Re: [ISN] Strong Crypto Kills?

From: mea culpa (jerichoat_private)
Date: Tue Jun 16 1998 - 16:46:05 PDT

  • Next message: mea culpa: "[ISN] Cyberattacks leave feds chasing 'vapor'"

    Reply From: William T Wilson <fluffyat_private>
    
    > understand what the govt wants to do.  What I don't understand is why
    > people think the Internet is a fundamentally different form of
    > communication medium than the telephone or mail.
    
    There are many reasons.  First, the Internet is the first medium wherein
    strong encryption is readily available for use by anyone that wants to use
    it.  While it would be possible to encrypt paper mail using the same
    techniques used for e-mail, it wouldn't be as convenient.  :) 
    
    Second, the Internet is the first medium wherein it is very easy to read
    the contents of mail sent across it.  When you send paper mail, only a
    relatively few postal workers see it, and they don't have much of a chance
    to inspect it.  On the Internet, more or less anyone can read your mail if
    they try hard enough.
    
    Third, the Internet being a computer medium is naturally used to send a
    lot of sensitive computer data that would otherwise be sent on floppy
    disks or paper using Federal Express.  Conversely, it is a medium wherein
    it is possible (albeit difficult) to read data on a connected system from
    more or less anywhere else.  There is just more computer data to be
    compromised than there is telephone data.
    
    Fourth, a key escrow system is more dangerous than the current ability to
    intercept and/or disrupt mail or phone conversations because currently, an
    attacker must compromise each piece of mail individually.  (I suppose he
    could hold up a mail truck...)  But with a key escrow system, the minute
    it is compromised, every single key will get out and effectively be in the
    public domain.
    
    Fifth, the key escrow system is less of a separation between private and
    non-private and division of responsibility than we have now.  As it is
    now, the government must obtain a separate warrant for every phone or mail
    wiretap and make physical alterations to the phone system to carry it out. 
    Many different employees are involved.  Several agents (in different
    agencies) must cooperate in a conspiracy to perform a wiretap (or
    whatever) without a warrant.  But with key escrow, all that is required is
    for a single employee with access to the key database to steal keys.  Even
    if that is guarded against with special security measures, there is still
    the matter of separation of powers - the Postal Service delivers the mail,
    the phone company handles the phone system, and law enforcement handles
    the wiretaps.  With key escrow, law enforcement requests the wiretaps and
    law enforcement also handles the key escrow.  There is much more potential
    for corruption.
    
    Sixth, there is much doubt about the competency of the government to keep
    a key escrow system intact.  Many (most?) people believe that they would
    bungle it.
    
    Finally, there is the philisophical and moral issue of whether the
    government has any right to snoop on private conversations at all, and if 
    so, whether we should really be entrusting the police with the means to
    do it.
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:07 PDT