def'n of "computer network"
Bet you 10-1 that "Computer Network" as implemented in the new bill will refer to any computing system that could possibly defend /itself/ through common carrier status. IE including small non-networked fringe BBSs that attempt to claim "common carrier" status. And many networks that don't claim common carrier status, too. The real solution to the crypto-legalization problem is anonymity. Seeing as I've not checked the bill out yet, nor am I a lawyer, I can't say what the implications for that are. If there are anti-remailer implications, the solution may be to build tools with "security flaws" (ie remailing capability). I know that this has been discussed before, but this is the time to implement it. Obviously, the information about the "security holes" will have to be spread widely, but the flaws will have to be built so deep in the design as to not be removable. In addition, now is the time to deploy stego, on a massive scale. How many stego programs have been released for Unix? Can these be integrated with mailing programs in the same way that PGP has been? What would be the legal liability of the maintainer of a common-carrier status system that had a guest account which had been (or based on the current legislation) could be used for anonymity/crypto stuff? If he's liable, does this mean that system administrators are liable for any potential security hole in their system that a random evil internet hacker uses to abuse another system? Hmmm... Usenet alt.binaries.pictures.barney + stego software + unmaintained 'guest' account on a random system = ??? Any lawyers? Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
Jon Lasser writes:
In addition, now is the time to deploy stego, on a massive scale.
I've said it before, and I'll say it again. My opinion is that stegonography "standards" are useless. Anyone can try unpeeling the GIFs and see if something interesting shows up inside. That means that the only useful stego suffers from the defect that symmetric key cryptography suffers from -- you have to have made serious pre-arrangements with the counterparty. Perry
On Thu, 13 Jul 1995, Perry E. Metzger wrote:
Jon Lasser writes:
In addition, now is the time to deploy stego, on a massive scale.
I've said it before, and I'll say it again.
My opinion is that stegonography "standards" are useless. Anyone can try unpeeling the GIFs and see if something interesting shows up inside. That means that the only useful stego suffers from the defect that symmetric key cryptography suffers from -- you have to have made serious pre-arrangements with the counterparty.
True, in that sense it's useless. But if it's PGP'd with a sufficient key, nobody can read it. If it's from a well-overused guest account, nobody can find who sent it. If the picture's not preceded with an identification of the intended recipient, and is posted in a public forum, then nobody knows who it's for. Especially if everyone has to read it in order to find out if it's for them. If PGP 3.0 has some sort of option to decrypt messages without PGP headers or footers, then the issue ceases to be relevant. Because you've stego'd already random-seeming material. If the stego program is integrated with PGP properly, you have public key stegonography. It's possible; just that somebody's gotta write the damned software. And I'm certainly not capable to do that. Yet. Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
Although I hardly oppose the construction of "headerless" cryptographic protocols, they make key management in any sort of a reasonable system a living hell. If you work for an organization maintaining a reasonable number of keys -- say a few hundred at some institution -- you will have to linearly search them to find which one is the right one. What a royal pain. Rapid deployment in ordinary software is, of course, preferable. Perry
On Thu, 13 Jul 1995, Perry E. Metzger wrote:
Although I hardly oppose the construction of "headerless" cryptographic protocols, they make key management in any sort of a reasonable system a living hell. If you work for an organization maintaining a reasonable number of keys -- say a few hundred at some institution -- you will have to linearly search them to find which one is the right one. What a royal pain.
Hmmm. no arguement. But seeing as it might all soon be illegal, I'd rather it be a possible pain than just plain impossible.
Rapid deployment in ordinary software is, of course, preferable.
It would seem that we may be approaching the criminalization of crypto. In which case we'd still be in trouble. Because they might criminalize the /use/ of crypto. Jon ------------------------------------------------------------------------------ Jon Lasser <jlasser@rwd.goucher.edu> (410) 494-3253 Visit my home page at http://www.goucher.edu/~jlasser/ You have a friend at the NSA: Big Brother is watching. Finger for PGP key.
By the way, I'm really sick of the naming schemes on these laws. Its only a matter of time before some 1984ish wag creates the "Omnibus Universal Love and Happiness Act of 1998" providing the death penalty for possessing trace quantities of marijuana or some such. The Orwellian names on some of these bills are simply astounding. Perry
Yeah I know what you mean. Like, it's gonna be, bust down your fuckin' door and some goon's gonna go, do you have a floppy disk in here? Lee. On Thu, 13 Jul 1995, Perry E. Metzger wrote:
By the way, I'm really sick of the naming schemes on these laws. Its only a matter of time before some 1984ish wag creates the "Omnibus Universal Love and Happiness Act of 1998" providing the death penalty for possessing trace quantities of marijuana or some such. The Orwellian names on some of these bills are simply astounding.
Perry
------------------------------------------------------------------------------ R. Leland Lehrman Phone: (203) 777-1827 God, Art, Technology and Ecology Research and Development
Perry writes: | > In addition, now is the time to deploy stego, on a massive scale. | | I've said it before, and I'll say it again. | | My opinion is that stegonography "standards" are useless. Anyone can | try unpeeling the GIFs and see if something interesting shows up | inside. That means that the only useful stego suffers from the defect | that symmetric key cryptography suffers from -- you have to have made | serious pre-arrangements with the counterparty. While you may be right that a standard for stego in part defeats the purpose of stego, the problem of not having some sort of standard means that people with non-standard platforms (for some definition of non-standard) will be shut out. Standards for interaction are useful, and if the thing being stego'd is stealth PGP'd, then I'm not sure that the data pulled out of a stego'd GIF need be any different than noise. Adam -- "It is seldom that liberty I Support The Phil of any kind is lost all at Zimmermann legal defense fund once." -Hume http://www.netresponse.com/zldf ------------------ PGP.ZIP Part [001/713] ------------------- M4$L#!!0````(`">9ZQX3(*,_DG8!`-JF`P`'````4$=0+D581>S;=UQ3U__X M\9M!$E8,TT@PJ$10$1=*41%WW`KX$=Q[M5KK`&R%(HH+(T.M"S>NME8K=31N M:A$[K+5(K:O5BE405ZE:1"3?UTW`:K_]\/G\?O_^?CX>3^_-S;GGO,^\`^@W ------------------------------------------------------------- for next chunk to export --> http://dcs.ex.ac.uk/~aba/export/
participants (4)
-
Adam Shostack -
Jon Lasser -
Perry E. Metzger -
The Gate