FWD: Arguments for good crypto and against GAK

Rohit Khare (khare@w3.org)
Mon, 16 Jun 1997 22:40:37 -0400 (EDT)


From: "Peter Trei" <trei@process.com>
Organization: Process Software
Date: Thu, 5 Jun 1997 15:00:02 -6

I frequently find myself explaining to the
uninitiated the whole crypto mess, and have come up
with a line of arguments which I find work fairly
effectively.

Basically, I take the tack that strong encryption will
help prevent crime, espionage, and terrorism, while
weak and/or GAKed crypto will promote it. There are
good arguements for this position.

We lock our houses, cars, etc. This activity is
promoted by the police as a crime prevention measure,
although it unquestionably makes it more difficult for
them to serve search warrants, etc. They realize that
good locks prevent far more crime than would their
unfettered access to unlocked property.

Crypto works the same way as good locks, but in the
data sphere. While it would clearly make
court-authorized wiretaps more difficult (but not
impossible), it also stops the far more frequent
unauthorized interception of messages by criminals
(whether in or out of government).

At this point I usually give some recent examples
of losses that might have been prevented by good
crypto - cell phone cloning fraud and eavesdropping,
the recent credit card sniffer, etc. Going back a
couple of years, some hackers on the west coast
modified major backbone routers to record ftp and
telnet passwords, etc. If the audience is aware of
the putative info-war threat, I can work that in
as another threat that good crypto can put a stop to.

If the question arises 'well, why does the FBI, etc,
seem so worried about the widespread use of crypto?',
I have a response.

"There's an old saying: 'When you're up to your ass in
alligators, it's hard to remember that you're trying
to drain the swamp.'"

We have law enforcement agencies because we want
people and their property to be safer. However, the
FBI and other LEAs actually do very little to
directly *prevent* crime; almost all of their efforts
are post-facto, designed to catch criminals, or make
it easier to catch them, *after* they've already
committed one or more offences. While a criminal in
jail is only rarely a menace to society at large,
most criminals get away with many crimes before
they are caught - if this was not the case, there
would be no such thing as a 'career criminal'.
LEAs have little motivation to prevent crime - there
is not much career or budget boost in a robbery which
did not take place, a murder which was not committed,
or a spy who could not get the data he sought.

Widespread and effective use of good crypto acts
before the fact, preventing crimes from occuring
in the first place. While it certainly would make
some wiretaps more difficult (and here I bring up
the very low number of wiretaps preformed in the
US compared to the number of crimes), on the balance
it is clear that the use of good security is a win.

If you ask most people if they had a choice between
a high crime rate with some of the criminals being
caught, and a much lower crime rate with a slightly
higher chance of them getting away, most people who
are not part of the LEA establishment will instantly
opt for the latter.

As for GAK, there are two basic arguements I use. First,
I ask them how they would feel if their town required
that copies of all house, car, and file cabinet keys
be deposited with the local cops 'just in case they
need to serve a search warrant'. Most people are
rightly appalled by the idea.

Secondly, I describe the idea of key escrow agencies
and "TTPs", and how they would create huge storehouses
of private keys. I point out what a target of
opportunity these archives would provide to criminals and
spies - by compromising the security of a single site,
they could unlock the private, confidential information
of thousands of individuals and corporations. Depending
on the audience, I might bring up Filegate, Aldrich
Ames, the Walker case, etc, to demonstrate that even
the government can't be relied on to keep secrets
("despite their best intentions"), and re-emphasize the
catastrophic single-point-of-failure that GAK
represents.

In short, it's possible to pro-crypto, anti-GAK
without ever getting near sounding anti-government;
in fact, being pro-crypto, anti-GAK can be a
conservative, anti-crime, law & order position.

Peter Trei
trei@process.com