;Date 08 Nov 92 10:57:05 From: Wes Cowley@1:125/33 To: All Y'All@1:125/111 Subject: Registering Keys Options: ;Status: (read 2 times) ;MSGID: 1:377/14.0 9100004e This message was forwarded from the EFF Talk echo ================================================= From: pmetzger@snark.shearson.com (Perry E. Metzger) Date: Tue, 27 Oct 1992 23:12:41 GMT Organization: Lehman Brothers Message-ID: <1992Oct27.231241.23112@shearson.com> Newsgroups: sci.crypt,comp.org.eff.talk Carl Ellison writes: > >But, you might argue, if the US Govt were to take such a stupid move, >it would cripple computing in this country and put us at a solid disadvantage. >[sound like the export law discussion?] > >No, they would reply -- have all the security you like -- just give us the >keys. We'll promise not to use them. You can trust us. > >The issue is philosophical. Do we have a right to keep secrets from the >US Government or don't we? I would argue that citizens are under no obligation to make the job of law enforcement agencies easier by conducting all business in such a way that they can watch it. I would argue that the first amendment gives me the right to say anything I like, including a sequence of numbers which represent an encrypted text, and that they have no right to stop me. Once it was recognised that the most important rights the individual had were those that permitted one to resist tyranny. The second amendment of the constitution is not there, for instance, to allow people to go hunting -- its purpose is to give people the tools to terrify polititians with. The constitutional protection against search and seizure was there because our revolution was funded by smugglers like John Hancock (yes, thats where he made his money -- smuggling contraband. Look in any history book if you don't believe me) who understood very well that the government was a terrible master that had to be purposely fettered so that it could not be effective in restraining certain kinds of behavior. The first amendment was put in to place so that the government could never again get in the way of people freely speaking. Unfortunately, we no longer live in a nation that believes in individual rights. We have sold them for an illusion of safety. To paraphrase Dr. Franklin, he who would sell his rights for security will soon have neither. We live in an age where most people have already accepted the notion of waiting periods before the purchase of handguns "so that criminals can't get them" -- with all parties involved knowing full well that only the honest will be restrained. Now we find ourselves faced with proposal after proposal from an increasingly scared government that understands that people armed with unassailable privacy will be difficult to restrain. Before, it was waiting periods on handguns -- now, its handing them a copy of every encryption key we contemplate using "for our own protection". Before, it was the right to sieze private property without the owner being convicted of anything "to stop drug dealers". Now, it is to be the FBI getting every telephone switch in the country designed so that they can tap any phone at will, but, of course, "only with a warrant". Given all this, its obvious that unless we work as hard as possible to preserve whats left all will be lost. I cannot encourage people to oppose this growing movement to destroy what is left of our rights strongly enough. The fact that such a prominent cryptographer as Dr. Dorothy Denning would come out in favor of a proposal like handing the government all our crypto keys disgusts me more than I can describe. I suppose, though, that she imagines that there will never be a time when she needs to hide something from the government, pardon, our increasingly intrusive and authoritarian government. If we allow ideas like this to become enacted into law unopposed, by the time we find ourselves powerless against dictators, it will be too late. For those that would call me alarmist, allow me to pose to you the following quandries. The only thing needed to change the FBI's proposed built-in tap capability from something restrained by the need for court orders into something used as an instrument of opression and terror by a dictatorship would be a change of attitude towards the equipment and a little coup d'etat -- the technology would be sitting right there in their hands. The only thing needed to change the encrypted list of all private keys in the country into a similar instrument would be a similar change in attitude, but this time you could likely read people's old messages as well! This, of course, ignores the day to day abuse of our privacy that will doubtless occur. (I will point out for completeness that when our society is fully disarmed by the anti-gun nuts, all that will be required for the criminals to trample over us and loot at will is an emergency (like the recent hurricane in Florida) and all that will be required for our whole society to be held captive is a military coup. I realize, of course, that some people disagree with this last point, but then again some people like Dorothy Denning seem to think we should hand over to "trusted third parties" copies of our private keys, on the basis that "we can trust them -- after all, the government will protect us.") (Gawd, I feel like Cassandra here. Is anyone listening?) Perry Metzger pmetzger@shearson.com --- DCI/Chauncy 0.7 * Origin: Bird Lake - (813)265-3256 (1:377/14.0) SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125 SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1 ;PATH: 377/14 15 123/19 396/1 203/23 125/125 33 ;Date 08 Nov 92 10:57:09 From: Wes Cowley@1:125/33 To: All Y'All@1:125/111 Subject: Assault Keys Options: ;Status: (read 2 times) ;MSGID: 1:377/14.0 91000050 This message was forwarded from the EFF Talk echo ================================================= From: tcmay@netcom.com (Timothy C. May) Date: 28 Oct 92 23:50:27 GMT Organization: Netcom - Online Communication Services (408 241-9760 guest) Message-ID: <1992Oct28.235027.28039@netcom.com> Newsgroups: sci.crypt,comp.org.eff.talk,alt.privacy,talk.politics.guns Registering "Assault Keys" -- How the Proposal to Register Encryption Keys Has Ominous Parallels to Gun Control The recent proposal that encryption keys be registered with the government has some natural and terrifying implications. (For those to whom this proposal is new, strange, or disturbing, please see the debate raging mainly in the newsgroup "sci.crypt".) Once the principle is established that private communications, letters, faxes, modem transmissions, etc. must be in a form readable--under court order, as Dorothy Denning's proposal goes--by the government, and that "public key encryption" keys must be registered with the authorities, then we can expect the following: * _Classes_ of encryption keys, with some especially strong (in a cryptograhic sense) keys being declared "assault keys," just as certain classes of semiautomatic rifles have been branded "assault weapons" and subjected to media villification and even confiscation by the authorities. In analogy with firearms, there may be "Class 1" dealers in "dangerous" keys. * There may even be _bans_ on the registration (and hence use) of certain classes of algorithms and key lengths. For example, "civilians" may be allowed to use DES, but not RSA. Or the key length may be restricted in various ways. * Strict controls over the types of algorithms allowed. After all, what use will a key be if the government can't run the algorithm? This, by the way, will be another way to control the spread of encryption technology: if only licensed, inspected, and approved algorithms are acceptable to the key registration authorities, innovation and experimentation will suffer. This may make RSA Data Security, Inc., very happy, as it may get the "franchise," while users of bootleg/contraband/experimental algorithms like PGP 2.0 ("Pretty Good Privacy") face severe sanctions. * Spot checks will have to be done to ensure compliance. This may be done in various ways, such as by randomly checking bitstreams and demanding the sender open the message. (Note: Many have posted that this would not be possible. Untrue. The Rehnquist Supreme Court ruled a couple of years ago that the police could enter a bus and ask the passengers to "voluntarily" accept a search of their baggage. Failure to volunteer, so reasoned the court, constituted probable cause for a search! "Catch-22" meets "1984.") * The penalties for noncompliance, or for hiding encrypted messages inside other messages, will likely be severe, else widespread civil disobedience and claims of "ignorance" will result. (Personally, I _expect_ widespread noncompliance. Many people will even flaunt their noncompliance, encrypting truly innocuous messages that few courts, they will hope, will convict them for. Here in California, the noncompliance rate for registration of those evil "assault weapons" is estimated to be as high as 80%.) (My best guess is that the "RICO" (Racketeer-Influenced and Corrupt Organizations Act) and civil forfeiture approaches will be used to simply seize the equipment of anyonone caught sending messages without the suitable seals of approval. Such seizures, used with suspected gun sellers, suspected X-rated video sellers, suspected drug dealers. and so on, have had a profoundly chilling effect.) * A registration system, even if well-intentioned and secured against casual government snooping (and some of the multi-party escrow systems may help do this), will still _greatly complicate_ the use of encryption and will forestall certain very exciting applications of cryptology. Many of the new proposals, for things like anonymous credentials to protect privacy, for digital cash, and for cryptographic voting systems, essentially require the _dynamic_ generation of keys! That is, keys are generated frequently as part of the protocols...there is not single static "public key" that one generates once and then takes down to the crypto equivalent of the DMV for registration. * As with guns, true criminals will of course ignore these laws. Computer networks are already being used for messages that evade wiretaps (as one example, a Mafia guy in New Jersey, on the run, used a well-known computer service to communicate untraceably with his wife), that are used for laundering information and money, and so on. Taking encryption away from citizens will do nothing. I urge readers to get involved in this debate. "If encryption is outlawed, only outlaws--and the NSA--will have encryption." --- DCI/Chauncy 0.7 * Origin: Bird Lake - (813)265-3256 (1:377/14.0) SEEN-BY: 11/2 13/13 101/1 109/25 114/5 123/19 124/1 125/20 28 33 40 111 125 SEEN-BY: 125/180 1212 203/1 23 205/10 209/209 280/1 390/1 396/1 ;PATH: 377/14 15 123/19 396/1 203/23 125/125 33