[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Lobbying/Politics/etc.

To: Stephen Humble <[email protected]>
Subject: Re: Lobbying/Politics/etc.
From: Ed Carp <[email protected]>
Date: Wed, 4 May 1994 11:08:56 -0700 (PDT)
Cc: [email protected], [email protected]
In-Reply-To: <[email protected]>
Sender: [email protected]

On Wed, 4 May 1994, Stephen Humble wrote:

> Ed Carp <[email protected]> sez:
> > Consider a successful terrorist attack against a significant 
> > group of innocents (the larger the number killed, the greater the horror 
> > and shock value).  The terrorists were using PGP-encrypted email to plan 
> > out the thing.
> > 
> > Now, how long do you think it would take before ALL crypto was outlawed?  
> > Who would benefit from such a thing?  Consider that it's child's play to 
> > finance, arm, and train a group of people to conduct a terrorist attack 
> > and (conveniently) they all get killed in their attack.  No one's going 
> > to complain too loudly - after all, they *are* terrorists, right?
> 
> I suspect significant problems implementing a law that criminalizes
> crypto.  The government currently spends $billions per year trying to
> eliminate illegal drugs, to very little effect.  Drugs should be
> easier to eliminate than crypto since phys-obs can't be copied ad
> infinitum as bits can.
> 
> There's also the matter of recognizing crypto in use.  A program that
> transforms its input so that the output can be converted back to the
> input but has maximum entropy is a good compression program and might
> also be an encryption program.  If a TLA taps my phone and finds a
> mysterious bit sequence, how can they distinguish reliably and cheaply
> between an encrypted conversation and a download of
> emacs-19.22.tar.gz?

Unless you use some sort of stego software, most encrypted stuff is 
pretty easy to figure out that it *is* encrypted.  grep " BEGIN PGP " 
message is a pretty good way to detect PGP traffic, magic numbers will 
tell you if it's a compressed file or not, etc.  It might not be 
necessary to prove what you were using to encrypt, merely proving that 
you *were* encrypting might be sufficient.

It's like the FCC: if they catch a ham sending out packets, and the FCC 
can't read them, they issue you a pink slip.  Doesn't matter what you're 
using, the meaning is obscured, and that's enough for them.

References:
- Re: Lobbying/Politics/etc.
  - From: [email protected] (Stephen Humble)

Prev by Date: Re: Lobbying/Politics/etc.
Next by Date: Visual Basic (yes, Basic!), and "VBX" tools
Prev by thread: Re: Lobbying/Politics/etc.
Next by thread: Re: Lobbying/Politics/etc.
Index(es):
- Date
- Thread