[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

The New GAK-Clipper Thing will Fail




Comparing the latest GAK/Clipper III (or is it Clipper IV?) thing to the
original Clipper announcement in April 1993, I sense a lot more confusion,
a lot more thorny issues, and a lot more vagueness. They just seem more
disorganized and less committed than the last time around. Each iteration
of Clipper gets less focussed and seems to last a shorter time before the
next version is being talked about. A good thing, of course.

Some random points:

* Unlike with Clipper, where a specification existed and was available
within a few weeks for analysis, and where hardware existed (the Mykotronx
chips, the AT&T phone), what has been publically presented so far is just a
vague commitment to participate.

* There seem to be many ways around the new GAK:

--superencryption is essentially impossible to stop (e.g., use PGP on text
messages, then use the officially-approved GAK--how could this be outlawed?)

--the large pool of _existing_ crypto products means people will be using
these products for years to come (possibly within GAK wrappers, as just
noted)...unless the New World Order (tm) somehow locates, seizes, or
otherwise makes criminals out of those who use a once-legal product, how
could this be stopped?

--the "degrees of freedom" for messages have sharply increased in the last
several years: messages inside Web accesses, messages "sent" by posting to
message pools (*), direct phone calls, the Net, etc.

(* Will posting encrypted messages to the Usenet or world-readable Web
sites become a crime? Or will attempts be made to limit distribution of
Usenet and access to Web sites? Neither of these seems feasible, but how
else could the stated goals of the Administration ("stopping terrorists,
etc. from conspiring") be stopped?)

(On this point above, yes, I know that there has been no talk of
illegalizing the sending of mere encrypted data, only the export of
non-GAKked programs. But I think it likely that the LEAs will realize that
"criminals" are still conspiring with crypto. One thing they may try is to
require that any communication with a non-U.S. site involve GAK. This then
raises the Usenet/message pool directly. Since such sites have
world-distribution, currently, posting encrypted messages to
alt.anonymous.messages or to a mailing list like this necessarily involves
export of the messages. It gets complicated to enforce, naturally.)

* The Cabal itself seems confused as to what's involved. They seem to be
counting on IBM and/or TIS to deliver the solution, and may be just signed
on for what they think are reasons of political expediency.

* As the IBM scheme gets attacked (in the way Matt Blaze attacked Tessera),
as questions are raised about the Key Authorities and their cooperation,
and as the _costs_ are revealed....well, I expect further crumbling.

(On the "costs" issue, running these Key Authorities, staffing them,
complying with subpoenas (and who will _fight_ the subpoenas?), etc., will
not be cheap. For software products like Navigator and Explorer, that are
either free or very cheap, just who will pay for this infrastructure?
Someone at the EPIC Pro-CODE conference in Palo Alto a few months ago--I
forget whom--presented calculations of just how expensive a "key recovery"
infrastructure could be. Will it cost $50 to send a message to a foreign
site? Better to use message pools! :-})

I apologize for the random nature of my comments here. I just see so many
points of attack, so many ways to skirt the intentions of GAK, and so much
ambivalent commentary from the companies involved, that I am convinced this
whole thing will crumble.

Unless a "major terrorist incident" galvanizes the effort, it looks to
start falling apart almost immediately under the onslaught of Cypherpunks,
hackers, other governments (think France wants the USG having access to
their traffic?), and the "crypto anarchy" of nations whose borders are not
even speed bumps.

--Tim May


We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."