----- Forwarded message from John Gilmore <gnu@toad.com> ----- Date: Fri, 06 Sep 2013 19:13:17 -0700 From: John Gilmore <gnu@toad.com> To: Paul Hoffman <paul.hoffman@vpnc.org> Cc: Andy Steingruebl <steingra@gmail.com>, "cryptography@metzdowd.com List" <cryptography@metzdowd.com> Subject: Re: [Cryptography] NSA hates sunshine
As of Jan-2014 CAs are forbidden from issuing/signing anything less than 2048 certs.
For some value of "forbidden". :-)
Yeah, just like employees at big companies are "forbidden" to reveal how they are collaborating with NSA. Years ago I heard what happened when George Davida filed a patent on something related to encryption, all the way back in 1978, and eventually received a communication from the government telling him that his patent was subject to patent secrecy, that it would never issue, and that he could not even tell anyone that it had been suppressed, nor could he ever tell anyone how his invention worked. In theory, the law was all on the NSA's and the patent office's side. But in fact, they were in a very weak position. Instead of acquiescing, Davida shouted it to the housetops, engaged the press and his university about censorship of academic freedom, involved his Congressperson, etc. Within months, the secrecy order was rescinded. NSA hates sunshine. NSA secrecy relies on the cowardice of most people. Courage is all it takes to beat them. If NSA tries to shut you up, just shine a lot of attention on their attempt to shut you up. Spread the information that they are trying to suppress, far and wide. Send copies to a dozen random post-office boxes in different cities, asking the recipient to physically bring it in to their local newspaper. Leave your cellphone at home, then stash copies in places that you don't frequent, so that government agents can't come raid your house and office and steal all copies of what they're trying to suppress. In my case I posted something like this (a suppressed paper by Ralph Merkle) to Usenet, and it was suddenly on thousands of servers overnight. NSA habitually decides that the publicity that their activities get from any continued effort to suppress the information is FAR worse than the damage caused by the initial release of the info. Any efforts they make to shut you up, prosecute you, jail you, etc give you a perfect soapbox, and the attention of the news media and the public. Keep repeating the info, from your jail cell if necessary, and you're likely to win. Because if NSA relents, your revelations become "last week's news" and get a lot less public attention. When NSA found out I had copies of an early encryption tutorial that they considered classified (I was suing them under FOIA to get a copy, but then found copies in a public library), they first tried to persuade my lawyer to "bring in all the copies so we can secure them in a safe place". That's NSA-ese for "throw them down a deep hole where you'll never see them again". When we refused, and instead contacted the New York Times, which printed a story about the attempted suppression, NSA and DoJ buckled within one day. (Indeed, the way I found out they had suddenly declassified the document is that they called the NYT reporter to tell him. They never did tell me; I got the news from the reporter.) As part of suing the government, the Al Haramain foundation accidentally received a government report making it clear that the government had illegally wiretapped their phone calls. They noticed this but it took the government 60 days to notice. Unfortunately, instead of making hundreds of copies of the document, and spreading them all over the world and to the press, they did what the government asked, and destroyed all their copies of the document. Once all copies of the document were gone, NSA went to the court and claimed first that the whole thing was a state secret and couldn't proceed, and then second that the group didn't have any standing to challenge the wiretaps in court because Al Haramain (now) had zero evidence that the taps had even occurred. The foundation and their lawyers have literally spent years of work recovering from that one mistake, and only the kind indulgence of a smarter than average judge enabled their lawsuit to survive at all. See this story by one of their lawyers: http://www.salon.com/2008/07/09/alharamain_lawsuit/ Don't make the same mistake when NSA, or their minions at the FBI or FISA or DoJ come to threaten YOU to suppress information that came to you through no fault of your own. John Gilmore _______________________________________________ The cryptography mailing list cryptography@metzdowd.com http://www.metzdowd.com/mailman/listinfo/cryptography ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> http://leitl.org ______________________________________________________________ ICBM: 48.07100, 11.36820 http://ativel.com http://postbiota.org AC894EC5: 38A5 5F46 A4FF 59B8 336B 47EE F46E 3489 AC89 4EC5