[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Outlawing the overhearing of conversations

To: [email protected] (Timothy C. May)
Subject: Re: Outlawing the overhearing of conversations
From: [email protected]
Date: Fri, 19 Aug 94 14:47:32 EDT
Cc: [email protected]
Sender: [email protected]

	 - I find a number which looks to be compressed or encrypted. I fiddle
	 around with it and manage to decrypt it, and it turns out to be a
	 useful to me (and possibly harmful to others). What law have I broken,
	 plausibly? 

With the possible exception of this point, I suspect that we agree
more than we disagree.  My note included the following excerpt from
the original:

	 The bill makes it a crime to possess or use an altered
	 telecommunications instrument (such as a cellular telephone or
	 scanning receiver) to obtain unauthorized access to
	 telecommunications services (Sec. 9).  This provision is
	 intended to prevent the illegal use of cellular and other
	 wireless communications services.  Violations under this
	 section face imprisonment for up to 15 years and a fine of up
	 to $50,000.

My reply was keyed to the phrase ``unauthorized access to telecommunications
services''.  As I read it -- and you may differ -- the action that's
being prohibited here is picking up things like ESNs, credit card
numbers, etc., and using those to obtain fraudulent access to the
phone network.  I'm hard put to justify such behavior as ethical, and I
have no problem with declaring it illegal.  (Again, though, prudent
folks and/or their insurance companies and/or the government may choose
to use/mandate crypto.  Banks started using DES authentication for
EFT transfers because the Fed insisted -- they didn't see the problem.)

As for decrypting numbers picked up over the air -- although I'm going
to be vague, I suspect that there is a real issue here.  Suppose that
you run a pay TV service that you genuinely attempt to protect -- that
is, you use DES or stronger.  Am I *entitled* to watch for free
because I happen to be smart enough and/or rich enough to crack DES?
Can I legally or ethically give away or sell recovered keys?

The point I'm making here is that you're making a reasonable effort
to protect something, and thus implicitly declare it private and worthy
of protection.  This is in distiction to unencrypted transmissions
(i.e., today's cellular stuff), security through obscurity (today's
digital cellular), or marginally encrypted (frequency inversion).

To be sure, I don't know where to draw the line here, and I don't
think I want a judge (state-appointed or freely agreed upon) drawing
it for me.  Maybe we should take a leaf from NSA's book and say that
40 bits or less of key amounts to a welcome mat...

		--Steve Bellovin

Follow-Ups:
- Re: Outlawing the overhearing of conversations
  - From: [email protected] (Mike McNally)

Prev by Date: trusted time stamping
Next by Date: CIA Using Remailer System?
Prev by thread: Zimmermann/NSA debate
Next by thread: Re: Outlawing the overhearing of conversations
Index(es):
- Date
- Thread