Questions for Magaziner?
I spoke at the Electronic Payments Forum here in Boston today, and,
tomorrow, the keynote for tomorrow's lunch is Ira Magaziner.
(BTW, Bill was speaking tonight at the same hotel the conference is in,
probably a bilderberger conspiracy thing, and, when I got out, there was
about a thousand protesters, about 80/20 against, complete with one guy
dressed as a giant cigar, shades of Butt Man?, and a couple of women with
big brunette hair and blue dresses on. With pearl necklaces, of course...)
Anyway, In light of more recent crypto-shenanigans from Billary, and the
fact that this thing's a small crowd, I figured I'd ask if anyone on these
lists had a question they wanted me to ask him.
One I want to ask, right off the top of my head is, "Given your recent
successes in regulating foreign cryptography, what's your timetable for
regulating domestic cryptography?"
;-).
(To the extent that they already *do*, or not, I'll leave as an exercise
for the reader...)
Cheers,
Bob Hettinga
-----------------
Robert A. Hettinga
At 12:38 AM -0400 9/18/98, Robert Hettinga wrote:
I spoke at the Electronic Payments Forum here in Boston today, and, tomorrow, the keynote for tomorrow's lunch is Ira Magaziner. ...
Anyway, In light of more recent crypto-shenanigans from Billary, and the fact that this thing's a small crowd, I figured I'd ask if anyone on these lists had a question they wanted me to ask him.
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.) Arnold Reinhold
On Fri, 18 Sep 1998, Robert Hettinga wrote:
Anyway, In light of more recent crypto-shenanigans from Billary, and the fact that this thing's a small crowd, I figured I'd ask if anyone on these lists had a question they wanted me to ask him.
"Was the encryption used by Bill Clinton to encrypt his deposition escrowed, and if so, with whom?"
One I want to ask, right off the top of my head is, "Given your recent successes in regulating foreign cryptography, what's your timetable for regulating domestic cryptography?"
Or banning outright. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
On Fri, 18 Sep 1998, Robert Hettinga wrote:
Anyway, In light of more recent crypto-shenanigans from Billary, and the fact that this thing's a small crowd, I figured I'd ask if anyone on these lists had a question they wanted me to ask him.
"With all the demands from Governent to escrow keys, what steps are being taken to protect the these keys and/or backdoors from misuse from people within the Government and those outside of the Government?" "Would you use escrowed cryptography for your private communications? Who would you trust to hold those keys?" alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
(I'm leaving the damned multiple lists cc:ed on this, as I have no idea where this thread came from. For those of you who send me notes saying I am not allowed to post on your list, plonk.) At 2:33 AM -0700 9/19/98, Alan Olsen wrote:
On Fri, 18 Sep 1998, Robert Hettinga wrote:
Anyway, In light of more recent crypto-shenanigans from Billary, and the fact that this thing's a small crowd, I figured I'd ask if anyone on these lists had a question they wanted me to ask him.
"With all the demands from Governent to escrow keys, what steps are being taken to protect the these keys and/or backdoors from misuse from people within the Government and those outside of the Government?"
"Would you use escrowed cryptography for your private communications? Who would you trust to hold those keys?"
Well, I believe that even asking these sorts of questions (and possibly getting answers from government) plays into the hands of the GAKkers. After all, suppose they give pretty good answers? What if, for example, they propose a committee consisting of the entire Supreme Court, the Director of the Sierra Club, and so on, and say that a _unanimous_ vote is required to gain access to a key? Does this at all change the fundamental unconstitutionality of telling me that I will face imprisonment if I speak or write in a manner which is not part of their "escrow" arrangement? If I keep a diary without depositing an escrowed key with this noble, careful, thoughtful committee of wise persons? Of course not. My speech, my writing, my private codes, my whisperings, my phone conversations...all of these...are not subject to govenmwental approval. "Congress shall make no law..." Doesn't say that Congress or the courts of the President get to declare illegal certain modes of speaking. (*) (* Please, I hope no one brings up "loud speech," "shouting fire," "obscene speech," "seditious speech," "slanderous speech," etc. This is well-trod ground, but clearly all of these apparent limits on speech, whether one agrees with them or not, have nothing to do with an overbroad requirement that speech only be in certain languages, that letters only be written on carbon paper with a copy filed with the government, and so on. The restrictions on _some_ kinds of speech are not a license to license speech, as it were, or to require escrow of papers, letters, diaries, and phone conversations and such.) My point about Alan's (and others') points is that if we get engaged in this kind of debate about how key escrow might work, we shift the debate from where it ought to be to where they _want_ it to be, namely, to issues of practicality. My view is that my writings are mine. They can try to get them with a search warrant or a court order, but they'd better not threaten me with imprisonment if I choose to write in some language they can't read. And that's all crypto really is, of course. Just another language. --Tim May (This space left blank pending determ. of acceptability to the gov't.) ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 831-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Licensed Ontologist | black markets, collapse of governments.
Okay, so the short precis on Magaziner's answer to my question about
encryption controls, foriegn or domestic, is he's agin it.
He says that controlling foriegn encryption is impossible, and controlling
domestic encryption is, at the very least, unconstitutional.
He says that the reason the administration's encryption policy is so
convoluted is that the law enforcement and the "economic" encryption camps,
anti, and pro, evidently, is that the two sides are at loggerheads.
Magaziner mirrored Rivest's offer to tax encryption products to pay for
increased law enforcement technology support, but, hey, he's a liberal
democrat, he's supposed to tax us to death without thinking about the
economic, and, of course privacy consequences of raising the price of
encryption.
So, all in all, he got a round of foot-stomping applause from this bunch on
his pro-encryption stance, because, evidently, being a payments technology
forum, he was preaching to the choir. Something I found out when I was
doing my own speech yesterday. I should realize that anyone building a
payment system knows that digital commerce is financial cryptography, after
all. :-)
Cheers,
Bob Hettinga
-----------------
Robert A. Hettinga
On Fri, 18 Sep 1998, Tim May wrote:
(I'm leaving the damned multiple lists cc:ed on this, as I have no idea where this thread came from. For those of you who send me notes saying I am not allowed to post on your list, plonk.)
I usually leave most of the cc:s due to not knowing who is reading what anymore. (Gateways being as they are...)
"Would you use escrowed cryptography for your private communications? Who would you trust to hold those keys?"
Well, I believe that even asking these sorts of questions (and possibly getting answers from government) plays into the hands of the GAKkers.
Depends. With the right questions (assuming you get honest (Ha!) answers) you can make them look like control freaks, hypocrites, and/or worse. Hitting them with the unexpected can generate soundbites that can be used for the cause. Besides... If you don't challenge them in public, the public tends to get the impression that no one opposes this KRAP.
After all, suppose they give pretty good answers? What if, for example, they propose a committee consisting of the entire Supreme Court, the Director of the Sierra Club, and so on, and say that a _unanimous_ vote is required to gain access to a key?
I would respond that they were lying. I would also ask them if it was going to be like the current wiretap authorization commissions that just rubber stamp requests.
Does this at all change the fundamental unconstitutionality of telling me that I will face imprisonment if I speak or write in a manner which is not part of their "escrow" arrangement? If I keep a diary without depositing an escrowed key with this noble, careful, thoughtful committee of wise persons?
Of course not. And questions of constitutionality need to be asked of them directly to their faces. Without that direct confronation, they will do whatever they damn well please. (Not as if they don't now...)
Of course not. My speech, my writing, my private codes, my whisperings, my phone conversations...all of these...are not subject to govenmwental approval. "Congress shall make no law..."
Encrypt! Encrypt! OK!
Doesn't say that Congress or the courts of the President get to declare illegal certain modes of speaking. (*)
(* Please, I hope no one brings up "loud speech," "shouting fire," "obscene speech," "seditious speech," "slanderous speech," etc. This is well-trod ground, but clearly all of these apparent limits on speech, whether one agrees with them or not, have nothing to do with an overbroad requirement that speech only be in certain languages, that letters only be written on carbon paper with a copy filed with the government, and so on. The restrictions on _some_ kinds of speech are not a license to license speech, as it were, or to require escrow of papers, letters, diaries, and phone conversations and such.)
I am willing to argue that most of those restrictions are against what the founding fathers meant when they wrote the document. But currently we live in a land where "consensus doublethink" is the nature of the law.
My point about Alan's (and others') points is that if we get engaged in this kind of debate about how key escrow might work, we shift the debate from where it ought to be to where they _want_ it to be, namely, to issues of practicality.
What needs to be pointed out is that it CANNOT work. By asking them if they would use it, you point out that the system is so untrustworthy that they themselves would not even use it. (And if you say they would, you just start laughing.)
My view is that my writings are mine. They can try to get them with a search warrant or a court order, but they'd better not threaten me with imprisonment if I choose to write in some language they can't read. And that's all crypto really is, of course. Just another language.
The current administration has taken the tact that ANY argument, no matter how irrational, to advance their legal position, must be used. That has to colapse opon itself after a while. Whether it be through the total errosion of their reputation capitol (What little is left.) or through judges who cry "enough" and toss out the entire specious line of reasoning. alan@ctrl-alt-del.com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys.
Tim May wrote:
My view is that my writings are mine. They can try to get them with a search warrant or a court order, but they'd better not threaten me with imprisonment if I choose to write in some language they can't read. And that's all crypto really is, of course. Just another language.
My gut feeling is that if a search turns up an encrypted file then, by golly, what you see is what there is, make a bit-accurate copy and be on your way, what's in my head belongs to me. But is that what the courts, scared shitless of hordes of child molesters and terrorists conspiring via secure e-mail and phones, will say? They'll probably avoid attacking the 1st and 4th( already weakened by the war on drugs ) and attack the 5th with a 'greater good' argument and the analogy of the locked safe. This requires an explanation of how the stored documents are the modern-day .equivalent. of physical paper and should be treated as such. It's only spitting distance from there to the idea that a memorized key is the same as a physical key in which case its owner doesn't enjoy the protections of the 5th. Hand it over Jack. The law has to adapt to the changing technology. No need to outlaw cryptography; just redefine the boundaries of the power to destroy. Mike PS - How does a grant of limited immunity work?
At 8:38 PM -0800 9/17/98, Robert Hettinga wrote:
Anyway, In light of more recent crypto-shenanigans from Billary, and the fact that this thing's a small crowd, I figured I'd ask if anyone on these lists had a question they wanted me to ask him.
Probably a bit late, but I would ask, "If the government is going to require GAK, how is it going to demonstrate that all the keys is accessed were accessed according to legal proceedings?" Another way of asking is, "How do we ensure that all government accesses to keys become publicly known within a reasonable amount of time." (I would define reasonable as much less than 5 years.) (I've been reading David Brin's "The Transparent Society".) ------------------------------------------------------------------------- Bill Frantz | If hate must be my prison | Periwinkle -- Consulting (408)356-8506 | lock, then love must be | 16345 Englewood Ave. frantz@netcom.com | the key. - Phil Ochs | Los Gatos, CA 95032, USA
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers. -- What is appropriate for the master is not appropriate| Tom Weinstein for the novice. You must understand Tao before | tomw@netscape.com transcending structure. -- The Tao of Programming |
Okay, so the short precis on Magaziner's answer to my question about encryption controls, foriegn or domestic, is he's agin it.
He says that controlling foriegn encryption is impossible, and controlling domestic encryption is, at the very least, unconstitutional.
This is way beyond what I expected. If I had expected him to go beyond what he said at the MIT Media in Transition forum earlier this year I would have made every effort to attend. Essentially at MIT I tried to put words in his mouth by stating what I knew he had said in private and adding that if he agreed then Freeh would insist that one or the other of them go. He was not at that time able to say anything more, although he did not leap to the opportunity to push the Freeh line.
He says that the reason the administration's encryption policy is so convoluted is that the law enforcement and the "economic" encryption camps, anti, and pro, evidently, is that the two sides are at loggerheads.
This statement in and of itself is not the type of thing I would expect unless either Magaziner is planning to jump ship or he knows that he can get away with it without retribution. If it is the latter it would indicate that Freeh has very much less influence than he did 6 months ago. Not exactly a ringing endorsement of our position but something that can be used against spokesmen for the FBI party line. All in all I would prefer allowing the crypto export laws to time out, becomming progressively less relevant until they disappear than have bills appear in Congress. However good the bill that goes into congress the result will be at best a compromise. Phill
"With all the demands from Governent to escrow keys, what steps are being taken to protect the these keys and/or backdoors from misuse from people within the Government and those outside of the Government?"
"Would you use escrowed cryptography for your private communications? Who would you trust to hold those keys?"
We have an answer to this one, unfortunately drowned by the various sex scandals of assorted congressional chairmen (and other sex scandal trivia). Mr Freeh recently testified that he wanted access to private communications and was immediately contradicted by the Vice President who stated that Freeh was expressing a personal opinion and not administration policy. Whitehouse spin or a sign that Freeh is loosing his grip? Freeh's attempts to ingratiate himself with the republican party have done him no favours of late. Phill
On Sat, Sep 19, 1998 at 02:13:39PM -0700, Tom Weinstein wrote:
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers.
Not easier technically but "easier" maybe politically.
Key length seems to be held (probably wrongly) as a rough measure
of crypto "strength" by journos and those in power.
40bit RC4 is weak. How strong would 56bit RC4 be?
--
pgp 1024/D9C69DF9 1997/10/14 steve mynott
-----BEGIN PGP SIGNED MESSAGE-----
In <36041E82.F4F072ED@netscape.com>, on 09/19/98
at 04:13 PM, Tom Weinstein
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers.
I'm sorry but I must be missing something here ... Why not just use products that have strong crypto without GAK? What is the point of using this weak junk when one does not have to?? - -- http://www.pgpi.com -- Strong secure e-mail encryption http://www.opera.com -- Opera web browser with strong crypto & no back doors http://www.apache.org -- Most popular Http server on the Internet http://www.ssleay.org -- Free strong SSL library that can be used with the Apache server. Then we have the usauly suspects: http://www.jya.com/nscp-foia.htm -- Netscape's GAK plans. http://www.kra.org -- KRAP gang. - -- - --------------------------------------------------------------- William H. Geiger III http://www.openpgp.net Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 5.0 at: http://www.openpgp.net/pgp.html - --------------------------------------------------------------- Tag-O-Matic: Bugs come in through open Windows. -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNgVjmo9Co1n+aLhhAQH3NwQAoKla/hjuDRnaUaQ6AgvmI1XRk9rEFQzs 1hFEX5gTqhi/3V/iMRlP4WfJKT6tfQMLae7vL8wNtKzXwqElWZHXxONb8wIoITfH sQlsE0bnKLAjyYtNc0v1MwSO/oKf1j7Npy8wOZowAxb0lcQNRsQJmOy3h620LLHO Q0mxf/hhmGs= =y4X/ -----END PGP SIGNATURE-----
Tom Weinstein
Arnold G. Reinhold wrote:
One question I'd like asked is whether the US Gov will approve 56-bit RC-4 for export on the same terms as 56-bit DES. That would allow export versions of web browsers to be upgraded painlessly, making international e-commerce 64 thousand times more secure than existing 40-bit browsers. (56-bit DES browsers would require every merchant to upgrade their SSL servers and introduce a lot of unneeded complexity.)
Actually, it wouldn't be any easier to deploy 56-bit RC4 than DES. Either would require roughly the same changes to both clients and servers. And from a protocol perspective, it would be worse, at least for SSL, since SSL doesn't have a 56 bit RC4 mode at all.
-Ekr -- [Eric Rescorla ekr@rtfm.com]
participants (11)
-
Alan Olsen -
Arnold G. Reinhold -
Bill Frantz -
EKR -
Michael Motyka -
Phillip Hallam-Baker -
Robert Hettinga -
Steve Mynott -
Tim May -
Tom Weinstein -
William H. Geiger III