News: "U.S. May Help Chinese Evade Net Censorship"
This report says the U.S. Gov't. has plans to make "SafeWeb," the Web proxy company it helped fund through the CIA, available to Chinese citizens who want to bypass their government's censorship. http://dailynews.yahoo.com/h/nm/20010830/wr/tech_china_internet_report_dc_1. html (I can already hear Aimee moaning about this anarchic undermining of the official Chinese government...until she realizes it has been blessed by a "legitimate" organ of the government.) So, what happens when Iran decides to finance systems in the U.S. to bypass U.S.G. censorship (e.g., of talk by freedom fighters)? Or when Denmark finances a system to bypass crackdowns on teen erotica in the U.S.? And so on. Here's a brief excerpt: Thursday August 30 3:23 AM ET U.S. May Help Chinese Evade Net Censorship -NYT NEW YORK (Reuters) - United States government agencies hope to finance an American-based computer network designed to thwart attempts by the Chinese government to censor the World Wide Web for users in China, the New York Times reported in its online edition on Thursday. .... According to the report, the agency is in advanced discussions with Safeweb, a small company based in Emeryville, California, which has received financing from the venture capital arm of the Central Intelligence Agency (news - web sites), In-Q-Tel. The discussions were confirmed by parties on both sides, the newspaper said. Safeweb currently runs its own worldwide network of about 100 privacy servers -- computers that help disguise what Web sites a user is seeking to view -- which are popular with users in China, according to the report. The newspaper said the privacy servers have been a continuing target for the Chinese government, which has blocked most of them in recent weeks.
At 09:01 AM 8/30/01 -0700, Tim May wrote:
This report says the U.S. Gov't. has plans to make "SafeWeb," the Web proxy company it helped fund through the CIA, available to Chinese citizens who want to bypass their government's censorship.
So, what happens when Iran decides to finance systems in the U.S. to bypass U.S.G. censorship (e.g., of talk by freedom fighters)? Or when Denmark finances a system to bypass crackdowns on teen erotica in the U.S.? And so on.
Yep. Note that its not all altruism/subversion; its also intelligence, the USG gets to monitor what the Chinese middle class are really interested in. Beyond what the spooks already know.
On Thursday, August 30, 2001, at 09:44 AM, David Honig wrote:
At 09:01 AM 8/30/01 -0700, Tim May wrote:
This report says the U.S. Gov't. has plans to make "SafeWeb," the Web proxy company it helped fund through the CIA, available to Chinese citizens who want to bypass their government's censorship.
So, what happens when Iran decides to finance systems in the U.S. to bypass U.S.G. censorship (e.g., of talk by freedom fighters)? Or when Denmark finances a system to bypass crackdowns on teen erotica in the U.S.? And so on.
Yep.
Note that its not all altruism/subversion; its also intelligence, the USG gets to monitor what the Chinese middle class are really interested in.
Beyond what the spooks already know.
And I have to wonder just how safe/untraceable SafeWeb is. If it's safe enough to protect Chinese dissidents against torture and execution, then it's safe enough to protect freedom fighters in America, Ireland, and ZOG-Occupied Palestine. On the other hand, maybe it's got a "Chinese bit," a Chinese trap door. After all, if it were truly safe/untraceable, with good crypto, then that same system could and would be used by Chinese apparatchniks (whatever the spelling) and PLA officers. The CIA wouldn't want that, now would they? Still, the "approval" of the U.S. Government of tools for freedom fighters should push the public debate a bit. Twits who argue that there are never any reasons for "hiding" see the reasons in front of them, laid out by the U.S.G. itself. (Not that any of this is at all new to anyone who has spent more than 5 minutes thinking about the issue. The history of man is the history of groups oppressing other groups, of satraps raping their people, of purges of entire ethnic groups. Anyone repeating the "what have you got to hide?" canard is not worth convincing.) This relates to the sweet spot argument. The "dollar ghetto" I talked about, where privacy providers yammer about protecting Web surfers from Pillsbury tracking their cookie preferences with cookies, so to speak, is just not very interesting or lucrative. Protecting Chinese dissidents from arrest and execution is pretty far to the right on that X-axis of "Value of Untraceability" I outlined. This was the original goal of ZKS, of course. (And of course of networks of digital mixes, of which the early Cypherpunks remailers were just an experimental instance of.) Alas, the marketing of such "dissident-grade untraceability" is difficult. Partly because anything that is dissident-grade is also pedophile-grade, money launderer-grade, freedom fighter-grade, terrorist-grade, etc. --Tim May
On Thu, Aug 30, 2001 at 10:02:54AM -0700, Tim May wrote: | Alas, the marketing of such "dissident-grade untraceability" is | difficult. Partly because anything that is dissident-grade is also | pedophile-grade, money launderer-grade, freedom fighter-grade, | terrorist-grade, etc. I think a larger problem is that we don't know how to build it. Once we build it, we may be able to market it. But when you look at building something for dissidents, you realize that you have very high stealth requirements, since using such software is likely to subject its users to rubber-hose, and harsher forms of attack. Productizing stealth systems is hard; the adversaries can take them apart and find discriminators. Not productizing stealth systems is risky; your custom systems are likely to be of different strengths, and the weak ones will provide your adversaries with training on how to attack the hard ones, as well as insight into how you're producing them. (See for example, Enigma, increasing rotors; One-time-pad, Soviet typewriters; British bingo cages.) Also worth reading is "Traffic Analysis Attacks and Trade-Offs in Anonymity Providing Systems" by Back, Muller and Stiglic, at http://crypto.cs.mcgill.ca/~stiglic/publications.html Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Thursday, August 30, 2001, at 11:07 AM, Adam Shostack wrote:
On Thu, Aug 30, 2001 at 10:02:54AM -0700, Tim May wrote: | Alas, the marketing of such "dissident-grade untraceability" is | difficult. Partly because anything that is dissident-grade is also | pedophile-grade, money launderer-grade, freedom fighter-grade, | terrorist-grade, etc.
I think a larger problem is that we don't know how to build it. Once we build it, we may be able to market it. But when you look at building something for dissidents, you realize that you have very high stealth requirements, since using such software is likely to subject its users to rubber-hose, and harsher forms of attack.
A quibble, but I would separate the stego aspect from the untraceability aspect. It is true that in certain regime--China, Afghanistan, Iran, Iraq, Saudi Arabia, etc.--sending and receiving encrypted packets will be ipso facto proof of guilt or at least grounds for hauling in for torture. Even stego in the ad banners, sound files, images, etc. will be problematic. This is the stego, or stealth, topic we all know about. (Aimee and Ray, cover your ears.) In regimes where something akin to the First Amendment provides unassailable protection against sending and receiving bits in a form not necessarily readable by snoops, providing untraceability is enough. Ignoring the stego/stealth side for this discussion, I certainly hope you at ZKS know how to build a dissident-grade untraceability system. If not, hard to see why 200 employees were hired and $60 million or so was raised. If ZKS colonizes the ghetto of "stopping Pillsbury from using cookies to track cookie preferences," then they will never make much money at all. In my opinion. Just too close to the low value of the graph. --Tim May
On Thu, Aug 30, 2001 at 11:36:56AM -0700, Tim May wrote: | On Thursday, August 30, 2001, at 11:07 AM, Adam Shostack wrote: | | > On Thu, Aug 30, 2001 at 10:02:54AM -0700, Tim May wrote: | > | Alas, the marketing of such "dissident-grade untraceability" is | > | difficult. Partly because anything that is dissident-grade is also | > | pedophile-grade, money launderer-grade, freedom fighter-grade, | > | terrorist-grade, etc. | > | > I think a larger problem is that we don't know how to build it. Once | > we build it, we may be able to market it. But when you look at | > building something for dissidents, you realize that you have very high | > stealth requirements, since using such software is likely to subject | > its users to rubber-hose, and harsher forms of attack. | | A quibble, but I would separate the stego aspect from the untraceability | aspect. It is true that in certain regime--China, Afghanistan, Iran, | Iraq, Saudi Arabia, etc.--sending and receiving encrypted packets will | be ipso facto proof of guilt or at least grounds for hauling in for | torture. Even stego in the ad banners, sound files, images, etc. will be | problematic. This is the stego, or stealth, topic we all know about. | (Aimee and Ray, cover your ears.) | | In regimes where something akin to the First Amendment provides | unassailable protection against sending and receiving bits in a form not | necessarily readable by snoops, providing untraceability is enough. Well, I'm glad you'd seperate it, but when you get down to constructing systems, you have to re-integrate it. And if you're talking about dissidents, you have to solve it really well. I wouldn't be comfortable saying "Yeah, use this and Bejing won't bother you" with anything less. Maybe you would. As far as not readable by the FBI/NSA, see the Back/Muller/Stiglic paper. As far as your opinions of our business, well, I'm really uninterested in getting into a pissing match with you. The reality is that customers and investors give us money tp produce privacy tools, and they, not you, are the ones I need to keep happy. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume
On Thursday, August 30, 2001, at 12:16 PM, Adam Shostack wrote:
As far as your opinions of our business, well, I'm really uninterested in getting into a pissing match with you. The reality is that customers and investors give us money tp produce privacy tools, and they, not you, are the ones I need to keep happy.
I was being quite calm was not "getting into a pissing match." If you react to comments about ZKS by saying people are pissing on you, I'd call you overly sensitive. And I certainly recall you yourself commenting on products from RSA and many other companies. --Tim May
Adam writes: As far as your opinions of our business, well, I'm really uninterested in getting into a pissing match with you. The reality is that customers and investors give us money tp produce privacy tools, and they, not you, are the ones I need to keep happy.
The reality is that people like may and lists like this one that may help your customers and investors understand what they are and aren't getting. For example, your investors probably don't realize that you can't use zks tools for more than x% (I'm guessing 45%) of the us consumer market right off the bat because of self-imposed operating restrictions of your products (if you're not fully compatible with aol mail and web browsing, you're missing much of your usa market...btw >85% of aol users use the internal aol browser not an external browser so I doubt they will figure out how to download let alone launch an external browser and follow your arcane load/unload/re-load aol usage instructions.) plus investors probably aren't aware that limiting outlook support to 'internet only' mode cuts your outlook customer base quite a bit (I haven't seen the latest figures, but I believe a large group of outlook users configure their software for corporate/workgroup mode.) and investors probably don't realize how complex (in my opinion) the software is to set up and operate -- I'm disappointed that you've not released usage figures that I could find easily on your website (both downloads and average customer lifespan for the standard or premium products)...are people rushing to use the products? oh, and a minor point, but how much further have you cut your market share by focusing only on w2k, w98 and wme? You should correct me if I've mis-analyzed the info provided on the zks website. Anyway I don't like criticizing products per se (every products has weaknesses), but I do think criticisms lead to more aware investors/customers and perhaps even better products in the future. So in a sense it's helpful to listen to commentary from may or lists like this one.
On Thursday, August 30, 2001, at 11:36 AM, Tim May wrote:
In regimes where something akin to the First Amendment provides unassailable protection against sending and receiving bits in a form not necessarily readable by snoops, providing untraceability is enough.
I meant either "unassailable protection against outlawing sending and receiving bits..." or "unassailable protection for sending and receving bits..." (Caught in the middle of an edit...) --Tim May
From News Of the Weird: ...the Alcoholics Anonymous chapter in Milwaukee still does not know who the man was who collapsed and died during a meeting on May 23 (because those attending meetings usually do so anonymously). [St. Louis Post-Dispatch-AP, 6-3-01]
At 10:02 AM 8/30/01 -0700, Tim May wrote:
Alas, the marketing of such "dissident-grade untraceability" is difficult. Partly because anything that is dissident-grade is also pedophile-grade, money launderer-grade, freedom fighter-grade, terrorist-grade, etc.
--Tim May
How about a marketing/psyop campaign promoting "Mistress Grade" crypto, and get licensing rights for the Chandra Levy images... or "Congressional-Diary Grade" crypto if Packwood will do cameos...
participants (5)
-
Adam Shostack -
David Honig -
Peter Wayner -
Phillip H. Zakas -
Tim May