When you are selling a service you have to be nice to your customers or they will leave. Handing over all of your customer’s information to the government without a court order specifically naming that customer is not nice – people don’t like it.
]]>OpenPGP is indeed the one to use. I don’t trust any security software for which I do not have the source code, and if it is especially critical I will compile it myself from source rather than assume that someone else didn’t put back doors before doing so. Of course, I haven’t been doing anything that critical for years, so… (shrug).
]]>GNU Privacy Guard is the standard OpenPGP software that people should use. With Symantec you can’t assume it won’t crash your computer, whether or not it actually encrypts anything. That crew has bought and destroyed an amazing number of formerly useful programs. I really don’t understand how they stay in business.
The thing people don’t understand about encryption is that businesses need to stay competitive. Most of the clients I had that used it, would have shown the government anything that was asked for without blinking, because they were protecting themselves from competitors.
In one case I dealt with a number of very expensive data sets with licenses that cost thousands every year. They were copyrighted, so that enters into the problem. The data needed to be changed into the formats that my client needed for what they were doing, and in that process the data was really cleaned up. What I did significantly increase the value of data because I converted it from a very machine and program specific format into one of the standard formats that almost all data base programs can use. If someone intercepted that data during transmission they would have a real competitive advantage of significantly lower cost of production. There would also be copyright issues because the owner of the data set would know the source of the new copy.
Those data sets were always encrypted, even when they were sent on physical media. Real money was riding on them being unique products.
There are more commercial uses for encryption, than personal uses, but the government is stuck in “Terrorists!” mode.
]]>Anyway, I found a copy of his article on his website:
It’s as relevant now, maybe more so than ever! He was insightful. And he’s right. It all started with CALEA!
And for the record, Clinton wasn’t lilly white in abusing people’s rights, not by a long shot. 🙂
]]>…
You don’t have to distrust the government to want to use cryptography. Your business can be wiretapped by business rivals, organized crime, or foreign governments. Several foreign governments, for example, admit to using their signals intelligence against companies from other countries to give their own corporations a competitive edge. Ironically, the United States government’s restrictions on cryptography in the 1990’s have weakened U.S. corporate defenses against foreign intelligence and organized crime.The government knows what a pivotal role cryptography is destined to play in the power relationship with its people. In April 1993, the Clinton administration unveiled a bold new encryption policy initiative, which had been under development at the National Security Agency (NSA) since the start of the Bush administration. The centerpiece of this initiative was a government-built encryption device, called the Clipper chip, containing a new classified NSA encryption algorithm. The government tried to encourage private industry to design it into all their secure communication products, such as secure phones, secure faxes, and so on. AT&T put Clipper into its secure voice products. The catch: At the time of manufacture, each Clipper chip is loaded with its own unique key, and the government gets to keep a copy, placed in escrow. Not to worry, though–the government promises that they will use these keys to read your traffic only “when duly authorized by law.” Of course, to make Clipper completely effective, the next logical step would be to outlaw other forms of cryptography.
The government initially claimed that using Clipper would be voluntary, that no one would be forced to use it instead of other types of cryptography. But the public reaction against the Clipper chip was strong, stronger than the government anticipated. The computer industry monolithically proclaimed its opposition to using Clipper. FBI director Louis Freeh responded to a question in a press conference in 1994 by saying that if Clipper failed to gain public support, and FBI wiretaps were shut out by non-government-controlled cryptography, his office would have no choice but to seek legislative relief. Later, in the aftermath of the Oklahoma City tragedy, Mr. Freeh testified before the Senate Judiciary Committee that public availability of strong cryptography must be curtailed by the government (although no one had suggested that cryptography was used by the bombers).
The government has a track record that does not inspire confidence that they will never abuse our civil liberties. The FBI’s COINTELPRO program targeted groups that opposed government policies. They spied on the antiwar movement and the civil rights movement. They wiretapped the phone of Martin Luther King. Nixon had his enemies list. Then there was the Watergate mess. More recently, Congress has either attempted to or succeeded in passing laws curtailing our civil liberties on the Internet. Some elements of the Clinton White House collected confidential FBI files on Republican civil servants, conceivably for political exploitation. And some overzealous prosecutors have shown a willingness to go to the ends of the Earth in pursuit of exposing sexual indiscretions of political enemies. At no time in the past century has public distrust of the government been so broadly distributed across the political spectrum, as it is today.
Throughout the 1990s, I figured that if we want to resist this unsettling trend in the government to outlaw cryptography, one measure we can apply is to use cryptography as much as we can now while it’s still legal. When use of strong cryptography becomes popular, it’s harder for the government to criminalize it. Therefore, using PGP is good for preserving democracy. If privacy is outlawed, only outlaws will have privacy.
…
Obama is so afraid of being called weak on national security that he appoints Republicans to deflect the criticism, a tactic that doesn’t work, but he continues to do it. He never cleaned the Bush/Cheney moles out of the system, and doesn’t know anyone who could give him solid advice. He isn’t going to do anything without a resignation, and everyone knows it. He’ll fire Democrats on a rumor, but leaves Republicans in place even after solid evidence is produced to show they screwed up. He’s a wimp, and the spooks know it.
]]>Here’s an updated post by Pat Lang:
Why are Clapper and Alexander still in government?
Indeed. But, we know why (and he was being somewhat rhetorical, though it is a very fair question.).
]]>I have a feeling that NSA is going to shift to sniffers and impose them on people, which is something that Simple Circle implied when they shut down their e-mail service. If the company won’t keep logs, the CyberCon is probably ready to install the hardware to create their own, because they are that rabid.
Yes, CG does sound like the sort of place people need to be because they were already taking steps before this issue was on the front page. I do, however, understand how nervous users are, and how inclined they are to look for the possibility that someone may be hiding something from them.
Having logs might be handy occasionally, but not as nice as having customers, so there really isn’t a good economic reason to save much of the information at NSA is looking for if you aren’t in advertising. You could be selling the resources used to create and keep the logs instead of adding to your overhead costs.
Sooner or later someone is going to challenge these orders on economic grounds, i.e. compliance costs money and the government needs to pay the costs for what benefits them.
]]>The end of my 6 Mth VPN subscription is near, and I am considering whether to renew with TUVPN or move to CyberGhost. I’m leaning towards CG as they have a lot more servers in more countries, and seem quite adamant they they store no user identifying data what-so-ever (no IP tracking etc).
Someone started a thread on their forum about the NSA spying and what CG would do if the USA requests info. The reply was amusing. 😀
CG Forum: USA governmet request for members personal information and data
This thread is also quite adamant about their feelings on privacy:
We don’t keep any logs!
Nice to see someone caring. And it’s amusing to see the same question asked in so many different ways! No wonder the admin got so frustrated! Don’t blame him! 😀
]]>