From: Dale Thorn <dthorn@gte.net>
Date: Fri, 18 Oct 1996 00:04:56 -0700 (PDT)
To: Bert-Jaap Koops <E.J.Koops@kub.nl>
Subject: Re: Comments on binding cryptography (1)
In-Reply-To: <7E159360C2E@frw3.kub.nl>
Message-ID: <32672B38.356D@gte.net>
MIME-Version: 1.0
Content-Type: text/plain


Bert-Jaap Koops wrote:
> Apologies for not reacting earlier; I have been away for six days.
> I found many reactions to the posting on binding cryptograhpy
> in my mail box, which I have read with interest.
> Here are my comments, excuse me if they are lengthy.

[snip]

> Then, you say, it affects my privacy. As far as I see it, it does
> not. The binding cryptography system allows regular monitoring for
> compliance (like road police checking whether people are sober). It
> does not involve reading of messages. The only time messages are read
> is when law-enforcement agencies (LEAs) have a warrant and ask a TRP
> to hand over a session key. This is not fundamentally different from
> the present situation, where LEAs can wiretap with a warrant. Privacy
> will be protected more or less to the same extent as presently.

Seems to me there's a difference between "the only time messages are 
read" and "the only time messages are *supposed* to be read".  Since 
Bert says the former, you have to wonder...   And as far as "regular 
monitoring for compliance" goes, does the Post Office monitor first 
class mail now ("regular monitoring")?  Do they have a monitoring law 
besides the ability to open letters with a warrant?

[snip]

> (And Allen, if binding cryptography helps totalitarian governments in
> arbitrarily monitoring all communications, I oppose this.

I hate to be rude Bert, but for the zillionth time, what you oppose is 
entire irrelevant to this subject, unless you are *the* decision maker 
in designing binding crypto products and making attendant regulations.

> China uses video cameras in Lhasa to monitor potential demonstrations
> of Tibetans. I oppose this, and I blame the Chinese government for it,
> not the inventor of video cameras.)

Well, Bert, who do you blame for the mass of cameras going up all over 
Los Angeles? (Not to mention small, neighborhood microwave transceivers)

> I feel at least that allowing TRPs to decrypt single communications
> if the LEA has a court warrant is better protection than escrowing my
> private key with the government. Also, choosing your own TRP allows
> you better protection than having to use a government-chosen one. On
> the other hand, I think there should be some regulation on TRPs, if
> only to address liability issues. I think a government certification
> of TRPs would not be a bad thing, if this is done in an open,
> flexible and preferably independent way - for instance a
> semi-govenmental "TRP approving authority" (the same way we have data
> protection authorities who monitor compliance with data protection
> legislation). Again, we may have different opinions on this given the
> difference between US and Europe.

In the U.S., there's a thoroughly-implemented concept called co-opting, 
well described in senate hearings on intelligence circa 1974-1976. 
Fortunately, you were able in the above paragraph to get past the 
"choosing your own TRP" clause, and show the real cards.  So where in 
the U.S. are you gonna get TRP's who will not *ever* "leak" your files 
to an interested agency without proper warrant?

> Someone pointed out that a TRP could be corrupted and collaborate
> with the law-enforcement agencies. Then, all sessions would be read
> by the LEA. Indeed, this is a threat to be taken into account.

Whoops!  Looks like I spoke too soon.

> At least the binding alternative is better protection against
> collaborating TRPs than key-escrow, as at least it leaves
> communications from before the corruption unharmed. Moreover, the
> system allow easy change of TRP, so the moment you notice something
> weird about this TRP, you choose another one. It's really a matter of
> trust.

And which trust is that, Bert?  They sure as hell don't trust us, now do 
they?  And unless you can show exactly where and when the "corruption" 
occurred, how do you know what was compromised?

> Finally, I get the impression that some cypherpunks feel the
> law-enforcement problem to be a problem of "them" as opposed to us. I
> - and this is my personal opinion - feel it is "my" problem as well.
> I live in a society with which I am generally satisfied, not the
> least because we have a rule of law. Tracing criminals is my concern
> as well. I am not happy that, in some ways, I have to give up some
> freedom, but I think it is worth while. I would not mind using a
> government-offered crypto system that uses binding cryptography. All
> I want is that it is a good system and I want to be sure I trust my TRP.
> I would prefer it if no such system were needed, but if it helps in
> protecting me from criminals, I can live with it.

How does it protect from criminals?  Only non-criminals (or extremely 
stupid criminals) will submit their data to a third party.

One principle you should keep in mind, Bert, and that is that 
cypherpunks are not merely paranoid (paranoia as a Way Of Knowing), 
they're very adept at telling you exactly how the criminals and 
terrorists will get around this hokum, and you're in denial about it.