1996-04-06 - Re: So, what crypto legislation (if any) is necessary?

Header Data

From: jim bell <jimbell@pacifier.com>
To: Black Unicorn <unicorn@schloss.li>
Message Hash: 9c5c26fe2d870361f8d7840956d761792e933c7b85228785aaa3095542d4122a
Message ID: <m0u5Q3q-0008xlC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-04-06 13:46:26 UTC
Raw Date: Sat, 6 Apr 1996 21:46:26 +0800

Raw message

From: jim bell <jimbell@pacifier.com>
Date: Sat, 6 Apr 1996 21:46:26 +0800
To: Black Unicorn <unicorn@schloss.li>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u5Q3q-0008xlC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain


At 03:49 AM 4/5/96 -0500, Black Unicorn wrote:
>On Thu, 4 Apr 1996, jim bell wrote:

>> I really don't think you're giving me enough credit.  I am fully aware that 
>> in the past, the organizations on which wire-tap-type subpoenas were served 
>> (primarily AT+T, "The phone company") were very cooperative with the police 
>> and probably "never" challenged the subpoena. There is the law, and there 
is 
>> the usual reaction to that law, and I expect that much of Unicorn's 
position 
>> is based on a (false) assumption that this reaction will necessarily 
>> continue unchanged.
>
>Now, if this is your postion, let's see some support.

You do the research.  Until 1968, Federal wiretaps were illegal, by the 
Federal communications Act of 1934.

>From Encyclopedia Brittanica, 1970, vol 23 page 592:

"The modern federal law of wiretapping begins with the case of Olmstead v. 
U.S., 277 U.S. 438 (1928).  A majority of the Supreme Court, over vigorous 
dissent, held that a defendant's rights against unreasonable search and 
siezure, protected by the Fourth Amendment of the U.S. Constitution, were 
not denied by the tapping of his telephone wires by federal police 
officials.  In denying constitutional protection to the privacy of 
telephonic communicatiosn, the Olmstead decision in effect delegated to 
Congress the responsibility for defining what restrains, if any, are to be 
imposed on wiretapping activiity.   In 1934, Congress enacted section 605 of 
the Federaol Communications ACt, whcih provides, in part: "no person not 
being authorized by the sender shall intercept any communication and 
divulte...the contents..of such intercepted communication to any person."

Brittanica continued:

"It is clear that federal police officers continue to engage in wiretapping 
despite the statute.  The position of the Department of Justice has been 
that section 605 does not forbid wiretapping per se, but only interception 
_and_ divulgence.  Moreover, it is assered, communication of the contents of 
an intercepted message by one federal police officer to another is not 
'divulgence' within the meaning of the act.  This interpretation has never 
received definitive judicial approval.  Since the late 1930's numerous 
unsuccessful attempts have been made to amend the provisions of section 605, 
usually with the purpose of broadening various law-enforcement uses of 
wiretapping."

[end of Brittanica quote]

Needless to say, I find these excuses and distinctions silly and 
self-serving.  If Congress really had the power to increase the usage of 
wiretapping and numerous times chose not to do it, it is reasonable to 
assume that no legitimate interpretation of the Act of 1934 could allow 
police wiretapping to occur.


It is reasonable to assume that most wiretaps, when they were done, were 
assisted by the local phone company (usually AT+T).  In other words, AT+T 
assisted the government in illegal actions.   What happened in 1968 
was that Congress, recognizing this situation, decided to "compromise":  
They declared those wiretaps legal, if a warrant was obtained, and and a sop 
to the cops they allowed that evidence into court.  But them's the details.  
The fundamental point is that if AT+T would engage in illegal activity to 
benefit the cops or Feds, they would certainly go less far to give the 
government what it wants, whether or not that was illegal.  Clearly this was 
(and is) a non-arm's length relationship.

And notice that there was apparently no way for the police to force AT+T to 
do those wiretaps, before 1968.  They couldn't use them, so they couldn't 
insist on them.  You'll have to explain why AT+T did what they did even 
though they were apparently not obligated to act, and there was NOTHING the 
Feds could have done (legally, anyway!) to force them to.

>Compelled discovery orders work because they are backed with the 
>very credible threat of financial and custodial sanctions.  Obstruction, 
>or conspiracy is a crime, and in the case of the FBI, a federal crime of 
>some magnitude.

As usual, you misrepresent the situation.  You're setting up a straw man.  
"Appeals" are not "obstruction."

>While some ISP's may indeed feel they are able to resist the whims and 
>enforcement powers of the United States, they are likely to be offshore, 
>small, and viewing themselves as out of the reach of U.S. jurisdiction.

You continue to build that straw man.  

And I notice that you said "whims"?  What did you mean by this?  Are you 
suggesting that there is something wrong or illegal with "resisting the 
whims" of the government if that government has no legal basis for 
compelling cooperation with those "whims"?  I think it's interesting that 
with each paragraph you set little traps for yourself, and fall into them so 
embarrassingly.  
  
>With the scope of U.S. jurisdiction for compelled discovery, however, 
>I think that most ISP's will find themselves in for significant surprises.

There you tried to knock him down.

>Mr. Bell somehow assumes that smaller ISP's will be less vulnerable.  I 
>believe this in error.  Smaller ISP's won't even have the financial 
>wherewithall to fight a compelled discovery order properly, much less 
>actualy prevail in court

Think "insurance companies."  Insurance companies exist to pool risk.  At 
some point, "subpoena insurance" will be recognized as being a valuable 
thing, because it will allow even the smallest ISP the full legal assistance 
necessary.  A side-benefit of such assistance is that the government won't 
be able to "defendant shop" and try to set up a comfy precedent, because 
even the smallest ISP will be able to fight back as if it were large.  This 
is important to all other ISP's, obviously.  That's why they'll happily pool 
their resources.

>where it is firmly estlablished that compelled 
>discovery orders will be enforced and enforced with vigor, and that 
>judicial review will be a waste of time.

Continuing to knock down that straw man, I see!

>It is worth bearing in mind that subpoenas are not the only tool that 
>authorities can use to affect compliance.  In many cases authorities 
>simply seize the equipment and hold it for the statuatory period before 
>which  they are required to file charges in.  The Ripco BBS in Chicago, 
>victim of the Sun Devil raids, is a prime example.  In that case the 
>equipment was seized (via sealed warrant which later proved to authorize 
>seizure of "computer or other electronic equipment of any nature."  and in 
>actuality resulted in the seizure of everything from disks to printers 
>to telephones), and held for five years before finally being returned.  
>Clearly it was obsolete by this time.  No charges have been filed.

What I repeatedly find amazing about Unicorn's commentary is that he lists 
actions and behaviors of government that most of the rest of us find 
disgusting or egregious, and then he seems to take the position that it is 
impossible to prevail in court against those actions.  

Even if that limited opinion were true, to the extent it's true that merely 
goes to show why we can't expect justice from courts, and why we're going to 
have to set up a system to ensure that these egregious actions get punished.


>While I'm sure Mr. Bell would sacrifice hardware, freedom, cash, (though 
>I'm sure he would insist on representing himself), and time to fight the 
>tyrany of the FBI, I don't see every ISP suddenly turning into a Montana 
>freemen armed standoff with the authorities, which is what it would 
>practically take to resist such warrants and exercise of authority, even 
>by preemptive or malicious encryption or disposal of data.

Actually, it only takes one to set a precedent hostile to the government.

>> Besides, that phone company had a monopoly, so it wasn't possible for 
>> citizens to shop around for a phoneco that was known to make it hard for 
>> police.  But that's changing, and that's my point.  Now and in the future, 
>> it's going to be harder and harder for the police to get a 
>> bend-over-backwards level of cooperation, and in fact phonecos (and 
>> especially ISP's) might reasonably want to build up a reputation that they 
>> will defend a customer's security in court long before a wiretap is 
>> installed.
>
>In practice many ISP's or phone co's will not have the opportunity to 
>defend the matter in court without their services and equipment being 
>forcibly seized preemptively.

Oh, really?  Do you realize what you've just admitted?  You're your own 
worst enemy.  Let me quote you something you said below:

>There are ways to resist compelled discovery.  These are not they.

Sounds like a big contradiction, right?  You can't even keep your story 
straight!  Your loyalty to the truth is nil.  Yet another trap you set for yourself.  

>> Imaginative phonecos will find ways to inform the target 
>> legally, including naming the target as a non-hostile defendant in a court 
>> challenge to that wiretap, and noticing that target since he's now a party 
>> to a court action that must be noticed under civil procedure rules.
>
>So the ISP sues their client to notify them of the wiretap?  Or the ISP 
>sues the FBI and then draws the client into the suit?  I'm not sure what 
>you mean here. 

Your cluelessness is legendary.  Go talk to a real lawyer and he might tell 
you that occasionally, entities must be brought into lawsuits if their 
interests are at stake and their participation is necessary to decide an 
existing case.  It happens all the time.  In this kind of case, a challenge 
to the wiretap inherently involves the interests of the person to be tapped, 
and thus his participation is logical.  Not that the cops would LIKE it, but 
that doesn't necessarily mean that it won't happen anyway.

>In any event it's a totally meaningless point as ongoing 
>investigations could easily be blinded and the ISP or telco charged with 
>willful obstruction

Naming the target as a non-hostile defendant is not illegal.  Noticing him 
under civil procedure rules is not illegal.  Etc.

 or conspiracy to destroy material evidence to a 
>crime, accessory after the fact in effect.

You keep harping on this "destroy material evidence" kick.  Is that the best 
you can do?  I said NOTHING about "destroying evidence."  (regular readers 
will notice that this is a pattern that Unicorn displays; typical straw-man 
behavior!  His "destroying evidence" tirades are old.)
>
>> In short, there is a drastic difference between blind obeisance and 
>> enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
>> that would rise to the level of some crime.
>
>What you have described is a crime.  Your "clever" lawsuit isn't going to 
>fool any judge, or anyone else.

There is a big difference between "not fooling the judge" and becoming a 
crime.  As I pointed out before, these are exactly the kinds of issues that 
have "never" been enthusiastically challenged by an ISP or telco.  Your 
assumption that such challenges will never happen, or will fail is touching.

>> My point in the first paragraph that I am quoted in above is 
>> that many of the challenges that have never been made against wiretap 
>> subpoenas, due to a closer-than-arms-length relationship between the 
phoneco 
>> and the government, _will_ be challenged.
>
>This argument relies heavily on the absence of other persuasion to comply 
>with wiretaps, which, as I have demonstrated, exist in abundance.  Thus the 
>thing falls in upon itself.

The error you just made is to confuse the issue of adjudication and 
enforcement.  All you just said was that, once the final decision is made, 
it can be enforced.  I don't think it's necessary for me to challenge that 
claim, for the purposes of my point.  My point is that challenges to 
subpoenas can and do occur, WHEN THE PERSON OR CORPORATION NAMED _wants_ to 
do them, and up until now that organization regularly failed to do so.

>> will be challenged on (among other things) the basis of 
>> the fact that this precedent was formulated during an era when essentially 
>> all telecommunications was monopolized and regulated, and there is no 
reason 
>> to believe that a previous telecom monopoly would have been diligent at 
>> protecting the rights of their captive customers against the interest of 
the 
>> government at that time.
>
>You're claiming that a court is going to distinguish the case where a 
>small ISP/telco refuses to comply with a compelled discovery order from a 
>case where a large telco typically complies with a discovery on the basis 
>that the large company complies only under compulsion or in self interest?
>
>This amounts to "A obeys the law because he wants to.  B doesn't want to 
>obey the law, therefore B need not."

Further "straw-man" behavior. You just misrepresented the issue.  I'll 
re-write it:

"A obeys not only the law without question, but also agrees with all 
requests even if they are beyond the legal scope of the subpoena, and 
generously helps the cops, challenging nothing.  B challenges everything, 
and uses 'every trick in the book' to eliminate or minimize his obligations 
under the law"

There, that's better.


>> I think we need to start challenging all the previously-assumed issues that 
>> have been interpretated to benefit the government.  If my ISP has agreed, 
>> for instance, to send me daily certifications that he hasn't received any 
>> "official" inquiries about my account, and one day he receives such an 
>> inquiry and is forced to install some sort of a tap, it is hard for me to 
>> imagine what kind of legal precedent would allow (and, even, REQUIRE) him 
to 
>> continue to send false certifications when the alternative, simply failing 
>> to send any certifications whatever, is also "legal."
>
>As I have tried to explain to Mr. Bell before, the days of legal 
>formalism are over.  Substance over form prevails today. 

What, exactly, does this mean?  Are you saying, "The Constitution is dead"?  
Are you implicitly acknowledging here that my points are, or at least, WERE 
valid under a previous interpretation of the Constitution?  What, exactly, 
happened to change this?  Who passed which law to change it?

>The substance 
>of this transaction is to inform the client that an investigation is 
>ongoing.  This is a major no-no, whatever Mr. Bell thinks he knows.

"major no-no"?    It sure is interesting how Unicorn uses thes high-falutin 
legal terms like "major no-no" to describe the intricacies of subpoena law.

I'm going to have to look in Black's to figure out the legal implications of 
"major no-no." 

>> (and, in fact, may be 
>> required under my contract with him, should he be obligated to do a tap or 
>> know one exists.)
>
>As I explained before, contracts are void to the extent they are 
>illegal. 

Unicorn proves, once again, that a little knowledge is a dangerous thing.

But I don't think that FAILING to send a particular certification (that the 
ISP isn't under subpoena) constitutes an "illegal" contract.  The 
fulfillment of that term is not legally required, absent a contract, and 
likewise it is not generally prohibited if it is part of a contract.  It 
looks like the government has no basis to object to either sending that 
certification or failing to.

 And you also misrepresented things:  it is more accurate to use the term 
"unenforceable" rather than "void".  "Unenforceable" (assuming, for a 
moment, that this was a correct interpretation; it isn't, however) might 
simply indicate that the client can't sue his ISP for lack of fidelity to 
that particular term of the contract.  But that's somewhat misleading, 
because this assumes that the ISP _doesn't_ want to comply with the terms of 
his contract.  It is irrelevant that a contract is argued to be 
"unenforceable" if the parties to the contract _want_ to comply with it 
anyway.  And if the ISP _wants_ to comply, and compliance merely involves 
FAILING to send a certification, and not sending that certification is not 
otherwise prohibited by pre-existing law, then I think it's obvious that the 
ISP is entitled to fail to send the certification.

In a government-centric philosophy enthusiastically promoted by Unicorn, 
government is the only enforcer.  In the real, digital world of the future, 
digital reputations will enforce behavior.  A practice by an ISP to tolerate 
subpoenas without legal challenge will become well-known, and that ISP will 
shrink to oblivion unless he changes his policies.

>Mr. Bell's response?  "Well, then we'll kill him and enforce 
>the contract that way."

Given the repeated admissions you make that the government can and does 
engage in outrageous behavior, I'd say that extra-legal enforcement is 
clearly warranted.

>> The fact that I'd likely interpret his failure to send those 
>> messages as meaning that my access is tapped is not within his control, and 
>> if he's unwilling to screw me I find it hard to believe that he can't act 
on 
>> this fact even if those actions have an indirect effect of alerting me.  
>
>Your use of the word "indirect" is stretching the bounds of the 
>imagination.  A judge, unless sleeping through argument, would see 
>through this like glass.

Again, doesn't make it illegal.  There is no reason to assume that the 
government will always get whatever it wants. (remember the "whim" reference 
you made above?  I'm _still_ laughing about it!)   Challenging it on what it 
wants should be standard procedure.

>> These are the kinds of issues that have either rarely or never been 
>> challenged in court, simply because the organization(s) that would normally 
>> do those challenges was in the hip pocket of government.  It's going to be a 
>> brave new world very soon.
>
>Incorrect.  They have been challenged time and time again in the context 
>of compelled discovery.  Time and time again compelled discovery has been 
>required, TRO's forbidding the destruction of documents and other 
>evidence issued, search warrants and seizure effected in place of subpoena.

For a different class of people and corporations, yes.    Not ISP's, and as 
far as I know, telephone companies have never pushed the envelope.  If you 
have any specific contrary examples, show me.


>The telco in past has not complied with such orders because of some grand 
>government conspiracy, 

You statement is wildly in error.  AT+T clearly did phone taps for the 
government prior to 1968 PRECISELY due to "some grant conspiracy":  It 
certainly didn't do them because AT+T was _legally_obligated_ to.

>although I realized Mr. Bell finds such things 
>immensely sexy.  It has complied because its officers faced criminal and 
>financial sanctions for non-compliance.

Which is an interesting statement, given the fact that I pointed out that in 
the period of 1930-1968, the phone company assisted with ILLEGAL wiretaps.  
Are you suggesting that during that time frame, they actually violated the 
law under threat of "criminal and financial sanctions for non-compliance"?  
What kind of government threatens people with "criminal and financial 
sanctions" for NOT assisting it with illegality?  

Yikes!  Somehow I think your morality is about as warped as it comes.  Yet 
another trap you set for yourself, and you jumped right in.

>
>There are ways to resist compelled discovery.  These are not they.

What you haven't explained or demonstrated is how ISPs could become more 
agressive in their defenses.  This failure is typical of you:  Your bag of 
tricks is empty _unless_you_are_paid_.

Jim Bell

jimbell@pacifier.com






Thread