Privacy, Part Two: Unwanted Gaze 194
In The Unwanted Gaze: The Destruction of Privacy In America, law professor and columnist Jeffrey Rosen first blames expanding sexual harassment and gender discrimination law for wanton destruction of individual privacy. Cyberspace is second on his list.
A growing number of lawyers and scholars, including Rosen, say they now believe that fundamental changes in Net architecture are necessary to protect constitutional values and restore the notion of the "inviolate personality" to the private lives of Americans. These would include copyright management systems to protect the right to read anonymously, permitting individuals to pay with untraceable digital cash; prohibiting the collection and disclosure of identifying information without the reader's knowledge, or using digital certificates to create psudonymous downloading.
To Rosen, author of Gaze, cyberspace is posing a greater menace to privacy by the day. He details the l998 forced resignation of Harvard Divinity School dean Ronald F. Thiemann, who downloaded pornography onto his university-owned home computer. A Harvard technician installing a computer with more memory at the dean's residence was transferring files from the old computer to the new one and noticed thousands of pornographic pictures. Although none of the pictures appeared to involve minors, the technician told his supervisor. University administrators asked the dean to step down.
Harvard justified its decision by claiming that Divinity School rules prohibited personal use of university computers in any way that clashed with its educational mission. But the dean was using his computer at home, not work. And no student or colleague suggested he had improperly behaved in any way as head of the Divinity School. His work was never questioned. It's ludicrous to suggest that the school would have fired him if he'd been downloading sports scores or bidding for furniture on eBay. But although he'd committed no crime and performed well in his job, he was forced out in disgrace, while his intimate communications were discussed in public. Even in a supposedly freedom-loving and prestigious university, what Justice Louis Brandeis dubbed the right of every citizen to an "inviolate personality" -- the part of our private thoughts, communications and explorations once thought beyond the reach of exposure and dissemination -- that is private could be invaded and voided.
The Harvard case also underscores the blurring of boundaries between home and work caused by technology. Millions of employees and workers criss-cross between their employer's equipment and their own for work and personal communications.
The one serious omission in The Unwanted Gaze, perhaps because Rosen is a member of the Washington journalistic elite, is his unaccountable failure to consider the media's role in growing assaults on the idea of privacy. Journalism has become a prime instigator of the destruction of privacy.
Until recently, politicians were permitted the right private lives, along with other citizens, as long as their private behavior didn't compromise their work. But journalism has been breaching that tradition for years, considering even the most private details of public people, now considering even themost private d etails of public officials' lives to be its business, justifying intrusions like the Lewinsky story in the name of investigating character and protecting the public. The contemporary press, which should be defending the right of individual's to historic privacy protections, is demolishing the idea of the inviolate personality, particularly for public figures. This has driven countless people from public service and discouraged many more from entering.
Because the Net is the planet's largest and fastest Xerox machine, as well as the world's greatest new marketing opportunity, it constitutes a particular menace to privacy and is escalating its erosion. Personal information can be - is -- gathered and transmitted more rapidly and comprehensively than has ever been possible.
Corporations busy stealing their customer's private information are now eager to appear concerned about it. In June, more than 30 major technology companies -- AT&T, American Online, Microsoft, Hewlitt-Packard among them -- went to the White House to announce a Net protocol designed to serve as an automatic privacy-protection agent -- the so-called P3P-compliance. But a number of privacy addvocay organizations, including the Electronic Privacy Information Center, Computer Professionals for Social Responsibility and Junkbusters derided P3P's claim to being any kind of real privacy-protection.
Many of these critics referred to what's known as the "VCR syndrome," which holds that in a country where most people can't figure out how to program their VCR's, overly technical solutions to privacy concerns are doomed. Despite the White House-generated hype, this leaves the idea of privacy in trouble.
The idea of the "inviolate personality" is one of the greatest and newest freedoms in history. In our time it's not only being nibbled to death but obliterated, and almost all of us are willing, even enthusiastic participants.
Rosen believes that changes in Net architecture and new encryption technologies ("snoop-proof" e-mail) could in a few years restore Justice Brandeis' ideal: the right of every individual to determine "to what extent his thoughts, sentiments, and emotions shall be communicated by others." Others agree. A professor in the United Kingdom sent me this e-mail in response to Part One of this series: "... one of my students has just completed a thesis that describes a system that allows you to send messages across the system that are guaranteed anonymous. The system assumes the use of PDA like machines but can definitely be made to work. Privacy of content can of course be obtained by encrypting the messages. (Up to a point etc ...) My student's system is a simple analogue of the public phone system. So it can work since the phone system allows anonymity."
Despite the clear and logical reasoning of his book, Rosen isn't persuasive on the idea that new software will protect our thoughts and secrets. The threshold of privacy referred to by Brandeis and outlined by the Constitution's framers has been nearly wiped out by the media, by gender-discrimination and harassment rulings, and by rabidly invasive and corporately-funded information-gathering software.
Rosen makes a great case that the idea of the inviolate personality has nearly been killed off. He fares a bit more poorly with the idea that it will magically be restored in a matter of a few years with digital cash and a handful of encryption programs.
"Already," writes Rosen, "user-friendly Web sites are spring up that give you the benefits of encryption without the hassles of having to understand the difference between public and private keys. A site like ZipLip.com, for example, allows you to send encrypted e-mails for free without leaving any records that can be subpoenaed or searched."
Rosen writes about the technology of anonymity and pseudonymity being developed bycompanies such as Zero-Knowledge.com, which is based in Montreal. For a modest fee, says Rosen, you can buy a software package called Freedom, which allows you to create five digital pseudonyms, or "nyms," that you can assign to different activities, from discussing politics to surfing the Web.
Should free citizens in a democratic society have to spend money for "nyms" to preserve the privacy they ought to be -- and once were -- accorded in law? How many millions of computer users will even know of this new technology, or have the money to use it?
Rosen's implication is that even if software caused the problem, then software will clean up. His assurances seem a bit "gee-whiz." But to ignore them cynically on that basis, or to trust them completely, ignores the history of technology. What people can create, others can and will undo. Technology that can be used will be used. In an otherwise powerful book, he also glosses over powerful incentives for eliminating privacy in cyberspace. First, the megacorporations dominating media, business and government will continue to aggressively explore ways of tracking potential customers as Net use grows. Secondly, law enforcement agencies like the FBI have been fighting for decades for the right to deploy tracking programs like "Carnivore" (see part one) and are hardly likely to back off. And finally, powerful institutions -- the entertainment and movie industry, professions like law and medicine, and entities like the U.S. Congress itself -- will inevitably seek to regain the primacy they had -- until the rise of the Net -- over copyright and culture, as well as the setting of social and political agendas. It seems naive to think that "user-friendly" Web sites are going to save the inviolate personality people once had, and are entitled to have again.
This is not a flame. (Score:1)
At least link to the
There are privacy issue brought up on
Thank you.
Wanking - the Chineese home of the GPL (Score:1)
Since 1984, RMS has been working on writing software for, and promoting the GNU project. A project to provide software which is not only royalty free (free like beer), but that allows the user to modify, pass on and generally screw up said software (free like speech).
The GNU project has always had the aim of replacing UNIX with a workalike system (it could be argued that this is the aim of emacs alone). By the early 1990s GNU was providing a complete set of development and user tools to run on top of many commercial operating system. The only part missing was the kernel.
GNU have been working on their own UNIX like kernel. Built on top of the Mach Microkernel, HURD aims to compete with the most advanced and modern operating system kernels to date. However, development (which of course had to be done using entirely GNU tools) has been slow and even now HURD is not ready for any sort of production system.
In the early 1990s Linus Torvalds, appeared from nowhere with a working rewrite of the Minix kernel written under the GPL, Linux. The Linux kernel is heavily based on tried and tested designs, old technology. However, it works, is fast and incredibly reliable. This was the spark on the arms dump that was GNU. Suddenly there was available a completely free operating system with all source code and a range of user and development tools.
In media terms it appeared overnight. One minute there is a bunch of obscure hackers writing compilers for UNIX, an OS that had not even been heard of by most computer users. The next, there are a few distributions of "Linux", providing the kernel alongside sets of GNU tools.
Linux took off, picked up by many students wanting to get their hands dirty with something that they could work on and learn about it was propelled into teaching institutions, ISPs and the hands of even more hackers. By 1998, Linux was being touted as "the last best hope" against Microsoft just as the Apple Macintosh had been before they went into their long dark period of flaming Powerbooks and buggy Finders.
Linus Torvalds will not be remembered in history as an innovator, he will be remembered as in implementor. As his discussions on Minix with Andy Tanenbaum show, Linus wasn't concerned with new technology, taking advantage of powerful hardware or dealing with the problems of tomorrow. He seized the opportunity to apply textbook principles and build an OS kernel using 60s concepts. Linus should not be hailed as a great hero, who boldy coded where no man had done before. The reason that Linux is now
Next came the ugly bits. Industry wasn't interested in an operating system written by "hackers" thrown together from whatever was available. They refused to provide device drivers for Linux, mainly because they were concerned that they might give away trade secrets by providing free source code under the GPL. Throughout the 2.0, 2.1 and 2.2 kernels, Linux changed constantly. Providing binary only drivers for it became impossible (was this on purpose). Companies had no choice but to provide code t
Source code was released under a variety of licenses. There was GPL code, BSD code, XFree86 code, Apache code, Artisticly licensed code and all sort of other weird things. The only common factor was that each provided source code and allowed users to at least distribute untampered versions of source code and binaries.
So, in an effort to tidy up the situation, the "Open Source Movement" began. Fronted by ESR and Bruce Perens it brought together all code fitting a common denominator of source code availability and freedom of copying under the banner, "Open Source". Initially, opensource.org claimed to, and did, act as a marketing campaign for the GNU project. It generated amazing amounts of publicity.
However, when opensource.org started to class software such as QT under the same banner as GCC and other GNU software, RMS took issue. He denounced open source as not being purely free software and distanced himself from the movement.
Open source is the power hungry brat child of GNU. Concerned with short term publicity and gain, they abandoned the principles that have given GNU such a strong foundation. After RMS split from opensource, there were various other internal squabblings, most visibly over the use of the trademark "Open Source". Next came the talks at Microsoft from ESR and the killing he made by being on the board of VA Linux. In the space of a few months he managed to suddenly move from the editor of the Hacker's
In a sense, ESR not only distanced himself from the hacker ideal. But showed software developers and marketeerers just what potential for cash-in existed in open source software. Since then, it seems, open source has been the latest and greatest buzzword. Everyone (even Microsoft) has either released open source software or talked about it. Suddenly, there is a vast amount of code available to normal users.
RMS argues that it is wrong to call the "Linux distributions" "Linux". Instead he favours GNU/Linux, to show that the system is comprised of both GNU tools and the Linux kernel. This will probably never happen as the term "Linux" is so well established in the media now (when HURD comes along, things may be very different though). A much better name for most of today's Linux distributions would be opensource/Linux. For example, Mandrake comprises binary only versions of software such as netscape w
Recently there was a Slashdot interview with RMS where questions were submitted by users. The story carried a health warning. RMS is accused by many of being a zealot who wants to see all programmers starve. He is not.
RMS provides a much needed figurehead for the FSF. A group devoted to providing and fighting for free software. Much like Marx, Machiavelli or Neitsche everything he says should be taken with a pinch of salt for life in the real world. But without these people, without the purist ideals they promote we would be stuck in a realistic world of pragmatists ready to sell out at the first opportunity, hardly role models.
Re:The salvation of society in non-anonymity (Score:1)
However, I would argue that we should deploy what anonymizing technologies that we can. "Anonymity allows members of a society to undermine the laws they agree(d) to uphold" is not quite right--it allows them to undermine the laws that the majority agreed to uphold. Tyranny by majority can be nasty--anonymity, if achievable, can prevent all tyranny, at the cost of some anarchy.Good trade, IMHO.
Another SF writer on the subject is Vernor Vinge. In A Fire Upon the Deep and other books, he argues that "ubiquitous law enforcement" by surveillance technology is the death knell of any society.
The salvation of society in non-anonymity (Score:2)
Everywhere and anywhere one chooses to look, North American society is degrading at an ever accelrating rate.
Men, Women and children are being beaten, stolen from, harrassed and abused in more ways than any of us can begin to imagine.
Frustrations run higher and higher everyday, and the common view of one's place in society seems to be "I've got mine, and I don't care if you've got yours"
People that take this view, and with it, undermine the rights and freedoms of others do so often with perfect impunity.
Thus, the cop can beat the Afro-American on the street for no good reason, Husbands can beat their wives, Mothers can molest their children, and children can beat each other into hospitals on the school yard.
Why does this impunity exist? Simple:
Because they are ANONYMOUS.
In his book "The transparent society", Larry Niven (I think... I read it a while ago, so don't blast me for getting the name wrong, the title is what matters) argues this very point in an extremely creative way.
At first, he examines the words "anonymity" and "privacy", and defines them.
As the work continues, he draws parallels between the words, examining how they are similar and different, and in what context.
The idea that he arrives at is that "Privacy", "Freedom" and "Anonymity" are infact not the same at all, though most of modern society would belive it so.
One of the final conclusions that Niven arrives at is this: Anonymity allows members of a society to undermine the laws they agree(d) to uphold.
Because chances are no one will know they've committed a crime under the law, they continue to commit crimes.
Because these people can undermine the law and thus the safety and property of their fellow members, they infact infringe upon what "Freedom" and "Liberty" truely are.
Niven concludes with the idea that in order to protect Freedom, Anonymity might not be allowed.
So abolish anonymity: Place video cameras in the streets, on the freeways, in stores and bars and... everywhere.
And make sure that authorized people are watching them...
But:
Make sure that everyone know's WHO IS WATCHING THE CAMERAS.
Think of it like this:
If Bill Clinton had known that he was being watch by Security Guard John Doe the night of his escapade with Monica, and everyone in the country knew that Guard John Doe was watching Bill Clinton that evening, then the courts would have known
a) which video tape to watch,
b)which Guard to question to corroborate,
c) whether or not Bill did it on the desk or the couch.
Further, Rodney King's attackers might have had an incentive to treat him fairly, instead of abusing their positions as law enforcemnt agents, because they would have known that Officer Jane Doe of Internal Affairs was watching, and that the whole state knew that Jane Doe was watching.
In the end, North Americans will continue to insist that their anonymity keeps them free.
I would argue the opposite. That North Americans are not free because some one IS WATCHING all of this happen, we just don't know who.
Privacy and personal sovereignity (Score:3)
The important thing about privacy is to recognize that there's always a tradeoff between it and accountability. Account demands light, privacy demands shadow. And whenever people get a choice between privacy and accountability, they always seem to choose privacy for themselves and accountability for everyone else. Especially those they don't trust.
Re:But most consumer-abusive Internet Edge. (Score:1)
Re:But most consumer-abusive Internet Edge. (Score:1)
Re:Long reply (Score:1)
Grow up. Fair use is still legal.
...phil
Untracable cash (Score:2)
...phil
Re:Untracable electronic money (Score:2)
...phil
Re:Untracable cash (Score:2)
...phil
Re:Offline privacy (Score:1)
Re:PGP (Score:2)
<em>This would be news to professional cryptographers.</em>
My info comes from the spook side rather than the big-brain side of the equation. I'm no cypherpunk, but it sounded like it was not brute forced, but required a lot of time on the big iron regardless.
It's not easy -or- cheap, and despite what Katz wrote, I was using it as an example as to why personal encryption was secure. Yes, they -can- break it, but it's too damn expensive to be used in routine law enforcement, and since everyone still remembers J. Edgar, it's doubtfull the FBI will get the funding to crack crypto.
SoupIsGood Food
I was quoted out of context. Here's the original. (Score:2)
It was taken out of context. Here is the relevant part of the original mail in all it's unedited glory:
SoupIsGood Food
Re:I was quoted out of context. Here's the origina (Score:2)
You'd learn more about the practical aspects of cryptography if you paid more attention to the spooks than the big-brains.
SoupIsGood Food
Re:What the hell are you talking about? (Score:2)
Anyone with a little bit of math background and a voracious crypto reading habit can be a communications security hard-ass. Get back to me when you're a sigint hardass with a GS rating or a military rank, m'kay?
and also as someone who has worked in a DoD-funded research lab, and also as someone who secured data in that lab using PGP...Nothing happened to me for using PGP to secure a couple of files. In fact, I don't think anyone even noticed. Security in those places isn't as tight as you're making it out to be.
A DoD lab != a DoD funded lab. Take this simple test: did your lab have a Commanding Officer as well as a civilian administrator? If the answer is no, you weren't working at a government lab. Security is -tighter- than I made it out to be. I know of one division head who's not allowed to see what his managers are working on because of a -minor- clearance issue. Unless you were handed a big, fat manual with DoD crypto guidelines spelled out in long words, you simply aren't qualified to say what the guidelines are or aren't. Hell, I know -when-, -where- and -how- PGP got on the official taboo list. The "why" isn't hard to figure out on your own.
Do the power analysis--it would take an optimal computer about one year at a constant 250 megawatts of power to break a 128-bit cipher.
If brute forced, sure. Big if. C'mon...I'm not into crypto and I can suss this one out.
If the NSA is so advanced that it has perfect computers running at a cryogenically-cool 3.2 Kelvins and hooked up to its own nuclear power plant just to flip the bits, I'd really like to know about it.
You aren't alone...bet the Chinese and a few Middle Eastern nations want to know the same thing. I just wonder what you -do- know about declassified NSA info (like its budget. Or recruiting objectives.). It's clear you don't know squat about what goes on -under- the kimono...
I'm not being facetious here. If you have any hard facts to back up your assertion, I'd like to hear them.
Actually, you -are- being facetious. You're a PGP partisan, not an cointel/sigint analyst, so snide bluster is -all- you got.
Getting back to the point, PGP is secure for day to day use, as the Fat Boys Institute does not have the money, the manpower or the mandate to do what the Nasty Snitch Association does.
Stop jerking your knee for a minute and think. The largest threat to national security these days are terrorist organizations who are likely to use inexpensive (free) cryptography. This means PGP was the largest cryptographic threat to national security. Do some math of your own.
SoupIsGood Food
Harvard Divinity School dean firing (Score:1)
10c says he'd have got fired...
same sort of material, different medium.
Totally transparent (Score:1)
How do you MAKE people care? (Score:3)
People have given a lot of lip service in the past year to the idea that consumers on the internet really value their privacy, and are willing to take a stand against companies that abuse it. But I don't see it. I am one of those people, and I'm sure that a lot of people on slashdot are too, but I don't see that in the general IE using, priceline.com and ebay.com surfing general public. I don't think they're capable of caring, because for the most part, the technology used to track them isn't very well known. Of all websurfers, what percentage would you say even know about doubleclick, much less know what it is that doubleclick does?
I figure that while 98% of the population continues to be oblivious to the problem, market droids will never stop exploiting customer information on the net. You can't make people care about issues, particularly when they're not informed about them.
These Katz articles in that regard make me feel like he's preaching to the choir on this and other topics.
Re:Long reply (Score:1)
--dave
Correction (Score:2)
Re:How do you MAKE people care? (Score:2)
But a lot of [anti-privacy sentiment] comes from people who seem to genuinely believe that basic human rights are a threat to their security or to corporate profits
Well, speaking as someone who has occasionally expressed anti-privacy sentiment, my interest is not in my security or in corporate profits, but in whether or not privacy is a basic human right as you affirm.
There a strong feeling here on /. and elsewhere in the online community that privacy somehow is a fundamental right. This feeling is somewhat libertarian in nature, but interesting there's no libertarian philosophical literature that I can find that takes this position. Indeed, the politicians closest to holding this view are the sopping wet liberal bureaucrats of the European Commission.
The effects of increased and decreased privacy are quite complex, and since this is essentially a proposed addition (or corollary, or whatever) of the historically fundamental human rights, its worthy of more consideration than the knee-jerk reaction it generally gets.
Most of the concern appears to be around privacy from the state apparatus, on the implicit assumption that this provides protection from the enforcement of unjust laws. Its a remarkably weak and at the same time indiscriminate form of protection however.
On the one hand, privacy protections as a defence against law enforcement will inevitably result in an arms race where the state uses improved technology and enhanced legal powers to enforce its laws, and those trying to escape them try to invent more are more powerful protections to their privacy.
On the other hand privacy protections that protect those trying to form political parties, run cooperative enterprises, or trade MP3s will innevitably also protect those who really are international terrorists, theives and child pornographers.
The government will always be able to use the argument that it needs new powers to combat the evil of the day. Joe Bloggs and John Doe will believe them, and to some limited extent, they'll be right. Unfortunately, of course, the state can also use its powers to enforce laws that are not just.
This isn't a battle I want to fight, because I don't think we can win, and the reasons for fighting are weak at best. I think privacy's fundamentally not the issue. Restricting the state to its proper bounds is the issue, and privacy is a poor second best, surrounded by unintended consequences.
Re:Long reply (Score:2)
Its no wonder, really, that the public is so easily confused about copyright "theft" when even
Re:How do you MAKE people care? (Score:2)
I don't know that that's the case here. I've seen a surprising level of quite passionate anti-privacy sentiment expressed on Slashdot. Some of that comes from the crowd that feels privacy is a lost cause or that future abuses are a continuation of (and somehow justified by) past abuses. These people are, IMHO, apathetic idiots whose right to vote would scare me if I thought any of them ever used it. But a lot of it comes from people who seem to genuinely believe that basic human rights are a threat to their security or to corporate profits.
The most absurd variation on that theme these days is David Brin's dumb idea of a surveillance state in which citizens get access to surveillance data. Ignoring for the moment the blackmailer's paradise that would be, the argument is still fundamentally flawed. Government surveillance is dangerous because the government has police forces, one of the world's largest militaries, the entire judicial system, and prisons capable of holding (at present) about two-and-a-half million people. Unless giving Joe and Mary Sixpack access to surveillance cameras also gives them the powers of the government, it hardly results in balancing power between the people and the government. Instead, it creates a situation like the one proposed in Fahrenheit 451 in which the general public vicariously participates in the oppression of their neighbors. Bradbury at least had the brains to see that this was a bad idea; Brin apparently believes that human suffering is ameliorated by being available for download.
Re:How do you MAKE people care? (Score:2)
Try busting into a counseling session between a therapist and an underage rape victim and spew that nonsense. When the lack of privacy, at least under some conditions, is injurious to people, then it is a right, insofar as not being injured without due process of law is a right.
Remember the good old days? (Score:2)
Nowadays it seems that to stay out of trouble you need to know how to upgrade your own computer!
The more things change, the more they stay the same.
Re:A strong media is good for us (Score:3)
" La liberté de presse ne s'use que lorsqu'on ne s'en sert pas "
Freedom of press only wears-out when you don't use it.
That's the slogan of "Le Canard Enchaîné", that french icon of journalism that uncovered more than one scandal and caused many public figures to resign...
Interestingly enough, that weekly has no advertising whatsoever; it solely survives through what people pay to read it, so it is a truly free newspaper.
--
Here's my mirror [respublica.fr]
No new taxes, please (Score:2)
If Hong Kong could do it then so can every other government. It's time to stop thinking about how to *increase* taxation by technological means, and start thinking about how to *reduce the cost of governing* instead.
As far as we citizens go, I know of very few who support the concept of increased taxation, or the implementation of new taxes, or even the maintainance of taxation at its current levels.
--
Re:Transparent Society (Score:1)
That article was written over 3 years ago.. not a lot has happened though since then to actually get this idea to become a reality.
--
Greetings from the 5th column!! (Score:2)
>1.He had a university computer
>2.He was using it for personal use (and quite a bit no less, thousands of pictures!)
>End of story. It does not matter if it was a laptop he was hauling around with him or if he was in his office. He was using company property for personal use. Violation of policy and grounds for termination.
Enjoy your pink slip, hodeleri!
I've often been put in the position of being ordered to rifle through a former employee's _work_ computer to look for incriminating emails/resumes/etc., by an asshole PHB. And you know what? Every time the hard drive of said machine was _mysteriously_ wiped clean! "Don't know what happened, boss, the froonium must have overloaded" aah, ignorance is a quality I love in a PHB..
A Way to do Anonymous Banking (Score:2)
Set up a company that would sell smart cards in varying increments that would be usable for any on-line transaction (basically they can just do an electronic fund transfer or send a check to the destination). The smart cards would be sold like calling cards are today and would be readable through a reader that could be picked up for a modest sum. Once you had the card there would be no way to attach the purchases you made to your identity as long as your identity couldn't be attached to the card. That is to say, if you went to a store and paid cash, there is no connection to you and thus you can spend knowing full well you won't be tracked.
---
Re:Untracable electronic money (Score:2)
Search on the net for "David Chaum". Also, Applied Cryptography has some useful algorithms.
David Chaum tried to set up an anonymous electronic money system. His company was called Digicash (AFAIK). He failed. I think the main reasons were:
(1) There is no burning need for anonymous electronic money among the general public.
(2) Governments dislike this idea very much for obvious reasons.
(3) Chaum kept the technology very close to his vest and was unwilling to seed/share it widely so that it jumpstarts.
Kaa
Re:A strong media is good for us (Score:4)
What you say is true, but there is also the price to be paid. A lot of people who would have made excellent leaders and public figures avoid stepping into limelight for precisely that reason: they do not want their private life ripped to shreds by nasty people looking for any dirt they could find.
As usual, it's a matter of balance: allow people in power to hide their business and corruption will flourish. Strip them of any privacy and no decent person will want to become one. Hard separation between public and personal might help, but it's somewhat unnatural and not likely to work well. I don't think there is a good solution.
Kaa
Re:Long reply (Score:4)
No, it's not. Even leaving aside fair use, ideas are not copyrightable. So don't pretend to be a hard-ass lawyer.
Who controlls the digital certificates?
So-called "certification authorities" (CAs). Who they would be is a subject of much debate.
Bah humbug. They own the computer, they dictate how it's used. Simple as that.
Not as simple as that. The poster correctly points out that finding, say, baseball statistics on the same computer would not have caused any problems at all. This is actually not a privacy story (other that the obvious moral: don't put personal stuff on other people's machines). This is a story about puritanical attitudes to sex and maintaining a facade of respectability.
But inappropriate use of company resources has always been a reason for firing somebody.
Don't be anal-retentive. Receiving a personal email on a company machine is, technically, inappropriate use of company resoures. Ditto reading Slashdot and a bunch of other stuff. I can assure you that a company that will fire people for sending/receiving personal non-offensive emails at work will soon find itself with a severe personnel problem. Send/receive a sexually explicit message, though, and things can get ugly very quickly. So, again, it's mostly not about privacy but about attitudes to sex.
However, people lost there individuality to the collective many moons ago
Speak for yourself.
The price of popular culture is losing yourself.
Is it really? Sometimes I eat at McDonalds, occasionally I listen to bubblegum pop music (so, shoot me), and I have been known to watch popular movies. So how does it make me lose myself?
Kaa
Behold the Individual (Score:1)
Find a human, any human. Inside that human's noggin are his most private thoughts. Other reasonable persons understand that it is not good to coerce these thoughts out of someone if he isn't willing to share, even if they suspect those thoughts aren't kosher. Be it the details on how to make an atomic bomb, rob a bank, or an image of a naked 12 year old, those thoughts are basically safe in the head.
Humans are toolmakers. We construct implements to increase our abilities. And now we have evolved from stone tools to computers. Data quietly sitting on a hard drive is just like data in your head: it is harmless by itself. Thinking about robbing a bank is not the same as actually doing it.
As any real crime must involve other physical evidence, society has no legitimate need to seize this very personal data. But as history shows us, society will happily trample on individual rights whenever it sees fit.
You have the right to private thoughts. Don't let the mobs violate you, protect your private information with strong cryptography.
Freedom of Information Means Loss of Privacy (Score:1)
Clearly, we can make some headway toward reducing availability, e.g., European privacy laws. However, it will be all but impossible to keep personal information private. If someone wants to find the dirt on you, they will find it. We need to have the laws (and the culture) in place so that when the information escapes, that it won't be used inappropriately, e.g., anti-discrimation laws.
Re:Factual error: PGP is *not* insecure. (Score:1)
Re:Dean's Firing. (Score:2)
"Notice to Users. This is a Federal computer system and is the property of the United States Government. it is for authorized use only. Users (authorized or unauthorized) have no explicit or implicit expectation of privacy."
No ambiguity here.
Using the company (or university) resources to surf pr0n is, in my mind, akin to using a company car to drive to the pr0n shop to pick up a few vids. If someone sees you and reports you to your organization, I don't see how privacy can keep you from getting fired if your organization so chooses.
Re:Dean's Firing. (Score:2)
While I admire your strong sense of principle, I disagree with you regarding the fairness of the arrangement. I hate to argue over semantics, but in most cases, such as the organization I described in my earlier post, the machines are not intended as being "given" but rather as being "provided." They are the property of the employer, and as such they are intended to be used only in a manner that is approved by the employer. I see this as being no different from an employer providing me with other equipment to take home, be it a cell phone, company car, or ball point pen. If I don't like the rules on how I can use the equipment, then I can always just buy my own car, phone, pen, computer, PDA, etc. I just don't see how I am entitled, for example, to drive the company car on my vacation or to use their computer and fast net connection to surf pr0n if they don't permit it.
In my position I receive a fixed salary regardless of how long it takes me to do my job. If I want to leave early two days a week to play tennis, then I can do that and nobody will care. If I want to log in from home in the evening to check the status of a job that I launched earlier that day, then I rather like their having provided me with a machine and a fast connection to the lab with which to do this.
In my mind, as long as policies are straightforward, unambiguous, and reasonable, then I have no problems with abiding by them. If I do find them to be objectionable, then I can always find a new employer. I guess I missed your point--how exactly is this unjust and unfair?
Re:Nothing transparent about this (Score:2)
And to avoid being attacked, people would be driven into living "cleaner" lives; thus a homogenized society is created via peer pressure.
Now obviously, this is a rather idealized notion that involves people being nicer to each other than they are now. However, the vindictiveness of people stems not from an innate property, but from society, a society that encourages people to hide any deviant behavior away and pretend that everyone is perfectly normal. Having a less private society is the first step away from this kind of nonsense.
No. Human vindictiveness stems from a very basic fear of the unknown. Things that are different or outside of one's experience are frightening, and there is a strong tendency to avoid and condemn them. In a less private society, people are forced to avoid deviancy, or face condemnation -- which has real and painful consequences. Those that cannot avoid being deviant (drug use is addictive; sexual deviancies can be both addictive and incurable) will become second-class citizens, able to be ostracized at the whim of any 'normal' person. There is no defense against being truly ostracized from society. It's no comfort that you are able to commiserate with others of similar deviancy, when you are all sleeping in the street and unable to get any employment because of your abnormalities.
Remember, there are people out there who have *no* deviancies. They may even be a majority -- the moralists today certainly *act* like they are a majority, with a very prominent attitude that the rest of society should be just like they are. These people don't live in glass houses, and they love throwing stones. A Transparent Society would be a tool for this type of busybody majority to prey upon and ostracize any minority they wish.
Re:Totally transparent (Score:2)
I am no troll. Although I use a psuedonym, I have always taken responsibility for the words that I write. A pseudonym is a nice middleground; it allows me to act freely on the internet without fear, yet I remain accountable for my opinions.
Re:Nothing transparent about this (Score:5)
"I f*** farm animals"
Interesting that you should write that in a discussion on privacy. Personally, I do f*** farm animals. I am a zoophile, an ex-FAQ-keeper of alt.sex.bestiality, and it's not much of a secret to anyone who knows me. (Why did you think I was using a psuedonym?)
And my situation is a good example of why David Brin's Transparent Society will never work. My personal life harms no one, and in my state of residence it's perfectly legal. But I guarantee you that if my personal life were revealed to everyone, I would have problems with my employer, not to mention my coworkers and possibly with over-zealous law enforcement who aren't familiar with the (lack of) sodomy laws in this state.
It's happened to me already, you see. A usenet.kook hired a private detective to ferret out information on me, then wrote to my previous employer. Although I broke no law, my career was nearly destroyed because of a private behaviour outside the mainstream, found by someone who was able to snoop on me too easily. I'm a little harder to find, now...although I have no illusions that I'm completely unfindable.
The premise behind Brin's Transparent Society is that we can catch corporations and governments doing illegal things also. But how many people have money to pay for investigation of every corporation or government agency they suspect of wrongdoing? Are corporations held responsible for legal-but-frowned-upon behaviour, or do they just ignore outcries until they affect their profits? And of course, any corporation has the funds to research the individuals opposing them, and destroy their lives if they can.
The Transparent Society will shift power away from individuals and towards those who have the resources to mine and act upon information. It will create a homogenized society, and threaten everyone whose lives differ from the mainstream by any minor behaviour or percieved difference from 'normal'. It's a dangerous concept, and I believe a very evil future for Brin (who I otherwise respect) to be promoting.
Clarification needed. . . (Score:2)
Now, while I know those are more or less equivalent, it's important to note that he complied with the university's request, which leads me to believe he did not contest it. Were he to feel as strongly about this issue as Jon does, he would wait until he was formally fired and then take the University to court. This implies that he consented, and it appears that Jon is (as usual) creating an issue where there is none.
Furthermore, I object to the use of the statement "But the dean was using his computer at home, not work." Jon said that there was an understood agreement that "rules prohibited personal use of university computers in any way that clashed with its educational mission," - regardless of whether or not that rule was intended for these circustances, it _was_ a rule, and he _did_ break it. I'll reference some real (read: non-geek) culture here - these seems somewhat analogous to Les Miserables, in which the protagonist stole a loaf of bread to save his sister's (?) life, and was imprisoned for it. While the rules may not always be intended for such circumstances, they still do.
And I probably gave Jon a little too much blame/credit for repeating Rosen's ideas here, but that's out of habit.
Summary (Score:2)
New encryption in the not-too-distant future will allow us to break rules and look at pr0n on Harvard computers without getting caught. Oh yeah, and we can do legal stuff in private, too, but that's not important.
Geez, Katz, if you wanted to appeal to us geeks, you could have saved a lot of time. I suggest that your next article be composed of just a few, simple words:
Proactivily utilizing encryption means pr0n at work!
I have issues with Jeffrey Rosen (Score:2)
Actually, I could express the exact same opinion of a certain other columnist on slashdot, but that would be rude.
Re:A Way to do Anonymous Banking (Score:2)
Re:How do you MAKE people care? - you don't! (Score:2)
...
Ain't it the truth. Of course, anyone on the planet can know that my e-gold [e-gold.com] account number is 101574 (well, among others, but that's the main one) and all they can do is spend to it without my passphrase. I guess what I'm saying (ok, while plugging my company's currency) is that 1950s technology stapled onto the world wide web does not make "ecommerce" once you've tried a better system.
JMR
(And, once again,
Re:Sex (Score:1)
The U.S. tends to be overly reactive to just about everything, due to one or more vocal minorities that manage to convince a lot of people that things are very very wrong... it's a tough place sometimes. You feel strange hugging a good friend who happens to be another guy, just because of what some people might think, or take a walk with my cousin (a pretty blond 13 years old), since someone might think I'm some sort of perv or child molester... pretty scary what people have made us worry about...
Re:You are completely misguided (Score:1)
Re:How do you MAKE people care? (Score:2)
(I think it was) Asimov (who) wrote a short story on the topic involving televiewers, or some word to that effect. Something-goggles? A technology which allowed users to see what was going on anywhere in the world at a given time. The story essentially centerred upon a woman confronting her husband about the time spent at some blonde's apartment while he was "working late", ending with her kicking him out, telling him to get a (word for item). It also included an additional scene in which two different groups of burglers stumble across each other while attempting to rob a vault they had just scoped out using (technology).
Anyway, in a truly transparent society - what most people refer to when mentioning the term -, blackmail is infeasible. Everything about everyone is common knowledge, easily accessible to all. The establishment of such a situation is another, much more difficult, matter altogether.
Privacy is not considered a basic human right by any but privacy nuts and their sympathisers. Your views on this matter lead you to believing that any future but Bradbury's is impossible. Everybody, bar none, has some manner of deviency.
------
Re:How do you MAKE people care? (Score:2)
I find your nod to "What about the children?" quite amusing. Does the fact that the rape victim is underage strengthen the argument in any way?
And if statistics are to be believed, this rape victim might benefit from knowing that yes, there are thousands of others who are in the same situation, listening in on their counselling, etc.
------
What the hell are you talking about? (Score:2)
... what the hell are you talking about?
Really?
Nothing happened to me for using PGP to secure a couple of files. In fact, I don't think anyone even noticed. Security in those places isn't as tight as you're making it out to be.
Answer the question, please. Do the power analysis--it would take an optimal computer about one year at a constant 250 megawatts of power to break a 128-bit cipher.
If the NSA is so advanced that it has perfect computers running at a cryogenically-cool 3.2 Kelvins and hooked up to its own nuclear power plant just to flip the bits, I'd really like to know about it.
I'm not being facetious here. If you have any hard facts to back up your assertion, I'd like to hear them.
Until you have something to back this up... (Score:2)
Worse, you're the sort of idiot who, instead of having any facts to back up outrageous allegations, says "if you only knew what I know, then you'd agree with me".
That's intellectual fraud.
Factual error: PGP is *not* insecure. (Score:3)
PGP (more accurately, programs which implement the OpenPGP specification) is not insecure when properly used. By "properly used" I mean choosing a reasonable size for asymmetric keys, choosing a reasonably good passphrase, and practicing good email discipline--unrevealing subject headers, not sending anything cleartext which could compromise your key, etc.
Is it trivial to use PGP/GPG properly? No, and that's the biggest problem with PGP/GPG. Still, that's not what Jon Katz's source said; the strong implication was that government agencies could, either by brute force or cryptanalysis, break a PGP-encrypted email in a day. So let's address that now.
In order to break a PGP/GPG encrypted email, either the asymmetric or symmetric components of its cryptography need to be broken. Breaking the asymmetric component requires either an efficient way to factor large numbers[*] (for RSA) or an efficient way to solve the discrete logarithm problem[**] (for El Gamal).
After more than twenty years of study, such efficient algorithms remain Holy Grails of cryptographic research.
Breaking the symmetric component requires some efficient way to break the cipher. By "efficient" I mean better than brute force, better by several orders of magnitude. Being ragingly paranoid here, I'd expect government agencies (DGSE, NSA, etc.) to be able to break 80 bit ciphers by brute force. The weakest [+] cipher in the OpenPGP spec is Triple DES at 112 bits. That still exceeds governmental capabilities by a factor of four billion or so.
Basically, the claim that "the NSA can break PGP-encrypted email in a day" is so much hogwash.
That being said, there are undoubtedly attacks which government agencies can perform against ciphers. Cryptanalysis is just very rarely one of them. It's far cheaper for the government to Van Eck your monitor, or break into your apartment and plant eavesdropping devices, or crack your box to grab your private key and plant a keypress sniffer to take your passphrase. And if you're sending stuff which is so tempting to the government that they'd go to this effort, then you probably want to invest in something more than PGP/GPG.
There are many attacks which exist against PGP/GPG. It's just that, to the best of my knowledge, there are no good cryptanalytic attacks against PGP/GPG.
[*] Strictly speaking, this isn't true--we don't know for a fact that you have to come up with an efficient factoring algorithm to break RSA. It seems to be strongly implied, but there has never been a formal proof of this requirement.
[**] This isn't true, either--see the above footnote. Interestingly, coming up with an efficient factoring algorithm doesn't help you solve discrete logarithms, but an efficient solution to the DLP will give you an efficient factoring algorithm.
[+] 3DES is "weakest" in the sense that it has only a 112-bit keyspace, as opposed to the 128-bit keyspaces of the other ciphers used by PGP/GPG. There are some extremely esoteric attacks against 3DES which bring down its complexity somewhat, but it's still solid as a rock. 3DES has survived a quarter-century of cryptanalysis and nobody's been able to hit a home run against it yet; this means that 3DES, while "weakest" in the sense of keyspace, is probably the strongest cipher in common use today.
Re:Privacy (Score:1)
Re:but i hate pennies... (Score:1)
But then how are you going to get the Freshman women drunk, if you don't have real quarters?
George
When is a troll not a troll? (Score:1)
So many of the slashbots think anyone who espouses anything remotely controversial is a troll. Boy, I'd love to see a Slashbot debate team.
On one side, Linux is good.
Taking the other side, Linux is great.
Shame, shame, shame on Jon Erickson, some of his posts make us think about our assumptions, and make us clarify our thoughts to defend our opinions.
Go away Jon Erickson, let us rot in the stink of our own reflections, Linux is doubleplusgood, Open Source is doubleplusgood, free MP3s are doubleplusgood, Microsoft is bad, war is peace.
As Ben Franklin said, I may not agree with what Jon Erickson says, but I will defend to his death the right for him to say it.
George
Re:** A REPLY TO GEORGEHA ** (Score:1)
Believe what you want, I honestly believe he's trying to start a constructive dialog.
Or perhaps he'll learn to increase the inflammatory nature of his posts, check fewer references, and buck for Katz's job.
Ooh, there's a good slogan, Replace Katz with Erikon.
George
Dean's Firing (Score:3)
It's irrelevant if the Dean was at work or not. It was the universities computer, and I far I can tell, most religions would consider pornography to "clash" with an educational mission. Reading sports scores might not be one of the principles of the Catholic faith, but it certainly isn't a cardinal sin.
On this one, I have to agree with the university for sticking to its policies. The Dean should have known about them and clearly violated the rules. If it would have been on his own computer in his house, then you'd have a legitamate complaint.
Being with you, it's just one epiphany after another
Re:Sex (Score:2)
What gets me is the irony that the religious south, known for its piety is also know for its brothels and liquor. There is some disconnect there.
Re:Long reply (Score:2)
Now if this was a secular institution with no pretense of moral job requirements then it might be another issue.
Re:A strong media is good for us (Score:2)
Don't you love evolution.
Re:Long reply (Score:2)
Re:Wow, privacy in the UK sucks (Score:2)
Basically, the ECRH said that, unless the uk had an EXPICIT law that allowed interceptions, bugging and so forth, then evidence of that type (and any further evidence that would not have been gathered if they hadn't seen the first lot of evidence) is inadmissible in court. The UKGOV position is that they are only formalising things they have *already* been doing due to the lack of a law telling them not to.
Certainly I find that a frightening thought....
--
Re:A view from Europe (Score:2)
US "RIP" Bill [silicon.com]
--
A view from Europe (Score:4)
- Any government official (including local government, police inspectors and Tax/Customs) can self-issue a notice requiring your ISP to give up emails and/or HTTP traffic logs to them.
- Notices don't expire
- Notices can come with an attached "gagging order" that makes it an arrestable offence (5 yrs emprisonment) to tell anyone a notice has been served on you
- Gagging orders do not expire
- Notices can require you turn over a secret encryption key; if you are a company employee with access to the key (for example, a
.uk technician with access to the .us based ordering system for a major multinational can be ordered to download the key from that system on the .uk government's behalf) - If you have the authority to order the production of the key (for example, a UK resident CEO of a US company) they can serve a notice on you to do so
- If you fail to produce the key (and forgetting / losing the key is no defence unless you can prove it in court) there is a 2 yr jail sentence in your future.
- Once they have the key, no-one is liable for its safety or for any losses you suffer as a result of its disclosure
- What few safeguards exist are in a Code of Practice that can be re-written by the government at any time; in addition, there are no penalties for failing to follow the Code of Practice.
- The target (and/or recipient) of the notice is not required to be suspected of a crime; it is enough that the official is investigating a potential crime
- the "economic well-being" of the UK is a valid justification for notices - so trade unions, human rights organisations and foreign multinationals competing against government-lobbying firms are all valid targets with no further justification required
It shouldn't be too surprising to hear that three ISPs have already announced they are planning to move their servers overseas; the largest--
Weird Story Time or WTF Is In Those Big DB's? (Score:2)
Flash back to January 1996:
Fresh into college, the young me pays $10 to my small college's computer center for one semester of POP3 email.
Fast forward to July 1996: The slightly older me signs up for a yahoo mail account. I put my college email as an alternate email.
Fast forward to December 1996:
The tired-of-paying-for-email me let's my account go unpaid and fade into oblivion. The account had gone unused for months.
Fast forward to yesterday:
I have a job programming for a small company. I have worked at this job for a year and a half now. We often make online purchases using my boss's CC. I have made between 5 and 10 of these, and I never put my own name as a contact for these purchases, instead I always put my boss's name. There have been a couple of times that I have called into one of these places to check on an order--in these cases I have identified myself.
A strange thing happened today:
I purchased another product online. The secure server was taken care of through Yahoo's store, though the company not Yahoo. On the first screen that asked for information, I entered my boss's name and the shipping address for the company. I clicked next. On the next screen, there were several boxes, one of which asked for an email address. In that box appeared something that I never expected to see again: my old college email address.
I feel violated. Ugh.
Re:PGP and the NSA (Score:2)
All they does is rule out brute force and publically know attacks. It is totally possible (though I would hope not the case) that the NSA has the knowhow and resources to significantly comprimise PGP.
An unfortunate aspect of PGP is that it features both symmetric and asymmetric technologies. If either one is compromised, the system is broken. Thus we have multiple points of possible attack.
However, I do agree with your conclusion that even should they have the capability, the NSA are constrained by larger issues not to divulge this act for anything less that earth-shaking consequences.
So it is academic whether they can or not, cause they wouldn't be able to tell anyone about what they found.
Even more prosaically; DES is effectively cracked, what with the $100K brute force machine, but AFAIK, no law enforcement agency has built one. If they aren't willing to spend a measly 2 man-years in salary for something generally applicable, you have to wonder as to the level of effort they could get the NSA to put in for them.
Re:I was quoted out of context. Here's the origina (Score:2)
If you could provide (once again, ballpark) numbers on aggregate MIPS availible and the time needed to perform the crack, that too would help substantiate the claim.
'cause I have to be frank here; I'm more than a little sceptical.
Re:What the hell are you talking about? (Score:2)
That's interesting. How did you arrive at this conclusion? I've never seen that sort of comparison done -- I supose it uses information==entropy?
How would this be affected by reversible computing?
Sex (Score:2)
Why is Internet filtering so popular? Not because parents don't want their kids visiting the National Democratic Party homepage (which sometimes gets blocked - I love that) but because they don't want them finding pr0n. People have sex. People think about sex. Anybody who pretends otherwise is full of it.
The Divine Creatrix in a Mortal Shell that stays Crunchy in Milk
Re:Mod Enoch_Root up (Score:2)
Re:Offline privacy (Score:5)
I think the best way to protest this crap is not to stop shopping there. If you complain to the manager and say "I won't shop here anymore, they just look at you like you are nuts and say "fine" and since the VAST majority of folks don't care, your boycott has no effect. Instead, do things like this to undermine the effectiveness of the data, so the fabulous things these companies are selling don't really come to pass.
---
Re:Untracable cash (Score:2)
What is the difficulty of people doing this with cash? I'm certain that we've all heard (or known) people who got paid for working "under the table" and the government isn't able to tax that transfer or even see it if enough people keep there mouths shut. It will be far easier to carry around big bags of $20s than it will be attempt to hide your transactions online. If you really want high-level encryption you can just download it from some other country that doesn't have export restrictions. When there is a traceable record of communications and money transfers it is far easier for someone to step in and say "you people are doing wrong" than for under the table back-alley transactions that leave no records.
--
Eric is chisled like a Greek Godess
Re:Harvard Divinity School dean firing (Score:2)
No. He would not have. Part of almost any computer policy any work you work (probably the place where you work too) says that company resources may not be used for personal use. Lets see:
End of story. It does not matter if it was a laptop he was hauling around with him or if he was in his office. He was using company property for personal use. Violation of policy and grounds for termination.
--
Eric is chisled like a Greek Godess
Re:Untracable cash (Score:2)
There is a flaw in your logic. How do you know what is in the bag? How do you know it isn't somebody's gym bag full of dirty laundry? There is no way you can tell unless you invade somebody's privacy, and there is no reason to invade privacy unless suspicious things start happening.
Being online just gives new methods of doing the same thing poeple have been doing for Millenia. It has been demonstrated that some things are always going to be able to slip around the backs of whoever the authority is.
--
Eric is chisled like a Greek Godess
Transparent Society (Score:4)
Here's a rather fascinating interview with David Brin (probably picked up from slashdot earlier) that I found a fascinating read. Its about having the light shine both ways.
Link is here [lycos.com]
--
Eric is chisled like a Greek Godess
Privacy == Suspicion (Score:2)
Re:Encryption does not ensure privacy (Score:2)
--
Re:Long reply (Score:2)
When you say "right" I assume you mean "legal right", which is all too different from "moral right"... I can't comment on the legal side of it, but there are certainly moral issues.
1. Is it reasonable to give me a computer for my home, tell me that I can use it for personal things as long they don't "clash with its educational mission", and then snoop on that personal use without informing me that they are doing so? Are they entitled, for example, to read my private correspondence with my doctor, or my diary, or anything at all just in order to check that it doesn't Clash with the Mission?
2. I'd interpret "clashing with its educational mission" to mean actively interfering with the department's activities or doing something which would affect the man's ability to do his job. Not "clashing with the morals of the employer". Surely if you can be sacked for your morals, you should be told before you sign the contract. Perhaps he was. I wouldn't want a job like that!
Re:Factual error: PGP is *not* insecure. (Score:2)
PGP and the NSA (Score:3)
Hash function: PGP in its latest incarnations uses SHA-1, RIPEMD-160, and MD5 in that order of preference. SHA-1 was designed by the NSA and is almost unanamously regarded as the best public hash function today. The expansion function makes it very difficult to control and restrict bit changes within the hash function itself. Even if the NSA were able to create arbitrary collisions on SHA-1, this would not affect the security of the encryption algorithms, only the signature component of PGP. RIPEMD-160 seems reasonably designed; MD5 has serious weaknesses in its compression function. Luckily, almost nobody uses these two hash functions anymore.
Symmetric algorithms: A brute force attack on any encryption algorithm with prudently chosen keylengths (>128 bits) is impossible today and for the forseable future, even with customized hardware. The NSA has cryptanalytic techniques, even decades old, that the academic cryptographic community has not yet discovered. To give some trivial examples, let's look at double transposition, codes, and rotor machines. Even today, the analytic techniques used for the solution of double transposition (without multiple anagramming or known plaintext) were redacted from Friedman's Military Cryptanalytics. The state of linguistic and textual analysis is far more developed in military cryptanalysis circles; centuries of code reconstruction have seen to that. Moreover, the details of attacking advanced rotor machines (essentially anything more sophistocated than the Enigma/Hagelin machines) are still classified. The NSA has shown an ability to design algorithms so fragile that they apparently have precisely the strength they were designed for (visit Skipjack). Nonetheless, if the NSA can break academic algorithms (such as CAST, 3DES, and IDEA), they would be wise to avoid disclosing this fact on something as insignificant as a non-national security related criminal investigation.
Public key algorithms: Without QC, it's impossible that a 1024-bit RSA key will be factored using current algorithms. Even if an extension to GNFS that reduces the hueristic complexity to that of SNFS, 1024-bit RSA keys would require a large enough matrix reduction step that there is probably not enough memory in existence in the world today to do it (even with Balanced Block Lanzcos). It would even be more difficult for the DL problem; the matrix step would require entries to be mod p, rather than mod 2.
Off Topic: but on the issue of harassment.... (Score:2)
Just a lil somethin' FYI.
IIRC, in the millitary, sexual harassment can be defined (by some individuals, but it varies according to who you ask), that even looking at a person for more than 5 seconds can be defined as sexual harassment.
Oi, they days when the millitary was trained killers, now looking at a person for too long can get you demoted, jailed, fined, dischared, etc. Not that its really likely that those would happen for just looking, but there are some real pricks who could and would take it that far
Privacy (Score:2)
Re:Nothing transparent about this (Score:2)
I disagree. While the "Transparent Society" would require a massive, massive change in the way our society views people and does its business, I don't think the reason you state is the one why it wouldn't work.
Let's say we had a very open society, and everyone knew of your "deviant" sexual practices. To be fair of course, you would know about everyone else's sexual practices as well. And so what?
Yes, in today's society, the revelation of your private practices did you great harm. But I don't think it would be the case that an open society would encourage conformity, quite the opposite. You see, of all the people who persecuted you for your actions, at least some of them had secrets about themselves, perhaps sexual, that they'd rather not share. It's the ability of these people to keep themselves hidden that allows them to attack you for your foibles.
If everyone's lives were out in the open, who would attack you for being a zoophile? Only people whose personal lives were deemed to be much "cleaner" than yours. If everyone were open to scrutiny, I think people would be *less* inclined to criticize, not more -- sort of like if *everyone* lived in a glass house there'd be a lot less stone-throwing.
Let's take to a concrete example -- drug use. In today's society a person usually, for good reason, covers up their drug use and doesn't let other people know. Suppose they had to let everyone know they were doing drugs. This would create three possibilities. A: the person would stop doing drugs, because they don't want to be seen doing them. (unlikely for most drugs.) B: The person would do drugs, and be comfortable doing drugs, and if anyone tried to ostracize them for it, they'd just shrug their shoulders and go on with their life. Or C: The person would do drugs, but desire not to do them, at which point people would know that that person had a problem, and perhaps the person would be able to get some help.
Now obviously, this is a rather idealized notion that involves people being nicer to each other than they are now. However, the vindictiveness of people stems not from an innate property, but from society, a society that encourages people to hide any deviant behavior away and pretend that everyone is perfectly normal. Having a less private society is the first step away from this kind of nonsense.
Carl Jung once obverved, and I forget the exact wording or circumstance, so don't quote me, that as society grows larger in population, the amount of "deviant" behavior increases. This is because the more people there are, the greater chance a deviant can find others her to support her. This would seem to indicate that eventually scenario B that I described above could come to pass -- if people don't like you for some reason, then fine, just find people who do like you.
--
my privacy wishlist (Score:2)
2) drivers licenses should be for driving. if it isn't about the saftey of my driving - then it should be illegal to ask for that too. and why do they need my fingerprint to proove I'm a good driver. sheesh, thankfully our fore-fathers didn't think that id-ing criminals was so more important then individual liberty. I guess that's why we have those "inconviences" like innocent untill proven guilty, and trial by jury.
3) copyrights anyone? alot of people think that copyrights are about property rights, but their not - they're about controll over markets, and any type of controll requires tracking. Nobody would ever be inconsiderate enough to put code in apache that sends your ID to a centralized microsoft server, but it's amazing how these kind of things happen with closed software.
4)fed up with the Fed. it amazes me how many americans can see that monopolies are bad, and socialisim is worse, but when it comes to our very own money system - all of a sudden the free market gets thrown out the window. I can't help thinking that one of the best ways to get financial privacy is to get the government out of the finance busisness.
5)end the war on drugs. lets just face it, as bad as drugs are - they are not as bad as alchol probition which was a direct cause of the mob, and drug prohibition today which is a direct cause of druglord violence today. These laws have been used to screw citizens out of more privacy than anything that I can think of.
6)why in the hell do i need a prescription. Have you ever noticed that countries that don't require prescriptions and all that formal paperwork about your medicine habits, that people in these contries somehow seem to survive with out the glorious intervention of the FDA. Sheesh, why do mexicans pay 1/3 for perscription drugs that americans do, without the paper work - when they come from the same factory and everything else.
Untracable electronic money (Score:2)
What I wanted to know was if anyone could think of a good anonymous algorithm for exchanging money online (or on smart cards as the previous discussion was).
My mind heads along the lines of having electronic pennies, each worth one cent each which are merely strings of text electronically signed by your bank.
That way any peice of software can verify that a penny is actually a real one, but without access to the banks secret key there is no way to make more.
Unfortunately i'm struggling to find a way to stop pennies being circulated at the same time... does anyone here have any thoughts or other schemes for anonymous online cash?
Re:Untracable electronic money (Score:2)
Our university used to have a system like this (mondex) which they are now getting rid of due to lack of interest. Unfortunately mondex was very closed source, had at least one known security flaw (if you broke a link in the chip it would turn off encryption! however i never did get to put my card under a tunnelling ion beam to do so, and since the service was only available to students no stores in the city took out the machines needed for transactions.
What would be a big step forward is if an open source solution would emerge. This could be coupled with cheap $25ish smart card readers and we'd soon be headed in the right direction.
Assuming users could quickly and easily get their cards online (Why not just have little slots next to cashlines that you just swipe your card through to do the necessary processing) we'd have the basis of a wonderful system.
My only grievance with this system is it is still very reliant on the existing financial network. In that respect closed source cards have something of an advantage although i'm not sure if it's the way to go.
Re:Untracable electronic money (Score:2)
Very few people used it becuase it took about 6 to 8 seconds per transaction (hence not much use in a busy student union). Added to this very few shops external to the university adopted it and the Bank of Scotland (imho) didn't put enough effort into getting better use. I feel that if they had put mondex systems into edinburgh's buses then overnight they would have secured its sucess. Given that the buses dont give any change i would expect thousands of people would jump at the chance to pay exactly.
But at 6 seconds per transaction... it's useless again.
Edinburgh have already withdrawn from the trials.
A far more sucessful card is the swedish kashkortt since it is closed source, untraceable and anyone can buy a calculator sized device to shift cash between cards.
I have issues with the Harvard Dean... (Score:2)
I've worked as a lowly PC tech and have been in a similar position, finding stuff on a work computer that should not have been there. It is **NOT** an "invasion of privacy" when there's a bunch of adult oriented .jpgs sitting in a C:\windows\temporaryinternetfiles folder.
If I were the tech in the same position, working on a university owned computer, I would have reported it to my superiors. No sense in losing one's job over someone's stupidity.
The incident you described just illustrates how much non-computer literate people don't understand about their machine's capabilities.
Re:Long reply (Score:2)
Well, I work in a secular institution with no pretense of moral job requirements. We had a guy who was downloading a lot of porn a couple years ago. We went to the guy, talked to him, and asked him to put it on one of the servers in the NOC.
Harvard is almost like a foreign country to most of us - these people have so little in common with average Americans that they probably are more removed from us than, say, the average Brit or Australian. After all, the media has somewhat homogenized culture all throughout the western world, but huge chunks of inherited money seem to carry their own culture.
Similarly, hard-core Christianity is also a little confusing to me. I'm sure if this guy had been a professor at BYU, he would have been fired for drinking coffee. All I can say is that you should think long and hard about working for a Christian. Unless there's some advantage I'm overlooking in having religion tied into your job security, it's better to separate church and work.
Privacy is what you make of it (Score:4)
But enough of that. I see the internet as provding more freedom than the real world can. In the internet, through chat rooms and MUDs / MOOs, a person can REcreate themselves to be whatever/whoever they want to be. Most everyone wants to be someone else, a more gregarious character or someone without physical limitations. In the physical realm, this is not possible. The internet provides a place where we can be all that we want to be.
That true freedom also can be a form of privacy. In this other self you create, you can be as private as you like. You need not include all your actual personal identifications. False information flows abundantly on the internet.
--
The Tip of the Iceberg. (Score:4)
We have known for some time--practically since the end of the Second World War (and to a certain extent before)--that the cloak of privacy is shrinking, and eventually it will be gone.
Already, the powers that be are training the public for the day when anyone can turn on a television or go to a website and watch the daily activities of a total stranger. Witness the success of shows like "Big Brother." The groundwork was laid years ago, and though people deride their banality, soi-disant "reality shows" like "Cops" and even (dare I say it) "The Real World" have been preparing people for this for years. Voyeur shows like "Big Brother" were simply the next logical step.
Eventually, the common citizen will have to conduct his or her life under the unblinking stare of the camera, not knowing who will be watching or when. I suspect that eventually, everyone will be watching everyone else. We will all be the stars of our own little Truman Shows.
And when this is in place, then they will have won. Intelligence agencies such as the FBI and NSA can be dealt, however ineffectually, because they can only do so much. The scenario I describe is akin to what's going on with distributed computing processes: you don't need just the best or the brightest to work on the problem. Every extra set of eyes helps.
We know that large segments of a population can be stirred up by mentioning a few key issues. How hard would it be for a fundamentalist figure to convince conservatives to spy on one another (and others) for evidence of sin? How hard would it be for some government official to say, "It's for the good of the children"? When you have a large body of motivated people working towards a common goal, little can stand against them. It is up to us, those who know and can see what is going on, to make sure that they act for the good of all, rather than for ill.
Fight the Power. Close your blinds and stay out of others' business.
Re:Long reply (Score:4)
Pretending you know something about copyright when you obviously don't is technically stupidity.
Is it even possible to have a secure internet? (Score:2)
And even if you could, would you want to? Perfect anomynity also protects those who would abuse the system, and every system creates it's own unique abuses.
Our only recourse is a legal one, though, given the international nature of the internet this can be extremely difficult. Only by making it cost prohibitive for people to violate your privacy, as in the new anti spam law, can we insure any security on the net.
A strong media is good for us (Score:2)
I have to disagree that the increasing intrusion of the media into the lives of politicians and public figures is a bad thing, at least for the rest of us. These people accept that they are to have their lives scrutinised to a far greater extent than normal people - it's part and parcel of being in the public eye.
Having journalists who are unafraid to dig into the private lives of politicians means that there is a far greater chance of scandal and corruption being uncovered and exposed, something which can only benefit society in the long run - who wants corrupt leaders?
There was a case in Belgium IIRC where a paedophile ring had been running for years thanks to press cover-ups from people in power. This sort of thing is a direct consequence of having a press whose ability to speak is curtailed, and is not something that any freedom-loving person would want.
I've lived both here and in the US and both countries have a vocal press who aren't afraid to dig out and publicize political scandal and corruption. Sure it may look bad at the time, but who knows what goes on in countries where the press can't or won't let people know what's going on?
---
Jon E. Erikson
The Public Eye, and Acceptance (Score:3)
Looking for a technology to preserve privacy is about as ineffective as looking for a technology to enforce copyright laws.
Increasingly, our privacy is disappearing, and this is not necessarily a bad thing. [businessweek.com]
Acknowledging this, we must predict that the world is going to become a bit more exposed. Cases such as the one involving the man at the university, fired for viewing porn on the school internet, will become more common.
I would hope that we, an increasingly online global community, would seek to make ourselves beacons of tolerance and acceptance towards others, rather than desperately clinging to our privacy, out of fear of what others may do to us.
Recently, on Slashdot, I have read that because my anime watching friends and I thought that Lime and Cherry in Saber Marionette J are cute (yes, they are young, and yes, they are sexual), that we must therefor be child molesting pedofiles, and that we should be prohibited from watching anime, at least in the Western hemisphere. This would be very amusing, if people just weren't so serious about it.
But I refuse to hide behind a wall of privacy (one that will be as effective as copyright law at that), and distribute Aa Megamisama and Ranma 1/2 episodes to my friends under the digital table.
I think it would be better to promote tolerance and acceptance in this world.
I believe that there is lots of hope for our society, and by extension, me and you. American Beauty was voted as the most popular film last year. This movie is about many of these issues: Tolerance, Acceptance, and even Privacy. Because people liked that movie, I believe that we will be able to become a more tolerant society.
Please consider re-considering privacy [businessweek.com], and please consider promoting tolerance and acceptance.
Re:Long reply (Score:2)
Note that employers also can take away your company car for speeding, or fire you if you get into an accident with it. A Christian orginization has every right to fire one if its employees for partaking in strongly objectionable material with company resources... no different than being fired for soliciting sex in the company car.
If it was his home computer, it might have been different, but not much. He signed on to work with a *religious orginization* and as such needs to hold himself to the morals of that orginization... or find somewhere else to work that's not connected to a religious orginization.
Potential PGP weaknesses and the NSA (Score:2)
You are right in so far as PGP is not crackable by a brute-force assault in reasonable time at present, at least when key lengths are large enough.
In theory, however, the key generation mechanism or even the encryption algorithm of PGP may show flaws (as we have seen recently with PGP 5.0 on Unix where key pair generation was not as random as it could have been). This happened in spite of PGP being open source all the time. In theory, the NSA or whoever might exploit these
And since PGP is open source (more or less), its weaknesses, if they exist, are openb for exploiting them - flaws are much more easily discovered than in other products that would need reverse engineering. Of course, this very same open source principle adds to the security to some extent because flaws can be discovered "benevolently" and "publicly", so to speak, but this is no guarantee against the possibility of someone discovering a flaw all by himself and not sharing, but keeping the knowledge, thus gaining the ability to decipher encrypted messages. (No matter if it's the NSA or whoever.)
Offline privacy (Score:3)
They manage to convince people that this is what they want. How long will it be before they can convince us that online web tracking is also what we want? People are remarkable forgiving when you give them 1% of what they spend back.