Cryptographic Policies and Social/Public Policy Issues
by George Forman
#1. I believe no attempt should be made to limit domestic use of strong
encryption techniques.
(One cannot legislate that all communication be intelligible to the
government. Such laws cannot be enforced. Information can be sent in
many subtle ways. Only the good guys and the dumb bad guys will comply.)
#2. While I think "key escrow cryptography" is interesting technology
(and perhaps useful within some businesses), I do not believe it should
be adopted as a national standard.
(Its costs and risks outweigh its practical benefit. Consider #1 above.
Also, power corrupts-- the escrowed keys will be the subject of many
attacks;
consider the complexity and cost of maintaining nearly infinitely many keys
forever. And how hard will it be for the FBI to obtain the right
escrow keys if a bad guy is using several stolen phones, and perhaps
encrypting his e-mail messages with standard encryption programs
available on BBSs and the Internet?)
#3. I think the details of any nationally adopted encryption scheme
should be published.
(I think publishing the details of the encryption system has a great
benefit-- lots of people who care will proof read it and test its
robustness. Having only a few great minds proof it isn't as good as
having a lot of people beat on it.)
Thank you for your effort to collect responses,
George Forman
PhD candidate, Univ of Washington, Seattle
|