Security threats Toolkit

Story: Government to force handover of encryption keys

• 
• 

Stupidy rules. So law enforcement can demand encryption keys based on what evidence? None, because the evidence is encrypted so they don't know. And to know they first need the encryption keys but they can't demand those just because they suspect someone. There needs to be some hard evidence first. But even some hard evidence is enough nowedays so why require encryption keys as well then?

Maybe everyone will be required to hand over their encryption keys beforehand? And to make sure that such privy information won't get into the wrong hands law enforcement will install DRM or something? As if that will help preventing unauthorised leakage but who knows what IT clueless law enforcers take for granted anyway.

Another observation. What if law enforcement requires me to hand over the encryption keys of data that's protected by copy protection laws? A form of copy protection is encryption. May I then reverse engineer or try to bypass the copy protection security in question? Or do I, at that time, have to choose between going to jail for not (trying to) delivering the encryption keys or going to jail for (trying to) breaking (copy)protection? You see, without opening up the data down to the level where the actual data resides there's no way to know for sure what's really inside the data. Who's going to determine that how and based on what evidence?

Oh wait, there's an idea. When I want to hide data I first encrypt it and then wrap it inside some form of copy protection protected by law. Now let's see if law enforcement can make me reveal that.

Will this prevent terrorists from communicating effectively? Not at all. Remember WWII? Plenty of encrypted messages delivered without whatever electronic means whatsoever. And plenty of intercepted encrypted messages the enemy didn't had a clue about in a way to respond in time meaningfull until it was too late. D-Day for example.
If that was possible so long ago then what more would be possible today?

So whatever this, yet another, "protection" law is about. It isn't really concerned about public safety and security. Obviously. Simply because the real criminals can find too many ways around it yet the price to pay for the average IT clueless innocent is real and high enough.

The real sad story of course is that because of the greedy drive for more power and control by those that are really behind "laws" like this is that it's becoming easier and easier for individuals to really hurt someone they don't like. Simply have their PC hacked (But the ISP records will show that! Yeah, right. Each and every case will be investigated by battle hardened expert veterans looking to see if some experienced cracker is trying to frame someone. And we all like coughing up the amount of tax money that'll cost.) and made to appear like a child porn, terrorist communication and/or RIAA/BSA protected data distribution center for a few weeks or longer (simply installing and enabling a rootkit protected P2P program could be enough) and then inform the right authorities, politicians and press. They'll finish the job. Since everybody knows that any child abuser or terrorist tries to blame anything and anyone then themselves. What lame excuse like "I didn't install that rootkit to try to hide my real intentions. I don't even know how to securely install Windows." will they think of next?

Front page headlines like "Respected public figure turns out to be ....", "New boss says: I would never have imagined ...", "Rumors of terrorist cell inside government department. Exclusive.", etc, etc. will provide for plenty of political motivation to come with public satisfying results fast. Congrats, you've been Oswalded.

So no need to hire a few muscle men nowedays. They only break bones anyway which leave obvious signs of external influence outside the control of the victim. Rather get in touch with a skilled geek who's services can be bought without question and your opponent will be done plenty times

• 
• 

• 
• 
• 

Full Talkback thread