Please argue for or against the following proposition: Ciphers that the government cannot cryptanalyze should be outlawed. How would your argument change if such ciphers could be used provided that the users registered the key with the government?Plaintext words are my own. The boldface text was originally written by students. Assume mistakes not denoted with [sic] are my own.
|
Would you agree to a ban on ciphers the government cannot cryptanalyze? | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| ||||||||||||
|
Would you agree to allowing such ciphers, but requiring key registration with the government? | ||||||||||||
|
... and ..."If a radical group is using some complex system to send messages to other members the government should be able to read these messages if they probably cause [sic] to do so."
This was the most popular reason used in support of the proposition. If I was planning on destroying a nation, I would not feel bound by its laws. I would use strong cryptography regardless of any law passed. This sentiment is shared by others."Ciphers that could not be cryptanalyzed by the government should be banned. ... This is necessary in todays [sic] hostile high tech enviroment [sic] to ensure the safety everyone as a whole [sic]."
If the government needed access to some law-abiding citizens' encrypted data, there are already legal means through which the government could subpoena the key to recover the data. Thus, strong cryptography doesn't let law-abiding citizens hurt the government, and a ban would not help the government against criminals.
There is the notion that if everyone used weak cryptography except the criminals, then the data of criminals would be easy to detect. This is absolutely untrue. As CS 177 teaches you, there are plenty of ways to hide information through covert channels. There are even methods of image steganography which are effectively impossible to detect because the method does not change the statistical properties of the carrying data. Even if strong crypto were used in the open, it would be impossible for the government to monitor all data streams and probe them for strongly-encrypted data.
This misses the point of cryptography completely. The tech environment is hostile, and so we need better security through strong crypto, not worse security."The harms that this 'weapon' could cause greatly outweighs [sic] the benefits that these ciphers could potential [sic] bring to the government."
This is an important issue. Cryptography is what is known as a dual-use tool. It can be used for good, or for harm. Guns can be used in senseless murder, or be used by properly trained people in self defense or law enforcement. Hammers are useful tools, yet they can certainly be used to hurt intentionally. Rootkits can be used to break into systems illegally, yet system administrators use them legitimately to test their own systems' security. It makes no sense to outlaw a tool simply because it may be used for harm. See also this opinion."People desire to have protection and security, so they should be willing to give up some privacy in order to ensure that security and protection [sic]."
Additionally, strong ciphers are not meant to benefit only the government. They are meant to increase privacy for everyone who might need it.
This is certainly true. For example, most people agree to the possibility of having their bags searched before boarding an airplane. It is a loss of privacy with the aim of increasing security. However, there is little evidence that a ban on strong crypto will increase security, yet it will most definitely decrease our privacy."I can't imagine what personal info can be so secret that even the government may not know. If nothing is done wrong, then there shouldn't be something to hide."
There is a question of whether or not to trust governments. Think about the American Revolution: the birth of this country through open rebellion against a government our founding fathers thought was unfair. Think about Jews, gypsies, homosexuals, and others living in Germany during the Holocaust. Certainly, there are times in which secrecy from a government is crucial. See also this."Some people may believe that this 'violation of privacy' by the government, or 'big brother', will cause horrible repercussions. However, on the ninth day of September in the year two thousand and one, anno domini, we witnessed the horrible repercussions that can occur when 'big brother' fails to watch our backs."
Assuming that every government in the world is perfect, there would still be the problem of other cryptanalysis entities. Banning strong crypto not only opens up security to the government, it opens up security to everyone else who can cryptanalyze.
There are plenty of clues that our government and law enforcement agencies had about the 9/11 attacks, but ignored or missed completely. I am not saying "shame on the government" for missing clues that are only so obvious in hindsight, but rather that our government is already collecting a lot of information. It is the effective processing of this existing information that should be focused on, not the mad scrambling for more information at the cost of Constitutional rights.
Oversight is almost impossible. For example, the Carnivore system, or DCS1000, is little more than a packet capture and filter tool, yet it caused great concern among not only civil rights groups, but also Congress. The FBI continually opposed public disclosure of the system's details. It was then shown to capture more than it was intended to, thus breaking wiretap laws. Now we're not talking about a system that would just be used to listen to communications where it was installed, but one which would have access to all encrypted data flowing throughout the country."The government can be trusted and it is assumed that it won't leak your key to any other person."
The first statement is a matter of opinion and culture/background. There are countries where the government is blindly assumed to be trustworthy. There are countries where it is illegal to say anything bad about the government."The government needs to guarantee that those keys will be protected from unauthorized access, or the ciphers no longer provide any security."
As governments consist of people, they are prone to error and being influenced by others. While I believe that the US government is good in general, recent legislation being considered and passed into law has convinced me to not trust the government with my data. Again, this is opinion. See also here.
However, the second statement has nothing to do with opinion. Even if it were naively assumed that the government and its agents were incorruptible and generally perfect, their systems may not be. It has been shown that introducing key escrow into any cryptographic infrastructure opens its security up to a number of serious problems. The only way that I can guarantee that the government cannot leak my key is if the government doesn't have it to begin with.
Such a guarantee simply cannot be made."If you are protecting yourself, well then, you could be protecting yourself from your government because it is run by humans and humans are corruptible.
... and ..."If a locksmith designed a lock that could not be opened by the FBI, should he be charged to go to jail? No. A cipher is just a lock on information, no matter waht the content of information it is trying to lock, it is just a lock. Imagine that a police officer says to a shopkeeper "you are running illegal business because we can not open your door", how silly does that sound?"
Cryptography not only falls under the First Amendment in the Bill of Rights but also the Fourth."Registering the keys with the government is highly dangerous. It becomes a honey pot for hackers to go after."
That's certainly one of the many risks of key escrow."What should be regulated is how you can use them. For example encrypting secure data and sending it to China should be illegal, not because of the encryption method, but for the fact that the data itself is being used illegally (espionage)."
See above for a discussion of dual-use tools."If someone obtains the list of ciphers that the government can solve, then they basically have the access to all the ciphers that United States could potentially use!! Furthermore if the government restricts the kind of ciphers that could be used, then the ciphers used by everyone would not be as advanced and difficult to solve."
With an explicit allow list, our enemies only have to focus on attacking a limited number of weak ciphers. With an explicit deny list, users can bypass the provision by inventing new secure schemes, or changing old ones trivially and then renaming them. When Napster was shut down, there was Gnutella, Kazaa, and countless others waiting to fill the niche. To outlaw strong crypto is to ignore both science and reality."First of all, this would mean that our private cryptography advancements will be limited to how advanced the government has become and cryptanalyzing. However, this will not stop foreign enimies [sic] from developing much better ciphers. So the possibility exists that the only useful ciphers will be the ones our enimies [sic] use. Also, who is to say that other countries aren't as good at cryptanalyzing as our goverment [sic]? By limiting our own ciphers we may be allowing other foreign goverments [sic] to steal our private data."
... and ..."One of the goals of cryptography is to develop schemes that cannot be cryptanalyze [sic] and the other is to cryptanalyze it. If the government outlaws this type of encryption schemes [sic] it will hinder the progress of cryptography and it would just force its development overseas."
This is a good point. You cannot ignore the fact that laws can and have been pushing away legitimate security research.
| -- | Ben Franklin, November 11, 1755 |
| -- | Justice Louis D. Brandeis, Opinion in Olmstead vs. U.S., 1928 |
| -- | Patrick Henry, Debates in the Several State Conventions 45, 2nd ed., Philadelphia, 1836 |
| -- | ACLU President Nadine Strossen, Reason, December, 2001 |
| -- | Amendment IV, United States Bill of Rights |
| -- | Lawrence Lessig, OSCON 2002 Keynote |
| -- | George Carlin, You Are All Diseased |
| -- | Ani DiFranco, My I.Q. |
24