1996-01-10 - Scenario: Digital Telephony Leads to GAK

Header Data

From: tcmay@got.net (Timothy C. May)
To: cypherpunks@toad.com
Message Hash: cc007cabb847435de5c600ffdcbacfd92e244bbace443ec82d0083659e0d5049
Message ID: <ad186156090210040315@[205.199.118.202]>
Reply To: N/A
UTC Datetime: 1996-01-10 02:44:37 UTC
Raw Date: Wed, 10 Jan 1996 10:44:37 +0800

Raw message

From: tcmay@got.net (Timothy C. May)
Date: Wed, 10 Jan 1996 10:44:37 +0800
To: cypherpunks@toad.com
Subject: Scenario: Digital Telephony Leads to GAK
Message-ID: <ad186156090210040315@[205.199.118.202]>
MIME-Version: 1.0
Content-Type: text/plain


Thanks, Leo, for providing this, and the translation into English.


At 7:45 PM 1/9/96, Leo Van Hove wrote:
>I looked up the law mentioned in the newspaper article and it goes like
>this (non french speaking cypherpunks, please see comments below <grin>):
...

>Art. 202 stipulates that Belgacom (= Belgium's leading telephone company)
>and other telecom companies have to cooperate with law enforcement when it
>wants to tap telephone lines - no, sorry, make that telecom lines (!).
>Note that tapping is only allowed under certain circumstances stipulated in
>the so-called Privacy Law (see also my previous posting to this list).

This is almost exactly the same provision that Digital Telephony
established in the U.S., namely, that switch providers (phone companies,
loosely speaking, but possibly more, including packet switches....). More
on this in a moment.


>Art. 203 is the most important as far as key escrow is concerned.  It
>completes Art. 95 of the 1991 Law which stipulated 4 conditions in which
>telecom equipment may be seized. These initial conditions are rather
>harmless (equipment does no longer conform to the initial specifications,
>it hinders public broadcasts, presents health risks for the users,...).
>Art. 203 adds a 5th and stingy one: equipment that makes tapping impossible
>may be disconnected from the network and seized ...  On the face of it -
>I'm not a lawyer, so don't pin me down on this - this means no crypto (or
                                                  ^^^^^^^^^^^^^^^^^^^^^^^^
>only with key escrow) ...
 ^^^^^^^^^^^^^^^^^^^^^

I think this ties in closely with the European meetings on key escrow
(recall that our earliest indications of a move to get "software key
escrow" came from the Karlsruhe meeting in the spring of 1994, and various
international forums on key escrow began soon thereafter).

This fits with several trends I and others here have discussed:

* getting corporations to do as much of the enforcment work as possible.

* using the civil forfeiture and penalty provisions to terrify the
corporations, ISPs, switch providers, etc., to cooperate (I referred to
this as "deputizing" the corporations as soldiers in the government's
wars).

* having Europe launch the crackdowns, then pleading that the U.S. must
"conform" to international treaties and law enforcement agreements. (Some
have argued that the Bavarian version of Exon was a step in this
direction....)

So, we need to be alert for the following scenario:

1. Telephone companies, telecom providers, ISPs, etc., must conform to the
Digital Telephony wiretapping provisions, or variants thereof (not just the
language of Digital Telephony, but also language in pending and future
bills).

1a. If Exon passes, ISPs may also have to verify ages of users. This would
necessitate a form of "Internet ID card," with all that this implies for
the use of cryptography, anonymity, etc.

2. European companies (private, and PTTs) set the precedent.

3. An exception is made for key escrow. That is, one of the companies in #1
can be held harmless if it has taken major steps to ensure that users are
not using encryption that is not properly escrowed. That is, they can
escape the Title 18 fines and seizure of their equipment if they
"cooperate" with "valid investigations."

4. A few prosecutions will likely have to made, just to make sure the
message is properly received. (Like the two-by-four over the head I
mentioned in my last message.)

5. A panic sets in. Just as CompuServe dumped 200 newsgroups on the whiff
that a prosecution and seizure might happen, many ISPs will ignorantly send
out warnings to users that all encrypted messages must use GAK. (To be
sure, not all will. Some will ignore the warnings, some will contemptuously
flout the law, etc.)

6. The government gets a large fraction of messages into a GAK format. Once
again, corporations and ISPs become the deputies.

(Note: Sure, superencryption still works, and no GAK system will be
universally successful. Maybe not even successful in a majority of cases.
But probably enough to cripple large-scale usage and, especially,
commercial payment usage. This may be enough for the IRS, FinCen, etc.)

We really need to be looking to what the nations of Europe are doing (as we
have been of course, as the crypto laws of Europe have always been
interesting to us, even if the machinations of the U.S. get most of the
attention, for obvious reasons).

--Tim May

We got computers, we're tapping phone lines, we know that that ain't allowed.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
tcmay@got.net  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^756839 - 1  | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."









Thread