|
This file is available on a Cryptome DVD offered by Cryptome. Donate $25 for a DVD of the Cryptome 10-year archives of 35,000 files from June 1996 to June 2006 (~3.5 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. Archives include all files of cryptome.org, cryptome2.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org. Cryptome offers with the Cryptome DVD an INSCOM DVD of about 18,000 pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985. No additional contribution required -- $25 for both. The DVDs will be sent anywhere worldwide without extra cost. | |||
10 March1998
Date: Tue, 10 Mar 1998 10:56:20 -0500
To: declan@well.com
From: Vin McLellan <vin@shore.net>
Subject: More on Fortify for Netscape
Cc: cypherpunks@algebra.com
<x-rich> Citing Fortify for Netscape <<http://www.fortify.net> Vin
McLellan wrote:
>> There is now no lack of strong crypto implementations for encrypted
>> mail world-wide. It may not be fully enabled yet, but the functionality is
>> available everywhere you can find Netscape, arguably the single most
>> popular cross-platform client ever.
Declan McCullagh <<declan@well.com> replied:
>Hmm. Yes, we know this. I wrote about this last month, and others wrote
>about it last fall when the original, limited, hack was put up on
>fortify.net. But many, almost certainly most, browser-owners aren't likely
>to use it because they don't trust the patch or because it's set up that
>way by default. Defaults are important. Maybe that's what the NSA/FBI are
>counting on.
I liked your column, Declan, but -- with respect -- methinks you
are too close to the American scene to get an accurate sense of how
non-Yanks view both the dum-dum default and Fortify. You're not factoring
in the bitter passion with which many non-Americans now view the American
strategy of willfully crippling security technology before it is sold to
non-Americans.
Outside the US, the weak-crypto default for SSL and e-mail crypto
in exported US products is widely seen as a politicized design decision. A
decision to offer shoddy and incomplete security and integrity services to
overseas buyers of American technology. Many people -- and not
punk-rockers or cypherpunks, either, but bank directors, corporation
presidents, civil servants, journalists -- get very angry talking about it.
(Why are they not allowed to buy the quality product Americans
sell to other Americans, the buyers ask? The answer is clear enough: to
make private business, government, and personal transactions accessible to
American spooks -- or anyone else with MIPs to spare -- should the snoopy
Foreign Power desire to rape some non-American database; screw up this or
that business deal; or track economic, technical, or political trends from
private communications in these supposedly autonomous and soverign states.
Mind you, this is not exactly a covert effort any more. Today, the
American export policy is often seen as an bare-knucke exercise in
political and technological dominance. Force them to their knees and keep
them there. Make them crawl.)
I don't think many, even in the US IT industry, realize how deeply
those passions run, or how steep the price American business will have to
pay for such scornful technological imperialism in the decades to come.
What sort of surcharge would Americans, say American business
executives, be willing to pay to escape that sort of potential
surveillance? What sort of bitterness would Americans hold toward vendors
from a foreign nation which successfully imposed such extra-territorial
controls on our commerce, our citizens, for their own self-centered
interests.
Unless you think in _those_ terms, the scale of the international
reaction to Fortify or similar upgrade hacks may come as an enormous
surprise. Anyone remember how the US reacted in the 1970s and '80s when it
became clear that Soviet Bloc consulates and diplomatic residences were
positioned to eavesdrop on US phone calls by snatching microwave and
satellite signals?
One issue you raise -- trust in the Fortify configuration patch --
is important. I'd like to see the Fortify website publish comments from
known cryptographers to the effect that the Fortify code does what is
claims to do, and nothing more. I think McKay, the author of Fortify, has
got the right approach: a methodical roll-out, mirror sites in a half-dozen
countries, with MD5 hashes and digital signatures on his own code. (The
four or five alternative versions of this configuration hack which are in
circulation will probably disappear with little mass impact -- just because
they are not presented so slickly and professionally.) I have mixed
feelings about the rumor of a virus which upgrades Netscape's crypto, but I
think it is always a bad and dangerous idea to act on anyone's PC without
explict permission. I hope the S/MIME virus is only a rumor.
I agree that the default crypto in an export-quality browser _is_
important -- but not for the reasons you imply.
There is nothing like a bully telling you what you can't have to
build a desperate demand for just that product or service. And if,
perchance, the bully's advantage is unexpected stripped from him because he
made a stupid and presumptuous miscalculation, a technical error that put
the restricted product or technolgy within reach of anybody and everybody,
the size of the demand for that technology might surprise everybody.
Fortify is free, but I think it is apparent that many commercial
enterprises would pay cold cash for this sort of browser upgrade. Over the
past two years -- before Fortification was a known option -- many of the
leading European banks paid good money to run Brokat's Xpresso java
applets, just to allow their customers to encase weak-crypto SSL with
strong crypto.
In their ham-handed way, our American spooks have probably done
more to highlight the value of strong crypto and privacy technologies in
fifty overseas nations than any indigenous (or domestic US) political group
has ever been able to. Anyone wanna bet on what percentage of browsers
used by the staff of the European Commission are already Fortified? Or what
percentage of the browsers used by all European, Latin American, and
African bankers and civil service professionals will be Fortified six
months from now?
Suerte,
_Vin
</x-rich>
-----
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
[Background follows]
At 11:24 -0800 3/6/98, Tim May wrote:
>I'm curious if any of the legal scholars and others who read Cypherpunks
>have any thoughts on whether laws declaring crypto as contraband, should
>they be passed, are actually enforceable.
>
>Here's the set up for this question:
>
>* Hundreds of thousands of us have multiple copies each of PGP, ranging
>from the first "usable" version (2.0) to the incredibly common versions
>(2.6.*) to the more recent commercial versions.
>
>* These versions interoperate, for the most part, and are very widely
>deployed.
>
>* They are still being distributed. (For example, I expect to be at the Gun
>Show tomorrow in San Mateo, passing out copies to freedom fighters and
>other opponents of the current regime.) They are still available from many
>servers, domestic and foreign.
>
>* So, the "needs of law enforcement" and the "reasonable middle ground" and
>the "compromise to meet national security needs" that the Administration
>and Al Gore and Louis Freeh and David Aaron are all talking about means
>just what for these many copies of PGP?
>
>Can a program like this be declared contraband?
>
>Does the widespread use of it, the availability on CD-ROMs, the countless
>spare copies lying around on backup disks and tapes, and even the print
>copies, etc., make a decision to declare it contraband unreasonable? After
>all, there is no reasonable way that millions of copies could be located
>and permanently destroyed. Does the law take into account the absurdity of
>such retroactive classifications?
>
>(Even with guns, in the U.S., there have historically been
>"grandfatherings" of existing guns. Not always, as with certain machine
>guns. And not with gold, which was declared contraband by the Reichsfuhrer
>in 1933.)
>
>Could possession of PGP be still legal, but _use_ declared illegal?
>
>(Not addressing the First Amendment issues, which are even stronger, but
>just the issue of retroactive contrabanding of something which was acquired
>legally, and by hundreds of thousands of law-abiding citizens.)
>
>If Grandma fails to realize that sending her e-mail with PGP is now a
>crime, will she be prosecuted? If little Johnny is rooting through Dad's
>hand-me-down computer and starts playing with PGP, will he be busted?
>
>My questions are serious, not just polemical. I'm curious how law
>enforcment plans to deal with the millions of copies of strong crypto
>already scattered around the U.S. and the world.
>
>As it stands, there is zero chance that sensitive communications by freedom
>fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to
>use key escrow systems when PGP and even older variants (like MailSafe) are
>so widely available.
>
>And I have not discussed the alternatives to PGP much, here. As a point of
>fact, there are probably hundreds of thousands of copies of legally-bought
>strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and
>all the others.
>
>How could any "outlawing of unescrowed crypto" conceivably deal with this
>vast amount of distributed software? Will a user of RSA's MailSafe program
>face jail time for using a program he legally bought in 1991 (as I did)?
>
>More questions than answers. Can anybody help me to understand the legal
>issues?
>
>--Tim May
>
>Just Say No to "Big Brother Inside"
>---------:---------:---------:---------:---------:---------:---------:----
>Timothy C. May | Crypto Anarchy: encryption, digital money,
>ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
>W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
>Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Sat, 7 Mar 1998 17:08:28 -0500
To: Tim May <tcmay@got.net>
From: Declan McCullagh <declan@well.com>
Subject: Re: [LEGAL] Crypto as Contraband?
Cc: cypherpunks@algebra.com
[[Since I'm not sure how many lawyers read cypherpunks, I'm going to BCC a
few I know who might be interested and let them jump in if they like.]]
Tim asks [above] below if mere possession of encryption products like PGP can be
criminalized. One answer is: yes, of course, if such a bill becomes law
through the usual process. (That bill has not been introduced yet. The
current most restrictive language bans sale, import, manufacture, and
distribution of unapproved encryption products.)
The question then becomes: would that law infringe upon a recognized
constitutional right? Persons making that claim probably would try to wield
the shield of rights protected by the First Amendment, as Tim suggests
below, and the Fourth Amendment as well.
I'd also argue that any law regulating consensual conduct in my own home
should come with a heavy presumption against its constitutionality. Perhaps
there is not a single constitutional right that is implicated, but one that
arises from the interplay of many. The sanctity of the home "has been
embedded in our traditions since the origins of the Republic," the Supreme
Court has ruled. The Alaska Supreme Court has held that marijuana
possession at home could not be punished, though it could be in other
settings. The Third Amendment, too, recognizes the unique nature of the
home. In Rochin v. California, Justice Frankfurter could only explain his
distaste of certain stomach-pumping practices as "conduct that shocks the
conscience." Is a crypto-ban less distasteful?
The outcome might be sunnier, and the analysis easier, if the Court had not
strayed from defense of property rights -- such as I have in a
crypto-telephone I buy or invent -- and started to defer to government
economic regulations. In the 1870s the Court began to sanction an expanded
role for goverment in this area, and in 1890 ruled that such state
regulation must only be reasonable. This became settled law with the end of
the reign of Lochner in the late 1930s. Thus we have the unappetizing
prospect of the Justice Department defending a flat ban on secure crypto as
a just exercise of the state's ability to enact economic legislation and
not something that violates the First Amendment -- not coincidentally, the
exact argument that DoJ lawyers are using in the Karn case when defending
export restrictions.
Child pornography is another potential precedent. Even before the recent
"morphed child porn" statute, federal law banned the knowing possession of
such images. Much as the cell phone bill I wrote about earlier this week
(http://cgi.pathfinder.com/netly/opinion/0,1042,1774,00.html) would ban the
knowing possession of certain telephone hardware and arguably even computer
virii. A federal appeals court in 1994 upheld Stephen Knox's conviction of
possession of a videotape of clothed girls in leotards that was found to be
child pornography. Imagine how this excerpt from the decision could apply
to a crypto-ban, and "the compelling government interest in protecting"
America from terrorists:
To vindicate the compelling government interest in
protecting the safety and welfare of children, not only
is the spectrum of constitutionally unprotected
pornographic material broader when the subjects are
children rather than adults, but also the arsenal of
available enforcement mechanisms is more extensive. For
instance, the mere possession of child pornography, even
in one's home, may be criminalized although only
distribution of obscenity depicting adults can be
proscribed. Compare Stanley v. Georgia, 394 U.S. 557,
568, 89 S. Ct. 1243, 1249 (1969) (Georgia statute
outlawing private possession of obscenity violates the
First Amendment) with Osborne, 495 U.S. at 108, 110 S.
Ct. at 1695-97 (Ohio statute criminalizing possession
of child pornography upheld against First Amendment
challenge due to the compelling interest in protecting
minors).
To answer Tim's hypothetical about the clueless PGP-owning grandmother, I
suspect that any such bill would have a scienter requirement, such as
"knowing possession." Then Granny would have to realize she's breaking the
law to be convicted. Though, of course, she could still be charged with the
crime.
If such a law were challenged in court on 1A grounds, I'd guess the battle
would be largely over which standard of review to apply -- that is, how
critically a judge should view the statute. As I mentioned above, the
government might argue for the toothless "minimum rationality" test, while
plaintiffs would argue a court should apply the usually-fatal strict
scrutiny test. It says a government must have a compelling interest in
accomplishing its objective and must use the least restrictive means. I
imagine an analysis of the facts of the situation, including the widespread
use of PGP, would factor in here. The FBI might try to narrow the bill when
drafting it by exempting legitimate research, law enforcement uses,
branches of government, etc.
More interesting is intermediate scrutiny, where (generally) the government
must only have an "substantial" interest, where the right is important but
not constitutionally fundamental, and where the law must only have a close
fit to the legislature's objective. But intermediate scrutiny is a little
incoherent, and I certainly don't understand it well.
One last thought. I suspect there may be a substantial difference between a
federal law banning the knowing //possession// of backdoorless crypto
products compared to a ban on their //use or distribution//. If nothing
else, how my "knowing possession" of a floppy disk impacts interstate
commerce remains an interesting question.
Any thoughts from the lawyers?
-Declan
Date: Sun, 8 Mar 1998 13:55:29 -0500
To: Tim May <tcmay@got.net>
From: Vin McLellan <vin@shore.net>
Subject: Re: [LEGAL] Crypto as Contraband?
Cc: cypherpunks@algebra.com
One footnote on strong-crypto availability.
The impact of Farrell McKay's recently-enhanced Fortify hack (see
<http://www.fortify.net>) on the world-wide availability of strong crypto
for both e-mail and SSL is still not appreciated as it should be in this
community.
With Fortify app (and its functional siblings, like Ian Goldberg's
50-character Perl script) _all_ copies of Netscape 3.X and 4.X browser for
UNIX and WIN32 platforms have strong SSL crypto, and _all_ copies of the
Netscape 4.x browser for Win32 and Unix -- including those exported and the
crippled-crypto versions downloaded from US websites -- are enabled to use
the full suite of S/MIME strong-crypto algorithms for encrypting,
authenticating, and digitially-signing e-mail as well.
The control table that restricted on the availability of the strong
crypto options for the crippled-crypto export-quality Netscape 3.x and 4.x
(Communicator) browsers was apparently simply buried in the binary code.
Some clever reverse engineering, and it was revealed to be reset by McKay's
Fortify (or any one of five other hacks which have independently popped up
over the past three weeks to fully activate Netscape's S/MIME encryptor.)
Talk about insecurity by obscurity!
Whoever at NSA decided that the US national security interests in
crippled-crypto products, such as it is, could be sustained by such a
mechanism obvously never heard of the 2600 tone, once the biggest secret of
the telephone companies. And those who ignore the past, etc., etc....
In one magical creative moment, McKay's Fortify hack redefined
15-20 _million_ Netscape browsers -- software products installed in _most_
Internet-connected PC -- into strong crypto mailers. (The numbers are a
wild-eyed guess, but surely within the probable range.) And now that the
secret is known, it is impossible to deny the fact that any export-quality
Netscape browser can have US-quality crypto enabled with a little
methodical labor. It will probably be a student project in thousands of
computer science college classrooms from Burmingham to Bagdad next fall, if
it is not already.
Fortify is now being distributed as freeware from often-multiple
mirror sites in Australia, the Czech Republic, Finland, Germany, Holland,
Japan, Singapore, South Africa, Sweden, and the UK. (Visit African web
sites, particularly anything connected with banks and finance, and you'll
likely see a link.)
Best of all, while there is only limited interest in encryption for
e-mail among general users today -- which is why PGP and comparable mail
encryptors are so rare, and even more rarely used -- the demand for strong
SSL is much more apparent and real, since SSL is widely used in commercial
websites.
In effect, the distribution/activation of strong S/MIME for mail
encryption and digitital sigs is being piggy-backed on the huge
international demand for strong SSL. Fortify upgrades both the SSL and
S/MIME in to strong crypto in one shot. Worth some thoughtful
consideration.
There is now no lack of strong crypto implementations for encrypted
mail world-wide. It may not be fully enabled yet, but the functionality is
available everywhere you can find Netscape, arguably the single most
popular cross-platform client ever.
For the first time in history, the availability (indeed, actual
_installations_ of the functional code for] strong-crypto in e-mail now
vastly exceeds current demand. Same with strong crypto for SSL.The
distinction between a crippled-crypto export-quality version of Netscape
and a fully-enabled strong-crypto version has been revealed to be merely a
matter of configuration, easily fixed with one of several available
reconfig tools;-)
There is also another factor worth noting.
Local nationalist resentment against what the Africans (and
probably others) call US "technical imperialism" -- denying to
non-Americans commercial products which offer quality in security and
integrity that is freely available to all American citizens -- will also
promote the widespread use of Fortified Netscape. Over the next year,
spurred by a variety of impulses, some having little to do with any
conscious need for crypto per se, several million people will start playing
with strong crypto and digital signatures for the first time.
Is there a role for C'punks -- those who code, and those who merely
chat -- in fostering a greater awareness and more widespread use of these
revolutionary new options?
Suerte,
_Vin
Tim May <tcmay@mail.got.net> wrote:
>Here's the set up for this question:
>
>* Hundreds of thousands of us have multiple copies each of PGP, ranging
>from the first "usable" version (2.0) to the incredibly common versions
>(2.6.*) to the more recent commercial versions.
>
>* These versions interoperate, for the most part, and are very widely
>deployed.
>
>* They are still being distributed. (For example, I expect to be at the Gun
>Show tomorrow in San Mateo, passing out copies to freedom fighters and
>other opponents of the current regime.) They are still available from many
>servers, domestic and foreign.
[...]
>As it stands, there is zero chance that sensitive communications by freedom
>fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to
>use key escrow systems when PGP and even older variants (like MailSafe) are
>so widely available.
>
>And I have not discussed the alternatives to PGP much, here. As a point of
>fact, there are probably hundreds of thousands of copies of legally-bought
>strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and
>all the others.
>
>How could any "outlawing of unescrowed crypto" conceivably deal with this
>vast amount of distributed software? Will a user of RSA's MailSafe program
>face jail time for using a program he legally bought in 1991 (as I did)?
[...]
-----
Vin McLellan + The Privacy Guild + <vin@shore.net>
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
-- <@><@> --
Date: Sun, 8 Mar 1998 12:01:41 -0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>,
cypherpunks@cyberpass.net
From: Tim May <tcmay@got.net>
Subject: Re: [LEGAL] Crypto as Contraband?
At 10:09 AM -0800 3/7/98, Michael Froomkin - U.Miami School of Law wrote:
>::
> Request-Remailing-To: cypherpunks@cyberpass.net
>
>This message from Michael Froomkin was sent via remailer to reduce spam.
>Mail to me can be sent to my surname at law.tm
I didn't see this arrive via the Cypherpunks list, so it may not have
reached the list via the remailer (syntax above looks screwy). Or maybe I'
m just not getting all the list traffic, which happens.
>[I've trimmed Tim's message down to the parts I felt like talking about.]
>
>On Fri, 6 Mar 1998, Tim May wrote:
>> Can a program like this be declared contraband?
>
>Let me start by noting that I know of no proposal that would actually do
>this for domestic crypto. We're talking pure hypothetical at this time.
Sure, no such sweeping confiscation has yet been proposed formally. But I
believe it is implicit in the comments of Freeh, Gore, Reno, and others
("legitimate needs of law enforcment," CALEA, "reasonable compromise," and
other trial balloons). As past crypto legislation has shown, these folks
are thinking 2-3 years out. (FOIAed documents from the 1992-4 period showed
what they were really thinking, and what later appeared as proposed
legislation, and as actual EAR/BXA rules.)
>[I could imagine a ban on NEW un-escrowed crypto, with old stuff
>grandfathered, and the TLAs betting that the need to inter-operate will
>slowly drive the old stuff of the airwaves (not to mention that use of old
>stuff will then set up flares to those doing traffic analysis). But even
>that would be a tough sell in Congress I think, and of dubious
>constitutionality. Although I cannot say I am 100% certain courts would
>strike it down, I'm prepared to argue the case.]
>
>But, no harm in hypos -- use 'em every day in class...
Indeed, arguing hypos is invaluable in preparing strategies.
>> Does the widespread use of it, the availability on CD-ROMs, the countless
>> spare copies lying around on backup disks and tapes, and even the print
>> copies, etc., make a decision to declare it contraband unreasonable? After
>
>No. However, there is a clear 5th Amendment "taking" issue. If the
>government is going to take some of your property or render it worthless,
>which amounts to the same thing, e.g. allow you to own but not use a
>program, then it must pay you just compensation for the value of that
>property.
So, is the government going to "pay just compensation" for the hundreds of
thousands of radio scanners bought legally prior to the new ban on using
such scanners for their intended purposes?
I'm not holding my breath.
Does the government pay just compensation for firearms declared to be
illegal? (Note that I'm talking about the "gun buyback" programs in various
cities, which are in all cases just publicity stunts.)
Specifically, what happened to the "takings" issue when machine guns were
required to be "licensed" for $250 each in the late 20s or early 30s? (The
licensing fee was then set at $250, if I recall what I read correctly. The
farmer who had a Thompson submachine gun, for defense, etc., had two
choices: apply to the government for a license and pay $250, or surrender
it. $250 in the 1930s was of course a very large sum. Most of the Thompsons
now in police lockers around the country--and there are still many of
them--were gotten this way.)
Note that I'm not addressing the controversial and oft-argued case of
whether a farmer or citizen or security guard "needs" a Thompson submachine
gun, just pointing out that many such firearms have been declared
contraband in various communities or in the nation in general without any
"compensation" paid. So much for "takings." (I realize the takings argument
has only recently resurfaced as a major Supreme Court hot button, pace the
environmental regulations, but I am still doubtful that modern
contrabandings (my new verb) will result in compensation. Again, will the
government pay out hundreds of millions for the legally-bought scanners
which are about to become illegal to use ?)
Oh, and what happened to the "takings" argument when marijuana was declared
contraband in the 1930s? (And similar arguments for many other vegetables
or chemicals suddenly declared to be contraband.)
>Probably for political and "takings" reasons. I agree that grandfathering
>is a likely part of the absolute worst case version.
>
Which of course means that using PGP or MailSafe or whatever inside a key
escrow wrapper would of course remain legal. (After all, what's _inside_
the wrapper is just my _text_. That it happens to be in code, or pig Latin,
or in PGP form, is my business. If using PGP remains legal, then one can
nest it, include it, comment on it, whatever. (There are wrinkles to
consider. Could PGP remain legal to own and use, just not legal to use with
escrowed encryption? I would love to see a lawyer try to argue this one.)
Remember this point about nested encryption when we get to the "traffic
analysis" point below.
>>
>> If Grandma fails to realize that sending her e-mail with PGP is now a
>> crime, will she be prosecuted? If little Johnny is rooting through Dad's
>> hand-me-down computer and starts playing with PGP, will he be busted?
>
>In practice, prosecutors usually have something better to do. The flip
>side of headline-grabbing prosecutors who like to find "internet crimes"
>to frighten voters with is their unwillingness to prosecute grandmas and
>kids when they are naive rather than evil.
A recipe for selective prosecution. Something we're seeing a lot more of.
And as more things become illegal, and we all become felons (as my .sig
used to point out), the State has troublesome lattitude in deciding whom to
prosecute.
It seems to me a defense attorney could point to the use of "illegal
crypto" by Grandma and Little Johnny and Newt Gingrich and others and claim
his client, Ramzi Yousef, was being selectively prosecuted for his use of
illegal crypto.
(The evidence about Grandma and Newt and others would probably become
general knowledge as governnment released statistics on how many people are
still flouting the new law, and from entropy analysis of packets passing
through nodes, and so on. I don't want to really debate the details of
this, but I'm confident that a law being ignored by hundreds of thousands
of users would result in the "selective prosecution" evidence I've
described.)
>
>> My questions are serious, not just polemical. I'm curious how law
>> enforcment plans to deal with the millions of copies of strong crypto
>> already scattered around the U.S. and the world.
>
>I doubt there's a plan. Especially as I doubt that there's any likelihood
>of a ban on old crypto. They know that if they can ban new, the passage
>of time will do the job for them.
I'm skeptical about this. The very users who have the most to lose by using
key escrow will be the likeliest to use PGP and suchlike. (Implicit in my
earlier points about the legality of PGP is that distribution of copies of
PGP would remain legal. If I have a legally-freeware version of PGP, like
2.6.x was, it remains legal for me to give it to my friends, to put it on
sites, etc. Doesn't it? If the Feds tried to say "You can keep your copy of
PGP 2.6.3, but you can no longer use it in multiple places, or give copies
to others, or share it any way," then we will truly be in an odd legal
situation.)
I've never bought the "But criminals are too stupid to use good tools to
protect their privacy" line. I see the use of cellphones and pagers by
street kids, the use of cutouts and ratlines to forestall busts, and of
course the use of encryption by freedom figthers, terrorists, spies, etc.
"Duh."
(Freeh and Gore are now acknowledging this, citing Aldrich Ames being urged
to encrypt, Ramzi Yousef encrypting, etc. No startling revelation, but it
drives a stake through the "criminals are too dumb" line that some were
using a couple of years ago.)
And if key escrow is ever mandated for "new" crypto, expect a huge campaign
by folks like us to get the word out about the advantages of using "old"
crypto. Expect a huge surge in hits on PGP download sites, and lots of
folks helping to get the older crypto out.
(And "old" crypto is arguably as good as, or better than, new crypto.
Unlike a lot of areas, there's no reason to expect a 1995-vintage version
of PGP or similar product will become obsolete. Speed is not an issue,
practically speaking. Familiar points to you all.)
>> As it stands, there is zero chance that sensitive communications by freedom
>> fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to
>> use key escrow systems when PGP and even older variants (like MailSafe) are
>> so widely available.
>
>Still will stand out for traffic analysis purposes, however.
The analysis of this point demands a much closer consideration of how many
people are using old vs. new crypto.
Consider just a few scenarios:
Scenario 1: By 2005, 99% of users have adopted Big Brother Inside crypto.
The remaining 1% consist of tired old Cypherpunks and ACLU diehards. The
FBI and NSA tag these messages and compile contact dossiers.
(This is the most favorable scenario for the government, but even it fails
to stop that 1% from communicating securely. And of course the traffic
analysis goals are partly thwarted by the use of remailers. I am assuming
remailers remain legal. If not legal in the U.S., surely legal somewhere in
the world. A familiar argument.)
Scenario 2: By 2005, an explosion of packet encrypters, bundlers of
packets, SWAN-type link encryption, and so on have been deployed. Packets
are flowing zillions of ways, as mixtures of frame relay, ATM, and all
sorts of data types. PipeNet systems are running constant-bandwidth
connectons between sites. A plethora of crypto systems are being used.
Government has attempted to mandate escrowed encryption for "new" crypto,
but a variety of "old" crypto remains legal for use in encrypting links, in
using with remailers, etc. The FBI and NSA find that 80% or more of all
traffic they try to intercept (*) is encrypted in ways they can't decipher.
Even if the citizen-units are being good sheeple and are using approved
escrow crypto, other crypto is hiding their packets.
(* By the way, as a sidenote, apparently lost in this debate about approved
crypto is the whole issue of the legality of FBI and NSA sniffing of
packets. We all know that UKUSA- and Echelon-type sniffing and surveillance
goes on, even though the NSA is ostensibly barred from domestic
surveillance, but the whole enforceability of a ban on unescrowed new
crypto will essentially require widespread sniffing of packets to ensure
compliance. As some packets will be in plaintext, does this not equate to
government reading e-mail? This surely is a major topic for discussion once
the escrowed crypto legislation is proposed.)
It is this compliance sniffing argument we made some years back, with
someone's immortal, "Use a random number, go to jail" line.
Scenario 3: Widespread use of wrappers. Or "superencryption." To forestall
traffic analysis, escrowed crypto is used. But the contents are
superencrypted with PGP or somesuch. If PGP remains legal to use, then such
superencryption surely cannot be illegal (as that would be mandating the
form of speech within a message, barred by the First). (This scenario would
not be ideal for all uses, as contact tracing would still be a concern.
Lots of issues here.)
Scenario 4: To thwart traffic analysis and monkeywrench escrowed
encryption, Cypherpunks and others grossly expand the use of "still legal"
old crypto. Sort of like PipeNet, with scripts used to send cover messages
to other users, to randomly selected sites, etc. Sending PGP-encrypted
dummy messages to thousands of public figures, for example. (And it doesn't
really matter what the contents are.)
I concede that sophisticated Bayesian pattern extraction programs can
perhaps still distill useful contact matching data, even out of tens of
thousands of bogus messages, but the practical effect of all this cover
traffic will be to make traffic analysis much more problematic than in,
say, Scenario 1.
And PipeNet sorts of contant-bandwidth systems make traffic analysis iffy.
Also, use of remailers, of course.
These are some of the scenarios. Some overlap. And the likely actual
future, circa 2005, will probably be a mix of several of these scenarios.
One thing is for sure, though: that the vast number of packages containing
crypto today will likely still be in heavy use.
The main point is that in a world with a million or so copies of PGP
already distributed, out on CD-ROMs sitting on thousands of bookshelves,
buried in vast numbers of hard disks, and yet still perfectly usable into
far into the next century (neither 112-128 bit IDEA nor 2048-bit RSA are
likely to be cracked in the next 100 years, barring breakthroughs in math).
This is the dilemma faced by the snoopers. The horse are out of the barn,
and closing the gate now is essentially pointless.
I believe strongly that those most in need in crypto--freedom fighters,
guerilla cells, drug dealers, pornographers, Mormons, Jews, abortionists,
Cypherpunks, etc.--will not be "too dumb" to use some of this "old" crypto.
I'd love to debate David Aaron or Dorothy Denning or William Reinisch in a
public forum on this point.
>If I were in charge of making crypto hard to use in the US, I'd focus on
>criminalizing the manufacture, sale, or distribution of new UN-escrowed
>crypto.
And older crypto? Would you try to make it a felony to give, sell, or lend
a CD-ROM that happened to have one of the millions of copies of PGP on it?
And would you make it a felony for someone to connect to a site in Italy or
Finland and download a crypto program?
(Yet another issue we aren't touching on here, that such laws would of
course have to try to criminalize imports. I grant you that some imports
are already illegal, as we all know so well, so I'm not claiming this is
not the case now. But a tiny little program that fits on a CD-ROM or DAT or
diskette or whatever is a rather hard thing to stop from being imported. As
we all must surely know by heart now.)
>I predict that the legal issues regarding old crypto are so tough, and the
>gains to LEOs so small in the long run, that they won't bother banning it.
>Especially not in phase one.
Since we're discussing hypos, I'd love to hear your speculations about what
"Phase Two" might be.
I welcome this discussion. It seems to me that much of the crypto debate
these days is mostly boring recitations of past positions. Those in
government are not even bothering anymore to try to defend their position,
to lay out what the legal safeguards might be.
(Remember all that mind-numbing detail about Clipper, about "LEAF"-fields,
about how many agencies or entities might hold the keys, about the various
fields and subfields within Clipper? As bad as Clipper was, there at least
had been much work put into the logistical and legal issues. Not enough, of
course, as the basic idea fell apart quickly enough, but at least a lot of
detail. Contrast that with the later Clipper 2, 3, and 4 stuff, where fewer
and fewer details emerged. And now we are speculating almost blindly on
what a "crypto ban" might look like. Probably because there really is no
set of Clipper-like details which can get around the basic reality that to
ban unapproved crypto would require police state measures.)
--Tim May
Just Say No to "Big Brother Inside"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Sun, 8 Mar 1998 16:35:25 -0500
From: Dave Emery <die@die.com>
To: Vin McLellan <vin@shore.net>
Cc: cypherpunks@toad.com
Subject: Re: [LEGAL] Crypto as Contraband?
On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote:
>
> Whoever at NSA decided that the US national security interests in
> crippled-crypto products, such as it is, could be sustained by such a
> mechanism obvously never heard of the 2600 tone, once the biggest secret of
> the telephone companies. And those who ignore the past, etc., etc....
As someone who was alive and curious back then (mid 60's), I'd
take issue with this. I found plenty of technical papers in the Bell
System Technical Journal proudly describing so called SF E&M signalling
(which uses 2600 hz) in great detail, along with MFKP (blue box tones)
and the whole signalling and switching architecture of the (then) Bell
system. They were proud of what they had developed and quite willing to
share it with the technical community - it was no dark secret at all.
There was even a technical paper that described in detail a bizzare two
frequency one transistor oscillator that allowed them to build what was
essentially a blue box into a operator console keypad.
The problem was that nobody outside of a few insider engineers
with devious twisted hacker style imaginations and the spook agency
types had ever asked what might happen if you sent these in-band tones
down the line from a subscriber telephone at just the right (or wrong)
moments, and what it might be possible to do with this knowlage.
Nobody else knew or cared to find out what might happen if...
It is a sad day for US national security if people entrusted
with protecting it don't think about how to defeat the protections they
put in place because they are linear thinkers hobbled by the idea that
everyone will do only the most obvious things. But I really think that
they perfectly well know that current software can be easily patched to
defeat controls, and that there is little they can do about it. Nor is
the threat from software patches to Netscape really likely to endanger
much, since there is already a lot of software like PGP available that
is already strong. In fact I rather suspect that they are quite happy
to see that patch in ciculation since it substantially bolsters their
long held insistance that all crypto be implemented in tamperproof
hardware chips and not software.
What scares me, as I have said before on this list, is what
happens when future tamperproof Intel CPUs acquire the ability to run
encrypted code decrypted inside the processor and all copies of Windows
2001 are completely unpatchable and opaque (without breaking the crypto)
and nicely jiggered to enforce rules about what programs are allowed to
do what or even run at all.
--
Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: Sun, 8 Mar 1998 17:16:18 -0500 (EST)
From: Declan McCullagh <declan@pathfinder.com>
To: Vin McLellan <vin@shore.net>
cc: cypherpunks@algebra.com
Subject: Re: [LEGAL] Crypto as Contraband?
On Sun, 8 Mar 1998, Vin McLellan wrote:
> There is now no lack of strong crypto implementations for encrypted
> mail world-wide. It may not be fully enabled yet, but the functionality is
> available everywhere you can find Netscape, arguably the single most
> popular cross-platform client ever.
Hmm. Yes, we know this. I wrote about this last month, and others wrote
about it last fall when the original, limited, hack was put up on
fortify.net. But many, almost certainly most, browser-owners aren't likely
to use it because they don't trust the patch or because it's set up that
way by default. Defaults are important. Maybe that's what the NSA/FBI are
counting on.
-Declan
Date: Sun, 8 Mar 1998 17:47:41 -0500
From: Dave Emery <die@die.com>
To: cypherpunks@toad.com
Subject: Re: [LEGAL] Crypto as Contraband?
On Sun, Mar 08, 1998 at 04:35:25PM -0500, Dave Emery wrote:
> On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote:
> >
> What scares me, as I have said before on this list, is what
> happens when future tamperproof Intel CPUs acquire the ability to run
> encrypted code decrypted inside the processor and all copies of Windows
> 2001 are completely unpatchable and opaque (without breaking the crypto)
> and nicely jiggered to enforce rules about what programs are allowed to
> do what or even run at all.
>
To amplify my point a bit, it is widely reported that Bill Gates
(who is alleged to have started out in business by pirating and selling
DEC software as a high school student) has a particularly keen desire to
control the widespread piracy of MS products. His aggressive pushes to
assert his property rights are well known (and not atypical of reformed
sinners if the probably apocryphal report is true).
And Microsoft, with its enormous market share of Wintel
software, has a very strong incentive to push for implementation of
copyright controls and smartcard authentication for its products into
the basic architecture of PCs. And guess what - it controls the high
level architecture of the worlds PCs pretty much entirely by its
monopoly control of the major operating systems that run on them. So
it seems frighteningly likely that Microsoft - which would stand to gain
a lot of money now lost to piracy from such a feature - will very gladly
do all it can to see that crypto based strong copyright enforcement is
built into the hardware and inner regions of the operationg system of
Wintel systems.
And making this work clearly requires that the relevant parts of
the inner kernel be unmodifiable (easy to do with digital signatures),
and probably kept extremely secret (easy to do with crypto). In such an
environment it is awfully easy to strike a deal with the government that
adds a little piece or two of code in that black inner space in exchange
for a bending a bit on anti-trust enforcement.
--
Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass.
PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: Sun, 8 Mar 1998 17:31:14 -0500 (EST)
From: Declan McCullagh <declan@pathfinder.com>
To: Tim May <tcmay@got.net>
cc: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>,
cypherpunks@cyberpass.net
Subject: Re: [LEGAL] Crypto as Contraband?
Prof. Froomkin writes:
> >If I were in charge of making crypto hard to use in the US, I'd focus on
> >criminalizing the manufacture, sale, or distribution of new UN-escrowed
> >crypto.
Tim May writes:
> And older crypto? Would you try to make it a felony to give, sell, or lend
> a CD-ROM that happened to have one of the millions of copies of PGP on it?
> And would you make it a felony for someone to connect to a site in Italy or
> Finland and download a crypto program?
Yes. This is what one of the SAFE bills passed by a House committee last
year -- and competing with others to go to the floor for a vote -- does.
A flat ban on the manufacture, sale, distribution, and *IMPORT* of
unapproved encryption products. It probably will be tinkered with, such as
I wrote in my previous message in this thread, to deal with law
enforcement exemptions, government exemptions, legitimate research
exemptions.
It also said explictly it would be legal to USE old crypto, and thus,
presumably possess it. But the distribution ban is the kicker.
-Declan
Date: Mon, 9 Mar 1998 04:47:08 +0100 (MET)
Subject: Re: [LEGAL] Crypto as Contraband?
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
...
> So, is the government going to "pay just compensation" for the hundreds of
> thousands of radio scanners bought legally prior to the new ban on using
> such scanners for their intended purposes?
>
> I'm not holding my breath.
Well, the argument is that scanners still have other uses. Compensation
is not due if something is no longer usable for its intended use, but only
if it has *no* value (or almost no value) anymore. This area of law comes
primarily from real property zoning cases in which wetlands were zoned for
no development and hence had no commercial value. It's a moving target
and controversial.
> Does the government pay just compensation for firearms declared to be
> illegal? (Note that I'm talking about the "gun buyback" programs in various
> cities, which are in all cases just publicity stunts.)
Again, the law in this area is new. I'd think, however, that there would
be an awfully good takings claim if you had to turn in or dispose of a
firearm. I think, however, that this is the sort of issue where class
actions are *not* allowd: traditionally valuation is not a fit subject for
class certification since it is presumed that each individual item may
need individual valuation. (Software would seem to be an exception to the
policy behind the rule in a way that guns are not, since there's no
wear-and-tear on software, but I cannnot recall if the rule is written in
a way that even allows exception).
> Oh, and what happened to the "takings" argument when marijuana was declared
> contraband in the 1930s? (And similar arguments for many other vegetables
> or chemicals suddenly declared to be contraband.)
It's an interesting question. When a formerly legal chemical is declared
contraband, there may be a takings claim. Whether anyone had enough of it
around to make it worth pursuing is a different question.
> >Probably for political and "takings" reasons. I agree that grandfathering
> >is a likely part of the absolute worst case version.
> >
>
> Which of course means that using PGP or MailSafe or whatever inside a key
> escrow wrapper would of course remain legal. (After all, what's _inside_
> the wrapper is just my _text_. That it happens to be in code, or pig Latin,
> or in PGP form, is my business. If using PGP remains legal, then one can
Sounds right to me.
> nest it, include it, comment on it, whatever. (There are wrinkles to
> consider. Could PGP remain legal to own and use, just not legal to use with
> escrowed encryption? I would love to see a lawyer try to argue this one.)
Now this is a fun hypo: I think it's a fairly close call, but leans
against the law. On the one hand, the individual users' claim is not a
strong as it could be, since the intrusion is limited -- the circumstances
where you would need to use PGP inside GAKware, and plain PGP would not
work, might be limited; the strongest facts might be a need to communicate
with someone (family) in a foreign country that banned plain PGP. On the
other hand, the government would be hard pressed to come up with a strong
rationale for the law -- assuming, as I do, that it won't come into open
court and argue the need to do traffic analysis domestically.
Unfortunately, the need to do so internationally is not embarrassing, so
where the citizen has the strongest case, so does the government.
> Remember this point about nested encryption when we get to the "traffic
> analysis" point below.
[...prosecution of grandma hypo ... ]
> A recipe for selective prosecution. Something we're seeing a lot more of.
> And as more things become illegal, and we all become felons (as my .sig
> used to point out), the State has troublesome lattitude in deciding whom to
> prosecute.
>
> It seems to me a defense attorney could point to the use of "illegal
> crypto" by Grandma and Little Johnny and Newt Gingrich and others and claim
> his client, Ramzi Yousef, was being selectively prosecuted for his use of
> illegal crypto.
This won't ever work. The legal system, indeed society, would grind to a
halt if Murderer A could get off because no one had caught and prosecuted
Murderer B. In a world of scare resources, it is inevitable that some
people will get away with stuff. That cannot and should not and is not a
defense for those who get caught.
Selective prosecution is only even a possible defense if you can show
personal or political animus on the part of the prosecutor. Which is very
hard.
> ... I don't want to really debate the details of
> this, but I'm confident that a law being ignored by hundreds of thousands
> of users would result in the "selective prosecution" evidence I've
> described.)
No. Think of the drug laws: it's obvious lots of cases go unpunished, but
we still jail those we catch.
> >> My questions are serious, not just polemical. I'm curious how law
> >> enforcment plans to deal with the millions of copies of strong crypto
> >> already scattered around the U.S. and the world.
> >
> >I doubt there's a plan. Especially as I doubt that there's any likelihood
> >of a ban on old crypto. They know that if they can ban new, the passage
> >of time will do the job for them.
>
> I'm skeptical about this. The very users who have the most to lose by using
> key escrow will be the likeliest to use PGP and suchlike. (Implicit in my
> earlier points about the legality of PGP is that distribution of copies of
> PGP would remain legal. If I have a legally-freeware version of PGP, like
> 2.6.x was, it remains legal for me to give it to my friends, to put it on
> sites, etc. Doesn't it? If the Feds tried to say "You can keep your copy of
> PGP 2.6.3, but you can no longer use it in multiple places, or give copies
> to others, or share it any way," then we will truly be in an odd legal
> situation.)
>
> I've never bought the "But criminals are too stupid to use good tools to
> protect their privacy" line. I see the use of cellphones and pagers by
> street kids, the use of cutouts and ratlines to forestall busts, and of
> course the use of encryption by freedom figthers, terrorists, spies, etc.
> "Duh."
>
> (Freeh and Gore are now acknowledging this, citing Aldrich Ames being urged
> to encrypt, Ramzi Yousef encrypting, etc. No startling revelation, but it
> drives a stake through the "criminals are too dumb" line that some were
> using a couple of years ago.)
There are three interesting issues raised here. The first is to what
extent Freeh et al have thought through the practical details of what
they may hope to propose. We don't know; I used to think, not at all, but
there is now some evidence that they have turned some decent minds to some
of the problems. On the practical front, we see TIS, HP, and others
trying to build workable key control infrastructures. This is the most
serious issue: a working prototype will change the political debate, and
cut the legs out from under the kinds of arguments advanced in the
cryptographers' letter against escrow about a year ago.
The second is the legal groundwork. Here too there is some grounds for
pessimism. I found the bill proposed to the House Select Committee on
Intelligence last year as a substitute amendment for SAFE to be
well-drafted; it is one or two cuts above the earlier attempts, making
beating it in court a non-trivial although still do-able job.
The third issue is, what this is all designed to achieve? Much of that
debate has been covered on this list over the years; the new element in
the above is the suggestion that the "dumb criminal" rationale is now
inoperative, or perhaps exposed as a Plot. I beg to differ. I've always
agreed that "smart" criminals won't use GAKware; but I think you have to
look at this from a law enforcement perspective. Anything that reduces the
access or ease of use of strong un-escrowed cryptography is, from this
view, a win. It's a win when people don't bother to use the strong stuff
because it's inconvenient or they are in a hurry, or this message doesn't
seem that important. It's a win when criminals can't use the strong stuff
to communicate with people outside the conspiracy -- like car rental
agencies. It tells you something about their plans, and likely movements.
And so on. Bottom line: I think that the LEOs think (correctly) that
from their perspective even marginal, incremental, gains are worth a fair
amount of effort. I think I would take that view if I were in their
shoes, and I don't think it's either evil or irrational. It merely
ignores the pernicious side-effects of the policy.
[...]
> >Still will stand out for traffic analysis purposes, however.
>
> The analysis of this point demands a much closer consideration of how many
> people are using old vs. new crypto.
>
> Consider just a few scenarios:
>
> Scenario 1: By 2005, 99% of users have adopted Big Brother Inside crypto.
> The remaining 1% consist of tired old Cypherpunks and ACLU diehards. The
> FBI and NSA tag these messages and compile contact dossiers.
>
> (This is the most favorable scenario for the government, but even it fails
> to stop that 1% from communicating securely. And of course the traffic
> analysis goals are partly thwarted by the use of remailers. I am assuming
> remailers remain legal. If not legal in the U.S., surely legal somewhere in
> the world. A familiar argument.)
I see remailers as being the next big controversy for exactly this reason.
There are a number of legal tricks one could imagine to make running a
remailer so risky as to make very few people willing to do it -- without
actually making it illegal, which runs into constitutional problems.
> Scenario 2: By 2005, an explosion of packet encrypters, bundlers of
> packets, SWAN-type link encryption, and so on have been deployed. Packets
> are flowing zillions of ways, as mixtures of frame relay, ATM, and all
> sorts of data types. PipeNet systems are running constant-bandwidth
> connectons between sites. A plethora of crypto systems are being used.
> Government has attempted to mandate escrowed encryption for "new" crypto,
> but a variety of "old" crypto remains legal for use in encrypting links, in
> using with remailers, etc. The FBI and NSA find that 80% or more of all
> traffic they try to intercept (*) is encrypted in ways they can't decipher.
> Even if the citizen-units are being good sheeple and are using approved
> escrow crypto, other crypto is hiding their packets.
>
> (* By the way, as a sidenote, apparently lost in this debate about approved
> crypto is the whole issue of the legality of FBI and NSA sniffing of
> packets. We all know that UKUSA- and Echelon-type sniffing and surveillance
> goes on, even though the NSA is ostensibly barred from domestic
> surveillance, but the whole enforceability of a ban on unescrowed new
> crypto will essentially require widespread sniffing of packets to ensure
> compliance. As some packets will be in plaintext, does this not equate to
I'm not sure I accept this assumption. I don't think that random "header
sniffing" much less full packet examination will ever be legal so long as
the 4th amendment retains any validity whatsoever. And I don't think
anyone plans this for law enforcement (intelligence is a separate issue).
But once you have an on-going investigation of someone, and a valid
warrant, it does give you another way to prosecute (think Al Capone and
tax evasion [irrelevant note: Peter Hamilton's Neutronium Alchemist has a
fun depiction of Capone]).
> government reading e-mail? This surely is a major topic for discussion once
> the escrowed crypto legislation is proposed.)
>
> It is this compliance sniffing argument we made some years back, with
> someone's immortal, "Use a random number, go to jail" line.
>
> Scenario 3: Widespread use of wrappers. Or "superencryption." To forestall
> traffic analysis, escrowed crypto is used. But the contents are
> superencrypted with PGP or somesuch. If PGP remains legal to use, then such
> superencryption surely cannot be illegal (as that would be mandating the
> form of speech within a message, barred by the First). (This scenario would
> not be ideal for all uses, as contact tracing would still be a concern.
> Lots of issues here.)
Stego. That's what Patrick Ball says the human rights groups use now in
police states.
> Scenario 4: To thwart traffic analysis and monkeywrench escrowed
> encryption, Cypherpunks and others grossly expand the use of "still legal"
> old crypto. Sort of like PipeNet, with scripts used to send cover messages
> to other users, to randomly selected sites, etc. Sending PGP-encrypted
> dummy messages to thousands of public figures, for example. (And it doesn't
> really matter what the contents are.)
Hard work. And as traffic levels go up, more and more noise is needed,
requiring more and more cover traffic. I wonder if volunteers can keep
this up over time?
> I concede that sophisticated Bayesian pattern extraction programs can
> perhaps still distill useful contact matching data, even out of tens of
> thousands of bogus messages, but the practical effect of all this cover
> traffic will be to make traffic analysis much more problematic than in,
> say, Scenario 1.
>
> And PipeNet sorts of contant-bandwidth systems make traffic analysis iffy.
> Also, use of remailers, of course.
>
> These are some of the scenarios. Some overlap. And the likely actual
> future, circa 2005, will probably be a mix of several of these scenarios.
> One thing is for sure, though: that the vast number of packages containing
> crypto today will likely still be in heavy use.
As Declan noted in another message, the most significant developments are
those that enable crypto in mass consumer packages such as Netscape. The
fact is that lots of people just automatically update to the latest thing.
And other people don't have control over their software. In my office,
for example, as a cost-saving measure we are going to a form of network
facisim: the system administrator will control all the software that you
can run on your networked desktop. He will load it and serve it to you,
and lock you out from running anything un-approved. [We will have an
opt-out, fortunately, but most people won't take it since the price of
opting out will be reduced support.]
> The main point is that in a world with a million or so copies of PGP
> already distributed, out on CD-ROMs sitting on thousands of bookshelves,
> buried in vast numbers of hard disks, and yet still perfectly usable into
> far into the next century (neither 112-128 bit IDEA nor 2048-bit RSA are
> likely to be cracked in the next 100 years, barring breakthroughs in math).
Yes, but in a world where the LEOs are playing the margins, they can live
with this if they can influence the market standards.
> This is the dilemma faced by the snoopers. The horse are out of the barn,
> and closing the gate now is essentially pointless.
I don't think we are there yet. Standards are powerful. Again, the horse
may be out of the barn for the minority of people like those on this list
who really really care about these issues. But for now, most people don't
probably care enough to give up the latest coolest software tools, if that
becomes the choice.
> I believe strongly that those most in need in crypto--freedom fighters,
> guerilla cells, drug dealers, pornographers, Mormons, Jews, abortionists,
> Cypherpunks, etc.--will not be "too dumb" to use some of this "old" crypto.
> I'd love to debate David Aaron or Dorothy Denning or William Reinisch in a
> public forum on this point.
Yes, agreed, but that isn't really the issue. (see above)
> >If I were in charge of making crypto hard to use in the US, I'd focus on
> >criminalizing the manufacture, sale, or distribution of new UN-escrowed
> >crypto.
>
> And older crypto? Would you try to make it a felony to give, sell, or lend
> a CD-ROM that happened to have one of the millions of copies of PGP on it?
> And would you make it a felony for someone to connect to a site in Italy or
> Finland and download a crypto program?
Sure would.
> (Yet another issue we aren't touching on here, that such laws would of
> course have to try to criminalize imports. I grant you that some imports
> are already illegal, as we all know so well, so I'm not claiming this is
> not the case now. But a tiny little program that fits on a CD-ROM or DAT or
> diskette or whatever is a rather hard thing to stop from being imported. As
> we all must surely know by heart now.)
The war on drugs demonstrates that this society is willing to attempt to
enforce the unenforceable if it believes the stakes are high enough.
> >I predict that the legal issues regarding old crypto are so tough, and the
> >gains to LEOs so small in the long run, that they won't bother banning it.
> >Especially not in phase one.
>
> Since we're discussing hypos, I'd love to hear your speculations about what
> "Phase Two" might be.
Phase Two won't come until and unless they can establish the market
standards in Phase One. I regret the terms "phase one" and "two" because
it makes it sound too much like there's a detailed master plan sitting in
the FBI for some gigantic social chess match. I rather doubt it. There's
a general objective: put the strong crypto genie as much in the bottle as
you can. There's some tactical short-term objectives: kill or gut SAFE;
build a working escrow infrastructure; persuade foreign governments to
join in on the escrow bandwagon. Working out the content of the next
steps probably depends on the extent to which they achieve the first ones.
> I welcome this discussion. It seems to me that much of the crypto debate
Indeed.
> these days is mostly boring recitations of past positions. Those in
> government are not even bothering anymore to try to defend their position,
> to lay out what the legal safeguards might be.
>
> (Remember all that mind-numbing detail about Clipper, about "LEAF"-fields,
> about how many agencies or entities might hold the keys, about the various
> fields and subfields within Clipper? As bad as Clipper was, there at least
> had been much work put into the logistical and legal issues. Not enough, of
> course, as the basic idea fell apart quickly enough, but at least a lot of
> detail. Contrast that with the later Clipper 2, 3, and 4 stuff, where fewer
> and fewer details emerged. And now we are speculating almost blindly on
> what a "crypto ban" might look like. Probably because there really is no
> set of Clipper-like details which can get around the basic reality that to
> ban unapproved crypto would require police state measures.)
>
Actually, the House bill was a pretty frightening first look.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | http://www.law.tm
P.O. Box 248087 |
Coral Gables, FL 33124 USA | It's warm here.
Date: Sun, 8 Mar 1998 23:41:41 -0500
To: cypherpunks@cyberpass.net
From: Declan McCullagh <declan@well.com>
Subject: Re: [LEGAL] Crypto as Contraband?
Tim May writes:
> And older crypto? Would you try to make it a felony to give, sell, or lend
> a CD-ROM that happened to have one of the millions of copies of PGP on it?
> And would you make it a felony for someone to connect to a site in Italy or
> Finland and download a crypto program?
To drop out of the hypo and back into politics for a moment, here's my
writeup from last fall. The House Rules committee currently is deciding to
send this or another version of SAFE to the floor for a vote. If it passes
the House, it will automatically be introduced in the Senate.
If I were feeling particularly conspiratorial, I'd point to CALEA as an
example of businesses cutting a deal: they'll sign off on a deal requiring
them to rewire technology for easy snooping, as long as they get paid.
-Declan
----
Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT)
From: Declan McCullagh <declan@well.com>
To: fight-censorship-announce@vorlon.mit.edu
Subject: FC: House panel votes behind closed doors to build in Big Brother
Software that protects your privacy is a controlled substance that may no
longer be sold, a Congressional committee decided today.
Meeting behind closed doors this morning, the House Intelligence committee
voted to replace a generally pro-encryption bill with an entirely
rewritten draft that builds in Big Brother into all future encryption
products. (The Senate appears to be moving in a similar direction.)
The new SAFE bill -- titled in a wonderfully Orwellian manner the
"Security and Freedom through Encryption" act even though it provides
neither -- includes these provisions:
SELLING CRYPTO: Selling unapproved encryption products (that do not
include "immediate access to plaintext") becomes a federal crime,
immediately after this bill becomes law. Five years in jail plus
fines. Distributing, importing, or manufacturing such products
after January 31, 2000 is another crime.
NETWORK PROVIDERS: Anyone offering scrambled "network service"
including encrypted web servers or even "ssh" would be required to
build in a backdoor for the government by January 31, 2000. This
backdoor must provide for "immediate decryption or access to
plaintext of the data."
TECHNICAL STANDARDS: The Attorney General will publish technical
requirements for such backdoors in network service and encryption
products, within five months after the president signs this bill.
LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be
unlawful to use any encryption product purchased or in use prior to
such date."
GOVERNMENT POWERS: If prosecutors think you may be selling,
importing, or distributing non-backdoor'd crypto or are "about" to
do so, they can sue. "Upon the filing of the complaint seeking
injunctive relief by the Attorney General, the court shall
automatically issue a temporary restraining order against the party
being sued." Also, there are provisions for holding secret
hearings, and "public disclosure of the proceedings shall be
treated as contempt of court." You can request an advisory opinion
from the government to see if the program you're about to publish
violates the law.
ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting
police access to your encrypted data. But all the government has to
do to get one is to provide "a factual basis establishing the
relevance of the plaintext" to an investigation. They don't have to
demonstrate probable cause, which is currently required for a
search warrant. More interestingly, this explicitly gives the FISA
court jurisdiction (yes, the secret court that has never denied a
request for a wiretap). If they decode your messages, they'll tell
you within 90 days.
GOVERNMENT PURCHASING: Federal government computer purchases must
use a key escrow "immediate decryption" backdoor after 1998. Same
with networks "purchased directly with Federal funds to provide the
security service of data confidentially." Such products can be
labeled "authorized for sale to U.S. government"
ENCRYPTION EXPORTS: The Defense & Commerce departments will control
exports of crypto. Software "without regard to strength" can be
exported if it includes a key escrow backdoor and is first
submitted to the government. Export decisions aren't subject to
judicial review, and the "president may by executive order waive
any provision of this act" if he thinks it's a threat to national
security. Within 15 days, he must send a classified briefing to
Congress.
ADVISORY PANEL: Creates the Encryption Industry and Information
Security Board, with seven members from Justice, State, FBI, CIA,
White House, and six from the industry.
INTERNATIONAL: The president can negotiate international agreements
and perhaps punish noncompliant governments. Can you say "trade
sancation?"
(Other provisions barring the use of crypto in a crime and
some forms of cryptanalysis are also in the bill.)
Next the Commerce Committee will vote on SAFE, and a former FBI
agent-turned-Congressman is vowing to ensure that similar language to this
is included. (The committees are voting on the bill in parallel, and a
four-person team of Congressmen is working to forge a compromise before
Commerce votes.) Then the heads of the five committees that have rewritten
the legislation will sit down and work out another compromise. If it's
acceptable to the House Rules committee -- and if the FBI/NSA get what
they want it will be -- the bill can move to the floor for a vote.
That's why the encryption outlook in Congress is abysmal. Crypto-advocates
have lost, and lost miserably. A month ago, the debate was about export
controls. Now the battle is over how strict the //domestic// controls will
be. It's sad, really, that so many millions of lobbyist-dollars were not
only wasted, but used to advance legislation that has been morphed into a
truly awful proposal.
I wrote more about this at:
http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html
-Declan
Date: Sun, 8 Mar 1998 21:01:26 -0800
To: declan@well.com
From: Tim May <tcmay@got.net>
Subject: Re: [LEGAL] Crypto as Contraband?
Cc: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>,
cypherpunks@cyberpass.net
The core issue here is of _provenance_. How can several hundred thousand
users who legally downloaded or acquired or bought or received PGP and
other crypto programs be expected to "prove" they possessed these programs
prior to some grandfathering date? Especially when most such downloads and
acquisitions were done with no records being kept. I, for example, have
probably 4 or 5 versions of PGP, with multiple copies of some versions, not
even counting backups. Yet none of them do I have "paperwork" for.
In fact, as we all know, copies of PGP are neither serial numbered nor
identified in any way to make them unique to a user. Representatives from
PGP, Inc. assured us a while back that they took pains to not know who
their customers were (e.g., by not asking for customers to "register" their
program)
There is no way to prosecute someone for failing to prove they acquired the
program prior to some date...unless they are literally caught in the act of
acquiring it after the grandfathering date. Hardly feasible.
Such a law would make most of us felons. Perhaps this is their intent.
At 2:31 PM -0800 3/8/98, Declan McCullagh wrote:
>Prof. Froomkin writes:
>> >If I were in charge of making crypto hard to use in the US, I'd focus on
>> >criminalizing the manufacture, sale, or distribution of new UN-escrowed
>> >crypto.
>
>Tim May writes:
>> And older crypto? Would you try to make it a felony to give, sell, or lend
>> a CD-ROM that happened to have one of the millions of copies of PGP on it?
>> And would you make it a felony for someone to connect to a site in Italy or
>> Finland and download a crypto program?
>
>Yes. This is what one of the SAFE bills passed by a House committee last
>year -- and competing with others to go to the floor for a vote -- does.
>
>A flat ban on the manufacture, sale, distribution, and *IMPORT* of
>unapproved encryption products. It probably will be tinkered with, such as
>I wrote in my previous message in this thread, to deal with law
>enforcement exemptions, government exemptions, legitimate research
>exemptions.
>
>It also said explictly it would be legal to USE old crypto, and thus,
>presumably possess it. But the distribution ban is the kicker.
I noted in a a couple of places in my long article this morning about the
"Alice in Wonderland" aspects of any grandfatherings.
OK, so suppose _distribution_ of once-legal copies of PGP is banned. (Huh?)
So how do the enforcers prove the provenance of what they seize, or what
they sniff over the airwaves and landlines? Do the raiders hit a house or
business and demand the "proof of purchase" be presented?
For nearly all things I purchase or download, there are either no serial
numbers, or I keep no copies of receipts. Many of my guns, for example, I
bought at gun shows. And there were no records.
(This is also a very serious point. There are virtually no laws that I am
aware of that say a citizen-unit must _prove_ via receipts and serial
numbers and such that he obtained something before such-and-such date. The
only time I hear any warnings to "be sure to keep receipts" is for tax
records and for warranty work. Never because government may someday demand
proof of when something was acquired. The burden of proof is on the
government and legal system to prove a positive crime, not to require a
citizen to produce proof of legality. At least for all things I possess,
including guns, explosives, chemicals, and drugs. And crypto, presumably.)
If the Encryption Police demand records of purchase dates, or download
dates, I'd have to say to them: "Fuck you. I kept no records. Nor did the
law require me to (or pay my hourly rates for the labor involved). So, get
the fuck off my property, or I'll consider you a trespasser."
Whether I would have the guts to say this I don't know. I hope I would. I
make this point in an extreme way to emphasize the Alice-in-Wonderland
nature of this hypo.
(Copies of PGP were downloaded by thousands of organizations. Who gets to
"have" these copies when the ban goes into effect? Will we jail people who
fail to present download logs showing they downloaded PGP before the ban?
What if they downloaded PGP in 1993, but failed to save their download
logs? (How many of us save such records? And these records are just text
files, so they can be faked trivially, and have no legal standing, I would
think.)
Arggh.
I submit that there is absolutely no way the government of the U.S. can
crack down on the million or so copies of PGP which have been distributed,
downloaded, shared, traded, bought, pirated, etc. Any notion that "those
who possessed strong crypto at the time of this bill's passage, all later
possessor are felons" is too absurd to take seriously.
--Tim May
Just Say No to "Big Brother Inside"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 21:04:07 +0100 (MET)
Subject: Re: [LEGAL] Crypto as Contraband?
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
On Sun, 8 Mar 1998, Tim May wrote:
> The core issue here is of _provenance_. How can several hundred thousand
> users who legally downloaded or acquired or bought or received PGP and
> other crypto programs be expected to "prove" they possessed these programs
> prior to some grandfathering date? Especially when most such downloads and
Well, the burden of proof will always be on the prosecution. So they'll
need something tangible -- testimony, login records, something to overcome
your word that you had it before the deadline. And they'll have to
convince a jury.
[...]
> Such a law would make most of us felons. Perhaps this is their intent.
Not if there is grandfathering. I suppose if you are paranoid about it
you could be sure and register a key and timestamp it before the deadline,
to establish ownership. The disadvantage of this strategy of course is
that anyone who didn't would be subject to nasty cross-examination...
> (Copies of PGP were downloaded by thousands of organizations. Who gets to
> "have" these copies when the ban goes into effect? Will we jail people who
The organization is often a legal person. So it gets to have it, and all
members get to use it.
> I submit that there is absolutely no way the government of the U.S. can
> crack down on the million or so copies of PGP which have been distributed,
> downloaded, shared, traded, bought, pirated, etc. Any notion that "those
> who possessed strong crypto at the time of this bill's passage, all later
> possessor are felons" is too absurd to take seriously.
>
Well, probably, but see the drug laws. So we may as well take it
seriously.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | http://www.law.tm
P.O. Box 248087 |
Coral Gables, FL 33124 USA | It's warm here.
Date: Mon, 9 Mar 1998 14:39:14 -0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
From: Tim May <tcmay@got.net>
Subject: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography
Cc: cypherpunks@cyberpass.net
At 11:59 AM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote:
>On Sun, 8 Mar 1998, Tim May wrote:
>
>> The core issue here is of _provenance_. How can several hundred thousand
>> users who legally downloaded or acquired or bought or received PGP and
>> other crypto programs be expected to "prove" they possessed these programs
>> prior to some grandfathering date? Especially when most such downloads and
>
>Well, the burden of proof will always be on the prosecution. So they'll
>need something tangible -- testimony, login records, something to overcome
>your word that you had it before the deadline. And they'll have to
>convince a jury.
"NASTY CROSS EXAMINATION"
Sure, but as you point out below, there is the "would be subject to nasty
cross-examination" issue. Which is just part of the general nastiness which
will happen long before cases ever reach a jury of one's peers. This is,
forgive me for sounding anti-legal system, the real power prosecutors have
to make life miserable for citizens.
Which jury was it that was convinced Susan McDougal needed to spend 18
months (and counting) in a federal prison? (The technical answer is that
Ken Starr's grand jury, and the judge overseeing the case...as I understand
the McDougal jailing on contempt charges. But the point is that it sure
wasn't the kind of jury of one's peers I take your point above to mean.)
If the crypto laws we are talking about happen, "convincing a jury" will
probably not be the important issue. Because before this jury stuff happens
will come the pre-dawn BATFC (Bureau of Alcohol, Tobacco, Firearms and
Cryptography) raids, the asset forfeitures, the scrutinizing of seized hard
drives for evidence of illegal software, porn, bomb-making instructions,
and terrorist material.
(And of course was no "convincing a jury" before Randy Weaver's home was
attacked, and his wife and son shot dead. Or before Waco was burned to the
ground, possibly (probably in my view, but opinions are mixed) by the BATF.
Or before "child porn rings" were broken up with pre-dawn raids. Or before
MOVE headquarters in Philadelphia was firebombed from above. And so and so
on.)
THE WAR ON CRYPTO AND THE WAR ON DRUGS
Will using unescrowed crypto be treated by the courts as "probable cause"
to raid a house or business, with the "perp" jailed until at trial he
somehow (if he can) proves that he was legally allowed to own the crypto?
You see, unlike the "War on Drugs," bad as that war is, crypto is not like
drugs. Cocaine and marijuana and whatnot are ipso facto banned materials,
with no "grandfathering" of older possession. Basically, unless one has a
license to possess these drugs (pharmacies, research labs, law enforcement,
CIA, DEA, etc.) one is guilty of "felony possession." Or something worded
like that.
Even with firearms, serial numbers establish manufacture dates. (I'm not
apologizing for firearms laws, which I oppose, just noting the vastly
easier enforcement of such grandfathering laws.)
But with PGP and such, often there are no serial numbers, no registration
process, nothing of this sort. (PGP explained to a recent Cypherpunks
meeting that *of course* they don't want serial numbers and customer
records and whatnot, for obvious reasons.)
GRANDFATHERING OF CRYPTO UNWORKABLE
So a "grandfathering" of certain crypto presents massive problems for all
concerned. There is no way any prosecutor can actually _prove_ that a
specific use of PGP was with a nonlegal version, unless that version was
actually created after the grandfathering date. Even catching a person
downloading crypto says little about his use of some program...he might
claim he acquired the PGP 2.6.3 years earlier, and that the latest download
of 2.6.3 was inadvertent, or to compare it to his older version, etc.
I just can't see this grandfathering working. And the notion you express
(I'm speaking about Michael Froomkin) that citizen-units would be advised
to create "records" to later prove their innocence tells us how pernicious
this law would be.
I don't mean to make a familiar anti-government rant here, just to point
out that draconian new crypto laws will have their effects felt long before
a case ever gets to a jury. And by the time a jury is involved, the charge
will not be something so mundane as possessing a copy of PGP for which a
sales receipt cannot be produced (duh), but the various charges from the
raid, the srutinizing of hard drives, the defensive measures the citizen
took when the BATF showed up at 4 a.m. and broke down his door and threw
flash-bangs into his bedroom, and so on.
THE EASY WAY OUT
Plus, of course, at a more mundane level many corporations (and schools,
like Prof. Froomkin's) will simply take the easy way out and ban the use of
any unescrowed crypto product, out of fear that PGP and such make provoke
raids or audits.
>> Such a law would make most of us felons. Perhaps this is their intent.
>
>Not if there is grandfathering. I suppose if you are paranoid about it
>you could be sure and register a key and timestamp it before the deadline,
>to establish ownership. The disadvantage of this strategy of course is
>that anyone who didn't would be subject to nasty cross-examination...
My point exactly. This "nasty cross-examination" is itself the consequence
of our current legal system. Despite the rhetoric about "innocent until
proven guilty," the combination of factors I just mentioned, and the long,
drawn-out process of a trial, and the costs of a modern legal defense, have
really given us a "guilty until proven innocent" legal system.
CONVINCING A JURY
An average computer user, when raided, indicted, subjected to the "nasty
cross-examination" mentioned above, and faced with a legal defense cost
quickly hitting the big leagues, will not find solace in the "And they'll
have to
convince a jury." point.
I understand that justice does not come free, or even cheap. But the
burdens of proof on raids, on investigations, and on speeds of trials are
out of whack. I used to think the Fourth Amendment was protection against
pre-dawn, Gestapo-style raids by BATFags dressed in all-black ninja raider
suits. I used to think "a speedy trial" meant just that, a trial within a
few weeks or months, not years later. No longer do I think these things.
>The organization is often a legal person. So it gets to have it, and all
>members get to use it.
Unless, as a hypothetical, the law says only individual owners may continue
to use non-escrowed crypto.
Or unless certain organizations are disallowed. (Want to take any bets on
whether Aryan Nations or Islamic Jihad are "allowed" to use their
"organizational copies"? Or even whether a company which bought a corporate
license from RSA or IBM or PGP will be allowed to continue to distribute
this unbreakable crypto to employees?)
CORPORATIONS AND INSTITUTIONS WILL BAN UNESCROWED CRYPTO
To control this kind of organzational use, I would not be surprised if the
law specifically disincentivizes corporations from using even grandfathered
crypto. If a corporation is held liable for even a single person using
crypto for which he was not grandfathered, then the corporation will simply
issue a blanket policy that such crypto will not be used in the company.
As Whit Diffie so cogently pointed out several years ago at a Cypherpunks
meeting, the War on Drugs was fought by gang-pressing corporations as
unpaid soldiers in the War. By threatening corporations with shutdown of
their factories and with sizable fines and other penalties, corporations
became paranoid helpers in the war. Companies know that drug cops can enter
their premises without a warrant (or with warrants signed by willing
judges) to search for roaches and crystal in employee lockers...then the
fun begins. This is why we now see the mandatory drug tests by most
companies...tests which government could never order themselves (due
process and all).
And we'll see the same thing with crypto.
NIGHTMARE SCENARIO
For example, imagine this scenario: ISPs, which are companies just like
those drug warrior companies I just described, are told that any encrypted
messages which violate the Safe Surfing and Children's Protection Act of
1999 will expose them to asset forfeiture, seizure of their machines, and
various other criminal and civil sorts of charges.
(There are ECPA issues, and ISPs may claim they cannot read customer mail
to check whether illegal crypto is being used. Maybe, maybe not. But recall
that the CDA specifically inserted language protecting ISPs from what their
customers were sending...which cuts both ways. On the one hand, why did
they even _need_ such language if the First and the ECPA protected them?
And on the other hand, maybe this CDA language could be used to protect
ISPs against any War on Crypto enlistment.)
Many ISPs will take the easy way out, by banning all unescrowed crypto,
even the ostensibly grandfathered stuff. They just won't want to take the
chance that BATFC raiders will arrive to cart off their machines for
analysis, even if Tim May assures them that, based on his reading of the SS
& CPA of 1999 law his use of PGP 5.0 is fully legal.
THE CHILLING EFFECT
And corporations and universities and such will almost certainly bar any
unescrowed crypto, as they won't want to have to deal with the "nasty
cross-examination" Prof. Froomkin mentioned. Nor with the accounting
headaches of keeping lists of who owns grandfathered crypto and who
doesn't. No, I think it's a safe bet that Prof. Froomkin's school will not
be too interested in his claims to have obtained strong crypto prior to the
new law's effective date. They just won't want their university exposed to
scrutiny, or to the implications of violations. His sysadmin will tell him
"Nope."
This, I suspect, is the intended effect.
>Well, probably, but see the drug laws. So we may as well take it
>seriously.
I take it very, very, very seriously. So do my associates in various
patriot and militia groups. Crypto is not yet on their front burner, though
most of them have a passing familiarity with PGP. The folks I was talking
to on Saturday just can't conceive of how government could demand that
groups like theirs could be required to only communicate with "in the
clear" (to the Feds) systems. Though they have zero respect for recent
governments, they know that the Constitution has not yet been completely
abandoned.
But when the true evils of a mandatory Big Brother system, and outlawing of
private communcations, become clear, and when the "nasty
cross-examinations" and raids begin, look for extreme, polarizing action.
The militias and other patriot groups are about to get a lot of new
members, I think.
It's amazing to me that this hypothetical is so plausible, so likely even.
The House language would essentially implement this scenario. If not this
year, next year.
--Tim May
Just Say No to "Big Brother Inside"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 23:37:58 -0800
To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>
From: Tim May <tcmay@got.net>
Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography
Cc: cypherpunks@cyberpass.net
I am going to force myself to comment on only a few parts of this post, as
Michael and I are writing long articles to each other. I rarely believe in
taking such debates "off list," especially when they lie at the core of our
community, but I do try to limit my writing...sometimes.
At 9:42 PM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote:
>Raids for crypto? When there's no reason to think the user is armed? It
>hasn't come to that yet. Yes, people like you who trumpet how well armed
Raids for child porn? Raids on Steve Jackson Games? Raids on some guys
trying to buy an anthrax testing gizmo?
I don't know what the "reason to think the user is armed" point is about.
The cases above all involved raids, carting off all equipment on the
premises, and men with guns. Nothing new here.
I wasn't claming that vast amounts of resources would be devoted to kicking
in the doors of every AOL user suspected of using "bootleg crypto." But I
do think an outlawing of crypto would result in "raids," of either the Jim
Bell level of raid (LEOs from at least 6 different agencies) or worse.
Against whom? I can think of two dozen members of this list I think would
be raided. If only to send a message. (And, to be brutally honest, I have
no doubt they could find several of "their" felonies at my house. I no
longer even know what of I have at my house is now contraband...I do know I
refused on principle to register any "assault rifles," along with the vast
majority of other Californians who were ordered to register them by
such-and-such a date. I bought stuff for cash at gun shows. I also sold
stuff for cash at gun shows.)
>Since I happen to want to live as far away from guns as I can, I choose to
>trumpet my house as a gun free zone. How ironic if that actually makes me
>safer.
Your choice in a free country. Just as it is my choice, by the Second
Amendment, to have arms. "Better to be tried by six than carried by twelve."
....
>It is indeed important to stoke one's feelings of outrage every time
>rights are outrageously violated. No system is perfect, and our system is
>not immune from this rule. Eternal vigilance is indeed the price of
>liberty. What do we do with this feeling of outrage? Do we work to
>improve the system? Do we work to improve civil society (e.g. "write
>code")? Or do we say, 'The Hell With It'?
I prefer a slogan I am hearing more often in patriot meetings: "What this
country needs is a low-level reformatting."
>> THE WAR ON CRYPTO AND THE WAR ON DRUGS
>
>Hey, before we go too far down this particular bad acid trip, can we take
>a deep breath and remember that IMHO a ban on un-escrowed crypto is
>unconstitutional, at least insofar as it reaches personal non-commercial
>use? Cf. the Metaphor article on my homepage?
I of course read that, and even used it for my paper at CFP '97, for your
panel.
But this "bad acid trip" is the hypo we are discussing. And as Declan
reminds us in his forwardings of the coverage of the House language, it is
probably closer to enactment than one might think.
Will the Supremes declare part or all of it to be unconstitutional? One can
hope.
>> THE EASY WAY OUT
>>
>> Plus, of course, at a more mundane level many corporations (and schools,
>> like Prof. Froomkin's) will simply take the easy way out and ban the use of
>> any unescrowed crypto product, out of fear that PGP and such make provoke
>> raids or audits.
>
>Well, I wouldn't put that past UM. There has been nervousness here about
>loading PGP on the computer for fear it would be "exported". But they did
>load it in the end. I only had to holler a little.
You're making my point. They are "nervous" even when domestic use of crypto
is completely unencumbered. Imagine the escalation of their nervousness by
two orders of magnitude when crypto is actually criminalized. Whether some
grandfathering is included or not, clearly anyone who uses crypto is up to
no good and will probably expose the institution to precisely the kind of
"nasty cross examination" you yourself brought up.
PLEA BARGAINS AS TOOLS OF CONTROL
>Most of the cases that go to trial today do so because the defendant
>wouldn't agree to a plea bargain. The more evidence they have against the
>defendant, the less attractive the plea offer; thus, the greater incentive
>to roll the dice on trial. Unfortunately, therefore, the genuinely
>innocent defendant, who will not take a plea, but is faced with a
>prosecutor who genuinely thinks he is guilty, is at an enormous
>disadvantage in a system designed to settle out on pleas. Lawyers in
Ah, now you're hitting my hot buttons. I suspect we're mostly in agreement
on the evils of the "pile on the charges and then accept a plea bargain"
system. This is precisely why so many things are illegal (well, it's one of
the main reasons).
Pleas and parole arrangements are ways to control obstreprous citizen-units
without actually building too many more prisons. And without having to deal
with voters who don't want to pay for more prisons.
Though this may sound like hyperbole, Stalin would have loved the scheme.
The case of the "anthrax guy," Wayne Harris, is a case in point. He's now
being charged with violating the terms of his parole. And what was his
original "crime"? Violating the postal laws ("wire fraud") by using his
home address instead of his company's address when he mail-ordered some
bubonic plague samples. Now I admit it looks fishy for someone, anyone to
be ordering bubonic plague. Not something the average hobbyist or small
businessman seems to have a "legitimate" need for. (Though it is arguably
not the function of government to decide on whose needs are legitimate,
absent any actual criminal use. A long topic to argue.)
If Harris was illegally ordering plague samples and/or was planning to use
them, then prosecute him on _that_ charge, and imprison him. But don't use
nonsensical laws like "wire fraud" to get him on a "technicality."
Anyway, instead of getting him on a real crime, they used this. And then,
instead of imprisoning him, they let him plead out. A "condition" of his
plea bargain was to stay away from certain kinds of things.
Whether having veterinary anthrax vaccine, a completely harmless item,
constitutes a violation of this "deal" is debatable.
Late News: To check this, I searched and found this from the
http://www.lasvegassun.com/dossier/crime/bio/ site:
" Federal Magistrate Mark Abel said prosecutors failed to show that Harris
violated probation by claiming he had military-grade anthrax and by
producing infectious disease, bacteria or germs in his Ohio home.
"Abel said there was enough evidence to hold a hearing on whether Harris
was continuing to tell people he used to work for the CIA, another
violation of his probation. The hearing was not scheduled."
OK, so a judge looks to be leaning toward dropping all parole violation
charges.
Still, a new chapter for Alice's Restaurant: "I'm here in this jail for
telling some guy I used to work for the CIA because that's a parole
violation of my parole for ordering a legal product with my home address
instead of my business address."
When the Feds can make a huge number of things criminal, then grant deals
and parole on the condition that behavior be controlled, this is dangerous.
(I've been having this debate in scruz.general, where my opponent basically
argues "What's the big deal? If the guy doesn't want to consent to the
conditions of the parole, he can do the dime." (the 10 year sentence) My
opponent doesn't "get it" about the power this gives the legal system .)
This discretion in prosecution and sentencing is of course a major tool in
"developing snitches." Or in "turning" people. Some have even conjectured,
emphasis on _conjectured_, that it would not be surprising if one or more
of our number have been busted and then turned.
--Tim May
Just Say No to "Big Brother Inside"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May | Crypto Anarchy: encryption, digital money,
ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets,
Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 19:08:15 -0800
To: Tim May <tcmay@got.net>, cypherpunks@cyberpass.net
From: Lee Tien <tien@well.com>
Subject: Re: [LEGAL] Crypto as Contraband?
At 6:20 PM -0800 3/6/98, Tim May wrote:
[snip]
>
>I'm curious if any of the legal scholars and others who read Cypherpunks
>have any thoughts on whether laws declaring crypto as contraband, should
>they be passed, are actually enforceable.
>
Tim, you're focusing mainly on nonconstitutional stuff, so much depends on
what Congress actually says. Making nonrecoverable crypto illegal to
possess and use is one extreme; enhancing the penalty for a crime if
nonrecoverable crypto was used to further it is the other (based on the
extant bills). So I'll mostly ignore First Amendment wrinkles.
These are unresearched guesses based on what's in my head. I wrote most of
it a few days ago, and have only glanced at later posts, so it may be out
of date.
Traditional law: Contraband isn't all the same, there's "per se"
contraband (e.g., illegal drugs, counterfeit money) and "derivative"
contraband (lawfully possessable stuff that becomes contraband because of
its relation to criminal activity). Cash can be the fruits or instruments
of a crime, but it isn't contraband per se. It is contraband when derived
from (or used in) crime. The state only has to prove a "nexus."
Not sure how much these concepts matter today because asset seizure and
forfeiture laws, which are statutory, do the work that general contraband
rules used to. I see no reason that Congress couldn't enact a scheme that
treats nonrecoverable crypto like child porn, which has its own forfeiture
provisions. I vaguely recall that computers, etc., used in the commission
of child porn offenses can be forfeited.
>Can a program like this be declared contraband?
>
>Does the widespread use of it, the availability on CD-ROMs, the countless
>spare copies lying around on backup disks and tapes, and even the print
>copies, etc., make a decision to declare it contraband unreasonable? After
>all, there is no reasonable way that millions of copies could be located
>and permanently destroyed. Does the law take into account the absurdity of
>such retroactive classifications?
>
I don't think the pointlessness of declaring PGP to be contraband would be
relevant. The drug laws aren't any more enforceable. Congress can make
possession unlawful, whether or not another dollar is spent proactively.
I dimly recall some reluctance on the part of the courts some years ago in
treating information just like tangible goods under stolen property laws
(Dowling) and there was a little talk in the Betamax/video "time shift"
case (Sony) about VCRs becoming contraband. One would think that all the
criminal copyright infringement anti-piracy stuff makes our computers and
backup DAT drives contraband, eh?
If they only enhance penalties for using PGP in certain ways, that's
different from outlawing non-recoverable crypto. If communications were
treated differently from stored data, PGP might still have lawful uses.
Might present Takings problems if there are legit uses. But the whole
"regulatory takings" issue is too complex for me.
[snip]
>
>Could possession of PGP be still legal, but _use_ declared illegal?
>
>(Not addressing the First Amendment issues, which are even stronger, but
>just the issue of retroactive contrabanding of something which was acquired
>legally, and by hundreds of thousands of law-abiding citizens.)
Sure. Your hypo says possession is legal. So as long as they don't use
it, no problem. I don't recall offhand what kind of intent is
constitutionally required to make it unlawful to possess something that was
lawful to possess before. Possible Takings issue again.
>
>If Grandma fails to realize that sending her e-mail with PGP is now a
>crime, will she be prosecuted? If little Johnny is rooting through Dad's
>hand-me-down computer and starts playing with PGP, will he be busted?
>
>My questions are serious, not just polemical. I'm curious how law
>enforcment plans to deal with the millions of copies of strong crypto
>already scattered around the U.S. and the world.
Two separate issues here. Would these kinds of actions really be illegal?
Would law enforcers really go after them?
The first question boils down to intent. What intent requirement, "mens
rea," did Congress write into the statute making encryption unlawful?
Congress's power to define crimes is broad (within Constitutional bounds).
Could they make encryption of communication a "strict liability" offense?
I don't remember the rules for this. I'll guess that there has to be some
scienter, but as to the character of the act and not the knowledge of the
act's illegality.
The second question is pure executive discretion, but I would hope they
would have better things to do. Maybe campus cops who learn of grad
students' crypto activities wouldn't have better to do. I doubt they care
whether you or I keep using PGP, as long as most people won't because it's
not deployed widely, etc. Law enforcement is more pragmatic than law
enactment.
[snip]
>
>And I have not discussed the alternatives to PGP much, here. As a point of
>fact, there are probably hundreds of thousands of copies of legally-bought
>strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and
>all the others.
>
>How could any "outlawing of unescrowed crypto" conceivably deal with this
>vast amount of distributed software? Will a user of RSA's MailSafe program
>face jail time for using a program he legally bought in 1991 (as I did)?
Again, this depends on what Congress enacts. Congress could grandfather in
possession and use of the old stuff, or just possession and not use. Can
they as a nonconstitutional matter criminalize possession of formerly
legal-to-possess stuff? I don't see why not. But I think there would have
to be some kind of knowledge requirement to impose criminal liability, and
the argument for implying such a requirement even if not expressly stated
is surely stronger if there's retroactivity.
I have no idea what the law is, for instance, on old child porn. Before
_Ferber_, there was no special First Amendment "child porn" category.
There were certainly non-obscene nudes before 1984 that are now within
child porn statutes. There are scienter requirements for possession under
the _Osborne v. Ohio_ case, but recklessness is enough as I recall. Cf.
_X-Citement Video_, the Traci Lords case.
Suppose Congress outlawed possession and required you to turn in your old,
unescrowed crypto within two years (ideally they publicize the "turn in
your old crypto" plan all over the Net, and you receive just compensation).
If you provably knew of the "cash in" plan and kept your MailSafe, maybe
it's not hard to show you have unlawful intent to possess.
Does it matter? I can imagine them being happy to seize it under a
forfeiture provision (if I were them, I'd write specific forfeiture rules
for crypto). Maybe they wouldn't bother to do anything else, once they
take it. Perhaps the real value of criminalization is to make it easier to
take it out of circulation.
Will any of this work? Dunno, can they really handle Eternity-type servers
all around the world? Do crypto plug-ins that aren't stand-alone programs
count? Are they going to have to specifically include "crypto-shaped
holes"? But whether it's practically enforceable or socially efficient has
little to do with legal enforceability.
Lee
Date: Tue, 10 Mar 1998 01:04:46 +0100 (MET)
Subject: Re: [LEGAL] Crypto as Contraband?
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
Silly me. I forgot all about the CFP session that wrestled with this
very issue. Check out:
http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html
The text of the The Cryptography Control Act discussed is below.
[Omitted here]
-Declan
Date: Tue, 10 Mar 1998 01:12:07 +0100 (MET)
Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptogr
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
Tim writes:
>And on the other hand, maybe this CDA language could be used to protect
>ISPs against any War on Crypto enlistment.)
Well, the immunizing language was put in the CDA so ISPs would stop
opposing it. In other words, the CDA's backers and the ISPs cut a deal. At
least AOL was honest enough to (privately) admit it, and admit it was a
bad idea, last summer after the Supreme Court ruled.
To answer Tim's question: the CDA language is a federal law that can be
overriden by another federal law. There's no way out there.
-Declan
Date: Tue, 10 Mar 1998 01:20:01 +0100 (MET)
Subject: Re: [LEGAL] Crypto as Contraband?
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
I wrote yesterday:
>If I were feeling particularly conspiratorial, I'd point to CALEA as an
>example of businesses cutting a deal: they'll sign off on a deal
>requiring them to rewire technology for easy snooping, as long as they
>get paid.
So I was not particularly surprised to read today in CommDaily that USTA
pres Neel, representing the Baby Bells and local telcos, says industry
will install any wiretap hardware "that law enforcement asks for" as long
as "law enforcement can pay for it."
How about crypto, Mr. Neel?
-Declan
Date: Tue, 10 Mar 1998 06:46:07 +0100 (MET)
Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography
To: cypherpunks@cyberpass.net
From: nobody@replay.com (Anonymous)
This spam-proofed message was sent by Michael Froomkin.
To reply privately, send mail to my surname at law.tm
On Mon, 9 Mar 1998, Tim May threw down multiple gauntlets thusly:
> At 11:59 AM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote:
> >Well, the burden of proof will always be on the prosecution. So they'll
> >need something tangible -- testimony, login records, something to overcome
> >your word that you had it before the deadline. And they'll have to
> >convince a jury.
>
> "NASTY CROSS EXAMINATION"
>
> Sure, but as you point out below, there is the "would be subject to nasty
> cross-examination" issue. Which is just part of the general nastiness which
> will happen long before cases ever reach a jury of one's peers. This is,
> forgive me for sounding anti-legal system, the real power prosecutors have
> to make life miserable for citizens.
I would be the last to deny that a prosecutor has great power and
discretion, and that it can be abused. Such is the nature of power, and
of discretion. Indeed, no one who has heard the words "Ken Starr" could
argue otherwise.
> Which jury was it that was convinced Susan McDougal needed to spend 18
> months (and counting) in a federal prison? (The technical answer is that
> Ken Starr's grand jury, and the judge overseeing the case...as I understand
> the McDougal jailing on contempt charges. But the point is that it sure
> wasn't the kind of jury of one's peers I take your point above to mean.)
Well, it was a *grand* jury instead of a "petit" jury, but it too is made
up of our peers. To cut a long story short, though, let me concede that
the grand jury system doesn't work: the truism that any decent prosecutor
can make a grand jury indict a ham sandwich is based on a reality that
undermines justice. That the system has flaws, even a big one, does not
lead me to conclude (as it sometimes seems you almost do, witness your
invocation of militias...) that we should just scrap it and turn to jungle
law.
> If the crypto laws we are talking about happen, "convincing a jury" will
> probably not be the important issue. Because before this jury stuff happens
> will come the pre-dawn BATFC (Bureau of Alcohol, Tobacco, Firearms and
> Cryptography) raids, the asset forfeitures, the scrutinizing of seized hard
> drives for evidence of illegal software, porn, bomb-making instructions,
> and terrorist material.
Raids for crypto? When there's no reason to think the user is armed? It
hasn't come to that yet. Yes, people like you who trumpet how well armed
they are do increase the odds of a raid if they are ever suspected of
serious crime. [Drug production and sales are considered serious crime.]
Since I happen to want to live as far away from guns as I can, I choose to
trumpet my house as a gun free zone. How ironic if that actually makes me
safer.
> (And of course was no "convincing a jury" before Randy Weaver's home was
> attacked, and his wife and son shot dead. Or before Waco was burned to the
> ground, possibly (probably in my view, but opinions are mixed) by the BATF.
> Or before "child porn rings" were broken up with pre-dawn raids. Or before
> MOVE headquarters in Philadelphia was firebombed from above. And so and so
> on.)
It is indeed important to stoke one's feelings of outrage every time
rights are outrageously violated. No system is perfect, and our system is
not immune from this rule. Eternal vigilance is indeed the price of
liberty. What do we do with this feeling of outrage? Do we work to
improve the system? Do we work to improve civil society (e.g. "write
code")? Or do we say, 'The Hell With It'?
My personal choice is to work within the system. I think it has many,
many virtues. I do not deny it also has some vices.
> THE WAR ON CRYPTO AND THE WAR ON DRUGS
Hey, before we go too far down this particular bad acid trip, can we take
a deep breath and remember that IMHO a ban on un-escrowed crypto is
unconstitutional, at least insofar as it reaches personal non-commercial
use? Cf. the Metaphor article on my homepage?
Ok, now back to our regular program:
> Will using unescrowed crypto be treated by the courts as "probable cause"
> to raid a house or business, with the "perp" jailed until at trial he
> somehow (if he can) proves that he was legally allowed to own the crypto?
Well, if using unescrowed crypto is a crime with no grandfathering, then
it's basically a strict liability offense. At that point, if it's
considered a serious crime, it's grounds for a raid if you detect it --
although how you get the warrant in the first place that will allow you to
detect it is itself a question. On the other hand, if there is
grandfathering, than mere use of unescrowed crypto is *NOT* IMHO probable
cause of anything, and doesn't justify raids even if you detect crypto
going on.
In either case, the perp doesn't rot in jail unless the judge is satisfied
that there's grounds to charge him, and even then in almost every case he
gets a chance to post bail, usually via a bond for a small fraction of the
bail. Yes, your impoverished defendant has a problem here, and that's
unfair. Can we assume that most people who have computers that they use
crypto on will be likely to have some assets, or friends and family with
some assets?
> You see, unlike the "War on Drugs," bad as that war is, crypto is not like
> drugs. Cocaine and marijuana and whatnot are ipso facto banned materials,
> with no "grandfathering" of older possession. Basically, unless one has a
> license to possess these drugs (pharmacies, research labs, law enforcement,
> CIA, DEA, etc.) one is guilty of "felony possession." Or something worded
> like that.
Right. So the experience of that war does NOT carry over to this
hypothesized one.
[...]
> GRANDFATHERING OF CRYPTO UNWORKABLE
>
> So a "grandfathering" of certain crypto presents massive problems for all
> concerned. There is no way any prosecutor can actually _prove_ that a
> specific use of PGP was with a nonlegal version, unless that version was
> actually created after the grandfathering date. Even catching a person
> downloading crypto says little about his use of some program...he might
> claim he acquired the PGP 2.6.3 years earlier, and that the latest download
> of 2.6.3 was inadvertent, or to compare it to his older version, etc.
>
> I just can't see this grandfathering working. And the notion you express
> (I'm speaking about Michael Froomkin) that citizen-units would be advised
> to create "records" to later prove their innocence tells us how pernicious
> this law would be.
No. My point was that the paranoid might do so for comfort, but that I
would suggest people NOT create such records as a form of legal protest
against the rule. If NOT creating such records is the norm, then the
absence of such a record is NOT probative of the age of the copy of the
program.
[...more nasty things LEOs can do to you...]
>
> THE EASY WAY OUT
>
> Plus, of course, at a more mundane level many corporations (and schools,
> like Prof. Froomkin's) will simply take the easy way out and ban the use of
> any unescrowed crypto product, out of fear that PGP and such make provoke
> raids or audits.
Well, I wouldn't put that past UM. There has been nervousness here about
loading PGP on the computer for fear it would be "exported". But they did
load it in the end. I only had to holler a little.
> >> Such a law would make most of us felons. Perhaps this is their intent.
> >
> >Not if there is grandfathering. I suppose if you are paranoid about it
> >you could be sure and register a key and timestamp it before the deadline,
> >to establish ownership. The disadvantage of this strategy of course is
> >that anyone who didn't would be subject to nasty cross-examination...
>
> My point exactly. This "nasty cross-examination" is itself the consequence
> of our current legal system. Despite the rhetoric about "innocent until
> proven guilty," the combination of factors I just mentioned, and the long,
> drawn-out process of a trial, and the costs of a modern legal defense, have
> really given us a "guilty until proven innocent" legal system.
Most of the cases that go to trial today do so because the defendant
wouldn't agree to a plea bargain. The more evidence they have against the
defendant, the less attractive the plea offer; thus, the greater incentive
to roll the dice on trial. Unfortunately, therefore, the genuinely
innocent defendant, who will not take a plea, but is faced with a
prosecutor who genuinely thinks he is guilty, is at an enormous
disadvantage in a system designed to settle out on pleas. Lawyers in
civil law systems often suggest that plea bargains are immoral because of
the pressures they put on the innocent defendant, and I have to confess I
tend to agree. We rely on the pleas, however, because we have so many
people being processed through the criminal justice system. If fewer
things were illegal, we could take the pressure off and try for real
reform. Unfortunately, the trend is very much in the wrong direction.
It's a bi-partisan problem: no one loses elections for being "tough" on
crime; but everyone remembers Willy Horton...
> CONVINCING A JURY
>
> An average computer user, when raided, indicted, subjected to the "nasty
> cross-examination" mentioned above, and faced with a legal defense cost
> quickly hitting the big leagues, will not find solace in the "And they'll
> have to convince a jury." point.
>
> I understand that justice does not come free, or even cheap. But the
> burdens of proof on raids, on investigations, and on speeds of trials are
> out of whack. I used to think the Fourth Amendment was protection against
> pre-dawn, Gestapo-style raids by BATFags dressed in all-black ninja raider
> suits. I used to think "a speedy trial" meant just that, a trial within a
> few weeks or months, not years later. No longer do I think these things.
Actually, it still does. At least in the federal system, if the defendant
wants a trial soon after arrest, there's almost nothing the state can do
to prevent it. It is a rare defendant who exercises this right, however.
Defendants usually have enormous incentives to delay: (1) at the time of
arrest the cops and prosecutors have the facts; the defendant doesn't even
have a lawyer, especially if innocent!; (2) if the defendant is guilty,
the passage of time may help in that witnesses may suffer fogging of
memory, die of natural or other causes, etc.; (3) if the defendant is on
bail, it often feels better to be free than risk going behind bars; (4)
plea bargaining negotiations can take time; and so on...
At least back when I was a law clerk, if a defendant exercised his right
to a speedy trial in the federal system and the feds didn't provide it,
the defendant would walk. This reality drove a lot of the trial
scheduling: civil trials were constantly delayed so that a criminal trial
could be held in order to ensure that the time limits did not lapse.
> >The organization is often a legal person. So it gets to have it, and all
> >members get to use it.
>
> Unless, as a hypothetical, the law says only individual owners may continue
> to use non-escrowed crypto.
Tricky. Since corporations are legal persons, they have rights too. This
would introduce a lot of additional problems for the constitutionality of
the plan.
> Or unless certain organizations are disallowed. (Want to take any bets on
> whether Aryan Nations or Islamic Jihad are "allowed" to use their
> "organizational copies"? Or even whether a company which bought a corporate
> license from RSA or IBM or PGP will be allowed to continue to distribute
> this unbreakable crypto to employees?)
I suspect these are unincorporated associations in the US. As such they
do not have legal personality for most purposes. (Neither, for some
purposes, do partnerships, by the way -- law firms beware!)
> CORPORATIONS AND INSTITUTIONS WILL BAN UNESCROWED CRYPTO
>
[...war on drugs enlistment of corporations ...]
>
> And we'll see the same thing with crypto.
>
I agree with your comment below that the key issue here is the ISPs. I
don't think that much turns in then end on whether my employers let me use
PGP on the job. (And T.C.May would be the first to argue that it's their
call anyway.) The issue is how tough people will make it for me to use at
home.
> NIGHTMARE SCENARIO
>
> For example, imagine this scenario: ISPs, which are companies just like
> those drug warrior companies I just described, are told that any encrypted
> messages which violate the Safe Surfing and Children's Protection Act of
> 1999 will expose them to asset forfeiture, seizure of their machines, and
> various other criminal and civil sorts of charges.
Clearly the right issue to be worrying about.
> (There are ECPA issues, and ISPs may claim they cannot read customer mail
> to check whether illegal crypto is being used. Maybe, maybe not. But recall
> that the CDA specifically inserted language protecting ISPs from what their
> customers were sending...which cuts both ways. On the one hand, why did
> they even _need_ such language if the First and the ECPA protected them?
> And on the other hand, maybe this CDA language could be used to protect
> ISPs against any War on Crypto enlistment.)
The point of the CDA example is that it shows us that ISPs have clout.
They are going to fight tooth and nail against liability, and as they
include some fairly big players (IBM, AT&T, Microsoft, every university
in the nation, etc. etc.) I think they'll win.
> Many ISPs will take the easy way out, by banning all unescrowed crypto,
> even the ostensibly grandfathered stuff. They just won't want to take the
> chance that BATFC raiders will arrive to cart off their machines for
> analysis, even if Tim May assures them that, based on his reading of the SS
> & CPA of 1999 law his use of PGP 5.0 is fully legal.
I suppose if it gets to that point, we will need a digitally signed
certificate from some CA promising we are legitimate users. Sounds like
another First Amendment issue to me....
>
> THE CHILLING EFFECT
>
> And corporations and universities and such will almost certainly bar any
> unescrowed crypto, as they won't want to have to deal with the "nasty
> cross-examination" Prof. Froomkin mentioned. Nor with the accounting
> headaches of keeping lists of who owns grandfathered crypto and who
> doesn't. No, I think it's a safe bet that Prof. Froomkin's school will not
> be too interested in his claims to have obtained strong crypto prior to the
> new law's effective date. They just won't want their university exposed to
> scrutiny, or to the implications of violations. His sysadmin will tell him
> "Nope."
Well, the certificate I mentioned above is one answer, albeit a bad one.
I'd also like to think you underestimate my clout. Effective June 1, I
have tenure. The sysadmin doesn't.
[...Tim reminds us he has armed friends...]
> It's amazing to me that this hypothetical is so plausible, so likely even.
That is a shocker.
> The House language would essentially implement this scenario. If not this
> year, next year.
That's unnecessarily defeatist. I hereby predict it is a false prophecy.
I have been wrong before.
A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax)
Associate Professor of Law |
U. Miami School of Law | http://www.law.tm
P.O. Box 248087 |
Coral Gables, FL 33124 USA | It's warm here.
Date: Tue, 10 Mar 1998 07:22:40 -0500
To: cypherpunks@toad.com
From: John Young <jya@pipeline.com>
Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and
Cryptography
Sender: owner-cypherpunks@toad.com
Tim's and Michael's exchanges (with others) are most welcome,
and constructively return us again to the most compelling aspect
of the encryption debate, the contest between law and technology,
one that has impact far beyond cryptography.
There are examples of the application of law to control of technology
in the President's most recent update of "The National Emergency
Caused by the Lapse of the Export Administration Act of 1979":
http://jya.com/hd105-191.htm
It recounts the activities of the Commerce Department -- mainly BXA --
for the latest 6-month reporting period, and lists as well the cases of
penalties imposed for export violations.
Some of these have been imposed for alleged violations over 6 years
past. They exemplify what Tim and Michael are discussing of the
various ways the regulations and laws are imposed according to
policy shifts and wind direction of politicians.
The report describes the beef up of BXA enforcement programs,
and increasing coordination with and training of other countries for
export enforcement.
All justified by a "national emergency" for which the underlying law
to control technology long ago lapsed. The lapse appears to be
a deliberate way to avoid having to define ahead of time what
technology is to be controlled in order that ad hoc policy and
regulations can be devised to fit, deal by deal.
This parallels the increase in indecipherable grand jury proceedings,
plea bargainings and parole conditions, determined by protected
government employees. These, to be sure, appear to be close
cousins of the bloated features of legacy technologies, civilian
and military.
It worth noting that Microsoft and the Justice Department are perfect
twins of technology and law monopolies, using brute force and
contracts to get their way, both clothed in self-righteousness and
both led by charming weirdos, both totally obsessed with each their
own mad view of law and technology in the "public interest."
Still, there's some public benefit that these disputes are white collar
and not homicidal/suicidal battles of NBC warfare, at least not yet
here at home.