Anti-snooping operating system

[blackh0le]

http://www.newscientist.com/news/pri...?id=ns99992335

---------------------------------

Anti-snooping operating system close to launch


16:28 28 May 02
Will Knight


Computer activists in Britain are close to completing an operating system that could undermine government efforts to the wiretap the internet. The UK Home Office has condemned the project as potentially providing a new tool for criminals.

Electronic communications can be kept private using encryption. But new UK legislation will soon give law enforcers the right to demand encryption keys from anyone suspected of illegal activity.

The Regulation of Investigatory Powers Act (RIPA) was introduced to update UK surveillance laws to include electronic communications. But privacy campaigners say it gives too much power to law enforcers and permits intrusive eavesdropping.

Peter Fairbrother, a mathematician and computer enthusiast, is programming the new operating system, called M-o-o-t. "It is aimed at anybody who's concerned about the government being nosey," he says.


Remote storage


M-o-o-t aims to beat RIPA powers by storing encryption keys and other data overseas, beyond the reach of investigators. No data will be stored on the computer's hardware.

Documents and email messages will be kept on servers outside the UK government's jurisdiction. Communication with these servers will be secured by encryption.

It will be possible to store files on any server that allows encrypted File Transfer Protocol (secure FTP) access. It will even be possible to share files between different servers, meaning that if one server were compromised, this would still not provide a complete file.

M-o-o-t will be almost entirely contained on a CD that will run on most PCs and Macintosh computers. The CD must be placed in a computer at start up and will then load up a graphical user interface, as well as a number of applications including an email client and a word processor. Fairbrother says the system aims to make it easy for anyone to use the suite of tried and tested cryptographic protocols that M-o-o-t combines.


Criminal tool


A spokeswoman for the Home Office dismissed privacy concerns over RIPA and warned that the system could provide criminals with a new tool: "This particular technology could provide the criminally inclined with a tool to further their criminal intent."

She told New Scientist: "Such a device in the wrong hands will do far more to infringe the human rights of innumerable potential victims than a regulated and inspected process such as RIPA could ever allow."

Fairbrother admits that the M-o-o-t might be used by criminals but says there are already more complicated tools available for determined lawbreakers. "The benefits far outweigh the problems," he says.


Master keys


Communication will only be possible with other M-o-o-t users using keys that expire after a single use. "Master" encryption keys will be kept on the remote servers in a format that makes it impossible to distinguish them from random data without the correct password.

This is possible using the Steganographic File System developed by researchers at the University of Cambridge. It stores all data as apparently random information.

"M-o-o-t sounds like a great idea," says Bruce Schneier, security expert and head of US company Counterpane Security. But he adds that extensive testing will be needed to ensure there are no software bugs: "Like any security technology, if you rely on it and it has flaws then you don't have the security you rely on."

RIPA, introduced in July 2000, allows UK police to intercept electronic communications using equipment installed at ISPs. When part three of RIPA is brought into power later in 2002, police will also be able to demand access to message encryption keys. Those who fail to hand over their keys could face a prison sentence.

Fairbrother says a version of M-o-o-t should be ready for testing in the next two weeks. The final product ought to be ready for the introduction of part three of RIPA, he adds.


16:28 28 May 02

Return to news story

© Copyright Reed Business Information Ltd.

---------------------------------

[cwk9]

Good maybe now the military will have something other to run than windows 95.

[The Old Man]

And.... we believe that if Britain asked D.C. for some files off a server in Roanoke, they wouldn't get them? How does the originator, in say London, retrieve his files? If the gov can put him in the slammer for refusing to hand over his pwds or keywords or whatever, then it doesn't seem to matter whether they reside on one continent or another, the originator is still under the jurisdiction of the Home Office. Whether you fire up your original OS or a previous OS or one on a CDRom would seem to make no difference to the law. Or, perhaps i'm missing a big part of the picture here with the MOOT project. :question:

[Tedob1]

excellent point The Old Man. Who outside of the military or criminals would have a need for this kind of encryption?

[Terr]

The right-thinking paranoids of the world of course!

On a more serious note, I believe that the risks of total governmental key escrow far outweigh any percieved benefits. The criminals will just break that law and NOT give their keys up. Simple. :/ What do they have to gain by NOT being in jail by giving the encryption keys? If they DO give the encryption keys, they could be in worse trouble due to the new evidence, if they don't, then they are fine until suspected, in which case there might not be enough evidence to convict them of anything more serious than violating the act.

[Conf1rm3d_K1ll]

Originally posted here by Terr
The right-thinking paranoids of the world of course!

That's me! That's me!

[jcmcb]

I have to Agree with TOM and Tedbo....who needs this other than criminals?

But at the same time I agree with Terr, there is no reason for the Gov't to force people to escrow there passwords...cause then criminals can break into the Gov't and have one stop stealing!

A possible solution: Outlaw the Use of Encrpytion while Commiting a Crime. This will increase the penalties for criminals using encrpytion, but not affect the regular users....hopefully