NNSquad - Network Neutrality Squad
[ NNSquad ] Re: Cyberwar - Privacy May Be a Victim in Cyberdefense Plan
Welcome to 1993 Lauren. The clipper chip, or any kind of key escrow system,
is a non starter.
[ Actually, I'm not talking about key escrow systems per se,
however, it's worth remembering that the Clipper Chip arguments
took place in a pre-9/11 political environment, and at a time when
general hysteria about negative uses of the Internet (e.g. c-porn,
terrorism) were of *much* less intense dimensions than today.
As encryption spreads, what are those organizations who feel that
they must surveil the Internet going to do? The bad guys can use
encryption just like the good guys, and you can't effectively ban
crypto at this point.
The obvious path open to those who want to continue surveilling
the Net (for their own ostensibly valid reasons, we must note) is
(much like during WWII with Enigma, etc.) to attack the key handling
infrastruture. They can do this openly, in secret, or (most likely)
both (the latter has the advantage of making people think they know
everything you're doing in that sphere, when in reality they only know
the part you want them to know). It's the old "when caught doing a
big crime admit to something small instead, since nobody will believe
you're totally innocent" concept.
Imagine governments demanding keylogging and key capture
capabilities built directly into the hardware -- perhaps in secret
under national security classifications. I can think of a dozen
places to plant such capabilities easily, and users would be none
the wiser. You could remotely enable them with a "magic packet"
and easily bury the payload in other traffic.
Could such technology be kept secret for long? I would tend to
think not, but I also suspect that you'd find an amazingly high
level of acceptance for its use among society in general,
particularly if accompanied by a good PR campaign -- suggesting
that doing this in secret *might* not even be necessary.
Once you've got the keys -- by hook or by crook -- you don't care
how good the crypto system is or how widely it's deployed.
-- Lauren Weinstein
NNSquad Moderator ]
-----Original Message-----
From: nnsquad-bounces+george_ou=lanarchitect.net@nnsquad.org
[mailto:nnsquad-bounces+george_ou=lanarchitect.net@nnsquad.org] On Behalf Of
Lauren Weinstein
Sent: Saturday, June 13, 2009 8:09 AM
To: nnsquad@nnsquad.org
Subject: [ NNSquad ] Cyberwar - Privacy May Be a Victim in Cyberdefense Plan
Cyberwar - Privacy May Be a Victim in Cyberdefense Plan
http://www.nytimes.com/2009/06/13/us/politics/13cyber.html
Any "cyberdefense" plan that depends on the inspection of
unencrypted traffic (particularly e-mail) for the indefinite
future is likely to be increasingy marginalized by continuing
deployments of pervasive encryption.
This leads me to wonder how long it will be (assuming it isn't
happening already) before governments demand even more intrusive
surveillance capabilties be built directly into PCs, routers, CPU and
peripheral chips, and so on, to allow for easily remotely enabled
keylogging and capture of passwords, encryption keys, and the like.
--Lauren--
NNSquad Moderator