A Complete Guide To The New 'Crypto Wars' (dailydot.com) 68
blottsie writes: The latest debate over encryption did not begin with a court order demanding Apple help the FBI unlock a dead terrorist's iPhone. The new "Crypto Wars," chronicled in a comprehensive timeline by Eric Geller of the Daily Dot, dates back to at least 2003, with the introduction of "Patriot Act II." The battle over privacy and personal security versus crime-fighting and national security has, however, become a mainstream debate in recent months. The timeline covers a wide-range of incidents where the U.S. and other allied governments have tried to restrict citizens' access to strong encryption. The timeline ends with the director of national intelligence blaming NSA whistleblower Edward Snowden for advancing the spread of user-friendly, widely available strong encryption.
Tech Companies Making It Public (Score:5, Insightful)
Re:Tech Companies Making It Public (Score:4, Informative)
I don't think it has, and the summary's 2003 date is rather fucking arbitrary. What about DVD Jon's case in 2002? What about the clipper chip fiasco in the mid 1990s?
This is a battle that's been going on very publicly since the dawn of digital cryptography.
Re: (Score:2, Informative)
The Clipper Chip was never developed, it was just discussed by Sen. Al Gore in Washington... and it caused law enforcement types to go crazy. Everybody wants encryption for commerce and themselves, but government wants to intercept everything so they can review and then create charges. SSL went SOL years ago... time for something new on all sides.
Re: (Score:2)
Re: (Score:2)
Uhm, that's a 404.
Re: (Score:1)
Re: (Score:1)
Re: (Score:1, Informative)
The Clipper Chip was developed, and it was used by a number of places back in the 1990s for a brief time, as the US government was going to require anyone who does business with them use it.
It even goes before that, to 1990-1991, with two politicians making a bill to ban _all_ cryptography. PGP 1.0 was released at a stopgap.
Now, before the pogrom on encryption, one's security choices were lousy. Want FDE on the PC? Best you could get would be Stacker, with password protection set on the drive, which prov
Re: (Score:2)
They start with 2003, then they skip straight to 2007. And none of it is what they claim it is. If they'd started with the Clipper Chip they'd actually have right there the vast majority of events that include "[trying] to restrict citizens' access to strong encryption," because that was the only significant attempt.
The horse shit is so deep, they even claim that the FBI being called to testify in front of Congress is somehow relevant. People who pay any sort of loose attention to public events in Washingto
Blame it on Snowden !?!?!?! (Score:3)
Oh, that's just grand. I would blame the governments, who through their spying actions wake up folks and make them aware that they now need encryption. Otherwise, some government jerk will be reading their email . . . with the intention of stalking.
Oh, can the government maybe blame Global Warming and the Zika Virus on Snowden, as well . . . ?
Re: (Score:1)
Could be true. Let's see what he brings back from Russia.
Re: (Score:2)
or Stupid decisions had previsible consequences (Score:4, Insightful)
People are expected to learn at an age of around 4, that if you bite the kid next to you, he'll either bite you back or cry and make someone else punish you for the biting. Apparently, becoming a decision maker in the justice department, the FBI or the CIA, doesn't require having acquired such wisdom.
More seriously, though, the only realistic explanations to the imbecile behavior of American governance towards cryptography is probably a mix of a few lines of reasoning:
- "So what if my decisions of today have dire consequences in tomorrow's landscape? I won't be in power tomorrow, so I don't give a flying fuck."
- "I don't understand any technology beyond the automobile, and I really don't care. Just give me a way of invading privacy now and shut up."
- "So what if today's abuses of power make everyone use cryptography tomorrow? It will just be one more reason to abuse our power even more tomorrow. Everyone outside the 0.01% is a potential terrorist criminal revolutionary."
Re: (Score:2)
How does it feel to lay down in the gutter and wait for them to walk on you?
Re: (Score:2)
Kim Jung-Il, is that you?
Clearly not. If it was, his thoughts would have been communicated telepathically to your mind through his unicorn.
Re: (Score:2)
Kim Jong-Il died December 17, 2011. You might want to update your spam macros.
Re: (Score:1)
Cuz no body would b able 2 read it genius????
Longer than that, internationally (Score:1)
The Patriot act changed things for the worse, but I feel the timeline should look back further.
In France for example, the use of encryption was illegal until 1999 (and even worse before 1990). Sending an encrypted mail or encrypting a document could be punished with heavy fines and even jail sentences.
That law was changed after banks, among others, complained that it made it impossible to use the internet in a secure way.
So you could say that the discussion goes back to at least the end of the 90's. And pro
Re: (Score:3)
Phil Zimmerman and pgp in 1991
https://en.wikipedia.org/wiki/Phil_Zimmermann
Re: (Score:2)
I would say it goes back as far as the late 70s and things like the "New Directions in Cryptography" paper published by Whitfield Diffie and Martin Hellman (a paper the NSA didn't want published)
Re: (Score:2)
PATRIOT Act (spell it in all caps, it was an acronym) was passed in the dark period when news was too busy reporting 9/11 damage, and therefore there was no notice to the public that it was going to pass. Congress was smart and sunset the law... so anybody who now says "I can under the PATRIOT Act" needs to be told they lost their citation.
skipjack (Score:4, Informative)
Re: (Score:1)
Re: (Score:2)
It goes back earlier than that. I was invited to pay a visit to NSA at Fort Meade to explain my own home-rolled "CryptoMax" and "CryptoComm" encryption software products (I guess back around '87 or '88), a most interesting visit to say the least.
NSA was pretty insistent back then on hardware solutions, had no tolerance for software solutions at all. I imagine the cryppies were all clutching their chests when Dr. Dobbs Journal published an interesting article on RSA and public key algorithms way back in Th
Re: (Score:1)
What's old is new again (Score:4, Informative)
Or something. Crypto, by Stephen Levy, chronicles the first crypto war. Worth reading, for background, because this time, it's not "national security", it's kiddie porn and terrorists that are going to win if we don't give the Security Services the keys to everything. And, we should TOTALLY trust them to keep us safe.
Yeah, right.
http://www.stevenlevy.com/inde... [stevenlevy.com]
Re:What's old is new again 2 (Score:1)
Re:Crypto War (Score:4, Interesting)
So how many of you so-called geniuses ( Wiley Coyote ) have even begun to look at cryptology and math, and started to try to develop a few methods not of the usual sort? Maybe if a few hundred new encrypton algorithms were to suddenly pop-up, the governments would be a bit behind the curve of breaking them... and thus the race will go to the prolific instead off to the analytic... AND how many of you have begun to encrypt as much as possible? Just to ensure a good work load for the nosy buggers? ( I want my government workers to be busy...)
Somebody obviously thinks you're trolling. I suspect you are too; but I also think you're making a valid, (if somewhat exaggerated and inflammatory), argument for diversity and original research in encryption. Probably a worthwhile percentage of Slashdot members are actually capable of undertaking the work you suggest.
Also, their IS more safety in numbers - if everybody used encryption, there would be a more even balance of power between the people, and the government that is nominally of, by, and for them. Government agencies can have secure, private communications; citizens have the right to the same capability, and at the same degree of effectiveness. In fact, citizens should have the ability to pierce the government veil a lot more than is currently the case - but that's a whole 'nother argument.
Re: (Score:1)
Actually, I am not trolling. I firmly believe that more ( /.ers, OS programmers, EFF ) should be doing this. I am.
And the upshot is that the government will have to do more work to watch us, the citizens. Maybe enough that they will actually limit their snooping to terrorists
( although I doubt it, they do want to use it for drug investigations, kiddie porn and IRS searches for hidden money....).
Sometimes one must exaggerate and be inflammatory to get results.
Other times it is a dare ( triple-dipple-dog da
Re: (Score:3)
they still have not broken XOR and a one time pad.
Re: (Score:2)
They will never get the contents of my secret file /dev/random from me..... POWER TO THE PEOPLE!
Re:Crypto War (Score:4, Informative)
So how many of you so-called geniuses ( Wiley Coyote ) have even begun to look at cryptology and math, and started to try to develop a few methods not of the usual sort?
Wrong approach. If you want to improve the state of crypto, you need to start by learning to break crypto. Anyone can invent an encryption method, but unless you have invested a serious amount of time and skull-sweat into breaking ciphers, whatever you create will suck, terribly.
Maybe if a few hundred new encrypton algorithms were to suddenly pop-up, the governments would be a bit behind the curve of breaking them.
Your plan would make the government's job much, much easier, because the methods that people tend to come up with are mostly very closely related, and tend to all be based on independent reinvention of old ideas for which well-known cracking methods exist. In addition, you're solving a non-problem. We already have very good encryption algorithms, with zero evidence that the government can break them. Snowden's data actually confirms that if you use modern encryption algorithms correctly and manage the keys well, the NSA can't read your data.
What we need is more research into ways to make encryption easier to use correctly, not another gazillion crappy ciphers.
Re: (Score:2)
Re: (Score:2)
All of the major symmetric key crypto algorithms are just variations on the Feistel Network [wikipedia.org] structure going back to the early 70s.
AES (Rijndael) does not use a Feistel network, and neither does Serpent, another of the five AES finalists (Twofish, RC6 and MARS are based on Feistel networks).
Repeat history (Score:2)
"In order to defend the Constitution, we had to shred it."
Comment removed (Score:3)
Crypto wars go way back (Score:2)
The current round goes back to at least the exposure of PGP.
Re: (Score:2)
Re: (Score:1)
Re: (Score:1)
Re: (Score:2)
I had one of those - it's sadly fallen apart long since. I used to like wearing it through airports - never could get anyone to arrest me, though.
Re: (Score:2)
I had this shirt with the algorithm in Perl. I used to like wearing it in airports - never got any negative attention, though. Sadly, the shirt has gone the way of all things long ago.
Re: (Score:1)
Obviously, you missed the RSA Tattoos: Illegal Tattoos: RSA Tattoos [geekytattoos.com]
Several people obtained them when U.S. International Traffic in Arms Regulations (ITAR) banned export of cryptographic software with keys longer than 40 bits, making these tattoos "munitions". Apparently, no arrests were made.
In 1996, the ITAR restriction was ruled unconstitutional, instantly making all these tattoos "retro".
Re: (Score:2)
Yep, remember the 40-bit vs. 128-bit encryption browsers.
Re: (Score:1)
Yep, remember the 40-bit vs. 128-bit encryption browsers.
Yes. It was terrible. And we are STILL encountering fallout from that idiocy.
See SSL FREAK [wikipedia.org] vulnerability from last year.
More hyperbole (Score:2)
Pedantry (Score:5, Informative)
I'm sick and tired of hearing about "The debate between privacy and security." It's total bullshit. It's pretty hard to have security online without privacy. It's not a balance of one versus the other, one depends on the other. The US Government argues my case all the time when bitching about how when Snowden breached the government's privacy, he adversely affected national security.
This brings me to my next piece of pedantry: I'm tired of hearing about "National Security Issues." Terrorism, ISIS/ISIL/Daesh/IS/Whatever, Al Qaeda, Home Grown Terrorists, Lone Wolves, the Boston Marathon Bombers, etc... do not threaten the territorial integrity of the United States. There is no invasion and there never will be. The government isn't in danger of collapse. Terrorism is a PUBLIC SAFETY concern. Stop pretending otherwise. If we do that though, who is going to keep the money flowing in to the military/industrial complex?
Re: (Score:1)
Re: "...who is going to keep the money flowing in to the military/industrial complex?"
No one, and that's the pivotal issue. Terror, crime, and safety are the levers used by the security apparatus to gain ever more access to money, people, data, resources, professional status, and ego fulfillment. They take it for granted that they define what the interests of the state are.
Time was their predecessors understood the law, the constitution, civics and the balance of responsibilities. The current crop of le
Advancing the use of crypto (Score:1)
That would definitely make the man somewhat of a hero. He would be even more of a hero by his actions if they advance the purging of all incumbents from the House in November and replaced by independents.