A proper law

Owen Lewis oml at sysrx.uk.com
Sat, 8 Mar 2003 18:55:09 -0000 

> -----Original Message-----
> From: ukcrypto-admin@chiark.greenend.org.uk
> [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of Brian Gladman
> Sent: 07 March 2003 18:24
> To: ukcrypto@chiark.greenend.org.uk
> Subject: Re: A proper law
>
>
>
> ----- Original Message -----
> From: "Owen Lewis" <oml@sysrx.uk.com>
> To: <ukcrypto@chiark.greenend.org.uk>
> Sent: Friday, March 07, 2003 5:17 PM
> Subject: RE: A proper law
>
>
> >
> >
> > > -----Original Message-----
> > > From: ukcrypto-admin@chiark.greenend.org.uk
> > > [mailto:ukcrypto-admin@chiark.greenend.org.uk]On Behalf Of
> Brian Gladman
> > > Sent: 06 March 2003 14:29
> > > To: ukcrypto@chiark.greenend.org.uk
> > > Subject: Re: A proper law

(Proposal that there is insignificant use of crypto by criminals)
> > >
> > > > I am not at all sure how one might derive satisfactory evidence in
> > > > this regard.
> > >
> > > I am satisfied with the credentials of those who have sought and
> presented
> > > evidence on this issue.
> > >
> > > And my opinion, based on their work, is that current evidence does not
> > > justify the need for GAK as an aid to law enforcement.
> >
> > Thank you. Are you able to point me to the published sources on
> which you
> > rely?
>
> The principal reference is:
>
> http://www.cs.georgetown.edu/~denning/crypto/cases.html
>
> This is a bit old now but my guess is that it is still a
> reasonable summary
> of the position.

As you say, Dorothy is always worth reading and listening to. However, in
this matter, her paper that you cite hardly justifies your opinion. Setting
its age (5 yrs) aside for the moment, it offers a series of interesting and
randomly gathered anecdotes. In my view it cannot be used as any guide at
all guide either to the incidence of the use of cryptography in support of
criminal enterprises not the breaking of legitimate cipher systems for
criminal purposes. What it does show is much more modest in scope. Namely,
that even five years and more ago some criminals were using cryptography in
pursuing their aims and some were stealing by breaking into cipher protected
logical systems.

To be straight, I have not, thus far, sought any statistical evidence in
regard to the former. My occasional dealings with serious criminal matters
have offered me sufficient general guidance to meet my peripheral interest.

The latter is closer to the bulk of my work but, no, even here I have found
no authoritative statistics, nor do I expect ever to do so. It is quite
evident that the heuristic methods used to evaluate risk to property or
other value with physical form, are useless when applied to a wide range of
risks to the security of information. Information is one of the few things
one can 'steal' without depriving its originally sole possessor of anything
at all. Rather value is extracted by the making of a copy that may have no
physical form. In so doing, value is created for the copier and the value
possessed by the originally sole possessor is diminished. The statistical
record of such criminal activity is woefully thin because:

			-	Most incidents pass unnoticed.

			-	Where noticed, the victim usually prefers to swallow the loss in
silence rather than accept the alternative penalties that making the loss
public would entail.

However, if we consider only the application of cryptography in serious
criminal activity then the statistical evidence should be accumulating
nicely on the hands of the law enforcement agencies of many countries.
However, if any of this has been published I do not yet know of it.

It seems to me that especially in respect of the sharing of opinions in this
group and the attempts to moderate or modify policy in crypt graphical
matters, some good, hard statistics would usefully inform us all.

Well then, I ask our resident HO contributor, "Well Simon, how about it?
Please can you have the UK statistics for the last 5 years (or from the time
that collection started if less then 5 years) released to the UK Crypto
mailing list?

I can quite see that there are those in Government service from whom the
extraction of such information might be as easy as extracting hens' teeth.
However, in this case, I think there is a good case that the release of this
information - whatever it shows - is solidly in the public interest. Neither
can it hamper materially law enforcement procedures or continuing
investigations. Equally, should one be told that that this information has
not been comiled, that iniself would be interesting and worth knowing.

So how about it, Simon? Would you be good enough to obtain the requisite
statistics for release here through your good self?
I quite accept that a successful outcome can hardly be within your gift to
assure but you can surely ask. Moreover, if you ask and are refused, you
would be able to say so here so that another and more formal appaoch might
be considered. If the documentation is voluminous, perhaps it can be put up
on the UKG web site with pointer to the page being put here?

However, it would be useful to obtain also the figures from other countries,
especially US, CAN, FR, GE and SP. Do any members of this list have the
figures or know a source for such statistics in their own or some other
countries?

Owen