Date: Sun, 16 Sep 2001 17:20:50 -0700 (PDT) From: Lauren Weinstein To: dave@farber.net Subject: Getting a grip on encryption realities Cc: lauren@pfir.org It may be time to pause for another dose of reality. With calls from various quarters rising for various encryption bans, let's put aside most issues relating to the undesirability of such moves for a moment and just look at the matter of practicality. Anyone who wants to encrypt their materials with strong encryption has the technical ability to do so. No laws or regulations can put that genie, particularly in terms of software-based systems, back into the bottle. Terrorists are unlikely in the extreme to heed such prohibitions in any case. To make matters even more complex, it's possible to obscure heavily-encoded messages in seemingly innocuous ways. Only the imagination really limits the possibilities. Highly-encrypted messages can be spread out through photographs, computer images, faxes, audio files, plain text, and any number of other media. Ostensibly ordinary files, documents, or statements can contain all manner of encoded data, with the data itself encrypted via any mechanisms up to and including one-time pads. Let's be clear about this. Degrading the strength of communications between honest citizens will not prevent disasters like Tuesday's, but will make those honest citizens less secure. Yet the calls for banning strong encryption take no heed of any of these realities. Obviously we must fight terrorism, but weak or "back-door-enabled" crypto systems carry a *very* high risk of being rendered ineffectual, resulting in highly sensitive and private--but completely legal--communications being exposed. Unfortunately, in the understandable fervor of the moment, many aspects of technical facts and common sense are being plowed under the tank treads of emotion. Realistically, if we are to fight terrorism without destroying ourselves piece by piece, we need to above all be thinking clearly. How we handle the encryption debate may be a harbinger of whether or not we deal rationally with a broad range of other crucial issues in the aftermath of terrorism. Any way you look at it, we stand at a crossroads, not just relating to terrorism but for ourselves as well. Notwithstanding wars and disasters of the past, the decisions we make now are among the most crucial we'll ever face. Doing the right thing speaks not only to today and tomorrow, but to history as well. --Lauren-- P.S. I mentioned above how ordinary-looking materials could obscure hidden messages. The text above used an example of an *extremely* trivial technique to encode (not even really encrypt) the plain text title of a famous Beatles song--one character per sentence. Did you notice it? Now that you know it's there, you probably can find it. But what if the title had been encrypted instead of merely encoded in plain text? Trying to control encryption systems is now a pointless--and even dangerous--exercise in technological futility, diverting attention and resources from efforts that might truly have practical benefits towards fighting terrorism, crime, and other scourges on society. Like it or not, that's the reality. The sooner this fact is accepted the better off we'll all be. --Lauren-- Lauren Weinstein lauren@pfir.org or lauren@vortex.com or lauren@privacyforum.org Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy "Reality Reset" Columns - http://www.vortex.com/reality ============================== The above was distributed on Dave's list: For archives see: http://www.interesting-people.org/