Official Anonymizing

Tue Sep 4 15:00:34 PDT 2001

At 04:33 PM 9/4/2001 -0700, John Young wrote:
>And I am not as sanguine about the wisdom of providing technology
>to government on the same footing as the citizen. There is more
>than a bit of marketing opportunism is this view -- and government
>knows very well what power the purse has to seduce young firms
>into the world of secrecy.
>
>So I say again, that despite it being economic foolhardiness, indeed
>because it is that, there needs to be a code of practice for anonimyzer
>developers to state their policy of helping governments snoop on
>us without us knowing. Agnosticism in this matter is complicity
>when such a stance cloaks government intrusiveness.
>
>Look, I'll accept that we will all succumb to the power of the market,
>so limit my proposal for full disclosure to those over 30. After that
>age one should know there is no way to be truly open-minded.

I don't think the problem here is really the power of the market - it's the 
ease of copying digital media, and the difficulty of keeping a secret. I 
think a disclosure program like you discuss isn't an awful idea - and it 
might make sense for crypto companies to include, as part of their sales 
contracts with government agencies, explicit permission to disclose those 
purchases for public awareness and marketing purposes.

But any such disclosure list is going to be incomplete, because the sellers 
themselves don't know who they're selling to, or who their customers are 
passing the goods along to.

It's the same old crypto export control problem - but now we're thinking of 
the US government as the bad guys, instead of the government of Iraq - and 
all of the practical objections to the export control nonsense still make 
as much sense as they ever did. And the ease of circumventing the control 
regime still makes it a laughingstock, or just a marketing exercise.

(See, for example, the PROMIS software package - licensed by Inslaw to DoJ, 
and from there distributed far and wide, depending on who you believe. A 
Google search on "promis inslaw casolaro" will provide a catalog of real or 
imagined government abuses of small software sellers.)

I agree that we in the US have much more to fear from our government than 
from the government of Iraq - and perhaps the moral or strategic questions 
about arms control weigh even more heavily against giving the US government 
strong privacy or encryption or monitoring tools - but those moral 
questions are irrelevant given the speed and ease of distribution in the 
modern world. We can't control the spread of drugs, or guns, or money, or 
crypto, or surveillance tools - not as a government, and certainly not as 
individuals or small companies.

Given those constraints on our abilities, publishers of crypto/privacy 
tools must assume that, when they make any significant distribution of 
their products, some of them will end up in the hands of government 
agencies, who will use them (if they're useful) and disassemble/analyze 
them to find exploitable weakness. That's not really different from what 
others - like hostile foreign governments, or motivated criminals, will do 
with them.

Similarly, citizens must assume that, if tools are available to anyone, 
that they are available to governments, and to the least honest and least 
honorable and least humanitarian people within those governments, and plan 
their affairs accordingly.

There's no other realistic path - we can agree that it would be nice if 
governments didn't perceive a need to mislead and deceive their own 
citizens, and if governments would follow their own laws - just as it would 
be nice if other humans would follow laws and act decently, too. But they 
won't, not all of them. So we've got to  make our plans assuming that the 
worst people are going to get access, sooner or later, to the best tools, 
and they're going to lie to us about it along the way.

And that's what we've got to work with - but we can have the good tools, 
too, if we choose them.

--
Greg Broiles
gbroiles at well.com
"We have found and closed the thing you watch us with." -- New Delhi street kids