I don't see any technical/cryptological way to defeat the proposed US law; it looks like a political problem that needs to be dealt with by political means.
Proliferation is a political means. Keep on proliferating, proliferate widely, proliferate fast, get all your friends and business on it, get the public on it, remove the capability for legacy plaintext, and embed and entrench crypto deeper than the Marianas. Also, call/visit/write your MP/congresscritter and give them your concerns about backdoors and your freedom/rights, your life being meta'd, recorded, analyzed and stored forever for no good reason (for which an interest in crypto and speech isn't one). Proliferate and speak! On Fri, Jul 25, 2014 at 5:24 PM, John Denker <jsd@av8n.com> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Today's Gomorrah Post has a long article in the "National Security" section:
Ellen Nakashima "Proliferation of new online communications services poses hurdles for law enforcement" http://www.washingtonpost.com/world/national-security/proliferation-of-new-o...
I see no particular reason to believe a single word of what it says. Virtually all of the evidence supporting the main conclusion is "according FBI officials and others" ... which puts it in the same category as the "stories" Judy Miller wrote for the New Ys Times in the runup to the Irag war. http://www.nytimes.com/2002/09/08/international/middleeast/08IRAQ.html?ex=1121140800&en=76eddceb628af81e&ei=5070
Positive reasons for disbelieving the main thrust of that story is that if the authorities want to search somebody's bedroom, they can still do it; they just (sometimes!) can't do it quite so cheaply. That can't do it without getting up from their comfy armchairs.
The article contradicts Bill Frantz's assumption that all present-day crypto is ineffective. I tend to disbelieve both extremes. I reckon any lock can be picked or drilled out /if somebody wants to badly enough/ ... but this does not mean that all locks are completely useless.
There is a companion article that lets the cat out of the bag:
Ellen Nakashima "The government wants to wiretap online communications — or in some cases hack them" http://www.washingtonpost.com/blogs/the-switch/wp/2014/07/25/the-government-...
Both articles appear to be part of a PR campaign to lay the groundwork for a new CALEA-on-steroids law that would reportedly require every ISP and every app developer to provide hooks to enable armchair/pushbutton wiretapping.
Before you say that such a law is impossible, especially in the context of open-source software, let me point out that most people on earth /already/ live under regimes where use (or even possession) of an unregistered encryption device is a serious crime.
I don't see any technical/cryptological way to defeat the proposed US law; it looks like a political problem that needs to be dealt with by political means.
Tangentially related: On 07/24/2014 09:13 PM, Peter Gutmann wrote:
[....] should be preserved somewhere as the standard response to the Rumpelstiltskin Defence ("you can't prove I'm using crypto/know the keys so you'll have to let me go"). This [imprisonment] perfectly sums up what will happen to anyone who wants to try the Rumpelstiltskin Defence in court.
I am certainly not an international lawyer, but we can all read the plain language of the law. Under the otherwise-Draconian UK RIP law, the Rumpelstiltskin defense is explicitly allowed: http://www.legislation.gov.uk/ukpga/2000/23/section/53
Also note that if such a defense is not possible, you are already a criminal, because of the encrypted "message" below, which you have already received. a) You don't know the decryption key, although nobody can prove that you don't. b) You cannot obtain the key from me or anyone else, because I destroyed the public key /before/ encrypting the message, although nobody can prove that I did. c) Furthermore I can tell you that the plaintext consisted of 512 bytes of high-grade randomness that wasn't seen or recorded, although nobody can prove that either.
I encourage you to forward my "message" to all your legislators, along with lots of similar messages.
To say the same thing in more constructive terms: This serves as an example of /cover traffic/. It allows you to say with complete sincerity that at least "some" of the data you hold is undecryptable.
Adversaries will have to consider the hypothesis that I'm engaging in some bizarre yet effective steganography, hiding a tree in the front row of the forest. Nobody can prove /or/ disprove this hypothesis.
- -----BEGIN PGP MESSAGE----- Version: GnuPG v1
hQIMA9jh5gIisxa+AQ//T8x3vgxCVqq6cCNln4TW5r8H6JeHqD1txxEy+jOiybvb mvdcut6uQQqu/eFkV06rK+1K5LoUWemqTpAgz/E7MKtNsvYv4gardebFLRDxgn3v WW01mc6XKqH+xpDoqabDN+Mc2jeQGhDD+fBBCMCePx/ca8iJ1gjVL93A3L+2AVan PJFsRsoCx8X/DoUpIQOqCm0XOJrS+anVTrSOdVSo4t/V4QF7yx+51yi4ro26eAz0 5vCm+afMQSMIvZcpK54LI+oWUITQGP8ZhD2+B5HsIUh9nmcZjRr5fK+edGe6tS3W aam0pQHWrkmyyjfKxNVfxK/aujrboHVybF9sP0tN8wUhFh7Tdj8F1e5EtPppXB/p DoC7O3SQ30HHCCeNSLMErMzsniw+fHmL6zoE/UnkAsQZ1HJvg/9OD/dxJP/BaMwr RUwG73wKPBp9m5ROs0tRopBNFcRXtM6hg/1i9ZE8IcbZcsgfcGwUdeo4qbYvhtyR XU1FfQRyIhW7KRXQeWFSmMS1AWYMl0fX6n02qTbTSmUY7bujdEpOH3Dz8ndSKsjK q0IWmXXcCpc9OGbiwSRhNgbxQBVu2tZ4ntk8vC+deM9itR7CMo94p95gvZQ9H7dU fTKHb28jel8Y7CL7MYfcXpeO/vZIsj9H5GnJc+pSOuY8ueR/rTauJZux2DlIrwbS 6QGqzHz6PaJ4NqoeyL7IiMJDNM4panzYqa4/Shfk3fiTol4FDLCdXMtT3V6eiPOn GKGjjpbZ/3FP9cJrepM5wuHaesWnyoDO96FYTmqNqgw31r3Cg5sn1JrL6hcguN1x CHc7mu5yTrft98pjk5olWaCyvqco0OqK3aID+IAKVJgfJV/2FWZE8KMpw+NvJosn g6UwwN4PMUpq+CGgPRyRx12RzyP8iFxp8J8D0nS8H+BMSOA/+E2Mny54zjFrDUsH amzFM9QlwCIrBQJ50V+OwTDzCnQVXlsbIV9kH6YaZDKo7vFIuyi7myr6mYttbh5o m6xgSNQMSLDabyvKQ9l1GX9pQGzR0KPQRR/yn/frQDLydz5qhVEWTwprwxwGSBa/ lVjLWTsYqqwl1SErI/FfTqJuWGSZUWqy2kUOzTmi5DA+tOvbspaghO5Aqxim/emG Sz0DoRcR74zgUNLAAzUN4aZIBxfsO9HSqIXq9I6fK4cT6VBMYKjaJh23Hf2qOiuA Z2g5nl+oT5CDzTlzzIMHZmCTkEjtNDAK+lb6SBCp8ScHcjafcm/cO9gNMV4+EBks PgEm1eutCEpOpGIOHjcsFV1ryZonB8U0VmbpsxqsDE1Y0l1u6bEUKTMeJoHfEeTe Q4wdo5LxbKt4LGQACopwX4NNdfupdPNT2SyiGCu7Vh+0P78+IEewbpRetW1KpNg3 MXWd7sWh2tnA9cRzPwYhvUtUsj0L/GXLOKO9bMH8qfivOnsp5lbRnr6KAKoqzn2L 3g== =OuR2 - -----END PGP MESSAGE----- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIVAwUBU9LLD/O9SFghczXtAQJedA//UoclobLIQI4cKNu2V/bNIxUxEGb71pXr QCQJJJQgMbK0kAE9pf6uFldur3m3kDOtPeQEx8AUZ4pS7YEPkE8mDrPxeohYi4i0 S1yp82EX3JEchZrMDgEveP4C8zqgLg38ie0idL72nPQo2o1D5BpfRFElVA72Z8A1 0A9ehua+B9f1g+QKo4wMzPqbfRsHIdOIRELkrniJfRfuIxLY6F4MuiIR5F1YLhJR TlVjsVUqEFduulO8yBF4A/4QZ1x6QzL47bUYigJwft3YNwbKNshrL8YPhMSgbdjB BQSoPf93h2RasxKczWalawmTbZaev4kIvBy3EV2S11oy85SqRkAHb/G4f0dq1xI3 Nc5WTWk+L0Im4Zh0+lqXrBucVvstDsrwEvDRztbrkNaey7p4HKWq+0JQ8zGKxZeq D4eQD/N89uZLnXV+Q0Gut1w0BHSn7jmYm7TiDiXwk9DBy49i88MYaHocjGtWmLUP tTSdunXAtOVfRPTJyL47mgbxgsDAyAHFN3CfhmN+PcjaUvrPTvlJ7g6ObdCiAGcr CEiqKU0QoZTQS9bCkXOeV5LhIvbeh/2P5Ft+4acAAG38oE4/VKJZ+ly49Du4HF6v LEQFDFJ03WbYRysPIX3J1Krgkza0/wm8Oy0Og27RVfSpVrOV+hPzmgCMURRYz0yS 21uL+NP/O+o= =spOA -----END PGP SIGNATURE----- _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography