[2293] in cryptography@c2.net mail archive
RE: DoJ claims no mandatory crypto-backdoors
daemon@ATHENA.MIT.EDU (Nathan Spande)
Wed Mar 18 12:40:20 1998
From: Nathan Spande <nathan@epicsys.com>
To: "'cryptography@c2.net'" <cryptography@c2.net>
Date: Wed, 18 Mar 1998 11:26:28 -0600
> > PREPARED STATEMENT OF
> > ROBERT S. LITT
> > PRINCIPAL ASSOCIATE DEPUTY ATTORNEY GENERAL
> >
> > BEFORE THE SENATE JUDICIARY COMMITTEE
> > SUBCOMMITTEE ON THE CONSTITUTION, FEDERALISM, AND PROPERTY
> > SUBJECT - PRIVACY IN A DIGITAL AGE: ENCRYPTION AND MANDATORY ACCESS
> >
> > March 17, 1998
> [...]
> > However, I don't think that it can reasonably be disputed that the
> unchecked
> > spread of non-recoverable encryption will also endanger the public
> safety and
> > our national security. People think of encryption primarily in the
> context of
> > transmitted communications such as phone calls, and its effect on
> wiretaps.
> [...]
>
> Yeah, it can be "reasonably disputed". Like, how's he gonna stop the
> "unchecked spread" of software that fits on a floppy? This stupid
> government can't even stop marjuana, let alone bits.
>
Well, he's actually saying nothing about the feasibilty of checking the
spread, he's just saying that you can't reasonably argue that strong
encryption will endanger public safety and national security. How is
the government going to stop it? Well, obviously it won't do a perfect
job. As you correctly point out, given the government's track record on
drugs, it is unlikely to do a great job controlling the spread of strong
cryptoware. I don't think the DoJ in general is so naive as to believe
that they will completely stop people from using strong crypto. Their
hope is that if most people use key recovery systems, that most crimes
will also use them. If your bank only supports the use of key recovery
based systems, it is going to be very difficult to hide your financial
activities with that bank from a search warrant. Experience has shown
that most criminals are quite stupid. Evil geniuses are more likely to
turn into people like Herr Gates, who is not exactly a threat to public
safety and national security.
I seem to recall that Matt Blaze said something similar to this at the
97 Usenix Tech Conference. Something about how classifying encryption
as a munition really is pretty accurate. If it wasn't him, then it was
somebody else who said that in a talk there. Corrections welcome.
If we want to get a reasonable policy in place, we have to be careful to
actually address the issues that the other side actually brings up.
Enforcement is a valid topic, but we need to be careful in our critiques
of DoJ arguments. They are lawyers, after all...
Nathan
