[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

NYC Crypto Forum



Ray Arachelian taped the Cryptography Forum at the
Association of the Bar of the City of New York
last evening and will share once its transcribed.

In the meantime:

TITLE OF PROGRAM:
Guns, Ammunition and Cryptography: Is the Government's
Policy on Digital Encryption Creating a Crisis?

MODERATOR:
Charles R. Nesson, Professor, Harvard Law School

PANELISTS:

Matt Blaze, Co-author of Risks of Key Recovery paper.
(short-notice invitee)

Lynn McNulty (ex-NIST now RSA) filling in for Jim Bidzos
Scott Charney, Computer Crime Unit, Department of Justice
Kenneth W. Dam, Professor, University of Chicago Law School
Dorothy E. Denning
David J. Farber, University of Pennsylvania
Marc Rotenberg, EPIC

-----

Nesson asked the audience (about a hundred), "How many use 
encryption?" Over half raised hands. "Wow!" he said, "If I asked 
that of a law class at Harvard, maybe two or three hands 
would have been raised."

Nesson then posed to the principal question: "Is the government's
policy on cryptography creating a crisis?"

Dam, Denning and Charney said no. Other panelists said yes.

The audience by show of hands was about evenly split.

There was intense discussion among the panelists but no change 
in position.

Some highlights:

David Kahn, in the audience, reaffirmed his support for
key escrow, stating that it would not change the current
legal provisions for electronically snooping, and why ask 
for more privacy than is now authorized.

Blaze summarized the KR risks paper and pointed out the
enormous expense of designing, implementing, operating
and securing a global key recovery system -- which, as he
ironically smiled, could make cryptographers and crypto-corps 
rich. That such a system might make security weaker by 
offering fewer choice targets to attack -- the key repositories.

Blaze reminded that encryption will become pervasive in
all electronic systems, not just communications. That it must
be robust and untamperable or more and more crucial systems 
will be vulnerable to attack. And, the more complicated the
security provisions the more likely they will fail.

Farber stated that time was being wasted on KR debate while
the nation's infrastructure remained immensely vulnerable to
electronic attack. He said that with six students he could shut
the system down in "a few days, with, say, spoof E-mail to key
administrators." That ITEF is working on a next-generation
system to prevent that, but meanwhile there is great risk.

McNulty reaffirmed industry's position that other countries will
develop robust encryption if the US does not allow export.

Charney responded by pointing out that the administration seeks 
global commitment to key escrow among governments, and asserts 
they will comply for the same reasons the USG wants it. He said, 
for example, that countries may allow development of strong 
crypto but, like the US, will not allow export. He cited Japan's 
refusal to allow NTT's 128-bit export, and said Russia will surely
not allow the export of the Sun/Elvis product. Same for France, 
Germany, and so forth.

There was audience derision when Charney noted that the US must
do as the Russians and Chinese and French do to control crypto.

Interestingly, Charney did not cite The Wassenaar Arrangement, 
although Dam pointed out how difficult it was to reach agreement 
on the COCOM predecessor and enforce compliance with it.

Nesson summarized Charney's position by saying, "do you mean
that key escrow would do no more than help you catch criminals
too stupid to use unescrowed crypto?" Charney nodded, and said
that "nearly all all criminals we catch by electronic surveillance
talk openly about being surveilled but do nothing about to
avoid it."

Nesson reiterated: "Do you mean that you want a system to catch
stupid criminals while the nation's infrastructure is left
vulnerable?" Charney, "That's not the right way to put it."

Denning gave examples of her recent survey of law enforcement
for examples of crypto use to hinder investigations.

Finally, Dam noted that encryption policy was a different task
than implementing encryption systems. That the detailed understanding
of those who follow the encryption debate is not shared by the
public nor by most officials. That agreement upon policy will
require greater education for those who could not care less about
the complications and subtleties being debated.

An auditor queried: There seems to be agreement that encryption 
will work best when it is totally transparent to users, and the 
sooner that is devised the better. Why not just get on with it,?

Blaze shook his head at this cluelessness, howled at the ceiling,
sprouted fur, bared teeth, leaped Dave Farber, went for Charney's
jugular, clawed Denning. Kahn and the suited audience ran screaming 
into the safe streets of Manhattan, while shaggy coders roared,
"Kill, kill, kill the infrastructure-fuckers."