Re: Why is cryptoanarchy irreversible?
At 5:48 PM 11/7/1996, Jim McCoy wrote:
Peter Hendrickson writes:
If mandatory GAK were imposed, reviewing messages is easy, even with inter-agency fighting. Or, encryption in general could just be forbidden if GAK created too much hassle.
Encryption itself will never be forbidden because there is far too much money riding on electronic commerce.
I think this is true. Good computer security, including encryption, is clearly important to the financial well being of the country. If we consider that to be a national security issue, then we have to ask why the national security apparatus is attempting to undermine our security.
An administration which tried to outlaw all encryption would soon find itself on the next train out of D.C. after the next election cycle.
But if the doomsayers are right, this would not be the case. Most people will be willing to give up some Internet commerce if they believe it is necessary to protect their children and maybe their society. That is not even an unreasonable point of view.
In practice I suspect that good stego is hard.
You are mistaken. Read Disappearing Cryptography to see just how easy it is, then check out Romana Machado's EzStego program (done in Java so it can be added to any web download with a bit of tweaking.) If the penalty for using bad stego is high enough you can be certain that natural selection will make certain that eventually the programs being used are top notch code :)
I may be mistaken. I have added "Disappearing Cryptography" to my list. Still, my intuition says that it is quite hard to do stegonography for many years and never tip your hand even once.
You don't have to be right every time when you look for it, just some of the time....
The problem is that you need to be able to prove that stego is in use, and this is a much more difficult task than you suggest.
But you really don't need to prove it. You just have to convince a judge to issue a warrant for you to get the real evidence. If you have to, you'll train a dog to sniff stego. (That was a joke by the way. ;-)
You might also identify suspects in other ways. Maybe that Jim McCoy is looking a little too successful or perhaps he made an unwise comment to a "friend" who reported him. That could easily be grounds for a warrant and subsequent change of quarters.
Get a warrant, search my system, find nothing but a bunch of applications and a collection of risque (but definitely legal) pictures which I exchange with a few friends. You may suspect that when the images are concatenated in a particular way the low-order bits form a stego filesystem but no one will be able to prove it in court.
Are you concatenating these images by hand? If so, the level of entropy is probably low enough to recover the information through brute force methods or you are hiding a very small amount of information. If you are not doing it by hand, you own terrorist software and will pay the price. And, by the way, who are these friends? Can any of them finger you in exchange for a reduced sentence? Incidentally, I hope nobody on this list believes they will be able to practice cryptoanarchy in my scenario. You are already suspects.
Which technicalities protected the Japanese-Americans during World War II?
Few. OTOH the interment of Japanese-Americans occurred during a period of war, at a time when civil liberties were much more limited, and when Asian-Americans were second-class citizens with very little political power (that and the Korematsu decision was a complete piece of crap...)
In the Four Horsemen scenario, where people are being murdered all the time and the society is in a turmoil, popular support for the suppression of strong cryptography would be easy to arrange.
Today most US citizens distrust the US governement, civil liberties and protections are fairly well established in law and legal precedence, and we techno-nerds are actually the ones running the country :)
In the Four Horsemen scenario, it is likely that most engineers would be delighted to help put things to rights.
The legal system would have to be stretched considerably less to outlaw strong crypto and make it stick.
It would have to be shattered to make such a ban stick. Times have changed quite significantly since the 40s, and free speech rights and the first amendment have become rather important to our information society.
This is correct. But these views would be change if we were facing a terrible situation. It isn't even clear that you would have to tamper with free speech rights all that much to suppress strong cryptography. There would be a dramatic political risk that all rights would disappear later, but after somebody you know gets killed anonymously, you might be willing to chance it. Peter Hendrickson ph@netcom.com
Peter Hendrickson writes: [...]
Get a warrant, search my system, find nothing but a bunch of applications and a collection of risque (but definitely legal) pictures which I exchange with a few friends. You may suspect that when the images are concatenated in a particular way the low-order bits form a stego filesystem but no one will be able to prove it in court.
Are you concatenating these images by hand? If so, the level of entropy is probably low enough to recover the information through brute force methods or you are hiding a very small amount of information.
I hide the relatively small amount of data within a very large amount of data which makes it impossible to find. Data from analog sources, like the "real world" (images, sounds, etc) is noisy. This is a fact of life. Because this data is noisy I can hide information in the noise. As long as the information I am hiding maintains the same statistical properties of noise it is impossible to pull the information out of the data file unless you have the key. If I am paranoid enough I can make this key impossible to discover without a breakthrough in factoring. This is the essence of steganography and the nature of signal and noise are fundemental principles of information theory. No legislative action or administrative decision can change the laws of mathematics, this fact alone is why the crypto genie is forever out of the bottle.
If you are not doing it by hand, you own terrorist software and will pay the price.
Ah yes, terrorist programs like cat and perl and operating systems like Linux which contain a loopback filesystem that I can hook a perl interpreter into at compile-time (which is enough for me to rewrite the program from scratch each time if necessary, unless things like math libraries are also outlawed on computers :) I think that the crypto concentration camps are going to be very crowded places. jim, who answers to a higher law: the laws of mathematics...
participants (2)
-
Jim McCoy -
ph@netcom.com