Encryption and the NII (fwd)
Newsgroups: talk.politics.crypto,comp.org.eff.talk From: kadie@cs.uiuc.edu (Carl M Kadie) Subject: [NWU] "Encryption and the NII" Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Mon, 29 Nov 1993 18:38:50 GMT [This is an excerpt from the Newsletter of The Political Issues Committee of the National Writers Union (UAW Local 1981) Address Correspondence to: Bob Chatelle, 296 Western Avenue, Cambridge MA 02139 (617/497-7193). The full newsletter was posted to alt.censorship. (c) 1993 National Writers Union. Posted with permission from the November 1993 issue of the PIC Newsletter, the journal of the Political Issues Committee. All rights reserved to the authors. Reproduction without permission is expressly prohibited, but requests to repost articles on electronic systems serving writers are encouraged. Send permission requests to Bob Chatelle, kip@world.std.com -cmk] Encryption and the NII, by Jenevra Georgini As stated in President Clinton's message of November 5, gov- ernment policy regarding the national information infras- tructure (NII) shares two significant objectives with the Writers Union goals. The Clinton administration seeks to ensure broad access by adapting the concept of fair use to the NII, while simultaneously strengthening domestic copy- right laws and international treaties to protect the integrity of intellectual property. Because the network will span the globe, standards must be coherent and uni- formly applied in a way that permits industry growth. A standard-based regulatory approach posits legal solutions. Yet standards remain toothless unless implemented by tech- nology promoting the dual goal of access and integrity. Encryption technology is one suggested means of embedding electronic signatures to authenticate digital works. Encryption was originally developed by the government for wartime uses. Now the technology has become available to private citizens through programs such as RIPEM (public domain software based on a program developed with federal funding at MIT) and Philip Zimmermann's PGP (Pretty Good Privacy, whose underlying algorithm is pirated from the patented MIT program). Zimmermann describes his product as "the *de facto* worldwide standard for encryption and email." It can be used to keep message transmissions (such as downloading works from a net) private while simulta- neously authenticating the work. Each use has a public key and a private key. Correspondents use the public key to encrypt a message to that key's owner. The key owner gives out or publishes the key as one would give out an address. Although the public key can unlock the code that the private key makes and vice versa, knowing the public key doesn't enable anyone to deduce the private key. Those who know the public key can only encrypt messages for sending; they can- not decrypt the recipient's messages. The recipient uses her own private key to decrypt messages sent. At the same time, an author making works available online could encrypt that work with her own private key. This would provide a digital "signature" (or perhaps "fingerprint" would be a better term; signatures can be forged but private keys are given to only one person). Anyone wishing to access the work could use the sender's public key to verify the origin. The public key could be included on the work's title screen to facilitate access. The user could decrypt the private code by means of the public code enough to ascertain that the work had been tampered with but not enough to reveal the private code (analogous to being able to fit a key into a lock without the door opening.) The development of micro-sized encryption chips has made this technology accessible to a broad range of consumers-- including drug dealers, tax evades, and traders in national secrets. Of course, the larger and more powerful government machines can crack any private citizens 140-digit code in a day. However, this represents a substantial outlay of gov- ernment time and resources for very little reward. As the number of messages posted on the net increases, forced decrypting offers ever-diminishing returns. (Note! This is know as the "logic of the net," a digital variation on "the more the merrier." It is also referred to by some commenta- tors as "the fax effect:" owning the only fax in the world won't do your business much good, but your fax's value increases every time someone else buys one because you can now exchange more information.) Instead of trying to con- tain the encryption explosion, the government should harness its energy to protect citizens' privacy and encourage dis- tribution of works on the net. Building on encryption to prevent piracy on the net is the logical next step in beat- ing defense budget swords into information plowshares. Leg- islation should be enacted limiting state and federal decrypting requirements to the reasonable search and seizures contemplated by the Fourth Amendment. No one should be forced to decrypt their data without due process of law, including probable cause shown in the form of a court-ordered search warrant. The practice of seizing not only hackers' computers but all electronic equipment in their possession is a blatant violation of civil rights. Perhaps, as suggested by leading scholar Laurence tribe, a new amendment to the Constitution should be enacted to safe- guard our traditional-rights in the new frontier environ- ment. Encryption technology has been responsible for startling (some might say threatening) advances in digital tape infor- mation retrieval. Digital Audio Tape (DAT) records music in sixteen binary digits. The human ear does not register sounds down to the sixteenth bit. Thus, encrypted informa- tion such as books or programs can be recorded on each six- teenth bit. One could play the tape and hear only music without interference from the other recorded information because it takes us such a small space. The encrypted data would also be invisible to one examining it on a computer screen. The only way to tell that there is anything other than music on the tape is to compare it bit to bit on a com- puter with a virgin cassette. Even with the computer's help, the encrypted data could look exactly like the noise that typically appears during recording. In the words of Tim May, retired Intel physicist, "Anyone carrying a single music cassette bought in a store could carry the entire com- puterized files of the Stealth bomber, and it would be com- pletely and totally imperceptible." May further related that information can also be encoded in images: he could download a photo, insert an encrypted message in the least significant portion of each pixel (to minimize distortion) and repost the image without any recognizable difference. In addition to its possibilities for authenticating works online, encryption responds to the problem of royalty track- ing traditionally solved by licensing. A microchip invented by entrepreneur Peter Sprague is programmed to decrypt only as much of its encrypted database as the user pays for. After browsing a topic menu, the reader selects what infor- mation she wants. The program decrypts that information and counts how many times it has decrypted (or how many bytes in a per-byte fee structure). The user is billed accordingly, to a debit card or even to an electronic account where e- money takes the place of cash. Although encryption, like any other software, is not completely hackproof, methods can be developed to make piracy much more trouble than it is worth. --Jenevra Georgini, NWU Intern -- Carl Kadie -- I do not represent any organization; this is just me. = kadie@cs.uiuc.edu =
-----BEGIN PGP SIGNED MESSAGE-----
Newsgroups: talk.politics.crypto,comp.org.eff.talk From: kadie@cs.uiuc.edu (Carl M Kadie) Subject: [NWU] "Encryption and the NII" Organization: University of Illinois, Dept. of Comp. Sci., Urbana, IL Date: Mon, 29 Nov 1993 18:38:50 GMT
[This is an excerpt from the Newsletter of The Political Issues Committee of the National Writers Union (UAW Local 1981) Address Correspondence to: Bob Chatelle, 296 Western Avenue, Cambridge MA 02139 (617/497-7193). The full newsletter was posted to alt.censorship.
(c) 1993 National Writers Union. Posted with permission from the November 1993 issue of the PIC Newsletter, the journal of the Political Issues Committee. All rights reserved to the authors. Reproduction without permission is expressly prohibited, but requests to repost articles on electronic systems serving writers are encouraged. Send permission requests to Bob Chatelle, kip@world.std.com -cmk]
Encryption and the NII, by Jenevra Georgini
... This would provide a digital "signature" (or perhaps "fingerprint" would be a better term; signatures can be forged but private keys are given to only one person).
NO! She is not ``given'' the key. That would imply that it is known to someone else! She makes the key herself using tools provided for that purpose. This is a serious misconception. Public key encryption does not depend on any ``authority'' for issuing keys. She is the only one anywhere who need know the key. Please correct this misconception in your mind and others with whom you discuss the subject. It can cause public key encryption to become identified in people's minds with hierarchical authority, which it emphatically is not. The author takes control of her own privacy and need not rely on anyone else to maintain it.
Of course, the larger and more powerful government machines can crack any private citizens (sic) 140-digit code in a day.
Why then would a ``private citizen'' limit herself to 140 digits? The software is readily available for her to use a key large enough that cracking it is not feasible even by government.
-- Carl Kadie -- I do not represent any organization; this is just me. = kadie@cs.uiuc.edu =
John E. Kreznar | Relations among people to be by jkreznar@ininx.com | mutual consent, or not at all. -----BEGIN PGP SIGNATURE----- Version: 2.3a iQCVAgUBLPsXl8Dhz44ugybJAQHfuAQArB99cSIYkrOmzNEUKzJlCSrY9BJiZ/VC yIVaVrjwLDBrbgdgYRNaV86mNJ0WLs7XLcui5dO6IHrRRAF5bcsB8TZsHUfY8M0g 1uEG8eriMrVsM1RprSEG769aHHiWhTn1jFELwlOFbdKvGqhDuYmpk0XoevsSDQ9J Kki7N0jiaLM= =1d/v -----END PGP SIGNATURE-----
participants (2)
-
Anonymous -
jkreznar@ininx.com