At 12:35 AM -0700 10/22/97, Peter Gutmann wrote:
Adam Back <aba@dcs.ex.ac.uk> writes:
Peter Gutmann <pgut001@cs.auckland.ac.nz> writes:
[multiple terabyte CDrom based keying material] Reckon they'll twig, and charge you per megabyte to offer you the "service" of allowing them to "recover" your communications in real time.
Yes, but how will they phrase the requirements? A CD is a single key (in fact 1,000 CD's are all part of a single key)... this leads to the same problem I heard of here a few years ago w.r.t. outlawing gangs: "It would be impossible to word any comprehensive anti-gang legislation in a manner which didn't also outlaw the police". The same goes for certain aspects of escrowing, any escrow rules which are in any way practical and useable will also be open to all sorts of creative interpretation ("You must deposit a copy of your encryption key with the government" -> "Here's the key. Where can I park the forklift that moves the container of CD's?").
I fully agree with Adam that GAK/GMR will not be free. (This is, in fact, one of my biggest objections to GAK/GMR, that it interferes with the transient and frequent generation of keys for varied purposes.) Nothing involving the government is free. TANSTAAFL--there ain't no such thing as a free license. As to "how will they phrase the requirements?," they'll do it as they do it so many areas. The _form_ of the allowable crypto will be specified...the GAK/GMR requirement is a lot more than just a nebulous statement that "real-time access to keys must be possible." (Else one could say, "Hey, but my keys _are_ available on a real-time basis...provided you guys know how to dock with the satellite up in orbit that carries them--yuk yuk yuk.") Parallels exist in many areas. A tax form must be filled out in certain ways, a building permit must conform to certain specifications, and various licenses are in certain required forms. A fee, probably on the order of $50/year, with the usual subsidies for poor people, etc., will stop the "flooding attacks" (which Peter's is a variant of). Limits on the sizes of the keys will fall out of the actual form GAK/GMR must take. I expect GAK will require something like a driver's license, a gun license, or fishing license. A form to be filled out, a fee to be paid, and spot checks to ensure compliance (as when a Fish and Game boat pulls alongside to do a random check of one's catch--note that no search warrant is needed, at least not in the U.S.). Whether random checks of e-mail will be admissable under the U.S. First Amendment, and Fourth, is debatable...this will likely be a core part of the court challenges to GAK/GMR when it is put into law. Whereas there is at least some slight amount of plausibility to the claim that "driving is a privilege, not a right," which is the justification for otherwise-intrusive inspections of automobiles on the roads, there is no such plausible argument for saying speech is a privilege and not a right. Not so long as the First Amendment remains in effect. (Notwithstanding various chippings-away of it.) The situation in Australia, New Zealand, Europe, Asia, etc. is probably different. --Tim May The Feds have shown their hand: they want a ban on domestic cryptography ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^2,976,221 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."