From: <anonymous> On Tue, 16 Jun 1998, mea culpa wrote: > Reply From: "Joseph Pung" <Pungjat_private> > > I'm confused about the reaction of people over key escrow. I mean I > fully understand what the govt wants to do. What I don't understand is > why people think the Internet is a fundamentally different form of > communication medium than the telephone or mail. The Internet is fudamentally different from those other media in that the data which crosses the 'net may be more readily accessed, stored and manipulated than that which traverses phone lines or the USPS. > How many of us use cell phones or cordless phones? Isn't the interception > of these forms of communications a "hobby" with its own magazine? I > submit that more citizens (not the govt) intercept telephone conversations > than e-mail. I also submit that more people use telephones than e-mail. > So why isn't there the same hysteria over our lack of telephone privacy? Because the people who use cordless phones and non-digital cellphones are clueless. If they had clue one, they would NOT use those technologies. Meanwhile, a number of very clued-in folks use e-mail and thus have a deep appreciation for medium's inherent lack of privacy and security. > In addition, I think most people look at the US Postal system as "secure". > But isn't our mail in the possession of the govt (the same one that wants > to read all of your e-mail). And, doesn't our most confidential of all > data travel via mail (bills - medical, dental, mortage personal, > correspondence, credit card info, life insurance applications etc.). > > What am I missing? Here's what you're missing: 1. If one letter is intercepted, it must be handled individually and manipulated individually. Care must be exercised to prevent detection of physical interception and manipulation. Coupled with this are pretty elaborate measures on just who can get access to mail and for what purpose. This is a tedious and time-consuming task. So much so that it basically assures that if the task is to be attempted, it'd better be for a good reason because favors will have to be called in. 2. Once one has the crypto backdoors, opening _any_ communication is a snap. No one would be the wiser on what is opened or by whom. There would be absolutely no evidence that the system had been breached. Thus the chain of responsibility and culpability would be incontrovertibly weakened when (not if) sensitive/personal data is leaked into the public domain. Given that the government generally underestimates the need for security at every turn, I would lay odds that the backdoors and escrowed keys would be readily socially-engineered out of the government's hands within 6 months of the start of just such a program. Yes, I have no faith in any governmental agency's "wisdom." They consistently demonstrate that they possess none. -o- Subscribe: mail majordomoat_private with "subscribe isn". Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:56:21 PDT