From: "Thomas Junker" <tjunker@mail.phoenix.net>
Date: Tue, 14 Oct 1997 03:50:16 +0800
To: jon@pgp.com
Subject: Re: Attitude and Assumptions
In-Reply-To: <3.0.3.32.19971010180024.00ad8ce0@mail.pgp.com>
Message-ID: <199710131951.OAA23622@raid2.fddi.phoenix.net>
MIME-Version: 1.0
Content-Type: text/plain



While I agree with the general points you make in your Crypto Blues, 
I also agree with what I am reading from others regarding paving the 
way for GAK.  This is probably because you didn't actually deal with 
those criticisms individually in your rant.

To say that you will draw a line somewhere down the road is 
ineffectual. It's not unlike the gun owners who won't join an 
organization, won't communicate with their elected representatives, 
and rely on "Well, if they come for *my* gun, they'll have to pry it 
from my cold, dead fingers!"  It's too late by then.  If and when it 
comes time for one or more of you to decide to quit rather than do 
what is wrong, it will be way too late.  I'm reminded of the 
far-left-liberal comic and actor Dennis whatshisname who, in a 
standup act, made reference to the "cold, dead fingers" view of some 
gun owners and said, "That'll work!"

Whoever it was who said that the capitalists would sell the 
communists the rope with which to hang them was right.  It is even 
worse in today's brain-dead business world where policy decisions are 
made by bean counters who can't see more than 90 days past their 
bottom line and have no visibility whatsoever of the rich component 
mix of that bottom line.  I have no doubt that if and when the time 
comes that the government puts out RFPs for ID chip implant systems 
or tattooing barcodes on our foreheads there will be no scarcity of 
companies lining up to get the contracts.  Free enterprise doesn't 
automatically confer intelligence, forward view, or an understanding 
of freedom and the long-term consequences of undermining it.

It is incumbent on everyone who favors individual liberty and
privacy to do everything possible to prevent the infrastructure for
GAK and other police state measures from being put into place.  Adam
Back is entirely correct in believing only in technical solutions,
not words.  It must remain technically difficult, even impractical,
for politicians and bureaurats to simply prescribe how mechanisms
put in place by well-meaning people will be used to invade privacy
and monitor communications.  The best defense against censorship is
a technological structure that defeats censorship before it starts. 
The best defense against the destruction of privacy is a
technological structure that makes invasion of privacy difficult or
impossible.  It is far better to have a system in which a
destructive proposal fits badly and threatens to cause innumerable
uncontrollable consequences than one which lays the groundwork for
the easy implementation of destructive proposals.

The risk-of-loss set of arguments is also in some ways a large red 
herring.  There is nothing particularly unique about crypto that 
makes the potential loss of information qualitatively different than 
countless garden variety risks with which people deal every day.  
May organizations have stopped backing up desktop PCs.  Most 
everyone tried to do those backups at one time, but as disk sizes 
and data volumes increased it became impractical in many 
organizations.  This represents a far greater risk than the loss of 
messages or files the same employees may keep in encrypted form, but 
there are no interest groups or government bodies trying to propose 
Desktop PC Escrow systems.

Many employees wittingly or unwittingly use the strongest crypto in
existence, from which there is *no* recovery under any circumstances
should the employee drop dead: wetware storage.  Rate of
technological change and increasingly full "plates" have combined to
reduce documentation to historic lows.  If a document becomes
obsolete, even false, virtually the moment it is completed, it is
less likely to be written.  If it's never written because its 
durability is in question or there is too much else to do, it can 
never be recovered except from the functioning mind of the custodian 
of the information, but no one is proposing "brain escrow."  The 
costs of dealing with the loss of an employee with a headful of 
unique knowledge are becoming an expected and largely unnoticed 
thing, like the expectation of a third world business that a simple 
action like fixing a piece of hardware may involve a large multiple 
of the time and money it would cost in any U.S. city.  And still the 
bean counters haven't a clue.

It is even quite common these days that when one of those custodians
leaves an organization there is insufficient staffing to make even a
feeble attempt to pick up what the departing person has left behind.
Rate of obsolescence aggravates this by making it seem easier to
just implement the next version or product than pick up the pieces
of managing the old one.  I've seen people depart, leaving a cube
full of diskettes, manuals and, presumably, notes, only to see the
organization move someone else with different job responsibilities
into the cube and never, ever, not even once retrieve or look at any
of the materials of the departed employee -- not their PC, their
files, their desk, their file cabinets, their manuals -- nothing.

Individuals can also wipe their mail files, wipe their disks, suffer 
disk failures, etc.  They can take the only copy of something home 
and die in a fiery car crash.  They can drop their laptops from 
heights more than the prescribed 2 inches.  It is not possible to 
list the ways in which information can be lost and/or compromised, 
ways with which key recovery cannot possibly attempt to deal.  Since 
many of those things happen all the time in the real world on a daily 
basis it goes unnoticed that the vast majority of them are dealt with 
by the people involved without comment and largely without noticeable 
adverse consequences, just as when smoking was common in offices it 
wasn't particularly noticed that most offices didn't burn down 
despite the widespread use of open flame and smoldering materials in 
tens, perhaps hundreds of millions of instances daily.

Loss of encrypted information is almost a non-issue in reality, 
somewhat like the non-issue of the risk of flying by scheduled 
airline.  Crypto, like airliners, increases the probability that a 
loss will be more noticeable by virtue of quantity, but has no 
inherent effect on the likelihood that a greater percentage of total 
information will be lost.  An employee generally exercises the 
same type of diligence in this area as in the myriad other 
areas where some thought and action must be directed at 
preventing catastrophic loss.  The motivation is the same, 
too:  retention of employment and avoidance of lawsuit.  An 
operations manager already has to figure out how to make sure that 
last year's backups will not only be physically safeguarded but also 
capable of being read and restored should they be needed, for 
example.  There is nothing more magic about "crypto" than there is 
about "backup" in this sense.

Crypto, like the Internet, is a mere conceptual hook on which the
ignorant (strongly represented in the so-called "news" media) can
hang a set of alarms and not necessarily needed solutions.  It's 
an umbrella under which those who have nothing better to do can 
collect a set of issues for conceptual amplification and 
synergistic alarm enhancement, obscuring the fact that many 
functional counterparts to those issues are in the fabric of 
everyday business work.  

The mere use of a computer involves a larger quantity and more
serious degree of "gotchas" than arise in the use of crypto on those
computers, and has for many decades. The manpower lost in the 10+
years it took us all to move past the 640K limit and the 1960's
technology of DOS on the PC platform probably exceeded what would be 
required to do brute force solutions of the worldwide Y2K problem.  

Imagine that someone had latched onto the business danger of loss of
source code in 1960 and had sensitized everyone to the issue to the 
point where this kind of discussion and debate were being conducted 
over the need for national and worldwide standards and mechansisms 
for commercial and government protection against the loss of source 
code.  Imagine the Congress of the U.S. effectively taking the 
position that businesses are too stupid to safeguard the source 
code that runs their enterprises and that the government must 
require the filing of copies of all source code in case anyone 
loses some.  Or that all compilers and source editors have 
source recovery features.  Would that have sounded reasonable at any 
time in the last 30-40 years?  Would it sound reasonable today?

Yes, some people and organizations have lost source code.  No, most
people and organizations have not lost their critical source code. 
Those that do tend to weed themselves out, just as those who tend to
make bad decisions and take self-destructive actions in any area of
life, business or personal, tend to reduce their own effectiveness 
and participation in the game.

GAK is different, of course, in that it brings the agenda of the 
politics of power into the fray, and thus crypto has become the 
subject of an array of efforts as disingenuous as the safety 
arguments of unions when fighting to preserve a completely obsolete 
and useless job function.  All of a sudden governments who never gave 
a rat's ass about the risks to commercial entities of losses of any 
other kind of information in any other context are falling all over 
themselves to promote GAK because they are suddenly overcome by 
altruism.  Right.  Or because they have had a revelation and have 
remembered that commerce is good for the country and government is 
supposed to be a means of providing stable legal and public 
safety structure and not an end in and of itself.  Sure.  

Government never misses a chance to take opportunistic advantage, and
the chance to treat crypto as something qualitatively different than
thousands of other business and personal privacy questions and
mechanisms is too good to pass up.  The opportunity for government
to gain access to information that just happens to be digital is of
far greater significance than any offered justification based on the
danger to businesses that they will be too stupid to assure their
own access to their own information or the danger to nations that a
few people or groups of people may be able to communicate in ways
that preclude surveillance.  The only thing that GAK is about is
government power over individuals and groups -- the gradual
conversion of citizens into subjects, just without all the trappings
of old-fashioned royalty and notions of the divine right of kings.  
Governments see this as an opportunity to gain access to private 
communications in ways that would never have been acceptable in the 
days of paper letters and envelopes.  Because politicobureaucrats, 
like ants, cooperate instinctively to concentrate power in the halls 
of authority we see mulitple facets to the attack on privacy, but 
they are only that -- facets of the same ugly stone.

If the best minds fall into step to build and facilitate the
mechanisms to destroy individual liberty because "someone will do
it," we are lost.  If "someone" does it, but the best minds are
working to make a police state technologically infeasible, we may
not see the light of freedom extinguished after all.  In the past
this battle was heavily influenced by material resources. 
Increasingly, the playing field is being leveled by technology.  The
likelihood that a small number of individuals can significantly
influence the balance has passed the threshold of credible
probability, witness Phil's PGP and numerous other developments. 
This likelihood is on an upward trend, but the forces of darkness
are also making better and better use of technology.  Every person
who can make a difference and isn't committed to individual freedom
is an effective participant in its destruction.  If we have to
explain to our children and grandchildren why they have microchip
transponders in their asses and all their communications are
archived by the government it will be a pretty weak justification to
say that we brought home the paychecks without interruption.

Thomas Junker
tjunker@phoenix.net