[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SAFE Forum--some comments




I was at the "SAFE" forum yesterday. Too many things to report on, so I'll
just add comments here and there.

And here I'll comment on Ken Bass's excellent comments (there were many
excellent points). Bass is a D.C.-area lawyer with the prestigious Venable
law firm (the venerable Venable firm?), and a former Reagan Administration
official.

He pointed out that the driving force for crypto policy is probably the
_law enforcement_ camp, not the _intelligence agency_ camp. And that the
NSA is regretting the ITAR stuff, as it has sparked an "arms race" to
develop stronger crypto. Bass noted that people now equate permission to
export with weakness, and that had the U.S. not restricted exports, users
probably would've been "fat, dumb, and happy" to keep using breakable
crypto.

(Many interesting points to make. Bass is no supporter of Clipper and
Escrow, and made many points about why the policy won't work. His later
dialog with Michael Froomkin and Jerry Berman, about the constitutionality
of crypto laws was a highpoint for me.)

His comments fit in with the points made by Diffie that the 40 bit
restriction is unlikely to satisfy either the user community or the
surveillance community. 40 bits is too weak for a targetted attack, but too
strong for "vacuum cleaner" intercepts such as NSA SIGINT uses. (Diffie
also gave an excellent summary of cryptographic work factors, using 30
bits, 60 bits, 90 bits, and 120 bits as examples. For example, 30 bits
needs about a billion operations to brute force, which any modern PC can do
in several seconds. 60 bits is a billion times harder, which NSA machines
can handle, and 90 bits is beyond current capabilities...)

I said I wouldn't do a summary, but I'll make a few comments:

-- Both Congresswimmin, Eshoo and Lofgren, seemed genuinely interested in
the issues

-- Senator Leahy, on t.v. from Vermont, emphasized _privacy_ and made the
Cypherpunk/libertarian/ACLU point that he and his neighbors are not
criminals and don't think the government has any right to demand that
communications, computer files, diaries, and the like be "escrowed."

-- Senator Conrad "I ain't no Democrat" Burns was there in person and was
entertaining and strongly blasted key escrow and the ITAR restrictions. I
found his comments refreshing.

-- The whole affair was "preaching to the choir," as many speakers noted.
That is, there was little controversy and little disagreement. This was a
point made nicely by Phil Zimmermann, who told a humorous story of  going
to Congressman Dana Rohrabacher's office, seeing the picture of Ollie North
on the wall (much laughter), but finding Rohrabacher's staffers aghast at
the crypto laws and ITARs. Then, Phil took a hotel shuttle and ended up
talking to the driver, who was also aghast. "Where else can you find this
kind of consensus?"

(A point many of us have made as well, that nearly everyone who has the
issues explained to them comes down on the side that the government has no
right to tell us we can't use codes and ciphers, that it's all similar to
Big Brother demanding video cameras in our homes....)

-- Craig Mundie, currently of Microsoft, made excellent points about the
costs of a key escrow infrastructure. (By the way, those who read "The Soul
of a New Machine" should be interested that Mundie was the leader of the
North Carolina research facility of Data General that lost the "shootout at
HoJos." If this means nothing to you, read the Kidder book--soon!)

-- Michael Froomkin, a law professor (and member of our list of course),
pointed out despite the various constitutional issues, the crypto laws are
mostly having their desired effect, namely, slowing the deployment of
crypto and creating confusion. (That Windows 95 has no crypto modules, and
that most browsers and mail programs have nothing built in tells us that
the FUD worked.)


In summary, for me the SAFE forum was a success. Though it was periods of
boring platitudes we all agreed with interspersed with good insights from
the speakers and audience. Not much that was new to a Cypherpunk, of
course. (In fact, the forum was almost a kind of Cypherpunks physical
meeting, in terms of the topics, and in terms of who attended....it was
even where we've been having recent physical meetings.)

A day well spent.

--Tim May




Boycott "Big Brother Inside" software!
We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Licensed Ontologist         | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."