Stefan Brands' thesis finally came yesterday from Fatbrain, almost two
months after ordering. His techniques are very powerful and interesting,
but unfortunately patented and hence of no practical value for anyone
other than the one licensee. How different the world might be if he
and Chaum had made their technology freely available.
Brands has some very strong and brave words in his epilogue in favor
of privacy, which deserve to be widely read:
"Anyone who considers 'key escrow' as a way of protecting privacy is,
of course, in a state of sin. On a fundamental level there can be no
mistake about this. Westin's widely accepted definition of privacy
clearly requires that individuals themselves are in control over their
own information. Key escrow takes this control completely away, and
therefore offers zero privacy....
"In recent years, many cryptographers have worked fiercely to replace
privacy-protecting systems by key escrow systems:
"The first area that fell victim is electronic voting. Following
proposals guaranteeing unconditional privacy, [cryptographers] introduced
key escrow electronic voting. Virtually all electronic voting schemes
proposed since then are key escrow systems...
"The most recent area that has fallen victim is electronic cash.
Starting with [certain cryptographers] a floodgate of papers on key
escrow electronic cash opened...
"Here, the primary excuse to squander privacy has been to combat
money laundering. However, money laundering concerns can be addressed
effectively witout giving up privacy by (prudently) applying one or more
of the following measures: placing limits on amounts; ensuring payee
traceability (by the payer only); limiting the issuing of electronic
cash to regulated institutions; disallowing anonymous accounts; issuing
only personalized paying devices; identifying payers in high-value
transactions; and, checking the identity of parties who convert other
forms of money into electronic cash...
"Many of the key escrow papers sport exaggerated and sometiems
downright ignorant statements about how privacy will hurt individuals,
organizations, and societies at large... [T]he key escrow smoke screen
enables the researcher to downplay the annihilation of privacy by
claiming that the new system provides 'balanced' privacy; many authors
do not even shy from claiming that their key escrow systems 'preserve'
or even 'improve' privacy....
"Privacy is protected only if each individual for him or herself is
able at all times to control and determine which parties, if any, are
capable of recovering a secret. If a user decides to give up some of
that control, that is his or her choice, but it should not be hardwired
into the design of the system....
"It is time to stop tolerating (let alone promoting) misleading practices
towards privacy, be they self-regulation, seal programs, infomediaries,
key escrow systems, or otherwise. Schemes in which users do not have
control over their own personal data offer zero privacy. No smoke and
mirrors can change this fact....
"Today, the foundations for the communication and transaction
technologies of the next century are being laid. Digital certificates
will be hardwired into all operating systems, network protocols, Web
browsers, chip cards, application programs, household utensils, and
so on. To avert the doom scenario of a global village founded wholly
on inescapable identification technologies, it is imperative that we
rethink our preconceived ideas about security and identity - and build
in privacy before the point of no return has been reached."
This is powerful writing, but one can't escape the thought that making
his advanced technology available on a non-exclusionary basis would be
a significant first step in bringing about this desirable outcome.
