Home Glossary Syllabus Course Description Courseware FAQ
[is99 home]
[course description]


IS99 Lecture 3 Real-Time Comments

Joe Banks
Comment (4:14:55 PM, in-room, #521)


Victoria Sanchez
(4:15:20 PM, in-room, #522)

does it work?

Jake Erhard
where am I (4:18:23 PM, in-room, #523)

where the hell am I

Lisa Pearlman
hi, i am a communist (4:21:11 PM, in-room, #524)

just wanted everyone to know that.

Joe Banks
Why keys? (4:22:35 PM, in-room, #525)

Why does the FBI need a copy of keys, if it can seize computers (which usually contains keys on hard drive or RAM)?

Joe Banks
Criminals, terrorists, child pornographers (4:23:24 PM, in-room, #526)

Lions and tigers and bears. Oh my!

Joe Banks
Question for Alan (4:29:31 PM, in-room, #527)

If you are concerned about third party interception (but not necessarily government interception) what is your position on attempts to regulate key size to set a range that is safe from third party brute force attack, but not govt. brute force attack?

Victoria Sanchez
(4:32:18 PM, in-room, #528)

if the world is so dangerous, and we need the FBI to protect us, who is going to protect us from the FBI?
Specially outside the US.

Victoria Sanchez
(4:38:13 PM, in-room, #529)

but the FBI/cia does not need the court order outside ?

Victoria Sanchez
(4:39:29 PM, in-room, #530)

fbi does survive outside the US, for instance they conduct investigations in south america

(4:43:28 PM, in-room, #531)

Getting back to the postcard analogy. Most people think it sufficient to protect their communications with envelopes, which offer protection from prying eyes but not from anyone with a real determination to investigate the contents of the letter. To extend this analogy to the internet, I think most individuals would be content with some base level of encryption -- something to mask their communications to the casual observer -- and have no real need for anything wholly inaccessable to outsiders.

Many financial and governmental institutions do have an increased need for protection and should be allowed an enhanced form of encryption. Sticking with the analogy, these are the same entities that currently use registered mail, armored cars, etc.

The question thus is: why enhance the privacy of individual communications, when most people are perfectly content with the status quo, and when it threatens to come at a cost to the same law-abiding citizens?

Patrick Kremer
"Legitimate" law enforcement access (4:44:30 PM, in-room, #532)

What are the boundaries on "legitimate" and who has the ability to obtain the keys? Doesn't the ability to decrypt communications entail a certain level of responsibility to share such information? What are the national security and foreign policy implications of giving a third-party carte blanche access to view such communications?

Victoria Sanchez
(4:47:28 PM, in-room, #533)

does not the backdoor make the encryption useless/ less secure?

Patrick Kremer
Circularity of Trust Issue (4:53:22 PM, in-room, #534)

The trust issue is circular:

You trust the government to preserve your security from others, but you don't trust them to invade your privacy.

A "trusted" third-party has no such loyalties, yet you trust them because they are not the government.

Using banks is a poor example because there is an obvious, tangible result when something is tampered with. In this case, the commodity is not money, but information. Information can be held by multiple parties at once, whereas money cannot. One cannot know in any sort of reparable manner whether one's information has been stolen.

Counterargument: There can be records.

The counterargument is nullified by the premise that the 3rd-party vendor is selling you out. Records can be doctored and "lost" without trace.

Do you really trust a private corporation to know everything you know?

Eugene Kashpuref
(4:58:05 PM, in-room, #535)

does not the FBI already know how to decrypt strong encryption programs?

(5:00:34 PM, in-room, #536)

How is the key escrow agency storing the keys and protecting them from the break-ins? If they are using encryption to do that, who has the key to the key recovery agent's system?

George Kaplan
Real time access? (5:03:53 PM, in-room, #537)

Wouldn't there be a delay in getting a key in key escrow? I thought there were a bunch of procedures to follow (both legal and technical).

Have there been any actual cases to date in which the FBI would have benefitted from real time access?

Laurie Sickmen
Rollback of law enforcement protection (5:11:28 PM, in-room, #538)

The reason why the status quo of 10,20 or 50 years ago for law enforcement protections should not be satisfactory, is that criminals do not use the same techniques and tools that they did 10,20 and 50 years ago. How can we allow those looking to thwart the law to have an absolute upper hand without even seeking to maintaina balance?

(5:17:05 PM, in-room, #539)

What would be the feeling toward a set of rules whereby encryption could become widespread, yet upon subpoena individuals/organizations would be compelled to turn over their keys? That way a balance could be struck between the desire for privacy and the desires of law enforcement. It guarantees that proper safeguards could be implemented (procedural and privacy) and, upon authorization, the government could seize the computers, thereby notifying the affected parties and preventing against the destruction of evidence. Anyone refusing to divulge their keys, such as those who desire to contest the legality of the search could simply be held in contempt.

Easy access to strong encryption (5:22:23 PM, in-room, #540)

Available outside the U.S.

(5:23:29 PM, in-room, #541)

Under CESA, what exactly is the "minimal review" that the government will make before permitting an export? Will key recovery of any sort be a condition? Can the government incorporate the info gathered in review into its decrytption techniques - ie, learn to crack the code? Will there be geographic, industry sector, or political factors in permitting export?

Ksenya Medvedev
E-mail vs. mail (5:40:02 PM, in-room, #543)

It was mentioned that the electronic data transferred across the net is like a post-card, for anyone to see. I certainly would not want my bank records, for example, to be transferred between my branch and the bank via post-card. In the world today, a whole lot of business is done through mail, and all that protects all our "confidential" information from unwanted eyes is a thin peace of sealed paper. So how is transmission of electronic data different?

Right now if the Federal Government had a good reason to belive that certain mail contained hazardous or "criminal" communications, all they need to do is track that letter and obtain one sharp letter opener. Why not grant same protection to electronic tranfers. Hide electronic data in the envelope of encryption, and send it away, allowing the government to come in with a "letter opener" (provided due process). We have been confortable with that idea for a long time, why not now?

Joe Banks
(5:59:44 PM, in-room, #544)

PGP is open source. So Cryptoanalysists can look for security holes and patch.

(24 messages total)

All times are Local (GMT -5)

This file is automatically generated.
[is99 home]
[course description]