[p2p-research] Trust, crypto, and social change (was Re: Google gets into the DNS business)

Paul D. Fernhout pdfernhout at kurtz-fernhout.com
Mon Dec 7 18:40:47 CET 2009


Eugen Leitl wrote:
> On Sun, Dec 06, 2009 at 10:43:54AM -0500, Paul D. Fernhout wrote:
> 
>> This may reflect a deeper shift in our society. For most people, the Google 
>> corporation is now effectively the de-facto government that structures 
>> their lives online. So, how can we make Google a good government? :-)
> 
> You can't. Neither a corporate nor a government entity can be trusted.

Other people like Ted and Patrick have replied in different ways on that.

I'm going to reply including saying some things and providing some links to 
things you obviously already know, just to make this a broader response.

One big issue is that there are degrees of trust, areas of trust, and 
directions of trust. One does not have to make it an all or nothing thing. 
One can trust the US Postal Service to deliver certified letters with almost 
100% certainty, even if one might not trust the US post office to not look 
inside them with bright lights and image processing software. One might 
trust the US government to quickly stop local armed feuds within a US town 
even if one might not trust the US government to stop feuds in another 
country (like Iraq, where it help create many).

A funny video about how "trust" can mean different things to different people:
"Trusted Computing"
http://www.lafkon.net/tc/

I'll trot out this again (even as the American Conservative article ignores 
the value of community being fostered by good governance):
  http://www.amconmag.com/article/2005/mar/14/00017/
"If Marxism is the delusion that one can run society purely on altruism and 
collectivism, then libertarianism is the mirror-image delusion that one can 
run it purely on selfishness and individualism. Society in fact requires 
both individualism and collectivism, both selfishness and altruism, to 
function. ... The most fundamental problem with libertarianism is very 
simple: freedom, though a good thing, is simply not the only good thing in 
life. Simple physical security, which even a prisoner can possess, is not 
freedom, but one cannot live without it. Prosperity is connected to freedom, 
in that it makes us free to consume, but it is not the same thing, in that 
one can be rich but as unfree as a Victorian tycoon’s wife. A family is in 
fact one of the least free things imaginable, as the emotional satisfactions 
of it derive from relations that we are either born into without choice or, 
once they are chosen, entail obligations that we cannot walk away from with 
ease or justice. But security, prosperity, and family are in fact the bulk 
of happiness for most real people and the principal issues that concern 
governments."

People have had governments of various sorts for thousands of years. And 
they have also collapsed periodically, as Daniel Quinn talks about. But, to 
thing holistically about this, we have to see governments as just one aspect 
of a bigger issue of meshworks, hierarchies, and interfaces.

 From Manuel de Landa:
   "Meshworks, Hierarchies, Interfaces"
   http://www.t0.or.at/delanda/meshwork.htm
"Indeed, one must resist the temptation to make hierarchies into villains 
and meshworks into heroes, not only because, as I said, they are constantly 
turning into one another, but because in real life we find only mixtures and 
hybrids, and the properties of these cannot be established through theory 
alone but demand concrete experimentation. Certain standardizations, say, of 
electric outlet designs or of data-structures traveling through the 
Internet, may actually turn out to promote heterogenization at another 
level, in terms of the appliances that may be designed around the standard 
outlet, or of the services that a common data-structure may make possible. 
On the other hand, the mere presence of increased heterogeneity is no 
guarantee that a better state for society has been achieved. After all, the 
territory occupied by former Yugoslavia is more heterogeneous now than it 
was ten years ago, but the lack of uniformity at one level simply hides an 
increase of homogeneity at the level of the warring ethnic communities. But 
even if we managed to promote not only heterogeneity, but diversity 
articulated into a meshwork, that still would not be a perfect solution. 
After all, meshworks grow by drift and they may drift to places where we do 
not want to go. The goal-directedness of hierarchies is the kind of property 
that we may desire to keep at least for certain institutions. Hence, 
demonizing centralization and glorifying decentralization as the solution to 
all our problems would be wrong. An open and experimental attitude towards 
the question of different hybrids and mixtures is what the complexity of 
reality itself seems to call for."

I think this issue is in play here as Google grows as a strong hierarchy. 
There are other factors as well, since it is not just meshwork vs. hierarchy 
but it is also meshwork vs. meshwork and hierarchy vs. hierarchy, with all 
these organizations interacting, both cooperating and competing, and 
trusting each other in different ways. And one also needs to see beyond the 
organization chart and self-descriptions to see that even in the most 
hierarchical organizations there are social meshworks, and in the most 
meshworked grass roots movements there may be shared ideological hierarchies 
(like Greens may value the environment or free market actors may value 
profits within a currency system).

The fact is, you *can* and in fact *must* trust governments and other 
hierarchies to some degree to function in our current society (TCP/IP is, 
for example, a form of hierarchical governance that I assume you trust to 
some degree to move data around :-). We do so all the time -- to an extent, 
a healthy government is reflecting the needs of the people. The point of the 
US Constitution and other similar things was to create some sort of healthy 
balance. That does not always mean hierarchies are always right, or that 
there are not areas they are less worthy of trust than others, or that they 
can't become dysfunctional (even if just to subsets of the population), or 
that they don't need to be renewed someway from time to time.

Just because one current government is dysfunctional does not mean the idea 
of some form of collective governance itself is dysfunctional:
   http://en.wikipedia.org/wiki/Dark_Age_Ahead
"""
Dark Age Ahead is a 2004 book by Jane Jacobs describing what she sees as the 
decay of five key "pillars" in the U.S. and Canada. She argues that this 
decay threatens to create a dark age unless the trends are reversed. Jacobs 
characterizes a dark age as a "mass amnesia"[1] where even the memory of 
what was lost is lost. The pillars Jacobs lists as under threat are:[2]
     * community and family
     * higher education
     * science and technology
     * taxes and government responsive to citizen's needs
     * self-policing by the learned professions
"""

Government can be responsive to people's needs. Government is more 
responsive in some ways in Western Europe. Not all ways, and I'm sure people 
here from this list could point out many failings as could I (though some of 
those failings have directly to do with dealing with the USA as essentially 
a failing state).

There are different sorts of problems possible when you look at a balance of 
meshworks and hierarchies. When you have too much strong hierarchical 
government at one end you have things like global wars and police states, 
but when you have too little government you can have endless local feuding. 
When you have too little meshwork it may cost too much to get anything done, 
but when you have too much meshwork it may be impossible to get anything 
done and have it stay done. And then, as Manuel de Landa suggests, there are 
layers built on interfaces between levels (where a strong standard may 
support immense diversity, or excessive diversity may encourage the response 
of a strong standard at a new level).

Are you against TCP/IP as a standard? :-)
   http://en.wikipedia.org/wiki/Transmission_Control_Protocol
There may be good reasons we could have something better (and some work 
towards that), but it works OK right now for billions of users. One might 
say, what does TCP/IP have to do with governments, and what I mean here is, 
TCP/IP represents a collective agreement by billions of people about how to 
move digital data around, where you can *trust* other people to honor it (in 
99.99999%+ of the cases). Without that level of trust, our global 
communications network would break down. Ah, but you might say, nobody 
"voted" for TCP/IP on the global level. It just sort of emerged from a lot 
of other possible standards (in part through support by parts of the US 
government and some influential big corporations). OK, but that is still an 
example of governance in action to create a hierarchy that governs most of 
our online activities at one level.

Part of moving beyond our current stuck state IMHO is to see this broader 
issue Manuel de Landa raises of meshworks, hierarchies, and interfaces, and 
think about how they apply to all sorts of infrastructure.

We have no choice but to trust hierarchies to some degree (whether formal 
governments, ideological consensus, technical standards, aspects of the 
scientific community process, key web sites, key corporations, etc.), so 
again my question, how can we make governments for the information age that 
are more trustworthy, however they are organized at the moment?

Transparency seems to be part of that, for example. But so might be other 
things.

> You can trust other end users a lot more if safeguarded against snooping
> and tampering precisely because their capabilities do not differ markedly
> from your own. Cryptography is a key way to achieve that. Cryptography is
> also a key technology to keep track of trust and reputation.

Socially, just because you have an encrypted connection to someone does not 
mean necessarily that you can "trust" them in every way. What will that 
person or service do with the information you supply? That is part of the 
whole Google DNS issue -- even if you have an encrypted session with Google, 
what will Google do with the information you supply it? Why should a 
discussion with an individual be any different?

Again, from the trusted computing video mentioned above, some text:
   http://dailycupoftech.com/2007/09/25/who-chooses-whom-you-trust/
"Trust. Trust is the personal belief in correctness of something. It is the 
deep conviction of truth and rightness, and cannot be enforced. If you gain 
someone’s trust, you have established an interpersonal relationship, based 
on communication, shared values and experiences. Trust always depends on 
mutuality."
(Found via the "evil"? :-) Google cache: 
http://74.125.93.132/search?q=cache:TVvBFijSqhIJ:dailycupoftech.com/2007/09/25/who-chooses-whom-you-trust/ 
)

I'll agree with a limited version of your point at the end, where you wrote: 
"I prefer technology forms leading to empowerment of individuals, not more 
control for superpersonal organisation forms. Encryption as a means for 
privacy, strong authentication, trust and tamper-hardening are key parts of 
that of that technology box."

That limited version is that such technologies can have an important role in 
providing a healthy balance among meshworks and hierarchies. But, I also 
think such technologies can only play that role when the system overall 
social is working somewhat well (and so, as above, there is some degree of 
trust about shared values and experiences and a history of communication 
across the network). I'll outline below in response to other points you made 
why I think that and why I don't think encryption by itself addresses all 
those issues.

>> Well, one could also put a willingness to use Google for convenience or 
>> free-of-direct cost down to "digital fatalism" in just assuming you have no 
>> privacy online.
> 
> I find declaring defeat a priori both unwise and dangerous. Also for other people,
> not just you. Especially since you cannot solve social/political problems 
> technically. 

Well, sometimes it is better to accept defeat in one area and then move onto 
other strategies for social change. :-) If you assume all your 
communications are archived and monitored, you can structure them in 
different ways to have a different effect.

Still, to the extent I agree with you, I think one can talk about a healthy 
balance, accepting both social and technological limits.

I also think the two interact -- technology changes the nature of 
social/political problems sometimes, and social/political issues affect the 
nature of technical problems sometimes.

>> Here is how I see it, probably having an even higher level of paranoia than 
> 
> Paranoia is the wrong term, since we do not have to guess under
> which level of scrutiny we are living. We know. It's mostly a matter of
> public record. Very little if at all has to be extrapolated to fill
> in the blanks. 

Sure. Slashdot's "Your Rights Online" feed provides plenty of public 
information about these things, for example.
  http://yro.slashdot.org/

Example:
    "Woman Filming Sister's Birthday Party Gets Charged With Felony Movie 
Piracy"
http://yro.slashdot.org/story/09/12/04/1918206/Woman-Filming-Sisters-Birthday-Party-Gets-Charged-With-Felony-Movie-Piracy

But also, for broad searches:
   http://yro.slashdot.org/index2.pl?fhfilter=yro+carnivore
   http://yro.slashdot.org/index2.pl?fhfilter=yro+echelon

>> you. :-) Vitamins like D3 and B12 can help supposedly. :-)
>>   http://www.brainnutritionfacts.com/tag/paranoia
>> "We recently had a patient at the hospital where I work who became 
>> psychotic, or lost touch with reality, believing that the CIA wanted to 
>> assasinate him, and hearing voices whispering death threats through the 
>> hallways.  The only cause that could be found was vitamin B12 deficiency. 
>> Once we gave him injections of vitamin B12, he slowly improved and could 
>> once again tell the difference between reality and what only existed in his 
>> mind."
>>
>> So, here is some extreme paranoia for your discomforting. :-)
> 
> The first time I've run into security problems in regards to military
> cryptography and was disciplined for it was 1988. Since then, I very
> much doubt my profile has gotten any less conspicuous. Or so a little
> bird told me a few years ago. 

Think about it. Whatever kind of crypto you were using in 1988 has most 
likely either been broken or can be brute forced with computers literally a 
million times more powerful now than then for the same price. Whatever you 
sent then is now decryptable. Has someone archived it? Who knows. But, to be 
prudent, you can assume the answer is yes.

>> The fact is, any ISP can log and decrypt all the data anyone sends through 
>> it from a specific location if they really want to. One can assume the 
> 
> Log yes, decrypt no. TLAs can do a lot more, but they have their limitations.

How many things like this are there out there?
   "Debian Bug Leaves Private SSL/SSH Keys Guessable"
   http://it.slashdot.org/article.pl?sid=08/05/13/1533212

>> decryption can be done now either at high cost by supercomputers or in a 
> 
> Nobody does brute-force decryption of modern cryptosystems. Brute-force
> attack on the passphrase, yes. Sigint and system compromise, yes. Brute-force
> the cryptosystem, no.

You mention but then seem to handwave away critical issues of security. A 
chain is only as strong as its weakest link. If people pick poor passwords, 
or if they are informers or on the payroll of someone you don't know about, 
or if they are just confused, then all your communications are at risk.

"Admins warned of brute-force SSH attacks"
http://www.securityfocus.com/news/11518
"Defending against brute force ssh attacks"
http://la-samhna.de/library/brutessh.html

Rhetorically (I don't want to know), how secure are the systems you talk to, 
even via Tor? Do you really know for sure? Who really implemented Tor? For 
what purpose? Can you trust them?

Rhetorically (I don't want to know), how secure are the humans you talk to 
out there on the internet via secure channels in terms of password choice? 
Even if someone is trustworthy now, even a blood relative you've know from 
birth, how will they be next year after being tortured or brainwashed or 
recruited by a cult?

Did you write the crypto routines yourself based on a perfect understanding 
of advanced mathematics? If not, why do you chose to trust certain 
"disciplined minds" with PhDs to do it when they have been subjected to 
cult-like indoctrination? http://www.disciplined-minds.com/

It is fairly straightforward to monitor home wireless networks. Many people 
have them. So, a common weak link, especially for techy people.

Did you make all the circuitry yourself from sand? If not, what is in there? 
Who knows? This trick has been played against the USSR by the USA during the 
cold war.

Do you really know what your hard disk is doing? Does it have a remote data 
dump mode you don't know about it via local radio or other means?

More than that, as you imply, people can put keyloggers or rootkits on your 
computers even if you make all the circuitry yourself from sand. How secure 
is the average home from intrusion by skilled professionals?

Do you have a printer on your network? How secure is it?
"Have Hackers Hacked Your Office Printer?"
http://printscan.about.com/b/2009/09/28/have-hackers-hacked-your-office-printer.htm

How secure is you bluetooth-enabled phone so it cannot crack into your 
system if left on by your computer?

Do you use a CRT monitor? Well, anyone nearby can see what is on your 
monitor by RF emissions. Probably can as well for LCDs. Maybe the LCD panel 
has been designed somehow to make it easier.

Link after link on the chain. And it's not even a chain -- that would be 
easier -- it is an ever expanding network, with things like printers or 
attached storage or video game consoles on your network that could 
compromise all your other efforts. One of them is bound to be weak. Some 
people specialize in finding them.

Even if your chain (or network) is very strong at every possible link, then 
what about the future? Even if what you said were true about not 
brute-forcing cryptosystems, how certain are you that quantum computers for 
decryption won't be cheap and powerful in a decade or two? How sure are you 
that the Googleplex or the Cloud won't spend its idle time in twenty years 
decrypting everything you've ever transmitted as a "person of interest"?

Also, how certain are you about the future the people you have talked to in 
the past won't ever shift alliances or beliefs for whatever reason (even 
torture or blackmail)? Even if you use one time pads produced from true 
random numbers like produced by radioactive decay (the only really good 
crypto), then you still rely on trusting the other people with the pads not 
to turn them over to someone else.
   http://en.wikipedia.org/wiki/One-time_pad
Although, even then, with one time pads, you give away who you talk to and 
for how long.

In general, security needs to be woven throughout a system end-to-end from 
every stage of design. How many systems that people really use have had that 
kind of design? And even then, how many have been designed as a system? And 
then how fallable are the people who use them?

By the time you add all that up, one can ask, is using crypto really 
someplace the average person wants to spend their time worrying about 
compared to working in the clear? It is always an issue of costs to whom vs. 
benefits to whom?

Of course, one may argue that if everyone used crypto for everything it 
would make it that much harder for anyone else to understand all the network 
traffic, and depending on your other beliefs, that might be a good thing (or 
a bad thing).

>> few years at low cost by newer computers -- maybe even quantum ones. That 
>> assumes the encryption algorithms are any good and don't have backdoors 
>> making it trivial to decrypt stuff. Historically, countries have kept 
> 
> Regardless of potential weaknesses, if the only alternative is cleartext
> whether to do or not to do encryption is a no-brainer.

As above, it may all be compromiseable fairly easily. In the end, like a gun 
for personal defense or a lock to keep out intruders, crypto doesn't get you 
anywhere by itself (or that much security against a determined adversary 
with resources on a vastly larger scale than you). And the adversary might 
not care who *else* gets hurt in the process; example:
   http://en.wikipedia.org/wiki/Waco_Siege
"The Waco Siege[11] began on February 28, 1993 when the United States Bureau 
of Alcohol, Tobacco, and Firearms (ATF) attempted to execute a search 
warrant at the Branch Davidian ranch at Mount Carmel, a property located 
nine miles (14 km) east-northeast of Waco, Texas. An exchange of gunfire 
resulted in the deaths of four agents and six followers of David Koresh. A 
subsequent 51-day siege by the Federal Bureau of Investigation ended on 
April 19 when fire destroyed the compound. Seventy-six people (24 of them 
British nationals)[12] died in the fire, including more than 20 children and 
two pregnant women and then-Davidian leader Vernon Wayne Howell, better 
known as David Koresh."

What will be the Waco equivalent for encryption?

I'd suggest any idea worth talking about to save our civilization from 
itself is worth talking about in the clear, at least given what still 
remains of our democracy, which in not insubstantial. Ultimately, we won't 
see social change unless a lot of people begin to imagine new possibilities 
(based on human values) and talk about them, and in turn change our 
collective governance system to reflect those new ideas.

If you work in the clear, you have a chance to influence even the hearts and 
minds of government bureaucrats. :-) Maybe some are irredeemable, but most 
are likely sincerely trying to do as good a job as they can under difficult 
circumstances.

Sure, if everyone in the USA were to use encryption, the government would 
have a harder time looking at every message. But we'd also have vast social 
change if everyone in the USA were to vote for, say, Ralph Nader, Dennis 
Kuncinich, and Ron Paul (some sort of Triumvirate? :-)

So, a decision to focus on encryption over other social change is 
potentially challengeable as "fatalism" of a political kind. :-)

>> copies of intercepted messages from other countries in wartime and maybe 
>> years later could then decrypt them and find out a lot about the past that 
>> may be useful in the present day. Maybe what you outline with VPN might 
>> keep stuff private now, but would it keep it private ten years from now 
>> with decryption computers 1000 times faster or cheaper (Moore's law) than 
>> what we have now?
> 
> Not my threat model. You're wrong about systems getting faster, this is 
> not what cooks your goose. Without advances in cryptoattacks faster hardware
> is meaningless. 

As above, Debian was compromised for years. What about Microsoft? How good 
are algorithmic random number generators anyway? What else is compromised 
unintentionally or intentionally to make analysis tractable to those with 
computers a million times faster than average? And everyone will have such 
computers in two decades or so. So, you are making other assumptions here. 
Also, what sort of things will computers a million times faster be able to 
do in terms of AI applied to pure mathematics and breaking old crypto? Also 
quantum computers break most current crypto (short of one time pads from 
true random sources). Again, the safe assumption from a political activist 
point of view is that access to information will be at best delayed, or at 
worse possibly accelerated.

>> Let's say someone unintentionally but illegally downloads just *one* 
>> copyrighted song now (2009) using VPN technology (say, a background tune on 
> 
> Hey, they can log those few TByte/month that passes through my system.
> Be my guest, I have no idea what's in there. Please store it, please burn
> resources on it, that's precisely the point. Sufficiently widespread
> nonclear traffic is indistinguishable from lots of honeypots.

A bright side of all the logging is that in a few decades there will be a 
wonderful official archive of this period of time for people to explore. And 
maybe even resurrect digital beings from it, if that is ethical and 
desireable.  :-)
   http://www.simulation-argument.com/

Whatever one can say about other aspects of it, the release of the 9/11 
pager data is a fantastic resource for future historians.
"Mobile: Wikileaks Publishes 500,000 9/11 Pager Messages"
http://mobile.slashdot.org/story/09/11/25/1320215/Wikileaks-Publishes-500000-911-Pager-Messages?from=rss

Anyway, I'm going to avoid commenting on other issues there.

>> a youtube video they look at for other reasons), out of all their other 
>> endless legal activities. Ten years later, in 2019, that logged data gets 
>> decrypted routinely, and the government knows that person broke a copyright 
> 
> You have a strange model on how cryptoanalysis advances.

I guess so. :-)

But who really knows what exactly to make of something like this:
   "First 'Quantum Computer Chips' Demonstrated "
   http://science.slashdot.org/article.pl?sid=07/09/27/1337242

>> law ten years ago. Well, is that a prosecutable crime in 2019?
> 
> Let's say you're organizing a strike or a demonstration today. Of what
> interest to you is that somebody *might* (I consider it unlikely, session
> keys are ephemeral) break a given OpenVPN session log two decades hence?

First off, one can organize many sorts of legal demonstrations in the USA. 
Many strikes are legal. So, encryption is not essential to social change in 
that sense. Ideally, protest organizers want the police and justice system 
on their side as much as possible. One way to do that is to be as 
transparent as possible. We do still have a democracy of some sort in the 
USA, battered and wilting such as it is.

As for breaking the crypo. First, it may be broken now, because you don't 
know who is an informant and who is not, even if the crypto itself was any 
good. As for breaking crypto in twenty years, that may still be enough to 
put people in jail if illegal acts happened.

Anyway, I'm suggesting that in a way, crypto is a sign of fear. It is a 
dismissal of social strength in the context of social organization (at least 
in the USA). There are other approaches to social organizing. A focus on 
crypto may be misleading in that sense.

This is not to disagree entirely with your point, or even the value of 
digital signatures right now to minimize "agent provacateurs", and so on.
   http://en.wikipedia.org/wiki/Agent_provocateur
But using crypto to keep everyone in a movement honest and acting legally is 
a different emphasis than most people might suggest who encourage it.

>>   "Legislative history -- Copyright felony act"
>>   http://www.cybercrime.gov/CFAleghist.htm
>> It may depend on the interpretation of the "statute of limitations" as well 
>> as other laws passed over the next decade. But, even if the statute of 
>> limitations has passed, evidence of a past crime might seem like at least 
>> "probable cause" to investigate further in the then present day (2020) by 
>> seizing all of that person's computing systems. That might even be painful 
> 
> Use encryption today to make sure this doesn't happen tomorrow.

Not necessarily. Can you outline a plausible scenario that allows for 
broken-by-design crypto, quantum computing, or human informers?

>> for a cyborg, to rip out any brain implants. So, even today's laws can all 
>> become a way of doing selective enforcement against people in the future if 
> 
> There's no guessing about that. It is routine today. You're right now in
> violation of probably a dozen laws at least, and can be persecuted for it.

I say something similar below.

"Incarceration in the United States"
http://en.wikipedia.org/wiki/Incarceration_in_the_United_States
"""
The United States has the highest documented incarceration rate in the 
world.[3][4] It also has the highest total documented prison population in 
the world.[3][5][6] As of year-end 2007, a record 7.2 million people were 
behind bars, on probation, or on parole, with 2.3 million of those actually 
incarcerated.[7] More than 1 in 100 American adults were incarcerated at the 
start of 2008. The People's Republic of China ranks second with 1.5 million, 
while having four times the population, thus having only about 18% of the US 
incarceration rate.[8][9]
"""

>> the government does not like (even to the point of doing forcible brain 
>> surgery on them). This sort of issue outlined in this slashdot article may 
>> become all too common as law enforcement can look back on data recorded ten 
>> years ago and decrypt it:
>> ""Accidental" Download Sending 22-Year-Old Man To Prison"
>> http://yro.slashdot.org/story/09/12/05/1511258/Accidental-Download-Sending-22-Year-Old-Man-To-Prison
> 
> I'm missing the part where they traced his Tor session and cracked his 
> Truecrypt system partition which was secured by a strong passphrase.
> 
> Oh wait, because that never happened. He unwittingly ran into a honeypot, 
> and submitted to have his unhardened machine to be analyzed forensically, 
> then pleaded guilty in a fishy bargain in a modern equivalent of a Malleus 
> maleficarum case.

Sure.

Still, right now, anyone in the USA becomes a felon just for receiving spam 
email with questionable content. So, how does encryption prevent that? It 
does not. It may even give people a false sense of security.

Still, in twenty years, we don't know how much of today's crypto will be 
compromised. So, it is possible that logs of Tor sessions and copies of hard 
drives made today can be decrypted easily in 2029, or even 2019 if there are 
backdoors and other unknowns. So, there is a whole possible positioning 
going on to entrap people down the road

>> After September 11, 2001, examining cell phone calls was a big thing -- 
>> showing how they are routinely recorded (a fact not widely know at the 
>> time, but obvious after).
> 
> Much more interestingly is that in many countries service providers
> must log your location info with time (which is a movement profile)
> and record connection info. Plans to log your complete online trail
> are in the works, at least in UK. Plans to only allow going online 
> when authenticated with personal ID smartcards ditto. One wonders 
> what plans are in the drawers we haven't heard about yet.

Sure.

>> Even now people are working to crack GSM phone encryption. Related:
> 
> GSM "encryption" was deliberately designed to be weak. Realtime
> GSM cracks are over a decade old now. Try the same with another
> cryptosystem considered deprecated, such as 3DES. Not so easy now, eh.

How much other encryption is weak by design? How do you know you can trust 
the "disciplined minds" that created it?
   http://www.disciplined-minds.com/
"""
“I have been waiting a long time for someone to write this book, and Jeff 
Schmidt has done it.  He exposes, in crystal-clear prose, the inevitably 
political nature of the professional in our society, and, most importantly, 
suggests a strategy for resistance. This is an extraordinary and valuable 
piece of writing.”
"""

>> "Open Source Attempt To Crack GSM Encryption"
>> http://it.slashdot.org/story/09/12/05/1958251/Open-Source-Attempt-To-Crack-GSM-Encryption
>> "The intended approach is to create an open source project to spread the 
>> computation of a giant look-up table across more than 80 machines. 
>> Interestingly, they've openly stated that nVidia's CUDA technology will be 
>> used to execute parallel elements of the problem on GPUs as well.""
>>
>> So, for anyone who archives all encrypted phone communications around them 
>> (would take a lot of storage space obviously), they would be able in ten 
>> years or so probably to listen to everything anyone around them said now on 
> 
> Not my SIP session over OpenVPN they won't.

http://www.ubuntu.com/usn/usn-612-6
"""
Original advisory details: A weakness has been discovered in the random 
number generator used by OpenSSL on Debian and Ubuntu systems. As a result 
of this weakness, certain encryption keys are much more common than they 
should be, such that an attacker could guess the key through a brute-force 
attack given minimal knowledge of the system. This particularly affects the 
use of encryption keys in OpenSSH, OpenVPN and SSL certificates.
"""

Sorry.

>> a cellular phone; recording even encrypted conversations may be illegal for 
>> individuals, but I would expect at least any government would find out some 
>> way to justify it. Certainly a foreign government could probably record 
>> cell phone calls in the USA, decrypt them, and then pass the data back to 
>> the US under various agreements.
> 
> You're describing an existing arrangement.

Yes, that is why I thought is safe to suggest it could happen. :-)

>> So, while encryption may be useful in delaying people's access to your 
>> communications, don't assume it does any more than *delay* access.
> 
> It depends on your threat model. For most cases you're wrong.

OK, sure, we are always talking priorities, degrees of security, tradeoffs 
of convenience and usability for privacy, and so on. Tradeoffs. Not an all 
powerful magic wand or cloak of perfect invisibility.

But, the issue with digital data is that if it is recorded, even if 
encrypted, you don't know what future threats might be.

As is see it, we are in a race between the internet as wings to fly up in 
some transcendent way as a society and the internet as chains to drag us 
down into the depths. But, I think a focus on encryption may be misleading 
in that sense.

>> And it also won't delay access under certain legal situations in some 
>> countries:
> 
> Now you know why I no longer travel to UK.

Sure.

>> "UK jails schizophrenic for refusal to decrypt files: Terror squad arrest 
>> over model rocket"
>> http://www.theregister.co.uk/2009/11/24/ripa_jfl/
>> """
>> So, I suggest we should assume everything we do is monitored and everyone 
>> on this p2p list works for the CIA. Now what? :-) Well, one can start 
 >
> That is not a very useful assumption. A much better assumption that
> everything in cleartext passes through tapping points which can do
> nontrivial filtering, and can destil down interesting traffic for further
> scrutiny and possible storage, including human analyst eye time.
> 
> Already trivial encryption will very effectively disrupt this
> large scale passive scrutiny of cleartext. Active MITM takes a lot
> more sophistication and can be detected in principle, so it can't
> be done on a wide scale. 

Yes, a social argument that if everyone does it it will produce herd 
immunity somehow.

But the issue is, what does this really get you? What is the deeper point? 
If it is to keep government more accountable, can this be done in other ways 
more directly than playing "hide and seek" with paid professionals?

Also, again, you assume (maybe rightly, maybe wrongly) that existing crypto 
really works even now, with all the other issues.

Also, as long as the core social dysfunction you are implicitly worrying 
about (excessive government power) is not dealt with in other ways, what is 
to keep the USA from just adopting UK style laws (to hand over passwords) on 
this next year? Nothing.

At the very least, the laws (from government) and the technology need to 
work together. Let's say you are right about the value of this. Then should 
it be enshrined in the constitution? Is it already?

What does this mean in the digital age?
http://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution
"The right of the people to be secure in their persons, houses, papers, and 
effects, against unreasonable searches and seizures, shall not be violated, 
and no Warrants shall issue, but upon probable cause, supported by Oath or 
affirmation, and particularly describing the place to be searched, and the 
persons or things to be seized."

>> working to change the nature of society in a peaceful, non-violent, and 
>> legal way that works for everyone using P2P and other technologies. :-) And 
> 
> If you think it will be peaceful, legal and non-violent you're bullshitting
> yourself. The current developments are not sustainable. Either the current
> trend will reverse, or we'll see considerable mayhem ahead. (We already know
> that the current national administrations are deploying this technology to 
> early identify and isolate trouble hot spots -- any trouble hot spots).

I disagree. If it is not for the most part peaceful and not-violent it is 
all over.

One of these could be put on every street corner in the USA for about the 
cost of a traffic light soon as costs drop:
""Samsung develops machine gun sentry robot costs $200k"
http://www.newlaunches.com/archives/samsung_develops_machine_gun_sentry_robot_costs_200k.php
"Samsung has partnered with Korea university and developed the machine-gun 
equipped robotic sentry. It is equipped with two cameras with zooming 
capabilities one for day time and one for infrared night vision. It has a 
sophisticated pattern recognition which can detect the difference between 
humans and trees, and a 5.5mm machine-gun. The robot also has a speaker to 
warn the intruder to surrender or get a perfect headshot. The robots will go 
on sale by 2007 for $ 200,000 and will be deployed on the border between 
North and South Korea."

Lots of stuff here:
   http://en.wikipedia.org/wiki/Military_robot

I just doubt "the people" will win that one. And even if they could, the 
casualties would be enormous.

From:
http://sociology.ucsc.edu/whorulesamerica/change/science_nonviolence.html
"Studies of social movements in the United States also show that the 
necessary social disruption has to be created through the principled use of 
strategic nonviolence. Any form of violence, whether property damage or 
physical battles with opponents and police, will turn off the great majority 
of Americans and bring down overwhelming police and military repression."

What better way to show a peaceful intent than by operating in the clear in 
a slow and obvious way? Sure, there are some obvious disruptions that would 
be illegal and shut down. But, frankly, there is nothing that keeps anyone 
legally from organizing a hundred million people attending a conference in 
Washington DC on single payer health care, or keeps people from getting a 
hundred million people to make free music.

Like owning a handgun, crypto, in that sense, is just an easy out to think 
one is doing something about true intrinsic mutual security, when one might 
really not be doing that much (or might even be making things go backwards).

Still, I half-agree. Digital signatures can be a good thing. Crypto deters 
some casual identity theft. Crypto in the form of digital signatures might 
be useful in preventing agent provocateurs from the government or big 
businesses messing up peaceful protests or peer production on free digital 
commons.

But sure, if we *had* a progressive trascendent society (like in James P. 
Hogan's Voyage for Yesteryear") then crypto might be a great default, on the 
argument locks keep honest people honest. What I'm suggesting here is that 
it realistically can't do much more than that. If you are seriously worried 
about the US government taking action on clear text messages (as in relation 
to social organizing) then you might just as well be worried about being 
imprisoned or killed for using crypto by a future government even less 
accountable than what we have now.

Can you give many plausible scenarios where crypto would make a big positive 
difference in social organizing in the USA?

And if you can, then how can we more directly address whatever issues about 
trust and governance that are raised by that?

>> one could also work peacefully and legally to changing the laws about 
>> copyrights and so on.
>>
>> See also:
>> "Four Horsemen of the Infocalypse"
>> http://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalypse
>>
>> But we seem way past that infocalypse already in some ways, like the guy 
>> above arrested for a model rocket still in the package. In a way, the 
>> "think of the children" Infocalypse (like is putting that 22 year old in 
>> prison for years) has already come and gone, and we are living in the world 
>> on the other side (everything logged, broad and vague laws on all sorts of 
>> things that taken together that make *everyone* criminals, selective 
>> enforcement of that, children being imprisoned for their own "protection" 
>> for sending pictures of themselves, a generated climate of fear and 
>> mistrust, etc.).
> 
> Precisely. So what are you doing about it?

Writing things like this reply? :-)

In general, I'm trying to help people see a way to move beyond scarcity 
assumptions. Even the assumption of a scarcity of good governance? :-)

>> Still, even assuming the worst, we can work towards something better with 
>> what we have, our imaginations, our community, our technology, and so on. 
>> Even within the USSR and repressive government, it transformed eventually. 
> 
> If you want to assume the worst, you should consider us becoming the
> Emergents, in Vernor Vinge's A Deepness In The Sky novel. 

I'm more focused on the next decade or two. :-)

Besides, we already have that kind of "mindrot" technology the Emergents use 
in that story to "focus" people. It is called "graduate school": :-)
   "Review of Jeff Schmidt's Disciplined Minds: A Critical Look at Salaried 
Professionals and the Soul-Battering System that Shapes their Lives"
   http://www.uow.edu.au/~bmartin/pubs/01BRrt.html
"Where the book most obviously goes beyond usual critical analyses of 
professions is in the final part, "Resistance." Schmidt begins by drawing an 
analogy between professional training and ideological indoctrination in 
cults. He recognizes that students have many more opportunities to organize 
and resist than typical cult members. Nevertheless, he argues that "life in 
graduate or professional school can be very much like life in a cult - and 
that for students who aren’t careful, it will be." (p. 218). He then looks 
at the characteristic features of totalistic organizations, such as big 
promises, control of the milieu, no questioning of authority, and shaming. 
He gives examples from professional training reflecting each of these 
features."

> I do not see how we can recover from that once we're there. This isn't
> your grandfather's Evil Empire. 

The pendulum swings -- sometimes slowly.

Or as Manuel de Landa might suggest, another level of diversity might get 
built on a level of uniformity.

>> Things like humor were part of that transformation. So was optimism (one 
>> can be paranoid as well as humorous & optimistic at the same time. :-)
> 
> [...]
> 
>> So, welcome to my paranoid world. :-) Google *is* the government already. 
>> Encryption only at best delays access to anything you do online by a few 
>> years and at worse makes people investigate you immediately. Everyone is a 
> 
> Oh, the horror. The horror of it. Imagine if this was the rule. Imagine
> the number of data you would have collect, and how many human analysts
> you would tie up listening to pillow talk or academic treatises. If
> you've read your Bamford, you'll know that this is not a theoretical scenario.

Ah, but see, I worked with the IBM Speech group. :-)

Speech recognition software is not that useful for replacing keyboards, but 
it is great for indexing audio and video data at this point. (Not what I 
worked on there, but the defense department supports a lot of that work -- 
all part of the public record.)

Besides, Google sells to the formal government.

>> criminal because of vague and broad laws that are selectively enforced. Any 
>> obvious defiance will get you put away for twenty years in a place without 
>> sunlight that may destroy your health and sanity (and that's if you are 
> 
> If you are in that situation, it is your civic and human duty to organize
> underground resistance. If you don't, you will eventually find yourself at
> the receiving end of the system.

Except that why does "resistance" have to be "underground" in a democracy 
such as we still have?

And where does "resistance" get you, except to slow things down?

We need progression in some good direction, not resistance to getting worse. 
We need public movements that are very visible.

Positive psychology. Take what is good an amplify it in a very open an 
public way.
   http://en.wikipedia.org/wiki/Positive_psychology

>> lucky and not just taken out in an "accident"). Now what? How do we build a 
>> better world within those constraints? Perhaps by using humor, optimism, 
>> and imagination? :-) As well as free-to-the-user Google services? :-)
> 
> Paranoia works best if titrated to functional levels. And paranoia and
> naivete don't really mix well. 

Sure.

>> I'm really a tremendously conformist person in most ways -- you don't get a 
>> stamp on your forehead that says "Princeton" unless you are willing to jump 
>> through endless hoops on command. :-( My idea of a happy work life at this 
>> point is just going to a research lab everyday (an IBM Research like in the 
>> 1970s when people like Gerry O'Neill came to give talks about space 
>> settlemest?) doing something worthwhile and having a nice meal for lunch 
> 
> Not many people are that lucky, these days.

True. Not even now. When I was at IBM Research a decade ago, I was told it 
was a pale shadow of what it had been like in the freewheeling 1970s.

IBM then had many of the best mechanical engineers in the nation from 
working on the IBM Selectric typewriter and printer. Then they all got told 
to become programmers, and it was not what most of them wanted to do. So, we 
a planet took all those great mechanical engineers (what robots they could 
have made, but IBM ditched that division) and turned them into a bunch of 
mediocre unmotivated unhappy programmers pining away for the good old days. 
Imagine what solar collectors those mechanical engineers could have made.

Very little basic research goes on anymore anywhere as a percentage of 
funding. But even a little still makes a big difference.

>> talking to colleagues. I would not have spent decades outside the system 
>> trying to make changes if I did not think they were essential to our very 
>> survival (especially because of the risk of nuclear war). Frankly, I 
>> probably would have preferred to be a "loser" earning US$200K with the rest 
>> of my class (even Michelle); see this humorous item to understand that 
>> comment:
> 
> [...]
> 
>> A "technological fix" with encryption like you suggest does not really 
>> address the core issues of a changing society. The core problem IMHO is 
> 
> If the society does not use the tools for privacy, the society might find
> itself in a failure mode quite difficult to impossible to recover from.

I don't see that. We are already in that failure mode. We need alternatives, 
but I just don't see why they need to be secret. Debian GNU/Linux and 
Wikipedia and much other free stuff are changing the landscape of things.

I'm not saying encryption can not be useful -- just that overemphasizing it 
seems to me to be problematical. And linking back to the initial topic of 
Google having too much power, that is not as big of an issue if Google is 
restricted by other ways. Europe has stronger privacy laws, for example. If 
I had to choose between strong privacy laws and encryption, which is really 
better? Still, ideally, they would go together.

> "We have no privacy anyway, so we can give up already" is exactly the 
> unconstructive attitude to take. History tends to take a dim view on quislings.

I think my points are a bit more nuanced than that. :-)

>> scarcity-based assumptions at the core of the current political process (as 
>> well as economic processes like around even Google), but politicians and 
>> business people increasing having to make decisions about using and 
>> improving an infrastructure that can produce vast abundance.
> 
> Right now the current political and business process is directed towards
> surveillance and control of uprisings in the coming scarcity scenarios.

Sure. But does encryption really do much about that other than feed the 
paranoia on the government and business side?

There's this scene in Voyage from Yesteryear where a main character, 
Sergeant Steve Colman, has his platoon walk out into the open with guns 
lowered, rather than make a foolish direct assault against some point they 
would have been sure to lose, as a way of getting the other people they were 
advancing on to switch sides. A huge risk. But the option otherwise would be 
certain death.

>> Consider, as one example:
>>   http://en.wikipedia.org/wiki/Pirate_Party
> 
> I am an active member of the Pirate Party and so should you.

Except, as I said, not everyone agrees with their entire platform (Marshall 
Brain's system disagrees on "privacy").

But in general, yes, they are heading in a good direction.

But overall, I'd suggest they lack some positive vision of the future (at 
least I have not seen one, maybe you can point me at one).
http://docs.piratpartiet.se/Principles%203.2.pdf
"We wish to change global legislation to facilitate the emerging information 
society,  which is characterized by diversity and openness. We do this by 
requiring an  increased level of respect for the citizens and their right to 
privacy, as well as reforms to copyright and patent law."

That sounds nice, but it doesn't really deal directly with the scarcity 
assumptions. Stuff like a basic income or a gift economy or improved local 
subsistence or better organizations that do better planning or sustainable 
equitable production. They get the digital issues, but miss the larger link 
in their position statement.

>> More on jury nullification:
>>     http://en.wikipedia.org/wiki/Jury_nullification
> 
> Jury is specific to anglosaxon law, IIRC.

Sure, but important to the USA which in turn affects the world.

>> Guns are like encryption in a sense. Like locks, maybe they help keep 
>> honest people honest, but they are not going to do much against organized 
>> efforts by government to do something to you. I've tried a few times with 
> 
> I happen to disagree about that too.

Not surprising. :-)

>> conservatives to take them step by step through the idea of how guns may 
>> protect their rights realistically in our society and have never gotten a 
>> good answer; history in the USA shows the now-despicable internment of 
>> Japanese-Americans went relatively smoothly even with a lot of guns around.
> 
> The difference between US and EU is that EU does not even have guns to take
> away first.

Misses the point. Were Japanese Americans in the USA imprisoned with ease 
even with guns all around? All it took was issuing letters and so on. Would 
you not report to a detention camp if requested? Seriously? Let's say you 
get a certified letter in the mail saying you need to report for temporary 
detention somewhere based on, say, using Tor (if made illegal), or you will 
be arrested an imprisoned. Would you not go? You going to start shooting? Who?
   "Motive probed in Fort Hood shooting rampage"
  http://www.reuters.com/article/idUSTRE5A454F20091106
What's the point? Did that army psychiatrist gain any sympathy by his 
actions? What would it accomplish? It will only give the SWAT teams more 
practice:
   "Mayor wants federal probe after SWAT raids house, kills dogs"
   http://www.cnn.com/2008/CRIME/08/07/mayor.warrant/
and, if anything, get the rest of the public to say that they know people 
who use encryption are up to no good and should all be locked up.

Guns are a false sense of security for most people. Maybe that is why 
Western Europe is not a more democratic place? Because the people don't have 
the crutch of guns and so take the ballot box more seriously than the ammo box?

>> One problem is that the fifth box (ammo box -- which I question the 
>> effectiveness and morality of, especially just compared to non-cooperation)
> 
> Who's interested in morality when you have a civil war in your hands?

There are many degrees of intensity of civil war.

There is a civil war ongoing right now in a sense, about issues of scarcity 
and abundance, like the Pirate Party begins to talk about. Let's try to keep 
it from getting too bloody.

>> "Social Movements and Strategic Nonviolence"
>>   http://sociology.ucsc.edu/whorulesamerica/change/science_nonviolence.html
>> seems to have made many people complacent about all the others. Like the 
>> encrypted box, the ammo box does not make anything better by itself. Iraq 
>> showed how easy it is to tear apart a society in a way that may take 
>> decades to heal. You can hide all the transactions you want behind 
>> encryption for a time until society falls down around you, too.
> 
> Some severe cognitive dissonance here.

Not sure which parts you mean? From:
   http://sociology.ucsc.edu/whorulesamerica/change/science_nonviolence.html
"""
For current-day egalitarians, a commitment to the freedoms and democratic 
procedures won by past egalitarians can provide the primary foundation for 
the practice of nonviolence, although some of them also draw upon their 
religious values as well. This democratic commitment has the added virtue of 
narrowing the gap between egalitarians and mainstream liberals. In addition, 
a nonviolence orientation can be sustained by the knowledge that it helps to 
keep the egalitarian movement itself more democratic; it ensures that 
violence-prone dominators will not take over the movement and subvert its 
democratic aims. As many historical cases suggest, the most violent people 
soon rise to the top once the possibility of violence is introduced, and 
they often use their loyal followers to intimidate or kill rivals.
   Most of the people who advocate strategic nonviolence are aware that it 
cannot work outside of what are at least quasi-democratic contexts. It is 
hard to imagine that strategic nonviolence would work for slaves in ancient 
empires, Jews in Nazi Germany, or critics in Saddam Hussein's Iraq. It did, 
however, play a role in the abolition of slavery in England and the United 
States, and the courageous activists did have a hand in the transformation 
of the Soviet Union. Still, dictatorships of any kind usually only fall when 
there are disagreements among those at or near the top, or if external 
challenges to the power structure give the oppressed some new openings. 
There are few instances where dictatorships have been overcome internally by 
the oppressed majority.
   But given the freedoms, civil liberties, and voting rights achieved by a 
long line of American egalitarians and liberals, there is no end that could 
be justified by violence, property destruction, or armed struggle in this 
country. Such actions undercut the democratic rights won by past 
egalitarians and play into the hands of the government, which has the power 
to isolate and defeat any violent movement. Furthermore, property damage and 
armed struggle of any kind are overwhelmingly rejected by the vast majority 
of the American people. Due to their appreciation of the freedoms they do 
enjoy, and despite the economic unfairness they recognize and experience, 
average Americans are repelled by violent political acts, whether by right 
wingers or left wingers. If the goal is to build a larger movement that 
connects to a strategy to take over and transform the Democratic Party, not 
just to force the authorities to react to one or another provocation with 
slight reforms, then violence makes no sense. It is therefore both immoral 
and counterproductive for American egalitarians to employ violent 
strategies. Or, as Cesar Chavez used to say about violence when he was 
leading the farm worker's movement, it's wrong and it's stupid.
"""

But with that said, people in such a movement may have to be willing to give 
up their lives for what they believe (e.g. Martin Luther King), but that is 
not the same as being willing to take a life.

>> So, rather than focus on encryption, one might focus on making more free 
>> content of hight quality, or more free (or even non-free, sadly, like 
>> Konarka) designs for technology that produces abundance. Like guns, 
> 
> What if this is against the law and will land you in jail?
> What if perpetuation of scarcity is exactly the appropriate
> control paradigm, and you're the square peg that is in the way?

Sure. But it is not yet against the law to give away stuff for free. And 
even if it was, is charging a penny enough? :-) But yes, the paradigm is in 
play. There will be resistance to such changes; there has been lots of it 
already. I'd suggest the great sweep of history will move beyond RIAA and 
MPAA and so on at some point. There might well be terrible crackdowns and 
mass imprisonment in the USA. Ultimately, I can hope we will move beyond it 
-- the issue is only how long it takes. It's like the US civil right 
movement -- now we have reached the point where it doesn't matter what color 
your skin is to become president, as long as the content of your character 
shows you will play ball with the scarcity elite -- so, that's a bit of 
progress. :-)

Probably not quite what Martin Luther King, Jr. had in mind though:
   http://en.wikipedia.org/wiki/Martin_Luther_King,_Jr
   http://www.usconstitution.net/dream.html
"I have a dream that my four little children will one day live in a nation 
where they will not be judged by the color of their skin but by the content 
of their character."

Or maybe it was? But ultimately, to have political equality, there must be 
some sort of economic equality. We don't have that yet in the USA. Not a 
basic income. Not a gift economy. Not local subsistence with 3D printing. 
Not comprehensive planning for public needs (like preventing the next New 
Orleans Katrina-like disaster). Not yet. So, to me, those things may make a 
bigger difference than encryption. Is encryption really central to achieving 
any of those things?

Still, obviously, Google having information for every site someone visits 
could no doubt be used for selective enforcement or harassment. Ralph Nader 
advises activists to be squeaky clean, from his own experiences. But I'm not 
sure how much encryption will really change that overall in someone's life. 
But the fact is, even for someone who is squeaky clean, things can just be 
made up. Ultimately, these are difficult waters no navigate, how to change a 
society while keeping it running. From Alan Kay:
   http://www.wired.com/wired/archive/2.01/kay.hillis_pr.html
"I was thinking about ecological computing. When I was working with 
computers in the late '60s, all of the computer power on Earth could fit 
into a bacterium. The bacterium is only 1/500th of a mammalian cell, and we 
have 10 trillion of those cells in our bodies. Nothing that we have 
fashioned directly is even close to that in power. Pretty soon we're going 
to have to grow software, and we should start learning how to do that. We 
should have software that won't break when something is wrong with it. As a 
friend of mine once said, if you try to make a Boeing 747 six inches longer, 
you have a problem; but a baby gets six inches longer ten or more times 
during its life, and you never have to take it down for maintenance. "

Well, we don't have the option of taking our global society "down for 
maintenance" without a lot of people getting very hurt -- like in Iraq that 
the USA took down for maintenance and has long been a disaster. Now the USA 
is going to take Afghanistan and Pakistan "down for maintenance" and we will 
see how well that goes. :-(

We need a better model for social change. I think encryption is a 
distraction in that sense. Would Martin Luther King, Jr. have been more 
successful if he could have encrypted his "Letter from a Birmingham jail"?
   http://en.wikipedia.org/wiki/Letter_from_Birmingham_Jail
   http://abacus.bates.edu/admin/offices/dos/mlk/letter.html
"""
MY DEAR FELLOW CLERGYMEN:
While confined here in the Birmingham city jail, I came across your recent 
statement calling my present activities "unwise and untimely." Seldom do I 
pause to answer criticism of my work and ideas. If I sought to answer all 
the criticisms that cross my desk, my secretaries would have little time for 
anything other than such correspondence in the course of the day, and I 
would have no time for constructive work. But since I feel that you are men 
of genuine good will and that your criticisms are sincerely set forth, I 
want to try to answer your statements in what I hope will be patient and 
reasonable terms. ...
   Moreover, I am cognizant of the interrelatedness of all communities and 
states. I cannot sit idly by in Atlanta and not be concerned about what 
happens in Birmingham. Injustice anywhere is a threat to justice everywhere. 
We are caught in an inescapable network of mutuality, tied in a single 
garment of destiny. Whatever affects one directly, affects all indirectly. 
Never again can we afford to live with the narrow, provincial "outside 
agitator" idea. Anyone who lives inside the United States can never be 
considered an outsider anywhere within its bounds.
   You deplore the demonstrations taking place in Birmingham. But your 
statement, I am sorry to say, fails to express a similar concern for the 
conditions that brought about the demonstrations. I am sure that none of you 
would want to rest content with the superficial kind of social analysis that 
deals merely with effects and does not grapple with underlying causes. It is 
unfortunate that demonstrations are taking place in Birmingham, but it is 
even more unfortunate that the city's white power structure left the Negro 
community with no alternative.
   In any nonviolent campaign there are four basic steps: collection of the 
facts to determine whether injustices exist; negotiation; self-purification; 
and direct action. We have gone through all of these steps in Birmingham. 
There can be no gainsaying the fact that racial injustice engulfs this 
community. Birmingham is probably the most thoroughly segregated city in the 
United States. Its ugly record of brutality is widely known. Negroes have 
experienced grossly unjust treatment in the courts. There have been more 
unsolved bombings of Negro homes and churches in Birmingham than in any 
other city in the nation. These are the hard, brutal facts of the case. On 
the basis of these conditions, Negro leaders sought to negotiate with the 
city fathers. But the latter consistently refused to engage in good-faith 
negotiation.
  Then, last September, came the opportunity to talk with leaders of 
Birmingham's economic community. In the course of the negotiations, certain 
promises were made by the merchants --- for example, to remove the stores 
humiliating racial signs. On the basis of these promises, the Reverend Fred 
Shuttlesworth and the leaders of the Alabama Christian Movement for Human 
Rights agreed to a moratorium on all demonstrations. As the weeks and months 
went by, we realized that we were the victims of a broken promise. A few 
signs, briefly removed, returned; the others remained.
   As in so many past experiences, our hopes had been blasted, and the 
shadow of deep disappointment settled upon us. We had no alternative except 
to prepare for direct action, whereby we would present our very bodies as a 
means of laying our case before the conscience of the local and the national 
community. Mindful of the difficulties involved, we decided to undertake a 
process of self-purification. We began a series of workshops on nonviolence, 
and we repeatedly asked ourselves : "Are you able to accept blows without 
retaliating?" "Are you able to endure the ordeal of jail?" We decided to 
schedule our direct-action program for the Easter season, realizing that 
except for Christmas, this is the main shopping period of the year. Knowing 
that a strong economic withdrawal program would be the by-product of direct 
action, we felt that this would be the best time to bring pressure to bear 
on the merchants for the needed change. ...
"""

>> encryption may be useful if you want to keep some information away from 
>> thieves (who won't try too hard to grab any one person's credit card 
>> numbers), but it won't protect anything in the long term from a determined 
>> government. Following Manuel de Landa's idea, I suggest we always will have 
>> some sort of one, as we have a healthy balance of meshworks and 
>> hierarchies. You are trying to deny hierarchies some power with encryption, 
>> but they can still get it in other ways. The bigger issue is how do we keep 
>> the hierarchies accountable for the health of society?
>>
>> So, the deeper issue is, what kind of government do we want? And what kind 
> 
> I prefer technology forms leading to empowerment of individuals, not more 
> control for superpersonal organisation forms. Encryption as a means for
> privacy, strong authentication, trust and tamper-hardening are key parts 
> of that of that technology box.

As above, I half-agree. :-)

>> of society to go with it? And then how do we act to build that society 
>> within the possibilities that seem reasonable?

All the best.

--Paul Fernhout
http://www.pdfernhout.net/
http://www.beyondajoblessrecovery.org/



More information about the p2presearch mailing list