Re: Why is cryptoanarchy irreversible?

[Jim McCoy <mccoy@communities.com>]

Peter Hendrickson writes:
>Jim McCoy wrote:
>>ph@netcom.com (Peter Hendrickson) writes:
>>[...]
>>> Use of strong crypto would be a tip off that one is a terrorist.
>
>>> If strong cryptography were unpopular and highly illegal, very few
>>> people would be using it.  This makes it easy to identify suspects.
>
>> But the difference between strong crypto and weak crypto is not
>> something which is visible to an outside observer unless they make
>> the effort to attack a particular system or decrypt a message.
[...]
>If mandatory GAK were imposed, reviewing messages is easy, even with
>inter-agency fighting.  Or, encryption in general could just be
>forbidden if GAK created too much hassle.

Encryption itself will never be forbidden because there is far too much
money riding on electronic commerce.  An administration which tried to
outlaw all encryption would soon find itself on the next train out of
D.C. after the next election cycle.  [And high-tech is definitely getting
more politically aware and organized as the recent Calif. prop 211 shows]
There are a lot of very powerful people betting on systems which require
at least a minimal amount of encryption (at least enough to make random
ciphertext transmissions common on the net.)

Reviewing messages and actually finding stego'd messages is actually a
very, very, hard problem for a program.  This is the sort of AI problem
which people have been working on for more than thirty years and no one
has even come close to solving it.  When you add in the fact that
communication on the net is becoming more international there will be even
more problems for such a program to solve (e.g. a Malay<->English
translation program will throw a ton of false poitives into the mix for
any program developed which somehow has enough understanding of English
to detect messages whose grammar and word choice indicates a possible mimic
function, if the two users communicate using mimic functions within the
translation program itself you are completely screwed...)


>> What make such detection even harder is that a good crypto system
>> generates output which is indistinguishable from noise, this makes it
>> much easier to hide the fact that an encrypted channel is being used.
>
>In practice I suspect that good stego is hard.

You are mistaken.  Read Disappearing Cryptography to see just how easy
it is, then check out Romana Machado's EzStego program (done in Java so
it can be added to any web download with a bit of tweaking.)   If the
penalty for using bad stego is high enough you can be certain that natural
selection will make certain that eventually the programs being used are
top notch code :)

>You don't have to be
>right every time when you look for it, just some of the time.  When
>you see packets that seem kind of funny to you, the judge issues you
>a warrant and you search the suspect's house and computer very carefully.
>If stego is in use, the software that generated it can be found.  Then
>you hand out a life sentence.

The problem is that you need to be able to prove that stego is in use, and
this is a much more difficult task than you suggest.  A good stego program
will turn out bits which are indistinguishable from noise, so there is no
way to actually _prove_ that stego is being used without actually breaking
the cipher used in the stego routines.  Remember, that life sentence you
suggests requires "proof beyond a reasonable doubt" in US courts, bit rot
from multiple image scannings or a bad microphone on a IP phone conversation
should be more than enough for the accused to cast doubt into the minds of
the jury members.

>You might also identify suspects in other ways.  Maybe that Jim McCoy
>is looking a little too successful or perhaps he made an unwise comment
>to a "friend" who reported him.  That could easily be grounds for a
>warrant and subsequent change of quarters.

Get a warrant, search my system, find nothing but a bunch of applications
and a collection of risque (but definitely legal) pictures which I exchange
with a few friends.  You may suspect that when the images are concatenated
in a particular way the low-order bits form a stego filesystem but no one
will be able to prove it in court.

>> The funny thing about noise in the information theory sense is that it can
>> actually be _anything_ depending on context, and this sort of uncertainty
>> is the bane of a legal system which is solidly grounded upon technicalities
>> (such as the US legal system.)
>
>Which technicalities protected the Japanese-Americans during World War II?

Few.  OTOH the interment of Japanese-Americans occurred during a period of
war, at a time when civil liberties were much more limited, and when
Asian-Americans were second-class citizens with very little political power
(that and the Korematsu decision was a complete piece of crap...)  Today
most US citizens distrust the US governement, civil liberties and protections
are fairly well established in law and legal precedence, and we techno-nerds
are actually the ones running the country :)  [Actually the internment of
Japanese-Americans was really a big land grab masquerading as a wartime
necessity, but that does not change the fact that it happened...]

>The legal system would have to be stretched considerably less to outlaw
>strong crypto and make it stick.

It would have to be shattered to make such a ban stick.  Times have changed
quite significantly since the 40s, and free speech rights and the first
amendment have become rather important to our information society.

jim