Feds warn of crypto, cyberattacks from Fidel Castro
* Transcript of hearing: http://www.cluebot.com/article.pl?sid=01/02/08/1638232 Transcript of 1998 remarks: http://www.cluebot.com/article.pl?sid=01/02/08/0526201 * http://www.wired.com/news/politics/0,1283,41700,00.html Feds Say Fidel Is Hacker Threat by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Feb. 9, 2001 PST WASHINGTON -- These must be jittery times for anyone in the military who uses the Internet. Not only do they have to guard against Love Bug worms and security holes in Microsoft Outlook -- now they've got to worry about Fidel Castro hacking into their computers. Admiral Tom Wilson, head of the Defense Intelligence Agency, says the 74-year-old communist dictator may be preparing a cyberattack against the United States. Wilson told the Senate Intelligence Committee during a public hearing Wednesday that Castro's armed forces could initiate an "information warfare or computer network attack" that could "disrupt our military." The panel later went into closed session to discuss classified material. Sen. Ron Wyden (D-Ore.) asked in response: "And you would say that there is a real threat that they might go that route?" Replied Wilson: "There's certainly the potential for them to employ those kind of tactics against our modern and superior military." He said that Cuba's conventional military might was lacking, but its intelligence operations were substantial. The partly classified hearing is an annual event -- and an important one: It represents this year's World Threat Assessment discussion. That's a chance for the intelligence committee to set its agenda for this session of Congress and hear from senior intelligence officials about the latest national security threats. In addition to the aging president of Cuba, witnesses and senators both cited encryption as another technology-related threat during a far-ranging discussion that also encompassed nuclear, biological and chemical weapons. Sen. Richard Shelby (R-Ala.), the committee's hawkish chairman, said that the classified hearing later in the day would "explore the challenges posed by, among others, the proliferation of encryption technology, the increasing sophistication of denial and deception techniques, the need to modernize and to recapitalize the National Security Agency, and other shortfalls in intelligence funding." [...]
Re: Dutch defense minister warns other countries have Echelon-type spy networks
I couldn't find the document, but Ulf was kind enough to forward me the PDF file, which I've placed online: http://www.politechbot.com/docs/echelon-nl.0101.pdf -Declan On Wed, Jan 31, 2001 at 02:46:53AM +0100, Ulf Mller wrote: [I haven't seen the original documents, so consider this only a rumor at this point. Anyone have more info? -- John] http://parlando.sdu.nl/cgi/showdoc/doc/anonymous:62665/4/0/KST50892.pdf/0/KST50892.pdf (I don't know if that is a permanent URL. If not, search for document number 27591, nr. 1 at http://www.parlement.nl/doc/parlando/hfdframe/par001.htm .) It's in Dutch, obviously.
DeCSS ruling in DVD case must be reversed, eight amicus briefs say
Eight different coalitions -- from cryptographers to journalist groups -- are filing amicus briefs in the DVD/DeCSS case. The briefs -- an unusually high number -- urge that the Second Circuit Court of Appeals overturn the district court's ruling of last August. Wired News article on the briefs being filed today: http://www.wired.com/news/politics/0,1283,41441,00.html The journalist/media brief, which focuses on the right to link: http://www.politechbot.com/docs/linking-amicus.012601.html The computer scientists' brief (the only one filed earlier in the week): http://cryptome.org/mpaa-v-2600-bac.htm Photos from trial, protests, anti-DMCA march: http://www.mccullagh.org/theme/dvd-2600-trial.html http://www.mccullagh.org/theme/2600.html http://www.mccullagh.org/theme/dmca-protest.html http://www.mccullagh.org/image/950-5/tshirt-cssscramble.html Other briefs include one by the ACLU, one by the ACM, one by law professors, and one by Ernest Miller, Siva Vaidhyanathan et al. that says "to be governed by the District Court's version of the DMCA is to be stripped of the right to make the valuable fair uses of copyrighted materials upon which new contributions to the field are so often based." Judge Lewis Kaplan's ruling last August: http://www.wired.com/news/politics/0,1283,38287,00.html EFF is funding 2600 magazine's defense and appeal. The appeal brief to the circuit court, filed last Friday, is here: http://www.eff.org/IP/Video/MPAA_DVD_cases/20010119_ny_eff_appeal_pressrel.html http://www.eff.org/IP/Video/MPAA_DVD_cases/20010119_ny_eff_appeal_brief.html Brief of MPAA member companies is due February 19. Their amici must file a week later. Some of the briefs, including ones I've perused, are still in draft form. EFF promises to have all of them online shortly. ACLU says their brief -- still in draft form -- will be up on their site by noon. -Declan
Re: Full text to the book ``Underground'' released.
The site below has been offline because of heavy traffic. Mirrors, in case you can't get through: http://www.attrition.org/ee/underground-book.zip http://www.politechbot.com/docs/underground.011800.txt.gz -Declan On Thu, Jan 18, 2001 at 08:31:03AM +1100, Julian Assange wrote: [More security than cryptography but I'm passing it along... --Perry] I very pleased to announce that thanks to Random House, Suelette Dreyfus and myself the complete and unabridged electronic text to our famed computer crime book ``Underground'' (approx 500 pp.) has been publically released. +-+ | Format | Name| Size (bytes) | |-| |-| | Text | underground.txt | 979993 | |-| |-| | Text, ZIP | underground.zip | 357915 | |-| |-| | Text, GZIP | underground.txt.gz | 355953 | |-| |-| | Text, BZIP2| underground.txt.bz2 | 265014 | |-| |-| | Palm Basic Doc | underground.pdb | 519140 | |-| |-| | Palm Teal Doc | underground-tealdoc.pdb | 520661 | +-+ The Palm formated files will allow you to read the book on a Palm Pilot and various other handheld machines. See http://www.underground-book.com/download.php3 Feel free to forward this message. Julian. -- Julian Assange|If you want to build a ship, don't drum up people |together to collect wood or assign them tasks and [EMAIL PROTECTED] |work, but rather teach them to long for the endless [EMAIL PROTECTED] |immensity of the sea. -- Antoine de Saint Exupery
DoJ cybercrime manual covers PDAs, encryption, secret searches
*** See: http://www.cybercrime.gov/searchmanual.htm *** http://www.wired.com/news/politics/0,1283,41133,00.html The Feds'll Come A-Snoopin' by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Jan. 12, 2001 PST WASHINGTON -- Ever wonder how much leeway federal agents have when snooping through your e-mail or computer files? The short answer: a lot. The U.S. Department of Justice this week published new guidelines for police and prosecutors in cases involving computer crimes. The 500 KB document includes a bevy of recent court cases and covers new topics such as encryption, PDAs and secret searches. It updates a 1994 manual, which the Electronic Privacy Information Center had to file a Freedom of Information Act request to obtain. No need to take such drastic steps this time: The Justice Department has placed the report on its cybercrime.gov site. [...] SECRET SEARCHES: Call it the latest trend in law enforcement: Surreptitious breaking-and-entering of homes and offices. In one recent secret-search case related to computers, the feds sneaked into the office of Nicodemo S. Scarfo, the son of Philadelphia's former mob boss, who allegedly ran a loan shark operation in north New Jersey. Once there, they secretly installed software to sniff Scarfo's PGP passphrase so they could decrypt his communications. Civil libertarians argue secret searches are unconstitutional. "Sneak-and-peek searches may prove useful in searches for intangible computer data. For example, agents executing a sneak-and-peek warrant to search a computer may be able to enter a business after hours, search the computer, and then exit the business without leaving any sign that the search occurred," the Justice Department says. The DOJ argues that secret searches are permissible, despite rule 41(d) of the Federal Rules of Criminal Procedure, which requires agents to notify the person whose home or office has been broken into. But the document admits that courts have "struggled" to reconcile this idea with the U.S. Constitution's privacy guarantees. To clear up any doubt, in mid-1999 the Justice Department proposed legislation that would let police obtain surreptitious warrants and "postpone" notifying the person whose property they entered for 30 days. After vocal objections from civil liberties groups, the administration backed away from the controversial bill. In the final draft of the Cyberspace Electronic Security Act submitted to Congress, the secret-search portions had disappeared. [...] ENCRYPTION: The manual doesn't address whether a criminal defendant can be compelled to give up his passphrase to allow prosecutors to decrypt his files. But it does give one good reason to use useful software like PGPdisk (available for free at pgpi.com) that can create an encrypted hard drive partition that requires a passphrase to access. Under current law, anyone with access to the computer you use -- including your spouse -- can allow the feds to search it without a warrant. (Unless your files are stored on a remote computer on a network, in which case it gets more complicated.) But if your files are encrypted, you might be better off. "It appears likely that encryption and password-protection would in most cases indicate the absence of common authority to consent to a search among co-users who do not know the password or possess the encryption key," the Justice Department says. [...]
Review of History Channel's NSA documentary
[The documentary aired again twice this morning on the History Channel, and it's a fair bet it'll show again later this week. --Declan http://www.wired.com/news/politics/0,1283,41063,00.html History Looks at the NSA by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Jan. 9, 2001 PST WASHINGTON -- As anyone who watched Enemy of the State knows, the National Security Agency is a rapacious beast with an appetite for data surpassed only by its disregard for Americans' privacy. Or is the opposite true, and the ex-No Such Agency staffed by ardent civil libertarians? To the NSA, of course, its devilish reputation is merely an unfortunate Hollywood fiction. Its director, Lt. Gen. Michael Hayden, has taken every opportunity to say so, most recently on a History Channel documentary that aired for the first time Monday evening. "It's absolutely critical that (Americans) don't fear the power that we have," Hayden said on the show. He dismissed concerns about eavesdropping over-eagerness and all but said the NSA, far from being one of the most feared agencies, has become one of the most handicapped. One reason, long cited by agency officials: Encryption. The show's producers obligingly included stock footage of Saddam Hussein, saying that the dictator-for-life has been spotted chatting on a 900-channel encrypted cell phone. That's no surprise. The NSA, as Steven Levy documents in his new Crypto book (which the documentary overlooks), has spent the last 30 years trying to suppress data-scrambling technology through export regulations, court battles, and even personal threats. Instead of exploring that controversial and timely subject that's tied to the ongoing debate over privacy online, "America's Most Secret Agency" instead spends the bulk of an hour on a history of cryptography starting in World War II. Most of the documentary could have aired two decades ago, and no critics are interviewed. One of the few surprises in the otherwise bland show is the NSA's new raison d'etre -- infowar. [...]
Review of Steven Levy's Crypto
http://www.wired.com/news/politics/0,1283,41071,00.html Crypto: Three Decades in Review by Declan McCullagh ([EMAIL PROTECTED]) 8:20 a.m. Jan. 9, 2001 PST WASHINGTON --It took only a year or two for a pair of computer and math geeks to discover modern encryption technology in the 1970s. But it's taken three decades for the full story to be told. Transforming what is an unavoidably nerdy tale into the stuff of passion and politics is not a trivial business, but Steven Levy, the author of Crypto, proves himself more than up to the task. Crypto (Viking Penguin, $25.95), is Levy's compelling history of the personalities behind the development of data encryption, privacy and authentication: The mathematicians who thought up the idea, the businessmen who tried to sell it to an unsure public and the bureaucrats who tried to control it. Levy, a Newsweek writer and author of well-received technology histories such as Hackers and Insanely Great, begins his book in 1969 with a profile of Whit Diffie, the tortured, quirky co-discoverer of public key cryptography. Other characters soon populate the stage: The MIT mathematicians eager to sign documents digitally; Jim Bidzos, the Greek-born dealmaker who led RSA Data Security from ruin to success; and Phil Zimmermann, the peace-activist-turned-programmer who gave the world Pretty Good Privacy. Until their contributions, the United States and other countries suffered from a virtual crypto-embargo, under which the technology to perform secure communications was carefully regulated as a munition and used primarily by soldiers and spies. But what about privacy and security? "On one side of the battle were relative nobodies: computer hackers, academics and wonky civil libertarians. On the other were some of the most powerful people in the world: spies, generals and even presidents. Guess who won," Levy writes. (Full disclosure: A few years ago, Levy asked this writer to help him research portions of the book. For whatever reason -- perhaps he found what he needed elsewhere -- discussions ceased.) Throughout Crypto's 356 pages, Levy takes the perspective of the outsiders -- and, in some cases, rebels -- who popularized the technology. Although he provides ample space for the U.S. government's views, he casts the struggle between crypto-buffs and their federal adversaries in terms familiar to foes of government control. [...]
Where John Ashcroft stands on technology and encryption
http://www.wired.com/news/politics/0,1283,41008,00.html Top Cop Arrives With Mixed Bag by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Jan. 5, 2001 PST For liberal Democrats, John Ashcroft is a maddening symbol of everything wrong with a George W. Bush presidency -- from the former senator's staunch opposition to abortion to his alleged insensitivity regarding race. To conservatives, Bush's nominee for attorney general represents precisely the opposite extreme: A respected leader who will restore integrity to a Justice Department brought low by the Clinton administration. Ashcroft opposes background checks at gun shows, supports increased penalties for drug offenses and would not prohibit discrimination based on sexual orientation. On technology issues, Ashcroft's record as a Missouri governor and senator is mixed. He seems genuinely to believe in privacy rights and economic liberty, and has taken a moderate position on intellectual property and fair-use rights. But free-speech groups already are girding themselves for the legal equivalent of trench warfare, predicting that newly emboldened Department of Justice prosecutors will launch an assault on sexually explicit material online. And Microsoft foes fret that the antitrust division's commitment to the high-profile antitrust case may wane. On one point everyone can agree: More than any other Cabinet member, the next attorney general will be in a position to make crucial decisions with far-reaching effects on antitrust enforcement, privacy protections and free speech rights. "An Ashcroft DOJ could be a decidedly mixed bag for the high-tech sector since he will be engaged in a constant balancing act on most industry issues," says Adam Thierer, an analyst at the free-market Cato Institute who's well connected in Republican technology circles. "While Ashcroft has a very strong record of support for loosening encryption controls, he may be faced with pressure from GOP law-and-order types to moderate his views on this and also be willing to continue, or even expand FBI efforts like Carnivore," Thierer said. Make that a near certainty. It's a fair bet that pro-law enforcement conservatives in the mold of wiretap-happy Rep. Bill McCollum of Florida, who unsuccessfully ran for the state's open Senate seat, will view a Republican DOJ as an opportunity to expand government surveillance and wiretapping powers. Liberal Democrats have vowed opposition to Ashcroft's nomination -- People for the American Way even assembled a detailed criticism of the nominee -- but privately confide that they don't expect to successfully block his confirmation by the Senate. Wiretapping and Carnivore: Under Attorney General Janet Reno, a DOJ panel has reviewed the FBI's controversial Carnivore surveillance system and extended a tentative blessing. But critics panned the review board as uniformly pro-government, as first reported by Wired News, and independent researchers refused to participate in the process. Ashcroft is the former two-term attorney general and two-term governor of Missouri. During his time there, he cemented his reputation as a solid conservative eager to lower taxes and build new prisons. [...] Encryption: More than almost any other senator, Ashcroft has been a foe of the Clinton administration's restrictions on encryption products. He convened at least one key hearing on the subject and consistently took a pro-privacy point of view. Under federal law, a president has the power to levy export restrictions punishable by fines and jail time. The Clinton administration recently relaxed the regulations, against DOJ and FBI opposition, but did not remove them. The attorney general has no direct authority over encryption regulations, but the DOJ under Reno has lobbied Congress for more stringent controls, and is a key participant in administration decisions on the topic. Also, Ashcroft's position on encryption could indicate how he views broader privacy matters. "The great thing about working for him is he truly understands technology," says Bartlett Cleland, a former Ashcroft aide who is now a vice president at the Information Technology Association of America. "I'd rather have someone there who's thoughtful and considerate rather than a knee-jerk person." "John has a record in the Senate that says he stood up very strongly on encryption, including holding hearings and defending the Fourth Amendment against Louis Freeh," Cleland says. Lisa Dean, vice president of the conservative Free Congress Foundation, said in a statement on Thursday: "Privacy was always a top concern and as a result, (Ashcroft) did a l
Re: FC: Congress weighs crypto-in-a-crime, wiretapping legislation
Finally catching up on some email... I didn't write the article; it was published in the National Review, a weekly conservative newspaper (http://www.nationalreview.com/kopel/kopel121500.shtml). I assume they do at least rudimentary fact checking, and I believe David Kopel, the author, to be a careful writer. You can find the text of the "medal of valor" legislation, which does not look like it passed during the 106th Congress, here: http://thomas.loc.gov/cgi-bin/query/z?c106:H.R.46: Of interest to the list is the crypto-in-a-crime provision: (c) AMENDMENT OF SENTENCING GUIDELINES RELATING TO USE OF ENCRYPTION- Pursuant to its authority under section 994(p) of title 28, United States Code, the United States Sentencing Commission shall amend the Federal sentencing guidelines and, if appropriate, shall promulgate guidelines or policy statements or amend existing policy statements to ensure that the guidelines provide sufficiently stringent penalties to deter and punish persons who intentionally use encryption in connection with the commission or concealment of criminal acts sentenced under the guidelines. Similar language was included in some of the "crypto liberalization" bills such as SAFE in the past. -Declan On Thu, Dec 28, 2000 at 10:00:52AM -0500, William Allen Simpson wrote: Declan, I've looked at the floor activity for that day, and searched the house record [Page: H12100 et seq]. I cannot find any mention of HR.46, or "encryption", or "wiretapping". I also looked at every reference to the word "computer", which appears frequently. Could your sources be more specific as to how this was passed? Sometimes, it's better to say "Senate" when you mean only the Senate, and give specific names of supporters (Stevens, Hatch), rather than tarring the whole "Congress" with bills that are going nowhere.
Zero Knowledge, after poor software sales, tries new gambit
Also see ZKS press release: http://www.zeroknowledge.com/media/pressrel.asp?rel=10312000 http://www.wired.com/news/business/0,1367,39895,00.html Privacy Firm Tries New Gambit by Declan McCullagh ([EMAIL PROTECTED]) 2:00 a.m. Nov. 1, 2000 PST WASHINGTON -- Zero Knowledge Systems seems to have finally realized a harsh truth: Internet users don't like to pay extra to protect their privacy. The Montreal-based firm won acclaim for its sophisticated identity-cloaking techniques, but very few people appear to have paid the $49.95 a year to shield their online activities from prying eyes. That's not exactly a heartening prospect for a company with 250 employees to pay and $37 million in venture capital funds to justify -- especially when already high-strung investors have become nervous about Internet companies that have never made a profit. Zero Knowledge's solution: A kind of privacy consulting service it announced on Tuesday. Through it, the company hopes to capitalize on the growing privacy concerns of both consumers and businesses -- and, most importantly, finally enjoy some revenues. "This is a new focus for Zero Knowledge: helping businesses build in privacy technologies in how they deal with customer data flow," Austin Hill, co-founder and chief executive, said in a telephone interview. "As customer expectations have increased with privacy, and how governments have started to regulate some privacy standards ... all of a sudden, companies are having to think, 'Hold on, how do I build in privacy?'" Hill said. Hill and his staff of technologists -- including veterans like cryptologists Stefan Brands and Ian Goldberg -- aren't alone in eyeing the privacy-consulting business as a lucrative one. Many of the established consulting businesses such as PricewaterhouseCoopers and Ernst and Young offer privacy services. IBM launched such a business in 1998, and an Andersen Consulting representative says that privacy awareness is "a component of almost anything we do." [...]
Re: [FYI] SDMI cracked.
See also: http://www.inside.com/story/Story_Cached/0,2770,11418_9_16_1,00.html Are SDMI Technologies All Hacked? Chiariglione Says No One Knows Yet By Jon O'Hara Saturday , October 14 01:05 a.m. As members of the Secure Digital Music Initiative, or SDMI, prepared for their October meeting in Los Angeles on Friday afternoon, executive director Leonardo Chiariglione had some harsh words for those claiming an early victory for the hackers in the organization's public challenge to defeat its selected security technologies. ''When a publication makes such a completely wrong, unfounded, anonymous slander, I think it deserves a very strong answer,'' Chariglione told Inside, referring to a report appearing on Salon.com Thursday citing anonymous sources that claimed each of the six technologies offered up for hacking by the SDMI had been compromised. ''It's simply not true, because we, ourselves, don't have that information. We have about 450 files, with 450 descriptions of methods -- you ... On Sun, Oct 15, 2000 at 08:56:21PM +0200, Axel H Horns wrote: http://www.salon.com/tech/log/2000/10/12/sdmi_hacked/index.html - CUT SDMI cracked! Hackers break the recording industry's vaunted music protection system. By Janelle Brown Oct. 12, 2000 | Watch out -- recording industry executives are about to start running for cover. All of the Secure Digital Music Initiative's watermarks -- its much ballyhooed music protection scheme -- have been broken. A spokesperson for SDMI has denied the reports, but according to three off-the-record sources, the results of the Hack SDMI contest are in and not one single watermark resisted attack. [...] Is there an alternate solution, though? Many SDMI members think there isn't one -- and that this could mean that SDMI will now implode for lack of any plausible ideas for how to meet the recording industry's demands for secure music. [...] - CUT
Re: Rijndael wins
Perry: Right. My article will be going up on wired.com shortly, if it hasn't already. Meanwhile, here's an excerpt below. Also see a press release from the winner, who was notified in advance: http://www.esat.kuleuven.ac.be/cosic/press/pr_aes_english.html So were other firms and analysts, who had statements at the event for reporters to peruse. -Declan Excerpt: "We chose this system because of its low memory, its easy access to parallelism, its fast key setup, and easy implementation," said NIST Director Ray Kammer. Kammer said a panel of NIST cryptographers decided on one cipher instead of multiple standards because of concerns about interoperability. He said there were no patent or licensing issues for programmers to worry about with this cipher or any of the other finalists. "If Moore's law continues and quantum computing doesn't manifest itself, then I think this system will have a good 30 year run," Kammer said. On Mon, Oct 02, 2000 at 11:58:24AM -0400, Perry E. Metzger wrote: I was unable to get in on the webcast, but third parties inform me the winner was Rijndael (pronounced like "rhine dahl" for ignorant English speakers.) -- Perry E. Metzger [EMAIL PROTECTED] -- Quality NetBSD Sales, Support Service. http://www.wasabisystems.com/
Treasury Department worries about ecash, anonymity
http://www.wired.com/news/politics/0,1283,38955,00.html Feds: Digital Cash Can Thwart Us by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. Sep. 22, 2000 PDT WASHINGTON -- A Treasury Department report warns that technologies such as the Internet and electronic cash could thwart the federal government's efforts to conduct surveillance of bank and credit card transactions. The internal strategic plan predicts that technology may help law enforcement by allowing agents to assemble ever-growing databases of Americans' financial activities, but it can also provide more anonymity than ever before. Treasury's Financial Crimes Enforcement Network (FinCEN) prepared the 36-page document, which was obtained by Wired News. It says: "The development of new technologies -- such as electronic cash, electronic purses, Internet or smartcard based electronic payment systems, and Internet banking -- is increasing the ability of individuals to rapidly transfer large sums of money, and could pose a challenge for FinCEN and other law enforcement agencies combating money laundering." [...]
Washington RSA patent expiration party TONIGHT
We may not be sponsored by a half-dozen dot coms, but we're going to have even more fun. :) If you're in the DC area, join us to toast the official end of the patent at midnight tonight. --Declan Peter Wayner and Declan McCullagh present The End of Patent 4,405,829 Party Wednesday, September 20, 2000 7 pm 'til the official end at midnight in Adams Morgan, Washington, DC Why: Some say that US Patent 4,405,829 suppressed a wonderful technology by giving one company a monopoly on an algorithm. Others say that the patent ensured that there was sufficient financial backing that helped develop the technology. RSA did use its legal rights under the patent to pressure Phil Zimmermann when he developed PGP. In any case, the debate is now over. Come celebrate the algorithm developed by Ron Rivest, Adi Shamir and Len Adleman that gave us privacy and authentication for the web. To RSVP and for directions, email [EMAIL PROTECTED] or [EMAIL PROTECTED]
Judge sides with Hollywood in DeCSS descrambling case
Decision is at: http://www.nysd.uscourts.gov/courtweb/pdf/D02NYSC/00-08117.PDF Final judgment and order: http://www.nysd.uscourts.gov/courtweb/pdf/D02NYSC/00-08118.PDF http://www.wired.com/news/politics/0,1283,38287,00.html Studios Score DeCSS Victory by Declan McCullagh ([EMAIL PROTECTED]) 11:40 a.m. Aug. 17, 2000 PDT LOS ANGELES -- A DVD-descrambling program is akin to a virulent Internet epidemic that must be eradicated, a federal judge said Thursday as he agreed with Hollywood that DVDs must be protected from decryption and copying. Comparing the DeCSS utility to a "common-source outbreak epidemic," U.S. District Judge Lewis Kaplan said "there is little room for doubting that broad dissemination of DeCSS threatens ultimately to injure or destroy plaintiffs' ability to distribute their copyrighted products on DVDs, and, for that matter, undermine their ability to sell their products to the home video market in other forms." The lawsuit, which was filed in federal court in New York, and a similar one pending in state court in California, are part of an aggressive campaign by Hollywood to protect its content from illicit distribution online. The Napster file-trading service has come under attack, as have iCraveTV and Scour.net. Kaplan's 93-page ruling against hacker-zine 2600 Magazine, which eight movie studios sued after it posted DeCSS on its website, likely will have far-reaching effects in the computer industry. It prevents 2600 from not only distributing copies of DeCSS, but also linking to Web pages or areas of a website where it resides. That could affect other online news organizations, which have occasionally linked to DeCSS as part of their coverage of the lawsuit. "I'm very troubled by the implications of the analysis in this case, particularly with regard to linking," said Stuart Biegel, a senior lecturer at the UCLA School of Law. "The distinction set forth in this opinion between different types of linking is a nebulous one." The Motion Picture Association of America, which has backed the lawsuit, applauded the ruling. "Today's landmark decision nailed down an indispensable constitutional and congressional truth: It's wrong to help others steal creative works," MPAA president Jack Valenti said in a statement. "The court's ruling is a victory for consumers and for legitimate technology." The Electronic Frontier Foundation, which has paid for the legal defense of 2600 publisher Emmanuel Goldstein, said it would appeal the ruling. Kaplan's decision, if upheld on appeal, could endanger not just websites distributing DeCSS -- and there seem to be thousands of them -- but efforts by the Linux community to develop an open-source DVD player. The LiViD project, for instance, is attempting to build a modular suite of software DVD players, and to do that, programmers incorporated the same code used in DeCSS. Kaplan's order said that anyone acting "in concert" with 2600 is prohibited from distributing or linking to any program that circumvents the DVD-protection algorithm called CSS. "Now the MPAA has an avenue to go around bullying anyone offering the LiViD project files, simply by making an argument that they're operating in conjunction with 2600, and 2600 has been enjoined from posting any CSS code, not just the infamous DeCSS.exe," wrote one irate poster on an open-source-related mailing list. [...]
Sen. Lieberman supports warrantless wiretaps, crypto-regs
http://www.wired.com/news/politics/0,1283,38207,00.html Lieberman's Privacy 'Tap' Dance by Declan McCullagh ([EMAIL PROTECTED]) 7:53 a.m. Aug. 15, 2000 PDT The Democratic Party platform that delegates will adopt this week embraces personal privacy despite the checkered voting record of their vice presidential candidate. During his 12 years in the Senate, Connecticut's Joseph Lieberman has supported regulations on medical data collection while at the same time championing expanded surveillance powers for law enforcement. In 1995, for instance, Lieberman began a campaign to let police perform short-term warrantless wiretaps in some cases that involved potential "violent acts." He attempted to offer his warrantless-wiretap amendment to an anti-terrorism bill being considered by the Senate in response to the Oklahoma City bombing. "I can imagine a number of situations where the power granted by (this amendment) would provide exactly the kinds of tools that could make a difference in stopping terrorists before they strike," Lieberman said in a floor speech at the time. He called "electronic surveillance, particularly in this high-technology communication age" one of the most powerful tools police have against criminals. That anti-privacy stance seems to conflict with the strong language in the 2000 Democratic Party platform, which talks of the "right to choose whether personal information is disclosed; the right to know how, when, and how much of that information is being used; the right to see it yourself; and the right to know if it is accurate." During this election season, electronic privacy concerns have reached an all-time high, fueled by concerns about systems such as Echelon and Carnivore. In July, the European Parliament appointed a committee to investigate Echelon, and last week Attorney General Janet Reno said she would ask an unnamed university to audit the FBI's Carnivore software. "One has to question where Lieberman stands on privacy," says Sonia Arrison, director of technology policy at the free-market Pacific Research Institute. "On the one hand, it's terrifying to think that a potential vice president would support wiretapping without a warrant, but on the other hand he's been eager to enforce privacy policies on government websites. I think he needs to come clean on this issue." A spokesman for Lieberman who asked not to be identified by name defended the Connecticut Democrat's record: "He has a pro-Internet agenda. And he is concerned and attentive to the privacy of Internet users." To be sure, Lieberman has taken stands that drew praise from civil libertarians. Months before he became Vice President Al Gore's running mate, Lieberman requested that auditors at the General Accounting Office investigate whether or not federal agencies are complying with government-wide privacy standards. A recent investigation by Wired News showed that many federal websites are violating White House rules about using cookies. Months before he became Vice President Al Gore's running mate, Lieberman requested that auditors at the General Accounting Office investigate whether or not federal agencies are complying with government-wide privacy standards. A recent investigation by Wired News showed that many federal websites are violating White House rules about using cookies. Lieberman also co-sponsored a medical-reform bill that required companies participating in Medicare and Medicaid programs to report additional information to the federal government. Data submitted are supposed to remain confidential. But Lieberman, the former attorney general of Connecticut, frequently appears to agree with law enforcement and national security officials when they argue for more eavesdropping abilities. One criticism of Lieberman's warrantless-wiretapping plan came from Sen. Orrin Hatch (R-Utah), the chair of the Judiciary committee. Hatch opposed the amendment, saying it would define activist groups as potential "terrorists" and permit police to conduct surveillance without a judge's approval. Hatch, a conservative Mormon, said groups like ACT-UP and environmental activists could be targeted under Lieberman's plan. "This amendment could thus permit the government to listen to the conversations of such groups without obtaining a court order. ... I am concerned that this provision, if enacted, would unnecessarily broaden emergency wiretap authority," Hatch said. Lieberman's spokesman said the purpose of the amendment was to update existing wiretap laws to cover terrorist activity, and that if a judge eventually nixed the wiretap, the information gathered could not be used in court. U.S. law had already allowed for temporary warrantless taps in other areas. The Senate defeated Lieberman's amendment 52 to 28 by tabling it, but a related amendment he offered at the same time became law. The law grants more
MojoNation file sharing system plans to beat Napster, Gnutella
http://www.wired.com/news/technology/0,1282,37892,00.html Get Your Music Mojo Working by Declan McCullagh ([EMAIL PROTECTED]) 5:45 p.m. Jul. 29, 2000 PDT LAS VEGAS -- A new file-sharing system could best rivals like Napster and Gnutella through more anonymous and efficient transfers. The service has an innovative feature that rewards users for uploading and distributing files: payment in a form of digital currency called "Mojo." "It's a cross between Napster and eBay," says Jim McCoy, the 30-year-old CEO of Autonomous Zone Industries, which created the open-source MojoNation software. McCoy's goal is nothing if not ambitious: to create the first file-sharing economy of agents, servers, and search engines in which senders and receivers can agree on prices for each transaction and use micropayments to get paid. The prospect of millions of users spending Mojo tokens on pirated movies and songs is sure to draw the wrath of the entertainment industry, which has sued to shut down Napster and erase a DVD-descrambling program from the Web. Another probable early use is pornography copied from other sites, and companies such as Penthouse's publisher also have shown they're willing to take legal action. Autonomous Zone says that since it -- unlike Napster -- does not keep a master index of files, its employees are simply unable to remove references to illegal files stored on MojoNation servers. "We are a bigger threat because we can survive most attacks," McCoy says. But the startup claims it wants to work with Hollywood through a voluntary-payment-for-downloads feature that the firm's programmers have dubbed "PayLars," a reference to Metallica drummer and Napster foe Lars Ulrich. "When the president of Sony comes to us, we'll say Gnutella's never going to do anything for you," says the Autonomous Zone programmer who goes by the name Zooko Journeyman. "Fight them or die -- or join us and prosper." In an attempt to spread MojoNation quickly through the hacker underground, Autonomous Zone plans to release the beta version at the DefCon convention this weekend in Las Vegas. Versions will be available on sourceforge.net for Windows and Linux machines. MojoNation's current stage of development is somewhere between a working prototype and a polished final product. It works, but a friendly interface is still being shaped, and as of Friday, company programmers were still unearthing some remaining bugs. At least when its development is complete, MojoNation should combine the ease of use and search capabilities of Napster and Gnutella with the kind of distributed server network that FreeNet uses. Files that are uploaded to a Freenet server remain online after a user disconnects, but Freenet does not support searching or micropayments. But will MojoNation be compelling enough to make other users switch? "It doesn't seem to buy anything over Gnutella," says Jon Lasser, author of Think Unix. "It's not clear to me who is served by this system." The libertarian-leaning cypherpunks -- only about seven so far -- who work at Autonomous Zone are pinning their hopes on creating an emergent network of electronic buyers, sellers, and service providers, all exchanging tokens that might represent as little as one-thousandth of a cent. Another addition: A limited form of reputation-tracking, so you can determine which service providers are the most reliable. The first time you log on, you generate a public and private key pair that the system uses to identify you. "It is an ant colony of sorts -- tons of agents, each with its own specialized goal," says McCoy, a former Yahoo engineer who founded Autonomous Zone last summer and is providing the seed capital. By pinning even an infinestimal value on all transactions, the company plans to discourage piggish folks who download more than they contribute in return. To earn Mojo tokens, users can sell their extra bandwidth or disk space and act as servers, or create their own service that others want to pay for. A successful system would also likely include money exchangers who buy and sell Mojo tokens in exchange for dollars. Before a MojoNation user uploads a file, the client software splits it into eight pieces using an algorithm akin to that used in RAID hard disk arrays: Only four pieces are necessary to reconstruct the entire file, and the sender can try to use the network to cloak his or her identity. ###
Government officials weigh in on HavenCo, from Wired News
http://www.wired.com/news/business/0,1367,36749,00.html A Data Sanctuary is Born by Declan McCullagh ([EMAIL PROTECTED]) 5:00 p.m. Jun. 4, 2000 PDT WASHINGTON -- A windswept gun tower anchored six miles off the stormy coast of England is about to become the first Internet data haven. A group of American cypherpunks has transformed the rusting fortress, erected by the British military during World War II to shoot down Nazi aircraft, into a satellite-linked virtual home for anyone looking for a secure place to store sensitive or controversial data. The founders of HavenCo, which will announce operations on Monday, believe the concept will appeal to individuals and businesses looking for a "safe haven" from governments around that world that are becoming more and more interested in Internet regulation and taxation. It's for "companies that want to have email servers in a location in which they can consider their email private and not open to scrutiny by anyone capable of filing a lawsuit," says Sean Hastings, the 32-year-old chief executive of HavenCo. Hastings says that because a 1968 British court decision effectively recognized the basketball court-sized island as a sovereign nation called Sealand, HavenCo can provide more privacy and legal protections then anyone else on the planet. To create HavenCo -- which will offer Linux servers for $1,500 a month -- the founders signed an agreement with Roy Bates, the quirky "crown prince" of Sealand who landed on the abandoned platform in 1966 and claimed it as an independent nation with its own currency, stamps, and flag. Bates, a former British Army major, has undertaken a string of failed business ventures in an attempt make use of the world's tiniest country -- a platform just 10 by 25 yards that perches atop two cement caissons in the North Sea. One plan was to build Sealand into a three-mile-long, man-made island with an airport and banks. Another venture included working with German investors to build a $70 million hotel and gambling complex -- a scheme that fell apart with the Germans taking over the fortress in 1978 and Bates regaining control in a dramatic helicopter raid at dawn. This time the elder Bates, now about 80 years old, is taking no chances on his business partners: His son and royal heir-apparent, Michael, is HavenCo's chief logistics officer and the royal family has a seat on the board. But today Sealand's potential adversaries include not merely a few expansion-minded Germans, but nervous government officials who are aggressively trying to pull the plug on unapproved offshore activities. During a Paris summit in May, for instance, representatives of the Group of Eight (G8) nations met to hammer out an agreement on international Net law. "The idea is to produce a global text so there cannot be 'digital havens' or 'Internet havens' where anyone planning some shady business could find the facilities to do it," French Interior Minister Jean-Pierre Chevenement said at the time. When Sealand was simply an eccentric's hobby, the British government largely ignored the smallest country in the world. But if HavenCo becomes a popular destination for gambling, money laundering, or other socially disapproved activities, governments could move against it. The Home Office in London could restrict the microwave links that provide HavenCo with its lifeline to the outside world, and the companies offering satellite connectivity could come under pressure from regulators in their home countries. HavenCo could even find its bank accounts imperiled. For their part, HavenCo executives say they hope to avoid negative publicity. "We don't intend to make anyone angry at us. We simply want to provide online businesses a place with a sane set of rules that are not constantly changing," Hastings said. "If larger nations have a problem with unrestricted information flow, then their problem is with the increase in information technology, and not with us. They can't put the genie back in the bottle until every individual on the planet has had their three wishes come true," he said. Somewhat ironically, bandits recently set up a fake "Principality of Sealand" website to sell citizenship to unsuspecting visitors. Spanish authorities reportedly are investigating a gang involved with drug smuggling and arms trafficking using those passports. In a bizarre incident, one "Sealand" passport of dubious origin surfaced in connection with the July 1997 murder of fashion designer Gianni Versace in Miami. The British Embassy in Washington declined to comment on what would prompt Lo
Re: Hidden secret search provision in the meth bill two others
I mentioned the "secret search" provisions in the meth bill before the House Judiciary committee in a May 9 article: http://www.wired.com/news/print/0,1294,36209,00.html This is similar to a letter from Reno in January that said cops could do secret searches and seizures (in the context of snatching private keys) without new legislation: http://www.wired.com/news/print/0,1294,33779,00.html In my weekly column last week I mentioned the meth vote in House Judiciary still hadn't happened, probably due to pressure from drug legalization activists: http://www.wired.com/news/politics/0,1283,36452,00.html The CDT letter is more detailed, but I've placed an ACLU "suggested amendments to the meth bill" letter here: http://www.politechbot.com/docs/meth-aclu.050800.html -Declan At 18:42 5/22/2000 -0700, John Gilmore wrote: I have not verified this, but if true, time is of the essence. It's time to HOWL to your Congressmen to stop them! Whenever you read one of those "clerical amendments" that inserts phrases into other parts of other laws -- watch out! Somebody is trying to pull the wool over your eyes. John
House commerce committee votes to ban radio-decryption gear
http://www.wired.com/news/politics/0,1283,36401,00.html House Reps Ban Wireless Decoding by Declan McCullagh ([EMAIL PROTECTED]) 3:30 p.m. May. 17, 2000 PDT WASHINGTON -- Americans may no longer buy radio receivers that decode PCS cellular or pager transmissions, a House panel said Wednesday. The House Commerce Committee also voted to make it a crime to sell electronic gadgets that can "decode encrypted radio transmissions for the purposes of unauthorized interception." The criminal penalties, which were attached to a tax harmonization bill, expand existing law, which already bans the sale of devices that can intercept analog cellular conversations. [...]
Planned Net-treaty limits privacy, may compel key disclosure
The document: http://www.politechbot.com/docs/treaty.html http://www.wired.com/news/politics/0,1283,36047,00.html Cyber-treaty Goes Too Far? by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. May. 3, 2000 PDT WASHINGTON -- U.S. and European police agencies will receive new powers to investigate and prosecute computer crimes, according to a preliminary draft of a treaty being circulated among over 40 nations. The Council of Europe's 65KB proposal is designed to aid police in investigations of online miscreants in cases where attacks or intrusions cross national borders. But the details of the "Draft Convention on Cybercrime" worry U.S. civil libertarians. They warn that the plan would violate longstanding privacy rights and grant the government far too much power. The proposal, which is expected to be finalized by December 2000 and appears to be the first computer crime treaty, would: * Make it a crime to create, download, or post on a website any computer program that is "designed or adapted" primarily to gain access to a computer system without permission. Also banned is software designed to interfere with the "functioning of a computer system" by deleting or altering data. * Allow authorities to order someone to reveal his or her passphrase for an encryption key. According to a recent survey, only Singapore and Malaysia have enacted such a requirement into law, and experts say that in the United States it could run afoul of constitutional protections against self-incrimination. * Internationalize a U.S. law that makes it a crime to possess even digital images that "appear" to represent children's genitals or children engaged in sexual conduct. Linking to such a site also would be a crime. * Require websites and Internet providers to collect information about their users, a rule that would potentially limit anonymous remailers. [...] -- POLITECH -- the moderated mailing list of politics and technology To subscribe, visit http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ --
Intel nixes ID tracking numbers in future 1.5 GHz Willamette chip
** Background: http://www.politechbot.com/cgi-bin/politech.cgi?name=intel ** http://www.wired.com/news/politics/0,1283,35950,00.html Intel Nixes Chip-Tracking ID by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. Apr. 27, 2000 PDT Hoping to avoid another campaign by privacy activists, Intel has decided not to include a controversial user identification feature in its forthcoming 1.5 GHz Willamette chip. Absent from Willamette's design are a unique ID number and other security measures that could be used to limit piracy by tracking users, an Intel source said Wednesday. "The decision has been made and the engineers have already been told," said the source, who spoke on the condition of anonymity. "The gains that it could give us for the proposed line of security features were not sufficient to overcome the bad rep it would give us." In January 1999, Intel said it would wire a unique ID into each Pentium III chip, but then disabled it after privacy activists began a boycott and a prominent House Democrat denounced the plan. An Intel management committee, after hearing from marketing, privacy, and engineering representatives who were opposed to the idea, reportedly made the decision not to include similar features in the much-anticipated Willamette chip, the source said. Besides the serial number, the other missing features include support for hardware digital certificates -- something banking and finance firms would have preferred [...]
Re: injunction issued against cphack
At 11:07 3/18/2000 -0500, Steven M. Bellovin wrote (on whether the TRO applies to non-defendants): Well, the AP story had a different quote from the attorney, so it may be reporter perception. It applies to the four (2 ISP, 2 individual) defendants and those acting in concert with them. It seems a stretch to me to say it covers non-defendants who have never been to Massachusetts and have never even exchanged email with the authors of the cphack utility, which is why I didn't buy the spin in my article I wrote yesterday. But here it is, if you wanna see what they're saying... I'll have more stuff up at http://www.politechbot.com/cyberpatrol/ soon. -Declan From: "Sydney Rubin" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Date: Fri, 17 Mar 2000 19:32:27 -0500 X-Mailer: Microsoft Outlook Express 5.00.2314.1300 Here's the release we issued at 2:30 today that quotes from the injunction and shows that the restraining order applies to the mirrored sites, as well as the original four defendants -- Skala, Jansson, Scandanvia Online and Islandnet. Use of the words "agents" and "those persons in active concert or participation with them" in the ruling applies to the mirrored sites. FOR IMMEDIATE RELEASE CONTACT: Sydney Rubin Ignition Strategic Communications 202/244-1200 FEDERAL JUDGE GRANTS COMPANY IMMEDIATE INJUNCTION AGAINST HACKERS WHO VIOLATED U.S. COPYRIGHT LAW Judge Agrees Hackers' Actions Likely Violate Intellectual Property Rights of Microsystems Software and Undermine Parents' Ability to Protect Children FRAMINGHAM, MASS. (March 17, 2000) A Federal Judge in Boston today issued a temporary restraining order against two hackers prohibiting them from distributing code that undermines the ability of parents using Cyber Patrol to protect children from inappropriate content online. U.S. District Judge Edward F. Harrington ordered that the "defendants, their officers, agents, servants, employees, attorneys and those persons in active concert or participation with them, shall discontinue publishing defendant's Cyber Patrol bypass code and binaries (known as "CP4break.zip" or "cphack.exe" or any derivative thereof)." The ruling prohibits further distribution over the Internet into the United States of the bypass code and binaries published by the hackers and "mirrored," or copied, on other sites throughout the World Wide Web. "The ruling means that the defendants and those redistributing the defendants' illegal work product will be in violation of a U.S. Federal Court order if they distribute the material into the United States," said Irwin B. Schwartz, a partner in the Boston law firm of Schwartz and Nystrom, LLC, which represents Microsystems. The ruling also granted the company expedited discovery into who had downloaded the illegal material derived from the copyright violations. Microsystems Software, maker of the Internet filtering software Cyber Patrol, filed for the temporary restraining order on Wednesday Massachusetts Federal District Court. The complaint was against two hackers in Canada and Sweden, Matthew Skala and Eddy L.O Jansson, as well as the two Internet Service Providers hosting the hackers' Web sites, Islandnet.Com in Canada and Scandinavia Online AB in Sweden. The complaint alleged the hackers violated copyright law by reverse engineering Cyber Patrol software and then using the illegally-obtained source code to develop an executable program that allows users to bypass the software. The hackers then posted pieces of the Cyber Patrol source code and their executable program on the Internet and publicized their work via e-mailed press releases. The pair also published portions of the proprietary Cyber Patrol list of filtered sites, but this was not part of the complaint filed by the company. Judge Harrington gave the company permission to serve notice of the immediate injunction via email to the defendants and "their agents." The company was serving the electronic notices immediately. Violating a Federal Court Order is punishable by a fine or prison. The willful and knowing violation of U.S. Copyright Law can carry sanctions of up to $100,000 per violation. Defendants receiving the notices are ordered by the court to "preserve inviolate the software and information that makes up all such Web sites, source or object code and documents relating to Cyber Patrol, as well as all records which reflect the identity or number of persons who downloaded CP4break.zip or cphack.exe from the Web sites." Cyber Patrol is the world's most widely-used Internet filtering software. Microsystems' technology is used by America Online for its parental controls and hundreds of thousands of families have purchased Cyber Patrol software to help protect children from Web
Re: [Fwd: Export Administration Act of 1979]
At 11:49 3/7/2000 -0500, William Allen Simpson wrote: It was reported that Clinton was keeping the export controls going by executive order, even tho' congress had failed to re-authorize the sunsetted legislation. I asked my local congress-critter about it, and here is the response. I found it enlightening. And quoted his congresscritter: Congress often lets programs ride until a consensus can be reached. There is some talk that the EAA may be reauthorized this year. Following is some info on this, including a presidental declaration of emergency and an excerpt from the Bernstein legal team docs. -Declan http://www.eff.org/bernstein/Legal/970107_supplemental.complaint STATUTORY AND REGULATORY CONTEXT 7. The EAA expired on August 20, 1994. 8. The President has continued the EAR to the extent permitted by law under authority of the International Emergency Economic Powers Act ("IEEPA"), 50 U.S.C. sec. 1701 et seq. Executive Order 12,924 (1994) ("EO 12924"), 59 Fed.Reg. 43437; Notice of Aug. 15, 1995, 60 Fed.Reg. 42767 (Aug. 17, 1995); Notice of Aug. 14, 1996, 61 Fed.Reg. 42527 (Aug. 14, 1996). Date: Fri, 14 Aug 1998 11:35:05 -0700 (PDT) From: Declan McCullagh [EMAIL PROTECTED] To: [EMAIL PROTECTED] [Actually, it's just extending the existing one. So the White House can continue to restrict exports of crypto software like Netscape and Microsoft's web browsers. --Declan] CONTINUATION OF EMERGENCY REGARDING EXPORT CONTROL REGULATIONS On August 19, 1994, consistent with the authority provided me under the International Emergency Economic Powers Act (50 U.S.C. 1701 et seq.), I issued Executive Order 12924. In that order, I declared a national emergency with respect to the unusual and extraordinary threat to the national security, foreign policy, and economy of the United States in light of the expiration of the Export Administration Act of 1979, as amended (50 U.S.C. App. 2401 et seq.). Because the Export Administration Act has not been renewed by the Congress, the national emergency declared on August 19, 1994, must continue in effect beyond August 19, 1998. Therefore, in accordance with section 202(d) of the National Emergencies Act (50 U.S.C. 1622(d)), I am continuing the national emergency declared in Executive Order 12924. This notice shall be published in the Federal Register and transmitted to the Congress. WILLIAM J. CLINTON THE WHITE HOUSE, August 13, 1998
Justice Department criticizes online anonymity
Of more relevance to this list, perhaps, is yesterday's testimony of the FBI's Michael Vatis with the bureau's usual crypto-complaints: http://www.house.gov/judiciary/3.htm convicted terrorist Ramzi Yousef, the mastermind of the World Trade Center bombing, stored detailed plans to destroy United States airliners on encrypted files on his laptop computer. -Declan http://www.wired.com/news/politics/0,1283,34659,00.html U.S. Wants Less Web Anonymity by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 1.Mar.2000 PST WASHINGTON -- The U.S. government may need sweeping new powers to investigate and prosecute future denial-of-service attacks, top law enforcement officials said Tuesday. Anonymous remailers and free trial accounts allow hackers and online pornographers to cloak their identity, deputy attorney general Eric Holder told a joint congressional panel. "A criminal using tools and other information easily available over the Internet can operate in almost perfect anonymity," Holder told the panel. Holder said the Clinton administration is reviewing "whether we have adequate legal tools to locate, identify, and prosecute cyber criminals," but stopped short of endorsing a specific proposal. Currently no laws require U.S. Internet users to reveal their identity before signing up for an account, and both fee-based and free services offer anonymous mail, Web browsing, and dialup connections. [...]
Irish take different crypto-approach from their neighbor
http://www.wired.com/news/politics/0,1283,34350,00.html Irish, UK Crypto Regs Far Apart by Karlin Lillington ([EMAIL PROTECTED]) 3:00 a.m. 16.Feb.2000 PST DUBLIN, Ireland -- Britain is likely to become the first country in the world to make imprisonment a possible consequence of refusing to surrender, or even losing, one's private encryption keys. At the same time, neighboring Ireland is preparing legislation that would make it the first country to prohibit law enforcement from forcing encryption users to hand over their private keys. The new British law also would compel Internet service providers to build in "reasonable interception capabilities" to networks and could force ISPs to hand over data traffic information -- email destinations, Web site visits, IP names -- to law enforcement without a search warrant. It includes provisions for listening in on mobile and satellite phone calls, intercepting pager messages, and bugging office switchboards. The topsy-turvy state of affairs is emblematic of the approach of the two countries to electronic commerce legislation. ...
New don't-ask-don't-tell encryption policy
http://www.wired.com/news/politics/0,1283,33651,00.html Don't-Ask-Don't-Tell Encryption by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 14.Jan.2000 PST WASHINGTON -- If there's one lawsuit the US government would dearly like to see vanish, it's the case of Bernstein v. Department of Commerce. The suit, which began with graduate student Daniel Bernstein's earnest desire to post a simple computer program to the sci.crypt Usenet newsgroup in 1992, threatens to topple an imposing colossus of government rules that regulate privacy-protecting encryption products. Suffice it to say that's not an outcome that law enforcement or national security officials would applaud. So it's no coincidence that those cunning Justice Department lawyers may have found a way to get rid of the suit. This week's announcement by the Clinton administration that it was changing current encryption regulations gives government attorneys additional ammunition to use in court against the Bernstein lawyers. [...snip...]
Illegal NSA spying? It won't be the first time -- a look at history
http://www.wired.com/news/politics/0,1283,33026,00.html Spies Left Out in the Cold by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 13.Dec.1999 PST It's enough to spook any spy. Congress plans to hold hearings next year that will, for the first time in a quarter century, investigate whether the National Security Agency is too zealous for our own good. Much has changed since those hearings in 1975. Instead of being a place so secretive that the Department of Justice once abandoned a key prosecution rather than reveal the National Security Agency's existence in court, "the Fort" has become enmeshed in popular culture. Techno-thrillers like Enemy of the State, Mercury Rising, Sneakers, and even cut-rate TV series like UPN's 7 Days regularly depict NSA officials -- to their chagrin -- as eavesdrop-happy Nixonites. But one thing has remained the same. The agency is barred from spying inside the United States and is supposed to snoop only on international communications. Through a system reportedly named Echelon, it distributes reports on its findings to the US government and its foreign allies. Do those findings include intercepted email messages and faxes sent by Americans to Americans? Maybe, and that's what's causing all the fuss. News articles on Echelon have captured the zeitgeist of the moment, spurred along by PR stunts like "Jam Echelon" day. Newsweek reported this week that the NSA is going to "help the FBI track terrorists and criminals in the United States." (The agency denied it.) A 6 December New Yorker article also wondered about the future of Fort George Meade. That future could look a lot like the past: congressional action that, in the end, doesn't amount to much. For this article, Wired News reviewed the original documents and transcripts from the Church committee hearings that took place in the Watergate-emboldened Senate in 1975. The Select Committee to Study Governmental Operations with Respect to Intelligence Activities published its final report in April 1976. It wasn't an easy process. NSA defenders tried their best to kick the public out of the hearing room and hold the sessions behind closed doors. "I believe the release of communications intelligence information can cause harm to the national security," complained Senator Barry Goldwater, a Republican who voted against disclosing information on illicit NSA surveillance procedures and refused to sign the final report. "The public's right to know must be responsibly weighed against the impact of release on the public's right to be secure Disclosures could severely cripple or even destroy the vital capabilities of this indispensible safeguard to our nation's security," said another senator. But Democratic Senator Frank Church and his allies on the committee prevailed, and disclosed enough information to give any Americans the privacy jitters. Among the findings: Shamrock: In 1945, the NSA's predecessor coerced Western Union, RCA, and ITT Communications to turn over telegraph traffic to the Feds. The project was codenamed Shamrock. "Cooperation may be expected for the complete intercept coverage of this mater
US law makes it a crime to disclose crypto-secrets
It would be one thing if this law (enacted in 1950) restricted government employees or contractors from disclosing cryptographic or COMINT info they agreed to keep secret. But it seems to apply to anyone, including journalists or cypherpunks, no matter how they obtained the data. That raises First Amendment issues. This was discussed during the Church committee hearings in 1975 (p7 of the transcript) but I don't know if it's come up in court cases. -Declan http://www4.law.cornell.edu/uscode/18/798.html Sec. 798. Disclosure of classified information (a) Whoever knowingly and willfully communicates, furnishes, transmits, or otherwise makes available to an unauthorized person, or publishes, or uses in any manner prejudicial to the safety or interest of the United States or for the benefit of any foreign government to the detriment of the United States any classified information - (1) concerning the nature, preparation, or use of any code, cipher, or cryptographic system of the United States or any foreign government; or (2) concerning the design, construction, use, maintenance, or repair of any device, apparatus, or appliance used or prepared or planned for use by the United States or any foreign government for cryptographic or communication intelligence purposes; or (3) concerning the communication intelligence activities of the United States or any foreign government; or (4) obtained by the process of communication intelligence from the communications of any foreign government, knowing the same to have been obtained by such processes - Shall be fined under this title or imprisoned not more than ten years, or both. (b) As used in subsection (a) of this section - The term ''classified information'' means information which, at the time of a violation of this section, is, for reasons of national security, specifically designated by a United States Government Agency for limited or restricted dissemination or distribution; The terms ''code,'' ''cipher,'' and ''cryptographic system'' include in their meanings, in addition to their usual meanings, any method of secret writing and any mechanical or electrical device or method used for the purpose of disguising or concealing the contents, significance, or meanings of communications; The term ''foreign government'' includes in its meaning any person or persons acting or purporting to act for or on behalf of any faction, party, department, agency, bureau, or military force of or within a foreign country, or for or on behalf of any government or any person or persons purporting to act as a government within a foreign country, whether or not such government is recognized by the United States; The term ''communication intelligence'' means all procedures and methods used in the interception of communications and the obtaining of information from such communications by other than the intended recipients; The term ''unauthorized person'' means any person who, or agency which, is not authorized to receive information of the categories set forth in subsection (a) of this section, by the President, or by the head of a department or agency of the United States Government which is expressly designated by the President to engage in communication intelligence activities for the United States. (c) Nothing in this section shall prohibit the furnishing, upon lawful demand, of information to any regularly constituted committee of the Senate or House of Representatives of the United States of America, or joint committee thereof. (d) (1) Any person convicted of a violation of this section shall forfeit to the United States irrespective of any provision of State law - (A) any property constituting, or derived from, any proceeds the person obtained, directly or indirectly, as the result of such violation; and (B) any of the person's property used, or intended to be used, in any manner or part, to commit, or to facilitate the commission of, such violation. (2) The court, in imposing sentence on a defendant for a conviction of a violation of this section, shall order that the defendant forfeit to the United States all property described in paragraph (1). (3) Except as provided in paragraph (4), the provisions of subsections (b), (c), and (e) through (p) of section 413 of the Comprehensive Drug Abuse Prevention and Control Act of
Re: Forthcoming Biryukov/Shamir result against A5/1 GSM privacy algorithm
At 22:36 12/5/1999 -0500, Matt Blaze forwarded: Real-Time Cryptanalysis of GSM's A5/1 on a PC Alex Biryukov and Adi Shamir Computer Science Department The Weizmann Institute Rehovot 76100, Israel Thanks, Matt, for forwarding. My article, with the no-interception-possible response from the GSM folks, is at: http://wired.lycos.com/news/politics/0,1283,32900,00.html -Declan
Re: fwd: $100 secure phones from Starium
Dan, I wrote about Starium in August: http://www.wired.com/news/technology/0,1282,21236,00.html CEO Lee Caplin [EMAIL PROTECTED] wrote me this month and told me they had a prototype ready to show me. (I was in the area but couldn't stop by.) I'm copying Lee on this message; I'm sure he can provide details. -Declan At 16:56 11/26/1999 -0500, Dan Geer wrote: Did this "$100 secure phone" ever come to pass? I stopped off at http://www.starium.com/ but the page is unmodified since April last. Starium-ites, are you out there? --dan
Bob Barr to IETF: Don't help the snoops!
http://www.wired.com/news/politics/0,1283,32100,00.html 'Don't Help the Snoops' by Declan McCullagh 10:45 a.m. 25.Oct.99.PDT The Internet's standards body should not craft technology to aid government surveillance, a prominent conservative congressman says. Representative Bob Barr (R-Georgia) said that there is no reason for the Internet Engineering Task Force to support wiretapping in the next generation of protocols and that doing so would be "dangerous." "For the sake of protecting freedom, commerce, and privacy on the Internet, I urge you to draw the line firmly and early, by immediately rejecting any attempts to force a cumbersome, expensive, and dangerous surveillance architecture on the Internet," Barr wrote in a letter to IETF chairman Fred Baker. [...] October 25, 1999 Mr. Fred Baker IETF Secretariat C/o Corporation for National Research Initiatives 1895 Preston White Drive Suite 100 Reston, Virginia 20191-5434 IN RE: Wiretapping and Internet Telephony Dear Mr. Baker: In light of the fact that the Internet Engineering Task Force (IETF) has become involved in the Communications Assistance to Law Enforcement Act (CALEA) compliance debate, I write to urge your strong opposition to any effort to force a surveillance-friendly architecture on the Internet. There are several reasons why opposition to such efforts is critical. When CALEA was enacted in 1994, law enforcement officials assured Congress its only effect would be to maintain the wiretapping status quo. Since then, the same officials have used every opportunity to pressure telecommunications companies to create unprecedented monitoring capabilities going far beyond the status quo, CALEA's mandates, the intent of Congress, and the Fourth Amendment. Even worse, the telecommunications companies have been forced to either pass these costs along to their customers or contest law enforcement's demands in court. In my opinion, Internet telephony in its current form falls far short of the statutory definitions in CALEA. Furthermore, based on Congress's intent to do nothing more than maintain the status quo by enacting CALEA, it is questionable whether Internet telephony could ever be appropriately included under the Act's mandates.Of course, this fact will not put an end to demands by law enforcement and regulators that Internet service providers and telecommunications companies make their jobs easier by wiretapping the Internet for them. If you encourage such steps, several things will happen. First, network and software creators will begin building flaws into products in order to create back doors for law enforcement. In the process, the security that serves as a prerequisite and incentive for electronic commerce and communication will be threatened. As hackers demonstrate with frightening regularity, practically no system is fully secure. Building intentional flaws into systems will expose them to criminal abuse and unconstitutional monitoring. Secondly, an initial demand for limited access to Internet telephone calls will soon expand into an ever-increasing demand for access to all voice communications, followed by a demand for access to e-mail and data traffic. If the IETF gets in the business of trying to anticipate what the government might demand, government agencies will thank you for your efforts, and promptly issue more demands. It is a virtual certainty the government's demands will exceed the private sector's willingness and ability to comply with them. The only real question is precisely when that point will be reached. Finally, Internet-based companies will be forced to pass compliance and legal costs along to their customers. In a sector where cost-competitiveness is critical, compliance costs could bring the development of exciting new Internet telephony products and services to a virtual standstill. Similar effects could also be felt on practically every Internet company, if surveillance mandates are expanded beyond telephony. For the sake of protecting freedom, commerce, and privacy on the Internet, I urge you to draw the line firmly and early, by immediately rejecting any attempts to force a cumbersome, expensive, and dangerous surveillance architecture on the Internet. If you arrive at the conclusion further legal protections are needed to ensure a massive wiretapping structure is not imposed on the Internet, I would welcome the opportunity to discuss how best to enact them. With kind regards, I am, very tru
House armed services committee members tie crypto to kidnappings
[Yes, Virginia, many Congresscritters are babbling birdbrains. Take Rep. Neil Abercrombie (D-Hawaii). He apparently thinks that encryption export controls are somehow linked to private-sector databases. Go figure. He's not dumb -- has a sociology PhD -- but seems to have a thing about terrorists. Co-authored a novel "Blood of Patriots" in which a pair of 'em wipe out 125 legislators. And Rep. John Kasich's (R-Ohio) comments are, if possible, even more inane. --DBM] HEARING OF THE HOUSE ARMED SERVICES COMMITTEE SUBJECT: RELEASE OF REPORT FROM THE COMMISSION ON NATIONAL SECURITY IN THE 21ST CENTURY CHAIRED BY: REPRESENTATIVE FLOYD D. SPENCE (R-SC) WITNESSES: GARY HART, FORMER U.S. SENATOR; NORMAN R. AUGUSTINE, FORMER CHAIR, LOCKHEED MARTIN CORPORATION; WARREN B. RUDMAN, FORMER U.S. SENATOR; ANDREW YOUNG, FORMER U.S. AMBASSADOR TO THE UNITED NATIONS 2118 RAYBURN HOUSE OFFICE BUILDING WASHINGTON, DC OCTOBER 5, 1999, TUESDAY ... REP. ABERCROMBIE: Thank you very much. I hope you will also take up the question of encryption. I probably find myself to the -- as long as we have syndromes here of left and right and so on -- I'm probably way, way, way to the right of most everybody, I guess, on this committee, and certainly where the administration is at the moment, on the question of encryption. I find it ironic that there would be a proposal to give the FBI tens of millions of dollars to try to overcome the encryption that we're going to sell to everybody, so's people can make money while we put our, I believe, put our security at risk. Just as a case in point, from today's Miami Herald, on the kidnapping taking place in Bogota -- in Colombia, rather, by the ELN, the point made -- the present kidnapping, guerrillas take -- "roadblocks are common in Colombia" -- I'm quoting now -- "and guerrillas often take numerous people. Rebels at roadblocks have begun using portable computers to check databases to determine the assets of potential kidnap victims." (Mild laughter.) This, on one hand, is amusing, but in the technological world we're dealing with now it's a reality and it has to do with bioterrorism, it has to do with all the other possibilities that might be taken up. So I would hope that you would address the question of encryption in the overall context. On that, then, finally, for me, I hope you will take up in the second and third phases, when you deal with the question of bioterrorism, weapons of mass destruction and so on, some of the actual costs and logistical difficulties that we will face internally, domestically in the United States. ... MR. AUGUSTINE: This is a subject, of course, of the next two phases of our report. I'd hate to keep reiterating that, but these are exactly the kinds of things we are going to try to come to grips with. I think -- back to an observation I made earlier -- we are going to have thinkdifferently. We are going to have to think about the threats that are new and think about them, to use the buzzword of the time, "outside the box" that is to say, outside conventional traditional military solutions. The response to threats of these kinds -- OF cyberthreats, biological, chemical -- are going to have to engage the American population. I am a great advocate of, I guess, remodeling and revitalizing the National Guard and Reserve. I -- and I am now just one person talking -- I think the defense of the homeland is going to have to involve those branches of our Armed Services in ways that the traditional military cannot, and probably should not, respond to, for a lot of constitutional reasons. We are going to have to think of nonmilitary assets; how to engage the private sector, with all of the talent and capability it has, at becoming part of the homeland defense; that we can't just say to the Defense Department, "Defend our country against these kinds of threats." ... So if we are entering a century and an era where we at home are under attack or could be under attack, we are going to have to think totally different; I mean, the only solution isn't the 82nd Airborne Division and Trident submarines and so on. In fact, those are probably not the right solutions. ... REP. KASICH: ...drive the government, Mr. Augustine, away from sales and more in the direction of how we get a handle on proliferation. They say, well, if we don't sell, the British will sell. Well, I mean, I thought we were a leader of the world. If we're a leader of the world, then why don't we break some knuckles and force some people to understand the consequence of selling high technology items to the enemy? And I would hope that you would consider that. And maybe you might comment, Mr. Augustine, about the proliferation, argument, profits, and what we can do to march together in the world. Technology, Mr. Young, may be -- you know, I know about the tremendous poverty that we see around the world. But, you know, the Internet may offer us a great opportunity for the American
DEA says drug smugglers used crypto Net but cops got around it
Note this sounds a lot like what the DEA and Reno have been saying for years: inserting backdoors into crypto products to preserve the balance between privacy and snoopability. So what's changed after the announcement last month? DEA: "We hope that we don't lose the ability to intercept encrypted communications." (He doesn't seem to know what he's talking about, but probably means decrypting and not intercepting.) Reno: "It is going to be more and more difficult for law enforcement... make sure that we balance the privacy concerns that are so important with law enforcement's legitimate concerns." -Declan ** PRESS CONFERENCE WITH U.S. ATTORNEY GENERAL JANET RENO COLOMBIAN AMBASSADOR ALBERTO MORENO SUBJECT: ARREST OF COLOMBIAN DRUG TRAFFICKERS IN OPERATION MILLENNIUM THE DEPARTMENT OF JUSTICE WASHINGTON, D.C. OCTOBER 13, 1999, WEDNESDAY Acting Administrator Donnie Marshall of the Drug Enforcement Administration ... MR. MARSHALL: Thank you, Attorney General. And congratulations to Ambassador Moreno for a job well done by the law enforcement authorities in his country. The operation that we're announcing today is, in my opinion, one of the most significant operations in the history of drug enforcement, Operation Millennium. It began when, about a year ago, at the request of the United States government, two of the most powerful drug traffickers in the world today were investigated by the Colombian government, the Colombian national police, and today those two traffickers, along with a number of others, were arrested. ... In this case, the defendants used very sophisticated communications equipment, including use of the Internet, encrypted telephones, and cloned cellular telephones, in what was a vain attempt to avoid detection. But in the end, it was these very devices which led to the devastating evidence against them. Through the use of judicial wiretaps and intercepts in both Colombia and in the United States, their communications were intercepted and recorded, thus producing evidence which comes straight from the defendants' own mouths. In addition, Drug Enforcement agents executed a covert search warrant for evidence contained in a computer located in South Florida at the residence of one of the defendants, which acted as the center of their operation in South Florida, thus uncovering the method of communication through the Internet. Our prosecutors, agents and investigators in South Florida await the opportunity to bring these defendants before a court to face the charges. Thank you. ... Q You were talking about the sophisticated kinds of communication devices, and you mentioned the Internet. Did that include net phones? (U.S Attorney Tom Scott from Miami) MR. SCOTT: They had various -- and the DEA people can speak to this, but they had encrypted phones; they used all types of different phones. They'd get phones and throw them away. And they even used the Internet. So it was pretty sophisticated electronic methods of trying to avoid detection, but the intercepts, both in Colombia and the United States picked up. Q And did you have trouble in any way with the state of law enforcement's abilities to intercept these kinds of devices? Were there any problems? MR. SCOTT: No, I think this case demonstrates that through -- we made a request on the Colombian government, through the Vienna Convention, through letters rogatory, and they proceeded immediately to conduct the investigation and to get the judicial intercepts to their prosecutors, and I think that was very effective. Q There were no technical problems, though, in gaining access to these conversations? MR. SCOTT: We were very satisfied with the investigation the way it was conducted. Q Mr. Marshall, on her point, please. The head of the DEA and the FBI have repeatedly -- and Ms. Reno have repeatedly warned of the dangers of not being able to break the codes of criminals. And of course encryption legislation is being debated at length. Is this an indication that maybe that's not so great a problem after all? MR. MARSHALL: Well, that was not a significant impediment in this particular investigation. We've encountered that in many, many other investigations. We're encountering it ever more frequently. And we hope that we don't lose the ability to intercept encrypted communications. Q Mr. Ambassador -- ATTY. GEN. RENO: I would point out -- I would point out in that regard that in this instance, it was not an obstacle. But as more and more drug traffickers and others engaged in organized crime and other activities, including terrorism, encrypt their communication, it is going to be more and more difficult for law enforcement. And that is the reason it is so important law enforcement work with the private sector and with others to ensure the protection of our national security interests and to make sure that we balance the privacy concerns that are so important with law enforcement's legitimate concerns. ...
The Privacy Snatchers
Here's something I wrote two years ago that may be timely when evaluating whether or not to trust the government. At least, that is, when police say they'll not abuse wiretaps and backdoors inserted into Internet protocols. -Declan http://www.pathfinder.com/time/digital/daily/0,2822,12609,00.html The Privacy Snatchers By Declan McCullagh History reveals that time and again, the FBI, the military and other law enforcement organizations have ignored the law and spied on Americans illegally, without court authorization. Government agencies have subjected hundreds of thousands of law-abiding Americans to unjust surveillance, illegal wiretaps and warrantless searches. Eleanor Roosevelt, Martin Luther King Jr., feminists, gay rights leaders and Catholic priests were spied on. The FBI used secret files and hidden microphones to blackmail the Kennedy brothers, sway the Supreme Court and influence presidential elections. In these cases, police violated the law by eavesdropping without a judge's approval, which the Constitution requires. Now the FBI wants to require Americans to use only computers and telephones with a secret backdoor. Such easy access is the fantasy of every unethical policeman and corrupt bureaucrat. Of course, they pledge never to use it without court authorization. Can we trust them? Martin Luther King The FBI's campaign to destroy Dr. Martin Luther King began in December 1963, soon after the famous civil rights March on Washington. It started with an extensive -- and illegal -- electronic surveillance of King that probed into every corner of his personal life. Two weeks after the march, the same week King appeared on the cover of Time magazine as "Man of the Year," FBI agents inserted a microphone in King's bedroom. ("They had to dig deep in the garbage to come up with that one," FBI director J. Edgar Hoover said of the Time cover story.) Hoover wiretapped King's phone and fed the information to the Defense Department and to friendly newspapermen. When King travelled to Europe to receive the Nobel Peace Prize, Hoover tried to derail meetings between King and foreign officials, including the Pope. Hoover even sent King an anonymous letter, using information gathered through illegal surveillance, to encourage the depressed civil rights leader to commit suicide. "The actions taken against Dr. King are indefensible. They represent a sad episode in the dark history of covert actions directed against law-abiding citizens by a law enforcement agency," a Senate committee concluded in 1976. Hoover's legacy? The FBI headquarters proudly bears his name today. Mail Monitoring Opening mail may be an imprecise form of surveillance, but that didn't stop the FBI and CIA from surreptitiously reading hundreds of thousands of letters from 1940 to 1973. Government employees (who took special classes to learn this skill) would stealthily open the envelope and photograph whatever was inside. The CIA did it randomly. One agent testified before Congress, "You never know what you would hit." Included in the agency's dragnet were three U.S. senators, a congressman, a presidential candidate and many business and civil rights leaders. Under federal law, opening mail not addressed to you results in fines of up to $2,000 and five years in jail. But not one agent appears to have been prosecuted. Eleanor Roosevelt Even the personal life of the First Lady of the Uni
Privacy is an antisocial act
http://www.wired.com/news/politics/0,1283,31937,00.html PRIVACY IS AN "ANTISOCIAL ACT": Scott Bradner wasn't surprised to hear the FBI say this week that they wanted an easily wiretappable Internet. The veteran Internet Engineering Task Force area coordinator and Harvard University networking guru has already had his arm twisted by the Feds. It happened when the IETF decided to wire encryption into the next-generation Internet protocol, IPv6. "Someone very high up in the US Justice Department told me that week that for the IETF to support encryption was an 'antisocial act,'" Bradner said. -- POLITECH -- the moderated mailing list of politics and technology To subscribe: send a message to [EMAIL PROTECTED] with this text: subscribe politech More information is at http://www.well.com/~declan/politech/ --
Re: IP: IETF considers building wiretapping into the Internet
At 00:03 10/13/1999 -0400, Perry E. Metzger wrote: I thought this forward from "Interesting People" would be of interest Perry, This followup might be relevant too. Has the FBI ever publicly weighed in on an IETF debate before? Are there any implications here in other areas, such as taxes, content, or encryption? -Declan http://www.wired.com/news/politics/0,1283,31895,00.html Net Wiretapping: Yes or No? by Declan McCullagh ([EMAIL PROTECTED]) 10:30 a.m. 13.Oct.99.PDT The FBI says the Internet's standards body should craft technology to facilitate lawful government surveillance. A spokesman said Wednesday that the bureau supported the Internet Engineering Task Force's recent decision to debate whether the ability to wiretap should be part of future Internet standards. "We think it's a wise and prudent move," said Barry Smith, supervisory special agent in the FBI's Digital Telephony and Encryption policy unit. "If court-authorized wiretaps are frustrated, effective law enforcement is jeopardized, public safety is jeopardized, and policymakers are going to have to figure out how to rectify the problem." [...]
RE: more re Encryption Technology Limits Eased
Lucky, actually not everyone missed it. It's our top story on Wired News this morning. http://www.wired.com/news/news/politics/story/21810.html Decoding the Crypto Policy Change 3:00 a.m. Why did the White House suddenly change its mind on regulating encryption? It couldn't be because the NSA has changed its spying agenda. Or could it? A Wired News perspective by Declan McCullagh. -Declan At 23:07 9/16/1999 -0700, Lucky Green wrote: less operationally savvy. No, what I find interesting is that so far everybody missed the one paragraph in the announcement that actually offered new information about the USG's insidious objectives. [...] " Protect sensitive investigative techniques and industry trade secrets from unnecessary disclosure in litigation or criminal trials involving encryption, consistent with fully protecting defendants' rights to a fair trial." Having just read the proposed bill, what this paragraph refers to is that under the proposed bill, LE will be able to enter evidence gathered by means of factory-installed backdoors, intrusion, and other means without needing to disclose to the defense or the Jury how this evidence was obtained. All
Why did White House change its mind on crypto?
http://www.wired.com/news/news/politics/story/21810.html Decoding the Crypto Policy Change by Declan McCullagh ([EMAIL PROTECTED]) 3:00 a.m. 17.Sep.99.PDT Why did the Clinton administration cave on crypto? What caused the nation's top generals and cops to back down this week after spending the better part of a decade warning Congress of the dangers of privacy-protecting encryption products? Why would attorney general Janet Reno inexplicably change her mind and embrace overseas sales of encryption when as recently as July she warned Congress of the "rising threat from the criminal community of commercially available encryption?" It can't simply be that tech firms were pressing forward this fall with a House floor vote to relax export rules. National security and law enforcement backers in the Senate could easily filibuster the measure. Besides, Clinton had threatened to veto it. It could be the presidential ambitions of Vice President Gore, who just happened to be in Silicon Valley around the time of the White House press conference Thursday. Still, while tech CEOs can get angry over the antediluvian crypto regulations Gore has supported, they regard Y2K liability and Internet taxation as more important issues. Another answer might lie in a little-noticed section of the legislation the White House has sent to Congress. It says that during civil cases or criminal prosecutions, the Feds can use decrypted evidence in court without revealing how they descrambled it. [...]
Re: more re Encryption Technology Limits Eased
You can find all that and more already archived at www.epic.org and www.cdt.org. -Declan At 08:54 9/17/1999 -0400, Robert Hettinga wrote: To: [EMAIL PROTECTED] From: John Muller [EMAIL PROTECTED] Subject: Re: more re Encryption Technology Limits Eased Sender: [EMAIL PROTECTED] Reply-To: John Muller [EMAIL PROTECTED] You can now find a fuller set of White House materials, including the press statement and fact sheet on the crypto export policy and a fact sheet and letter to Congress on the Cyberspace Electronic Security Act, at http://www.pub.whitehouse.gov/search/white-house-publications?everything+%3 Eyesterday+%3D200+. This URL is probably only good for one day.
Re: more re Encryption Technology Limits Eased
John, I buttonholed William Reinsch, Commerce Dept undersecretary, outside the White House briefing room a few minutes ago. I happened to ask him the same question you bring up here: What's up with that one-time technical review? Things were crowded and noisy, but here's what I learned. (The BXA regs are still being drafted and are supposed to be published in the Federal Register no later than December 15.) Products 64 bit or equivalent are generally decontrolled except for: 1. Can't export to Cuba, Iran, Iraq, Libya, N.Korea, Sudan, Syria, and 2. A one-time technical review is STILL REQUIRED. That process is supposed to take not more than a few months. According to Reinsch, such a review is closest to your: or:* BEFORE you post it, you have to send a copy to NSA -- AND THEN WAIT until they say you can export it? It's unclear to me whether they'll require source. DoD's Hamre simply said it would have to be a "meaningful" review and said providing a product brochure just isn't good enough. Also, the regs differentiate between "retail" and "custom" products. Reinsch: "There are differences in the way it will be treated." When asked whether, say, shrinkwrapped software available at CompUSA would be automatically treated as retail, Reinsch replied, "It's more complicated than that." Products 64bit or equivalent are still controlled under EAR but can be exported through a license exception under these circumstances: 1. Feds get one-time technical review, and 2. You must file post-export reports with Commerce Dept, and 3. Can't export to Cuba, Iran, Iraq, Libya, N.Korea, Sudan, Syria, and If the destination is a permissible foreign government or a state entity such as a telecom firm, I believe you must also satisfy these conditions: 4. Product must not "require substantial support" (think technical support), and 5. Product must be "sold in tangible form or have been specifically designed for individual consumer use" For each version of a new product (I gave Reinsch example of PGP 10.0.0.0 and 10.0.0.1), you have to submit it and wait for a new "one-time" technical review. Also, I asked Reinsch if "end users" include distributors such as computer stores in foreign countries. He said yes, and that they're not trying to pull a fast one. What I found most interesting was what Attorney General Reno said about the government's cryptanalysis abilities. When asked if she can break strong, 64 bit equivalent crypto, she said, "We have carefully looked at this and think it's possible," and declined to add details. DoD's Hamre said that there would be a big chunk assigned to cryptanalysis RD in DoD's requested FY2001 budget but added "some of the parts you may be interested [in] I can't discuss." (I wouldn't necessarily read much into this. It could simply be a face-saving move.) Finally, Reno indicated that this kind of cryptanalysis may not be enough -- and legal requirements such as mandatory key escrow may be necessary. She said: "This legislation does not provide any new authority for law enforcement to be able to obtain usable evidence from criminals. We will continue to operate under our existing authorities and attempt to meet the threat of the criminal use of encryption. We are hopeful that these existing authorities will prove sufficient." Here's hoping... -Declan More: http://www.wired.com/news/news/politics/story/21790.html http://www.wired.com/news/news/politics/story/21786.html
Re: palm crypto
Or, if you don't wish to page through the export control silliness: http://www.certicom.com/software/SecureMemo11.ZIP http://www.certicom.com/software/SecureMemo11.SIT.BIN -Declan At 08:38 PM 8-1-99 -0400, Robert Hettinga wrote: http://www.certicom.com/software/palmmemo.htm
Re: House committee ditches SAFE for law enforcement version
Oh, and there's one other thing: There is no companion bill to SAFE in the Senate. So assuming (this is a big assumption) the Senate approves ProCODE or something, then the differences between the two bills would be hammered out in a conference committee. Needless to say, this would be very dangerous and domestic controls could be inserted in a heartbeat. It depends on who's on the committee, for one thing, and whether ostensibly pro-crypto legislators are willing to compromise in exchange for more funding of their own pet projects, etc. But all this is far in the future and unlikely to happen with this Congress and this obstructionist and veto-happy administation. It seems to me that the millions of dollars that have been spent by the industry in crypto-lobbying efforts could have been better spent on, say, offshore development. -Declan
Re: House committee ditches SAFE for law enforcement version
I'm going to sleep soon so let me try a short answer... The House Rules committee decides what legislation will go to the House floor, what amendments will be in order, and in what sequence they will be presented (which is often very important). The House Rules committee is in a practice an extension of the (Republican) leadership of the House, which has expressed public support for SAFE, but has, as we say in DC, other constituencies to consider as well. Even SAFE's supporters envision a best-case scenario in which a reasonable version of SAFE (read: no domestic controls beyond crypto-in-a-crime, some export relaxation) goes to the House floor. But then killer amendments, either along the lines of the president-can-do-whatever-he-wants Armed Services version or one with domestic controls, will be in order and could be attached to the bill on the floor. So the real fight seems to be shaping up over the amendments. Some House GOP leaders told me recently that they expected a floor vote before the August recess (I put this in an article, but don't have the URL offhand). This is now hardly likely, so look for something in the fall. Keep in mind that there are reasonable arguments that no crypto legislation is the best solution given the current politics -- and the other steps that are necessary, such as approval by the more-conservative Senate and overcoming a presidential veto. Anything that clears those hurdles is not going to be what the industry really wants, I'll wager. And every version of SAFE that I've read would make it much more difficult to challenge in court on 1A grounds. So much for Bernsteinesque suits against SAFE if it becomes law: You're outta luck. -Declan At 10:54 PM 7-24-99 -0400, Marc Horowitz wrote: Declan McCullagh [EMAIL PROTECTED] writes: The sponsor of yesterday's amendment, Rep. Weldon, said that he wants to have a classified briefing //on the House floor// to scare members into voting his way. Look for killer amendments to SAFE to be offered during that floor vote, perhaps even ones with domestic controls. Procedurally, what does he need to do to make this happen? Can any member of the house do it? Can the Speaker do this on his own, does it require a vote of the rules committee, the full house, or what? Also, the Supremes often use legislative history when making rulings. What would they do in a case like this? Is there any precedent? I'm wondering if there's some way to take advantage of having so many cooks. Also, when was the last time there was a classified briefing on the house floor like this? I would think that something so unusual would cause some eyebrows to raise even outside the pro-crypto community.
House committee ditches SAFE for law enforcement version
The text of the amendment (in PDF): http://www.house.gov/hasc/press.htm http://www.wired.com/news/news/politics/story/20872.html Industry Crypto Bill in Peril by Declan McCullagh 5:00 p.m. 21.Jul.99.PDT WASHINGTON -- And you thought Congress was going to override White House rules restricting US firms from exporting encryption products. Well, you were wrong. The House Armed Services Committee voted 47-6 Wednesday to replace an industry-endorsed encryption bill with substitute legislation drafted by law enforcement advocates. [...]
Re: House committee ditches SAFE for law enforcement version
Right. Some of the congresscritters who voted yesterday for the natsec version of SAFE were ostensible supporters of the business version. True, this particular natsec version of SAFE doesn't include domestic controls -- plenty of time for Freeh to try that later -- but export relief? Fuggetaboutit. The sponsor of yesterday's amendment, Rep. Weldon, said that he wants to have a classified briefing //on the House floor// to scare members into voting his way. Look for killer amendments to SAFE to be offered during that floor vote, perhaps even ones with domestic controls. But, heck, at least this fuss keeps business lobbyists, well, in business. (I was at an FTC hearing Tuesday and by the afternoon it was winding down, fairly useless panel discussions were dragging on. But a lobbyist for a multibillion Internet company told me he wasn't going to leave. "No fucking way -- I'm billing by the hour.") -Declan At 10:06 PM 7-21-99 -0700, Tim May wrote: http://www.wired.com/news/news/politics/story/20872.html Precisely what many of us have been saying for years would likely happen. The feebs in Congress are so uncommitted to fundamental philosophies that they really don't even know what they are voting on. A "War with Oceania" resolution can become a "War with Eastasia" resolution just because a couple of the feebs want to get out to the Chevy Chase Golf and Country Club to tee off.
NRCC chairman predicts House floor vote on SAFE in weeks
From a conversation I had yesterday with Rep. Tom Davis (R-Va), National Republican Congressional Committee chairman. The GOP is using encryption policy as a way to bash Democrats who blindly back the administration. --Declan http://www.wired.com/news/news/politics/story/20641.html House GOP leaders still haven't allowed a vote on a bill to liberalize -- but not remove -- restrictions on the overseas shipments of encryption products... Davis predicted that Congress' inaction will end. "You'll see [a vote] before the August recess," he said. "You'll see it pass the House this year before the August recess. "The Democratic leadership is terrible on the issues. That's the point we're trying to make. There are some very good Democrats but their leadership does the wrong thing."
George W. Bush on encryption export controls
Robert Hettinga asks: Anyone out there know whether GWBush has said anything on the crypto front? Yes. He has. Here are some references. And some articles one Gore's and McCain's positions. Let's not even talk about Hatch and Bauer. -Declan http://www.georgewbush.com/Message/proposals.html we must allow American companies to sell products in the international marketplace when those products are readily available from their foreign competitors. That means easing export controls on computers and encryption products that can already be purchased on the open market. At the same time, as the use of encryption programs increases, American law enforcement must always have the resources to stay ahead of the criminal use of that technology. The Bulletin's Frontrunner July 02, 1999 Bauer Attacks Bush On High-Tech Export Policy. The Frontrunner (7/1) reports that Gary Bauer pounced on a piece of the George W. Bush high-tech agenda Thursday, saying "Bush's willingness to ease export controls on items such as high-performance supercomputers.and data encryption software is a 'very dangerous policy' with great potential to compromise America's national security." Bauer's charge came in a 7/1 Bauer for President release. Newsweek April 19, 1999 Pg. 51 In fact, the Netscape division of AOL now has 2,100 employees, many newly wealthy with AOL stock, a fact that allows Barksdale to plot his future with a clear conscience. Beyond starting the as-yet-unnamed angel investment company, he plans to help raise funds for GOP presidential contender George W. Bush. (He says that Al Gore, though outspoken on tech issues, has hurt the industry with a restrictive policy on encryption. ) http://cgi.pathfinder.com/time/digital/daily/0,2822,14267,00.html Among Gore's antiprivacy misdeeds: He championed the notorious Clipper chip that the White House eventually abandoned, internal e-mail obtained by EPIC through the Freedom of Information Act shows. Gore endorsed Clipper publicly, too, saying when it was unveiled on February 4, 1994, that "today's announcements on encryption represent important steps." http://www.wired.com/news/news/politics/story/18903.html McCain's bill allows the export of encryption products with up to 64-bit length keys, an increase over current 56-bit limits. http://www.wired.com/news/news/politics/story/20078.html [McCain on] encryption: Modified his anti-encryption stance this spring by introducing a compromise bill. Civil liberties groups found it "uninspired." http://www.wired.com/news/news/politics/story/19979.html One free-market advocate turned presidential contender needed little convincing. When Lassman met with Steve Forbes to talk about taxes and regulation, the magazine magnate brought up technology. "He asked specifically about encryption. I told him to keep the position he had," Lassman says. In a 1997 magazine column, Forbes wrote that enacting legislation to override White House restrictions on encryption is "critical to protecting privacy on the Internet and to thwarting theft and industrial espionage." http://www.wired.com/news/news/politics/story/19979.html Over the last six years, Gore has championed many Clinton administration projects that are viewed as anti-privacy. He took the lead in supporting the reviled Clipper Chip, saying when it was unveiled in February 1994, that "today's announcements on encryption represent important steps." Gore has been a key defender of the White House's encryption restrictions, announcing the still-current regulations in a briefing for reporters in 1996, though recently he's been more circumspect. Gore also headed the Commission on Aviation Safety and Security, which cobbled together a US$2.8-billion monitoring system that will use computer profiles to single out airline passengers for investigation and scrutiny. Representatives of the American Civil Liberties Union, which warned of the privacy perils of such databases, were left spluttering in outrage.
Congressional tax commission frets about crypto
http://www.wired.com/news/print_version/politics/story/20355.html?wnpg=all Some of the testimony warned of the dangers posed to governments by uncontrolled technology, a common complaint in the nation's capital. Specifically, presenters here at William and Mary College fretted that encryption technology, combined with the ability to buy and sell anywhere in the world, could allow consumers to skirt sales taxes. Maintaining taxes at current levels poses "an increasingly difficult problem for tax administrators as a result of new technologies," said Joseph Guttentag of the US Treasury Department. He warned that Americans may seek to evade high income taxes by moving online and offshore. "We are going to closely monitor the relationship of tax havens to electronic commerce... Encrypted [communications] create opportunities for untraceable transfer of assets and other activities that will hinder audits" Guttentag, who appeared in Treasury Secretary Robert Rubin's stead, is a senior adviser in the department's Office of Tax Policy and chairman of an Organization for Economic Cooperation and Development tax committee. He said the OECD should become more involved in eliminating "other forms of harmful tax competition."
Re: Justice Dept asks Court of Appeals to reconsider ruling in Bernstein case
I have a more detailed report on Wired News: http://www.wired.com/news/news/politics/story/20333.html My favorite part of the brief (I quote it): Another argument: That this type of regulation is an executive-branch policy decision involving "extraordinarily sensitive" info that's too secret to disclose publicly. "Judicial review is particularly unworkable [since] decisions always involve an appraisal of the potential impact of proposed encryption exports on the government's [signals intelligence] and cryptoanalysis capabilities." The brief also talks about how the case affects NSA SIGINT capability. -Declan At 07:26 PM 6-21-99 -0400, Steven M. Bellovin wrote: According to the AP, the Justice Department has asked the 9th Circuit Court of Appeals to reconsider its decision in the Bernstein case (http://www.nytimes.com/aponline/w/AP-Encryption.html). The article didn't say so, but I assume that they've asked for a rehearing by the full court, instead of just a three-judge panel.
E-cash developers interview request
Charles Platt, a Wired magazine contributor and SF author, is working on a story about digital cash, past, present, future. If you're actively involved in such development, please email him at [EMAIL PROTECTED] -Declan
Re: FC: More on Network Associates and its crypto-politics
William -- your speculation may be true, but for now we can settle for fact: they do support export controls. It makes sense, too: export ctrls create an artificial market for key recovery crypto, which TIS will be happy to sell to you. -Declan At 04:26 AM 11-18-98 -0500, William H. Geiger III wrote: In v04020a04b277c6d69429@[139.167.130.246], on 11/17/98 at 07:35 PM, Robert Hettinga [EMAIL PROTECTED] said: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt I doubt that TIS really cares one way or the other so long as they keep their fat government contracts. Of course those same contracts require keeping the government happy (ie: supporting GAK), TIS and others (being the corporate whores that they are) will sell out their own mothers (and the rest of us along with them) if it looked good on the bottom line. A real shame that PGP had to get mixed up with these vipers. -- --- William H. Geiger III http://www.openpgp.net Geiger ConsultingCooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html ---
Re: FC: More on Network Associates and its crypto-politics
If anonymous has any evidence that TIS' policy has changed from earlier this year, I'd like to hear it. I guess if anonymous wants to call me an "extremist," I'll take it as a compliment. Personally I think of myself as pragmatic. -Declan At 08:03 PM 11-18-98 +0100, Anonymous wrote: Declan McCullagh writes: TIS supports export controls on encryption products. My article: http://www.well.com/user/declan/pubs/cwd.shadow.cryptocrats.0298.txt Two problems here. First, you are using the present tense in saying that TIS "supports" export controls, but your article is from nine months ago. There have been many changes since then, including loosening of the crypto export rules, the acquisition of TIS by Network Associates, and a recent statement that TIS has backed off from its leadership role in advocating key recovery. What is TIS's current policy? It certainly sounds like it is changing. You should find out before claiming to know what it is. Second, even in the context of last February, what you wrote is: Some of the firms selected also endorse restrictions. Trusted Information Systems recently circulated a policy paper calling for "sensible" legislation to "make the export of 56-bit current interim DES controls permanent and permit the export of stronger encryption when it is combined with a key recovery system." (Which, coincidentally, TIS is happy to sell you...) At the time, this would have represented a LIBERALIZATION of export laws. 56 bit exports were only allowed in the context of a promise to add key recovery even for 56 bit keys. The statement you have quoted calls for allowing 56 bit key export permanently, and only requiring key recovery for stronger encryption. True, it was not a call for full elimination of restrictions, but it was a step in the right direction. You are falling into the tiresome pattern of extremists who claim that moderates are lackeys for the other side. It's like an anti-abortion fanatic who says that those who oppose murdering abortion doctors are baby killers. Try reporting the facts instead of altering them to fit your biased views.