Feds PWN You

Feds Want A Wiretap Backdoor In All Net Hardware and Software

Quote:

Feds Want A Wiretap Backdoor In All Net Hardware and Software


Thinks the federal government is too intrusive? You ain't seen nothing yet. An FCC mandate will require that all hardware and software have a wiretap backdoor that allows the government to tap into all your communications.

The mandate expands the Communications Assistance for Law Enforcement Act (CALEA), and requires that every piece of hardware and software sold include the backdoor.

The rule isn't yet final, but once it is, all vendors will have 18 months to comply. And in fact, says Brad Templeton, chairman of the Electronic Frontier Foundation (EFF), some router makers already include such a backdoor. So your hardware may be vulnerable.

There are several problems with this rule. First is the obvious massive intrusion into all of our privacy. Second, says Templeton, is the way that the rule will stifle innovation. According to the Washington Post, he claims that the rule will "require that people get permission to innovate" would create "regulatory barriers to entry." He adds "The FBI gets veto on new companies."

The final problem is that if all hardware and software has a backdoor, it's an open invitation to hackers. So we may be faced with a double-whammy: The feds and hackers working their way into our systems.

The EFF, the Electronic Privacy Information Center (EPIC), the COMPTEL association of communications service providers, and the American Civil Liberties Union filed a brief last week with the U.S. Court of Appeals for the District of Columbia Circuit to try and stop the FCC. Here's hoping they win.


Posted by Preston Gralla at 11:14 AM

[bigjon]

If you want privacy, take it by using PGP or some other encryption software.

I always thought that we all should be using PGP, because what we are doing now is sending postcard's that anyone (with the means) can read.

http://www.pgpi.org/

Of course all of your correspondents will have to use it, in order to be able to exchange messages. And that is the rub, because everyone I know says "I don't have anything to hide, what are you hiding jon" :confused:

Unfortunately, PGP handed over it's algorithims to the feds a long time ago.

While i hate to recommend proprietary software, i have to recommend twofish or something better than pgp, now. PGP is ok for protecting you from most wanna-be leets, but for the feds, they probably already have everyone's keys, by now.

Edit: Btw, someone who knows what they are doing can "crack" (it's a combination of bruting and some ip table magic, not really "cracking") md5 in about two minutes--if they're good. Hell, there's even a site now that allows people to upload and retrieve "cracked" md5 hashes. i mention this so forum members can be aware. Nonetheless, a STRONG pw (a combination of 15+ letters, numbers and characters, that do NOT spell out anything, in your native language or "leetspeak") can make it very timeconsuming, and very frustrating for would-be intruders.

[bigjon]

The algorithms have always been open source and reviewable by everyone. I wouldn't want it any other way.

I haven't looked at this issue for a long time and confess to not being up to speed on it. In my previous reading open source was regarded as a must to avoid code with back doors. At that time a place like NSA could break the coded message given enough Cray's and time. I don't know about now, that was about 5 years ago.

Dude, i'm all about open source. But i'm telling you, if you want privacy, pgp ain't it. But you know, don't believe me, it's your call.

Sorry for double posting, but just so ya know i'm not blowing smoke (we are talking about the feds, here, right? i was):

Quote:

19:51 <+t> But OTP is perfect.
19:51 i think the feds could crack twofish if they want
19:51 but how fast?
19:52 mu-tiger: Just use a blowfish cipher with a 4096bit keyfile somewhere
19:52 ty
19:52 and encrypt that keyfile with your password and stick it on portable media
19:53 ty tho, all of you
19:53 that's what i needed to know
19:53 mu-tiger: Example
19:53 dd if=/dev/urandom of=keyfile bs=1k count=4
19:54 losetup -e blowfish /dev/loop/0 encfile -p0 < keyfile
19:54 then mkfs /dev/loop/0 to whatever
19:54 and put keyfile somewhere
19:54 yeah
19:54 that's 4k of data they'd have to crack
19:54 xD
19:55 so how quickly d'ya think they could crack pgp?
19:55 just curious
19:55 well, if they stuck a backdoor on your box, I'm pretty sure that's one thing it'll do
19:55 yeah
19:55 read through PGP's memory and pick up private keys
19:56 and they've already cracked 1024bit keys in a day
19:56 ok
19:56 that's what i was thinking
19:56 tyvm
19:57 [notice(#channel)] <3