On Monday, August 13, 2001, at 10:14 AM, Trei, Peter wrote:
> [I hate to post something that makes it look as if I'm doing further
> BU bashing (which is not my intention), but:...]
>
> When all you have is a hammer, everything looks like a nail. There are
> other groups which can apply pressure than lawyers, courts and Men
> with Guns. Auditors and insurance companies come to mind. Schneier
> has noted how improvements in safe (as in a secure metal box)
> technology was driven not by losses, not by customers, nor by lawsuits,
> but rather by insurance requirements.
>
> 'You're running your ecommerce site on IIS? Ok, that's 10% extra on your
> premiums." (This is already starting to happen).
I've been pointing this out for many years, and did so at very early
Cypherpunks meetings. If you say Schneier "has noted" this, I'll take
your word.
The proper (moral, public choice theory, economically sound) approach is
for those who want more security against theft to _pay_ for it. This
through either their own choices, such as the choices I myself made for
the type of gun safe I have in my house, or through the advice and
pricing from their insurance companies. Holding a cheap safe maker
"strictly liable" for loses when thieves use tin snips to cut through
their safe is NOT the solution to the "strong safe" problem.
Unfortunately, as Declan also notes, the "men with guns" tend to go for
"do this or we will shoot you" solutions. I count mandatory air bags and
seat belt laws in this category.
Friedman's recent book "Law's Order" has many good economic analyses of
tort situations, showing in nearly all cases that free market (mutually
negotiated, noncoerced) produce more efficient results than non free
market (imposed by government, coerced) solutions. Not surprising to
libertarians, but useful to consider in the crypto context.
Bringing strict liability into the world of security and crypto would
result in the usual market distortions. As an example, one might expect
a "recommended security standard," decided upon by industry committees
(with government, probably the NSA, involvement). Like airbags, this
would then be mandated to be included in all Net connectivity and
related products. Vendors would scramble to meet this requirement. And
probably some form of escrow ("to help resolve disputes," "for the
children") would be mandated-in. And of course it probably couldn't be
"too strong."
Liability as currently interpreted can easily suppress innovation:
Westinghouse froze the design of their boiling water nuclear reactors at
roughly the 1960 level, except for minor changes in instrumentation and
construction methods. The theory being that they had been given a kind
of "safe harbor" on past designs (often done in conjunction with the
Feds, as part of military reactor and AEC-led design projects) and that
introducing innovations could alter the risk equation...even if it made
the reactors better!
Similarly, innovations in automobile design are suppressed by liability
concerns. A car maker who improves the layout of gas and brake pedals
faces lawsuits over accidents "caused" by the changes. (cf. "sudden
acceleration," aka "nitwit stepped on the wrong pedal.")
Peter Huber, in "Galileo's Revenge," notes many cases where strict
liability law has suppressed innovation. My favorite was the Florida
case where a woman claimed a CAT scan made her lose her psychic powers.
A jury awarded her $2 million in liability damages. (This also mixes in
pseudoscience issues, but the liability laws are still implicated.)
And speaking of CAT scans, or NMR, PET, etc. scans, many hospitals now
routinely order such scans in nearly all cases of minor injury. My
father went in for an exam and the doctor recommended an NMR scan of
some sort. My father asked why. The doctor: "Don't worry, your insurance
will cover most of it." My father: "I asked why I need this." Doctor:
"We really recommend it."
To cut to the chase: Hospitals recommend such scans "just in case." To
cover their asses in a possible liability suit should some problem
happen later in time. Is this "due diligence"? Well, NMR scans are not
cheap, so the cost gets passed on in the usual ways. Is the average
benefit worth it to the average patient who gets the "we recommend it"
advice? Debatable. Except there _IS_ no debate about it, certainly not
between the average patient and the average doctor.
BTW, my father said "No" to the doctor. The doctor argued, then gave up.
Apparently he felt my father was exposing _him_ to strict liability.
(Needless to say, a patient's "waiver" is challengeable in the usual
ways: "I didn't know what I was signing," "The doctor didn't explain to
me that the scan might have detected the tumor I now have," and the
other usual Mommy State whines.)
Anyway, I think imposing FDA-type oversight and medical industry-type
liability laws on the security and crypto industry would be a disaster.
Here's one of my articles from 1996 about this issue:
* To: [EMAIL PROTECTED]
* Subject: The public sees no need for crypto at this time
* From: "Timothy C. May" <[EMAIL PROTECTED]>
* Date: Thu, 21 Nov 1996 10:25:00 -0800
* In-Reply-To: <[EMAIL PROTECTED]>
* Sender: [EMAIL PROTECTED]
------------------------------------------------------------------------
I believe that at this time the differential market value to customers of
having strong crypto in telephones is near-zero, and in cell-phones is
only
slightly greater. My reasons will follow below.
I'm explicitly discussing "things as they are" rather than "things as
they
should be."
At 9:10 AM -0500 11/21/96, Clay Olbon II wrote:
>I think we need to keep a couple of goals in mind. The first, is to get
>encrypting phones (or phone add-ons) into Wal-mart, K-mart, etc (where
>probably most Americans now buy their phones). The prices need to be
low
>enough that people will want to buy them (<$100?). Is this technically
>feasible? The comsec device from the above URL already demonstrates the
>needed capability. Is the cost target possible? My guess is soon,
given
>the lowering costs and increasing capabilities of current processors.
While I would certainly _like_ to see wider use of crypto, and crypto
deployed ubiquitously in products like telephones, cellphones, pagers,
and,
of course, computers and networks, I think any honest appraisal of market
conditions must conclude that there is little _average American_
awareness
of, or demand for, crypto.
One could cite many reasons. Here are some that I see. (Note: I'm not
saying these are true for me and thee, nor for everyone else. And these
reasons may change with time. But for now, I think they're pretty
accurate.)
* Most people don't think they're targets of wiretapping. They don't
think
the FBI is tapping their phones, and they've never even heard of the NSA,
let alone GCHQ, NRO, SDECE, etc.
* "What have I got to hide?"
* Given a choice to use ordinary phone lines or cordless handsets, with
attendant ease-of-eavesdropping issues, they'll take the convenience of
cordless handsets nearly every time. (And the 900 MHz increase-security
cordless handsets are not yet in heavy demand...they'll succeed when
they're as cheap as ordinary cordless phones.)
* Security always takes some effort. The military can have it only by
having elaborate protocols, checks and balances, and essentially
full-time
"crypto" personnel to go through the rigamarol of setting up secure
communications and locking up key material according to elaborate
procedures.
(I like to cite the evolution of metal safes. Mosler Safe Company says
the
driving force behind safe design, and deployment to merchants and banks,
was the _insurance business_. Instead of preaching about the value of
increased security, the insurers--who knew how to take the long
view--offered rate discounts if stronger safes were installed. Voila,
stronger safes. Until similar incentives exist for data--e.g., insurance
for loss of patient records, confidential dossiers, etc.--I doubt most
people will listen to the "preaching.")
* Look at how few people--myself included--routinely use crypto (digital
signatures, etc.) here on this list! It is now "worth it" to me to
digitally sign all messages. (Please, don't send me your personal
experiences or your scripts for interfacing Pegasus Zapmail to PGP 2.8!)
* Even those with secure phones--STU-IIIs and Clipperphones--admit that
they rarely use the features. (Recall several stories where advocates of
Clipper had to take the books and magazines piled up on top of their
Clipperphones, dust them off, and try to remember how to initiate a
secure
conversation!)
* And this raises the problem of: whom do you communicate with securely?
If
your friends and family don't have compatible hardware, what's the point?
Sure, some corporations and enterprises will take the plunge and buy sets
of units, but Joe Public will likely not, at least not until a critical
mass of compatible crypto is installed...perhaps a decade or more from
now.
* In short, most people don't see the need. They're not doing things they
think would warrant surveillance, and they have no experience with bad
effects from wiretaps or whatnot. Just not on their list of things to
worry
about. And they don't want the additional confusion, learning, and
incompatibility with what their friends and coworkers have.
As to the larger issue of "edcucating the public," I think this is almost
always an exhausting and fruitless task. Do-gooders have been trying this
for decades, even longer.
(Don't let me stop you, anyone. But I think it's unlikely that a new
campaign to educate people about a potential risk that they have never
seen
any concrete evidence for in their own lives is going to do much.)
When crypto is cheap enough, it may be a selling factor for a consumer
making a choice. How much extra people are willing to pay is unclear. And
there are "sophisticated users" who may pay extra for such features.
And certainly there does not have to be "wide acceptance" for crypto to
be
deployed to the "point of no return" (hint: this is a more important goal
to me than acceptance by Joe Public). For example, the SSL and SWAN stuff
is incredibly important, because wide encryption of network traffic, even
if Joe and Jane Public are not using crypto at home, means surveillance
and
vacuum-cleaner types of NSA monitoring are made ten thousand times more
difficult. Which may be enough to secure for us the blessings of crypto
anarchy.
P.S. I'll be away at the Hackers Conference in Santa Rosa, CA for the
next
several days, and then travelling for the American holiday of
Thanksgiving
Day. So, I'll be mostly away from the list for a while.
--Tim May
>The second goal needs to be to push a similar product for
cell-phones. I
>think this will be perhaps an easier sell, given the higher initial
cost for
>these phones, and their reduced security. Perhaps a home device could
be
>sold with the cell-phone as a package deal, so that communications with
the
>"home base" (i.e your office, home, etc) would be secure. With the
rapid
>growth in cell-phone sales, selling a package such as this might
ensure a
>larger user-base of home devices.
>
>Given that these goals are met, I think widespread use of crypto over
phone
>lines would become almost inevitable. However, the fun part would be
the
>introduction of such products. The FUD coming from police, the
government,
>etc. would be amazing to behold.
>
> Clay
>
>
>
>*******************************************************
>Clay Olbon [EMAIL PROTECTED]
>engineer, programmer, statistitian, etc.
>**********************************************tanstaafl
Just say "No" to "Big Brother Inside"
We got computers, we're tapping phone lines, I know that that ain't
allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
[EMAIL PROTECTED] 408-728-0152 | anonymous networks, digital pseudonyms,
zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information
markets,
Higher Power: 2^1,257,787-1 | black markets, collapse of governments.
"National borders aren't even speed bumps on the information
superhighway."
