U.S. Wants to Make It Easier to Wiretap the Internet

[Tyler Durden]

Dunno. I think this assessment is overly pessimistic and, indeed, this very
miguided attempt by FBI to pass unenforceable legislation may indicate why.

I think there may be large and possibly enormous volumes of traffic now
flowing across private-ish P2P networks, many or all of which will be
reasonably darknettish.

Of course, the crypto isn't perfect but I don't get the sense that NSA shares
a lot with FBI, but the sheer volume may be enough to worry the latter....who
knows what's mixed in that traffic? Who knows which of the files are actually
real or which are fake to cover covert transactions and whatnot.

Come to think of it, this may actually be a good scenario: Large volumes of
computationally difficult (but not intractable) encrypted traffic presenting
standard law enforcement with more than they can handle while meanwhile the
NSAs of the world with the resources jealously guarding their capabilities and
secrets, only sharing them in the most extrme of circumstances.

Seems to me a lot could be done inside those P2P networks. In fact, anything
needing very significant security could be hard-encrypted and then injected
and subsequently encrypted again with less secure methods with the rest of the
P2P traffic...this has the advantage of hiding the strength of encryption and
avoiding special notice from the outset.

In other words, "we" may not have won but the filesharers were driven there by
their own inevitable logic.

Or am I overly optimisitc here?

-TD

PS: Variola has been representin' on the issue on the BoingBoing boards.



> Date: Mon, 27 Sep 2010 11:05:04 -0400
> To: cypherpunks at al-qaeda.net
> From: jya at pipeline.com
> Subject: Re: U.S. Wants to Make It Easier to Wiretap the Internet
>
> Lucky Green, ex-PGP official, said recently at a history of cpunks
> panel that the principal disappointment of PGP.com was that too
> few individuals used encryption, and that most of its use was
> by corporations complying with customer privacy regulations
> not for comsec.
>
> With this in mind, individuals and corporations apparently do not
> see the need for comsec, so in that sense Eric Schmidt, Google
> apologist, is correct that privacy is not a big deal for those with
> nothing to hide.
>
> Phil Zimmermann, also on the panel, said nothing about PGP,
> said he has moved on to a secure phone development.
>
> The consensus was that Internet security was dead in the
> water, only snake oil was successful at convincing customers
> their privacy was "taken very seriously." If you read privacy
> policies, and most of us don't as they evolve to be more slippery,
> they are virtually identical in what they promise and admit
> to customer betrayal for "lawful interception compliance."
>
> There are a few law firms which specialize in these misleading
> policies and write them to fit "acceptable industry standards."
> Think of the ex-NIST and ex-NSA experts now advising
> industry and government to issue regular scare stories about
> cyberthreats.
>
> The privacy watchdogs and verification services fit right in
> with this flimflam -- all agree that officials have the right to
> violate privacy, "it's the law," and that ISPs and Internet
> operators must cooperate. You want privacy, do not use
> digital technology, but don't tell the gaga Internet user that.
>
> So, if the cpunk greying beards are right, the encryption battle
> of the 1990s was lost, not won. Pretending to have won is
> exactly what was agreed to develop the market for "unbreakable"
> crypto.
>
> One of the cpunks on the panel said the encryption battle
> was not only lost, but now some of the proponents of public
> comsec are now happily making money by keeping the snake
> oil protection racket alive and well. Wikileaks was cited as
> an example but far from alone, financial data protection leads
> the pack of misrepresentation.
>
> My private report explains all this in detail and what to do to
> get in on the windfall for a mere $250,000 per issue. Money
> back guarantee.