[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: How I Would Ban Strong Crypto in the U.S.



At 06:02 PM 7/15/96 -0700, David Sternlight wrote:
>At 7:03 AM -0700 7/15/96, Michael Froomkin wrote:
>>On Sun, 14 Jul 1996, Timothy C. May wrote:
>>
>>> So, who is in this "emerging consensus"?
>>>
>>Foreign governments?
>>(Process of elimination, not inside info...)
>
>Perhaps. And the vast inside-the-Beltway policy community,

"Policy"?  I'm reminded of the fact that the whole concept of "policy" (as 
used in Washington DC) contains embedded within it its own set of biases.  
The concept of "national encryption policy" (a phrase I've seen before) 
implicitly assumes that there is (or must be) a _national_ policy, as 
opposed to a whole bunch of _individual_ policies.  (Jim Bell's individual 
encryption policy is to get PGP and use it here and there, and try to keep 
up with newer developments, etc.)  My opinion is that "nations" don't NEED 
"encryption policies" unless they intend to screw their citizens.

"Policy", used in this way, is merely a smokescreen (or a shorthand) for a 
group of assumptions that toe the government's line.  The people who make 
such assumptions rarely stick around to defend them.

> most of whom are more like Dorothy Denning than Tim May. 

To the extent that they are POLICY (as in _government_ policy) people (with 
all the biases I've alluded to) that wouldn't be surprising.  However, it is 
still extraordinarily dishonest for them to refer to an "emerging consensus" 
when they must well understand that the document they wrote was intended to 
be understood by ordinary people, not government-suck-ups.  

I'm reminded of an idiotic cover for a Classical Music CD directory book 
about 10 years ago, which grandly claimed that the book indexed "every CD 
published" but forgot to add the word "classical" adjective to that phrase.  
Without opening the book, you couldn't tell that the directory only listed 
classical CD's.  A "policy"  person who says there's an "emerging consensus" 
for key escrow has a similarly myopic point of view.

>And the vast business community
>that prefers automated escrow in standard systems.

I feel certain that whatever portions of the business community that 
"prefers automated escrow" will get it, in forms which don't make the 
government particularly happy.

> What I mean by that is
>software or chips automatically escrowed to, say, Price Waterhouse.
>Business is comfortable dealing with such firms in a trusted relationship,
>and such firms will honor a valid court order to produce records or the
>equivalent--a probable cause court-order for a wiretap.

Most "chips" won't need to be escrowed, for reasons that have been adequated 
addressed so far.  Data transfer encryption doesn't have to be escrowed, as 
Tim May pointed out.  And, of course, an encryption chip needn't contain any 
sort of permanently-written key, thus obviating the need for "escrow" at all.


>It really depends on how the issue is presented. If it is presented as
>preserving law enforcement access, escrow follows.

No, escrow DOESN'T follow!  I think most people who are aware of the issues 
figures that the advent of encryption will provide dramatic net benefits for 
the public, even after potential negatives such as criminal use of 
encryption are factored in.


> The problem is that like
>the nose of the camel, each new piece of legislation establishes a new
>status quo baseline of principle from which to argue, and though we all
>kicked and screamed about it here, the new baseline is the Digital
>Telephony Act.

I concede NOTHING.  That Act hasn't been funded, may not be, and with every 
passing month there are more people  on the 'net who will understand how 
unacceptable it is. It's also going to be irrelevant as encrypted telephones 
appear, and 'net telephone access becomes more common.  No new "baseline of 
principle" is produced.  Only the thugs who are trying to foist it all on us 
would like to believe this.

>As for the only counterargument to the above, that bad guys aren't going to
>use escrowed systems, nothing is perfect, goes the argument, and the FBI
>has caught plenty of bad guys who presumably should have known better, via
>wiretaps.

"the only counterargument"?    What are you, a comedian?


>If you look into it, you will find that most people with criminal minds
>don't expect to get caught.
>
>Given the nature of this group it perhaps needs saying that the above is a
>competitor analysis, not an argument nor my own position on mandatory
>domestic key escrow. I'm agin it.

Which is not adequate.  To the extent I believe that the market will decide, 
if I model the market as a double-pan balance, which makes a decision as to 
which side is heavier, I don't want to see the heavy thumb of government 
pressing down on one of the pans.  That's precisely what the US government 
tried to do with Clipper, and astonishingly it appears to have failed.   To 
merely say that you're against "mandatory" escrow strongly implies that you 
would accept manipulation of the market in order to allow government to 
achieve its goals , as long as there is an illusion of a choice.  I won't, 
and I think most people won't, either.

Jim Bell
[email protected]