Re: “Boycott ‘Big Brother Inside’ software”

1996-03-29

Sender: Martin Janzen <•••@••.•••>

•••@••.••• writes:
>tim may, what did you mean by this? : "Boycott "Big Brother Inside" software!

Since I believe that Tim May's article was forwarded, and that he does
not subscribe to CyberRights, I'll give it a shot.

By "Big Brother Inside" software, Tim is referring to software products
which make it easier for the government to intercept or decrypt your
private communications.  Examples include key escrow products such as
the U.S. government's failed Clipper chip, the idea behind which was
that the government would make strong encryption widely available --
but they would keep a copy of everyone's key!  Imagine having to give the
police a spare copy of all of your house keys and car keys, to make
their life easier in the event that they decide they want to investigate
you for some reason.

Or Lotus Notes, which is (at least, was) delivered with reasonably
strong 64-bit-key encryption within North America -- but because of
silly U.S. regulations regarding export of crypto software, in the
international version 24 of those bits are constant and were provided to
the U.S. government!  This makes it effectively equivalent to 40-bit-key
encryption, which has been shown to be relatively easy to break.
(This is not entirely the fault of Lotus; it's related to silly
U.S. export regulations, but that's another story altogether...)


>We got computers, we're tapping phone lines, we know that that ain't
>allowed."

This is a line from an old Talking Heads song, "Life During Wartime".
In this song, the singer claims to belong to some unspecified guerilla
or terrorist group, and describes its members' activities and lifestyle.
(The music itself is upbeat and danceable, perhaps for contrast with the
lyrics.) You could probably find the song lyrics using one of the Web
search engines.

Tim, however, is using the line ironically.  He's referring to the fact
that the U.S. government has shown an interest in dramatically
increasing the scope and capabilities of its surveillance apparatus.
Examples include the Digital Telephony Act, which requires telcos and
equipment vendors to make calls processed by digital switching equipment
accessible to the FBI.  Also, the attempt by the ironically named FBI
director, Louis Freeh, to greatly expand that organization's wiretap
capacity (to some 1%, .5%, or .25% of _all_ possible calls, depending on
the area!).  In the song, the terrorists are the criminals; in real
life, Tim is saying that the government has become the greater threat.

Hope that helps...

--
Martin Janzen           •••@••.•••

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Sender: •••@••.•••
Subject: Re: Phil Zimmermann: Why do you need PGP? 

Subj:   Phil Zimmermann: Why do you need PGP? 
Date:   96-03-29 00:49:41 EST
From:   •••@••.••• (Matthew Gaylor)
To:     •••@••.•••

Why do you need PGP? by Phil Zimmermann


It's personal. It's private. And it's no one's business but yours. You may
be planning a political campaign, discussing your taxes, or having an
illicit affair. Or you may be doing something that you feel shouldn't be
illegal, but is. Whatever it is, you don't want your private electronic
mail (E-mail) or confidential documents read by anyone else. There's
nothing wrong with asserting your privacy. Privacy is as apple-pie as the
Constitution.

Perhaps you think your E-mail is legitimate enough that encryption is
unwarranted. If you really are a law-abiding citizen with nothing to hide,
then why don't you always send your paper mail on postcards? Why not submit
to drug testing on demand? Why require a warrant for police searches of
your house? Are you trying to hide something? You must be a subversive or a
drug dealer if you hide your mail inside envelopes. Or maybe a paranoid
nut. Do law-abiding citizens have any need toencrypt their E-mail?

What if everyone believed that law-abiding citizens should use postcards
for their mail? If some brave soul tried to assert his privacy by using an
envelope for his mail, it would draw suspicion. Perhaps the authorities
would open his mail to see what he's hiding. Fortunately, we don't live in
that kind of world, because everyone protects most of their mail with
envelopes. So no one drawssuspicion by asserting their privacy with an
envelope. There's safety in numbers. Analogously, it would be nice if
everyone routinely used encryption for all their E-mail, innocent or not,
so that no one drew suspicion by asserting their E-mail privacy with
encryption. Think of it as a form of solidarity.

Today, if the Government wants to violate the privacy of ordinary citizens,
it has to expend a certain amount of expense and labor to intercept and
steam open and read paper mail, and listen to and possibly transcribe
spoken telephone conversation. This kind of labor-intensive monitoring is
not practical on a large scale. This is only done in important cases when
it seems worthwhile.

More and more of our private communications are being routed through
electronic channels.
Electronic mail is gradually replacing conventional paper mail. E-mail
messages are just too easy to intercept and scan for interesting keywords.
This can be done easily, routinely, automatically, and undetectably on a
grand scale. International cablegrams are already scanned this way on a
large scale by the NSA.

We are moving toward a future when the nation will be crisscrossed with
high capacity fiber optic data networks linking together all our
increasingly ubiquitous personal computers. E-mail will be the norm for
everyone, not the novelty it is today. The Government will protect our
E-mail with Government-designed encryption protocols. Probably most people
will acquiesce to that. But perhaps some people will prefer their own
protective measures.

Senate Bill 266, a 1991 omnibus anti-crime bill, had an unsettling measure
buried in it. If this non-binding resolution had become real law, it would
have forced manufacturers of secure
communications equipment to insert special trap doors in their products, so
that the Government can read anyone's encrypted messages. It reads:

"It is the sense of Congress that providers of electronic communications
services and
manufacturers of electronic communications service equipment shall insure
the communications
systems permit the Government to obtain the plain text contents of voice,
data, and other
communications when appropriately authorized by law."

This measure was defeated after rigorous protest from civil libertarians
and industry groups.

In 1992, the FBI Digital Telephony wiretap proposal was introduced to
Congress. It would require all manufacturers of communications equipment to
build in special remote wiretap ports that would enable the FBI to remotely
wiretap all forms of electronic communication from FBI offices. Although it
never attracted any sponsors in Congress in 1992 because of citizen
opposition, it was reintroduced in 1994.

Most alarming of all is the White House's bold new encryption policy
initiative, under development at NSA since the start of the Bush
administration, and unveiled April 16th, 1993. The centerpiece of this
initiative is a Government-built encryption device, called the Clipper
chip, containing a new classified NSA encryption algorithm. The Government
is encouraging private industry to design it into all their secure
communication products, like secure phones, secure FAX, etc. AT&T is now
putting the Clipper into their secure voice products. The catch: At the
time of manufacture, each Clipper chip will be loaded with its own unique
key, and the Government gets to keep a copy, placed in escrow. Not to
worry, though -- the Government promises that they will use these keys to
read your traffic only when duly authorized by law. Of course, to make
Clipper completely effective, the next logical step would be to outlaw
other forms of cryptography.

If privacy is outlawed, only outlaws will have privacy. Intelligence
agencies have access to good cryptographic technology. So do the big arms
and drug traffickers. So do defense contractors, oil companies, and other
corporate giants. But ordinary people and grassroots political
organizations mostly have not had access to affordable military grade
public-key cryptographic technology. Until now.

PGP empowers people to take their privacy into their own hands. There's a
growing social need for it. That's why I wrote it.

 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~
 Posted by Andrew Oram  - •••@••.••• - Moderator: CYBER-RIGHTS (CPSR)
   Cyber-Rights:  http://www.cpsr.org/cpsr/nii/cyber-rights/
                  ftp://www.cpsr.org/cpsr/nii/cyber-rights/Library/
   CyberJournal:  (WWW or FTP) --> ftp://ftp.iol.ie/users/rkmoore
 Materials may be reposted in their _entirety_ for non-commercial use.
 ~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~-~=-=-=-=-=-=-=-=~=-=-=-=-=-=-=-=-=~