From: Ed Carp <ecarp@netcom.com>
To: Stephen Humble <deeb@meceng.coe.neu.edu>
Message Hash: 7021211a00185d104d12a133f464e7dbed8369a71e0f9975f87ca3d425f91ff5
Message ID: <Pine.3.89.9405041139.A29966-0100000@netcom10>
Reply To: <9405041548.AA04593@meceng.coe.neu.edu>
UTC Datetime: 1994-05-04 18:07:56 UTC
Raw Date: Wed, 4 May 94 11:07:56 PDT
From: Ed Carp <ecarp@netcom.com>
Date: Wed, 4 May 94 11:07:56 PDT
To: Stephen Humble <deeb@meceng.coe.neu.edu>
Subject: Re: Lobbying/Politics/etc.
In-Reply-To: <9405041548.AA04593@meceng.coe.neu.edu>
Message-ID: <Pine.3.89.9405041139.A29966-0100000@netcom10>
MIME-Version: 1.0
Content-Type: text/plain
On Wed, 4 May 1994, Stephen Humble wrote:
> Ed Carp <ecarp@netcom.com> sez:
> > Consider a successful terrorist attack against a significant
> > group of innocents (the larger the number killed, the greater the horror
> > and shock value). The terrorists were using PGP-encrypted email to plan
> > out the thing.
> >
> > Now, how long do you think it would take before ALL crypto was outlawed?
> > Who would benefit from such a thing? Consider that it's child's play to
> > finance, arm, and train a group of people to conduct a terrorist attack
> > and (conveniently) they all get killed in their attack. No one's going
> > to complain too loudly - after all, they *are* terrorists, right?
>
> I suspect significant problems implementing a law that criminalizes
> crypto. The government currently spends $billions per year trying to
> eliminate illegal drugs, to very little effect. Drugs should be
> easier to eliminate than crypto since phys-obs can't be copied ad
> infinitum as bits can.
>
> There's also the matter of recognizing crypto in use. A program that
> transforms its input so that the output can be converted back to the
> input but has maximum entropy is a good compression program and might
> also be an encryption program. If a TLA taps my phone and finds a
> mysterious bit sequence, how can they distinguish reliably and cheaply
> between an encrypted conversation and a download of
> emacs-19.22.tar.gz?
Unless you use some sort of stego software, most encrypted stuff is
pretty easy to figure out that it *is* encrypted. grep " BEGIN PGP "
message is a pretty good way to detect PGP traffic, magic numbers will
tell you if it's a compressed file or not, etc. It might not be
necessary to prove what you were using to encrypt, merely proving that
you *were* encrypting might be sufficient.
It's like the FCC: if they catch a ham sending out packets, and the FCC
can't read them, they issue you a pink slip. Doesn't matter what you're
using, the meaning is obscured, and that's enough for them.
Return to May 1994
Return to “rarachel@prism.poly.edu (Arsen Ray Arachelian)”