IP: more**2 on "cyber-corps" of network defenders -- A CHEAPER, SAFER WAY!!

[Dave Farber <farber () cis upenn edu>]

Date: Sun, 7 Feb 1999 17:51:01 -0500
To: farber () cis upenn edu
From: Gene Spafford <spaf () cs purdue edu>
Subject: Re: IP: more on  "cyber-corps" of network defenders -- A CHEAPER,
   SAFER WAY!!

> Date: Sun, 7 Feb 1999 12:24:21 -0800
> To: farber () cis upenn edu
> From: Jim Warren <jwarren () well com>
>
> 2.  Of course, the cheap and *effective* way to create bullet-proof
> information protection and computer security would be to facilitate
> *automatic*, uncrackable encryption of every computer file and every
> Internet message.  With everything scrambled, there would be little
> incentive to crack the systems.  But with everything scrambled, then the
> *government* couldn't snoop and peep -- and that power is obviously much
> more important to the administration than corporate security or personal
> privacy.  And anyway, if dispursed crypto was used, then the tax loot
> couldn't be easily bogarted by the Beltway Bandits.

This is not correct.  Encryption would be a big help, but it is not 
the total solution.   Encryption doesn't solve denial of service. 
Encryption doesn't solve insider misuse.  Encryption doesn't provide 
100% protection against malicious code.  Encryption doesn't address 
issues of computer forensics, reliable audit, or how to build trusted 
systems.   Encryption doesn't guarantee valid identification 
(although it helps with authentication).   Encryption does provide 
survivability or bug-free construction of code. Encryption doesn't 
secure the data on the screen or currently in memory being 
manipulated by the current application.

Inside most businesses, you don't want strong encryption.   It makes 
it more difficult to handle disaster recover and debugging.   It 
makes interoperatibility somewhat more difficult.  And user accident 
or misuse may result in the loss of critical data.   If encryption is 
used at all in those environments (for storage), then key recovery or 
escrow is vital.  And when encryption isn't used, you need other 
measures of protection.

The place where strong encryption helps in in communications, in 
long-term storage, and in computer transport.   But that is hardly 
the full spectrum.

I would counsel against letting fervor for one agenda dominate the 
field.   It leads to unfortunate imbalances.

For instance, law enforcement has been so focused on restricting 
encryption for so long, they have neglected other investigative 
methods.   As encryption becomes more common, they are left behind 
the curve in technology even more.  That isn't good for all of us -- 
we do need effective law enforcement in "cyberspace" and in our 
societies.  An interesting question -- and an interesting one for 
security researchers -- is how to build strong, affordable methods of 
defense that support law enforcement without sacrificing individual 
privacy and rights.     Encryption -- by itself -- does not answer 
that question, either.