From: "Robin Whittle" <firstpr@ozemail.com.au>
Date: Thu, 21 Nov 1996 02:24:10 -0800 (PST)
To: cypherpunks@toad.com
Subject: Draft OECD crypto guidelines on WWW
Message-ID: <199611211023.VAA02305@oznet02.ozemail.com.au>
MIME-Version: 1.0
Content-Type: text/plain


I have obtained the OECD draft crypto guidelines from:

   http://www.quintessenz.at/Netzteil/OECD/index.html

where they are a Word 6 file.  I have converted them to HTML and put
them at:

   http://www.ozemail.com.au/~firstpr/crypto/oecd_dr.htm

This is probably not the absolute latest draft, but it is the best I
can get.

I think there is a lot of good material here, but they still seem
wedded to the idea of key-recovery or some other means of governments
accessing plaintext or keys.  They seem to assume there will always be
a copy of the key around the place somewhere.  In general, in the
future cryptographic exchanges will use fresh key-pairs for each
session, so not even the user can get a copy of the private key. Maybe
key-recovery techniques are designed to cope with this, but the
question is why would anyone want to use such a system other than that
the government (and some corporations aligned with the government)
want them to?

There is no reason why ordinary or criminal users should be
interested in key recovery/escrow, or weakened key-spaces - what they
need is simple to use, totally secure, end-to-end encryption.  The
whole aim is to make a bulletproof secure pipe that doesn't depend on
any other data, technology or administrative actions.


The draft guidelines have my comments at the start, including a
suggested rewording of paragraph 88 which currently states that
crypto systems *should* provide for lawful access to the
plaintext/key.  

The OECD people do not seem to have considered the fact that
criminals will wrap their material in a crypto system they can trust
before putting it through the government mandated system that they
don't trust. My comments include a more detailed discussion of this
argument, particularly in the situation where criminals are
communicating with non-criminals.  


   In a nutshell, how is all the cost, risk, doubt and 
   complication of key escrow/recovery etc. justified by its 
   benefits for serious crime prevention/deterrence, when the 
   great majority of criminals and a large number of ordinary 
   private and commercial users will be applying their own 
   strong encryption first?

Does anyone know of writing that specifically tackles this question?

This is a separate question from those about whether governments can
be trusted, or about absolute rights to privacy etc.  It is simply a
cost/benefit analysis.  To me the benefits for reducing serious crime
seem slim indeed and the costs - not least the general feeling that
people may be using daily a system specifically designed for tapping
their communications - seem to be very high.


- Robin

. Robin Whittle                                               .
. http://www.ozemail.com.au/~firstpr   firstpr@ozemail.com.au .
. 11 Miller St. Heidelberg Heights 3081 Melbourne Australia   .
. Ph +61-3-9459-2889    Fax +61-3-9458-1736                   .
. Consumer advocacy in telecommunications, especially privacy .
.                                                             .
. First Principles      - Research and expression - music,    .
.                         music industry, telecommunications  .
.                         human factors in technology adoption.
.                                                             .
. Real World Interfaces - Hardware and software, especially   .
.                         for music                           .