Use crypto, face a death squad
There have been various rumours and comments over the past few years that the use of crypto in certain countries (Syria, Iraq, possibly China) is very dangerous for the end user, but very little actual evidence to substantiate this. About a week ago I got some evidence (well, something better than the usual rumours) on the situation with using crypto in Iraq which people might find interesting. I was talking to someone who worked for a large multinational corporation which maintains a comprehensive directory of who to contact in each country they operate in (basically every country on earth, this was before the gulf war so Iraq was included) for any kind of emergency. This consists of a huge file of data intended to cover every imaginable type of situation. Included in the information on Iraq was a comment to the effect that you should never, ever use any form of encryption when sending messages to the contact people there. He can't remember the exact details any more, but the implication was that any encrypted messages sent to them would result in them quietly disappearing. Since this was a very big company with a lot of sensitive information which it would go to great lengths to protect, I would assume they had very good reasons for advising against the use of crypto in this instance. Peter.
In message <87761312106967@cs26.cs.auckland.ac.nz> Peter wrote:
There have been various rumours and comments over the past few years that the use of crypto in certain countries (Syria, Iraq, possibly China) is very dangerous for the end user, but very little actual evidence to substantiate this. [snip, with reference to Iraq] He can't remember the exact details any more, but the implication was that any encrypted messages sent to them would result in them quietly dissapearing.
So a possible consequence of someone from Iraq being obnoxious on a mailing list, to someone in the know, could be several PGP-encrypted mails dumped in their inbox... A little extreme, for us gentles, but the threat should be effective. Of course, spamming every Iraqui email address you could find with encoded mail could cause a _lot_ of trouble. Tim G.
Tim Griffiths wrote:
In message <87761312106967@cs26.cs.auckland.ac.nz> Peter wrote:
There have been various rumours and comments over the past few years that the use of crypto in certain countries (Syria, Iraq, possibly China) is very dangerous for the end user, but very little actual evidence to substantiate this. [snip, with reference to Iraq] He can't remember the exact details any more, but the implication was that any encrypted messages sent to them would result in them quietly dissapearing.
So a possible consequence of someone from Iraq being obnoxious on a mailing list, to someone in the know, could be several PGP-encrypted mails dumped in their inbox... A little extreme, for us gentles, but the threat should be effective.
If email not encrypted to a Korrect Kompany Key is filtered 'from' the recipient's mbox, I imagine it would also be filtered 'to' another mbox, for signs of suspicious activity. e.g. - an encrypted message to the CEO of the company from "Corporate_Spy@your_competitor.com" with a subject heading such as, "Information received--money deposited to your account." Of course, if the message enclosed was a bunch of garbage, encrypted to the CEO's private key, and then slightly corrupted, then that would make it all the more suspicious, interesting, wouldn't it?
Of course, spamming every Iraqui email address you could find with encoded mail could cause a _lot_ of trouble.
Not that you're a troublemaker... C-Spy
At 7:25 PM -0700 10/23/97, Peter Gutmann wrote:
There have been various rumours and comments over the past few years that the use of crypto in certain countries (Syria, Iraq, possibly China) is very dangerous for the end user, but very little actual evidence to substantiate this. About a week ago I got some evidence (well, something better than the usual rumours) on the situation with using crypto in Iraq which people might find interesting. ... He can't remember the exact details any more, but the implication was that any encrypted messages sent to them would result in them quietly disappearing.
Sounds like an easy way to get rid of business competitors, enemies, etc. Just send them an encrypted message. If paranoid, use a remailer. As soon as some of those Islamic fundamentalists get on the Net, look out! By the way, when PGP Snoopware becomes more widespread, and companies start bouncing e-mail messages not properly encrypted to the Security Department's CMR key, I plan to start lobbing encrypted messages to random employees, marked "URGENT." Be interesting to then send them followups, "But didn't you get the message I marked "URGENT" for you? Well, it's too late now...." Monkeywrenching Snoopware is going to be _fun_. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
participants (4)
-
Corporate Spy -
pgut001@cs.auckland.ac.nz -
Tim Griffiths -
Tim May