1996-03-30 - Re: So, what crypto legislation (if any) is necessary?

Header Data

From: Black Unicorn <unicorn@schloss.li>
To: jim bell <jimbell@pacifier.com>
Message Hash: 60b6b48a0c0ec3a4d3e6a6244f98b7c0570e471fd42b8798116eb32a149814ab
Message ID: <Pine.SUN.3.91.960329155806.15388C-100000@polaris.mindport.net>
Reply To: <m0u2ism-0008yfC@pacifier.com>
UTC Datetime: 1996-03-30 09:42:20 UTC
Raw Date: Sat, 30 Mar 1996 17:42:20 +0800

Raw message

From: Black Unicorn <unicorn@schloss.li>
Date: Sat, 30 Mar 1996 17:42:20 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u2ism-0008yfC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960329155806.15388C-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Fri, 29 Mar 1996, jim bell wrote:

> At 05:49 AM 3/29/96 -0500, Black Unicorn wrote:
> >On Thu, 28 Mar 1996, jim bell wrote:
> >
> >> Escrowing encrypted keys makes them useless to subpoena, and in 
> >> fact it helps the key owner because the escrow agent can (and, in fact, 
> >> must!) be obligated to inform the key owner if his key is requested.
> >
> >I thought I would take the time to let everyone know that this is 
> >baseless as well.  Most jurisdictions forbid third parties to reveal 
> >prosecution inquries to the principal for which they are holding 
> >documents or other information.  A VERY few have laws on the books that 
> >require this disclosure.  Switzerland is no longer one of them.
> 
> As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
> conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
> an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
> Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
> whether this has ever been tested in court, or whether that test occurred 
> recently.

(Snore)  How many cases do you want me to cite that hold that the 
disclosure of an inquiry with the intent of evasion is conspiracy and 
entails criminal charges?

Do you honestly think you can evade prosecution for suborning the 
destruction of material evidence in a criminal trial?

Please.

> Furthermore, the development of good encryption will allow a willing ISP 
> (for example) to send an encrypted (and possibly semi-anonymous) message to 
> the target of the investigation  (or possibly a public USENET area, 
> unaddressed), containing a pre-arranged alarm code to be sent to the target 
> of the investigation, in such a way that any other people (for example, the 
> brainless cops) won't know.  The target will be assured (though encryption 
> and signing, or prior arrangement) that the message could only have 
> originated from the contractor (ISP) but the target (and nobody else, as 
> well) will not be able to prove this knowledge to a third party.
> 
> For example, if I ask my ISP to send me an anonymous, encrypted message with 
> the word, "Rosebud" in it to me if he receives any requests to tap my 
> connection, he can do so with no fear of being discovered, because no third 
> party can decrypt the message, know who is is from, or know the real meaning 
> of the word, "Rosebud" in the context of an encrypted, anonymized message.  
> Further, since the whole thing is by pre-arrangement, even I cannot prove 
> (to the satisfaction of a third party) that the message really meant what I 
> would interpret it to mean.  The message is useful to me, as a warning, but 
> it could never turn around and "bite" the ISP.

Unfortunately, by the time (in the case of domestic investigations, and 
foreign investigations in more compliant jurisdictions) it gets to the 
point where authorities are checking about, they will have walked into 
the ISP and personally requested the information with subpoena in hand.  

Perhaps the ISP with the nerve to destroy material evidence in the 
presence of law enforcement exists, but I sincerely doubt this ISP will 
escape serious prosecution for doing it.  At the very least the employees 
of the ISP will have knowledge of this practice.  Unless it's a single 
person run ISP, I doubt you're going to be able to keep everyone from 
testifying.  What you propose is a crime in the United States, and in 
many foreign jurisdictions.

> The end result is that your foolish opinion of what the law allows will 
> simply become irrelevant: The government cannot mandate what it cannot 
> enforce, and it cannot enforce what it cannot detect.

I have often noted that the best defense is the lack of detection in the 
first place.  Unfortunately this is the oft denounced "security through 
obscurity."  Look, I know it's fun to imagine you can thwart the 
authorities with impunity within the United States.  Unfortunately it is 
a fantasy.  The system you propose requires someone to be present in the 
ISP 24 hours a day.  It requires some method of getting word to the 
operator who will trigger the alarm both that an investigation is 
looming, and who it entails.  It requires someone to talk to the 
authorities and stall them while the message is sent.  It requires you to 
be sitting at the screen when the message is received (perhaps this isn't 
a problem for Mr. Bell), or to get home before the law enforcement 
officials get a 2 hour warrant and open your door.

> You may ask, "Why would the operator of a small ISP want to take even a 
> minor risk informing the target of the investigation?"  There are a number 
> of obvious answers:
> 
> 1.  He's promised his customer to do so.

>Snort<

> 2.  It's in the contract.

>Laugh<  What happened to no evidence that the ISP informed you of an 
investigation?

> 3.  And the ever-popular, "He's afraid of getting killed, or his ISP 
> business torched, if word later leaks out that he failed to inform his 
> customer of an investigation."

>Chortle<

  Don't underestimate the significance of such 
> a risk to those people.  Destruction of even a full phone switch would not 
> have fazed ATT in the 1960's, but a small ISP depends on valuable equipment 
> at (presumably) a single location.  Getting a person mad at them for failing 
> to anonymously inform them of an inquiry would NOT be the best tactic for 
> these small-time operators.

Your last resort in all of your arguments seems to be murder, extortion, 
the threat of bodily harm, arson or assault, or destruction of private 
property.

> >Even if a judge was convinced by the defense not to levy heavy fines 
> >against a third party who pleaded that he or she was simply unable to 
> >comply, informing the principal would literally assure such fines would 
> >be imposed regardless. 
> 
> Again, you assume that informing "the principal" would be detectable.  Your 
> wishful thinking is palpable.

No.  I speak from experience when I say that "proof" of complicity is 
rarely a requirement.  The judge need only suspect wrong doing.  It's 
easy to levy contempt fines, and very hard to overturn them.  The 
standard in most jurisdictions is "clearly erronious."  Tough stuff.

> I really wish you'd be able to distinguish 
> what "the law" could do, given limitless knowledge of the actions of the 
> population, and the REAL WORLD, in which those judges and prosecutors and 
> cops are limited in what they can do by what they can know.  This is 
> critical, because we are rapidly approaching a time in which what these 
> people know will be dramatically limited by many of the technologies 
> regularly discussed on Cypherpunks.

Unfortunately, fines and penalities are imposed every day based on 
assumptions by the trier of fact.  Go watch a major court case some time.

> >Criminal charges of obstruction could easily attach.
> 
> Bullets could easily fly. 

And will.  I've seen this happen.  Trustee refuses to produce documents, 
court imposes compelled discovery, documents burn or are lost or have been 
stolen, trustee (who can be assigned no direct evidence of complicity) is 
fined heftily.  A case I was not personally involved in saw the judge 
jail the trustee for 4 months.

Attorneys are likely to lose their licenses, same with trustees.

> You repeatedly state what might, hypothetically, happen, but you don't back 
> it up with a realistic assessment of what actually would _likely_ happen.

See above.  Happened.  Been there.  Seen that.

> > Obstruction in connection with narcotics cases or other major 
> >felonies are generally extraditable offenses as well.
> 
> Someday, obstruction of the Constitution by government agents will be a 
> death-penalty crime.

Yadda yadda yadda.

> >Once again Mr. Bell pulls legal analysis out of his rectum rather than 
> >basing it in fact or research.
> >
> >With Mr. Bell as a defense attorney, who needs prosecutors?
> 
> If I intended to limit myself to the tools of the court room (that's the 
> enemy's playpen, BTW) I would probably be just as ineffective as the next 
> defense attorney.

So again, we see Mr. Bell in his basic form.  Violent offender.  He will 
obtain by force that which he cannot argue into his hands.

> I've frequently found that the question of who wins in any confrontation is 
> strongly affected by whether I allow myself to be lured into the home 
> territory of the other.  This is actually more a psychological battle than a 
> physical one.

[large amounts of psycho-babble deleted]

> This may sound unfair to people brainwashed to believe that the court system 
> is and should be the final arbiter, but I suggest that long ago they lost 
> whatever moral authority they once might have had. Every time you talk about 
> them fining or prosecuting some third party for not cooperating, you 
> demolish your own claims.

What claims?

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information







Thread