President Clinton urged Congress Tuesday to act swiftly in developing anti-terrorism legislation before its August recess.

But while the president pushed for quick legislation, Republican lawmakers hardened their stance against some of the proposed anti-terrorism measures.

Some left bloggers are posting this story around in the wake of the ABC docudrama drama in an attempt to document the left's anti-terror credentials. I remember this. Of course, what I draw from it is slightly different: That neither party actually gives a damn about civil liberties. Its just a role played by whoever the opposition party happens to be, to leverage the fears of anyone who doesn't like the present administration. If anything, Democrats have undermined serious arguements about the Patriot act by turning it into an oversimplified left/right issue, which results in a reflex reaction from the right and kills any possibility of dialog. Republicans assume that people raising questions about it are just partisans who don't understand what they are talking about, and they are usually right. Republicans also assume there is no problem with it and everything is cool. Most Republicans don't know what they are talking about either.

CNN - President wants Senate to hurry with new laws - July 30, 1996

Daniel Bleichenbacher recently described an attack on PKCS #1 v1.5
signatures. If an RSA key with exponent 3 is used it may be possible
to forge a PKCS #1 v1.5 signature signed by that key. Implementations
may incorrectly verify the certificate if they are not checking for
excess data in the RSA exponentiation result of the signature.

I can hear Nelson saying "HA-HA." The details are here but let me see if I can offer a simpler explanation.

In RSA, your public key is made up of an exponent and a modulus. In some RSA implementations, your public exponent is simply set to 3. Seems like a simple number, but you're going to tell everyone what it is anyway, and choosing a small number makes your calculations faster. (I'll use N for the modulus.)

As a reminder, public key crypto lets you encrypt something, or sign something. When you encrypt, you encrypt with the recipient's public key, and only their private key can decrypt. When you sign, you encrypt with your private key, and anyone with your public key can decrypt...

So, lets say your public exponent is 3. When someone wants to check your signature, they decrypt it with your public key. Literally, they perform this operation:

X = signature^3 modulo N

Now, RSA signatures are usually shorter then N before they are encrypted, so they get padded out to N first. It turns out that in some poor implementations of RSA its trivially easy to screw around with that padding so that a fake signature becomes a perfect cube, and the implementation won't examine what was inside the signature carefully enough to notice that you've done this. When your unencrypted signature is a perfect cube, it is easy to calculate it's cube root. This cube root will be accepted by RSA as a valid encrypted signature.

OpenSSL | RSA Signature Forgery (CVE-2006-4339)

terratogen wrote:
If you put an encypted file in a password protected stuffit file, would that give the file fourth ammenment protection from the access needed to open the stuffit file and actual protection from the encryption?

Why would stuffit creat an expectation of privacy where encryption doesn't? I think that it would be couched as "understanding" just as encryption is, under this theory.

If you are handed a warrant demanding "access" to some file, you should not be required to surrender your encrypted key as well because "understanding" is not required by law, right?

I think you would unless you claimed a 5th amendment right. They would imprison you for refusing to disclose the key. Think Judith Miller.

Somehow I think that the analogy doesn't hold water.

There is a huge gap missing in the analysis, and that is the 4th amendment protection for communications in transit. This same lawyer has argued that the 4th doesn't apply to internet communications in transit because internet communications aren't naturally enveloped. One might argue in that context that encrypting them would envelope them. However, there is a statute which requires a warrant to obtain electronic communications in transit, so that statue is, in that context, 4th amendment equivelent and so it doesn't matter anyway.

Having said that, what is the scenario in which you want the 4th amendment to apply where it does not already apply? They need one to search your house. They need one to intercept your email. Where are you worried they'll get access to the cyphertext without a warrant and you'd expect the 4th amendment to protect you in the event that they happen to know how to decrypt it without the key?

RE: The Volokh Conspiracy - Can Encryption create an expectation of privacy

The government of Pakistan today denied it would allow Osama bin Laden to avoid capture under terms of a peace agreement it signed with Taliban leaders in the country's North Waziristan area.

Q. ABC News: If bin Laden or Zawahiri were there, they could stay?

A. Gen. Sultan: No one of that kind can stay. If someone is there he will have to surrender, he will have to live like a good citizen, his whereabouts, exit travel would be known to the authorities.

What the fuck?

Did the war end today?

Representative Jane Harman of California, the senior Democrat on the House Intelligence Committee, said Mr. Bush should have disclosed the program years ago and called his speech “the opening salvo in the fall campaign.”

Oh, so now they want trials? I recall partisan democrats bitterly claiming that Bush would pull Bin Lauden out of a hat prior to the 2004 election. Alas, he did not. However, he appears to have done the next best thing this year. I wouldn't, however, characterize this as the opening salvo in the fall campaign. The opening salvo is the reason you can't bring water on an airplane.

President Moves 14 Held in Secret to Guantanamo - New York Times

Does encrypting Internet communications create a reasonable expectation of privacy in their contents, triggering Fourth Amendment protection? At first blush, it seems that the answer must be yes: A reasonable person would surely expect that encrypted communications will remain private. In this paper, Professor Kerr explains why this intuitive answer is entirely wrong: Encrypting communications cannot create a reasonable expectation of privacy. The reason is that the Fourth Amendment regulates access, not understanding: no matter how unlikely it is that the government will successfully decrypt ciphertext, the Fourth Amendment offers no protection if it succeeds. As a result, the government does not need a search warrant to decrypt encrypted communications.

The Volokh Conspiracy - Can Encryption create an expectation of privacy

Even if the US were to take the far less radical step of simply stopping its efforts to forcibly eradicate poppy fields in the parts of Afghanistan controlled by US and allied forces (as I advocated in my previous post on the subject linked above), the resulting competition would diminish the Taliban's profits.

A radical idea.

The Volokh Conspiracy - The War on Terror vs. The War on Drugs II:

Welcome to the Official Seal Generator. Enter some text, choose a border and an emblem, pick your colors, and click the 'Go' button. An Official Seal will be generated for you. Collect 'em, trade 'em, put 'em on your website, or e-mail 'em to your friends.

This looks like fun!

Official Seal Generator

A federal magistrate today dismissed with prejudice a disgraceful DMCA prosecution against three young Texas men who bought a lot of cell phones while looking Arab.

The three were rousted by local law enforcement in Michigan last month after they were spotted driving from Wal-Mart to Wal-Mart buying as many low-cost pre-paid cell phones as they could get their hands on. Tuscola County authorities arrested them as suspected terrorists and made a lot of noise.

Then when the case didn't pan out the feds stepped in with charges that the men conspired to violate the DMCA. "I think (law enforcement) dug themselves a hole and they tried to dig themselves out," defense attorney Nabih Ayad told me.

This is exactly what happenned in Georgia when a prosecutor brought a Tech student up on 4 felony charges for making dry ice noise makers because the local police told the press it was "terrorism."

It's hard to imagine anything creepier than the FBI merging homeland security hysteria with corporate IP extremism.

I agree.

27B Stroke 6: Michigan cellphone 'terror' case dismissed

As late as June of this year, Mark Mershon of the FBI testified that the bureau will not monitor or surveil any Islamist unless there is a "criminal predicate." Thus the large Islamist support infrastructure that the commission identified here in the United States is free to operate until its members actually commit a crime.

Spun another way, the FBI is sick of tailing pizza delivery boys. Is there really an Al'Queda domestic support infrastructure that we are aware of and aren't paying attention to or is this guy merely suggesting that every arab is a suspect?

Even in the United States, some 80 percent of Islamic mosques and schools are closely aligned with the Wahhabist sect and heavily dependent on Saudi funding.

I would be seriously suprised to hear that American Islamic mosques are producing violent radicals. If this is the case, the response ought to come in the form of dialog. The suggestion that we should target and eliminate funding for a sect of domestic religious schools that are, AFAIK, not producing violent people, simply because they are muslim is, frankly, unconstitutional for a good reason. I don't think the sort of radical churches that exist in England would be tollerated here.

We're Not Winning This War