[13034] in Cypherpunks
Re: Lobbying/Politics/etc.
daemon@ATHENA.MIT.EDU (Ed Carp)
Wed May 4 14:14:42 1994
Date: Wed, 4 May 1994 11:08:56 -0700 (PDT)
From: Ed Carp <ecarp@netcom.com>
To: Stephen Humble <deeb@meceng.coe.neu.edu>
Cc: dave@marvin.jta.edd.ca.gov, cypherpunks@toad.com
In-Reply-To: <9405041548.AA04593@meceng.coe.neu.edu>
On Wed, 4 May 1994, Stephen Humble wrote:
> Ed Carp <ecarp@netcom.com> sez:
> > Consider a successful terrorist attack against a significant
> > group of innocents (the larger the number killed, the greater the horror
> > and shock value). The terrorists were using PGP-encrypted email to plan
> > out the thing.
> >
> > Now, how long do you think it would take before ALL crypto was outlawed?
> > Who would benefit from such a thing? Consider that it's child's play to
> > finance, arm, and train a group of people to conduct a terrorist attack
> > and (conveniently) they all get killed in their attack. No one's going
> > to complain too loudly - after all, they *are* terrorists, right?
>
> I suspect significant problems implementing a law that criminalizes
> crypto. The government currently spends $billions per year trying to
> eliminate illegal drugs, to very little effect. Drugs should be
> easier to eliminate than crypto since phys-obs can't be copied ad
> infinitum as bits can.
>
> There's also the matter of recognizing crypto in use. A program that
> transforms its input so that the output can be converted back to the
> input but has maximum entropy is a good compression program and might
> also be an encryption program. If a TLA taps my phone and finds a
> mysterious bit sequence, how can they distinguish reliably and cheaply
> between an encrypted conversation and a download of
> emacs-19.22.tar.gz?
Unless you use some sort of stego software, most encrypted stuff is
pretty easy to figure out that it *is* encrypted. grep " BEGIN PGP "
message is a pretty good way to detect PGP traffic, magic numbers will
tell you if it's a compressed file or not, etc. It might not be
necessary to prove what you were using to encrypt, merely proving that
you *were* encrypting might be sufficient.
It's like the FCC: if they catch a ham sending out packets, and the FCC
can't read them, they issue you a pink slip. Doesn't matter what you're
using, the meaning is obscured, and that's enough for them.
