On Wed, 24 Feb 1993 11:05:05 -0900 "John W. Redelfs" <KSJWR@ALASKA> said: >If the contents of a message cannot be determined to be controversial, >what difference does it make if everyone knows who sent it? A plot to >hijack an aircraft carrier could be freely discussed on a list for >homemakers baking for state fair competitions. Can we please keep our hypothesis constant so that we can have a meaningful discussion? We were talking about the use of mailing lists and LISTSERV in particular to hold controversial discussions. If I see that you are posting something to the KKK's closed list, I don't really need to know what exactly you said to suspect you of being affiliated with the KKK. >Why couldn't a user wanting privacy encrypt his posts, send them by >modem to a remote service offering anonymous posting, and post the >encrypted traffic anonymously from there? If the owner of the anonymous >posting service kept his records encrypted, how would anyone find out >who the original author was? How do you run a mailing list under such circumstances? All the subscribers would have to have the key to decrypt the text. All it will take is a hacker breaking into one of the hundreds of PC's or unix systems to get the key. >The article was written by a couple of mathematicians who claimed that >computers would make encryption so easy that codes could be generated >that would be EFFECTIVELY unbreakable, not PERFECTLY unbreakable, but >requiring so much CPU time to decode that no one would bother. The Enigma traffic from WW II has still not be decrypted. What little the secret services managed to decrypt was due to the fact that the Germans started all their letters with "My dear and esteemed colleague, blah blah" and this collateral was tremendously useful in breaking the code. But for the rest - the common efforts of the entire western world still haven't managed to break it. So you see, we don't really need top-notch technology to have safe encryption (Enigma, by the way, requires very little CPU time; the expensive techniques are those using public keys). Now look at what the US government has done to protect the privacy of its citizens. Yuppiephone manufacturers realized that it was just too easy to listen in, what with the market being close to saturation and requiring a new generation of phones so the sales could keep rolling. So they added encryption. The US government didn't take long to arrange for the encryption technique to be rendered virtually useless so that they could easily listen in. Within a couple years there will be receivers with built-in yuppiephone decryption - oh, it will be illegal to sell them of course, but they'll be available. You know, car radars are illegal in most european countries. Frankly, I don't see how computers (which lawyers don't understand and are afraid of) can succeed where regular phones (which lawyers understand and which are protected by all sorts of wiretapping laws) failed. >I spent several years working as a locksmith. There are no locks or >security systems that cannot be defeated. But there are many that make >it easier to go elsewhere to break in. As locks and alarms become more >sophisticated, so do thieves. But the reverse is also true. Wouldn't it >be that way with encryption? A thief is after any house containing valuables. A hacker has very different objectives. If Joe has decided to collect damaging evidence about, say, all democratic candidates, he isn't going to start snooping on republicans just because most of his victims were using encryption. Eric