« Why doesn't Linux need defragmenting?What's in a name? »

Tue, Aug 15, 2006

[Icon][Icon]I've said it before. . .

• Post categories: Omni, Rant, In The News, Technology

. . . and I'll say it again: Before a politician can pass laws on a subject, s/he should be required to demonstrate above-average understanding of that subject.

The BBC reports that laws are being suggested that would make it illegal for a person to refuse to decrypt encrypted data.

Were there any actual knowledge in the heads of the people trying to get these laws passed, they would understand why it's a ludicrous proposal. A five-minute scan of TrueCrypt's website would be all it takes.

Here's the breakdown:

Computers store information on filesystems, which usually reside on disks or flash memory. They don't just write the file to the filesystem and rely on scanning the entire disk to find each file every time they want it: This would be like making notes in a book at a random place on a random page. It would take forever.

Instead, when a file is created, the computer makes a note in a "Table of contents" at the front of the "book". Then when you ask for a file, it looks in the table, finds out what "page" the file is on, goes to that "page", and retrieves the file.

When you delete a file normally, you might think that the computer applies an "eraser" to your "pencilled-in note", but it doesn't: All it does is erase the note in the "table of contents": The file is left untouched.

This is why people who format their PC hard-drive and then ebay it find their bank accounts suddenly empty: The hard-drive buyer has simply set software to scan through every "page" and construct a new "table of contents", effectively undeleting your entire hard drive and rendering all your information accessible.

In order to prevent this happening, secure deletion methods exist, such as "shred" - this over-writes the file, or the entire hard drive, with random data, completely removing the sensitive information and rendering it impossible to retrieve via software tools.

If you ever buy a second-hand hard-drive, it's well worth shredding it: If the previous owner installed any illegal material on it, you might be accussed of installing it yourself if it is discovered.

So, you buy a hard drive and you shred it: It now has completely random data on it. You then format it, safe in the knowledge that there is nothing on your drive that you didn't put there yourself.

So far, so good?

Next, you install TrueCrypt on your PC, and create an encrypted filesystem on your hard drive. Accessed via TrueCrypt, this looks like just another disk drive. You then shove all your sensitive files on it. Once done, you tell TrueCrypt to unmount the filesystem.

You now have masses of encrypted data on your hard disk. But encrypted data has no visible logic or order to it: The whole point of encryption is to scramble the data so nobody else can get at it.

Encrypted data, in short, is identical in appearance to completely random data. Should the police suddenly bash in your door and seize your hard drive, they will find a huge long string of ones and zeros written on it.

Is it a shredded drive, owned by a paranoid but perfectly legitimate user? Or is it an encrypted filesystem, owned by somebody with something to hide?

It's impossible to tell. Utterly impossible.

But it doesn't stop there: You can create an encrypted filesystem within another encrypted filesystem. So somebody can put a gun to your head and tell you that unless you decrypt the data, they're going to pull the trigger.

So you decrypt *that* filesystem, which has your sensitive-but-legal data on it. But nothing illegal is found. Just a load of as-yet-unused space.

Does *that* space contain illegal material? Impossible to tell - see above.

So I could create a file on my hard drive called "Encrypted.Filesystem", and mount it as an encrypted filesystem with the password "foo". And then on that encrypted filesystem, I could create another encrypted filesystem, with the password "bar"

I could then put lots of illegal material on the twice-encrypted "bar" filesystem, and put a load of perfectly legal material on the once-encrypted "foo" filesystem. And then email the "Encrypted.Filesystem" file to anybody I liked.

And regardless of what the law said about handing over encryption keys, nobody could ever prove that there was anything but legal information and empty space on that file. They could force me to decrypt "foo", but "bar" would remain completely safe and utterly undetectable.

Hence these legislation changes are worthless, beyond the fact that they clearly show that the government employs a lot of time-wasting idiots that the taxpayer would be better off without.

1 comment

Garry Freemyer
Comment from: Garry Freemyer [Visitor]
I cannot agree more with your statement that those making laws on a subject should know more than average about the subject.

How secure would WE feel if we entered a hospital for surgury and found that the ones deciding how to operate on us were the polititions instead of the doctors?

Reminds me of the saying if pro is the opposite of con is congress the opposite of progress.

You are correct, yet if the congressmen had to educate themselves in medical science, or whatever they would be reading forever instead of passing laws, and despite their salary, maybe that would be a good thing! :)

One would think that maybe impartial advisors might help but impartiality is rare and a partial advisor is a lobbyist.

If one looks at the history of mankind, one finds evidence, that government by mankind is like a blind man stubmling in the dark and he knows not where he is going.

If there is a higher wisdom out there, Its high time they take over - pun intended.

Till then foolish, wasteful and even damaging laws are going to proliferate like rats and just hope we don't get bit.

Have you noticed the threat stemming from software companies that put arbitrary agreements in their user licenses and call it illegal if we break the agreement but often the agreements themselves are illegal, impractical and demoralizing. Last I looked only polititions could pass law.

Illegal when they involve agreeing to give away rights, and rights can't be agreed away.

Impractical because they might say "The player cannot give out their account info to another" the trouble is, that suppose the one demanding the account info is a parent or other authority?

Demoralizing because they are so wordy as to be dizzying and the assumption that the EULA is common sense is not always correct and one EULA for a top game maker ends with the statement that by hitting "Agree" you are agreeing that you have never violated the EULA and that if you have, you agree to never play that game and any other game the maker acquires or will make in the future and contain such sweeping statements that it is inevitable that the most honest player is sooner or later going to unknowingly violate the EULA by accident.

They are like freeways brimming with speeding cars - no matter how careful one is, one is likely to get hit sooner or later.

Once the mistake is made, the player is re-criminalized every time they hit agree and then they are expected to self-ban themselves forever.

I once used to play online games from Sony, I was told I should buy game money off of ebay when I blew my entire bankroll on buying an item I did not need when I clicked on the wrong item. I ended up buying garbage and there was NO hope of recovery for perhaps months or even a year. I said I could not do that because it was forbidden. They said it was perfectly OK.

The prohibition is at the end of paragraph 7 of this EULA, but it was so wordy, so badly formatted that by the time I got to the end of a each quarter page long sentence, I not only had forgotten the meaning of what I was reading and what I was looking for and I was so overloaded that I would lose my place dozens of times and not know it. The interface for reading it required horizontal scrolling that was was so jerky, keeping one's place was impossible. There were other things I would never have thought they would ask, such as refusing to give our account info to anyone no matter that they were marriage mates, or a parent that was paying for the game subscription! Technically you were supposed to log out before going to the bathroom, as the Eula changed, actions that were "Legal" became illegal and if you had ever done these things, you were now a retroactive lawbreaker - which is absurd to me.

I bought the money and then someone pointed out the section I kept accidentaly skipping. I thought long about this and realized the why it is so terrible to buy game items and money. it turns the game from a game of skill, strategy and smart descisions to a game of who had the most money to blow.

I would not spend the money, There was no way for me to drop or destroy it, and when I read the statement that made me a liar for one mistake I deeply regretted every time I hit OK for any Sony game I was horrified.

Eventually, I quit playing, and after about a year, I lost all interest. The Eula proved to be a painful thorn in my side and I just quit. There was NO place in the Eula for absolution, or apology or turning yourself in. Once you had done it there was no "Hey, I made a mistake, I'm sorry, can you delete this stuff?"

These so called laws, sweeping statements and grossly convoluted wording causes many honest hearted players to just plain give up not realizing that by hitting OK, they were saying they understood the document and thus had already violated the agreement. Others would read the thing and lose respect and interest. Others would eventually have thier gaming experience soured by the experience and the guilt after years of scrupulously playing games as intended and avoiding cheats and exploting caused them to lose interest as I did and tragically some would continue to play until they got their conscience fried enough that they started caring less about right and wrong.

FYI: Some might think I'm on some higher moral ground, so I say no, I'm not better than others, I'm just a plain human being, looking for a job, just trying to cope in a chaotic world who looks in the mirror and sees a person who has a lot to learn and not enough time to do it, and who hopes that some day, they will have something to contribute besides over-long posts because they are baffled, overwhelmed and overtaken by a world full of demands that seem extreme unreasonable inpractical and leaves matters worse than when the so-called laws were drummed up, just like you said.

Thank you, for your post. It was eloquant and well written and mercifully short compared to mine. LOL. /salute.
15/08/06 @ 16:05

[Links][icon] My links

[Icon][Icon]About Me

[Icon][Icon]About this blog

[Icon][Icon]My /. profile

[Icon][Icon]My Wishlist


[FSF Associate Member]

December 2017
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31


User tools

XML Feeds

eXTReMe Tracker

Valid XHTML 1.0 Transitional

Valid CSS!

[Valid RSS feed]

blog soft