> I am going to be teaching a seminar on computer law next quarter. One area
> the casebooks seem to entirely ignore is encryption--the area where
> technology is currently supporting privacy and weakening state power. I would
> appreciate either references to or on line copies of useful material. The
> three main things I need are a clear explanation of the technology (public
> key cryptography in particular),
I assume that you just want an explanation of what the technology does, not
how exactly it works, i.e. I am not going to include the formulas and
algorithms, just a description of what it does and how it can be used.
Here's a summary of a couple of the most relevant technologies:
PUBLIC KEY CRYPTOGRAPHY -- each person generates two keys, one is called
teh public key the other is private. These two are related in that what is
encrypted with one can only be decrypted with the other. It is impossible
(computationally infeasible) to derive one knowing the other. The most
popular public key cryptography algorithm is RSA, which is based on the
ease of multiplying large primes, and the difficulty of factoring the
product.
How it is used: you publish the public key, while keeping the private key
to yourself. Anyone can send a secret message to you by encrypting it with
your public key. You are the only one that can decrypt the message, since
only you have the private key.
You can reply by encrypting your message with their public key, and they
can decrypt it with their private key.
DIGITAL SIGNATURES -- techniques that are used to verify that a message
claiming to be from you was actually written by you. To do that, you
compute a "message digest", which is similar to a "checksum" in that it can
be used to check that the message has not been altered. Then you encrypt
the "digest" with your private key and attach to the message. Currently
the most popular "digest" algorithm is MD5.
To verify a signature: the person verifying computes the same checksum,
then decrypts the checksum attached to the message. If the two match, the
message must have been signed by you, since no-one else has your private
key, and could not have generated the signature.
DIFFEY-HELLMANN KEY EXCHANGE -- a protocol by which two communicating
parties can arrive at a secret piece of information that can not be known
to a passive eavesdropper (as in a wiretap), and can not be recovered from
analysis of recorded communication. This secret piece of information is
usually used as the key for a conventional cryptography algorithm such as
DES or IDEA to encrypt following communication.
SENDER UNTRACEABILITY -- use of a protocol by which one of a group of
commnicating entities can send a public message, while it is impossible
to trace the message to the sender. This can be used to send messages
anonymously or pseudonymously and untraceably. One of the protocols that
makes this possible is David Chaum's dc-net protocol, in which every
participant sends some data, and when all the data are combined, the
anonymous message emerges. Another is the mix-net, or "remailer" approach.
In this case, you send your message to a re-mailer, with encrypted
instructions on where to send it. By sending your message through a chain
of such remailers, untraceability is achieved.
RECEIVER UNTRACEABILITY -- a method by which you can retrieve a message
sent to you, without anyone having any way of knowing that you received the
message, or indeed if you received any message at all.
How it works: anyone wanting to leave a message to you encrypts it with
your public key, and posts it on a "bulletin board". You download all the
messages from the bulletin board periodically, and see if you can decrypt
any using your private key.
DIGITAL CASH -- one entity creates some amount of digital "tokens", which
may then be transfered to other people, who can transfer them between each
other, and when they are returned to their creator, he can not trace the
transactions that have occured, only the total balance of a person at the
end of the set of transactions.
> a clear explanation of how it can be used and why it matters,
Each of these technologies by itself can not accomplish much. But if all
these are put together, any person can send messages to any other person,
without anyone but the two of them knowing that a message was sent, or what
it said.
As for why it matters, I include here Timothy C. May's Crypto Anarchist
Manifesto:
The Crypto Anarchist Manifesto
Timothy C. May
tcmay(a)netcom.com
A specter is haunting the modern world, the specter of crypto
anarchy.
Computer technology is on the verge of providing the ability for
individuals and groups to communicate and interact with each other
in a totally anonymous manner. Two persons may exchange
messages, conduct business, and negotiate electronic contracts
without ever knowing the True Name, or legal identity, of the other.
Interactions over networks will be untraceable, via extensive re-
routing of encrypted packets and tamper-proof boxes which
implement cryptographic protocols with nearly perfect assurance
against any tampering. Reputations will be of central importance, far
more important in dealings than even the credit ratings of today.
These developments will alter completely the nature of government
regulation, the ability to tax and control economic interactions, the
ability to keep information secret, and will even alter the nature of
trust and reputation.
The technology for this revolution--and it surely will be both a social
and economic revolution--has existed in theory for the past decade.
The methods are based upon public-key encryption, zero-knowledge
interactive proof systems, and various software protocols for
interaction, authentication, and verification. The focus has until now
been on academic conferences in Europe and the U.S., conferences
monitored closely by the National Security Agency. But only recently
have computer networks and personal computers attained sufficient
speed to make the ideas practically realizable. And the next ten
years will bring enough additional speed to make the ideas
economically feasible and essentially unstoppable. High-speed
networks, ISDN, tamper-proof boxes, smart cards, satellites, Ku-band
transmitters, multi-MIPS personal computers, and encryption chips
now under development will be some of the enabling technologies.
The State will of course try to slow or halt the spread of this
technology, citing national security concerns, use of the technology
by drug dealers and tax evaders, and fears of societal disintegration.
Many of these concerns will be valid; crypto anarchy will allow
national secrets to be trade freely and will allow illicit and stolen
materials to be traded. An anonymous computerized market will
even make possible abhorrent markets for assassinations and
extortion. Various criminal and foreign elements will be active users
of CryptoNet. But this will not halt the spread of crypto anarchy.
Just as the technology of printing altered and reduced the power of
medieval guilds and the social power structure, so too will
cryptologic methods fundamentally alter the nature of corporations
and of government interference in economic transactions. Combined
with emerging information markets, crypto anarchy will create a
liquid market for any and all material which can be put into words
and pictures. And just as a seemingly minor invention like barbed
wire made possible the fencing-off of vast ranches and farms, thus
altering forever the concepts of land and property rights in the
frontier West, so too will the seemingly minor discovery out of an
arcane branch of mathematics come to be the wire clippers which
dismantle the barbed wire around intellectual property.
Arise, you have nothing to lose but your barbed wire fences!
--
..........................................................................
Timothy C. May | Crypto Anarchy: encryption, digital money,
tcmay(a)netcom.com | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: by arrangement.
> and a brief summary of the present legal/political
> situation--in particular, attempts and suggestions that have been made to
> control the technology.
The FBI has proposed a "Digital Telephony" bill, which would require all
providers of any kind of communications service to build in a wiretap
capability for the government. Department of State is restricting the
export of any crypto software, claiming that it is a weapon, and therefore
falls under ITAR (International Traffic in Arms Regulations) rules. Public
Key Partners (PKP) holds the control of patents that cover RSA, and
possibly the very idea of public key cryptography. Someone (I can't
provide a reference) has proposed that anyone that uses encryption should
be required to register their key with the Justice Department, so that the
text could be decrypted if a search warrant is issued. These are all the
attempts to control this technology that come to my mind right now.
The Electronic Frontier Foundation (EFF) can probably provide more
information (e-mail to eff(a)eff.org)
> David Friedman
> DDFr(a)Midway.UChicago.Edu
> DDFr(a)AOL.Com
--
Yanek Martinson mthvax.cs.miami.edu!safe0!yanek uunet!medexam!yanek
this address preferred -->> yanek(a)novavax.nova.edu <<-- this address preferred
Phone (305) 765-6300 daytime FAX: (305) 765-6708 1321 N 65 Way/Hollywood
(305) 963-1931 evenings (305) 981-9812 Florida, 33024-5819