From: Bill Stewart <bill.stewart@pobox.com>
Date: Tue, 29 Dec 1998 11:53:58 +0800
To: FitugMix <cypherpunks@cyberpass.net
Subject: Re: distribution scheme
In-Reply-To: <199812220853.JAA16038@jengate.thur.de>
Message-ID: <3.0.5.32.19981228010513.008cc410@idiom.com>
MIME-Version: 1.0
Content-Type: text/plain



At 09:53 AM 12/22/98 +0100, Falcon, aka FitugMix <tonne@thur.de>,
wrote about a suggestion to chop crypto or other contraband material 
into separate streams, e.g. bit 1 of each byte in stream 1, etc.,
hoping that this would be "legal" because it's not really encryption,
though if managed carefully it would still be hard to read.

That's of course a distinct question from "will this make the
information hard enough to notice that I won't get caught?";
the answer to that question depends on many factors besides the
direct details themselves, like who you use this to send things to,
and how you advertise the things you make available to send, etc.

> I'd like legal advice on this - is the idea correct? 

I'm not only not a US lawyer, I'm also not a German lawyer,
or a Chinese lawyer, or a Russian lawyer, and you're not paying me,
so this is not legal advice :-)  But my strongly considered 
engineering opinion is "Don't bet on it if it really matters."

If you use the system to distribute a copyrighted work,
you've still distributed a copyrighted work, even if you've 
shredded the paper and shipped the shreds and sticky-tape.  No win.

And if you try this in a country like China, where the laws are
arbitrary and defined on the spot, the fact that you may not have
violated the letters of a written law is potentially irrelevant.
The Chinese government is currently threatening to execute someone
who distributed 30000 email addresses of mainland Chinese to some
foreign human-rights activists - "assisting enemies of the state"
is seldom a well-defined crime; only the punishment is consistent. 

On the other hand, in countries that have well-defined laws,
and law enforcement organizations and courts that only enforce
the laws that are defined, and always want to enforce them correctly,
it can be entertaining to play with technologies like this.
Sometimes this gets them to change the rules, usually administratively
rather than through a public political process, but sometimes
it can make them look silly and feel bad about what they're doing.

Ron Rivest's "Chaffing and Winnowing" protocol is a great example,
and you can find details on your favorite web search engines.
	(Farming definitions: "Chaff" is the stuff you don't want
	that comes with wheat, like stems and hulls, and
	"winnowing" is the process of separating wheat from chaff.)
Basically, you define an authentication checksum that uses a key,
so only the sender and the intended recipient can validate a checksum.
Then you send a series of entries like
	BitNumber, 0, checksum(bitN,BitNumber,key), 1, checksum(bitN,BitNumber,Key)
where the checksum is correct depending on whether the bit N of the message
is a 0 or a 1.  There is no encryption used - only authentication,
so it's perfectly legal in some jurisdictions, but only the recipient
can tell which bits are "wheat" and which bits are "chaff".
One of the cool things about it is that you don't need to use
fake material as chaff - somebody else's wheat works just as well,
because the checksums fail if you use your key on their bits.
It's a very inefficient protocol, but there are ways to make it
less bad (not *good*, but at least less bad.)


				Thanks! 
					Bill
Bill Stewart, bill.stewart@pobox.com
PGP Fingerprint D454 E202 CBC8 40BF  3C85 B884 0ABE 4639