From: uni@acs.bu.edu (Shaen Bernhardt)
To: cypherpunks@toad.com
Message Hash: febd8e3d0d37d95a49d2b93663c43e440500e841601c4865c4002ce888ae297c
Message ID: <9305011023.AA176727@acs.bu.edu>
Reply To: N/A
UTC Datetime: 1993-05-01 10:23:34 UTC
Raw Date: Sat, 1 May 93 03:23:34 PDT
From: uni@acs.bu.edu (Shaen Bernhardt)
Date: Sat, 1 May 93 03:23:34 PDT
To: cypherpunks@toad.com
Subject: Tactics.
Message-ID: <9305011023.AA176727@acs.bu.edu>
MIME-Version: 1.0
Content-Type: text/plain
Let me phrase the issue in slightly different terms. Which of the following
strategies do you folks think will best improve the chances that strong
crypto remains legal?
1. CONFRONTATION: We fight RSADSI at every step. We engage them in legal
battles, we distribute infringing code whenever possible. We get PGP spread
to thousands of users, perhaps tens of thousands of users at bootleg,
underground sites. (Remember that businesses cannot use PGP without fear of
prosecution, fines, whatever...unless the Cypherpunks win their lawsuit
against RSADSI, sometime around 1997 or so, at the rate these cases move
through the courts.)
2. REALPOLITIK: We concentrate instead on spreading strong crypto into as
many ecological niches as possible: individuals, corporations, e-mail
packages, attorney-client transactions, and so on. We emphasize the legal,
constitutional right to communicate messages in the language of our choice
(that is, we have no obligation to speak in languages eavesdroppers can
more easily understand). To head off government moves to act against PGP
and similar systems, the parts of PGP that conflict with RSA's patents are
modified, thus becoming legal to use (and Phil even has a chance to make
some money, which he sure as hell can't do now).
*** So spoke Tim May.
I don't see these issues as mutually exclusive.
What may be necessary is to seperate the efforts, to bring the
PGP operation farther underground. To remove the connection
between PGP distrubtuion and the more "Realpolitik" move to
keep crypto legal. I admit that some users like Tim, and the
more progfessional of us might find this impossible, but for
the academics and others who don't have to don a suit and
work everyday, underground crypto might be the only real answer.
Consider this, no one ever wins when you fight the government
at its own game. If they plan to outlaw crypto (a very real
possibility in my view, regardless of more realpolitik efforts)
all that we have to rely on is the underground channels.
It's time (IMHO) to find ways to disguise PGP output in
other types of data, pict or whatever.
At the same time, it is possible to pursue more overt and
legit methods, my fear is these will produce less in terms
of real crypto than will the underground movements.
***
All I've argued is that the "in your face" approach has its limits. Most of
the PGP users are, I think we'll all agree, hobbyists and hackers who
downloaded it, played with it, learned some crypto from it, exchanged keys,
etc. Probably not too many critical uses, YET. But the popularity suggests
a hunger for strong crypto.
*** So spoke Tim May.
Yes... yes... LEARNED SOME CRYPTO FROM IT. This is the
KEY point here. How many people out there joined
cypherpunks and became interested in crypto because of PGP?
(I'm raising my hand) Sure I was interested and even tinkered
with my own code before I knew cypherpunks existed, but it was
PGP that did it.
Education is the key. I said before, and I will say again:
Most people could give a squirt about crypto. 99% of people
is my guess. You all saw how pro Clipper most of the newspaper
reports were, how willing they were to change phrases like
"more secure than many of the algorithms on the market" to
"the most secure algorithm to date." A real politik
method is limited because most people could give a care about the
issue. The people who seem most passionate about it, in my
experience are the ones who have played with PGP. I, for one
cant seem to get anyone else to care. I've talked to about 15
people outside the internet about Clipper, and most forgot all about
it when the next beer came. No one will learn jack from the bullshit
crypto that Clipper represents. It will become a transparent process
that anyone could care less about with regard to security. Back to
the days of the Black Chamber.
The Clipper/Capstone move indicates the government wants to head this off
at the pass. The question is whether the bootleg and infringing PGP (and
Phil admits to all this in his docs, obviously) has a better chance of
succeeding than a fully legal and already spreading RSA solution?
^^^ So spoke Tim May.
I don't think either will make much difference. Clipper has
caught us before the danger has become apparent to most.
You really think an RSA solution that is really secure is going
to catch, especially if it conflicts with Clipper, if the government
has anything to say about it?
I've got to be real honest. I'm beginning to be afraid to open my
mouth on this subject anymore. Maybe I'm paranoid, but I look at how
hard the government is trying to sell Clipper and processes like it
and I am stunned. Nothing works this fast. A company like AT&T is
NOT about to jump on the bandwagon quickly unless they KNOW something.
To me its plain that the intent is to regulate crypto. Before then I plan
(hope) that PGP finds its way into MANY hands. That's the only real
weapon I see. Consider it a safety net to catch us if Tim's
REALPOLITIK fails. I hope it doesn't, Tim, I hope not but I'm going
to hope for the best and prepare for the worst. I intend to use
strong crypto when I like.
uni (Dark)
Return to May 1993
Return to “uni@acs.bu.edu (Shaen Bernhardt)”
1993-05-01 (Sat, 1 May 93 03:23:34 PDT) - Tactics. - uni@acs.bu.edu (Shaen Bernhardt)