[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FYI] (Fwd) Brands on privacy




------- Forwarded message follows -------
Date sent:      	26 Feb 2000 23:40:07 -0000
To:             	cypherpunks@cyberpass.net, cryptography@c2.net
From:           	lcs Mixmaster Remailer <mix@anon.lcs.mit.edu>
Subject:        	Brands on privacy

Stefan Brands' thesis finally came yesterday from Fatbrain, almost two
months after ordering.  His techniques are very powerful and
interesting, but unfortunately patented and hence of no practical
value for anyone other than the one licensee.  How different the world
might be if he and Chaum had made their technology freely available.

Brands has some very strong and brave words in his epilogue in favor
of privacy, which deserve to be widely read:

"Anyone who considers 'key escrow' as a way of protecting privacy is,
of course, in a state of sin.  On a fundamental level there can be no
mistake about this.  Westin's widely accepted definition of privacy
clearly requires that individuals themselves are in control over their
own information.  Key escrow takes this control completely away, and
therefore offers zero privacy....

"In recent years, many cryptographers have worked fiercely to replace
privacy-protecting systems by key escrow systems:

"The first area that fell victim is electronic voting.  Following
proposals guaranteeing unconditional privacy, [cryptographers]
introduced key escrow electronic voting.  Virtually all electronic
voting schemes proposed since then are key escrow systems...

"The most recent area that has fallen victim is electronic cash.
Starting with [certain cryptographers] a floodgate of papers on key
escrow electronic cash opened...

"Here, the primary excuse to squander privacy has been to combat
money laundering.  However, money laundering concerns can be addressed
effectively witout giving up privacy by (prudently) applying one or
more of the following measures: placing limits on amounts; ensuring
payee traceability (by the payer only); limiting the issuing of
electronic cash to regulated institutions; disallowing anonymous
accounts; issuing only personalized paying devices; identifying payers
in high-value transactions; and, checking the identity of parties who
convert other forms of money into electronic cash...

"Many of the key escrow papers sport exaggerated and sometiems
downright ignorant statements about how privacy will hurt individuals,
organizations, and societies at large... [T]he key escrow smoke screen
enables the researcher to downplay the annihilation of privacy by
claiming that the new system provides 'balanced' privacy; many authors
do not even shy from claiming that their key escrow systems 'preserve'
or even 'improve' privacy....

"Privacy is protected only if each individual for him or herself is
able at all times to control and determine which parties, if any, are
capable of recovering a secret.  If a user decides to give up some of
that control, that is his or her choice, but it should not be
hardwired into the design of the system....

"It is time to stop tolerating (let alone promoting) misleading
practices towards privacy, be they self-regulation, seal programs,
infomediaries, key escrow systems, or otherwise.  Schemes in which
users do not have control over their own personal data offer zero
privacy.  No smoke and mirrors can change this fact....

"Today, the foundations for the communication and transaction
technologies of the next century are being laid.  Digital certificates
will be hardwired into all operating systems, network protocols, Web
browsers, chip cards, application programs, household utensils, and so
on.  To avert the doom scenario of a global village founded wholly on
inescapable identification technologies, it is imperative that we
rethink our preconceived ideas about security and identity - and build
in privacy before the point of no return has been reached."

This is powerful writing, but one can't escape the thought that making
his advanced technology available on a non-exclusionary basis would be
a significant first step in bringing about this desirable outcome.

------- End of forwarded message -------