Re: A secure government
On Fri, Feb 07, 2003 at 10:25:25AM -0800, Steve Schear wrote: > How > about a publishing bot that creates a current and accessible db of randomly > selected recent emails crossing the Internet alphabetized by sender name > and email address? My guess is that if the scoundrels supplying the data > cannot be found and the data cannot be removed an increasing number of > people will begin to take their email privacy more seriously. Interesting idea. Implementation would be fairly trivial. The hard part would be getting samples from diferent locations. Or, you could fake emails, and have the vast majority of them be encrypted, as an example of the benefeit.
Re: A secure government
>>>The view I get fed all the time is that crypto is, on the whole, in >>>the hands of >>>the terrorists, the anti-patriots, the paedophiles, et al. >> >>Correct. >> >>>That it is a bad >>>thing. >> >>We don't think so. > > Mr Robinson: we understand the Bill of Rights applies to > some unsavory types too. Do you think this is a bad thing? On the contrary. However, from the point of view of the mainstream populace, most of the times that cryptography is brought into the focus of interest, it's as the tool of an "enemy" or an undesirable. The only times I ever see it mentioned in the news, certainly - stego, coded messages, etc - but then I never really see much good news either :) I don't think people actually /care/ whether or not their mail is unencrypted, so long as it's no hassle for them whichever way - how many people really take notice of a small locked padlock icon in the corner of their browser? (It seems kind of disparate that sites will proudly display a huge gif to state that their connection is secure, but fail to provide hushmail-like pgp'd mail.) But given the choice between encrypting their own comms or not, many people would hesitate, and probably opt for the latter. Not necessarily just because it's another thing to click on, but because they see it has this affiliation with the bad people hiding the bad things. If they send a block of crypted text, then something will "mark" them out and group them as someone to monitor. Companies may try to push their secure tech as .. well, "secure". People may not even know why they need it, They Just Do. But public image and ad campaigns apparently guide people more than common sense these days, and I think at the moment there's a "marketing block" that needs to be pushed around a bit before people will actively and knowingly encrypt things.
Re: A secure government
at Thursday, February 06, 2003 4:48 PM, Chris Ball <[EMAIL PROTECTED]> was seen to say: > Another point is that ``normal'' constables aren't able to action the > request; they have to be approved by the Chief Constable of a police > force, or the head of a relevant Government department. The full text > of the Act is available at: at least in theory. It was only a massive public "FaxYourMP" campaign that aborted the attempt to extend the "people able to authorise" list for interception to the head of any local government department (and a few other groups). I have no reason to believe that a similar paper would not have extended authority to demand keys right down to the dogcatcher general too :)
Re: A secure government
At 12:03 AM 2/6/03 -0800, Tim May wrote: >On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: >> The view I get fed all the time is that crypto is, on the whole, in >> the hands of >> the terrorists, the anti-patriots, the paedophiles, et al. > >Correct. > >> That it is a bad >> thing. > >We don't think so. > Mr Robinson: we understand the Bill of Rights applies to some unsavory types too. Do you think this is a bad thing? See you in Manzanar, baby.
Re: A secure government
>> On 6 Feb 2003, Peter Fairbrother <[EMAIL PROTECTED]> said: >> Unfortuately, this is not true in the UK - the penalty for >> non-decryption of encrypted files on request by an LEA (even >> if you don't have the key!) is a jail term. > b) Plod would have to prove you have the key, and refused to give > it, before you got convicted. Kinda hard to do. Amusingly, this requirement was only added *after* activists e-mailed the Home Secretary, Jack Straw, with mail encrypted to random public keys; making the point that unless he could decrypt all of them if asked, he'd be looking at a jail term. An RMS article from _The Guardian_ gives more details about the bill: < http://www.stallman.org/knock.html > Another point is that ``normal'' constables aren't able to action the request; they have to be approved by the Chief Constable of a police force, or the head of a relevant Government department. The full text of the Act is available at: < http://www.fipr.org/rip/ripa2000.htm > - Chris. -- $a="printf.net"; Chris Ball | chris@void.$a | www.$a | finger: chris@$a | "The obvious mathematical breakthrough would be development of an easy | way to factor large prime numbers." -- Bill Gates, _The Road Ahead_.
Re: A secure government
at Thursday, February 06, 2003 3:44 PM, Peter Fairbrother <[EMAIL PROTECTED]> was seen to say: > David Howe wrote: > a) it's not law yet, and may never become law. It's an Act of > Parliament, but it's two-and-a-bit years old and still isn't in > force. No signs of that happening either, except a few platitudes > about "later". Indeed - and the more FaxYourMP can do to keep that ever coming into force the better :) > b) Plod would have to prove you have the key, and refused to give it, > before you got convicted. Kinda hard to do. Not true - they have to prove you *had* the key at some point in the past. having lost the key isn't a defense > c) you already know this!!! probably - it was an oversimplification of a complex legal situation. the law *is* on the books, and as far as I can see, all that is stopping the first part of it coming into force is the desire of the HO to add a shopping list of new people to the list already defined in the act. I am assuming that the part we are discussing here is "held up in the queue" until the bits before it come into effect.
Re: A secure government
On Thu, Feb 06, 2003 at 12:03:07AM -0800, Tim May wrote: > I thought everyone knew that .mil and .gov sites are on the public side > of the Net. Most sensitive sites are forbidden to have a direct > connection to the public Net. True. What's more, when I wrote about this last (a few weeks or months ago), I could find no verifiable instance of classified material leaking via the Web. Seems not to have happened, scares over "terrorist hax0rs" during budget time notwithstanding. -Declan
Re: A secure government
David Howe wrote: >> No, the various provisions of the Constitution, flawed though it is, >> make it clear that there is no "prove that you are not guilty" >> provision (unless you're a Jap, or the government wants your land, or >> someone says that you are disrespectful of colored people). > Unfortuately, this is not true in the UK - the penalty for > non-decryption of encrypted files on request by an LEA (even if you > don't have the key!) is a jail term. Dave, a) it's not law yet, and may never become law. It's an Act of Parliament, but it's two-and-a-bit years old and still isn't in force. No signs of that happening either, except a few platitudes about "later". b) Plod would have to prove you have the key, and refused to give it, before you got convicted. Kinda hard to do. c) you already know this!!! -- Peter Fairbrother
Re: A secure government
at Thursday, February 06, 2003 11:21 AM, Pete Capelli > Then which one of these groups does the federal government fall > under, when they use crypto? In the feds opinion, of course. Or do > they believe that their use of crypto is the only wholesome one? Terrorism of course, using their own definition - they use force or the threat of force to achieve their political aims :)
Re: A secure government
> No, the various provisions of the Constitution, flawed though it is, > make it clear that there is no "prove that you are not guilty" > provision (unless you're a Jap, or the government wants your land, or > someone says that you are disrespectful of colored people). Unfortuately, this is not true in the UK - the penalty for non-decryption of encrypted files on request by an LEA (even if you don't have the key!) is a jail term.
Re: A secure government
- Original Message - From: "Tim May" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, February 06, 2003 3:03 AM Subject: Re: A secure government > On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: > > > > > The view I get fed all the time is that crypto is, on the whole, in > > the hands of > > the terrorists, the anti-patriots, the paedophiles, et al. > > Correct. Then which one of these groups does the federal government fall under, when they use crypto? In the feds opinion, of course. Or do they believe that their use of crypto is the only wholesome one? -p
Re: A secure government
On Wednesday, February 5, 2003, at 01:23 PM, W H Robinson wrote: The view I get fed all the time is that crypto is, on the whole, in the hands of the terrorists, the anti-patriots, the paedophiles, et al. Correct. That it is a bad thing. We don't think so. People using it should surrender keys to the government, if you're encrypting mails then you should be viewed as having something to hide... Interfaces and usability aside, there's an air that only the "wrong" need ciphers. Most of us laugh at these kinds of proposals. History as we see it backs this up to an extent, in the fact that secrets are presented as something in the hands of the enemy to be broken as a tool of war. No, the various provisions of the Constitution, flawed though it is, make it clear that there is no "prove that you are not guilty" provision (unless you're a Jap, or the government wants your land, or someone says that you are disrespectful of colored people). I don't understand what you mean my "history...backs this up." A person writing in a private language is not compelled to translate, or even to testify. O.J. Simpson never took the stand. Bill Clinton was not sent before a firing squad. But it just seems stange to me that the government in all their paranoia haven't announced nationwide plans to start encrypting all government communications, to implement federal-, nay industrial-spanning secure infrastructures. Much of the sensitive parts of government (as opposed to the 99% which is nattering about rules and regulations) have been using AUTOVON, STU-III, and similar things for decades. In popular parlance, "scramblers." When I did some advisory work for DOD in 1979 they already had their own network of secure satellites, the DSCS (pronounced "discus") satellites. This was at least 24 years ago. In my proletarianism, maybe I'm just blind to it. Have people in sensitive positions of power actually seen an increase in taking this seriously? Is it already in such a state? The security of simple things such as .mil webpages and IP'd resources certainly doesn't convince. Or are they really not bothered, and just want to make a good headline? I thought everyone knew that .mil and .gov sites are on the public side of the Net. Most sensitive sites are forbidden to have a direct connection to the public Net. Further, if such a scheme were announced, could this conceivably introduce cryptotech as part of a mainstream process? Necessity is the mother of invention, and in such times, necessity is what people say it is and sell it as. As a safeguard against nations' security and/or economy, should we look to paranoid industries as the first step towards a secure, anonymous society? Hum, just me thinking aloud anyway. Apologies if this is in the archives.. crypto + govenment throws up a few results... --Tim May