SAFE Forum--some comments
I was at the "SAFE" forum yesterday. Too many things to report on, so I'll just add comments here and there. And here I'll comment on Ken Bass's excellent comments (there were many excellent points). Bass is a D.C.-area lawyer with the prestigious Venable law firm (the venerable Venable firm?), and a former Reagan Administration official. He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp. And that the NSA is regretting the ITAR stuff, as it has sparked an "arms race" to develop stronger crypto. Bass noted that people now equate permission to export with weakness, and that had the U.S. not restricted exports, users probably would've been "fat, dumb, and happy" to keep using breakable crypto. (Many interesting points to make. Bass is no supporter of Clipper and Escrow, and made many points about why the policy won't work. His later dialog with Michael Froomkin and Jerry Berman, about the constitutionality of crypto laws was a highpoint for me.) His comments fit in with the points made by Diffie that the 40 bit restriction is unlikely to satisfy either the user community or the surveillance community. 40 bits is too weak for a targetted attack, but too strong for "vacuum cleaner" intercepts such as NSA SIGINT uses. (Diffie also gave an excellent summary of cryptographic work factors, using 30 bits, 60 bits, 90 bits, and 120 bits as examples. For example, 30 bits needs about a billion operations to brute force, which any modern PC can do in several seconds. 60 bits is a billion times harder, which NSA machines can handle, and 90 bits is beyond current capabilities...) I said I wouldn't do a summary, but I'll make a few comments: -- Both Congresswimmin, Eshoo and Lofgren, seemed genuinely interested in the issues -- Senator Leahy, on t.v. from Vermont, emphasized _privacy_ and made the Cypherpunk/libertarian/ACLU point that he and his neighbors are not criminals and don't think the government has any right to demand that communications, computer files, diaries, and the like be "escrowed." -- Senator Conrad "I ain't no Democrat" Burns was there in person and was entertaining and strongly blasted key escrow and the ITAR restrictions. I found his comments refreshing. -- The whole affair was "preaching to the choir," as many speakers noted. That is, there was little controversy and little disagreement. This was a point made nicely by Phil Zimmermann, who told a humorous story of going to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North on the wall (much laughter), but finding Rohrabacher's staffers aghast at the crypto laws and ITARs. Then, Phil took a hotel shuttle and ended up talking to the driver, who was also aghast. "Where else can you find this kind of consensus?" (A point many of us have made as well, that nearly everyone who has the issues explained to them comes down on the side that the government has no right to tell us we can't use codes and ciphers, that it's all similar to Big Brother demanding video cameras in our homes....) -- Craig Mundie, currently of Microsoft, made excellent points about the costs of a key escrow infrastructure. (By the way, those who read "The Soul of a New Machine" should be interested that Mundie was the leader of the North Carolina research facility of Data General that lost the "shootout at HoJos." If this means nothing to you, read the Kidder book--soon!) -- Michael Froomkin, a law professor (and member of our list of course), pointed out despite the various constitutional issues, the crypto laws are mostly having their desired effect, namely, slowing the deployment of crypto and creating confusion. (That Windows 95 has no crypto modules, and that most browsers and mail programs have nothing built in tells us that the FUD worked.) In summary, for me the SAFE forum was a success. Though it was periods of boring platitudes we all agreed with interspersed with good insights from the speakers and audience. Not much that was new to a Cypherpunk, of course. (In fact, the forum was almost a kind of Cypherpunks physical meeting, in terms of the topics, and in terms of who attended....it was even where we've been having recent physical meetings.) A day well spent. --Tim May Boycott "Big Brother Inside" software! We got computers, we're tapping phone lines, we know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
Tim sez...
And here I'll comment on Ken Bass's excellent comments (there were many excellent points). Bass is a D.C.-area lawyer with the prestigious Venable law firm (the venerable Venable firm?), and a former Reagan Administration official.
He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp. And that the NSA is regretting the ITAR stuff, as it has sparked an "arms race" to develop stronger crypto. Bass noted that people now equate permission to export with weakness, and that had the U.S. not restricted exports, users probably would've been "fat, dumb, and happy" to keep using breakable crypto.
Bass is fun to drink with too. His web site is under attack and he needs a hacker if anyone is interested in doing any pro bono community service work. Bruce's comments on the robustness of foreign, (i.e. unescrowed) encryption were very enlightening as well. It was good to see all the old CDT hands, and the munchies Gilmore bought went quickly at the Godwin table. Mike makes a substantial argument that the Supreme Court will not overturn ACLU et. al. v. Reno, but I wouldn't pretend to speak for him. And Cindy Cohn is the point man in the Super Bowl long range recon team, Bernstein v. DoS. Defending Bernstein on First Amendment grounds and having judge Patel rule that for the purposes of the case, source code is speech, is a big deal. The First Amendment survives the Electronic Revolution with ACLU v. Reno. The Super Bowl is ITAR. It's nice to have some momentum going in to the Super Bowl. With robust, uncompromised cryptography, we can reclaim the 4th Amendment ourselves. I have a feeling that the congressional support is reaching critical mass. Oh yeah, knowing me as you do Tim, it probably doesn't surprise you that the entire global positioning system is going to roll over at midnight 23 August 1999, and claim it's my 25th birthday, 6 January 1980... As Barlow says, "You know its gonna get stranger, so let's get on with the show!" -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>* *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*
TCM
And here I'll comment on Ken Bass's excellent comments [...]
He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp. And that the NSA is regretting the ITAR stuff, as it has sparked an "arms race" to develop stronger crypto. Bass noted that people now equate permission to export with weakness, and that had the U.S. not restricted exports, users probably would've been "fat, dumb, and happy" to keep using breakable crypto.
doesn't make sense to me at all. who was behind clipper? the NSA, not the FBI. the FBI is behind digital telephony, which involved *wiretapping*, not key escrow. actually I think that the NSA is trying to convince law enforcement agencies that if they follow the NSA plan of crypto suppression & key escrow that their job will be easier, that great instability results from unfettered crypto. this fits into the way the NSA hates to be behind any proposal themself, and need "cut outs" to do the lobbying for them. I think at the core of it the NSA doesn't really care too much about law enforcement issues like obtaining warrants and that kind of thing. all the talk about warrant and subpoenas makes no sense from the point of view of the NSA. the NSA goals and the law enforcement goals do not really seem to me to overlap much at all and that the whole argument that they do has been a diversion. this suggests an interesting way to turn the "pro-suppression" crowd against itself. if the law enforcement arm can be convinced, as many people are now advocating, that strong crypto actually makes their job easier and the world information infrastructure less insecure, they may eventually advocate unfettered crypto. then you have only the NSA alone standing up and saying that they need the suppression laws. the concept that the NSA "regrets" ITAR laws sounds like an utter fantasy to me. the ITAR has been around for decades. the NSA has been continually *strengthening* the interpretations of the ITAR. the ITAR is enforced largely through NSA *harassment* of companies that are seen to be supposedly violating it. the NSA can stop sending their "men in black" at any time. when the harassment stops, the crypto would spread. no one is twisting the NSA's arm to reject crypto exports in all the applications that are submitted. rather, it is the NSA that is doing all the arm twisting. the NSA has made radical interpretations of the ITAR in various situations: 1. they rule that mere *hooks* are illegal 2. they have told Microsoft that merely *signing* foreign crypto software packages is illegal so the more I think about it, the more I think Bass's comments as reported by TCM are a pile of hooey. perhaps even disinformation. the NSA has full power to stop their harassment campaign at any time. it is possible that there are *elements* within the NSA that regret the policy, but they clearly are not the ones involved in enforcing it. what many people fail to mention is that today we may not even have these horrible infoterrorist problems that the NSA and CIA et. al. are screeching about lately if crypto had been allowed to grow organically and unharassed. in my view, the NSA is largely *responsible* for the weakness in the information infrastructure as it now stands because of their suppression of efforts to implement strong security via crypto. this is the great hypocrisy of it all. frankly at times I think the whole key escrow debate seems like a huge smokescreen or decoy just to get the public to argue about something the NSA was never seriously contemplating anyway. it's could be just a delaying tactic that is working quite spectacularly. every conference of experts sounds the same and they all come to the same conclusion. meanwhile the ITAR is virtually unchanged within the last 5 years.
Vladimir rebuts May quoting Bass...
He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp. And that the NSA is regretting the ITAR stuff, as it has sparked an "arms race" to develop stronger crypto.
doesn't make sense to me at all. who was behind clipper? the NSA, not the FBI. the FBI is behind digital telephony, which involved *wiretapping*, not key escrow.
That's because you don't understand American Football. The NSA is Jerry Kramer for the FBI's Frank Gifford on a double whammy end around of any substantial public hearings on the subject running a play Lombardi designed in the height of the Cold War. The only problem is Lombardi died of cancer, and the Clinton Administration has been duped into winning one for the Gipper- except the Gip has altzheimers and Nancy has to wipe his chin, so its bed time for Bonzo, ITAR and EES! Party on C'punks! Internet is the revenge of the nerds on Acid. (Don't post when you're peaking...don't post when you're peaking...) -- According to John Perry Barlow: *What is EFF?* "Jeff Davis is a truly gifted trouble-maker." *email <info@eff.org>* *** O U T L A W S On The E L E C T R O N I C F R O N T I E R **** US Out Of Cyberspace!!! Join EFF Today! *email <membership@eff.org>*
And here I'll comment on Ken Bass's excellent comments (there were many excellent points).
He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp.
Ken pointed out that law enforcement had to have gotten enough evidence prior to a wire tap request to show probable cause. If this is the case, then the only usefulness of wire taps is to improve the likelihood of conviction and not the detection of potential terrorist (or child molestation or your favorite bad guy) plots. Therefore, it is important to cut through the rhetoric and to challenge Reno and Freeh and others when they spout such non-sense, unless they are foreshadowing an Orwellian state (where you might as well expect a camcorder in every bedroom. After all, the most common case of child abuse/molestation/spousal abuse is in the home. Better protect the public!) Ern
On Tue, 2 Jul 1996, Ernest Hua wrote:
And here I'll comment on Ken Bass's excellent comments (there were many excellent points).
He pointed out that the driving force for crypto policy is probably the _law enforcement_ camp, not the _intelligence agency_ camp.
Ken pointed out that law enforcement had to have gotten enough evidence prior to a wire tap request to show probable cause. If this is the case, then the only usefulness of wire taps is to improve the likelihood of conviction and not the detection of potential terrorist (or child molestation or your favorite bad guy) plots.
I thought Ken Bass was wrong on this point (I agreed with everything else he said): wiretaps help LEOs identify co-conspirators. They are not without intelligence value. [This message may have been dictated with Dragon Dictate 2.01. Please be alert for unintentional word substitutions.] A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | froomkin@law.miami.edu P.O. Box 248087 | http://www.law.miami.edu/~froomkin Coral Gables, FL 33124 USA | It's hot here. And humid.
participants (5)
-
Ernest Hua -
Jeff Davis -
Michael Froomkin -
tcmay@got.net -
Vladimir Z. Nuri