July 16, 2002
12:22 AM   Subscribe

I used PGP on my old computer, with the Win98 OS. My new system has XP Home, and I've yet to find support for that. Not that I'd hack a gov't site, or admit it in e-mail if I did.

And yes, I do agree that this administration is going apeshit with the vivisection of our civil liberties.
posted by scottymac at 12:34 AM on July 16, 2002

It absolutely blows my mind (and sickens me) to think that a hacker can get life, and a rapist, say five years.

Glad to see we have our priorities set.
posted by Mark at 12:38 AM on July 16, 2002

"Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives," sponsor Lamar Smith, R-Tex., said earlier this year.

Hackers probably could if they wanted to, but they don't. However, these harebrained antics just might stir up something. 'Course our government'll probably love that as it'll just accelerate our development into a police state.
posted by hobbes at 12:44 AM on July 16, 2002

What amaze me is that they still can't figure out the difference between hackers and crackers (no, not the ones that do reverse engineering to help you evaluate a progy longer).
BTW, if you want to use PGP, do yourself a favor and use the international version. If you need explanation as why you shouldn't be using this in the first place.
posted by kush at 1:16 AM on July 16, 2002

Malicious hacking? What, like... trying to get buggy code included in the 2.6 Kernel release?

Oh, wait... I think they mean cracking. An activity mostly participated in (inside America, anyway) by children and childish grown-ups. One part of me really wants to see script-kiddies thrown in prison, but I don't really think it's a plausible course of action.

And, correct me if I'm wrong, isn't all this anti-terror legislation supposed to be levelled at people operating from within 3rd-world countries? Even in the worst-case scenario, they'd be operating from a backbone in Europe or Asia. So why are these laws being passed INSIDE America, rather than through treaties with other nations? This talk about "securing the cyber infrastucture" seems to be more useful from a tax perspective. You don't want people moving funds around without telling the IRS, or without the IRS being able to track said assets.

Oh... that's just my spidey-paranoia kicking in again. Don't mind me.

And sign up for TIPS, while you're at it.
posted by fnord_prefect at 1:18 AM on July 16, 2002

They don't mean script kiddies. What is this, slashdot? They mean "malicious computer hackers". Here's the text in question (that on passage will be incorporated into the US Code):

`(5)(A) if the offender knowingly or recklessly causes or attempts to cause serious bodily injury from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for not more than 20 years, or both; and

`(B) if the offender knowingly or recklessly causes or attempts to cause death from conduct in violation of subsection (a)(5)(A)(i), a fine under this title or imprisonment for any term of years or for life, or both.'.

This doesn't raise the minimum; it doesn't really raise the likelihood that a hacker will be "put away for longer than a murderer". It simply raises the maximum term for what is effectively reckless endangerment in the first instance and homicide or manslaughter in the second. These are serious crimes which deserve serious penalties. News.com was in error when it wrote "promises life terms".

As for the surveillance, this is not Carnivore, d00dz. This is a provision for attacks on specific computers, so that they can immediately, without a court order, put a wiretap on the targeted computer to see who is attacking it. The added provisions, shown as insert/underline:

(1) an emergency situation exists that involves -

(A) immediate danger of death or serious bodily injury to any person; or

(B) conspiratorial activities characteristic of organized crime,

(C) an immediate threat to a national security interest; or

`(D) an ongoing attack on a protected computer (as defined in section 1030) that constitutes a crime punishable by a term of imprisonment greater than one year;'.

that requires the installation and use of a pen register or a trap and trace device before an order authorizing such installation and use can, with due diligence, be obtained, and

(2) there are grounds upon which an order could be entered under this chapter to authorize such installation and use;

may have installed and use a pen register or trap and trace device if, within forty-eight hours after the installation has occurred, or begins to occur, an order approving the installation or use is issued in accordance with section 3123 of this title.

(C) and (D) are the additional provisions for the extant emergency wiretap provision, and note (2) which states that grounds must exist for obtaining a court order.
posted by dhartung at 1:46 AM on July 16, 2002

I'm using GnuPG on my Win XP box using the Win PT frontend and have had no problems. It's strong encryption and OpenPGP compliant. Worth a look.

And kush, it's maybe more neighbourly to explain why the international version of PGP is better to have rather than just adopting a sub-slashdot, snooty attitude.
posted by jackiemcghee at 3:10 AM on July 16, 2002

Is PGPi Freeware still being developed, or is it time to switch to GPG? I don't want to be stuck with a dead-end product.
posted by Mwongozi at 5:01 AM on July 16, 2002

More political anti-terror nonsense.

They've been trying to do this for years and years.

The mindless hoarde chasing mosters with torches.
posted by Dean_Paxton at 5:46 AM on July 16, 2002

Did anyone see this section:

Specify that an existing ban on the "advertisement" of any device that is used primarily for surreptitious electronic surveillance applies to online ads. The prohibition now covers only a "newspaper, magazine, handbill or other publication."

Does that mean the end of the ubiquitous x10.com ads for wireless mini cameras?
posted by Stuart_R at 5:50 AM on July 16, 2002

Mwongozi, because GPG is open source, chances are it will never be a dead end product. Someone will always pick up a project like that if its maintainer wants out.
posted by jackiemcghee at 6:08 AM on July 16, 2002

Of course, we DO already have laws against killing people in the U.S...
posted by ph00dz at 6:24 AM on July 16, 2002

"Until we secure our cyber infrastructure, a few keystrokes and an Internet connection is all one needs to disable the economy and endanger lives"

The emphasis should be on the Until we secure our cyber infrastructure part. Is it just me or does it sound like "we've got no clue about how this works, so we might as well blame it on someone else"? I still remmeber when being responsible meant assuming the consequences of your acts. In my book, if someone set up a system that allows anyone with an internet connection and a few keystrokes to bring death or endangerment, then the person who put up the system is primarily responsible for that flaw and its potential consequences. Ford recalls its cars, it doesn't send the police chasing down the drivers.
posted by magullo at 6:31 AM on July 16, 2002

Hacker means people who do bad things on computers. I know a sub-section of people want to hold on to the term to mean people who enjoy and play with their technology, and would like to offer Cracker to mean what Hacker currently means, but walk up to 20 random strangers and ask them what the word Hacker means. Words change, language evolves.

I would love to use PGP or some varient, but nobody I know currently uses it and I just can't see my mom being able to figure it out. You want PGP, then AOL, Microsoft, Yahoo, Hotmail and a few others will need to build it transparently into the client - no plug ins, no software you have to download, it's just there and it works without thinking about it.
posted by willnot at 7:41 AM on July 16, 2002

willnot: "hacker" is an effective shibboleth; anyone who would be confused by an actual hacker's use of the word wouldn't understand the rest of the conversation anyway.
posted by Mars Saxman at 8:51 AM on July 16, 2002

I've not found PGP to be useful except for file encryption. It makes for great file encryption, but when I started routinely signing messages everyone started complaining.
posted by KirkJobSluder at 8:55 AM on July 16, 2002

Potential PGP users:
1024-bit length keys are considered compromised. (at least by the most paranoid/crypto-aware)
posted by sonofsamiam at 10:27 AM on July 16, 2002

Good point Mars Saxman. You sound like a traveling man.

Dhartung was instructive in posting portions of the law and attempting to quell overreaction.
My problem with this law is the same as my problem with many other recent laws, such as the one about "who is a terrorist", if Ashcroft and company are the ones pushing the buttons then this law should NEVER go into effect.
I had the impression that the right wingers were supposedly advocates of personal freedoms and liberty and opponents of government controls but recently I've seen these same people defending the other goal line in order to support the Dubya regime. I suppose expediency must overrule ideology at times. Go figure.
posted by nofundy at 11:10 AM on July 16, 2002

thanks for the vocab Mars! shibboleth
posted by roboto at 12:00 PM on July 16, 2002

Does that mean the end of the ubiquitous x10.com ads for wireless mini cameras?

Well that wouldn't be so bad, would it?
posted by betobeto at 2:36 PM on July 16, 2002

knowingly or recklessly causes

There's the rub. "Recklessly" is pretty much in the eyes of the beholder. In my hometown, spinning your tires could be considered reckless driving and punishable by fine. The local gendarmerie interpreted the "could be" as "teenage driver". How will the authorities determine recklessness under this law?

The idea behind this bill (punishment of those who maliciously strike at the infrastructure) is laudable, but the execution leaves much to be desired.
posted by joaquim at 10:44 AM on July 17, 2002