about technologies, risks, and dangers of these media, and 
the fostering of human rights and consumer interests with respect to 
computer networks." FITUG is a member of the Global Internet Liberty 
Campaign (GILC).  

--- CUT -




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] FITUG Statement on Crypto Policy

2001-09-18 Thread Axel H Horns 

http://www.fitug.de/news/crypto-long-010918.html

--- CUT --- 
FITUG Statement on crypto policy 2001-09-18

FITUG expresses its deepest sympathy for the victims of the heinous
attacks in the U.S.  

FITUG calls upon the governments around the world to ensure combating
of terrorism and other forms of crime on the basis of proper law
enforcement on the basis of law and justice in order to protect those
basic values constituting a free and democratic world.

The tragic events have sparked off an increasing debate on 
legislative measures suitable to help preventing future acts of 
terrorism, in particular with regard but not limited to potential
future casualties including utilisation of weapons of mass destruction
(WMD).

One option recently proposed by various circles concerned comprises a
re-strengthening of the signal intelligence (SIGINT) capabilities of
the intelligence services and measures to facilitate the communication
eavesdropping of law enforcement agencies in order to be able to
uncover and monitor communication links of distributed groups of
terrorists or other criminals. When following this argumentation, the
availability of strong "unckrackable" encryption products to everybody
can be identified as a major obstacle blocking further progress in
anti-terrorism and anti-crime policy.   

Such view is, however, misleading, and any resulting legislative
activity based thereon will inevitably fail to reach its goal but
instead undermine the basic values of freedom and democracy which we
all do need to protect against terrorism in these grievous times.

In particular, FITUG issues a number of observations as set out 
below:

- Over-reliance of intelligence services and law enforcement agencies
on technology-based surveillance may well lead to a lack of awareness
of relevant facts. It has come to be known that frequently in
terrorist or other criminal groups some of the most important
information is relayed non-technologically, often carried by human
couriers. Oftenly, the communications methods employed by such
organisations are designed to defy technological surveillance.   

- Hence, the proper way to enhance the capabilities of the 
intelligence services and law enforcement agencies is to effect a
major reform of these institutions, abandoning contemporary visions of
defeating terrorism and other crime by monitoring the outside world by
masses of officials staring on countless computer screens installed
within high-security fortresses and displaying data gathered by SIGINT
techniques. The SIGINT hybris has to be stopped. What the services
actually need isn't more and more electronic access to private raw
information but more brain power in order to derive proper
conclusions. Let them then get out to mess with real terrorists and
other criminals in real life. This is where a solution of the current
crisis can be found.

- Cryptography is now well established as a basic technology for
countless products of the emerging Information Society and, hence, a
complete ban thereof is deemed to be completely infeasible. Moreover,
in the late 90ies of the past centuries many recognised experts in the
field of cryptography have demonstrated that mandatory GAK is not a
real option on a technical level; countless technical problems of
large-scale GAK systems are still completely unresolved. 

- Some have said that the tragic events in the U.S. are an example of
high-tech terrorism. This is completely wrong. Although the captured
planes surely are high-tech, the way of capturing them by rogue
brutality exercised with knifes is absolutely low-tech. By no means
society should forget that there is a real risk of a very severe high-
 tech assault on the data networks of the wired world. However, 
widespread use of strong cryptography is a crucial brick in a 
framework to protect the sensitive technical network infrastructure of
the Information Society against attacks. Obstruction of free usage of
strong cryptography means irresponsibly weakening the infrastructual
framework of the emerging Information Society. 

- Last but not least, the right to privacy of the ordinary citizen is
one of the core values of a free democracy. Destroying the technical
basis for preserving privacy in the Information Society means to
deteriorate one of the essential characteristics of the free world.   

Whatever legislative steps are taken in response to the recent 
attacks, terrorists and other criminals will come up with effective
techniques to conceal what and with whom they communicate from where
to where, or even whether they store and communicate at all. Thus, if
legal restrictions are placed on the privacy permitted by the IT
infrastructure, only criminals will enjoy unrestricted privacy.   

In the current situation, law enforcement agencies should only be
allowed and enabled to exploit security weaknesses of IT s

Re: How to ban crypto?

2001-09-16 Thread Axel H Horns 

On 16 Sep 2001, at 17:26, Peter Fairbrother wrote:

> Any other suggestions for how to ban crypto? I can't think of anything
> that would actually work against terrorists.

Hmmm... we should be careful not to restrict the discussion of 
potential (non-)effects of coming restrictive legislative measures 
with regard to cryptography to pure technical aspects thereof.

For example, I am working in Germany as a Patent Attorney. During the 
past years I managed to convince a handful of clients and colleagues 
to make use of PGP in order to protect confidential information when 
sending e-mail messages.

Of course, if PGP would be banned in Germany by some legislation I 
would not be able to recommend any client or colleague to continue 
with PGP usage. I for myself would have to cease PGP usage 
immediately. Besides criminal charges, it would be an offence in 
violation of the applicable professional code of conduct, and I 
surely would get a lot of trouble if I would exercise non-compliance 
in conjunction with my professional activities. Maybe that I would 
lose my professional admission (in Germany, "Patentanwalt" is a 
strictly regulated profession).   

Other professional users would also effectively be forced to cease 
PGP usage by similar mechanisms.

So a ban on strong crypto might indeed very effective among 
professional users where economical aspects are at stake.

Nevertheless, a ban of non-GAK strong crypto would not be a suitable 
measure to fight terrorism. It would only stabilize the present 
SIGINT hybris.

Axel H Horns




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] (Fwd) Crypto Blamed for US terrorist attack - World Exclusive

2001-09-12 Thread Axel H Horns 


--- Forwarded message follows ---
Date sent:  Wed, 12 Sep 2001 05:15:15 +0100
To: [EMAIL PROTECTED]
From:   Bruce Tober <[EMAIL PROTECTED]>
Subject:Crypto Blamed for US terrorist attack - World Exclusive
Send reply to:  [EMAIL PROTECTED]

That's the headline I picture on all the tabloids within a fortnight,
with the subhead: Government Ministers to Ban E-mail Encryption
(except under strict licensing)

And that will be in the US, the UK and throughout most of the rest of
the world.

Comments?
-- 
| Bruce Tober, <[EMAIL PROTECTED]>,   Freelance
Journalist, | |   My Website
 | | Birmingham, UK, EU
+44-780-374-8255 (Mobile) +44-1562-638-704 (Landline) |



--- End of forwarded message ---



-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Did Encryption Empower These Terrorists?

2001-09-12 Thread Axel H Horns 

http://www.msnbc.com/news/627390_asp.htm

- CUT 

Did Encryption Empower These Terrorists?  

And would restricting crypto have given the authorities a change to 
stop these acts? 

By Steven Levy 

NEWSWEEK WEB EXCLUSIVE  

Sept. 11 — “Well, I guess this is the end now. . . .” So wrote the 
first Netizen to address today’s tragedy on the popular discussion 
group, sci.crypt. The posting was referring what seems like an 
inevitable reaction to the horrific terrorist act: an attempt to roll 
back recent relaxations on encryption tools, on the theory that 
cryptography helped cloak preparations for the deadly events.   

BUT THE DESPONDENCY reflected in the comment can be applied more 
generally. The destruction of the World Trade Center and the attack 
on the Pentagon comes at a delicate time in the evolution of the 
technologies of surveillance and privacy. In the aftermath of 
September 11, 2001, our attitude toward these tools may well take a 
turn that has profound implications for the way individuals are 
monitored and tracked, for decades to come.  

[...]  

- CUT 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] FBI steps up Net surveillance, following terror attack

2001-09-12 Thread Axel H Horns 

http://www.theregister.co.uk/content/57/21626.html

--- CUT 

FBI steps up Net surveillance, following terror attack  

By Kieren McCarthy  

Posted: 12/09/2001 at 12:17 GMT  

The FBI has been accused of using yesterday's disaster as a way to 
install more of its Carnivore listening boxes into Internet systems.  

FBI agents have reportedly turned up at several Internet and network 
service providers with a number of boxes in tow and requesting 
permission to install them at the heart of people's networks. Many 
have said yes.  

One sysadmin, insisting on anonymity, told Wired.com that agents had 
turned up at his work "with a couple of Carnivores, requesting 
permission to place them in our core, along with offers to actually 
pay for circuits and costs". Other sources say the FBI agents have 
said the boxes will only be there for the next few days.  

Even though the terrorist attacks are fresh in people's minds, some 
observers have already raised concerns that the failure of the 
intelligence agencies to uncover the plots will lead them to ask for 
increased surveillance powers. Suggestions that the terrorists 
communicated through encrypted information sent over the Internet 
have already started emerging. ®  

--- CUT 




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Electronic filing standards

2001-06-11 Thread Axel H Horns 
: Doing electronic filing should be possible e.g. by using a
simple browser software (if only a single application or a few of
them is to be filed) or by using an elaborate electronic filing
server system on the user's side (if a lot of things are to be filed
electronically).

These 8 points clearly are not completely met by the current version
of the EASY/EPOLINE software used or to be used by EPO, WIPO, and
others. For example, at the time being epoline is effectively based
on the .pdf document format. The role of the EPO in the context of
the EPOLINE PKI is currently somewhat opaque. Mr. Bambridge has
promised to introduce XML data formats and open PKI providers. We
shall wait and see.

The MIPEX project seems to be much more committed to open standards.
However, the question is which influence MIPEX can have on the stage
of a theatre where the 'big three' Patent Offices (US-PTO, EPO,
JP-PTO) have already made their own decisions.  

I wonder whether it is useful at all - at least on the long run -
that Patent Offices act as software suppliers. At the time being they
give away their software for free, and most of the addressed
professionals will accept these gifts most gratefully. And, for
boosting developments in an initial pilot phase, creation and
distribution of electronic filing software seem to be acceptable.
However, in a long term perspective and under the current policy the
control over the development of the electronic filing software
remains solely with the Patent Offices.  

I beg for pardon but I think that a little doubt should be allowed on
the long term fairness of a system of roles where the Patent Offices
(or the WIPO on behalf of them) have complete control over a certain
software architecture whereas their "customers" have none. I do not
like the term "customers" in this context: The Patent Offices are
Authorities privileged by Public Law, not service providers on a
certain market. The "customers" of a Patent Office desiring a patent
valid on a particular territory have in fact no choice to select
concurring service providers on a "market": A Patent Office
constitutea a monopoly by law (i.e., a European Patent can be
obtained solely from the EPO; various national patents are aliuds not
identical with the said European Patent). Therefore I think that, on
the long run, Patent Offices should refrain from playing a role as
software vendors, thereby respecting the monopoly role assigned to
them by law with regard to their core functions. Or, otherwise,
perhaps it might be an interesting idea to encourage the Patent
Offices not only to give away their compiled binaries for free but to
put the corresponding sources under the GPL. This would truly open
the electronic filing business for other parties interested in that
matter. 

But, anyway, the demand for a unified set of technical standards for
electronic filing seems to be entirely justified. More awareness
amongst the patent professionals should be created. Otherwise, in a
few years they might realise that there is a rigid set of technical
standards excellently mapping the requirements of the Patent Offices
but not being adaptable to the various needs of a broad scale of
users.  

Axel H Horns
Patentanwalt
European Patent Attorney
European Trade Mark Attorney
- - --
Patentanwalt Axel H Horns[EMAIL PROTECTED]
Voice ++49.89.30630112  Fax ++49.89.30630113
My PGP RSA Key is available, ID = 0xD8433289
PGP C5D2 5E53 D241 4988  17E4 904D 9467 31BC

-BEGIN PGP SIGNATURE-
Version: PGP Personal Privacy 6.5.8

iQEVAwUBOyUktXOKQLzYQzKJAQEcwAgAgVMElI/wDBMORbovmid+bd8qnAeTh0+i
TywrsPDuhf8T3KGKPU0h6uUYx04sGo9aM/x8DyBjgTDa0GaXDY24zFOq3VwLr9Ys
twDZo02+rAO7KnBrrX7g+kbAteANz9mnO/7oi0hbabL3wDh1H5LkkBu65BLt94ZI
R+kPwRryZ34cLA3EMBGm/nhOC3/TE/xNS3Q+4/7nY39aNaAd9NO7d37vMVFeNQeF
COjQJnqIfXPalXUJNl4av/anyHhSyccpxAPVsl8cdd+Mo3GlFKaavqqCP8Qvt/MQ
j7ovmuIig5M16dcV2g3Fkq4zbjnYg2aQ9U5XCB97MwUUKrZEL/t2DA==
=5ik7
-END PGP SIGNATURE-




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

[FYI] Intelligence agencies and police want to get access to encrypted messages

2001-05-08 Thread Axel H Horns 

http://www.heise.de/tp/english/inhalt/te/7571/1.html

- CUT ---

Dutch government puts Trusted Third Parties under pressure  

Jelle van Buuren   08.05.2001  

Intelligence agencies and police want to get access to encrypted 
messages  

Dutch law enforcement authorities are forcing Trusted Third Parties 
(TTP's) to use key escrow or key recovery techniques, which make it 
possible for law enforcement to decrypt encrypted messages. The law 
enforcement authorities want to get access to encrypted Internet 
messages, according to secret documents revealed by the Dutch digital 
rights movement  Bits of Freedom.  

Trusted Third Parties (TTP's) are independent organisations, which 
offer services to enhance the security and reliability of electronic 
communication. TTP's, for instance banks, accountants, 
telecommunication companies or public notaries, use cryptography to 
prove the authenticity of communication and secure the 
confidentiality of communication.  

[...]

- CUT ---




-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]