1996-07-28 - Re: WaPo on Crypto-Genie Terrorism

Header Data

From: David Sternlight <david@sternlight.com>
To: “Deranged Mutant” <cypherpunks@toad.com
Message Hash: 1faace3302e82935f699f5a13feab66f8c5689c512e58cbe49d6f58bb2cb9bc8
Message ID: <v03007805ae21721e971a@[192.187.162.15]>
Reply To: <199607280458.AAA27199@unix.asb.com>
UTC Datetime: 1996-07-28 22:07:46 UTC
Raw Date: Mon, 29 Jul 1996 06:07:46 +0800

Raw message

From: David Sternlight <david@sternlight.com>
Date: Mon, 29 Jul 1996 06:07:46 +0800
To: "Deranged Mutant" <cypherpunks@toad.com
Subject: Re: WaPo on Crypto-Genie Terrorism
In-Reply-To: <199607280458.AAA27199@unix.asb.com>
Message-ID: <v03007805ae21721e971a@[192.187.162.15]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:55 PM -0700 7/27/96, Deranged Mutant wrote:
>On 27 Jul 96 at 19:21, John Young wrote:
>
>>    The Washington Post, July 27, 1996, p. A22.
>>    Speaking in Code on the Internet ... [Editorial]
>
>Some bothersome things about this editorial...
>
>[..]
>>    security of their data. They also see it as a market in
>>    which the United States maintains a comfortable lead, one
>>    that is threatened if domestic encryption makers can't sell
>>    their products elsewhere. The makers argue that foreign
>>    encryption software will rush in to fill the gap, doing
>>    nothing about the uncrackability problem -- indeed, making
>>    it worse. The administration in turn is pursuing a wider
>
>IMO, the US does not have a comfortable lead. It's already falling
>behind considering some of the stronger crypto programs available (at
>least as freeware) are made outside the US.  Many of the stronger
>algorithms were invented outside of the US (IDEA for instance).

This, and similar remarks by others, consistently misses the point which I
have been making for about a year now, and which Director Freeh finally
made explicit in his testimony last week. That is--the government is
concerned with mass market software incorporating robust crypto, used
overseas, and recognizes that they can't keep niche products off the
market, nor stop bad guys from using crypto the government would just as
soon they didn't. Since the US has a hammerlock on that mass market, and
since few would switch products to let the crypto tail wag the features dog
(no slur intended), ITAR follows.

Though I've no connection with Freeh, it's interesting that his language is
almost word for word the same as what I've been using. Do you suppose some
of his staff reads my stuff?

Until now we haven't seen such an open public admission of what the
government is concerned about--probably because the State Department
doesn't like to have an official spokesman admit we're mass monitoring and
seining foreign traffic since it is an embarassment to the polite fiction
of diplomatic relations (though I'm sure the truth is that every country
with the capability does it).


>
>[..]
>>    with wiretapping. Mr. Freeh, testifying at Thursday's hearing in
>>    favor of an optional key escrow plan, noted that the point is not
>>    to prevent all  copies of uncrackable code from going abroad --  that's
>>    clearly impossible -- but to prevent such high-level code
>>    from becoming the international standard, with architecture
>>    and transmission channels all unreadable to world
>>    authorities. To software companies and Internet users who
>
>So why should criminals bother with using standards if they are
>readable by authorities?

See above.

>
>>    have been clamoring for the right to encrypt as securely as
>>    possible, Mr. Freeh and others argue, "the genie is not yet
>>    out of the bottle" on "robust," meaning uncrackable,
>>    encryption.
>
>Are they going to magically erase all copies of strong software that
>is already currently available? (Side note: the Pacifica news report
>on Friday notes that while Freeh gave his testimony, over 100 copies
>of PGP were downloaded from MIT's site.)

What he's saying is that US-exported copies of the Lotus Lockshens,
Microsoft Machayas, and Netscape Niguns of the world still do not contain
robust crypto the USG cannot read.


>
>>    the encryption enthusiasts' desire for free development
>>    should take precedence over the tracking of terrorism. At
>
>It's not clear that terrorism can be tracked, even if it's unencrypted.
>The OK and WTC bombings were apparently not encrypted, and there's
>some allegations that the authorities had advanced warnings of the
>latter.

He says it can, and suggests following the banking trail among other
things. We know the government has already had good success with this
strategy. And one of the objectives is to identify sponsors of terrorism
and retaliate against them (cf. Netanyahu).

>
>>    the very least, Congress should be exceedingly cautious
>>    about getting out ahead of administration concerns on
>>    controls that, once lifted, are hardly reversible.
>
>The controls haven't done much to prevent free software from being
>exported.  They only control commercial sales of software (and
>hardware).

Exactly.

>
>Particularly absent in the WaPo-ed is that many do not trust the
>authorities (in the US and elsewhere)--particularly the FBI, which
>has a long history of extra-legal surveillance.

So as Netanyahu says at length we need to build in protections against
abuses, using both the legislature and the judiciary.


David







Thread