Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the original Clipper announcement in April 1993, I sense a lot more confusion, a lot more thorny issues, and a lot more vagueness. They just seem more disorganized and less committed than the last time around. Each iteration of Clipper gets less focussed and seems to last a shorter time before the next version is being talked about. A good thing, of course. Some random points: * Unlike with Clipper, where a specification existed and was available within a few weeks for analysis, and where hardware existed (the Mykotronx chips, the AT&T phone), what has been publically presented so far is just a vague commitment to participate. * There seem to be many ways around the new GAK: --superencryption is essentially impossible to stop (e.g., use PGP on text messages, then use the officially-approved GAK--how could this be outlawed?) --the large pool of _existing_ crypto products means people will be using these products for years to come (possibly within GAK wrappers, as just noted)...unless the New World Order (tm) somehow locates, seizes, or otherwise makes criminals out of those who use a once-legal product, how could this be stopped? --the "degrees of freedom" for messages have sharply increased in the last several years: messages inside Web accesses, messages "sent" by posting to message pools (*), direct phone calls, the Net, etc. (* Will posting encrypted messages to the Usenet or world-readable Web sites become a crime? Or will attempts be made to limit distribution of Usenet and access to Web sites? Neither of these seems feasible, but how else could the stated goals of the Administration ("stopping terrorists, etc. from conspiring") be stopped?) (On this point above, yes, I know that there has been no talk of illegalizing the sending of mere encrypted data, only the export of non-GAKked programs. But I think it likely that the LEAs will realize that "criminals" are still conspiring with crypto. One thing they may try is to require that any communication with a non-U.S. site involve GAK. This then raises the Usenet/message pool directly. Since such sites have world-distribution, currently, posting encrypted messages to alt.anonymous.messages or to a mailing list like this necessarily involves export of the messages. It gets complicated to enforce, naturally.) * The Cabal itself seems confused as to what's involved. They seem to be counting on IBM and/or TIS to deliver the solution, and may be just signed on for what they think are reasons of political expediency. * As the IBM scheme gets attacked (in the way Matt Blaze attacked Tessera), as questions are raised about the Key Authorities and their cooperation, and as the _costs_ are revealed....well, I expect further crumbling. (On the "costs" issue, running these Key Authorities, staffing them, complying with subpoenas (and who will _fight_ the subpoenas?), etc., will not be cheap. For software products like Navigator and Explorer, that are either free or very cheap, just who will pay for this infrastructure? Someone at the EPIC Pro-CODE conference in Palo Alto a few months ago--I forget whom--presented calculations of just how expensive a "key recovery" infrastructure could be. Will it cost $50 to send a message to a foreign site? Better to use message pools! :-}) I apologize for the random nature of my comments here. I just see so many points of attack, so many ways to skirt the intentions of GAK, and so much ambivalent commentary from the companies involved, that I am convinced this whole thing will crumble. Unless a "major terrorist incident" galvanizes the effort, it looks to start falling apart almost immediately under the onslaught of Cypherpunks, hackers, other governments (think France wants the USG having access to their traffic?), and the "crypto anarchy" of nations whose borders are not even speed bumps. --Tim May We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."