On Sun, 13 Oct 1996 cypher@cyberstation.net wrote:
At 11:48 AM 10/13/96 +0000, everheul@mail.rijnhaave.nl wrote:
To explain the backround of "binding cryptography" once more; with respect to (interoperable, worldwide) security in the information society socities/governments have to achieve two tasks: 1. stimulating the establishment of a security structure that protects their citizens, but which does not aid criminals.
That is pure unadulterated B.S. That is only a flimsy, ruthless pretext, without any foundation whatsoever, to usurp human freedom itself. The use of such "Chicken Little tactics - the sky is falling," is an unvarnished absurdity. The sky is not falling, in the U.S. and a few other places, people are trying to protect their own unbridled oligarchies and elsewhere, where such irrational tactics are being used, it is only being used to disguise the real motive of maliciously seeking to subject others to their will and power.
[...]
If we prohibit strong, unbreakable, cryptography, we are depriving a great number of our fellow human beings seeking such freedom from tyranny, of an valuable tool that they can use in the pursuit of that noble cause. Is that not far more important and far more precious to all who cherish freedom, than some irrational fear of how criminals and terrorists might use cryptography for malevolent activities?
[...]
An information society must encompass the capability to have absolute privacy and security if it is to achieve its promise to make us a better world. One of those promises is that it will eventually free all humans from the power of despotic oppressors. We must struggle but 'We will overcome.' Freedom denied, except where PROPERLY tempered by the harm it might cause to others, is tyranny; and preventing us from using unbreakable cryptographical systems is an obvious denial of free speech and every other freedom that humans hold dear.
Remember who it is that you must deal with. You must deal with government. Like it or not, government is the medium here. Effectively there are three options. 1> Convince government. 2> Avoid governmnet. 3> Overthrow governmnet. Convince Government: It is my opinion as a Washington resident, attorney and beltway fever observer that this is impossible in any meaningful way. I don't care how many industry people gripe, how many letters go into senators, how many whimpers there are. If the Director of the FBI, key people at Justice, the Director of CIA and the Director of NSA tell the President that their ability to enforce the law, conduct intelligence operations and prosecute high profile cases is going to be severely hampered by strong crypto, you can bet that something is going to get done. Crypto is on the radar folks. So are anonymous remailers (and not just the penet kind) and so are secure communications in general. The government, particularly the executive branch, is a lot more savvy on this issue than even this list has given them credit for. They have a 13th Generation component (Michael Vatis is a great example) who are listened to by craft superiors (Gorelick), know the issues, know the risks, and know the weak points. Be very afraid. Changing their mind is out of the question in my view, and efforts are better directed elsewhere. It would be a bit easier if crypto savvy types like our two .nl friends (of "Binding Cryptography" fame) wouldn't provide them with gelding instruments, but this is to be expected. At this point, some original type will suggest that the people (a minority to be sure as the number of people who know much about the net much less crypto, while increasing, is unlikely to be very effectual) should just start whacking officials who aren't crypto friendly. Let's take it to option #3 then and address this. Overthrow Government: Any student of international relations and/or internal low intensity conflict will realize that there must be a measure of public support to back any kind of organized revolt with political ends as its goal. Terrorism hardly seems a prudent option. Certainly a net terrorist today could use his skill and expertise in causing a great deal more havoc with a great deal less funding and general resource than a terrorist of yore, but what irony. Destroying the net to save it? Bombing power centers to make the internet free for all man? Moreover, without larger scale organization one never reaches the level of "low intensity conflict" but rather remains at the level of "random terrorism." The effectiveness of random terrorism is, I think, historically quite well defined. Essentially it is ineffectual alone. To bring about the level of organization required to raise the stakes to "low intensity conflict" or "organizaed revolt" some cadre of supporters and popular sympathy is required. Not likely in this case. It's hard enough to conduct an effective low intensity campaign with a easily understood mantra (like political system, religious freedom, fundamentalism, etc.) but to conduct one with the goal of overturning crypto regulations...? I understand that many people on this list view the crypto debate as an essentially free speech issue. I tend to agree with this view, but in terms of strict free speech nexi, I am in the minority and even my agreement is tempered with the realization that such an expansive reading of free speech is fringe at best. The question becomes not what is the right intrepretation of the crypto issue, but how strongly public sentiment can be identified with the crypto issue itself. This is a minimal, almost vanishingly small influence outside of this list. So we are left with random terrorism in the name of free strong crypto. Perhaps a few high profile incidents might come off without a hitch by groups who have it together or have some more impressive leadership or exotic background, but individual efforts are unlikely to accomplish a great deal. Between a few small group efforts and perhaps a single or two successful individual efforts to make headline news in a few years times we have then perhaps 5 incidents, two of which might be really scary if they involve bombings or some such. This would require at the very least 10-15 active participants, or in the most extreme case 7-10. Given the past preformance of the FBI I'd suspect that half or more of the efforts would result in arrests. As far as I can tell there are perhaps two or three members on this list who would come anywhere close to doing actual terrorist acts to further strong crypto at the moment. Even by this quite generous estimate I think its clear that in the next 3 years the liklihood of a government overthrow or even a marginally successful terrorist campaign is vanishingly small. Organized low intensity conflict is out of the question in this time frame. 2: Avoid the Government I am convinced this is the only answer. It has essentially always been the cypherpunk answer. "Cypherpunks write code." Cypherpunks get it done. etc. Get the genie out of the bottle and keep it there. This is PGP, this is ssh, this is SSL, this is mixmaster, this is remailers. Get it out, get it working, get there first. Ok. We got some of it there. Now what? The lead time on crypto is about up. In my estimate regulation will be in place by 1998, if not earlier. Remember that in many countries regulation already exists. Efforts put on resisting or moderating crypto are fine. Political action is fine. Even so I submit that technological action is more important at this stage. The delaying games are about over. Where is highly sophisticated stego? Where are larger keys for symetric ciphers? Where is a fully functional and secure "stealth PGP"? Where are anonymous and encrypted WWW clients and hosts which permit chaining? If the crypto war is going to be lost it will be lost in the chill of development when crypto regulation is put into place. If you don't make the guns in the first place, the government has a much easier time taking them away. It is going to take a constitutional amendment or a very very favorable Supreme Court ruling to keep strong crypto legal. There is no "right to crypto," as much as Mr. Wood would like to believe it exists. Sorry Mr. Wood. It isn't going to be as easy as all that.
TVM,
Don Wood
-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li