Why is cryptoanarchy irreversible?
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time. I can't think of a reason why this should be so. If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment. I am curious why many people believe this is not true. Peter Hendrickson ph@netcom.com
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time.
I can't think of a reason why this should be so.
If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment.
I am curious why many people believe this is not true.
Peter Hendrickson ph@netcom.com
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released. Once a terrorist has strong crypto, why should they stop using it if it becomes illegal? Daniel --- Daniel Hagan http://acm.vt.edu/~dhagan CS Major dhagan@vt.edu http://acm.vt.edu/~dhagan/PGPkey.html Virginia Tech Key fingerprint = DB 18 30 0A E1 69 7E 51 E2 14 E3 E3 1C AE 69 97
On Thu, 7 Nov 1996, Daniel T. Hagan wrote:
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time.
I can't think of a reason why this should be so.
If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment.
I am curious why many people believe this is not true.
Peter Hendrickson ph@netcom.com
Look around at all the laws in a community that are unenforceable and largely ignored by significant sections of the community. Taxes are a classic with many people receiving cash and not declaring it..I suppose you could say they just opt not to pay taxes while law abiders (to varying degrees) opt in to pay tax. It is estimated here where all dogs, for example, are required to be registered, that only 40 percent are in fact registered (ie pay the dog tax). The authorities simply do not, with their current technology, have the ability or political will to break down everyone's front door and complete house to house dog searches then deal with court cases and bring eveidence as to the actual owner of the animal where this is a relevant matter to be proved. Take a look at the nearest road and tell me if the speed limit imposed is effective enough to have everyone comply. Dare I mention drugs, political corrutpion, fraud, or murder. Once the tools are 'out' individuals decide whether they will use them, irrespective of what laws may be made to control or ban useage. Certainly those laws will have an impact on individuals decisions as to whether the risk of use, after taking into account the penalty, and importantly the likelihood of detection, will warrant its use. Consider the difficulty of actually outlawing say PGP and making it stick. To ban its use on a network compliance measures such as routine traffic scanning would be implimented. So users may say resort to direct modem to modem systems thus forcing authorities to routinely tap telephone calls, identify modem calls, and analyse these calls. The authorities start to use scarce resources provided by those members of the public that choose to pay taxes to them. These taxpayers may start to get annoyed that resources are being used to do this when it makes no difference to their lives. Even if these measures were successful you could print your pgp output out to paper, post it to your friend, and she could scan it on her computer and decrypt it. The authorities now have to start opening mail and implimenting effective means of identifying the poster of all mail in the community to ensure compliance. If you posted a disk they would need to consume resources routinely scanning every disk for encrypted data..imagine the thousands of jobs that would create..and the costs to the poor taxpayer of implimenting such a scheme. The public starts to get even more annoyed. In fact some members of the public who previously didn't give a damn about the crypto nuts now start to sympathise with them. The authorities have to spend even more resources on publicity and scams to align privacy advocates with terrorists. Some privacy advocates may even become terrorists who before didn't really care for such tactics. Assume the snail mail route is effectively sqaushed what then? Well you could voice call your friend and read the encyphered text to them over the phone and they could then run it through pgp and decrypt it. If the authorities effectively made this too costly (in terms of risk etc) then you could always just jump on a plane and tell them the message personally or send someone else to do that for you. The costs of compliance increase as the authorities take measures to put the genie back in the bottle. Stealth versions of popular programs get released, and further technological advances are made so that the problem becomes greater with respect to compliance as do the costs to the taxpayer of ensuring compliance. Encrypted data that cannot be easily distinguished form noise would require routine analysis and attempted cracking of every bit of data transmitted..a task that would soon bring even the great US economy to its knees assuming the people didn't put a stop to the madness before it reached that point. Just as an aside, I am sure the various spook angencies in the 'free world' are well aware of these issues and no doubt other issues I have not imagined and such considerations have played a part in so far stalling an outright ban on the use of effective encryption programs and devices. There are always costs to a government in the reduction in freedoms, and the ultimate cost to any particular government is that it may stir the beast so much that it awakens and takes away that governments authority whether by democratic means or otherwise.
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Daniel
Or even ordinary mortals...just a thought for consideration :).
On Fri, 8 Nov 1996, Douglas B. Renner wrote:
I am curious why many people believe this is not true.
Peter Hendrickson ph@netcom.com
Because it's a technology which is closely tied to human nature.
Once unleashed, you cannot coax the genie back into the bottle no matter how hard you try.
You know, I've always wondered, how did the genie get in the bottle in the first place. Someone must have coaxed him in there.
Doug
-- Forward complaints to : European Association of Envelope Manufactures Finger for Public Key Gutenbergstrasse 21;Postfach;CH-3001;Bern Vote Monarchist Switzerland
On Fri, 8 Nov 1996, Black Unicorn wrote:
On Fri, 8 Nov 1996, Douglas B. Renner wrote:
Once unleashed, you cannot coax the genie back into the bottle no matter how hard you try.
You know, I've always wondered, how did the genie get in the bottle in the first place. Someone must have coaxed him in there.
;-)))))) Naw... Just Crypto-Geniesis pure & simple. -Doug, up late.
-----BEGIN PGP SIGNED MESSAGE----- ph@netcom.com (Peter Hendrickson) writes:
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time.
I can't think of a reason why this should be so. <snip>
Well, once I've got my strong crypto and electronic commerce, and 20 or so virtual identities to do things for me, and the gub'ment can't tell what money I'm making and spending, so they can't tax me. So if they can't tax me, and they can't tax lots of folks, then they can't pay their jack-booted thugs. So the goverment becomes irrelevant. It can't support a huge police state infrastructure, and certainly can't but mega-crays to break my crypto, so how're they going to retain control? When we say anarchy, we mean anarchy. Jer "standing on top of the world/ never knew how you never could/ never knew why you never could live/ innocent life that everyone did" -Wormhole -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQB1AwUBMoJc4skz/YzIV3P5AQFq2gL9FkTPQinYBJQrvOwkR/C8Hg1QQLbi7H0T 5kqgrQQkMkrMzR18hon3sQ3YR4KotInv7VVptG1Hw22k+2R+aYm3dW9tj5587KO0 sNj/A0YBXvO2sih64jr3OLJaFePC/o6K =U9YH -----END PGP SIGNATURE-----
At 12:22 PM -0800 11/7/96, Peter Hendrickson wrote:
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time.
I can't think of a reason why this should be so.
If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment.
I am curious why many people believe this is not true.
Wide distribution of tools and channels. Think of guns. Imagine a society which has few or no legal handguns. Some of the European nations, for example. So long as guns are not legal, gun stores do not exist, gun ranges are not available, ammunition is not sold in hardware and sporting goods stores (as guns are too, of course, in the U.S.), and so long as the "habit" of having guns has not spread widely, then a society can keep gun ownership levels way down. Not zero, but way down. The "channels" for distribution are nonexistent and the related markets supporting guns do not exist (gun magazines, holsters, reloading presses, gun shows, media images of people using guns routinely, etc.). This is not to say criminals don't get access to guns, or that some citizens do not choose to violate the law by getting a gun, etc. What it means is that getting a gun is hard, gaining proficiency is also hard, and the whole culture finds guns fairly foreign. However, if guns are not outlawed, are not hard to get, may be bought and sold at flea markets and gun shows (which is where most of my guns have come from, and which is where over the years I bought and sold about a dozen or so various guns, none of them transferred with any paperwork, identities asked for, etc.), and once gun ownership reaches some threshold, later attempts to ban guns, seize them, halt ammunition sales, etc., require draconian steps. (This is why so many gun owners have schemes to bury spare guns in plastic pipes deep underground, place them in safe deposit boxes, etc. And why so many of us reload our own ammo.) Without taking a stand on the issues of whether guns should or should not be restricted, the situation is quite similar to the ongoing deployment of strong cryptography. Once widely deployed and "ingrained" in the habits of many, later attempts to seize the newly-outlawed items are problematic. Speech is similar to this. Once mechanisms for free speech are present in a society, once people are used to having the "right" to speak freely, once many channels of communication are widely available, and so on, it becomes well nigh impossible to go back to a non-free-speech situation. I believe, Peter, that your arguments naively ignore this sort of point. Those in D.C. actually understand it well, and would laugh at your argument of "If crypto turns out to be a problem, we can always ban it later." I don't imagine the parallel argument, for free speech, would go over well in, say, China: "We'll let people say what they want, publish what they want, set up newspapers, buy whatever foreign magazines they want, use computers, and gather as they wish to make whatever plans they wish to. If we don't like the results, we'll just go back to what we had before." The shorthand forms many of use are: the genie's out of the bottle, the cat's out of the bag, the point of no return has been reached, etc. As a final note, Peter asked me in private mail what I thought of some of his points. I urged him to make his comments public, as having private discussions is inefficent, and this is certainly an on-topic topic. And let me say I find the posited scenario of widespread Sarin gas attacks, $100 hits, and other such things to be unrealistic, at least not solely because Alice and Bob can communicate untappably and untraceably. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
TCM writes:
Wide distribution of tools and channels.
A very important point that I haven't seen raised in this thread is _why_ strong crypto is going to be widespread and thus impossible to control. Strong crypto is going to be the foundation of the information age. Sorry for the buzzwords, but it is very obvious to almost everyone that there is potentially a lot of money to be made with the 'Net and strong crypto is required to guarantee that people get what is coming to them and not get ripped off. Strong crypto maximizes returns by outright preventing fraud (which is far better than after-the-fact legal remedies!) and allowing more efficient collection of money (with self-enforcing protocols and eliminating middle men). Weak Crypto (i.e. GAK) does not offer these features because the weak point in the chain becomes a mostly disinterested low-wage employee at the KRC, which is likely to be operated by a foreign government! Any businessman can immediately understand why this is unacceptable, especially with all of the economic espionage stories going around corporate america. People will outright demand strong crypto. This is already happening. Despite intense pressure from TLA's for GAK, savvy businesses are demanding strong crypto (the idea that no crypto at all will be used is utterly ridiculous, it will either be strong or GAKed but there will be crypto). Hardly anyone is bowing to the pressure. It will take a mandate from congress to get people to actually use GAK, and the more businesses and congresscritters begin understand the benefits of strong crypto to the bottom line, the less likely such a mandate would happen. andrew
At 6:56 PM -0600 11/7/96, Andrew Loewenstern wrote:
TCM writes:
Wide distribution of tools and channels.
A very important point that I haven't seen raised in this thread is _why_ strong crypto is going to be widespread and thus impossible to control. Strong crypto is going to be the foundation of the information age. Sorry for
Exactly, and I reemphasized the connection with digital commerce in my last message. I guess we haven't mentioned this enough recently, but in the early days of the list we certainly did. We emphasized that a desirable goal is to get strong crypto widely distributed, ubiquitously used. In commerce, between machines (a la John Gilmore's SWAN), in intranets, in wireless data transfers, to satellites, etc. Get it so entwined that trying to crypto-lobotomize the Net would kill the patient. (The Soviets and Eastern Europeans found this to be a problem...once they'd incorporated enough of modern technology into their ways of doing things, it was too late to try to pull the plug. Even the Chinese found that fax machines and the Usenet were unstoppable. Even as early as 1989, pulling the plug on the Usenet and banning fax machines was not an option. Rolling over demonstrators with tanks was still an option, of course, and this quelled the overt signs of trouble for a while.) ...
middle men). Weak Crypto (i.e. GAK) does not offer these features because the weak point in the chain becomes a mostly disinterested low-wage employee at the KRC, which is likely to be operated by a foreign government! Any businessman can immediately understand why this is unacceptable, especially with all of the economic espionage stories going around corporate america.
And the GAK advocates have never clarified how an international system will work. Even if one accepts the dubious hypothesis that the U.S. has a noncorrupt, benign government, what of other countries? Is Ghaddaffi the keeper of keys in Libya? How about the military government of Burma? No business can operate if it thinks some tinhorn military ruler--or Craig Livingstone in the White House--has trivial access to its most secret communications, to its financial transactions, and may sell secrets to its competitors or to other nations. I can imagine no scheme which could possibly solve this problem. None. The problem of "rogue governments" (and maybe all governments are rogue to at least some other governments) means no simple solution. And the Administration has done nothing to clarify how this will all work. We can use this confusion to further undermine the U.S. position on GAK. Lobbing grenades, sowing mistrust, and even "monkeywrenching" the system. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
It appears to be widely believed that cryptoanarchy is irreversible. Everybody believes that the race to deploy or forbid strong cryptography will define the outcome for a long time. I can't think of a reason why this should be so. If the wide use of strong cryptography results in widely unpopular activities such as sarin attacks and political assassinations, it would not be all that hard to forbid it, even after deployment. I am curious why many people believe this is not true.
I can point to one circumstance which calls your belief into question: Prohibition. Alcohol was widely seen as a problem by people who didn't use it, and social pressures made many people who did use it vote to get rid of it. Other people promptly got rich selling it to those who still wanted it. Alcohol is a little more obvious and harder to hide than crypto. Petro, Christopher C. petro@suba.com <prefered for any non-list stuff> snow@smoke.suba.com
participants (9)
-
Andrew Loewenstern -
Black Unicorn -
Daniel T. Hagan -
Douglas B. Renner -
Jeremiah A Blatz -
nobody@huge.cajones.com -
ph@netcom.com -
snow -
Timothy C. May