Re: Why is cryptoanarchy irreversible?
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist. If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects. Peter Hendrickson ph@netcom.com
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
Peter Hendrickson ph@netcom.com
I think the reasons are probably tied closely to your second point. Unless strong cryptography was easily distinguishable from weak cryptography without taking the time to break it, then how would they (law enforcement) recognize that someone was using strong cryptography? Or suppose that some one uses strong cryptography and then wraps it in weak cryptography. The outer shell would seem legal, and the authorities can't go around randomly breaking people's keys (or so one would assume), and even if they did, it wouldn't necessarily be legal as evidence anyway. And finally, you have to consider the possibility of whether a person can be identified merely by the fact that there is a message that is intercepted that has strong cryptography in it. I don't know enough about remailers and internet protocols/servers to say whether this is a reasonable objection or not, perhaps someone else does? So, unless I'm incorrect about one of the above points (and I admit that I may well be), once cryptography reaches a certain strength, there is no reason to relinquish that strength, particularly if you are using it for criminal activity. Daniel --- Daniel Hagan http://acm.vt.edu/~dhagan CS Major dhagan@vt.edu http://acm.vt.edu/~dhagan/PGPkey.html Virginia Tech Key fingerprint = DB 18 30 0A E1 69 7E 51 E2 14 E3 E3 1C AE 69 97
ph@netcom.com (Peter Hendrickson) writes: [...]
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
But the difference between strong crypto and weak crypto is not something which is visible to an outside observer unless they make the effort to attack a particular system or decrypt a message. Such an attack is beyond the capacity of most municipal or state governements and is a difficult and expensive task for federal agencies other than the NSA (who would nto be pleased if their machines were suddenly at the beck and call of the FBI or any other organization; never underestimate the power of inter-agency infighting :) What make such detection even harder is that a good crypto system generates output which is indistinguishable from noise, this makes it much easier to hide the fact that an encrypted channel is being used. The funny thing about noise in the information theory sense is that it can actually be _anything_ depending on context, and this sort of uncertainty is the bane of a legal system which is solidly grounded upon technicalities (such as the US legal system.) jim
At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
* Identification of high-entropy traffic (putatively: encrypted traffic) would require extensive surveillance, tapping, and whatnot. The infrastructure for this does not exist, and would cost an enormous amount to deploy. * (This is why so many of us want a crackdown on crypto delayed for as long as possible: every year that passes means more networks, more intranets, more channels, more modes, etc. Satellites, fibers, etc.) * High-entropy traffic does not mean encryption, either. And encrypted traffic can be twiddled to look like lower-entropy traffic (and I don't even mean steganography, I mean adjusting message statistics). * Once crypto has become widespread, and is built into mailers, browsers, etc., there will be many people already using those old mailers and browsers. Throwing Mom and Pop in jail because they forgot to turn off the PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even in an era of supposed "zero-tolerance." (And California and Arizona just voted to effectively decriminalize pot..."medical use of encryption" on the 2005 ballot?) * Steganography. Entire volumes can be written about this. I believe I was the first to propose, in a 1988-89 series of articles on sci.crypt, the use of LSBs in image and sound files to transmit huge amounts of information, with detection very difficult. As I told Kevin Kelley--reported in his "Whole Earth Review" article and in his excellent "Out of Control" book--a single DAT tape of a musical recording can easily carry 150-200 MB of "message" just in the LSBs! Unless all tapes are checked at the border--and what are live tapes, with lots of noise in the bottom few bits of each word--to be compared against? The mind boggles at the task. * "Legitimate needs." The whole notion Peter raises of banning cryptography is fraught with problems. Are businesses to be told that all communications are to be in the clear? Or is Peter's point that some form of GAK will be used? (If the latter, then of course we are back to an even better form of "stego" than stego itself: superencrypt before using GAK. Unless the government samples packets randomly and does what they say they will do to open a GAKked packet--e.g., get a court order, go to the escrow key holders, etc.--then how will they know if a message is superencrypted? And what if a GAKked message contains conventional _codes_? Are shorthand codes such as business have long used--"The rain in Rome is warm this month"--to be illegal?) * The point being that "rogue crypto" (terrorists, crypto anarchists, freedom fighters) gets lost on the blizzard of other uses. And shutting down all crypto means shutting down business use of crypto to protect secrets, and probably means an end to digital commerce. (This is another reason we want to delay action on crypto for as long as possible: make encrypted communications so widespread in commerce that to pull the plug would mean a financial calamity.) * Intent. It's hard to imagine someone being imprisoned for using cryptography, except perhaps in wartime conditions. I may be wrong. Also, there are deep Constitutional issues we haven't been much discussing. * Offshore sites. Even if U.S. citizen-units are proscribed from using crypto--a hard thing to do--many crypto-anarchic markets will flourish overseas. (If communication with offshore persons or sites is allowed, all sorts of things can be done. If such communication is banned, this means a profound change in the American system.) [I have not fleshed out the arguments here, adequately, so don't focus on this point to rebut the rest of my arguments, please.] In another post, Peter posits a condition where people are appalled at the implications of crypto and there is no popular support for it. But is he implyiung that neighbors will burst into the homes of others to ferret out crypto. I doubt this vigilantism will ever happen. (My gun example is apropos. I believe we are fast approaching a point where most people want guns outlawed. But it won't happen, as there are not enough cops and military people willing to raid private homes in contravention of the Bill of Rights and at personal risk to themselves....and so it won't happen. Once crypto is deeply intertwined into the fabric of life and commerce, it'll be too late to pull the plug. --Tim May "The government announcement is disastrous," said Jim Bidzos,.."We warned IBM that the National Security Agency would try to twist their technology." [NYT, 1996-10-02] We got computers, we're tapping phone lines, I know that that ain't allowed. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1,257,787-1 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
If I understand the reasoning, people beleive it is easier to prevent the release of strong crypto. techiniques than to remove them once they are released.
The reasons underlying this are what I don't completely understand.
Once a terrorist has strong crypto, why should they stop using it if it becomes illegal?
Use of strong crypto would be a tip off that one is a terrorist.
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
Peter Hendrickson ph@netcom.com
If crypto is made a criminal offense, only criminals will use crypto. --Deviant I have discovered that all human evil comes from this, man's being unable to sit still in a room. -- Blaise Pascal
participants (5)
-
Daniel T. Hagan -
Jim McCoy -
ph@netcom.com -
The Deviant -
Timothy C. May