From: jim bell <jimbell@pacifier.com>
To: Greg Broiles <cryptography@c2.net
Message Hash: 05f690435a16e95b694305ae9929a3169d662ec48b8b53f76031e879b6742208
Message ID: <199703060144.RAA08671@mail.pacifier.com>
Reply To: N/A
UTC Datetime: 1997-03-06 01:45:32 UTC
Raw Date: Wed, 5 Mar 1997 17:45:32 -0800 (PST)
From: jim bell <jimbell@pacifier.com>
Date: Wed, 5 Mar 1997 17:45:32 -0800 (PST)
To: Greg Broiles <cryptography@c2.net
Subject: Re: ECPA/1997: the other shoe?
Message-ID: <199703060144.RAA08671@mail.pacifier.com>
MIME-Version: 1.0
Content-Type: text/plain
At 07:51 AM 3/5/97 -0800, Greg Broiles wrote:
>I've seen discussion on various lists and in the media about the reissue of
>Sen. Burns' Pro-CODE bill (S. 377); I was poking around thomas.loc.gov for
>information about S. 377 and ran across S. 376, introduced by Sen. Leahy,
>the "Encrypted Communications Privacy Act of 1997", which implements a lot
>of legislation that cypherpunks types have been speculating about for
>several years now.
[snip]
>I haven't had a chance to go over it in detail, but it purports to do these
>things:
>Makes the use of any cryptosystem in the US, or by US persons on foreign
>soil, legal;
Which is somewhat illogical, because if we assume that things are legal
until made illegal, and there is no illegal cryptosystem, that means that no
bill can "make the use of any cryptosystem legal."
(I understand, of course, that you may simply be saying that the bill
pretends to do it...)
>Prohibits the implementation of mandatory key escrow
Again, somewhat of a non-issue, wouldn't you say? What with the 1st
amendment, the government would have an enormous uphill battle to make key
escrow mandatory anyway.
>Establishes standards and procedures under which key escrow agents may
>release escrowed keys (including criminalizing wrongful release and
>wrongful failure to release pursuant to court order/other authorization)
Key escrow agents (to the extent they currently exist and will exist in the
future) are presumably entitled to contract with their customers whatever
conditions and terms their customers desire. If that DOESN'T include
sharing the key with the government, as far as I know that's entirely
legitimate. ("impairment of contracts.") Also, I see no reason to believe
that those agents will necessarily have copies of the keys in unencrypted
form, useable by the government.
>Criminalizes the willful use of encryption to obstruct justice
Which, as Tim May points out, could imply practically any useage of crypto
with the "appropriate" misinterpretation on the part of government,
particularly encrypted remailers. Just what the Leahy bill last year
appeared to be intended to do.
>Confirms that it is legal to sell any cryptosystem within the US
Again, that's unnecessary and redundant.
>Sets standards for the release of keys to foreign governments
>
>I'll post a more detailed summary later when I've had a chance to go over
>the bill more carefully.
What we should be particularly suspicious of is any differnces between last
year's bill and this year's. Somehow I doubt we'll see any desireable
change; all the changes will be bad.
Jim Bell
jimbell@pacifier.com
Return to March 1997
Return to “jim bell <jimbell@pacifier.com>”
1997-03-06 (Wed, 5 Mar 1997 17:45:32 -0800 (PST)) - Re: ECPA/1997: the other shoe? - jim bell <jimbell@pacifier.com>