From: "Deranged Mutant" <WlkngOwl@unix.asb.com>
Date: Tue, 16 Jul 1996 14:56:03 +0800
To: Raph Levien <s_levien@research.att.com>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160001.UAA12295@unix.asb.com>
MIME-Version: 1.0
Content-Type: text/plain


On 15 Jul 96 at 9:58, Raph Levien wrote:
[..]
>    Thanks to Dave for posting this URL. This is a _very_ important 
> document, and I would recommend that all concerned cypherpunks read it 
> carefully. Unlike many of its predecessors, it is clearly written and 
> quite upfront about the "administration's" goals.

>From the document:

 "This framework will encourage commerce both here and abroad. It is
  similar to the approach other countries are taking, and will permit
  nations to establish an internationally interoperable key management
  infrastructure with rules for access appropriate to each country's
  needs and consistent with law enforcement agreements.  [...]"

With differing rules, I can't see how such a system can work.  What 
happens when one country wants the keys from the citizen of another 
who is 'favored' by the other's government? (ie, say the US gov't 
wants keys that a drug cartel kingpin uses when he chats with the 
brother of the president of some other country...)

And can one be sure that a country's LEAs request keys because a 
citizen is involved with 'organized crime', or is really a political 
activist of the unwanted kind?

What's to prevent cooperation of the FBI with foreign LE's (such as 
in Russia) with looser search-and-seizure rules?

Who is going to manage such systems? Private corporations in various 
countries?  Will users have a choice as to which to use?  (It would 
seem the institutions of some countries are less trustworthy than 
others for different people around the planet.)  How many people 
would trust the UN? (ObHumor: I hear in the year 2000 the Olympics 
will have black helicopter races...)

Global key management, even with universal rules, would seem 
unworkable.  Managing BILLIONS of keys will involve a lot of 
complexity, in terms of locating keys, data integrity and 
preservation, authentication, etc.

Methinks it's time for the administration to inhale... oxygen is good 
for the brain.

I think the potential of import controls has a bit more hype than the 
admin makes it out to be.  There's already a lot of strong crypto out 
there... so how much political strong-arming can the Admin do?

I wonder how the Microsoft C[r]API fits in to this, since it mentions 
"export of cryptography-ready operating systems".

Rob










---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 wlkngowl@unix.asb.com (root@magneto)
        AB1F4831 1993/05/10 Deranged Mutant <wlkngowl@unix.asb.com>
Send a message with the subject "send pgp-key" for a copy of my key.