s. keeling: > Ron Johnson <[EMAIL PROTECTED]>: >> >> e) Skype seems secure, but the Germans[1] might have cracked >> it and be blowing smoke in order to get Bad Guys to use >> encrypted Skype, >> >> [1] http://www.nzherald.co.nz/section/story.cfm?c_id=5&objectid=10477899 > > "Might have cracked it and be blowing smoke?" That's not how I read > that. It reads here like the German police are just as averse to > Gestapo tactics as is the rest of Germany, and they're intent on > staying well into "letter of the law" territory (as well as being > _seen to be there_), with keen eyes on "intent of the law."
I am not sure whether I understand you correctly, but if you are saying
that German authorities try their best to hold up civil liberties and
stay strictly within the borders of Germany's constitution, you are very
wrong.
What Jörg Ziercke wants is to break into computers of suspects, log
their activity and search their hard drives while the owner is using it.
That way they wouldn't have to break encryption, they would just
circumvent it.
While this may look like a good idea at first sight, it creates a whole
lot of problems. The biggest one in my opinion is that there's no way to
prove the authenticity of the evidence found while monitoring the
computer. Not only could the police plant anything in there, criminals
might use back-door features of the "federal trojan" or they break into
the systems the same way the police did. This alone renders "online
searches" completely useless. They just cannot produce evidence which
holds up in court (at least I hope so).
This approach is totally different from a regular house search where the
police seals computers and storage media they seize. There, they do not
manipulate the evidence, they only take copies and search for
incriminatory things and have unaltered evidence in court. And a regular
house search is done publicly, with independent witnesses, to minimize
the possibility of the police to fake evidence. Online searches are
covert action against which you can only take legal measures in
retrospect. If they don't inform you about it deliberately, you even
might never know baout it.
By the way, the article mixes up two different things that Ziercke would
like to distinguish: "source telecommunication surveillance" in order to
circumvent end-to-end encryption of ongoing communicytion and "online
searches", where they search hard drives to find incriminatory material
and log your keystrokes to find passwords etc. Ziercke would like the
German people to believe that these are technically completely different
things and that it is possible to do one while technically preventing
the use of the other one on a case-by-case basis (which, of course, is
completely ridiculous).
Of course, for the defendant it is impossible to prove what exactly the
authorities have done with his computer after the event. All he knows is
that there was a trojan which could have done anything.
To appease critics, there are plans to deposit the source code of the
trojan for a judge to read it. But show me a judge who can read source
code! And I do not think independent experts will be allowed to review
the code because it might pose a security risk. And either way, nobody
can guarantee that the source code the judge sees is the same code used
on the defendant's computer.
To end my my rant: the German minister of Interior Politics recently
said to critics that he agrees with them in that there is a "red line"
which lawmakers should not cross in the "fight against terrorism". This
line is drawn by our constitution. But, he said, if this line stops him
from doing what he thinks is necessary, one can still change the
constitution.
So much for his loyalty to our constitution.
J.
--
If politics is the blind leading the blind, entertainment is the fucked-
up leading the hypnotised.
[Agree] [Disagree]
<http://www.slowlydownward.com/NODATA/data_enter2.html>
signature.asc
Description: Digital signature
