John Young writes:

In response to an audience question about wiretaps and crypto, Mr. Michael Nelson of the White House said at the NIST GAK meeting (paraphrased):

We are not concerned with bad people using crypto among themselves, we can handle that. We are more concerned with their using crypto to communicate with regular folks, to make legitimate arrangements -- finance, supplies, travel, and so on -- for their nefarious deeds. It's the intermix of the bad with the good that's the problem.

Most of this reminds me of observations others have made (maybe here) about LEAs' typical use of wiretapping, commercial records, etc. in gathering evidence. It was said that criminals are often tracked/caught because of communications with friends/relatives, and transactions with above-board businesses to rent cars, buy plane tickets, etc. An argument against allegations that free crypto is hazardous proceeds, then, by pointing out that such contacts with *ahem* "regular folks" will be conducted in the clear, or at least that one party will be cooperative with investigators. Whether or not I encrypt my conversation with the Phil Zimmermann Travel Agency, however, doesn't affect the ability or inclination of the PZTA to divulge its records to the TLAs. They would no longer beable (old a.r.k. joke) to learn the contents of the communication directly from a wiretap. But if I understand the technology correctly, they could certainly trace an encrypted call to determine the identity of the other party. After that it's a trivial matter to ask the other party to reveal transaction records. So I don't see how the strong encryption of the "good" significantly interferes with The Legitimate Needs of Law Enforcement in and of itself. (As an aside, the situation may get murky when the Phil Zimmermann Travel Agency carries out transactions over the net with cryptographically sound digital pseudonyms. Depending on the circumstances, true ecash with reasonable payor anonymity may also need to be involved. This is where I suspect untraceable transactions make the LEAs uncomfortable: untraceable garden variety transactions)

Maybe someone else at the meeting heard this differently and will comment, but this seems to mean that the Feds can track, and maybe crack, the crypto-intercomm of "bad people" so long as it is not buried in a torrent of public crypto use. And not commingled with lawful, ECPA- protected(?), communication.

Hmmm. The bit about "the intermixing of bad and good" is puzzling. "Bad" and "good" seem to be defined in terms of the identities of the parties to a communication. Figuring those out isn't hindered by strong crypto per se. I remain unclear as to the source of their expressed concern. Your paraphrase of Nelson's statement strikes me as remarkable. Doesn't "we are not concerned with bad people using crypto among themselves" run completely counter to all the hyperbole about terrorists planning OKC II with PGP ? Does anyone have an exact quotation ? At any rate, sign me up as a "bad person".... Incidentally, recent events in France highlight the absurdity of Les Quatres Chevaliers. The French government's crypto registration requirements don't seem to have been much of a deterrent to the serial Metro bombers -- quelle surprise ! I hope someone in Washington is paying attention. -Futplex <futplex@pseudonym.com>