At 1:02 AM -0700 6/20/97, Lucky Green wrote:
When I joined the Cypherpunks mailing list some years ago, few people even considered a legislative fix to the crypto issue. After all, crypto-anarchy is incompatible with the legislative process. Cypherpunks couldn't care less what happens in DC. They are banning crypto? What else is new?
Well said. And this latest round of laws is just what we expected when Clipper was announced: the concern was never that certain government agencies might have to replace their "STU" machines with a Clipperphone, the concern from the beginning was mandatory use of Clipper-like key escrow systems. (At the risk of gaining another entry in the satires about how I said something long in the past, I wrote a cautionary article in October 1992, 5 or 6 months before Clipper was announced, warning that Prof. Denning and others were "floating trial balloons to ban crypto." How right I was.)
Cypherpunks know that governments do not like crypto. As crypto-anarchy spreads, they will like it even less. The attempt to get governments to sanction crypto is therefore futile. In the end, all non-GAK crypto will be banned.
And the latest bill from McCain and Kerrey is the language pushed by Clinton, so all speculation about whether Clinton will sign it when it passes the Senate and House is moot. Further, the language closely parallels the language we saw recently in the laws floated in the U.K. (remember the "trusted third parties" document?) and in some other countries. That is, this McCain-Kerrey S.909 bill is just the implementation of the OECD/David Aaron/GAK/New World Order/G8 deal to outlaw cryptography use by citizen-units in the various "democratic" nation. It is claimed by some that non-escrowed, non-GAKked, arbitrary strength crypto remains legal for those who don't engage in commerce, who don't sign the keys of others, who don't export, etc. Maybe. Certainly a lot of us will continue to use the versions of PGP 5.x we *IMPORT* from Europe (courtesy of the groups overseas now busily scanning and OCRing the source code exported via FedEx by a Loyal Cypherpunk Who Has Chosen Not to Claim Credit). Certainly we won't be using GAK. But nearly anyone connected with a corporation will probably be told to use a GAK product, to reduce potential liablility and criminality concerns. This is the scenario Whit Diffie outlined several years ago at a Cypherpunks meeting, that pressures would be applied so as to make corporations and other such organizations the main enforcers of such policies. (No, there won't be 100% enforcement. But enough to have a chilling effect on the development of some infrastructures Cypherpunks would like to see. Certainly any sort of untraceable cash infrastructure will be in almost immediate violation of the M-K bill, as it will be in U.K,, Germany, France, Japan, and all the other OECD/G8 nations. Cypherpunks like us can still "bootleg" some untraceably transactions, but not easily. And forget about wide use. This is the desired effect of these new laws.)
Cypherpunks write code,
OK, my chance here to piss off a few of you: I think the "breaking of DES" challenge was, while interesting, a sideshow. And utterly predictable, to anyone who read the 1977-78 papers on the difficulty of breaking DES. As with many Cypherpunks goals, I've been chagrinned to see so much "backsliding" to lesser, less radical concerns. Recent meetings (that I've been to) have been more dominated by "practical" issues of helping PGP, Inc. out, of getting IETF agreement on some form of 3DES use, and on things like the various challenges of known weak ciphers. To quote Bill Stewart, "Foo on that!" We are losing sight of the deeper issues, in my view. The resources used to break DES, if as many people hosted remailers and anonymizers on their machines, would further Cypherpunks goals a lot more than breaking DES, which we all know was breakable (as we know what "56 bits" means). (No, I will not make the usual error of assuming the resources used in DESCHALL could be switched over to remailers and anonymizers....there are many factors which went into why thousands of machines were volunteered, and many or most of them are not applicable to the remailer situation. But it is important to realize that "breaking DES' will have no lasting effect....ironic, isn't it, that the M-K bill sailed through even despite the same-day publicity surrounding the breaking of DES?) We need to stop treating Cypherpunks meetings as marketing arms of corporations, however "friendly" to us in some respects, and get back to our more radical roots. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."