From: jim bell <jimbell@pacifier.com>
Date: Sat, 30 Mar 1996 12:51:38 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u2ism-0008yfC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
>On Thu, 28 Mar 1996, jim bell wrote:
>
>> Escrowing encrypted keys makes them useless to subpoena, and in 
>> fact it helps the key owner because the escrow agent can (and, in fact, 
>> must!) be obligated to inform the key owner if his key is requested.
>
>I thought I would take the time to let everyone know that this is 
>baseless as well.  Most jurisdictions forbid third parties to reveal 
>prosecution inquries to the principal for which they are holding 
>documents or other information.  A VERY few have laws on the books that 
>require this disclosure.  Switzerland is no longer one of them.

As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
whether this has ever been tested in court, or whether that test occurred 
recently.

Now, in practice I recognize that in the past large organizations which are 
subpoenaed usually comply with requests to keep an inquiry secret, but one 
of the effects of the "crypto revolution" and the "net revolution" is 
clearly to decentralize information power from the places it used to be 
carefully kept (IBM, ATT, etc) and is now distributing it among many more, 
far smaller organizations which are much closer to the people the 
prosecutors might be inclined to target.  (for example, your friendly 
neighborhood ISP).  

Furthermore, the development of good encryption will allow a willing ISP 
(for example) to send an encrypted (and possibly semi-anonymous) message to 
the target of the investigation  (or possibly a public USENET area, 
unaddressed), containing a pre-arranged alarm code to be sent to the target 
of the investigation, in such a way that any other people (for example, the 
brainless cops) won't know.  The target will be assured (though encryption 
and signing, or prior arrangement) that the message could only have 
originated from the contractor (ISP) but the target (and nobody else, as 
well) will not be able to prove this knowledge to a third party.

For example, if I ask my ISP to send me an anonymous, encrypted message with 
the word, "Rosebud" in it to me if he receives any requests to tap my 
connection, he can do so with no fear of being discovered, because no third 
party can decrypt the message, know who is is from, or know the real meaning 
of the word, "Rosebud" in the context of an encrypted, anonymized message.  
Further, since the whole thing is by pre-arrangement, even I cannot prove 
(to the satisfaction of a third party) that the message really meant what I 
would interpret it to mean.  The message is useful to me, as a warning, but 
it could never turn around and "bite" the ISP.


The end result is that your foolish opinion of what the law allows will 
simply become irrelevant: The government cannot mandate what it cannot 
enforce, and it cannot enforce what it cannot detect.

You may ask, "Why would the operator of a small ISP want to take even a 
minor risk informing the target of the investigation?"  There are a number 
of obvious answers:

1.  He's promised his customer to do so.

2.  It's in the contract.

3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
business torched, if word later leaks out that he failed to inform his 
customer of an investigation."  Don't underestimate the significance of such 
a risk to those people.  Destruction of even a full phone switch would not 
have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
at (presumably) a single location.  Getting a person mad at them for failing 
to anonymously inform them of an inquiry would NOT be the best tactic for 
these small-time operators.


>Even if a judge was convinced by the defense not to levy heavy fines 
>against a third party who pleaded that he or she was simply unable to 
>comply, informing the principal would literally assure such fines would 
>be imposed regardless. 

Again, you assume that informing "the principal" would be detectable.  Your 
wishful thinking is palpable.  I really wish you'd be able to distinguish 
what "the law" could do, given limitless knowledge of the actions of the 
population, and the REAL WORLD, in which those judges and prosecutors and 
cops are limited in what they can do by what they can know.  This is 
critical, because we are rapidly approaching a time in which what these 
people know will be dramatically limited by many of the technologies 
regularly discussed on Cypherpunks.

>Criminal charges of obstruction could easily attach.

Bullets could easily fly.


You repeatedly state what might, hypothetically, happen, but you don't back 
it up with a realistic assessment of what actually would _likely_ happen.

> Obstruction in connection with narcotics cases or other major 
>felonies are generally extraditable offenses as well.

Someday, obstruction of the Constitution by government agents will be a 
death-penalty crime.

>Once again Mr. Bell pulls legal analysis out of his rectum rather than 
>basing it in fact or research.
>
>With Mr. Bell as a defense attorney, who needs prosecutors?

If I intended to limit myself to the tools of the court room (that's the 
enemy's playpen, BTW) I would probably be just as ineffective as the next 
defense attorney.

I've frequently found that the question of who wins in any confrontation is 
strongly affected by whether I allow myself to be lured into the home 
territory of the other.  This is actually more a psychological battle than a 
physical one.    You obviously believe that the cops and judges can 
frequently win, if they are able to control the location of the battle; this 
is true, but it ignores the fact that "the legal system" is generally an 
8-hour-per-day, 40-hour-per week system.  Going outside the system and 
attacking directly bypasses all the rules and restrictions which are set up 
to allow THEM to win.

This may sound unfair to people brainwashed to believe that the court system 
is and should be the final arbiter, but I suggest that long ago they lost 
whatever moral authority they once might have had. Every time you talk about 
them fining or prosecuting some third party for not cooperating, you 
demolish your own claims.

Jim Bell
jimbell@pacifier.com