Whether the crypto wars are over depends on what you consider the dispute to be about in the first place. In the export-control sense, yep, we've won. We may not have had a resounding Supreme Court victory on First Amendment grounds, but the original regs proved politically untenable. How about domestic restrictions? That never really got off the ground in the U.S., even in the darkest days of the 1990s. But either could return swiftly. All it would take for a bill to be introduced is for Al Qaeda to have encrypted information that could have saved thousands of American lives were it decrypted in time. (Life does not follow the TV show "24".) See: http://www.politechbot.com/p-02509.html http://www.politechbot.com/p-02550.html I wouldn't be surprised if such a law would permit non-escrowed crypto to be used to secure communication streams while requiring .gov backdoors in crypto used for hard drive or file encryption. In other words, GPG and PGPdisk might become verboten. Programmers might sensibly scoff, but that's the way the Feds think. How about other restrictions? I don't think the crypto-in-a-crime idea ever got enacted into law, but a Minnesota court this month moved in that direction: http://news.com.com/2100-1030_3-5718978.html In other words, the war is probably not over. It's just in a multi-year lull. The correct preventative tactic to employ right now is to follow the IPv6 model and seed both disk and communication-stream encryption wherever it makes sense. Then it becomes more politically difficult to outlaw. Previous Politech message: http://www.politechbot.com/2005/05/24/crypto-wars-are/ -Declan -------- Original Message -------- Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've won! [priv] Date: Wed, 25 May 2005 18:11:25 -0400 From: Pyke, Gila <gila.pyke@ssha.on.ca> To: Declan McCullagh <declan@well.com> Hi Declan, This email generated a fair amount of discussion amongst my peers. The assertion by someone so well known and respected that the "crypto wars are over" was met with quite a bit of skepticism. A coworker (who wishes to remain nameless) said it best: "The battles over key escrow and export controls aren't the hot topics that they used to be. But that's not because the fight is over, more that it has moved on to other things like digital IDs, biometric passports, and the other hot topics that circulate on this list. Projects like the Clipper chip died not because of politics, but because it was difficult and impractical to deploy and get industry to adopt it (similar to the problems facing technologies such as PKI and smart cards). There are still (smaller) legal battles going on over giving law enforcement the right to decrypt a suspect's hard drive, or ISPs handing out passwords to their users' accounts, or cryptographers facing prosecution for publishing cryptanalytic results, and on and on. It has become more of a privacy battle than an encryption issue, but the battle is still there. And of course, there is still the prevailing paranoia that the NSA and other intelligence agencies have already cracked the crypto algorithms currently in circulation. This isn't too far-fetched considering the number of algorithms that have been broken and retired in recent years. " As far as many of us are concerned, cryptography always was and always will be a controversial science. I don't think the government's interest in controlling it will ever go away, although the face on it may change. Incidents like this one: ------------------- --Hackers Holding Computer Files 'Hostage' (23 May 2005) A new type of extortion plot has been identified, unlike any other cyber extortion, according to the FBI. Hackers used an infected website to infect computers with a program that encrypts the users file. Then the criminal demanded money for the key to decrypt the files. Enhanced versions of this attack threaten large numbers of users with loss of important data, loss of money, or both. http://news.yahoo.com/s/ap/20050524/ap_on_hi_te/internet_ransom ------------------- ...will make sure of that. Efforts like TOR will always feel threatening to some of the people in power, and excuses like the war on terrorism will always give those people a well-hyped excuse to do "what they think is necessary". But that is just my fundie, cynical, tired opinion. Gila Pyke Policy Analyst Privacy and Security Division Smart Systems for Health Agency 416-586-4257 _______________________________________________ Politech mailing list Archived at http://www.politechbot.com/ Moderated by Declan McCullagh (http://www.mccullagh.org/) ----- End forwarded message ----- -- Eugen* Leitl <a href="http://leitl.org">leitl</a> ______________________________________________________________ ICBM: 48.07100, 11.36820 http://www.leitl.org 8B29F6BE: 099D 78BA 2FD3 B014 B08A 7779 75B0 2443 8B29 F6BE [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]