[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

BlackNet Investigations Needs More Detail (fwd)




On the Extropians list Tim May has reminded us in his trademark
dramatic style about the ability of various unknown malevolent
agents to accumulate dossiers based on posts to mailing lists,
Usenet news, and contents of "privte" directories on public providers
like Netcom, Delphi, etc.  Since Stanton McClandish asked about the 
"NSA can bust PGP rumors" I'll forward my post to Extropians on 
that thread (slightly edited to elide quoted comment), since a
similar concern had been expressed about the trustworthiness
of encryption:

I find it extremely improbable that the NSA or anybody else can
break long RSA keys (eg, those in PGP) as long as the keys are secure 
(eg on the private machines of trustworthy people).  Even if they could 
break the public keys or gain access to the secret keys, they're 
quite unlikely to spend TM cycles and engineer time on the outside
possibility of gaining evidence for a relatively minor drug violation.  
Furthermore, there's so much such minor crypto traffic going around 
now that they would require other good information (eg traffic analysis)
prior to attempting to break the codes, to discriminate the 
potentially important messages from the gigabytes of variously
encoded trivia.

On the other hand, the local gendarmes in net-heavy areas like
Silicon Valley could easily hire a net-savvy investigator to monitor
unscrambled groups like extropians, cypherpunks, etc. and even
more trivially search back archives of Usenet, to track down
networks of drug users, and the like.  (For example, the
apparent True Name who regularly posts a market report listing
street drug prices around the world to alt.drugs!)  In the future
this will be even easier, and the archives will still be around.

The main problem is that many net users aren't using PGP and other 
powerful privacy tools like anon remailers, because (a) they have
"nothing to hide" from the millions of total strangers, many with
violent intent, who read the net, (b) the tools are too inconvenient,
and (c) lack of cultural development of pseudonymity (this is quite
well developed on several BBS nets, though).  These problems are
being tackled on several fronts.  I'm writing a user-freindly Windows 
GUI for PGP and anon remailers.  There's also work going on to integreate 
PGP into traditional mailers (elm, Eudora, etc.) and the MIME standard.  
A culture of pseudonymity is starting to spread to the Internet
(with glacial slowness, and driving control freaks like Dick Depew and
L.Detweiler insane in the process).  There's no reason you shouldn't 
be able to post about your LSD experiences and the like, but make 
sure you're protecting your privacy with the right tools, for goodness 
sake.

Nick Szabo				[email protected]