1996-02-27 - Re: TIS–Building in Big Brother for a Better Tommorrow

Header Data

From: anonymous-remailer@shell.portal.com
To: cypherpunks@toad.com
Message Hash: c6bf6b3d2824053b6662ea76bc0ebde1b356350a1b6cc16414a1f63e52620086
Message ID: <199602270041.QAA16809@jobe.shell.portal.com>
Reply To: N/A
UTC Datetime: 1996-02-27 01:29:27 UTC
Raw Date: Tue, 27 Feb 1996 09:29:27 +0800

Raw message

From: anonymous-remailer@shell.portal.com
Date: Tue, 27 Feb 1996 09:29:27 +0800
To: cypherpunks@toad.com
Subject: Re: TIS--Building in Big Brother for a Better Tommorrow
Message-ID: <199602270041.QAA16809@jobe.shell.portal.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On 22 Feb 96, John Young wrote and quoted Steve Walker:

> To supplement TIS's Web site information on CKE, here's a
> mailing from Steve Walker earlier this month:
> 
> 
> TRUSTED INFORMATION SYSTEMS, INC.
> 
> February 2, 1996
> 
> 
> There has been amazing progress on TIS's Commercial Key
> Escrow (CKE) initiative since my last status report.

<groan>

> By adding CKE technology to our firewalls, the Gauntlet
> system with DES and CKE now meets the U.S. government
> requirements for export to most parts of the world.

Oh, goody!

> While this temporary export license has limitations (there
> must be a Data Recovey Center in the U.S....

It's GAK (GAK!). Instead of one arm of the government
supposedly holding keys safe from unauthorized access by
another arm of the government, it will be a duly approved,
registered, regulated repository holding keys safe from 
unauthorized access by an arm of the government. Just like 
banks protect customers' funds and privacy... Gee! It sure 
sounds like utopia to me... utopia for government. Does 
anyone know of ANY regulated industry that exists at the 
pleasure of the government that also strenuously defends its 
customers' rights against government efforts? I think not.

> ...it represents the first export approval of a DES-based key
> escrow encryption system, a small step...

...backward.

> ...the private sector's need for encryption protection and
> governments' needs to be able to decrypt the communications
> of criminals, terrorists, and other adversaries...

There is no difference between the justification for this and 
what was offered to justify Clipper.  

"Other adversaries," like those who want to keep their affairs 
private, or wish to live free in an increasingly unfree world? 
I think I'm gonna puke.

> Other meetings will follow, but it appears that most major
> governments endorse the U.S. government's user-controlled
> key escrow initiative as the only practical way through the
> cryptography maze.

I AM gonna puke. Of COURSE most governments will go for this! 
The practical effect is essentially the same as if all paper 
mail were to be machine-copied and archived, only accessible 
with a "proper court order." Even though the government can 
go after your mail now, lawfully or UNlawfully, if they don't, 
it's gone -- it has no persistence in any system not under the 
control of sender or receiver, and as a practical matter ALL 
paper mail cannot be copied and archived by any third party. 
However, e-mail is rapidly replacing paper mail and some 
supposed advocates of crypto are helping the government ensure 
that MAIL of the future will have the potential to be a 
persistent "e-trail," something that paper mail could never be.

> In mid-January, Microsoft announced its long-awaited
> Cryptographic Application Programming Interface (CAPI). This
> development promises to finally provide a well-defined
> separation between applications calling on cryptography and
> the actual performance of the cryptography. Now users will be
> able to request cryptographic functions in hundreds of
> applications and select precisely which cryptography to use
> at the time of program execution rather than program
> purchase.

Yeah, I guess all the programmers in the world who DON'T work 
for Microsloth are just too darned stupid to have conceived of 
any such separation. Thank goodness MS made this possible! 
Now we can dispense with all those foolish delusions we once 
harbored and admit that all the DOS offline mail readers in the 
world that supported a configurable editor only *appeared* to 
interface to third-party crypto modules via editor interface 
layers... Now we can admit that we were mistaken in believing 
that Pegasus Mail was trivially equipped with a generic crypto 
interface and that an interface layer to PGP was released by 
another party within weeks...

> Cryptographic Service Providers (CSPs) can now
> evolve independent of applications, and users can choose
> whatever cryptography is available wherever they are in the
> world. TIS is working closely with CSP vendors to ensure that
> CSPs with good cryptography are available in domestic and
> exportable versions as soon as possible based on the U.S.
> government's key escrow initiative.

What self-serving bullshit.

> We would now have widespread use of encryption, both
> domestically and worldwide; we would be in a state of
> "Utopia," with widespread availability of cryptography with
> unlimited key lengths. But, once in this state, we will face
> situations where we need a file that had been encrypted by an
> associate who is unavailable (illness, traffic jam, or change
> of jobs). 

Yeah, this is a really good reason to flush privacy in 
communications down the toilet of subservience to limitless 
government. Really.

> +  Then in 1995, the U.S. government announced its key
>    escrow initiative: allow the export of up to 64-bit
>    cryptography (a remarkable concession) when accompanied
>    by an acceptable form of user-controlled key escrow
>    (critical component to this policy being that "an
>    acceptable escrow system" must have sufficient integrity
>    to give the government confidence that, with a warrant,
>    the keys will be available.)...

Of course. A remarkable arrogation of power rather than a 
concession: Laying the foundation for ALL communications to 
be available with a warrant, something the government has 
NEVER in its history enjoyed.

> Some in the computer industry labeled this just another
> form of Clipper and vowed to continue the fight against
> U.S. government regulation of encryption in any form -- 
> presumably forever. 

They were right and you are wrong in asserting that it would 
be "forever." These things solve themselves in time as
long as there is a plurality of political systems and national
interests on the planet. No government on earth can long
stand against irresistible forces.

> On the other hand, once the new escrowed encryption policy
> was announced, U.S. government agencies -- the FBI, NSA,
> White House, DoD, DoJ, NIST, and NSC -- closed ranks behind
> it and have shown little interest in discussing any other
> approaches. 

Sure. So throw in the towel, eh? If you can't fight 'em, JOIN 
'em. Right? <puke>

> In addition, neither political party has shown
> any interest in taking up the argument in the Congress,
> probably because it is a complex issue and there is no
> obvious "winning" position. 

That may be a compelling argument in favor of finding ways to 
send wakeup calls to the political machinery -- the kinds of 
calls that cause severe loss of sleep and the eruption of 
multitudinous beads of sweat -- but it is HARDLY an argument 
in favor of signing on, as it were, to GAK.

> But, depending upon how the definition of user-controlled key
> escrow is resolved, the new escrow policy could just be the
> long-sought compromise between government and industry that
> gets us through this morass.

What you mean, "Us," kimosabe? This whole piece you've written
is a superficial rationalization for shitcanning principle when
it is placed in opposition to corporate survival by presumed
higher authority. If this is the "long-sought compromise"
that "gets us through this morass," it is a textbook example
of the "turd in the punchbowl" dilemma. How small a turd
will you compromise on before you will consider the punch fit
to drink? Rather a large one, evidently. Then again, this
could be because you see yourself more as a purveyor of punch
than an imbiber. History repeats itself. Endlessly.

> +  If we can ensure that organizations can control the
>    security of backup access to their encrypted information
>    through well-designed commercial key recovery systems --
>    yet also ensure that governments have access when
>    justified via normal legal procedures -- we may have
>    truly found the "Ultimate Utopia" solution to a dilemma
>    that has existed all of our professional lives and
>    threatens to continue through the next generation...

What on earth gives you the idea that anyone outside
government wants to "ensure that governments have access when
justified?" Most individuals would prefer to have and use the
means to ensure that *no one* has access to their private
communications, "justified" or not. More death, torture,
mulilation, incarceration and confiscation have been
perpetrated by governments "justified" by laws valid in their
time and place than all the harm ever done by all the private
individuals in history. What is today's "justification" could 
well become tomorrow's crime against humanity.

>    Thus, in my thought experiment I have come to the
>    conclusion that we (industry and government) are all
>    heading towards the same objective...

If you're right, then maybe the whole thing needs to be 
dismantled and built again from the ground up. Really.

> ...but on a different path from what some of us originally
> wanted. 

Yes -- the path of totalitarianism, apparently.

> Yet, to my way of thinking, that path has to accomodate us
> all if we are ever to arrive at any mutually agreeable
> destination. 

False. Suppose you and your spouse wish to remain inviolate 
but the guy in the ski mask wants to sodomize you both? To 
your way of thinking, "that path has to accomodate us all if we 
are ever to arrive at any mutually agreeable destination."  
Good fucking luck.

> When one group of participants raises insurmountable barriers
> for another group, it simply blocks everyone from progressing
> down any path, and the net result is that U.S. industry is
> not able to export any good crypto-based security.

Although it's possible this may never have occurred to you,
maybe those who want to see strong crypto freely available
would prefer that as long as the U.S. insists on maintaining
self-destructive crypto policies they impact U.S. industry and
provide incentive for foreign crypto development rather than
see U.S. industry crawl supine and subservient to lick the
shoes of bureaucrats who are, after all, our employees and
(supposedly) our SERVANTS.  

What you are doing is going into agreement with the government 
and helping to take the pressure off the government, when what 
is really called for is a firm stand that keeps the 
responsibility for the consequences squarely where it belongs: 
on government hands. Caving while pretending to adhere to 
principle fosters that to which one caves. Standing firm is 
much more likely to force a change.  

You've CHOSEN to be in a business whose market reach is at the 
pleasure of the government. Not satisfied with the reach 
allowed you, you jump through quite a few logical hoops to 
rationalize why it's ok to tailor principle to the necessities 
attendant to navigating the obstacles to which you voluntarily 
made yourself subject in the first place. Perhaps you can see 
why I wouldn't trust you with the keys to my car, much less my
communications?

> We at TIS are dedicated to finding a solution acceptable to
> all sides. We ask your help in this struggle. If you want
> exportable cryptography routinely available in your lifetime
> and believe that user-controlled key recovery is an
> important, if not vital, capability...

The two have no natural connection. The unnatural connection
is created by government policy. As with the unnatural
connection established by a kidnapper between failure to meet
the demands and damage to the victim, you grant it legitimacy 
to the extent that you cave to it.

As far as exportable crypto in [our] lifetime... that will
take care of itself without your help. What you are doing
will DELAY it by appearing to address important issues while
in reality severely damaging the principle of maintaining
freedom of encryption by helping to establish a system in
which that freedom will not exist. 

> If you want to integrate exportable CKE into your product
> line, we are ready to help. 

Thanks, but no thanks.

> If you want to buy internationally deployable good
> cryptography with your favorite applications, tell your
> application vendor you want escrow-enabled applications.

No way, Jose! Most people who want it have access to PGP now, 
and already are using it with their favorite applications. 
The future can offer only more and better, regardless of 
present government policies.

Pegasus Mail showed that integration is not a big deal if
the software originates outside the U.S., so the direction is
established and obvious: As the many millions of programmers
around the world develop more and more advanced applications,
those apps increasingly will tend to have crypto interfaces. 
Those interested in crypto will buy foreign products. In the 
ABSENCE of efforts such as yours, the pressure on the U.S. 
government would rapidly become irresistible.

> We all have an opportunity to make a major difference here.

Yes indeed, and I have not the slightest desire to help you 
help the government institutionalize a bad policy.

>    Sincerely,
>    Stephen T. Walker

Stephen, you've gotten carried away with yourself. "Ultimate
Utopia" indeed! I'm reminded of the validity of the communist
quip that capitalists will sell them the rope with which to 
hang the capitalists. Seems there is some truth to that. 

We Jurgar Din
(that will have to suffice: I do not yet live in a free country)

+"The battle, Sir, is not to the strong alone. It is to the+
+vigilant, the active, the brave. Besides, Sir, we have no +
+election. If we were base enough to desire it, it is now  +
+too late to retire from the contest." -Patrick Henry 1775 +


-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQBVAwUBMTIbaEjw99YhtpnhAQFJ3gH/U532RzeENe1SbI2B4LCxXZCJYwksYipC
fSFsAX4hCudT9BBYc/wuGGle/TvejQuIChR8qoxw7sjIip4IWHakdw==
=x1iC
-----END PGP SIGNATURE-----









Thread