Re: [ISN] Strong Crypto Kills?

From: mea culpa (jerichoat_private)
Date: Tue Jun 16 1998 - 13:02:16 PDT

  • Next message: mea culpa: "[ISN] Holiday Inn and your Privacy"

    Reply From: "Joseph Pung" <Pungjat_private>
    
    I'm confused about the reaction of people over key escrow.  I mean I fully
    understand what the govt wants to do.  What I don't understand is why
    people think the Internet is a fundamentally different form of
    communication medium than the telephone or mail. 
    
    How many of us use cell phones or cordless phones?  Isn't the interception
    of these forms of communications a "hobby" with its own magazine?  I
    submit that more citizens (not the govt) intercept telephone conversations
    than e-mail.  I also submit that more people use telephones than e-mail. 
    So why isn't there the same hysteria over our lack of telephone privacy? 
    
    In addition, I think most people look at the US Postal system as "secure". 
    But isn't our mail in the possession of the govt (the same one that wants
    to read all of your e-mail).  And, doesn't our most confidential of all
    data travel via mail (bills - medical, dental, mortage personal,
    correspondence, credit card info, life insurance applications etc.). 
    
    What am I missing?
    
    [Moderator: The ease of which each medium can be monitored must be
     considered. As for civilians vs government monitoring, you must also
     think of how each can react. An illegal wiretap could lead to
     a bust/presecution that was out of their legal bounds, while Joe
     down the street can only use it for good gossip material.
    
     This debate is a long and difficult one because of the many
     facets that must be considered. But this is definitely food
     for thought.]
    
    
    >>            CRYPTO KILLS -- REALLY, IT DOES
    > IMHO by enabling this backdoor you now have the potential of
    >increased cases of electronic hijacking of Data and blackmail.
    >
    >Am I being paranoid here?
    
    I don't think you're being paranoid at all. I see virtually NO benefits in
    handing over keys, and being led to believe you are using 'secure'
    encryption. One of my main feelings is that however it is done, by the
    Government or not, if 'official' people have access to these keys, firstly
    it is likely that eventually someone will abuse the priviledge, perhaps in
    the name of justice, perhaps not, but far more importantly, in my mind it
    is a certainty that sooner or later, unauthorised people will get hold of
    them as well.
    
    I think it is quite arrogant of the government to assume it can create a
    system which is 'hackproof'. I envisage a time when you see compiled
    exploits distributed, making a mockery of the system. 'PrivacyNuke for
    Win95' if you like.
    
    Everyone uses the internet now, and many people realise it is quite
    insecure. A large number of people do not wish to send their credit card
    details over the web to a on-line store when they realise it can be
    intercepted. However, as soon as that little blue key comes up in Netscape,
    showing transmissions are encrypted, more people decide that it is safe,
    despite the fact that, especially here in England, the encryption can
    feasibly be broken.
    
    With a public key system, people will be told that their transmissions are
    encrypted and unbreakable, and so they will place more trust in them, and
    transmit things they wouldn't have otherwise. And they won't all be plans
    for being a terrorist either. There will be credit cards, detailed personal
    details and so on flying around, if people believe it is safe to do so. And
    then someone will find some way of decrypting them, and they will be used
    for some evil purposes most probably.
    
    And the argument that strong crypto helps criminals seems strange to me as
    well. For an incredibly long time, there have been various sorts of
    criminals around, and the huge majority of them probably don't have PGP at
    home :-) These days, a lot of criminials no doubt use insecure mediums such
    as the telephone and so on to communicate, but we don't see the phone being
    banned, as that would be ludicrous, although I'd wager many many more
    crimes are planned and executed via telephone, than PGP encrypted mail.
    
    As other people have said, why would the criminals suddenly balk at
    committing the further crime of using 'illegal' encryption if they wanted
    to? It's hardly a crime in the league of murder or whatever is it?
    
    Just a few of my thoughts,
    
    kingade
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com] 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:04 PDT