From: Black Unicorn <unicorn@schloss.li>
To: “Perry E. Metzger” <perry@piermont.com>
Message Hash: a046840cfffd0c924dd58b8525f810242ccdfb9ba26c4a3fcdd5bd9cb9a5d931
Message ID: <Pine.SUN.3.91.960127090407.8008E-100000@polaris.mindport.net>
Reply To: <199601251947.OAA16586@jekyll.piermont.com>
UTC Datetime: 1996-01-27 14:23:34 UTC
Raw Date: Sat, 27 Jan 1996 22:23:34 +0800
From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 27 Jan 1996 22:23:34 +0800
To: "Perry E. Metzger" <perry@piermont.com>
Subject: Re: "Gentlemen do not read each other's mail"
In-Reply-To: <199601251947.OAA16586@jekyll.piermont.com>
Message-ID: <Pine.SUN.3.91.960127090407.8008E-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 25 Jan 1996, Perry E. Metzger wrote:
>
> Phill refers to the man who said "Gentlemen do not read each other's
> mail", (Henry L. Stimson) as a twit.
>
> I highly disagree. In some ways I regard him as our patron saint
> (although the man was actually far from saintly and later as a member
> of the Roosevelt cabinet adopted an opposite policy of aggressive
> signals intelligence.)
>
> Why is he our patron saint? He was a government official coming out
> against invasion of privacy. Isn't that what we are all after, in the
> end? The reason we deploy cryptography is to assure privacy for
> all. We often refer to those who listen in on conversations
> (regardless of who they are) as, in some sense, our
> opposition. Therefore, is not Stimson's remark in closing down
> Yardley's "Black Chamber" to be praised rather than attacked?
>
> Perry
>
Unfortunately what he did was take the emphasis away from personal
empowerment and personal responsibility for privacy and put it at the
mercy of some creed or moral stand which had:
1> No common calling or degree of obervance in the population, or the
intelligence communities at the time.
2> No structure, legal or otherwise, to provide for its enforcement.
3> The rather disturbing impication that no one need take pains to hide
their private exchanges because a moral standard would protect them.
Instead, at least I always thought, cypherpunks stand for the personal
empowerment and personal assurance of privcacy.
Indeed everything I can think of discussed here seems to revolve around a
single goal- making it easier, and simpler for a person to protect
him or herself from unwanted intrusion into data he or she wishes to
protect. In fact, some goals, especially where transparency is
concerned, seem to take the even more cynical view that the general
population would be better off protected by crypto whether they know it
or not.
Making crypto widely available to the general population, reviewing
crypto for its implementation, basic skepticism about the protection
afforded by new systems, basic skepticism for systems produced for
commercial gain, basic skepticism for government produced systems,
arguments for the lessening of government involvement in crypto, crypto
standards, and a powerful dislike for the regulation of communication in
all forms. Perhaps most importantly, the production, review and
discussion of "grass roots" crypto and communications security code.
All these, common themes on the list in my view, push us away from some
blind notion that all is well in the world, and that man is basically
good and will not intrude on his fellows. All these insist that man is
curious, probing, and that information is by its very nature nearly
impossible to restrain without powerful methods. All these insist that
information will be exposed, be it by accident, malice, theft, by hook or
by crook, or even well intentioned discourse, unless protected. Isn't
this the objection to ITAR? It is folly to try and restrain information
by legislation.
It should be clear that it is dangerous to depend on anything, be it
government, industry, Lotus Notes, the Constitution, the Bill of Rights,
your best friend's promise, your wife's pillow talk, and least of all a
misplaced faith in the decency of the common man, when your sensitive
data is at issue.
In short, crypto helps those who help themselves to crypto.
I have no sympathy what-so-ever for those who lose the privacy of their
data through negligence. I believe they should be estopped from
all complaint. I believe they are great fools. Moreover, I note that
almost without exception, they try to place the cost of their
missteps on the world at large, and the responsibility for policing
privacy in the hands of others. "It was not my fault that I left the
letter sitting on my desk knowing that the spy convention was about to
walk in," they whine, "Someone should DO something about all this
immoral letter reading. There ought to be a LAW. How can >I< be
expected to stop all these spies?"
Is it not clear that allowing this mentality to persist is an unwise and
dangerous thing?
"Gentlemen do not read other's mail," while noble, clever, and a
wonderful bit of public relations, ignores the basic reality of the
modern age. There are few gentlemen anymore, and even those occasionally
stumble upon something they might not be entitled to examine.
Not only is crypto smart, but it distributes the (increasingly small)
costs of protecting data properly. It puts the burden on the
least cost avoider, and the individual with the best access to full
information. "What is this data worth? What would exposing it cost
me? How much is it worth to spend protecting this data?" Who better to
answer these questions than the owner of the data? How easier to
protect it than by the negliagable cost of encrypting it?
Not only does placing the burden of data protection on Government or
society at large miscalculate and misplace the incentives for the
protection of the data, it also places the selection of degree and method
of protection on the wrong party as well.
In the end it also causes an undue amount of waste.
When Mr. May indicates that he does not use PGP very often because he
finds it too much trouble to use for most mail, he is part of a process
that in the aggregate must save millions of hours and dollars. He is
making a decision that data X is only worth an expenditure of Y to
protect, and that PGP represents an expenditure higher than Y.
Expenditure Y is thus saved, as would be unlikely in a government program.
Who among us would argue that government, the phone company, or the
church would better make this judgment?
I would bemoan a world where gentlemen actually never read each other's
mail. Such a world would be so vulnerable to the "first market entry"
into the business of mail reading as to be almost beyond salvage. A
certain First Minister of France comes to mind who, by his non-observance
of the religious restricitons of the day and his alliance with
traditional enemies of the Church, reduced Germany to 250 years of
fragementation and assured that, for a time, France was the greatest
power on earth. "If there is a God," it was said of him, "the minister has
much to account for. If not, well, he had a good life."
The evil snooping man is hero from one perspective. He is the incentive
to be risk averse. He is the skeptic who says that the market is not
efficient and bets against it and so makes it efficient once more. Moral
utopia of the kind that would see no peeping tom's is a fantasy, and the
evil man a-plenty saves us from Germany's fate.
So then we should brand Mr. Stimpson as a fool, and a liar. Or at best,
perhaps a convert who realized quickly (or not so quickly) the error of his
ways and fell into proper line in his later embrace of signals intelligence.
At the very least we might apply a less optimistic creed.
He who builds on the people builds on mud.
---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed, potestas scientiae in usu est
Franklin might have had to invent him." in nihilum nil posse reverti
00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
Return to January 1996
Return to “Rich Graves <llurch@networking.stanford.edu>”