Category Archives: Cryptography

How to Censor ‘A Censorship-Resistant Web’

Posted on December 25, 2010 by Michael Froomkin

A Censorship-Resistant Web sets out a sketch of a way to create fail-safe distributed copies of web pages (i.e. not centralized in a single point of failure like at archive.org) thought likely to suffer political risk, to authenticate them as genuinely by the original author, and to help browsers find them if the original were to vanish.

What’s nice about this system is that it gets you censorship resistance without introducing anything wildly new. There are already certificate authorities. There are already hash-to-URL servers. There are already mirrors. There’s already Tor. (There’s already tor2web.) The only really new thing specific to censorship resistance is URL-to-hash servers of the form I described, but they’re very simple and hopefully uncontroversial.

There is some work to be done stitching all of these together and improving the UI, but unlike with some other censorship-resistance systems, there’s nothing you can point to as having no good purpose except for helping bad guys. It’s all pretty basic and generally useful stuff, just put together in a new way.

(Spotted via Cory Doctorow)

I like this kind of stuff, and this seems the start of a fine effort. But it made me think, and I’m afraid that I had an evil idea.  The same techniques that allow users to navigate to the backup pages(s) also will allow the party that took down the page in the first place to find the duplicate(s), and it will rarely be hard to trace these to their respective owners.  So if this form of future-proofing becomes frequent for politically sensitive materials, I expect the cross-border aspect of the denial-to-denial-of-service-attack to be overcome by executive agreement or treaty.

The difficulty for the censor in the USA, however, is that pesky First Amendment.  I can see two ways that a determined government might try to get around it other than directly applying its scary and expansionist reading of the Espionage Act.  The first would be to argue the still-open issue regarding the supremacy of treaties over the Bill of Rights.  But that’s rather major, and would depend on the content of the hypothetical international agreement. It may also be unnecessary.

A sneakier work-around the First Amendment might go as follows:

  1. Seize the copyright of the online version.  This might be done on a claim that the text is contraband or was acquired with contraband.  Alternately, the seizure might be effected under the standard condemnation power, in which case just compensation would be due to the original owner in order to comply with the Fifth Amendment.
  2. Once the government has the copyright it then applies the DMCA to all the (domestic) copies and has them taken down.  It applies to foreign countries to do the same under the proliferating DMCA clones around the world.

There are a couple of complexities that need explanation.

First, the US government doesn’t usually claim copyright in the work product of its employees, which would make the claim that there is a copyright to seize difficult if the government was the original author of the leaked work (the WikiLeaks situation). That’s from 17 USC § 105,

Copyright protection under this title is not available for any work of the United States Government, but the United States government is not precluded from receiving and holding copyrights transferred to it by assignment, bequest, or otherwise.

But imagine that § 105 was amended, and the government did start to claim copyright in its employees’ works, or maybe just in all classified works produced by the government or its contractors and agents.  On the one hand, this would seem to avoid the need to seize the copyright, since the government would already have it and could instead go straight to the DMCA. 

On the other hand, however, the government would face a difficulty in that in order to claim copyright over the posted work, the government would have to admit that the work was authentic, something the US government has studiously avoided doing (officially) in the WikiLeaks case.

Perhaps, however, the government could invent some new procedure in which it went to District Court and proceeded in the alternative, saying it was either seizing the copyright, or not (leaving the question of just compensation for any subsequent proceeding in which someone claiming to have the copyright could come forward in the Court of Claims), but in either case now claimed entitlement to a declaration that it had the authority to apply the takedown clauses of the DMCA?

Anyway, all this is too horrible.  I hope a real copyright lawyer can come along and explain why it is nonsense. And by posting it on the day of the year when no one reads this blog, I hope I’ve both established priority in the unlikely event this both isn’t nonsense and is original, and also limited the chance of the idea taking off.

Posted in Cryptography, Law: Copyright and DMCA, Law: Free Speech, National Security | Comments Off on How to Censor ‘A Censorship-Resistant Web’

In Which I Am Falsely Accused of Understanding the Blowfish Algorithm

Posted on August 22, 2010 by Michael Froomkin

I have been cited in the Canadian Journal of Electrical and Electronics Engineering in an article entitled, Microcontroller Application in Cryptography Techniques, which appears at Vol. 1, No. 4, June 2010 and is by Ali E. Taki El Deen and Noha A. Hikal. Normally it warms the cockles of my heart to be cited by cryptographers. But not this time.

You see, the place where my article, The Metaphor is the Key: Cryptography, the Clipper Chip and the Constitution, 143 U. Penn. L. Rev. 709 (1995), was cited is this one:

The decryption process for Blowfish [8] is almost identical to the encryption process except the P-array values are reversed.

[8] sends you to my article. The problem is, I wasn't aware I knew much about the Blowfish cipher, or that I had ever written about it.

There must be some mistake? A month ago I emailed the authors to ask, but so far no answer.

Posted in Cryptography | 2 Comments

Geek Valentines

Posted on February 10, 2010 by Michael Froomkin

Romantic Cryptography.

From the abstract:

We show how Alice and Bob can establish whether they love each other, but without the embarrassement of revealing that they do if the other party does not share their feelings.

(Via Light Blue Touchpaper)

Posted in Cryptography | 1 Comment

We Predicted This Would Happen: Man Jailed in UK for Failing to Disclose Passphrase

Posted on November 25, 2009 by Michael Froomkin

UK jails schizophrenic for refusal to decrypt files.

In the UK under the odious Regulation of Investigatory Powers Act (RIPA), if you are served with an order to disclose a passphrase to an encrypted file and you don't, you're guilty.

We saw this coming ten years ago,

Caspar Bowden, director of the Foundation for Information Policy Research, said ministers still had the power to reintroduce such “objectionable proposals” later as regulations. He said two new offences in the bill raised serious civil liberties concerns:

“The bill will give police the power to demand decryption keys from anyone they suspect of possessing them, and failure to hand keys over can lead to a two-year jail sentence.

“Defendants will be presumed guilty of withholding a key unless they can prove otherwise, a likely contravention of the European Convention on Human Rights, and decryption notices will be secret, so it will be impossible to complain effectively if they are used in an oppressive way.”

A “tipping-off” offence could prevent innocent associates from complaining publicly, with a penalty of five-years imprisonment, he added.

The National Council for Civil Liberties took a similar line. Liberty's Director, John Wadham, said :

“These powers are too sweeping, and in some respects problematic. It's difficult to discern quite how an individual could prove that they didn't have a key: you can't prove a negative. This reversal of the burden of proof may well infringe the right to a fair trial. The indefinite gagging order on any individual whose e-mail has been intercepted is extraordinary.”

A Home Office spokeswoman denied the bill would mean defendants being presumed guilty. “The bill doesn't reverse the onus of proof, the authorities still have to prove that an offence has been committed for it to get off the ground,” she said.

What Sir Humphrey didn't tell the reporter, of course, is that the relevant “offence” is not disclosing the passphrase, not some underlying crime — of which in this case there is no evidence, although the defendant certainly has issues. But there's evidence that he didn't disclose his passphrase, and that is all it takes to jail him for nine months.

Posted in Civil Liberties, Cryptography, UK | 3 Comments

Hal Finney Is Brave. Very Brave.

Posted on October 9, 2009 by Michael Froomkin

Hal Finney is not a household name, although he is a Name in one of the communities I have inhabited, the crypto/cypherpunk community.

Now, it transpires, Hal is not just a very smart guy, he is a pretty heroic guy. In Less Wrong: Dying Outside, he writes movingly and bravely about his recent diagnosis with Lou Gehrig's disease (AKA Amyotrophic Lateral Sclerosis or ALS). That is what Steven Hawking has, and it leaves you paralyzed, unable even to breath without mechanical assistance.

Patients lose the ability to talk, walk, move, eventually even to breathe, which is usually the end of life. This process generally takes about 2 to 5 years.

There are however two bright spots in this picture. The first is that ALS normally does not affect higher brain functions. I will retain my abilities to think and reason as usual. Even as my body is dying outside, I will remain alive inside.

The second relates to survival. Although ALS is generally described as a fatal disease, this is not quite true. It is only mostly fatal. When breathing begins to fail, ALS patients must make a choice. They have the option to either go onto invasive mechanical respiration, which involves a tracheotomy and breathing machine, or they can die in comfort. I was very surprised to learn that over 90% of ALS patients choose to die.

Hal is planning on joining the 10%. And to make the best of it. How many people could write, sincerely, as he does in response to comments on his original announcement,

Everybody with ALS talks about how terrible it is, all the things you can't do any more. But nobody seems to notice that there are all these things you get to do that you've never done before. I've never used a power wheelchair. I've never controlled a computer with my eyes. I've never had a voice synthesizer trained to mimic my natural voice. If I told people on the ALS forums that I was looking forward to some of this, they'd think I was crazy. Maybe people here will understand.

I understand, but I don't know that I have it in me to be so brave.

Posted in Cryptography, Science/Medicine | Comments Off on Hal Finney Is Brave. Very Brave.

AES Explained in a Cartoon

Posted on September 23, 2009 by Michael Froomkin

Note to self. Save this for the next time I have to teach crypto to lawyers.

Moserware: A Stick Figure Guide to the Advanced Encryption Standard (AES)

Posted in Cryptography | Comments Off on AES Explained in a Cartoon