Re: Why is cryptoanarchy irreversible?
At 5:37 PM 11/7/1996, Daniel T. Hagan wrote:
On Thu, 7 Nov 1996, Peter Hendrickson wrote:
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
I think the reasons are probably tied closely to your second point. Unless strong cryptography was easily distinguishable from weak cryptography without taking the time to break it, then how would they (law enforcement) recognize that someone was using strong cryptography?
Or suppose that some one uses strong cryptography and then wraps it in weak cryptography. The outer shell would seem legal, and the authorities can't go around randomly breaking people's keys (or so one would assume), and even if they did, it wouldn't necessarily be legal as evidence anyway.
In the extreme case, everybody would be sending messages in the clear. In the case of mandatory GAK, it would be easy to open a bunch of messages and see if what was inside looked like cryptography. The privacy violation could be minimized by requiring a Congressionally approved test program to applied without any human reading it. If the test program said it was cryptography, then this could be considered just cause for a judge to issue a warrant to the authorities for the study of the actual message. The laws regarding what is considered legal evidence are easily changed if there is a need for it. Probably they don't need to be changed all that much. If you see a lot of PGP messages coming from somebody, you get a warrant and search their computer for illegal software. When you find it, you lock them up forever.
And finally, you have to consider the possibility of whether a person can be identified merely by the fact that there is a message that is intercepted that has strong cryptography in it. I don't know enough about remailers and internet protocols/servers to say whether this is a reasonable objection or not, perhaps someone else does?
In the absence of strong cryptography, remailers do not offer much anonymity.
So, unless I'm incorrect about one of the above points (and I admit that I may well be), once cryptography reaches a certain strength, there is no reason to relinquish that strength, particularly if you are using it for criminal activity.
If the penalties for the use of cryptography are significantly greater than the penalties associated with the crime, you may opt not to use cryptography. Peter Hendrickson ph@netcom.com
Peter Hendrickson wrote:
Daniel T. Hagan wrote: [...]
If strong cryptography were unpopular and highly illegal, very few people would be using it. This makes it easy to identify suspects.
Or suppose that some one uses strong cryptography and then wraps it in weak cryptography. The outer shell would seem legal, and the authorities can't go around randomly breaking people's keys (or so one would assume), and even if they did, it wouldn't necessarily be legal as evidence anyway.
In the extreme case, everybody would be sending messages in the clear. In the case of mandatory GAK, it would be easy to open a bunch of messages and see if what was inside looked like cryptography. The privacy violation could be minimized by requiring a Congressionally approved test program to applied without any human reading it. If the test program said it was cryptography, then this could be considered just cause for a judge to issue a warrant to the authorities for the study of the actual message.
Getting a program to recognize a subliminal message channel is even harder than teaching a human to do so, check out the book Disappearing Cryptography or do a web search for "mimic functions" to see how easy it is to hide messages in text which a program parses as regular English. The other problem is that more and more of the data being tossed around the net are images and sound files in which it is incredibly easy to hide encrypted messages.
The laws regarding what is considered legal evidence are easily changed if there is a need for it. Probably they don't need to be changed all that much. If you see a lot of PGP messages coming from somebody, you get a warrant and search their computer for illegal software. When you find it, you lock them up forever.
And if there was a penalty for using PGP then PGP would hide the fact that such messages were being sent; that -----BEGIN PGP MESSAGE----- line in the program output does not need to be there you know... Check out Stealth PGP for an example. [...]
In the absence of strong cryptography, remailers do not offer much anonymity.
Except for the fact that US law stops at the US border (modulo kidnapping Mexican doctors or strongarming the rest of the world to obey US dictates...) Information, on the other hand, is very easy to transport across national boundaries and such transmission is impossible to stop. With remailers outside the US I can send a message to a free nation and have it delivered to whomever I want. jim
participants (2)
-
Jim McCoy
-
ph@netcom.com