[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Crypto crackdown - this is it!



Well, we knew that this had to happen eventually. Isn't it ironic
that, as we read that crypto is flourishing in the Soviet Union,
that their supreme court has just accepted the validity of digital
signatures, we find ourselves under attack here at home! Seems like
we're putting up walls just as fast as they are tearing them down
over there. I just sent e-mail to those crypto developers in the
Soviet Union; maybe I'll get a visit from the Thought Police. After
all, I did mention RSA, IDEA, and PGP in the message, and there's
not much doubt the bad guys monitor the link to the Soviet Union,
now is there? In fact, everyone who has a public key on the key
servers could be a suspect.

This crackdown can serve no legitimate security purpose, since the
algorithms involved are all readily available worldwide. This can
only serve two purposes: (1) to intimidate any company which might
consider publishing useful cryptographic software and information,
and (2) to establish a precedent and set up the machinery for a
drug-war-style crackdown on all privacy and digital speech.

Why is the government so reluctant to treat digital media as
equivalent to paper media? Real simple. Paper requires an
organization to distribute it. If the government really wants to,
they can conduct a Gestapo raid and confiscate everything (Steve
Jackson Games) and prevent the publication of anything on paper.
With electronic media, they can't do anything. Once it's on a disk
or on the Usenet, information is forever beyond their control. The
government is about to lose all control over information, and the
idea scares the hell out of them.

What is happening is that the network is replacing the hierarchy as
the basic unit of human organization. Naturally, those who run the
hierarchies don't want this to happen.

The bad guys have been trying to figure out what to do since PGP
was released. Being leftover cold warriors, they really don't know
how to attack freeware distribution. The idea of free distribution
of information is totally alien to them. But as soon as commercial
sales were mentioned, they knew what to do. Yes, we should fight
them tooth and nail on this one, but we should also learn a
valuable lesson from it: they can't handle freeware! It's only when
we go commercial, with a visible base of operations, that they know
how to attack us.

We need a method of zero-knowledge collaboration on software
development. People could work together on a project without
knowing anything about each other. This would involve a newsgroup
for discussion of projects, anonymously of course, and the exchange
of pseudonymous PGP keys. Private mail would be sent by posting
with the recipient's key id in the subject, making it easy to grep
for. Development could be broken up among different people,
functions and code fragments could be posted and exchanged, and the
whole program compiled and released, in such a way as to be totally
untraceable.

Code we need now!

Windows NT, OS/2, and UNIX implementations of PGP, set up as a
server so that any application can access PGP primitives. This
would establish PGP as a standard encryption server outside the US.
People use what is easy, so make it easy.

A program to transparently encrypt hard drives on the fly, similar
to KOH or Norton Diskreet (except don't use DES, and allow only part
of the drive to be encrypted, like Diskreet), to protect people 
against unreasonable search and seizure. Let's face it, with the 
drug war, the Constitution's search and seizure protections are DEAD! 
They may not be able to prosecute you based on illegal evidence, but
they can take everything you own and keep it until you are broke 
and homeless.

A tape backup program which securely (IDEA or similar) encrypts
streaming tapes. This would protect people from seizure of their
records and archives. Government loves to seize paper; give the
bastards something they can't read!

The next few weeks and months may be decisive. This is it. If we
succeed, we could have a future of freedom, privacy and equality
brought about by the inherently democratic nature of networks in
general and public key crypto in particular. A world in which
digital cash has starved the dinosaurs of government and digital
media have made censorship forever impossible. But, if we fail:

"There was of course no way of knowing whether you were being
watched at any given moment. How often, or on what system, the
Thought Police plugged in on any individual wire was guesswork. It
was even conceivable that they watched everybody all the time. But
at any rate they could plug in your wire whenever they wanted to.
You had to live - did live, from habit that became instinct - in
the assumption that every sound you made was overheard, and, except
in darkness, every movement scrutinized." -- 1984

BTW: when setting up encrypted remailer bounces, be sure to change
the subject at every bounce to defeat traffic analysis based on the
subject line being the same all the way through. For example:

::
Request-Remailing-To: <put address here>
Subject: <put new subject here>

Be careful, write code, spread PGP, we might actually win this thing!