RE: The ugly side of using disk encryption

["Robert D. Holtz - Lists" <robert.d.holtz () gmail com>]

You hit quit a few nails the head.

I wouldn't expect the assault on the bill of rights to end anytime soon.

Congress is really playing up the terror/security/kids angle to pretty much
eliminate any semblance of privacy.

The one thing that most folks forget is that the terrorists that did the
9/11 work were here in the country legally and had broken no laws.  If all
of the measures the Congress is going after were in place prior to 9/11 they
would have had no effect on the outcome!

Too many folks just roll over for this type of thing and it's just sad.

Those willing to give up liberty for security deserve neither.
B. Franklin.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Hagen, Eric
Sent: Thursday, October 19, 2006 12:47 PM
To: Saqib Ali; security-basics
Subject: RE: The ugly side of using disk encryption

Yes, the stories are ugly but the man is going to prison forever...
Absolutely deserves it, but I shudder to imagine what draconian laws could
be passed using cases like this as justification.  Most people seem glad to
say "Civil liberties?  I wasn't using them anyway." when the phrase "But
what about the children?" is used.

John Ashcroft attempted to pass a law a few years ago that would have made
"use of encryption" a felony that could be added to any other crime to get
3-5  years tacked on to the end of it.  Fortunately the bill stalled and has
never been brought back up.  However, there are so many legitimate uses of
encryption technology, where a seemingly minor crime could be turned into a
felony because the user had encryption on their computer, even if it was
only incidentally related to the crime.

This reminds me a great deal of the current legislative push to make ISPs
keep all logs for years under the auspices of "terrorism prevention".

In reality, I would imagine any half-dedicated terrorist (one who is
diligent enough to go to flight school and get a US VISA all in anticipation
of killing himself for "the cause") has already been taught to use PGP, Tor,
skype, remailers and open proxies to accomplish his dirty work... and yet
again, the only people who suffer are small ISPs who don't have the
resources to comply, and people doing far less dastardly things than blowing
up buildings and schools.  So, yes, if you are dedicated, it is possible to
communicate anonymously and securely even if ISPs log everything, provided
you don't get real-time traffic analysis capabilities across the entirety of
the Internet....  Which means the only people who would be caught up in this
are either stupid or not dedicated to their own security.

Then again, that's just my opinion, take it with however many grains of salt
you care to.

Eric


-----Original Message-----
From: listbounce () securityfocus com
[mailto:listbounce () securityfocus com]On Behalf Of Saqib Ali
Sent: Wednesday, October 18, 2006 12:13 PM
To: security-basics
Subject: The ugly side of using disk encryption


The FBI has apparently been unable to crack the encryption password
used by a pedophile and murderer. The government agency says it might
take 30 years before the technology is advanced enough to crack the
encryption.

The the entire story at:
http://www.tribstar.com/news/feeds/apcontent/apstories/apstorysection/D8KQUA
580.\
xml.txt/resources_apstoryview

saqib
http://www.full-disk-encryption.net

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------