At 10:45 PM 9/18/97 -0700, Wei Dai wrote:
Many of us believe that a crypto ban is inevitable. The only question for us is whether it'll happen sooner or later. Seen in this perspective, all that industry and civil liberties lobbies can do is delay the ban. But is this necessarily a good thing?
Yes. Later is bad, but sooner is worse. First of all, "Soon" means "We lost already", while "Later" means "We haven't lost yet, even though it looks pretty much like we're going to lose later, but we're still fighting them on the seas and the beaches and the bowling greens and we've taken out the occasional deserving politician with a well-placed bowling ball." Also, "Later" might mean "Clinton's out of office, and some of the Republicans have gotten in the habit of pretending they like privacy as long as Clinton opposes it, even though it's traditionally been the Republicans' job to rip off our privacy."
1. An earlier ban will do less damage to existing infrastructure.
Wrong - the more time we have to deploy crypto, get the world used to it, and make it an indispensible part of the industry, the more infrastructure there is. Infrastructure is good, and if we build some and they tear it down, that's just more people lobbying against the Bad Guys. Suppose the Feds tell half the country they need to replace their new cellphone.... Bad enough they have to replace their Verisign key that all their Netscape Mail uses. Also, an early ban means the infrastructure gets built with Big Brother Inside. Suppose the digital signature infrastructure gets built where every cellphone needs a Social Security Signature Number to operate so they can find your Voluntary Escrow Key, and every bank transaction is required to be traceable; compare that with a Carl Ellison style signature system that doesn't need names, only authorizations. And there's a whole lot of digital cash infrastructure to be built, that's only starting emerge as the big financial institutions get on board. If crypto gets banned early, there's no chance of a Chaumian or agnostic or even vaguely private system getting adopted, and once the Bad Infrastructure is in place, it doesn't matter if the laws get relaxed, because the banks won't change. The timing is especially sensitive because the Diffie-Hellman patent just expired, and Merkle-Hellman and Hellman-Pohlig go next month, and the whole field becomes legal for Americans to work in without license restrictions and for Non-North-Americans to write software they can sell in the US without licensing. That means there should be a lot of new products emerging in the next year or so - and Escrowed Key Certification Authorities are especially silly in a Diffie-Hellman environment, where you're using the registered part of your key to sign a random half-key used to generate the session key....
2. A ban can not and will not stop crypto. It will force people to work around it, but ultimately it will not achieve its goal. We might as well start working around it sooner.
Momentum is good - more people working around it, and more people working against it, and more people hassling their Congresscritters.
3. A ban will eventually be lifted, because of the impracticality of GAK, abuses, wide-spread security problems caused by added complexity or hackers stealing the master keys, ineffectiveness, sympathetic courts etc. The sooner it comes into effect, the sooner it goes away.
No, the sooner it goes into effect, the later the things built with it go away. Think of all the places your Social Security Number has spread, partly by design and partly because it's a convenient database key. Will your Public Key Infrastructure ID be on all your digital transactions? Who's going to bother replacing that with the infrastructure needed for Web Of Trust business relationships? Furthermore, in an Escrowed Society, encryption gets built with the id and signatures on the outside and the privacy inside, so it's easy to trace whose communication you're wiretapping. That kind of architecture isn't easily replaced, even if the key is no longer escrowed, so traffic analysis becomes easy even after message reading becomes harder.
4. A ban will focus public attention on crypto, especially if it creates some of the problems mentioned above. This will accelerate deployment of crypto after the ban is lifted.
In summary, the government is obligated to try and eventually fail to ban crypto. We might as well let them get it over with.
We've blown them off over Clipper 1, Clipper 2, Clipper 3, and Clipper 4. Better to blow them off over Clipper 5 and Clipper 6 than give in. Thanks! Bill Bill Stewart, stewarts@ix.netcom.com Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639