On Thu, 25 Jan 1996, Perry E. Metzger wrote:
Phill refers to the man who said "Gentlemen do not read each other's mail", (Henry L. Stimson) as a twit.
I highly disagree. In some ways I regard him as our patron saint (although the man was actually far from saintly and later as a member of the Roosevelt cabinet adopted an opposite policy of aggressive signals intelligence.)
Why is he our patron saint? He was a government official coming out against invasion of privacy. Isn't that what we are all after, in the end? The reason we deploy cryptography is to assure privacy for all. We often refer to those who listen in on conversations (regardless of who they are) as, in some sense, our opposition. Therefore, is not Stimson's remark in closing down Yardley's "Black Chamber" to be praised rather than attacked?
Perry
Unfortunately what he did was take the emphasis away from personal empowerment and personal responsibility for privacy and put it at the mercy of some creed or moral stand which had: 1> No common calling or degree of obervance in the population, or the intelligence communities at the time. 2> No structure, legal or otherwise, to provide for its enforcement. 3> The rather disturbing impication that no one need take pains to hide their private exchanges because a moral standard would protect them. Instead, at least I always thought, cypherpunks stand for the personal empowerment and personal assurance of privcacy. Indeed everything I can think of discussed here seems to revolve around a single goal- making it easier, and simpler for a person to protect him or herself from unwanted intrusion into data he or she wishes to protect. In fact, some goals, especially where transparency is concerned, seem to take the even more cynical view that the general population would be better off protected by crypto whether they know it or not. Making crypto widely available to the general population, reviewing crypto for its implementation, basic skepticism about the protection afforded by new systems, basic skepticism for systems produced for commercial gain, basic skepticism for government produced systems, arguments for the lessening of government involvement in crypto, crypto standards, and a powerful dislike for the regulation of communication in all forms. Perhaps most importantly, the production, review and discussion of "grass roots" crypto and communications security code. All these, common themes on the list in my view, push us away from some blind notion that all is well in the world, and that man is basically good and will not intrude on his fellows. All these insist that man is curious, probing, and that information is by its very nature nearly impossible to restrain without powerful methods. All these insist that information will be exposed, be it by accident, malice, theft, by hook or by crook, or even well intentioned discourse, unless protected. Isn't this the objection to ITAR? It is folly to try and restrain information by legislation. It should be clear that it is dangerous to depend on anything, be it government, industry, Lotus Notes, the Constitution, the Bill of Rights, your best friend's promise, your wife's pillow talk, and least of all a misplaced faith in the decency of the common man, when your sensitive data is at issue. In short, crypto helps those who help themselves to crypto. I have no sympathy what-so-ever for those who lose the privacy of their data through negligence. I believe they should be estopped from all complaint. I believe they are great fools. Moreover, I note that almost without exception, they try to place the cost of their missteps on the world at large, and the responsibility for policing privacy in the hands of others. "It was not my fault that I left the letter sitting on my desk knowing that the spy convention was about to walk in," they whine, "Someone should DO something about all this immoral letter reading. There ought to be a LAW. How can >I< be expected to stop all these spies?" Is it not clear that allowing this mentality to persist is an unwise and dangerous thing? "Gentlemen do not read other's mail," while noble, clever, and a wonderful bit of public relations, ignores the basic reality of the modern age. There are few gentlemen anymore, and even those occasionally stumble upon something they might not be entitled to examine. Not only is crypto smart, but it distributes the (increasingly small) costs of protecting data properly. It puts the burden on the least cost avoider, and the individual with the best access to full information. "What is this data worth? What would exposing it cost me? How much is it worth to spend protecting this data?" Who better to answer these questions than the owner of the data? How easier to protect it than by the negliagable cost of encrypting it? Not only does placing the burden of data protection on Government or society at large miscalculate and misplace the incentives for the protection of the data, it also places the selection of degree and method of protection on the wrong party as well. In the end it also causes an undue amount of waste. When Mr. May indicates that he does not use PGP very often because he finds it too much trouble to use for most mail, he is part of a process that in the aggregate must save millions of hours and dollars. He is making a decision that data X is only worth an expenditure of Y to protect, and that PGP represents an expenditure higher than Y. Expenditure Y is thus saved, as would be unlikely in a government program. Who among us would argue that government, the phone company, or the church would better make this judgment? I would bemoan a world where gentlemen actually never read each other's mail. Such a world would be so vulnerable to the "first market entry" into the business of mail reading as to be almost beyond salvage. A certain First Minister of France comes to mind who, by his non-observance of the religious restricitons of the day and his alliance with traditional enemies of the Church, reduced Germany to 250 years of fragementation and assured that, for a time, France was the greatest power on earth. "If there is a God," it was said of him, "the minister has much to account for. If not, well, he had a good life." The evil snooping man is hero from one perspective. He is the incentive to be risk averse. He is the skeptic who says that the market is not efficient and bets against it and so makes it efficient once more. Moral utopia of the kind that would see no peeping tom's is a fantasy, and the evil man a-plenty saves us from Germany's fate. So then we should brand Mr. Stimpson as a fool, and a liar. Or at best, perhaps a convert who realized quickly (or not so quickly) the error of his ways and fell into proper line in his later embrace of signals intelligence. At the very least we might apply a less optimistic creed. He who builds on the people builds on mud. --- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information