At 4:43 PM 11/7/1996, Timothy C. May wrote:
At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
* Identification of high-entropy traffic (putatively: encrypted traffic) would require extensive surveillance, tapping, and whatnot. The infrastructure for this does not exist, and would cost an enormous amount to deploy.
This could be financed by taxing routers, computers, modems, leased lines, and the like. The fraction of the total cost of communications equipment would be minimal.
* (This is why so many of us want a crackdown on crypto delayed for as long as possible: every year that passes means more networks, more intranets, more channels, more modes, etc. Satellites, fibers, etc.)
But, in the face of near unanimous belief that strong cryptography must be stopped, this would not matter. Most of the operators of this equipment would be eager to help.
* High-entropy traffic does not mean encryption, either. And encrypted traffic can be twiddled to look like lower-entropy traffic (and I don't even mean steganography, I mean adjusting message statistics).
I'm not sure I entirely understand this, but I am as skeptical of this as I am of reasonably high bandwidth stegonography operated over several years. I think this is a real hard problem, especially if 100% accuracy is not required.
* Once crypto has become widespread, and is built into mailers, browsers, etc., there will be many people already using those old mailers and browsers. Throwing Mom and Pop in jail because they forgot to turn off the PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even in an era of supposed "zero-tolerance." (And California and Arizona just voted to effectively decriminalize pot..."medical use of encryption" on the 2005 ballot?)
You are proposing a likely scenario: large numbers of people think there's nothing wrong with a little encryption now and then. But, that is not the scenario I am discussing. I am discussing the Four Horsemen scenario where terrible things are enabled by the wide deployment of strong cryptography. Most of us would accept greater surveillance and some restrictions of our liberties if we believed that our lives and fortunes were endangered. In this environment, you might have a three month grace period for people to change to legitimate tools. Then the police would probably practice a certain amount of discretion. If they catch Mom or Pop with a pre-ban crypto program, they'll bring them in and give them a good talking to, and then let them go. After a year or two you prosecute. Mom and Pop will get with the program. Violators will be seen as being quite irresponsible, regardless of age.
* Steganography. Entire volumes can be written about this. I believe I was the first to propose, in a 1988-89 series of articles on sci.crypt, the use of LSBs in image and sound files to transmit huge amounts of information, with detection very difficult. As I told Kevin Kelley--reported in his "Whole Earth Review" article and in his excellent "Out of Control" book--a single DAT tape of a musical recording can easily carry 150-200 MB of "message" just in the LSBs!
I strongly suspect that there are patterns in how sensors function and in real tapes. They may be subtle. The government need not reveal any particular knowledge of these patterns. All they have to do is set up a series of labs, each of which is expert in one kind of known pattern. When studying a suspect's communications - or tape - the information gets passed through these labs. If any of the labs flags the data as suspicious, a search warrant is issued. The prosecution is then based on evidence that the search warrant turned up so the stego need never be introduced into court.
Unless all tapes are checked at the border--and what are live tapes, with lots of noise in the bottom few bits of each word--to be compared against? The mind boggles at the task.
There's no reason why we have to allow live tapes to cross borders without some questioning and explanations. Iran did this for many years when they were trying to keep the Ayatollah's speeches out. It didn't work, of course, but it did not have popular support, either.
* "Legitimate needs." The whole notion Peter raises of banning cryptography is fraught with problems. Are businesses to be told that all communications are to be in the clear? Or is Peter's point that some form of GAK will be used?
My point is that the government can do whatever it needs to do if there is strong public support. If it is too expensive to decrypt even GAK'ed communications, then it may be made illegal to encrypt anything. I am inclined to think that even in the Four Horsemen scenario, the government would prefer GAK'ed communications because it gives them greater leverage. People speak more freely when they think not everybody can hear what they are saying. Somebody brought up the Catholic church's custom of confessionals a few weeks ago and suggested that it was a powerful political tool. (Sorry I can't remember who said this.) I am sure this is the case. The priests don't even have to break their vows of secrecy for this to be the case - they simply summarize the results. Had the early Christian custom of public confessional been followed, the Church would have had far less political power. Of course, once somebody has confessed deep secrets to you for years, they will be reluctant to push their luck to far when opposing you.
(If the latter, then of course we are back to an even better form of "stego" than stego itself: superencrypt before using GAK. Unless the government samples packets randomly and does what they say they will do to open a GAKked packet--e.g., get a court order, go to the escrow key holders, etc.--then how will they know if a message is superencrypted? And what if a GAKked message contains conventional _codes_? Are shorthand codes such as business have long used--"The rain in Rome is warm this month"--to be illegal?)
There is no reason at all to assume that the government will get warrants. For instance, maybe a warrant only applies to people and not to machines. So, the court could decide - if it were so inclined - that it was not a violation of the Bill of Rights to automatically scan messages for suspicious looking material so long as the material itself was not revealed without a warrant. Then the results obtained could be used to justify a warrant, reading of the material by human agents, and the further issue of more warrants. To make this convenient they could even keep a judge in the basement.
* The point being that "rogue crypto" (terrorists, crypto anarchists, freedom fighters) gets lost on the blizzard of other uses. And shutting down all crypto means shutting down business use of crypto to protect secrets, and probably means an end to digital commerce.
No, GAK does not mean an end to digital commerce or an end to secure business communications. It just means that you have to register with the government for a cryptography license which gives you a unique public key to use to encrypt your keys for the government's use. If the license costs $1000 for ten years that should cover the costs. Companies which are terribly worried about compromise of the government secret key could purchase many of them frequently to reduce the damage. (Earlier I said something about GAK harming Net commerce. It does, but not irreparably. It delays its onset and increases its cost.)
(This is another reason we want to delay action on crypto for as long as possible: make encrypted communications so widespread in commerce that to pull the plug would mean a financial calamity.)
GAK does not require anybody to pull the plug. It could be implemented as an add-on to PGP with extraordinary ease. PGP (Tim knows this, this is for others) currently encrypts the session key with the recipients public key. You would just have to extend this to also encrypt the session key with the government key, maybe one you purchase for your own communications.
* Intent. It's hard to imagine someone being imprisoned for using cryptography, except perhaps in wartime conditions. I may be wrong. Also, there are deep Constitutional issues we haven't been much discussing.
If the Four Horsemen scenario were correct, then it is easy to envision strong public support for the crime of practicing unlicensed cryptography. If I believed that I might get shot if we didn't have such restrictions, I would be might inclined to support such laws myself. The Constitution can be amended, and Judges tend to be compliant when there is a national consensus and when they want to make very sure that nobody is using Assassination Politics to put them in the crosshairs.
* Offshore sites. Even if U.S. citizen-units are proscribed from using crypto--a hard thing to do--many crypto-anarchic markets will flourish overseas. (If communication with offshore persons or sites is allowed, all sorts of things can be done. If such communication is banned, this means a profound change in the American system.) [I have not fleshed out the arguments here, adequately, so don't focus on this point to rebut the rest of my arguments, please.]
Yes, I agree with this. In many other countries they are going to be simply too disorganized to outlaw strong crypto. If the Four Horsemen scenario is correct, these societies will dissolve into Hell. Sad, for them! The USG may see this as positive in terms of its hegemonic desires. But, this does affect the American situation. Strong border controls would have to be in place to hamper efforts to bring troublesome technologies here and to prevent the importation of assassins.
In another post, Peter posits a condition where people are appalled at the implications of crypto and there is no popular support for it. But is he implyiung that neighbors will burst into the homes of others to ferret out crypto. I doubt this vigilantism will ever happen.
I also doubt that it will happen because it will turn out that cryptoanarchy is basically a positive development. Even in the Four Horsemen scenario, I think it unlikely that vigilantism will be necessary. Neighbors will simply inform on their "nerdy" neighbors and collect that $50,000 reward and feel they did good by doing it. Search warrants will take care of the rest. However, I could imagine vigilantism developing if unlicensed cryptography became sufficiently unpopular. Certain crimes are seen as so offensive that many people would be delighted to take the law into their own hands. There was a border incident during the Second World War between Switzerland and Germany. Switzerland ("The Little Porcupine", as the Germans would have it) was attempting to stay out of the war. Refugees from Germany were returned if they were found. This resulted in some ugly handoff scenes at the border. In one of them, an SS man (I believe) who was taking custody of a family had the poor taste to throw a baby on the ground as hard as he could. The Swiss border guard expressed his disapproval of the man's poor manners by shooting him dead on the spot. This caused a major diplomatic crisis for Switzerland. It is interesting to speculate on whether the Swiss border guard did the right thing, but few people will fail to have a strong visceral reaction in his favor. People just don't like seeing children come to harm. If unlicensed cryptography were seen as an equivalently heinous crime, you might well see vigilantism come into the picture.
(My gun example is apropos. I believe we are fast approaching a point where most people want guns outlawed. But it won't happen, as there are not enough cops and military people willing to raid private homes in contravention of the Bill of Rights and at personal risk to themselves....and so it won't happen.
I should point out that when I say "strong public support" I mean something on the scale of how people feel about murder, not 51% of the voters. The same thing is true of guns. Sure, a majority of the people might vote for gun control, but the gunnies feel so strongly about it and are so stubborn and so well organized that it isn't really worth the trouble.
Once crypto is deeply intertwined into the fabric of life and commerce, it'll be too late to pull the plug.
I think this is true, but only because it will be clear that the benefits of GAK (if there are any) would clearly not be worth the effort. Peter Hendrickson ph@netcom.com