[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: WaPo on Crypto-Genie Terrorism
On 28 Jul 96 at 12:59, David Sternlight wrote:
> >IMO, the US does not have a comfortable lead. It's already falling
> >behind considering some of the stronger crypto programs available (at
> >least as freeware) are made outside the US. Many of the stronger
> >algorithms were invented outside of the US (IDEA for instance).
>
> This, and similar remarks by others, consistently misses the point which I
> have been making for about a year now, and which Director Freeh finally
> made explicit in his testimony last week. That is--the government is
> concerned with mass market software incorporating robust crypto, used
> overseas, and recognizes that they can't keep niche products off the
[..]
Really? The RAR archiver is getting quite popular (DOS and OS/2), and uses
a variation of DES in the encryption (according to the authors). An
Italian archiver called CODEC also uses DES. PGP gets more publicity than
any crypto product around (CNN, NPR, Pacifica, NYTimes, etc.) and will
likely get bigger as time goes on and as the arguments over escrow proposals
get louder. MS's C[r]API and Netscape also make people more aware of
strong crypto...
> Though I've no connection with Freeh, it's interesting that his language is
> almost word for word the same as what I've been using. Do you suppose some
> of his staff reads my stuff?
Actually, I don't care one whit.
> >So why should criminals bother with using standards if they are
> >readable by authorities?
>
> See above.
Doesn't counter my question/argument. Serious criminals with a few
braincells who care about wiretapping or protecting their files from
the authorities will obviously not use anything that the government
can read.
Even a ban on unescrowed crypto worldwide will not help. Every copy
of strong crypto software will not magically disappear upon the
signing of such treaties and laws.
[..]
> >Are they going to magically erase all copies of strong software that
> >is already currently available? (Side note: the Pacifica news report
> >on Friday notes that while Freeh gave his testimony, over 100 copies
> >of PGP were downloaded from MIT's site.)
>
> What he's saying is that US-exported copies of the Lotus Lockshens,
> Microsoft Machayas, and Netscape Niguns of the world still do not contain
> robust crypto the USG cannot read.
So? People can use alternate programs to encrypt the software, such
as PGP.
[..]
> >It's not clear that terrorism can be tracked, even if it's unencrypted.
> >The OK and WTC bombings were apparently not encrypted, and there's
> >some allegations that the authorities had advanced warnings of the
> >latter.
>
> He says it can, and suggests following the banking trail among other
> things. We know the government has already had good success with this
[..]
Apparently not successful enough, as the two examples I posted
happened successfully. Banking trails will exist with or without
escrow.
[..]
> >Particularly absent in the WaPo-ed is that many do not trust the
> >authorities (in the US and elsewhere)--particularly the FBI, which
> >has a long history of extra-legal surveillance.
>
> So as Netanyahu says at length we need to build in protections against
> abuses, using both the legislature and the judiciary.
1. The damage is already done if rights are violated, irregardless of
the law. If the police listen in on your phone conversations because
of your political views, you may have legal recourse.... but they've
already listened in.
2. Legislative/judicial protections are meaningless if judges don't
follow up on them. Historically they give leeway to the police, and
as of late judges that enforce the technicalities are lambasted
publicly for letting criminals go free.
3. Israel isn't exactly a prime example of human rights, especially
if you're a Palestinian.
Rob
---
No-frills sig.
Befriend my mail filter by sending a message with the subject "send help"
Key-ID: 5D3F2E99 1996/04/22 [email protected] (root@magneto)
AB1F4831 1993/05/10 Deranged Mutant <[email protected]>
Send a message with the subject "send pgp-key" for a copy of my key.