US Government To Mandate Inbuilt Backdoors in Network Equipment and Internet Services

[BasketCase]

Am I suppose to be upset that the FBI knows I spent 3 hours downloading Red vs Blue movies?

You mean, somebody used your computer to download that stuff. There's no way to know who was actually at the keyboard. Borrowed or stolen password. Could have been anybody.

Edit: I'll have you know I'm extraordinarily disappointed in your tastes. Red vs. Blue??? Sheesh. Go for Tripping the Rift, man!!!

 

[aneeshm]

One word : Encryption .

That's all it takes to circumvent this POS law . From now , if I send something private to someone in the USA , then I'll make sure that it is encrypted . It is laws like these that make me want to give such governments the finger .

 

[IglooDame]

Quick clarification: this law makes it easier for wiretaps at the telco (broadband/VOIP provider) level; it doesn't mandate that your home or company router/firewall have a backdoor. While I oppose it in principle anyway, I don't regard it as an all-encompassing threat nor necessarily (assuming the backdoor is designed properly) a wide vulnerability for hackers, as it could require certain equipment with embedded keycodes to be physically connected at some particular part of the in-house network to function, for example.

Aneeshm is spot on, though - adequate encryption is your friend, and considerably more easily done on internet/VOIP connections than on old phone lines.

 

[Aphex_Twin]

Encryption only works if there is some part of the information circuit that you control yourself. If the FBI controlls the communication lines and the servers along the way (and now the ISPs) emplying encryption would become unsafe. For instance, if I want to privately communicate with someone I don't know dirrectly, I could download his public key (usually from himself of a server), encrypyt my message and send it to him. But now since the FBI controlls the line of communication there would be no guarantee that the key from that server is accurate, nor that the person that sent it to me (say via e-mail) would be the one it claims to be.


Well, it had been due for 21 years:

War is peace
Freedom is slavery
Ignorance is strength

 

[Strider]

You mean, somebody used your computer to download that stuff. There's no way to know who was actually at the keyboard. Borrowed or stolen password. Could have been anybody.

True, but if the FBI is doing this to catch hackers who download Red vs Blue videos on other people's computer and then goes about watching them, then I'd have to say the crime rate had better be VERY low. There's a chance I'll be hit by a car every time I walk out of the house (actually there's a chance I'll be hit by a car in my house also). Does that stop me from walking out of my house? All this did was make it remotely more possible for someone to hack into my computer, the chance of it happening is still very low.

Edit: I'll have you know I'm extraordinarily disappointed in your tastes. Red vs. Blue??? Sheesh. Go for Tripping the Rift, man!!!

I've never even heard of Tripping the Rift. Anyway, Red vs Blue is awesome!

Edit: Re-read the post and it makes little sense. I hate mornings.

 

[farting bob]

I can imagine the MPAA begging to install stuff to detect when people download movies and music illegally. It'll be heaven for those

Moderator Action: Language - warned.
Please read the forum rules: http://forums.civfanatics.com/showthread.php?t=422889

 

[aneeshm]

Encryption only works if there is some part of the information circuit that you control yourself. If the FBI controlls the communication lines and the servers along the way (and now the ISPs) emplying encryption would become unsafe. For instance, if I want to privately communicate with someone I don't know dirrectly, I could download his public key (usually from himself of a server), encrypyt my message and send it to him. But now since the FBI controlls the line of communication there would be no guarantee that the key from that server is accurate, nor that the person that sent it to me (say via e-mail) would be the one it claims to be.


Well, it had been due for 21 years:

War is peace
Freedom is slavery
Ignorance is strength

If you want to be really really paranoid , then you can use GNUnet , available here .

The whole thing is encrypted , and everything is hash-checked ( IIRC ) .

 

[elfangor801]

I can imagine the MPAA begging to install stuff to detect when people download movies and music illegally. It'll be heaven for those

That's what I was thinking....but that's like 10 million computers to cover so maybe we're still good.

 

[BasketCase]

@Aphex_Twin: you can verify someone's public key by calling them on the phone and having them read off their public key's hash code to you (this is basically a "signature" unique to the key). Public key escrow is a system intended to do the same thing, where people store their public keys in a central location; the administrator of that central location verifies the keys and serves as an agent of trust. In my opinion, once you move from direct authentication to webs of trust and such, you introduce an element that makes the encryption a lot more susceptible.

One thing you can do is post your public key in a link (i.e. in your CFC signature) and also include the hash code in that signature. I've seen people do that a lot with PGP.