Discourse.net

Geek Valentines

Romantic Cryptography.

From the abstract:

We show how Alice and Bob can establish whether they love each other, but without the embarrassement of revealing that they do if the other party does not share their feelings.

(Via Light Blue Touchpaper)

We Predicted This Would Happen: Man Jailed in UK for Failing to Disclose Passphrase

UK jails schizophrenic for refusal to decrypt files.

In the UK under the odious Regulation of Investigatory Powers Act (RIPA), if you are served with an order to disclose a passphrase to an encrypted file and you don't, you're guilty.

We saw this coming ten years ago,

Caspar Bowden, director of the Foundation for Information Policy Research, said ministers still had the power to reintroduce such “objectionable proposals” later as regulations. He said two new offences in the bill raised serious civil liberties concerns:

“The bill will give police the power to demand decryption keys from anyone they suspect of possessing them, and failure to hand keys over can lead to a two-year jail sentence.

“Defendants will be presumed guilty of withholding a key unless they can prove otherwise, a likely contravention of the European Convention on Human Rights, and decryption notices will be secret, so it will be impossible to complain effectively if they are used in an oppressive way.”

A “tipping-off” offence could prevent innocent associates from complaining publicly, with a penalty of five-years imprisonment, he added.

The National Council for Civil Liberties took a similar line. Liberty's Director, John Wadham, said :

“These powers are too sweeping, and in some respects problematic. It's difficult to discern quite how an individual could prove that they didn't have a key: you can't prove a negative. This reversal of the burden of proof may well infringe the right to a fair trial. The indefinite gagging order on any individual whose e-mail has been intercepted is extraordinary.”

…

A Home Office spokeswoman denied the bill would mean defendants being presumed guilty. “The bill doesn't reverse the onus of proof, the authorities still have to prove that an offence has been committed for it to get off the ground,” she said.

What Sir Humphrey didn't tell the reporter, of course, is that the relevant “offence” is not disclosing the passphrase, not some underlying crime — of which in this case there is no evidence, although the defendant certainly has issues. But there's evidence that he didn't disclose his passphrase, and that is all it takes to jail him for nine months.

Hal Finney Is Brave. Very Brave.

Hal Finney is not a household name, although he is a Name in one of the communities I have inhabited, the crypto/cypherpunk community.

Now, it transpires, Hal is not just a very smart guy, he is a pretty heroic guy. In Less Wrong: Dying Outside, he writes movingly and bravely about his recent diagnosis with Lou Gehrig's disease (AKA Amyotrophic Lateral Sclerosis or ALS). That is what Steven Hawking has, and it leaves you paralyzed, unable even to breath without mechanical assistance.

Patients lose the ability to talk, walk, move, eventually even to breathe, which is usually the end of life. This process generally takes about 2 to 5 years.

There are however two bright spots in this picture. The first is that ALS normally does not affect higher brain functions. I will retain my abilities to think and reason as usual. Even as my body is dying outside, I will remain alive inside.

The second relates to survival. Although ALS is generally described as a fatal disease, this is not quite true. It is only mostly fatal. When breathing begins to fail, ALS patients must make a choice. They have the option to either go onto invasive mechanical respiration, which involves a tracheotomy and breathing machine, or they can die in comfort. I was very surprised to learn that over 90% of ALS patients choose to die.

Hal is planning on joining the 10%. And to make the best of it. How many people could write, sincerely, as he does in response to comments on his original announcement,

Everybody with ALS talks about how terrible it is, all the things you can't do any more. But nobody seems to notice that there are all these things you get to do that you've never done before. I've never used a power wheelchair. I've never controlled a computer with my eyes. I've never had a voice synthesizer trained to mimic my natural voice. If I told people on the ALS forums that I was looking forward to some of this, they'd think I was crazy. Maybe people here will understand.

I understand, but I don't know that I have it in me to be so brave.

AES Explained in a Cartoon

Note to self. Save this for the next time I have to teach crypto to lawyers.

Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)

Good Advice for Edgy Demos in Talks: Be Patient

This guest posting ex-cypherpunk mordaxus at Emergent Chaos gets how judges think. And uses the word “gedanken” properly. Must be someone I know. The “gedanken” limits the field some too.

Emergent Chaos: The Punch Line Goes at the End

Last year, the big cancellation was the team of MIT students who broke the Boston MBTA Charlie Card system. There was a legal injunction put against them that spoilt their presentation. The fault, in my opinion went to them for naming their talk, “How To Get Free Subway Rides For Life.”

Imagine that you are a judge who is interrupted from an otherwise pleasant Saturday by panicky people who want an injunction against a talk with such a dramatic NAME, you ll at least listen to them. You decide that sure, no harm to society will come from an injunction from Saturday til Monday, and you d be right. No harm came to society, DefCon was merely a little less interesting.

Now imagine that you are the same judge and you re asked for an injunction against the talk, A Practical Cryptanalysis of the Mifare Chip as Implemented in the MBTA. That one can wait until Monday, and the talk goes on.

In a similar gedanken experiment, imagine that you are the VP of Corporate Communications for the XYZ ATM Corp. You learn that in a few weeks, someone is going to do ATM Jackpot with one of your ATMs in some show in Vegas. Despite the fact that someone else in the company approved it, what do you? You pressure them to cancel. Duh. If you don t, then you re going to spend most of August reassuring people about your products, your boss is going to be really ticked at you after all, isn t it the job of Corporate Communications to control these things? , and it s just going to be no fun. This is also why you re paid the big bucks, to make embarrassments go away.

This is why if you are a researcher, you do not NAME your talk, ATM Jackpot you NAME it Penetration Testing of Standalone Financial Services Systems. It is only on stage that you fire up the flashing lights and clanging bells and make the ATM spit out C-notes for minutes on end. That would get you all the publicity for your talk that you want, and you actually get to give it. Remember, do as I say, not as I do. If you have a flashy Black Hat talk, put the punch line at the end of the joke.

But impressed as I am with the acuity of the analysis, I'd like to know why the site caused a cross-site scripting attack warning to come up when I auto-pasted the above into my blog. First time ever that has happened.

Someone Could Make Money on This

There's clearly a business model here for a multi-national legal partnership willing to provide this service at commodity prices.

Tales from the encrypt: the secrets of data protection | Technology | guardian.co.uk

But what if I were killed or incapacitated before I managed to hand the passphrase over to an executor or solicitor who could use them to unlock all this stuff that will be critical to winding down my affairs – or keeping them going, in the event that I'm incapacitated? I don't want to simply hand the passphrase over to my wife, or my lawyer. Partly that's because the secrecy of a passphrase known only to one person and never written down is vastly superior to the secrecy of a passphrase that has been written down and stored in more than one place. Further, many countries's laws make it difficult or impossible for a court to order you to turn over your keys; once the passphrase is known by a third party, its security from legal attack is greatly undermined, as the law generally protects your knowledge of someone else's keys to a lesser extent than it protects your own.

…

Finally, I hit on a simple solution: I'd split the passphrase in two, and give half of it to my wife, and the other half to my parents' lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife's half of the passphrase is useless without the lawyer's half (and she's out of reach of a Canadian court order). If a situation arises that demands that my lawyer get his half to my wife, he can dictate it over the phone, or encrypt it with her public key and email it to her, or just fly to London and give it to her.

As simple as this solution is, it leaves a few loose ends: first, what does my wife do to safeguard her half of the key should she perish with me? The answer is to entrust it to a second attorney in the UK (I can return the favour by sending her key to my lawyer in Toronto). Next, how do I transmit the key to the lawyer? I've opted for a written sheet of instructions, including the key, that I will print on my next visit to Canada and physically deliver to the lawyer.

Someone could package this. There would be some details to work out, especially how best to transport the data (internet? post? special encrypted usb sticks?), but it could be done.

More on the Joys of Weak Passphrases

Emergent Chaos: This Data Will Self-Destruct in 5 Seconds is a fine chaser to Pentagon Media Strategy Document Decrypted Due to Weak Passphrase.

Pentagon Media Strategy Document Decrypted Due to Weak Passphrase

RISKS Digest, Wikileaks cracks key NATO document on Afghan war

Wikileaks has cracked the encryption a key NATO document relating to the war in Afghanistan. The document, titled “NATO in Afghanistan: Master Narrative”, details the key facts and themes NATO representatives are to give—and to avoid giving—to the world press.

Among the revelations … is Jordan's presence as secret member of the US lead occupation force.

…

The password is “progress”, which perhaps reflects the Pentagon's desire to stay on-message, even to itself.

Wikileaks identified four other documents on the Pentagon web site with the same password.

Remember: strong crypto isn't much use if you have a weak passphrase.

Skype Security Considerations

Financial Cryptography: Skype: the gloss is losing its shine has lots of food for thought.

I just wish financialcryptography.com would format its RSS feed in a way my reader could parse better…

So Much for Safe Browsing (Temporarily)

Via Ed Felton, news of a medium-sized bombshell in Researchers Show How to Forge Site Certificates:

Today at the Chaos Computing Congress, a group of researchers (Alex Sotirov, Marc Stevens, Jake Appelbaum, Arjen Lenstra, Benne de Weger, and David Molnar) announced that they have found a way to forge website certificates that will be accepted as valid by most browsers. This means that they can successfully impersonate any website, even for secure connections.

This is a big deal. But as Ed explains, it is based on an making worse a known weakness in the “MD5 with RSA” hashing algorithm. It can be fixed by having Equifax, which uses this now shown-to-be-insecure hast, replace the hash with something better. And having Equifax (and anyone else using it) revoking all existing certs based on this now vulnerable hash. (Which will cause a new wave of people ignoring security warnings…)

And, as Ed wisely notes,

… this is a sobering reminder that the certification process that underlies web site authentication —- a mechanism we all rely upon daily —- is far from bulletproof.

Does Using PGP Mark You as a Criminal?

Does encrypting your data with PGP tend to show that you are a member of a criminal organization? That's what this article, Infoshop News - Repression in Austria over PGP keys, alleges is the view of the Austrian police.

I'd need to know a lot more to form a view of how accurate these claims (by “anonymous” no less) are. Might be nothing to it.

I mention it because it's an interesting issue, and one that's sure to come up again elsewhere, in similar guises.

I can see how if parties are communicating by encrypted email (or otherwise) with someone known or suspected to be a member of a gang, then by ordinary principles of traffic analysis, police might decide they were worth knowing more about. The use of encryption on stored data, however, does not by itself suggest people are anything other than prudent.

The "Security Mindset" and "Thinking Like a Lawyer"

One of my favorite security gurus, Bruce Schneier, has an entertaining and yet infuriating article on The Security Mindset in which he tries to explain how security professionals think differently from other engineers.

SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”

Really, we can't help it.

This kind of thinking is not natural for most people. It's not natural for engineers. Good engineering involves thinking about how things can be made to work.

It's fun and you should read the whole thing.

But it's also a bit frustrating — because Bruce restricts his discussion to how engineers think. To me, what he is describing is a big part of “thinking like a lawyer”. And when Bruce asks whether this sort of demented worldview, one in which you shake things to see how they break, can be taught, I think, “Hell, yes: I've been doing it for years.”

Most lawyers don't have the math to be a cryptographer or the technical chops to do security analysis of a complex program. But good lawyers — whether transactional or litigation oriented — do have a “security mindset”: A big part of learning to 'think like a lawyer' is learning again and again how things broke. That equips you to try to build things that won't break (or at least won't break in old ways); it also trains you how to break them.

Microsoft Acquires Credentica's U-prove

Big news to the folks who care about such things: Microsoft acquires Credentica's U-prove technology.

Bravo to Stefan.

Map of International Crypto Law

Map of international crypto law (plus some information security law) built using google maps.

Mozy Understands How to Write Warnings

Online backup provider Mozy.com offers 2GB of free storage to the home user.

You can use their encryption key — which means it's recoverable: they have a backdoor if you loose lose it, or if someone else turns up with a subpoena — or you can grow your own.

I chose the latter. Which produced this great warning pop-up:

I understand that if I ever lose this key, that neither I nor MozyHome will be able to decrypt my data and I will be hosed.

I clicked “yes”.

(Only later did I find out that Mozy will only backup files resident on a fixed disk. I wanted to back up my USB drive. Oh well. At least I got a laugh.)

NYT Does Encryption and the 5th Amendment

Adam Liptak, who has been on a roll lately, has another great “Sidebar” in today's NYT entitled, If Your Hard Drive Could Testify …. The article quotes me and Orin Kerr as if we were opposed; oddly, although I think Orin and I do have disagreements about what the law on encryption should be, I suspect Orin and I agree with each other on the points for which we're actually quoted.

Although the article does a great job of describing some recent cases and issues, the academic in me wishes that every time anyone writes about this stuff they'd have the space and time to provide what I see as some critical context for the debate as to when a person can be forced to hand over the key to a cryptosystem.

There are plenty of technical issues here (what happens if you really have forgotten your password? or if someone has put random gunk on your hard drive, making it look like there's crypto there?), but even more important fundamental ones. In particular, the current debate over the extent to which the 5th Amendment protects encrypted messages matters so much because our understanding of the 4th Amendment has changed. A hundred years ago, the Supreme Court thought it was obvious that asking a person to turn over his private papers was a constitutional violation. Even 30 years ago the Court thought that the 4th Amendment protected some zone of private papers such as a diary from demands that they be turned over. (Note that there can be an important difference between finding something in a search and demanding that the subject of the search find it for you.) Today, although the Supreme Court has never actually decided the diary issue, it's pretty clear that no other writing — and probably not the diary either — is protected from such demands.

It's the evisceration of the 4th that puts such pressure on the 5th. It may be that as a society we really don't want to allow any zone of privacy beyond what you can keep in your head. But as devices record more of our lives, and as we rely increasingly on what some of us only half-jokingly call our prosthetic memories, I think that it is increasingly unrealistic to exclude at least some bits from the intimate zone of privacy if we wish to remain true to the purposes of the 5th (and 4th) Amendments.

UK Prepares to Enforce Crypto Export Control Against Academics

Commonly, the UK is the place where US anti-crypto policies get a dry run.

So pay attention to Ross Anderson's UK Crypto Export Duplicity:

Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics - for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond - and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, “Look, dear boy, you can never get laws to fit the boundaries exactly - just trust us and keep proper records.” Officials said that they had no plans whatsoever to use export control laws against academics.

…

Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they'd realised that academics weren't using the export control procedures and asked our opinion about how we could help them `raise awareness' and `market' their services. I reminded them that they'd promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they'd previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face - even though I'd sat through the debate in the Lords, in the opposition experts' box.

Passphrases and the Fifth Amendment

Declan has the scoop, Judge: Man can't be forced to divulge encryption passphrase:

A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury's subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Full text of the decision in In Re Boucher, 2007 WL 4246473 (D. Vermont, Nov. 29, 2009).

Long ago I wrote a lot about encryption keys, and touched on this issue. You can read the articles at The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995) and especially It Came From Planet Clipper, 1996 U. Chi. L. Forum 15.

The heart of the argument is that things in your head are not like objects in your possession: the core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt. Giving up a passphrase to an encrypted message ties you to the encrypted information; if the info is, say, child porn, it creates a very strong inference that you knew what the data were and that you possessed them (there are exceptions, including email some else sent to you that is decryptable with you private key, but ignore those scenarios for now).

Other people, notably the redoubtable Orin Kerr, who argue that there is no Fifth Amendment issue here tend to focus on the analogy of possession of a physical key to a physical lock. The law is pretty clear that you can’t stop the cops from taking a physical key on the grounds that the stuff inside that safe will tend to incriminate you.

But the law is also clear that the Fifth Amendment protects you from having to make an oral or written disclosure which is “testimonial” – that, is, whose content might tend to tie you to crime. (Note that “content” means “informational content” – you can be forced to give a meaningless writing sample for handwriting comparison purposes.) This is why the cops are not able to force suspects to take them to the dead body.

It seems to me that the pure compelled disclosure case is not that hard, and that this Magistrate Judge got it right. Note, however, that this decision, emanating from the lowest-level official in the federal court system, is not precedential for other courts; and since it is pretty brief its persuasive power may not be all that great either.

Nor do I think that making a defendant decrypt something without divulging the key would in any way solve the problem, as it still ties the defendant to the content.

The hard case for me would be if the police provided limited “use immunity”: they would promise not to make the fact that your key decrypted the info any part of the prosecution. Thus, for example, the indictment would just say the information was on your hard drive, without mentioning that you had the only key to decrypt it. I think, given the current state of doctrine, that courts might well hold this to be consistent with the Fifth Amendment, making the underlying provision little more than a fairly cumbersome technicality. Doctrinally, that is not such a hard result to foresee, but it is not as simple to explain why this would apply to a coded message and not a dead body.

The flip side of the hard case is when the government provides use immunity and the suspect/defendant claims he doesn't know or has forgotten the passphrase. Then what?

In fact, I do have one ancient PGP key for which I seem to have forgotten the passphrase, so I know it can happen. But in most cases the police are likely to view this sort of memory malfunction as unduly convenient.

How to Use Google to Crack Passwords

Google as a password cracker. Amazing.

NSA Pushing Randomization Standard that has a 'Back Door'

Schneier on Security brings us The Strange Story of Dual_EC_DRBG. it seems that one of the new randomization standards being pushed by NIST originated in the NSA and is capable of being engineered to produce numbers that look random but are not.

Since random numbers are frequently used to seed cryptographic algorithms, this is a fairly big deal to the crypto community. The NSA isn't talking, but I'm guessing this was no accident.

Radar Profiles John Young

John Young posts the text of Radar Magazine's generally sympathetic profile under the (ironic? paranoid? both?) title of Radar Smears Cryptome.

Previous John Young/Cryptome-related posts:

• John Young, Man of Mystery
• John Young, Translated
• Cryptome: Often Heroic, but Sometimes Creepy
• Verio/NTT Sends Shutdown Notice to Cryptome — But Gives No Reason

What a Movement Looks Like

Wired has some great photos of the ways in which regular folks engaged in AACS civil disobedience: Photoshop Rebels Rip Great HD DVD Clampdown.

NYT Does AACS Code

Was the previous post too cryptic? The NYT explains everything at In Web Uproar, Antipiracy Code Spreads Wildly.

Verio/NTT Sends Shutdown Notice to Cryptome -- But Gives No Reason

John Young runs a very useful, important, but edgy (some would say over the edge) service at Cryptome.org, which I wrote about in Cryptome: Often Heroic, but Sometimes Creepy.

Over the years he's had some DMCA notices, and takedown requests passed on from foreign intelligence services, all of which his ISP Verio/NTT has dealt with in what seemed from his account to be a reasonable manner.

Now, all of a sudden and apparently without giving any reason, John Young reports that he's gotten a letter telling him that Cryptome is to be Shutdown by Verio/NTT.

This notice of termination is surprising for Verio has been consistently supportive of freedom of information against those who wish to suppress it. Since 1999 Cryptome has received a number of e-mailed notices from Verio's legal department in response to complaints from a variety of parties, ranging from British intelligence to alleged copyright holders to persons angry that their vices have been exposed (see below). In every case Verio has heretofore accepted Cryptome's explanation for publishing material, and in some cases removal of the material, and service has continued.

In this latest instance there was no notice received from Verio describing the violation of acceptable use to justify termination of service prior to receipt of the certified letter, thus no opportunity to understand or respond to the basis for termination.

It may be wondered if Verio was threatened by an undisclosable means, say by an National Security Letter or by a confidential legal document or by a novel attack not yet aired.

Every few months our Verio service rep, Warren Gleicher, Senior Account Manager, (wgleicher[at]verio.net) writes to see if service is satifactory.

Danna and Warren: Cryptome would appreciate your telling what has led to the termination for publication. Send the information anonymously if necessary to keep your jobs.

At least they gave him two weeks notice, but still — pretty low not even to give a reason.

Bruce Schneier Tribute Site

I know Bruce Schneier, but this Bruce Schneier Facts website is full of amazing facts about him that I never even suspected.

Adam Shostack Joins Microsoft

If hell hasn't frozen over, then at least the temperature must have dropped a little on the news that cyber-security guru Adam Shostack is Joining Microsoft.

Most of the people in the circles he and I overlap in tend to speak derisively of Microsoft, but the reasons Shostack gives for signing on make Microsoft look pretty good,

Over the last few years, I've watched Microsoft embrace security. I've watched them make very large investments in security, including hiring my friends and colleagues. And really, I've watched them produce results.

In making this decision, I've had conversations with many people and organizations. The one theme that stands out was the difference in the conversations I had with Microsoft versus other software producers. Some of things that Microsoft does and are looking to improve haven't even made it in rudimentary form anywhere else. I found myself having to shift gears and explain Microsoft's Security Development Lifecycle. I noticed no one else with a Blue Hat conference. No one else stopping feature development to hunt for bugs. I (re-)discovered how few organizations have even basic formal security processes in place, and how few of those have audit to make sure that their processes are followed.

I realized just how many smart people are thinking about these questions at Microsoft, and I'm glad to be joining them

Win for Sanity

The US Dept. of Commerce just killed, or at least referred to a committee, a set of dumb and restrictive proposals for changes to our rules on the export of technology and ideas. You can read about it at Secrecy News, "Deemed Exports": Commerce Department Retreats.

Not only did we have a proposed restatement of the current (not-enforced) rule that an "export" occurs when I teach a class here in Miami that has a foreign student in it, but also an attempt to stop giving full faith and credit to foreign naturalizations (which isn't unconstitutional but seems dubious under international law and treaty obligations) .

Commerce proposed that "access restrictions should be based on an individual's country of birth rather than on his current citizenship." This wasn't a proposal to discriminate among naturalized US citizens (which would be thoroughly unconstitutional) but rather to discriminate among, say, naturalized Canadians depending on where they came from. A record-keeping nightmare for US universities, and probably a foreign-relations nightmare too. Good riddance.

Geekster Rap

Now this is joy: a rap song about cryptography! And of course it is called Alice and Bob. It's by MC Plus+, and I found it via Bruce Shneier who's mentioned in the song. Lyrics here, and an article at Wired.

Off to Anguilla

I'm off today to Anguilla, a beautiful small island in the Carribean (near St. Maarten), where I'll be attending the annual Financial Cryptography '06 conference sponsored by the International Financial Cryptography Association. I attended the very first Financial Crypto conference ten years ago, and had a great time. Now I've been invited back for a tenth-year retrospective.

Yes, I hear you thinking, it's a tough life being a law professor. But consider: it takes seven hours just to get to Anguilla from Miami. And the forecast is for pretty solid rain all week.

Even if it rains, it will be wonderful to see some people I'd lost touch with as crypto moved off the front burner of my academic writing. I used to write a lot about the regulation of cryptography, including The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995), Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases, 15 U. Pitt. J. L. & Com. 395 (1996), It Came From Planet Clipper, 1996 U. Chi. L. Forum 15, and of course Digital Signatures Today in Financial Cryptography 287 (Rafael Hirschfeld ed., 1997) (Springer Lecture Notes in Computer Science vol. 1318), a write up of my talk at FC #1. Nowadays I write more about things that use crypto than about crypto itself.

Blogging may be quite light for the next few days. Meanwhile, to tide you over, here's an abstract of the talk I'll be giving, called "Are We All Cypherpunks Yet?":

Ten years ago we said "cypherpunks write code". Many, many lines of code later, cypherpunks often wear suits and answer to titles like Vice-President or CTO. The US has loosened its controls on crypto export, but we're still waiting for a large scale deployment of digital cash. Tim May's infopocalypse has yet to arrive, although his Four Horsemen, the "terrorists, child pornographers, money launderers, and drug dealers" have been joined by a powerful fifth entrant, the evil content pirate.

Ten years ago law enforcement was scrambling to catch up with new technology. Today they have their sights firmly on key physical, legal, and social chokepoints in the information infrastructure. And it remains true that from the point of view of intermediaries trying to acquire content, an encrypted message bearing value usually is indistinguishable from one carrying star warez, Star Wars™, or the plans for star wars, the weapon system. And strong end-to-end crypto still doesn't come with Windows™.

Today, even if the details remain a little murky, we now know (instead of just fearing) that the NSA isn't just spying outside the US -- it's spying on US citizens too. What is more, the current US administration asserts that its powers to eavesdrop exist independent not only of Congressional authorization, but Constitutionally superior to any Congressional effort to stop it.

Meanwhile the President of the Untied States asserts the authority to arrest anyone, anywhere (including domestically), to hold them for as long as he wishes, and -- if they are non-US citizens captured abroad -- to subject them to treatment most people would not hesitate to call torture. Here too, the administration sometimes suggests that its powers are plenary and subject to neither international law nor even Congressional diminution. Are we all cypherpunks yet? And is it too late to matter?

Is Round Two of the Crypto Wars Upon Us?

Last week I sent off a book review in which, among other things, I fretted about a possible second round to the Crypto Wars. (See my papers on the Clipper chip and its aftermath for info about round one.)

Although I believed what I wrote, I did worry, as I often do, that maybe I was being a little alarmist. Now this:

Symantec refuses to sell audit tool outside the US | The Register: Symantec has stopped selling a password auditing tool to customers outside the US and Canada, citing US Government export regulations.

The Reg says Symantic confirms this block is due to government regulations, but won't give details. So we don't know if they're being over-cautious ... or were leaned on.

Crypto Policy Reaches for the End of the Line

Security bosses seek to dissolve encryption bans: An international security consortium is set to lobby governments around the world to withdraw restrictions on encryption standards.

The Jericho Forum, whose membership includes many chief security officers from FTSE 100 companies, will push for the removal of encryption restrictions within the next three-to-five years.

The odd thing about this is that it comes at a time in which governments are making noises about wanting more wiretaps and more control (see e.g. the move to make VOIP and thus in effect every Internet communication easily tapped). And in the background are complaints about encryption.

On the other hand, one gets the impression that government cracking technology available to civilian law enforcement has taken some leaps forward lately, which can only make you wonder what the NSA is holding back.

Bruce Schneier Has A Blog

Bruce Scheneier, author of “Applied Cryptography” and other wonderful books, has a blog called Schneier on Security. I'm sure it will be very good.

US Sued for Blocking International Editing

Almost a year ago I blogged the US Treasury export control rules being used to prevent publishers from editing certain foreign manuscripts.

I'm happy to report that a group of publishers are (finally) suing to end curbs on editing. They deserve to win.

Disinfo? Breakthrough? How Should I Know

The NSA is hinting hard that it has cracked the fiber optic barrier and finds encryption 'no more than speed bump'. As usual, might be true (esp. the parts about tracking phones and tapping undersea fiber), but bring truckload of salt to the party.

The Iranian Code Enigma

Bruce Schneier is one of life's cool people and the author of Applied Cryptography, the book that introduced me to serious crypto. It took me almost a week to work through it, but I was hooked.

Bruce also does a newsletter on crypto and security more generally. The current issue of the Crypto-Gram has an intriguing item on the mystery of Chalabi and the Iraninan codes. Recall that the US is suppposed to have learned somehow that Chalabi told the Iranians we'd broken their code, possibly because the Iranians themselves mentioned this (disinfo??) in a communication they may have known the US could read:

So now the NSA's secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret, and the snitch is certainly guilty of treason. Maybe Chalabi never knew, and never told the Iranians. Maybe the Iranians figured it out some other way, and they are pretending that Chalabi told them in order to protect some other intelligence source of theirs.

…

If the Iranians knew that the U.S. knew, why didn't they pretend not to know and feed the U.S. false information? Or maybe they've been doing that for years, and the U.S. finally figured out that the Iranians knew. Maybe the U.S. knew that the Iranians knew, and are using the fact to discredit Chalabi.

The really weird twist to this story is that the U.S. has already been accused of doing that to Iran. In 1992, Iran arrested Hans Buehler, a Crypto AG employee, on suspicion that Crypto AG had installed back doors in the encryption machines it sold to Iran — at the request of the NSA. He proclaimed his innocence through repeated interrogations, and was finally released nine months later in 1993 when Crypto AG paid a million dollars for his freedom — then promptly fired him and billed him for the release money. At this point Buehler started asking inconvenient questions about the relationship between Crypto AG and the NSA.

So maybe Chalabi's information is from 1992, and the Iranians changed their encryption machines a decade ago.

Or maybe the NSA never broke the Iranian intelligence code, and this is all one huge bluff.

In this shadowy world of cat-and-mouse, it's hard to be sure of anything.

Cryptographers are often great people. Counter-intelligence people tend to be professional paranoids, and some are quite mad, because even they can't be sure…

The Bernstein Cryptography Case Is Dismissed

It ended not with a bang, but a whimper. Thanks to a strategy of strategic amelioration of rules whenever they looked about to be struck down, combined with judicious promises not to prosecute people who were otherwise covered by the letter of the law, the US government has dodged the whole hail of bullets that was the Bernstein cryptography case. The proceedings produced a great opinion — Bernstein v. U.S. Dept. of Justice, 176 F.3d 1132 (9th Cir. 1999), but it was withdrawn, Bernstein v. U.S. Dept. of Justice, 192 F.3d 1308 (9th Cir. 1999) pending an en banc hearing that never happened. Then it was remanded.

Now comes news that, the Bernstein Cryptography Case Is Dismissed.

Chicago, 15 October 2003 - The longest-running court case against the government's encryption regulations has come to an end, for now.

The regulations were challenged by Daniel J. Bernstein, a professor of mathematics, statistics, and computer science at the University of Illinois at Chicago. Bernstein filed his lawsuit in February 1995 and won four court decisions against the constitutionality of the government's previous regulations.

In an October 2002 court hearing on the current encryption regulations, Department of Justice attorney Tony Coppolino told the court that the government would not enforce several portions of the regulations.

“I can assure you that the regulatory authority does not want [researchers who are collaborating at conferences] sending us an e-mail every time they change something in an algorithm,'' Coppolino told the court. Coppolino also said that commmercial book publishers and assembly-language publishers did not need to obtain licenses.

As observers predicted after the hearing, Chief Judge Marilyn Hall Patel of the United States District Court for the Northern District of California relied on the government's promises and dismissed Bernstein's case without deciding the constitutionality of the current regulations.

“If and when there is a concrete threat of enforcement against Bernstein for a specific activity, Bernstein may return for judicial resolution of that dispute,'' Patel wrote, after citing Coppolino's “repeated assurances that Bernstein is not prohibited from engaging in his activities.''

“I hope the government sticks to its promises and leaves me alone,'' Bernstein said in a statement today acknowledging Patel's decision. “But if they change their mind and start harassing Internet-security researchers, I'll be back.''

As noted in this message to Dave Farber's list, the net result of dismissing the Bernstein case is that the leading case on cryptography rights is the 6th circuit decision in Junger v. Daley, 209 F.3d 481 (6th Cir. 2000) — a case brought by Peter D. Junger, a law professor. That case holds,

Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.

I've written a fair amount about the regulation of cryptography, but I'll confess that I was dubious about Junger's decision to press the case. The complaint felt too much like a put-up job. I thought one could teach a law course just fine without the source code. It didn't feel strong as compared to a complaint by a mathematician like Bernstein who clearly had an interest in teaching and publishing his thesis. I was wrong. Junger was right, and he's more than entitled to the slight note of vindication in his posting.