Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

FBI adds to wiretap wish list. This is hard to believe!!!

Mar 14, 2004 12:51PM PST

.

Can they really do this?? Would the public stand for it?


"A far-reaching proposal from the FBI, made public Friday, would require all broadband Internet providers, including cable modem and DSL companies, to rewire their networks to support easy wiretapping by police.

Legal experts said the 85-page filing includes language that could be interpreted as forcing companies to build back doors into everything from instant messaging and voice over Internet Protocol (VoIP) programs to Microsoft's Xbox Live game service. The introduction of new services that did not support a back door for police would be outlawed, and companies would be given 15 months to make sure that existing services comply."

http://news.com.com/2100-1028-5172948.html

Discussion is locked

- Collapse -
Wiretap this...
Mar 14, 2004 1:06PM PST

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQENAzmNBwUAAAEIAMe4+9R4dc5kDacp54q3KiQCA2qk9mglG6IOZjgT54j0nTIC
sB2YyqeHJdOm45bZdNuUM+PhEIR77l8yYxCf8qOkhv7H1OdSgkE6vzYwD3I4RTa4
lOSBFrdjsKYxDYY/9O/MfjgwA9EI1k5OGClhyw9vHRLSX0lcLVSmImppksIQ4OTB
XiattB0j6U6w647L/7/7Tpy2HR+nX+UJITqGI6AxzgfEYT9XzbvYdziucmXqRDrb
bX+HNnhtMP4CQyUoMCw0Iub/jftbuzmwzMmd46tfkBgX/MutwRO7rKKPqIrOxuFv
dBdSw6zosAufpVhmpU/kq3JzXO39H4FD3dIHOy0ABRG0I0NsYXkgTGF3cmVuY2Ug
PHNlcnZvQGJlbGxzb3V0aC5uZXQ+iQEVAwUQOY0HBR+BQ93SBzstAQGDNQgAiQVQ
4yRYY0DnqBWsDWhijwYd5oXEfBBr/AQhqBEbqHSpN8Of1Px87zIpT79VFv8fdZU1
HSQ1mHjLgrGIAm7Ad7PCs4CrQFYL6Ueg0xRjcm358dNoakqxI46AgFx9L95kchqs
kz9E5W/IDa2MMazxkRn+YgbjXn20POR3J6J+EzTN8a1vVvD8GUPUNFngVdoJWqW+
Cel57LmVWghFP5soC1h8U/GlL3fe+rGd7qlTndgEd2lFlFYBaAY+jkJ8T5X0cZJy
quC2rdOWoFsr8RTg5CsVIixL8ywR64kdnR62EsyWFSwz4QWimsP4FFDj7jkwDsss
gXnTymoNCJQJW3J7bg==
=ISBx
-----END PGP PUBLIC KEY BLOCK-----

- Collapse -
OK. I'm impressed. Now explain what the heck you did!
Mar 14, 2004 1:25PM PST

.
You realize that this wiretapping ability would require the rewiring of broadband or cable that would probably serve to eliminate any type blocking from your computer, don't you? At least that's the impression I get.

- Collapse -
Re:OK. I'm impressed. Now explain what the heck you did!
Mar 14, 2004 9:02PM PST

I just posted my public PGP[key. With it you could encrypt a message to me that only I can decrypt with my private key. We could also establish a VPN between us for on the fly encryption. Wiretapping or sniffing the packets in the middle would be useless because it would be encrypted. It's time for the FBI to realize that wiretapping is an obsolete method in today's world. With quantum encryption around the corner wherein the encryption key itself changes 1000s of times a second wiretapping is a useless tool. For the FBI to get what they're asking for would require shutting down the internet completely, something that, IMO, ain't gonna happen.

- Collapse -
Technology growing at the speed of a bullet v FBI in the horse and buggy stage?
Mar 14, 2004 9:30PM PST

What's happened to the CIA and FBI? Am I mistaken or what, weren't they both a lot better 20 or 30 years ago? You would think they would be on the cutting edge of technology.

- Collapse -
Their funding was cut by the Democrats.
Mar 15, 2004 5:06AM PST

What's the criticism? Is it cost to the ISP? That looks like a legit complaint. Is it the opportunity to listen in on communications? How is that different, in concept, from traditional phone tapping? That is recognized as a legit police power as long as a judge agrees. It does seem like they have a lot of tech questions to answer before they're allowed to do it. For example, how do the intercept just my packets, and how can they intercept all my packets without interfering with internet operations?

- Collapse -
If this is what they are into a cut in funding was a good thing. -nt
Mar 16, 2004 7:08AM PST

.

- Collapse -
Re: Wiretap this...
Aug 4, 2004 1:17PM PDT

Hi, Clay.

You do realize that the Feds have been trying to get PGP banned for years, right? And last I heard, it was still on the forbidden export list, along with the high-security versions of most browser software.

-- Dave K, Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
Re: FBI adds to wiretap wish list. This is hard to believe!!!
Mar 14, 2004 9:48PM PST

Hi, Rosalie.

This was part of Ashcroft's Patriot Act 2. Since that didn't fly, they're trying it independently. And why do you find it hard to believe? It's completely in keeping with the Bush/Ashcroft agenda...

-- Dave K, Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
Re:Re: FBI adds to wiretap wish list. This is hard to believe!!!
Mar 15, 2004 12:57AM PST
in keeping with the Bush/Ashcroft agenda...

Well I think you'll find that many not in agreement with your blanket condemnation of the entire administration would agree that some provisions of the first and the proposed second Patriot Act aren't wise.

I will say that it's not unusual for those in charge of enforcing the law to feel they need more power and autonomy than they have. You can find some from top to bottom in law enforcement that feel that way. That's one reason that elected officals make the laws and set the rules rather than the cop on the beat.

So while we have to concern outselves with making sure or representatives balence laws between security and freedom, it doesn't mean anyone asking for more authority is automatically right or wrong. They have their views and goals, but must be ruled by the guides laid down.

It doesn't help to obviously hate those in charge and all they do without regard.


RogerNC

click here to email semods4@yahoo.com
- Collapse -
Re: FBI adds to wiretap wish list. This is hard to believe!!!
Mar 15, 2004 10:41PM PST

Hi, Roger.

I don't hate all they do without regard. I was quite supportive of Bush after 9/11 -- it was only after he decided to use the political capital he obtained to push through ill-considered domestic programs that it became clear he's worthess as a President and leader. You're right -- I disagree with him on just about every substantive issue. He's squandered a huge surplus in just three years by huge tax giveaways to the wealthy, alienated our allies, worsened foreign relations with both Iran and North Korea to the point where (nuclear!) war is a distinct possibility with either or both; pushed through wrong-headed environmental policies that are reversing decades of hard-won progress towards clean air and water, ignored the horrific threat of global warming, cut off population planning assistance to the over-populated nations of the world; stymied progress on stem cell research, the most promising approach to now-incurable diseases affecting tens of millions of Americans and hundreds of millions worldwide; and done nothing towards bringing adequate health care to the increasing number of Americans without affordable access to it, an absolute travesty in the world's richest nation. That's just off the top of my head -- I'm sure i can think of others. But let me make this perfectly clear -- I am against Bush and the Republicans BECAUSE of their policies, it is not that I oppose their policies because of who promotes them. If the Republican party suddenly decided to seek progress for all, instead of increased power and wealth for the elite at the expense of the rest of society, I'd be a third of the way converted -- that would still leave Bush's wrong-headed foreign policy and attempts to legislate his version of morality.

-- Dave K, Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
I just read a more technical summary of this. The FBI is in way over their head.
Mar 16, 2004 6:47AM PST

They are asking to preapprove technology before it can be developed or deployed. They also want existing networks rearchitected to give them what they need with the users to pay the cost. This we DON'T NEED. A gov't bureaucracy trying to control technological development is the kiss of death for the technology. I think there will be LOTS of comments on this, and it will not fly. It is way over the edge.

President Bush needs to step in and tell the boys to go back to their sandbox and find another way.

- Collapse -
Re:I just read a more technical summary of this. The FBI is in way over their head.
Mar 16, 2004 7:09AM PST

Finally, something we agree on !

Happy

- Collapse -
FCC may put cable, Net phones under wiretap rule
Aug 4, 2004 8:03AM PDT

The Federal Communications Commission plans to propose a ruling Wednesday that would require Internet-based phone and broadband services to design their networks so they can be easily wiretapped, two FCC officials say.

More...

Well, looks like this is back in the news. I don't know how they think they'll accomplish this but you can bet it will sure cost the rest of us a bunch of money for them to try...

- Collapse -
walkie-talkie services?!?!?
Aug 4, 2004 10:35AM PDT

Not that I have anything to hide but .....

.

- Collapse -
Re: walkie-talkie services?!?!?
Aug 4, 2004 1:13PM PDT
Not that I have anything to hide but .....

If you did then you could just do this and not worry about prying eyes. That's why it makes no sense to try to design the technology so that it can be tapped. As encryption continues to advance further and further wiretapping becomes more and more obsolete as a crime fighting solution.

- Collapse -
Re: walkie-talkie services?!?!?
Aug 4, 2004 11:31PM PDT

Hi, Clay.

>>As encryption continues to advance further and further wiretapping becomes more and more obsolete as a crime fighting solution.<<
True. But the Republicans' answer is to try to ban the technology. How can you possible be voting for Big Brother? Bush and co are trying to regulate every aspect of our lives, from the bank to the bedroom, and the Republicans and libertarians are sitting still for it.
"Please sir, may I have another?"

-- Dave K, Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
Another BS Alert!
Aug 5, 2004 3:40AM PDT
True. But the Republicans' answer is to try to ban the technology. How can you possible be voting for Big Brother?

Your faulty memory is getting you aagain Dave. It was a DEMOCRAT Admin and Congress that initially tried banning encryption then tried limiting the strength of the encryption.

Bush and co are trying to regulate every aspect of our lives, from the bank to the bedroom, and the Republicans and libertarians are sitting still for it.


Humorous but totally inaccurate. How about if Republicans legislate to RESTRICT the use of encryption to once a month or requiring anyone who wants to use it to register with the govenrment and exclude all felons and those accused at any time of domestic violence? Require those who wish to make use of encryption to obtain permission through local law enforcement agencies? Would you be for it then as those are tactics for which you have personally voiced strong approval over the years?

Encryption is not even a Constitutionally guaranteed right Dave but you are an ardent supporter of suppressing such rights.

- Collapse -
Curious
Aug 5, 2004 2:27PM PDT

What would be the situation and how would it be handled if encryption was outlawed, yet people did it anyway?

They couldn't be forced to decrypt it without violating their 5th amendment rights. Without it being decrypted, the only charge that could stick is they sent an illegible communication, at least not readable by government agents. What should the penalty be for doing so?

- Collapse -
Re: Curious
Aug 6, 2004 1:46AM PDT

You get picked up by unidentified Federal officers and sent to an undisclosed location overseas without notifying any legal representation or oversight organizations.

Keep asking in an open forum and you'll hear a knock on your door.

Dan

.

- Collapse -
Re: Curious
Aug 6, 2004 2:31AM PDT
What would be the situation and how would it be handled if encryption was outlawed, yet people did it anyway?

How could they prove it was encrypted? It could just be gibberish. I have posted gibberish here before and noone knew what it was...

- Collapse -
Re: Curious
Aug 6, 2004 3:29AM PDT

Hi, Clay.

>>I have posted gibberish here before and noone knew what it was...<<
Not so -- it's just pointing out that your political posts are mostly gibberish might be considered a personal attack and hence against the TOS!

-- Dave K.
Speakeasy Moderator
click here to email semods4@yahoo.com

The opinions expressed above are my own,
and do not necessarily reflect those of CNET!

- Collapse -
Difficult to say exactly...
Aug 6, 2004 3:21AM PDT

as there are so many potential situations but one would be to simply require that, on a similar order to Googlemail or even spam filters, the text of messages be determined as human readable (using dictionary words and grammar checking) rather than the "giberish" of typical encryption. The mail server could simply bounce the message back without passing it on if it wasn't.

Same could be done for VOIP which is where most of the proposed legislation is actually aimed.

There would need be no penalty other than that of having encrypted messages go unsent. "Authorized" users could be so authorized by providing their carrier with the necessary backdoor keys.

Couldn't be "forced" to divulge the contents but could be instructed by the courts to "go forth and sin no more" with follow up encrypted attempts being punishable as contempt of court (just one quick and simple method).

Might even be helpful with SPAM as lots of it is being sent and getting through filters because of the giberish used. Devil

- Collapse -
Re: Difficult to say exactly...
Aug 6, 2004 3:37AM PDT
...but one would be to simply require that, on a similar order to Googlemail or even spam filters, the text of messages be determined as human readable (using dictionary words and grammar checking) rather than the "giberish" of typical encryption.

That would also require the prohibition of pictures and other binary files that normally appear as gibberish. Of course, if pictures are permitted then I could always use steganography to embed my encrypted message. If you think the drug war is expensive just wait until you find what it would cost to wage a war on technology. The government would find itself bankrupt in a hurry...



- Collapse -
No it wouldn't because....
Aug 7, 2004 4:39AM PDT

mime is a well understood and documented encryption that requires no keys to "unlock". Same with binary attachments of an executable sort or a specific programs format.

All easily (some more, some less) handled by the same software. Steganography wouldn't work to bypass because all embedded portions of a graphic can be separated out such as comments, copyrights, dates, formats, etc and all are in plain text when such is done--any still encrypted would be problematic thus causing a bounce.

By the way, if you are "into" graphics and watermarking/commenting you might be interested in downloading and making use of ImageMagick http://www.imagemagick.org/

Mime tools are a dime a dozen so no need to provide any links.

- Collapse -
A simple encryption scheme
Aug 7, 2004 5:44AM PDT

is to type a text document and then zip it, but put a different file ending other than ".zip" on it. It stops casual reading of emails passing through the system, even more it interferes with those information gathering systems along the route that sells information that certain key words are important if used in spam to certain email addresses. Ever send out email on a subject, especially if unusual, then within a week start getting spam with keywords that HAD to be related to that email?

- Collapse -
All right then....
Aug 7, 2004 6:50AM PDT
Here are 2 images that look alike. One of them contains a hidden text message embedded in the gif file. Either is an image you might find used as a background image at many websites. For your benefit I did not encrypt the message but it is embedded in a manner that you will not find it with a hex editor. It is also done in a manner which does not change the filesize. If you dare, please tell us which image contains a message, what that message is and how it would be automatically detected and bounced by the email server software.

- Collapse -
Re: All right then....
Aug 11, 2004 7:45AM PDT

All right Clay.

While I am not one who would just sit down and whip up a program to do the checking the "message" is hidden in b.gif and after compressing the "message" is only 76 bytes. What compression algorithm did you use?

I don't know what compression you opted for but the "message" is concealed in the beginning of the graphic after the graphic header info, and

q+v
r7CwsLGxsbKysrOzs7S0tLW1tba2tre3t7i4uLm5ubq6uru7u7y8vL29vb6+vr+/v8DAwMHB
wcLCwsPDw8TExMXFxcbGxsfHx8jIyMnJycrKysvLy8zMzM3Nzc7Ozs/Pz9DQ0NHR0dLS0tPT
09TU1NXV1dbW1tfX19jY2NnZ2dra2tvb29zc3N3d3d7e3t/f3+Dg4OHh4eLi4uPj4+Tk5OXl
5ebm5ufn5+jo6Onp6erq6uvr6+zs7O3t7e7u7u/v7/Dw8PHx8fLy8vPz8/T09PX19fb29vf3
9/j4+Pn5+fr6+vv7+/z8/P39/f7+/v///yw

is not in "dictionary readable text" and would likely be what was "looked for" to bounce.

How would it be detected and bounced? That would pretty much be up to the brainchild who does sit down and write the program to "sniff" the mail.

This does get away from the main thrust of the proposed changes though as they are pointedly directed pretty much at VOIP and IP packet sniffers abound.

I am Cav, not G2 so the specific "message" eludes me but you can go ahead and admit it was b.gif that contains the "message".

- Collapse -
Re: All right then....
Aug 11, 2004 12:52PM PDT

Well. It is b.gif but the message is not compressed and is only 45 bytes long. The message is not embedded after the header or anywhere else in the file. Some of the bits of the file are simply rearranged in a fashion to represent the message contained within. The file is a legitimate GIF89A file that meets the GIF89A specification in all respects so I don't know how you think someone will detect that the byte arrangement means anything that is worthy of censorship. Right now you only know it's the b.gif because I told you so, not by the accuracy of your detective work. If you care to look some more, the background image of that page also contains the same message. It is simply a tiled white image that is intended to make the page look like it has no background. FWIW, the stego used on these images is not LSB steganography. Let me know if you'd like a hint...

- Collapse -
Re: All right then....
Aug 12, 2004 4:52AM PDT

No Clay, I knew it was the B.gif for the reasons I gave.

1. The b.gif is a larger file AND
2. despite you saying no compression it (and other GIF 89 and 89A files) utilizes Lempel-Ziv-Welch compression--just a fact of life with the GIF graphic.

From 0000021A (where AF becomes F0) through 000284C3 (where 3B becomes 2Cool the files differ and the giveaway was the larger size. If you really think they are the same size, try running a.gif and b.gif through your command line FC (file compare) utility in a Command Prompt (use fc /b /c a.gif b.gif > ab-gif.txt or if you are using Linux try diff or cmp)

Try mpack on each and you can see quite a difference and it makes the file size differentiation even more apparent.

Clay, the tools are at hand to defeat any security measure and this causes the tools to defeat those tools to be created. I am not the "Braniac" who sits down and creates such tools but they are already at hand.

There is no need for the software to decrypt any messages, just to "see" inconsistencies and anomalies and reject for cause. (Things like encrypted documentation having a flat histogram which provides a unique signature of the randomization of characters which makes a pretty efficient test for encryption without necessitating decryption.) Other things such as the file size like I used provide other clues although color palate is possibly a better giveaway. Stego relies on passwords so dictionary attacks are useful. Matter of fact signature scanning similar to that for virus is pretty useful in detecting messages or other pictures hidden in a graphic. For that matter one can use a gif animator to see differences in files but this does require access to the original file--the most noticeable difference is usually in the larger palate for the graphic with the hidden text or picture.

Since LSB would have minimal impact on the graphic far as color and quality (main reason it is normally used as the transport layer), yes I would be interested in the methodology as MSB is generally pretty noticeable.

Right now Clay few look for messages or embedded graphics in a graphic file but the same was true of a virus before they became widespread--now AV checking is a cottage industry.

- Collapse -
Re: All right then....
Aug 12, 2004 8:42AM PDT

Actually I set you up with a method that is undetectable. Had I given you only b.gif you would not be able to say that it did or did not contain an embedded message so you would have no criteria to bounce someone's mail that contained that image. The method used involves shuffling the color map(s) contained in the gif file. Because these maps have no right or wrong order you can change the order so that it represents information you want to convey to someone else. In the test file the message is the difference of the global color table sort as contained in the gif file and the global color table sorted by shade of gray.

This is why the white background image I used can be stegoed. You can't do that with LSB steganography. The white image started with 256 shades of gray sorted by luminance. Looking at the palette order now will show it to look like there is no order but that is OK since there is no required palette order to begin with.

FWIW, LSB steganography is accurately detectable. You cannot necessarily recover the embedded message but you can accurately determine that an embedded message exists. You cannot say the same for palette order steganography at this time. If you come up with a method to do so there would be plenty of people interested to know how. Until then those images will pass.

This was also an example of only one method of sending hidden messages. As a programmer you can do lots to hide messages in compiled executables. Just do a search on computer Easter eggs to find a whole range of embedded information that is not autodetectable...