1997-05-02 - Re: SAFE Bill discussion

Header Data

From: Greg Broiles <gbroiles@netbox.com>
To: “Shabbir J. Safdar” <shabbir@vtw.org>
Message Hash: c41a3ceb3ea96fd4dd03a4f5073f380671184dfc1f6705c9bc77655d64ec1ef0
Message ID: <3.0.1.32.19970502011449.027f8298@pop.sirius.com>
Reply To: <199705011648.MAA29162@arutam.inch.com>
UTC Datetime: 1997-05-02 08:30:31 UTC
Raw Date: Fri, 2 May 1997 16:30:31 +0800

Raw message

From: Greg Broiles <gbroiles@netbox.com>
Date: Fri, 2 May 1997 16:30:31 +0800
To: "Shabbir J. Safdar" <shabbir@vtw.org>
Subject: Re: SAFE Bill discussion
In-Reply-To: <199705011648.MAA29162@arutam.inch.com>
Message-ID: <3.0.1.32.19970502011449.027f8298@pop.sirius.com>
MIME-Version: 1.0
Content-Type: text/plain


At 09:12 PM 5/1/97 -0400, Shabbir J. Safdar wrote:

>The Administration hates this bill, because it threatens their ability to
>roll out Key Recovery. [...]
>Do you think that if this bill helped the Administration, that they'd be
>out there urging the subcommittee chairman to stop it?  I think not.

Sure they would - it's a standard negotiating tactic. Ask for twice what
you need, then grudgingly accept half of what you asked for, whining and
complaining about how your needs aren't being met, how badly you're being
screwed, etc. Haven't you ever bought a car?

Do you think that the Administration will ever say "We've already
eliminated enough freedom and privacy, we don't need more laws to serve the
'legitimate needs of law enforcement'"? I think not.
 
>I'm also puzzled by the fact that CDT is being criticized pretty much
>solely, even though the entire Internet Privacy Coalition, and several
>other groups all wrote a letter of support of the bill with only a
>criticism of one provision.

I think this is occurring for two reasons:

1.	The people at CDT are closely identified with the stance that the EFF
took on the Digital Telephony bill, which is strikingly similar to the
coalition's approach to SAFE - e.g., cooperate with/support legislation
that's harmful, in hopes that by doing so you'll be able to negotiate away
some of the harm .. "We won't do any better than this, so we might as well
make the best of it." Digital Telephony is not ancient history, and it
hasn't been forgotten. I believe that the people who brokered that
compromise are essentially good people, who had good motives and 99% pure
hearts .. but the Digital Telephony bill is a goddamned embarassment to
people who care about privacy and the Fourth Amendment. Now the FBI wants
the ability to implement SIXTY THOUSAND SIMULTANEOUS WIRETAPS. What sort of
macabre dance do you think they'll be doing with the bones of SAFE in a few
more years? 

2.	It strikes me as unlikely that all of the groups mentioned really sat
down and hashed all of this out - my hunch is that one or two of the groups
wrote up an analysis and a proposed letter, and asked the other groups to
sign on. A likely suspect for the/a group who did the behind-the-scenes
work is CDT. 

>As far as I can tell, everyone criticizing the bill either thinks that:
>
>	a) CDT actually runs all these groups behind the scenes, or

You're not exactly likely to pick up respect or credibility by ascribing
ridiculous or straw-man positions to people who disagree with you. I
haven't seen anyone (not even the resident loons, and usually someone can
be counted on to pipe up and suggest the existence of a massive
alphabet-soup conspiracy) suggest that "CDT actually runs all these groups
..". 

(Don't bother, Toto - I'll do it for you. "C2Net actually runs all these
groups behind the scenes, as anyone who's bothered to inspect the message
headers while drinking a bottle of Scotch can tell you." And, of course,
Jim Bell has a solution for that.)

>Can you consider, perhaps, for a second, that critics of SAFE are being
>unreasonable?  I would think so, as critics of SAFE include the Clinton
>Administration.  Is that the kind of company that cypherpunks keep?

If this is the caliber and depth of reasoning that you bring to bear on
other issues, it's a miracle that you get anything done at all. Some
critics of SAFE are being unreasonable. Some are not being unreasonable.  

>Here's a great excerpt from the Internet Privacy Coalition letter:
>
>  The pending bill provides a positive framework for the reforms that are
>  long overdue in this critical area. It makes clear that the sale or use
>of
>  encryption, a vital technique to promote network security and individual
>  privacy, should not be restricted in the United States. This is the view
>  widely shared by users of the Internet and the computer and communications
>  industry. It was also a central recommendation of the
>  report of the National Research Council last year.
>
>Looks like widespread support from people who study this issue for living.
>I'm glad to be counted among them.

If SAFE (and ECPA II and ProCODE) limited themselves to the "reforms that
are long overdue in this critical area" (export control), you'd probably
find a lot more support among cypherpunks for them.

I'm beginning to think that the focus on the economic aspects of crypto
export control has been a mistake (cf. "export jobs, not crypto" in my
.signature) - because what we're seeing is corporations working out deals
with the government, and privacy and individual interests are getting
screwed. From my perspective, it was an attempt to recast the crypto debate
in terms that make sense to Congress and policy interests - but what we've
ended up with is a debate about how we can help enormous domestic software
companies compete in global markets, not a debate about the relationship
between individuals and the state, or about privacy and speech as
fundamental rights protected by cryptography. I guess the current thinking
is that privacy for humans will come about through a trickle-down effect,
that strong crypto will be deployed on a large scale because it'll be
quickly built into lots of software .. but I doubt it. Big software
companies don't give a fuck if they're selling GAK crypto or weak crypto or
strong crypto, as long as they're selling it. (the people inside may care,
but they're unlikely to be or stay in positions where their opinions
matter.)  

Which is why cypherpunks should write code, and not wait for Microscape to
do it for them, nor for legislators to make it pleasant for them to do so.
If SAFE is the best we can get from Congress (and people who should know
seem to think it is), we can't expect Congress to save us from the
executive branch. (The executive branch was working on this stuff before
anyone outside of Arkansas had ever heard of Bill Clinton, and they'll
probably still be flogging it in four more years. It's useful to hold
Clinton responsible for what he's done, but it's also useful to remember
that this isn't an issue that's going to go away because we elect a
different Demopublican.) 

--
Greg Broiles                | US crypto export control policy in a nutshell:
gbroiles@netbox.com         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            | 






Thread