1997-06-28 - Re: Hettinga’s e$yllogism

Header Data

From: Kent Crispin <kent@songbird.com>
To: cypherpunks@Algebra.COM
Message Hash: 2ab31f5ec64f629a9c444f6f60da7301c5701fd548ca9256f1ab7778f35c1a2a
Message ID: <19970628163155.33743@bywater.songbird.com>
Reply To: <v03020929afd325266f9d@[139.167.130.247]>
UTC Datetime: 1997-06-28 23:42:55 UTC
Raw Date: Sun, 29 Jun 1997 07:42:55 +0800

Raw message

From: Kent Crispin <kent@songbird.com>
Date: Sun, 29 Jun 1997 07:42:55 +0800
To: cypherpunks@Algebra.COM
Subject: Re: Hettinga's e$yllogism
In-Reply-To: <v03020929afd325266f9d@[139.167.130.247]>
Message-ID: <19970628163155.33743@bywater.songbird.com>
MIME-Version: 1.0
Content-Type: text/plain



On Sat, Jun 28, 1997 at 11:13:17AM -0700, Tim May wrote:
> At 10:11 AM -0700 6/28/97, Kent Crispin wrote:
> 
> >So how is that different than the current situation without
> >cryptography?  If people couldn't live with key escrow, how can they
> >live with the current situation?  Answer:  they live with the current
> >situation because the government abuses you describe are kept below
> >the revolution threshold.  The same would be the case with key escrow.
> 
> Not intending to squelch the thread by invocation of Godwin's Law, but how
> does Nazi Germany fit into this model?

?How does Nazi Germany fit into any model?

> In case this isn't clear, the concern is that a GAK system is very
> dangerous should a Nazi-like regime develop (or even should a J. Edgar
> Hoover and/or Craig Livingstone regime develop). While regimes  of the past
> few decades _may_ not be abusive in this way (apologies to Reagan, Bush,
> and Clinton haters out there), the deployment of GAK would be a tempting
> target for future despots and satraps.
> 
> Thanks, but I'll keep my own records, my own crypto keys, and my own money.

Of course it would.  So would current bank/brokerage/business records. 
So would your personal records (if they were interesting) and money
(if there was enough of it).  Certainly keys in a government TTP would
be a easier target than some.  But (since we are here) Nazi Germany is
proof that there are plenty of other targets, perhaps not quite as
juicy, but just as viable.  And Nazi Germany is also proof that strong
crypto really doesn't do much good when the rubber hoses can be
deployed without hinderance.

In fact, your safety and wealth depends in large measure on the
protections provided by that government you scorn.  In any healthy
tyranny the jackboots would have been on your throat long ago,
regardless of your little arsenal, and your money would be purchasing 
toys for the rulers.

> >But so what? Right now the government has intimate knowledge of your
> >finances through tax records and other sources, and has the power to
> >put liens on your property and your cash for all kinds of reasons.
> 
> This overstates the knowledge the government has of our finances. 

Perhaps.  It's a mere matter of degree, though -- the point is that 
the government already has power to compel reporting in many cases, 
and life goes on...

[...]

> My view on GAK is quite simple: let those who wish to escrow their keys do
> so. Let those who don't wish to keep their own keys and use crypto
> algorithms of any strength they desire.

Well, good.  That's my view of it, also.

> >Assuming certain models of key escrow, yes.  Under other models, no.
> >But imagine the worst case -- GAK creates a huge unwieldy expensive
> >computerized infrastructure and associated bureacracy.  What
> >happens?  Businesses find other ways to protect their data and
> >transactions, huge economic inefficiencies develop, and the whole
> >thing collapses and goes away.
> >
> >It's amazing how little faith libertarians have in the market system,
> >isn't it?  :-)
> 
> A cheap shot, even taking into account Kent Crispin's shilling for GAK.

Like shooting fish in a barrel, really.  Anyway, you know that I don't
favor GAK, so where are you coming from?  All I have ever said is 
that there is strong corporate demand for enterprise level key 
recovery. 

> If a key escrow system is in fact purely voluntary, who cares? I, for one,
> don't.
> 
> (Though I often look at "voluntary" systems with an eye toward what I call
> the "flag day scenario," where a legislative or executive-level "switch" is
> thrown and what was once voluntary becomes mandatory. I oppose government
> involvement in infrastructures which could too easily become mandatory.)

That's the rub.  You say "voluntary -- who cares", but fight tooth and
nail when customer demand forces companies like PGP and TIS to
implement some form of key recovery -- rather than face the facts, you
claim it's all government pressure and brainwashing, and advocate
employee sabotage of company products.  Well, there certainly is
government pressure, but there is *also* legitimate, informed, demand. 

[Your description of legitimate, informed, demand deleted]

> And, as nearly all of us (_nearly_ all of us!) have pointed out,
> repeatedly, whatever the putative need for key recovery is within
> corporations, there is essentially no need for such a thing for
> *communications*! The only viable customer for a communications key is
> someone who has intercepted the communication!

Certainly.

[...]

> So, will government please drop all consideration of "key recovery" for
> _communications_?
> 
> (I rather doubt this.)

I rather doubt it, also.  However, escrow of communications keys is,
in my opinion, not only completely illegitimate, but idiotic from
a technical point of view.  So, I think this effort on the part of the
gov will fail.  

> >Governments have devalued currencies many many times in the past
> >without the need of key escrow...key escrow is an independent issue.
> 
> Sure, but one of the potential advantages of strong crypto is the
> oft-discussed "denationalization of money." Leading bankers are beginning
> to see the light on this.

Some might see this as ultimate fascism...in the long run, putting the
force monopoly purely under control of those with money.  In any 
case, speculation.

> (See, for example, the cover story in "Wired" several months ago, where the
> blurb was about Walter Wriston "sounding like a cypherpunk.")

I generally don't read "Wired".  Geez -- I don't even have time to
read the "archives"...  :-)

-- 
Kent Crispin				"No reason to get excited",
kent@songbird.com			the thief he kindly spoke...
PGP fingerprint:   B1 8B 72 ED 55 21 5E 44  61 F4 58 0F 72 10 65 55
http://songbird.com/kent/pgp_key.html






Thread