From: ph@netcom.com (Peter Hendrickson)
Date: Thu, 7 Nov 1996 14:54:30 -0800 (PST)
To: "Daniel T. Hagan" <dhagan@vt.edu>
Subject: Re: Why is cryptoanarchy irreversible?
Message-ID: <v02140b10aea81624d693@[192.0.2.1]>
MIME-Version: 1.0
Content-Type: text/plain


At 5:37 PM 11/7/1996, Daniel T. Hagan wrote:
> On Thu, 7 Nov 1996, Peter Hendrickson wrote:
>> If strong cryptography were unpopular and highly illegal, very few
>> people would be using it.  This makes it easy to identify suspects.

> I think the reasons are probably tied closely to your second point.
> Unless strong cryptography was easily distinguishable from weak
> cryptography without taking the time to break it, then how would they
> (law enforcement) recognize that someone was using strong cryptography?

> Or suppose that some one uses strong cryptography and then wraps it in
> weak cryptography.  The outer shell would seem legal, and the authorities
> can't go around randomly breaking people's keys (or so one would assume),
> and even if they did, it wouldn't necessarily be legal as evidence anyway.

In the extreme case, everybody would be sending messages in the clear.
In the case of mandatory GAK, it would be easy to open a bunch of
messages and see if what was inside looked like cryptography.  The
privacy violation could be minimized by requiring a Congressionally
approved test program to applied without any human reading it.  If
the test program said it was cryptography, then this could be considered
just cause for a judge to issue a warrant to the authorities for the
study of the actual message.

The laws regarding what is considered legal evidence are easily
changed if there is a need for it.  Probably they don't need to be
changed all that much.  If you see a lot of PGP messages coming
from somebody, you get a warrant and search their computer for
illegal software.  When you find it, you lock them up forever.

> And finally, you have to consider the possibility of whether a person can
> be identified merely by the fact that there is a message that is
> intercepted that has strong cryptography in it.  I don't know enough about
> remailers and internet protocols/servers to say whether this is a
> reasonable objection or not, perhaps someone else does?

In the absence of strong cryptography, remailers do not offer much
anonymity.

> So, unless I'm incorrect about one of the above points (and I admit that I
> may well be), once cryptography reaches a certain strength, there is no
> reason to relinquish that strength, particularly if you are using it for
> criminal activity.

If the penalties for the use of cryptography are significantly greater
than the penalties associated with the crime, you may opt not to use
cryptography.

Peter Hendrickson
ph@netcom.com