Home page logo
/

isn logo Information Security News mailing list archives

Re: dejavu, Re: Hijackers' e-mails were unencrypted
From: InfoSec News <isn () c4i org>
Date: Mon, 8 Oct 2001 03:07:49 -0500 (CDT)

Forwaded from: "Jay D. Dyson" <jdyson () treachery net>

---------- Forwarded message ----------
Date: Fri, 5 Oct 2001 09:44:38 -0700 (PDT)
From: "Jay D. Dyson" <jdyson () treachery net>
To: Cryptography List <cryptography () wasabisystems com>
Cc: Ed Gerck <egerck () nma com>
Subject: Re: dejavu, Re: Hijackers' e-mails were unencrypted


[Moderator's note: This is starting to depart a bit from the mail list
focus but I'll let it through for now. --Perry]

-----BEGIN PGP SIGNED MESSAGE-----

On Fri, 5 Oct 2001, Ed Gerck wrote:

Like you, I once believed that our government would follow sensible
courses of action with respect to technology.  That time has passed.

The advent of DMCA should have served as a wake-up call to the reality
that our government no longer even operates under the *pretense* of
sanity or rationality with respect to technology laws.

My point is not that a government would not, but that a government could
not control the use of crypto.  It would not work. 

        To counter your point, I'm going to bring to the fore one of our
Constitutional Rights that has become so very unpopular and emotionally-
charged that I doubt many will be able to see past the comparison to the
more salient points I will be making.  Nonetheless, I make this effort to
demonstrate that the government can and will follow an inadvisable course
of action with respect to the limitation of our rights with respect to
cryptography.

        It was once argued that our government could not possibly succeed
in placing limitations on its citizens' exercise of their Second Amendment
rights.  Now behold the municipalities, commonwealths and states in which
the right of the people to keep and bear arms (which the Second Amendment
clearly states _shall not be infringed_) has been abrogated in the name of
"public safety."  Given that trend, it is more than idle speculation to
suggest that our lawmakers will walk down the same path on the issue of
cryptography. 

        Any law on cryptography, like the aformentioned firearm laws, will
of course be of limited efficacy: they will limit only law-abiding
citizens of access to tools that enhance their self-defense.  And like
anti-Second Amendment laws, any perceived ineffectiveness of current and
pending law will only result in the political advocacy and eventual
passage of additional laws and penalties until no citizen will venture to
violate them, lest they lose their liberty or station in society. 

My suggestion was that controlling routing and addresses would be much
more efficient and would NOT require new laws and ersosion of
communication privacy. 

        I do not contest this.  In fact, I support such alternatives. 
Even so, I do not believe that our government will embrace or adopt such a
rational measure.  Indeed, it would have been far wiser for our government
to have enforced existing laws on criminal conduct before marginalizing
legal firearm ownership...yet we nonetheless have the situation we do
today.  And just as that tool of self-defense has been maligned as
primarily an instrument of the wicked, so cryptography has been cast in an
identical role.  It only follows that a time will come that it will be
accorded the same overt disrespect and negative emotional response that
firearm owners and users endure today.

        Political movements are not sired by dispassionate logic; their
mother is fear and their father is outrage.  As a consequence, logical
solutions are not only precluded; they are reviled.  This is more than
evident in cases regarding the Second Amendment...and now the Fourth.

And anyone who dares to insist that I'm being alarmist can go
reverse engineer the latest commercial "security solution," publish the
results, and see just how "free" they remain.

Maybe it's time to put sanity back into the DMCA crying.

In the infamous case of Microsoft vs. Stacker many years ago, when MS
was found guilty of using Stacker's code in a MS product, Stacker was
nonetheless found guilty of proving it by reverse engineering -- in a
notion similar to trespassing.

So, as stressed in that judicial case that predates DMCA, if I would get a
court order to reverse engineer the latest commercial "security solution"
and be allowed to publish the results, I would remain free and within
the legal limits. Otherwise, I would not -- DMCA or not.

        Given the glacial pace of our judicial system and the lightning
rate of our technological advances and vulnerability discoveries, those
two institutions are sorely incompatible if we are to genuinely pursue
meaningful security.  Let us not forget that the Black Hats are not
handicapped by such legal maneuvering.  To suggest that we condone such
restrictions on academic research and full disclosure simply to support
the illusory notion that "laws will protect us" isn't just inadvisable: 
it's suicide.

        It is a sad time when the people and their government cannot grasp
the plain wisdom of an observation made 360 years ago:

        "It will not follow that everything must be suppresst which
         may be abused...  If all those useful inventions that are
         liable to abuse should therefore be concealed there is not
         any Art or Science which may be lawfully profest."

                                -- Bishop John Wilkins, 1641

- -Jay

  (    (                                                         _______
  ))   ))   .-"There's always time for a good cup of coffee."-.   >====<--.
C|~~|C|~~| (>------ Jay D. Dyson - jdyson () treachery net ------<) |    = |-'
 `--' `--'  `--------------- rm -rf /bin/laden ---------------'  `------'

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: See http://www.treachery.net/~jdyson/ for current keys.

iQCVAwUBO73VbLlDRyqRQ2a9AQFh8gP/Y2xtOW3wUKA1p/q5rS4qz8H8/SsCcDPi
mgnCSvF6HQQt9BGn0oFobe4lTpKVAtnlq8+kO6F+FQmW1Beu9TQGYivQ27iOKO3f
fbTSwdf3nwNk5FpwSXC9yHbfO7GiTmk/B80EdVqz3F257p/vHP7dhxSwyh9WvLs7
MDBynjyHPXM=
=laX1
-----END PGP SIGNATURE-----




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo () wasabisystems com



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn' in the BODY
of the mail.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]