(fwd) A Silver Bullet to Limit Crypto?

[tcmay@netcom.com (Timothy C. May)]

Cypherpunks of the World,

Here's a new analysis of the key registration proposal I just posted
to a couple of groups.

-Tim


Newsgroups: sci.crypt,alt.privacy,comp.org.eff.talk
From: tcmay@netcom.com (Timothy C. May)
Subject: A Silver Bullet to Limit Crypto?
Date: Wed, 11 Nov 1992 18:36:44 GMT


Key Registration as a "Silver Bullet" to Limit Crypto Use


Two weeks ago, and more than 500 related messages ago, I posted the
"Trial Balloon to Ban Encryption?" message, alerting sci.crypt and
other newsgroups to the Dorothy Denning "trial balloon." Prof. Denning
has continued the balloon metaphor, calling her first proposal a "lead
balloon" and her improved, law-enforcement-friendly version a "copper
balloon." Others have called it a "uranium balloon," i.e., it's worse
than the lead balloon.

In reading the hundreds of comments about ways to bypass the Denning
proposal, about the many clever schemes to avoid detection, I came to
some realizations about the likely reason for key registration. Also,
at the recent Hackers Conference in Lake Tahoe, lots of interesting
points came up (crypto, PGP, anonymous remailers, digital cash,
privacy, and the "Crypto Crackdown," to borrow Bruce Sterling's title
of "The Hacker Crackdown," were hot topics). Mike Godwin of the EFF,
who may be reading this in comp.org.eff.talk, spoke on such
policies...he told us this kind of crackdown on crypto tools is a
priority of several government agencies and that the issue will not go
away with the new administration.

But why scheme to register keys, by whatever means, if the system is
so easily thwarted and bypassed? Neither Prof. Denning nor her
colleagues, both in and out of the NSA and FBI, are dummies.

The "silver balloon," or silver bullet, is this:

* a formal key registration system will directly affect and limit use
of the _most important_ part of public key systems: the ability to use
public key directories (like phone books) rather than set up all
communications on a one-to-one basis (as private key systems require,
for key exchange, and as many of the key registration bypasses
implicitly or explicitly require).

* enforcement, at least for publicly announced P-K keys, can be by
insisting that a special message ("This is J. Random User.") be signed
with one's registered/deposited key and then verified with the public
key to ensure the same private key-public key pair is used. (Yes,
there are still bypasses and clevernesses to spoof these systems, but
most "publicly visible" use of P-K methods, the main raison d'etre for
public keys, will be affected and effectively controlled.) Keys can
and will be registered under this proposal, but many people will
simply not bother with the hassle and just won't use P-K methods (thus
making the monitoring job easier).

* bypassing the key registration laws by "going underground" is always
possible, but for this purpose one can already use one-time pads, pack
message bits into the least significant bits of digital recordings and
images, and generally do all sorts of other devious things. The key
point is that the wide use of public key methods is reduced, which may
be the real motivation.

* reducing the wide use of crypto technology by the masses allows the
monitoring agencies a slightly easier job in monitoring those who
_are_ using crypto. One can imagine exactly the same arguments for
restricting or registering voice scramblers for phone use: by
requiring registration, fees, etc., many users will simply not bother
to use scrambling (and there may be related to spread the idea that
anyone using scrambling--or crypto in general--is somehow suspect,
must have something to hide, etc.

* the key registration ideas discussed so far severely limit use of
crypto protocols that _dynamically_ generate lots of public keys.
Cryptographic voting, most forms of digital cash, anonymous remailers,
and several other exciting uses all tend to generate a lot of keys "on
the fly." Are all of these to be registered? How? For how much money
per registration? And how long will it take? Weeks?

Instead of concentrating on how these kinds of uses, mentioned by many
people, effectively make the Denning/Rivest/Micali proposals
unworkable, we should look instead at how these proposals may _in
fact_ be aimed at limiting the explosive use of crypto for these new
applications. A government afraid of digital cash, of anonymous
remailing networks, of information markets in technologies, and of
lots of other interesting uses, may see key registration as a way to
contain this explosion.

Even if the private keys kept at the "trusted key authority" were
_never_ looked at by court order or otherwise, the key registration
act itself would place severe limits on the use of modern
cryptographic protocols for novel uses and for wide use by the public.

In this sense, the key registration idea may be a silver bullet, or
balloon, to head off these uses. A chilling effect (the "liquid
nitrogen balloon"?).

Any thoughts on this view?



-- 
..........................................................................
Timothy C. May         | Crypto Anarchy: encryption, digital money,  
tcmay@netcom.com       | anonymous networks, digital pseudonyms, zero
408-688-5409           | knowledge, reputations, information markets, 
W.A.S.T.E.: Aptos, CA  | black markets, collapse of governments.
Higher Power: 2^756839 | PGP Public Key: awaiting Macintosh version.