Why is the government being so "silly"? (regarding cryptography policy)

Philip Greenspun's Homepage : Philip Greenspun's Homepage Discussion Forums : 6805 : One Thread
Notify me of new responses

Well, since this is a "discussion forum" I decided to throw something out there, although I don't even know if there's anyone subscribed to this :)

I'm actually going to talk about this on my presentation tomorrow (technically today) but I figure we're not going to talk much about it in class so I'd just bring it up here ...

It seems to me (and probably to most of us because of the way we voted at the Harvard session) that the government is trying to enact laws regarding cryptography that are unrealistic, unreasonable and may conceivably cause more crime than they prevent ... Now I don't know about the people at the NSA, etc. being awfully rational but I've been thinking of reasons why they are taking the position they are and these are the ones I've come up with ...

I'd be really interested to see what other people think ... any other ideas???

Dalie

-- D J, September 30, 1999

Answers

Lucy and Dalie,

Having been in on a couple of the internal discussions about this, the scary thing is that many of the adminstration people proposing these escrow ideas really didn't undestand how technically unsound they were. That's one of the things that drove the technical community nuts: for example, sluffing over the difference in security requiremens for certification authorities and escrow agents.

The NSA folks understoof this perfectly well, but the White House types who were making the policies really didn't. This is one of the reasons that the Risks report had impact.

-- Hal Abelson, October 3, 1999


Dalie,

from listening to your presentation and reading the "Risks.." report, it does seem that the government is asking for something completely unreasonable in mandating key escrow agencies. It occures to me that, perhaps, the whole outrageousness factor is not that bad for them:

-- If they are unreasonable now, nothing will get done, and yet if something was to happen, they can always say: "see, we tried, but the industry wouldn't let us."

-- If this is so unreasonable, than, perhaps, the industry will be more receptive to the next proposal (like the one that came out from the Clinton administration), because it's a concession compared to the earlier efforts, even if it's still not perfect.

Lucy

-- Lucy Borodavkina, October 1, 1999


clarification

I guess when I said "the government" I meant the NSA, CIA, and FBI. I've had lots of dealings with politicians and not necessarily merely about technical topics but I've also noticed that they, like the average American, are very uninformed regarding technical issues. Naturally they come from very different backgrounds and very few of them have technical training so I wouldn't expect them to understand all the issues involved, I'd expect them to trust what the NSA et al. is telling them (and perhaps whoever else like the Risk report that cares to lobby for their opinion).

However, the NSA et al. must know better. They're the ones that I don't understand but I guess what Lucy said about them hoping to obtain a compromise between the truly unreasonable regulations and the no regulations proponents. I guess I was just hoping for them to try and come up with a reasonable strategy where they can get the industry and the public on their side. I may have been giving them too much credit.

-- D J, October 4, 1999