How to ban crypto?
Peter Fairbrother
peter.fairbrother at ntlworld.com
Sun Sep 16 12:26:08 EDT 2001
Banning cryptography to deter terrorism, or controlling it to give GAK, is
much in the news these days. I wonder if it could be done?
Bin-Laden was at one time said to use stego in posted images for comms. I
doubt this was true, but it would be very hard to stop. Good stego can be
undetectable (and deniable) for short messages of the type needed by
terrorists. Without depth it can be very hard to detect even "ordinary"
stego, and stego is advancing fast.
To prevent traffic analysis, public fora such as newspaper private ads or
chalk marks on walls have been used by spies and terrorists for a long time,
and modern ones like newsnet groups aren't very different. Requiring posters
to prove identity would be difficult if not impossible, and wouldn't work
against undetectable stego anyway. Even a popular privately run site could
be used to provide cover traffic. That's not counting the CIA's SafeWeb
anonymiser, remailers, and the like.
Subliminal channels in Government-approved crypto could also be used. Word
or phrase selections can carry messages. Pre-arranged codes can be as secure
as OTP, and impossible to detect or prove. The list is long if not endless.
Perhaps Governments can ban (non-approved?) encryption software, and punish
those who have it on their computers? I'm no expert, but it seems likely
that a macro worm could be written to do hard crypto without great
difficulty, and people can reasonably say they didn't know it was there. It
might even be possible to embed this functionality in a virus.
Certainly it could be included in freeware available on the 'net. I've also
been looking at the possibility of "steganographically" hiding
functionality, and while I can't do it yet, I'm convinced it could be done.
Any other suggestions for how to ban crypto? I can't think of anything that
would actually work against terrorists.
-- Peter Fairbrother
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list