http://www.pcworld.com/resource/pri...d,110841,00.asp

PGP Encryption Proves Powerful

If the police and FBI can't crack the code, is the technology too
strong?

Philip Willan, IDG News Service Monday, May 26, 2003

ROME -- Italian police have seized at least two Psion personal
digital assistants from members of the Red Brigades terrorist
organization. But the major investigative breakthrough they were
hoping for as a result of the information contained on the devices
has failed to materialize--thwarted by encryption software used by
the left-wing revolutionaries.

Failure to crack the code, despite the reported assistance of U.S.
Federal Bureau of Investigation computer experts, puts a spotlight on
the controversy over the wide availability of powerful encryption
tools.

The Psion devices were seized on March 2 after a shootout on a train
traveling between Rome and Florence, Italian media and sources close
to the investigation said. The devices, believed to number two or
three, were seized from Nadia Desdemona Lioce and her Red Brigades
comrade Mario Galesi, who was killed in the shootout. An Italian
police officer was also killed. At least one of the devices contains
information protected by encryption software and has been sent for
analysis to the FBI facility in Quantico, Virginia, news reports and
sources said.

The FBI declined to comment on ongoing investigations, and Italian
authorities would not reveal details about the information or
equipment seized during the shootout. Pretty Good Privacy

The software separating the investigators from a potentially
invaluable mine of information about the shadowy terrorist group,
which destabilized Italy during the 1970s and 1980s and revived its
practice of political assassination four years ago after a decade of
quiescence, was PGP (Pretty Good Privacy), the Rome daily La
Repubblica reported. So far the system has defied all efforts to
penetrate it, the paper said.

Palm-top devices can only run PGP if they use the Palm OS or Windows
CE operating systems, said Phil Zimmermann, who developed the
encryption software in the early 1990s. Psion uses its own operating
system known as Epoc, but it might still be possible to use PGP as a
third party add-on, a spokesperson for the British company said.

There is no way that the investigators will succeed in breaking the
code with the collaboration of the current manufacturers of PGP, the
Palo Alto, California-based PGP, Zimmermann said in a telephone
interview.

"Does PGP have a back door? The answer is no, it does not," he said.
"If the device is running PGP it will not be possible to break it
with cryptanalysis alone."

Investigators would need to employ alternative techniques, such as
looking at the unused area of memory to see if it contained remnants
of plain text that existed before encryption, Zimmermann said.
Privacy vs. Security

The investigators' failure to penetrate the PDA's encryption provides
a good example of what is at stake in the privacy-versus-security
debate, which has been given a whole new dimension by the September
11 terrorist attacks in the U.S.

Zimmermann remains convinced that the advantages of PGP, which was
originally developed as a human rights project to protect individuals
against oppressive governments, outweigh the disadvantages.

"I'm sorry that cryptology is such a problematic technology, but
there is nothing we can do that will give this technology to everyone
without also giving it to the criminals," he said. "PGP is used by
every human rights organization in the world. It's something that's
used for good. It saves lives."

Nazi Germany and Stalin's Soviet Union are examples of governments
that had killed far more people than all the world's criminals and
terrorists combined, Zimmermann said. It was probably technically
impossible, Zimmermann said, to develop a system with a back door
without running the risk that the key could fall into the hands of a
Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
Yugoslavia, respectively.

"A lot of cryptographers wracked their brains in the 1990s trying to
devise strategies that would make everyone happy and we just couldn't
come up with a scheme for doing it," he said.

"I recognize we are having more problems with terrorists now than we
did a decade ago. Nonetheless the march of surveillance technology is
giving ever increasing power to governments. We need to have some
ability for people to try to hide their private lives and get out of
the way of the video cameras," he said. More Good Than Harm?

Even in the wake of September 11, Zimmermann retains the view that
strong cryptography does more good for a democracy than harm. His
personal website, PhilZimmerman.com, contains letters of appreciation
from human rights organizations that have been able to defy intrusion
by oppressive governments in Guatemala and Eastern Europe thanks to
PGP. One letter describes how the software helped to protect an
Albanian Muslim woman who faced an attack by Islamic extremists
because she had converted to Christianity.

Zimmermann said he had received a letter from a Kosovar man living in
Scandinavia describing how the software had helped the Kosovo
Liberation Army (KLA) in its struggle against the Serbs. On one
occasion, he said, PGP-encrypted communications had helped to
coordinate the evacuation of 8,000 civilians trapped by the Serbs in
a Kosovo valley. "That could have turned into another mass grave,"
Zimmermann said.

Italian investigators have been particularly frustrated by their
failure to break into the captured Psions because so little is known
about the new generation of Red Brigades. Their predecessors left a
swathe of blood behind them, assassinating politicians, businessmen,
and security officials and terrorizing the population by
"knee-capping," or shooting in the legs, perceived opponents. Since
re-emerging from the shadows in 1999 they have shot dead two
university professors who advised the government on labor law reform.
Cracking the Code

Zimmermann is not optimistic about the investigators' chances of
success. "The very best encryption available today is out of reach of
the very best cryptanalytic methods that are known in the academic
world, and it's likely to continue that way," he said.

Sources close to the investigation have suggested that they may even
have to turn to talented hackers for help in breaking into the seized
devices. One of the magistrates coordinating the inquiry laughed at
mention of the idea. "I can't say anything about that," he said.

The technical difficulty in breaking PGP was described by an expert
witness at a trial in the U.S. District Court in Tacoma, Washington,
in April 1999. Steven Russelle, a detective with the Portland Police
Bureau, was asked to explain what he meant when he said it was not
"computationally feasible" to crack the code. "It means that in terms
of today's technology and the speed of today's computers, you can't
put enough computers together to crack a message of the kind that
we've discussed in any sort of reasonable length of time," he told
the court.

Russelle was asked whether he was talking about a couple of years or
longer. "We're talking about millions of years," he replied.

[ Post a follow-up to this message ]

Thrasher Remailer <thrasher@reece.net.au> writes:

>http://www.pcworld.com/resource/pri...d,110841,00.asp

>PGP Encryption Proves Powerful

>If the police and FBI can't crack the code, is the technology too
>strong?

>Philip Willan, IDG News Service Monday, May 26, 2003

>ROME -- Italian police have seized at least two Psion personal
>digital assistants from members of the Red Brigades terrorist
>organization. But the major investigative breakthrough they were
>hoping for as a result of the information contained on the devices
>has failed to materialize--thwarted by encryption software used by
>the left-wing revolutionaries.

>Failure to crack the code, despite the reported assistance of U.S.
>Federal Bureau of Investigation computer experts, puts a spotlight on
>the controversy over the wide availability of powerful encryption
>tools.

That the police are disappointed is not reason why the laws should change.
They would also have been disappointed if the device was not present.
Should we now have a law that everything anyone does must be kept as a
database on a PDA always carried by the person? That would be wonderful for
the police. And the police would be disappointed if they got our PDA and
did not find that information on the device. But is that justification for
a new law?



>The Psion devices were seized on March 2 after a shootout on a train
>traveling between Rome and Florence, Italian media and sources close
>to the investigation said. The devices, believed to number two or
>three, were seized from Nadia Desdemona Lioce and her Red Brigades
>comrade Mario Galesi, who was killed in the shootout. An Italian
>police officer was also killed. At least one of the devices contains
>information protected by encryption software and has been sent for
>analysis to the FBI facility in Quantico, Virginia, news reports and
>sources said.

>The FBI declined to comment on ongoing investigations, and Italian
>authorities would not reveal details about the information or
>equipment seized during the shootout. Pretty Good Privacy

>The software separating the investigators from a potentially
>invaluable mine of information about the shadowy terrorist group,
>which destabilized Italy during the 1970s and 1980s and revived its
>practice of political assassination four years ago after a decade of
>quiescence, was PGP (Pretty Good Privacy), the Rome daily La
>Repubblica reported. So far the system has defied all efforts to
>penetrate it, the paper said.

And they know this is an invaluable mine of information how?



>Palm-top devices can only run PGP if they use the Palm OS or Windows
>CE operating systems, said Phil Zimmermann, who developed the
>encryption software in the early 1990s. Psion uses its own operating
>system known as Epoc, but it might still be possible to use PGP as a
>third party add-on, a spokesperson for the British company said.

Of course it is.

>There is no way that the investigators will succeed in breaking the
>code with the collaboration of the current manufacturers of PGP, the
>Palo Alto, California-based PGP, Zimmermann said in a telephone
>interview.

Well, he would wouldn;t he.



>"Does PGP have a back door? The answer is no, it does not," he said.
>"If the device is running PGP it will not be possible to break it
>with cryptanalysis alone."

And he knows this how? Yes, we all believe it to be true, but obviously do
not know it to be true. Also the investigators would NOT reveal that they
had broken it even if they had. It is far far far too valuable a piece of
info to be revealed simply in order to fish for possible info on the
RedBrigade. Now, we may discover in the next year that somehow the police
have discovered a number of very useful things about the RedBrigade but it
will have nothing to do with this discover of the PDA at all.



>Investigators would need to employ alternative techniques, such as
>looking at the unused area of memory to see if it contained remnants
>of plain text that existed before encryption, Zimmermann said.
>Privacy vs. Security

>The investigators' failure to penetrate the PDA's encryption provides
>a good example of what is at stake in the privacy-versus-security
>debate, which has been given a whole new dimension by the September
>11 terrorist attacks in the U.S.

It demonstrates nothing of the kind.


>Zimmermann remains convinced that the advantages of PGP, which was
>originally developed as a human rights project to protect individuals
>against oppressive governments, outweigh the disadvantages.

>"I'm sorry that cryptology is such a problematic technology, but
>there is nothing we can do that will give this technology to everyone
>without also giving it to the criminals," he said. "PGP is used by
>every human rights organization in the world. It's something that's
>used for good. It saves lives."

>Nazi Germany and Stalin's Soviet Union are examples of governments
>that had killed far more people than all the world's criminals and
>terrorists combined, Zimmermann said. It was probably technically
>impossible, Zimmermann said, to develop a system with a back door
>without running the risk that the key could fall into the hands of a
>Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
>Yugoslavia, respectively.

>"A lot of cryptographers wracked their brains in the 1990s trying to
>devise strategies that would make everyone happy and we just couldn't
>come up with a scheme for doing it," he said.

>"I recognize we are having more problems with terrorists now than we
>did a decade ago. Nonetheless the march of surveillance technology is
>giving ever increasing power to governments. We need to have some
>ability for people to try to hide their private lives and get out of
>the way of the video cameras," he said. More Good Than Harm?

>Even in the wake of September 11, Zimmermann retains the view that
>strong cryptography does more good for a democracy than harm. His
>personal website, PhilZimmerman.com, contains letters of appreciation
>from human rights organizations that have been able to defy intrusion
>by oppressive governments in Guatemala and Eastern Europe thanks to
>PGP. One letter describes how the software helped to protect an
>Albanian Muslim woman who faced an attack by Islamic extremists
>because she had converted to Christianity.

>Zimmermann said he had received a letter from a Kosovar man living in
>Scandinavia describing how the software had helped the Kosovo
>Liberation Army (KLA) in its struggle against the Serbs. On one
>occasion, he said, PGP-encrypted communications had helped to
>coordinate the evacuation of 8,000 civilians trapped by the Serbs in
>a Kosovo valley. "That could have turned into another mass grave,"
>Zimmermann said.

>Italian investigators have been particularly frustrated by their
>failure to break into the captured Psions because so little is known
>about the new generation of Red Brigades. Their predecessors left a
>swathe of blood behind them, assassinating politicians, businessmen,
>and security officials and terrorizing the population by
>"knee-capping," or shooting in the legs, perceived opponents. Since
>re-emerging from the shadows in 1999 they have shot dead two
>university professors who advised the government on labor law reform.
>Cracking the Code

>Zimmermann is not optimistic about the investigators' chances of
>success. "The very best encryption available today is out of reach of
>the very best cryptanalytic methods that are known in the academic
>world, and it's likely to continue that way," he said.

>Sources close to the investigation have suggested that they may even
>have to turn to talented hackers for help in breaking into the seized
>devices. One of the magistrates coordinating the inquiry laughed at
>mention of the idea. "I can't say anything about that," he said.

>The technical difficulty in breaking PGP was described by an expert
>witness at a trial in the U.S. District Court in Tacoma, Washington,
>in April 1999. Steven Russelle, a detective with the Portland Police
>Bureau, was asked to explain what he meant when he said it was not
>"computationally feasible" to crack the code. "It means that in terms
>of today's technology and the speed of today's computers, you can't
>put enough computers together to crack a message of the kind that
>we've discussed in any sort of reasonable length of time," he told
>the court.

>Russelle was asked whether he was talking about a couple of years or
>longer. "We're talking about millions of years," he replied.


A real expert!
This is an almost completely vacuous piece. Given the premise, ( A pda
belonging to a RedBrigade member was found containing encryption) any of us
could have written the rest of the article without another scrap of
information or knowledge.

[ Post a follow-up to this message ]

In article <I1UND7JY38525.1808796296@reece.net.au>, Thrasher Remailer
<thrasher@reece.net.au> writes
>http://www.pcworld.com/resource/pri...d,110841,00.asp
>
>PGP Encryption Proves Powerful
>
>If the police and FBI can't crack the code, is the technology too
>strong?
>
>Philip Willan, IDG News Service Monday, May 26, 2003
>
>ROME -- Italian police have seized at least two Psion personal
>digital assistants from members of the Red Brigades terrorist
>organization. But the major investigative breakthrough they were
>hoping for as a result of the information contained on the devices
>has failed to materialize--thwarted by encryption software used by
>the left-wing revolutionaries.
>
>Failure to crack the code, despite the reported assistance of U.S.
>Federal Bureau of Investigation computer experts, puts a spotlight on
>the controversy over the wide availability of powerful encryption
>tools.


This does not mean that they did not crack the code.

For many reasons the Italians & FBI may not want the criminals to know
it has been cracked.

For many other and many similar reasons the FBI may have cracked the
code and retrieved the data but not want the Italians to know that they
have cracked the code.

There are reasons why the FBI may hay have cracked the code but not want
anyone outside the FBI to know this.

>"Does PGP have a back door? The answer is no, it does not," he said.
>"If the device is running PGP it will not be possible to break it
>with cryptanalysis alone."

In the interests of survival and or national security people will say
anything.  His statement may be true or it may not. He may believe his
statement to be correct weather it is would be a different matter.


--
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
\/\/\/\/\ Chris Hills  Staffs  England     /\/\/\/\/
/\/\/ chris@phaedsys.org      www.phaedsys.org \/\/\
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

[ Post a follow-up to this message ]

On Tue, 21 Jun 2005 23:39:45 +0100, Chris Hills <chris@phaedsys.org> wrote:

>In article <I1UND7JY38525.1808796296@reece.net.au>, Thrasher Remailer
><thrasher@reece.net.au> writes 
>
>
>This does not mean that they did not crack the code.
>
>For many reasons the Italians & FBI may not want the criminals to know
>it has been cracked.
>
>For many other and many similar reasons the FBI may have cracked the
>code and retrieved the data but not want the Italians to know that they
>have cracked the code.
>
>There are reasons why the FBI may hay have cracked the code but not want
>anyone outside the FBI to know this.
> 
>
>In the interests of survival and or national security people will say
>anything.  His statement may be true or it may not. He may believe his
>statement to be correct weather it is would be a different matter.

Interesting thoughts, but not likely. The best and the brightest of the
government employees working in crypto were schooled in it by the best and
the brightest of college professors. MIT and so on.

The scholars have not succeeded in breaking it. What makes you think others
have?

A fortune awaits some professor of crypto if he can break it. Simply not
possible if you have some understanding of math.

Regards,
Argyle

BTW, unfortunately some of our fellows in the world are not so lucky as we
in the US. In the UK, I believe I had read you must turn over the keys to an
encrypted message or face jail. If it was so easy to break, there would not
be a need for such a law.
Regards,
Argyle

[ Post a follow-up to this message ]

On Tue, 21 Jun 2005, Argyle <argyle@nospam> wrote:
>On Tue, 21 Jun 2005 23:39:45 +0100, Chris Hills <chris@phaedsys.org> wrote:
> 
>
>Interesting thoughts, but not likely. The best and the brightest of the
>government employees working in crypto were schooled in it by the best and
>the brightest of college professors. MIT and so on.
>
>The scholars have not succeeded in breaking it. What makes you think others
>have?
>
>A fortune awaits some professor of crypto if he can break it. Simply not
>possible if you have some understanding of math.
>
>Regards,
>Argyle

And therein lies the trouble. The people who smugly insist "The government
can break your little secret code" have no understanding of the math behind
it at all.

And when you try to explain to them that even with the fastest processors
available today, we are talking on the scale of ***millions of years*** to
brute force a single message, their stupid cow-like eyes glaze over as the
begin remebering the latest "Seinfeld" or "Everybody Loves Raymond"
episode.  It's a complete waste of time. The average idiot on the street
may or may not even know what a "prime number" is.





>
>BTW, unfortunately some of our fellows in the world are not so lucky as we
>in the US. In the UK, I believe I had read you must turn over the keys to a
n
>encrypted message or face jail. If it was so easy to break, there would not
>be a need for such a law.
>Regards,
>Argyle

[ Post a follow-up to this message ]

On Wed, 22 Jun 2005 04:20:03 +0200 (CEST), Nomen Nescio <nobody@dizum.com>
wrote:

>On Tue, 21 Jun 2005, Argyle <argyle@nospam> wrote: 
>
>And therein lies the trouble. The people who smugly insist "The government
>can break your little secret code" have no understanding of the math behind
>it at all.
>
>And when you try to explain to them that even with the fastest processors
>available today, we are talking on the scale of ***millions of years*** to
>brute force a single message, their stupid cow-like eyes glaze over as the
>begin remebering the latest "Seinfeld" or "Everybody Loves Raymond"
>episode.  It's a complete waste of time. The average idiot on the street
>may or may not even know what a "prime number" is.
>

I learned what a prime number was back in high school. I have been around
for awhile. I suppose they think PGP is simply a Captain Midnight
encoder/decoder ring that you got with Bosco or a few cereal box tabs. I
remember the plastic silver ring, just not how I got it.




Regards,
Argyle

[ Post a follow-up to this message ]

In article <I1UND7JY38525.1808796296@reece.net.au>
Thrasher Remailer <thrasher@reece.net.au> wrote:

**OK, would you like to buy some magic beans??? LOL Boy are you gullible**


> http://www.pcworld.com/resource/pri...d,110841,00.asp
>
> PGP Encryption Proves Powerful
>
> If the police and FBI can't crack the code, is the technology too
> strong?
>
> Philip Willan, IDG News Service Monday, May 26, 2003
>
> ROME -- Italian police have seized at least two Psion personal
> digital assistants from members of the Red Brigades terrorist
> organization. But the major investigative breakthrough they were
> hoping for as a result of the information contained on the devices
> has failed to materialize--thwarted by encryption software used by
> the left-wing revolutionaries.
>
> Failure to crack the code, despite the reported assistance of U.S.
> Federal Bureau of Investigation computer experts, puts a spotlight on
> the controversy over the wide availability of powerful encryption
> tools.
>
> The Psion devices were seized on March 2 after a shootout on a train
> traveling between Rome and Florence, Italian media and sources close
> to the investigation said. The devices, believed to number two or
> three, were seized from Nadia Desdemona Lioce and her Red Brigades
> comrade Mario Galesi, who was killed in the shootout. An Italian
> police officer was also killed. At least one of the devices contains
> information protected by encryption software and has been sent for
> analysis to the FBI facility in Quantico, Virginia, news reports and
> sources said.
>
> The FBI declined to comment on ongoing investigations, and Italian
> authorities would not reveal details about the information or
> equipment seized during the shootout. Pretty Good Privacy
>
> The software separating the investigators from a potentially
> invaluable mine of information about the shadowy terrorist group,
> which destabilized Italy during the 1970s and 1980s and revived its
> practice of political assassination four years ago after a decade of
> quiescence, was PGP (Pretty Good Privacy), the Rome daily La
> Repubblica reported. So far the system has defied all efforts to
> penetrate it, the paper said.
>
> Palm-top devices can only run PGP if they use the Palm OS or Windows
> CE operating systems, said Phil Zimmermann, who developed the
> encryption software in the early 1990s. Psion uses its own operating
> system known as Epoc, but it might still be possible to use PGP as a
> third party add-on, a spokesperson for the British company said.
>
> There is no way that the investigators will succeed in breaking the
> code with the collaboration of the current manufacturers of PGP, the
> Palo Alto, California-based PGP, Zimmermann said in a telephone
> interview.
>
> "Does PGP have a back door? The answer is no, it does not," he said.
> "If the device is running PGP it will not be possible to break it
> with cryptanalysis alone."
>
> Investigators would need to employ alternative techniques, such as
> looking at the unused area of memory to see if it contained remnants
> of plain text that existed before encryption, Zimmermann said.
> Privacy vs. Security
>
> The investigators' failure to penetrate the PDA's encryption provides
> a good example of what is at stake in the privacy-versus-security
> debate, which has been given a whole new dimension by the September
> 11 terrorist attacks in the U.S.
>
> Zimmermann remains convinced that the advantages of PGP, which was
> originally developed as a human rights project to protect individuals
> against oppressive governments, outweigh the disadvantages.
>
> "I'm sorry that cryptology is such a problematic technology, but
> there is nothing we can do that will give this technology to everyone
> without also giving it to the criminals," he said. "PGP is used by
> every human rights organization in the world. It's something that's
> used for good. It saves lives."
>
> Nazi Germany and Stalin's Soviet Union are examples of governments
> that had killed far more people than all the world's criminals and
> terrorists combined, Zimmermann said. It was probably technically
> impossible, Zimmermann said, to develop a system with a back door
> without running the risk that the key could fall into the hands of a
> Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
> Yugoslavia, respectively.
>
> "A lot of cryptographers wracked their brains in the 1990s trying to
> devise strategies that would make everyone happy and we just couldn't
> come up with a scheme for doing it," he said.
>
> "I recognize we are having more problems with terrorists now than we
> did a decade ago. Nonetheless the march of surveillance technology is
> giving ever increasing power to governments. We need to have some
> ability for people to try to hide their private lives and get out of
> the way of the video cameras," he said. More Good Than Harm?
>
> Even in the wake of September 11, Zimmermann retains the view that
> strong cryptography does more good for a democracy than harm. His
> personal website, PhilZimmerman.com, contains letters of appreciation
> from human rights organizations that have been able to defy intrusion
> by oppressive governments in Guatemala and Eastern Europe thanks to
> PGP. One letter describes how the software helped to protect an
> Albanian Muslim woman who faced an attack by Islamic extremists
> because she had converted to Christianity.
>
> Zimmermann said he had received a letter from a Kosovar man living in
> Scandinavia describing how the software had helped the Kosovo
> Liberation Army (KLA) in its struggle against the Serbs. On one
> occasion, he said, PGP-encrypted communications had helped to
> coordinate the evacuation of 8,000 civilians trapped by the Serbs in
> a Kosovo valley. "That could have turned into another mass grave,"
> Zimmermann said.
>
> Italian investigators have been particularly frustrated by their
> failure to break into the captured Psions because so little is known
> about the new generation of Red Brigades. Their predecessors left a
> swathe of blood behind them, assassinating politicians, businessmen,
> and security officials and terrorizing the population by
> "knee-capping," or shooting in the legs, perceived opponents. Since
> re-emerging from the shadows in 1999 they have shot dead two
> university professors who advised the government on labor law reform.
> Cracking the Code
>
> Zimmermann is not optimistic about the investigators' chances of
> success. "The very best encryption available today is out of reach of
> the very best cryptanalytic methods that are known in the academic
> world, and it's likely to continue that way," he said.
>
> Sources close to the investigation have suggested that they may even
> have to turn to talented hackers for help in breaking into the seized
> devices. One of the magistrates coordinating the inquiry laughed at
> mention of the idea. "I can't say anything about that," he said.
>
> The technical difficulty in breaking PGP was described by an expert
> witness at a trial in the U.S. District Court in Tacoma, Washington,
> in April 1999. Steven Russelle, a detective with the Portland Police
> Bureau, was asked to explain what he meant when he said it was not
> "computationally feasible" to crack the code. "It means that in terms
> of today's technology and the speed of today's computers, you can't
> put enough computers together to crack a message of the kind that
> we've discussed in any sort of reasonable length of time," he told
> the court.
>
> Russelle was asked whether he was talking about a couple of years or
> longer. "We're talking about millions of years," he replied.

[ Post a follow-up to this message ]

In article <I1UND7JY38525.1808796296@reece.net.au>
Thrasher Remailer <thrasher@reece.net.au> wrote:

**OK, would you like to buy some magic beans??? LOL Boy are you gullible**


> http://www.pcworld.com/resource/pri...d,110841,00.asp
>
> PGP Encryption Proves Powerful
>
> If the police and FBI can't crack the code, is the technology too
> strong?
>
> Philip Willan, IDG News Service Monday, May 26, 2003
>
> ROME -- Italian police have seized at least two Psion personal
> digital assistants from members of the Red Brigades terrorist
> organization. But the major investigative breakthrough they were
> hoping for as a result of the information contained on the devices
> has failed to materialize--thwarted by encryption software used by
> the left-wing revolutionaries.
>
> Failure to crack the code, despite the reported assistance of U.S.
> Federal Bureau of Investigation computer experts, puts a spotlight on
> the controversy over the wide availability of powerful encryption
> tools.
>
> The Psion devices were seized on March 2 after a shootout on a train
> traveling between Rome and Florence, Italian media and sources close
> to the investigation said. The devices, believed to number two or
> three, were seized from Nadia Desdemona Lioce and her Red Brigades
> comrade Mario Galesi, who was killed in the shootout. An Italian
> police officer was also killed. At least one of the devices contains
> information protected by encryption software and has been sent for
> analysis to the FBI facility in Quantico, Virginia, news reports and
> sources said.
>
> The FBI declined to comment on ongoing investigations, and Italian
> authorities would not reveal details about the information or
> equipment seized during the shootout. Pretty Good Privacy
>
> The software separating the investigators from a potentially
> invaluable mine of information about the shadowy terrorist group,
> which destabilized Italy during the 1970s and 1980s and revived its
> practice of political assassination four years ago after a decade of
> quiescence, was PGP (Pretty Good Privacy), the Rome daily La
> Repubblica reported. So far the system has defied all efforts to
> penetrate it, the paper said.
>
> Palm-top devices can only run PGP if they use the Palm OS or Windows
> CE operating systems, said Phil Zimmermann, who developed the
> encryption software in the early 1990s. Psion uses its own operating
> system known as Epoc, but it might still be possible to use PGP as a
> third party add-on, a spokesperson for the British company said.
>
> There is no way that the investigators will succeed in breaking the
> code with the collaboration of the current manufacturers of PGP, the
> Palo Alto, California-based PGP, Zimmermann said in a telephone
> interview.
>
> "Does PGP have a back door? The answer is no, it does not," he said.
> "If the device is running PGP it will not be possible to break it
> with cryptanalysis alone."
>
> Investigators would need to employ alternative techniques, such as
> looking at the unused area of memory to see if it contained remnants
> of plain text that existed before encryption, Zimmermann said.
> Privacy vs. Security
>
> The investigators' failure to penetrate the PDA's encryption provides
> a good example of what is at stake in the privacy-versus-security
> debate, which has been given a whole new dimension by the September
> 11 terrorist attacks in the U.S.
>
> Zimmermann remains convinced that the advantages of PGP, which was
> originally developed as a human rights project to protect individuals
> against oppressive governments, outweigh the disadvantages.
>
> "I'm sorry that cryptology is such a problematic technology, but
> there is nothing we can do that will give this technology to everyone
> without also giving it to the criminals," he said. "PGP is used by
> every human rights organization in the world. It's something that's
> used for good. It saves lives."
>
> Nazi Germany and Stalin's Soviet Union are examples of governments
> that had killed far more people than all the world's criminals and
> terrorists combined, Zimmermann said. It was probably technically
> impossible, Zimmermann said, to develop a system with a back door
> without running the risk that the key could fall into the hands of a
> Saddam Hussein or a Slobodan Milosevic, the former heads of Iraq and
> Yugoslavia, respectively.
>
> "A lot of cryptographers wracked their brains in the 1990s trying to
> devise strategies that would make everyone happy and we just couldn't
> come up with a scheme for doing it," he said.
>
> "I recognize we are having more problems with terrorists now than we
> did a decade ago. Nonetheless the march of surveillance technology is
> giving ever increasing power to governments. We need to have some
> ability for people to try to hide their private lives and get out of
> the way of the video cameras," he said. More Good Than Harm?
>
> Even in the wake of September 11, Zimmermann retains the view that
> strong cryptography does more good for a democracy than harm. His
> personal website, PhilZimmerman.com, contains letters of appreciation
> from human rights organizations that have been able to defy intrusion
> by oppressive governments in Guatemala and Eastern Europe thanks to
> PGP. One letter describes how the software helped to protect an
> Albanian Muslim woman who faced an attack by Islamic extremists
> because she had converted to Christianity.
>
> Zimmermann said he had received a letter from a Kosovar man living in
> Scandinavia describing how the software had helped the Kosovo
> Liberation Army (KLA) in its struggle against the Serbs. On one
> occasion, he said, PGP-encrypted communications had helped to
> coordinate the evacuation of 8,000 civilians trapped by the Serbs in
> a Kosovo valley. "That could have turned into another mass grave,"
> Zimmermann said.
>
> Italian investigators have been particularly frustrated by their
> failure to break into the captured Psions because so little is known
> about the new generation of Red Brigades. Their predecessors left a
> swathe of blood behind them, assassinating politicians, businessmen,
> and security officials and terrorizing the population by
> "knee-capping," or shooting in the legs, perceived opponents. Since
> re-emerging from the shadows in 1999 they have shot dead two
> university professors who advised the government on labor law reform.
> Cracking the Code
>
> Zimmermann is not optimistic about the investigators' chances of
> success. "The very best encryption available today is out of reach of
> the very best cryptanalytic methods that are known in the academic
> world, and it's likely to continue that way," he said.
>
> Sources close to the investigation have suggested that they may even
> have to turn to talented hackers for help in breaking into the seized
> devices. One of the magistrates coordinating the inquiry laughed at
> mention of the idea. "I can't say anything about that," he said.
>
> The technical difficulty in breaking PGP was described by an expert
> witness at a trial in the U.S. District Court in Tacoma, Washington,
> in April 1999. Steven Russelle, a detective with the Portland Police
> Bureau, was asked to explain what he meant when he said it was not
> "computationally feasible" to crack the code. "It means that in terms
> of today's technology and the speed of today's computers, you can't
> put enough computers together to crack a message of the kind that
> we've discussed in any sort of reasonable length of time," he told
> the court.
>
> Russelle was asked whether he was talking about a couple of years or
> longer. "We're talking about millions of years," he replied.

[ Post a follow-up to this message ]

Unruh writes:

> And he knows this how? Yes, we all believe it to be true, but obviously do
> not know it to be true.

If the world's best cryptanalysts have not cracked it, it's unlikely
that an unskilled police investigator will magically stumble upon a
successful crack.

> Also the investigators would NOT reveal that they had broken it
> even if they had. It is far far far too valuable a piece of
> info to be revealed simply in order to fish for possible info on the
> RedBrigade.

Police investigators would, because the above would not occur to them.
Additionally, they wouldn't be able to use information obtained by
cracking the encryption in court without revealing that they had cracked
the encryption, and I can't imagine them letting convictions slip away
just to protect some greater objective.

> Now, we may discover in the next year that somehow the police
> have discovered a number of very useful things about the RedBrigade but it
> will have nothing to do with this discover of the PDA at all.

They haven't cracked it, so that won't happen (assuming the encrypted
information would have even helped them in the first place).

> It demonstrates nothing of the kind.

It is strong evidence.  Of course, if you have a crack for the
algorithms used, nothing prevents you from publishing it.

> A real expert!
> This is an almost completely vacuous piece. Given the premise, ( A pda
> belonging to a RedBrigade member was found containing encryption) any of u
s
> could have written the rest of the article without another scrap of
> information or knowledge.

That's because the article was _about_ encrypted information found on a
Red Brigade PDA.  It was not a treatise on cryptography.

--
Transpose gmail and mxsmanic in my e-mail address to reach me directly.

[ Post a follow-up to this message ]

Chris Hills writes:

> This does not mean that they did not crack the code.

True, but they didn't.  They may have gotten past the encryption in
other ways, however.

> There are reasons why the FBI may hay have cracked the code but not want
> anyone outside the FBI to know this.

There are many more reasons why the FBI would not have cracked the code
to begin with.  The algorithms are the strongest part of PGP, so
logically those are the last things that anyone would attack.

> In the interests of survival and or national security people will say
> anything.  His statement may be true or it may not. He may believe his
> statement to be correct weather it is would be a different matter.

The source is available.  Does anyone ever look at it?

--
Transpose gmail and mxsmanic in my e-mail address to reach me directly.

[ Post a follow-up to this message ]