Re: [ISN] Strong Crypto Kills? (last of thread)

From: mea culpa (jerichoat_private)
Date: Thu Jun 18 1998 - 19:54:16 PDT

  • Next message: mea culpa: "[ISN] ..releases NT Spectre, Complete Windows NT Security Viewer"

    From: <anonymous>
    On Tue, 16 Jun 1998, mea culpa wrote:
    > Reply From: "Joseph Pung" <Pungjat_private>
    > I'm confused about the reaction of people over key escrow.  I mean I
    > fully understand what the govt wants to do.  What I don't understand is
    > why people think the Internet is a fundamentally different form of
    > communication medium than the telephone or mail. 
    The Internet is fudamentally different from those other media in that the
    data which crosses the 'net may be more readily accessed, stored and
    manipulated than that which traverses phone lines or the USPS. 
    > How many of us use cell phones or cordless phones?  Isn't the interception
    > of these forms of communications a "hobby" with its own magazine?  I
    > submit that more citizens (not the govt) intercept telephone conversations
    > than e-mail.  I also submit that more people use telephones than e-mail. 
    > So why isn't there the same hysteria over our lack of telephone privacy? 
    Because the people who use cordless phones and non-digital cellphones are
    clueless.  If they had clue one, they would NOT use those technologies. 
    Meanwhile, a number of very clued-in folks use e-mail and thus have a deep
    appreciation for medium's inherent lack of privacy and security. 
    > In addition, I think most people look at the US Postal system as "secure". 
    > But isn't our mail in the possession of the govt (the same one that wants
    > to read all of your e-mail).  And, doesn't our most confidential of all
    > data travel via mail (bills - medical, dental, mortage personal,
    > correspondence, credit card info, life insurance applications etc.). 
    > What am I missing?
    Here's what you're missing:
    1.	If one letter is intercepted, it must be handled
    	individually and manipulated individually.  Care
    	must be exercised to prevent detection of
    	physical interception and manipulation.  Coupled
    	with this are pretty elaborate measures on just
    	who can get access to mail and for what purpose.
    	This is a tedious and time-consuming task.  So much
    	so that it basically assures that if the task is to be
    	attempted, it'd better be for a good reason because
    	favors will have to be called in.
    2.	Once one has the crypto backdoors, opening _any_
    	communication is a snap.  No one would be the
    	wiser on what is opened or by whom.  There would
    	be absolutely no evidence that the system had been
    	breached.  Thus the chain of responsibility and
    	culpability would be incontrovertibly weakened
    	when (not if) sensitive/personal data is leaked
    	into the public domain.
    Given that the government generally underestimates the need for security
    at every turn, I would lay odds that the backdoors and escrowed keys would
    be readily socially-engineered out of the government's hands within 6
    months of the start of just such a program. 
    Yes, I have no faith in any governmental agency's "wisdom."  They
    consistently demonstrate that they possess none. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated []

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:21 PDT