From: Bill Stewart <stewarts@ix.netcom.com>
Date: Fri, 19 Sep 1997 16:07:46 +0800
To: Wei Dai <cypherpunks@toad.com>
Subject: Re: sooner or later
In-Reply-To: <Pine.SUN.3.96.970918220732.16362D-100000@eskimo.com>
Message-ID: <3.0.3.32.19970919004824.006a3b9c@popd.ix.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 10:45 PM 9/18/97 -0700, Wei Dai wrote:
>Many of us believe that a crypto ban is inevitable. The only question for
>us is whether it'll happen sooner or later. Seen in this perspective, all
>that industry and civil liberties lobbies can do is delay the ban. But is
>this necessarily a good thing?

Yes.  Later is bad, but sooner is worse.  
First of all, "Soon" means "We lost already", while "Later" means 
"We haven't lost yet, even though it looks pretty much like we're 
going to lose later, but we're still fighting them on the seas
and the beaches and the bowling greens and we've taken out the 
occasional deserving politician with a well-placed bowling ball."

Also, "Later" might mean "Clinton's out of office, and some of the
Republicans have gotten in the habit of pretending they like
privacy as long as Clinton opposes it, even though it's traditionally
been the Republicans' job to rip off our privacy."

>1. An earlier ban will do less damage to existing infrastructure.

Wrong - the more time we have to deploy crypto, get the world used to it,
and make it an indispensible part of the industry, the more infrastructure
there is.
Infrastructure is good, and if we build some and they tear it down,
that's just more people lobbying against the Bad Guys.
Suppose the Feds tell half the country they need to replace their new
cellphone....
Bad enough they have to replace their Verisign key that all their Netscape
Mail uses.

Also, an early ban means the infrastructure gets built with Big Brother
Inside.  
Suppose the digital signature infrastructure gets built where every
cellphone needs a Social Security Signature Number to operate so they can find
your Voluntary Escrow Key, and every bank transaction is required to be
traceable;
compare that with a Carl Ellison style signature system that doesn't
need names, only authorizations.  And there's a whole lot of 
digital cash infrastructure to be built, that's only starting emerge
as the big financial institutions get on board.  If crypto gets banned early,
there's no chance of a Chaumian or agnostic or even vaguely private
system getting adopted, and once the Bad Infrastructure is in place,
it doesn't matter if the laws get relaxed, because the banks won't change.

The timing is especially sensitive because the Diffie-Hellman patent
just expired, and Merkle-Hellman and Hellman-Pohlig go next month,
and the whole field becomes legal for Americans to work in without
license restrictions and for Non-North-Americans to write software
they can sell in the US without licensing.  That means there should be
a lot of new products emerging in the next year or so -
and Escrowed Key Certification Authorities are especially silly in a 
Diffie-Hellman environment, where you're using the registered part of your key
to sign a random half-key used to generate the session key....

>2. A ban can not and will not stop crypto. It will force people to work
>around it, but ultimately it will not achieve its goal. We might as well
>start working around it sooner.

Momentum is good - more people working around it, and more people
working against it, and more people hassling their Congresscritters.

>3. A ban will eventually be lifted, because of the impracticality of GAK,
>abuses, wide-spread security problems caused by added complexity or
>hackers stealing the master keys, ineffectiveness, sympathetic courts etc.
>The sooner it comes into effect, the sooner it goes away.

No, the sooner it goes into effect, the later the things built with it
go away.  Think of all the places your Social Security Number has spread,
partly by design and partly because it's a convenient database key.
Will your Public Key Infrastructure ID be on all your digital transactions?
Who's going to bother replacing that with the infrastructure needed for
Web Of Trust business relationships?

Furthermore, in an Escrowed Society, encryption gets built with the
id and signatures on the outside and the privacy inside, so it's easy to trace
whose communication you're wiretapping.  That kind of architecture
isn't easily replaced, even if the key is no longer escrowed,
so traffic analysis becomes easy even after message reading becomes harder.

>4. A ban will focus public attention on crypto, especially if it creates
>some of the problems mentioned above. This will accelerate deployment of
>crypto after the ban is lifted.
>
>In summary, the government is obligated to try and eventually fail to ban
>crypto. We might as well let them get it over with.

We've blown them off over Clipper 1, Clipper 2, Clipper 3, and Clipper 4.
Better to blow them off over Clipper 5 and Clipper 6 than give in.
				Thanks!
					Bill
Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639