16.26.1. The Direct Attack: Restrictions on Encryption
+ "Why won't government simply ban such encryption methods?"
+ This has always been the Number One Issue!
- raised by Stiegler, Drexler, Salin, and several others
(and in fact raised by some as an objection to my even
discussing these issues, namely, that action may then
be taken to head off the world I describe)
+ Types of Bans on Encryption and Secrecy
- Ban on Private Use of Encryption
- Ban on Store-and-Forward Nodes
- Ban on Tokens and ZKIPS Authentication
- Requirement for public disclosure of all transactions
+ Recent news (3-6-92, same day as Michaelangelo and
Lawnmower Man) that government is proposing a surcharge
on telcos and long distance services to pay for new
equipment needed to tap phones!
- S.266 and related bills
- this was argued in terms of stopping drug dealers and
other criminals
- but how does the government intend to deal with the
various forms fo end-user encryption or "confusion"
(the confusion that will come from compression,
packetizing, simple file encryption, etc.)
+ Types of Arguments Against Such Bans
- The "Constitutional Rights" Arguments
+ The "It's Too Late" Arguments
- PCs are already widely scattered, running dozens of
compression and encryption programs...it is far too
late to insist on "in the clear" broadcasts, whatever
those may be (is program code distinguishable from
encrypted messages? No.)
- encrypted faxes, modem scramblers (albeit with some
restrictions)
- wireless LANs, packets, radio, IR, compressed text
and images, etc....all will defeat any efforts short
of police state intervention (which may still happen)
+ The "Feud Within the NSA" Arguments
- COMSEC vs. PROD
+ Will affect the privacy rights of corporations
- and there is much evidence that corporations are in
fact being spied upon, by foreign governments, by the
NSA, etc.
+ They Will Try to Ban Such Encryption Techniques
+ Stings (perhaps using viruses and logic bombs)
- or "barium," to trace the code
+ Legal liability for companies that allow employees to
use such methods
- perhaps even in their own time, via the assumption
that employees who use illegal software methods in
their own time are perhaps couriers or agents for
their corporations (a tenuous point)
- restrictions on: use of codes and ciphers
+ there have long been certain restrictions on the use of
encryption
- encryption over radio waves is illegal (unless the key is
provided to the government, as with Morse code)
+ in war time, many restrictions (by all governments)
- those who encrypt are ipso facto guilty and are shot
summarily, in many places
- even today, use of encryption near a military base or
within a defense contractor could violate laws
+ S.266 and similar bills to mandate "trapdoors"
+ except that this will be difficult to police and even to
detect
- so many ways to hide messages
- so much ordinary compression, checksumming, etc.
+ Key Registration Trail Balloon
- cite Denning's proposal, and my own postings
16.26.2. Another Direct Attack: Elimination of Cash
+ the idea being that elimination of cash, with credit cards
replacing cash, will reduce black markets
- "one person, one ID" (goal of many international
standards organizations)
- this elimination of cash may ultimately be tied in to the
key registration ideas...government becomes a third party
in all transactions
+ a favorite of conspiracy theorists
- in extreme form: the number of the Beast tattooed on us
(credit numbers, etc.)
- currency exchanges (rumors on the Nets about the imminent
recall of banknotes, ostensibly to flush out ill-gotten
gains and make counterfeiting easier)
+ but also something governments like to do at times, sort
of to remind us who's really in charge
- Germany, a couple of times
- France, in the late 1950s
- various other devaluations and currency reforms
+ Partial steps have already been made
- cash transactions greater than some value-$10,000 at this
time, though "suspicious" sub-$10K transactions must be
reported-are banned
+ large denomination bills have been withdrawn from
circulation
- used in drug deals, the argument goes
- Massachussetts has demanded that banks turn over all
account records, SS numbers, balances, etc.
+ "If what you're doing is legal, why do you need cash for
it?"
- part of the old American dichotomy: privacy versus "What
have you got to hide?"
+ But why the outlawing of cash won't work
+ if a need exists, black markets will arise
- i.e., the normal tradeoff between risk and reward:
there may be some "discounts" on the value, but cah
will still circulate
+ too many other channels exist: securities, secrets, goods
+ from trading in gold or silver, neither of which are
outlawed any longer, to trading in secrets, how can the
government stop this?
- art being used to transfer money across international
borders (avoids Customs)
- "consideration" given, a la the scam to hide income
+ total surveillance?
- it doesn't even work in Russia
- on the other hand, Russia lacks the "point of sale"
infrastructure to enforce a cashless system
16.26.3. Another Direct Attack: Government Control of Encryption,
Networks, and Net Access
- a la the old Bell System monopoly, which limited what could
be hooked up to a phone line
+ the government may take control of the networks in several
ways:
+ FCC-type restrictions, though it is hard to see how a
private network, on private property, could be restricted
- as it is not using part of the "public spectrum"
- but it is hard to build a very interesting network that
stays on private property....and as soon as it crosses
public property, BINGO!
+ "National Data Highway" could be so heavily subsidized
that alternatives will languish (for a while)
- the Al Gore proposals for a federally funded system
(and his wife, Tipper, is of course a leader of the
censorship wing)
- and then the government can claim the right and duty to
set the "traffic" laws: protocols, types of encryption
allowed, etc.
- key patents, a la RSA (if in fact gov't. is a silent
partner in RSA Data Security)
16.26.4. An Indirect Attack: Insisting that all economic transactions
be "disclosed" (the "Full Disclosure Society" scenario)
+ this sounds Orwellian, but the obvious precedent is that
businesses must keep records of all financial transactions
(and even some other records, to see if they're colluding
or manipulating something)
- for income and sales tax reasons
- and OSHA inspections, INS raids, etc.
+ there is currently no requirement that all transactions
be fully documented with the identies of all parties,
except in some cases like firearms purchases, but this
could change
- especially as electronic transactions become more
common: the IRS may someday insist on such records,
perhaps even insisting on escrowing of such records, or
time-stamping
+ this will hurt small businesses, due to the entry cost
and overhead of such systems, but big businesses will
probably support it (after some grumbling)
- big business always sees bureaucracy as one of their
competitive advantages
+ and individuals have not been hassled by the IRS on minor
personal transactions, though the web is tightening:
1099s are often required (when payments exceed some
amount, such as $500)
- small scale barter transactions
+ but the nature of CA is that many transactions can be
financial while appearing to be something else (like the
transfer of music or images, or even the writing of
letters)
- which is why a cusp is coming: full disclosure is one
route, protection of privacy is another
+ the government may cite the dangers of a "good old boy
network" (literally) that promulgates racist, sexist, and
ableist discrimination via computer networks
- i.e., that the new networks are "under-representing
people of color"
- and how can quotas be enforced in an anonymous system?
- proposals in California (7-92) that consultants file
monthly tax statements, have tax witheld, etc.
- a strategy for the IRS: require all computer network users
to have a "taxpayer ID number" for all transactions, so
that tax evasion can be checked
16.26.5. Attempts to discredit reputation-based systems by deceit,
fraud, nonpayment, etc.
- deliberate attacks on the reputation of services the
government doesn't want to see
- there may be government operations to sabotage businesses,
to undermine such efforts before they get started
- analogous to "mail-bombing" an anonymous remailer
16.26.6. Licensing of software developers may be one method used to
try to control the spread of anonymous systems and
information markets
- by requiring a "business license" attached to any and all
chunks of code
+ implemented via digital signatures, a la the code signing
protocols mentioned by Bob Baldwin as a means of reducing
trapdoors, sabotage, and other modifications by spies,
hackers, etc.
- proposals to require all chunks of code to be signed,
after the Sililcon Valley case in mid-80s, where
spy/saboteur went to several s/w companies and meddled
with code
- "seals" from some group such as "Software Writers
Laboratories," with formal specs required, source code
provided to a trusted keeper, etc.
+ such licensing and inspection will also serve to lock-in
the current players (Microsoft will love it) and make
foreign competition in software more difficult
- unless the foreign competition is "sanctioned," e.g.,
Microsoft opens a code facility in India
16.26.7. RICO-like seizures of computers and bulletin board systems
- sting operations and setups
- Steve Jackson Games is obvious example
- for illegal material (porno, drug advocacy, electronic
money, etc.) flowing through their systems
- even when sysop can prove he did not know illegal acts were
being committed on his system (precedents are the yachts
seized because a roach was found)
+ these seizures can occur even when a trial is never held
- e.g., the "administrative seizure" of cars in Portland in
prostitution cases
- and the seizures are on civil penalties, where the
standards of proof are much lower
+ in some cases a mere FBI investigation is enough to get
employees fired, renters kicked out, IRS audits started
+ reports that a woman in Georgia who posted some "ULs"
(unlisted numbers?) was fired by her company after the
FBI got involved, told by her landlord that her lease was
not being extended, and so forth
- "We don't truck with no spies"
- the IRS audit would not ostensibly be for harassment, but
for "probable cause" (or whatever term they use) that tax
avoidance, under-reporting, even money-laundering might
be involved
16.26.8. Outlawing of Digital Pseudonyms and Credentialling
+ may echoe the misguided controversy over Caller ID
- misguided because the free market solution is clear: let
those who wish to hide their numbers-rape and battering
support numbers, police, detectives, or even just
citizens requesting services or whatever-do so
- and let those who refuse to deal with these anonymous
callers also do so (a simple enough programming of
answering machines and telephones)
- for example, to prevent minors and felons from using the
systems, "true names" may be required, with heavy fines and
forfeitures of equipment and assets for anybody that fails
to comply (or is caught in stings and setups)
+ minors may get screened out of parts of cyberspace by
mandatory "age credentialing" ("carding")
- this could be a major threat to such free and open
systems, as with the various flaps over minors logging on
to the Internet and seeing X-rated images (however poorly
rendered) or reading salacious material in alt.sex
- there may be some government mood to insist that only
"true names" be used, to facillitate such age screening
(Fiat-Shamir passports, papers, number of the Beast?)
+ the government may argue that digital pseudonyms are
presumptively considered to be part of a conspiracy, a
criminal enterprise, tax evasion, etc.
- the old "what have you got to hide" theory
- closely related to the issue of whether false IDs can be
used even when no crimes are being committed (that is,
can Joe Average represent himself by other than his True
Name?)
- civil libertarians may fight this ban, arguing that
Americans are not required to present "papers" to
authorities unless under direct suspicion for a crime
(never mind the loitering laws, which take the other view)
16.26.9. Anonymous systems may be restricted on the grounds that they
constitute a public nuisance
- or that they promote crime, espionage, etc.
+ especially after a few well-publicized abuses
- possibly instigated by the government?
- operators may have to post bonds that effectively drive
them out of business
16.26.10. Corporations may be effectively forbidden to hire consultants
or subcontractors as individuals
+ the practical issue: the welter of tax and benefit laws
make individuals unable to cope with the mountains of forms
that have to be filed
- thus effectively pricing individuals out of this market
+ the tax law side: recall the change in status of
consultants a few years back...this may be extended further
- a strategy for the IRS: require all computer network
users to have a "taxpayer ID number" for all
transactions, so that tax evasion can be checked
- not clear how this differs from the point above, but I
feel certain more such pressures will be applied (after
all, most corporations tend to see independent
contractors as more of a negative than a positive)
- this may be an agenda of the already established companies:
they see consultants and free lancers as thieves and
knaves, stealing their secrets and disseminating the crown
jewels (to punningly mix some metaphors)
- and since the networks discussed here facilitate the use of
consultants, more grounds to limit them
16.26.11. There may be calls for U.N. control of the world banking
system in the wake of the BCCI and similar scandals
- to "peirce the veil" on transnationals
- calls for an end to banking secrecy
- talk about denying access to the money centers of New York
(but will this push the business offshore, in parallel to
the Eurodollar market?)
+ motivations and methods
- recall the UNESCO attempt a few years back to credential
reporters, ostensibly to prevent chaos and "unfair"
reporting...well, the BCCI and nuclear arms deals
surfacing may reinvigorate the efforts of
"credentiallers"
+ the USSR and other countries entering the world community
may sense an opportunity to get in on the formation of
"boards of directors" of these kinds of banks and
corporations and so may push the idea in the U.N.
- sort of like a World Bank or IMF with even more power
to step in and take control of other banks, and with
the East Bloc and USSR having seats!
16.26.12. "National security"
- if the situation gets serious enough, a la a full-blown
crypto anarchy system, mightn't the government take the
step of declaring a kind of national emergency?
- provisions exist: "401 Emergency" and FEMA plans
- of course, the USSR tried to intitiate emergency measures
and failed
- recall that a major goal of crypto anarchy is that the
systems described here will be so widely deployed as to be
essential or critical to the overall economy...any attempt
to "pull the plug" will also kill the economy
16.26.13. Can authorities force the disclosure of a key?
+ on the "Yes" side:
+ is same, some say, as forcing combination to a safe
containing information or stolen goods
- but some say-and a court may have ruled on this-that
the safe can always be cut open and so the issue is
mostly moot
- while forcing key disclosure is compelled testimony
- and one can always claim to have forgotten the key
- i.e., what happens when a suspect simply clams up?
- but authorities can routinely demand cooperation in
investigations, can seize records, etc.
+ on the "No" side:
- can't force a suspect to talk, whether about where he hid
the loot or where his kidnap victim is hidden
- practically speaking, someone under indictment cannot be
forced to reveal Swiss bank accounts....this would seem
to be directly analogous to a cryptographic key
- thus, the key to open an account would seem to be the
same thing
- a memorized key cannot be forced, says someone with EFF
or CPSR
- on balance, it seems clear that the disclosure of
cryptographic keys cannot be forced (though the practical
penalty for nondisclosure could be severe)
- but this has not really been tested, so far as I know
- and many people say that such cooperation can be
demanded...
By Tim May, see README
HTML by Jonathan Rochkind