From: Jay Campbell <edge@got.net>
Date: Thu, 23 Nov 95 00:12:11 PST
To: Carl Ellison <cme@clark.net>
Subject: Re: crypto for porno users
Message-ID: <199511230817.AAA22826@you.got.net>
MIME-Version: 1.0
Content-Type: text/plain


>	a) "no one on the net knows you're a dog" implies that police can
>	pose as a fellow porn producer or consumer and get away with it
>	more easily.
>
>	b) strong crypto for communications between porn users encourages
>	them to speak more freely.  When one of the two is a police officer
>	in disguise, that encourages the other (the suspect) to reveal more,
>	making the investigation proceed more quickly.  Knowing that the
>	crypto is strong enough to keep government eavesdroppers out, the
>	sender is given a false sense of security -- is distracted from
>	thinking about the trustworthiness of the receiver while thinking
>	about the security of the channel itself.

A common way to get around prostitution sting operations is to ask the lady
to expose sensitive portions of her anatomy to prove her sincerity before
the would-be customer commits to any transactions; this sort of thing is
also becoming commonplace on the net for pornography or pirated software,
too. Would-be trafficers often ask a prospective recipient for a small chunk
of fresh files in advance, before passing back anything serious .. partially
out of suspicion, mostly out of greed, but to the same end. A law
enforcement team would be stepping onto shaky ground if they were forced to
transfer illegal images/etc to a suspected trafficer before getting evidence
from him. Entrapment is an ugly concept.

>3. Encryption of porn would work against the kind of porn distribution
>	found on the alt.binary.pictures.erotic... newsgroups.  Encryption
>	requires that recipients be identified.

Not at all .. a porn distributor could generate a key pair, use part A to
encode the images, and dessiminate part B thru a variety of outlets -
publicly posted, sold, passed thru an informal network of like-minded
netizens...

>4. Personal file encryption encourages individuals dealing with porn to
>	encrypt and keep personal diaries which might contain evidence.
>	Since PGP is subject to brute force passphrase attacks, this gives
>	an attack which will open *some* of these diaries.  Without the
>	encryption, the suspect is less likely to keep the diary in the
>	first place.  This isn't a guaranteed opening into all such
>	diaries.  There is no such guarantee possible.  Rather, this
>	suggests that strong crypto has a chance to maximize the effective
>	"take" by LE forces.

I would argue the exact opposite - strong crypto would tend to minimize the
effective take, since there's no guarantee that /anything/ on a perp's
system will be in the clear. I'll let someone else with a better background
pound on the 'brute force' section.

--
   Jay Campbell                edge@got.net - Operations Manager
   -=-=-=-=-=-=-               Sense Networking, Santa Cruz Node
   Jay@Campbell.net            got.net? PGP MIT KeyID 0xACAE1A89           
 
"On the Information Superhighway, I'm the guy 
  behind you in this morning's traffic jam leaning on his horn."