afongen

Our servers are getting pounded with what looks like a new worm. Watch out for a file called readme.eml. I don’t know if that file’s necessarily connected with what’s hitting our servers looking for cmd.exe, but I suspect so. We’ll see.

Among the neat new features in Mozilla 0.9.4 is the ability to disable the JavaScript window.open() function on load or unload events. This has the effect of eliminating almost all pop-up or pop-under ads. Yay!

Also, at long last, the Macintosh version lets you change the display font size. Until now you had to do it by setting general font preferences, which is a lot of work just to change the font size on a given page. This function has been available on other platforms for some time, but not on the Mac. At least in the Mac binaries; I’ve never compiled it…although I was beginning to think that I should.

Interesting. Slashdot: Preserve Your Rights Online. “Saturday a small group of people, including U.S. Representative Lynn Rivers, from Michigan’s 13th Congressional District, met in the University of Maryland Baltimore County [UMBC ] library to discuss ways to maintain Americans’ civil liberties despite major pressure to curtail them in the name of ‘fighting terrorism.’ The government does listen, you know, if you speak to the right people in the right way. So here’s a guide, a HOWTO, if you will, that will teach you how to lobby effectively for your Constitutional rights.”

Hmm, I’ve been bumping into some problems with Greymatter, the software that I use to update this site. On the one hand it’s really handy that Greymatter produces the HTML for paragraphs whenever I type two carriage returns. On the other hand, I occasionally want to set a CSS class on a paragraph, or use blockquote, and I don’t like the workarounds that I’ve found. Take a look at the HTML for yesterday’s entry and you’ll see what I mean. Looks like I’ll have to do some tweaking.

To clarify what I was saying yesterday: do I want law enforcement agencies to be able to track terrorists’ communications, decrypting encrypted messages? Absolutely. Do I think that weakening crypto products will help? An emphatic no. Terrorists will find a way to communicate secretly; they won’t care whether it’s legal or not.

History teaches that grave threats to liberty often come in times of urgency, when constitutional rights seem too extravagant to endure.

Justice Thurgood Marshall (1989)

I complained the other day that Congress was looking to mandate that back doors be built into encryption systems, allegedly to help law enforcement agencies combat terrorism. Those in government who are renewing the effort to restrict public crypto are exploiting fear and outrage at the recent tragedy to impose restrictions that endanger personal freedom.

This’ll be far too quick an overview; I just want to get some ideas down.

The basic argument being made is that terrorists and other criminals use encryption to communicate, and Congress wants to put a stop to it. Law enforcement agencies understandably want to be able to intercept and decrypt these communications, so have long asked that “back doors” be built into encryption systems that would allow them to do so. They maintain that this would only be done with court orders and so on. I don’t buy it.

For one thing, the Senate just voted to allow the FBI to monitor net traffic without a warrant. Yep. I’m not an anti-government raving lunatic, but neither am I entirely comfortable with the US government’s track record in respecting the privacy of its citizens. There have been far too many cases of abuse. The increased use of Carnivore, a system for monitoring electronic communications, should be cause enough for worry. And that’s apparently legal.

There is, I understand, a balance to be struck between the freedom gained by living in a society like ours and the implied restrictions on personal freedom. Rousseau gets dull after a while. What distresses me is the necessary outcome of weakening strong crypto and restrictions on government surveillance. I am dreadfully concerned that the recent terrorist attacks are being used as an excuse to abridge basic Constitutional freedoms.

Americans must rethink how to safeguard the country without bartering away the rights and privileges of the free society that we are defending. The temptation will be great in the days ahead to write draconian new laws that give law enforcement agencies – or even military forces – a right to undermine the civil liberties that shape the character of the United States. President Bush and Congress must carefully balance the need for heightened security with the need to protect the constitutional rights of Americans.”

The New York Times (September 12, 2001)

For the moment, though, I will accept the government’s stated good intentions, because they’re almost irrelevant to the issue at hand.

If only the US government is given access to the back doors, what foreign government or company will accept the idea that the US government can decrypt their messages? The same question was raised for decades while the US outlawed export of strong cryptography (a restriction that was removed a couple years ago). Software companies like had a hard time explaining why the encryption available in foreign countries (or in foreign offices of US businesses!) was considerably weaker than what was available in the US. I’m uncomfortable making an economic argument, but consider this: to cripple strong crypto will damage the US’s ability to compete in global markets.

What if back doors are also made available to foreign governments (presumably non-hostile ones)? How can we assume that those governments will remain non-hostile, or will use the back doors with the same protections that the US government promises its citizens? Make easy decryption available like that, and you might as well not have crypto. Again, I don’t think that the business community will like that, much less people like me who want to protect their personal communications. I may not have anything to hide, but that doesn’t mean that I don’t enjoy my privacy.

Really, though, adding back doors and crippling encryption products will not prevent terrorists’ or other criminals’ ability to use strong crypto: they’ll just use what they have now, get it somewhere else, or write their own using freely available algorithms. As has often been quipped, if crypto is outlawed, only outlaws will have crypto.

I plan to watch this very carefully. Email me if you have questions or flames. And use my PGP key.

Mozilla 0.9.4 has been released. Go get it.

Have I been missing something? Has the W3C’s validator code always been out there?

I can see that I’m gonna have to offer an explanation of my comments yesterday about the revitalized anti-crypto efforts in Congress. Later.

Wired: Congress Mulls Stiff Crypto Laws. That is, Congress is seizing the opportunity to start yammering about crippling strong crypto to protect us against terrorists and child pornographers.

O’Reilly’s online book service, Safari, just got better. O’Reilly’s partnered with several other publishers to offer their books online as well. I highly recommend this service.