[Mb-civic] FW: [Politech] Use encryption online,
become more visible? [priv]
George R. Milman
geomilman at milman.com
Thu Mar 31 22:45:48 PST 2005
-----Original Message-----
From: politech-bounces at politechbot.com
[mailto:politech-bounces at politechbot.com] On Behalf Of Declan McCullagh
Sent: Thursday, March 31, 2005 10:31 PM
To: politech at politechbot.com
Subject: [Politech] Use encryption online, become more visible? [priv]
We've covered some of these topics on Politech before. Yes, encryption
can flag you if someone is monitoring network traffic. Steganography is
a countermeasure. If seizure of your equipment is your concern, try
deniable cryptographic filesystems:
http://www.mirrors.wiretapped.net/security/cryptography/filesystems/rubberho
se/rubberhose-README.txt
The question of whether you can be compelled to produce your private key
is a more complicated legal one (involving the 5th Amendment, among
others, especially if your passphrase is needed as well). To the best of
my knowledge there is no case on point that answers that question.
Previous Politech message:
http://www.politechbot.com/2005/03/30/nude-photos-on/
-Declan
-------- Original Message --------
Subject: Encryption skeleton keys
Date: Thu, 31 Mar 2005 17:37:33 -0500
From: Pyke, Gila <gila.pyke at ssha.on.ca>
To: Declan McCullagh <declan at well.com>
Hi Declan, I don't know if these have made it through the list yet.
This whole discussion revolving around ISPs "logging" info for "lawful
access" keeps sending this one alarm off in my head - that of
encryption. What happens to that minority of people (like me) who
habitually encrypt their email, IM and local documents just for sheer
safety and self-protection from ID theft, eavesdropping, etc? Do I
become a suspicious character? Will I get flagged for wearing an
"internet trenchcoat"? Will I be obliged by law to share my private key?
Or will those seeking "lawful access" merely involve themselves in some
of the programs outlined below (some very outdated but included for
completeness) - either for cracking, or "skeleton" key escrow?
In any case, the entire subject makes me makes me shiver. I knew the day
would come when I'd become a bad guy just for being comfortable with math.
------------------------------------------------------------------------
The US Secret Service's Distributed Networking Attack (DNA) program for
cracking "criminals' encrypted data caches":
http://www.washingtonpost.com/ac2/wp-dyn/A6098-2005Mar28?language=printer
A bit dated perhaps (and you're probably already familiar with this) but
the US vs. Scarfo case involved the FBI's use of key logging:
http://www.epic.org/crypto/scarfo.html
A bit dated perhaps (and you're probably already familiar with this) but
the US vs. Scarfo case involved the FBI's use of key logging:
http://www.epic.org/crypto/scarfo.html
ECHELON: the NSA's billion-dollar surveillance program for intercepting
communications was a big deal in the late 90's, though nobody believed
it was technologically feasible. I haven't heard any news about it in
the last couple of years so I don't know what has happened to it. But I
imagine it hasn't completely died away yet.
http://www.hermetic.ch/crypto/echelon/echelon.htm
http://www.abovetopsecret.com/pages/echelon.html
And on a completely unrelated note - WHAT ARE THEY THINKING?!?!:
As someone who has spent years in vulnerability management, the issue of
software vulnerability disclosure is one that gets my blood boiling.
Sybase is currently threatening legal action against anyone who
discloses certain vulnerability information:
http://www.computerworld.com/printthis/2005/0,4814,100637,00.html
Gila
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
More information about the Mb-civic
mailing list