From: David Sternlight <david@sternlight.com>
Date: Sat, 20 Jul 1996 20:34:59 +0800
To: Duncan Frissell <cypherpunks@toad.com
Subject: Re: Gorelick testifies before Senate, unveils new executive  order
In-Reply-To: <2.2.32.19960719133458.00830ef0@panix.com>
Message-ID: <v03007609ae1592351066@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 6:34 AM -0700 7/19/96, Duncan Frissell wrote:
>David Sternlight writes:
>
>> Here's the problem in a nutshell: Everyone who has looked at our systems,
>> from Cliff Stoll
>
>A *famous* security expert.
>
>>on to blue ribbon scientific commissions,
>
>The last of which recommended that crypto be entirely deregulated.

We're not reading from the same page. This discussion is about information
warfare and the robustness of US financial, information, control, and power
infrastructures, not ITAR. Could you be kind enough to check the Subject,
read Gorelick's testimony, and perhaps even (dare I suggest it) read the
discussion prior to your post?

>
>> Serious studies have shown that the kinds of protections to make the
>> systems we depend on robust against determined and malicious attackers (say
>> a terrorist government, or one bent on doing a lot of damage in retaliation
>> for one of our policies they don't like), have costs beyond the capability
>> of individual private sector actors.
>
>Defense is cheaper than attack in encryption because it is easier to make
>coherent information incoherent (see Usenet) than it is to make incoherent
>information coherent.

Again you are off-topic and non-responsive.

>
>> In such a case, where public benefits from government action greatly exceed
>> public (taxpayer) costs, and the private sector cannot (or will not) act
>> unaided, the classical basis for government action in the interests of the
>> citizenry exists. It's the economist's "lighthouse" argument.
>
>But since the Internet and the WANs and LANs that you are talking about are
>all "private value-added networks," the benefits of enhanced security a
>fully captured by the users of those networks and there is no "public goods"
>problems.  (BTW, there were private lighthouses too.)

Again you are off-topic and non-responsive.

>
>Note too that major money center banks disagree with you.  There was a
>recent article about the fact that they are not reporting computer
>intrusions and just fixing the problems themselves.  They don't seem
>interested in official security "help" with all the disadvantages (publicity
>and security leaks) that it brings.

Again you are off-topic. We're talking about information warfare threats of
the sort that bring entire systems and infrastructures crashing down.

But thanks for responding. I share your concerns. I feel your pain. Vote
for me in '93. :-)

David