[Ir-l] [IR-L]: Re: RIP and PGP

[Caspar Bowden]

> From: ir-l at gn.apc.org [mailto:ir-l at gn.apc.org]On Behalf Of Paul Mobbs
> Remember that PGP doesn't use perfect primes - therefore it's vulnerable
to
> factoring solutions.

I'm afraid this misunderstands the maths of public-key
Have a look at some of http://www.pgpi.org/doc/faq/, or alt.security.pgp or
comp.security.pgp.discuss

> Even if this project has not been completed, it's only a
> matter of time before factoring solution is available to PGP.

Not really. Modern cryptosystems are secure because every bit added to the
key-length (more or less) doubles the search-space for the key - so however
fast machines get, it will always be possible to use keys well beyond their
reach. There is one sci-fi caveat to this (quantum computers), but that is a
fair number of decades away.

> It will still require a lot of computing power, because
> factoring reduces the number of possible keys
> rather than finding the key itself.

Another misunderstanding I'm afraid.

> the process of encryption takes time, you only encrypt
> 'important' information. Therefore encrypting any file is the
> equivalent to putting a big, dayglo
> banner on it saying "I'm really important data - please hack
> or crack me".

Windows 2000 allows an entire partition, or parts of a directory structure
to be transparently encrypted/decrypted on-the-fly - others products like
Scramdisk (published source) or commercial software or GNU/LINUX software do
the same if you don't like MS.

> While encryption might be a useful way of communicating 'secretly', it
> still avoids confronting the main issue: that the control
> freaks at the Home Office and in the security services are seeking ways
> of monitoring and deterring *lawful* and *legitimate* public protest.

The main issue here is asserting your right to some privacy. Unless people
exercise this right by using encryption, it will be removed by default by
the reverse-burden provisions of RIP.

> ..means not using encryption, but sending our actions and
> intentions in plain text so that it trips all the dictionary
> surveillance systems that the State has to offer!

...and what will that achieve?

> The success of new laws such as the Terrorism Bill and
> the RIP Bill, in terms of the governments approach, will not
> be successful raids and searches. Remember that neither Bill creates
> specific offences - they are both procedures for search, surveillance
> and investigation.

Wrong. The main problem with RIP is that it DOES create a specific offence -
of failing to comply with a decryption notice, when nothing substantially
criminal has been proven or indicated, and with a reverse-burden of proof on
the defence, it effectively criminalises the only tool available to protect
the confidentiality of communications or the privacy of electronic papers.

> There is no way to campaign *safely*. We just have to take
> people on and go
> with whatever happens. Our only defence is not to work as
> individuals, but
> as a 'reciprocity network' where we all look out for one another.

It's said the Internet abolishes geography: well if you are an activist, and
you want to discuss ideas and plan actions with the same degree of
confidentiality as you could face-to-face in a pub, then encryption is your
only way to do this. If you relinquish the right to encrypt by accepting its
de facto criminalisation, then activists will be reduced to making local
plans in response to globalisation, or at best co-ordinated gestures.