Date: Mon, 17 Mar 2008 16:39:51 -0700 From: Simson Garfinkel <[EMAIL PROTECTED]> Subject: Re: [FDE] Appropriate key lengths
>Sorry, I need to chime in on this one. >Cryptography is the wrong tool to assure the release of information at a certain date. The correct tool is legislation, regulation, and political structures. We know how those systems work, we have a lot of experience with them, and they are much more reliable and less brittle than the computer systems that implement the cryptographic algorithms. Simson, I'm sorry, but I think we are talking at cross purposes. If as a society we increasingly use cryptography to protect everything from our personal diaries and love letters to our medical records, then I fail to see how legislation, regulation, and political structures are going to solve the problem that historians may be interested in those details, and we as individuals may be willing to let our descendents read them, so long as our personal privacy is not compromised. What kind of legislation or regulation would you suggest - that all diaries be kept unlocked, and that encrypted records be prohibited? At present, all classified documents are supposed to have a Declassify On date associated with them, although "OADR" (Originating Agency Determination Required) if often used to avoid automatic declassification. But if those records are encrypted, then there is the issue of finding the right keys, knowing what records are even worth examining, and dealing with the staggering number of exabytes of such data. Now, I grant that the use of cryptography may often be imposed as a solution to solve a harder problem, such as the misuse of such personal information by unauthorized personnel (e.g., everyone in the hospital who just had to look at Britney Spear's medical records), or the inability of merchants to adequately protect their credit card records, or the reluctance of the banking community to use something other than user name and password for authentication. But to date, those legislatively mandated systems have failed utterly to achieve their goals, while other attempts by legislation to control these problems (e.g., SB-1386) have lead to the increased (and in my judgment perfectly appropriate) requirement for encryption, leading to the problem I posed. And if this is true of the personal and health records, it is even more true of classified data. As we have already seen, it is much too easy for someone to decide to simply destroy evidence (tapes of water-boarding) than to run the risk of exposure. So the use of encryption for official records will become increasingly prevalent, and much harder to manage. You can pass all of the laws and regulations you would like, but if the President can get by with a signing statement that is essentially a veto that cannot be overridden, then I fail to see how such legislative solutions can be considered reliable or efficacious. I think you were addressing the issue of Coventry, Pearl Harbor, the JFK assassination, and what really was going on in Roswell. But even if an encrypted smoking gun existed, which I doubt, I also doubt whether any laws or regulations would help to keep the Government itself honest. It is simply too easy to destroy inconvenient truths. _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
