Re: So, what crypto legislation (if any) is necessary?

[jim bell <jimbell@pacifier.com>]

At 11:34 PM 4/3/96 -0800, Bill Stewart wrote:

>>As usual, Unicorn is FOS.  Not entirely in his facts, but in his 
>>conclusions.  To "forbit third parties to reveal prosecution inquiries" is 
>>an obvious violation of freedom of speech, and in fact is PRIOR RESTRAINT.  
>>Maybe Unicorn can't see what's wrong with that, but I can.  It is unclear 
>>whether this has ever been tested in court, or whether that test occurred 
>>recently.
>
>Black Unicorn is absolutely correct that this is generally the law.
>Jim Bell is absolutely correct that laws like this are offensive and outrageous.
>Unfortunately, Jim then rants at Unicorn for suggesting that this
>would be the case; you'd think he'd be the first to realize that
>there are laws out there that are offensive and outrageous and enforced.

I really don't think you're giving me enough credit.  I am fully aware that 
in the past, the organizations on which wire-tap-type subpoenas were served 
(primarily AT+T, "The phone company") were very cooperative with the police 
and probably "never" challenged the subpoena. There is the law, and there is 
the usual reaction to that law, and I expect that much of Unicorn's position 
is based on a (false) assumption that this reaction will necessarily 
continue unchanged.

Besides, that phone company had a monopoly, so it wasn't possible for 
citizens to shop around for a phoneco that was known to make it hard for 
police.  But that's changing, and that's my point.  Now and in the future, 
it's going to be harder and harder for the police to get a 
bend-over-backwards level of cooperation, and in fact phonecos (and 
especially ISP's) might reasonably want to build up a reputation that they 
will defend a customer's security in court long before a wiretap is 
installed.  Imaginative phonecos will find ways to inform the target 
legally, including naming the target as a non-hostile defendant in a court 
challenge to that wiretap, and noticing that target since he's now a party 
to a court action that must be noticed under civil procedure rules.

In short, there is a drastic difference between blind obeisance and 
enthusiastic hostility, even if you exclude actions by the ISP or phoneco 
that would rise to the level of some crime.  It is this difference which 
will  change the previous ability of the police to get wiretaps 
done secretly.  My point in the first paragraph that I am quoted in above is 
that many of the challenges that have never been made against wiretap 
subpoenas, due to a closer-than-arms-length relationship between the phoneco 
and the government, _will_ be challenged.  Precedent, to the extent 
precedent exists, will be challenged on (among other things) the basis of 
the fact that this precedent was formulated during an era when essentially 
all telecommunications was monopolized and regulated, and there is no reason 
to believe that a previous telecom monopoly would have been diligent at 
protecting the rights of their captive customers against the interest of the 
government at that time.


>>For example, if I ask my ISP to send me an anonymous, encrypted message with 
>>the word, "Rosebud" in it to me if he receives any requests to tap my 
>>connection, he can do so with no fear of being discovered, because no third 
>>party can decrypt the message, know who is is from, or know the real meaning 
>>of the word, "Rosebud" in the context of an encrypted, anonymized message.  
>>Further, since the whole thing is by pre-arrangement, even I cannot prove 
>>(to the satisfaction of a third party) that the message really meant what I 
>>would interpret it to mean.  The message is useful to me, as a warning, but 
>>it could never turn around and "bite" the ISP.
>
>Now that's an interesting wrinkle to the problem.  I suspect that,
>as you suggest, there will be ISPs, especially in non-US jurisdictions,
>that are willing to send out "Rosebud" messages to anonymous remailers,
>or to fail to send "Remarque" messages, or to debit anonymous accounts
>for data retrieval services rendered while also supporting billing-status
>checking by anonymous remailers.  From a crypto-anarchist dogmatic perspective,
>it'll definitely happen, though there may be a rough transition until
>there's enough critical mass to make it undetectable (and note that
>"undetectable" is a tougher standard than "untraceable"...)

I think we need to start challenging all the previously-assumed issues that 
have been interpretated to benefit the government.  If my ISP has agreed, 
for instance, to send me daily certifications that he hasn't received any 
"official" inquiries about my account, and one day he receives such an 
inquiry and is forced to install some sort of a tap, it is hard for me to 
imagine what kind of legal precedent would allow (and, even, REQUIRE) him to 
continue to send false certifications when the alternative, simply failing 
to send any certifications whatever, is also "legal."  (and, in fact, may be 
required under my contract with him, should he be obligated to do a tap or 
know one exists.)  The fact that I'd likely interpret his failure to send those 
messages as meaning that my access is tapped is not within his control, and 
if he's unwilling to screw me I find it hard to believe that he can't act on 
this fact even if those actions have an indirect effect of alerting me.  
These are the kinds of issues that have either rarely or never been 
challenged in court, simply because the organization(s) that would normally 
do those challenges was in the hip pocket of government.  It's going to be a 
brave new world very soon.

Jim Bell
jimbell@pacifier.com