[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Strategies for getting encryption in widespread use QUICKLY
I recently sent a version of this message to Stanton McCandlish in
response to EFF's call for support on the Cantwell bill; he said you
people would probably be most interested in the idea. I was planning
to sit quietly for a few weeks, watch the list, and make sure it's
not just old news here before opening my big mouth. But seeing the
volume of the list I may not last that long, so I'll post now. :-)
---
It seems like the most effective way to fight Clipper would be to ensure
that by the time the government has a chance to impose any effective controls,
strong public encryption is in wide enough use to make such controls
completely unenforceable.
While encouraging people to always encrypt their E-mail might seem the most
straightforward way to do this, most people just aren't interested enough and
don't see a threat in leaving their mail open, and encryption is still
inconvenient. An approach introducing encryption into some other aspect
of information transfer, where it is more immediately and obviously useful,
might be more successful in the short term.
One of the most popular uses of the Internet is for distribution of free
software, both in binary and source form. It would make the lives of many
people much easier if the downloading and installation process could be made
more automatic. Right now if I want to always have the latest version of GCC
on my Linux box at home, I have to watch the right newsgroup for announcements,
FTP to the right site, download the new version, unzip, untar, and install it
(not to mention compiling it if I get a source code distribution). This is
not too bad by itself, but it gets inconvenient on a "real" system containing
hundreds of packages to be kept up-to-date, a new version of one coming out
every day or two.
It shouldn't be too difficult to automate this monitoring, downloading, and
installation process, especially for binary distributions that require no
complicated configuration or build sequence. But suggest this to most anyone,
and they'll immediately get jittery with fear about trojan horses, viruses,
and every other attach known. This is where encryption technology (specifically,
public-key-based signatures) could come in. Unlike with E-mail privacy,
where most people don't get a really tangible benefit, in this case encryption
could be a real enabling technology: it would allow people to do what they
couldn't (or wouldn't dare) do before. If it was done right, in a way that
people can trust, people _would_ use it because it would make their lives
easier, not more complicated.
Before I get into any more detail, I want to hear what you all think
about the general idea, so I'll leave it at that for now.
Thanks!
Bryan Ford
---
Bryan Ford [email protected] University of Utah, CSS
`finger [email protected]' for PGP key and other info.