[2316] in cryptography@c2.net mail archive
Re: Rivest's Wheat & Chaff - A crypto alternative
daemon@ATHENA.MIT.EDU (Marcus J. Ranum)
Mon Mar 23 13:59:39 1998
Date: Mon, 23 Mar 1998 13:23:39 -0500
To: William Hugh Murray <whmurray@sprynet.com>, Vin McClellan <vin@shore.net>
From: "Marcus J. Ranum" <mjr@nfr.net>
Cc: "cryptography@C2.net" <cryptography@c2.net>
In-Reply-To: <199803222113.NAA18821@m3.sprynet.com>
>While I think that this technique is interesting and useful, and while I
>am opposed to the government's clear intent, I think that this position
>is naive. It is the act of hiding that offends rather than the
>mechanism that we use.
We cryptographers, I believe, need to learn from the gun sellers.
The government (to protect us) places various arbitrary restrictions
on various types of weaponry, and, surprisingly, these restrictions
are remarkably easy to circumvent. The reason they are easily
circumvented is because the government has made the error of defining
what is or is not allowed -- which makes it very easy for a manufacturer
to build something that just skirts the intent of the law while
complying with its letter. This is, in effect, what Rivest is trying
to do. To be successful we cryptographers must pin the government
down more precisely as to what is or is not allowed. There have been
some notable successes in this area, such as publishing source
code in a book in a scannable font, as a means of exporting it.
This is exactly the kind of thing gun manufacturers do.
The feds banned "high capacity" magazines (more than 10 rounds)
but forgot to ban "magazine extenders" that add extra capacity
by clipping to the bottom of the magazine. The feds banned
"assault rifles" by defining them as guns with flash suppressors
and pistol grips. Now you can buy a "sporter rifle" sans flash
suppressor and with a thumbhole stock that is nearly identical
to the original "assault rifle" except that it looks dorky.
You can buy a "flash suppressor" that doesn't suppress flash
and is therefore not a flash suppressor, if you like the look
of one of those on your "sporter rifle." Etc. The point is
that the government is trying to regulate something very
squishy (aesthetics of weaponry) and it's easy to play games
with the regulations. Cryptography, interestingly, is also
squishy. Is it a hashing routine or a secret key cryptosystem?
Is it steganography or keyed noise reduction?
The issue in the gun debate is one of fundamental rights, as
with the cryptography debate. Indeed, some of us shooting
enthusiasts have known for a long time that the real public
policy debate boils down to a choice between UK-style disarmament
of civilians or the current US situation. There are extremists
in both camps, who wish to achieve an agenda that lies 100%
at their end of the spectrum. So it is with cryptography.
Like with the silly laws about flash suppressors, the government
is trying to move the issue piecemeal -- what it REALLY
wants to do is institute domestic controls on cryptography.
Proving that regulating crypto is is problematic as defining
"assault rifle" forces the debate to polarize and backs the
government into the corner of having to go for a complete
ban.
I believe that, repugnant as it may seem, the crypto-community's
most effective tactic is to polarize the debate deliberately
into moral absolutes, as has happened with the gun debate
and the abortion debate. That is one of the fundamental tactics
of revolutionaries: to radicalize the margin of discussion by
removing the grey area and making fence-sitting uncomfortable.
It's a high stakes game because if you lose you lose completely.
Sore losers then have to resort to bombings, etc., and things
go downhill fast from there.
Has anyone considered approaching the NRA for support for
cryptography?? If it is a munition, isn't our right to use it
domestically protected under the second amendment, just like
our right to keep and bear arms?
I will give up one time pad when you pry it from my cold dead
left hand. My rifle will be in my right hand.
mjr.
--
Marcus J. Ranum, CEO, Network Flight Recorder, Inc.
work - http://www.nfr.net
home - http://www.clark.net/pub/mjr
