[Cryptography] propaganda on "hurdles for law enforcement"

John Denker jsd at av8n.com
Fri Jul 25 17:24:32 EDT 2014 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Today's Gomorrah Post has a long article in the "National Security"
section:

  Ellen Nakashima
  "Proliferation of new online communications services 
   poses hurdles for law enforcement"
  http://www.washingtonpost.com/world/national-security/proliferation-of-new-online-communications-services-poses-hurdles-for-law-enforcement/2014/07/25/645b13aa-0d21-11e4-b8e5-d0de80767fc2_story.html

I see no particular reason to believe a single word of what
it says.  Virtually all of the evidence supporting the main
conclusion is "according FBI officials and others" ... which 
puts it in the same category as the "stories" Judy Miller 
wrote for the New Ys Times in the runup to the Irag war.
  http://www.nytimes.com/2002/09/08/international/middleeast/08IRAQ.html?ex=1121140800&en=76eddceb628af81e&ei=5070

Positive reasons for disbelieving the main thrust of that
story is that if the authorities want to search somebody's
bedroom, they can still do it;  they just (sometimes!) can't 
do it quite so cheaply.  That can't do it without getting 
up from their comfy armchairs.

The article contradicts Bill Frantz's assumption that all
present-day crypto is ineffective.  I tend to disbelieve
both extremes.  I reckon any lock can be picked or drilled
out /if somebody wants to badly enough/ ... but this does
not mean that all locks are completely useless.


There is a companion article that lets the cat out of the
bag:

  Ellen Nakashima
  "The government wants to wiretap online communications
  — or in some cases hack them"
  http://www.washingtonpost.com/blogs/the-switch/wp/2014/07/25/the-government-wants-to-wiretap-social-media-or-even-hack-it/

Both articles appear to be part of a PR campaign to lay
the groundwork for a new CALEA-on-steroids law that would
reportedly require every ISP and every app developer to 
provide hooks to enable armchair/pushbutton wiretapping.

Before you say that such a law is impossible, especially
in the context of open-source software, let me point out
that most people on earth /already/ live under regimes
where use (or even possession) of an unregistered encryption
device is a serious crime.

I don't see any technical/cryptological way to defeat the
proposed US law;  it looks like a political problem that 
needs to be dealt with by political means.

Tangentially related: On 07/24/2014 09:13 PM, Peter Gutmann 
wrote:
> [....] should be preserved somewhere as the standard response to the 
> Rumpelstiltskin Defence ("you can't prove I'm using crypto/know the
> keys so you'll have to let me go"). This [imprisonment] perfectly
> sums up what will happen to anyone who wants to try the
> Rumpelstiltskin Defence in court.

I am certainly not an international lawyer, but we can all read 
the plain language of the law.  Under the otherwise-Draconian
UK RIP law, the Rumpelstiltskin defense is explicitly allowed:
  http://www.legislation.gov.uk/ukpga/2000/23/section/53

Also note that if such a defense is not possible, you are already 
a criminal, because of the encrypted "message" below, which you 
have already received. 
 a) You don't know the decryption key, although nobody can prove 
  that you don't.
 b) You cannot obtain the key from me or anyone else, because 
  I destroyed the public key /before/ encrypting the message, 
  although nobody can prove that I did.
 c) Furthermore I can tell you that the plaintext consisted of 
  512 bytes of high-grade randomness that wasn't seen or recorded, 
  although nobody can prove that either.

I encourage you to forward my "message" to all your legislators,
along with lots of similar messages.

To say the same thing in more constructive terms: This serves 
as an example of /cover traffic/.  It allows you to say with 
complete sincerity that at least "some" of the data you hold 
is undecryptable.

   Adversaries will have to consider the hypothesis that I'm 
   engaging in some bizarre yet effective steganography, hiding 
   a tree in the front row of the forest.  Nobody can prove /or/ 
   disprove this hypothesis.


- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1

hQIMA9jh5gIisxa+AQ//T8x3vgxCVqq6cCNln4TW5r8H6JeHqD1txxEy+jOiybvb
mvdcut6uQQqu/eFkV06rK+1K5LoUWemqTpAgz/E7MKtNsvYv4gardebFLRDxgn3v
WW01mc6XKqH+xpDoqabDN+Mc2jeQGhDD+fBBCMCePx/ca8iJ1gjVL93A3L+2AVan
PJFsRsoCx8X/DoUpIQOqCm0XOJrS+anVTrSOdVSo4t/V4QF7yx+51yi4ro26eAz0
5vCm+afMQSMIvZcpK54LI+oWUITQGP8ZhD2+B5HsIUh9nmcZjRr5fK+edGe6tS3W
aam0pQHWrkmyyjfKxNVfxK/aujrboHVybF9sP0tN8wUhFh7Tdj8F1e5EtPppXB/p
DoC7O3SQ30HHCCeNSLMErMzsniw+fHmL6zoE/UnkAsQZ1HJvg/9OD/dxJP/BaMwr
RUwG73wKPBp9m5ROs0tRopBNFcRXtM6hg/1i9ZE8IcbZcsgfcGwUdeo4qbYvhtyR
XU1FfQRyIhW7KRXQeWFSmMS1AWYMl0fX6n02qTbTSmUY7bujdEpOH3Dz8ndSKsjK
q0IWmXXcCpc9OGbiwSRhNgbxQBVu2tZ4ntk8vC+deM9itR7CMo94p95gvZQ9H7dU
fTKHb28jel8Y7CL7MYfcXpeO/vZIsj9H5GnJc+pSOuY8ueR/rTauJZux2DlIrwbS
6QGqzHz6PaJ4NqoeyL7IiMJDNM4panzYqa4/Shfk3fiTol4FDLCdXMtT3V6eiPOn
GKGjjpbZ/3FP9cJrepM5wuHaesWnyoDO96FYTmqNqgw31r3Cg5sn1JrL6hcguN1x
CHc7mu5yTrft98pjk5olWaCyvqco0OqK3aID+IAKVJgfJV/2FWZE8KMpw+NvJosn
g6UwwN4PMUpq+CGgPRyRx12RzyP8iFxp8J8D0nS8H+BMSOA/+E2Mny54zjFrDUsH
amzFM9QlwCIrBQJ50V+OwTDzCnQVXlsbIV9kH6YaZDKo7vFIuyi7myr6mYttbh5o
m6xgSNQMSLDabyvKQ9l1GX9pQGzR0KPQRR/yn/frQDLydz5qhVEWTwprwxwGSBa/
lVjLWTsYqqwl1SErI/FfTqJuWGSZUWqy2kUOzTmi5DA+tOvbspaghO5Aqxim/emG
Sz0DoRcR74zgUNLAAzUN4aZIBxfsO9HSqIXq9I6fK4cT6VBMYKjaJh23Hf2qOiuA
Z2g5nl+oT5CDzTlzzIMHZmCTkEjtNDAK+lb6SBCp8ScHcjafcm/cO9gNMV4+EBks
PgEm1eutCEpOpGIOHjcsFV1ryZonB8U0VmbpsxqsDE1Y0l1u6bEUKTMeJoHfEeTe
Q4wdo5LxbKt4LGQACopwX4NNdfupdPNT2SyiGCu7Vh+0P78+IEewbpRetW1KpNg3
MXWd7sWh2tnA9cRzPwYhvUtUsj0L/GXLOKO9bMH8qfivOnsp5lbRnr6KAKoqzn2L
3g==
=OuR2
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIVAwUBU9LLD/O9SFghczXtAQJedA//UoclobLIQI4cKNu2V/bNIxUxEGb71pXr
QCQJJJQgMbK0kAE9pf6uFldur3m3kDOtPeQEx8AUZ4pS7YEPkE8mDrPxeohYi4i0
S1yp82EX3JEchZrMDgEveP4C8zqgLg38ie0idL72nPQo2o1D5BpfRFElVA72Z8A1
0A9ehua+B9f1g+QKo4wMzPqbfRsHIdOIRELkrniJfRfuIxLY6F4MuiIR5F1YLhJR
TlVjsVUqEFduulO8yBF4A/4QZ1x6QzL47bUYigJwft3YNwbKNshrL8YPhMSgbdjB
BQSoPf93h2RasxKczWalawmTbZaev4kIvBy3EV2S11oy85SqRkAHb/G4f0dq1xI3
Nc5WTWk+L0Im4Zh0+lqXrBucVvstDsrwEvDRztbrkNaey7p4HKWq+0JQ8zGKxZeq
D4eQD/N89uZLnXV+Q0Gut1w0BHSn7jmYm7TiDiXwk9DBy49i88MYaHocjGtWmLUP
tTSdunXAtOVfRPTJyL47mgbxgsDAyAHFN3CfhmN+PcjaUvrPTvlJ7g6ObdCiAGcr
CEiqKU0QoZTQS9bCkXOeV5LhIvbeh/2P5Ft+4acAAG38oE4/VKJZ+ly49Du4HF6v
LEQFDFJ03WbYRysPIX3J1Krgkza0/wm8Oy0Og27RVfSpVrOV+hPzmgCMURRYz0yS
21uL+NP/O+o=
=spOA
-----END PGP SIGNATURE-----

More information about the cryptography mailing list