On Mon, Jul 06, 1998 at 10:46:27AM -0400, John Young wrote:

Could this technology to be covertly placed in all keyboards for activation say, by remote control, or via a program/device on the Internet?

Recall the various proposals for putting hardware encryption in keyboards, with the possibility of covert GAK.

John, I have on occasion mentioned on the net the possibility of doing this via secret back doors in Microsoft OS kernels (W98/NT), backdoors hidden by encrypted code (and that damn new WIPO treaty) that would only be decrypted inside the CPU using a chip key not available to the user. Given passage of WIPO I fully expect such technology to become common as a means of copyright protection with very severe penalties for those who would chose to peek inside the "technological means" or alter it in any way. And once one has created this secret space inside the core OS and protected it by draconian criminal laws, it doesn't take much for someone to add a little extra feature in there that logs and transmits back to Big Brother user keystrokes or keys used with the encryption routines or other such privilaged and private user information. This could be added by the FBI or by Microsoft under federal pressure (which they certainly are). And interfering with or disconnecting this nice little brother feature might well be considered to be tampering with a "technological means" of copyright protection and subject the user to 5 years in prison. Certainly public dissemination of tools and information (such as code listings) that would allow access to and alteration of this secret space would very likely result in criminal prosecution, even if such legal action was not common for individual users. In fact, under WIPO it would already be illegal to just disassemble and debug the relevant part of the OS to check to see if there was code in there to log and report keystrokes even if it was not encrypted or otherwise protected. And no doubt at all but that the rights enforcement software will be encrypted and otherwise protected just to make sure that anyone tampering with it or even just examining it for security flaws (such as keystroke recorders) would clearly be flagrantly violating WIPO in an unambiguous as possible way. What this means is that due to well meaning anti piracy measures carried to extremes - WIPO , it is likely to be impossible for a user of standard shrink wrapped commercial software to legally vet that software to determine that it does not contain deliberate (courtesy the FBI) means to grossly compromise the security of information on his computer system. He will have no legal recourse but to trust the provider of the software, as even the analysis required to prove such a deliberate security hole exists would be serious federal felonies... One wishes that Congress would see the light and allow circumvention of copyright protections for legitimate security analysis and audits (and for any purpose which would be construed as fair use under copyright law), but so far this hasn't happened. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18