We've covered some of these topics on Politech before. Yes, encryption can flag you if someone is monitoring network traffic. Steganography is a countermeasure. If seizure of your equipment is your concern, try deniable cryptographic filesystems: http://www.mirrors.wiretapped.net/security/cryptography/filesystems/rubberhose/rubberhose-README.txt The question of whether you can be compelled to produce your private key is a more complicated legal one (involving the 5th Amendment, among others, especially if your passphrase is needed as well). To the best of my knowledge there is no case on point that answers that question. Previous Politech message: http://www.politechbot.com/2005/03/30/nude-photos-on/ -Declan -------- Original Message -------- Subject: Encryption skeleton keys Date: Thu, 31 Mar 2005 17:37:33 -0500 From: Pyke, Gila <gila.pyke@private> To: Declan McCullagh <declan@private> Hi Declan, I don’t know if these have made it through the list yet. This whole discussion revolving around ISPs “logging” info for “lawful access” keeps sending this one alarm off in my head – that of encryption. What happens to that minority of people (like me) who habitually encrypt their email, IM and local documents just for sheer safety and self-protection from ID theft, eavesdropping, etc? Do I become a suspicious character? Will I get flagged for wearing an “internet trenchcoat”? Will I be obliged by law to share my private key? Or will those seeking “lawful access” merely involve themselves in some of the programs outlined below (some very outdated but included for completeness) – either for cracking, or “skeleton” key escrow? In any case, the entire subject makes me makes me shiver. I knew the day would come when I’d become a bad guy just for being comfortable with math. ------------------------------------------------------------------------ The US Secret Service’s Distributed Networking Attack (DNA) program for cracking “criminals’ encrypted data caches”: http://www.washingtonpost.com/ac2/wp-dyn/A6098-2005Mar28?language=printer A bit dated perhaps (and you’re probably already familiar with this) but the US vs. Scarfo case involved the FBI’s use of key logging: http://www.epic.org/crypto/scarfo.html A bit dated perhaps (and you’re probably already familiar with this) but the US vs. Scarfo case involved the FBI’s use of key logging: http://www.epic.org/crypto/scarfo.html ECHELON: the NSA’s billion-dollar surveillance program for intercepting communications was a big deal in the late 90’s, though nobody believed it was technologically feasible. I haven’t heard any news about it in the last couple of years so I don’t know what has happened to it. But I imagine it hasn’t completely died away yet. http://www.hermetic.ch/crypto/echelon/echelon.htm http://www.abovetopsecret.com/pages/echelon.html And on a completely unrelated note – WHAT ARE THEY THINKING?!?!: As someone who has spent years in vulnerability management, the issue of software vulnerability disclosure is one that gets my blood boiling. Sybase is currently threatening legal action against anyone who discloses certain vulnerability information: http://www.computerworld.com/printthis/2005/0,4814,100637,00.html Gila _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/)
This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 22:48:46 PST