[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Why is cryptoanarchy irreversible?
To a large extent, it's a volume question - if there's too much
widespread use, it's too hard to control, prevent, or ban later.
If the volumes of traffic and users are low, you can track users.
So the government's working hard to keep volume down, both by
export controls, FUD attacks on Phil, and constant offers to deal,
such as Clipper I, II, III, and IV, all of which both delay widespread use
of real crypto and try to introduce pre-wiretapped crypto instead.
Strong vs. weak crypto isn't the real issue - for most business use,
weak crypto is obviously unacceptable, but strong crypto with GAK
is ok as long as it doesn't interfere with use (and as long as the
government bureaucrats don't sell too many keys.) After all, any
corporation, and most businesses, can be forced to keep and produce records
when the government wants them to; a government-held master key
doesn't change their "legitimate" access, only the convenience
of legal and illegal access. Key Recovery, on the other hand,
implies that you're required to either use GAK or use Weak Crypto,
which is obviously Bad. Most businesses are far more opposed to things
that make them wait for bureaucratic action in their day-to-day business
than to the privacy issues, and they're more concerned about
control and convenience than the economic rights issues (otherwise
they'd be refusing to pay taxes....)
The government might be able to stop new Netscape versions from
using strong crypto - threatening to confiscate the company's
ill-gotten gains from aiding and abetting money launderers might help,
and threatening to confiscate PCs that use unapproved crypto.
But it's tough to use a widespread threat like that on popular
software once it's out there.
A friend of mine lives in a kleptocracy; the local thugs haven't stolen
his email provider's computer yet, mainly because the hardware
doesn't work very well without software and administrators.
But he's not willing to risk using PGP very often, because the
volume is small enough they can watch everything (they give him
enough trouble occasionally for using his native language on the phone
instead of the local languages.) And sending stego isn't likely
to be a good solution for a while, since mail volume is low enough
to his remote area that sending lots of scanned photographs
would be a big impact on email costs.
# Thanks; Bill
# Bill Stewart, +1-415-442-2215 [email protected]
# You can get PGP outside the US at ftp.ox.ac.uk