I must complement the group on the speed and vigor with which they have pursued the Clinton proposal. It is my hope that we can somehow make it apparent to the public that they are losing, not winning here. It seems to me that the following technologies are going to be of increasing import despite the outcome of the Clinton proposal. 1. Raw headerless output from packages like PGP. It seems obvious that if crypto is regulated, it must be easier to disguise the type of crypto one is using, or indeed if one is using crypto. 2. Methodology for the disguising of cyphertext in more innocous data. 3. The proliferation and consistant use of Crypto for even everyday communications. 1> The harder it is to find, the less potential there is for regulation. 2> The harder it is to look for, the less potential there is for regulation. 3> The harder it is to abolish, the less potential there is for regulation. More than the specific plan here, I am stunned by the emerging MOVEMENT that seems to be at work here. I can only ask, what's next? I don't think any proposal to regulate crypto will focus on the users, but rather the development and distrubution of said crypto. This is what frightens me the most. The precedent for regulation of private software and hardware applications is painfully visable on the horizion. Someone said before: Be afraid, be very afraid. uni (Dark)
It seems to me that the following technologies are going to be of increasing import despite the outcome of the Clinton proposal.
1. Raw headerless output from packages like PGP. It seems obvious that if crypto is regulated, it must be easier to disguise the type of crypto one is using, or indeed if one is using crypto.
Removing the headers from PGP will accomplish only the most cursory security. The PGP packet structure is recognizable out of a random byte stream even without the headers. More generally, just because _you_ don't know how to recognize something doesn't mean your opponent is similarly lacking. In order to really know it can't be done, you need a proof, that is, an argument that covers all possible ways of looking for something. This principle applies to all forms of steganography.
2. Methodology for the disguising of cyphertext in more innocous data.
See my comment above for my opinion on this.
3. The proliferation and consistant use of Crypto for even everyday communications.
I think work done to get PGP, for example, in mail readers is something that should be done with a bit more zeal. I, personally, don't use it much because of my computing environment (receiving mail on a widely-known-to-be-insecure Unix box, dialed in from MSDOS). The integration problems are pressing.
1> The harder it is to find, the less potential there is for regulation. 2> The harder it is to look for, the less potential there is for regulation. 3> The harder it is to abolish, the less potential there is for regulation.
True up to a point. Remember, internet users are still a small percentage of the whole. Eric
participants (2)
-
Eric Hughes
-
uni@acs.bu.edu