From: Fabrice Planchon <fabrice@math.Princeton.EDU>
Date: Sun, 19 Oct 1997 13:51:13 +0800
To: cypherpunks@cyberpass.net
Subject: Re: Security flaws introduced by "other readers" in CMR
In-Reply-To: <3.0.2.32.19971018025454.03e23124@pop.sirius.com>
Message-ID: <19971019014419.47580@math.princeton.edu>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, Oct 18, 1997 at 08:53:14PM +0100, Adam Back wrote:
> 
> The situation in France is: currently (or recently) you could not use
> encryption at all without a license.  The enforcement rate is low to
> zero.  (Jerome Thorel interviewed the head of SCSSI (NSA equivalent),

I am not sure you can really say they are the NSA equivalent. I would
rather say they are the equivalent of, say, the office in the dpt of
commerce which gives the export authorizations in the US. What I mean is
that I doubt they are listening to anybody. Other french agencies do
that (and each agency, wether its depends on the police, like DST, RG,
or the army, DGSE, DSM, has its own group of people listening to anybody
they like). A normal police department could do it too, but then they
will need a warrant of some kind. None of the agencies above probably
bothers with things like that, as they will usually say "secret défense"
if they are asked questions (some french equivalent of "national
security").

> Now I understand the French have switched position: you can use
> encryption without a license *provided* that it has master key access
> for the government.

I would say people who wrote the current law 2 years ago didn't have a
clue on the technical issues, anyway. That's why we are still waiting
for the "decrets d'application", which are the set of rules on how the
law will be enforced. Somehow I would bet they are waiting to see where
the wind blow at the international level.

> With the pgp standard as is french government could insist that people
> use pgp5.x.  pgp5.x provides a reasonablly useful framework for the
> french government to adapt to be used as a master access system.

http://www.lemonde.fr/multimedia/sem4297/textes/act42972.html

It's in french, so I won't quote. The article has a very neutral
position, but they point out exactly the same thing as you.

> Because this will then be explicitly allowed, more people are likely
> to use it.  (Current people using pgp2.x illegally are one suspects

I know at least one academic site where system administrator were
prevented from switching to ssh because of the legal issue. Seems the
campus administration folks wanted to protect their asses...

> If on the other hand pgp5.x were to use only single recipients for
> confidentiality, and to base company recovery of encrypted mail
> folders on key recovery information stored locally alongside the
> mailbox the system would be less useful to the french government.

I don't have the technical expertise to discuss your proposal, so I
won't (seems less snoop friendly to me than the PGP5.5 solution,
still). But what I certainly fail to understand is why PGP inc (and
people who support them) is focusing on a solution which allows to
intercept and read e-mail in transit. That inherently evil, no matter
you put it. And the "hit by a truck" hypothesis doesn't stand a minute
in real life (Yah, shit happens, so what ?). The (legitimate) needs of a
company can be achieved via an agreement with its employees, on how data
are stored, backed, duplicated, whatever, and it has merely nothing to
do with cryptography. Or am I missing something obvious ?
And as far as the "legitimate needs of the law enforcement agencies",
well, if they want to read e-mail sent by an employee from his company
account because he is a potential drug dealer, they can obtain the
proper authorization from the court and snoop on the guy from within the
company. As usual, the weakest link is the guy typing on his keyboard,
as I doubt anybody speaks IDEA fluently...(even rot13 I am
skeptical. Crime organizations in Paris at the beginning of the century
were using "Javanais", which was a very basic code, but sufficient to
confuse the police)
So why isn't everybody focusing on being sure the transport layer is
secure, and leave to social interaction at both end of the communication
process the problem of recovery of whatever was transmitted ? (which, I
feel dumb for saying it, was in clear at some point before being sent,
and will be when it will be read...)

> Second party access to stored data is much less scary.  Little brother
> can ultimately read _everything_ you do at work.  If he gets
> suspicious he can install keyboard logger, keyboard password sniffer,
> or concealed videocam whilst you are out of the office.  The best we
> can do is discourage little brother from abusing systems designed for
> data recovery as mass communications snooping.  The best suggestion I
> have seen for this so far was Bill Stewart's suggestion to only store
> recovery info for some of the bits.  Make the recovery process
> artificially slow: say 40 bits.  Worth it for recovering main
> developers design notes made in email when he dies unexpectedly.  Some
> hinderance to little brother unless he is determined.  As long as this
> hinderance is similar scale to other similar things little brother
> could do to check up on suspicious user, you have achieved your goal
> of hindering little brother.

Sounds fair to me.

> Big brother is hindered very significantly if you do recovery locally,
> rather than on the communications link as PGP Inc CMR does.  This is
> because big brother does not have access to the ciphertext on disks.
> He must come and take them.  Whereas for communications he can

And he needs proper authorization before coming. And yes, it takes time
but that's the price to pay in a system with separation of powers.

> For data storage recovery, your data is again in two halves: you have
> one, the _key_, your employee/you have the other, the _ciphertext_ on
> disk.  Your employee can recover that info anyway.  The NSA can't
> easily.  It is much more logistically expensive to collect or randomly
> sample disk contents.

Yes, yes, yes. And still I am sure that we will hear objections to
that... sigh....

                        F.

-- 
Fabrice Planchon                                          (ph) 609/258-6495
Applied Math Program, 210 Fine Hall                      (fax) 609/258-1735