1996-04-05 - Re: So, what crypto legislation (if any) is necessary?

Header Data

From: Black Unicorn <unicorn@schloss.li>
To: jim bell <jimbell@pacifier.com>
Message Hash: 78a987044b41c9b031418df30c008691f27753f8e3cebc9a3039f4a8bd28f894
Message ID: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
Reply To: <m0u4tAl-00090wC@pacifier.com>
UTC Datetime: 1996-04-05 12:30:32 UTC
Raw Date: Fri, 5 Apr 1996 20:30:32 +0800

Raw message

From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 5 Apr 1996 20:30:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u4tAl-00090wC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain


On Thu, 4 Apr 1996, jim bell wrote:

> At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:

> >Black Unicorn is absolutely correct that this is generally the law.
> >Jim Bell is absolutely correct that laws like this are offensive and outrageous.
> >Unfortunately, Jim then rants at Unicorn for suggesting that this
> >would be the case; you'd think he'd be the first to realize that
> >there are laws out there that are offensive and outrageous and enforced.
> 
> I really don't think you're giving me enough credit.  I am fully aware that 
> in the past, the organizations on which wire-tap-type subpoenas were served 
> (primarily AT+T, "The phone company") were very cooperative with the police 
> and probably "never" challenged the subpoena. There is the law, and there is 
> the usual reaction to that law, and I expect that much of Unicorn's position 
> is based on a (false) assumption that this reaction will necessarily 
> continue unchanged.

Now, if this is your postion, let's see some support.

If you're trying to tell me that your going to see some mass uprising of 
the baby ISP's just because compelled discovery orders leave a sour taste 
in Mr. Bell's or anyone else's mouth, I just think you are a fool.

Compelled discovery orders work because they are backed with the 
very credible threat of financial and custodial sanctions.  Obstruction, 
or conspiracy is a crime, and in the case of the FBI, a federal crime of 
some magnitude.

While some ISP's may indeed feel they are able to resist the whims and 
enforcement powers of the United States, they are likely to be offshore, 
small, and viewing themselves as out of the reach of U.S. jurisdiction.  

With the scope of U.S. jurisdiction for compelled discovery, however, 
I think that most ISP's will find themselves in for significant surprises.

Mr. Bell somehow assumes that smaller ISP's will be less vulnerable.  I 
believe this in error.  Smaller ISP's won't even have the financial 
wherewithall to fight a compelled discovery order properly, much less 
actualy prevail in court where it is firmly estlablished that compelled 
discovery orders will be enforced and enforced with vigor, and that 
judicial review will be a waste of time.

Part of Mr. Bell's error lies in his basic assumptions about the 
political makeup and convictions of the general business community, even 
the small business community.

Mr. Bell, as demonstrated by his belief that small ISP's and other 
service providers will risk freedom, fines, and asset forfeiture, seems to 
think that the rumblings of a grass roots revolution are in the wind.  
Why Mr. Bell thinks this, other than the fact that it seems his personal 
fantasy, is without explanation.

It is worth bearing in mind that subpoenas are not the only tool that 
authorities can use to affect compliance.  In many cases authorities 
simply seize the equipment and hold it for the statuatory period before 
which  they are required to file charges in.  The Ripco BBS in Chicago, 
victim of the Sun Devil raids, is a prime example.  In that case the 
equipment was seized (via sealed warrant which later proved to authorize 
seizure of "computer or other electronic equipment of any nature."  and in 
actuality resulted in the seizure of everything from disks to printers 
to telephones), and held for five years before finally being returned.  
Clearly it was obsolete by this time.  No charges have been filed.

While I'm sure Mr. Bell would sacrifice hardware, freedom, cash, (though 
I'm sure he would insist on representing himself), and time to fight the 
tyrany of the FBI, I don't see every ISP suddenly turning into a Montana 
freemen armed standoff with the authorities, which is what it would 
practically take to resist such warrants and exercise of authority, even 
by preemptive or malicious encryption or disposal of data.

In short, welcome to the real world, Mr. Bell.

> Besides, that phone company had a monopoly, so it wasn't possible for 
> citizens to shop around for a phoneco that was known to make it hard for 
> police.  But that's changing, and that's my point.  Now and in the future, 
> it's going to be harder and harder for the police to get a 
> bend-over-backwards level of cooperation, and in fact phonecos (and 
> especially ISP's) might reasonably want to build up a reputation that they 
> will defend a customer's security in court long before a wiretap is 
> installed.

In practice many ISP's or phone co's will not have the opportunity to 
defend the matter in court without their services and equipment being 
forcibly seized preemptively.

> Imaginative phonecos will find ways to inform the target 
> legally, including naming the target as a non-hostile defendant in a court 
> challenge to that wiretap, and noticing that target since he's now a party 
> to a court action that must be noticed under civil procedure rules.

So the ISP sues their client to notify them of the wiretap?  Or the ISP 
sues the FBI and then draws the client into the suit?  I'm not sure what 
you mean here.  In any event it's a totally meaningless point as ongoing 
investigations could easily be blinded and the ISP or telco charged with 
willful obstruction or conspiracy to destroy material evidence to a 
crime, accessory after the fact in effect.

> In short, there is a drastic difference between blind obeisance and 
> enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
> that would rise to the level of some crime.

What you have described is a crime.  Your "clever" lawsuit isn't going to 
fool any judge, or anyone else.

> It is this difference which 
> will  change the previous ability of the police to get wiretaps 
> done secretly.

Wrong.  See above.

> My point in the first paragraph that I am quoted in above is 
> that many of the challenges that have never been made against wiretap 
> subpoenas, due to a closer-than-arms-length relationship between the phoneco 
> and the government, _will_ be challenged.

This argument relies heavily on the absence of other persuasion to comply 
with wiretaps, which, as I have demonstrated, exist in abundance.  Thus the 
thing falls in upon itself.

> Precedent, to the extent 
> precedent exists,

Significant precedent exists, see my note.

> will be challenged on (among other things) the basis of 
> the fact that this precedent was formulated during an era when essentially 
> all telecommunications was monopolized and regulated, and there is no reason 
> to believe that a previous telecom monopoly would have been diligent at 
> protecting the rights of their captive customers against the interest of the 
> government at that time.

You're claiming that a court is going to distinguish the case where a 
small ISP/telco refuses to comply with a compelled discovery order from a 
case where a large telco typically complies with a discovery on the basis 
that the large company complies only under compulsion or in self interest?

This amounts to "A obeys the law because he wants to.  B doesn't want to 
obey the law, therefore B need not."

The "attorney" who makes this argument will be laughed out of the courtroom.

> I think we need to start challenging all the previously-assumed issues that 
> have been interpretated to benefit the government.  If my ISP has agreed, 
> for instance, to send me daily certifications that he hasn't received any 
> "official" inquiries about my account, and one day he receives such an 
> inquiry and is forced to install some sort of a tap, it is hard for me to 
> imagine what kind of legal precedent would allow (and, even, REQUIRE) him to 
> continue to send false certifications when the alternative, simply failing 
> to send any certifications whatever, is also "legal."

As I have tried to explain to Mr. Bell before, the days of legal 
formalism are over.  Substance over form prevails today.  The substance 
of this transaction is to inform the client that an investigation is 
ongoing.  This is a major no-no, whatever Mr. Bell thinks he knows.

> (and, in fact, may be 
> required under my contract with him, should he be obligated to do a tap or 
> know one exists.)

As I explained before, contracts are void to the extent they are 
illegal.  Mr. Bell's response?  "Well, then we'll kill him and enforce 
the contract that way."

> The fact that I'd likely interpret his failure to send those 
> messages as meaning that my access is tapped is not within his control, and 
> if he's unwilling to screw me I find it hard to believe that he can't act on 
> this fact even if those actions have an indirect effect of alerting me.  

Your use of the word "indirect" is stretching the bounds of the 
imagination.  A judge, unless sleeping through argument, would see 
through this like glass.

> These are the kinds of issues that have either rarely or never been 
> challenged in court, simply because the organization(s) that would normally 
> do those challenges was in the hip pocket of government.  It's going to be a 
> brave new world very soon.

Incorrect.  They have been challenged time and time again in the context 
of compelled discovery.  Time and time again compelled discovery has been 
required, TRO's forbidding the destruction of documents and other 
evidence issued, search warrants and seizure effected in place of subpoena.

The telco in past has not complied with such orders because of some grand 
government conspiracy, although I realized Mr. Bell finds such things 
immensely sexy.  It has complied because its officers faced criminal and 
financial sanctions for non-compliance.

There are ways to resist compelled discovery.  These are not they.

> Jim Bell
> jimbell@pacifier.com

---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information







Thread