1995-12-06 - Re: NIST GAK export meeting, short version

Header Data

From: Alex Strasheim <cp@proust.suba.com>
To: cypherpunks@toad.com
Message Hash: 5cfdb729af49b05579b17dc1cbb09f9619189dedd29c9f2a57d1da9b89d1ce3d
Message ID: <199512060421.WAA06668@proust.suba.com>
Reply To: <64158.pfarrell@netcom.com>
UTC Datetime: 1995-12-06 04:18:13 UTC
Raw Date: Tue, 5 Dec 95 20:18:13 PST

Raw message

From: Alex Strasheim <cp@proust.suba.com>
Date: Tue, 5 Dec 95 20:18:13 PST
To: cypherpunks@toad.com
Subject: Re: NIST GAK export meeting, short version
In-Reply-To: <64158.pfarrell@netcom.com>
Message-ID: <199512060421.WAA06668@proust.suba.com>
MIME-Version: 1.0
Content-Type: text


Thanks for the great summary, Pat.

> His concern is not that smart people can have stronger crypto, but that
> strong crypto will be easy and widely used. 

This is why the 4 horsemen arguments aren't very convincing.

We often tend to view things in fairly black and white terms:  either we
have privacy or we don't.  But even with strong crypto, most people won't 
have security because they'll screw it up.  (Anyone who has ever been in 
charge of creating accounts for other people knows what kinds of 
passphrases people will pick.)  And even the most concientous among us 
are still going to be vulnerable to physical attacks on our hardware or 
more exotic attacks like tempest.

The real questions here are (a) how easy will it be to automate
surveillance, and (b) how much is surveillance going to cost, not (c) is
surveillance going to be possible at all?

No matter what happens with the law, determined people will be able to 
protect their privacy fairly well.  And no matter how strong the tools 
are, the government will be very often be able to penetrate the defenses 
by physically tampering with a machine, getting one correspondent to sell 
out another, or whatever.

Without crypto, the price of surveillance is going to drop through the
floor.  It's a lot easier to filter email for suspicious key words than it
is to analyse voice traffic on the telephone.  But with crypto, the price 
of surveillance is going to go way up.  Sticking with the status quo 
isn't an option.

I'd feel a lot better if surveillance became more expensive.  I don't have
much faith in our legal protections against government surveillance. 
Sure, they can't introduce evidence into court if it was obtained with an
illegal wiretap.  But if they learn something interesting, they can trump
up an "anonymous tipster" and get a court order.  Who's watching the
watchdogs to make sure they're following the law?  The exclusionary rule
isn't much comfort if it depends on the police admitting that they
violated my rights.  But how else would I know about an illegal government
wiretap? 

How much surveillance is really taking place?  Who knows.  I do know that
if it becomes 10 or 100 times more expensive than it is now, there will 
probably be a lot less of it.





Thread