[ISN] Re: dejavu, Re: Hijackers' e-mails were unencrypted

From: InfoSec News (isnat_private)
Date: Mon Oct 08 2001 - 01:07:49 PDT

  • Next message: InfoSec News: "[ISN] Internet proves easy way for terrorists to communicate"

    Forwaded from: "Jay D. Dyson" <jdysonat_private>
    
    ---------- Forwarded message ----------
    Date: Fri, 5 Oct 2001 09:44:38 -0700 (PDT)
    From: "Jay D. Dyson" <jdysonat_private>
    To: Cryptography List <cryptographyat_private>
    Cc: Ed Gerck <egerckat_private>
    Subject: Re: dejavu, Re: Hijackers' e-mails were unencrypted
    
    
    [Moderator's note: This is starting to depart a bit from the mail list
    focus but I'll let it through for now. --Perry]
    
    -----BEGIN PGP SIGNED MESSAGE-----
    
    On Fri, 5 Oct 2001, Ed Gerck wrote:
    
    > > Like you, I once believed that our government would follow sensible
    > > courses of action with respect to technology.  That time has passed.
    > >
    > > The advent of DMCA should have served as a wake-up call to the reality
    > > that our government no longer even operates under the *pretense* of
    > > sanity or rationality with respect to technology laws.
    > 
    > My point is not that a government would not, but that a government could
    > not control the use of crypto.  It would not work. 
    
    	To counter your point, I'm going to bring to the fore one of our
    Constitutional Rights that has become so very unpopular and emotionally-
    charged that I doubt many will be able to see past the comparison to the
    more salient points I will be making.  Nonetheless, I make this effort to
    demonstrate that the government can and will follow an inadvisable course
    of action with respect to the limitation of our rights with respect to
    cryptography.
    
    	It was once argued that our government could not possibly succeed
    in placing limitations on its citizens' exercise of their Second Amendment
    rights.  Now behold the municipalities, commonwealths and states in which
    the right of the people to keep and bear arms (which the Second Amendment
    clearly states _shall not be infringed_) has been abrogated in the name of
    "public safety."  Given that trend, it is more than idle speculation to
    suggest that our lawmakers will walk down the same path on the issue of
    cryptography. 
    
    	Any law on cryptography, like the aformentioned firearm laws, will
    of course be of limited efficacy: they will limit only law-abiding
    citizens of access to tools that enhance their self-defense.  And like
    anti-Second Amendment laws, any perceived ineffectiveness of current and
    pending law will only result in the political advocacy and eventual
    passage of additional laws and penalties until no citizen will venture to
    violate them, lest they lose their liberty or station in society. 
    
    > My suggestion was that controlling routing and addresses would be much
    > more efficient and would NOT require new laws and ersosion of
    > communication privacy. 
    
    	I do not contest this.  In fact, I support such alternatives. 
    Even so, I do not believe that our government will embrace or adopt such a
    rational measure.  Indeed, it would have been far wiser for our government
    to have enforced existing laws on criminal conduct before marginalizing
    legal firearm ownership...yet we nonetheless have the situation we do
    today.  And just as that tool of self-defense has been maligned as
    primarily an instrument of the wicked, so cryptography has been cast in an
    identical role.  It only follows that a time will come that it will be
    accorded the same overt disrespect and negative emotional response that
    firearm owners and users endure today.
    
    	Political movements are not sired by dispassionate logic; their
    mother is fear and their father is outrage.  As a consequence, logical
    solutions are not only precluded; they are reviled.  This is more than
    evident in cases regarding the Second Amendment...and now the Fourth.
    
    > >And anyone who dares to insist that I'm being alarmist can go
    > >reverse engineer the latest commercial "security solution," publish the
    > >results, and see just how "free" they remain.
    > 
    > Maybe it's time to put sanity back into the DMCA crying.
    > 
    > In the infamous case of Microsoft vs. Stacker many years ago, when MS
    > was found guilty of using Stacker's code in a MS product, Stacker was
    > nonetheless found guilty of proving it by reverse engineering -- in a
    > notion similar to trespassing.
    > 
    > So, as stressed in that judicial case that predates DMCA, if I would get a
    > court order to reverse engineer the latest commercial "security solution"
    > and be allowed to publish the results, I would remain free and within
    > the legal limits. Otherwise, I would not -- DMCA or not.
    
    	Given the glacial pace of our judicial system and the lightning
    rate of our technological advances and vulnerability discoveries, those
    two institutions are sorely incompatible if we are to genuinely pursue
    meaningful security.  Let us not forget that the Black Hats are not
    handicapped by such legal maneuvering.  To suggest that we condone such
    restrictions on academic research and full disclosure simply to support
    the illusory notion that "laws will protect us" isn't just inadvisable: 
    it's suicide.
    
    	It is a sad time when the people and their government cannot grasp
    the plain wisdom of an observation made 360 years ago:
    
    	"It will not follow that everything must be suppresst which
    	 may be abused...  If all those useful inventions that are
    	 liable to abuse should therefore be concealed there is not
    	 any Art or Science which may be lawfully profest."
    
    				-- Bishop John Wilkins, 1641
    
    - -Jay
    
      (    (                                                         _______
      ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
    C|~~|C|~~| (>------ Jay D. Dyson - jdysonat_private ------<) |    = |-'
     `--' `--'  `--------------- rm -rf /bin/laden ---------------'  `------'
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    Comment: See http://www.treachery.net/~jdyson/ for current keys.
    
    iQCVAwUBO73VbLlDRyqRQ2a9AQFh8gP/Y2xtOW3wUKA1p/q5rS4qz8H8/SsCcDPi
    mgnCSvF6HQQt9BGn0oFobe4lTpKVAtnlq8+kO6F+FQmW1Beu9TQGYivQ27iOKO3f
    fbTSwdf3nwNk5FpwSXC9yHbfO7GiTmk/B80EdVqz3F257p/vHP7dhxSwyh9WvLs7
    MDBynjyHPXM=
    =laX1
    -----END PGP SIGNATURE-----
    
    
    
    
    ---------------------------------------------------------------------
    The Cryptography Mailing List
    Unsubscribe by sending "unsubscribe cryptography" to majordomoat_private
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY
    of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 08 2001 - 07:48:36 PDT