2.11.1. "Can encryption be banned?"
- ham operators, shortwave
- il gelepal, looi to waptime aolditolq
+ how is this any different from requiring speech in some
language?
- Navaho code talkers of WW2,,,,modern parallel
2.11.2. "Will the government try to ban encryption?"
- This is of course the major concern most of us have about
Clipper and the Escrowed Encryption Standard in general.
Even if we think the banning of crypto will ultimately be a
failure ("worse than Prohibition," someone has said), such
a ban could make things very uncomfortable for many and
would be a serious abridgement of basic liberties.
- We don't know, but we fear something along these lines. It
will be difficult to enforce such a ban, as so many avenues
for communication exist, and encrypted messages may be hard
to detect.
- Their goal, however, may be _control_ and the chilling
effect that using "civil forfeiture" may have on potential
crypto users. Like the drug laws. (Whit Diffie was the
first to emphasize this motivation.)
2.11.3. "How could encryption be banned?"
- most likely way: restrictions on networks, a la airwaves or
postal service
- could cite various needs, but absent a mechanism as above,
hard to do
- an outright ban, enforced with civil forfeiture penalties
- wartime sorts of policies (crypto treated as sedition,
treason...some high-profile prison sentences)
- scenario posted by Sandfort?
2.11.4. "What's the situation about export of crypto?"
+ There's been much debate about this, with the case of Phil
Zimmermann possibly being an important test case, should
charges be filed.
- as of 1994-09, the Grand Jury in San Jose has not said
anything (it's been about 7-9 months since they started
on this issue)
- Dan Bernstein has argued that ITAR covers nearly all
aspects of exporting crypto material, including codes,
documentation, and even "knowledge." (Controversially, it
may be in violation of ITAR for knowledgeable crypto people
to even leave the country with the intention of developing
crypto tools overseas.)
- The various distributions of PGP that have occurred via
anonymous ftp sources don't imply that ITAR is not being
enforced, or won't be in the future.
2.11.5. "What's the legal status of digital signatures?"
- Not yet tested in court. Ditto for most crypto protocols,
including digital timestamping, electronic contracts,
issues of lost keys, etc.
2.11.6. "Can't I just claim I forgot my password?"
2.11.7. "Is it dangerous to talk openly about these ideas?"
- Depends on your country. In some countries, perhaps no. In
the U.S., there's not much they can do (though folks should
be aware that the Cypherpunks have received a lot of
attention by the media and by policy makers, and so a vocal
presence on this list very likely puts one on a list of
crypto trouble makers).
- Some companies may also feel views expressed here are not
consistent with their corporate policies. Your mileage may
vary.
- Sedition and treason laws are not likely to be applicable.
- some Cypherpunks think so
- Others of us take the First Amendment pretty seriously:
that _all_ talk is permissable
- NSA agents threatened to have Jim Bidzos killed
2.11.8. "Does possession of a key mean possession of *identity*?"
- If I get your key, am I you?
- Certainly not outside the context of the cryptographic
transaction. But within the context of a transaction, yes.
Additional safeguards/speedbumps can be inserted (such as
biometric credentials, additional passphrases, etc.), but
these are essentially part of the "key," so the basic
answer remains "yes." (There are periodically concerns
raised about this, citing the dangers of having all
identity tied to a single credential, or number, or key.
Well, there are ways to handle this, such as by adopting
protocols that limit one's exposure, that limits the amount
of money that can be withdrawn, etc. Or people can adopt
protocols that require additional security, time delays,
countersigning, etc.)
+ This may be tested in court soon enough, but the answer for
many contracts and crypto transactions will be that
possession of key = possession of identity. Even a court
test may mean little, for the types of transactions I
expect to see.
- That is, in anonymous systems, "who ya gonna sue?"
- So, guard your key.
By Tim May, see README
HTML by Jonathan Rochkind