CDR: Re: Schneier: Why Digital Signatures are not Signatures (was Re: CRYPTO-GRAM, November 15, 2000)

[John Young]

What is not clear in Schneier's several critiques of crypto 
weaknesses is what will be made of them to advance the
burgeoning interests of law enforcement and the compsec
industry in cybercrime control measures.

While it may not be Bruce's intent to provide support for
"the legitimate interests of law enforcement and industry"
to combat "cybercriminality," what does appear to be
evolving from the interests of the compsec industry is
a close working relationship with the prime consumers 
of their services and products -- especially with
the privitazation and melding of natsec and domsec.

No doubt this is a carryover from the traditional close
relationship between compsec and comsec researchers,
developers and producers with government.

Still, is there no alternative to giving government and
corporations first, if not exclusive, choice on the best 
products and services, or contrarity, criminalizing activities 
and programs which do not succumb to government 
and corporate lobbying/purchasing persuasion (covert
arm-twisting; sweetheart contracts; favorable standards, 
regulations, exceptions, etc.)?

Count on one hand those who have resisted the lure and 
pressure to serve the nation as they serve their own interests. 
Count them stigmatized, broke, "renegades," outlaws, pitiful 
once-weres who lost touch with reality. 

Count those who are realistic as manifold, patriots, speakers 
at the best conclaves, propounders of sound advice to the 
wayward, reminders of what they've learned on the way is
no longer true, award winners, celebrities with swelling bank
accounts -- so long as the archy line is toed.

Now, none of this applies to Bruce's evolving computer
security body of work, which is most impressive. It's just not
clear what will evolve as Counterpane takes more of his
time and effort. What is clear is that cryptoanarchy, or
or broader cyberanarchy, is not in his interests, any more 
than it is in government's, except as a bugaboo.

Cybercrime begins with criminalizing digital information, 
that is, to regulate who gets access to private secrets,
who runs the protection rackets: "don't trust your
computer" is the next step after "don't trust the Internet."
Confidence in both requires the assurance services of 
who? Ah yes, I see.