[Politech] Use encryption online, become more visible? [priv]

From: Declan McCullagh (declan@private)
Date: Thu Mar 31 2005 - 22:30:37 PST


We've covered some of these topics on Politech before. Yes, encryption 
can flag you if someone is monitoring network traffic. Steganography is 
a countermeasure. If seizure of your equipment is your concern, try 
deniable cryptographic filesystems:
http://www.mirrors.wiretapped.net/security/cryptography/filesystems/rubberhose/rubberhose-README.txt

The question of whether you can be compelled to produce your private key 
is a more complicated legal one (involving the 5th Amendment, among 
others, especially if your passphrase is needed as well). To the best of 
my knowledge there is no case on point that answers that question.

Previous Politech message:
http://www.politechbot.com/2005/03/30/nude-photos-on/

-Declan

-------- Original Message --------
Subject: 	Encryption skeleton keys
Date: 	Thu, 31 Mar 2005 17:37:33 -0500
From: 	Pyke, Gila <gila.pyke@private>
To: 	Declan McCullagh <declan@private>





Hi Declan, I don’t know if these have made it through the list yet.



This whole discussion revolving around ISPs “logging” info for “lawful
access” keeps sending this one alarm off in my head – that of
encryption. What happens to that minority of people (like me) who
habitually encrypt their email, IM and local documents just for sheer
safety and self-protection from ID theft, eavesdropping, etc? Do I
become a suspicious character? Will I get flagged for wearing an
“internet trenchcoat”? Will I be obliged by law to share my private key?
Or will those seeking “lawful access” merely involve themselves in some
of the programs outlined below (some very outdated but included for
completeness) – either for cracking, or “skeleton” key escrow?



In any case, the entire subject makes me makes me shiver. I knew the day
would come when I’d become a bad guy just for being comfortable with math.



------------------------------------------------------------------------





The US Secret Service’s Distributed Networking Attack (DNA) program for
cracking “criminals’ encrypted data caches”:

http://www.washingtonpost.com/ac2/wp-dyn/A6098-2005Mar28?language=printer



A bit dated perhaps (and you’re probably already familiar with this) but
the US vs. Scarfo case involved the FBI’s use of key logging:

http://www.epic.org/crypto/scarfo.html



A bit dated perhaps (and you’re probably already familiar with this) but
the US vs. Scarfo case involved the FBI’s use of key logging:

http://www.epic.org/crypto/scarfo.html





ECHELON: the NSA’s billion-dollar surveillance program for intercepting
communications was a big deal in the late 90’s, though nobody believed
it was technologically feasible.  I haven’t heard any news about it in
the last couple of years so I don’t know what has happened to it.  But I
imagine it hasn’t completely died away yet.

http://www.hermetic.ch/crypto/echelon/echelon.htm

http://www.abovetopsecret.com/pages/echelon.html





And on a completely unrelated note – WHAT ARE THEY THINKING?!?!:



As someone who has spent years in vulnerability management, the issue of
software vulnerability disclosure is one that gets my blood boiling.
Sybase is currently threatening legal action against anyone who
discloses certain vulnerability information:

http://www.computerworld.com/printthis/2005/0,4814,100637,00.html





Gila
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Thu Mar 31 2005 - 22:48:46 PST