[Politech] Are the encryption wars really over? Maybe not [priv]

Declan McCullagh declan at well.com
Wed May 25 19:09:53 PDT 2005

Whether the crypto wars are over depends on what you consider the
dispute to be about in the first place. In the export-control sense,
yep, we've won. We may not have had a resounding Supreme Court victory
on First Amendment grounds, but the original regs proved politically

How about domestic restrictions? That never really got off the ground in
the U.S., even in the darkest days of the 1990s.

But either could return swiftly. All it would take for a bill to be
introduced is for Al Qaeda to have encrypted information that could have
saved thousands of American lives were it decrypted in time. (Life does
not follow the TV show "24".) See:

I wouldn't be surprised if such a law would permit non-escrowed crypto
to be used to secure communication streams while requiring .gov
backdoors in crypto used for hard drive or file encryption. In other
words, GPG and PGPdisk might become verboten. Programmers might sensibly
scoff, but that's the way the Feds think.

How about other restrictions? I don't think the crypto-in-a-crime idea
ever got enacted into law, but a Minnesota court this month moved in
that direction:

In other words, the war is probably not over. It's just in a multi-year
lull. The correct preventative tactic to employ right now is to follow
the IPv6 model and seed both disk and communication-stream encryption
wherever it makes sense. Then it becomes more politically difficult to

Previous Politech message:


-------- Original Message --------
Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've
won! [priv]
Date: Wed, 25 May 2005 18:11:25 -0400
From: Pyke, Gila <gila.pyke at ssha.on.ca>
To: Declan McCullagh <declan at well.com>

Hi Declan,

This email generated a fair amount of discussion amongst my peers. The
assertion by someone so well known and respected that the "crypto wars
are over" was met with quite a bit of skepticism.

A coworker (who wishes to remain nameless) said it best:

	"The battles over key escrow and export controls aren't the hot
topics 	that they used to be.  But that's not because the fight is over,
more 	that it has moved on to other things like digital IDs, biometric
passports, and the other hot topics that circulate on this list.
Projects like the Clipper chip died not because of politics, but
because it was difficult and impractical to deploy and get industry to
adopt it (similar to the problems facing technologies such as PKI and
smart cards).

	There are still (smaller) legal battles going on over giving law
enforcement the right to decrypt a suspect's hard drive, or ISPs
handing out passwords to their users' accounts, or cryptographers
facing prosecution for publishing cryptanalytic results, and on and
on.  It has become more of a privacy battle than an encryption issue,
but the battle is still there.  And of course, there is still the
prevailing paranoia that the NSA and other intelligence agencies have
already cracked the crypto algorithms currently in circulation.  This
isn't too far-fetched considering the number of algorithms that have
been broken and retired in recent years. "

As far as many of us are concerned, cryptography always was and always
will be a controversial science.  I don't think the government's
interest in controlling it will ever go away, although the face on it
may change.

Incidents like this one:


--Hackers Holding Computer Files 'Hostage'

(23 May 2005)

A new type of extortion plot has been identified, unlike any other cyber
extortion, according to the FBI. Hackers used an infected website to
infect computers with a program that encrypts the users file. Then the
criminal demanded money for the key to decrypt the files.  Enhanced
versions of this attack threaten large numbers of users with loss of
important data, loss of money, or both.



...will make sure of that. Efforts like TOR will always feel threatening
to some of the people in power, and excuses like the war on terrorism
will always give those people a well-hyped excuse to do "what they think
is necessary".

But that is just my fundie, cynical, tired opinion.

Gila Pyke
Policy Analyst
Privacy and Security Division
Smart Systems for Health Agency

Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)

----- End forwarded message -----
Eugen* Leitl <a href="http://leitl.org">leitl</a>
ICBM: 48.07100, 11.36820            http://www.leitl.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

[demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]

More information about the cypherpunks-legacy mailing list