Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

cancel ×

325 comments

fp? (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15382575)

woot

Cryptome (2, Informative)

Threni (635302) | more than 8 years ago | (#15382586)

It's also available from Cryptome:

http://cryptome.org/zfone-agree.htm [cryptome.org]

Re:Cryptome (5, Informative)

prz (648630) | more than 8 years ago | (#15382834)

I wish Cryptome would not redistribute my Zfone software. This morning I had to upload a new version due to a last minute mistake we made before the release, and Cryptome probably got the uncorrected version. This is beta software in flux, rapidly changing with new updates likely, especially shortly after it hits when we discover early problems. Further, I've just added critical warnngs to my web site about how to do the installation for Windows, and if someone grabs the software and posts it somewhere else, it will lack those warnings. There are good reasons why I want to maintain control of the distribution, especially during the initial public beta. --Philip Zimmermann (prz@mit.edu)

Re:Cryptome (2, Insightful)

phoenix.bam! (642635) | more than 8 years ago | (#15383110)

You sir, are a hero. Thank you for your work.

Re:Cryptome (4, Insightful)

SEAL (88488) | more than 8 years ago | (#15383117)

Then why do you insist on having people register in order to download, instead of providing a simple link?

For better or worse, people interested in this type of technology also have a vested interest in anonymity.

Re:Cryptome (0)

Anonymous Coward | more than 8 years ago | (#15383148)

If you really are Phil Zimmermann, shouldn't your post be PGP signed? :-)

nothing to hide (-1, Troll)

DennisInDallas (309656) | more than 8 years ago | (#15382589)

why would people with nothing to hide want to encrypt their conversations.

Re:nothing to hide (0)

Anonymous Coward | more than 8 years ago | (#15382614)

...please tell me this was sarcasm...

Re:nothing to hide (4, Interesting)

sbrown123 (229895) | more than 8 years ago | (#15382626)

why would people with nothing to hide want to have their personal conversations listened to? And why would we want to spend our tax money to spy on people who have nothing to hide? Shouldn't we be after the terrorists instead?

Re:nothing to hide (1)

ddraigcymraeg (670617) | more than 8 years ago | (#15382627)

Ummn to stop political blackmail?

Re:nothing to hide (1)

PFI_Optix (936301) | more than 8 years ago | (#15382914)

To strip politics out of the argument:

So that it's harder for identity theives to gather personal information.

Cellphones and landlines aren't secure. Encrypted voice adds a layer of security so that when your bank asks for your SSN, you are a little safer giving it over the phone.

Re:nothing to hide (5, Informative)

bung-foo (634132) | more than 8 years ago | (#15382628)

Really, I mean why do people wear clothes for that matter? I mean we are all made of meat covered in skin. We all know what human bodies look like. Everyone should just go naked from now on. Who needs privacy when you have nothing to hide?

Re:nothing to hide (3, Funny)

iogan (943605) | more than 8 years ago | (#15382667)

Everyone should just go naked from now on

AMEN to that!

Re:nothing to hide (2, Funny)

smooth wombat (796938) | more than 8 years ago | (#15382713)

Be careful what you wish for.

I'm at work at the moment so I can't do a proper search for images but think about it: would you want to see Margaret Thatcher walking around naked?

Re:nothing to hide (1)

walt-sjc (145127) | more than 8 years ago | (#15382822)

Um, no. I would not want to see ANY of my neighbors naked. Eeww.

Re:nothing to hide (2, Funny)

ShieldW0lf (601553) | more than 8 years ago | (#15382703)

Really, I mean why do people wear clothes for that matter? I mean we are all made of meat covered in skin. We all know what human bodies look like. Everyone should just go naked from now on. Who needs privacy when you have nothing to hide?

I tried that. They sent a bunch of burly guys to force me into a striped one-piece jumpsuit.

Re:nothing to hide (3, Funny)

m874t232 (973431) | more than 8 years ago | (#15382774)

Well, let's see, why do people wear clothes? Shrinkage. Brown and yellow stains on furniture. Getting pubic hair stuck. Seeing the US senate naked. I think those are excellent reasons. Yours may differ. If the US starts going all naked, I'm moving.

Re:nothing to hide (1)

FudRucker (866063) | more than 8 years ago | (#15382816)

RE:"If the US starts going all naked, I'm moving."

lol! hell yeah, some people are too damn ugly with clothes on it would be enough to cause blindness if they went nude...

Re:nothing to hide (1)

Sirfrummel (873953) | more than 8 years ago | (#15382940)

"Brown and yellow stains on furniture. "

WTF are you doing with your furniture?

Nothing to hide? (1)

mangu (126918) | more than 8 years ago | (#15383129)

why do people wear clothes for that matter?


Dude, that's because most of them have *a lot* to hide!

Re:nothing to hide (1)

Br00se (211727) | more than 8 years ago | (#15382637)

More importently, why would any one want to listen unless they were up to no good?

Re:nothing to hide (4, Interesting)

GundamFan (848341) | more than 8 years ago | (#15382643)

How do you even know what you need to hide anymore?

The meaning of the word terrorist could change at any moment and the deffinition of enemy combatant is equaly fluid.

Your logic is flawed anyway... criminals are not the only group who like privacy.

Re:nothing to hide (1)

drooling-dog (189103) | more than 8 years ago | (#15382820)

But what if you work hard for a well-connected company, say, like Halliburton, and you find that some other upstart company is bidding against you for big juicy contracts to relocate the old Berlin Wall to southern Texas. Wouldn't you want your friends in the NSA to let you in on what your pesky competitors are talking about? I would - a lot of money could be at stake.

Re:nothing to hide (0)

Anonymous Coward | more than 8 years ago | (#15382653)

Why would you ever want to whisper?

Re:nothing to hide (0, Flamebait)

WinstonSmith2600 (961157) | more than 8 years ago | (#15382657)

Only the terrorists would want their privacy. The terrorists(usually gov sponsored) envy us because of our privacy and liberty so we must give up both our privacy and liberty for gov/corporate security.

Re:nothing to hide (0)

Anonymous Coward | more than 8 years ago | (#15382788)

That explains all the denied 'Freedom of information' requests. Republicans are Terrorists.

Re:nothing to hide (0)

Anonymous Coward | more than 8 years ago | (#15382659)

the same reason why honest people with nothing to hide wouldn't want cameras in their house, people reading over their shoulder, people going through their trash, people looking in their windows, or people videotaping them when their outside walking with their kids.

It's an invasion of privacy.

(btw too lazy to create account)

same reason we keep the curtains drawn @ home? (5, Insightful)

Penguinisto (415985) | more than 8 years ago | (#15382694)

"why would people with nothing to hide want to encrypt their conversations."

For the same reason I keep the curtains drawn in my bedroom windows at night, esp. when the s/o gets frisky.

Just because me and my s/o's bedroom activities are perfectly legal doesn't mean I want everyone else (let alone the government) monitoring it.

/P

Re:same reason we keep the curtains drawn @ home? (0)

Anonymous Coward | more than 8 years ago | (#15382825)

what the fuck is "s/o"?

Re:same reason we keep the curtains drawn @ home? (1)

Penguinisto (415985) | more than 8 years ago | (#15382899)

s/o = "Significant Other", i.e. a girlfriend or boyfriend (or wife, husband, what-have-you).

Sorry - forgot I was posting to Slashdot where such types of people may not always be a common occurence :)

/P

Re:same reason we keep the curtains drawn @ home? (2, Funny)

Anonymous Coward | more than 8 years ago | (#15382902)

I think in this case it means a pet of some kind, probably a hampster

Re:same reason we keep the curtains drawn @ home? (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#15382918)

Sluts' Orifice?

Illegal bedtime (1)

LunaticTippy (872397) | more than 8 years ago | (#15383144)

Don't be so sure it's perfectly legal. 22 states still have sodomy laws, and if you aren't performing sodomy with your SO you don't deserve to keep one.

The supreme court recently struck down sodomy laws between consenting adults, but we still have laws on the books.

YHBT YHL HAND (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15382775)


   

Re:nothing to hide (1)

spike2131 (468840) | more than 8 years ago | (#15383028)

Why should it be about having something to hide? What if I just don't want the government to have absolute power? If encrypting conversations will make enforcing tyranny just a little more difficult, encrypt away...

Re:nothing to hide (1)

jdbartlett (941012) | more than 8 years ago | (#15383173)

Agreed. The bigger wiretap issue isn't really about people's privacy at all, it's about an Administration viewing itself as above the law and acting with disregard to the law. Regardless of intention, anything that effects wiretapping without court order is illegal. Period.

Re:nothing to hide (2, Insightful)

Ripley (654) | more than 8 years ago | (#15383064)

why would people with nothing to hide want to encrypt their conversations.


From "The Eternal Value of Privacy" by Bruce Schneier in Wired (http://www.wired.com/news/columns/0,70886-0.html? tw=wn_index_23)

"... accept the premise that privacy is about hiding a wrong. It's not. Privacy is an inherent human right, and a requirement for maintaining the human condition with dignity and respect."

But what about my Iraqi girlfriend? (0, Offtopic)

peterpressure (940132) | more than 8 years ago | (#15382605)

To think I was going to dump her for fear of being wiretapped,
encryption to the rescue!

oh wait, maybe this is a good excuse to stop calling her...

Re:But what about my Iraqi girlfriend? (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15383147)

Dump her for the unibrow and mite-infested vagina.

Brave New World (4, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15382630)


From another NYTimes article, Bush Aide Defends Eavesdropping on Phone Calls [nytimes.com] (emphasis mine):
President Bush's national security adviser, Stephen J. Hadley, insisted today that a newly disclosed government effort to compile data on millions of telephone calls in search of terrorist-linked calling patterns was a legal and "narrowly designed program" that did not involve listening to individual calls.


So why exactly is the government getting their knickers in a twist over Zfone? After all, the program is just intended to compile a database of call information, not actually listen to the content of the conversations. Doing that, as the administration has repeatedly told us, would require a court order.

So if you have a person you suspect from the numbers he's connected with, and you do obtain that court order, and it turns out he's using Zfone, there are other ways of getting the content of that conversation (hint: it has to be unencrypted at some point, so the 'terrorists' can understand each other). Arduous, sure, but since this will be done on only a select few, it's not that much of a hardship.

No, the reason the government doesn't like Zfone is because they want perform blanket surveillance on all American citizens; to listen to all our calls, all the time. By utilizing speech-recognition software and an ever growing list of suspect words and phrases, they will be able to keep tabs on the unruly U.S. population, weeding out terrorists, political dissidents, environmentalists, Democrats, and other 'undesirables'.

Re:Brave New World (2, Insightful)

Penguinisto (415985) | more than 8 years ago | (#15382655)

"After all, the program is just intended to compile a database of call information, not actually listen to the content of the conversations. Doing that, as the administration has repeatedly told us, would require a court order."

Because someday the FBI (or whoever) may find it harder to listen in on these encrypted conversations in cases where they have a court order to do so.

/P

Re:Brave New World (2, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15382748)


As I said in my previous post, there are other ways of getting the content of a conversation. Since the content must be decrypted at either end, listening devices positioned at either endpoint are easily capable of intercepting the communication, encrypted or not.

As I said, this is arduous...much harder than just listening to a line, but eavsedropping on American conversations shouldn't be easy. If the FBI (or whoever) is serious enough about capturing the content of a particular communication to obtain a court order, it's not asking that much more that they work around any encryption present.

The difference here is that while agencies could continue to listen to targeted communications by these methods, the logistics of applying them to blanket surveillance are completely unworkable, offering us some measure of protection from a wholesale violation of our privacy by the government. This is precisely why the government is against encryption...not because it would make individual cases harder, but because it would make blanket surveillance impossible.

Re:Brave New World (1, Insightful)

Penguinisto (415985) | more than 8 years ago | (#15382945)

"As I said, this is arduous...much harder than just listening to a line, but eavsedropping on American conversations shouldn't be easy."

Maybe, maybe not... but then, there are times when time is of the essence, and even the time taken to decrypt something the hard way in a timely manner is of utmost importance if there are potential lives at stake. The world's first electronic computer, Colossus, was built to decrypt German encryption during WW2, and was specifically built to be as fast and efficient as possible, because timely intelligence = lives saved.

While I doubt that decrypting a phone conversation nowadays usually isn;t exactly what one would call an urgent thing, there may be times where it is.

/P

Freedom is not safe or pretty. (2, Insightful)

khasim (1285) | more than 8 years ago | (#15383102)

The world's first electronic computer, Colossus, was built to decrypt German encryption during WW2, and was specifically built to be as fast and efficient as possible, because timely intelligence = lives saved.
That's nice. But being at war with a country is different than spying on your own citizens.
While I doubt that decrypting a phone conversation nowadays usually isn;t exactly what one would call an urgent thing, there may be times where it is.
There may be.

The problem is, far Far FAR FAR more often it is not.

But it is ALWAYS subject to abuse.

Being Free means that we accept the risk that the "bad guys" will abuse that Freedom to hurt/kill some of our citizens.

But they will never defeat us. Only we can do that by surrendering our Freedom for the illusion of "safety".

Re:Brave New World (2, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15383127)


Maybe, maybe not... but then, there are times when time is of the essence, and even the time taken to decrypt something the hard way in a timely manner is of utmost importance if there are potential lives at stake.

I'm sorry, but that argument just doesn't hold water. Your statement is analagous to saying that clothing must be outlawed, since clothing can conceiveably be used to conceal weapons. Frisking certain suspect individuals simply isn't good enough, since locating the weapons in a timely manner is of utmost importance (if there are potential lives at stake).

To continue the analogy, if the suspicion is targeted, frisking works just fine, and works without violating the privacy of innocent citizens. If the suspicion is not targeted, however, frisking everyone is a logistical impossibility, so the outlawing of clothing is the only option.

(And yes, I know my analogy is somewhat flawed, since x-rays can locate some weapons without the need for disrobing, but my point is still valid).

The mere possibility of the interception and decryption of a suspect communication taking too long to save lives is not enough to justify the wholesale violation of the privacy of the citizenry (at least, it shouldn't be in America...).

Re:Brave New World (1, Interesting)

advocate_one (662832) | more than 8 years ago | (#15382772)

Because someday the FBI (or whoever) may find it harder to listen in on these encrypted conversations in cases where they have a court order to do so.

Jesus...H... Christ... That's why they have supercomputers......... any comercial grade encryprtion/decryption program has to have a key short enough to enable real time encryption/decryption using normal computer chips... any key short enough for fast encryption/decryption of things like telephone conversations has to be easily brute forceable. The algorythm for the encryption/decryption is public knowledge... the key merely provides protection against casual eavesdropping... the FBI has access to serious horsepower when it comes to decryption... the only problem comes when they are mass decrypting phonecalls... and then they are outside the limits of the court order and in the realms of spying on all of us...

Criptographical illiteracy (2, Informative)

hummassa (157160) | more than 8 years ago | (#15383046)

Sorry, sir, but you are completely wrong. ANY VoIP-capable computer can encrypt a 12kbps stream with a 1024-bit key. And -- unless the whole academia is wrong and all the current off-the-shelf crypto algorithms have crypto flaws, no, not every supercomputer in the face of the earth could break the encryption. One would have to get the keys in another fashion to listen to the talks.

Re:Brave New World (1)

Kadin2048 (468275) | more than 8 years ago | (#15383049)

any comercial grade encryprtion/decryption program has to have a key short enough to enable real time encryption/decryption using normal computer chips... any key short enough for fast encryption/decryption of things like telephone conversations has to be easily brute forceable.

While I am not any way in favor of government restrictions on encryption, I think this statement is patently false.

A common PC can do real-time encryption/decryption of a telephone-quality digital audio stream with significant key lengths, which are not "easily brute forceable." Or at least, the difficulty of brute forcing them is probably greater than using a side-channel attack.

Symmetric key ciphers (which are what you'd use to actually encrypt the content of a telephone conversation) are quite fast, and a compressed audio stream really isn't that much data. Your statement might be true if the encryption devices were small embedded systems, but even then I'm not sure.

Barring some as-yet-undisclosed jump in computing technology that the government has access to, and normal people do not (which isn't out of the realm of possibility -- for all we know, the NSA might be sitting on a quantum computer, although I rather doubt it), current technologies allow a person to encrypt their data in ways that are fairly difficult to open by brute force, even for an attacker with substantially greater resources than the encryptor.

MOD PARENT UP (3, Insightful)

ZachPruckowski (918562) | more than 8 years ago | (#15382682)

Very true. But whenever technology gets involved in a discussion, people's eyes sort of glaze over. No one knows what's going on, they just hear Internet phone calls, terrorism, and encryption. While you and I know that anyone intercepting a packet (encrypted or not) can tell where it came from and where it's going, America doesn't. They probably think it's an effort at parity between VOIP and normal phone calls (if they know what VOIP is).

Re:MOD PARENT UP (0)

Anonymous Coward | more than 8 years ago | (#15382950)

Very true. But whenever technology gets involved in a discussion, people's eyes sort of glaze over. No one knows what's going on, they just hear Internet phone calls, terrorism, and encryption. While you and I know that anyone intercepting a packet (encrypted or not) can tell where it came from and where it's going, America doesn't. They probably think it's an effort at parity between VOIP and normal phone calls (if they know what VOIP is).

Uh yeah, whatever. It's just that it's against Freedom (TM - RNC) and the American Way (TM- RNC)! If you have nothing to hide, then what's the worry (TM- RNC)?!

If you're not for us; you're against us (TM- RNC)!!!

Yours truly,

RNC

Re:Brave New World (-1, Troll)

Anonymous Coward | more than 8 years ago | (#15382742)

You can oppose anything by invoking the worst possible scenario consequences.
You can promote anything by invoking the best possible scenario consequences.
Your statements have no actual value.

Re:Brave New World (4, Insightful)

TripMaster Monkey (862126) | more than 8 years ago | (#15382785)


You can oppose anything by invoking the worst possible scenario consequences.

Worst-case scenario, huh? [abcnews.com]

Your 'worst-case scenarios' are happening.

Right now.

Get your head out of the sand.

Re:Brave New World (3, Insightful)

Valar (167606) | more than 8 years ago | (#15382863)

What's really scary about that are the number of posts on that page that are basically 'Good, you don't agree with our favorite policies, so you shouldn't have any rights.' or 'If you aren't with the president, then you're with the enemy, so of course you're gonna get wiretapped.' This is coming from so-called conservatives. Way to defend the constitution guys. Good hustle.

Re:Brave New World (0)

Anonymous Coward | more than 8 years ago | (#15382880)

>Your 'worst-case scenarios' are happening.

>Right now.

Yeah, so what? Looks like the vast majority of the people is either in favour or doesn't give a damn. Tough luck, you'll have to get used to your "worst-case scenarios". There's nothing you can do about it.

Re:Brave New World (1)

Tekzel (593039) | more than 8 years ago | (#15383138)

Yeah, so what? Looks like the vast majority of the people is either in favour or doesn't give a damn. Tough luck, you'll have to get used to your "worst-case scenarios". There's nothing you can do about it.


Well, I wouldn't use that as evidence that it is right or acceptable. Franklin, the vast majority of people are dumbasses. Sheep that will believe anything if it is fed to them enough. Not that I particularly disagree with your last statement, the days of actually being able to do something about it are long gone and probably never to return. A two party system, especially a pair as corrupt as the pair we have here in the U.S. makes for little or no choice. I vote the latter.

Speaking of voting, I don't do it. You may or may not believe the shit I get over that, I even discarded a bunch of so called friends back in 2000 during the Bush vs Gore race. They got absolutely fried at me saying that it was my DUTY to vote. My duty? I thought it was my RIGHT, to exercise, or not, as I see fit. Given this system, I frankly couldn't give two shits which of the politicians that are running wins, they are all the same. A good point here, reversed wholesale by a mess of bad ones there. The result is an utter mess that I, personally, will have no part in. You show me an honest politician, and I will show you an actor that will NEVER get close to the race for president in these here United States.

That said, I still love my country and as corrupt and nasty as the politics is, there is no other country I would rather live in. Although, this mess with Bush really puts a strain on our marriage, but I still love the old gal.

Re:Brave New World (1)

Tekzel (593039) | more than 8 years ago | (#15383161)

Uh that was supposed to be "Frankly" not "Franklin". Thats what I get for rubbing one off in the heat of the moment. It started out as a quick comment and quickly turned into a mini-rant.

Re:Brave New World (0)

Anonymous Coward | more than 8 years ago | (#15382882)

Allow me to quote the worst case scenario you used.

No, the reason the government doesn't like Zfone is because they want perform blanket surveillance on all American citizens; to listen to all our calls, all the time. By utilizing speech-recognition software and an ever growing list of suspect words and phrases, they will be able to keep tabs on the unruly U.S. population, weeding out terrorists, political dissidents, environmentalists, Democrats, and other 'undesirables'.

This is a straw man worst case scenario consequence. Maybe you believe it obviously true but I have confidence that much of your audience won't.

"They want to do X with situation Y. This would be a very bad scenario--possibly the worst. So I am opposed to situation Y."

Ergo, stfu.

Re:Brave New World (1)

TripMaster Monkey (862126) | more than 8 years ago | (#15382947)


I was using hyperbole [wikipedia.org] to make a point. Pity you failed to realize that (I had thought the inclusion of 'environmentalists' and 'Democrats' would have made it obvious).

Re:Brave New World (0)

Anonymous Coward | more than 8 years ago | (#15383040)

The correct time to have pointed that out would have been in direct response to my objection. Before the bold, italics, comments about heads and sand, unnecessary wiki linking, and condescension.

Apparently you are unaware of the disturbing resemblence of your scenario to those espoused by folks who seriously include democrats and environmentalists in the set of endangered ideologies. So since you now claim hyperbole in the inclusion of those two, are you still serious about the inclusion of unruly citizens and political dissidents? Or was that also guarded by the invisible sarcasm tag?

I would just like to add that it is this subthread which caused me just now to decide never to pay attention to mod insightful comments. I knew it was a joke before, but now I feel it. Thanks. I salute you, however, for nursing it to its unglorious conclusion

Re:Brave New World (5, Insightful)

Tackhead (54550) | more than 8 years ago | (#15382780)

> No, the reason the government doesn't like Zfone is because they want perform blanket surveillance on all American citizens; to listen to all our calls, all the time. By utilizing speech-recognition software and an ever growing list of suspect words and phrases, they will be able to keep tabs on the unruly U.S. population, weeding out terrorists, political dissidents, environmentalists, Democrats, and other 'undesirables'.

From an old .sig quote:

NSA is now funding research not only in cryptography, but in all areas of advanced mathematics. If you'd like a circular describing these new research opportunities, just pick up your phone, call your mother, and ask for one.

...and to cut down on the costs of their recruitment budgets!

Considering that most of the parents of new postdoctorate-level mathematicians probably live overseas nowadays (and whose conversations are therefore legal to record), maybe the old .sig quote was always more true than funny.

Re:Brave New World (1)

GPLDAN (732269) | more than 8 years ago | (#15382849)

TMM,

The Narus software that Klein blew the whistle on (the stuff with AT&T), can decode nearly every well-used VOIP codec out there. I suspect that it was being used, heavily. I would imagine that the NSA has calls using VOIP software from lots of IP addresses they were looking at.

The irony is, that the old fashioned circuit switched network with channelized circuits, it would be a massive engineering effort to tap and do voice recognition on every call. It would be nearly impossible given the way circuit switched calls work. But VOIP scales the problem out to a problem of CPUs and disk. And those are effectively infinite for a government that can spend whatever it wants. Iraq is closing in a trillion. A few billion bucks, and huge HVAC units and you can look into millions and millions of calls simultaneously with todays technology. I expect that it is happening already. Anything told to us about what isn't happening has turned out to be false and proven so.

Evil Republicans!! (5, Insightful)

g_adams27 (581237) | more than 8 years ago | (#15383165)

> By utilizing speech-recognition software and an ever growing list of suspect words and phrases,
> they will be able to keep tabs on the unruly U.S. population, weeding out terrorists,
> political dissidents, environmentalists, Democrats, and other 'undesirables'.

Those evil Republicans! Except, wait... wasn't it the Clinton Administration that launched a 3-year criminal investigation of Phil Zimmerman in 1993?

And wasn't that the same President who championed the Clipper chip, so the government would have the keys it needed to decrypt your phone calls?

Who is Philip Zimmermann? (-1, Redundant)

guitaristx (791223) | more than 8 years ago | (#15382633)

He's this guy [wikipedia.org] , the inventor of PGP.

Ok, so nobody imporant. (0)

Anonymous Coward | more than 8 years ago | (#15383092)

Whew!

HLEP!!!! (-1, Offtopic)

Anonymous Coward | more than 8 years ago | (#15382638)

prosper881 [mailto] "I've just logged on this ,english speaking, WEB site. I hope that other non-english speaking, french for exemple, feel unsatisfied about something (anything will do the trick for me).Consider this message as a introduction to a new exiting conversation! At least I hope.
I'm mainly inrerrested by LINUX OS which I've been hearing about for so long.
Seeing that I just got my new internet ADSL link and I'm very interrested by the freedom aspect of all this.
Who can help me instal LINUX on my computer??"

Didn't read the tech specs ... (1, Interesting)

vaevictus (126738) | more than 8 years ago | (#15382687)

... but since it touts that it doesn't use 3rd party servers for key storage... ... seems like it'd be suseptible to Ye Olde Man-In-The-Middle.

3 Zimm though. :D

Re:Didn't read the tech specs ... (0)

Anonymous Coward | more than 8 years ago | (#15382781)

I'm sure both parties authenticate the server's public key. (kinda like SSL).

Re:Didn't read the tech specs ... (3, Informative)

cswiger2005 (905744) | more than 8 years ago | (#15382905)

"Man in the middle" attacks are generally mitigated against by using a large initial key (such as the host key used by SSH, or the x.509 cert used by SSL) to guard an exchange of a smaller temporary session key as a shared secret, which is time-sensitive and is regenerated periodicly. You'd have to break the 1024-bit key or whatnot very rapidly, in the matter of a few hours, or else you'd be too late to do a replay or MitM attack.

This has a reasonable set of diagrams which describe the process:

http://www.netip.com/articles/keith/diffie-helman. htm [netip.com]

It helps to have a registry or Certifying Authority available which has a list of published public keys...

Re:Didn't read the tech specs ... (5, Insightful)

gclef (96311) | more than 8 years ago | (#15382954)

If he's still using the system he presented last summer at BlackHat, he's actually doing something rather clever:

The system does a standard Diffie-Hellman key exchange between the two softphones, and hashes that exchange to words that each caller is supposed to read to the other (you see what they're supposed to say, and they see what you're supposed to say). So, unless the man-in-the-middle can also impersonate your voice, MITM'ing the connection is very difficult.

Also, the hashes used to generate that vocal exchange are stored for each destination you call for every call, and fed into the new hash generation. So, even if you skip a round of comparing the hashes, if you do it for a later call & it works, you can be assured that the *previous* call was also clean.

The laws and privacy concerns (5, Interesting)

zappepcs (820751) | more than 8 years ago | (#15382712)

and all that relates to national security. CALEA, the thing that allows wiretaps under warrant, is in place for all previous communications methods, including paging. What government wants is CALEA type access to new communications types. HOWEVER: Neither the constitution, any ammendment, any subsequent law, or even terms of use, specify that your communications have to be made in an open unenctrypted manner. In fact, in the US, if there is no evidence, there is no crime, and no way to know the criminal. Its all part of that innocent until proven guilty mindset.

If all your telephone calls, emails, etc. are encrypted by you and the other intended party or parties involved, there simply is nothing the government can do about it. With probable cause, they can 'try' to compel you to divulge the encryption key, but then you don't have to testify against yourself in the U.S. ... at least not yet.

Neither can the government, church, or any other person(s) compel you to divulge your thoughts, or secrets.

Its time for the encryption phones to start appearing on the market.

This little problem will quickly spiral out of control until those that want to snoop on others have more work to do than they ever imagined. The basic problem here is that the people they say they want to spy on are not using the communication systems the same way as everyone else, and their communications are encrypted, or hidden in ways the government cannot prevent, nor detect with the laws and practices that they wish to install.

Wiretapping on the scales being talked about recently are stupid, prohibitively stupid, and will be nearly 100% ineffectual.

They can't find Bin Laden with all the military might, but somehow they are going to catch him making a phone call? uh, yeah right.... of course, its the little people that lead to the big ones, but they have been spying on the little ones all along... still haven't caught him.

Re:The laws and privacy concerns (0)

Anonymous Coward | more than 8 years ago | (#15383071)

Its all part of that innocent until proven guilty mindset.

Ah yes common law. Funny how easily the government ignores that sort of thing.

If all your telephone calls, emails, etc. are encrypted by you and the other intended party or parties involved, there simply is nothing the government can do about it.

There's a lot they can do about it. Throw you in jail, hold you there for a long time w/o charges, hit you up with obstruction of justice or other broad charges to keep you around, etc. Meanwhile you lose your home and everything you worked for because you have mounting legal fees and you're unable to go to your job and collect your paycheck. They may not get you to divulge your key but they can make you wish you had.

you don't have to testify against yourself in the U.S. ... at least not yet.

Like the Bush administration cares about that silly Bill of Rights thing...

Wiretapping on the scales being talked about recently are stupid, prohibitively stupid, and will be nearly 100% ineffectual.

If that were the case, the NSA wouldn't be doing it. That's not to say it is right, but I'm sure it probably does break up some illegal activities.

The problem is that the government is using illegal procedures to accomplish that goal.

Re:The laws and privacy concerns (2, Informative)

slashflood (697891) | more than 8 years ago | (#15383090)

Its time for the encryption phones to start appearing on the market.

That is exactly what my company is offering: IAX2/SIP (Asterisk) over VPN (FreeS/WAN, OpenVPN). It's getting easier to convince businesses to use encrypted communication channels nowadays.

Another Zimmermann (1)

MK_CSGuy (953563) | more than 8 years ago | (#15382751)

Am I the only one who when he saw Zimmermann and encryption in the headline thought immidiately of the other Zimmermann [wikipedia.org] ?

Re:Another Zimmermann (1)

MK_CSGuy (953563) | more than 8 years ago | (#15382773)

and yes, I know, immediately...

Re:Another Zimmermann (0)

Anonymous Coward | more than 8 years ago | (#15382837)

In that case he looks pretty good for a 142 year old. Or for a dead guy.
http://en.wikipedia.org/wiki/Arthur_Zimmermann [wikipedia.org]

A other, other Zimmermann (0)

Anonymous Coward | more than 8 years ago | (#15382878)

Funny, a local radio station let me know today is the anniversary of some guy named Bob's bar mitzvah. That was the leap I made.

And, sorry, less interested in a hyper-linkie-thing then in using an account here.

Re:Another Zimmermann (1)

Mister Whirly (964219) | more than 8 years ago | (#15382991)

Yep, I was wondering who old Bobby Dylan was calling, and why he needed encryption...

Re:Another Zimmermann (1)

bohemian72 (898284) | more than 8 years ago | (#15383089)

Personally, I think of a pretty good coffee/deli/bakery in Ann Arbor.

Lewis Zimmerman (1)

jdbartlett (941012) | more than 8 years ago | (#15383118)

I hate to say it, but I was thinking of Lewis Zimmerman [wikipedia.org] !

Know how it works... (5, Informative)

GPLDAN (732269) | more than 8 years ago | (#15382771)

Phil took an open source VOIP client and added encryption to it. By his own admission, he doesn't know much about how to make VOIP work well, codecs and all that. But his encryption is very clever. It uses Diffie-Helman to generate a per-session key, which is stored in a completely volitile way. i.e. it is destroyed after the call terminates and cannot be retrieved (stored in memory which is then overwritten). So, even if a man (or government) in the middle records the RTP stream and then gets a search warrant to get the key to decrypt the call, it won't be there.

Look for his techniques for peer to peer key setup, which again is very clever and well thought out, to be used in a variety of new ways. I expect you will see a bit-t client soon that can also generate this one time session key between peers. It will be much more computationally intense than what you see bit-t clients like Azureus do to the CPU now, but no more than using S/FTP. Well, maybe more, because of the number of keys being setup and destroyed and the memory allocation needed in a swarm situation. But for peer to peer calls, it's strong and I expect that Phil, who was nearly bankrupted by Uncle Sam, trying to defend himself, will again be the NSA crosshairs. The guy is just a warrior, what can you say? Guys like him and Klein who blew the whistle on AT&T are the ones fighting for privacy and against a police state. And they will not be treated kindly by this administration.

Reducing probability for key guessing? (0)

thedletterman (926787) | more than 8 years ago | (#15383060)

It occurs to me that these codecs are probably a serious weakness to the encryption, in that they would generte very predictable patterns. Headers, synchronization and timing, dead space.. especially if the NSA has a voice print recognition algorithim to match the target. Depending on the length of the conversation, it would seem very probable that even with the key destruction, there should be enough sampling data to accurate generate a decryption key with very little effort, given the right tools and talent. Thoughts?

Re:Know how it works... (2, Informative)

Farce Pest (67765) | more than 8 years ago | (#15383126)

Phil has a FAQ that, among other things, describes how man-in-the-middle attacks are eliminated or at least mitigated.

http://philzimmermann.com/EN/zfone/index-faq.html [philzimmermann.com]

silly NYT (1)

955301 (209856) | more than 8 years ago | (#15382797)


Anyone spare a time's link w/o login?

Re:silly NYT (1)

SwashbucklingCowboy (727629) | more than 8 years ago | (#15382862)

Check out BugMeNot [bugmenot.com] . I'm sure there's one there.

Re:silly NYT (1)

955301 (209856) | more than 8 years ago | (#15382944)

no can do... blocked.

Re:silly NYT (0)

Anonymous Coward | more than 8 years ago | (#15383070)

1) Get FireFox
2) Get BugMeNot extension
???
4) Profit !

Just don't leave the country again Zimm (3, Interesting)

N1ck0 (803359) | more than 8 years ago | (#15382812)

Just don't leave the country again Zimmerman...or you may end up locked inside that customs office where they 'want to leave lawyers out of this' again. :)

PGP Story:
MPG 1.1G [uiuc.edu]
WMV 378M [uiuc.edu]

A band-aid over a Sucking Wound (3, Interesting)

mpapet (761907) | more than 8 years ago | (#15382850)

So, I'm the evil-agency-du-jour and today I'm auditing IP traffic. If you are a person of interest, they know:

1. You are sending packets to and from specific IP addresses.
2. Grabbing copies of those packets.
3. Putting super-computers to work on them.
4. Discover you are ordering pizza over SIP. (whatever, it's funny)

The concept of "Privacy" was dead a long time ago. I *still* don't understand the outrage when most of your activity is available through many data brokers. What's not there, is available with little procedural check or balance.

Where it is very valuable is company to company communication. Where your competitors may not have the expertise to get the info.

But, then there's the encryption problem anyone has that uses it. It's stupifyingly easy to build a case on suspicion. Trying someone in the court of public opinion is easy and swift. "He uses encryption so he must be hiding something.." is all it takes to end a career, destroy your social status.

Cryptographer==criminal. Film at 11.

If one can codify it's everyday use, I think it's a big step forward.

Terrorists! (5, Insightful)

homebrewmike (709361) | more than 8 years ago | (#15382887)

Terrorists are already using encryption to protect their privacy. Don't you think you should as well?

Bush (-1, Flamebait)

certel (849946) | more than 8 years ago | (#15382896)

Yeah, the Bush Administration hates this... No more spying!

Obviously a politically biased article (0)

Anonymous Coward | more than 8 years ago | (#15382923)

Obviously. When did Al Gore, Howard Dean and John Kerry start posting articles? Hey Al, I'm with ya man!! Global warming needs to be stopped at the source of the problem. Put out the sun, I'm tellin' ya - it will solve global warming for good!!!

Re:Obviously a politically biased article (1, Informative)

Anonymous Coward | more than 8 years ago | (#15383093)

"I'm not going to defend the indefensible. ... I'm prepared to defend a very aggressive anti-terrorist campaign, and I'm prepared to defend the idea that the government ought to know who's making the calls, as long as that information is only used against terrorists, and as long as the Congress knows that it's underway. But I don't think the way they've handled this can be defended by reasonable people. It is sloppy." -- Newt Gingrich

http://movies.crooksandliars.com/Hannity-Colmes-Ne wt-Phones.wmv [crooksandliars.com]

Why does Newt Gingrich, the former Republican speaker of the House, hate America...?

Ban 'uncomprimised' encryption (0, Flamebait)

nurb432 (527695) | more than 8 years ago | (#15382938)

Just make it illegal to use any form of encryption that the government doesnt have keys for.

Then breaking out content wont matter.

Offtopic: on the subject of Bush criticism: (4, Insightful)

PFI_Optix (936301) | more than 8 years ago | (#15382980)

Before you launch into yet another tirade against the president, bear in mind that our divided Congress consistently allows things like this. This isn't a Bush thing or a Republican thing. This is a beaurocratic, ivory tower, professional politician thing. This happens because we elect the very wealthy from both parties, so that the majority of our elective government has very little connection with their constituents. We create political dynasties, voting for celebrities rather than leaders. Our current political situation isn't due to one man or one party, but rather one entire nation ignoring its own wellbeing in favor of the candidate with the best sound-bites and the stiffest hair. We might as well be getting our political news from E!: who cares how they voted, let's find out which congressman is cheating on his wife this week and what Hillary wore to session today.

Re:Offtopic: on the subject of Bush criticism: (1, Informative)

Anonymous Coward | more than 8 years ago | (#15383034)

Republicans control all the branches of the government. What you see now is the best they have.

Encryption shouldn't be a barrier to the cops (4, Insightful)

MikeRT (947531) | more than 8 years ago | (#15382999)

If they have sufficient evidence to meet a reasonable probable cause standard, why not just let them into the house to bug the device itself? There are devices out there for keyboards which have a few hundred KB of memory and that sit between the keyboard and the port on the back of the PC.

They don't need to block encryption, except to keep tabs on people that wouldn't meet the legal requirements. If they can't meet the legal requirements for a warrant to break into the suspect's house and bug them, then chances are the person hasn't committed a crime.

What can we do? (4, Insightful)

Peter Trepan (572016) | more than 8 years ago | (#15383078)

Free minds. The greatest chilling effect of universal surveillance doesn't come from men in black vans. It comes from being unveiled as a Commie, or an Islamic Sympathizer, or even A Guy Who Googled for "Fatties" in front of your friends/employers/relatives/whatever. The greatest force against freedom in our society is us.

Not one of Sen. McCarthy's victims was actually thrown in a gulag. Think about that. They weren't fired by the government. They were fired by PHBs who acted in blind sympathy with loudmouthed bureaucrats. There would have been no McCarthyism if the public had not been willing to punish itself for unpopular thought and/or speech.

We need a society in which there's no difference between what's illegal and what harms others, and holds all other things not only legal, but acceptable. Once we have that society, people who have done nothing to harm others really will have little to fear. But there's one more thing: If we're going to use public safety as an excuse for universal surveillance, we have to give the power of surveillance to everyone, not just government.

Privacy advocates might cringe at that last statment, but consider this: People are getting more wired, surveillance is getting easier and cheaper, and that trend may never reverse. There may be nothing we can do to stop privacy from dying. Maybe we should start thinking about what we're going to do when it does.

SIP Zfone? (2, Interesting)

Doc Ruby (173196) | more than 8 years ago | (#15383149)

Where's the Zfone (or interoperable) SIP module for Asterisk? And which softphones & ATAs already include one?

It wasn't all Bush (3, Informative)

randomErr (172078) | more than 8 years ago | (#15383160)

I would like to point out that wire/phone taps have been a staple of American history:
From Wikipedia [wikipedia.org]

During the American Civil War, government officials under President Abraham Lincoln eavesdropped on telegraph conversations. Wiretapping has also been carried out under most Presidents, usually with a lawful warrant since the Supreme Court ruled it constitutional in 1928. Domestic wiretapping under the Clinton administration led to the capture of Aldrich Ames, a former Soviet spy in 1994. Robert F. Kennedy monitored the activity of Martin Luther King Jr. by wiretapping in 1966.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...