1996-10-14 - A “RIGHT” to strong crypto? [Was: RE: Binding cryptography - a fraud-detectible alternative to

Header Data

From: Black Unicorn <unicorn@schloss.li>
To: cypher@cyberstation.net
Message Hash: 2c2fb4965f47e7ba72525851e6cf207e3495ca130c6cae36f2ddf3b928080201
Message ID: <Pine.SUN.3.94.961014020541.28315F-100000@polaris>
Reply To: <Pine.BSI.3.95.961013190316.4170A-100000@citrine.cyberstation.net>
UTC Datetime: 1996-10-14 07:55:59 UTC
Raw Date: Mon, 14 Oct 1996 00:55:59 -0700 (PDT)

Raw message

From: Black Unicorn <unicorn@schloss.li>
Date: Mon, 14 Oct 1996 00:55:59 -0700 (PDT)
To: cypher@cyberstation.net
Subject: A "RIGHT" to strong crypto?  [Was: RE: Binding cryptography - a fraud-detectible alternative  to
In-Reply-To: <Pine.BSI.3.95.961013190316.4170A-100000@citrine.cyberstation.net>
Message-ID: <Pine.SUN.3.94.961014020541.28315F-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain


On Sun, 13 Oct 1996 cypher@cyberstation.net wrote:

> > At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
> > >To  explain the backround of "binding cryptography" once more; with
> > >respect to (interoperable, worldwide) security in the information
> > >society socities/governments have to achieve two tasks: 1. 
> > >stimulating the establishment of a security structure that protects
> > >their citizens, but which does not aid criminals.
> > 
> That is pure unadulterated B.S.  That is only a flimsy, ruthless pretext,
> without any foundation whatsoever, to usurp human freedom itself.
> The use of such "Chicken Little tactics - the sky is falling," is an
> unvarnished absurdity. The sky is not falling, in the U.S. and a few 
> other places, people are trying to protect their own unbridled oligarchies
> and elsewhere, where such irrational tactics are being used, it is
> only being used to disguise the real motive of maliciously
> seeking to subject others to their will and power. 

[...]

> If we prohibit strong, unbreakable, cryptography, we are depriving
> a great number of our fellow human beings seeking such freedom from
> tyranny, of an valuable tool that they can use in the pursuit of that
> noble cause. Is that not far more important and far more precious to all
> who cherish freedom, than some irrational fear of how criminals and
> terrorists might use cryptography for malevolent activities? 

[...]

> An information society must encompass the capability to have absolute
> privacy and security if it is to achieve its promise to make us a better
> world. One of those promises is that it will eventually free all humans
> from the power of despotic oppressors. We must struggle but 'We will
> overcome.' Freedom denied, except where PROPERLY tempered by the harm it
> might cause to others, is tyranny; and preventing us from using
> unbreakable cryptographical systems is an obvious denial of free speech
> and every other freedom that humans hold dear.

Remember who it is that you must deal with.  You must deal with
government.  Like it or not, government is the medium here.

Effectively there are three options.

1>  Convince government.
2>  Avoid governmnet.
3>  Overthrow governmnet.

Convince Government:  It is my opinion as a Washington resident, attorney
and beltway fever observer that this is impossible in any meaningful way.
I don't care how many industry people gripe, how many letters go into
senators, how many whimpers there are.  If the Director of the FBI, key
people at Justice, the Director of CIA and the Director of NSA tell the
President that their ability to enforce the law, conduct intelligence
operations and prosecute high profile cases is going to be severely
hampered by strong crypto, you can bet that something is going to get
done.  Crypto is on the radar folks.  So are anonymous remailers (and not
just the penet kind) and so are secure communications in general.  The
government, particularly the executive branch, is a lot more savvy on this
issue than even this list has given them credit for.  They have a 13th
Generation component (Michael Vatis is a great example) who are listened
to by craft superiors (Gorelick), know the issues, know the risks, and
know the weak points. Be very afraid.

Changing their mind is out of the question in my view, and efforts are
better directed elsewhere.

It would be a bit easier if crypto savvy types like our two .nl friends
(of "Binding Cryptography" fame) wouldn't provide them with gelding
instruments, but this is to be expected.

At this point, some original type will suggest that the people (a minority
to be sure as the number of people who know much about the net much less
crypto, while increasing, is unlikely to be very effectual) should just
start whacking officials who aren't crypto friendly.  Let's take it to
option #3 then and address this.

Overthrow Government:

Any student of international relations and/or internal low intensity
conflict will realize that there must be a measure of public support to
back any kind of organized revolt with political ends as its goal.

Terrorism hardly seems a prudent option.  Certainly a net terrorist today
could use his skill and expertise in causing a great deal more havoc with
a great deal less funding and general resource than a terrorist of yore,
but what irony.  Destroying the net to save it?  Bombing power centers to
make the internet free for all man?  Moreover, without larger scale
organization one never reaches the level of "low intensity conflict"
but rather remains at the level of "random terrorism."  The
effectiveness of random terrorism is, I think, historically quite well 
defined.  Essentially it is ineffectual alone.

To bring about the level of organization required to raise the stakes to
"low intensity conflict" or "organizaed revolt" some cadre of supporters
and popular sympathy is required.  Not likely in this case.

It's hard enough to conduct an effective low intensity campaign
with a easily understood mantra (like political system, religious freedom,
fundamentalism, etc.) but to conduct one with the goal of overturning
crypto regulations...?  I understand that many people on this list view
the crypto debate as an essentially free speech issue.  I tend to agree
with this view, but in terms of strict free speech nexi, I am in the
minority and even my agreement is tempered with the realization that such
an expansive reading of free speech is fringe at best.  The question
becomes not what is the right intrepretation of the crypto issue, but how
strongly public sentiment can be identified with the crypto issue itself.
This is a minimal, almost vanishingly small influence outside of this
list.

So we are left with random terrorism in the name of free strong crypto.
Perhaps a few high profile incidents might come off without a hitch by
groups who have it together or have some more impressive leadership or
exotic background, but individual efforts are unlikely to accomplish a
great deal.

Between a few small group efforts and perhaps a single or two successful
individual efforts to make headline news in a few years times we have then
perhaps 5 incidents, two of which might be really scary if they involve
bombings or some such.  This would require at the very least 10-15
active participants, or in the most extreme case 7-10.  Given the past
preformance of the FBI I'd suspect that half or more of the efforts would
result in arrests.

As far as I can tell there are perhaps two or three members on this list
who would come anywhere close to doing actual terrorist acts to further
strong crypto at the moment.  Even by this quite generous estimate I think
its clear that in the next 3 years the liklihood of a government overthrow
or even a marginally successful terrorist campaign is vanishingly small.
Organized low intensity conflict is out of the question in this time
frame.

2: Avoid the Government

I am convinced this is the only answer.  It has essentially always been
the cypherpunk answer.  "Cypherpunks write code."  Cypherpunks get it
done.  etc.  Get the genie out of the bottle and keep it there.  This is
PGP, this is ssh, this is SSL, this is mixmaster, this is remailers.  Get
it out, get it working, get there first.

Ok.  We got some of it there.  Now what?  The lead time on crypto is about
up.  In my estimate regulation will be in place by 1998, if not earlier.
Remember that in many countries regulation already exists.

Efforts put on resisting or moderating crypto are fine.  Political action
is fine.  Even so I submit that technological action is more important at
this stage.  The delaying games are about over.

Where is highly sophisticated stego?
Where are larger keys for symetric ciphers?
Where is a fully functional and secure "stealth PGP"?
Where are anonymous and encrypted WWW clients and hosts which permit
chaining?

If the crypto war is going to be lost it will be lost in the chill of
development when crypto regulation is put into place.

If you don't make the guns in the first place, the government has a much
easier time taking them away.

It is going to take a constitutional amendment or a very very favorable
Supreme Court ruling to keep strong crypto legal.

There is no "right to crypto," as much as Mr. Wood would like to believe
it exists.  Sorry Mr. Wood.  It isn't going to be as easy as all that.

> TVM,
> 
> Don Wood

--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li







Thread