1997-07-18 - court order required for keys?

Header Data

From: rschlafly@attmail.com (Roger Schlafly)
To: cypherpunks@Algebra.COM
Message Hash: 762379d4024ff5f2e464ae1c2e3eeb84a6e0ad5af42ac107a4607ff3162b5c4b
Message ID: <rschlafly1990630200>
Reply To: N/A
UTC Datetime: 1997-07-18 06:36:02 UTC
Raw Date: Fri, 18 Jul 1997 14:36:02 +0800

Raw message

From: rschlafly@attmail.com (Roger  Schlafly)
Date: Fri, 18 Jul 1997 14:36:02 +0800
To: cypherpunks@Algebra.COM
Subject: court order required for keys?
Message-ID: <rschlafly1990630200>
MIME-Version: 1.0
Content-Type: text/plain



Posted online news accounts of the McCain-Kerrey bill have implied
that the a court order is required under the bill to get keys.  Eg,
from recent postings,

    [AP, 07/09/1997]
    As with wiretaps, authorities would have to obtain court orders to make
    the keys available for law enforcement.     ^^^^^^^^^^^^^^^^^^^
    ... Sponsored by Kerrey and Sen. John McCain, R-Ariz., that bill would set
    up a key recovery system to give computer companies strong incentives to
    make keys available to investigators who obtain a court's permission.
                                         ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    [Wired, 11.Jul.97]
    Law enforcement could then access that copy of your key
    through a court order.
    ^^^^^^^^^^^^^^^^^^^^^

I find this distressing, because I have read the bill, and a court order
is most emphatically NOT required.  Only a form specified by J. Reno.
This is a tricky point in the bill, but notice that:

(1) Court orders are not required for wiretaps in the US.  While it may
be true that court orders are used most of the time when wiretap evidence
is used in a criminal trial, there are a number of exceptions.

(2) There is no restriction in the bill to getting keys to decipher
communications covered by the wiretap laws.  It lets cops get keys
to many other communications.  Part of the point to using
encryption is to use public networks where access to the encrypted
data need not be hidden or withheld from the public.  Under S.909,
if the cops can get access to the data, then they can get the keys
without any court order.

(3) Even if there is a court-ordered wiretap, there is no obligation
to notify the judge that keys will also be seized.  While it may seem
obvious that if a judge is willing to order a wiretap, he is willing
to order key seizure, I don't think this is necessarily the case.
When a judge orders a wiretap, he is supposed to be balancing the
possibility of getting incriminating evidence against the invasion of
privacy of innocent parties.  If the keys of innocent parties are being
seized as well, it may affect the judge's balancing.

(4) In S.909, all of the requirements on law enforcement officials
can be lifted by executive order.

Am I wrong, or are all the news accounts wrong?  Please let me know
if there is any flaw in my analysis.

Roger Schlafly
rschlafly@attmail.com
(Please CC me on any followup, as I only occasionally read this list.)






Thread