From: <anonymous>
On Tue, 16 Jun 1998, mea culpa wrote:
> Reply From: "Joseph Pung" <Pungj@meijer.com>
>
> I'm confused about the reaction of people over key escrow. I mean I
> fully understand what the govt wants to do. What I don't understand is
> why people think the Internet is a fundamentally different form of
> communication medium than the telephone or mail.
The Internet is fudamentally different from those other media in that the
data which crosses the 'net may be more readily accessed, stored and
manipulated than that which traverses phone lines or the USPS.
> How many of us use cell phones or cordless phones? Isn't the interception
> of these forms of communications a "hobby" with its own magazine? I
> submit that more citizens (not the govt) intercept telephone conversations
> than e-mail. I also submit that more people use telephones than e-mail.
> So why isn't there the same hysteria over our lack of telephone privacy?
Because the people who use cordless phones and non-digital cellphones are
clueless. If they had clue one, they would NOT use those technologies.
Meanwhile, a number of very clued-in folks use e-mail and thus have a deep
appreciation for medium's inherent lack of privacy and security.
> In addition, I think most people look at the US Postal system as "secure".
> But isn't our mail in the possession of the govt (the same one that wants
> to read all of your e-mail). And, doesn't our most confidential of all
> data travel via mail (bills - medical, dental, mortage personal,
> correspondence, credit card info, life insurance applications etc.).
>
> What am I missing?
Here's what you're missing:
1. If one letter is intercepted, it must be handled
individually and manipulated individually. Care
must be exercised to prevent detection of
physical interception and manipulation. Coupled
with this are pretty elaborate measures on just
who can get access to mail and for what purpose.
This is a tedious and time-consuming task. So much
so that it basically assures that if the task is to be
attempted, it'd better be for a good reason because
favors will have to be called in.
2. Once one has the crypto backdoors, opening _any_
communication is a snap. No one would be the
wiser on what is opened or by whom. There would
be absolutely no evidence that the system had been
breached. Thus the chain of responsibility and
culpability would be incontrovertibly weakened
when (not if) sensitive/personal data is leaked
into the public domain.
Given that the government generally underestimates the need for security
at every turn, I would lay odds that the backdoors and escrowed keys would
be readily socially-engineered out of the government's hands within 6
months of the start of just such a program.
Yes, I have no faith in any governmental agency's "wisdom." They
consistently demonstrate that they possess none.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Fri Jun 19 08:43:09 1998