[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: CYPHERPUNK considered harmful.



>From: "Peter Trei" <[email protected]>
>Date:          Wed, 13 Sep 1995 10:37:46 -6

>--------------------------------------------------------------
>
>	Towards this goal, I have written a short Q&A that could be
>used as a model when discussing cryptography with non-cypherpunks.


>Q: Aren't LEAs worried that strong encryption will make it more
>difficult for them to catch crooks?

Yes, some are -- especially at higher levels.  LEAs in the field (by my
informal survey) are not.  They're worried instead about manpower and normal
tools (e.g., computers back at the station, radios, ...).

Meanwhile, there is an advantage for LEAs when criminals have, for example,
encrypting phones.  A phone itself gives the person using it a sense of
privacy.  [This is probably a side effect of the psychological cues which
result from using a handset.  If you pull a handset away from your ear or
mouth very far, you can't converse.  Someone standing in the same room as
you probably can not hear the words you hear in your ear.  If the handset
were another person, this behavior would be called "whispering" --
something done to achieve privacy.]

An encrypting phone (or e-mail for that matter) gives the impression (and,
to some extent, reality) of extra privacy.

When there is a perception of privacy, the people conversing are more
likely to reveal things which they don't want overheard.  If these people
are ciminals, those things might be used as evidence against them.

The advantage for LEAs comes from the fact that the person at the other end
of the line might well be an LEA in disguise.  This is especially true on
the Internet (or on AOL, to cite a recent case), where the other person may
well be someone you have never met and therefore haven't checked out to
verify level of criminality.

>Q: What's this 'key escrow' thing? 
>
>A: Some government agencies have been trying to figure out methods which
>simultaneously permit US citizens to use strong cryptography against
>criminal eavesdroppers, while retaining the ease with which LEAs can
>currently tap your calls. The schemes generally involve something
>mistitled 'key escrow', in which copies of cryptographic keys would be
>stored at sites accessible by LEAs.

'key escrow' is a code word for government access to the unencrypted
message.  It is a persistent theme, dating back to the NSA's CCEP in about
1987.  'key escrow' is also the name of a technique by which the most
recent example of this access, Clipper/Capstone, achieved that government
access.

	( see http://www.clark.net/pub/cme/html/no-ke.html#etymology )

>Q: Why do you object to it?
>
>A: This is a bit as if your local police department ordered you to send
>them copies of all of your house, car, and office keys, so that they
>could enter whenever they felt it warranted, without your knowledge.
>
>Even assuming no keys will be leaked to criminals from such a valuable
>archive, it's an incredible boondoggle. The inital cost is tens of
>millions of dollars per year, by the most conservative government
>estimates. In reality, it's likely to be hundreds of millions a year,
>all to enable LEAs to investigate a type of crime which does not yet
>occur, and may never occur.

My preferred analogy so far (from http://www.clark.net/pub/cme/html/avss.html)
is:

	It is one thing to permit a police officer to look in an open
	window, see a criminal act in progress, start an investigation or
	make an arrest and use what he or she saw as evidence in an
	eventual trial of the perpetrators.  It is something entirely
	different to prohibit people from using curtains on the grounds
	that curtains might prevent a police officer from seeing a criminal
	act in progress.


>- ------------------------------------------------------
>Cute signature quotes are needed.

There was a great one last week at NIST:

	"Daddy ... if your data is your own property, does it become less
	your property after you encrypt it?"  [Speaker at the NIST
	workshop, September 6-7, 1995]

 - Carl

+--------------------------------------------------------------------------+
|Carl M. Ellison      [email protected]    http://www.clark.net/pub/cme	   |
|Trusted Information Systems, Inc.   http://www.tis.com/                   |
|3060 Washington Road          PGP 2.6.2:  61E2DE7FCB9D7984E9C8048BA63221A2|
|Glenwood MD  21738         Tel:(301)854-6889      FAX:(301)854-5363       |
+--------------------------------------------------------------------------+