Re: The "Future" Fallacy
At 7:24 AM 12/6/95, blancw@accessone.com wrote:
From: Duncan Frissell
Bill Gates (like Mister Newt before him) committed what I call the Future Fallacy in "The Road Ahead." Page 106.
"Soon any child old enough to use a computer will be able to transmit coded messages that no government on earth will find easy to decipher." ...................................................
Billg is an optimist.
What's wrong with this picture, Duncan?
I found nothing wrong or incorrect with the quote Duncan attributed to Bill Gates (I haven't read Gates' book). I couldn't understand Duncan's koan, shrugged, and moved on. --Tim May Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
On Wed, 6 Dec 1995, Timothy C. May wrote:
At 7:24 AM 12/6/95, blancw@accessone.com wrote:
From: Duncan Frissell
Bill Gates (like Mister Newt before him) committed what I call the Future Fallacy in "The Road Ahead." Page 106.
"Soon any child old enough to use a computer will be able to transmit coded messages that no government on earth will find easy to decipher." ...................................................
Billg is an optimist.
What's wrong with this picture, Duncan?
I found nothing wrong or incorrect with the quote Duncan attributed to Bill Gates (I haven't read Gates' book).
I couldn't understand Duncan's koan, shrugged, and moved on.
I think Duncan was mad at the 'soon.' Why not today?
--Tim May
Views here are not the views of my Internet Service Provider or Government. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^756839 | black markets, collapse of governments. "National borders are just speed bumps on the information superhighway."
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
Bill Gates (like Mister Newt before him) committed what I call the Future Fallacy in "The Road Ahead." Page 106.
"Soon any child old enough to use a computer will be able to transmit coded messages that no government on earth will find easy to decipher."
Billg is an optimist.
I found nothing wrong or incorrect with the quote Duncan attributed to Bill Gates (I haven't read Gates' book).
I think Duncan was mad at the 'soon.' Why not today?
I think I can answer this question because I was an obnoxious little hacker with an Atari 800 when I was a kid. The only thing I did not have was a modem and an Internet connection (thus ability to read sci.crypt.research etc ...) I did have arbitrary precision math libraries (although I did not have any engineering concept of "libraries"), and I had written some non-trivial scrambling code (it's not RSA, of course). I am, by no means, a super-smart person. Therefore, it is not a stretch to believe that kids today can perform powerful encryption in the privacy of their own homes. Therefore, to Bill G and his "prophecy": "been there, done that" ... (Apologies to those who hate that phrase; I hate it too, but it is so obnoxious that it gets the point across.) Ern
On Wed, 6 Dec 1995, Ernest Hua wrote:
I think Duncan was mad at the 'soon.' Why not today?
I think I can answer this question because I was an obnoxious little hacker with an Atari 800 when I was a kid. The only thing I did not have was a modem and an Internet connection (thus ability to read sci.crypt.research etc ...)
[...]
means, a super-smart person. Therefore, it is not a stretch to believe that kids today can perform powerful encryption in the privacy of their own homes.
Not a stretch? I'd say it was proven fact two years ago. This, I believe, was Duncan's point. [...]
Ern
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
Duncan's comment was quite obvious. Any child old enough to use a computer can already transmit coded messages that no government can find easy to decipher. The "Future Fallacy" is the prediction of things in the past. Timothy C. May writes:
From: Duncan Frissell Bill Gates (like Mister Newt before him) committed what I call the Future Fallacy in "The Road Ahead." Page 106.
"Soon any child old enough to use a computer will be able to transmit coded messages that no government on earth will find easy to decipher." ...................................................
Billg is an optimist. What's wrong with this picture, Duncan?
I found nothing wrong or incorrect with the quote Duncan attributed to Bill Gates (I haven't read Gates' book).
I couldn't understand Duncan's koan, shrugged, and moved on.
Duncan Frissell quotes Bill Gates:
"Soon any child old enough to use a computer will be able to transmit coded messages that no government on earth will find easy to decipher."
blancw@accessone.com responds:
Billg is an optimist.
What's wrong with this picture, Duncan?
Then Tim May says:
I found nothing wrong or incorrect with the quote Duncan attributed to Bill Gates (I haven't read Gates' book).
I couldn't understand Duncan's koan, shrugged, and moved on.
I don't know what blancw was getting at, but I'll take up his side of the argument. Can good security really be automated so well that people will have it without thinking about it? I create accounts at an ISP, and 90% of the people who walk in the door pick terrible passpwords, even after listening to a little speech about what makes a good one. I'd be willing to bet that more than half the people using PGP have passphrases that would fall quickly to a dictionary attack. The child in billg's example might have a giant key sitting on the hard drive, but it's either going to be sitting there in the clear or protected by a passphrase. Will the child pick a good passphrase? One of the most important arguments we can make against government control of crypto is that the claims of impenetrability are being oversold on both sides of the debate. If the NSA wanted my PGP key badly, they'd have it and I wouldn't know it. I can think of lots of ways they could get it, and I'm not nearly as clever as they are. Good algorithms and protocols aren't enough: you need good human discipline. The best software in the world won't help me if my passphrase is "alex1" -- and that's what 25% of the people named Alex will set it to, providing that you impose the restriction that passphrases must have a non-alphabetic character. There's an enormous difference between the amount of care that people in the intelligence business and casual crypto users take with keys. Are the spooks wasting time and energy? I don't think so -- that's what it takes to minimize your risks. Do I do it? No. If someone swapped my pgp binary, I'd never know it. Crypto won't protect us absolutely from surveillance, but it will do a very good job of protecting us from automated surveillance. Right now, phones are wiretapped for next to nothing. If I have a friend who sells drugs and I speak with him on the phone frequently, I can get on the list. If they hear something on my phone that keeps them interested, another friend of mine can get put on the list as well. It spreads like a viral infection. That's the sort of thing crypto will put a stop to. If they want my key, they'll be able to grab it. But it won't be practical for them to grab the keys of the ten people I correspond with most just because they coreespond with me.
-----BEGIN PGP SIGNED MESSAGE----- Alex Strasheim <cp@proust.suba.com> wrote:
I don't know what blancw was getting at, but I'll take up his side of the argument. Can good security really be automated so well that people will have it without thinking about it?
I create accounts at an ISP, and 90% of the people who walk in the door pick terrible passpwords, even after listening to a little speech about what makes a good one. I'd be willing to bet that more than half the people using PGP have passphrases that would fall quickly to a dictionary attack.
Yes, but even if your PGP passphrase is "pass", using PGP gives you excellent security against anyone who can't get access to your secret key. I envision "Joe User" security as a pocket-computer That has very limited capability. Basically it can input data (but not executable code!), put Joe's authentication-stamp (a.k.a. "signature", although that's a misnomer) on that data, and output it. It only does this in response to some kind of authentication-action from Joe himself. Perhaps he inputs a 4-digit PIN. (It should be designed so that he can keep the PIN-input-device out of sight, say in his pocket, while using it.) Furthermore it should have an amnesia function where brute-forcing the PIN fails (possibly wiping the secret key) and a duress code PIN which fakes normal operation. (Possibly the duress code replaces all the incoming data with "HELP I'M BEING HELD UNDER DURESS!" before stamping it and outputting it, then wipes the secret key and continues to operate in fake mode.) And of course its hardware should be "tamper-resistant" for whatever that's worth. I guess it should have a one-time function (burnable ROM or whatever) which generates the secret key so that Joe can generate the key himself rather than having it done at the factory. It would be nice if Joe could make a back-up of his secret key, but I don't see anyway to do that without weakening the protection on it. Does this sound like something Joe could learn how to use properly, and trust enough to store a few hundred dollars in? He can choose his PIN himself and his duress PIN can be a variation of the normal one. One problem is that Joe can't necessarily tell what information is being fed into his "stamper" to be stamped. Possibly it could have an LCD display for that purpose... Hopefully it is apparent what kind of use this tool can be put to. For example, Joe picks up a a carton of milk at the grocery store, the store's cash register submits a bill for $2.00 to Joe's stamper, which stamps it, and Joe leaves. The grocer can submit Joe's signed IOU to Joe's bank at his/her leisure later. Variations on this theme. The main issue is how Joe can keep track of what information his is stamping. Regards, Bryce signatures follow "To strive, to seek, to find and not to yield." -Tennyson <a href="http://www.c2.org/~bryce/Niche.html"> bryce@colorado.edu </a> -----BEGIN PGP SIGNATURE----- Version: 2.6.2 Comment: Auto-signed under Unix with 'BAP' Easy-PGP v1.01 iQCVAwUBMMZKHPWZSllhfG25AQEbSgP9HOYLQtCuEiok/JCvxHnq1Xxvx7aeXZH9 8OaC0GPEPFFNSnjerLTcvkbrn04JjHNBC10eMx3I8/jSTB6817M+M8+aTzqC44rH m2krfLCOMPXXHejDJgzPn/OlsLRKzi1HgeiHphpL1NGoRyNk+mKzBmq59EbvOqeF aSrF6QuEEpw= =rHnb -----END PGP SIGNATURE-----
participants (6)
-
Alex Strasheim -
Black Unicorn -
Bryce -
Ernest Hua -
Perry E. Metzger -
tcmay@got.net