[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Why is cryptoanarchy irreversible?



At 2:24 PM -0800 11/7/96, Peter Hendrickson wrote:
>> If I understand the reasoning, people beleive it is easier to prevent the
>> release of strong crypto. techiniques than to remove them once they are
>> released.
>
>The reasons underlying this are what I don't completely understand.
>
>> Once a terrorist has strong crypto, why should they stop using it if it
>> becomes illegal?
>
>Use of strong crypto would be a tip off that one is a terrorist.
>
>If strong cryptography were unpopular and highly illegal, very few
>people would be using it.  This makes it easy to identify suspects.

* Identification of high-entropy traffic (putatively: encrypted traffic)
would require extensive surveillance, tapping, and whatnot. The
infrastructure for this does not exist, and would cost an enormous amount
to deploy.

* (This is why so many of us want a crackdown on crypto delayed for as long
as possible: every year that passes means more networks, more intranets,
more channels, more modes, etc. Satellites, fibers, etc.)

* High-entropy traffic does not mean encryption, either. And encrypted
traffic can be twiddled to look like lower-entropy traffic (and I don't
even mean steganography, I mean adjusting message statistics).

* Once crypto has become widespread, and is built into mailers, browsers,
etc., there will be many people already using those old mailers and
browsers. Throwing Mom and Pop in jail because they forgot to turn off the
PGP mode in Eudora 4.0 or Netscape 5.0 is not going to go over well, even
in an era of supposed "zero-tolerance." (And California and Arizona just
voted to effectively decriminalize pot..."medical use of encryption" on the
2005 ballot?)

* Steganography. Entire volumes can be written about this. I believe I was
the first to propose, in a 1988-89 series of articles on sci.crypt, the use
of LSBs in image and sound files to transmit huge amounts of information,
with detection very difficult. As I told Kevin Kelley--reported in his
"Whole Earth Review" article and in his excellent "Out of Control" book--a
single DAT tape of a musical recording can easily carry 150-200 MB of
"message" just in the LSBs! Unless all tapes are checked at the border--and
what are live tapes, with lots of noise in the bottom few bits of each
word--to be compared against? The mind boggles at the task.

* "Legitimate needs." The whole notion Peter raises of banning cryptography
is fraught with problems. Are businesses to be told that all communications
are to be in the clear? Or is Peter's point that some form of GAK will be
used?

(If the latter, then of course we are back to an even better form of
"stego" than stego itself: superencrypt before using GAK. Unless the
government samples packets randomly and does what they say they will do to
open a GAKked packet--e.g., get a court order, go to the escrow key
holders, etc.--then how will they know if a message is superencrypted? And
what if a GAKked message contains conventional _codes_? Are shorthand codes
such as business have long used--"The rain in Rome is warm this month"--to
be illegal?)

* The point being that "rogue crypto" (terrorists, crypto anarchists,
freedom fighters) gets lost on the blizzard of other uses. And shutting
down all crypto means shutting down business use of crypto to protect
secrets, and probably means an end to digital commerce.

(This is another reason we want to delay action on crypto for as long as
possible: make encrypted communications so widespread in commerce that to
pull the plug would mean a financial calamity.)

* Intent. It's hard to imagine someone being imprisoned for using
cryptography, except perhaps in wartime conditions. I may be wrong. Also,
there are deep Constitutional issues we haven't been much discussing.

* Offshore sites. Even if U.S. citizen-units are proscribed from using
crypto--a hard thing to do--many crypto-anarchic markets will flourish
overseas. (If communication with offshore persons or sites is allowed, all
sorts of things can be done. If such communication is banned, this means a
profound change in the American system.) [I have not fleshed out the
arguments here, adequately, so don't focus on this point to rebut the rest
of my arguments, please.]

In another post, Peter posits a condition where people are appalled at the
implications of crypto and there is no popular support for it. But is he
implyiung that neighbors will burst into the homes of others to ferret out
crypto. I doubt this vigilantism will ever happen.

(My gun example is apropos. I believe we are fast approaching a point where
most people want guns outlawed. But it won't happen, as there are not
enough cops and military people willing to raid private homes in
contravention of the Bill of Rights and at personal risk to
themselves....and so it won't happen.

Once crypto is deeply intertwined into the fabric of life and commerce,
it'll be too late to pull the plug.

--Tim May



"The government announcement is disastrous," said Jim Bidzos,.."We warned IBM
that the National Security Agency would try to twist their technology."
[NYT, 1996-10-02]
We got computers, we're tapping phone lines, I know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."