[IP] Are the encryption wars really over? Maybe not [priv]
Begin forwarded message:
From: Declan McCullagh <declan@xxxxxxxx>
Date: May 25, 2005 10:09:53 PM EDT
To: politech@xxxxxxxxxxxxxxx
Subject: [Politech] Are the encryption wars really over? Maybe not
[priv]
Whether the crypto wars are over depends on what you consider the
dispute to be about in the first place. In the export-control sense,
yep, we've won. We may not have had a resounding Supreme Court
victory on First Amendment grounds, but the original regs proved
politically untenable.
How about domestic restrictions? That never really got off the ground
in the U.S., even in the darkest days of the 1990s.
But either could return swiftly. All it would take for a bill to be
introduced is for Al Qaeda to have encrypted information that could
have saved thousands of American lives were it decrypted in time.
(Life does not follow the TV show "24".) See:
http://www.politechbot.com/p-02509.html
http://www.politechbot.com/p-02550.html
I wouldn't be surprised if such a law would permit non-escrowed
crypto to be used to secure communication streams while
requiring .gov backdoors in crypto used for hard drive or file
encryption. In other words, GPG and PGPdisk might become verboten.
Programmers might sensibly scoff, but that's the way the Feds think.
How about other restrictions? I don't think the crypto-in-a-crime
idea ever got enacted into law, but a Minnesota court this month
moved in that direction:
http://news.com.com/2100-1030_3-5718978.html
In other words, the war is probably not over. It's just in a multi-
year lull. The correct preventative tactic to employ right now is to
follow the IPv6 model and seed both disk and communication-stream
encryption wherever it makes sense. Then it becomes more politically
difficult to outlaw.
Previous Politech message:
http://www.politechbot.com/2005/05/24/crypto-wars-are/
-Declan
-------- Original Message --------
Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've
won! [priv]
Date: Wed, 25 May 2005 18:11:25 -0400
From: Pyke, Gila <gila.pyke@xxxxxxxxxx>
To: Declan McCullagh <declan@xxxxxxxx>
Hi Declan,
This email generated a fair amount of discussion amongst my peers. The
assertion by someone so well known and respected that the "crypto wars
are over" was met with quite a bit of skepticism.
A coworker (who wishes to remain nameless) said it best:
"The battles over key escrow and export controls aren't the hot
topics that they used to be. But that's not because the fight is
over,
more that it has moved on to other things like digital IDs,
biometric
passports, and the other hot topics that circulate on this list.
Projects like the Clipper chip died not because of politics, but
because it was difficult and impractical to deploy and get industry to
adopt it (similar to the problems facing technologies such as PKI and
smart cards).
There are still (smaller) legal battles going on over giving law
enforcement the right to decrypt a suspect's hard drive, or ISPs
handing out passwords to their users' accounts, or cryptographers
facing prosecution for publishing cryptanalytic results, and on and
on. It has become more of a privacy battle than an encryption issue,
but the battle is still there. And of course, there is still the
prevailing paranoia that the NSA and other intelligence agencies have
already cracked the crypto algorithms currently in circulation. This
isn't too far-fetched considering the number of algorithms that have
been broken and retired in recent years. "
As far as many of us are concerned, cryptography always was and always
will be a controversial science. I don't think the government's
interest in controlling it will ever go away, although the face on it
may change.
Incidents like this one:
-------------------
--Hackers Holding Computer Files 'Hostage'
(23 May 2005)
A new type of extortion plot has been identified, unlike any other cyber
extortion, according to the FBI. Hackers used an infected website to
infect computers with a program that encrypts the users file. Then the
criminal demanded money for the key to decrypt the files. Enhanced
versions of this attack threaten large numbers of users with loss of
important data, loss of money, or both.
http://news.yahoo.com/s/ap/20050524/ap_on_hi_te/internet_ransom
-------------------
...will make sure of that. Efforts like TOR will always feel threatening
to some of the people in power, and excuses like the war on terrorism
will always give those people a well-hyped excuse to do "what they think
is necessary".
But that is just my fundie, cynical, tired opinion.
Gila Pyke
Policy Analyst
Privacy and Security Division
Smart Systems for Health Agency
416-586-4257
_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)
-------------------------------------
You are subscribed as roessler@xxxxxxxxxxxxxxxxxx
To manage your subscription, go to
http://v2.listbox.com/member/?listname=ip
Archives at: http://www.interesting-people.org/archives/interesting-people/