Interesting People mailing list archives
Re: How much privacy? [ I think this illuminates the issues very well ... djf]
From: David Farber <farber () central cis upenn edu>
Date: Wed, 9 Feb 1994 19:15:35 -0500
From: Mike Godwin <mnemonic () eff org> To: cyberia-l () birds wm edu Date: Wed, 9 Feb 1994 11:28:57 -0500 (EST) Cc: farber () central cis upenn edu (David Farber) Trotter writes:
The government's argument, I take it, is that the benefit is law enforcement. That strikes me as at least as great a benefit as minimum wage laws; perhaps more, since it protects everybody (at least in theory), whereas min wage laws primarily benefit their recipients. Maybe EPA regs are the better analogy: everybody gets reduced pollution; with Clipper, everybody gets reduced criminal activity. Is that not a reasonable trade-off?
The problem is that the government refuses to be forthcoming as to what kind of trade-off we're talking about. There are supposedly fewer than 1000 state and federal wiretaps per year. Yet we are being asked to reconstruct the phone system and to risk billions of dollars in trade losses when there has never been shown to be any crime associated with uncrackable encryption whatsoever. Moreover, there are fundamental political issues at stake. This country was founded on a principle of restraints on government. A system in which the privacy of our communications is contingent on the good faith of the government, which holds all the encryption keys, flies in the face of what we have been taught to believe about the structure of government and the importance of individual liberty. In short, the government fails to make its case in two separate ways--pragmatically and philosophically.
In reply to the latter issue, I don't think the government cares whether an accountant in India can password protect a spreadsheet. I would guess that even Clipper or DES or whatver would be more than enough protection for such a person. I think the government cares that it be able to detect foreign intelligence that is relevant to US security or interests. I am not sure where I come out on the question, but at the very least it seems to me that the government is reasonable in this desire.
Yet there are some premises here that need to be questioned. Do we really suppose that "foreign intelligence" is dependent on the American software industry to develop its encryption tools? Diffie-Helman public-key encryption and DES are already available worldwide, yet Microsoft can't export software that contains either form of encryption. No, the real issue is that, to the extent that a mass market arises for encryption products, it makes the NSA's job more difficult, and it may at some future time make some investigations more difficult as well. When asked to quantify the problem, the government invariably begs off. Government spokespeople say "Well, how would you feel if there were a murder-kidnapping that we couldn't solve because of encryption?" To which my answer is, "Well, I'd feel about the same way that I'd feel if there were a murder-kidnapping that couldn't be solved because of the privilege against self-incrimination." Which is to say, I understand that limits on government power entail a loss in efficiency of law-enforcement investigations and intelligence-agency operations. Nevertheless, there is a fundamental choice we have to make about what kind of society we want to live in. Open societies, and societies that allow individual privacy, are *less safe*. But we have been taught to value liberty more highly than safety, and I think that's a lesson well-learned. What's more, we need to be able to rational risk assessment, and that's something that the government resists. The government subscribes to the reasoning of Pascal's Wager. Pascal, you may recall, argued that the rational man is a Christian, even if the chances that Christianity is true are small. His reasoning is quasi-mathematical--even if the chances of Christianity's truth are small, the consequences of choosing not to be a Christian are (if that choice is incorrect) infinitely terrible. Eternal torment, demons, flames, the whole works. This is precisely the same way that the government talks about nuclear terrorism and murder-kidnappings. When asked what the probability is of a) a nuclear terrorist, who b) decides to use encryption, and c) manages otherwise to thwart counterterrorist efforts, they'll answer "What does it matter what the probability is? Even one case is too much to risk!" But we can't live in a society that defines its approach to civil liberties in terms of infinitely bad but low-probability events. Open societies are risky. Individual freedom and privacy are risky. If we are to make a mature commitment to an open society, we have to acknowledge those risks up front, and reaffirm our willingness to endure them. --Mike
Current thread:
- Re: How much privacy? [ I think this illuminates the issues very well ... djf] David Farber (Feb 09)