On Thu, 7 Nov 1996, Daniel T. Hagan wrote:
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time.
I can't think of a reason why this should be so.
If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment.
I am curious why many people believe this is not true.
Peter Hendrickson ph@netcom.com
Look around at all the laws in a community that are unenforceable and largely ignored by significant sections of the community. Taxes are a classic with many people receiving cash and not declaring it..I suppose you could say they just opt not to pay taxes while law abiders (to varying degrees) opt in to pay tax. It is estimated here where all dogs, for example, are required to be registered, that only 40 percent are in fact registered (ie pay the dog tax). The authorities simply do not, with their current technology, have the ability or political will to break down everyone's front door and complete house to house dog searches then deal with court cases and bring eveidence as to the actual owner of the animal where this is a relevant matter to be proved. Take a look at the nearest road and tell me if the speed limit imposed is effective enough to have everyone comply. Dare I mention drugs, political corrutpion, fraud, or murder. Once the tools are 'out' individuals decide whether they will use them, irrespective of what laws may be made to control or ban useage. Certainly those laws will have an impact on individuals decisions as to whether the risk of use, after taking into account the penalty, and importantly the likelihood of detection, will warrant its use. Consider the difficulty of actually outlawing say PGP and making it stick. To ban its use on a network compliance measures such as routine traffic scanning would be implimented. So users may say resort to direct modem to modem systems thus forcing authorities to routinely tap telephone calls, identify modem calls, and analyse these calls. The authorities start to use scarce resources provided by those members of the public that choose to pay taxes to them. These taxpayers may start to get annoyed that resources are being used to do this when it makes no difference to their lives. Even if these measures were successful you could print your pgp output out to paper, post it to your friend, and she could scan it on her computer and decrypt it. The authorities now have to start opening mail and implimenting effective means of identifying the poster of all mail in the community to ensure compliance. If you posted a disk they would need to consume resources routinely scanning every disk for encrypted data..imagine the thousands of jobs that would create..and the costs to the poor taxpayer of implimenting such a scheme. The public starts to get even more annoyed. In fact some members of the public who previously didn't give a damn about the crypto nuts now start to sympathise with them. The authorities have to spend even more resources on publicity and scams to align privacy advocates with terrorists. Some privacy advocates may even become terrorists who before didn't really care for such tactics. Assume the snail mail route is effectively sqaushed what then? Well you could voice call your friend and read the encyphered text to them over the phone and they could then run it through pgp and decrypt it. If the authorities effectively made this too costly (in terms of risk etc) then you could always just jump on a plane and tell them the message personally or send someone else to do that for you. The costs of compliance increase as the authorities take measures to put the genie back in the bottle. Stealth versions of popular programs get released, and further technological advances are made so that the problem becomes greater with respect to compliance as do the costs to the taxpayer of ensuring compliance. Encrypted data that cannot be easily distinguished form noise would require routine analysis and attempted cracking of every bit of data transmitted..a task that would soon bring even the great US economy to its knees assuming the people didn't put a stop to the madness before it reached that point. Just as an aside, I am sure the various spook angencies in the 'free world' are well aware of these issues and no doubt other issues I have not imagined and such considerations have played a part in so far stalling an outright ban on the use of effective encryption programs and devices. There are always costs to a government in the reduction in freedoms, and the ultimate cost to any particular government is that it may stir the beast so much that it awakens and takes away that governments authority whether by democratic means or otherwise.
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Daniel
Or even ordinary mortals...just a thought for consideration :).