[cryptome] Re: [cryptography] To Protect and Infect Slides
- From: John Young <jya@xxxxxxxxxxxx>
- To: dan@xxxxxxxx,cryptography@xxxxxxxxxxxxx,cypherpunks@xxxxxxxxxx, cryptome@xxxxxxxxxxxxx
- Date: Wed, 08 Jan 2014 17:49:01 -0500
Thanks. We posted the Wassenaar changes on Cryptome
on December 19.
http://cryptome.org/2013/12/wassenaar-intrusion.htm
http://cryptome.org/2013/12/wassenaar-list-13-1204.pdf
The intrusion software has received some but not sufficient
attention. And beyond the sections you cite there are many
covering other technologies which interrelate and affect crypto.
Those have received even less attention, at least in crypto
world as far as we have seen.
The means to transceive crypto continue to be its Achilles
heel and appear headed toward crippling the whole body -- the
bubble in which crypto exists precariously dependent on
sophisticated support systems which, as seen in the Snowden
minimal releases, have overwhelmed public crypto security, not
least by leaving the impression public crypto was highly effective.
More attention to the support system presumably will be given
as the Snowden releases recommence, now dead stopped.
Greenwald claimed recently that cryptographers and other
techies are now reviewing the material, much of which is
beyond the capabilities of journalists, lawyers and politicians.
The stumbling block of comprehensive Snowden disclosures
is that to do so, allegedly, could severely damage national security.
Uh oh, that terrible aroma of complicity to protect secrets
too dangerous for the public to know. Instead a few select experts
are allowed to perfomr dual-hat assessments. Which is what has led
to the current imbroglio of public and expert distrust: who watches
the dual-hat experts who operate under the cloak of secrecy.
At 04:38 PM 1/8/2014, you wrote:
Keying off of one phrase alone,
> This combat is about far more than crypto...
I suggest you immediately familiarize yourself with last month's
changes to the Wassenaar Agreement, perhaps starting here:
http://oti.newamerica.net/blogposts/2013/international_agreement_reached_controlling_export_of_mass_and_intrusive_surveillance
Precis: Two new classes of export prohibited software:
Intrusion software
"Software" specially designed or modified to avoid detection
by 'monitoring tools', or to defeat 'protective countermeasures',
of a computer or network capable device, and performing any of
the following:
a. The extraction of data or information, from a computer or
network capable device, or the modification of system or user
data; or
b. The modification of the standard execution path of a program
or process in order to allow the execution of externally provided
instructions.
IP network surveillance systems
5. A. 1. j. IP network communications surveillance systems or
equipment, and specially designed components therefor, having
all of the following:
1. Performing all of the following on a carrier class IP network
(e.g., national grade IP backbone):
a. Analysis at the application layer (e.g., Layer 7 of Open
Systems Interconnection (OSI) model (ISO/IEC 7498-1));
b. Extraction of selected metadata and application content
(e.g., voice, video, messages, attachments); and
c. Indexing of extracted data; and
2. Being specially designed to carry out all of the following:
a. Execution of searches on the basis of 'hard selectors'; and
b. Mapping of the relational network of an individual or of a
group of people.
All the same arguments that applied exportation bans for crypto
software apply here, especially that of pointlessness.
--dan
[ Software doesn't spy on people; people spy on people ]
Other related posts:
