[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(fwd) A Trial Balloon to Ban Encryption?
I have rewritten my posting on Denning's proposal and posted it to
sci.crypt, for wider discussion. I'm surprised the sci.crypt folks had
not already the significance. You might want to consider debating the
issue there, rather than on this list, as your words will then be
heard by more folks and could mobilize an effort against proposal like
this one of Denning's.
From: [email protected] (Timothy C. May)
Subject: A Trial Balloon to Ban Encryption?
Message-ID: <[email protected]>
Organization: Netcom - Online Communication Services (408 241-9760 guest)
X-Newsreader: Tin 1.1 PL5
Date: Mon, 26 Oct 1992 18:08:13 GMT
Is there a trial balloon being floated to effectively ban encryption?
Noted and influential influential crypto advisor Dorothy Denning has
apparently floated the idea of _public key registration_ in a paper or
talk at the 15th Computer Security Conference in Baltimore, held
recently. Discussion of this is in comp.risks ("RISKS"), so far, but
certainly belongs in this group.
I posted a summary of this position to a private mailing list devoted
to crypto issues and got a huge response of concerned folks. I don't
understand why this is not a hot topic on sci.crypt, so I'll post
something right now.
Here's my understanding of her proposal:
* Anyone using public key cryptography would be required to register
the private key with the appropriate authorities, for example, the
* To head off the obvious concerns about the government routinely
reading e-mail, financial dealings, etc., this registered key would be
stored at an independent agency after first being encrypted with the
_public key_ of Justice. (That is, the independent key storage agency
would have an unusable key, so _they_ couldn't use it themselves.)
* To obtain a usable form of the private key, Justice would have to
get a valid court order, go to the independent storage agency, present
the order, pick up the key, open it with their own _private key_, and
proceed to open mail, read communications, etc.
This is ostensibly the procedure now used for wiretaps.
But the effect on encryption would be chilling:
-would greatly complicate the rapid changing of keys
-would probably be a way to get "unlicensed" crypto programs off the
market (e.g., don't think about using PGP 2.0, as the key registration
authorities would either insist on another algorithm, or would send
the "registration application" to, for example, RSA Data Security for
-would undoubtedly require a "fee" (like a driver's license)
-would interfere with the use of digital pseudonyms, anonymous nets (a
la Chaum's "DC Net" proposal, which some of us are exploring now), and
-would establish the precedent that private communications are not
legal, that copies of all private communications must be placed in
escrow with the government
Registering keys is no different than, for example, requiring a permit
for every public utterance or for registering typewriters, modems,
computers, fax machines, and copiers. Or banning the use of sealed
envelopes for mail. In Phil Zimmerman's great words, it would be like
requiring all mail to be sent on postcards.
My suspicion, which Prof. Denning will presumably comment on if she's
reading this, is that the government folks have come to understand the
profound implications of modern crypto and are looking for approaches
to head off the coming sea changes. Granted, there are serious
national security threats in using modern crypto methods, but there
are in any of the new technologies, such as those listed above.
Besides, does anyone think all keys will be registered? Hiding bits is
a relatively easy thing to do.
This key registration proposal is more odious than the "backdoors in
telecom equipment" proposal discussed here recently.
Can we remain silent as our liberties are taken away?
I think it was John Gilmore who said: "If encryption is outlawed, only
outlaws will have encryption."
Timothy C. May | Crypto Anarchy: encryption, digital money,
[email protected] | anonymous networks, digital pseudonyms, zero
408-688-5409 | knowledge, reputations, information markets,
W.A.S.T.E.: Aptos, CA | black markets, collapse of governments.
Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.