Interesting report on Dutch non-use of traffic data
From EDRI-gram via Wendy Seltzer: 4. Dutch police report: traffic data seldom essential Telephone traffic data are only necessary to solve crimes in a minority of police investigations. Most cases can be solved without access to traffic data, with the exception of large fraud investigations. These are the conclusions of a Dutch police report produced at the request of the Dutch ministry of Justice. The report was recently obtained by the Dutch civil liberties organisation Bits of Freedom through a public access request. The report undermines the Dutch government's support to the EU draft framework decision on data retention. The report makes no case for the proposed data retention as Dutch police already uses traffic data in 90% of all investigations. The police can already obtain, with a warrant, the traffic data that telecommunication companies store for their own billing- and business purposes. The report also shows that the use of traffic data is a standard tool in police investigations and it not limited to cases of organised crime or terrorism. The report is the result of an evaluation of past investigations by the Dutch police of Rotterdam. Two-thirds of all investigations could have been solved if no traffic data would have been available at all. The three main purposes of traffic data in police investigations are: network analysis (searching for associations of a person to other individuals), tactical support for surveillance and checking of alibis (through GSM location data). Police investigators can compensate a possible lack of traffic data by other investigative methods such as wiretapping, surveillance, a preservation order for traffic data and a longer investigative period. The report states that police officers seldom ask for traffic data older than six months. The report was never sent to the Dutch parliament although members of parliament previously asked for research results about the effectiveness of mandatory data retention. After Bits of Freedom published the report new questions have been raised in the Dutch parliament about the reason for withholding the report. The use of (historic) traffic data in investigations (April 2003, in Dutch) http://www.bof.nl/docs/rapport_verkeersgegevens.pdf (Contribution by Maurice Wessling, EDRI-member Bits of Freedom) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
CodeCon 2005 Call for Papers
CodeCon 4.0 February 11-13, 2005 San Francisco CA, USA www.codecon.org Call For Papers CodeCon is the premier showcase of cutting edge software development. It is an excellent opportunity for programmers to demonstrate their work and keep abreast of what's going on in their community. All presentations must include working demonstrations, ideally accompanied by source code. Presenters must be done by one of the active developers of the code in question. We emphasize that demonstrations be of *working* code. We hereby solicit papers and demonstrations. * Papers and proposals due: December 15, 2005 * Authors notified: January 1, 2005 Possible topics include, but are by no means restricted to: * community-based web sites - forums, weblogs, personals * development tools - languages, debuggers, version control * file sharing systems - swarming distribution, distributed search * security products - mail encryption, intrusion detection, firewalls Presentations will be a 45 minutes long, with 15 minutes allocated for QA. Overruns will be truncated. Submission details: Submissions are being accepted immediately. Acceptance dates are November 15, and December 15. After the first acceptance date, submissions will be either accepted, rejected, or deferred to the second acceptance date. The conference language is English. Ideally, demonstrations should be usable by attendees with 802.11b connected devices either via a web interface, or locally on Windows, UNIX-like, or MacOS platforms. Cross-platform applications are most desirable. Our venue will be 21+. To submit, send mail to [EMAIL PROTECTED] including the following information: * Project name * url of project home page * tagline - one sentence or less summing up what the project does * names of presenter(s) and urls of their home pages, if they have any * one-paragraph bios of presenters, optional, under 100 words each * project history, under 150 words * what will be done in the project demo, under 200 words * slides to be shown during the presentation, if applicable * future plans General Chairs: Jonathan Moore, Len Sassaman Program Chair: Bram Cohen Program Committee: * Jeremy Bornstein, AtomShockwave Corp., USA * Bram Cohen, BitTorrent, USA * Jered Floyd, Permabit, USA * Ian Goldberg, Zero-Knowledge Systems, CA * Dan Kaminsky, Avaya, USA * Klaus Kursawe, Katholieke Universiteit Leuven, BE * Ben Laurie, A.L. Digital Ltd., UK * David Molnar, University of California, Berkeley, USA * Jonathan Moore, Mosuki, USA * Len Sassaman, Nomen Abditum Services, USA Sponsorship: If your organization is interested in sponsoring CodeCon, we would love to hear from you. In particular, we are looking for sponsors for social meals and parties on any of the three days of the conference, as well as sponsors of the conference as a whole and donors of door prizes. If you might be interested in sponsoring any of these aspects, please contact the conference organizers at [EMAIL PROTECTED] Press policy: CodeCon provides a limited number of passes to bona fide press. Complimentary press passes will be evaluated on request. Everyone is welcome to pay the low registration fee to attend without an official press credential. Questions: If you have questions about CodeCon, or would like to contact the organizers, please mail [EMAIL PROTECTED] Please note this address is only for questions and administrative requests, and not for workshop presentation submissions. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Linux-based wireless mesh suite adds crypto engine support
John Gilmore wrote: Crypto hardware that generates random numbers can't be tested in production in many useful ways. My suggestion would be to XOR a hardware-generated and a software-generated random number stream. If one fails, whether by accident, malice, or design, the other will still randomize the resulting stream. Belt AND suspenders will keep your source of randomness from being your weakest link. I think it'd sometimes be better to feed them both into a pool rather than xoring them, since they might go at radically different rates, and xor would limit you to the slower of the two. Of course, for some threat models that would be the right thing. Cheers, Ben. -- ApacheCon! 13-17 November! http://www.apachecon.com/ http://www.apache-ssl.org/ben.html http://www.thebunker.net/ There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit. - Robert Woodruff - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: IBM's original S-Boxes for DES?
From: Dave Howe [EMAIL PROTECTED] Sent: Oct 5, 2004 12:32 PM To: [EMAIL PROTECTED] Subject: Re: IBM's original S-Boxes for DES? More accurately, they didn't protect against linear cryptanalysis - there is no way to know if they knew about it and either didn't want to make changes to protect against that (they weakened the key, so may have wished to keep *some* attacks viable against it to weaken it still further), had to choose (against *either* differential or linear, as they didn't know how to protect against both) or simply the people doing the eval on DES didn't know, as it was rated above their clearance level. I believe people have since come up with S-boxes that resist both linear and differential cryptanalysis. But we don't know whether there were still other attacks or constraints they were trying to address. However, it makes no sense to assume that they left linear attacks in as a backdoor, for two reasons: a. They already left a 56-bit key, which was a practical backdoor for people with experience and expertise in building keysearch machines. (Think of all the expertise in parallel and distributed keysearch that has come out in the public world in the last fifteen years; surely, that was an area NSA had worked on at great depth years earlier! Things like time-memory tradeoffs, parallel collision search and meet-in-the-middle search, clever optimization tricks for getting the keysearch to run efficiently, etc., along with a large hardware budget, must have made a 56-bit key look much worse from inside the agency than from outside. (Though there were plenty of people who saw the problems from outside, as well, thus leading to our current understanding of keysearch techniques.) b. Linear attacks on DES, at least the ones we know about, are spectacularly impractical, requiring more plaintexts than you could ever hope to get from an innocent party using the speeds of hardware available when DES was designed and standardized. --John - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Announcement 5th APES Workshop (KULeuven, Belgium)
Dear, we are happy to announce the 5th Anonymity and Privacy in Electronic Services Workshop. In the first part of the workshop, we will have two invited talks (by Jan Camenisch and Dogan Kesdogan). During the second part, the research partners of APES will present the results of the project in the last year on anonymous connections, anonymous email and anonymous databases. You can find more information on this project at https://www.cosic.esat.kuleuven.ac.be/apes You are kindly invited to attend. In order to estimate the number of participants, we ask you to register by sending an email to Péla Noe ([EMAIL PROTECTED]). Feel free to forward this email to anyone potentially interested in attending. Best regards, Claudia 5th APES WORKSHOP - Date: Tuesday, November 23rd Location: Auditorium A (ESAT, K.U. Leuven) Kasteelpark Arenberg 10 B-3001 Leuven-Heverlee, Belgium Fee: Free of charge. We kindly ask you to register in advance by sending an email to our secretary Péla Noe ([EMAIL PROTECTED]) AGENDA -- 13:00-13:10 Welcome and Introduction by Bart Preneel (COSIC/KULeuven) 13:10-13:50 Invited talk: Security and Privacy for E-Transactions by Jan Camenisch (IBM Zurich Research Laboratory) 13:50-14:30 Invited talk: Personal risk management by Dogan Kesdogan (University of Aachen) 14:30-14:50 Coffee break 14:50-15:30 Anonymous communication infrastructure by Claudia Diaz (COSIC/KULeuven) 15:30-16:10 Controlled anonymous email by Vincent Naessens (DISTRINET/KULAK) 16:10-16:30 Controlled anonymous databases by Svetla Nikova (COSIC/KULeuven) - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Re: Quantum cryptography gets practical
Dave Howe wrote: I think this is part of the purpose behind the following paper: http://eprint.iacr.org/2004/229.pdf which I am currently trying to understand and failing miserably at *sigh* Nope, finally strugged to the end to find a section pointing out that it does *not* prevent mitm attacks. Anyone seen a paper on a scheme that does? - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]
Big guns board Intertrust DRM bandwagon
http://www.theregister.co.uk/2004/10/05/coral_consortium/print.html The Register Biting the hand that feeds IT The Register » Internet and Law » Digital Rights/Digital Wrongs » Original URL: http://www.theregister.co.uk/2004/10/05/coral_consortium/ Big guns board Intertrust DRM bandwagon By Faultline (peter at rethinkresearch.biz) Published Tuesday 5th October 2004 15:36 GMT Intertrust, Philips and Sony have added more top consumer electronics, content and technology heavyweights to their attempt to create an open interoperable Digital Rights Management environment. The system promised at the turn of the year in interview with Philips has taken a step closer to becoming a reality today with a new DRM clustering of companies calling itself the Coral Consortium. Lining up with the expected triumvirate of Intertrust and its two owners Philips and Sony, are more powerful names in the form of Panasonic, Samsung, Hewlett-Packard and the News Corp controlled film company Twentieth Century Fox. Coral describes itself as a cross-industry group to promote interoperability between digital rights management (DRM) technologies used in the consumer media market and it is expected to put its weight behind the Nemo technology emerging from Intertrust. Nemo will act as a bridge between varying DRM systems, including Intertrust's partners systems and Microsoft Windows Media DRM. In Nemo there are defined a set of roles such as client, authorizer, gateway and orchestrator, and it assumes that they talk to each other over an IP network, and work is allocated to each of them such as authorization, peer discovery, notification, services discovery, provisioning, licensing and membership creation. The client simply uses the services of the other three peers, the authorizer decides if the requesting client should have access to a particular piece of content; the gateway takes on the role of a helper that will provide more processing power to negotiate a bridge to another architecture and the orchestrator is a special form of gateway that handles non-trivial co-ordination such as committing a transaction. The Consortium says its aim is to end up with an open technology framework offering a simple and consistent experience to consumers. Most DRM systems, such as Apple's Fairplay used in its iTunes service and on the iPod, prevent consumers from playing content packaged and distributed using one DRM technology on a device that supports a different DRM technology. Coral's answer is to separate content interoperability from choice of DRM technology by developing and standardizing a set of specifications focused on interoperability between different DRM technologies rather than specifying DRM technologies. Interoperability The resulting interoperability layer supports the coexistence of multiple different DRM technologies and permits devices to find appropriately formatted content in the time it takes to press the play button, without consumer awareness of any disparity in format or DRM . In a recent interview with Faultline, Ruud Peters, the chief executive of Philips's intellectual property and standards unit told us: We cannot force Microsoft to join. This whole thing has to be done on a voluntary basis, but if Microsoft systems means that there are devices which cannot play content, and if that content can play on all other devices, then it is Microsoft that will be seen as not friendly. He also explained that when moving a piece of content from under the control of one piece of DRM software to another, if it was to involve a Trust Authority deciphering the content using an authorized key, and then re-encrypting using another key, then there is never any need to break the encryption system in a competing DRM standard. Coral says it will provide interoperability for secure content distribution over web and home network-based devices and services but has yet to say anything in detail about the technology it will be using. More details will emerge at www.coral-interop.org (http://www.coral-interop.org/). This grouping speaks for over half the Hollywood feature films on the planet, around 25 per cent of all popular recorded music and substantially more of the branded consumer electronics goods, and probably has the strength to hold a standoff with Microsoft's PC based DRM. Twentieth Century Fox is also reported this week to have agreed to adopt the Blu-ray disc standard for next-generation DVD players. Not surprising, considering who its new DRM friends are. With Sony, its recently acquired MGM Studios and Fox backing the Blu-ray standard, it's almost a slam dunk for the Sony, Philips, Panasonic standard over the DVD Forum's HD DVD competing standard, which is still not ready. -- - R. A. Hettinga mailto: [EMAIL PROTECTED] The Internet Bearer Underwriting Corporation http://www.ibuc.com/ 44 Farquhar Street, Boston, MA 02131 USA ... however it may deserve respect for its usefulness and antiquity,