From: Black Unicorn <unicorn@schloss.li>
To: jim bell <jimbell@pacifier.com>
Message Hash: de01d96d0c90d800d90fbf4357d8d784b75f998ccc4853ee1bc059dc6f098ec9
Message ID: <Pine.SUN.3.94.961009010443.4662E-100000@polaris>
Reply To: <199610082336.QAA24221@mail.pacifier.com>
UTC Datetime: 1996-10-09 09:46:04 UTC
Raw Date: Wed, 9 Oct 1996 17:46:04 +0800
From: Black Unicorn <unicorn@schloss.li>
Date: Wed, 9 Oct 1996 17:46:04 +0800
To: jim bell <jimbell@pacifier.com>
Subject: Creative Wiretap Arguments [Was :Re: Put up or shut up]
In-Reply-To: <199610082336.QAA24221@mail.pacifier.com>
Message-ID: <Pine.SUN.3.94.961009010443.4662E-100000@polaris>
MIME-Version: 1.0
Content-Type: text/plain
On Tue, 8 Oct 1996, jim bell wrote:
> At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
> >Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are
> >almost always fruitless. Since the intents of the ranters are generally
> >anarchistic, why even involve the law and justice. Even if their ideas have
> >good philosophical basis there is little hope for the broad changes they
> >seek in the political or legal landscape (given the powerful and selfish
> >interests of those inside and outside the beltway) without a great trauma
> >to the system.
>
> Maybe you're missing the point? Even if you accept the idea of wiretapping
> telephone lines, one of the things that _isn't_ settled is how law is going
> to start treating ISP's. That, let me point out, IS NOT settled law, and in
> fact it hasn't really even started, so those lawyers who have a knee-jerk
> tendency to accept precedent don't have any precedent to accept! (unless,
> of course, they "pre-accept" the assumption that what the government can do
> WRT ISP's is somehow identical to what they do with telephones.)
I disagree. There is lots of potential precident. The entire concept
that data voluntarily turned over to a 3rd party is not entitled to 4th
amendment protection (i.e., pen registers) is just the one that happens to
jump to mind. The fact that the government has had to deal with
the breakup of ma bell and cooperate with several different phone
companies now suggests to me that not much of a leap is required to
include ISPs. Constitutional arguments that ISPs are somehow different
from phone companies and therefore not required to comply with wiretap
orders? Good luck.
I know its fun to make the argument that ISPs and E-mail and NetPhone are
all new technologies and so it must be unconstitutional to regulate them
but the amusement in these cases stems from a wish that it was so, not
fact or reason.
Are there some flexibilities in the developing law? Yes. Are they going
to make all e-mail and electronic communications legally untapable and
immune from electronic search warrant? Of course not. Don't be stupid.
This is what technology is for.
> I see two broad and conflicting ideas of what the government can do in a
> search. The first is a classic search warrant, which simply allows the cops
> to go in and look around, for a comparatively limited amount of time,
> informing the person searched,taking a few things, and then _leaving_.
> Period. Generally, they can't sneak in, they can't hide in the closet for
> weeks or months, etc.
>
> Without effective challenge by telephone companies (which have no motivation
> to challenge it) there has been a very different precedent set, that of the
> wiretap: No informing the target at the beginning, indefinite time limit,
> and not necessarily even informing those tapped after it's over. _VERY_
> different.
>
> The question is, which of these precedents should control ISPs? Police,
> obviously enough, would probably want to insinuate into the game with the
> assumption that the latter scenario rules. After all, they're talking about
> wires and electricity, right? That sure sounds like wiretapping, right?
Why bother with all this trash? Use SSH and end to end encryption. End
of discussion. See how much simpler and cheaper that is than trying to
get the supreme court to kneecap the police and the feds? Hint: If you
don't, you're on the wrong list.
> I contend that an ISP should be entitled to enter into a contract with his
> customers in a way which obligates him to structure his business to minimize
> his ability to cooperate with police when given a search warrant.
"I content that a phone company should be entitled to enter into a
contract with his customers in a way which obligates him to structure his
business to minimize his ability to cooperate with police when given a
search warrant." Yeah. Good luck. Switch phone comapny with "deli" or
with "employer" or with "interstate shipper." Same result. "Good luck."
Find me a General Counsel who would let their firm do that and I'll find
you a wonderful canidate for a malpractice suit. I would suggest you
study the contractual doctrine of "Illegality" and state statutes on
"Obstruction of Justice."
> One
> example which occurred to be months ago (which, amazingly, shut up even
> Black Unicorn!) was that the ISP could agree to encrypt any email received
> with the user's public key (or another public key whose private key is known
> only to the user) so that useful information is only ephemerally available
> in the ISP's computers. A few seconds after it arrives, it's been encrypted
> and is "gone" from the standpoint of the ISP. Only the user, when he logs
> in and after he downloads the encrypted files, can decrypt them.
Why even involve the ISP? Why would an ISP want to do this and expose
themselves to potential liability when the end user could just do it
themselves? I don't remember this point, but if I ignored it it's
probably because its just lacking in any remarkable insight. Actually it
doesn't even seem to have undergone the scrutiny of 10 minutes
consideration.
The entire advantage of encryption is that it moves the burden and ability
to protect communications to the end user. There is no need to depend on
the phone company, an ISP, or anyone else but the person with whom you are
communicating.
If you want an ISP to encrypt all your mail as it shows up (a strange
request to begin with because of the potential for some third party to
encrypt with the wrong key or etc. and destroy the data permanently) you
are introducing a third party into the equation which you now have to
trust and depend on as far as resistence to government coercion goes.
(You seem to have identified this problem below, but in a way that
suggests it just occured to you or that this is just a stream of
consciousness blathering post). I don't understand at all how this leaves
anyone better off. I can point out explicitly, however, how it leaves
everyone worse off.
1. The government now has another party to squeeze (The ISP, who would
have been fairly untouchable if they had done nothing but forward e-mail).
2. The party receiving mail now has to depend on the ISP and some method
of contractual enforcement if the ISP breaks its word. (I suppose this is
where it will be suggested that we just kill all the ISP employees).
3. The party sending mail now has to rely on the discression of the ISP
(From whom he/she has no contractual assurances at all).
> But that raises another question. Suppose the government, not liking this
> situation, decides to not merely do a search, but in fact order the ISP to
> turn off the encrypt-on-receipt feature? And more particularly, to do so
> without telling the customer? What if, in fact, they order the ISP to LIE
> about this? Or what if they order the ISP to change his system's software
> to store away an unencrypted version of the messages so as to bypass this
> protection?
What if they just packet sniff at the "In" plug of the ISP and cut the ISP
out all together? Why bother telling the ISP anything if it's clearly not
being compliant? Duh. Same reason I would send agents to go around an
island bank which was not cooperating were I the IRS. Of course, the ISP
could easily be charged in a conspiracy and obstruction action after this.
> My answer to all this should be obvious: There is a vast difference between
> doing a "search" and, in effect, turning an ISP into a slave who has to say
> "how high?" when the government says "jump." Arguably the ISP has to
> consent to a search;
Where do you get this last part? Arguably in the Jim Bell Court of
Invented Appeals perhaps. Of course in that court the death penality
applies for parking violations if the complaintant is rich enough.
> I don't think he has to change his business practices
> in order to make those searches more useful. And I think he's entitled to
> make promises to his customers that he's obligated to keep, even when the
> government would want him to break them.
I refer you back to the concepts of "obstruction" and "conspiracy."
> However, I won't claim that this matter has been settled; in fact, it's
> probably an issue that never came up before, in any court.
Neither has the argument that cows fly and therefore should be regulated
by the FAA. How that lends the argument any merit at all is beyond my
comprehension.
> That's why I
> think it's important to ensure that ISP-law does not follow is the bad
> precedents set by wiretap law.
Suggestion: Start a foundation with this goal. Let me know how far you
get. Try calling some law schools and asking them if they might have some
students willing to work on the problem for free.
>
> Jim Bell
> jimbell@pacifier.com
>
--
I hate lightning - finger for public key - Vote Monarchist
unicorn@schloss.li
Return to October 1996
Return to ““Timothy C. May” <tcmay@got.net>”