How to ban crypto?

[Jeremy Barker]

The plain truth is that if you properly consider the practicalities banning
crypto is impossible.  Unfortunately the politicians who make our laws have a
long track record of not considering (or understanding) practicalities.  In any
case, as you point out, one can communicate secretly without using crypto.

I have heard the argument that if you ban crypto then those who use it will
automatically attract attention to themselves.  While that might be the case (if
they are stupid enough not to disguise the encrypted message) it does nothing to
help reveal the content of their messages.  Unless you can use it to physically
get to an endpoint of the transmission you have very little chance of recovering
plaintext.  If you can intercept at the endpoint crypto becomes irrelevant.

Peter Fairbrother wrote:

> Banning cryptography to deter terrorism, or controlling it to give GAK, is
> much in the news these days. I wonder if it could be done?
>
> Bin-Laden was at one time said to use stego in posted images for comms. I
> doubt this was true, but it would be very hard to stop. Good stego can be
> undetectable (and deniable) for short messages of the type needed by
> terrorists. Without depth it can be very hard to detect even "ordinary"
> stego, and stego is advancing fast.
>
> To prevent traffic analysis, public fora such as newspaper private ads or
> chalk marks on walls have been used by spies and terrorists for a long time,
> and modern ones like newsnet groups aren't very different. Requiring posters
> to prove identity would be difficult if not impossible, and wouldn't work
> against undetectable stego anyway. Even a popular privately run site could
> be used to provide cover traffic. That's not counting the CIA's SafeWeb
> anonymiser, remailers, and the like.
>
> Subliminal channels in Government-approved crypto could also be used. Word
> or phrase selections can carry messages. Pre-arranged codes can be as secure
> as OTP, and impossible to detect or prove. The list is long if not endless.
>
> Perhaps Governments can ban (non-approved?) encryption software, and punish
> those who have it on their computers? I'm no expert, but it seems likely
> that a macro worm could be written to do hard crypto without great
> difficulty, and people can reasonably say they didn't know it was there. It
> might even be possible to embed this functionality in a virus.
>
> Certainly it could be included in freeware available on the 'net. I've also
> been looking at the possibility of "steganographically" hiding
> functionality, and while I can't do it yet, I'm convinced it could be done.
>
> Any other suggestions for how to ban crypto? I can't think of anything that
> would actually work against terrorists.
>
> -- Peter Fairbrother