Ron Rivest's response to Dorothy Denning Newsday editorial

[David Farber <farber () central cis upenn edu>]

Please note I have no easy way to authenticate the validity of this note
since it is not crypto signed. Also please note I am happy to give both
sides (and there may be more than just two) of this discussion. But also
please don't yell at me if you don't like what you read. Yell at the sender
(cc or bcc me) and/or send me a rebuttal. I will attempt to not forward
things I consider liabilious, in bad taste or just grossly in-accurate AND
OBVIOUSLY things sent to me  that are not of interest to IP.  Dave




Date: Fri, 25 Feb 94 16:24:20 EST
From: rivest () theory lcs mit edu (Ron Rivest)
To: denning () cs cosc georgetown edu
Subject: Newsday Editorial




Hi Dorothy --


Thanks for sending me a copy of your editorial.  But I find the
reasoning you present misleading and unpersuasive.


First, you argue that the clipper chip will be a useful law
enforcement tool.  Given the small number of currently authorized
wiretaps per year (under 1000) and the ease of using alternative
encryption technology or superencryption, it seems plausible to me
that law enforcement could expect at most ten "successful" clipper
wiretaps per year.  This is a pretty marginal basis for claiming that
clipper will "block crime".


Second, you seem to believe that anything that will "block crime" must
therefore be a "good thing" and should therefore be adopted.  This is
not true, even if it is not subject to government abuse.  For example,
a system that could turn any telephone (even when on-hook) into an
authorized listening microphone might help law enforcement, but would
be unacceptable to almost all Americans.  As another example, tatooing
a person's social security number on his or her buttocks might help
law enforcement, but would also be objectionable.  Or, you could
require all citizens to wear a bracelet that could be remotely queried
(electronically, and only when authorized) to return the location of
that citizen.  There are all kinds of wonderfully stupid things one
could do with modern technology that could "help" law enforcement.
But merely being of assistance to law enforcement doesn't make a
proposal a good thing; many such ideas are objectionable and
unacceptable because of the unreasonably large cost/benefit ratio
(real or psychological cost). The clipper proposal, in
my opinion, is of exactly this nature.


Third, you seem unnecessarily polly-annish about our government and the
potential for abuse.  The clipper proposal places all trust for its
management within the executive branch; a corrupt president could
direct that it be used for inappropriate purposes.  The unspecified
nature of many of the associated procedures leaves much room to
speculate that there are "holes" that could be exploited by government
officials to abuse the rights of American citizens.  Even if the
proposal were modified to split the trust among the various branches
of government, one might still reasonably worry about possible abuse.
Merely because you've met the current set of representatives of
various agencies, and feel you can trust them, doesn't mean that such
trust can be warranted in their successors.  One should build in
institutional checks and balances that overcome occasional moral
lapses in one or more office holders.


Fourth, your discussion of "searching your home and seizing your
papers" is misleading.  You seem to imply that because law enforcement
can be issued a warrant to search your home, that we should adopt
clipper.  Yet this analogy only makes sense if individuals were
required to deposit copies of their front door keys with the
government.  I can build any kind of house I wish (out of steel, for
example), and put any kind of locks on it, and wire up any kind of
intrusion detectors on it, etc.  The government, armed with a search
warrant, is not guaranteed an "easy entry" into my home at all.  The
appropriate analogical conclusion is that individuals should be able
to use any kind of encryption they want, and the government should be
allowed (when authorized, of course) to try and break their
encryption.


Finally, you argue (elsewhere, not in this editorial) that the decision
rests in part on "classified" information.  Such an argument only makes
sense if there is a specific law-enforcement situation that makes such
classified information timely and relevant.  (E.g., if there was a
current investigation as to whether the Department of the Treasury had
been infiltrated by organized crime.)  The use of "classified information"
is otherwise generally inappropriate in discussing communications policy
that will last over decades.


This hardly covers all of the relevant issues, but it covers the
points that came immediately to mind in reading your editorial...


        Cheers,
        Ron


P.S. Feel free to pass along, quote, or otherwise re-distribute this...