Which internet services were used?

Perry E. Metzger perry at piermont.com
Sat Sep 15 18:10:07 EDT 2001 

"Eric" <yonica at qwest.net> writes:
> > [Moderator: I've listened to virtually all the news conferences made
> > so far. The FBI has yet to make any such statement.
> >
> > In any case, however, why should we find this any more shocking or
> > unfortunate than terrorism being plotted using telephones, or paper
> > letters, or conversations? Why are there no hysterics noting "the
> > plotters travelled using AUTOMOBILES!"
> 
> 
> The claim is that automobiles or telephones do not evicerate the ability of
> law enforcement to effectively do their job, while the use of strong
> encryption and other electronic sundry do.  Therefore, it is argued that
> cars and certain phones are ok, while strong encryption is not.

This claim is, however, wrong.

First, lets look at the question of automobiles. Automobiles certainly
reduce the ability of law enforcement to do its job. The accomplices
of the hijackers almost certainly fled their locations in
automobiles. They would have been unable to go far without
automobiles. It has also been noted in some of the media that Ossama
bin Ladin left his location shortly after the attacks -- presumably in
an automobile. Not having automobiles would have made it easier to
bomb Mr. bin Ladin and to catch accomplices. However, no one would
suggest this for fear of looking foolish. The arguments about
encryption are virtually identical -- only people are unfortunately
not so afraid of looking like fools in public.

It can be argued that not requiring recordings of all phone
conversations "impedes law enforcement". Indeed, one would expect such
recordings to be necessary, given that even if made in the clear, it
would be impossible to go back in time to listen in on the
conversations of the hijackers. Would you like that done?

It can be argued that strong encryption made the deaths of these 4000
people possible. How it made it possible is never explained. Let us
try exploring that question, however.

If there were no strong encryption, what could have been done
differently? Perhaps without it law enforcement could systematically
listen in on every conversation everywhere and every email message
flowing worldwide and record them and listen for "threats". They would
have had to. After all, had they known who these people were in
advance, they could have simply targeted them for intense surveillance
including bugging their homes and computers. By definition they DID
NOT know who they were, so they would have needed to search
EVERYTHING.

Lets say such universal surveillance -- a horror I cannot imagine --
were both possible and practical. Would it have stopped anything?
No. In response, the hijackers would simply have visited each other in
person to coordinate their plot, and we have already established that
had the government known who they were so they could have bugged such
conversations, universal surveillance would not have been required in
the first place.

Would it have been so difficult for them to, say, go and visit each
other to pick a date to fly planes into the World Trade Center?

It is trivial to blame encryption here, but I can't see that it is
reasonable to blame it. There is no evidence at all -- NONE -- that in
the absence of encryption it would not be equally possible to carry
out such attacks. I repeat:

  There is no evidence at all that in the absence of encryption it
  would not be equally possible to carry out such attacks.

At the very best, the internet could have provided a convenience to
the plotters -- no more.

The killing of Israeli athletes at Munich involved no encryption --
nor did a thousand other attacks. Why would you need encryption to be
a terrorist?

The people who claim "such an attack could only be made possible
via coordination over the internet" obviously don't remember that
people managed to communicate dates to meet even before there were
phones or even post offices, let alone the internet.

These same people ignore the fact that the US economy, and indeed the
world economy, could no longer function without encryption. Encryption
is vital to PREVENTING crime, you see. It provides enormous and
powerful security to ordinary people conducting their ordinary
affairs. Most are unaware that they're using encryption, but they
are. Would you like it easier for people to break into computer
networks? Would you like your electrical power system or your local
hospital to be more vulnerable to remote attack?  Just ban
encryption. Your wishes will be made manifest.

Ultimately, what is unsaid is that if widespread encryption is used,
the NSA will be unable to vacuum-cleaner listen in on billions of
conversations and transactions and spot such things before they
happen. Ignoring the vast and horrific intrusion that such systematic
surveillance of all members of society implies, there is no evidence
that terrorists couldn't simply modify their methods in response to
this, just as communist terrorists in Germany did when they
systematically studied law enforcement techniques to evade capture in
the 1970s and 1980s. Nothing obligates a terrorist to obey the law,
nothing obligates them to conduct their affairs in such a way as to
permit easy capture.

There is also the question of skill. Even if you could find every copy
of PGP on earth and erase it, if Ossama bin Laden could get his people
trained as pilots, what would be so hard about getting them copies of
Bruce Schneier's book? Or do you plan to ban it and all the others? I
teach cryptography, and can testify that although most students are
mediocre and couldn't devise new encryption algorithms, they do not
need to. Even the mediocre ones can code to recipes. If they need
encryption, they will get it, and people who hijack planes do not fear
your laws.

There is a sense among politicians and the more foolish members of
wider society that we must "do something" to prevent this kind of
tragedy -- that doing ANYTHING is better than doing nothing. Well,
there are a number of kinds of "anything" that are far, far worse than
doing nothing.

Perry



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list