GNU-Darwin authentication and encryption position paper for the US
Dr. Michael L. LoveFri Sep 14 12:41:32 PDT 2001
"Now that war has been declared on us, we will lead the world to
Personal encryption tools, such as GnuPG, are vital to our strength as a nation, and such tools should be promoted in order to enhance the security of our individual citizens and of our vital institutions as well. America will soon be bringing all of its power to bear on the war against terrorism. With widespread support from US citizens, the government will soon employ unprecedented steps to vanquish the enemy, and they will succeed because of the strength of US institutions, such as commerce, industry, and individual citizens. Such entities will exert themselves as never before, but they will need a way to protect their sensitive information from the prying eyes of the enemy. The widespread availability of strong encryption tools will assist the cause of freedom by providing that protection for America's vital interests.
GNU-Darwin has been at the cutting edge of freedom since the founding in November of last year. In addition to providing over 75,000 free software downloads to the Apple user community, we have been assisting the development of new free software tools, and we have been helping new users to become acquainted with the value of software freedom. We have served 350,000 page views, with 150,000 in July alone; a clear indication that software freedom is gaining ground in the Apple community. We have been assisting the Free Dmitry movement in every way possible, so that this admirable young man can go home to his family in Russia. Now, we are advocating encryption freedom in order to strengthen the US in this time of trouble.
Encryption is not some obscure technology that is only used by our enemies. Encryption software has many legitimate uses, which are vital to our national infrastructure. Without encryption, there would be no ATM machines. Nearly everyone who has ever made a purchase on the web has used encryption, and if you live in the US, it was certainly strong encryption. If you made an online donation to help the people of New York City, then you certainly used encryption, even though you may not have realized it. Such encryption capabilities are vital, because we do not want sensitive information such as credit card numbers to fall into the hands of criminals or terrorists.
Encryption software could provide a novel and vital capability to our national email system; GnuPG and PGP can secure the email system through a process of authentication. Voluntary adoption of authentication by email users would provide many national security benefits. Using this software, email can be "signed" by the sender. The recipient of a signed email can independently verify both the content of the email and the email address of the originator. Although sensitive information can easily be encrypted within this scheme, it is more common to use the "open-signing" procedure, which leaves the text of the email open for all to read, but also provides all of the security benefits of authentication. We feel strongly that widespread adoption of open-signing technology is essential to the security of the US email system in this time of crisis.
Policy makers might be tempted to enforce a top-down encryption and authentication scheme which includes back doors for various parties. Such measures may receive strong backing from certain vendors of proprietary encryption solutions and web commerce interests, because they stand to benefit from an exclusive government contract. Such a proprietary lock-out would lead to a disastrous outcome in wartime, because back doors will certainly be found and exploited by our enemies leading to unnecessary loss of life. Moreover, a uniform encryption scheme leaves the US with far greater vulnerability, when the scheme is inevitably broken by our enemies. Monolithic authentication schemes are clearly not the answer, whereas broad based diversity is a part of America's strength. Americans must be free to make their own choices about encryption and authentication software, especially now that we are all coming together for a common purpose.
Strong encryption may appear to present certain problems for law enforcement and national security agents, but good citizens will immediately turn their encryption keys over to government agents in order to aid investigation in the event that foul play is suspected. Meanwhile, our enemies will continue to use strong encryption regardless of any legistlation. If they do not divulge their keys, then the government may pursue a warrant and demand that the keys be made available. It may be necessary to give such warrants additional legal force, by adding penalties for those who do not comply with them. Moreover, additional funding should be provided so that world class computers and cryptology can be used to break the encryption devices of our enemies. This approach will eventually lead to dramatic improvements in the existing cryptographic software, especially for the widely available free software encryption programs, which are benefited by the open source development dynamic. We would suggest that this compromise is in the best interest of our freedom and national security during wartime preparations.
All US citizens should immediately start open-signing their email messages as a voluntary act of patriotic duty. In addition, any information which would assist our terrorist enemies should be encrypted as a matter of course. Let's use this powerful software to help us win the war against terrorism.
Wed Sep 19 12:43:35 EDT 2001: Email authentication as described here would have prevented much of the damage cause by the Nimda worm. Email worms can be thwarted by an authentication system, because your email must be signed with your passphrase before it is sent. If someone receives email from you that is improperly signed, then they automatically know that something went wrong. PGP could have prevented Nimda worm attacks via email.
Slashdot: Crypto Doesn't Kill - People Do
Slashdot: Blaming Encryption
BBC News: Tackling terror with technology
Linux World: How to install GnuPG
New Scientist: Controlling encryption will not stop terrorists
Slashdot: Net taps without warrants
Wired: Online Donations Set Records
NewsForge: EFF asks vigilance in protecting rights
Wired: Geeks Gather to Back Crypto
GNU-Darwin News: Free Dmitry, DMCA, SSSCA, etc
Related social networking sites that might be lesser known
molecules feeds: GNU-Darwin Action blog feeds: