- By Grant Gross -
In his article, GNU-Darwin authentication and encryption position paper for the US, Michael L. Love says the "open-signing" form of encryption that's available with encryption programs such as PGP and GnuPG would keep would-be terrorists from hijacking other people's email to send their messages. Under open signing, the text of the email is open for all to read, but the identify of the sender is authenticated.
Love writes: "All US citizens should immediately start open-signing their email messages as a voluntary act of patriotic duty. In addition, any information
which would assist our terrorist enemies should be encrypted as a matter of course. Let's use this powerful software to help us win the war against terrorism."
Love released the paper late last week, after the terrorist attacks on New York and the Pentagon, but he updated it this week to suggest that encryption could've limited the damage of the Nimda worm that's been attacking Windows servers this week.
He writes: "Email worms can be thwarted by an authentication system, because your email must be signed with your passphrase before it is sent. If someone receives email from you that is improperly signed, then they automatically know that something went wrong. PGP could have prevented Nimda worm attacks via email."
Love argues that the proposal by U.S. Senator Judd Gregg to ban encryption products without backdoors that government agents could exploit would open up all kinds of secure systems that Americans take for granted.
"We are arguing that internet authentication must be based
on strong encryption without back doors, or else the infrastructure
will be weakened," Love tells NewsForge. "In our group we are thinking about .NET and
about avoiding bad encryption legislation, but this new email worm is
an example that most people can relate to right now.
"The majority of the public still thinks that back doors are a good
thing, because they don't know any better. I feel that it is important
to get counter-examples like this into the open, because Congress could
still add an encryption amendment to one of the existing funding or
national defense bills that are being considered right now. That would
In the paper, Love gives examples of ATM machines and online purchasing systems as trusted services that could be compromised if encryption backdoors are required. "Nearly everyone who has ever made a purchase on the web has used encryption, and if you live in the US, it was certainly strong encryption," he writes. "If you made an online donation to help the people of New York City, then you certainly used encryption, even though you may not have realized it. Such encryption capabilities are vital,
because we do not want sensitive information such as credit card numbers to fall into the hands of criminals or terrorists."