[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: RE: Binding cryptography - a fraud-detectible alternative to
At 11:48 AM 10/13/96 +0000, [email protected] wrote:
>To explain the backround of "binding cryptography" once more; with
>respect to (interoperable, worldwide) security in the information
>society socities/governments have to achieve two tasks: 1.
>stimulating the establishment of a security structure that protects
>their citizens, but which does not aid criminals.
I think this is a phony distinction. Practically every product sold today
could arguably "aid criminals." It isn't possible to prevent this. And
that's the problem with your thinking above: If government argued that it
had the authority to regulate any product that, arguably, "aided criminals,"
then it would automatically be able to regulate anything.
> 2. Coping with the
>use of encryption by criminals outside of this framework.
>
>An inherent problem with these tasks is that different
>socities/governments have different views on the matter.
Given that item we just read about Burma illegalizing the non-authorized use
of fax machines and modems, that is a vast understatement!
> So to achieve
>the first task you'll need a concept behind the security structure
>that is flexible enough to incorporate *any* crypto policy, i.e. from
>liberal (Japan) to non-liberal (France).
Just a second! WHy should technology bow to government policy? Until now,
the microcomputer industry has pretty much developed and sold products
without much or any (?) regard for what governmental policy would desire.
In fact, it isn't even clear that governments have had much opinion about
the direction that the microcomputer markets should go. Why should we start
adjusting business policies and product capabilities in a way which is
hostile to customers, just because the government wants this?
> We believe that "binding
>cryptography" is flexible enough to achieve this: a liberal crypto
>policy might use no Trusted Retrieval Parties at all, while a very
>non-liberal country might want one (government controlled) TRP, a
>compliance check on all network traffic and a ban on other crypto.
Why not ___NOT___ help these guys out? Do they somehow deserve to be
assisted in the subjugation of their people? Does the name "Zyklon B" ring
a bell?
>With binding cryptography the issue on a crypto policy becomes
>non-technical and politically debatable: which features does a country
>want and what implementation?
I would much prefer a situation where freedom is provided and/or guaranteed
by technology, and it is NOT debateable! See, one problem is that contrary
you your implication above, where you said that crypto policy becomes
"politically debateable" (which implies that the ordinary people of a
country have some input) the _reality_ is that any such decision will be
made by a tiny number of bureaucrats, if they can get away with it. The US
Clipper proposal was a classic example of this: There was absolutely no
public discussion or debate on it before it was announced, and it was
obviously intended to be a fait accompli. Further, nearly all
non-governmental people who are aware of the crypto issue disagree with the
government's policies in this matter. Clearly, you cannot imply that crypto
will REALLY be "politically debateable"!
>> For this kind of application, binding cryptography is spot on.
>Jim bell[SMTP:[email protected]] wrote:
>> I think the biggest problem with allowing "anyone" to check the
>> correctness of a key is that what is a technical possibility today,
>> will become a legally-mandated requirement tomorrow. What if
>> Internet backbone companies and/or ISP's were told that they had to
>> implement software check these keys, and if they discovered an
>> "incorrect" escrowed key, they were legally obligated to either
>> refuse to forward that message, and/or forward a copy of that
>> message to someone like [email protected] or [email protected].
>
>The information society is international by nature; we want to
>securely communicate with Singapore. If Singapore, a democratic
>country!, has such a crypto policy that they want the above control,
>then so be it. Don't blame "binding cryptography" for making that
>possible, but start a dialogue with your politicians on what features
>of the proposal are acceptable in your country.
No, I think I _will_ blame your infernal invention for trying to make
limited communication possible! There's no doubt that the leadership of
places like Singapore might want to restrict communication, but on the other
hand they also want to be connected to the rest of the world for
"non-political" speech. In effect, they are forced to make a choice. Most
countries, except for a very highly authoritarian few, will probably opt for
connectivity and this will lead to increased freedom for the people in their
countries. _YOU_ are trying to give those governments connectivity while
maintaining tyranny. Are you proud of what you're doing?
>
>Some countries seem to have the philosophy that "law-abiding" citizens
>should have nothing to "hide" from their government, so should not use
>encryption at all. I think that that is not acceptable. The concept
>behind the third-party checking is that no "law-abiding" citizen
>should have any problem that abuse - and only that - of a *voluntary*
>system can be "seen" by many parties.
I think the terms "voluntary" and "abuse" are contradictory in your
statement. If the system is "voluntary," then it is presumably "voluntary"
to use a non-conforming system, right? And unless the government's goal is
to harass or imprison or fine the user for not using that "voluntary"
system, there is no purpose in knowing whether a person's use of encryption
meets that "voluntary" standard.
>If and *how* checking is
>done, is a matter of each society. The same concept holds for many
>things in life and is well accepted.
I see: "How each society decides to use our thumbscrews is totally
voluntary and up to each country!"
Pardon me while I puke.
> For instance that is why cars
>have registration plates: if a car drives through after an accident on
>a *public* road, then by-standers (third parties) can observe that. I
>for one don't the information society to be the wild west, where
>anything goes.
I'm much closer to "the wild west" than you are, and I like it just fine. I
prefer it much better than the tyranny of stratified societies that have
enslaved people for over a thousand years.
>Of course, people are rightfully worried that such a checkable system
>might be abused by a totalitarian regime to control their citizens.
>However, as long as such a system is voluntary I see no problem.
Maybe you need to remember that the way governments use it, the definition
of the word "voluntary" tends to pick up a rather Orwellian meaning. Also,
you need to remember that the difference between a "voluntary" and a
mandatory system may be as little as a single law passed in the middle of
the night by a legislature. A law which you are intending to make possible!
> Signs
>in the USA indicate (cf. the NRC study & remarks of the president)
>that use of other systems will always be possible.
You seem to have ignored by conjecture, where I pointed out that Internet
backbones and ISP might, hypothetically, be required to check keys and
report "violations" to the government on a moment-to-moment basis. Further,
they might be prohibited from forwarding messages that do not conform.
This gets us back to the definition of the world "voluntary," again. Even
if such an eventuality should occur, the government could cynically say that
use of non-conforming forms of encryption were still "voluntary," because
it's true you could use them. But they wouldn't be very useful if they
didn't propagate on the Internet, now would they?
>Also, the above
>discussions already showed that if such a system is voluntary, then
>there are lots of way to go around it.
Not if the cooperation of everyone else is coerced! And moreover, not if
they are coerced into not dealing with anybody who doesn't go along.
You must really hate freedom, huh?
Jim Bell
[email protected]