[1581] in cryptography@c2.net mail archive
a few points
daemon@ATHENA.MIT.EDU (Perry E. Metzger)
Tue Sep 23 11:36:57 1997
Date: Tue, 23 Sep 1997 11:34:58 -0400 (EDT)
From: "Perry E. Metzger" <perry@piermont.com>
To: cryptography@c2.net
Reply-to: perry@piermont.com
The question of the cost of running a GAK system is almost beside the
point. The existance of GAK will utterly eliminate many possible
perfectly legitimate applications of cryptography and will have a
chilling effect on the use of crypto in general.
Of course, this is probably part of the point. By imposing GAK,
cryptography will be slowed down or stopped simply because many people
will not bother -- it will simply be too much of a pain in the neck to
use GAKed crypto.
The cost to the economy in terms of vastly increased fraud and other
criminal activity that cryptography would normally stop cannot
possibly be estimated. Can we estimate how much money banning cell
phones and the internet has cost the people of Syria? No, we certainly
can't. There is no reasonable way to estimate the economic
consequences of such a wide ranging restriction on a critical
technology. All you can do is say "that looks big", but you can't
reasonably figure out exactly how big. The cost to industry of
implementing GAK and the cost to the government of running it is only
the tip of the iceberg.
I will also point out, as I have many times, that GAKed security is in
many cases worse than no security. We live in a nation that has, over
and over again, had government agents subborned for tiny amounts of
money. The Walkers even handled crypto keys and equipment, as I
recall. In spite of this, we are asked to trust the economic
well-being of the entire economy and the keys to vast numbers of
financial transactions to underpaid workers who could probably smuggle
a very valuable chunk of the escrow database out on a DAT tape.
Perry
