From: Rich Graves <llurch@networking.stanford.edu>
Date: Wed, 3 Jul 1996 17:11:02 +0800
To: Duncan Frissell <frissell@panix.com>
Subject: Re: LE Risks with No Crypto
In-Reply-To: <2.2.32.19960703002028.00ba3b24@panix.com>
Message-ID: <Pine.GUL.3.94.960702222226.28261D-100000@Networking.Stanford.EDU>
MIME-Version: 1.0
Content-Type: text/plain


On Tue, 2 Jul 1996, Duncan Frissell wrote:

> Too bad AT&T doesn't use an encrypted open books system to store is records
> so that "bad guys" can't abuse those records and put our heroic law
> enforcement personnel at risk.

I keep hearing suggestions like this, but I don't think they'd work. If you
needed a digital key to grok phone records, then that digital key would be
passed around just as casually as the current passwords. Any organization
that large, where 99% of the information is banal and uninteresting 99% of
the time, cannot keep secrets. It's unreasonable to expect them to. It
doesn't make business sense to promise security, because when they fail to
deliver, as they can't, they'll get their ass sued.

I recently had a practical joker call up all the magazines to which I was
subscribed and change my address to that of the local hospital, where these
practical jokers were suggesting they'd like to send me. There is no
security against this kind of attack, because it's just not in most people's
threat profile. This kind of thing is annoying, but it can't be helped. 
Adding a reasonable level of security to such an insignificant system would
increase the cost of that system by several orders of magnitde. It's just
not worth it.

In the unicorn of Color's relative absence, it falls on me to stress that
you can't trust organizations to protect your privacy. If you need to
participate in an insecure system, and everybody does, use cash, and use
psedonyms. 

> This is a perfect illustration of the fact that technology puts the
> government most at risk because it will always be the juiciest target.
> "Worth the powder to blow it up with."

This is true.

-rich