1994-03-27 - Must manufacturers provide backdoors?

Header Data

From: rishab@dxm.ernet.in
To: cypherpunks@toad.com
Message Hash: 204746934e8f15cad0fae608e40cecdb57c6d5e0ca5b6b9745080250bfcd8635
Message ID: <gate.JTgTJc1w165w@dxm.ernet.in>
Reply To: N/A
UTC Datetime: 1994-03-27 09:04:00 UTC
Raw Date: Sun, 27 Mar 94 01:04:00 PST

Raw message

From: rishab@dxm.ernet.in
Date: Sun, 27 Mar 94 01:04:00 PST
To: cypherpunks@toad.com
Subject: Must manufacturers provide backdoors?
Message-ID: <gate.JTgTJc1w165w@dxm.ernet.in>
MIME-Version: 1.0
Content-Type: text/plain


uni says:
> The bill in its draft from provides that common carriers who do not 
> provide the encryption device are exempt.  The meaning on its face is 
> that common carriers are gaining some immunity to sanctions if they did 
> not provide the customer with the encryption he or she is using and 
> instead provide a means for the government to compell the common carrier 
> to produce in the clear that which they caused to be encrypted.

> The practical effect the bills has is to impose on common carriers that 

 manufacture encryption devices, a duty to provide to the government those 
> conversations which are made with said devices over their lines.

> If AT&T manufactures some encryption device, and I use it over AT&T 
> lines, one reading of the bill would suggest that AT&T is now RESPONSIBLE 
> for decrypting this if the government should request it.

The Act does exempt carriers from providing backdoors in the encrytion
it *doesn't* provide; it makes no mention of any exemption or obligation for
*manufacturers.* Here's an excerpt:

> (5) 'intercept' shall have the same meaning as set forth in
> subsection 2510(4) of title 18, United States Code, except that with
> regard to a common carrier's transmission of a communication encrypted by
> a subscriber, the common carrier shall not be responsible for ensuring the
> government agency's ability to acquire the plaintext of the communications
> content, unless the encryption was provided by the common carrier and the
> common carrier possesses the information necessary to decrypt the
> communication;

Manufacturers are obliged to make available equipment to the common 
carriers "compliant with ... this Act." Even if manufacturers are not (like 
AT&T) also common carriers. The Act does not elaborate on the manufacturers 
role in producing "compliant" equipment, nor on their responsiblities towards
the "provisions of this Act." An interpretation could be that ALL EQUIPMENT
must facilitate the decryption of plaintext under court order. After all, the
Act does require common carriers to provide backdoors in any ecnryption they
provide.

>  "(d) Cooperation of support service providers and equipment
> manufacturers. Common carriers shall consult, as necessary, in a timely
> fashion with appropriate providers of common carrier support services and
> telecommunications equipment manufacturers for the purpose of identifying
> any services or equipment, including hardware and software, that may
> require modification so as to permit compliance with the provisions of
> this Act. A provider of common carrier support services or a
> telecommunications equipment manufacturer shall make available to a common
> carrier on a timely and priority basis, and at a reasonable cost, any
> support service or equipment, including hardware or software, which may be
> required so as to permit compliance with the provisions of this Act.

-------------------------------------------------------------------------------
Rishab Aiyer Ghosh                            "What is civilisation
rishab@doe.ernet.in, rishab@dxm.ernet.in        but a ribonucleic
Voicemail +91 11 3760335; Vox/Fax/Data 6853410      hangover?"
H-34C Saket New Delhi 110017 INDIA
-------------------------------------------------------------------------------





Thread