m-o-o-t

What is m-o-o-t ?

m-o-o-t is a free open-source computer system that boots from a CD and contains all the cryptographic code needed to defeat GAK (Government Access to Keys) laws. We believe that people should and can have access to electronic privacy even from their Governments.


An Apology

We are late, and we apologise. It's taking longer than expected, and it will take a while yet before m-o-o-t is complete. We could have rushed out a CD in time, which would have done some things, eg the SFS is good :), but we preferred to get it all done right. --Peter Fairbrother, 11 October 2007


Thank you so much for all the CD's and stamps !!

We have enough CD's for now, a few more stamps could be useful but we already have nearly enough. It was very kind of you to send them, and the feeling that we have your support is wonderful (and sometimes scary, when things are going wrong!).

The release is going well, though there was a problem in one single line of code which took two weeks and a sixty-hour coding session to find - ouch!. If I haven't replied to your emails, that's probably why. The hardware test CD (we have enough test volunteers, and thanks are due to to them too!) should be out real-soon-now. My apologies for the delay, after that problem was solved it's now going well. --Peter Fairbrother, 23 September 2007


News 7 July 2007

The Home Office have announced that they intend to bring part III of RIPA into force on 1st October 2007. This is dependant on the approval by both Houses of Parliament of the draft Code of Practice which was laid before them on 4th July, and on the approval of the draft SI.

In practice the best chance of getting it stopped is for the draft Code of Practice being rejected by one of the Houses. So write to your MP, and any Lords you happen to know!

m-o-o-t is of course going into full pre-production status.

In early August we will be sending out hardware test CD's, and if anyone would like to help test please let us know - it will take about ten to twenty minutes per machine.

We would also be grateful for any donations of CD postal packaging, postage stamps, blank CD's, or USB flash drives - but no money please, it's too complex legally for us to accept it. We are also looking for an i386 laptop, but please get in touch first!

m-o-o-t
10 Sheepcote Barton
Trowbridge
Wiltshire
UK
BA14 7SY

More to follow.

Peter Fairbrother, 7 July 2007


Update
Today the UK Home Office announced the public consultation on the Code of Practice of Part 3 of RIPA. This is the first stage of the process by which it can be brought into force. Part III of RIPA is the "policeman-say-gimme-all-your-keys-or-go-to-jail-(and-don't-tell-anybody)" law passed 6 years ago but not yet brought into force.

With the advent of GAK in the UK looking more and more likely, I am ramping up m-o-o-t, which has been dormant for some time.

It looks like Part III will be introduced around December.

I am considering what to do now, and the final version may be completely different to the early version described on this website - watch this space, or join the mailing list.

m-o-o-t's goal remains to provide everyone with the tools to avoid and evade demands for keys, in such a way that it is very hard for them to mess up and do anything insecurely.

This will be either for free or at very low cost (might do something with a USB stick which the user would have to buy, but not from us - software will be free).

Peter Fairbrother, 7 June 2006.


Update

Another two years have gone by, and the Home Office have made no moves to commence Pt3 of RIPA. Our situation is unchanged, we will release m-o-o-t on the day they do.

Peter Fairbrother, 7 April 2006.


Update

We intended to release m-o-o-t on the day the Home Office introduces GAK by "commencing" Pt.3 of RIPA. I got a bit bored waiting and planned an earlier release, but now I've changed my mind again.

The Home Office here still haven't made any moves to introduce GAK. I don't know whether m-o-o-t is holding the Home Office back at all (it might be embarrassing to them if we were to release on the day they introduce GAK), but at present there is no real need for m-o-o-t . It ain't broke, so I'm not going to "fix" it.

We are keeping near-current with changing hardware, software and security needs, we are developing new theoretical possibilities, and the pre-alpha code is being maintained, so all is in hand :) even though little is visibly happening. The only problem is that there is no sunset clause in the RIP Act, and m-o-o-t may remain in abeyance forever. Boring!

Peter Fairbrother, 28 March 2004.


News

The Home Office "hope" to publish the draft Code of Practice for Pt. 3 of RIPA next month (June 2002).

This is part of the process the Government must go through before laying a commencement order for RIPA part 3 before Parliament, and signifies that it will probably do so soon.

In consequence, m-o-o-t is changing focus from development towards making a release. We plan to release m-o-o-t on the same day that the Government activates part 3 of RIPA.

As part of that process m-o-o-t is undergoing a fundamental design review, and while the rest of the website gives a good idea of what m-o-o-t will do, it's over a year old and out-of-date, and should not be relied on in detail. I will try and update it once the review is over.

Peter Fairbrother, 24 May 2002


RIPAPart3 is the new law here in the UK that gives the Government the right to demand the plaintext and/or keys of "information protected by encryption". This includes intercepted communications, information on hard discs in PC's, and information stored on servers. And your PGP/RSA private keys...

Laws of this type are being introduced around the world, so we started m-o-o-t [note, 24/5/02: the UK is the only "free" country to have done so]

m-o-o-t is an open-design, open-source cryptography project begun to defeat RIPAPart3 and make it look silly, and to allow UK citizens to communicate and to store information without worrying about it. It will also defeat Carnivore and the Australian and proposed NZ and Council of Europe laws.

We are doing this so people can be private elsewhere than in our heads. We object to the idea that people should not be allowed to seek privacy from governments.

Eventually we intend to incorporate the knowledge and ideas learned in this project into a programme that will defeat any such law, worldwide.


m-o-o-t 's anti-key-demand strategy is based on several techniques, to give defence-in-depth. For data storage they are:

1) limiting unwanted access to encrypted data. This is achieved by storing data in servers beyond the reach of UK authorities, and using throw-away keys to encrypt the tunnel that connects to them. Users can have several SFS's at one server and require a different password for each.

2) making encrypted data unidentifiable. This is done by using a Stenographic Filing System (SFS) to store data, thus hiding the existence of secret files, and using covertraffic to prevent even the user from being able to identify encrypted data in transmission. Users can also use many different SFS's, and plausibly claim that the one(s) found are not in use.

3) making encrypted data deniable. This is done by making the files in the SFS capable of decrypting to something else that is plausible, rather than the secret data.

For message sending they also include:

2) no identifying marks on messages

3) the use of one-time-pads in messages between trusted parties.

4) limiting the keys the user actually has in his possession. This is done by using a throw-away key for each message.

5) m-o-o-t also provides partial traffic anonymity, but relies on an offshore mailserver for this. It has unfortunately proved impossible in time to include a method to provide anonymity without having to trust the server, but we plan to do this in a later version.

FAQ
section updated 8 June 2002

This part of the site is very old, and is just included for completeness. We may update it someday.


Product
Code
Cryptography
Security
Product notes
Code notes
Cryptography notes
Security notes



You can contact us here
You can join our mailing list m-o-o-t here. It's low volume and technical.
If you just want to be advised of releases, click here.