1996-03-30 - Re: So, what crypto legislation (if any) is necessary?

Header Data

From: jim bell <jimbell@pacifier.com>
To: Black Unicorn <unicorn@schloss.li>
Message Hash: bb8c399fa8f34f2d0abc76021073d4d88635024c75752d484353d07c2d766405
Message ID: <m0u2ndw-0008zuC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-03-30 06:52:49 UTC
Raw Date: Sat, 30 Mar 1996 14:52:49 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 14:52:49 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2ndw-0008zuC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 04:54 PM 3/29/96 -0500, Black Unicorn wrote:
>On Fri, 29 Mar 1996, jim bell wrote:

>> >I thought I would take the time to let everyone know that this is 
>> >baseless as well.  Most jurisdictions forbid third parties to reveal 
>> >prosecution inquries to the principal for which they are holding 
>> >documents or other information.  A VERY few have laws on the books that 
>> >require this disclosure.  Switzerland is no longer one of them.
>> 
>> As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
>> conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
>> an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
>> Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
>> whether this has ever been tested in court, or whether that test occurred 
>> recently.
>
>(Snore)  How many cases do you want me to cite that hold that the 
>disclosure of an inquiry with the intent of evasion is conspiracy and 
>entails criminal charges?

You _do_ have an odd way with words.  "entails" criminal charges?  Hey, they 
can charge ANYBODY with ANYTHING, but that doesn't mean that a crime has 
actually been committed.  Further, it isn't clear that anybody is obligated 
to respond to a subpoena without the possibility of a court challenge, and 
your fantasy about the cops showing up and trying to strongarm the ISP is 
laughable at best.  

>Do you honestly think you can evade prosecution for suborning the 
>destruction of material evidence in a criminal trial?

Who said anything about "destruction of material evidence"?  Refusing to 
hand over information until AFTER a court has properly responded to a 
challenge to a subpoena is old hat to newspapers, TV stations, and other 
media-organizations who are occasioinally served with a subpoena.  The ISP 
need merely say, I'm challenging this subpoena in court, go away 
motherfuckers!  ISP prepares a challenge, "CC's" ALL the affected 
individuals, (including the person whose information is desired!),  and the 
validity of the subpoena is tested.

>Please.

My feelings exactly.  Please stop acting like a government suck-up all the 
time.  Maybe you're paid to do it, but unless you're a plant, you're on your 
free time now.

>> For example, if I ask my ISP to send me an anonymous, encrypted message 
with 
>> the word, "Rosebud" in it to me if he receives any requests to tap my 
>> connection, he can do so with no fear of being discovered, because no third 
>> party can decrypt the message, know who is is from, or know the real 
meaning 
>> of the word, "Rosebud" in the context of an encrypted, anonymized message.  
>> Further, since the whole thing is by pre-arrangement, even I cannot prove 
>> (to the satisfaction of a third party) that the message really meant what I 
>> would interpret it to mean.  The message is useful to me, as a warning, but 
>> it could never turn around and "bite" the ISP.
>
>Unfortunately, by the time (in the case of domestic investigations, and 
>foreign investigations in more compliant jurisdictions) it gets to the 
>point where authorities are checking about, they will have walked into 
>the ISP and personally requested the information with subpoena in hand.  

Again, you blindly assume that the subpoena can't be challenged in court.  
It can be.  


>Perhaps the ISP with the nerve to destroy material evidence in the 
>presence of law enforcement exists,

You keep inventing these phony scenarios, building up these straw men and 
knocking them down.  Clearly, your underlying argument is quite weak.  I 
said nothing about "destroying evidence."  In fact, the ISP could simply 
encrypt everything with the target's public key, and keep it.  That's not 
"destroying evidence," that's locking it away in such a way so that nobody 
except the target can unlock it.   Ideally, this would be done automatically 
every time a person calls his ISP, although the software to do this probably 
doesn't exist yet.  The result would be that whenever the target was NOT 
connected to the ISP, there would be no information on the ISP's system that 
could be decrypted by the ISP operator.

This would be one of those inventive future uses of encryption, well beyond 
plain vanilla PGP, which we must assure ourselves will be developed.  The 
kind of thing you dread, obviously.


>but I sincerely doubt this ISP will 
>escape serious prosecution for doing it.

I sincerely doubt Unicorn will ever stop being a government suck-up.

> At the very least the employees 
>of the ISP will have knowledge of this practice.  Unless it's a single 
>person run ISP, I doubt you're going to be able to keep everyone from 
>testifying.  What you propose is a crime in the United States, and in 
>many foreign jurisdictions.

If an ISP's system automatically encrypts all received message's with the 
destination's public key when received, and doesn't keep an unencrypted copy 
around, showing up at that ISP's location with a warrant will result in ZERO 
(ZIP, ZILCH, NEGATORI, etc) information that can be  delivered, unencrypted, 
to the cops.

>> The end result is that your foolish opinion of what the law allows will 
>> simply become irrelevant: The government cannot mandate what it cannot 
>> enforce, and it cannot enforce what it cannot detect.
>
>I have often noted that the best defense is the lack of detection in the 
>first place. 

No, an even better defense is to make it absolutely impossible, as a matter 
of business practice, to assist the police with any kind of an 
investigation.  Before you go off and shoot your mouth off about how evil 
and bad that is, you need to remember that regular destruction of records is 
an acceptable practice in any company today.  While courts will look askance 
at it when it does not appear to be a regular business practice (say, the 
company gets sued today and they have a mass shredding tomorrow) there is 
nothing wrong about regularly making past records unavailable by shredding, 
burning, erasing, or by any other method. 

Making those records SELECTIVELY unavailable by encrypting them with 
somebody else's public key and keeping them has probably never been tested 
in court, but if the business contracts this ISP regularly signs have this 
as a provision of doing business, the court can't squawk after the fact.  
After all, the ISP might have simply erased the files, keeping them from 
being accessed by ANYBODY, including their "owner."

> Unfortunately this is the oft denounced "security through 
>obscurity."  Look, I know it's fun to imagine you can thwart the 
>authorities with impunity within the United States. 

Hey, you can FREQUENTLY "thwart the authorities."  If I have evidence of a 
crime in my house, the cops can't come in unless they have a warrant.  If I 
know they're coming, and can destroy it untraceably, I WIN!  See, that's how 
freedom works!  It's  nearly the exact opposite of "the government can do 
anything it wants, any time it wants, and anybody who frustrates them is a 
criminal!"

Naturally, you won't like this.

>Unfortunately it is 
>a fantasy.  The system you propose requires someone to be present in the 
>ISP 24 hours a day.  It requires some method of getting word to the 
>operator who will trigger the alarm both that an investigation is 
>looming, and who it entails.  It requires someone to talk to the 
>authorities and stall them while the message is sent.  It requires you to 
>be sitting at the screen when the message is received (perhaps this isn't 
>a problem for Mr. Bell), or to get home before the law enforcement 
>officials get a 2 hour warrant and open your door.

Yet another one of your multiple problems is that you have no imagination 
when it comes to "thwarting the authorities."  I do.  Don't try to tell me 
what can't be done, because I'll turn around and tell you how it CAN be 
done!  I just did.  The actual implementation waits for some slick coder to 
do it, but I give you 5 years, tops, before it's in regular usage.  And 
that's assuming they're all a bunch of lazy bastards.



>> 3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
>> business torched, if word later leaks out that he failed to inform his 
>> customer of an investigation."
>  Don't underestimate the significance of such 
>> a risk to those people.  Destruction of even a full phone switch would not 
>> have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
>> at (presumably) a single location.  Getting a person mad at them for 
failing 
>> to anonymously inform them of an inquiry would NOT be the best tactic for 
>> these small-time operators.
>
>Your last resort in all of your arguments seems to be murder, extortion, 
>the threat of bodily harm, arson or assault, or destruction of private 
>property.

A list which seems to be the current modus operandi of most levels of 
government in America, today.

In any case, I think it's fair to hold an ISP to his word and contract.  If 
the "normal" referee to such contracts (the court system) becomes biased 
because it begins to be an interested party to the enforcement of the 
contract terms, then bypassing that court system is unavoidable and is 
entirely appropriate.

You won't like this, either.


>> >Even if a judge was convinced by the defense not to levy heavy fines 
>> >against a third party who pleaded that he or she was simply unable to 
>> >comply, informing the principal would literally assure such fines would 
>> >be imposed regardless. 
>> 
>> Again, you assume that informing "the principal" would be detectable.  Your 
>> wishful thinking is palpable.
>
>No.  I speak from experience when I say that "proof" of complicity is 
>rarely a requirement.  The judge need only suspect wrong doing.  It's 
>easy to levy contempt fines, and very hard to overturn them.  

It's easy to kill, and hard to resurrect the dead.

>The 
>standard in most jurisdictions is "clearly erronious."  Tough stuff.

Yes, I'd say you're "clearly erronious."  

If you can repeatedly describe, in nominally accurate terms, how abusive the 
government has become and NOT oppose its actions with every fiber in your 
being, then YOU have made yourself part of the problem.

>
>> I really wish you'd be able to distinguish 
>> what "the law" could do, given limitless knowledge of the actions of the 
>> population, and the REAL WORLD, in which those judges and prosecutors and 
>> cops are limited in what they can do by what they can know.  This is 
>> critical, because we are rapidly approaching a time in which what these 
>> people know will be dramatically limited by many of the technologies 
>> regularly discussed on Cypherpunks.
>
>Unfortunately, fines and penalities are imposed every day based on 
>assumptions by the trier of fact.  Go watch a major court case some time.


You still haven't given me specific examples.


>> Bullets could easily fly. 
>
>And will.  I've seen this happen.  Trustee refuses to produce documents, 
>court imposes compelled discovery, documents burn or are lost or have been 
>stolen, trustee (who can be assigned no direct evidence of complicity) is 
>fined heftily.  A case I was not personally involved in saw the judge 
>jail the trustee for 4 months.

That's not what I'm referring to.  Judges are mortal.  If they abuse the 
sense of propriety of the average indidivual, they SHOULD be removed, by 
legal methods if possible, by other methods if not. 

Remember that prosecutor who died in Boston a few months ago?  You know, the one who made the national news?  I'm still waiting to see how that one came out, but I suspect they will never be able to prove who did it, and may not even be able to find out.  


>> >With Mr. Bell as a defense attorney, who needs prosecutors?
>> 
>> If I intended to limit myself to the tools of the court room (that's the 
>> enemy's playpen, BTW) I would probably be just as ineffective as the next 
>> defense attorney.
>
>So again, we see Mr. Bell in his basic form.  Violent offender.  He will 
>obtain by force that which he cannot argue into his hands.

Except that in a court room, the decision maker is PAID by a party to the 
case, the government.  That sounds like a classic conflict of interest to me.  What's the old rhyme,

"Treason doth not prosper, what is the reason?
Where treason does prosper, none dare call it treason."

Jim Bell
jimbell@pacifier.com







Thread