dslreports logo
 story category
NSA Worried Three Strikes Will Ramp Up Encryption
Which is why we may have not seen U.S. 3 Strikes law yet...

As we mentioned last week, France has started their government-funded effort to prop up the entertainment industry's inability to adapt to the broadband age. They're doing this via the ingenious practice of tracking, stalking and booting P2P users (and future content customers) off of the Internet. The system is expected to ramp up quickly, up to 150,000 IP-addresses per day -- so ISPs (at least those without one foot in the content arena) are justifiably worried about the added costs.

According to Techdirt, U.S. law enforcement is also opposed to France's plan, worried that such severe punishment of P2P users will ramp up encryption use and make surveillance all the more difficult. That could explain why we've yet to see implementation of a three strikes law in the U.S., despite the entertainment industry's heavy influence on Congress and presence within the DOJ.

While U.S. lawmakers love imposing dumb ideas at the behest of the entertainment industry, they may not love it as much as the ability to (sometimes even legally!) spy on people. Of course you have to assume most non-idiotic, organized terrorist organizations or criminals already use encryption while communicating skulduggery, making this kind of a moot point.

Once Uncle Sam realizes this isn't much of a concern, you'll likely see three strikes laws passed in the United States.
view:
topics flat nest 
Joe12345678
join:2003-07-22
Des Plaines, IL

Joe12345678

Member

What about the DOS risk it easy to DOS with poor / fake

What about the DOS risk it easy to DOS with poor / fake copyright clams?
munky99999
Munky
join:2004-04-10
canada

munky99999

Member

Re: What about the DOS risk it easy to DOS with poor / fake

said by Joe12345678:

What about the DOS risk it easy to DOS with poor / fake copyright clams?
Well copyright trolling is going to keep getting worse...

but that's not NSA's issue.
Expand your moderator at work

redxii
Mod
join:2001-02-26
Michigan

1 edit

redxii

Mod

I thought we already had a 3-strike law?

At least according to Cox, Suddenlink, and many other US ISPs...

According to Suddenlink, copyright holders have Suddenlink by the throat and only the copyright holder can decide to reconnect users earlier than 6 months.
gorehound
join:2009-06-19
Portland, ME

gorehound

Member

Re: I thought we already had a 3-strike law?

if they did this it would really piss off a lot of folks here.
and our taxes would foot their bill and that will piss off even more folks.
brianiscool
join:2000-08-16
Tampa, FL

brianiscool

Member

Pirate Bay

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.

FFH5
Premium Member
join:2002-03-03
Tavistock NJ

FFH5

Premium Member

Re: Pirate Bay

said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
How many would go to that trouble? 1% ? Less than 1% ? Most people, even die-hard copyright infringers won't go that far.

Mert
@qwest.net

Mert

Anon

Re: Pirate Bay

swissvpn.net is about $5 a month. Works well.
ross7
join:2000-08-16

1 edit

1 recommendation

ross7 to FFH5

Member

to FFH5
said by FFH5:

said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
How many would go to that trouble? 1% ? Less than 1% ? Most people, even die-hard copyright infringers won't go that far.
So that's the solution to IP megalomania's quandary, eh? Shunning? Who'd a thunkit? How quaint. However, if you are right, will they just STOP CONSUMING as a result? Will the uninformed masses join in the boycott? I sure hope so, because that is what it's going to take to make the Fair Use/First Sale point! Boycott Hollywood product, it's not worth our freedom!

Anyway, I think the file-sharers/infringers would, and must do. Just as I think everyone who wants some semblance of their privacy back will begin to do the same with even routine communications. It is not the public's fault government spooks and entertainment exec's have run amuck (or, is it?). A lot of encryption obfuscation will serve them right, and divert resources away from their illegal wars, dreams of hegemony and domestic dictatorship...

Otherwise, we're going to save a lot on prison infrastructure as 24/7/365 surveillance everywhere, and the "cashless" society obviates the need to actually incarcerate most non-violent citizens in special buildings with armed guards when their, and our, homes, offices and public places will serve the same function at a lower price point. You've already had your mugshot taken by the DMV, and the NSA/CIA/FBI/**IA have your ISP/IP, e-mail messages, telephone conversations, health records and financial information. Hell, we'll even be overpaying for our entertainment to be piped in via the forfeitopoly; satellite, cable, FiOS and *gag* uVerse, just like they want. Oh, wait, that's what we already have...
munky99999
Munky
join:2004-04-10
canada

munky99999 to FFH5

Member

to FFH5
said by FFH5:
said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
How many would go to that trouble? 1% ? Less than 1% ? Most people, even die-hard copyright infringers won't go that far.
Actually ssh tunnels and vpns are starting to be standard offering for many smalltime isps. Uber-cheap vps servers also an offer. Also tons of free vpn services and proxy services.

I suspect it to be much higher then 1%...

sapo
Cruising Down Memory Lane
Premium Member
join:2002-09-16
Sacramento, CA

sapo to FFH5

Premium Member

to FFH5
Us guys on Usenet tend to use SSL so you have a good amount there.
mob (banned)
On the next level..
join:2000-10-07
San Jose, CA

mob (banned) to FFH5

Member

to FFH5
said by FFH5:

said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
How many would go to that trouble? 1% ? Less than 1% ? Most people, even die-hard copyright infringers won't go that far.
I don't use P2P, and I use SSL encrypted VPN tunnels for just about all internet basec activities.

gatorkram
Need for Speed
Premium Member
join:2002-07-22
Winterville, NC

gatorkram to brianiscool

Premium Member

to brianiscool
said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
You still can't hide from the swarm.

Why do people think a simple vpn is going to save them?

You really think some little vpn host, or any host the vpn is running on, won't bow down and give up everything they have when asked for it?

Even if they don't keep logs, obviously vpn providers will co-op with whatever law enforcement asks of them, and get you if they want you.
zolcos
join:2010-05-19
Houghton, MI

zolcos

Member

Re: Pirate Bay

Depends on where they're located.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB

Premium Member

Re: Pirate Bay

said by zolcos:

Depends on where they're located.
Correct! My Cheapie no-logs VPN allows you to use the following countries' VPN servers:
* USA VPN
* Canada VPN
* Mexico VPN
* Panama VPN
* Belize VPN
* South Africa VPN
* Egypt VPN
* Nigeria VPN
* UK VPN
* France VPN
* German VPN
* Sweden VPN
* Spain VPN
* Switzerland VPN
* Ireland VPN
* Italy VPN
* Netherlands VPN
* Austria VPN
* Norway VPN
* Denmark VPN
* Belgium VPN
* Czech VPN
* Poland VPN
* Australia VPN
* New Zealand VPN
* China VPN
* Iran VPN
* India VPN
* Japan VPN
* UAE VPN
* Malaysia VPN
* Singapore VPN
* Korea VPN
* Russia VPN
* Turkey VPN
* Pakistan VPN
* Indonesia VPN
* Thailand VPN
* Philippines VPN
* Hong Kong VPN
* Vietnam VPN
* Israel VPN
* Oman VPN
* Qatar VPN
* Saudi Arabia VPN
* Kuwait VPN
You can switch at will to any one you want, and change countries simply by logging into the associated server. I can just see the piggies demanding access to the Pakistan server, yeah right!

Bob

vpnchooser
@rr.com

vpnchooser

Anon

Re: Pirate Bay

Which provider is this? I've been looking for a cheap vpn provider.

ArrayList
DevOps
Premium Member
join:2005-03-19
Mullica Hill, NJ

ArrayList to gatorkram

Premium Member

to gatorkram
most of the time they don't keep logs and you never give them your name.

Anon users
@anonymouse.org

Anon users to gatorkram

Anon

to gatorkram
Sure, 'an aircraft carrier' is currently 'building' in Japan's Pirate Sea!!

It is called 'Amoeba' and the program is already available from Google Code!

»code.google.com/p/amoeba ··· ileshare

But the source code is ONLY available through its .onion (Tor Hidden Service) main site. It is written in C# with .Net 4.0

It uses Tor (fully anonymous) & has dream class encryption : ecdh521 + rijindel256 (not aes256, it is the original rijindel256 with 256 bit block size )

Fellow Frenchmen, grab the source code & build the new 'Eiffel Tower of Freedom'!

Pirates will STILL sail through the raging sea

BTW, just wonder why the author ( a Jap.) has a English surname....

Corehhi
join:2002-01-28
Bluffton, SC

Corehhi to gatorkram

Member

to gatorkram
said by gatorkram:

said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
You still can't hide from the swarm.

Why do people think a simple vpn is going to save them?

You really think some little vpn host, or any host the vpn is running on, won't bow down and give up everything they have when asked for it?

Even if they don't keep logs, obviously vpn providers will co-op with whatever law enforcement asks of them, and get you if they want you.
My ISP "linksys" is very secure, 5 differnt access points on my street. Add a trick or two extra and good luck to who who chase...

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to brianiscool

Premium Member

to brianiscool
said by brianiscool:

Ever since Pirate Bay was attacked. People are now using encrypted VPN tunnels.
Yup! I use Torrent VPN
Your Torrent VPN account will be on our servers which are configured in such a way that your real IP is never stored so there will be no trace of your real IP on our servers.

All your data are transferred in 1024 bit SSL military grade encryption without provider logs. You can surf safe and anonymous.
There is practically no bandwidth hit at all, so I now use it for everything. Both Inbound and outbound tcp & utp P2P connections work flawlessly too.

Bob
MaynardKrebs
We did it. We heaved Steve. Yipee.
Premium Member
join:2009-06-17

MaynardKrebs

Premium Member

Rubber-hose decryption

Simple solution - the US will just pass a UK RIPA-like law at the same time as a 3-strikes law, and add a 'rubber-hose' decryption clause. Americans military, FBI, CIA all have current familiarity with this technique.

Grothendieck
Premium Member
join:2002-07-28
Miami, FL

Grothendieck

Premium Member

Re: Rubber-hose decryption

Really? All for the music/video industry?
Kearnstd
Space Elf
Premium Member
join:2002-01-22
Mullica Hill, NJ

1 recommendation

Kearnstd

Premium Member

Re: Rubber-hose decryption

of course, the US government is For the Corporation, By the Corporation.

For the People by the People died years ago when our support for lawmakers became worth less than huge bribes(aka donations) from lobby groups and corporations became more important to them.
ross7
join:2000-08-16

ross7

Member

Re: Rubber-hose decryption

Yep, the rise of corporate PACs heralded the demise of democracy, and the recent USSC ruling re unlimited corporate contributions tamped the final shovelful on its grave mound. All that's left is the placement of the headstone, and the pious mourning decrying its passing. Wail on, brother, wail on.
viperlmw
Premium Member
join:2005-01-25

viperlmw

Premium Member

Re: Rubber-hose decryption

said by ross7:

Yep, the rise of corporate PACs heralded the demise of democracy, and the recent USSC ruling re unlimited corporate contributions tamped the final shovelful on its grave mound. All that's left is the placement of the headstone, and the pious mourning decrying its passing. Wail on, brother, wail on.
QFT!

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB to MaynardKrebs

Premium Member

to MaynardKrebs
said by MaynardKrebs:

Simple solution - the US will just pass a UK RIPA-like law at the same time as a 3-strikes law, and add a 'rubber-hose' decryption clause. Americans military, FBI, CIA all have current familiarity with this technique.
Yeah right! Open source is International. I can just see the Russians complying with rubber hoses.... BS! There's no putting the genie back in the bottle.

Privacy can be had with little effort and little expense. The more effort is put into watching everyone, the more widespread, cheaper, and easy the circumvention will become.

Bob
patcat88
join:2002-04-05
Jamaica, NY

patcat88

Member

Re: Rubber-hose decryption

said by TamaraB:

Yeah right! Open source is International. I can just see the Russians complying with rubber hoses.... BS! There's no putting the genie back in the bottle.

Privacy can be had with little effort and little expense. The more effort is put into watching everyone, the more widespread, cheaper, and easy the circumvention will become.

Bob
Watch out, all a prosecutor has to do is wire some egold and they will be able to wiretap your "encrypted" communications.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

1 recommendation

TamaraB

Premium Member

Re: Rubber-hose decryption

said by patcat88:

Watch out, all a prosecutor has to do is wire some egold and they will be able to wiretap your "encrypted" communications.
Really? 128-bit SSL encryption has never been broken and according to RSL Labs, it would take a "trillion-trillion years" to crack the code using today's technology. Really??? How so? They are going to dedicate a super computer on my wire for years to see what movie I am downloading? Really??

The fallout of this bullshit is it will force a blizzard of encrypted communications all over the net, making the real bad guys disappear in the noise! Think that's what this thread is all about no? The harder this surveillance crap is pushed by government and industry, the harder it becomes to track the real threats. They are shooting themselves in the head to swat a fly! Real stupid move.

Bob
patcat88
join:2002-04-05
Jamaica, NY

patcat88

Member

Re: Rubber-hose decryption

said by TamaraB:

said by patcat88:

Watch out, all a prosecutor has to do is wire some egold and they will be able to wiretap your "encrypted" communications.
Really? 128-bit SSL encryption has never been broken and according to RSL Labs, it would take a "trillion-trillion years" to crack the code using today's technology. Really??? How so? They are going to dedicate a super computer on my wire for years to see what movie I am downloading? Really??
Easy, $10000 is 50 times more than the VPN operator or ISP or datacenter will ever make off your "privacy VPN". $10000 for an intelligence service is a rounding error. Criminals will always sell you out if its a good deal for them.

TamaraB
Question The Current Paradigm
Premium Member
join:2000-11-08
Da Bronx
·Verizon FiOS
Ubiquiti NSM5
Synology RT2600ac
Apple AirPort Extreme (2013)

TamaraB

Premium Member

Re: Rubber-hose decryption

said by patcat88:

Easy, $10000 is 50 times more than ....
It's not a matter of money, it's a matter of technology. The operator is protecting himself by not keeping logs (there is no law forcing him to do so), the tunnel is not readable, even by NSA, certainly not by any corporate entity. the IP/Country of exit changes regularly, so there is a big jurisdictional barrier. There is no link between what is being done and who is doing it to be bought and sold.

Why are you calling these folks criminals? They are providing a legal valuable service shielding people from the real criminals who would erect barriers to the free flow of information and ideas.

Bob
patcat88
join:2002-04-05
Jamaica, NY

patcat88

Member

Re: Rubber-hose decryption

said by TamaraB:

It's not a matter of money, it's a matter of technology. The operator is protecting himself by not keeping logs (there is no law forcing him to do so), the tunnel is not readable, even by NSA, certainly not by any corporate entity. the IP/Country of exit changes regularly, so there is a big jurisdictional barrier. There is no link between what is being done and who is doing it to be bought and sold.
Unless your going to layer different 10 privacy VPNs onto of each other, your VPN operator can see ALL of your unencrypted traffic. What assurance do you have that he won't take a bribe from an intelligence service and wiretap you? What proof do you have that the server keeps no logs? Because they say so? Have you gone to the datacenter, taken the HD out, plugged it into your laptop, and looked through it for logging options and former logs? Can you sue a foreign jurisdiction VPN operator for selling you out to an intelligence service or law enforcement?

I can look up the ASN of your VPN operator, call the ASN owner with egold or wire transfer to Bermuda or Luxembourg or Panama, and he will tell me who owns that machine, and wireshark it for me.

••••••••••
n0ym
join:2004-12-21
Montgomery Village, MD

n0ym to patcat88

Member

to patcat88
Easy, $10000 is 50 times more than the VPN operator or ISP or datacenter will ever make off your "privacy VPN". $10000 for an intelligence service is a rounding error. Criminals will always sell you out if its a good deal for them.
Fair enough. But $10,000 is a lot less than any such operator would lose once word gets out that they sell people out. Their business model depends upon living up to their promises.

Don't think word would get out? The VPN provider is the weak link -- they're the logical suspect if VPN traffic is used as evidence for anything.

In other words, the VPN provider has a significant incentive to not play ball with anyone who wants them to spy on people.
jagged
join:2003-07-01
Boynton Beach, FL

jagged to MaynardKrebs

Member

to MaynardKrebs
except there's something in the constitution that guarantees your right to privacy

dib22
join:2002-01-27
Kansas City, MO

dib22

Member

Re: Rubber-hose decryption

said by jagged:

except there's something in the constitution that guarantees your right to privacy
sadly it has been superseded by panic induced laws.

»en.wikipedia.org/wiki/NS ··· troversy

»www.eff.org/issues/nsa-spying

»www.npr.org/templates/st ··· =5189144

tomkb
Premium Member
join:2000-11-15
Tampa, FL

tomkb

Premium Member

don't get it

You can buy Microsoft RDP logins for $5 per month. What's the point?

••••••••

nyc guy
@verizon.net

nyc guy

Anon

Encrypt it

just encrypt the whole drive, have a portion of files and folders tucked away. When pressed for a password by feds or who ever just give them the dummy password, and it will decrypt the dummy files and folders, leaving them thinking they have the real data.

a number of crypt apps do this. also some open source options are available too.

The one thing cia/nsa is scared about is encryption.

•••••

Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY

1 recommendation

Transmaster

Member

I know let's kill the customer.


sm5w2
Premium Member
join:2004-10-13
St Thomas, ON

sm5w2

Premium Member

three strikes laws

> Once Uncle Sam realizes this isn't much of a concern,
> you'll likely see three strikes laws passed in the United States.

What the DOJ and other agencies don't want to see is the routine use of encryption between otherwise ordinary people, which just might happen if people want to protect themselves against these 3-strikes laws. Because what the gov't goes after far more often are people trying to hide income, cheat on their taxes, move money around, etc. The last thing that the gov't wants is to see people being booted off the net, because the net is exactly the place where the gov't can watch us all.
tigerpilot
join:2007-12-27
Highlands, NJ

tigerpilot

Member

encryption

I believe my gmail is already encrypted as is Skype. That's what's driving India nuts.

•••••••

gatorkram
Need for Speed
Premium Member
join:2002-07-22
Winterville, NC

gatorkram

Premium Member

Mising the point.

Using a vpn only encrypts the data, from your pc, to the vpn endpoint.

All you are really doing, is hiding some activity from your isps end of the connection.

Everything coming out the other end, is open for monitoring.

Do you really think, being inside a large vpn provider is "safe"

What better place for "law" to setup shop, and nail more users, with less effort.

Granted, some effort to hide what you are doing is better than not trying, but a vpn is only one small step.
FactChecker
Premium Member
join:2008-06-03

FactChecker

Premium Member

Fool proof way to avoid the issue

Set a good example for the next generation and don't steal.

Everything else is an excuse for someone that thinks they are entitled to get something for nothing.

footballdude
Premium Member
join:2002-08-13
Imperial, MO

footballdude

Premium Member

non-idiotic

you have to assume most non-idiotic, organized terrorist organizations or criminals already use encryption

There are non-idiotic terrorist groups? People who think putting a bomb in a trash can will net them an eternity of virgins?
RogerDucky
join:2002-01-04
Plano, TX

RogerDucky

Member

Re: Spotting terrorists

said by Karl Bode :
Of course you have to assume most non-idiotic, organized terrorist organizations or criminals already use encryption while communicating skulduggery, making this kind of a moot point.

Actually, no. NSA and the like knows the terrorists uses encryption of some sort, even if it's just a simple cipher.

What they're worried about is the encrypted P2P traffic making it hard to spot those actually trying to hide something important, since way more people's connections would be encrypted. Right now, checking who got an encrypted traffic going someplace "suspicious" is all they really need to spot terrorists. P2P traffic tends to go international also, due to its very nature, and would cause way too many false positives.

El Quintron
Cancel Culture Ambassador
Premium Member
join:2008-04-28
Tronna

El Quintron

Premium Member

Haven't we been saying that for years?

Security types have been warning about this for some time already.

IP enforcement is usually a game of catching low hanging fruit... meaning: Find the easiest target, where you're most likely to get a conviction.

So most previous convictions used to come from Gnutella-type clients, and then when that became "unsafe" most pirates moved to BitTorrent. Now that BitTorrent is becoming unsafe, pirates are moving to Usenet, and encrypted communications.

An IP litigation contractor is not going to start handing out Anton Pillar orders and subpoenas for VPNs if they can first prosecute someone who's not encrypted or otherwise hidden. These folks are paid for convictions and settlements.

So if a settlement is too costly to obtain, it isn't worth the effort.

Hence why everybody is getting into VPNs, encryption and SSL. I think folks getting these products realize they aren't bullet proof, they just don't want to be the easiest targets available.
vc4x4toy
join:2010-10-09

vc4x4toy

Member

U.S. 3 Strikes law is up and running full-throttle

I have Mediacom cable modem used it for at least 5yrs or more. Hooked up a Cisco Linksys wireless hub to hook-up more than 1 family computer. Well to make a long story real short I got booted by Mediacom and their Internet Enforcement Team. Now they stopped my service at the modem access that is, but did they even look into which computer it was maybe my neighbor next door, or the one behind me or maybe someone pulled up in front of my house in the middle of the night to down load the frig'n movie. Hey enforcement team I've got netflix with streaming video. Why would I download some of the lamest movie titles... You may of slowed me down just a little.but I still posted this with my own computer.

redxii
Mod
join:2001-02-26
Michigan
Asus RT-AC3100
Buffalo WZR-HP-G300NH2

redxii

Mod

Re: U.S. 3 Strikes law is up and running full-throttle

What's the difference anyway? Whether you had the DVD in your Q or watch it on Watch Instantly, you pay one flat rate right? So what difference does downloading a couple of hi-def and deleting them when you're done make anyway? You're not depriving the copyright holder of anything because you're money is going to Netflix, and Netflix would not have cost any more for the two movies.
60373562 (banned)
join:2004-04-13
Glendale, AZ

60373562 (banned)

Member

Like the NSA couldn't break your encryption.

Awww c'mon Karl. You honestly think the US will pass a 3-strikes law? I think you're in a position to raise awareness of our internet privacy rights, and shouldn't just make statements like this.

I'm quite honestly amazed that France has become the center of the anti-freedom movement. With the Burqa ban, and actively violating user privacy online. Especially since this was the country that practically coined Freedom worldwide during the 1700's. With Jefferson bringing some of the concepts to the United States.

Now look at it, actively stalking users and invading their privacy. This is a serious issue, more than people think it is.

The industry as a whole is being engineered to make users believe they have no rights whatsoever online. We see terrorism being used as an excuse to force people who refuse to think, to accept that a lack of privacy online is in their best interests.

Worst, people are being conditioned to believe that an expectation of privacy online is unnatural. This way when you cite the fact that your privacy has been violated by the law. The law can then state any reasonable person (i.e. those who lack critical thinking) wouldn't have had a reasonable expectation of privacy online. Because everyone knows the government is actively monitoring your connection for terrorist related dealings.

There used to be a day when privacy period was protected under the law, then somewhere it shifted that only a REASONABLE expectation of privacy is protected. Shortly after that it altered again to where it wasn't your reasonable expectation but rather societies.

Because remember, we live in a Democracy not a Democratic Republic. So most people think mob mentality rules all. So as long as the majority of people believe your right to privacy stands under the right to be safe from digital piracy and teh terrozismsz then the law will continue to violate that right to privacy.

I think you should talk about that some more Karl. Not just simply accept the fact that the government is walking over everyone.