[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GAK/weak crypto rationale?



John Young writes:
>    In response to an audience question about wiretaps and
>    crypto, Mr. Michael Nelson of the White House said at the
>    NIST GAK meeting (paraphrased):
> 
>       We are not concerned with bad people using crypto among
>       themselves, we can handle that. We are more concerned
>       with their using crypto to communicate with regular
>       folks, to make legitimate arrangements -- finance,
>       supplies, travel, and so on -- for their nefarious
>       deeds. It's the intermix of the bad with the good that's
>       the problem.

Most of this reminds me of observations others have made (maybe here) about
LEAs' typical use of wiretapping, commercial records, etc. in gathering
evidence. It was said that criminals are often tracked/caught because of
communications with friends/relatives, and transactions with above-board
businesses to rent cars, buy plane tickets, etc. An argument against
allegations that free crypto is hazardous proceeds, then, by pointing out
that such contacts with *ahem* "regular folks" will be conducted in the
clear, or at least that one party will be cooperative with investigators.

Whether or not I encrypt my conversation with the Phil Zimmermann Travel
Agency, however, doesn't affect the ability or inclination of the PZTA to 
divulge its records to the TLAs. They would no longer beable (old a.r.k. joke)
to learn the contents of the communication directly from a wiretap. But if I
understand the technology correctly, they could certainly trace an encrypted
call to determine the identity of the other party. After that it's a trivial
matter to ask the other party to reveal transaction records. So I don't see
how the strong encryption of the "good" significantly interferes with The
Legitimate Needs of Law Enforcement in and of itself.   

(As an aside, the situation may get murky when the Phil Zimmermann Travel
 Agency carries out transactions over the net with cryptographically sound
 digital pseudonyms. Depending on the circumstances, true ecash with
 reasonable payor anonymity may also need to be involved. This is where I
 suspect untraceable transactions make the LEAs uncomfortable: untraceable
 garden variety transactions)

>    Maybe someone else at the meeting heard this differently
>    and will comment, but this seems to mean that the Feds can
>    track, and maybe crack, the crypto-intercomm of "bad
>    people" so long as it is not buried in a torrent of public
>    crypto use. And not commingled with lawful, ECPA-
>    protected(?), communication.

Hmmm. The bit about "the intermixing of bad and good" is puzzling. "Bad"
and "good" seem to be defined in terms of the identities of the parties to
a communication. Figuring those out isn't hindered by strong crypto per se.
I remain unclear as to the source of their expressed concern.

Your paraphrase of Nelson's statement strikes me as remarkable. Doesn't "we
are not concerned with bad people using crypto among themselves" run
completely counter to all the hyperbole about terrorists planning OKC II
with PGP ?  Does anyone have an exact quotation ?  At any rate, sign me up as
a "bad person"....

Incidentally, recent events in France highlight the absurdity of Les Quatres
Chevaliers. The French government's crypto registration requirements don't 
seem to have been much of a deterrent to the serial Metro bombers -- quelle 
surprise !  I hope someone in Washington is paying attention.

-Futplex <[email protected]>