[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: cryptographic anecdotes




At 01:08 AM 10/27/1997 -0000, Julian Assange wrote:
>I'm involved in producing a segment on cryptograpic issues for Radio
>National (ABC) to be aired latter this week. I have no problems with
>the technical issues but could use some (reliable) "colour" i.e small

Cool.

My usual rant on cryptography and privacy goes like this:
	[If you're talking to non-Americans, fill in your local
	versions of Bureaucratic TaxID numbers...]
- How may of you like to fill out forms with your Social Security Number?
It's so convenient, having one little number that ties in everything,
from your taxes to your bank accounts to your credit reports to your
cellphone to your credit cards to all the jobs you've worked to
the $25 lunch you had yesterday and the books you bought at Borders
to the people you live with to the gasoline your roommate Bob bought 
for your car Friday night?   Me neither.   

Computers are really good at tying information together -
take one thing you know, and they can connect it to other things they know -
and they're getting so ridiculously cheap that the only reason they
_don't_ tie two things together is that nobody's figured out how to
make money off of that combination yet.  We know that after Bob bought gas,
he had a couple of drinks at a bar where many of the other patrons 
use the same credit cards at gay bookstores, but we just haven't decided yet
whether to send _you_ some discount coupons for the same bookstores,
or to suggest that your girlfriend Alice get an AIDS test before we'll
give her medical insurance at her new job.  After all, we're already testing her
cholesterol level because of all the pork you've been buying at Safeway.

So what can we do about it?  Computers keep getting cheaper 
and faster every year, and that won't stop.  Laws don't help much.
Some European governments try data privacy laws, but they're mainly an 
excuse to inspect _your_ computer for illicit data -
the same governments already require you to join the National Health Care
and carry a National ID card in many of them, and pay income tax,
and there's that nice new EC driver's license instead of the old 
one from each country.  The US makes some noise about that,
but it's the same government that's making you give your SSN and
thumbprint to get a driver's license and registering all kids with the IRS.

If you can't stop people from combining information, the alternative
is don't give it to them - use cash, but more importantly build computer
systems that let businesses solve their business problems without
universal identifiers.  Use employee ID numbers on forms instead of SSNs
(and in a global business environment, it's pretty dumb to do otherwise.)
Use cryptographic techniques, like digital cash, to let people buy things
on the web without sending your credit card numbers.  There's some cool
work by David Chaum on creating credentials, like driver's licenses that 
keep track of your tickets but don't use ID numbers, and voter registration
that indicates your voting district and status but aren't tied to the census
that says three of your neighbors are black with Haitian parents.
You can give everybody a stack of taxpayer-ids, whether
on paper or on a smartcard, any bank or employer that needs to collect
taxes on you has a number to use, but only the IRS can tie them together,
because nobody else needs to.  9-digit SSNs are running out soon anyway;
we could change to something secure for the next time.

Chaum's digicash system was designed for automated road tolls, so you can
drive through the tollbooth without slowing down, and the toll system takes
the money off your smartcard, without telling Big Brother where _you_ were.
Here in California, we can send a monthly bill to the address on your license,
but there are European countries that are still remember having German or 
Russian soldiers running them and want an infrastructure they can't abuse.
We're more worried about the automatic traffic fines, when your car didn't take
enough minutes to get from Exit 4 to Exit 17 Friday night.  You know,
the exit by that bar Bob went to.  Next door to the synagogue bookstore.

There's an alternative to crypto - it's "give up privacy".  
Go the David Brin route, and make sure that if the police have
video cameras everywhere pointed at you, you and your neighbors
have video cameras everywhere pointed at them.  Ask Rodney King
if that matters - or ask the next cop who wants to beat up the next driver.
Cameras keep getting cheaper and smaller, and networks to tie them
together and computers to interpret the pictures are getting faster.

And the police do have cameras - last year, when San Francisco was planning
to close the Central Freeway for repairs, they video taped all the cars 
for a few days, looked up the license plate numbers, and mailed the drivers
postcards asking them to take a different road when construction started.
It worked real well, especially because they didn't need 100% coverage.
They used cheap labor to read the license plates off the video tapes,
but computers can do it in real time if you need to do it often,
and they can match the SSN on your car registration with the SSN
on your tax forms from work, so they _could_ send you a nice postcard
suggesting the best router to get to _your_ office.  And a coupon for 
the Starbucks drivethrough on the way.  So Have A _Nice_ Day!

>o programming languages embody freedom of speech

One of my favorite programming languages is Algol.
It's designed for describing mathematical problems very precisely
for humans, and it was the standard language used by the
"Communications of the ACM" journal for many years.
	[ACM=Association for Computing Machinery].
It's not designed for telling computers what to do,
though there is computer software that will read Algol
and do it.  But if an American math teacher writes a couple  
lines of mathematics in Algol and emails them to a non-American student,
he'd better be a registered international arms dealer,
or he can be busted....
				Thanks! 
					Bill
Bill Stewart, [email protected]
Regular Key PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639