Why "carnivore" type systems can't be (entirely) open source

Brian Gladman Brian Gladman" <brg at gladman.plus.com
Mon, 5 Feb 2001 12:04:36 -0000 

From: "Owen Lewis" <oml@eloka.demon.co.uk>
To: <ukcrypto@chiark.greenend.org.uk>
Sent: Monday, February 05, 2001 12:54 AM
Subject: Re: Why "carnivore" type systems can't be (entirely) open source

[snip]
> I am aware of the pressure there has been, internationally, for some form
of
> GSM decoder. That pressure would never have existed had the various
parties
> been satisfied with what access they had. I am surprised that you do not
> know this.

I am completely disinterested in GSM since I will never make any use of it.

[snip]
> One might argue that point but let it pass. In context, it is only
important
> to note that GSM traffic is en claire throughout most of its routing. We
are
> agreed also that, as a result,  the strength of the cipher in the GSM
system
> could never be a critical factor for users.
> >
> > > Expect - hope for even - more successes of its like. You can always
try
> >> and prove me wrong by coming out with a version of your own mobile
phone
> >> that uses the most secure cryptosystem you know and then try and sell
it
> >> to the public.
>
> > This is pure politics.
>
> :-) Earlier today, reflecting on *your* commentary so far in this thread,
I
> concluded that it was driven by politics :-)

A good guess but since I am only making a minimum use of STO to hide my
intentions, I cannot give you high marks for arriving at this conclusion :-)

> > AES (Rijndael) exists and is unbreakable by anyone (as far as anybody
> > knows). It is easily possible to deploy it in mobile phones and whether
or
> > not it appears is a political issue.
>
> 'Political' is surely the wrong word. We have laws, national and
> international with which, by general consent, we should abide. These laws
> may not always be wise, perhaps, but they are the only laws we have until
we
> change them. Until the laws are changed it behoves us usually to find ways
> to conduct our business satisfactorily with in them.

I suspect that I have a great deal less respect for the law than you do.
Much of what is law has always been used by the powerful to deny the rights
of others who live under its umbrella. This is much worse in many other
countries than it is in the UK but we are far from the shining example that
is often claimed.

In particular I do not accept any absolute duty to respect laws. I
consciously break several regularly and I observe that I am far from alone
in this behaviour [1]

When Members of Parliament return to a situation in which they represent
their constituents rather than their party machines, I might then reconsider
my position and move to treat the law with more respect. I am happy to be
governed (and judged) by my peers but not by any government that is not
accountable because the sham that we call democracy is nothing of the kind.

   Brian

[1] Interestingly, and bringing this thread back 'on topic', I was involved
a few years ago in a survey of the extent to which organisations based in
the UK obeyed the encryption export laws.  We found that a very large
proportion of companies who were approached were happy to illegally export
cryptographic products.