[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Why dumb criminals will NOT use Clipper




How to shoot yourself in the foot, or why "stupid" criminals won't use Clipper


Harshad Mehta, a Bombay stock broker who was behind a multi-billion dollar
financial scam involving a number of international banks and the Indian stock
markets, was definitely smart. He hired one of the most well-known lawyers in
the country, but encrypted his personal records with Lotus 1-2-3 (though I 
believe that he had used DES for some things).

The Medellin cartel, presumably used to the methods of US intelligence agencies,
caused the assassination of Pablo Escobar by making cellular calls without
encryption. 


They had the money, organization and intelligence, but were either unaware of
any need for encryption, or assumed that what was good for most US businesses 
(DES) was good enough for them.


When the NSA wanted to provide an improved PK standard for governmental use, the
thing to do would have been to layer some weak PK system over a weak DES. Like
DES itself, this system would be so weak as to _not require_ key escrows.
Everyone who uses DES (including "smart" criminals) would shift to this more 
convenient, but still cryptographically weak system. Most criminals would
continue not to encrypt at all, and criticism, as with DES, would be limited to 
mathematical journals.

By creating an encryption standard strong enough to require escrow, the NSA has
successfully sabotaged this wiretap enabling situation. Key escrow is something
lay people who can't spell "cryptographically strong" can understand. The high
profile negative reporting on Clipper has greatly increased public perception
of the need for, and understanding of the types of encryption. After reading
these articles, if Pablo Escobar were still around, he _would_ be using 
encryption, and _not_ Clipper.

Before Clipper (B.C. ;) even "smart" criminals would happily use weak 
cryptography. Now, _really_ dumb criminals will continue, as always, to 
communicate in plaintext; the not-so-dumb who think of encryption at all
(because of all those your-data-is-insecure stories) will know enough about it
to avoid Clipper like the plague.


Funny, I'd have thought the cloak-and-daggers familiar with Sun Tzu's advice
against frontal, visible attack. They could have got away with a weak 
alternative to DES. Too lazy to spend time cracking code, greedy to "have all
the keys" (yum yum), they've shot themselves in their collective foot.


-------------------------------------------------------------------------------
Rishab Aiyer Ghosh                                          [email protected]
Voicemail +91 11 3760335; Vox/Fax/Data 6853410
H-34C Saket New Delhi 110017 INDIA

The National Short-Sleeved Shirt Association says:
                                             Support your right to bare arms!
-------------------------------------------------------------------------------