Reply From: Vin McLellan <vinat_private> Anthony J. Bettini <tonyat_private> wrote: > Information warfare is very real. Whitfield Diffie, a strong >opponent of key escrow specifically mentioned the reality and harms of the >future of information warfare when he spoke at MIT in April regarding his >newly >published book, Privacy on the Line: the Politics of Wiretapping and >Encryption. Actually, what Diffie actually said was that it was not the mega-threat of catacylsmic infowar that roused him, but rather the realization that a cyber attack could be addressed at a specific company. It was when he considered the potential threat to his employer, Sun Micro, that he began to reconsider the potential of cyber-attacks, on-line and off. I have no doubt that some corporate entities and some network-connected critical infrastructures could be damaged with on-line attacks. In one of the early Macintosh viruses, we're already seen a virus targetted at specific department in a specific company, EDI. What I think we have to remember is that many of these vulnerabilities exist today only because the US and other governments -- in their desire to maintain surveillance on "foreign" and domestic targets: individual, corporate, and governmental -- have, for 20-odds years, systematically stimied any attempt to integrate strong cryptography into operating systems, business and communication applications, and system management tools. The obvious solution to many real vulnerabilities in today's system and network infrastructures has been crypto -- but so long as government remain enchanted with establishing a universal surveillance option on any electronic communications, governments will try to promote punitive law enforcement and military options and ignore crypto. Clinton new policy on Critical Infrastructure Protection is a case in point. The tension between "national security" interests in maintaining eavesdropping capabilities (increasingly, for domestic as well as "foreign" surveillance) and "commercial" interest in a trusted network platform for electronic commmerce will probably be with us for years. CDT has just published another superb report on "Key Recovery, Key Escrow, and Trusted Third Party Encryption" that addresses many aspects of this conflict. See: <http://www.cdt.org/crypto/risks98> To my mind, this CDT report is the best, most accessible, and most insightful analysis of the inherent weaknesses in the GAKed or crippled-crypto model yet published. The co-authors include Diffie; Rivest; Ross Anderson; Steve Bellovin and Matt Blaize of AT&T; Josh Benaloh of Microsoft; Jeff Schiller of MIT co-director of the IETF Security Section; John Gilmore, cofounder of the EFF; Bruce Schniener, author of Applied Cryptography; and Hal Abelson of MIT. > Along the same lines, when Bruce Scheinder spoke at Beyond Hope >about cryptography he warned of cyber-terrorists using jurisdiction >shopping as a means towards warfare. > >> "Mandatory key escrow" means that citizens protecting their >> electronic business with encrypted computer code would have to >> provide government regulators with keys to that code. > > Granted I am not a supported of key escrow by any means mind you >however, when FBI Agent Smith (if I recall correctly Director of Digital >Telephony Division) spoke at the same MIT special aired on CSPAN in support >of key escrow, he stated that it was not the so called "government regulators" >that would hold the "keys to that code" but a neutral trusted third party >such as a bank. The point is that someone, and eventually some automatic system, is expected to give government agents or regulators rapid access to an individual's or a corporation's secret crypto key surreptitously -- that is, without telling or alerting the target. Which gives a purely Orwellian twist to the phrase "trusted third party" -- and the concept of "escrow," for that matter. The crux of the concept is not in the mechanics but in the goal, a universal surveillance option. The CDT paper above is really helpful in carefully tracking the US government's expressed goals and contrasting them against various partial solutions (like self-escrow, or unescrowed but somehow accessible key) that the feds have been willing to accept as a temporary measures. The government doesn't just want to access someones private crypto key. Access alone, what a company might need for its internal backup of data, is not enough. The spooks want (a) surreptitious access (ie., access thru a third party holding the keys, so the target of their surveillance remains dumb,) (b) immediate "real-time" access to content, and they want this surveillance option to be (c) ubiquitous, built into all cryptographic products sold or used, by individuals as well as corporate entities. The CDT's Ad Hoc team of cryptographers and systems experts effectively demolish -- in terms of what is technically feasible -- the idea that these goals can be met with a secure and trusted key-escrow or key-recovery mechanism that can gird the nation (let alone the globe.) They don't bother getting into the political or economic issues; they just gut the naive technical assumptions that underlie many of the demands by the spooks and the cops, in the US and elsewhere. The report is also a great piece of technical writing. Matthew Patton <pattonat_private> is right when he points out that bankers and individual banks have often been wimps when it comes to safeguarding the privacy of individual depositors, but collectively they have been potent in defending the integrity of their own internal systems. It was, for example, the American banks which were the first important source of resistance to the NSA's attempts to displace DES with CCEP/Clipper/Capstone chips with backdoors for government access. The banks, in the US and Europe, were also the first to adopt cryptography (DES and RSAPKC) to secure their internal communiations. Their response to the NSA in many ways cracked the myth of the super-spooks. The American Bankers' Association literally laughed the NSA reps who presented CCEP as a replacement for DES out of one of their conventions in the mid 80s. (CCEP offered backdoored chips to replace DES, but it was initally presented as available only for US-owned or controlled banks. At the time, maybe 15 percent of US banks were foreign owned.) Their response set the stage for the widespread scorn that today, in business circles, greet the idea that corporations should surrender control over their internal data and communications security to government agents. Don't knock the guys with the vaults. For their own reasons -- and as users, corporate citizens, rather than as vendors -- the bankers have collectively shown more balls than any other sector of industry or commerce in resisting ubiquitous government surveillance of their internal business operations. Without them, strong un-GAKed cryptography might have been outlawed years ago. Suerte, _Vin ----- "Cryptography is like literacy in the Dark Ages. Infinitely potent, for good and ill... yet basically an intellectual construct, an idea, which by its nature will resist efforts to restrict it to bureaucrats and others who deem only themselves worthy of such Privilege." _ A thinking man's Creed for Crypto/ vbm. * Vin McLellan + The Privacy Guild + <vinat_private> * 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:55:37 PDT