0
DZBone

dz.com users tracked down and "detained"

By DZBone, in The Bonfire

Recommended Posts

DZBone    0

DZBone
Quote

Yeah!!! Cut and Paste!!! Cut and Paste!!! B|



Sorry about that. Try this:

Bush Administration to Propose System for Monitoring Internet
By JOHN MARKOFF and JOHN SCHWARTZ

The Bush administration is planning to propose requiring Internet service providers to help build a centralized system to enable broad monitoring of the Internet and, potentially, surveillance of its users.

The proposal is part of a final version of a report, "The National Strategy to Secure Cyberspace," set for release early next year, according to several people who have been briefed on the report. It is a component of the effort to increase national security after the Sept. 11 attacks.
Advertisement



The President's Critical Infrastructure Protection Board is preparing the report, and it is intended to create public and private cooperation to regulate and defend the national computer networks, not only from everyday hazards like viruses but also from terrorist attack. Ultimately the report is intended to provide an Internet strategy for the new Department of Homeland Security.

Such a proposal, which would be subject to Congressional and regulatory approval, would be a technical challenge because the Internet has thousands of independent service providers, from garage operations to giant corporations like American Online, AT&T, Microsoft and Worldcom.

The report does not detail specific operational requirements, locations for the centralized system or costs, people who were briefed on the document said.

While the proposal is meant to gauge the overall state of the worldwide network, some officials of Internet companies who have been briefed on the proposal say they worry that such a system could be used to cross the indistinct border between broad monitoring and wiretap.

Stewart Baker, a Washington lawyer who represents some of the nation's largest Internet providers, said, "Internet service providers are concerned about the privacy implications of this as well as liability," since providing access to live feeds of network activity could be interpreted as a wiretap or as the "pen register" and "trap and trace" systems used on phones without a judicial order.

Mr. Baker said the issue would need to be resolved before the proposal could move forward.

Tiffany Olson, the deputy chief of staff for the President's Critical Infrastructure Protection Board, said yesterday that the proposal, which includes a national network operations center, was still in flux. She said the proposed methods did not necessarily require gathering data that would allow monitoring at an individual user level.

But the need for a large-scale operations center is real, Ms. Olson said, because Internet service providers and security companies and other online companies only have a view of the part of the Internet that is under their control.

"We don't have anybody that is able to look at the entire picture," she said. "When something is happening, we don't know it's happening until it's too late."

The government report was first released in draft form in September, and described the monitoring center, but it suggested it would likely be controlled by industry. The current draft sets the stage for the government to have a leadership role.

The new proposal is labeled in the report as an "early-warning center" that the board says is required to offer early detection of Internet-based attacks as well as defense against viruses and worms.

But Internet service providers argue that its data-monitoring functions could be used to track the activities of individuals using the network.

An official with a major data services company who has been briefed on several aspects of the government's plans said it was hard to see how such capabilities could be provided to government without the potential for real-time monitoring, even of individuals.

"Part of monitoring the Internet and doing real-time analysis is to be able to track incidents while they are occurring," the official said.

The official compared the system to Carnivore, the Internet wiretap system used by the F.B.I., saying: "Am I analogizing this to Carnivore? Absolutely. But in fact, it's 10 times worse. Carnivore was working on much smaller feeds and could not scale. This is looking at the whole Internet."

One former federal Internet security official cautioned against drawing conclusions from the information that is available so far about the Securing Cyberspace report's conclusions.

Michael Vatis, the founding director of the National Critical Infrastructure Protection Center and now the director of the Institute for Security Technology Studies at Dartmouth, said it was common for proposals to be cast in the worst possible light before anything is actually known about the technology that will be used or the legal framework within which it will function.

"You get a firestorm created before anybody knows what, concretely, is being proposed," Mr. Vatis said.

A technology that is deployed without the proper legal controls "could be used to violate privacy," he said, and should be considered carefully.

But at the other end of the spectrum of reaction, Mr. Vatis warned, "You end up without technology that could be very useful to combat terrorism, information warfare or some other harmful act."


_________________________________________________
If you hadn't read this, would it have made a sound?

Share this post

Link to post
Share on other sites

Gawain    0

Gawain
Quote

This could work unless people figure out how to download free encryption software. :S



NSA knows how to bust open that code...:S
So I try and I scream and I beg and I sigh
Just to prove I'm alive, and it's alright
'Cause tonight there's a way I'll make light of my treacherous life
Make light!

Share this post

Link to post
Share on other sites

DZBone    0

DZBone
Quote

This could work unless people figure out how to download free encryption software. :S



As long as it stays legal. That domino is a few more down the row...


_________________________________________________
If you hadn't read this, would it have made a sound?

Share this post

Link to post
Share on other sites

freeflir29    0

freeflir29
Quote

NSA knows how to bust open that code...




Yeah I remember watching CNBC one day and getting pretty scared. It was Field Marshall Reno talking about a Bill to limit encryption software. Basically she said Americans could have any encryption software they wanted...as long as anything over 128 bit had a key provided to the govt and they limited export. Scary stuff...you encrypted email is safe from everyone but Uncle Sugar!!!

Share this post

Link to post
Share on other sites

riddler    0

riddler
Can always be done, but it takes a LOT of work. High-level encryption requires a shit-load of processing time to bust. And I don't subscribe to the theory that the govt has tons of advanced computers and programmers that do this sort of thing quickly. I used to work in defense, and rarely saw anything that was superior to commercially available technology. The NSA (more likely the FBI, since it's internal) would have to evaluate every email/post/etc and determine which ones are worth dedicating the resources to crack. If everyone uses encryption (and everyone should), then they will get swamped and won't bother wasting time to snoop on your average Joe.
Trapped on the surface of a sphere. XKCD

Share this post

Link to post
Share on other sites

AndyMan    7

AndyMan
Quote

NSA knows how to bust open that code...



No they can't. The NSA can not break a 128 bit key. The last attempt to break one using over 20,000 computers took over three years.

Now I know the NSA is well funded and all... but if they want to break a 128 bit key they would need a high school gymnasium full of servers running straight for 3 days on ONE message. They would only be able to justify doing that for highly targetted messages, not filter out the crap that people like us say to each other.

Remember that when we mean '128 bit', what this really means is that the key is 2^128 bits long. Not 128, but 2^128. Likewise, a 64 bit key isn't 64 bits, but 2^64. What does this mean? A 128 bit isn't twice as long as a 64 bit, rather, the length of the key has twice as many zero's on the end of it. Key complexity increases exponentially, not arithmatically.

Strong encryption is called strong for a reason.

The minute the NSA can easily crack a 128 bit key, all we have to do is start uysing 256 bit keys, and they'll be screwed for a good 5 years at least.

_Am
__

You put the fun in "funnel" - craichead.

Share this post

Link to post
Share on other sites

DZBone    0

DZBone
Quote

Can always be done, but it takes a LOT of work. High-level encryption requires a shit-load of processing time to bust. And I don't subscribe to the theory that the govt has tons of advanced computers and programmers that do this sort of thing quickly. I used to work in defense, and rarely saw anything that was superior to commercially available technology. The NSA (more likely the FBI, since it's internal) would have to evaluate every email/post/etc and determine which ones are worth dedicating the resources to crack. If everyone uses encryption (and everyone should), then they will get swamped and won't bother wasting time to snoop on your average Joe.



Unless they just assume that encryption is by definition suspicious activity, then there won't be the ramp-up of people using it. People on the forefront will be hassled and scrutinized, scaring the gen pop from adopting it.


_________________________________________________
If you hadn't read this, would it have made a sound?

Share this post

Link to post
Share on other sites

kallend    2,150

kallend
Quote

Quote

NSA knows how to bust open that code...



No they can't. The NSA can not break a 128 bit key. The last attempt to break one using over 20,000 computers took over three years.

Now I know the NSA is well funded and all... but if they want to break a 128 bit key they would need a high school gymnasium full of servers running straight for 3 days on ONE message. They would only be able to justify doing that for highly targetted messages, not filter out the crap that people like us say to each other.

Remember that when we mean '128 bit', what this really means is that the key is 2^128 bits long. Not 128, but 2^128. Likewise, a 64 bit key isn't 64 bits, but 2^64. What does this mean? A 128 bit isn't twice as long as a 64 bit, rather, the length of the key has twice as many zero's on the end of it. Key complexity increases exponentially, not arithmatically.

Strong encryption is called strong for a reason.

The minute the NSA can easily crack a 128 bit key, all we have to do is start uysing 256 bit keys, and they'll be screwed for a good 5 years at least.

_Am



No one can crack a one-time pad. Plenty of sources* that don't need to be transmitted, just agreed on in advance.

* Like every novel ever written.
...

The only sure way to survive a canopy collision is not to have one.

Share this post

Link to post
Share on other sites

DZBone    0

DZBone
Well, you are referring to undirected brute-force approaches. They would most likely use more established means, like guessing likely passphrases (or coercing/torturing them out of you).

56-bit DES has long been easily cracked by amateurs. I would think 128-bit wouldn't be beyond the capabilities of the NSA at this point, especially given the high-end hardware they have access to. Granted, it still probably takes on the order of weeks, but like you say, they will do it for targeted messages.

But, it's really only the fact that they have the power and can threaten to use it that matters. The rest is just an implementation issue.


_________________________________________________
If you hadn't read this, would it have made a sound?

Share this post

Link to post
Share on other sites

DZBone    0

DZBone
Quote

Remember that when we mean '128 bit', what this really means is that the key is 2^128 bits long.



No, the keys are 128 bits long, they have 2^128 permutations. A 2^128-bit key would be about 4*10^28 TeraBytes long...

A tad inconvenient, but highly effective. ;)

Anyone know what the total information content of the universe is (other than zero)?


_________________________________________________
If you hadn't read this, would it have made a sound?

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
0
Go To Topic Listing