Public Service Message: When replying to a list discussion, consider cutting the individual you are replying to out of the headers, and simply posting to the list. Otherwise, a long threat tends to accumulate individual addresses in the header like a deer gathers ticks.
On Mon, 24 Sep 2001, Derek D. Martin wrote: > I'm not a crypto expert, but the argument generally goes that if there > are back doors in your algorithms, the security is inherently weaker. I agree. I find the best analogy to cryptography is armored cars -- the trucks banks use to transport money between branches and/or customers. You can put you want in an armored car, and take it through unsafe territory, and the cargo will still be safe. Some in Congress fear that the Bad Guys may be using armored cars to protect their own assets. They propose requiring all US Armored Car manufacturers to replace a single armored panel with cardboard. However, only the Government will be told which panel has been weakened, so the users of the armored cars can still consider them safe. Meanwhile, the Government can use that secret cardboard panel to break into the armored car, if needed. Of course, this is a ridiculous idea. While the Government is generally good at what they do, mistakes do happen. Once the secret of which panel is made of cardboard gets out, the cars are useless. This means people will stop buying armored cars from US companies, and instead import them from overseas. Meanwhile, there is nothing to stop the Bad Guys from welding their own steel plate into place over the cardboard. The reason they are Bad Guys, after all, is they do not follow the rules. Replace "armored car" with "encryption software", and "cardboard panel" with "key escrow", and the above description applies exactly the same way. Forcing encryption software from US companies to feature back doors will accomplish precisely one thing: Encryption research and industry will move outside the USA, causing us to lose a technological edge, and harming the already failing economy. US law already requires people to handle over decrypt keys upon court order, just like any other kind of evidence. Refusing to do so, or destroying the keys, is already punishable under law, as with any other kind of evidence. We do not need special laws just because computer data can serve as evidence as well as physical items can. > Given that fact that it's readily available, legislating crypto controls > in our country (the only place our laws could have effect) can have no > effect. None. Zero. Not true. See above about damage to the US economy and companies. I am sure the German and Japanese software industries would love us for it. -- Ben Scott <[EMAIL PROTECTED]> | The opinions expressed in this message are those of the author and do not | | necessarily represent the views or policy of any other person, entity or | | organization. All information is provided without warranty of any kind. | ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
