10 March1998
Date: Tue, 10 Mar 1998 10:56:20 -0500 To: declan@well.com From: Vin McLellan <vin@shore.net> Subject: More on Fortify for Netscape Cc: cypherpunks@algebra.com <x-rich> Citing Fortify for Netscape <<http://www.fortify.net> Vin McLellan wrote: >> There is now no lack of strong crypto implementations for encrypted >> mail world-wide. It may not be fully enabled yet, but the functionality is >> available everywhere you can find Netscape, arguably the single most >> popular cross-platform client ever. Declan McCullagh <<declan@well.com> replied: >Hmm. Yes, we know this. I wrote about this last month, and others wrote >about it last fall when the original, limited, hack was put up on >fortify.net. But many, almost certainly most, browser-owners aren't likely >to use it because they don't trust the patch or because it's set up that >way by default. Defaults are important. Maybe that's what the NSA/FBI are >counting on. I liked your column, Declan, but -- with respect -- methinks you are too close to the American scene to get an accurate sense of how non-Yanks view both the dum-dum default and Fortify. You're not factoring in the bitter passion with which many non-Americans now view the American strategy of willfully crippling security technology before it is sold to non-Americans. Outside the US, the weak-crypto default for SSL and e-mail crypto in exported US products is widely seen as a politicized design decision. A decision to offer shoddy and incomplete security and integrity services to overseas buyers of American technology. Many people -- and not punk-rockers or cypherpunks, either, but bank directors, corporation presidents, civil servants, journalists -- get very angry talking about it. (Why are they not allowed to buy the quality product Americans sell to other Americans, the buyers ask? The answer is clear enough: to make private business, government, and personal transactions accessible to American spooks -- or anyone else with MIPs to spare -- should the snoopy Foreign Power desire to rape some non-American database; screw up this or that business deal; or track economic, technical, or political trends from private communications in these supposedly autonomous and soverign states. Mind you, this is not exactly a covert effort any more. Today, the American export policy is often seen as an bare-knucke exercise in political and technological dominance. Force them to their knees and keep them there. Make them crawl.) I don't think many, even in the US IT industry, realize how deeply those passions run, or how steep the price American business will have to pay for such scornful technological imperialism in the decades to come. What sort of surcharge would Americans, say American business executives, be willing to pay to escape that sort of potential surveillance? What sort of bitterness would Americans hold toward vendors from a foreign nation which successfully imposed such extra-territorial controls on our commerce, our citizens, for their own self-centered interests. Unless you think in _those_ terms, the scale of the international reaction to Fortify or similar upgrade hacks may come as an enormous surprise. Anyone remember how the US reacted in the 1970s and '80s when it became clear that Soviet Bloc consulates and diplomatic residences were positioned to eavesdrop on US phone calls by snatching microwave and satellite signals? One issue you raise -- trust in the Fortify configuration patch -- is important. I'd like to see the Fortify website publish comments from known cryptographers to the effect that the Fortify code does what is claims to do, and nothing more. I think McKay, the author of Fortify, has got the right approach: a methodical roll-out, mirror sites in a half-dozen countries, with MD5 hashes and digital signatures on his own code. (The four or five alternative versions of this configuration hack which are in circulation will probably disappear with little mass impact -- just because they are not presented so slickly and professionally.) I have mixed feelings about the rumor of a virus which upgrades Netscape's crypto, but I think it is always a bad and dangerous idea to act on anyone's PC without explict permission. I hope the S/MIME virus is only a rumor. I agree that the default crypto in an export-quality browser _is_ important -- but not for the reasons you imply. There is nothing like a bully telling you what you can't have to build a desperate demand for just that product or service. And if, perchance, the bully's advantage is unexpected stripped from him because he made a stupid and presumptuous miscalculation, a technical error that put the restricted product or technolgy within reach of anybody and everybody, the size of the demand for that technology might surprise everybody. Fortify is free, but I think it is apparent that many commercial enterprises would pay cold cash for this sort of browser upgrade. Over the past two years -- before Fortification was a known option -- many of the leading European banks paid good money to run Brokat's Xpresso java applets, just to allow their customers to encase weak-crypto SSL with strong crypto. In their ham-handed way, our American spooks have probably done more to highlight the value of strong crypto and privacy technologies in fifty overseas nations than any indigenous (or domestic US) political group has ever been able to. Anyone wanna bet on what percentage of browsers used by the staff of the European Commission are already Fortified? Or what percentage of the browsers used by all European, Latin American, and African bankers and civil service professionals will be Fortified six months from now? Suerte, _Vin </x-rich> ----- Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> --
[Background follows]
At 11:24 -0800 3/6/98, Tim May wrote: >I'm curious if any of the legal scholars and others who read Cypherpunks >have any thoughts on whether laws declaring crypto as contraband, should >they be passed, are actually enforceable. > >Here's the set up for this question: > >* Hundreds of thousands of us have multiple copies each of PGP, ranging >from the first "usable" version (2.0) to the incredibly common versions >(2.6.*) to the more recent commercial versions. > >* These versions interoperate, for the most part, and are very widely >deployed. > >* They are still being distributed. (For example, I expect to be at the Gun >Show tomorrow in San Mateo, passing out copies to freedom fighters and >other opponents of the current regime.) They are still available from many >servers, domestic and foreign. > >* So, the "needs of law enforcement" and the "reasonable middle ground" and >the "compromise to meet national security needs" that the Administration >and Al Gore and Louis Freeh and David Aaron are all talking about means >just what for these many copies of PGP? > >Can a program like this be declared contraband? > >Does the widespread use of it, the availability on CD-ROMs, the countless >spare copies lying around on backup disks and tapes, and even the print >copies, etc., make a decision to declare it contraband unreasonable? After >all, there is no reasonable way that millions of copies could be located >and permanently destroyed. Does the law take into account the absurdity of >such retroactive classifications? > >(Even with guns, in the U.S., there have historically been >"grandfatherings" of existing guns. Not always, as with certain machine >guns. And not with gold, which was declared contraband by the Reichsfuhrer >in 1933.) > >Could possession of PGP be still legal, but _use_ declared illegal? > >(Not addressing the First Amendment issues, which are even stronger, but >just the issue of retroactive contrabanding of something which was acquired >legally, and by hundreds of thousands of law-abiding citizens.) > >If Grandma fails to realize that sending her e-mail with PGP is now a >crime, will she be prosecuted? If little Johnny is rooting through Dad's >hand-me-down computer and starts playing with PGP, will he be busted? > >My questions are serious, not just polemical. I'm curious how law >enforcment plans to deal with the millions of copies of strong crypto >already scattered around the U.S. and the world. > >As it stands, there is zero chance that sensitive communications by freedom >fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to >use key escrow systems when PGP and even older variants (like MailSafe) are >so widely available. > >And I have not discussed the alternatives to PGP much, here. As a point of >fact, there are probably hundreds of thousands of copies of legally-bought >strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and >all the others. > >How could any "outlawing of unescrowed crypto" conceivably deal with this >vast amount of distributed software? Will a user of RSA's MailSafe program >face jail time for using a program he legally bought in 1991 (as I did)? > >More questions than answers. Can anybody help me to understand the legal >issues? > >--Tim May > >Just Say No to "Big Brother Inside" >---------:---------:---------:---------:---------:---------:---------:---- >Timothy C. May | Crypto Anarchy: encryption, digital money, >ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero >W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, >Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Sat, 7 Mar 1998 17:08:28 -0500 To: Tim May <tcmay@got.net> From: Declan McCullagh <declan@well.com> Subject: Re: [LEGAL] Crypto as Contraband? Cc: cypherpunks@algebra.com [[Since I'm not sure how many lawyers read cypherpunks, I'm going to BCC a few I know who might be interested and let them jump in if they like.]] Tim asks [above] below if mere possession of encryption products like PGP can be criminalized. One answer is: yes, of course, if such a bill becomes law through the usual process. (That bill has not been introduced yet. The current most restrictive language bans sale, import, manufacture, and distribution of unapproved encryption products.) The question then becomes: would that law infringe upon a recognized constitutional right? Persons making that claim probably would try to wield the shield of rights protected by the First Amendment, as Tim suggests below, and the Fourth Amendment as well. I'd also argue that any law regulating consensual conduct in my own home should come with a heavy presumption against its constitutionality. Perhaps there is not a single constitutional right that is implicated, but one that arises from the interplay of many. The sanctity of the home "has been embedded in our traditions since the origins of the Republic," the Supreme Court has ruled. The Alaska Supreme Court has held that marijuana possession at home could not be punished, though it could be in other settings. The Third Amendment, too, recognizes the unique nature of the home. In Rochin v. California, Justice Frankfurter could only explain his distaste of certain stomach-pumping practices as "conduct that shocks the conscience." Is a crypto-ban less distasteful? The outcome might be sunnier, and the analysis easier, if the Court had not strayed from defense of property rights -- such as I have in a crypto-telephone I buy or invent -- and started to defer to government economic regulations. In the 1870s the Court began to sanction an expanded role for goverment in this area, and in 1890 ruled that such state regulation must only be reasonable. This became settled law with the end of the reign of Lochner in the late 1930s. Thus we have the unappetizing prospect of the Justice Department defending a flat ban on secure crypto as a just exercise of the state's ability to enact economic legislation and not something that violates the First Amendment -- not coincidentally, the exact argument that DoJ lawyers are using in the Karn case when defending export restrictions. Child pornography is another potential precedent. Even before the recent "morphed child porn" statute, federal law banned the knowing possession of such images. Much as the cell phone bill I wrote about earlier this week (http://cgi.pathfinder.com/netly/opinion/0,1042,1774,00.html) would ban the knowing possession of certain telephone hardware and arguably even computer virii. A federal appeals court in 1994 upheld Stephen Knox's conviction of possession of a videotape of clothed girls in leotards that was found to be child pornography. Imagine how this excerpt from the decision could apply to a crypto-ban, and "the compelling government interest in protecting" America from terrorists: To vindicate the compelling government interest in protecting the safety and welfare of children, not only is the spectrum of constitutionally unprotected pornographic material broader when the subjects are children rather than adults, but also the arsenal of available enforcement mechanisms is more extensive. For instance, the mere possession of child pornography, even in one's home, may be criminalized although only distribution of obscenity depicting adults can be proscribed. Compare Stanley v. Georgia, 394 U.S. 557, 568, 89 S. Ct. 1243, 1249 (1969) (Georgia statute outlawing private possession of obscenity violates the First Amendment) with Osborne, 495 U.S. at 108, 110 S. Ct. at 1695-97 (Ohio statute criminalizing possession of child pornography upheld against First Amendment challenge due to the compelling interest in protecting minors). To answer Tim's hypothetical about the clueless PGP-owning grandmother, I suspect that any such bill would have a scienter requirement, such as "knowing possession." Then Granny would have to realize she's breaking the law to be convicted. Though, of course, she could still be charged with the crime. If such a law were challenged in court on 1A grounds, I'd guess the battle would be largely over which standard of review to apply -- that is, how critically a judge should view the statute. As I mentioned above, the government might argue for the toothless "minimum rationality" test, while plaintiffs would argue a court should apply the usually-fatal strict scrutiny test. It says a government must have a compelling interest in accomplishing its objective and must use the least restrictive means. I imagine an analysis of the facts of the situation, including the widespread use of PGP, would factor in here. The FBI might try to narrow the bill when drafting it by exempting legitimate research, law enforcement uses, branches of government, etc. More interesting is intermediate scrutiny, where (generally) the government must only have an "substantial" interest, where the right is important but not constitutionally fundamental, and where the law must only have a close fit to the legislature's objective. But intermediate scrutiny is a little incoherent, and I certainly don't understand it well. One last thought. I suspect there may be a substantial difference between a federal law banning the knowing //possession// of backdoorless crypto products compared to a ban on their //use or distribution//. If nothing else, how my "knowing possession" of a floppy disk impacts interstate commerce remains an interesting question. Any thoughts from the lawyers? -Declan
Date: Sun, 8 Mar 1998 13:55:29 -0500 To: Tim May <tcmay@got.net> From: Vin McLellan <vin@shore.net> Subject: Re: [LEGAL] Crypto as Contraband? Cc: cypherpunks@algebra.com One footnote on strong-crypto availability. The impact of Farrell McKay's recently-enhanced Fortify hack (see <http://www.fortify.net>) on the world-wide availability of strong crypto for both e-mail and SSL is still not appreciated as it should be in this community. With Fortify app (and its functional siblings, like Ian Goldberg's 50-character Perl script) _all_ copies of Netscape 3.X and 4.X browser for UNIX and WIN32 platforms have strong SSL crypto, and _all_ copies of the Netscape 4.x browser for Win32 and Unix -- including those exported and the crippled-crypto versions downloaded from US websites -- are enabled to use the full suite of S/MIME strong-crypto algorithms for encrypting, authenticating, and digitially-signing e-mail as well. The control table that restricted on the availability of the strong crypto options for the crippled-crypto export-quality Netscape 3.x and 4.x (Communicator) browsers was apparently simply buried in the binary code. Some clever reverse engineering, and it was revealed to be reset by McKay's Fortify (or any one of five other hacks which have independently popped up over the past three weeks to fully activate Netscape's S/MIME encryptor.) Talk about insecurity by obscurity! Whoever at NSA decided that the US national security interests in crippled-crypto products, such as it is, could be sustained by such a mechanism obvously never heard of the 2600 tone, once the biggest secret of the telephone companies. And those who ignore the past, etc., etc.... In one magical creative moment, McKay's Fortify hack redefined 15-20 _million_ Netscape browsers -- software products installed in _most_ Internet-connected PC -- into strong crypto mailers. (The numbers are a wild-eyed guess, but surely within the probable range.) And now that the secret is known, it is impossible to deny the fact that any export-quality Netscape browser can have US-quality crypto enabled with a little methodical labor. It will probably be a student project in thousands of computer science college classrooms from Burmingham to Bagdad next fall, if it is not already. Fortify is now being distributed as freeware from often-multiple mirror sites in Australia, the Czech Republic, Finland, Germany, Holland, Japan, Singapore, South Africa, Sweden, and the UK. (Visit African web sites, particularly anything connected with banks and finance, and you'll likely see a link.) Best of all, while there is only limited interest in encryption for e-mail among general users today -- which is why PGP and comparable mail encryptors are so rare, and even more rarely used -- the demand for strong SSL is much more apparent and real, since SSL is widely used in commercial websites. In effect, the distribution/activation of strong S/MIME for mail encryption and digitital sigs is being piggy-backed on the huge international demand for strong SSL. Fortify upgrades both the SSL and S/MIME in to strong crypto in one shot. Worth some thoughtful consideration. There is now no lack of strong crypto implementations for encrypted mail world-wide. It may not be fully enabled yet, but the functionality is available everywhere you can find Netscape, arguably the single most popular cross-platform client ever. For the first time in history, the availability (indeed, actual _installations_ of the functional code for] strong-crypto in e-mail now vastly exceeds current demand. Same with strong crypto for SSL.The distinction between a crippled-crypto export-quality version of Netscape and a fully-enabled strong-crypto version has been revealed to be merely a matter of configuration, easily fixed with one of several available reconfig tools;-) There is also another factor worth noting. Local nationalist resentment against what the Africans (and probably others) call US "technical imperialism" -- denying to non-Americans commercial products which offer quality in security and integrity that is freely available to all American citizens -- will also promote the widespread use of Fortified Netscape. Over the next year, spurred by a variety of impulses, some having little to do with any conscious need for crypto per se, several million people will start playing with strong crypto and digital signatures for the first time. Is there a role for C'punks -- those who code, and those who merely chat -- in fostering a greater awareness and more widespread use of these revolutionary new options? Suerte, _Vin Tim May <tcmay@mail.got.net> wrote: >Here's the set up for this question: > >* Hundreds of thousands of us have multiple copies each of PGP, ranging >from the first "usable" version (2.0) to the incredibly common versions >(2.6.*) to the more recent commercial versions. > >* These versions interoperate, for the most part, and are very widely >deployed. > >* They are still being distributed. (For example, I expect to be at the Gun >Show tomorrow in San Mateo, passing out copies to freedom fighters and >other opponents of the current regime.) They are still available from many >servers, domestic and foreign. [...] >As it stands, there is zero chance that sensitive communications by freedom >fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to >use key escrow systems when PGP and even older variants (like MailSafe) are >so widely available. > >And I have not discussed the alternatives to PGP much, here. As a point of >fact, there are probably hundreds of thousands of copies of legally-bought >strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and >all the others. > >How could any "outlawing of unescrowed crypto" conceivably deal with this >vast amount of distributed software? Will a user of RSA's MailSafe program >face jail time for using a program he legally bought in 1991 (as I did)? [...] ----- Vin McLellan + The Privacy Guild + <vin@shore.net> 53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548 -- <@><@> --
Date: Sun, 8 Mar 1998 12:01:41 -0800 To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>, cypherpunks@cyberpass.net From: Tim May <tcmay@got.net> Subject: Re: [LEGAL] Crypto as Contraband? At 10:09 AM -0800 3/7/98, Michael Froomkin - U.Miami School of Law wrote: >:: > Request-Remailing-To: cypherpunks@cyberpass.net > >This message from Michael Froomkin was sent via remailer to reduce spam. >Mail to me can be sent to my surname at law.tm I didn't see this arrive via the Cypherpunks list, so it may not have reached the list via the remailer (syntax above looks screwy). Or maybe I' m just not getting all the list traffic, which happens. >[I've trimmed Tim's message down to the parts I felt like talking about.] > >On Fri, 6 Mar 1998, Tim May wrote: >> Can a program like this be declared contraband? > >Let me start by noting that I know of no proposal that would actually do >this for domestic crypto. We're talking pure hypothetical at this time. Sure, no such sweeping confiscation has yet been proposed formally. But I believe it is implicit in the comments of Freeh, Gore, Reno, and others ("legitimate needs of law enforcment," CALEA, "reasonable compromise," and other trial balloons). As past crypto legislation has shown, these folks are thinking 2-3 years out. (FOIAed documents from the 1992-4 period showed what they were really thinking, and what later appeared as proposed legislation, and as actual EAR/BXA rules.) >[I could imagine a ban on NEW un-escrowed crypto, with old stuff >grandfathered, and the TLAs betting that the need to inter-operate will >slowly drive the old stuff of the airwaves (not to mention that use of old >stuff will then set up flares to those doing traffic analysis). But even >that would be a tough sell in Congress I think, and of dubious >constitutionality. Although I cannot say I am 100% certain courts would >strike it down, I'm prepared to argue the case.] > >But, no harm in hypos -- use 'em every day in class... Indeed, arguing hypos is invaluable in preparing strategies. >> Does the widespread use of it, the availability on CD-ROMs, the countless >> spare copies lying around on backup disks and tapes, and even the print >> copies, etc., make a decision to declare it contraband unreasonable? After > >No. However, there is a clear 5th Amendment "taking" issue. If the >government is going to take some of your property or render it worthless, >which amounts to the same thing, e.g. allow you to own but not use a >program, then it must pay you just compensation for the value of that >property. So, is the government going to "pay just compensation" for the hundreds of thousands of radio scanners bought legally prior to the new ban on using such scanners for their intended purposes? I'm not holding my breath. Does the government pay just compensation for firearms declared to be illegal? (Note that I'm talking about the "gun buyback" programs in various cities, which are in all cases just publicity stunts.) Specifically, what happened to the "takings" issue when machine guns were required to be "licensed" for $250 each in the late 20s or early 30s? (The licensing fee was then set at $250, if I recall what I read correctly. The farmer who had a Thompson submachine gun, for defense, etc., had two choices: apply to the government for a license and pay $250, or surrender it. $250 in the 1930s was of course a very large sum. Most of the Thompsons now in police lockers around the country--and there are still many of them--were gotten this way.) Note that I'm not addressing the controversial and oft-argued case of whether a farmer or citizen or security guard "needs" a Thompson submachine gun, just pointing out that many such firearms have been declared contraband in various communities or in the nation in general without any "compensation" paid. So much for "takings." (I realize the takings argument has only recently resurfaced as a major Supreme Court hot button, pace the environmental regulations, but I am still doubtful that modern contrabandings (my new verb) will result in compensation. Again, will the government pay out hundreds of millions for the legally-bought scanners which are about to become illegal to use ?) Oh, and what happened to the "takings" argument when marijuana was declared contraband in the 1930s? (And similar arguments for many other vegetables or chemicals suddenly declared to be contraband.) >Probably for political and "takings" reasons. I agree that grandfathering >is a likely part of the absolute worst case version. > Which of course means that using PGP or MailSafe or whatever inside a key escrow wrapper would of course remain legal. (After all, what's _inside_ the wrapper is just my _text_. That it happens to be in code, or pig Latin, or in PGP form, is my business. If using PGP remains legal, then one can nest it, include it, comment on it, whatever. (There are wrinkles to consider. Could PGP remain legal to own and use, just not legal to use with escrowed encryption? I would love to see a lawyer try to argue this one.) Remember this point about nested encryption when we get to the "traffic analysis" point below. >> >> If Grandma fails to realize that sending her e-mail with PGP is now a >> crime, will she be prosecuted? If little Johnny is rooting through Dad's >> hand-me-down computer and starts playing with PGP, will he be busted? > >In practice, prosecutors usually have something better to do. The flip >side of headline-grabbing prosecutors who like to find "internet crimes" >to frighten voters with is their unwillingness to prosecute grandmas and >kids when they are naive rather than evil. A recipe for selective prosecution. Something we're seeing a lot more of. And as more things become illegal, and we all become felons (as my .sig used to point out), the State has troublesome lattitude in deciding whom to prosecute. It seems to me a defense attorney could point to the use of "illegal crypto" by Grandma and Little Johnny and Newt Gingrich and others and claim his client, Ramzi Yousef, was being selectively prosecuted for his use of illegal crypto. (The evidence about Grandma and Newt and others would probably become general knowledge as governnment released statistics on how many people are still flouting the new law, and from entropy analysis of packets passing through nodes, and so on. I don't want to really debate the details of this, but I'm confident that a law being ignored by hundreds of thousands of users would result in the "selective prosecution" evidence I've described.) > >> My questions are serious, not just polemical. I'm curious how law >> enforcment plans to deal with the millions of copies of strong crypto >> already scattered around the U.S. and the world. > >I doubt there's a plan. Especially as I doubt that there's any likelihood >of a ban on old crypto. They know that if they can ban new, the passage >of time will do the job for them. I'm skeptical about this. The very users who have the most to lose by using key escrow will be the likeliest to use PGP and suchlike. (Implicit in my earlier points about the legality of PGP is that distribution of copies of PGP would remain legal. If I have a legally-freeware version of PGP, like 2.6.x was, it remains legal for me to give it to my friends, to put it on sites, etc. Doesn't it? If the Feds tried to say "You can keep your copy of PGP 2.6.3, but you can no longer use it in multiple places, or give copies to others, or share it any way," then we will truly be in an odd legal situation.) I've never bought the "But criminals are too stupid to use good tools to protect their privacy" line. I see the use of cellphones and pagers by street kids, the use of cutouts and ratlines to forestall busts, and of course the use of encryption by freedom figthers, terrorists, spies, etc. "Duh." (Freeh and Gore are now acknowledging this, citing Aldrich Ames being urged to encrypt, Ramzi Yousef encrypting, etc. No startling revelation, but it drives a stake through the "criminals are too dumb" line that some were using a couple of years ago.) And if key escrow is ever mandated for "new" crypto, expect a huge campaign by folks like us to get the word out about the advantages of using "old" crypto. Expect a huge surge in hits on PGP download sites, and lots of folks helping to get the older crypto out. (And "old" crypto is arguably as good as, or better than, new crypto. Unlike a lot of areas, there's no reason to expect a 1995-vintage version of PGP or similar product will become obsolete. Speed is not an issue, practically speaking. Familiar points to you all.) >> As it stands, there is zero chance that sensitive communications by freedom >> fighters like Ramzi Youssef, or by folks like Aldrich Ames, are going to >> use key escrow systems when PGP and even older variants (like MailSafe) are >> so widely available. > >Still will stand out for traffic analysis purposes, however. The analysis of this point demands a much closer consideration of how many people are using old vs. new crypto. Consider just a few scenarios: Scenario 1: By 2005, 99% of users have adopted Big Brother Inside crypto. The remaining 1% consist of tired old Cypherpunks and ACLU diehards. The FBI and NSA tag these messages and compile contact dossiers. (This is the most favorable scenario for the government, but even it fails to stop that 1% from communicating securely. And of course the traffic analysis goals are partly thwarted by the use of remailers. I am assuming remailers remain legal. If not legal in the U.S., surely legal somewhere in the world. A familiar argument.) Scenario 2: By 2005, an explosion of packet encrypters, bundlers of packets, SWAN-type link encryption, and so on have been deployed. Packets are flowing zillions of ways, as mixtures of frame relay, ATM, and all sorts of data types. PipeNet systems are running constant-bandwidth connectons between sites. A plethora of crypto systems are being used. Government has attempted to mandate escrowed encryption for "new" crypto, but a variety of "old" crypto remains legal for use in encrypting links, in using with remailers, etc. The FBI and NSA find that 80% or more of all traffic they try to intercept (*) is encrypted in ways they can't decipher. Even if the citizen-units are being good sheeple and are using approved escrow crypto, other crypto is hiding their packets. (* By the way, as a sidenote, apparently lost in this debate about approved crypto is the whole issue of the legality of FBI and NSA sniffing of packets. We all know that UKUSA- and Echelon-type sniffing and surveillance goes on, even though the NSA is ostensibly barred from domestic surveillance, but the whole enforceability of a ban on unescrowed new crypto will essentially require widespread sniffing of packets to ensure compliance. As some packets will be in plaintext, does this not equate to government reading e-mail? This surely is a major topic for discussion once the escrowed crypto legislation is proposed.) It is this compliance sniffing argument we made some years back, with someone's immortal, "Use a random number, go to jail" line. Scenario 3: Widespread use of wrappers. Or "superencryption." To forestall traffic analysis, escrowed crypto is used. But the contents are superencrypted with PGP or somesuch. If PGP remains legal to use, then such superencryption surely cannot be illegal (as that would be mandating the form of speech within a message, barred by the First). (This scenario would not be ideal for all uses, as contact tracing would still be a concern. Lots of issues here.) Scenario 4: To thwart traffic analysis and monkeywrench escrowed encryption, Cypherpunks and others grossly expand the use of "still legal" old crypto. Sort of like PipeNet, with scripts used to send cover messages to other users, to randomly selected sites, etc. Sending PGP-encrypted dummy messages to thousands of public figures, for example. (And it doesn't really matter what the contents are.) I concede that sophisticated Bayesian pattern extraction programs can perhaps still distill useful contact matching data, even out of tens of thousands of bogus messages, but the practical effect of all this cover traffic will be to make traffic analysis much more problematic than in, say, Scenario 1. And PipeNet sorts of contant-bandwidth systems make traffic analysis iffy. Also, use of remailers, of course. These are some of the scenarios. Some overlap. And the likely actual future, circa 2005, will probably be a mix of several of these scenarios. One thing is for sure, though: that the vast number of packages containing crypto today will likely still be in heavy use. The main point is that in a world with a million or so copies of PGP already distributed, out on CD-ROMs sitting on thousands of bookshelves, buried in vast numbers of hard disks, and yet still perfectly usable into far into the next century (neither 112-128 bit IDEA nor 2048-bit RSA are likely to be cracked in the next 100 years, barring breakthroughs in math). This is the dilemma faced by the snoopers. The horse are out of the barn, and closing the gate now is essentially pointless. I believe strongly that those most in need in crypto--freedom fighters, guerilla cells, drug dealers, pornographers, Mormons, Jews, abortionists, Cypherpunks, etc.--will not be "too dumb" to use some of this "old" crypto. I'd love to debate David Aaron or Dorothy Denning or William Reinisch in a public forum on this point. >If I were in charge of making crypto hard to use in the US, I'd focus on >criminalizing the manufacture, sale, or distribution of new UN-escrowed >crypto. And older crypto? Would you try to make it a felony to give, sell, or lend a CD-ROM that happened to have one of the millions of copies of PGP on it? And would you make it a felony for someone to connect to a site in Italy or Finland and download a crypto program? (Yet another issue we aren't touching on here, that such laws would of course have to try to criminalize imports. I grant you that some imports are already illegal, as we all know so well, so I'm not claiming this is not the case now. But a tiny little program that fits on a CD-ROM or DAT or diskette or whatever is a rather hard thing to stop from being imported. As we all must surely know by heart now.) >I predict that the legal issues regarding old crypto are so tough, and the >gains to LEOs so small in the long run, that they won't bother banning it. >Especially not in phase one. Since we're discussing hypos, I'd love to hear your speculations about what "Phase Two" might be. I welcome this discussion. It seems to me that much of the crypto debate these days is mostly boring recitations of past positions. Those in government are not even bothering anymore to try to defend their position, to lay out what the legal safeguards might be. (Remember all that mind-numbing detail about Clipper, about "LEAF"-fields, about how many agencies or entities might hold the keys, about the various fields and subfields within Clipper? As bad as Clipper was, there at least had been much work put into the logistical and legal issues. Not enough, of course, as the basic idea fell apart quickly enough, but at least a lot of detail. Contrast that with the later Clipper 2, 3, and 4 stuff, where fewer and fewer details emerged. And now we are speculating almost blindly on what a "crypto ban" might look like. Probably because there really is no set of Clipper-like details which can get around the basic reality that to ban unapproved crypto would require police state measures.) --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Sun, 8 Mar 1998 16:35:25 -0500 From: Dave Emery <die@die.com> To: Vin McLellan <vin@shore.net> Cc: cypherpunks@toad.com Subject: Re: [LEGAL] Crypto as Contraband? On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote: > > Whoever at NSA decided that the US national security interests in > crippled-crypto products, such as it is, could be sustained by such a > mechanism obvously never heard of the 2600 tone, once the biggest secret of > the telephone companies. And those who ignore the past, etc., etc.... As someone who was alive and curious back then (mid 60's), I'd take issue with this. I found plenty of technical papers in the Bell System Technical Journal proudly describing so called SF E&M signalling (which uses 2600 hz) in great detail, along with MFKP (blue box tones) and the whole signalling and switching architecture of the (then) Bell system. They were proud of what they had developed and quite willing to share it with the technical community - it was no dark secret at all. There was even a technical paper that described in detail a bizzare two frequency one transistor oscillator that allowed them to build what was essentially a blue box into a operator console keypad. The problem was that nobody outside of a few insider engineers with devious twisted hacker style imaginations and the spook agency types had ever asked what might happen if you sent these in-band tones down the line from a subscriber telephone at just the right (or wrong) moments, and what it might be possible to do with this knowlage. Nobody else knew or cared to find out what might happen if... It is a sad day for US national security if people entrusted with protecting it don't think about how to defeat the protections they put in place because they are linear thinkers hobbled by the idea that everyone will do only the most obvious things. But I really think that they perfectly well know that current software can be easily patched to defeat controls, and that there is little they can do about it. Nor is the threat from software patches to Netscape really likely to endanger much, since there is already a lot of software like PGP available that is already strong. In fact I rather suspect that they are quite happy to see that patch in ciculation since it substantially bolsters their long held insistance that all crypto be implemented in tamperproof hardware chips and not software. What scares me, as I have said before on this list, is what happens when future tamperproof Intel CPUs acquire the ability to run encrypted code decrypted inside the processor and all copies of Windows 2001 are completely unpatchable and opaque (without breaking the crypto) and nicely jiggered to enforce rules about what programs are allowed to do what or even run at all. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: Sun, 8 Mar 1998 17:16:18 -0500 (EST) From: Declan McCullagh <declan@pathfinder.com> To: Vin McLellan <vin@shore.net> cc: cypherpunks@algebra.com Subject: Re: [LEGAL] Crypto as Contraband? On Sun, 8 Mar 1998, Vin McLellan wrote: > There is now no lack of strong crypto implementations for encrypted > mail world-wide. It may not be fully enabled yet, but the functionality is > available everywhere you can find Netscape, arguably the single most > popular cross-platform client ever. Hmm. Yes, we know this. I wrote about this last month, and others wrote about it last fall when the original, limited, hack was put up on fortify.net. But many, almost certainly most, browser-owners aren't likely to use it because they don't trust the patch or because it's set up that way by default. Defaults are important. Maybe that's what the NSA/FBI are counting on. -Declan
Date: Sun, 8 Mar 1998 17:47:41 -0500 From: Dave Emery <die@die.com> To: cypherpunks@toad.com Subject: Re: [LEGAL] Crypto as Contraband? On Sun, Mar 08, 1998 at 04:35:25PM -0500, Dave Emery wrote: > On Sun, Mar 08, 1998 at 01:55:29PM -0500, Vin McLellan wrote: > > > What scares me, as I have said before on this list, is what > happens when future tamperproof Intel CPUs acquire the ability to run > encrypted code decrypted inside the processor and all copies of Windows > 2001 are completely unpatchable and opaque (without breaking the crypto) > and nicely jiggered to enforce rules about what programs are allowed to > do what or even run at all. > To amplify my point a bit, it is widely reported that Bill Gates (who is alleged to have started out in business by pirating and selling DEC software as a high school student) has a particularly keen desire to control the widespread piracy of MS products. His aggressive pushes to assert his property rights are well known (and not atypical of reformed sinners if the probably apocryphal report is true). And Microsoft, with its enormous market share of Wintel software, has a very strong incentive to push for implementation of copyright controls and smartcard authentication for its products into the basic architecture of PCs. And guess what - it controls the high level architecture of the worlds PCs pretty much entirely by its monopoly control of the major operating systems that run on them. So it seems frighteningly likely that Microsoft - which would stand to gain a lot of money now lost to piracy from such a feature - will very gladly do all it can to see that crypto based strong copyright enforcement is built into the hardware and inner regions of the operationg system of Wintel systems. And making this work clearly requires that the relevant parts of the inner kernel be unmodifiable (easy to do with digital signatures), and probably kept extremely secret (easy to do with crypto). In such an environment it is awfully easy to strike a deal with the government that adds a little piece or two of code in that black inner space in exchange for a bending a bit on anti-trust enforcement. -- Dave Emery N1PRE, die@die.com DIE Consulting, Weston, Mass. PGP fingerprint = 2047/4D7B08D1 DE 6E E1 CC 1F 1D 96 E2 5D 27 BD B0 24 88 C3 18
Date: Sun, 8 Mar 1998 17:31:14 -0500 (EST) From: Declan McCullagh <declan@pathfinder.com> To: Tim May <tcmay@got.net> cc: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>, cypherpunks@cyberpass.net Subject: Re: [LEGAL] Crypto as Contraband? Prof. Froomkin writes: > >If I were in charge of making crypto hard to use in the US, I'd focus on > >criminalizing the manufacture, sale, or distribution of new UN-escrowed > >crypto. Tim May writes: > And older crypto? Would you try to make it a felony to give, sell, or lend > a CD-ROM that happened to have one of the millions of copies of PGP on it? > And would you make it a felony for someone to connect to a site in Italy or > Finland and download a crypto program? Yes. This is what one of the SAFE bills passed by a House committee last year -- and competing with others to go to the floor for a vote -- does. A flat ban on the manufacture, sale, distribution, and *IMPORT* of unapproved encryption products. It probably will be tinkered with, such as I wrote in my previous message in this thread, to deal with law enforcement exemptions, government exemptions, legitimate research exemptions. It also said explictly it would be legal to USE old crypto, and thus, presumably possess it. But the distribution ban is the kicker. -Declan
Date: Mon, 9 Mar 1998 04:47:08 +0100 (MET) Subject: Re: [LEGAL] Crypto as Contraband? To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) ... > So, is the government going to "pay just compensation" for the hundreds of > thousands of radio scanners bought legally prior to the new ban on using > such scanners for their intended purposes? > > I'm not holding my breath. Well, the argument is that scanners still have other uses. Compensation is not due if something is no longer usable for its intended use, but only if it has *no* value (or almost no value) anymore. This area of law comes primarily from real property zoning cases in which wetlands were zoned for no development and hence had no commercial value. It's a moving target and controversial. > Does the government pay just compensation for firearms declared to be > illegal? (Note that I'm talking about the "gun buyback" programs in various > cities, which are in all cases just publicity stunts.) Again, the law in this area is new. I'd think, however, that there would be an awfully good takings claim if you had to turn in or dispose of a firearm. I think, however, that this is the sort of issue where class actions are *not* allowd: traditionally valuation is not a fit subject for class certification since it is presumed that each individual item may need individual valuation. (Software would seem to be an exception to the policy behind the rule in a way that guns are not, since there's no wear-and-tear on software, but I cannnot recall if the rule is written in a way that even allows exception). > Oh, and what happened to the "takings" argument when marijuana was declared > contraband in the 1930s? (And similar arguments for many other vegetables > or chemicals suddenly declared to be contraband.) It's an interesting question. When a formerly legal chemical is declared contraband, there may be a takings claim. Whether anyone had enough of it around to make it worth pursuing is a different question. > >Probably for political and "takings" reasons. I agree that grandfathering > >is a likely part of the absolute worst case version. > > > > Which of course means that using PGP or MailSafe or whatever inside a key > escrow wrapper would of course remain legal. (After all, what's _inside_ > the wrapper is just my _text_. That it happens to be in code, or pig Latin, > or in PGP form, is my business. If using PGP remains legal, then one can Sounds right to me. > nest it, include it, comment on it, whatever. (There are wrinkles to > consider. Could PGP remain legal to own and use, just not legal to use with > escrowed encryption? I would love to see a lawyer try to argue this one.) Now this is a fun hypo: I think it's a fairly close call, but leans against the law. On the one hand, the individual users' claim is not a strong as it could be, since the intrusion is limited -- the circumstances where you would need to use PGP inside GAKware, and plain PGP would not work, might be limited; the strongest facts might be a need to communicate with someone (family) in a foreign country that banned plain PGP. On the other hand, the government would be hard pressed to come up with a strong rationale for the law -- assuming, as I do, that it won't come into open court and argue the need to do traffic analysis domestically. Unfortunately, the need to do so internationally is not embarrassing, so where the citizen has the strongest case, so does the government. > Remember this point about nested encryption when we get to the "traffic > analysis" point below. [...prosecution of grandma hypo ... ] > A recipe for selective prosecution. Something we're seeing a lot more of. > And as more things become illegal, and we all become felons (as my .sig > used to point out), the State has troublesome lattitude in deciding whom to > prosecute. > > It seems to me a defense attorney could point to the use of "illegal > crypto" by Grandma and Little Johnny and Newt Gingrich and others and claim > his client, Ramzi Yousef, was being selectively prosecuted for his use of > illegal crypto. This won't ever work. The legal system, indeed society, would grind to a halt if Murderer A could get off because no one had caught and prosecuted Murderer B. In a world of scare resources, it is inevitable that some people will get away with stuff. That cannot and should not and is not a defense for those who get caught. Selective prosecution is only even a possible defense if you can show personal or political animus on the part of the prosecutor. Which is very hard. > ... I don't want to really debate the details of > this, but I'm confident that a law being ignored by hundreds of thousands > of users would result in the "selective prosecution" evidence I've > described.) No. Think of the drug laws: it's obvious lots of cases go unpunished, but we still jail those we catch. > >> My questions are serious, not just polemical. I'm curious how law > >> enforcment plans to deal with the millions of copies of strong crypto > >> already scattered around the U.S. and the world. > > > >I doubt there's a plan. Especially as I doubt that there's any likelihood > >of a ban on old crypto. They know that if they can ban new, the passage > >of time will do the job for them. > > I'm skeptical about this. The very users who have the most to lose by using > key escrow will be the likeliest to use PGP and suchlike. (Implicit in my > earlier points about the legality of PGP is that distribution of copies of > PGP would remain legal. If I have a legally-freeware version of PGP, like > 2.6.x was, it remains legal for me to give it to my friends, to put it on > sites, etc. Doesn't it? If the Feds tried to say "You can keep your copy of > PGP 2.6.3, but you can no longer use it in multiple places, or give copies > to others, or share it any way," then we will truly be in an odd legal > situation.) > > I've never bought the "But criminals are too stupid to use good tools to > protect their privacy" line. I see the use of cellphones and pagers by > street kids, the use of cutouts and ratlines to forestall busts, and of > course the use of encryption by freedom figthers, terrorists, spies, etc. > "Duh." > > (Freeh and Gore are now acknowledging this, citing Aldrich Ames being urged > to encrypt, Ramzi Yousef encrypting, etc. No startling revelation, but it > drives a stake through the "criminals are too dumb" line that some were > using a couple of years ago.) There are three interesting issues raised here. The first is to what extent Freeh et al have thought through the practical details of what they may hope to propose. We don't know; I used to think, not at all, but there is now some evidence that they have turned some decent minds to some of the problems. On the practical front, we see TIS, HP, and others trying to build workable key control infrastructures. This is the most serious issue: a working prototype will change the political debate, and cut the legs out from under the kinds of arguments advanced in the cryptographers' letter against escrow about a year ago. The second is the legal groundwork. Here too there is some grounds for pessimism. I found the bill proposed to the House Select Committee on Intelligence last year as a substitute amendment for SAFE to be well-drafted; it is one or two cuts above the earlier attempts, making beating it in court a non-trivial although still do-able job. The third issue is, what this is all designed to achieve? Much of that debate has been covered on this list over the years; the new element in the above is the suggestion that the "dumb criminal" rationale is now inoperative, or perhaps exposed as a Plot. I beg to differ. I've always agreed that "smart" criminals won't use GAKware; but I think you have to look at this from a law enforcement perspective. Anything that reduces the access or ease of use of strong un-escrowed cryptography is, from this view, a win. It's a win when people don't bother to use the strong stuff because it's inconvenient or they are in a hurry, or this message doesn't seem that important. It's a win when criminals can't use the strong stuff to communicate with people outside the conspiracy -- like car rental agencies. It tells you something about their plans, and likely movements. And so on. Bottom line: I think that the LEOs think (correctly) that from their perspective even marginal, incremental, gains are worth a fair amount of effort. I think I would take that view if I were in their shoes, and I don't think it's either evil or irrational. It merely ignores the pernicious side-effects of the policy. [...] > >Still will stand out for traffic analysis purposes, however. > > The analysis of this point demands a much closer consideration of how many > people are using old vs. new crypto. > > Consider just a few scenarios: > > Scenario 1: By 2005, 99% of users have adopted Big Brother Inside crypto. > The remaining 1% consist of tired old Cypherpunks and ACLU diehards. The > FBI and NSA tag these messages and compile contact dossiers. > > (This is the most favorable scenario for the government, but even it fails > to stop that 1% from communicating securely. And of course the traffic > analysis goals are partly thwarted by the use of remailers. I am assuming > remailers remain legal. If not legal in the U.S., surely legal somewhere in > the world. A familiar argument.) I see remailers as being the next big controversy for exactly this reason. There are a number of legal tricks one could imagine to make running a remailer so risky as to make very few people willing to do it -- without actually making it illegal, which runs into constitutional problems. > Scenario 2: By 2005, an explosion of packet encrypters, bundlers of > packets, SWAN-type link encryption, and so on have been deployed. Packets > are flowing zillions of ways, as mixtures of frame relay, ATM, and all > sorts of data types. PipeNet systems are running constant-bandwidth > connectons between sites. A plethora of crypto systems are being used. > Government has attempted to mandate escrowed encryption for "new" crypto, > but a variety of "old" crypto remains legal for use in encrypting links, in > using with remailers, etc. The FBI and NSA find that 80% or more of all > traffic they try to intercept (*) is encrypted in ways they can't decipher. > Even if the citizen-units are being good sheeple and are using approved > escrow crypto, other crypto is hiding their packets. > > (* By the way, as a sidenote, apparently lost in this debate about approved > crypto is the whole issue of the legality of FBI and NSA sniffing of > packets. We all know that UKUSA- and Echelon-type sniffing and surveillance > goes on, even though the NSA is ostensibly barred from domestic > surveillance, but the whole enforceability of a ban on unescrowed new > crypto will essentially require widespread sniffing of packets to ensure > compliance. As some packets will be in plaintext, does this not equate to I'm not sure I accept this assumption. I don't think that random "header sniffing" much less full packet examination will ever be legal so long as the 4th amendment retains any validity whatsoever. And I don't think anyone plans this for law enforcement (intelligence is a separate issue). But once you have an on-going investigation of someone, and a valid warrant, it does give you another way to prosecute (think Al Capone and tax evasion [irrelevant note: Peter Hamilton's Neutronium Alchemist has a fun depiction of Capone]). > government reading e-mail? This surely is a major topic for discussion once > the escrowed crypto legislation is proposed.) > > It is this compliance sniffing argument we made some years back, with > someone's immortal, "Use a random number, go to jail" line. > > Scenario 3: Widespread use of wrappers. Or "superencryption." To forestall > traffic analysis, escrowed crypto is used. But the contents are > superencrypted with PGP or somesuch. If PGP remains legal to use, then such > superencryption surely cannot be illegal (as that would be mandating the > form of speech within a message, barred by the First). (This scenario would > not be ideal for all uses, as contact tracing would still be a concern. > Lots of issues here.) Stego. That's what Patrick Ball says the human rights groups use now in police states. > Scenario 4: To thwart traffic analysis and monkeywrench escrowed > encryption, Cypherpunks and others grossly expand the use of "still legal" > old crypto. Sort of like PipeNet, with scripts used to send cover messages > to other users, to randomly selected sites, etc. Sending PGP-encrypted > dummy messages to thousands of public figures, for example. (And it doesn't > really matter what the contents are.) Hard work. And as traffic levels go up, more and more noise is needed, requiring more and more cover traffic. I wonder if volunteers can keep this up over time? > I concede that sophisticated Bayesian pattern extraction programs can > perhaps still distill useful contact matching data, even out of tens of > thousands of bogus messages, but the practical effect of all this cover > traffic will be to make traffic analysis much more problematic than in, > say, Scenario 1. > > And PipeNet sorts of contant-bandwidth systems make traffic analysis iffy. > Also, use of remailers, of course. > > These are some of the scenarios. Some overlap. And the likely actual > future, circa 2005, will probably be a mix of several of these scenarios. > One thing is for sure, though: that the vast number of packages containing > crypto today will likely still be in heavy use. As Declan noted in another message, the most significant developments are those that enable crypto in mass consumer packages such as Netscape. The fact is that lots of people just automatically update to the latest thing. And other people don't have control over their software. In my office, for example, as a cost-saving measure we are going to a form of network facisim: the system administrator will control all the software that you can run on your networked desktop. He will load it and serve it to you, and lock you out from running anything un-approved. [We will have an opt-out, fortunately, but most people won't take it since the price of opting out will be reduced support.] > The main point is that in a world with a million or so copies of PGP > already distributed, out on CD-ROMs sitting on thousands of bookshelves, > buried in vast numbers of hard disks, and yet still perfectly usable into > far into the next century (neither 112-128 bit IDEA nor 2048-bit RSA are > likely to be cracked in the next 100 years, barring breakthroughs in math). Yes, but in a world where the LEOs are playing the margins, they can live with this if they can influence the market standards. > This is the dilemma faced by the snoopers. The horse are out of the barn, > and closing the gate now is essentially pointless. I don't think we are there yet. Standards are powerful. Again, the horse may be out of the barn for the minority of people like those on this list who really really care about these issues. But for now, most people don't probably care enough to give up the latest coolest software tools, if that becomes the choice. > I believe strongly that those most in need in crypto--freedom fighters, > guerilla cells, drug dealers, pornographers, Mormons, Jews, abortionists, > Cypherpunks, etc.--will not be "too dumb" to use some of this "old" crypto. > I'd love to debate David Aaron or Dorothy Denning or William Reinisch in a > public forum on this point. Yes, agreed, but that isn't really the issue. (see above) > >If I were in charge of making crypto hard to use in the US, I'd focus on > >criminalizing the manufacture, sale, or distribution of new UN-escrowed > >crypto. > > And older crypto? Would you try to make it a felony to give, sell, or lend > a CD-ROM that happened to have one of the millions of copies of PGP on it? > And would you make it a felony for someone to connect to a site in Italy or > Finland and download a crypto program? Sure would. > (Yet another issue we aren't touching on here, that such laws would of > course have to try to criminalize imports. I grant you that some imports > are already illegal, as we all know so well, so I'm not claiming this is > not the case now. But a tiny little program that fits on a CD-ROM or DAT or > diskette or whatever is a rather hard thing to stop from being imported. As > we all must surely know by heart now.) The war on drugs demonstrates that this society is willing to attempt to enforce the unenforceable if it believes the stakes are high enough. > >I predict that the legal issues regarding old crypto are so tough, and the > >gains to LEOs so small in the long run, that they won't bother banning it. > >Especially not in phase one. > > Since we're discussing hypos, I'd love to hear your speculations about what > "Phase Two" might be. Phase Two won't come until and unless they can establish the market standards in Phase One. I regret the terms "phase one" and "two" because it makes it sound too much like there's a detailed master plan sitting in the FBI for some gigantic social chess match. I rather doubt it. There's a general objective: put the strong crypto genie as much in the bottle as you can. There's some tactical short-term objectives: kill or gut SAFE; build a working escrow infrastructure; persuade foreign governments to join in on the escrow bandwagon. Working out the content of the next steps probably depends on the extent to which they achieve the first ones. > I welcome this discussion. It seems to me that much of the crypto debate Indeed. > these days is mostly boring recitations of past positions. Those in > government are not even bothering anymore to try to defend their position, > to lay out what the legal safeguards might be. > > (Remember all that mind-numbing detail about Clipper, about "LEAF"-fields, > about how many agencies or entities might hold the keys, about the various > fields and subfields within Clipper? As bad as Clipper was, there at least > had been much work put into the logistical and legal issues. Not enough, of > course, as the basic idea fell apart quickly enough, but at least a lot of > detail. Contrast that with the later Clipper 2, 3, and 4 stuff, where fewer > and fewer details emerged. And now we are speculating almost blindly on > what a "crypto ban" might look like. Probably because there really is no > set of Clipper-like details which can get around the basic reality that to > ban unapproved crypto would require police state measures.) > Actually, the House bill was a pretty frightening first look. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | http://www.law.tm P.O. Box 248087 | Coral Gables, FL 33124 USA | It's warm here.
Date: Sun, 8 Mar 1998 23:41:41 -0500 To: cypherpunks@cyberpass.net From: Declan McCullagh <declan@well.com> Subject: Re: [LEGAL] Crypto as Contraband? Tim May writes: > And older crypto? Would you try to make it a felony to give, sell, or lend > a CD-ROM that happened to have one of the millions of copies of PGP on it? > And would you make it a felony for someone to connect to a site in Italy or > Finland and download a crypto program? To drop out of the hypo and back into politics for a moment, here's my writeup from last fall. The House Rules committee currently is deciding to send this or another version of SAFE to the floor for a vote. If it passes the House, it will automatically be introduced in the Senate. If I were feeling particularly conspiratorial, I'd point to CALEA as an example of businesses cutting a deal: they'll sign off on a deal requiring them to rewire technology for easy snooping, as long as they get paid. -Declan ---- Date: Thu, 11 Sep 1997 23:37:39 -0700 (PDT) From: Declan McCullagh <declan@well.com> To: fight-censorship-announce@vorlon.mit.edu Subject: FC: House panel votes behind closed doors to build in Big Brother Software that protects your privacy is a controlled substance that may no longer be sold, a Congressional committee decided today. Meeting behind closed doors this morning, the House Intelligence committee voted to replace a generally pro-encryption bill with an entirely rewritten draft that builds in Big Brother into all future encryption products. (The Senate appears to be moving in a similar direction.) The new SAFE bill -- titled in a wonderfully Orwellian manner the "Security and Freedom through Encryption" act even though it provides neither -- includes these provisions: SELLING CRYPTO: Selling unapproved encryption products (that do not include "immediate access to plaintext") becomes a federal crime, immediately after this bill becomes law. Five years in jail plus fines. Distributing, importing, or manufacturing such products after January 31, 2000 is another crime. NETWORK PROVIDERS: Anyone offering scrambled "network service" including encrypted web servers or even "ssh" would be required to build in a backdoor for the government by January 31, 2000. This backdoor must provide for "immediate decryption or access to plaintext of the data." TECHNICAL STANDARDS: The Attorney General will publish technical requirements for such backdoors in network service and encryption products, within five months after the president signs this bill. LEGAL TO USE CRYPTO: "After January 31, 2000, it shall not be unlawful to use any encryption product purchased or in use prior to such date." GOVERNMENT POWERS: If prosecutors think you may be selling, importing, or distributing non-backdoor'd crypto or are "about" to do so, they can sue. "Upon the filing of the complaint seeking injunctive relief by the Attorney General, the court shall automatically issue a temporary restraining order against the party being sued." Also, there are provisions for holding secret hearings, and "public disclosure of the proceedings shall be treated as contempt of court." You can request an advisory opinion from the government to see if the program you're about to publish violates the law. ACCESS TO PLAINTEXT: Courts can issue orders, ex parte, granting police access to your encrypted data. But all the government has to do to get one is to provide "a factual basis establishing the relevance of the plaintext" to an investigation. They don't have to demonstrate probable cause, which is currently required for a search warrant. More interestingly, this explicitly gives the FISA court jurisdiction (yes, the secret court that has never denied a request for a wiretap). If they decode your messages, they'll tell you within 90 days. GOVERNMENT PURCHASING: Federal government computer purchases must use a key escrow "immediate decryption" backdoor after 1998. Same with networks "purchased directly with Federal funds to provide the security service of data confidentially." Such products can be labeled "authorized for sale to U.S. government" ENCRYPTION EXPORTS: The Defense & Commerce departments will control exports of crypto. Software "without regard to strength" can be exported if it includes a key escrow backdoor and is first submitted to the government. Export decisions aren't subject to judicial review, and the "president may by executive order waive any provision of this act" if he thinks it's a threat to national security. Within 15 days, he must send a classified briefing to Congress. ADVISORY PANEL: Creates the Encryption Industry and Information Security Board, with seven members from Justice, State, FBI, CIA, White House, and six from the industry. INTERNATIONAL: The president can negotiate international agreements and perhaps punish noncompliant governments. Can you say "trade sancation?" (Other provisions barring the use of crypto in a crime and some forms of cryptanalysis are also in the bill.) Next the Commerce Committee will vote on SAFE, and a former FBI agent-turned-Congressman is vowing to ensure that similar language to this is included. (The committees are voting on the bill in parallel, and a four-person team of Congressmen is working to forge a compromise before Commerce votes.) Then the heads of the five committees that have rewritten the legislation will sit down and work out another compromise. If it's acceptable to the House Rules committee -- and if the FBI/NSA get what they want it will be -- the bill can move to the floor for a vote. That's why the encryption outlook in Congress is abysmal. Crypto-advocates have lost, and lost miserably. A month ago, the debate was about export controls. Now the battle is over how strict the //domestic// controls will be. It's sad, really, that so many millions of lobbyist-dollars were not only wasted, but used to advance legislation that has been morphed into a truly awful proposal. I wrote more about this at: http://cgi.pathfinder.com/netly/opinion/0,1042,1385,00.html -Declan
Date: Sun, 8 Mar 1998 21:01:26 -0800 To: declan@well.com From: Tim May <tcmay@got.net> Subject: Re: [LEGAL] Crypto as Contraband? Cc: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu>, cypherpunks@cyberpass.net The core issue here is of _provenance_. How can several hundred thousand users who legally downloaded or acquired or bought or received PGP and other crypto programs be expected to "prove" they possessed these programs prior to some grandfathering date? Especially when most such downloads and acquisitions were done with no records being kept. I, for example, have probably 4 or 5 versions of PGP, with multiple copies of some versions, not even counting backups. Yet none of them do I have "paperwork" for. In fact, as we all know, copies of PGP are neither serial numbered nor identified in any way to make them unique to a user. Representatives from PGP, Inc. assured us a while back that they took pains to not know who their customers were (e.g., by not asking for customers to "register" their program) There is no way to prosecute someone for failing to prove they acquired the program prior to some date...unless they are literally caught in the act of acquiring it after the grandfathering date. Hardly feasible. Such a law would make most of us felons. Perhaps this is their intent. At 2:31 PM -0800 3/8/98, Declan McCullagh wrote: >Prof. Froomkin writes: >> >If I were in charge of making crypto hard to use in the US, I'd focus on >> >criminalizing the manufacture, sale, or distribution of new UN-escrowed >> >crypto. > >Tim May writes: >> And older crypto? Would you try to make it a felony to give, sell, or lend >> a CD-ROM that happened to have one of the millions of copies of PGP on it? >> And would you make it a felony for someone to connect to a site in Italy or >> Finland and download a crypto program? > >Yes. This is what one of the SAFE bills passed by a House committee last >year -- and competing with others to go to the floor for a vote -- does. > >A flat ban on the manufacture, sale, distribution, and *IMPORT* of >unapproved encryption products. It probably will be tinkered with, such as >I wrote in my previous message in this thread, to deal with law >enforcement exemptions, government exemptions, legitimate research >exemptions. > >It also said explictly it would be legal to USE old crypto, and thus, >presumably possess it. But the distribution ban is the kicker. I noted in a a couple of places in my long article this morning about the "Alice in Wonderland" aspects of any grandfatherings. OK, so suppose _distribution_ of once-legal copies of PGP is banned. (Huh?) So how do the enforcers prove the provenance of what they seize, or what they sniff over the airwaves and landlines? Do the raiders hit a house or business and demand the "proof of purchase" be presented? For nearly all things I purchase or download, there are either no serial numbers, or I keep no copies of receipts. Many of my guns, for example, I bought at gun shows. And there were no records. (This is also a very serious point. There are virtually no laws that I am aware of that say a citizen-unit must _prove_ via receipts and serial numbers and such that he obtained something before such-and-such date. The only time I hear any warnings to "be sure to keep receipts" is for tax records and for warranty work. Never because government may someday demand proof of when something was acquired. The burden of proof is on the government and legal system to prove a positive crime, not to require a citizen to produce proof of legality. At least for all things I possess, including guns, explosives, chemicals, and drugs. And crypto, presumably.) If the Encryption Police demand records of purchase dates, or download dates, I'd have to say to them: "Fuck you. I kept no records. Nor did the law require me to (or pay my hourly rates for the labor involved). So, get the fuck off my property, or I'll consider you a trespasser." Whether I would have the guts to say this I don't know. I hope I would. I make this point in an extreme way to emphasize the Alice-in-Wonderland nature of this hypo. (Copies of PGP were downloaded by thousands of organizations. Who gets to "have" these copies when the ban goes into effect? Will we jail people who fail to present download logs showing they downloaded PGP before the ban? What if they downloaded PGP in 1993, but failed to save their download logs? (How many of us save such records? And these records are just text files, so they can be faked trivially, and have no legal standing, I would think.) Arggh. I submit that there is absolutely no way the government of the U.S. can crack down on the million or so copies of PGP which have been distributed, downloaded, shared, traded, bought, pirated, etc. Any notion that "those who possessed strong crypto at the time of this bill's passage, all later possessor are felons" is too absurd to take seriously. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 21:04:07 +0100 (MET) Subject: Re: [LEGAL] Crypto as Contraband? To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) On Sun, 8 Mar 1998, Tim May wrote: > The core issue here is of _provenance_. How can several hundred thousand > users who legally downloaded or acquired or bought or received PGP and > other crypto programs be expected to "prove" they possessed these programs > prior to some grandfathering date? Especially when most such downloads and Well, the burden of proof will always be on the prosecution. So they'll need something tangible -- testimony, login records, something to overcome your word that you had it before the deadline. And they'll have to convince a jury. [...] > Such a law would make most of us felons. Perhaps this is their intent. Not if there is grandfathering. I suppose if you are paranoid about it you could be sure and register a key and timestamp it before the deadline, to establish ownership. The disadvantage of this strategy of course is that anyone who didn't would be subject to nasty cross-examination... > (Copies of PGP were downloaded by thousands of organizations. Who gets to > "have" these copies when the ban goes into effect? Will we jail people who The organization is often a legal person. So it gets to have it, and all members get to use it. > I submit that there is absolutely no way the government of the U.S. can > crack down on the million or so copies of PGP which have been distributed, > downloaded, shared, traded, bought, pirated, etc. Any notion that "those > who possessed strong crypto at the time of this bill's passage, all later > possessor are felons" is too absurd to take seriously. > Well, probably, but see the drug laws. So we may as well take it seriously. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | http://www.law.tm P.O. Box 248087 | Coral Gables, FL 33124 USA | It's warm here.
Date: Mon, 9 Mar 1998 14:39:14 -0800 To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu> From: Tim May <tcmay@got.net> Subject: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography Cc: cypherpunks@cyberpass.net At 11:59 AM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote: >On Sun, 8 Mar 1998, Tim May wrote: > >> The core issue here is of _provenance_. How can several hundred thousand >> users who legally downloaded or acquired or bought or received PGP and >> other crypto programs be expected to "prove" they possessed these programs >> prior to some grandfathering date? Especially when most such downloads and > >Well, the burden of proof will always be on the prosecution. So they'll >need something tangible -- testimony, login records, something to overcome >your word that you had it before the deadline. And they'll have to >convince a jury. "NASTY CROSS EXAMINATION" Sure, but as you point out below, there is the "would be subject to nasty cross-examination" issue. Which is just part of the general nastiness which will happen long before cases ever reach a jury of one's peers. This is, forgive me for sounding anti-legal system, the real power prosecutors have to make life miserable for citizens. Which jury was it that was convinced Susan McDougal needed to spend 18 months (and counting) in a federal prison? (The technical answer is that Ken Starr's grand jury, and the judge overseeing the case...as I understand the McDougal jailing on contempt charges. But the point is that it sure wasn't the kind of jury of one's peers I take your point above to mean.) If the crypto laws we are talking about happen, "convincing a jury" will probably not be the important issue. Because before this jury stuff happens will come the pre-dawn BATFC (Bureau of Alcohol, Tobacco, Firearms and Cryptography) raids, the asset forfeitures, the scrutinizing of seized hard drives for evidence of illegal software, porn, bomb-making instructions, and terrorist material. (And of course was no "convincing a jury" before Randy Weaver's home was attacked, and his wife and son shot dead. Or before Waco was burned to the ground, possibly (probably in my view, but opinions are mixed) by the BATF. Or before "child porn rings" were broken up with pre-dawn raids. Or before MOVE headquarters in Philadelphia was firebombed from above. And so and so on.) THE WAR ON CRYPTO AND THE WAR ON DRUGS Will using unescrowed crypto be treated by the courts as "probable cause" to raid a house or business, with the "perp" jailed until at trial he somehow (if he can) proves that he was legally allowed to own the crypto? You see, unlike the "War on Drugs," bad as that war is, crypto is not like drugs. Cocaine and marijuana and whatnot are ipso facto banned materials, with no "grandfathering" of older possession. Basically, unless one has a license to possess these drugs (pharmacies, research labs, law enforcement, CIA, DEA, etc.) one is guilty of "felony possession." Or something worded like that. Even with firearms, serial numbers establish manufacture dates. (I'm not apologizing for firearms laws, which I oppose, just noting the vastly easier enforcement of such grandfathering laws.) But with PGP and such, often there are no serial numbers, no registration process, nothing of this sort. (PGP explained to a recent Cypherpunks meeting that *of course* they don't want serial numbers and customer records and whatnot, for obvious reasons.) GRANDFATHERING OF CRYPTO UNWORKABLE So a "grandfathering" of certain crypto presents massive problems for all concerned. There is no way any prosecutor can actually _prove_ that a specific use of PGP was with a nonlegal version, unless that version was actually created after the grandfathering date. Even catching a person downloading crypto says little about his use of some program...he might claim he acquired the PGP 2.6.3 years earlier, and that the latest download of 2.6.3 was inadvertent, or to compare it to his older version, etc. I just can't see this grandfathering working. And the notion you express (I'm speaking about Michael Froomkin) that citizen-units would be advised to create "records" to later prove their innocence tells us how pernicious this law would be. I don't mean to make a familiar anti-government rant here, just to point out that draconian new crypto laws will have their effects felt long before a case ever gets to a jury. And by the time a jury is involved, the charge will not be something so mundane as possessing a copy of PGP for which a sales receipt cannot be produced (duh), but the various charges from the raid, the srutinizing of hard drives, the defensive measures the citizen took when the BATF showed up at 4 a.m. and broke down his door and threw flash-bangs into his bedroom, and so on. THE EASY WAY OUT Plus, of course, at a more mundane level many corporations (and schools, like Prof. Froomkin's) will simply take the easy way out and ban the use of any unescrowed crypto product, out of fear that PGP and such make provoke raids or audits. >> Such a law would make most of us felons. Perhaps this is their intent. > >Not if there is grandfathering. I suppose if you are paranoid about it >you could be sure and register a key and timestamp it before the deadline, >to establish ownership. The disadvantage of this strategy of course is >that anyone who didn't would be subject to nasty cross-examination... My point exactly. This "nasty cross-examination" is itself the consequence of our current legal system. Despite the rhetoric about "innocent until proven guilty," the combination of factors I just mentioned, and the long, drawn-out process of a trial, and the costs of a modern legal defense, have really given us a "guilty until proven innocent" legal system. CONVINCING A JURY An average computer user, when raided, indicted, subjected to the "nasty cross-examination" mentioned above, and faced with a legal defense cost quickly hitting the big leagues, will not find solace in the "And they'll have to convince a jury." point. I understand that justice does not come free, or even cheap. But the burdens of proof on raids, on investigations, and on speeds of trials are out of whack. I used to think the Fourth Amendment was protection against pre-dawn, Gestapo-style raids by BATFags dressed in all-black ninja raider suits. I used to think "a speedy trial" meant just that, a trial within a few weeks or months, not years later. No longer do I think these things. >The organization is often a legal person. So it gets to have it, and all >members get to use it. Unless, as a hypothetical, the law says only individual owners may continue to use non-escrowed crypto. Or unless certain organizations are disallowed. (Want to take any bets on whether Aryan Nations or Islamic Jihad are "allowed" to use their "organizational copies"? Or even whether a company which bought a corporate license from RSA or IBM or PGP will be allowed to continue to distribute this unbreakable crypto to employees?) CORPORATIONS AND INSTITUTIONS WILL BAN UNESCROWED CRYPTO To control this kind of organzational use, I would not be surprised if the law specifically disincentivizes corporations from using even grandfathered crypto. If a corporation is held liable for even a single person using crypto for which he was not grandfathered, then the corporation will simply issue a blanket policy that such crypto will not be used in the company. As Whit Diffie so cogently pointed out several years ago at a Cypherpunks meeting, the War on Drugs was fought by gang-pressing corporations as unpaid soldiers in the War. By threatening corporations with shutdown of their factories and with sizable fines and other penalties, corporations became paranoid helpers in the war. Companies know that drug cops can enter their premises without a warrant (or with warrants signed by willing judges) to search for roaches and crystal in employee lockers...then the fun begins. This is why we now see the mandatory drug tests by most companies...tests which government could never order themselves (due process and all). And we'll see the same thing with crypto. NIGHTMARE SCENARIO For example, imagine this scenario: ISPs, which are companies just like those drug warrior companies I just described, are told that any encrypted messages which violate the Safe Surfing and Children's Protection Act of 1999 will expose them to asset forfeiture, seizure of their machines, and various other criminal and civil sorts of charges. (There are ECPA issues, and ISPs may claim they cannot read customer mail to check whether illegal crypto is being used. Maybe, maybe not. But recall that the CDA specifically inserted language protecting ISPs from what their customers were sending...which cuts both ways. On the one hand, why did they even _need_ such language if the First and the ECPA protected them? And on the other hand, maybe this CDA language could be used to protect ISPs against any War on Crypto enlistment.) Many ISPs will take the easy way out, by banning all unescrowed crypto, even the ostensibly grandfathered stuff. They just won't want to take the chance that BATFC raiders will arrive to cart off their machines for analysis, even if Tim May assures them that, based on his reading of the SS & CPA of 1999 law his use of PGP 5.0 is fully legal. THE CHILLING EFFECT And corporations and universities and such will almost certainly bar any unescrowed crypto, as they won't want to have to deal with the "nasty cross-examination" Prof. Froomkin mentioned. Nor with the accounting headaches of keeping lists of who owns grandfathered crypto and who doesn't. No, I think it's a safe bet that Prof. Froomkin's school will not be too interested in his claims to have obtained strong crypto prior to the new law's effective date. They just won't want their university exposed to scrutiny, or to the implications of violations. His sysadmin will tell him "Nope." This, I suspect, is the intended effect. >Well, probably, but see the drug laws. So we may as well take it >seriously. I take it very, very, very seriously. So do my associates in various patriot and militia groups. Crypto is not yet on their front burner, though most of them have a passing familiarity with PGP. The folks I was talking to on Saturday just can't conceive of how government could demand that groups like theirs could be required to only communicate with "in the clear" (to the Feds) systems. Though they have zero respect for recent governments, they know that the Constitution has not yet been completely abandoned. But when the true evils of a mandatory Big Brother system, and outlawing of private communcations, become clear, and when the "nasty cross-examinations" and raids begin, look for extreme, polarizing action. The militias and other patriot groups are about to get a lot of new members, I think. It's amazing to me that this hypothetical is so plausible, so likely even. The House language would essentially implement this scenario. If not this year, next year. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 23:37:58 -0800 To: "Michael Froomkin - U.Miami School of Law" <froomkin@law.miami.edu> From: Tim May <tcmay@got.net> Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography Cc: cypherpunks@cyberpass.net I am going to force myself to comment on only a few parts of this post, as Michael and I are writing long articles to each other. I rarely believe in taking such debates "off list," especially when they lie at the core of our community, but I do try to limit my writing...sometimes. At 9:42 PM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote: >Raids for crypto? When there's no reason to think the user is armed? It >hasn't come to that yet. Yes, people like you who trumpet how well armed Raids for child porn? Raids on Steve Jackson Games? Raids on some guys trying to buy an anthrax testing gizmo? I don't know what the "reason to think the user is armed" point is about. The cases above all involved raids, carting off all equipment on the premises, and men with guns. Nothing new here. I wasn't claming that vast amounts of resources would be devoted to kicking in the doors of every AOL user suspected of using "bootleg crypto." But I do think an outlawing of crypto would result in "raids," of either the Jim Bell level of raid (LEOs from at least 6 different agencies) or worse. Against whom? I can think of two dozen members of this list I think would be raided. If only to send a message. (And, to be brutally honest, I have no doubt they could find several of "their" felonies at my house. I no longer even know what of I have at my house is now contraband...I do know I refused on principle to register any "assault rifles," along with the vast majority of other Californians who were ordered to register them by such-and-such a date. I bought stuff for cash at gun shows. I also sold stuff for cash at gun shows.) >Since I happen to want to live as far away from guns as I can, I choose to >trumpet my house as a gun free zone. How ironic if that actually makes me >safer. Your choice in a free country. Just as it is my choice, by the Second Amendment, to have arms. "Better to be tried by six than carried by twelve." .... >It is indeed important to stoke one's feelings of outrage every time >rights are outrageously violated. No system is perfect, and our system is >not immune from this rule. Eternal vigilance is indeed the price of >liberty. What do we do with this feeling of outrage? Do we work to >improve the system? Do we work to improve civil society (e.g. "write >code")? Or do we say, 'The Hell With It'? I prefer a slogan I am hearing more often in patriot meetings: "What this country needs is a low-level reformatting." >> THE WAR ON CRYPTO AND THE WAR ON DRUGS > >Hey, before we go too far down this particular bad acid trip, can we take >a deep breath and remember that IMHO a ban on un-escrowed crypto is >unconstitutional, at least insofar as it reaches personal non-commercial >use? Cf. the Metaphor article on my homepage? I of course read that, and even used it for my paper at CFP '97, for your panel. But this "bad acid trip" is the hypo we are discussing. And as Declan reminds us in his forwardings of the coverage of the House language, it is probably closer to enactment than one might think. Will the Supremes declare part or all of it to be unconstitutional? One can hope. >> THE EASY WAY OUT >> >> Plus, of course, at a more mundane level many corporations (and schools, >> like Prof. Froomkin's) will simply take the easy way out and ban the use of >> any unescrowed crypto product, out of fear that PGP and such make provoke >> raids or audits. > >Well, I wouldn't put that past UM. There has been nervousness here about >loading PGP on the computer for fear it would be "exported". But they did >load it in the end. I only had to holler a little. You're making my point. They are "nervous" even when domestic use of crypto is completely unencumbered. Imagine the escalation of their nervousness by two orders of magnitude when crypto is actually criminalized. Whether some grandfathering is included or not, clearly anyone who uses crypto is up to no good and will probably expose the institution to precisely the kind of "nasty cross examination" you yourself brought up. PLEA BARGAINS AS TOOLS OF CONTROL >Most of the cases that go to trial today do so because the defendant >wouldn't agree to a plea bargain. The more evidence they have against the >defendant, the less attractive the plea offer; thus, the greater incentive >to roll the dice on trial. Unfortunately, therefore, the genuinely >innocent defendant, who will not take a plea, but is faced with a >prosecutor who genuinely thinks he is guilty, is at an enormous >disadvantage in a system designed to settle out on pleas. Lawyers in Ah, now you're hitting my hot buttons. I suspect we're mostly in agreement on the evils of the "pile on the charges and then accept a plea bargain" system. This is precisely why so many things are illegal (well, it's one of the main reasons). Pleas and parole arrangements are ways to control obstreprous citizen-units without actually building too many more prisons. And without having to deal with voters who don't want to pay for more prisons. Though this may sound like hyperbole, Stalin would have loved the scheme. The case of the "anthrax guy," Wayne Harris, is a case in point. He's now being charged with violating the terms of his parole. And what was his original "crime"? Violating the postal laws ("wire fraud") by using his home address instead of his company's address when he mail-ordered some bubonic plague samples. Now I admit it looks fishy for someone, anyone to be ordering bubonic plague. Not something the average hobbyist or small businessman seems to have a "legitimate" need for. (Though it is arguably not the function of government to decide on whose needs are legitimate, absent any actual criminal use. A long topic to argue.) If Harris was illegally ordering plague samples and/or was planning to use them, then prosecute him on _that_ charge, and imprison him. But don't use nonsensical laws like "wire fraud" to get him on a "technicality." Anyway, instead of getting him on a real crime, they used this. And then, instead of imprisoning him, they let him plead out. A "condition" of his plea bargain was to stay away from certain kinds of things. Whether having veterinary anthrax vaccine, a completely harmless item, constitutes a violation of this "deal" is debatable. Late News: To check this, I searched and found this from the http://www.lasvegassun.com/dossier/crime/bio/ site: " Federal Magistrate Mark Abel said prosecutors failed to show that Harris violated probation by claiming he had military-grade anthrax and by producing infectious disease, bacteria or germs in his Ohio home. "Abel said there was enough evidence to hold a hearing on whether Harris was continuing to tell people he used to work for the CIA, another violation of his probation. The hearing was not scheduled." OK, so a judge looks to be leaning toward dropping all parole violation charges. Still, a new chapter for Alice's Restaurant: "I'm here in this jail for telling some guy I used to work for the CIA because that's a parole violation of my parole for ordering a legal product with my home address instead of my business address." When the Feds can make a huge number of things criminal, then grant deals and parole on the condition that behavior be controlled, this is dangerous. (I've been having this debate in scruz.general, where my opponent basically argues "What's the big deal? If the guy doesn't want to consent to the conditions of the parole, he can do the dime." (the 10 year sentence) My opponent doesn't "get it" about the power this gives the legal system .) This discretion in prosecution and sentencing is of course a major tool in "developing snitches." Or in "turning" people. Some have even conjectured, emphasis on _conjectured_, that it would not be surprising if one or more of our number have been busted and then turned. --Tim May Just Say No to "Big Brother Inside" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, ComSec 3DES: 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^3,021,377 | black markets, collapse of governments.
Date: Mon, 9 Mar 1998 19:08:15 -0800 To: Tim May <tcmay@got.net>, cypherpunks@cyberpass.net From: Lee Tien <tien@well.com> Subject: Re: [LEGAL] Crypto as Contraband? At 6:20 PM -0800 3/6/98, Tim May wrote: [snip] > >I'm curious if any of the legal scholars and others who read Cypherpunks >have any thoughts on whether laws declaring crypto as contraband, should >they be passed, are actually enforceable. > Tim, you're focusing mainly on nonconstitutional stuff, so much depends on what Congress actually says. Making nonrecoverable crypto illegal to possess and use is one extreme; enhancing the penalty for a crime if nonrecoverable crypto was used to further it is the other (based on the extant bills). So I'll mostly ignore First Amendment wrinkles. These are unresearched guesses based on what's in my head. I wrote most of it a few days ago, and have only glanced at later posts, so it may be out of date. Traditional law: Contraband isn't all the same, there's "per se" contraband (e.g., illegal drugs, counterfeit money) and "derivative" contraband (lawfully possessable stuff that becomes contraband because of its relation to criminal activity). Cash can be the fruits or instruments of a crime, but it isn't contraband per se. It is contraband when derived from (or used in) crime. The state only has to prove a "nexus." Not sure how much these concepts matter today because asset seizure and forfeiture laws, which are statutory, do the work that general contraband rules used to. I see no reason that Congress couldn't enact a scheme that treats nonrecoverable crypto like child porn, which has its own forfeiture provisions. I vaguely recall that computers, etc., used in the commission of child porn offenses can be forfeited. >Can a program like this be declared contraband? > >Does the widespread use of it, the availability on CD-ROMs, the countless >spare copies lying around on backup disks and tapes, and even the print >copies, etc., make a decision to declare it contraband unreasonable? After >all, there is no reasonable way that millions of copies could be located >and permanently destroyed. Does the law take into account the absurdity of >such retroactive classifications? > I don't think the pointlessness of declaring PGP to be contraband would be relevant. The drug laws aren't any more enforceable. Congress can make possession unlawful, whether or not another dollar is spent proactively. I dimly recall some reluctance on the part of the courts some years ago in treating information just like tangible goods under stolen property laws (Dowling) and there was a little talk in the Betamax/video "time shift" case (Sony) about VCRs becoming contraband. One would think that all the criminal copyright infringement anti-piracy stuff makes our computers and backup DAT drives contraband, eh? If they only enhance penalties for using PGP in certain ways, that's different from outlawing non-recoverable crypto. If communications were treated differently from stored data, PGP might still have lawful uses. Might present Takings problems if there are legit uses. But the whole "regulatory takings" issue is too complex for me. [snip] > >Could possession of PGP be still legal, but _use_ declared illegal? > >(Not addressing the First Amendment issues, which are even stronger, but >just the issue of retroactive contrabanding of something which was acquired >legally, and by hundreds of thousands of law-abiding citizens.) Sure. Your hypo says possession is legal. So as long as they don't use it, no problem. I don't recall offhand what kind of intent is constitutionally required to make it unlawful to possess something that was lawful to possess before. Possible Takings issue again. > >If Grandma fails to realize that sending her e-mail with PGP is now a >crime, will she be prosecuted? If little Johnny is rooting through Dad's >hand-me-down computer and starts playing with PGP, will he be busted? > >My questions are serious, not just polemical. I'm curious how law >enforcment plans to deal with the millions of copies of strong crypto >already scattered around the U.S. and the world. Two separate issues here. Would these kinds of actions really be illegal? Would law enforcers really go after them? The first question boils down to intent. What intent requirement, "mens rea," did Congress write into the statute making encryption unlawful? Congress's power to define crimes is broad (within Constitutional bounds). Could they make encryption of communication a "strict liability" offense? I don't remember the rules for this. I'll guess that there has to be some scienter, but as to the character of the act and not the knowledge of the act's illegality. The second question is pure executive discretion, but I would hope they would have better things to do. Maybe campus cops who learn of grad students' crypto activities wouldn't have better to do. I doubt they care whether you or I keep using PGP, as long as most people won't because it's not deployed widely, etc. Law enforcement is more pragmatic than law enactment. [snip] > >And I have not discussed the alternatives to PGP much, here. As a point of >fact, there are probably hundreds of thousands of copies of legally-bought >strong crypto programs, programs from RSADSI, Lotus/IBM, TIS, Cylink, and >all the others. > >How could any "outlawing of unescrowed crypto" conceivably deal with this >vast amount of distributed software? Will a user of RSA's MailSafe program >face jail time for using a program he legally bought in 1991 (as I did)? Again, this depends on what Congress enacts. Congress could grandfather in possession and use of the old stuff, or just possession and not use. Can they as a nonconstitutional matter criminalize possession of formerly legal-to-possess stuff? I don't see why not. But I think there would have to be some kind of knowledge requirement to impose criminal liability, and the argument for implying such a requirement even if not expressly stated is surely stronger if there's retroactivity. I have no idea what the law is, for instance, on old child porn. Before _Ferber_, there was no special First Amendment "child porn" category. There were certainly non-obscene nudes before 1984 that are now within child porn statutes. There are scienter requirements for possession under the _Osborne v. Ohio_ case, but recklessness is enough as I recall. Cf. _X-Citement Video_, the Traci Lords case. Suppose Congress outlawed possession and required you to turn in your old, unescrowed crypto within two years (ideally they publicize the "turn in your old crypto" plan all over the Net, and you receive just compensation). If you provably knew of the "cash in" plan and kept your MailSafe, maybe it's not hard to show you have unlawful intent to possess. Does it matter? I can imagine them being happy to seize it under a forfeiture provision (if I were them, I'd write specific forfeiture rules for crypto). Maybe they wouldn't bother to do anything else, once they take it. Perhaps the real value of criminalization is to make it easier to take it out of circulation. Will any of this work? Dunno, can they really handle Eternity-type servers all around the world? Do crypto plug-ins that aren't stand-alone programs count? Are they going to have to specifically include "crypto-shaped holes"? But whether it's practically enforceable or socially efficient has little to do with legal enforceability. Lee
Date: Tue, 10 Mar 1998 01:04:46 +0100 (MET) Subject: Re: [LEGAL] Crypto as Contraband? To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) Silly me. I forgot all about the CFP session that wrestled with this very issue. Check out: http://swissnet.ai.mit.edu/~switz/cfp96/plenary-court.html The text of the The Cryptography Control Act discussed is below. [Omitted here] -Declan
Date: Tue, 10 Mar 1998 01:12:07 +0100 (MET) Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptogr To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) Tim writes: >And on the other hand, maybe this CDA language could be used to protect >ISPs against any War on Crypto enlistment.) Well, the immunizing language was put in the CDA so ISPs would stop opposing it. In other words, the CDA's backers and the ISPs cut a deal. At least AOL was honest enough to (privately) admit it, and admit it was a bad idea, last summer after the Supreme Court ruled. To answer Tim's question: the CDA language is a federal law that can be overriden by another federal law. There's no way out there. -Declan
Date: Tue, 10 Mar 1998 01:20:01 +0100 (MET) Subject: Re: [LEGAL] Crypto as Contraband? To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) I wrote yesterday: >If I were feeling particularly conspiratorial, I'd point to CALEA as an >example of businesses cutting a deal: they'll sign off on a deal >requiring them to rewire technology for easy snooping, as long as they >get paid. So I was not particularly surprised to read today in CommDaily that USTA pres Neel, representing the Baby Bells and local telcos, says industry will install any wiretap hardware "that law enforcement asks for" as long as "law enforcement can pay for it." How about crypto, Mr. Neel? -Declan
Date: Tue, 10 Mar 1998 06:46:07 +0100 (MET) Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography To: cypherpunks@cyberpass.net From: nobody@replay.com (Anonymous) This spam-proofed message was sent by Michael Froomkin. To reply privately, send mail to my surname at law.tm On Mon, 9 Mar 1998, Tim May threw down multiple gauntlets thusly: > At 11:59 AM -0800 3/9/98, Michael Froomkin - U.Miami School of Law wrote: > >Well, the burden of proof will always be on the prosecution. So they'll > >need something tangible -- testimony, login records, something to overcome > >your word that you had it before the deadline. And they'll have to > >convince a jury. > > "NASTY CROSS EXAMINATION" > > Sure, but as you point out below, there is the "would be subject to nasty > cross-examination" issue. Which is just part of the general nastiness which > will happen long before cases ever reach a jury of one's peers. This is, > forgive me for sounding anti-legal system, the real power prosecutors have > to make life miserable for citizens. I would be the last to deny that a prosecutor has great power and discretion, and that it can be abused. Such is the nature of power, and of discretion. Indeed, no one who has heard the words "Ken Starr" could argue otherwise. > Which jury was it that was convinced Susan McDougal needed to spend 18 > months (and counting) in a federal prison? (The technical answer is that > Ken Starr's grand jury, and the judge overseeing the case...as I understand > the McDougal jailing on contempt charges. But the point is that it sure > wasn't the kind of jury of one's peers I take your point above to mean.) Well, it was a *grand* jury instead of a "petit" jury, but it too is made up of our peers. To cut a long story short, though, let me concede that the grand jury system doesn't work: the truism that any decent prosecutor can make a grand jury indict a ham sandwich is based on a reality that undermines justice. That the system has flaws, even a big one, does not lead me to conclude (as it sometimes seems you almost do, witness your invocation of militias...) that we should just scrap it and turn to jungle law. > If the crypto laws we are talking about happen, "convincing a jury" will > probably not be the important issue. Because before this jury stuff happens > will come the pre-dawn BATFC (Bureau of Alcohol, Tobacco, Firearms and > Cryptography) raids, the asset forfeitures, the scrutinizing of seized hard > drives for evidence of illegal software, porn, bomb-making instructions, > and terrorist material. Raids for crypto? When there's no reason to think the user is armed? It hasn't come to that yet. Yes, people like you who trumpet how well armed they are do increase the odds of a raid if they are ever suspected of serious crime. [Drug production and sales are considered serious crime.] Since I happen to want to live as far away from guns as I can, I choose to trumpet my house as a gun free zone. How ironic if that actually makes me safer. > (And of course was no "convincing a jury" before Randy Weaver's home was > attacked, and his wife and son shot dead. Or before Waco was burned to the > ground, possibly (probably in my view, but opinions are mixed) by the BATF. > Or before "child porn rings" were broken up with pre-dawn raids. Or before > MOVE headquarters in Philadelphia was firebombed from above. And so and so > on.) It is indeed important to stoke one's feelings of outrage every time rights are outrageously violated. No system is perfect, and our system is not immune from this rule. Eternal vigilance is indeed the price of liberty. What do we do with this feeling of outrage? Do we work to improve the system? Do we work to improve civil society (e.g. "write code")? Or do we say, 'The Hell With It'? My personal choice is to work within the system. I think it has many, many virtues. I do not deny it also has some vices. > THE WAR ON CRYPTO AND THE WAR ON DRUGS Hey, before we go too far down this particular bad acid trip, can we take a deep breath and remember that IMHO a ban on un-escrowed crypto is unconstitutional, at least insofar as it reaches personal non-commercial use? Cf. the Metaphor article on my homepage? Ok, now back to our regular program: > Will using unescrowed crypto be treated by the courts as "probable cause" > to raid a house or business, with the "perp" jailed until at trial he > somehow (if he can) proves that he was legally allowed to own the crypto? Well, if using unescrowed crypto is a crime with no grandfathering, then it's basically a strict liability offense. At that point, if it's considered a serious crime, it's grounds for a raid if you detect it -- although how you get the warrant in the first place that will allow you to detect it is itself a question. On the other hand, if there is grandfathering, than mere use of unescrowed crypto is *NOT* IMHO probable cause of anything, and doesn't justify raids even if you detect crypto going on. In either case, the perp doesn't rot in jail unless the judge is satisfied that there's grounds to charge him, and even then in almost every case he gets a chance to post bail, usually via a bond for a small fraction of the bail. Yes, your impoverished defendant has a problem here, and that's unfair. Can we assume that most people who have computers that they use crypto on will be likely to have some assets, or friends and family with some assets? > You see, unlike the "War on Drugs," bad as that war is, crypto is not like > drugs. Cocaine and marijuana and whatnot are ipso facto banned materials, > with no "grandfathering" of older possession. Basically, unless one has a > license to possess these drugs (pharmacies, research labs, law enforcement, > CIA, DEA, etc.) one is guilty of "felony possession." Or something worded > like that. Right. So the experience of that war does NOT carry over to this hypothesized one. [...] > GRANDFATHERING OF CRYPTO UNWORKABLE > > So a "grandfathering" of certain crypto presents massive problems for all > concerned. There is no way any prosecutor can actually _prove_ that a > specific use of PGP was with a nonlegal version, unless that version was > actually created after the grandfathering date. Even catching a person > downloading crypto says little about his use of some program...he might > claim he acquired the PGP 2.6.3 years earlier, and that the latest download > of 2.6.3 was inadvertent, or to compare it to his older version, etc. > > I just can't see this grandfathering working. And the notion you express > (I'm speaking about Michael Froomkin) that citizen-units would be advised > to create "records" to later prove their innocence tells us how pernicious > this law would be. No. My point was that the paranoid might do so for comfort, but that I would suggest people NOT create such records as a form of legal protest against the rule. If NOT creating such records is the norm, then the absence of such a record is NOT probative of the age of the copy of the program. [...more nasty things LEOs can do to you...] > > THE EASY WAY OUT > > Plus, of course, at a more mundane level many corporations (and schools, > like Prof. Froomkin's) will simply take the easy way out and ban the use of > any unescrowed crypto product, out of fear that PGP and such make provoke > raids or audits. Well, I wouldn't put that past UM. There has been nervousness here about loading PGP on the computer for fear it would be "exported". But they did load it in the end. I only had to holler a little. > >> Such a law would make most of us felons. Perhaps this is their intent. > > > >Not if there is grandfathering. I suppose if you are paranoid about it > >you could be sure and register a key and timestamp it before the deadline, > >to establish ownership. The disadvantage of this strategy of course is > >that anyone who didn't would be subject to nasty cross-examination... > > My point exactly. This "nasty cross-examination" is itself the consequence > of our current legal system. Despite the rhetoric about "innocent until > proven guilty," the combination of factors I just mentioned, and the long, > drawn-out process of a trial, and the costs of a modern legal defense, have > really given us a "guilty until proven innocent" legal system. Most of the cases that go to trial today do so because the defendant wouldn't agree to a plea bargain. The more evidence they have against the defendant, the less attractive the plea offer; thus, the greater incentive to roll the dice on trial. Unfortunately, therefore, the genuinely innocent defendant, who will not take a plea, but is faced with a prosecutor who genuinely thinks he is guilty, is at an enormous disadvantage in a system designed to settle out on pleas. Lawyers in civil law systems often suggest that plea bargains are immoral because of the pressures they put on the innocent defendant, and I have to confess I tend to agree. We rely on the pleas, however, because we have so many people being processed through the criminal justice system. If fewer things were illegal, we could take the pressure off and try for real reform. Unfortunately, the trend is very much in the wrong direction. It's a bi-partisan problem: no one loses elections for being "tough" on crime; but everyone remembers Willy Horton... > CONVINCING A JURY > > An average computer user, when raided, indicted, subjected to the "nasty > cross-examination" mentioned above, and faced with a legal defense cost > quickly hitting the big leagues, will not find solace in the "And they'll > have to convince a jury." point. > > I understand that justice does not come free, or even cheap. But the > burdens of proof on raids, on investigations, and on speeds of trials are > out of whack. I used to think the Fourth Amendment was protection against > pre-dawn, Gestapo-style raids by BATFags dressed in all-black ninja raider > suits. I used to think "a speedy trial" meant just that, a trial within a > few weeks or months, not years later. No longer do I think these things. Actually, it still does. At least in the federal system, if the defendant wants a trial soon after arrest, there's almost nothing the state can do to prevent it. It is a rare defendant who exercises this right, however. Defendants usually have enormous incentives to delay: (1) at the time of arrest the cops and prosecutors have the facts; the defendant doesn't even have a lawyer, especially if innocent!; (2) if the defendant is guilty, the passage of time may help in that witnesses may suffer fogging of memory, die of natural or other causes, etc.; (3) if the defendant is on bail, it often feels better to be free than risk going behind bars; (4) plea bargaining negotiations can take time; and so on... At least back when I was a law clerk, if a defendant exercised his right to a speedy trial in the federal system and the feds didn't provide it, the defendant would walk. This reality drove a lot of the trial scheduling: civil trials were constantly delayed so that a criminal trial could be held in order to ensure that the time limits did not lapse. > >The organization is often a legal person. So it gets to have it, and all > >members get to use it. > > Unless, as a hypothetical, the law says only individual owners may continue > to use non-escrowed crypto. Tricky. Since corporations are legal persons, they have rights too. This would introduce a lot of additional problems for the constitutionality of the plan. > Or unless certain organizations are disallowed. (Want to take any bets on > whether Aryan Nations or Islamic Jihad are "allowed" to use their > "organizational copies"? Or even whether a company which bought a corporate > license from RSA or IBM or PGP will be allowed to continue to distribute > this unbreakable crypto to employees?) I suspect these are unincorporated associations in the US. As such they do not have legal personality for most purposes. (Neither, for some purposes, do partnerships, by the way -- law firms beware!) > CORPORATIONS AND INSTITUTIONS WILL BAN UNESCROWED CRYPTO > [...war on drugs enlistment of corporations ...] > > And we'll see the same thing with crypto. > I agree with your comment below that the key issue here is the ISPs. I don't think that much turns in then end on whether my employers let me use PGP on the job. (And T.C.May would be the first to argue that it's their call anyway.) The issue is how tough people will make it for me to use at home. > NIGHTMARE SCENARIO > > For example, imagine this scenario: ISPs, which are companies just like > those drug warrior companies I just described, are told that any encrypted > messages which violate the Safe Surfing and Children's Protection Act of > 1999 will expose them to asset forfeiture, seizure of their machines, and > various other criminal and civil sorts of charges. Clearly the right issue to be worrying about. > (There are ECPA issues, and ISPs may claim they cannot read customer mail > to check whether illegal crypto is being used. Maybe, maybe not. But recall > that the CDA specifically inserted language protecting ISPs from what their > customers were sending...which cuts both ways. On the one hand, why did > they even _need_ such language if the First and the ECPA protected them? > And on the other hand, maybe this CDA language could be used to protect > ISPs against any War on Crypto enlistment.) The point of the CDA example is that it shows us that ISPs have clout. They are going to fight tooth and nail against liability, and as they include some fairly big players (IBM, AT&T, Microsoft, every university in the nation, etc. etc.) I think they'll win. > Many ISPs will take the easy way out, by banning all unescrowed crypto, > even the ostensibly grandfathered stuff. They just won't want to take the > chance that BATFC raiders will arrive to cart off their machines for > analysis, even if Tim May assures them that, based on his reading of the SS > & CPA of 1999 law his use of PGP 5.0 is fully legal. I suppose if it gets to that point, we will need a digitally signed certificate from some CA promising we are legitimate users. Sounds like another First Amendment issue to me.... > > THE CHILLING EFFECT > > And corporations and universities and such will almost certainly bar any > unescrowed crypto, as they won't want to have to deal with the "nasty > cross-examination" Prof. Froomkin mentioned. Nor with the accounting > headaches of keeping lists of who owns grandfathered crypto and who > doesn't. No, I think it's a safe bet that Prof. Froomkin's school will not > be too interested in his claims to have obtained strong crypto prior to the > new law's effective date. They just won't want their university exposed to > scrutiny, or to the implications of violations. His sysadmin will tell him > "Nope." Well, the certificate I mentioned above is one answer, albeit a bad one. I'd also like to think you underestimate my clout. Effective June 1, I have tenure. The sysadmin doesn't. [...Tim reminds us he has armed friends...] > It's amazing to me that this hypothetical is so plausible, so likely even. That is a shocker. > The House language would essentially implement this scenario. If not this > year, next year. That's unnecessarily defeatist. I hereby predict it is a false prophecy. I have been wrong before. A. Michael Froomkin | +1 (305) 284-4285; +1 (305) 284-6506 (fax) Associate Professor of Law | U. Miami School of Law | http://www.law.tm P.O. Box 248087 | Coral Gables, FL 33124 USA | It's warm here.
Date: Tue, 10 Mar 1998 07:22:40 -0500 To: cypherpunks@toad.com From: John Young <jya@pipeline.com> Subject: Re: BATFC -- Bureau of Alcohol, Tobacco, Firearms and Cryptography Sender: owner-cypherpunks@toad.com Tim's and Michael's exchanges (with others) are most welcome, and constructively return us again to the most compelling aspect of the encryption debate, the contest between law and technology, one that has impact far beyond cryptography. There are examples of the application of law to control of technology in the President's most recent update of "The National Emergency Caused by the Lapse of the Export Administration Act of 1979": http://jya.com/hd105-191.htm It recounts the activities of the Commerce Department -- mainly BXA -- for the latest 6-month reporting period, and lists as well the cases of penalties imposed for export violations. Some of these have been imposed for alleged violations over 6 years past. They exemplify what Tim and Michael are discussing of the various ways the regulations and laws are imposed according to policy shifts and wind direction of politicians. The report describes the beef up of BXA enforcement programs, and increasing coordination with and training of other countries for export enforcement. All justified by a "national emergency" for which the underlying law to control technology long ago lapsed. The lapse appears to be a deliberate way to avoid having to define ahead of time what technology is to be controlled in order that ad hoc policy and regulations can be devised to fit, deal by deal. This parallels the increase in indecipherable grand jury proceedings, plea bargainings and parole conditions, determined by protected government employees. These, to be sure, appear to be close cousins of the bloated features of legacy technologies, civilian and military. It worth noting that Microsoft and the Justice Department are perfect twins of technology and law monopolies, using brute force and contracts to get their way, both clothed in self-righteousness and both led by charming weirdos, both totally obsessed with each their own mad view of law and technology in the "public interest." Still, there's some public benefit that these disputes are white collar and not homicidal/suicidal battles of NBC warfare, at least not yet here at home.