Re: Internet protocol proposal raises privacy concerns

Robert J. Bradbury (bradbury@www.aeiveos.com)
Mon, 18 Oct 1999 12:50:06 -0700 (PDT)

On Sun, 17 Oct 1999, Matthew Gaylor wrote:

>
> Privacy groups scramble to influence the outcome of a proposed Internet
> protocol in the wake of revelations that the standard could make it easier
> for companies and law enforcement to monitor Net users.
>

I noticed this, but find I can't get excited over it. Maybe I don't understand encryption, but it seems the logical thing would be to encrypt all of the server-client communications?

If I have a secure server and there is a protocol "extension" that allows me to send my private key to the server, can't the server send everything back to me in an encrypted form so law enforcement & companies have no way of knowing what is being transmitted to me?

If a company wants to distribute "restricted" material the logical thing would seem to be to get a site offshore (just as the Gambling sites have now all moved to the Carribean).

Now, of course the group in Israel has cracked the encryption codes, so if law enforcement/government had widespread access to the technology then could be a problem. Would hardware chips to provide rapid encryption with longer codes solve this? If so it seems like AMD could further differentiate itself from Intel by providing on-chip 4096-bit RSA encryption.

Does this make any sense to anyone?

It seems the motivation behind this is that parents are pushing the politicians to find a way to keep their children out of the X & V sites (or in Germany, the N sites). However, even if the sites are rated, the browsers are software and I would have to expect that programmers somewhere will release browsers that ignore the ratings. So if the ISP carriers can't see the data and the browsers ignore the ratings, I don't see how this can be stopped. Sure parents can scan the hard drives for the "open" browsers and remove them, but with floppies pushing 100 MB, you can be sure kids will pass around the illicit software among themselves so parents are completely in the dark about what children have access to.

It seems with the rapid advancement of technology the privacy advocates (the small guy) should promote accelerating technology innovations, leaving the big [bureaucratic] guy (government, law enforcement, etc.) playing continual "catch-up".

I think the genie is out of the bottle and it will take several rounds of politicians saying "See, we fixed the problem", before it is clear that it can't be fixed. In that situation the best thing to do would be to get through those attempts as quickly as possible so we will stop it and move onto something else.

Solutions that work when you control the information providers (broadcasters) and receiving device manufacturers (TV manufacturers) simply cannot work when everyone (including people outside your country) are potential providers, many people can create the receiving devices (software) and what goes in between cannot be examined for "censorship".

It is going to be very interesting to see if governments get to the point of trying to regulate the actions of their citizens in other countries!?! I.e. A German citizen who wants to manage a N site located in the U.S. or a U.S. citizen who wants to sell guns on a site in Cuba, etc.

If I ship my gun to a friend in Cuba, he takes 10% and then ships the gun to some teenager in the U.S., have I violated a law? [Perhaps a "conspiracy" to violate a law?] Governments may have some hope of regulating the sale of guns or drugs, but "data" seems pretty impossible to regulate.

Robert