Re: Encryption is like a locked suitcase

New Message Reply About this list Date view Thread view Subject view Author view

Vin McLellan (vin@shore.net)
Fri, 21 Aug 1998 16:28:39 -0400


At 1:32 PM -0400 8/21/98, John R Levine wrote:

> Unless the customs officials in the UK are a whole lot more
> sophisticated than all of the other customs officials I've ever > met, I
>suspect that to avoid having one's encrypted documents
> snooped it would be more than adequate to change the name of
> files that might attract scrutiny from
> TopSecretHighlyPornographicDocument-Encrypted.PGP to
> wzg944.dll.

        You should consider, however, that "national security" agencies --
particularly those whose overt or covert charters require them to produce
commercial intelligence -- will quickly seize upon such a fortuitous
opportunity to collect full-disk snapshots from travelling executives'
laptops.

        Primitive evasions -- even some of the less sophisticated stego
packages -- could be fairly quickly spotted with some upgrade of the
systems used to copy and scan laptop hard-disks at Customs posts and border
crossings.

        (In many cases, it might be found to be in the "national interest"
to let the visitor skip through Customs, the better to exploit information
that could be later retrieved from that copy of his hard-disk. Immigration
authorities typically have high-grade info on who is carrying that PC; even
what company he or she works for.)

        Remote access passwords would be treasures that might be readily
available from temp and swap files, captured in snapshots off many
businessmen's machines.

        Although UK Customs apparently demands, or intends to demand,
passwords for encrypted files, even if the businessman refuses, many --
indeed most -- desktop crypto packages (particularly in Windows machines,)
are said to capture crypto keys in either or both swap files and temp
files.

        Unless this UK policy is quickly shown to have a significant impact
on the willingness of international businessmen to enter the UK to do
deals, I think we can expect many other nations to quickly follow suit --
in pursuit of both porn and commercial intelligence which might give their
domestic industries, bankers, or traders some advantage.

        Copying and scanning the hard disks of travellers and businessmen
leaving a country might be an easy extension of this policy, since many
countries have laws about what can not be taken out of the country too.

        The upshot, I presume, will be to thrust more transborder data
traffic -- most of it wholly legal, particularly commercial traffic --
encrypted into Cyberspace... where snoops and spooks have a far more
difficult time tracking who is sending what to whom.

        Ain't paranoia grand?

        _Vin

-----
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A Thinking Man's Creed for Crypto _vbm.

 * Vin McLellan + The Privacy Guild + <vin@shore.net> *
      53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:11:00