1997-06-05 - Arguments for good crypto and against GAK.

Header Data

From: “Peter Trei” <trei@process.com>
To: cypherpunks@einstein.ssz.com
Message Hash: 145618c1039894bcd5ac417a1df1fdd6578e6f91954288600e70d85c1e66b6f7
Message ID: <199706051819.NAA06360@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1997-06-05 19:02:38 UTC
Raw Date: Fri, 6 Jun 1997 03:02:38 +0800

Raw message

From: "Peter Trei" <trei@process.com>
Date: Fri, 6 Jun 1997 03:02:38 +0800
To: cypherpunks@einstein.ssz.com
Subject: Arguments for good crypto and against GAK.
Message-ID: <199706051819.NAA06360@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text/plain



I frequently find myself explaining to the
uninitiated the whole crypto mess, and have come up
with a line of arguments which I find work fairly
effectively.

Basically, I take the tack that strong encryption will
help prevent crime, espionage, and terrorism, while 
weak and/or GAKed crypto will promote it. There are 
good arguements for this position.

We lock our houses, cars, etc. This activity is
promoted by the police as a crime prevention measure,
although it unquestionably makes it more difficult for
them to serve search warrants, etc. They realize that 
good locks prevent far more crime than would their
unfettered access to unlocked property.

Crypto works the same way as good locks, but in the 
data sphere. While it would clearly make 
court-authorized wiretaps more difficult (but not 
impossible), it also stops the far more frequent
unauthorized interception of messages by criminals
(whether in or out of government).

At this point I usually give some recent examples 
of losses that might have been prevented by good
crypto - cell phone cloning fraud and eavesdropping,
the recent credit card sniffer, etc. Going back a 
couple of years, some hackers on the west coast
modified major backbone routers to record ftp and
telnet passwords, etc. If the audience is aware of
the putative info-war threat, I can work that in 
as another threat that good crypto can put a stop to.

If the question arises 'well, why does the FBI, etc,
seem so worried about the widespread use of crypto?',
I have a response.

"There's an old saying: 'When you're up to your ass in
alligators, it's hard to remember that you're trying
to drain the swamp.'"

We have law enforcement agencies because we want 
people and their property to be safer. However, the
FBI and other LEAs actually do very little to 
directly *prevent* crime; almost all of their efforts
are post-facto, designed to catch criminals, or make
it easier to catch them, *after* they've already
committed one or more offences. While a criminal in 
jail is only rarely a menace to society at large, 
most criminals get away with many crimes before 
they are caught - if this was not the case, there 
would be no such thing as a 'career criminal'.
LEAs have little motivation to prevent crime - there
is not much career or budget boost in a robbery which
did not take place, a murder which was not committed,
or a spy who could not get the data he sought. 

Widespread and effective use of good crypto acts 
before the fact, preventing crimes from occuring 
in the first place. While it certainly would make
some wiretaps more difficult (and here I bring up 
the very low number of wiretaps preformed in the 
US compared to the number of crimes), on the balance
it is clear that the use of good security is a win.

If you ask most people if they had a choice between
a high crime rate with some of the criminals being
caught, and a much lower crime rate with a slightly
higher chance of them getting away, most people who
are not part of the LEA establishment will instantly
opt for the latter.

As for GAK, there are two basic arguements I use. First, 
I ask them how they would feel if their town required
that copies of all house, car, and file cabinet keys
be deposited with the local cops 'just in case they
need to serve a search warrant'. Most people are 
rightly appalled by the idea. 

Secondly, I describe the idea of key escrow agencies
and "TTPs", and how they would create huge storehouses
of private keys. I point out what a target of 
opportunity these archives would provide to criminals and
spies - by compromising the security of a single site, 
they could unlock the private, confidential information
of thousands of individuals and corporations. Depending
on the audience, I might bring up Filegate, Aldrich
Ames, the Walker case, etc, to demonstrate that even
the government can't be relied on to keep secrets
("despite their best intentions"), and re-emphasize the
catastrophic single-point-of-failure that GAK
represents.

In short, it's possible to pro-crypto, anti-GAK 
without ever getting near sounding  anti-government; 
in fact, being pro-crypto, anti-GAK can be a 
conservative, anti-crime, law & order position.

Peter Trei
trei@process.com


 

 

 






Thread