Dunno. I think this assessment is overly pessimistic and, indeed, this very miguided attempt by FBI to pass unenforceable legislation may indicate why. I think there may be large and possibly enormous volumes of traffic now flowing across private-ish P2P networks, many or all of which will be reasonably darknettish. Of course, the crypto isn't perfect but I don't get the sense that NSA shares a lot with FBI, but the sheer volume may be enough to worry the latter....who knows what's mixed in that traffic? Who knows which of the files are actually real or which are fake to cover covert transactions and whatnot. Come to think of it, this may actually be a good scenario: Large volumes of computationally difficult (but not intractable) encrypted traffic presenting standard law enforcement with more than they can handle while meanwhile the NSAs of the world with the resources jealously guarding their capabilities and secrets, only sharing them in the most extrme of circumstances. Seems to me a lot could be done inside those P2P networks. In fact, anything needing very significant security could be hard-encrypted and then injected and subsequently encrypted again with less secure methods with the rest of the P2P traffic...this has the advantage of hiding the strength of encryption and avoiding special notice from the outset. In other words, "we" may not have won but the filesharers were driven there by their own inevitable logic. Or am I overly optimisitc here? -TD PS: Variola has been representin' on the issue on the BoingBoing boards.
Date: Mon, 27 Sep 2010 11:05:04 -0400 To: cypherpunks@al-qaeda.net From: jya@pipeline.com Subject: Re: U.S. Wants to Make It Easier to Wiretap the Internet
Lucky Green, ex-PGP official, said recently at a history of cpunks panel that the principal disappointment of PGP.com was that too few individuals used encryption, and that most of its use was by corporations complying with customer privacy regulations not for comsec.
With this in mind, individuals and corporations apparently do not see the need for comsec, so in that sense Eric Schmidt, Google apologist, is correct that privacy is not a big deal for those with nothing to hide.
Phil Zimmermann, also on the panel, said nothing about PGP, said he has moved on to a secure phone development.
The consensus was that Internet security was dead in the water, only snake oil was successful at convincing customers their privacy was "taken very seriously." If you read privacy policies, and most of us don't as they evolve to be more slippery, they are virtually identical in what they promise and admit to customer betrayal for "lawful interception compliance."
There are a few law firms which specialize in these misleading policies and write them to fit "acceptable industry standards." Think of the ex-NIST and ex-NSA experts now advising industry and government to issue regular scare stories about cyberthreats.
The privacy watchdogs and verification services fit right in with this flimflam -- all agree that officials have the right to violate privacy, "it's the law," and that ISPs and Internet operators must cooperate. You want privacy, do not use digital technology, but don't tell the gaga Internet user that.
So, if the cpunk greying beards are right, the encryption battle of the 1990s was lost, not won. Pretending to have won is exactly what was agreed to develop the market for "unbreakable" crypto.
One of the cpunks on the panel said the encryption battle was not only lost, but now some of the proponents of public comsec are now happily making money by keeping the snake oil protection racket alive and well. Wikileaks was cited as an example but far from alone, financial data protection leads the pack of misrepresentation.
My private report explains all this in detail and what to do to get in on the windfall for a mere $250,000 per issue. Money back guarantee.