Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Are the encryption wars really over? Maybe not [priv]

From: David Farber <dave () farber net>
Date: Fri, 27 May 2005 07:43:16 -0400


Begin forwarded message:

From: Declan McCullagh <declan () well com>
Date: May 25, 2005 10:09:53 PM EDT
To: politech () politechbot com
Subject: [Politech] Are the encryption wars really over? Maybe not [priv]
Whether the crypto wars are over depends on what you consider the dispute to be about in the first place. In the export-control sense, yep, we've won. We may not have had a resounding Supreme Court victory on First Amendment grounds, but the original regs proved politically untenable.
How about domestic restrictions? That never really got off the ground in the U.S., even in the darkest days of the 1990s.
But either could return swiftly. All it would take for a bill to be introduced is for Al Qaeda to have encrypted information that could have saved thousands of American lives were it decrypted in time. (Life does not follow the TV show "24".) See: 
http://www.politechbot.com/p-02509.html
http://www.politechbot.com/p-02550.html
I wouldn't be surprised if such a law would permit non-escrowed crypto to be used to secure communication streams while requiring .gov backdoors in crypto used for hard drive or file encryption. In other words, GPG and PGPdisk might become verboten. Programmers might sensibly scoff, but that's the way the Feds think.
How about other restrictions? I don't think the crypto-in-a-crime idea ever got enacted into law, but a Minnesota court this month moved in that direction: 
http://news.com.com/2100-1030_3-5718978.html
In other words, the war is probably not over. It's just in a multi- year lull. The correct preventative tactic to employ right now is to follow the IPv6 model and seed both disk and communication-stream encryption wherever it makes sense. Then it becomes more politically difficult to outlaw. 

Previous Politech message:
http://www.politechbot.com/2005/05/24/crypto-wars-are/

-Declan


-------- Original Message --------
Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've won! [priv] 
Date: Wed, 25 May 2005 18:11:25 -0400
From: Pyke, Gila <gila.pyke () ssha on ca>
To: Declan McCullagh <declan () well com>



Hi Declan,

This email generated a fair amount of discussion amongst my peers. The
assertion by someone so well known and respected that the "crypto wars
are over" was met with quite a bit of skepticism.

A coworker (who wishes to remain nameless) said it best:

    "The battles over key escrow and export controls aren't the hot
topics that they used to be. But that's not because the fight is over, more that it has moved on to other things like digital IDs, biometric 
passports, and the other hot topics that circulate on this list.
Projects like the Clipper chip died not because of politics, but
because it was difficult and impractical to deploy and get industry to
adopt it (similar to the problems facing technologies such as PKI and
smart cards).

    There are still (smaller) legal battles going on over giving law
enforcement the right to decrypt a suspect's hard drive, or ISPs
handing out passwords to their users' accounts, or cryptographers
facing prosecution for publishing cryptanalytic results, and on and
on.  It has become more of a privacy battle than an encryption issue,
but the battle is still there.  And of course, there is still the
prevailing paranoia that the NSA and other intelligence agencies have
already cracked the crypto algorithms currently in circulation.  This
isn't too far-fetched considering the number of algorithms that have
been broken and retired in recent years. "

As far as many of us are concerned, cryptography always was and always
will be a controversial science.  I don't think the government's
interest in controlling it will ever go away, although the face on it
may change.

Incidents like this one:

-------------------

--Hackers Holding Computer Files 'Hostage'

(23 May 2005)

A new type of extortion plot has been identified, unlike any other cyber
extortion, according to the FBI. Hackers used an infected website to
infect computers with a program that encrypts the users file. Then the
criminal demanded money for the key to decrypt the files.  Enhanced
versions of this attack threaten large numbers of users with loss of
important data, loss of money, or both.

http://news.yahoo.com/s/ap/20050524/ap_on_hi_te/internet_ransom

-------------------

...will make sure of that. Efforts like TOR will always feel threatening
to some of the people in power, and excuses like the war on terrorism
will always give those people a well-hyped excuse to do "what they think
is necessary".

But that is just my fundie, cynical, tired opinion.


Gila Pyke
Policy Analyst
Privacy and Security Division
Smart Systems for Health Agency
416-586-4257

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: