From: Black Unicorn <unicorn@schloss.li>
To: jim bell <jimbell@pacifier.com>
Message Hash: 78a987044b41c9b031418df30c008691f27753f8e3cebc9a3039f4a8bd28f894
Message ID: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
Reply To: <m0u4tAl-00090wC@pacifier.com>
UTC Datetime: 1996-04-05 12:30:32 UTC
Raw Date: Fri, 5 Apr 1996 20:30:32 +0800
From: Black Unicorn <unicorn@schloss.li>
Date: Fri, 5 Apr 1996 20:30:32 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
In-Reply-To: <m0u4tAl-00090wC@pacifier.com>
Message-ID: <Pine.SUN.3.91.960404182031.758A-100000@polaris.mindport.net>
MIME-Version: 1.0
Content-Type: text/plain
On Thu, 4 Apr 1996, jim bell wrote:
> At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:
> >Black Unicorn is absolutely correct that this is generally the law.
> >Jim Bell is absolutely correct that laws like this are offensive and outrageous.
> >Unfortunately, Jim then rants at Unicorn for suggesting that this
> >would be the case; you'd think he'd be the first to realize that
> >there are laws out there that are offensive and outrageous and enforced.
>
> I really don't think you're giving me enough credit. I am fully aware that
> in the past, the organizations on which wire-tap-type subpoenas were served
> (primarily AT+T, "The phone company") were very cooperative with the police
> and probably "never" challenged the subpoena. There is the law, and there is
> the usual reaction to that law, and I expect that much of Unicorn's position
> is based on a (false) assumption that this reaction will necessarily
> continue unchanged.
Now, if this is your postion, let's see some support.
If you're trying to tell me that your going to see some mass uprising of
the baby ISP's just because compelled discovery orders leave a sour taste
in Mr. Bell's or anyone else's mouth, I just think you are a fool.
Compelled discovery orders work because they are backed with the
very credible threat of financial and custodial sanctions. Obstruction,
or conspiracy is a crime, and in the case of the FBI, a federal crime of
some magnitude.
While some ISP's may indeed feel they are able to resist the whims and
enforcement powers of the United States, they are likely to be offshore,
small, and viewing themselves as out of the reach of U.S. jurisdiction.
With the scope of U.S. jurisdiction for compelled discovery, however,
I think that most ISP's will find themselves in for significant surprises.
Mr. Bell somehow assumes that smaller ISP's will be less vulnerable. I
believe this in error. Smaller ISP's won't even have the financial
wherewithall to fight a compelled discovery order properly, much less
actualy prevail in court where it is firmly estlablished that compelled
discovery orders will be enforced and enforced with vigor, and that
judicial review will be a waste of time.
Part of Mr. Bell's error lies in his basic assumptions about the
political makeup and convictions of the general business community, even
the small business community.
Mr. Bell, as demonstrated by his belief that small ISP's and other
service providers will risk freedom, fines, and asset forfeiture, seems to
think that the rumblings of a grass roots revolution are in the wind.
Why Mr. Bell thinks this, other than the fact that it seems his personal
fantasy, is without explanation.
It is worth bearing in mind that subpoenas are not the only tool that
authorities can use to affect compliance. In many cases authorities
simply seize the equipment and hold it for the statuatory period before
which they are required to file charges in. The Ripco BBS in Chicago,
victim of the Sun Devil raids, is a prime example. In that case the
equipment was seized (via sealed warrant which later proved to authorize
seizure of "computer or other electronic equipment of any nature." and in
actuality resulted in the seizure of everything from disks to printers
to telephones), and held for five years before finally being returned.
Clearly it was obsolete by this time. No charges have been filed.
While I'm sure Mr. Bell would sacrifice hardware, freedom, cash, (though
I'm sure he would insist on representing himself), and time to fight the
tyrany of the FBI, I don't see every ISP suddenly turning into a Montana
freemen armed standoff with the authorities, which is what it would
practically take to resist such warrants and exercise of authority, even
by preemptive or malicious encryption or disposal of data.
In short, welcome to the real world, Mr. Bell.
> Besides, that phone company had a monopoly, so it wasn't possible for
> citizens to shop around for a phoneco that was known to make it hard for
> police. But that's changing, and that's my point. Now and in the future,
> it's going to be harder and harder for the police to get a
> bend-over-backwards level of cooperation, and in fact phonecos (and
> especially ISP's) might reasonably want to build up a reputation that they
> will defend a customer's security in court long before a wiretap is
> installed.
In practice many ISP's or phone co's will not have the opportunity to
defend the matter in court without their services and equipment being
forcibly seized preemptively.
> Imaginative phonecos will find ways to inform the target
> legally, including naming the target as a non-hostile defendant in a court
> challenge to that wiretap, and noticing that target since he's now a party
> to a court action that must be noticed under civil procedure rules.
So the ISP sues their client to notify them of the wiretap? Or the ISP
sues the FBI and then draws the client into the suit? I'm not sure what
you mean here. In any event it's a totally meaningless point as ongoing
investigations could easily be blinded and the ISP or telco charged with
willful obstruction or conspiracy to destroy material evidence to a
crime, accessory after the fact in effect.
> In short, there is a drastic difference between blind obeisance and
> enthusiastic hostility, even if you exclude actions by the ISP or phoneco
> that would rise to the level of some crime.
What you have described is a crime. Your "clever" lawsuit isn't going to
fool any judge, or anyone else.
> It is this difference which
> will change the previous ability of the police to get wiretaps
> done secretly.
Wrong. See above.
> My point in the first paragraph that I am quoted in above is
> that many of the challenges that have never been made against wiretap
> subpoenas, due to a closer-than-arms-length relationship between the phoneco
> and the government, _will_ be challenged.
This argument relies heavily on the absence of other persuasion to comply
with wiretaps, which, as I have demonstrated, exist in abundance. Thus the
thing falls in upon itself.
> Precedent, to the extent
> precedent exists,
Significant precedent exists, see my note.
> will be challenged on (among other things) the basis of
> the fact that this precedent was formulated during an era when essentially
> all telecommunications was monopolized and regulated, and there is no reason
> to believe that a previous telecom monopoly would have been diligent at
> protecting the rights of their captive customers against the interest of the
> government at that time.
You're claiming that a court is going to distinguish the case where a
small ISP/telco refuses to comply with a compelled discovery order from a
case where a large telco typically complies with a discovery on the basis
that the large company complies only under compulsion or in self interest?
This amounts to "A obeys the law because he wants to. B doesn't want to
obey the law, therefore B need not."
The "attorney" who makes this argument will be laughed out of the courtroom.
> I think we need to start challenging all the previously-assumed issues that
> have been interpretated to benefit the government. If my ISP has agreed,
> for instance, to send me daily certifications that he hasn't received any
> "official" inquiries about my account, and one day he receives such an
> inquiry and is forced to install some sort of a tap, it is hard for me to
> imagine what kind of legal precedent would allow (and, even, REQUIRE) him to
> continue to send false certifications when the alternative, simply failing
> to send any certifications whatever, is also "legal."
As I have tried to explain to Mr. Bell before, the days of legal
formalism are over. Substance over form prevails today. The substance
of this transaction is to inform the client that an investigation is
ongoing. This is a major no-no, whatever Mr. Bell thinks he knows.
> (and, in fact, may be
> required under my contract with him, should he be obligated to do a tap or
> know one exists.)
As I explained before, contracts are void to the extent they are
illegal. Mr. Bell's response? "Well, then we'll kill him and enforce
the contract that way."
> The fact that I'd likely interpret his failure to send those
> messages as meaning that my access is tapped is not within his control, and
> if he's unwilling to screw me I find it hard to believe that he can't act on
> this fact even if those actions have an indirect effect of alerting me.
Your use of the word "indirect" is stretching the bounds of the
imagination. A judge, unless sleeping through argument, would see
through this like glass.
> These are the kinds of issues that have either rarely or never been
> challenged in court, simply because the organization(s) that would normally
> do those challenges was in the hip pocket of government. It's going to be a
> brave new world very soon.
Incorrect. They have been challenged time and time again in the context
of compelled discovery. Time and time again compelled discovery has been
required, TRO's forbidding the destruction of documents and other
evidence issued, search warrants and seizure effected in place of subpoena.
The telco in past has not complied with such orders because of some grand
government conspiracy, although I realized Mr. Bell finds such things
immensely sexy. It has complied because its officers faced criminal and
financial sanctions for non-compliance.
There are ways to resist compelled discovery. These are not they.
> Jim Bell
> jimbell@pacifier.com
---
My preferred and soon to be permanent e-mail address:unicorn@schloss.li
"In fact, had Bancroft not existed, potestas scientiae in usu est
Franklin might have had to invent him." in nihilum nil posse reverti
00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information
Return to April 1996
Return to “sameer@c2.org”