From: jim bell <jimbell@pacifier.com>
Date: Fri, 29 Mar 1996 23:14:09 +0800
To: Black Unicorn <frissell@panix.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2SwS-0008y1C@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
>On Tue, 26 Mar 1996, Duncan Frissell wrote:
>
>> At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:
>> 
>> >An interesting issue, likely to be addressed in future judicial 
>> >assistence treaties...
>> >
>> 
>> However, future judicial assistance treaties are meaningless if you store
>> your keys anonymously (domestically or internationally) so that even the
>> keeper doesn't know he has them or exactly where they are in his pile of 
keys.
>
>Given the significant contempt charges that can follow a refusal to 
>produce items (anonymous or not) this still depends on the absence of 
>initial detection.

You clearly don't understand.  You're making the ASSumption that the 
organization keeping the keys can produce them in a form that is "useful" to 
the cops.  Escrowing encrypted keys makes them useless to subpoena, and in 
fact it helps the key owner because the escrow agent can (and, in fact, 
must!) be obligated to inform the key owner if his key is requested.

You also seem to assume that "contempt charges" will be able to operate 
world-wide, which is a highly dubious proposition.  (Read Froomkin's 
paragraph above CAREFULLY.  He said "internationally.")  

And in any case, I consider it highly doubtful that anybody would contract 
with an escrow agent and identify himself by name.  It would be a simple 
matter to operate "escrow agents," just glorified data-holders, who would 
receive data anonymously and send it out just as anonymously, to the person 
who can identify themselves via some sort of encrypted ID system.   Even 
"detecting" such a transfer is useless because the cops won't be able to 
figure out what the data is, since it's encrypted in both directions while 
being transferred, in addition to being encrypted while being held, with a 
code the escrow agent doesn't know.


In short, you need to comprehend what you're responding to before you 
express your opinions.  You're living down to my expectations.


>> In fact, I suppose that government operation of the identification system
>> (drivers' licenses, passports, etc.) in general is also horribly inefficient
>> and should be attacked on efficiency grounds.
>
>You might not like what you get in response.  Streamlined and uniform 
>identity documents generated at birth and renewed with tax filings would 
>be the likeliest efficiency improvement.  An inefficient government 
>identification system is to the advantage of the privacy seeker.

You seem to be ASSuming that an "efficient identification system" is one 
that will ALSO operate to the benefit of the government, as opposed to the 
individual who wants to be identified for only limited purposes.  I don't 
think so.  Chaum's encrypted ID system described in the August 1992 
Scientific American makes it clear that identification can occur without the 
ability to cross-reference databases.  Chaum's system, if implemented with 
current microprocessor technology, would be extremely "efficient," at least 
from the standpoint of the amount of human effort involved.  It would, 
however, be extremely hostile to the government.

Jim Bell
jimbell@pacifier.com