From: "A. Padgett Peterson, P.E. Information Security" <PADGETT@hobbes.orl.mmc.com>
Date: Tue, 6 Feb 1996 23:37:20 +0800
To: decius@montag33.residence.gatech.edu
Subject: RE: Why am I wrong?
Message-ID: <960206100646.2021253f@hobbes.orl.mmc.com>
MIME-Version: 1.0
Content-Type: text/plain



>I am posting this pondering to cypherpunks in hopes that it will be refuted.

OK you is rong.

>	One of the largest problems in the debate over public access to 
>cryptography is the fact that both sides of the issue hold absolute beliefs.
>They are unwilling to compromise, and often seem unwilling 
>to decide on a solution which is anything but a total win for their side.

This is normal when no parent is around.

>	On one side of the debate we find the law enforcement community. 
>This group is totally opposed to the concept of public access to 
>cryptography. 

No, most in law enforcement at the working level have no opinion one way 
or the other. Many I talk to know what it is but few have ever seen 
any more complicated than Lotto tickets. The prevailing attitute (which
I happen to share so am biased) is that >most< criminals are not very
intelligent else they would not be criminals.

>Although they claim this to be false, the reality is that 
>these people think its ok for anyone to keep a secret, as long as no one 
>is keeping secrets from them.

Secrets rarely enter into law enforcement. Determining what the truth is
in the face of conflicting data is more often the case

>As Jim Kallstrom, assistant FBI director, put it, "unless 
>you're a criminal, you have nothing to fear from the government." 

At the same time, we have a massive division in this country (do not know 
about others) in which the aim of most citizens is to avoid any contact
with the government if at all possible since invariably the citizen loses
in the exchange.

>The law is often very wrong, and even our lofty constitutional values 
>do not prevent bad laws. When the law is wrong, the law's enforcer is 
>the criminal.

Dangerous attitude to take. The law is never wrong because it is the law.
The fact that a law exists may be wrong but that has nothing to do with the
law itself, it merely is. The law's enforcer would be derelect in his/her
duty if she/he did *not* enforce the law.

(Now sometimes the *enforcement* is over zealous but that is a human matter.

 That is the definition of natural law, 

>People MUST have the right to dissent. 

Is the great strength of the US.

>People must have the right to oppose bad laws

No must, they do.

>and in many cases people must have the capability to violate bad 
>laws with impunity.

Disagree. There may be times when laws are violated with just csause but 
the violator must do so with the expectation of retribution else the law 
is meaningless.

>As Socrates would say, if people know the what is good and what 
>is bad, they will always choose the good, because the good is what is 
>most desirable.

However Pavlov proved that perceptions may be distorted. What is good
today may be evil tomorrow and a lack of stability leads to insanity.

To me "selective enforcement" is a cop-out.

>That is why law enforcement is very restricted in the Constitution. 

Law enforcement is not restricted by the constitution, law *enactment*
is ("Congress shall make no law...").

>The "compromise" the law enforcement community has 
>suggested, key-escrow, is not a compromise at all, because it makes it 
>impossible for people to keep secrets from the government.

No one needs to agree to the compromise. However I believe that good
crypto with key escrow (provided the escrow holder is trusted) is
compelling for a number of reasons, mainly because it provides a means 
to protect information that has no protection today.

Everyone screams about porn on the net. Personally I find the *concept*
of pornography to be an indication of a social problem that no one is willing
to admit to. Crypto provides a means to shield children from the "adult
conspiracy". Haven't seen any mention of that. Crypto will provide the
essential mechanism for Internet Electronic Commerce as MasterCard/Visa
have announced. If I send my 1040 to the IRS on the net, I *want* the gov
to be able to read it.

Public crypto is necessary for the US government to comply with its own
regulations. It will exist. 

Now there are three basic elements that must be understood as a foundation
for discussion. 
a) we are guarenteed free speech
b) there is no requirement that anyone must be able to understand it
c) we have no right to tell anyone not to listen. 

Look at these three items. Anything that denies one or more of these elements
is wrong. May take a while to realize why but will happen.

One corollary: every citizen is responsible for the effect of exercising
his/her right to free speech. You have the right to shout "fire" in a theater
or to threaten the sax man but may be arrested for it. This is not a 
restriction on free speech since each is narrowly defined specification.

"Libel" also carries very specific  specifications that must be met. Does 
anyone here think that a libel suit is a restriction on free speech ?

At the same time nothing compels speech - "You have the right to remain
silent".

Moving right along, the next question would be "could the government
restrict crypto ?" The answer is essentially no since the government
would have to first define what crypto was e.g. prove that Navajo 
was in fact crypto. The compelling problem is that given any random 
string of bits, I could come up with an algorithm/book code/OTP from 
which *anything* could be extracted.

Want a pedophile .GIF to extract from the Gettysburg Address - no problem.
Want to extract the Communist Manifesto from ITAR - hokay. The fact is
that anything could be shown to be an encryption of almost anything else
since good crypto is indestinguishable from random noise. The corrolry being
that it would be impossible to prove that something *wasn't* crypto.

In fact it would be possible that given an encrypted message, using one key,
a first message would appear, given another, a second. Which is the real
message ? (see the fifth amendment)

Thus it would seem to me to be (not a lawyer or a politician so what do I know
- we used to have an ordinamce near here requiring alligators to be leashed)
very difficult to legislate anything concerning crypro since first crypto
would have to be defined and second it would have to be able to be detected -
a requirement for all text to be in third-grade flat ASCII won't fly.

"A bear's natural habitat is a Studebaker".
						Warmly,
							Padgett