[hcs-d] Government wiretapping

Ted Pak tpak at fas.harvard.edu
Mon Sep 27 22:34:08 EDT 2010


But take my example of SSL.  Do you really think billions of users and businesses, including the ones that don't live in the US of A, never mind anybody that does e-commerce and depends on SSL to make a living, are all going to wake up the day after the law is signed and say "hmm we should all put a backdoor in our software because the US said so."  Open protocols and implementations don't work like that.  Maybe if there were still proprietary primary implementations of all encrypted protocols, and those implementors were mostly US based like they were three decades ago, would this have some legs.  Then, the US would have a central entity to prosecute, rather than individual users.  SSL as a protocol no longer depends on any central entities.  Stallman would probably move to Canada shitting bricks the whole way rather than let a backdoor into GnuTLS.

Even if the law passes, it's not reasonable to expect all US-based users of SSL to switch client libraries immediately.  In some embedded applications, it might be nearly impossible to "upgrade" to a backdoored version.  Assuming draconian enforcement you could still only reasonable expect a transition within a decade, by which point the pirate party in Sweden will have figured out a way around all of this foolishness.

Ted Pak

On Sep 27, 2010, at 10:13 PM, Joe Zimmerman wrote:

> 
> On Mon, Sep 27, 2010 at 7:02 PM, Ted Pak <tpak at fas.harvard.edu> wrote:
> If this actually happens, and I really doubt it will, it reminds me of the days where the government restricted civilian use of encryption technology so it could keep the military grade stuff for itself.  It was literally illegal to do encryption above a certain key-length.  I thought we had moved past that.
> 
> From the article:
> 
> "Developers of software that enables peer-to-peer communication must redesign their service to allow interception."
> 
> I think that's where they're headed.
> 
> -Joe
> 
> 
> 
> 
> On Sep 27, 2010, at 9:49 PM, Greg Brockman wrote:
> 
> > Wait, as I understand the proposed law, it's not about trying to get
> > around legal process.  Rather, it's about making sure that when the
> > government gets a warrant for a Skype phone call, Skype has the
> > technical ability to decrypt said phone call and give it to the
> > government.  The government itself will not gain that ability and will
> > still have to go through exactly the same protocols they do now.
> >
> > Greg
> >
> >
> >
> > On Mon, Sep 27, 2010 at 9:35 PM, Joe Zimmerman <joe at hcs.harvard.edu> wrote:
> >>
> >>> While I'm no lawyer, it seems unlikely that any such mandate would hold up
> >>> in court.
> >>
> >> I'm not sure about that. Courts have done some pretty crazy things in the
> >> past (e.g., letting the DMCA stand).
> >>
> >>>
> >>> Plus, to access said encrypted data, the government would still
> >>> technically need a warrant. The 4th amendment prohibits the government from
> >>> accessing the information without a search warrant, so any charges they
> >>> tried to bring against people based on evidence obtained without a warrant
> >>> would be thrown out before you can say "constitutional rights".
> >>>
> >>> And remember that the 5th amendment means that people have the right to
> >>> confront the evidence against them -- in particular the witnesses against
> >>> them -- making any charges doubly difficult for the government...
> >>
> >> Assuming the cases went to trial, as opposed to the people just
> >> disappearing. Or, what is probably more common, the information gathered
> >> being used extralegally to blackmail or frame people for other things.
> >>
> >>>
> >>> It's not to say that I approve of this policy. Honestly, why the
> >>> intelligence community goes to such lengths to avoid appropriate legal
> >>> processes (such as search warrants) boggles the mind. Particularly when
> >>> there are special courts set up specifically for the purpose of issuing
> >>> warrants for sensitive investigations.
> >>>
> >>
> >> See above, in part. Although, it occurs to me that the government has an
> >> interesting angle here: right now, so much data on the Internet is encrypted
> >> that the feds don't know what to look for. Most of this is due to traffic
> >> over SSL, destined for servers that have a physical and legal presence and
> >> whose owners can be held accountable to the proposed new law. If all of this
> >> traffic effectively became cleartext (on account of the backdoor), it would
> >> become much more feasible to look for encrypted transmissions (any
> >> whatsoever) as a sign of suspicious activity.
> >>
> >> -Joe
> >>
> >>
> >>
> >>>
> >>> On Mon, Sep 27, 2010 at 20:05, Zak Stone <zstone at gmail.com> wrote:
> >>>>
> >>>> I imagine most businesses will vehemently oppose the legislation:
> >>>>
> >>>> http://www.nytimes.com/2010/09/28/business/global/28secure.html
> >>>>
> >>>> Zak
> >>>>
> >>>>
> >>>> On Mon, Sep 27, 2010 at 5:37 PM, Zak Stone <zstone at gmail.com> wrote:
> >>>>> It may be time to lobby Congress, folks, especially if there are plans
> >>>>> to somehow prohibit individuals from using strong encryption
> >>>>> technology. This legislation hasn't passed yet.
> >>>>>
> >>>>> Zak
> >>>>>
> >>>>>
> >>>>> On Mon, Sep 27, 2010 at 5:30 PM, Joe Zimmerman <joe at hcs.harvard.edu>
> >>>>> wrote:
> >>>>>> Not to mention the entirety of Nineteen Eighty-Four.
> >>>>>>
> >>>>>> -Joe
> >>>>>>
> >>>>>> On Mon, Sep 27, 2010 at 1:46 PM, Siddarth Chandrasekaran
> >>>>>> <chandrasekaran.siddarth at gmail.com> wrote:
> >>>>>>>
> >>>>>>> Frighteningly relevant:
> >>>>>>>
> >>>>>>> http://www.youtube.com/watch?v=7DRAD-j8ObI
> >>>>>>> "There are of course those who do not want us to speak. I suspect
> >>>>>>> even
> >>>>>>> now, orders are being shouted into telephones, and men with guns will
> >>>>>>> soon be on their way. Why? Because while the truncheon may be used in
> >>>>>>> lieu of conversation, words will always retain their power. Words
> >>>>>>> offer the means to meaning, and for those who will listen, the
> >>>>>>> enunciation of truth. And the truth is, there is something terribly
> >>>>>>> wrong with this country, isn't there? Cruelty and injustice,
> >>>>>>> intolerance and oppression. And where once you had the freedom to
> >>>>>>> object, to think and speak as you saw fit, you now have censors and
> >>>>>>> systems of surveillance coercing your conformity and soliciting your
> >>>>>>> submission. How did this happen? Who's to blame?"
> >>>>>>>
> >>>>>>> Siddarth
> >>>>>>>
> >>>>>>>
> >>>>>>>
> >>>>>>> On Mon, Sep 27, 2010 at 4:39 PM, Jim Danz <danz at fas.harvard.edu>
> >>>>>>> wrote:
> >>>>>>>> What?  That's never happened to me on NYT and I'm definitely not a
> >>>>>>>> member.
> >>>>>>>>
> >>>>>>>> On Mon, Sep 27, 2010 at 4:35 PM, Carl Jackson <carl at avtok.com>
> >>>>>>>> wrote:
> >>>>>>>>>
> >>>>>>>>> http://imgur.com/tyiT0
> >>>>>>>>>
> >>>>>>>>> In other news, this is really really unfortunate. I'll probably
> >>>>>>>>> say
> >>>>>>>>> more
> >>>>>>>>> angry words when I figure out how to read the article :P
> >>>>>>>>>
> >>>>>>>>> Carl
> >>>>>>>>>
> >>>>>>>>> On Sep 27, 2010, at 4:30 PM, Greg Brockman wrote:
> >>>>>>>>>
> >>>>>>>>>> Looks like the government is considering mandating communication
> >>>>>>>>>> service providers to put backdoors in their softwares' crypto:
> >>>>>>>>>> http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1
> >>>>>>>>>>
> >>>>>>>>>> Any thoughts?
> >>>>>>>>>>
> >>>>>>>>>> Best,
> >>>>>>>>>>
> >>>>>>>>>> Greg
> >>>>>>>>>> _______________________________________________
> >>>>>>>>>> hcs-discuss mailing list
> >>>>>>>>>> hcs-discuss at lists.hcs.harvard.edu
> >>>>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>>>>>>>
> >>>>>>>>> _______________________________________________
> >>>>>>>>> hcs-discuss mailing list
> >>>>>>>>> hcs-discuss at lists.hcs.harvard.edu
> >>>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>>>>>>>
> >>>>>>>>
> >>>>>>>>
> >>>>>>>> _______________________________________________
> >>>>>>>> hcs-discuss mailing list
> >>>>>>>> hcs-discuss at lists.hcs.harvard.edu
> >>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>>>>>>
> >>>>>>>>
> >>>>>>> _______________________________________________
> >>>>>>> hcs-discuss mailing list
> >>>>>>> hcs-discuss at lists.hcs.harvard.edu
> >>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>>>>
> >>>>>>
> >>>>>> _______________________________________________
> >>>>>> hcs-discuss mailing list
> >>>>>> hcs-discuss at lists.hcs.harvard.edu
> >>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>>>>
> >>>>>>
> >>>>>
> >>>> _______________________________________________
> >>>> hcs-discuss mailing list
> >>>> hcs-discuss at lists.hcs.harvard.edu
> >>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> >>>
> >>
> >>
> > _______________________________________________
> > hcs-discuss mailing list
> > hcs-discuss at lists.hcs.harvard.edu
> > https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
> 
> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20100927/fd300e32/attachment-0001.htm 


More information about the hcs-discuss mailing list