Discourse.net

Does Using PGP Mark You as a Criminal?

Does encrypting your data with PGP tend to show that you are a member of a criminal organization? That’s what this article, Infoshop News - Repression in Austria over PGP keys, alleges is the view of the Austrian police.

I’d need to know a lot more to form a view of how accurate these claims (by “anonymous” no less) are. Might be nothing to it.

I mention it because it’s an interesting issue, and one that’s sure to come up again elsewhere, in similar guises.

I can see how if parties are communicating by encrypted email (or otherwise) with someone known or suspected to be a member of a gang, then by ordinary principles of traffic analysis, police might decide they were worth knowing more about. The use of encryption on stored data, however, does not by itself suggest people are anything other than prudent.

The "Security Mindset" and "Thinking Like a Lawyer"

One of my favorite security gurus, Bruce Schneier, has an entertaining and yet infuriating article on The Security Mindset in which he tries to explain how security professionals think differently from other engineers.

SmartWater is a liquid with a unique identifier linked to a particular owner. “The idea is for me to paint this stuff on my valuables as proof of ownership,” I wrote when I first learned about the idea. “I think a better idea would be for me to paint it on your valuables, and then call the police.”

Really, we can’t help it.

This kind of thinking is not natural for most people. It’s not natural for engineers. Good engineering involves thinking about how things can be made to work.

It’s fun and you should read the whole thing.

But it’s also a bit frustrating — because Bruce restricts his discussion to how engineers think. To me, what he is describing is a big part of “thinking like a lawyer”. And when Bruce asks whether this sort of demented worldview, one in which you shake things to see how they break, can be taught, I think, “Hell, yes: I’ve been doing it for years.”

Most lawyers don’t have the math to be a cryptographer or the technical chops to do security analysis of a complex program. But good lawyers — whether transactional or litigation oriented — do have a “security mindset”: A big part of learning to ‘think like a lawyer’ is learning again and again how things broke. That equips you to try to build things that won’t break (or at least won’t break in old ways); it also trains you how to break them.

Microsoft Acquires Credentica's U-prove

Big news to the folks who care about such things: Microsoft acquires Credentica’s U-prove technology.

Bravo to Stefan.

Map of International Crypto Law

Map of international crypto law (plus some information security law) built using google maps.

Mozy Understands How to Write Warnings

Online backup provider Mozy.com offers 2GB of free storage to the home user.

You can use their encryption key — which means it’s recoverable: they have a backdoor if you loose lose it, or if someone else turns up with a subpoena — or you can grow your own.

I chose the latter. Which produced this great warning pop-up:

I understand that if I ever lose this key, that neither I nor MozyHome will be able to decrypt my data and I will be hosed.

I clicked “yes”.

(Only later did I find out that Mozy will only backup files resident on a fixed disk. I wanted to back up my USB drive. Oh well. At least I got a laugh.)

NYT Does Encryption and the 5th Amendment

Adam Liptak, who has been on a roll lately, has another great “Sidebar” in today’s NYT entitled, If Your Hard Drive Could Testify …. The article quotes me and Orin Kerr as if we were opposed; oddly, although I think Orin and I do have disagreements about what the law on encryption should be, I suspect Orin and I agree with each other on the points for which we’re actually quoted.

Although the article does a great job of describing some recent cases and issues, the academic in me wishes that every time anyone writes about this stuff they’d have the space and time to provide what I see as some critical context for the debate as to when a person can be forced to hand over the key to a cryptosystem.

There are plenty of technical issues here (what happens if you really have forgotten your password? or if someone has put random gunk on your hard drive, making it look like there’s crypto there?), but even more important fundamental ones. In particular, the current debate over the extent to which the 5th Amendment protects encrypted messages matters so much because our understanding of the 4th Amendment has changed. A hundred years ago, the Supreme Court thought it was obvious that asking a person to turn over his private papers was a constitutional violation. Even 30 years ago the Court thought that the 4th Amendment protected some zone of private papers such as a diary from demands that they be turned over. (Note that there can be an important difference between finding something in a search and demanding that the subject of the search find it for you.) Today, although the Supreme Court has never actually decided the diary issue, it’s pretty clear that no other writing — and probably not the diary either — is protected from such demands.

It’s the evisceration of the 4th that puts such pressure on the 5th. It may be that as a society we really don’t want to allow any zone of privacy beyond what you can keep in your head. But as devices record more of our lives, and as we rely increasingly on what some of us only half-jokingly call our prosthetic memories, I think that it is increasingly unrealistic to exclude at least some bits from the intimate zone of privacy if we wish to remain true to the purposes of the 5th (and 4th) Amendments.

UK Prepares to Enforce Crypto Export Control Against Academics

Commonly, the UK is the place where US anti-crypto policies get a dry run.

So pay attention to Ross Anderson’s UK Crypto Export Duplicity:

Officials promptly did an end-run around this by making regulations to pass into UK law an EU regulation controlling the export of dual-use intangibles (reg 1334/2000), thus in effect defeating the will of parliament with a classic piece of policy laundering. We argued repeatedly at the time that the introduction of such regulations would criminalise many academics - for example if I put a remark on our security mailing list about cryptanalysis and it goes to George at Microsoft via Redmond - and also criminalise many software developers, who use algorithms such as AES much like duct tape. A government peer told me, “Look, dear boy, you can never get laws to fit the boundaries exactly - just trust us and keep proper records.” Officials said that they had no plans whatsoever to use export control laws against academics.

…

Earlier this year I was invited to a meeting at DTI along with folks from the Royal Society and UUK. The officials gleefully announced that they’d realised that academics weren’t using the export control procedures and asked our opinion about how we could help them `raise awareness’ and `market’ their services. I reminded them that they’d promised not to. They denied this to my face. They also claimed that it had always been illegal to export intangibles and that the Act had made no difference. I reminded them that until the Export Control Act was passed they had no sanctions available against someone who exported crypto electronically, as the Export of Goods (Control) Order on which they’d previously relied applied only to physical goods. In fact the whole Act was justified to parliament by this arguement. They denied this to my face - even though I’d sat through the debate in the Lords, in the opposition experts’ box.

Passphrases and the Fifth Amendment

Declan has the scoop, Judge: Man can’t be forced to divulge encryption passphrase:

A federal judge in Vermont has ruled that prosecutors can’t force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase.

U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination.

Niedermeier tossed out a grand jury’s subpoena that directed Sebastien Boucher to provide “any passwords” used with his Alienware laptop. “Compelling Boucher to enter the password forces him to produce evidence that could be used to incriminate him,” the judge wrote in an order dated November 29 that went unnoticed until this week. “Producing the password, as if it were a key to a locked container, forces Boucher to produce the contents of his laptop.”

Full text of the decision in In Re Boucher, 2007 WL 4246473 (D. Vermont, Nov. 29, 2009).

Long ago I wrote a lot about encryption keys, and touched on this issue. You can read the articles at The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995) and especially It Came From Planet Clipper, 1996 U. Chi. L. Forum 15.

The heart of the argument is that things in your head are not like objects in your possession: the core value of the Fifth Amendment is that you can’t be made to speak in ways that indicate your guilt. Giving up a passphrase to an encrypted message ties you to the encrypted information; if the info is, say, child porn, it creates a very strong inference that you knew what the data were and that you possessed them (there are exceptions, including email some else sent to you that is decryptable with you private key, but ignore those scenarios for now).

Other people, notably the redoubtable Orin Kerr, who argue that there is no Fifth Amendment issue here tend to focus on the analogy of possession of a physical key to a physical lock. The law is pretty clear that you can’t stop the cops from taking a physical key on the grounds that the stuff inside that safe will tend to incriminate you.

But the law is also clear that the Fifth Amendment protects you from having to make an oral or written disclosure which is “testimonial” – that, is, whose content might tend to tie you to crime. (Note that “content” means “informational content” – you can be forced to give a meaningless writing sample for handwriting comparison purposes.) This is why the cops are not able to force suspects to take them to the dead body.

It seems to me that the pure compelled disclosure case is not that hard, and that this Magistrate Judge got it right. Note, however, that this decision, emanating from the lowest-level official in the federal court system, is not precedential for other courts; and since it is pretty brief its persuasive power may not be all that great either.

Nor do I think that making a defendant decrypt something without divulging the key would in any way solve the problem, as it still ties the defendant to the content.

The hard case for me would be if the police provided limited “use immunity”: they would promise not to make the fact that your key decrypted the info any part of the prosecution. Thus, for example, the indictment would just say the information was on your hard drive, without mentioning that you had the only key to decrypt it. I think, given the current state of doctrine, that courts might well hold this to be consistent with the Fifth Amendment, making the underlying provision little more than a fairly cumbersome technicality. Doctrinally, that is not such a hard result to foresee, but it is not as simple to explain why this would apply to a coded message and not a dead body.

The flip side of the hard case is when the government provides use immunity and the suspect/defendant claims he doesn’t know or has forgotten the passphrase. Then what?

In fact, I do have one ancient PGP key for which I seem to have forgotten the passphrase, so I know it can happen. But in most cases the police are likely to view this sort of memory malfunction as unduly convenient.

How to Use Google to Crack Passwords

Google as a password cracker. Amazing.

NSA Pushing Randomization Standard that has a 'Back Door'

Schneier on Security brings us The Strange Story of Dual_EC_DRBG. it seems that one of the new randomization standards being pushed by NIST originated in the NSA and is capable of being engineered to produce numbers that look random but are not.

Since random numbers are frequently used to seed cryptographic algorithms, this is a fairly big deal to the crypto community. The NSA isn’t talking, but I’m guessing this was no accident.

Radar Profiles John Young

John Young posts the text of Radar Magazine’s generally sympathetic profile under the (ironic? paranoid? both?) title of Radar Smears Cryptome.

Previous John Young/Cryptome-related posts:

• John Young, Man of Mystery
• John Young, Translated
• Cryptome: Often Heroic, but Sometimes Creepy
• Verio/NTT Sends Shutdown Notice to Cryptome — But Gives No Reason

What a Movement Looks Like

Wired has some great photos of the ways in which regular folks engaged in AACS civil disobedience: Photoshop Rebels Rip Great HD DVD Clampdown.

NYT Does AACS Code

Was the previous post too cryptic? The NYT explains everything at In Web Uproar, Antipiracy Code Spreads Wildly.

Verio/NTT Sends Shutdown Notice to Cryptome -- But Gives No Reason

John Young runs a very useful, important, but edgy (some would say over the edge) service at Cryptome.org, which I wrote about in Cryptome: Often Heroic, but Sometimes Creepy.

Over the years he’s had some DMCA notices, and takedown requests passed on from foreign intelligence services, all of which his ISP Verio/NTT has dealt with in what seemed from his account to be a reasonable manner.

Now, all of a sudden and apparently without giving any reason, John Young reports that he’s gotten a letter telling him that Cryptome is to be Shutdown by Verio/NTT.

This notice of termination is surprising for Verio has been consistently supportive of freedom of information against those who wish to suppress it. Since 1999 Cryptome has received a number of e-mailed notices from Verio’s legal department in response to complaints from a variety of parties, ranging from British intelligence to alleged copyright holders to persons angry that their vices have been exposed (see below). In every case Verio has heretofore accepted Cryptome’s explanation for publishing material, and in some cases removal of the material, and service has continued.

In this latest instance there was no notice received from Verio describing the violation of acceptable use to justify termination of service prior to receipt of the certified letter, thus no opportunity to understand or respond to the basis for termination.

It may be wondered if Verio was threatened by an undisclosable means, say by an National Security Letter or by a confidential legal document or by a novel attack not yet aired.

Every few months our Verio service rep, Warren Gleicher, Senior Account Manager, (wgleicher[at]verio.net) writes to see if service is satifactory.

Danna and Warren: Cryptome would appreciate your telling what has led to the termination for publication. Send the information anonymously if necessary to keep your jobs.

At least they gave him two weeks notice, but still — pretty low not even to give a reason.

Bruce Schneier Tribute Site

I know Bruce Schneier, but this Bruce Schneier Facts website is full of amazing facts about him that I never even suspected.

Adam Shostack Joins Microsoft

If hell hasn't frozen over, then at least the temperature must have dropped a little on the news that cyber-security guru Adam Shostack is Joining Microsoft.

Most of the people in the circles he and I overlap in tend to speak derisively of Microsoft, but the reasons Shostack gives for signing on make Microsoft look pretty good,

Over the last few years, I've watched Microsoft embrace security. I've watched them make very large investments in security, including hiring my friends and colleagues. And really, I've watched them produce results.

In making this decision, I've had conversations with many people and organizations. The one theme that stands out was the difference in the conversations I had with Microsoft versus other software producers. Some of things that Microsoft does and are looking to improve haven't even made it in rudimentary form anywhere else. I found myself having to shift gears and explain Microsoft's Security Development Lifecycle. I noticed no one else with a Blue Hat conference. No one else stopping feature development to hunt for bugs. I (re-)discovered how few organizations have even basic formal security processes in place, and how few of those have audit to make sure that their processes are followed.

I realized just how many smart people are thinking about these questions at Microsoft, and I'm glad to be joining them

Win for Sanity

The US Dept. of Commerce just killed, or at least referred to a committee, a set of dumb and restrictive proposals for changes to our rules on the export of technology and ideas. You can read about it at Secrecy News, "Deemed Exports": Commerce Department Retreats.

Not only did we have a proposed restatement of the current (not-enforced) rule that an "export" occurs when I teach a class here in Miami that has a foreign student in it, but also an attempt to stop giving full faith and credit to foreign naturalizations (which isn't unconstitutional but seems dubious under international law and treaty obligations) .

Commerce proposed that "access restrictions should be based on an individual's country of birth rather than on his current citizenship." This wasn't a proposal to discriminate among naturalized US citizens (which would be thoroughly unconstitutional) but rather to discriminate among, say, naturalized Canadians depending on where they came from. A record-keeping nightmare for US universities, and probably a foreign-relations nightmare too. Good riddance.

Geekster Rap

Now this is joy: a rap song about cryptography! And of course it is called Alice and Bob. It's by MC Plus+, and I found it via Bruce Shneier who's mentioned in the song. Lyrics here, and an article at Wired.

Off to Anguilla

I'm off today to Anguilla, a beautiful small island in the Carribean (near St. Maarten), where I'll be attending the annual Financial Cryptography '06 conference sponsored by the International Financial Cryptography Association. I attended the very first Financial Crypto conference ten years ago, and had a great time. Now I've been invited back for a tenth-year retrospective.

Yes, I hear you thinking, it's a tough life being a law professor. But consider: it takes seven hours just to get to Anguilla from Miami. And the forecast is for pretty solid rain all week.

Even if it rains, it will be wonderful to see some people I'd lost touch with as crypto moved off the front burner of my academic writing. I used to write a lot about the regulation of cryptography, including The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995), Flood Control on the Information Ocean: Living With Anonymity, Digital Cash, and Distributed Databases, 15 U. Pitt. J. L. & Com. 395 (1996), It Came From Planet Clipper, 1996 U. Chi. L. Forum 15, and of course Digital Signatures Today in Financial Cryptography 287 (Rafael Hirschfeld ed., 1997) (Springer Lecture Notes in Computer Science vol. 1318), a write up of my talk at FC #1. Nowadays I write more about things that use crypto than about crypto itself.

Blogging may be quite light for the next few days. Meanwhile, to tide you over, here's an abstract of the talk I'll be giving, called "Are We All Cypherpunks Yet?":

Ten years ago we said "cypherpunks write code". Many, many lines of code later, cypherpunks often wear suits and answer to titles like Vice-President or CTO. The US has loosened its controls on crypto export, but we're still waiting for a large scale deployment of digital cash. Tim May's infopocalypse has yet to arrive, although his Four Horsemen, the "terrorists, child pornographers, money launderers, and drug dealers" have been joined by a powerful fifth entrant, the evil content pirate.

Ten years ago law enforcement was scrambling to catch up with new technology. Today they have their sights firmly on key physical, legal, and social chokepoints in the information infrastructure. And it remains true that from the point of view of intermediaries trying to acquire content, an encrypted message bearing value usually is indistinguishable from one carrying star warez, Star Wars™, or the plans for star wars, the weapon system. And strong end-to-end crypto still doesn't come with Windows™.

Today, even if the details remain a little murky, we now know (instead of just fearing) that the NSA isn't just spying outside the US -- it's spying on US citizens too. What is more, the current US administration asserts that its powers to eavesdrop exist independent not only of Congressional authorization, but Constitutionally superior to any Congressional effort to stop it.

Meanwhile the President of the Untied States asserts the authority to arrest anyone, anywhere (including domestically), to hold them for as long as he wishes, and -- if they are non-US citizens captured abroad -- to subject them to treatment most people would not hesitate to call torture. Here too, the administration sometimes suggests that its powers are plenary and subject to neither international law nor even Congressional diminution. Are we all cypherpunks yet? And is it too late to matter?

Is Round Two of the Crypto Wars Upon Us?

Last week I sent off a book review in which, among other things, I fretted about a possible second round to the Crypto Wars. (See my papers on the Clipper chip and its aftermath for info about round one.)

Although I believed what I wrote, I did worry, as I often do, that maybe I was being a little alarmist. Now this:

Symantec refuses to sell audit tool outside the US | The Register: Symantec has stopped selling a password auditing tool to customers outside the US and Canada, citing US Government export regulations.

The Reg says Symantic confirms this block is due to government regulations, but won't give details. So we don't know if they're being over-cautious ... or were leaned on.

Crypto Policy Reaches for the End of the Line

Security bosses seek to dissolve encryption bans: An international security consortium is set to lobby governments around the world to withdraw restrictions on encryption standards.

The Jericho Forum, whose membership includes many chief security officers from FTSE 100 companies, will push for the removal of encryption restrictions within the next three-to-five years.

The odd thing about this is that it comes at a time in which governments are making noises about wanting more wiretaps and more control (see e.g. the move to make VOIP and thus in effect every Internet communication easily tapped). And in the background are complaints about encryption.

On the other hand, one gets the impression that government cracking technology available to civilian law enforcement has taken some leaps forward lately, which can only make you wonder what the NSA is holding back.

Bruce Schneier Has A Blog

Bruce Scheneier, author of “Applied Cryptography” and other wonderful books, has a blog called Schneier on Security. I’m sure it will be very good.

US Sued for Blocking International Editing

Almost a year ago I blogged the US Treasury export control rules being used to prevent publishers from editing certain foreign manuscripts.

I’m happy to report that a group of publishers are (finally) suing to end curbs on editing. They deserve to win.

Disinfo? Breakthrough? How Should I Know

The NSA is hinting hard that it has cracked the fiber optic barrier and finds encryption ‘no more than speed bump’. As usual, might be true (esp. the parts about tracking phones and tapping undersea fiber), but bring truckload of salt to the party.

The Iranian Code Enigma

Bruce Schneier is one of life’s cool people and the author of Applied Cryptography, the book that introduced me to serious crypto. It took me almost a week to work through it, but I was hooked.

Bruce also does a newsletter on crypto and security more generally. The current issue of the Crypto-Gram has an intriguing item on the mystery of Chalabi and the Iraninan codes. Recall that the US is suppposed to have learned somehow that Chalabi told the Iranians we’d broken their code, possibly because the Iranians themselves mentioned this (disinfo??) in a communication they may have known the US could read:

So now the NSA’s secret is out. The Iranians have undoubtedly changed their encryption machines, and the NSA has lost its source of Iranian secrets. But little else is known. Who told Chalabi? Only a few people would know this important U.S. secret, and the snitch is certainly guilty of treason. Maybe Chalabi never knew, and never told the Iranians. Maybe the Iranians figured it out some other way, and they are pretending that Chalabi told them in order to protect some other intelligence source of theirs.

…

If the Iranians knew that the U.S. knew, why didn’t they pretend not to know and feed the U.S. false information? Or maybe they’ve been doing that for years, and the U.S. finally figured out that the Iranians knew. Maybe the U.S. knew that the Iranians knew, and are using the fact to discredit Chalabi.

The really weird twist to this story is that the U.S. has already been accused of doing that to Iran. In 1992, Iran arrested Hans Buehler, a Crypto AG employee, on suspicion that Crypto AG had installed back doors in the encryption machines it sold to Iran — at the request of the NSA. He proclaimed his innocence through repeated interrogations, and was finally released nine months later in 1993 when Crypto AG paid a million dollars for his freedom — then promptly fired him and billed him for the release money. At this point Buehler started asking inconvenient questions about the relationship between Crypto AG and the NSA.

So maybe Chalabi’s information is from 1992, and the Iranians changed their encryption machines a decade ago.

Or maybe the NSA never broke the Iranian intelligence code, and this is all one huge bluff.

In this shadowy world of cat-and-mouse, it’s hard to be sure of anything.

Cryptographers are often great people. Counter-intelligence people tend to be professional paranoids, and some are quite mad, because even they can’t be sure…

The Bernstein Cryptography Case Is Dismissed

It ended not with a bang, but a whimper. Thanks to a strategy of strategic amelioration of rules whenever they looked about to be struck down, combined with judicious promises not to prosecute people who were otherwise covered by the letter of the law, the US government has dodged the whole hail of bullets that was the Bernstein cryptography case. The proceedings produced a great opinion — Bernstein v. U.S. Dept. of Justice, 176 F.3d 1132 (9th Cir. 1999), but it was withdrawn, Bernstein v. U.S. Dept. of Justice, 192 F.3d 1308 (9th Cir. 1999) pending an en banc hearing that never happened. Then it was remanded.

Now comes news that, the Bernstein Cryptography Case Is Dismissed.

Chicago, 15 October 2003 - The longest-running court case against the government’s encryption regulations has come to an end, for now.

The regulations were challenged by Daniel J. Bernstein, a professor of mathematics, statistics, and computer science at the University of Illinois at Chicago. Bernstein filed his lawsuit in February 1995 and won four court decisions against the constitutionality of the government’s previous regulations.

In an October 2002 court hearing on the current encryption regulations, Department of Justice attorney Tony Coppolino told the court that the government would not enforce several portions of the regulations.

“I can assure you that the regulatory authority does not want [researchers who are collaborating at conferences] sending us an e-mail every time they change something in an algorithm,” Coppolino told the court. Coppolino also said that commmercial book publishers and assembly-language publishers did not need to obtain licenses.

As observers predicted after the hearing, Chief Judge Marilyn Hall Patel of the United States District Court for the Northern District of California relied on the government’s promises and dismissed Bernstein’s case without deciding the constitutionality of the current regulations.

“If and when there is a concrete threat of enforcement against Bernstein for a specific activity, Bernstein may return for judicial resolution of that dispute,” Patel wrote, after citing Coppolino’s “repeated assurances that Bernstein is not prohibited from engaging in his activities.”

“I hope the government sticks to its promises and leaves me alone,” Bernstein said in a statement today acknowledging Patel’s decision. “But if they change their mind and start harassing Internet-security researchers, I’ll be back.”

As noted in this message to Dave Farber’s list, the net result of dismissing the Bernstein case is that the leading case on cryptography rights is the 6th circuit decision in Junger v. Daley, 209 F.3d 481 (6th Cir. 2000) — a case brought by Peter D. Junger, a law professor. That case holds,

Because computer source code is an expressive means for the exchange of information and ideas about computer programming, we hold that it is protected by the First Amendment.

I’ve written a fair amount about the regulation of cryptography, but I’ll confess that I was dubious about Junger’s decision to press the case. The complaint felt too much like a put-up job. I thought one could teach a law course just fine without the source code. It didn’t feel strong as compared to a complaint by a mathematician like Bernstein who clearly had an interest in teaching and publishing his thesis. I was wrong. Junger was right, and he’s more than entitled to the slight note of vindication in his posting.