16.26.1. The Direct Attack: Restrictions on Encryption + "Why won't government simply ban such encryption methods?" + This has always been the Number One Issue! - raised by Stiegler, Drexler, Salin, and several others (and in fact raised by some as an objection to my even discussing these issues, namely, that action may then be taken to head off the world I describe) + Types of Bans on Encryption and Secrecy - Ban on Private Use of Encryption - Ban on Store-and-Forward Nodes - Ban on Tokens and ZKIPS Authentication - Requirement for public disclosure of all transactions + Recent news (3-6-92, same day as Michaelangelo and Lawnmower Man) that government is proposing a surcharge on telcos and long distance services to pay for new equipment needed to tap phones! - S.266 and related bills - this was argued in terms of stopping drug dealers and other criminals - but how does the government intend to deal with the various forms fo end-user encryption or "confusion" (the confusion that will come from compression, packetizing, simple file encryption, etc.) + Types of Arguments Against Such Bans - The "Constitutional Rights" Arguments + The "It's Too Late" Arguments - PCs are already widely scattered, running dozens of compression and encryption programs...it is far too late to insist on "in the clear" broadcasts, whatever those may be (is program code distinguishable from encrypted messages? No.) - encrypted faxes, modem scramblers (albeit with some restrictions) - wireless LANs, packets, radio, IR, compressed text and images, etc....all will defeat any efforts short of police state intervention (which may still happen) + The "Feud Within the NSA" Arguments - COMSEC vs. PROD + Will affect the privacy rights of corporations - and there is much evidence that corporations are in fact being spied upon, by foreign governments, by the NSA, etc. + They Will Try to Ban Such Encryption Techniques + Stings (perhaps using viruses and logic bombs) - or "barium," to trace the code + Legal liability for companies that allow employees to use such methods - perhaps even in their own time, via the assumption that employees who use illegal software methods in their own time are perhaps couriers or agents for their corporations (a tenuous point) - restrictions on: use of codes and ciphers + there have long been certain restrictions on the use of encryption - encryption over radio waves is illegal (unless the key is provided to the government, as with Morse code) + in war time, many restrictions (by all governments) - those who encrypt are ipso facto guilty and are shot summarily, in many places - even today, use of encryption near a military base or within a defense contractor could violate laws + S.266 and similar bills to mandate "trapdoors" + except that this will be difficult to police and even to detect - so many ways to hide messages - so much ordinary compression, checksumming, etc. + Key Registration Trail Balloon - cite Denning's proposal, and my own postings 16.26.2. Another Direct Attack: Elimination of Cash + the idea being that elimination of cash, with credit cards replacing cash, will reduce black markets - "one person, one ID" (goal of many international standards organizations) - this elimination of cash may ultimately be tied in to the key registration ideas...government becomes a third party in all transactions + a favorite of conspiracy theorists - in extreme form: the number of the Beast tattooed on us (credit numbers, etc.) - currency exchanges (rumors on the Nets about the imminent recall of banknotes, ostensibly to flush out ill-gotten gains and make counterfeiting easier) + but also something governments like to do at times, sort of to remind us who's really in charge - Germany, a couple of times - France, in the late 1950s - various other devaluations and currency reforms + Partial steps have already been made - cash transactions greater than some value-$10,000 at this time, though "suspicious" sub-$10K transactions must be reported-are banned + large denomination bills have been withdrawn from circulation - used in drug deals, the argument goes - Massachussetts has demanded that banks turn over all account records, SS numbers, balances, etc. + "If what you're doing is legal, why do you need cash for it?" - part of the old American dichotomy: privacy versus "What have you got to hide?" + But why the outlawing of cash won't work + if a need exists, black markets will arise - i.e., the normal tradeoff between risk and reward: there may be some "discounts" on the value, but cah will still circulate + too many other channels exist: securities, secrets, goods + from trading in gold or silver, neither of which are outlawed any longer, to trading in secrets, how can the government stop this? - art being used to transfer money across international borders (avoids Customs) - "consideration" given, a la the scam to hide income + total surveillance? - it doesn't even work in Russia - on the other hand, Russia lacks the "point of sale" infrastructure to enforce a cashless system 16.26.3. Another Direct Attack: Government Control of Encryption, Networks, and Net Access - a la the old Bell System monopoly, which limited what could be hooked up to a phone line + the government may take control of the networks in several ways: + FCC-type restrictions, though it is hard to see how a private network, on private property, could be restricted - as it is not using part of the "public spectrum" - but it is hard to build a very interesting network that stays on private property....and as soon as it crosses public property, BINGO! + "National Data Highway" could be so heavily subsidized that alternatives will languish (for a while) - the Al Gore proposals for a federally funded system (and his wife, Tipper, is of course a leader of the censorship wing) - and then the government can claim the right and duty to set the "traffic" laws: protocols, types of encryption allowed, etc. - key patents, a la RSA (if in fact gov't. is a silent partner in RSA Data Security) 16.26.4. An Indirect Attack: Insisting that all economic transactions be "disclosed" (the "Full Disclosure Society" scenario) + this sounds Orwellian, but the obvious precedent is that businesses must keep records of all financial transactions (and even some other records, to see if they're colluding or manipulating something) - for income and sales tax reasons - and OSHA inspections, INS raids, etc. + there is currently no requirement that all transactions be fully documented with the identies of all parties, except in some cases like firearms purchases, but this could change - especially as electronic transactions become more common: the IRS may someday insist on such records, perhaps even insisting on escrowing of such records, or time-stamping + this will hurt small businesses, due to the entry cost and overhead of such systems, but big businesses will probably support it (after some grumbling) - big business always sees bureaucracy as one of their competitive advantages + and individuals have not been hassled by the IRS on minor personal transactions, though the web is tightening: 1099s are often required (when payments exceed some amount, such as $500) - small scale barter transactions + but the nature of CA is that many transactions can be financial while appearing to be something else (like the transfer of music or images, or even the writing of letters) - which is why a cusp is coming: full disclosure is one route, protection of privacy is another + the government may cite the dangers of a "good old boy network" (literally) that promulgates racist, sexist, and ableist discrimination via computer networks - i.e., that the new networks are "under-representing people of color" - and how can quotas be enforced in an anonymous system? - proposals in California (7-92) that consultants file monthly tax statements, have tax witheld, etc. - a strategy for the IRS: require all computer network users to have a "taxpayer ID number" for all transactions, so that tax evasion can be checked 16.26.5. Attempts to discredit reputation-based systems by deceit, fraud, nonpayment, etc. - deliberate attacks on the reputation of services the government doesn't want to see - there may be government operations to sabotage businesses, to undermine such efforts before they get started - analogous to "mail-bombing" an anonymous remailer 16.26.6. Licensing of software developers may be one method used to try to control the spread of anonymous systems and information markets - by requiring a "business license" attached to any and all chunks of code + implemented via digital signatures, a la the code signing protocols mentioned by Bob Baldwin as a means of reducing trapdoors, sabotage, and other modifications by spies, hackers, etc. - proposals to require all chunks of code to be signed, after the Sililcon Valley case in mid-80s, where spy/saboteur went to several s/w companies and meddled with code - "seals" from some group such as "Software Writers Laboratories," with formal specs required, source code provided to a trusted keeper, etc. + such licensing and inspection will also serve to lock-in the current players (Microsoft will love it) and make foreign competition in software more difficult - unless the foreign competition is "sanctioned," e.g., Microsoft opens a code facility in India 16.26.7. RICO-like seizures of computers and bulletin board systems - sting operations and setups - Steve Jackson Games is obvious example - for illegal material (porno, drug advocacy, electronic money, etc.) flowing through their systems - even when sysop can prove he did not know illegal acts were being committed on his system (precedents are the yachts seized because a roach was found) + these seizures can occur even when a trial is never held - e.g., the "administrative seizure" of cars in Portland in prostitution cases - and the seizures are on civil penalties, where the standards of proof are much lower + in some cases a mere FBI investigation is enough to get employees fired, renters kicked out, IRS audits started + reports that a woman in Georgia who posted some "ULs" (unlisted numbers?) was fired by her company after the FBI got involved, told by her landlord that her lease was not being extended, and so forth - "We don't truck with no spies" - the IRS audit would not ostensibly be for harassment, but for "probable cause" (or whatever term they use) that tax avoidance, under-reporting, even money-laundering might be involved 16.26.8. Outlawing of Digital Pseudonyms and Credentialling + may echoe the misguided controversy over Caller ID - misguided because the free market solution is clear: let those who wish to hide their numbers-rape and battering support numbers, police, detectives, or even just citizens requesting services or whatever-do so - and let those who refuse to deal with these anonymous callers also do so (a simple enough programming of answering machines and telephones) - for example, to prevent minors and felons from using the systems, "true names" may be required, with heavy fines and forfeitures of equipment and assets for anybody that fails to comply (or is caught in stings and setups) + minors may get screened out of parts of cyberspace by mandatory "age credentialing" ("carding") - this could be a major threat to such free and open systems, as with the various flaps over minors logging on to the Internet and seeing X-rated images (however poorly rendered) or reading salacious material in alt.sex - there may be some government mood to insist that only "true names" be used, to facillitate such age screening (Fiat-Shamir passports, papers, number of the Beast?) + the government may argue that digital pseudonyms are presumptively considered to be part of a conspiracy, a criminal enterprise, tax evasion, etc. - the old "what have you got to hide" theory - closely related to the issue of whether false IDs can be used even when no crimes are being committed (that is, can Joe Average represent himself by other than his True Name?) - civil libertarians may fight this ban, arguing that Americans are not required to present "papers" to authorities unless under direct suspicion for a crime (never mind the loitering laws, which take the other view) 16.26.9. Anonymous systems may be restricted on the grounds that they constitute a public nuisance - or that they promote crime, espionage, etc. + especially after a few well-publicized abuses - possibly instigated by the government? - operators may have to post bonds that effectively drive them out of business 16.26.10. Corporations may be effectively forbidden to hire consultants or subcontractors as individuals + the practical issue: the welter of tax and benefit laws make individuals unable to cope with the mountains of forms that have to be filed - thus effectively pricing individuals out of this market + the tax law side: recall the change in status of consultants a few years back...this may be extended further - a strategy for the IRS: require all computer network users to have a "taxpayer ID number" for all transactions, so that tax evasion can be checked - not clear how this differs from the point above, but I feel certain more such pressures will be applied (after all, most corporations tend to see independent contractors as more of a negative than a positive) - this may be an agenda of the already established companies: they see consultants and free lancers as thieves and knaves, stealing their secrets and disseminating the crown jewels (to punningly mix some metaphors) - and since the networks discussed here facilitate the use of consultants, more grounds to limit them 16.26.11. There may be calls for U.N. control of the world banking system in the wake of the BCCI and similar scandals - to "peirce the veil" on transnationals - calls for an end to banking secrecy - talk about denying access to the money centers of New York (but will this push the business offshore, in parallel to the Eurodollar market?) + motivations and methods - recall the UNESCO attempt a few years back to credential reporters, ostensibly to prevent chaos and "unfair" reporting...well, the BCCI and nuclear arms deals surfacing may reinvigorate the efforts of "credentiallers" + the USSR and other countries entering the world community may sense an opportunity to get in on the formation of "boards of directors" of these kinds of banks and corporations and so may push the idea in the U.N. - sort of like a World Bank or IMF with even more power to step in and take control of other banks, and with the East Bloc and USSR having seats! 16.26.12. "National security" - if the situation gets serious enough, a la a full-blown crypto anarchy system, mightn't the government take the step of declaring a kind of national emergency? - provisions exist: "401 Emergency" and FEMA plans - of course, the USSR tried to intitiate emergency measures and failed - recall that a major goal of crypto anarchy is that the systems described here will be so widely deployed as to be essential or critical to the overall economy...any attempt to "pull the plug" will also kill the economy 16.26.13. Can authorities force the disclosure of a key? + on the "Yes" side: + is same, some say, as forcing combination to a safe containing information or stolen goods - but some say-and a court may have ruled on this-that the safe can always be cut open and so the issue is mostly moot - while forcing key disclosure is compelled testimony - and one can always claim to have forgotten the key - i.e., what happens when a suspect simply clams up? - but authorities can routinely demand cooperation in investigations, can seize records, etc. + on the "No" side: - can't force a suspect to talk, whether about where he hid the loot or where his kidnap victim is hidden - practically speaking, someone under indictment cannot be forced to reveal Swiss bank accounts....this would seem to be directly analogous to a cryptographic key - thus, the key to open an account would seem to be the same thing - a memorized key cannot be forced, says someone with EFF or CPSR - on balance, it seems clear that the disclosure of cryptographic keys cannot be forced (though the practical penalty for nondisclosure could be severe) - but this has not really been tested, so far as I know - and many people say that such cooperation can be demanded...
Next Page: 16.27 How Crypto Anarchy Advocates Will Fight Back
Previous Page: 16.25 Predictions vs. Implications
By Tim May, see README
HTML by Jonathan Rochkind