[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: So, what crypto legislation (if any) is necessary?
At 03:46 PM 3/28/96 -0500, Black Unicorn wrote:
>On Tue, 26 Mar 1996, Duncan Frissell wrote:
>
>> At 09:46 PM 3/25/96 -0500, Michael Froomkin wrote:
>>
>> >An interesting issue, likely to be addressed in future judicial
>> >assistence treaties...
>> >
>>
>> However, future judicial assistance treaties are meaningless if you store
>> your keys anonymously (domestically or internationally) so that even the
>> keeper doesn't know he has them or exactly where they are in his pile of
keys.
>
>Given the significant contempt charges that can follow a refusal to
>produce items (anonymous or not) this still depends on the absence of
>initial detection.
You clearly don't understand. You're making the ASSumption that the
organization keeping the keys can produce them in a form that is "useful" to
the cops. Escrowing encrypted keys makes them useless to subpoena, and in
fact it helps the key owner because the escrow agent can (and, in fact,
must!) be obligated to inform the key owner if his key is requested.
You also seem to assume that "contempt charges" will be able to operate
world-wide, which is a highly dubious proposition. (Read Froomkin's
paragraph above CAREFULLY. He said "internationally.")
And in any case, I consider it highly doubtful that anybody would contract
with an escrow agent and identify himself by name. It would be a simple
matter to operate "escrow agents," just glorified data-holders, who would
receive data anonymously and send it out just as anonymously, to the person
who can identify themselves via some sort of encrypted ID system. Even
"detecting" such a transfer is useless because the cops won't be able to
figure out what the data is, since it's encrypted in both directions while
being transferred, in addition to being encrypted while being held, with a
code the escrow agent doesn't know.
In short, you need to comprehend what you're responding to before you
express your opinions. You're living down to my expectations.
>> In fact, I suppose that government operation of the identification system
>> (drivers' licenses, passports, etc.) in general is also horribly inefficient
>> and should be attacked on efficiency grounds.
>
>You might not like what you get in response. Streamlined and uniform
>identity documents generated at birth and renewed with tax filings would
>be the likeliest efficiency improvement. An inefficient government
>identification system is to the advantage of the privacy seeker.
You seem to be ASSuming that an "efficient identification system" is one
that will ALSO operate to the benefit of the government, as opposed to the
individual who wants to be identified for only limited purposes. I don't
think so. Chaum's encrypted ID system described in the August 1992
Scientific American makes it clear that identification can occur without the
ability to cross-reference databases. Chaum's system, if implemented with
current microprocessor technology, would be extremely "efficient," at least
from the standpoint of the amount of human effort involved. It would,
however, be extremely hostile to the government.
Jim Bell
[email protected]