A local NYC TV show, The Digital Age, today had David Kahn and Steve Levy discussing crypto, bin Laden and 911 with the show's host, James Goodale, former vice-chairman of the New York Times. The topic was what role encryption may have played in 911. Steve was persuasive in noting that crypto should not be singled out as a lethal technology for terrorism any more than other technology that could be put to malign uses. Cypherpunks got a plug from Steve for making encryption "hip." Though Goodale attempted to get Steve to agree that it was not a good thing for crypto to be liberated from government control, Steve wouldn't buy that, and he credited cypherpunks with a principal role in popularizing and spreading the technology, along with Phil Zimmermann's PGP effort. David Kahn agreed with Steve that there was nothing that could be done about loss of government control of encryption, the technology was out there for all to use for good or bad purposes. David reaffirmed his belief that key escrow would have been best for the country's security, but now it was no longer possible. (We heard David state that a few years back at a crypto conference in NYC.) David was emphatic that public key cryptography is the single most important invention in the entire history of cryptography. Diffie and Hellman were cited, but not the British predecessors.
On Friday, January 4, 2002, at 10:52 PM, John Young wrote:
It's useful to look at the subtext here: the Clipper debate of 1994 was about a particular type of secure phone, the AT&T/Mykotronx Clipper-enabled phone. It was not mandated to replace other systems owned by civilians. (Yes, a lot of us saw the ruse: phase in Clipper and then, down the road, outlaw non-escrowed systems. This is why I call Kahn's comments the "subtext.") Me, I have no problem with people buying key escrow systems. But if they hold a gun to my head and say that I cannot write or speak in the language of my choosing, that I cannot whisper to others, that I must make my conversations "understandable" to wiretappers, then they have earned killing. "Let me understand this...you have come to my house to tell me that I am a criminal facing 20-to-life if I continue to write in my journal in a language you have no key to decipher?" Much is being made of the "new bluntness" in Washington: "Wanted, dead or alive." "We want Osama dead." The same applies to statists: fuck with constitutional rights and you face killing. Singly or en masse. Execution of entire buildings is sometimes justified. Washington, D.C. is long overdue for "termination with extreme prejudice." (Those who are not criminals have had many years to realize this and to get the hell out of Dodge.) The new bluntness.
Their "predecessors" were only predecessors in time, not in intellectual influence or in any causal sense. And their "predecessors" did not contribute the rich set of contributions that Diffie, Hellman, Merkle, Rivest, Shamir, and Adleman have contributed. In fact, we don't even fully know if these "predecessors" fully realized what they had (allegedly) discovered. Further, given that they were not participating in the larger world in the way that Diffie et. al. were, we don't even know where they got their ideas...perhaps from "predecessors of the predecessors." Those who toiled in secrecy have earned the fame that they will never have. --Tim May "The only purpose for which power can be rightfully exercised over any member of a civilized community, against his will, is to prevent harm to others. His own good, either physical or moral, is not a sufficient warrant." --John Stuart Mill
After Levy explained the role of non-gov cryptographers in freeing cypto from government control, with a mention of cypherpunks, the host, Goodale, pressed Kahn and Levy to agree that "punks" and "nerds" should be held accountable for the likely damage to national security that followed. Goodale said punks and nerds with disparagement, as if speaking of anti-socials. He appeared to be expressing a view not his alone but one discussed in the clubs of centralized power. Neither Levy nor Kahn agreed with that view. Levy in particular defended the liberation of crypto with conviction such that Goodale backed off, saying he only meant to state the accusation strongly to get a good response. Again, Goodale seemed to be following an agenda for assigning blame for 911 to crypto availability. Neither Levy nor Kahn cited that investigators have found no use of crypto by the 911 attackers. Levy made the points that nobody knows for sure whether crypto is in use by terroritsts but that it most likely is; that bin Laden would never use an escrow-compromised program; that nobody knows what NSA can crack; that the weakness of crypto is in the implementation not the mathematics; that traffic analysis was used to trace terrorist activities in the embassy bombing investigation. Kahn concurred with these points. It is worth bearing in mind that there continues to be an attempt to demonize crypto by way of 911, that punks and nerds are likely targets, that there may be re-institution of crypto control measures, despite Levy and Kahn disagreeing with that view. This crypto demonization may well intensify as investigations proceed into the government, military and intelligence failure to prevent 911. Whether crypto actually played any role in the attack may be seen as unimportant so long as a convincing story can be promoted that it must have been. ----- On the British predecessors: it remains to be seen how much of their work was leaked to Diffie. We've got an FOIA request into NSA on this topic, now two years old, and have been told by NSA that it has material from the date of the British invention. No work on when or what will be released. Tim is right that Diffie, Hellman, all the PK early developers, deserve all the credit for making PK public and the British deserve none for their compulsive secrecy. And it may be only academic as to who invented PK. Still, it is worth learning what the possibilities are for attacks on PK, especially in the light of its unparalleled reputation for public use, or, as David Kahn said, its value as "the single most important invention in the history of cryptography." That sort of language makes me nervous about what lurks in the heart of PK, its invention, its leak, its liberation, its widespread public use, its seeming impregnability. A fair amount of the reputation of PK is comparable to a sophisticated sting -- the kind Kahn richly documents throughout the history of cryptography. If liberation of cryptography is a sting, what role of cpunks in that? What role vainglory in falling for the allure of anti- authority as the sting unfolds. Levy has words about this, although I have no reason to believe his early vaunting of cypherpunks was part of a wider scheme, nor his recent book. But, still, wizened cryptographers, as Kahn documents, claim you cannot ever be too paranoid. Whatever NSA releases on pre-Diffie PK, it will not be the truth but probably convincing to the believers in fairy tale crypto protection. The Brits way of leaking PK history to accomplish a hidden task or ability is similarly suspicious.
On 5 Jan 2002, at 7:58, John Young wrote:
I don't think anyone claims that it "must have been". Rather, the idea that it might have been, or might be useful for future terrorists, is sufficient to demonize it. Similarly, the 9/11 terrorists didn't use guns, but everyone knows terrorists use guns, The idea of cryptography as munitions isn't just metaphor or, if it is, it's a really really good metaphor.
I'd rank it number 2, after key based encryption. But the concept of key-based encryption seems to me to be relatively obvious (I could have invented it myself if it hadn't been invented already) whereas the idea of public key encryption seems (to me at least) to be counterintuitive and utterly brilliant.
To the extent that paranoia represents a genuine disorder, paranoia refers not to an excessive amount of distrust or precaution- taking, but rather an unrealistic assesment of risks. Carrying a gun around alll the time isn't paranoid. Carrying around cobra antivenom is (assuimng you have no particular reason to expect cobra attacks). The idea that there could be a back door in something as basic as the CONCEPT of public key encryption strikes me as being absurd.
I'd call it "irrelevant" rather than "suspicious". Any time an academic cryptologist discovers something (PK encryption, linear cryptanalysis, differential cryptanalysis..) there's always some spook there claiming he knew about it years earlier. Maybe it's true, maybe it isn't, who cares? If you make a discovery and hide it, you may as well not have made it, and that really is all there is to say on that particular issue. George
participants (3)
-
georgemw@speakeasy.net -
John Young -
Tim May