[Politech] Are the encryption wars really over? Maybe not [priv]

From: Declan McCullagh (declan@private)
Date: Wed May 25 2005 - 19:09:53 PDT


Whether the crypto wars are over depends on what you consider the 
dispute to be about in the first place. In the export-control sense, 
yep, we've won. We may not have had a resounding Supreme Court victory 
on First Amendment grounds, but the original regs proved politically 
untenable.

How about domestic restrictions? That never really got off the ground in 
the U.S., even in the darkest days of the 1990s.

But either could return swiftly. All it would take for a bill to be 
introduced is for Al Qaeda to have encrypted information that could have 
saved thousands of American lives were it decrypted in time. (Life does 
not follow the TV show "24".) See:
http://www.politechbot.com/p-02509.html
http://www.politechbot.com/p-02550.html

I wouldn't be surprised if such a law would permit non-escrowed crypto 
to be used to secure communication streams while requiring .gov 
backdoors in crypto used for hard drive or file encryption. In other 
words, GPG and PGPdisk might become verboten. Programmers might sensibly 
scoff, but that's the way the Feds think.

How about other restrictions? I don't think the crypto-in-a-crime idea 
ever got enacted into law, but a Minnesota court this month moved in 
that direction:
http://news.com.com/2100-1030_3-5718978.html

In other words, the war is probably not over. It's just in a multi-year 
lull. The correct preventative tactic to employ right now is to follow 
the IPv6 model and seed both disk and communication-stream encryption 
wherever it makes sense. Then it becomes more politically difficult to 
outlaw.

Previous Politech message:
http://www.politechbot.com/2005/05/24/crypto-wars-are/

-Declan


-------- Original Message --------
Subject: RE: [Politech] Ross Anderson: Crypto wars are over,and we've 
won! [priv]
Date: Wed, 25 May 2005 18:11:25 -0400
From: Pyke, Gila <gila.pyke@private>
To: Declan McCullagh <declan@private>



Hi Declan,

This email generated a fair amount of discussion amongst my peers. The
assertion by someone so well known and respected that the "crypto wars
are over" was met with quite a bit of skepticism.

A coworker (who wishes to remain nameless) said it best:

	"The battles over key escrow and export controls aren't the hot
topics 	that they used to be.  But that's not because the fight is over,
more 	that it has moved on to other things like digital IDs, biometric
passports, and the other hot topics that circulate on this list.
Projects like the Clipper chip died not because of politics, but
because it was difficult and impractical to deploy and get industry to
adopt it (similar to the problems facing technologies such as PKI and
smart cards).

	There are still (smaller) legal battles going on over giving law
enforcement the right to decrypt a suspect's hard drive, or ISPs
handing out passwords to their users' accounts, or cryptographers
facing prosecution for publishing cryptanalytic results, and on and
on.  It has become more of a privacy battle than an encryption issue,
but the battle is still there.  And of course, there is still the
prevailing paranoia that the NSA and other intelligence agencies have
already cracked the crypto algorithms currently in circulation.  This
isn't too far-fetched considering the number of algorithms that have
been broken and retired in recent years. "

As far as many of us are concerned, cryptography always was and always
will be a controversial science.  I don't think the government's
interest in controlling it will ever go away, although the face on it
may change.

Incidents like this one:

-------------------

--Hackers Holding Computer Files 'Hostage'

(23 May 2005)

A new type of extortion plot has been identified, unlike any other cyber
extortion, according to the FBI. Hackers used an infected website to
infect computers with a program that encrypts the users file. Then the
criminal demanded money for the key to decrypt the files.  Enhanced
versions of this attack threaten large numbers of users with loss of
important data, loss of money, or both.

http://news.yahoo.com/s/ap/20050524/ap_on_hi_te/internet_ransom

-------------------

...will make sure of that. Efforts like TOR will always feel threatening
to some of the people in power, and excuses like the war on terrorism
will always give those people a well-hyped excuse to do "what they think
is necessary".

But that is just my fundie, cynical, tired opinion.


Gila Pyke
Policy Analyst
Privacy and Security Division
Smart Systems for Health Agency
416-586-4257

_______________________________________________
Politech mailing list
Archived at http://www.politechbot.com/
Moderated by Declan McCullagh (http://www.mccullagh.org/)



This archive was generated by hypermail 2.1.3 : Wed May 25 2005 - 19:24:51 PDT