;Date      08 Nov 92 10:57:05
From:      Wes Cowley@1:125/33
To:        All Y'All@1:125/111
Subject:   Registering Keys
Options:   
;Status:   (read 2 times)
;MSGID: 1:377/14.0 9100004e

This message was forwarded from the EFF Talk echo
=================================================
From: pmetzger@snark.shearson.com (Perry E. Metzger)
Date: Tue, 27 Oct 1992 23:12:41 GMT
Organization: Lehman Brothers
Message-ID: <1992Oct27.231241.23112@shearson.com>
Newsgroups: sci.crypt,comp.org.eff.talk

Carl Ellison writes:
>
>But, you might argue, if the US Govt were to take such a stupid move,
>it would cripple computing in this country and put us at a solid disadvantage.
>[sound like the export law discussion?]
>
>No, they would reply -- have all the security you like -- just give us the
>keys.  We'll promise not to use them.  You can trust us.
>
>The issue is philosophical.  Do we have a right to keep secrets from the
>US Government or don't we?

I would argue that citizens are under no obligation to make the job of
law enforcement agencies easier by conducting all business in such a
way that they can watch it. I would argue that the first amendment
gives me the right to say anything I like, including a sequence of
numbers which represent an encrypted text, and that they have no right
to stop me.

Once it was recognised that the most important rights the individual
had were those that permitted one to resist tyranny. The second
amendment of the constitution is not there, for instance, to allow
people to go hunting -- its purpose is to give people the tools to
terrify polititians with. The constitutional protection against search
and seizure was there because our revolution was funded by smugglers
like John Hancock (yes, thats where he made his money -- smuggling
contraband. Look in any history book if you don't believe me) who
understood very well that the government was a terrible master that
had to be purposely fettered so that it could not be effective in
restraining certain kinds of behavior. The first amendment was put in
to place so that the government could never again get in the way of
people freely speaking.

Unfortunately, we no longer live in a nation that believes in
individual rights. We have sold them for an illusion of safety. To
paraphrase Dr. Franklin, he who would sell his rights for security
will soon have neither. We live in an age where most people have
already accepted the notion of waiting periods before the purchase of
handguns "so that criminals can't get them" -- with all parties
involved knowing full well that only the honest will be restrained.
Now we find ourselves faced with proposal after proposal from an
increasingly scared government that understands that people armed with
unassailable privacy will be difficult to restrain. Before, it was
waiting periods on handguns -- now, its handing them a copy of every
encryption key we contemplate using "for our own protection". Before,
it was the right to sieze private property without the owner being
convicted of anything "to stop drug dealers". Now, it is to be the FBI
getting every telephone switch in the country designed so that they
can tap any phone at will, but, of course, "only with a warrant".

Given all this, its obvious that unless we work as hard as possible to
preserve whats left all will be lost. I cannot encourage people to
oppose this growing movement to destroy what is left of our rights
strongly enough. The fact that such a prominent cryptographer as Dr.
Dorothy Denning would come out in favor of a proposal like handing the
government all our crypto keys disgusts me more than I can describe. I
suppose, though, that she imagines that there will never be a time
when she needs to hide something from the government, pardon, our
increasingly intrusive and authoritarian government. If we allow ideas
like this to become enacted into law unopposed, by the time we find
ourselves powerless against dictators, it will be too late.

For those that would call me alarmist, allow me to pose to you the
following quandries.

The only thing needed to change the FBI's proposed built-in tap
capability from something restrained by the need for court orders into
something used as an instrument of opression and terror by a
dictatorship would be a change of attitude towards the equipment and a
little coup d'etat -- the technology would be sitting right there in
their hands. The only thing needed to change the encrypted list of all
private keys in the country into a similar instrument would be a
similar change in attitude, but this time you could likely read
people's old messages as well! This, of course, ignores the day to day
abuse of our privacy that will doubtless occur. (I will point out for
completeness that when our society is fully disarmed by the anti-gun
nuts, all that will be required for the criminals to trample over us
and loot at will is an emergency (like the recent hurricane in
Florida) and all that will be required for our whole society to be
held captive is a military coup. I realize, of course, that some
people disagree with this last point, but then again some people like
Dorothy Denning seem to think we should hand over to "trusted third
parties" copies of our private keys, on the basis that "we can trust
them -- after all, the government will protect us.")

(Gawd, I feel like Cassandra here. Is anyone listening?)

Perry Metzger           pmetzger@shearson.com

--- DCI/Chauncy 0.7
 * Origin: Bird Lake - (813)265-3256 (1:377/14.0)
SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125
SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1
;PATH: 377/14 15 123/19 396/1 203/23 125/125 33

;Date      08 Nov 92 10:57:09
From:      Wes Cowley@1:125/33
To:        All Y'All@1:125/111
Subject:   Assault Keys
Options:   
;Status:   (read 2 times)
;MSGID: 1:377/14.0 91000050

This message was forwarded from the EFF Talk echo
=================================================
From: tcmay@netcom.com (Timothy C. May)
Date: 28 Oct 92 23:50:27 GMT
Organization: Netcom - Online Communication Services  (408 241-9760 guest)
Message-ID: <1992Oct28.235027.28039@netcom.com>
Newsgroups: sci.crypt,comp.org.eff.talk,alt.privacy,talk.politics.guns


Registering "Assault Keys" -- How the Proposal to Register Encryption
Keys Has Ominous Parallels to Gun Control


The recent proposal that encryption keys be registered with the
government has some natural and terrifying implications. (For those to
whom this proposal is new, strange, or disturbing, please see the
debate raging mainly in the newsgroup "sci.crypt".)

Once the principle is established that private communications,
letters, faxes, modem transmissions, etc. must be in a form
readable--under court order, as Dorothy Denning's proposal goes--by
the government, and that "public key encryption" keys must be
registered with the authorities, then we can expect the following:

* _Classes_ of encryption keys, with some especially strong (in a
cryptograhic sense) keys being declared "assault keys," just as
certain classes of semiautomatic rifles have been branded "assault
weapons" and subjected to media villification and even confiscation by
the authorities. In analogy with firearms, there may be "Class 1"
dealers in "dangerous" keys.

* There may even be _bans_ on the registration (and hence use) of
certain classes of algorithms and key lengths. For example,
"civilians" may be allowed to use DES, but not RSA. Or the key length
may be restricted in various ways.

* Strict controls over the types of algorithms allowed. After all,
what use will a key be if the government can't run the algorithm?
This, by the way, will be another way to control the spread of
encryption technology: if only licensed, inspected, and approved
algorithms are acceptable to the key registration authorities,
innovation and experimentation will suffer. This may make RSA Data
Security, Inc., very happy, as it may get the "franchise," while users
of bootleg/contraband/experimental algorithms like PGP 2.0 ("Pretty
Good Privacy") face severe sanctions.

* Spot checks will have to be done to ensure compliance. This may be
done in various ways, such as by randomly checking bitstreams and
demanding the sender open the message. (Note: Many have posted that
this would not be possible. Untrue. The Rehnquist Supreme Court ruled
a couple of years ago that the police could enter a bus and ask the
passengers to "voluntarily" accept a search of their baggage. Failure
to volunteer, so reasoned the court, constituted probable cause for a
search! "Catch-22" meets "1984.")

* The penalties for noncompliance, or for hiding encrypted messages
inside other messages, will likely be severe, else widespread civil
disobedience and claims of "ignorance" will result. (Personally, I
_expect_ widespread noncompliance. Many people will even flaunt their
noncompliance, encrypting truly innocuous messages that few courts,
they will hope, will convict them for. Here in California, the
noncompliance rate for registration of those evil "assault weapons" is
estimated to be as high as 80%.)

(My best guess is that the "RICO" (Racketeer-Influenced and Corrupt
Organizations Act) and civil forfeiture approaches will be used to
simply seize the equipment of anyonone caught sending messages without
the suitable seals of approval. Such seizures, used with suspected gun
sellers, suspected X-rated video sellers, suspected drug dealers. and
so on, have had a profoundly chilling effect.)

* A registration system, even if well-intentioned and secured against
casual government snooping (and some of the multi-party escrow systems
may help do this), will still _greatly complicate_ the use of encryption
and will forestall certain very exciting applications of cryptology.
Many of the new proposals, for things like anonymous credentials to
protect privacy, for digital cash, and for cryptographic voting
systems, essentially require the _dynamic_ generation of keys! That
is, keys are generated frequently as part of the protocols...there is
not single static "public key" that one generates once and then takes
down to the crypto equivalent of the DMV for registration.

* As with guns, true criminals will of course ignore these laws.
Computer networks are already being used for messages that evade
wiretaps (as one example, a Mafia guy in New Jersey, on the run, used a
well-known computer service to communicate untraceably with his wife),
that are used for laundering information and money, and so on. Taking
encryption away from citizens will do nothing.


I urge readers to get involved in this debate.


"If encryption is outlawed, only outlaws--and the NSA--will have encryption."

--- DCI/Chauncy 0.7
 * Origin: Bird Lake - (813)265-3256 (1:377/14.0)
SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125
SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1
;PATH: 377/14 15 123/19 396/1 203/23 125/125 33

