[wordup] Things just got weirder

[Adam Shand]

I like this quote:

  A spokeswoman for the Home Office dismissed privacy concerns over RIPA
  and warned that the system could provide criminals with a new tool:
  "This particular technology could provide the criminally inclined with
  a tool to further their criminal intent."

Because we all know that criminals are all stupid and incapable and
unmotivated to write their own tools.  You'd think that if they were so
concerned about it one way to stop the civilian populace from writing
tools which could/can/will be abused by the less clued and resourceful
criminal populace would be to stop infringing on "us normal folks'"
rights.

"If encryption is outlawed only outlaws will have encryption."

Adam.

Via: Brett Shand <bretts at earthlight.co.nz>
From: http://www.newscientist.com/news/news.jsp?id=ns99992335

Anti-snooping operating system close to launch
16:28 28 May 02
Will Knight

Computer activists in Britain are close to completing an operating
system that could undermine government efforts to the wiretap the
internet. The UK Home Office has condemned the project as potentially
providing a new tool for criminals.

Electronic communications can be kept private using encryption. But new
UK legislation will soon give law enforcers the right to demand
encryption keys from anyone suspected of illegal activity.

The Regulation of Investigatory Powers Act (RIPA) was introduced to
update UK surveillance laws to include electronic communications. But
privacy campaigners say it gives too much power to law enforcers and
permits intrusive eavesdropping.

Peter Fairbrother, a mathematician and computer enthusiast, is
programming the new operating system, called M-o-o-t. "It is aimed at
anybody who's concerned about the government being nosey," he says.

Remote storage

M-o-o-t aims to beat RIPA powers by storing encryption keys and other
data overseas, beyond the reach of investigators. No data will be stored
on the computer's hardware.

Documents and email messages will be kept on servers outside the UK
government's jurisdiction. Communication with these servers will be
secured by encryption.

It will be possible to store files on any server that allows encrypted
File Transfer Protocol (secure FTP) access. It will even be possible to
share files between different servers, meaning that if one server were
compromised, this would still not provide a complete file.

M-o-o-t will be almost entirely contained on a CD that will run on most
PCs and Macintosh computers. The CD must be placed in a computer at
start up and will then load up a graphical user interface, as well as a
number of applications including an email client and a word processor.
Fairbrother says the system aims to make it easy for anyone to use the
suite of tried and tested cryptographic protocols that M-o-o-t combines.

Criminal tool

A spokeswoman for the Home Office dismissed privacy concerns over RIPA
and warned that the system could provide criminals with a new tool:
"This particular technology could provide the criminally inclined with a
tool to further their criminal intent."

She told New Scientist: "Such a device in the wrong hands will do far
more to infringe the human rights of innumerable potential victims than
a regulated and inspected process such as RIPA could ever allow."

Fairbrother admits that the M-o-o-t might be used by criminals but says
there are already more complicated tools available for determined
lawbreakers. "The benefits far outweigh the problems," he says.

Master keys

Communication will only be possible with other M-o-o-t users using keys
that expire after a single use. "Master" encryption keys will be kept on
the remote servers in a format that makes it impossible to distinguish
them from random data without the correct password.

This is possible using the Steganographic File System developed by
researchers at the University of Cambridge. It stores all data as
apparently random information.

"M-o-o-t sounds like a great idea," says Bruce Schneier, security expert
and head of US company Counterpane Security. But he adds that extensive
testing will be needed to ensure there are no software bugs: "Like any
security technology, if you rely on it and it has flaws then you don't
have the security you rely on."

RIPA, introduced in July 2000, allows UK police to intercept electronic
communications using equipment installed at ISPs. When part three of
RIPA is brought into power later in 2002, police will also be able to
demand access to message encryption keys. Those who fail to hand over
their keys could face a prison sentence.

Fairbrother says a version of M-o-o-t should be ready for testing in the
next two weeks. The final product ought to be ready for the introduction
of part three of RIPA, he adds.