[hcs-d] Government wiretapping

Joe Zimmerman joe at hcs.harvard.edu
Mon Sep 27 23:49:10 EDT 2010


Ted: These are all excellent points. Still, though, if the government is
really determined, I don't think there's anything preventing them from
accumulating secret keys over time, and gradually tightening the net (no pun
intended, ha.) on the holdouts.

-Joe

On Mon, Sep 27, 2010 at 7:34 PM, Ted Pak <tpak at fas.harvard.edu> wrote:

> But take my example of SSL.  Do you really think billions of users and
> businesses, including the ones that don't live in the US of A, never mind
> anybody that does e-commerce and depends on SSL to make a living, are all
> going to wake up the day after the law is signed and say "hmm we should all
> put a backdoor in our software because the US said so."  Open protocols and
> implementations don't work like that.  Maybe if there were still proprietary
> primary implementations of all encrypted protocols, and those implementors
> were mostly US based like they were three decades ago, would this have some
> legs.  Then, the US would have a central entity to prosecute, rather than
> individual users.  SSL as a protocol no longer depends on any central
> entities.  Stallman would probably move to Canada shitting bricks the whole
> way rather than let a backdoor into GnuTLS.
>
> Even if the law passes, it's not reasonable to expect all US-based users of
> SSL to switch client libraries immediately.  In some embedded applications,
> it might be nearly impossible to "upgrade" to a backdoored version.
>  Assuming draconian enforcement you could still only reasonable expect a
> transition within a decade, by which point the pirate party in Sweden will
> have figured out a way around all of this foolishness.
>
>  Ted Pak
>
> On Sep 27, 2010, at 10:13 PM, Joe Zimmerman wrote:
>
>
> On Mon, Sep 27, 2010 at 7:02 PM, Ted Pak <tpak at fas.harvard.edu> wrote:
>
>> If this actually happens, and I really doubt it will, it reminds me of the
>> days where the government restricted civilian use of encryption technology
>> so it could keep the military grade stuff for itself.  It was literally
>> illegal to do encryption above a certain key-length.  I thought we had moved
>> past that.
>>
>
> From the article:
>
> "Developers of software that enables peer-to-peer communication must
> redesign their service to allow interception."
>
> I think that's where they're headed.
>
> -Joe
>
>
>
>
>> On Sep 27, 2010, at 9:49 PM, Greg Brockman wrote:
>>
>> > Wait, as I understand the proposed law, it's not about trying to get
>> > around legal process.  Rather, it's about making sure that when the
>> > government gets a warrant for a Skype phone call, Skype has the
>> > technical ability to decrypt said phone call and give it to the
>> > government.  The government itself will not gain that ability and will
>> > still have to go through exactly the same protocols they do now.
>> >
>> > Greg
>> >
>> >
>> >
>> > On Mon, Sep 27, 2010 at 9:35 PM, Joe Zimmerman <joe at hcs.harvard.edu>
>> wrote:
>> >>
>> >>> While I'm no lawyer, it seems unlikely that any such mandate would
>> hold up
>> >>> in court.
>> >>
>> >> I'm not sure about that. Courts have done some pretty crazy things in
>> the
>> >> past (e.g., letting the DMCA stand).
>> >>
>> >>>
>> >>> Plus, to access said encrypted data, the government would still
>> >>> technically need a warrant. The 4th amendment prohibits the government
>> from
>> >>> accessing the information without a search warrant, so any charges
>> they
>> >>> tried to bring against people based on evidence obtained without a
>> warrant
>> >>> would be thrown out before you can say "constitutional rights".
>> >>>
>> >>> And remember that the 5th amendment means that people have the right
>> to
>> >>> confront the evidence against them -- in particular the witnesses
>> against
>> >>> them -- making any charges doubly difficult for the government...
>> >>
>> >> Assuming the cases went to trial, as opposed to the people just
>> >> disappearing. Or, what is probably more common, the information
>> gathered
>> >> being used extralegally to blackmail or frame people for other things.
>> >>
>> >>>
>> >>> It's not to say that I approve of this policy. Honestly, why the
>> >>> intelligence community goes to such lengths to avoid appropriate legal
>> >>> processes (such as search warrants) boggles the mind. Particularly
>> when
>> >>> there are special courts set up specifically for the purpose of
>> issuing
>> >>> warrants for sensitive investigations.
>> >>>
>> >>
>> >> See above, in part. Although, it occurs to me that the government has
>> an
>> >> interesting angle here: right now, so much data on the Internet is
>> encrypted
>> >> that the feds don't know what to look for. Most of this is due to
>> traffic
>> >> over SSL, destined for servers that have a physical and legal presence
>> and
>> >> whose owners can be held accountable to the proposed new law. If all of
>> this
>> >> traffic effectively became cleartext (on account of the backdoor), it
>> would
>> >> become much more feasible to look for encrypted transmissions (any
>> >> whatsoever) as a sign of suspicious activity.
>> >>
>> >> -Joe
>> >>
>> >>
>> >>
>> >>>
>> >>> On Mon, Sep 27, 2010 at 20:05, Zak Stone <zstone at gmail.com> wrote:
>> >>>>
>> >>>> I imagine most businesses will vehemently oppose the legislation:
>> >>>>
>> >>>> http://www.nytimes.com/2010/09/28/business/global/28secure.html
>> >>>>
>> >>>> Zak
>> >>>>
>> >>>>
>> >>>> On Mon, Sep 27, 2010 at 5:37 PM, Zak Stone <zstone at gmail.com> wrote:
>> >>>>> It may be time to lobby Congress, folks, especially if there are
>> plans
>> >>>>> to somehow prohibit individuals from using strong encryption
>> >>>>> technology. This legislation hasn't passed yet.
>> >>>>>
>> >>>>> Zak
>> >>>>>
>> >>>>>
>> >>>>> On Mon, Sep 27, 2010 at 5:30 PM, Joe Zimmerman <joe at hcs.harvard.edu
>> >
>> >>>>> wrote:
>> >>>>>> Not to mention the entirety of Nineteen Eighty-Four.
>> >>>>>>
>> >>>>>> -Joe
>> >>>>>>
>> >>>>>> On Mon, Sep 27, 2010 at 1:46 PM, Siddarth Chandrasekaran
>> >>>>>> <chandrasekaran.siddarth at gmail.com> wrote:
>> >>>>>>>
>> >>>>>>> Frighteningly relevant:
>> >>>>>>>
>> >>>>>>> http://www.youtube.com/watch?v=7DRAD-j8ObI
>> >>>>>>> "There are of course those who do not want us to speak. I suspect
>> >>>>>>> even
>> >>>>>>> now, orders are being shouted into telephones, and men with guns
>> will
>> >>>>>>> soon be on their way. Why? Because while the truncheon may be used
>> in
>> >>>>>>> lieu of conversation, words will always retain their power. Words
>> >>>>>>> offer the means to meaning, and for those who will listen, the
>> >>>>>>> enunciation of truth. And the truth is, there is something
>> terribly
>> >>>>>>> wrong with this country, isn't there? Cruelty and injustice,
>> >>>>>>> intolerance and oppression. And where once you had the freedom to
>> >>>>>>> object, to think and speak as you saw fit, you now have censors
>> and
>> >>>>>>> systems of surveillance coercing your conformity and soliciting
>> your
>> >>>>>>> submission. How did this happen? Who's to blame?"
>> >>>>>>>
>> >>>>>>> Siddarth
>> >>>>>>>
>> >>>>>>>
>> >>>>>>>
>> >>>>>>> On Mon, Sep 27, 2010 at 4:39 PM, Jim Danz <danz at fas.harvard.edu>
>> >>>>>>> wrote:
>> >>>>>>>> What?  That's never happened to me on NYT and I'm definitely not
>> a
>> >>>>>>>> member.
>> >>>>>>>>
>> >>>>>>>> On Mon, Sep 27, 2010 at 4:35 PM, Carl Jackson <carl at avtok.com>
>> >>>>>>>> wrote:
>> >>>>>>>>>
>> >>>>>>>>> http://imgur.com/tyiT0
>> >>>>>>>>>
>> >>>>>>>>> In other news, this is really really unfortunate. I'll probably
>> >>>>>>>>> say
>> >>>>>>>>> more
>> >>>>>>>>> angry words when I figure out how to read the article :P
>> >>>>>>>>>
>> >>>>>>>>> Carl
>> >>>>>>>>>
>> >>>>>>>>> On Sep 27, 2010, at 4:30 PM, Greg Brockman wrote:
>> >>>>>>>>>
>> >>>>>>>>>> Looks like the government is considering mandating
>> communication
>> >>>>>>>>>> service providers to put backdoors in their softwares' crypto:
>> >>>>>>>>>> http://www.nytimes.com/2010/09/27/us/27wiretap.html?_r=1
>> >>>>>>>>>>
>> >>>>>>>>>> Any thoughts?
>> >>>>>>>>>>
>> >>>>>>>>>> Best,
>> >>>>>>>>>>
>> >>>>>>>>>> Greg
>> >>>>>>>>>> _______________________________________________
>> >>>>>>>>>> hcs-discuss mailing list
>> >>>>>>>>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>>>>>>>
>> >>>>>>>>> _______________________________________________
>> >>>>>>>>> hcs-discuss mailing list
>> >>>>>>>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>>>>>>>
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>>> _______________________________________________
>> >>>>>>>> hcs-discuss mailing list
>> >>>>>>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>>>>>>
>> >>>>>>>>
>> >>>>>>> _______________________________________________
>> >>>>>>> hcs-discuss mailing list
>> >>>>>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>>>>
>> >>>>>>
>> >>>>>> _______________________________________________
>> >>>>>> hcs-discuss mailing list
>> >>>>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>>>>
>> >>>>>>
>> >>>>>
>> >>>> _______________________________________________
>> >>>> hcs-discuss mailing list
>> >>>> hcs-discuss at lists.hcs.harvard.edu
>> >>>> https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>> >>>
>> >>
>> >>
>> > _______________________________________________
>> > hcs-discuss mailing list
>> > hcs-discuss at lists.hcs.harvard.edu
>> > https://lists.hcs.harvard.edu/mailman/listinfo/hcs-discuss
>>
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.hcs.harvard.edu/pipermail/hcs-discuss/attachments/20100927/3584b868/attachment.htm 


More information about the hcs-discuss mailing list