RE: strong encryption - governments denying individuals the right to use

From: Jay D. Dyson (jdyson@treachery.net)
Date: 04/29/02 

Date: Mon, 29 Apr 2002 10:27:01 -0700 (PDT)
From: "Jay D. Dyson" <jdyson@treachery.net>
To: "Mark L. Jackson" <sincity_mark@iname.com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Fri, 26 Apr 2002, Mark L. Jackson wrote:

> > That stance is indefensible. The reasons against this stance are
> > thus:
>
> Oh Please. All stances are defensible. They may not be rational or
> possible to implement from our point of view; they can certainly be
> defended.

        If there is no logic or facts to back up the defense, then there
is no defense, hence indefensible.

> > 1. Strong encryption is already available to the general.
> > public. Attempts to control such access is a lost cause.
>
> Guns were available to all German citizens in the 1930s. First thing Hitler
> did, round up the guns. Worked quite well as I understand.

        It's easy to enforce such laws when one is a dictator.
Dictatorship is an anathema to a free society. As for those gun laws,
they still exist. Sure did a lot to "protect" those 18 people killed in
Germany the other day, didn't they? And how about the 18th Amendment?
Sure kept booze out of the hands of the people.

> > 2. Forbidding public access to strong encryption is based on
> > the presumption of guilt of the general populace by the
> > government. (The argument being used is that if someone
> > has nothing to hide, then they don't need strong
> > encryption products; nevermind the individual's right to
> > privacy.)
>
> No it is based upon the fact that all politicians want to control
> people. Some politicians more than others. "If you do not know what
> they are doing you can not control them."

        Dunno if I necessarily subscribe to that belief. When one
attempts to enslave a people, the first one bound by the irons is the one
who has to watch over everyone else.

> Terrorist, pedophiles, gun runners, drug dealers, and nefarious
> characters et al; are only paper tigers used to make erosion of freedoms
> palatable.

        No argument here. When reason fails, just whip out the old
reliable: Fear, Uncertainty and Doubt (FUD). ;)

> > 3. Individuals -- as well as commercial entities -- have
> > legitimate needs to safeguard their data against access
> > to unauthorized parties.
>
> It could be said that the government is supposed to do that. In order to
> do that they must be able to read your electronic transfers. In other
> words control the process. Whether email, money, jpegs , or whatever the
> government must have the access to see this info to protect us.

        If one accepts the notion of en loco parentis (the government as
parent) for able-minded citizens, then that supposition would seem
accurate. But a government of the people, by the people, and for the
people suggests otherwise.

> It also could be said (and has been) that you should seek redress in
> court for any wrong instead of protecting yourself. In the U.S. the
> current (sadly) attitude is that we should stand by like sheep and take
> it. Then call the police and let them handle it. Many people believe
> this.

        *nod* Those folks typically wake up to reality when they're the
subject of an investigation or have had much of their property seized in a
raid. Other folks wake up when they find out that the police can't do
diddly to prevent crime, and the best the courts can do is put a piece of
paper between a victim and attacker that says, "restraining order" on it.
Oh yeah, there's some real protection...

> It also could be said that the government is supposed to protect the
> nation. The infidels are inside using electronic means to 'do business'
> and we must have access. That access must be quick. If everyone uses
> encryption then the government would waste valuable time getting through
> the messages of no value on the way to those of value.

        Curiously enough, there's no evidence to support any allegations
that al Qaeda & crew are using crypto. Indeed, all information collected
to date indicates that when they send data over the 'net, it's in clear
text. And when they've got something juicy to share amongst each other,
they meet face-to-face in meatspace. Seems a bit silly to take away
crypto use for the average citizen when it hasn't even been demonstrated
that crypto is being put to ill use.

> > 4. Arguing that individuals should not have access to tools
> > to safeguard their digital assets is tantamount to arguing
> > that individuals should not be allowed to have locks on
> > their doors or safes in their homes.
>
> Not really. It is illegal in some parts of the world for people not
> licensed as locksmiths to posses a locksmith's "tools of the trade". The
> government could easily say (as they have in the U.S., remember this
> person is from Australia) that we can have it (whatever it may be) but
> special people should be able to get in easily. Again this just
> appeasement, but some would say compromise.

        I would say it's beyond compromise. Backdoored crypto isn't
crypto; it's a disaster waiting to happen. Sure, everyone likes to think
that the USG systems are safe and secure, but just have a look at how the
Deceptive Duo (latest bunch of web site defacing crackers) are cutting
through Spawar, NASA, the DOT and others like a hot knife through butter.
Key escrow may look wonderful on paper (as did communism), but in
practice, it seriously cripples the security of cryptographic systems.

> > 5. Arguments that claim that access to strong encryption
> > should be denied because it potentially benefits the
> > criminal element (organized crime and terrorists) is
> > disingenuous at best. Every civil liberty a civilized
>
> It is a fact that criminals and the underworld use encryption. Recently
> the FBI (U.S.) had to use a keystroke logger to crack a drug dealers PGP
> key to decrypt his files. Thus the case can be made that lives would
> have been saved had they not had to do this.

        Ah, there we have it. As I stated before, there *is* a way to
defeat strong crypto without denying its use to average citizens! Thus,
there's no need to outlaw it or cripple it. There are investigative tools
that can be utilized to allow LEAs access to such data for those who are
actually committing crimes.

> > nation affords its people can be perverted by the
>
> Nations do not afford people any liberty. Of course many persons believe
> that a people derive their liberty/rights etc... from their government
> or religion which may be the government. If that is true then the
> government would decide what is and is not available to the public.
> Hmmm, sounds like a good starting point for a pro-government paper.

        *whoosh* Lost me.

> > criminal element, but that does not legitimize any
> > attempt to rescind those civil liberties. Indeed, all
>
> Actually it would. If the government's job is to protect you then they
> would have a legitimate claim to do this.

        The government is in the protection racket only if one believes
that the government is the ultimate parent, which it's honestly not.

> > evidence gathered to date clearly indicates that even the
> > most virulent participants in the al Qaeda terrorist
> > network do not even use cryptographic or steganographic
> > software on their data.
>
> Well let's think about that. If most people don't use cryptography then
> no one needs it. If they did they would have it. You get my point.

        No, I don't. I've been whipping cryptography on people since
1998. All I got for my efforts was the title of "PGP Evangelist" at work.
Those same groups with whom I'd spent hours ramping up on public key
cryptosystems and giving all manner of training and consulting have yet to
utilize crypto for even digital signatures.

> Besides how much cryptography do you need to hijack a plane?

        Enough to fit on a fingernail clipper, if airline "security" is
any barometer.

> Fact is that one terrorist group from a 'backwoods' country does not an
> argument make. Besides it only takes a few of them using it to do the
> damage.

        Al Qaeda is not a "terrorist group," it is a terrorist network.
And so far, they're the ones from a 'backwoods' country that managed to
give the U.S. its worst surprise attack since December 7th, 1941.

> As you know full well, you only need to encrypt a small amount of info
> to do damage. Thusly you have to get rid of it all.

        Talk about throwing the baby out with the bathwater.

> > 6. Arguments that use of strong encryption circumvents
> > criminal investigations are dubious since law enforcement
> > has already demonstrated the capacity to bug the suspect's
> > computer to capture keystrokes and thus gain the suspect's
> > passphrase to their cryptographic products and ultimately
> > gain access to the encrypted data.
>
> Then why have encryption at all. If it is that easy to break then you
> have no security at all. Sort of like the locksmith we discussed above.

        With that line of logic, one could argue for throwing out all
laws, and all locks. "They're gonna get us anyway, so what's the use?"

        If you honestly believe that, blank-out all your passwords on all
your boxes and flush your firewall rulesets to allow the entire world to
access your systems. After all, you claim to believe that anyone can get
at you, so there's no point in trying to protect yourself.

> Of course you once again completely ignore the time involved in doing
> what you say they can do. Time equals money or lives or countries, maybe
> a building with 7000 people in it.

        Sorry to say that we don't live for the convenience of law
enforcement. Subjects do, citizens do not.

> So we are back to info that is encrypted and possibly not retrievable.
> Could be the difference between the Sears tower (Sydney Opera house or
> the bridge. sorry can't remember the name) hitting the ground and a
> 'bad person' going to the 'gray bar hotel'.

        You're operating on the presumption that COMINT is the only
intelligence we can utilize. Sad to say but COMINT is only a small piece
of the pie, but it's the one on which we've been (erroneously) relying the
most. Where we've been failing is in HUMINT. Thinking that we should
abrogate all rights to privacy for the mere convenience of COMINT may seem
appealing on its face, but living in an era of Big Brother is all the
promise it holds.

> > 7. Restriction of cryptography for individual use would
> > ultimately have a negative impact on commerce, since
>
> So we say yes to terrorism because we don't want to hurt the 'fat cat'
> businesses man.

        You'd prefer to say 'yes' to another Hitler, Stalin or Mussolini
in the name of fighting terrorism?

> > all cryptographic products would come under additional
> > regulation and all commerce would have to account to
> > various legal and government agencies for every use of
> > a cryptographic product. This would expose sensitive
>
> If you ban it then it can not be used. So this is a non-starter.

        Like the way Germany 'banned' guns? Sure stopped them from being
used, all right.

        And if you think the western world is the only one cranking out
crypto products, you're sorely in error. The cat's out of the bag. So
much for that 'non-starter.'

- -Jay

  ( ( _______
  )) )) .--"There's always time for a good cup of coffee"--. >====<--.
C|~~|C|~~| (>------ Jay D. Dyson -- jdyson@treachery.net ------<) | = |-'
 `--' `--' `- O Lord, make my enemies ridiculous. - Voltaire -' `------'

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (SunOS)
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iEYEARECAAYFAjzNgmgACgkQGI2IHblM+8E5GgCfVRKOc6T2dpDfSt0rhKKb04tC
8T0AnRvELMEB9FWzHQ4VuLlUJt4wNEyH
=ksm7
-----END PGP SIGNATURE-----