RE: strong encryption - governments denying individuals the right to use

From: Jay D. Dyson (jdyson@treachery.net)
Date: 04/26/02


Date: Fri, 26 Apr 2002 13:47:44 -0700 (PDT)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: Jason Coombs <jasonc@science.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 26 Apr 2002, Jason Coombs wrote:

> Careful when you make arguments along the lines of "it's a lost cause,
> the genie is out of the bottle"

        That was only 1/8th of my argument. What of the remaining 7/8ths?

        Whenever one proposes a policy, one must seriously consider how
enforceable the policy is in reality. Enforcement without policy is
misguided, but policy without enforcement is absurd.

> Cryptography using nucleic acids and molecular biology techniques
> (polymerase chain reaction, etc.) and quantum cryptography, to name
> just two, are not quite here yet -- by the time they are, it is possible
> that every conventional crypto system in use today of any key length
> will be vulnerable to brute force attack due to improvements in
> computing and cryptanalysis.

        I keep hearing about these whiz-bang technologies that are coming
down the pipe. While they do have some interesting theoretical support,
applying dire predictions to such theory is a waste of time. When
considering such theories, the focus should be on probabilities, since
anything is possible...except for maybe dribbling a football.

> Some legislator somewhere will make this counter argument to keep the
> debate alive because it makes the anti- argument seem more informed than
> the pro- argument. The debate about "strong" encryption must include a
> discussion of what "strong" means, for strong is relative and even
> subjective.

        And we should also define what "is" is. Or something like that.

        Look, we're only talking about a position statement of whether or
not individuals should be able to use cryptography for their own personal
purposes.

        I inserted "strong cryptography" into my response to indicate that
I meant more than simple ciphers (because eventually some cluebie comes
along and claims that ROT13 and related is all the crypto a body needs).

        I also mentioned "strong cryptography" to mean cryptographic
products that don't have key escrow or other backdoors into which the
government can stick its nose where it has no legitimate business.

        And finally, when I say "strong cryptography," I mean products
which utilize cryptographic algorithms that have survived -- and continue
to survive -- thorough peer review in both their construction and
application.

        Hope that helps.

- -Jay

  ( ( _______
  )) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
 `--' `--' `- O Lord, make my enemies ridiculous. - Voltaire -' `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iEYEARECAAYFAjzJvPMACgkQGI2IHblM+8HQdACaAnWiUtsDNXO1FzbpPJTchh4m
4l8AnA2h7fM7nZmC52m5z6pTyDQfuZWA
=/pWy
-----END PGP SIGNATURE-----