From: Charlie_Kaufman@iris.com
To: cypherpunks@toad.com
Message Hash: 89add7fcc54714365dc6739bd3453b4f3c852af98ba958e19f32acda4be54be3
Message ID: <85256642.0064AF8F.00@arista.iris.com>
Reply To: N/A
UTC Datetime: 1998-07-15 18:14:46 UTC
Raw Date: Wed, 15 Jul 1998 11:14:46 -0700 (PDT)
From: Charlie_Kaufman@iris.com
Date: Wed, 15 Jul 1998 11:14:46 -0700 (PDT)
To: cypherpunks@toad.com
Subject: Re: GAK 4 -- For whom the Doorbell tolls
Message-ID: <85256642.0064AF8F.00@arista.iris.com>
MIME-Version: 1.0
Content-Type: text/plain
GAK4 is technically inaccurate but very good metaphor by which to consider
this proposal. I believe this is a minor skirmish in the war between civil
libertarians and Big Brother with industry playing the role of arms
merchant. It is not Government Access to Keys, it is Government Access to
Encrypted Data, which for everyones purposes is the same thing.
In answer to the question: "Should Cisco and friends be allowed to export
this technology?", of course they should. People should be allowed to
export whatever they want. Even if you're Big Brother, this proposal
enables all the same capabilities as GAK, so there is no reason to oppose
it.
In answer to the question: "Is this a 'compromise' that addresses the
issues of civil libertarians?", not a bit. The devil is in the details, of
course, in issues of whether the government can ask the encryption points
for copies of the data in real time, in an unaudited fashion, and/or with
what kind of "trusted third party" intermediaries. But these questions are
exactly akin to the details to be worked out with GAK and self-escrow.
In answer to the question: "Is there anything at all different between this
proposal and GAK?", the answer is some, and the differences might be
relevant to some. This proposal is a little better than GAK for law
enforcement because it would be easier to use and they tend to be
technically unsophisticated. It is a little worse than GAK for the NSA
because the extra data flows mean that it is harder to conduct surveillance
in a totally undetectable way. It favors some vendors over others because
it favors those who want to encrypt at firewalls over those who want to
encrypt end-to-end. It might slow overall progress in network security
because end-to-end encryption is technically superior (though harder to
deploy) and universal firewall to firewall encryption might reduce the
demand for it.
In answer to the question: "Would approval of this proposal be a good or a
bad thing?", the answer is ambiguous for the civil libertarian side. Any
time a new thing is allowed to be exported, it increases the flexibility of
vendors in crafting solutions and is likely to increase overall security.
On the other hand, anything which makes continuation of export controls
less in-your-face-painful will decrease pressure to repeal them and
therefore may in the long run decrease overall security. And anything which
makes it easier to make systems secure against all attackers other than Big
Brother brings closer the disasterous day when non-GAK crypto can be
outlawed.
If you're Big Brother, approval seems to be uniformly a good thing. It
garners political points among the unsophisticated as being willing to make
"technical compromises". It costs nothing in terms of access. And it may
bring closer the glorious day when non-GAK crypto can be outlawed.
--Charlie Kaufman
Return to July 1998
Return to “Charlie_Kaufman@iris.com”
1998-07-15 (Wed, 15 Jul 1998 11:14:46 -0700 (PDT)) - Re: GAK 4 – For whom the Doorbell tolls - Charlie_Kaufman@iris.com