IP: Getting a grip on encryption realities

[David Farber <dave () farber net>]

> Date: Sun, 16 Sep 2001 17:20:50 -0700 (PDT)
> From: Lauren Weinstein <lauren () vortex com>
> To: dave () farber net
> Subject: Getting a grip on encryption realities
> Cc: lauren () pfir org
>
> It may be time to pause for another dose of reality.  With calls from
> various quarters rising for various encryption bans, let's put aside
> most issues relating to the undesirability of such moves for a moment
> and just look at the matter of practicality.
>
> Anyone who wants to encrypt their materials with strong encryption has the
> technical ability to do so.  No laws or regulations can put that genie,
> particularly in terms of software-based systems, back into the bottle.
> Terrorists are unlikely in the extreme to heed such prohibitions in any
> case.
>
> To make matters even more complex, it's possible to obscure heavily-encoded
> messages in seemingly innocuous ways.  Only the imagination really limits
> the possibilities.  Highly-encrypted messages can be spread out through
> photographs, computer images, faxes, audio files, plain text, and any number
> of other media.  Ostensibly ordinary files, documents, or statements can
> contain all manner of encoded data, with the data itself encrypted via any
> mechanisms up to and including one-time pads.
>
> Let's be clear about this.  Degrading the strength of communications between
> honest citizens will not prevent disasters like Tuesday's, but will make
> those honest citizens less secure.  Yet the calls for banning strong
> encryption take no heed of any of these realities.  Obviously we must fight
> terrorism, but weak or "back-door-enabled" crypto systems carry a *very*
> high risk of being rendered ineffectual, resulting in highly sensitive and
> private--but completely legal--communications being exposed.  Unfortunately,
> in the understandable fervor of the moment, many aspects of technical facts
> and common sense are being plowed under the tank treads of emotion.
>
> Realistically, if we are to fight terrorism without destroying ourselves
> piece by piece, we need to above all be thinking clearly.  How we handle the
> encryption debate may be a harbinger of whether or not we deal rationally
> with a broad range of other crucial issues in the aftermath of terrorism.
>
> Any way you look at it, we stand at a crossroads, not just relating to
> terrorism but for ourselves as well.  Notwithstanding wars and disasters of
> the past, the decisions we make now are among the most crucial we'll ever
> face.  Doing the right thing speaks not only to today and tomorrow, but to
> history as well.
>
> --Lauren--
>
> P.S.  I mentioned above how ordinary-looking materials could obscure hidden
> messages.  The text above used an example of an *extremely* trivial
> technique to encode (not even really encrypt) the plain text title of a
> famous Beatles song--one character per sentence.  Did you notice it?  Now
> that you know it's there, you probably can find it.  But what if the title
> had been encrypted instead of merely encoded in plain text?
>
> Trying to control encryption systems is now a pointless--and even
> dangerous--exercise in technological futility, diverting attention and
> resources from efforts that might truly have practical benefits towards
> fighting terrorism, crime, and other scourges on society.  Like it or not,
> that's the reality.  The sooner this fact is accepted the better off we'll
> all be.
>
> --Lauren--
> Lauren Weinstein
> lauren () pfir org or lauren () vortex com or lauren () privacyforum org
> Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org
> Moderator, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> "Reality Reset" Columns - http://www.vortex.com/reality



For archives see: http://www.interesting-people.org/