From: marko@millcomm.com (Mark Oeltjenbruns)
Date: Mon, 16 Jan 95 21:40:34 PST
To: eric@remailer.net (Eric Hughes)
Subject: Does encrypted equal safe?
Message-ID: <m0rU6g1-000kfxC@mill2.millcomm.com>
MIME-Version: 1.0
Content-Type: text/plain


>   At 10:08 PM 1/11/95 -0800, Eric Hughes wrote:

        Edited from response on the 'How do I know if its encrypted?' thread
to get some points in the clear.

>If you can't read it, it's not kiddie-porn *for you*, although it
>might be for someone with the key.
>
        So the fact that its not kiddie-porn *for me* makes it safe *for me*
to be transporting or storing for others that know it is kiddie-porn?

>Encryption fragments meaning subjectively.  A magazine, for example,
>has a fixed center of meaning for all who can read the language.  A
>magazine looks the same to all who look at it.  An encrypted file
>looks different to those who have the key from those who do not.
>
        But why does the meaning of the data assume to change?  If I take my
stack of kiddie-porn and put it in a box with a big strong lock on it, in a
way physically encrypting it, change the meaning of what I have?  I now have
a locked box that looks different from my original.

>Encrypted data is fundamentally different from paper-and-ink data in
>this way.  The metaphor of "planting it on somebody" does not apply to
>data that the "somebody" can't read.

        It is fundamentally a different process, but does that make it
different from the locking the physical data in a box as above?
>
>[...] If you can't easily read it, you
>can't be expected to have read it.  The operator of a data service has
>_zero_ motivation to cryptanalyze something.  If they happen to apply
>a viewer to the file (for whatever reason), they don't _want_ to see
>what's inside.
>

        It seems to me that what you are saying is that because the data is
in a form that I can't understand, I'm safe from trouble.  Now it seems to
me that this is not all that different from changing the form or appearence
of physical data and saying I'm not responsible for it.  
        Now think of a remailer:  If somebody gave me this box of stuff,
stuff that I had no idea of what it was since it was *locked up*, to
transport over to location X and I got busted half way there am I safe?
Would the argument that I didn't know what it was hold up?  I would tend to
say no.  If the answer was yes, which is what some current arrguments seem
to indicate, what does that say about responsibility towards spamming or
remailing illegal data?  Can I say that even though someone is using me to
spam or distribute kiddie porn, I have no reason to try and stop it since I
don't know what they are doing?  If I did take it upon myself to stop the
abuse wouldn't I need to analyize the incomming data to stop it?  Something
I'm not supposed to do.
        A Data Haven:  It is illegal to handle certain items in the physical
world.  I can get in some trouble if I have kiddie porn or drugs or what not
in my possesion.  This is true, for most things I would guess, even if I was
just 'holding it for someone else.'  After all, how do I prove that somebody
else put illegal articles, encrypted or not, on my 'site' and it didn't
atually come from me?  Does 'holding it for someone else' type arguments
work in net.world better than in the physical world?  Once again, current
arguments would say yes, it is different and I'm safe to hold onto illegal
data since I don't know what it is.
        Lets see if I got this straight.  In my own words, I'm just as
responsible for the data I massage as the person I'm doing it for judging by
real world parellels, encrypted or not.  Now I would hope this is not the
case, since being a remailer operator would mean that if somebody starts a
spam using my site I would be just as responsible as the person that started
it.  Having kiddie porn on my DH would be illegal even if I had no idea it
was present.  This doesn't sound to good, since many of the uses of my
services would be restricted if I wanted to stay 'safe.'  After all if I
wasn't as responsible for the spam and was safe from harm, or guilt, about
what people used my site for I wouldn't care what went through my system,
I'm not really supposed to care what people send me right?  In fact I may
even take pride that my system is being used so much. ;-)  But this doesn't
seem to be the case, nor in some regards would I hope them to be.
        Now I'm getting confused.  There seems to be some contradictions in
some of the above that need to be worked out, or at least explained to me.
Some pretty serious legal problems seem to be lurking with in.  It just
doesn't seem as cut and dry to me as the argument that if I don't know what
it is I don't have to worry about it.  I'm sure others will have some
comments to help me sort this out.

-Mark
----------
Mark Oeltjenbruns  marko@Millcomm.com   N0CCQ
SnipIt Research    Finger for PGP key.