1996-10-04 - The Myth of the “Balanced” Middle Ground (Was: Re: gack vs. key recovery)

Header Data

From: Ernest Hua <hua@chromatic.com>
To: “Vladimir Z. Nuri” <vznuri@netcom.com>
Message Hash: 3b8f75dfae67d983b3d892671eb82ec19a3bf6f97a063676eb83c32c35fa5838
Message ID: <199610041759.KAA27421@server1.chromatic.com>
Reply To: N/A
UTC Datetime: 1996-10-04 21:56:54 UTC
Raw Date: Sat, 5 Oct 1996 05:56:54 +0800

Raw message

From: Ernest Hua <hua@chromatic.com>
Date: Sat, 5 Oct 1996 05:56:54 +0800
To: "Vladimir Z. Nuri" <vznuri@netcom.com>
Subject: The Myth of the "Balanced" Middle Ground (Was: Re: gack vs. key recovery)
Message-ID: <199610041759.KAA27421@server1.chromatic.com>
MIME-Version: 1.0
Content-Type: text/plain



> From: "Vladimir Z. Nuri" <vznuri@netcom.com>
>
> ... I feel
> that cpunks are equally guilty, by branding anything that emanates
> out of the government as inherently orwellian.  do you always have
> to have an enemy?  is the government always going to be your 
> enemy, no matter what they do?

Actually, the government encourages this view by lying.  We can get
into the many examples on encryption and wire taps, but if the TLAs
keep using lies and PR instead of honesty and facts, then no one
will accept anything they propose as-is.  There will always be some
suspicion of hidden agendas.

And really, the agenda is obvious, but they have always refused to
acknowledge the full extent of it, probably because it would forever
damage their credibility.  At least right now, Freeh has done enough
PR (paid by your generous tax dollars) to make him look like a good
guy.  Janet Reno already looks innocent enough (hey, who could
criticize someone who might look like your grandmother?) ...  The PR
concepts are all there, deliberately or accidentally.

> I have posted here before that many companies find the concept
> of "key recovery" highly acceptable and even desirable.

Let them buy it.  There are companies already making products with
key recovery.  But remember that key recovery are mostly useful to
corporations, so it will be billed as the "professional" version (in
off-the-shelf PC-class software) and also be pushed through the IS
consulting channels.

None of that really addresses E-Mail, I-phone, etc for the rest of us.

> 2. those who feel that there is such a thing as a legal warrant
> or subpoena for information protected by cryptography keys, and
> would agree that this logically means that governments will be
> getting access to "key recovery" infrastructures.

I agree that there is a legitimate interest by legitimate law
enforcement and national security interests.  But ...

1.  If it's so darn easy to get non-GAK encryption, why dumb it down
    for the rest of us?  (Really, I just don't buy the "no plans for
    domestic regulations" bit.  Plenty of current and ex-executive
    branchies have admitted as much in private.)

2.  The Orwellian possibilities are definitely there.  I simply will
    not let the government have drift-net-fishing rights on the NII.
    Sorry.  I'll let them tap one-sie two-sie's, and I want the
    process to guarantee by functional design (not legal constraints)
    that it's expensive to tap more than a few at a time.

> personally I am leaning toward 2, because I feel that we already
> live in such a society, and that it is not orwellian.

That was true because it was too darn expensive.  Hey, at $50K per
tap, I would be really selective about spending my hard-lobbied wire
tap budget.  If I can just push a button, I will be far less
selective. (oh ... and make sure I ask real nicely later in front of
the judge ... maybe ... if I have time ... too busy catching
terrorists and child molesters, y'know)

I'm not as worried about the indiscriminant tapping ordered by "good"
FBI directors; I'm worried about the tapping by the bad ones.  There
is ZERO detectability if the FBI gets everything they want.  There is
not a chance of being accidentally discovered by a phone company
employee or a wandering by-stander.

That lack of check-and-balance is what I am completely against.  I
don't mind letting them have the technology if I can be sure it will
1) work and 2) minimize abuse.

> the recipe for 200+ years has always been
> and remains "eternal vigilance". in other words, I am in favor
> of some kind of mechanism by which the government can obtain
> keys via subpoenas/warrants.

Ok.  So every corporation (big and small) now must have a Chief
Law Enforcement Relations Officer (CLERO) if they build encryption
into their products?  Every software engineering consultant has to
jump through hoops to export their product?

Sorry.  If the software engineering industry were just big mammoth
corporations, I wouldn't care.  But it could just be me and my
home office.  I cannot afford to fly to D.C. to amuse some panel at
the D.o.C. with my stupid key-recovery tricks.  No.  This plan
completely discriminates against small players, and there are a lot
of them.

Finally, writing software is an art.  It is not purely art, but it
certainly is an art, which I believe falls fully under free
expression and the First Amendment.  The work of art is not
functional until someone compiles it and run it on a machine.  So
regulating anything before the actual execution is definitely a
violation of the First Amendment.

I don't have time to deal with privacy but as soon as it starts
executing, it becomes an instrument of privacy so regulating that
is also against my basic beliefs, not to mention my engineering
sense of practicality.

> those who continue to pursue (1) are going to be perceived as
> more and more radical and extremist, because arguably it is not
> even a system we have today or one that was ever devised.

Good point.  If we are not careful, we could get bad PR.  But then,
I've been trying to argue that use of words like "anarchy" is against
good PR principles anyway.  I don't think cypherpunks have such
pristine reputations that we must tread carefully for fear of
damaging our "reputation".

In fact, I don't think we even have one.  That is, in some ways,
worse than having one at all.

> regarding (2): the government may actually help bring crypto
> to the masses via the post office and other routes. are
> cpunks going to continue to hold the simplistic, reactionary,
> knee-jerk, black-and-white opinion that "anything with the
> word 'government' in it is evil"? "if the government is doing
> something, then we must sabotage it"?

I think you are making the obvious mistake that many people make
about similar groups, such as Libertarians.  When someone says you
should be able to freely choose, that is all that they are saying.
They are not saying that someone else may not make a system that is
not ideal, but does provide many other value-added benefits.

Ern







Thread