[iwar] [fc:Anti-snooping.operating.system.close.to.launch]

From: Fred Cohen (fc@all.net)
Date: 2002-05-28 22:19:03
Next message: Fred Cohen: "[iwar] [fc:FBI's.Carnivore-lies.may.have.blown.bin.Laden.inquiry]"
Previous message: e.r.: "Re: [iwar] Cadets Keep NSA Crackers At Bay (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <200205290519.g4T5J3Z25805@red.all.net>
To: iwar@onelist.com (Information Warfare Mailing List)
Organization: I'm not allowed to say
From: Fred Cohen <fc@all.net>
Mailing-List: list iwar@yahoogroups.com; contact iwar-owner@yahoogroups.com
Precedence: bulk
Date: Tue, 28 May 2002 22:19:03 -0700 (PDT)
Subject: [iwar] [fc:Anti-snooping.operating.system.close.to.launch]
Reply-To: iwar@yahoogroups.com
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Anti-snooping operating system close to launch
  16:28 28 May 02   NewScientist.com news service

<a href="http://www.newscientist.com/news/news.jsp?id=ns99992335">http://www.newscientist.com/news/news.jsp?id=ns99992335>

Computer activists in Britain are close to completing an operating system
that could undermine government efforts to the wiretap the internet. The UK
Home Office has condemned the project as potentially providing a new tool
for criminals.

Electronic communications can be kept private using encryption. But new UK
legislation will soon give law enforcers the right to demand encryption keys
from anyone suspected of illegal activity.

The Regulation of Investigatory Powers Act (RIPA) was introduced to update
UK surveillance laws to include electronic communications. But privacy
campaigners say it gives too much power to law enforcers and permits
intrusive eavesdropping.

Peter Fairbrother, a mathematician and computer enthusiast, is programming
the new operating system, called M-o-o-t. "It is aimed at anybody who's
concerned about the government being nosey," he says.


Remote storage

M-o-o-t aims to beat RIPA powers by storing encryption keys and other data
overseas, beyond the reach of investigators. No data will be stored on the
computer's hardware.

Documents and email messages will be kept on servers outside the UK
government's jurisdiction. Communication with these servers will be secured
by encryption.

It will be possible to store files on any server that allows encrypted File
Transfer Protocol (secure FTP) access. It will even be possible to share
files between different servers, meaning that if one server were
compromised, this would still not provide a complete file.

M-o-o-t will be almost entirely contained on a CD that will run on most PCs
and Macintosh computers. The CD must be placed in a computer at start up and
will then load up a graphical user interface, as well as a number of
applications including an email client and a word processor. Fairbrother
says the system aims to make it easy for anyone to use the suite of tried
and tested cryptographic protocols that M-o-o-t combines.


Criminal tool

A spokeswoman for the Home Office dismissed privacy concerns over RIPA and
warned that the system could provide criminals with a new tool: "This
particular technology could provide the criminally inclined with a tool to
further their criminal intent."

She told New Scientist: "Such a device in the wrong hands will do far more
to infringe the human rights of innumerable potential victims than a
regulated and inspected process such as RIPA could ever allow."

Fairbrother admits that the M-o-o-t might be used by criminals but says
there are already more complicated tools available for determined
lawbreakers. "The benefits far outweigh the problems," he says.


Master keys

Communication will only be possible with other M-o-o-t users using keys that
expire after a single use. "Master" encryption keys will be kept on the
remote servers in a format that makes it impossible to distinguish them from
random data without the correct password.

This is possible using the Steganographic File System developed by
researchers at the University of Cambridge. It stores all data as apparently
random information.

"M-o-o-t sounds like a great idea," says Bruce Schneier, security expert and
head of US company Counterpane Security. But he adds that extensive testing
will be needed to ensure there are no software bugs: "Like any security
technology, if you rely on it and it has flaws then you don't have the
security you rely on."

RIPA, introduced in July 2000, allows UK police to intercept electronic
communications using equipment installed at ISPs. When part three of RIPA is
brought into power later in 2002, police will also be able to demand access
to message encryption keys. Those who fail to hand over their keys could
face a prison sentence.

Fairbrother says a version of M-o-o-t should be ready for testing in the
next two weeks. The final product ought to be ready for the introduction of
part three of RIPA, he adds.
 

Will Knight

------------------------ Yahoo! Groups Sponsor ---------------------~-->
Tied to your PC? Cut Loose and
Stay connected with Yahoo! Mobile
http://us.click.yahoo.com/QBCcSD/o1CEAA/sXBHAA/kgFolB/TM
---------------------------------------------------------------------~->

------------------
http://all.net/ 

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
Next message: Fred Cohen: "[iwar] [fc:FBI's.Carnivore-lies.may.have.blown.bin.Laden.inquiry]"
Previous message: e.r.: "Re: [iwar] Cadets Keep NSA Crackers At Bay (fwd)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
This archive was generated by hypermail 2.1.2 : 2003-08-24 02:46:32 PDT