[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Wrap Up: Conference on Law Enforcement and Intelligence




Summary:

1.  Digital Cash is on the map.  The Department of Justice will be
aggressively pursuing it.

Money laundering is becoming an increasing priority and crypto policy in
the United States is almost certain to be a casualty.  It's no longer, as
it seemed to have been 6 months ago, a question of "well until the
government finds out what the potential is, we are ok."  It is now: "Until
the government can manage to get the right people in an office together."
I'm not sure this is a particularly long time.

2.  Remailers are on the map.  The Department of Justice will be watching
these and an active effort to penetrate them is under way.  What this
means exactly is unclear.

The Department of Justice, according to Jeff Smith and acknowledged by
nods and "hmmm"'s of agreement from the DoJ panel members, is going to be
attacking remailers.  No idea how this may take shape, but its in the
works.  Beware Vatis and his ilk.

3.  Both law enforcement and intelligence are displayingh an unnerving
amount of cooperation.

No longer can we depend on turf wars to distract them.

4.  Might be a good idea to review implementations of crypto.

Both James Woolsey and Stewart Baker made sly remarks about the
reliability of crypto in the public domain.  While this is to be expected,
it might be a good idea to begin to look at crypto with a more discerning
eye.  In private conversation with Stewart Baker, my collegue mentioned
the potency of crypto algorthms in the public domain.  Wouldn't this make
criminal use simply too easy?  Should law enforcement not be considering
banning all crypto.  Baker wasn't giving away any secrets, obviously, but
he did suggest that tho many of the publicly available methods were
potent, their implementations might be weak.  (This while touting a cute
little "PGP" litigation bag.  Anyone know where these can be found?)

Perhaps its time to consider a more direct and careful implementation
review of IDEA, 3DES, MD5 and other common methods?

How widely reviewed is PGP's implementation REALLY?
What about other public products?

Bottom line:
Be afraid, be very afraid. 

--
I hate lightning - finger for public key - Vote Monarchist
[email protected]