Zimmermann, Encrypted VoIP, and Uncle Sam 325
An anonymous reader noted that Phillip Zimmermann and his VoIP encryption software are the subject of a NY Times article today. The article touches on the FCC, privacy, and related issues. Given all the suspicious behavior of the Bush Administration relating to wiretaps and phone records, this sort of thing is all the more important to be very aware of.
Brave New World (Score:4, Insightful)
From another NYTimes article, Bush Aide Defends Eavesdropping on Phone Calls [nytimes.com](emphasis mine):
So why exactly is the government getting their knickers in a twist over Zfone? After all, the program is just intended to compile a database of call information, not actually listen to the content of the conversations. Doing that, as the administration has repeatedly told us, would require a court order.
So if you have a person you suspect from the numbers he's connected with, and you do obtain that court order, and it turns out he's using Zfone, there are other ways of getting the content of that conversation (hint: it has to be unencrypted at some point, so the 'terrorists' can understand each other). Arduous, sure, but since this will be done on only a select few, it's not that much of a hardship.
No, the reason the government doesn't like Zfone is because they want perform blanket surveillance on all American citizens; to listen to all our calls, all the time. By utilizing speech-recognition software and an ever growing list of suspect words and phrases, they will be able to keep tabs on the unruly U.S. population, weeding out terrorists, political dissidents, environmentalists, Democrats, and other 'undesirables'.
Re:Brave New World (Score:3, Insightful)
Because someday the FBI (or whoever) may find it harder to listen in on these encrypted conversations in cases where they have a court order to do so.
MOD PARENT UP (Score:4, Insightful)
same reason we keep the curtains drawn @ home? (Score:5, Insightful)
For the same reason I keep the curtains drawn in my bedroom windows at night, esp. when the s/o gets frisky.
Just because me and my s/o's bedroom activities are perfectly legal doesn't mean I want everyone else (let alone the government) monitoring it.
Re:Brave New World (Score:3, Insightful)
As I said in my previous post, there are other ways of getting the content of a conversation. Since the content must be decrypted at either end, listening devices positioned at either endpoint are easily capable of intercepting the communication, encrypted or not.
As I said, this is arduous...much harder than just listening to a line, but eavsedropping on American conversations shouldn't be easy. If the FBI (or whoever) is serious enough about capturing the content of a particular communication to obtain a court order, it's not asking that much more that they work around any encryption present.
The difference here is that while agencies could continue to listen to targeted communications by these methods, the logistics of applying them to blanket surveillance are completely unworkable, offering us some measure of protection from a wholesale violation of our privacy by the government. This is precisely why the government is against encryption...not because it would make individual cases harder, but because it would make blanket surveillance impossible.
Re:Brave New World (Score:5, Insightful)
From an old .sig quote:
Considering that most of the parents of new postdoctorate-level mathematicians probably live overseas nowadays (and whose conversations are therefore legal to record), maybe the old .sig quote was always more true than funny.
Re:Brave New World (Score:4, Insightful)
You can oppose anything by invoking the worst possible scenario consequences.
Worst-case scenario, huh? [abcnews.com]
Your 'worst-case scenarios' are happening.
Right now.
Get your head out of the sand.
Re:Brave New World (Score:3, Insightful)
Terrorists! (Score:5, Insightful)
Re:Brave New World (Score:2, Insightful)
Maybe, maybe not... but then, there are times when time is of the essence, and even the time taken to decrypt something the hard way in a timely manner is of utmost importance if there are potential lives at stake. The world's first electronic computer, Colossus, was built to decrypt German encryption during WW2, and was specifically built to be as fast and efficient as possible, because timely intelligence = lives saved.
While I doubt that decrypting a phone conversation nowadays usually isn;t exactly what one would call an urgent thing, there may be times where it is.
Re:Didn't read the tech specs ... (Score:5, Insightful)
The system does a standard Diffie-Hellman key exchange between the two softphones, and hashes that exchange to words that each caller is supposed to read to the other (you see what they're supposed to say, and they see what you're supposed to say). So, unless the man-in-the-middle can also impersonate your voice, MITM'ing the connection is very difficult.
Also, the hashes used to generate that vocal exchange are stored for each destination you call for every call, and fed into the new hash generation. So, even if you skip a round of comparing the hashes, if you do it for a later call & it works, you can be assured that the *previous* call was also clean.
Offtopic: on the subject of Bush criticism: (Score:5, Insightful)
Comment removed (Score:5, Insightful)
Re:nothing to hide (Score:2, Insightful)
From "The Eternal Value of Privacy" by Bruce Schneier in Wired (http://www.wired.com/news/columns/0,70886-0.html
"... accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect."
What can we do? (Score:5, Insightful)
Not one of Sen. McCarthy's victims was actually thrown in a gulag. Think about that. They weren't fired by the government. They were fired by PHBs who acted in blind sympathy with loudmouthed bureaucrats. There would have been no McCarthyism if the public had not been willing to punish itself for unpopular thought and/or speech.
We need a society in which there's no difference between what's illegal and what harms others, and holds all other things not only legal, but acceptable. Once we have that society, people who have done nothing to harm others really will have little to fear. But there's one more thing: If we're going to use public safety as an excuse for universal surveillance, we have to give the power of surveillance to everyone, not just government.
Privacy advocates might cringe at that last statment, but consider this: People are getting more wired, surveillance is getting easier and cheaper, and that trend may never reverse. There may be nothing we can do to stop privacy from dying. Maybe we should start thinking about what we're going to do when it does.
Freedom is not safe or pretty. (Score:3, Insightful)
The problem is, far Far FAR FAR more often it is not.
But it is ALWAYS subject to abuse.
Being Free means that we accept the risk that the "bad guys" will abuse that Freedom to hurt/kill some of our citizens.
But they will never defeat us. Only we can do that by surrendering our Freedom for the illusion of "safety".
Re:Cryptome (Score:3, Insightful)
Re:Cryptome (Score:5, Insightful)
For better or worse, people interested in this type of technology also have a vested interest in anonymity.
Re:Brave New World (Score:3, Insightful)
Maybe, maybe not... but then, there are times when time is of the essence, and even the time taken to decrypt something the hard way in a timely manner is of utmost importance if there are potential lives at stake.
I'm sorry, but that argument just doesn't hold water. Your statement is analagous to saying that clothing must be outlawed, since clothing can conceiveably be used to conceal weapons. Frisking certain suspect individuals simply isn't good enough, since locating the weapons in a timely manner is of utmost importance (if there are potential lives at stake).
To continue the analogy, if the suspicion is targeted, frisking works just fine, and works without violating the privacy of innocent citizens. If the suspicion is not targeted, however, frisking everyone is a logistical impossibility, so the outlawing of clothing is the only option.
(And yes, I know my analogy is somewhat flawed, since x-rays can locate some weapons without the need for disrobing, but my point is still valid).
The mere possibility of the interception and decryption of a suspect communication taking too long to save lives is not enough to justify the wholesale violation of the privacy of the citizenry (at least, it shouldn't be in America...).
Evil Republicans!! (Score:5, Insightful)
> By utilizing speech-recognition software and an ever growing list of suspect words and phrases,
> they will be able to keep tabs on the unruly U.S. population, weeding out terrorists,
> political dissidents, environmentalists, Democrats, and other 'undesirables'.
Those evil Republicans! Except, wait... wasn't it the Clinton Administration that launched a 3-year criminal investigation of Phil Zimmerman in 1993?
And wasn't that the same President who championed the Clipper chip, so the government would have the keys it needed to decrypt your phone calls?US doesn't really want to find Bin Laden... (Score:2, Insightful)
I contend that they can find Bin Laden, but don't really want to. The minute he's captured, any (remaining) support for continuing the "War On Terror" goes right out the window. As long as he's out there, the administration can yell "9/11" to justify anything they want and the sheeple will buy it.
Flame me if you want, but the Bush Administration is EVIL. I'm not saying that Bush himself is evil (he's not that smart), but his policies and cronies - you know it baby.
Only a Terrorist Wants to be Free! (Score:3, Insightful)
Re:A band-aid over a Sucking Wound (Score:3, Insightful)
You should study crypto before posting.
Re:Haha (Score:3, Insightful)
Depends on the law. A substantial fraction of the recent ones are, in fact, pretty terrifying.
Re:nothing to hide (Score:3, Insightful)
Because it's none of your fucking business that's why
Re:Freedom is not safe or pretty. (Score:3, Insightful)
I'm very sure that both the UK and the United States during WW2 were very busy searching for saboteurs and pro-nazi sympathizers within their respective citizenry, and used quite an array of wiretapping and other techniques to do so.
"The problem is, far Far FAR FAR more often it is not."
Agreed, but it is still there. Another semi-related factor is that encrypted conversations are more likely to attract attention than non-encrypted ones, no?
"But it is ALWAYS subject to abuse."
So are the FLIR heat-sensing cameras that most police helicopters come equipped with nowadays, and have carried since the mid-90's if memory serves. Those can see through quite a few obstacles that can otherwise conceal. That isn't a very valid excuse to intentionally hobble law enforcement authorities. If an authority is being abusive, we have the means and the right -- no, the duty -- to remove such people from positions of power, and punish them if necessary.
"Being Free means that we accept the risk that the "bad guys" will abuse that Freedom to hurt/kill some of our citizens."
Being 'Free' means that occasionally it may happen, not that we should refuse to prevent it from happening.
"Only we can do that by surrendering our Freedom for the illusion of "safety".
Freedom from ...? Ever since the first Telegraph was put into place, governments can and have monitored them whenever they deemed it necessary. There are plenty of perfectly legal warrantless means of doing so. ...and it's not just me saying this [securityfocus.com].
Re:nothing to hide (Score:2, Insightful)
You're right - I used too much hyperbole. (Score:3, Insightful)
Gay marriage is a perfect example. When this subject comes up, people turn out in droves to vote against other people's freedom. And then they complain when the majority votes to outlaw their rifle collection, or to make their smoking habit ruinously expensive, not realizing that by voting to manage someone else's behavior, they've just legitimized society's power to manage theirs.
And that gets back into the power of law, but the same principles apply to what people accept or don't accept in each other. If I establish that it's okay for me to fire someone purely for being gay/Commie/whatever, then I've also established that it's okay for you to fire me for being ugly/Democrat/whatever.
Re:Misplaced paranoia (Score:4, Insightful)
From TFL:
Your going to a lot of trouble for just about no gain at all. This system can and probably does not in any substantive way impede anyone from a blacklisted nation from downloading the software. It only alienates people who are casually interested, i.e. your main user base.
I can understand your situation. You're in a country where it is effectively illegal to publish online any piece of software that contains even the most basic of encryption algorithims. The situation is of course ludacrious, as such algorithims have long been in the public domain, at least as far as knowladge is concerned.
The purpose of the law of course, is not to prevent the export of encryption to forgein countries. They already have these algorithims. Nor is it to prevent access to the terrorist boegyman. They either don't use it, or can easily get access to encryption.
No. The purpose of the law is to hang the sword of damocles over the head of anyone who wants to bring safe and secure communication to the masses. The government doesn't want the masses to encrypt their traffic, and they use this law to impede the distrobution of your software and others like it.
I think you need to give up the ghost here. If your government wants to shut you down. they will, regardless of how much you try to comply with export restrictions it will never be good enough. I think you need to stop playing by rules where you can't possibly win and simply go all out in an effort to get as many people using zfone as possible. All out. Unrestricted downloads, ease of use, ad campaign, browser plugins, whatever. Just do anything to get as many people using encrypted VOIP as you possibly can, because until then, your software will remain one the fringe where it's easier to shut down.
If everyone and the Senator's daughter is using secure VOIP, it's only then that people will realise they have somthing to lose, and you'll have a better defense. Before that everyone who uses SVOIP is "aiding terrorism", not protecting people's privacy. Until Aunt Tillie is using your software, this angle can and will be played. You should do everything to get her onside ASAP.
Re:They give you the list (Score:3, Insightful)
Re:US doesn't really want to find Bin Laden... (Score:2, Insightful)
I understand things just fine, but I don't believe the general population does. In addition, I do my part by doing my job.
Even if we were to capture ben [sic] laden, enough of his organiziation is bound to be left around the world to guarantee that the repressive policies that have come since 9/11 are going to continue.
Agreed, but the administration has expended a lot of political capital pointing the finger directly at Bin Laden. If he were imprisioned, they'd have to convince the people all over again that the security procedures (e.g., domestic spying) are warranted.
I don't like it any more than you appear to, but I don't see any way back to an open trusting society the way it supposedly "used to be".
Well, we could simply roll things back. I mean really, do the airport security procedures actually make us significantly safer? (Profiling would probably work better.) Does the "no fly list" really help (ask Ted Kennedy)?
Terror isn't their only goal. Turning the U.S. into a police state would make them almost as happy. Destroying our way of life destroys who we are as a nation. Ask John Gilmore, "papers please?", ask ABC reporters what Gonzalas thinks about the 1st amendment, etc...
Sorry, perhaps I need some more coffee (or less)...
P.S. Your sig is right on.