From: jim bell <jimbell@pacifier.com>
To: Bill Stewart <stewarts@ix.netcom.com>
Message Hash: fe58087c45fb3e9f1c9dbeb0becf27d57ffbf30e6b4d2888293a0d41795efef6
Message ID: <m0u4tAl-00090wC@pacifier.com>
Reply To: N/A
UTC Datetime: 1996-04-05 04:13:17 UTC
Raw Date: Fri, 5 Apr 1996 12:13:17 +0800
From: jim bell <jimbell@pacifier.com>
Date: Fri, 5 Apr 1996 12:13:17 +0800
To: Bill Stewart <stewarts@ix.netcom.com>
Subject: Re: So, what crypto legislation (if any) is necessary?
Message-ID: <m0u4tAl-00090wC@pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:
>>As usual, Unicorn is FOS. Not entirely in his facts, but in his
>>conclusions. To "forbit third parties to reveal prosecution inquiries" is
>>an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.
>>Maybe Unicorn can't see what's wrong with that, but I can. It is unclear
>>whether this has ever been tested in court, or whether that test occurred
>>recently.
>
>Black Unicorn is absolutely correct that this is generally the law.
>Jim Bell is absolutely correct that laws like this are offensive and outrageous.
>Unfortunately, Jim then rants at Unicorn for suggesting that this
>would be the case; you'd think he'd be the first to realize that
>there are laws out there that are offensive and outrageous and enforced.
I really don't think you're giving me enough credit. I am fully aware that
in the past, the organizations on which wire-tap-type subpoenas were served
(primarily AT+T, "The phone company") were very cooperative with the police
and probably "never" challenged the subpoena. There is the law, and there is
the usual reaction to that law, and I expect that much of Unicorn's position
is based on a (false) assumption that this reaction will necessarily
continue unchanged.
Besides, that phone company had a monopoly, so it wasn't possible for
citizens to shop around for a phoneco that was known to make it hard for
police. But that's changing, and that's my point. Now and in the future,
it's going to be harder and harder for the police to get a
bend-over-backwards level of cooperation, and in fact phonecos (and
especially ISP's) might reasonably want to build up a reputation that they
will defend a customer's security in court long before a wiretap is
installed. Imaginative phonecos will find ways to inform the target
legally, including naming the target as a non-hostile defendant in a court
challenge to that wiretap, and noticing that target since he's now a party
to a court action that must be noticed under civil procedure rules.
In short, there is a drastic difference between blind obeisance and
enthusiastic hostility, even if you exclude actions by the ISP or phoneco
that would rise to the level of some crime. It is this difference which
will change the previous ability of the police to get wiretaps
done secretly. My point in the first paragraph that I am quoted in above is
that many of the challenges that have never been made against wiretap
subpoenas, due to a closer-than-arms-length relationship between the phoneco
and the government, _will_ be challenged. Precedent, to the extent
precedent exists, will be challenged on (among other things) the basis of
the fact that this precedent was formulated during an era when essentially
all telecommunications was monopolized and regulated, and there is no reason
to believe that a previous telecom monopoly would have been diligent at
protecting the rights of their captive customers against the interest of the
government at that time.
>>For example, if I ask my ISP to send me an anonymous, encrypted message with
>>the word, "Rosebud" in it to me if he receives any requests to tap my
>>connection, he can do so with no fear of being discovered, because no third
>>party can decrypt the message, know who is is from, or know the real meaning
>>of the word, "Rosebud" in the context of an encrypted, anonymized message.
>>Further, since the whole thing is by pre-arrangement, even I cannot prove
>>(to the satisfaction of a third party) that the message really meant what I
>>would interpret it to mean. The message is useful to me, as a warning, but
>>it could never turn around and "bite" the ISP.
>
>Now that's an interesting wrinkle to the problem. I suspect that,
>as you suggest, there will be ISPs, especially in non-US jurisdictions,
>that are willing to send out "Rosebud" messages to anonymous remailers,
>or to fail to send "Remarque" messages, or to debit anonymous accounts
>for data retrieval services rendered while also supporting billing-status
>checking by anonymous remailers. From a crypto-anarchist dogmatic perspective,
>it'll definitely happen, though there may be a rough transition until
>there's enough critical mass to make it undetectable (and note that
>"undetectable" is a tougher standard than "untraceable"...)
I think we need to start challenging all the previously-assumed issues that
have been interpretated to benefit the government. If my ISP has agreed,
for instance, to send me daily certifications that he hasn't received any
"official" inquiries about my account, and one day he receives such an
inquiry and is forced to install some sort of a tap, it is hard for me to
imagine what kind of legal precedent would allow (and, even, REQUIRE) him to
continue to send false certifications when the alternative, simply failing
to send any certifications whatever, is also "legal." (and, in fact, may be
required under my contract with him, should he be obligated to do a tap or
know one exists.) The fact that I'd likely interpret his failure to send those
messages as meaning that my access is tapped is not within his control, and
if he's unwilling to screw me I find it hard to believe that he can't act on
this fact even if those actions have an indirect effect of alerting me.
These are the kinds of issues that have either rarely or never been
challenged in court, simply because the organization(s) that would normally
do those challenges was in the hip pocket of government. It's going to be a
brave new world very soon.
Jim Bell
jimbell@pacifier.com
Return to April 1996
Return to “sameer@c2.org”