FC: More on Frank Sudia's proposal to revive encryption key escrow

[Declan McCullagh <declan () well com>]

Previous message:

"Frank Sudia's proposal: Let's revive encryption key escrow"
http://www.politechbot.com/p-02519.html

***********

Date: Mon, 17 Sep 2001 19:42:07 -0700
To: declan () well com
From: Carl Ellison <cme () acm org>
Subject: Re: FC: Frank Sudia's proposal: Let's revive encryption key
  escrow
Cc: politech () politechbot com, fsudia () home com, frank () sudialab com
In-Reply-To: <5.0.2.1.0.20010916185550.01ff22c0 () mail well com>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

At 07:04 PM 9/16/2001 -0400, Declan McCullagh wrote:
>Frank Sudia's bio says that he is a programmer, a lawyer, a public
>policy  analyst, and a co-founder of the CertCo encryption company,
>formerly part  of Bankers Trust. He is also the creator of the
>"Bankers Trust Corporate  Key Escrow System."
>
>His paper (see the link below)  is a suggestion for a route for
>Congress to  take if they "decided to require all encryption systems
>to be readable by  authorized legal authorities."

Declan:

        The idea of amending the 4th Amendment is laughable.  Is this a
satire?

Frank:

        if you want to be taken seriously, you need to address the fact that
no one has any control over cryptographic technology.  There is no
way to mandate the use of GAK.  There is no way to detect deviations
from GAK.  The discussions in your paper are all irrelevant, in the
face of that one fact.

        We are not dealing with a technology that is under the control of
the US Congress.  The original GAK proponents once claimed that, but
it is not true.

        Ubiquitous non-GAK cryptography is one of those things that is a
side effect of the confluence of:

1.      cheap, ubiquitous, high power computing
2.      freedom of speech
3.      programming languages

        Which of those three would you eliminate in order to make it
possible for some governmental entity to exercise control over the
kind of cryptography that is available in the world?

 - Carl

P.S.  Don't tell me about your qualifications as a designer of Key
Escrow systems without looking first at the list of inventors on the
Key Escrow patents by Trusted Information Systems.

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQA/AwUBO6a0fnPxfjyW5ytxEQLXoQCgyN5b2KtondMrC4NI9dih/9ZureUAn0ii
bqQYsgYc1la5KXmOJqejTosl
=OHNG
-----END PGP SIGNATURE-----


+------------------------------------------------------------------+
|Carl M. Ellison         cme () acm org     http://world.std.com/~cme |
|    PGP: 08FF BA05 599B 49D2  23C6 6FFD 36BA D342                 |
+--Officer, officer, arrest that man. He's whistling a dirty song.-+

***********

Date: Sun, 16 Sep 2001 16:58:12 -0700
To: declan () well com, politech () politechbot com
From: Lizard <lizard () mrlizard com>
Subject: Re: FC: Frank Sudia's proposal: Let's revive encryption key
  escrow
Cc: fsudia () home com, frank () sudialab com
In-Reply-To: <5.0.2.1.0.20010916185550.01ff22c0 () mail well com>

Gods, this guy has crawled right out of the pages of "Atlas Shrugged" -- 
the government seizing patents in the name of 'the public good'? Sheesh. 
Shall we be seeing an "Equalization of Opportunity Act" next?

There is no act of government which can guarantee safety -- but many acts 
can guarantee tyranny. Liberty for security is a fool's bargain. You get 
neither.

***********

Date: Sun, 16 Sep 2001 20:01:01 -0400
From: Nat <nathaniel.echols () yale edu>
To: Declan McCullagh <declan () well com>
cc: politech () politechbot com
Subject: Re: FC: Frank Sudia's proposal: Let's revive encryption key escrow
In-Reply-To: <5.0.2.1.0.20010916185550.01ff22c0 () mail well com>

Not exactly related to this post, but gov't. vs encryption in general: I
was attempting to explain to a non-technical (but very intelligent)
classmate why legal restrictions on encryption and
no-authorization-required snooping into computers and private
communications was so much more worrying than other losses of freedom
we're bound to suffer.

I'm happy to go through a strip-search at the airport if it allows me to
use public transportation (which is really what commercial airlines are-
just operated by private entities), or to deal with restrictions on
firearm use.  These are intended to prevent immediate harm to others, and
are directed towards dangerous *actions* alone.  Cryptography, on the
other hand, cannot be used to kill.  I'd imagine few people want a truly
unregulated Internet- lack of restrictions on, say, computer hacking,
harassment through email, or DoS attacks would be awful.  These are still
cases of individuals directly causing damage to others- here, by
destruction of data and/or property.

Governments are only as good as the people in them.  When the power of
individual bureaucrats becomes too large, it is abused.  If we submit to
government monitoring of communications, we're at the mercy of the folks
reading our email.  We allow armed government officials to patrol our
streets and search our bags, but this is always done in public.  How can
we tell who reads our data, and when, and how they use it?  What's to
prevent a malicious official like the one who installed monitoring
software on judges' machines from seeing everything we do- and using it
for decidedly illegal purposes?

My friend says "well, I don't have anything to hide."  Not from the
government itself, perhaps, but who knows what underpaid spook might see
value in his electronic communications.  My father works with federal
officials, some good, some bad, in scientific research, and he's seen
people who should know better using emails they weren't supposed to see
for personal advantage.  His philosophy has always been "Never, ever
assume anything you send won't come back to bite you in the ass", but no
one should have to worry about *everything* they send being read by
someone or something else.

A writer with more coherence and legal training than I needs to come up
with a comprehensive argument for why public *should* care about this
issue, regardless of whether they have anything to hide.

-Nat

***********

From: "Dale Robertson" <dalerobertson () hotmail com>
To: declan () well com, frank () sudialab com
Cc: dalerobertson () hotmail com
Subject: Re: FC: Frank Sudia's proposal: Let's revive encryption key escrow
Date: Mon, 17 Sep 2001 07:35:15

Declan:

Frank Sudia
www.SudiaLab.com
frank () sudialab com

Frank:

Well, I suppose that in addition to a government back door to encryption, 
we should also allow (ie: acquiesce) the government to open our sealed 
envelopes which have otherwise been properly posted?

And, while we are at it, I suppose that we ought to do away with the 1st 
and 4th ammendments to the Constitution for the United States.

No, really, I don't think that any of the foregoing is a very bright idea. 
It is in point of fact the path by which tyrants of all color and all time 
have achieved their totalitarian goals.

Personally, I want no part of it and will defend with determination the 
principles and practice of that collection of rights guaranteed under our 
constitution.

If it is security you wish, then I suggest that you petition your 
government to have you locked up for in that state and under those 
conditions you will find a nearly perfect "security".

Thanks anyway.

Dale Robertson
dalerobertson () hotmail com

***********




-------------------------------------------------------------------------
POLITECH -- Declan McCullagh's politics and technology mailing list
You may redistribute this message freely if you include this notice.
Declan McCullagh's photographs are at http://www.mccullagh.org/
To subscribe to Politech: http://www.politechbot.com/info/subscribe.html
This message is archived at http://www.politechbot.com/
-------------------------------------------------------------------------