From: Carl Ellison <cme@clark.net>
Date: Fri, 24 Nov 1995 04:04:10 +0800
To: edge@got.net
Subject: Re: crypto for porno users
Message-ID: <199511231945.OAA03659@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


Hi Jay.

>Date: Thu, 23 Nov 1995 00:17:47 -0800
>From: Jay Campbell <edge@got.net>
>Subject: Re: crypto for porno users


>A law
>enforcement team would be stepping onto shaky ground if they were forced to
>transfer illegal images/etc to a suspected trafficer before getting evidence
>from him. Entrapment is an ugly concept.

We've been hearing about such things (using the mails) for some time.  I
don't know how the cops avoided entrapment when they posed as kiddie porn
customers or pedophiles when they were doing the AOL sting.

>>3. Encryption of porn would work against the kind of porn distribution
>>	found on the alt.binary.pictures.erotic... newsgroups.  Encryption
>>	requires that recipients be identified.
>
>Not at all .. a porn distributor could generate a key pair, use part A to
>encode the images, and dessiminate part B thru a variety of outlets -
>publicly posted, sold, passed thru an informal network of like-minded
>netizens...

It's that informal network which is the danger to the pornographer.  The
bigger the network, the closer to certainty that it's been infiltrated.

<begin major soap box issue for me>

Strong authentication via crypto does not create a trusted group.  Trust is
a human:human decision -- subject to severe flaws, none of which are solved
by crypto.  [Can you devise a crypto protocol which will prevent or even
just detect adultery, for example?]  With each additional person, there is
a probability of deception.  For this informal network of yours, deception
by any one participant constitutes a security failure.  If you want to
avoid that, therefore, you need to keep the group *very small*.  If it's
that small, then it's not that interesting a target for LE.

<end major soap box issue for me>

>I would argue the exact opposite - strong crypto would tend to minimize the
>effective take, since there's no guarantee that /anything/ on a perp's
>system will be in the clear. I'll let someone else with a better background
>pound on the 'brute force' section.

Ah -- but that's the point I was making.  Crypto gives the appearance of
security -- whether it's in the informal network or with file storage.
It's often a bank vault door on a cardboard house.  For much of what people
do, especially if there's a large net, it's not rational to expect to
achieve security.  But -- if people have done something to achieve
security, they're likely to be fooled into trusting it to be adequate.

Meanwhile, if *everything* on the perp's machine is encrypted, you're
probably in good shape.  That means he'll be required to type passwords too
often -- so he'll either pick a small one or have some machinery which
stores the password.  Both give cryptanalytic advantages.

This isn't a guarantee that *every* perp will be wide open.  Some won't be.
It means that a bunch of perps will be wide open (out of their own
carelessness -- like the breaks into the Enigma net).

The question you need to look at is not the control-freak question which
Freeh seems concerned with:

A)	the probability that some one perp will manage to hide his data

but rather the SIGINT question:

B)	the expected percentage of perps who will fail to hide their data

Have a good day.

 - Carl




 +--------------------------------------------------------------------------+
 |Carl M. Ellison    cme@acm.org    http://www.clark.net/pub/cme            |
 |PGP: E0414C79B5AF36750217BC1A57386478 & 61E2DE7FCB9D7984E9C8048BA63221A2  |
 |  ``Officer, officer, arrest that man!  He's whistling a dirty song.''    |
 +---------------------------------------------- Jean Ellison (aka Mother) -+