Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, Apr 23, 2004 at 05:06:44PM +0200, Eugen Leitl wrote: Pulling the power is the exact wrong thing to do if it's a CFS requiring a passphrase at startup. Does anyone know what the default procedure is when hardware is being seized (threat model=knuckle-dragger/gumshoe)? This might have a clue. Been a while since I read it, though. http://www.cybercrime.gov/ssmanual2002.htm -Declan
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
Major Variola writes... If you physically destroy the keys or the data, there is little to gain by torturing you or your family. That is superior to gambling that your deeper duress levels are convincing to the man with the electrodes. Are there any publicly available documents that detail interrogation protocols and what brainwave patterns and bloodflow look like during truth telling and lying? Preferably something that gets into how to consciously alter brainwave patterns and bloodflow with this application in mind... A document with a thorough discussion of various depressants on such an interrogation process would also be most interesting. We all know that no lie detector is not perfect, but trying to convince captors that I'm part of a minority of subjects -- those who appear to be lying when they're not -- is not my idea of fun.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
underground railroad would have worked better, but your still black. Obviously you don't know about whitening properties of moder ciphers! Seriously, today the distingushing marks among classes, tribes and castes are far more informational than physical. So today crypto *can* make you white, or better to say discoloured. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢ http://photos.yahoo.com/ph/print_splash
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, 23 Apr 2004, A.Melon wrote: Are there any publicly available documents that detail interrogation protocols and what brainwave patterns and bloodflow look like during truth telling and lying? Preferably something that gets into how to consciously alter brainwave patterns and bloodflow with this application in mind... There is other possibility how to beat interrogation - suitable only for some subsets of situations, when the organization design is prepared for this. Tell them all. Tell them the truth. Make sure in advance that you can afford to do it without telling them what they need/want to know - design the system the way you won't be *able* to know the information that could endanger the important parts of your system/organization.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tyler Durden wrote: | However, I'd bet there are short-term applications for crypto that | really matter and yet have no real relationship to $$$ (for instance, | what if there was widespread communications and crypto in Nazi | Germany...would the holocaust have happened?) | | -TD Yes. The Jews knew what was happening which is why the rich, smart, and / or politically savvy got out early in the 30's. Sure it may have saved a few more lives, but prevented it, no. Crypto won't hide your ethnicity. This is like arguing would widespread communications and crypto in the US slave south have prevented black enslavement. Sure the underground railroad would have worked better, but your still black. - -Peter -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (MingW32) iD8DBQFAiN82riJJDZPNJ28RAjbVAKDUWgWQJjH0xw3ulnez9SRfalfLaACgn1I3 jYawSZU+yp9kkXQhxy+oI+g= =3EaI -END PGP SIGNATURE-
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. Of course, some really really smart MwG (or the cool suits standing behind them) will be able to detect that data is being destroyed, but statistically speaking that will be much rarer. -TD From: Major Variola (ret) [EMAIL PROTECTED] To: [EMAIL PROTECTED] [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push Date: Thu, 22 Apr 2004 11:53:07 -0700 At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn.But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. _ FREE pop-up blocking with the new MSN Toolbar get it now! http://toolbar.msn.com/go/onm00200415ave/direct/01/
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, Apr 23, 2004 at 10:43:14AM -0400, Trei, Peter wrote: Step zero is to pull the power, so any shutdown code does not run. Pulling the power is the exact wrong thing to do if it's a CFS requiring a passphrase at startup. Does anyone know what the default procedure is when hardware is being seized (threat model=knuckle-dragger/gumshoe)? I presume people don't yet scan for remote machines on wireless networks, too. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
Tyler Durden wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. Of course, some really really smart MwG (or the cool suits standing behind them) will be able to detect that data is being destroyed, but statistically speaking that will be much rarer. -TD Whats your threat model? If the prospective attacker has state-level resources, this will always fail. There are a number of guides online describing how attackers should deal with computer data. One of the most basic is they *never* run the attackees software on the original disk. Step one is always to make a bit-level mirror of the entire hard drive, and work with a copy of that. Step zero is to pull the power, so any shutdown code does not run. Any protective scheme which relies on the attacker inadvertantly activating software is doomed from the start. If you're dealing with a state-level attacker, any scheme involving explosives or incendiaries would get the attackee in as much or more trouble than the original data would. This is a hard problem. I suspect any solution will involve tamper-resistant hardware, which zeroizes itself if not used in the expected mode. Peter Trei
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 07:43 AM 4/23/2004, Trei, Peter wrote: If you're dealing with a state-level attacker, any scheme involving explosives or incendiaries would get the attackee in as much or more trouble than the original data would. This is a hard problem. I suspect any solution will involve tamper-resistant hardware, which zeroizes itself if not used in the expected mode. Right, there are at least two workable solutions- Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this. A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print. steve
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
From: Tyler Durden [EMAIL PROTECTED] 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. For Windows, look up Strong Disk Pro, they're quite paranoid - it can be used like this. Mark
RE: [IP] One Internet provider's view of FBI's CALEA wiretap push
Right, there are at least two workable solutions- Hard drives with user alterable firmware. I surprised that none of the major drive manufacturers seems to have thought about offering a version of their controllers, for substantially more money, that offers this. A retrofit device that screws into the side of the hard drive and is set to inject a corrosive that almost instantly destroys the drive surfaces. The device can be triggered by any number of intrusion detectors or a voice-activated system keyed to the operators voice print. Maybe there is also a third solution: a FPGA sitting on the IDE bus between the disk and the controller (optionally as a PCI controller card), realtime-encrypting the data with something suitably strong, eg. AES256, with the key stored in a way that's easy to destroy it - most likely a self-contained tamper-resistant device that forgets the key under a range of conditions: if a wrong access code gets entered n times, if a door sensor detects forced entry, if a kill-switch is pressed, if a machine is moved without the correct movement-authorizing code is entered before, anything that fits the threat model. The key itself can be destroyed pyrotechically (burn, chip, burn), or just let a RAM forget it (where the RAM may be a battery-backed microcontroller system which shuffles the bits through a SRAM periodically in order to avoid problems with retention after power-off; the algorithm then can be chosen in the way that makes it more difficult to eavesdrop on the electromagnetical emissions and power consumption variations - a lot of this problematics is already solved by the secure-smartcards industry). Optionally, backup of the code is possible in many forms, if the desired safety/reliability requires recovery from accidental key erase. The key, being just 256 bits, may be stored in myriads ways, including a m-of-n scheme where the parts are stored in various places or under control of different people. Serial EEPROM chips could be suitable as containers, as they are easy to work with, small, easy to transport and hide; this requires a degree of security-by-obscurity, but the possibility to require m chips (or other containers) (which could be under control of other people, including offshore entities) could alleviate this to certain degree.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
From: Tyler Durden [EMAIL PROTECTED] Sent: Apr 23, 2004 10:09 AM To: [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push .. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? -TD --John
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 11:33 PM 4/22/04 +0200, Eugen Leitl wrote: This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. Thanks, I hadn't thought about the sensory impact of various methods. Varying amounts of bang vs. heat vs smoke vs lava. Obviously they affect usage environment. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. Yes, particularly if USB flash memory has no persistance. But there is no clear button on a USB dongle. Secure clear would require a small amount of logic. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. You know the rules of the game, you have to assume that.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 08:51 PM 4/23/04 +0200, Thomas Shaddack wrote: On Fri, 23 Apr 2004, John Kelsey wrote: The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? This serves a purpose as well. Why would you ever cooperate if you can't expect much from the deal anyway? Since passphrases are in persons' minds, and minds and wills can be broken, one has to consider the security implications of this. Mil orgs don't assume that prisoners are able to keep secrets under arbitrary duress. Duress layering buys time for your colleages and family in all cases, whether they kill you or not. If they're not killing you, then maybe they'll buy one of the deeper levels of duress layers. If you physically destroy the keys or the data, there is little to gain by torturing you or your family. That is superior to gambling that your deeper duress levels are convincing to the man with the electrodes. An iButton that you could crunch in your teeth to destroy it would be nice...
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
t 10:09 AM 4/23/04 -0400, Tyler Durden wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Well, what if there were 3 passwords: 1) One for Fake data, for amatuers (very few of the MwG will actually be smart enough to look beyond this...that's why they have guns) 2)One for real data...this is what you're hiding 3) One for plausible real data, BUT when this one's used, it also destroys the real data as it opens the plausible real data. The first thing cops do is make backups of the harddrives. So you can't destroy the real data. You would need a tamper-proof card (ie trusted security region) to implement this. None of the commercial memory gizmos, from USB dongles to stamp-sized memory cards, do this. None of the smart cards are user programmable and none include secure wipe, AFAIK. Do PDA apps? How do they store data between battery changes? Is it enough to hold a tiny memory card for a minute over a lighter? Merely snapping the card into pieces? Does one need to make a scene with fireworks? (I'm remembering that spammer who tried to eat a small memory card.)
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 09:23 PM 4/22/04 +0200, Thomas Shaddack wrote: Innocents could be a good cannon fodder that can bring a lot of backslash and alienation aganst the goons, stripping them from public support. Yes, this has been discussed before, in addition to using it retributionally --finger some deserving civil servant's offspring. But eventually they'll come back to you wanting names that turn out to be legit, and reveal yet more names. Which is not to say that such countermeasures aren't valuable for the *warning time* your colleages get as a result. filesystems (etc) with layers of deniable stego. Are there any decent implementations for Linux/BSD/NT? I haven't looked recently. One property that such a FS or app should have is that it is useful for something *else* besides stego duress layers. Maybe a watermark :-) management tool that can embed multiple watermarks that don't interfere. Hmm... a meaty problem... tasty, with heavy theory sauce.. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. There are magnesium rods on the camping market, sold as firestarters for very bad weather. One can also buy mag ribbon which is more convenient than the mini-ingots you are referring to. I know that pyrotechs coat Mg curls and the like with blackpowder paste (apply wet then dry). A coil of coated ribbon and a rocket-igniter would make a neat little daughterboard :-) Just don't take it on an airplane. There are patents on similar, of course. Testing might get expensive unless you can get destructive-test dongles cheaply, and how much effort do you expend trying to read the data?
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, 23 Apr 2004, John Kelsey wrote: The obvious problem with multiple levels of passwords and data is: When does the guy with the rubber hose stop beating passwords out of you? After he gets one? Yeah, that's plausible, if he's convinced there's only one. But once he's seen a second hidden level, why will he ever believe there's not a third, fourth, etc.? The same calculation applies to a judge or district attorney. He *knows* (even if he's wrong) that there's evidence of kiddie-porn, drug dealing, etc., in there somewhere. He knows you've given up two passwords. Why is he ever going to let you out of jail, or ever going to reduce the charges down to something a normal human might live long enough to serve out the time for? This serves a purpose as well. Why would you ever cooperate if you can't expect much from the deal anyway?
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Fri, 23 Apr 2004, Major Variola (ret) wrote: filesystems (etc) with layers of deniable stego. Are there any decent implementations for Linux/BSD/NT? I haven't looked recently. One property that such a FS or app should have is that it is useful for something *else* besides stego duress layers. Maybe a watermark :-) management tool that can embed multiple watermarks that don't interfere. Hmm... a meaty problem... tasty, with heavy theory sauce.. Regarding filesystems, some time ago I came up with an idea of a filesystem as a block device that has the filesystem handling code in its bootblock area in a bytecode. Mount the fs, it reads the functions into the interpreter's sandbox. Could be useful especially for read-only media that would be using exotic encryption or compression algorithms, and quick portability of them between various OSes; you have to develop only the interpreter and the filesystem API for any OS in question, the rest is on the medium itself. I recently stumbled over an extremely interesting Linux project, FUSE - filesystem in userspace. The fuse.o module serves as an interface between the kernel and user space, relaying the filesystem-related calls. It's quite robust approach, as any crash of the external filesystem code is in userspace and is unlikely to take down the machine itself. Wondering if something like that could be written for Windows. Would simplify a lot of things. There are magnesium rods on the camping market, sold as firestarters for very bad weather. One can also buy mag ribbon which is more convenient than the mini-ingots you are referring to. I know that pyrotechs coat Mg curls and the like with blackpowder paste (apply wet then dry). A coil of coated ribbon and a rocket-igniter would make a neat little daughterboard :-) Just don't take it on an airplane. There are patents on similar, of course. Somebody mentioned here the trick with KMnO4 and glycerol. I saw this experiment in elementary school, where it was shown as a demonstration that mixing ordinary things may give extraordinary results - it was shown to light up a glob of magnesium shavings. A setup with a dongle circuitboard covered with an insulating/protective varnish, a magnesium strip attached over the memory chip (held in place by steel wire thick enough to keep it there even while burning, for long enough to deliver enough heat into the chip, or wrapped around the chip and the board), the strip coated with caked permanganate, and a glass vial with glycerol in the dongle's casing, could be usable for the field use - if you get enough time to drop the dongle and step on it. Electrical ignition of the Mg strip may be useful in the setups when the device is connected to home security system or machine movement sensors. A purely electronic system would have an advantage, though - could be shipped much easier as it won't contain more dangerous components than a lithium or silver-oxide cell. Maybe a microcontroller with a SRAM chip, with the data stored as XORs of pairs of cells, and the micro periodically inverting the pairs, to prevent the remembering in the SRAM cells after a power-off? (Related question: are there any SRAM chips with smaller capacity, that would have smaller case and smaller number of pins?) Testing might get expensive unless you can get destructive-test dongles cheaply, and how much effort do you expend trying to read the data? Or replace the test dongles with test rig with a mechanically similar chip; new serial EEPROMs in SMD casings can be bought for as cheap as USD1/3-1/4, maybe even less. We don't need to completely obliterate the chip; we need to heat it just enough to get the electrons from the floating gates (maybe my terminology is wrong, but if you saw a pic of an EEPROM or FEPROM cell, you are likely to know what I mean), get them over the not-that-high energetical barrier so they can (and will) jump back and forth freely, discharge the memory cells. Then not even the most expensive atomic-level machinery can recover the original content. If the temperature is enough to recrystallize the silicon at the chip surface, it should have a rather wide safety margin. The casings of the SMD chips are fairly thin - under a millimeter between the surface and the chip, so even a relatively small strip should be enough. Tests can be done even with discarded chips, as the remains aren't required (nor supposed) to be functional anyway - they have to be examined by eg. optical microscopy. Electron microscopy would be the best - but that's outside of the reach of a garage technician; maybe an university or an industrial lab could be hired or bribed to do the tests, though.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself. Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
Morlock Elloi wrote: The extreme ease of use of internet wiretapping and lack of accountability is not a good situation to create. False. It is the best possible situation cpunk-wise I can imagine. No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
The extreme ease of use of internet wiretapping and lack of accountability is not a good situation to create. False. It is the best possible situation cpunk-wise I can imagine. It effectively deals away with bs artists (those who *argue* against this or that) and empowers mathematics. If one is so fucking stupid, lazy or both not to encrypt, anonymize and practice other safe-sex approaches then let's hope that whatever broad wiretapping results in will also have slight (but measurable) pressure in factoring those out from the gene pool. = end (of original message) Y-a*h*o-o (yes, they scan for this) spam follows: __ Do you Yahoo!? Yahoo! Photos: High-quality 4x6 digital prints for 25¢ http://photos.yahoo.com/ph/print_splash
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? Amen. It's like expecting a worldwide ban on finance. Been tried. Doesn't work. :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
Eugen Leitl wrote: On Thu, Apr 22, 2004 at 01:13:48AM +0100, Dave Howe wrote: No, it is a terrible situation. It establishes a legal requirement that communications *not* be private from the feds. from there, it is just a small step to defining encryption as a deliberate attempt to circumvent that law, and so a crime in itself. Are you truly expecting a worldwide ban on encryption? No. Just one on using crypto in america to avoid the feds listening in - currently this is legal, but adds an additional penalty if you are convicted of something *and* the feds decide you used crypto as well. How do you prove somebody is using encryption on a steganographic channel? obviously you don't - but I doubt you could conveniently find a steganographic channel convincing enough to pass muster and yet fast enough to handle VoIP traffic. Besides, it could easily devolve into a your-word-against-theirs argument, after you have already spent some time in jail waiting to get to trial (or at least the threat of this). Martha already found out how the FBI can bend the rules if they want to make an example of you.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
R. A. Hettinga wrote: At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? It's like expecting a worldwide ban on finance. Been tried. Doesn't work. There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. That it doesn't apply outside the US is fine if you are in the netherlands, not so hot if you, your isp, or some branch of your ISP is in the states.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 4:32 PM +0100 4/22/04, Dave Howe wrote: There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. Carl Ellison tells the story about how, with the advent of the longbow, all these peasants had to get absolution from their local priests for killing knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, repeat. Needless to say, the impedance mismatch between reality and dogma resolved itself. The economics of networks outweighs the economics of intellectual property law. That, too, will resolve itself, just like Clipper did. As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. The internet and Moore's law accelerates cryptographic, and thus financial, progress. More stuff cheaper. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Of course, the solved-crimes statistics doesn't care about this subtle difference. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 05:56 PM 4/22/04 +0200, Thomas Shaddack wrote: On Thu, 22 Apr 2004, Major Variola (ret) wrote: At 12:09 PM 4/22/04 +0200, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? How do you prove somebody is using encryption on a steganographic channel? Torture, of the sender, receiver, or their families, has worked pretty well. If you're good you don't even leave marks. However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn.But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. If you give them a believable but fake one, it will damage innocents or true members of your association. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 12:09 PM +0200 4/22/04, Eugen Leitl wrote: Are you truly expecting a worldwide ban on encryption? Amen. It's like expecting a worldwide ban on finance. Been tried. Doesn't work. But the goal isn't to ban it; just marginalize it enough to be able to tar it as a terrorist action. True, there is no worldwide ban on finance. But there is the delightful 'know your customer' law.
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. I don't agree, though I'm tempted to. What have nominally been called religious and/or race wars throughout history have almost always had at their core economics, or at least in the western world. It's easy to see how finance might be the underlying reason for lots of nominally non-crypto communications. Your statement is arguably true as t--infinity. However, I'd bet there are short-term applications for crypto that really matter and yet have no real relationship to $$$ (for instance, what if there was widespread communications and crypto in Nazi Germany...would the holocaust have happened?) -TD From: R. A. Hettinga [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [IP] One Internet provider's view of FBI's CALEA wiretap push Date: Thu, 22 Apr 2004 12:43:51 -0400 At 4:32 PM +0100 4/22/04, Dave Howe wrote: There isn't a worldwide ban on breaking CSS - doesn't stop the film industry trying to enforce it in the US courts. Carl Ellison tells the story about how, with the advent of the longbow, all these peasants had to get absolution from their local priests for killing knights. Kill a noble on Wednesday, confess on Sunday, lather, rinse, repeat. Needless to say, the impedance mismatch between reality and dogma resolved itself. The economics of networks outweighs the economics of intellectual property law. That, too, will resolve itself, just like Clipper did. As for finance itself, there's a reason that I say that financial cryptography is the only cryptography that matters. Since the time of Mesopotamian bullae and grain banks, cryptography has been essential to finance. You can't do one without the other. The more cryptography you do, the more finance you can do, the better off everyone is. It's a virtuous circle. The internet and Moore's law accelerates cryptographic, and thus financial, progress. More stuff cheaper. Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire' _ Lose those love handles! MSN Fitness shows you two moves to slim your waist. http://fitness.msn.com/articles/feeds/article.aspx?dept=exercisearticle=et_pv_030104_lovehandles
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 2004-04-22 at 14:53, Major Variola (ret) wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. The first thing that popped into my mind is a USB key with a small cake of potassium permanganate affixed to the flash chip and a rupturable bladder filled with glycerin on top. In case of problem, squeeze to rupture the bladder and throw it somewhere. If outside and near weeds, it'll be very hard to find before the misture does its exothermic thing. That mixture will ignite thermite... should be able to do a number on a flash chip pretty well. -- Roy M. Silvernail is [EMAIL PROTECTED], and you're not Never Forget: It's Only 1's and 0's! SpamAssassin-procmail-/dev/null-bliss http://www.rant-central.com
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
At 4:00 PM -0400 4/22/04, Pete Capelli wrote: But the goal isn't to ban it; just marginalize it enough to be able to tar it as a terrorist action. True, there is no worldwide ban on finance. But there is the delightful 'know your customer' law. That's just a monster in the closet. Fact is, the more people are able to hack insecure networks, the stronger the crypto gets. At some point, we converge to instantaneous transactions, and that means stuff like blind signatures. Anything else costs too much. When we're at bearer transactions, we don't have audit trails anymore... Right? :-) Cheers, RAH -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience. -- Edward Gibbon, 'Decline and Fall of the Roman Empire'
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, Apr 22, 2004 at 11:53:07AM -0700, Major Variola (ret) wrote: I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. Smallish lithium battery has enough oomph to heat a NiCr filament (or charge an electrolyte capacitor to vaporize a thin filament) to detonate a pellet of lead azide or similiar. It will blow a hole in glass, or reliably destroy a flash chip, while being fairly safe when not held in hand (or embedded in a bulky enough case). This will produce a loud bang, obviously. Thermite is a good choice to turn your fileserver into lava, but that thing better be outside, or mounted in chamotte- or asbestos-lined metal closet. Will produce smoke, and take some time, too. If your keyring's been securely wiped, rubberhosing the passphrase out of you to unlock it will give the attacker very little. Assuming the device is powered on, and easily triggerable, that would be quickest. If you're just running a P2P which encrypts relay traffick, and a CFS hosting your warez and kiddie porn which needs interactive passphrase input to mount any forensics type people will only wind up with a glob of useless bits. Assuming the knuckle-draggers will know a CFS from a corrupted FS or a dead drive, that is. -- Eugen* Leitl a href=http://leitl.org;leitl/a __ ICBM: 48.07078, 11.61144http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE http://moleculardevices.org http://nanomachines.net pgp0.pgp Description: PGP signature
Re: [IP] One Internet provider's view of FBI's CALEA wiretap push
On Thu, 22 Apr 2004, Major Variola (ret) wrote: However, it's not entirely reliable. At some point, the suspect tells you what you want to hear, whether or not it is the truth, just so you leave him alone. It can even happen that the suspect convinces himself that what he really did what he was supposed to do. Interrogators check out each confession. First ones won't work, bogus keys. Just noise. Second confession reveals pork recipes hidden in landscape pictures. Beneath that layer of filesystem is stego'd some porn. Beneath that, homosexual porn. But your interrogators want the address book stego'd beneath that. They know that these are stego distraction levels, uninteresting to them. You'll give it to them eventually. Or not - if you weren't who they thought and there really was nothing more than the gay porn. If you give them a believable but fake one, it will damage innocents or true members of your association. Innocents could be a good cannon fodder that can bring a lot of backslash and alienation aganst the goons, stripping them from public support. This brings another ofren underestimated problem into the area of cryptosystem design, the rubberhose resistance. My comments were written with that in mind. I'm familiar with filesystems (etc) with layers of deniable stego. You are one of the few who are familiar with it. Are there any decent implementations for Linux/BSD/NT? Some time ago I was looking around for something (not necessarily stego, standard single-layer encrypted filesystem would be enough) for removable media, and would like to share them between machines running several operation systems. Didn't manage to find anything usable. The requirements are security, stability, and portability (at least read-only) between platforms. I wonder how quickly one could incinerate a memory card in the field with high success rate? Destroy the data and the passphrases don't help. There are magnesium rods on the camping market, sold as firestarters for very bad weather. Very high temperature of burning, with proper mechanical configuration (card strapped between two such rods?) could be enough to melt the chip. Maybe could be used together with some kind of break-and-shake chemical ignition even for eg. the USB drives. Their casings typically have considerable amount of space (few mm, enough for a Mg strip) over the chip that carries the data themselves. Which reminds me there are toilets designed for burning the waste using propane burners or electrical heating elements. Could be possible to use them as a basis for the ultimate document shredder, if combined together with a standard lower-security one, within $2000 total.
