Re: FBI calls for mandatory key escrow; Denning on export ctrls
On Wednesday, September 03, 1997 7:34 PM, Charles Sprickman [SMTP:spork@inch.com] wrote:
MR. FREEH: We work, as you know, particularly in the pedophile cases, with on-line services who give us,
For God's sake, what is the obsession with pedophiles?? How many pedophiles pgp encode their porn??
Seriously, they try to grasp at the smallest things.
If I lock my porn in a 40 ft thick steel safe, does that mean I have to give uncle sam a key if they ask?
US Government restrictions (and a few other anal countries out there), are getting silly. When the law is being made by people who don't understand the problem, people who don't understand the benefits, and people who have no clue what they are making the laws for, then we have a serious issue on our hands and it's time we start thinking about getting some knowledgable people into office.
Makes you just want to move to Mars and start all over doesn't it?
Let's turn this into a useful conversation: If we do not believe that getting a backdoor to our keys is a useful way to insure security on the network, maybe isn't even addressing the root issues, then What *are* the real issues with security on the network? How should we work to address these issues, both at the network and application layers? How will this solve the 'child porn problem'? What are the barriers involved in any proposed solutions? How can we trace criminals/spam artists/hackers easily and hand them over to the feds w/o handing over our rights as well? If we don't have any answers to these questions, and plans for getting there, then we might as well quit our bitching. Selina
On Thu, Sep 04, 1997 at 09:23:49AM -0400, Selina F. Priestley wrote:
Let's turn this into a useful conversation: If we do not believe that getting a backdoor to our keys is a useful way to insure security on the network, maybe isn't even addressing the root issues, then
Nope, it's not. "Ensuring security" implies making certain that _no one_ can get copies of the keys; the entire thesis is shot down by key-escrow.
What *are* the real issues with security on the network? How should we work to address these issues, both at the network and application layers? How will this solve the 'child porn problem'? What are the barriers involved in any proposed solutions?
The real issue _here_ is that the government _does not want_ us to operate 'secure' networks... because then _they_ can't look at the traffic. (CALEA notwithstanding) Oh, and BTW: in light of CALEA, why do they _care_ if they can crack the code? We're required to help them tap the cleartext anyway... (at least, for _network imposed_ encryption).
How can we trace criminals/spam artists/hackers easily and hand them over to the feds w/o handing over our rights as well?
Short answer: we can't.
If we don't have any answers to these questions, and plans for getting there, then we might as well quit our bitching.
As Clancy once put it: you can be a policeman of a soldier... but not both. Are we network operators, or cops? I think we've probably reached the end of the "useful operational content" in this thread... unless anyone has a "this is what _we_ did" story. Cheers, -- jra -- Jay R. Ashworth jra@baylink.com Member of the Technical Staff Unsolicited Commercial Emailers Sued The Suncoast Freenet "People propose, science studies, technology Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Selina F. Priestley writes...
Let's turn this into a useful conversation: If we do not believe that getting a backdoor to our keys is a useful way to insure security on the network, maybe isn't even addressing the root issues, then
What *are* the real issues with security on the network? How should we work to address these issues, both at the network and application layers? How will this solve the 'child porn problem'? What are the barriers involved in any proposed solutions?
The real issues are many, weighted by our varying concerns. The 'child porn problem', as I see it, is still a strawman with regard to the encryption issue. Large amounts of unencrypted child porn continue to traverse the Internet that can be tracked down, and is not. I know it is not because repeats have continuously occurred from the same sources within the US. From what I see, law enforcement agencies like the FBI are not really interested in kiddie porn peddlers, but instead are perhaps more interested in large scale criminals and terrorists. But the politicos are interested in power, and will use whatever they can (e.g. the public's outrage over child porn) to gain more power. They will bring out the strawman for us to beat on, too. While the child porn problem is real, lots of people are getting things mixed up with regard to pornography _of_ children, and pornography being sent or displayed _to_ children. For the most part the two are unrelated outside of common disgust. The larger real concern is the latter, and the latter does not function unless the targets are able to decrypt the porn, if indeed it ever was encrypted. How many children can be in the path to obtain a decryption key that the FBI would not be able to get? In the former case, where very few people have the decryption key, and the FBI really would have difficulty intercepting such a key, then the numbers involved are few, and the scale of the crime is small (that is, if the message itself is the crime). So, IMHO, the encryption problem is unrelated to any porn. Where they really want to get their hands on keys and cannot is in areas where the message itself is merely _about_ a crime, or potential crime. In other words, terrorists and the like.
How can we trace criminals/spam artists/hackers easily and hand them over to the feds w/o handing over our rights as well?
Accounting tracking. If someone originates illegal material over your network, then with your cooperation with regard to tracking, it is possible to track an event to a specific account. Each ISP should keep accounting records when each account is connected on the net and at what address. Basically, you need to know who is using each address at what time. Filters need to block spoofing at the source. The terminal server should let no other source addresses out but what it is configured for, for that account. Each news and SMTP server should track this by making sure its additions to the headers are correct and valid. Make sure the clock is accurate. When law enforcement comes to you with the records of data coming through the network that originated at your location, you should be able to produce the identity of who originated it. You obviously have to decide how you will deal with legitimate requests for identity vs. fishing expeditions, which many of us feel is illegal. My own policy would be that if they have a very specific item they are working with, with all the headers intact, then I will give them the identity of the account. Any more will require a validated court order. The identity of the account might well be just the credit card number of who has been paying for the service (that may well be the only authentic identity I have for the account). When law enforcement comes to you with a request for all your tracking data, then you have to decide how you are dealing with that. I personally see that as a violation of privacy, meaning I will expect a court order and will have my lawyer verify its validity.
If we don't have any answers to these questions, and plans for getting there, then we might as well quit our bitching.
We have answers. We can make up some more, if that's what's needed. -- Phil Howard KA9WGN +-------------------------------------------------------+ Linux Consultant | Linux installation, configuration, administration, | Milepost Services | monitoring, maintenance, and diagnostic services. | phil at milepost.com +-------------------------------------------------------+
On Thu, 4 Sep 1997, Selina F. Priestley wrote:
Let's turn this into a useful conversation: If we do not believe that getting a backdoor to our keys is a useful way to insure security on the network, maybe isn't even addressing the root issues, then
What *are* the real issues with security on the network? How should we work to address these issues, both at the network and application layers? How will this solve the 'child porn problem'? What are the barriers involved in any proposed solutions?
The real issues with security on my network have little to nothing to do with Key Escrow. Key Escrow is just a way for certain government agencies to feel they are less threatened by strong encryption schemes. Little to nothing to do with network security (which kind of makes it off topic on this mailing list), and everything to do with personal security and privacy of my data. So, to put it on topic... SSH is an encrypted login facility that can use several different encryption schemes, and generates keys on the fly (a 1024 big RSA key, and a 768 bit RSA key for the server which are regenerated hourly, and then a 256 bit random session key), and provides a fairly secure way of transport data over tcp/ip in a secure manner. The details are below, and are quoted from the F-Secure home page. [Begin quote] The server sends its public RSA host key and another public RSA key "server key'' that changes every hour. The client compares the received host key against its own database of known host keys. FSecure SSH Server will normally accept the key of an unknown host and store it in its database for future reference (this makes use of SSH practical in most environments). However, FSecure SSH Server can also be configured to refuse access to any hosts whose key is not known. The client generates a 256 bit random number using a cryptographically strong random number generator, and chooses an encryption algorithm from those supported by the server, normally IDEA or three-key 3DES. The client encrypts the random number (session key) with RSA using both the host key and the server key, and sends the encrypted key to the server. The purpose of the host key is to bind the connection to the desired server host (only the server can decrypt the encrypted session key). The hourly changed second key, the server key, is used to make decrypting recorded historic traffic impossible in the event that the host key becomes compromised. The host key is normally a 1024 bit RSA key, and the server key is 768 bits. Both keys are generated using a cryptographically strong random number generator. The server decrypts the RSA encryption and recovers the session key. Both parties start using the session key and the connection is now encrypted. The server sends an encrypted confirmation to the client. Receipt of the confirmation tells the client that the server was able to decrypt the key, and thus holds the proper private keys. At this point, the server machine has been authenticated, and transport-level encryption and integrity protection are in use. [End quote from web page] With that being said, when it regenerates these keys, how do I transport them to the key escrow service? I could do it in a way similar to the way SSH works, but what's to stop a middle man attack from posing as the keyserver? Thanks but no thanks. It just adds another point of insecurity.
How can we trace criminals/spam artists/hackers easily and hand them over to the feds w/o handing over our rights as well?
By not allowing them to take away our encryption options. You can't selectively give and take away rights. BTW, hackers aren't criminals... Crackers are. And, as someone who considers himself a hacker, I take offense to the implication.
If we don't have any answers to these questions, and plans for getting there, then we might as well quit our bitching.
I think the beauty of the situation is that they are using kiddy porn and terrorism as a means to justify outlawing strong cryptography or to encourage key escrow. What I don't think they understand, is that if someone doing something bad doesn't want to give in to key escrow, they won't. Not to mention the fact that there are cryptographicly strong encryption methods available outside the US (most crypto people in the US have either moved out of the country or are thinking seriously about it), and they rival American products. So, the belief that we lead the world in strong crypto production is not only egotistical, but absurd. And I find it hard to believe that anyone who feels comfortable with blowing up a building/plane/anything and taking innocent lives in the name of some cause or religion would give a rat's behind about conforming to the laws of any country in regards to strong encryption. It's just another risk to them if they get caught, and if they were that concerned with getting caught, I'd think they wouldn't take such actions. Terrorism and kiddy porn hopefully have very little to do with my network. Security has everything to do with my network, and I find most law enforcement agencies to be abusive in their power, so why would I trust them with part/all of my private key? To be honest, I don't trust them. And the real point is, until they can present an argument to me that shows why I should trust Big Brother with my encryption keys, I'll keep them to myself.
Selina
Joe Shaw - jshaw@insync.net NetAdmin - Insync Internet Services My words are mine, not my employer's.
On Thu, 4 Sep 1997, Selina F. Priestley wrote:
How can we trace criminals/spam artists/hackers easily and hand them over to the feds w/o handing over our rights as well?
If we don't have any answers to these questions, and plans for getting there, then we might as well quit our bitching.
Why? Since when did it become a requirement that to protect our rights, we had to solve law enforcement problems? Rick Horowitz Network Administrator --------------------------------------------------------------------- ProtoSource Network A Division of ProtoSource Corporation --------------------------------------------------------------------- Voice: (209) 490-8600 or (800) 426-8638 2300 Tulare, Suite 210 Fax: (209) 490-8630 Fresno, CA 93721-2226 Data: Call us for your local access number! http://www.psnw.com =====================================================================
participants (5)
-
Jay R. Ashworth
-
Joe Shaw
-
Phil Howard
-
Rick Horowitz/Vice-President
-
Selina F. Priestley