From: jim bell <jimbell@pacifier.com>
To: David Sternlight <froomkin@law.miami.edu>
Message Hash: e553687e9c5903aea6ca1b5422c92c9989bb2ca5187b65ba840a5e97b4659b95
Message ID: <199607160801.BAA19649@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1996-07-16 19:53:45 UTC
Raw Date: Wed, 17 Jul 1996 03:53:45 +0800
From: jim bell <jimbell@pacifier.com>
Date: Wed, 17 Jul 1996 03:53:45 +0800
To: David Sternlight <froomkin@law.miami.edu>
Subject: Re: How I Would Ban Strong Crypto in the U.S.
Message-ID: <199607160801.BAA19649@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 06:02 PM 7/15/96 -0700, David Sternlight wrote:
>At 7:03 AM -0700 7/15/96, Michael Froomkin wrote:
>>On Sun, 14 Jul 1996, Timothy C. May wrote:
>>
>>> So, who is in this "emerging consensus"?
>>>
>>Foreign governments?
>>(Process of elimination, not inside info...)
>
>Perhaps. And the vast inside-the-Beltway policy community,
"Policy"? I'm reminded of the fact that the whole concept of "policy" (as
used in Washington DC) contains embedded within it its own set of biases.
The concept of "national encryption policy" (a phrase I've seen before)
implicitly assumes that there is (or must be) a _national_ policy, as
opposed to a whole bunch of _individual_ policies. (Jim Bell's individual
encryption policy is to get PGP and use it here and there, and try to keep
up with newer developments, etc.) My opinion is that "nations" don't NEED
"encryption policies" unless they intend to screw their citizens.
"Policy", used in this way, is merely a smokescreen (or a shorthand) for a
group of assumptions that toe the government's line. The people who make
such assumptions rarely stick around to defend them.
> most of whom are more like Dorothy Denning than Tim May.
To the extent that they are POLICY (as in _government_ policy) people (with
all the biases I've alluded to) that wouldn't be surprising. However, it is
still extraordinarily dishonest for them to refer to an "emerging consensus"
when they must well understand that the document they wrote was intended to
be understood by ordinary people, not government-suck-ups.
I'm reminded of an idiotic cover for a Classical Music CD directory book
about 10 years ago, which grandly claimed that the book indexed "every CD
published" but forgot to add the word "classical" adjective to that phrase.
Without opening the book, you couldn't tell that the directory only listed
classical CD's. A "policy" person who says there's an "emerging consensus"
for key escrow has a similarly myopic point of view.
>And the vast business community
>that prefers automated escrow in standard systems.
I feel certain that whatever portions of the business community that
"prefers automated escrow" will get it, in forms which don't make the
government particularly happy.
> What I mean by that is
>software or chips automatically escrowed to, say, Price Waterhouse.
>Business is comfortable dealing with such firms in a trusted relationship,
>and such firms will honor a valid court order to produce records or the
>equivalent--a probable cause court-order for a wiretap.
Most "chips" won't need to be escrowed, for reasons that have been adequated
addressed so far. Data transfer encryption doesn't have to be escrowed, as
Tim May pointed out. And, of course, an encryption chip needn't contain any
sort of permanently-written key, thus obviating the need for "escrow" at all.
>It really depends on how the issue is presented. If it is presented as
>preserving law enforcement access, escrow follows.
No, escrow DOESN'T follow! I think most people who are aware of the issues
figures that the advent of encryption will provide dramatic net benefits for
the public, even after potential negatives such as criminal use of
encryption are factored in.
> The problem is that like
>the nose of the camel, each new piece of legislation establishes a new
>status quo baseline of principle from which to argue, and though we all
>kicked and screamed about it here, the new baseline is the Digital
>Telephony Act.
I concede NOTHING. That Act hasn't been funded, may not be, and with every
passing month there are more people on the 'net who will understand how
unacceptable it is. It's also going to be irrelevant as encrypted telephones
appear, and 'net telephone access becomes more common. No new "baseline of
principle" is produced. Only the thugs who are trying to foist it all on us
would like to believe this.
>As for the only counterargument to the above, that bad guys aren't going to
>use escrowed systems, nothing is perfect, goes the argument, and the FBI
>has caught plenty of bad guys who presumably should have known better, via
>wiretaps.
"the only counterargument"? What are you, a comedian?
>If you look into it, you will find that most people with criminal minds
>don't expect to get caught.
>
>Given the nature of this group it perhaps needs saying that the above is a
>competitor analysis, not an argument nor my own position on mandatory
>domestic key escrow. I'm agin it.
Which is not adequate. To the extent I believe that the market will decide,
if I model the market as a double-pan balance, which makes a decision as to
which side is heavier, I don't want to see the heavy thumb of government
pressing down on one of the pans. That's precisely what the US government
tried to do with Clipper, and astonishingly it appears to have failed. To
merely say that you're against "mandatory" escrow strongly implies that you
would accept manipulation of the market in order to allow government to
achieve its goals , as long as there is an illusion of a choice. I won't,
and I think most people won't, either.
Jim Bell
jimbell@pacifier.com
Return to July 1996
Return to “jim bell <jimbell@pacifier.com>”
1996-07-16 (Wed, 17 Jul 1996 03:53:45 +0800) - Re: How I Would Ban Strong Crypto in the U.S. - jim bell <jimbell@pacifier.com>