[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: So how does the crypto crackdown go?




>
>One question is whether they would also try to make it illegal to use
>(rather than to distribute) crypto software.  On the one hand, if they
>don't do that, they have a problem with all the installed base of code.
>But the legalities of stopping people from encrypting code on their own
>computers, or writing crypto programs for personal use, seem a lot more
>questionable to me, and I don't know how much precedent there would be
>for that kind of restriction.

Not at all questionable. A ban on crypto would follow the current trend in regulating technology. 
Consider the case of Bernie S. who is in jail for possessing electronic parts that could be 
used for telco fraud. Any government action towards banning crypto will include possession
of crypto as a crime. 

The "cat's out of the bag" argument is ineffective as well as the governments just don't 
care. They'll just say in effect: "It's illegal. Destroy it if you got it." Now it's doubtful if 
enforcement would make unprovoked searches and arrest people solely for possession 
of crypto. And it is also unlikely that DA's (except perhaps the most bored) would follow 
up on "My neighbor is using crypto" tips. But it is not uncommon for prosecutors to 
heap additional charges on criminals (alleged) such as the case in robbery: 1 count 
robbery, 1 count using a gun in robbery. or perhaps 1 count tax evasion, 1 count using 
crypto to commit tax evasion. While the former charge may end up being unproven the 
later often sticks.

>
>So as I see it the main target of the ban would be distributors of
>software rather than end users.  This would be in line with the often
>stated goal of the law enforcement people that their main concern is with
>crypto that is built in, transparent, and trivial to use, rather than
>hacker's crypto.

Hmmm. Hackers built the ubiquitous CryptoFS for Linux, no? And the nascent S/WAN 
too. I don't see a distinction between popular and subculture crypto. The two invariably 
mix. A program may have it's origins in the subculture but it will often meet the needs of 
the popular culture as well and be adopted, accepted, and so on. Consider PGP and 
such add-ons as Brainless-PGP, WinPGP, and the various auto PGP tools.

It seems to me that banning distribution would just be too generous. What is distribution? 
Are time share accounts distribution? I created it but many can use it but the actual bits 
(well are there actual bits?) never left my single computer. But the nature of "distribution" 
is to move something from one person to another. Now nothing really moved but a few 
electrons. But multiple people did use it. Book 'em. Distribution is an archaic term here 
and the regulations will involve controlling what software may be run on personal computers.

The stated goal is a posture designed to sound reasonable. Only time will tell if the actual 
goal is the regulation of computer uses as I suspect.

The security establishment fears crypto. Fears loss of control. 

I suspect that with Clinton back in the White House (was there a choice?) we will enter 
a period where the Clipper chip seemed like a good idea. In comparison. Unless some 
fundamental changes occur to the Security, Intelligence and Law Enforcement agencies  
(a new acronym? SILE? Pronounced with a long E of course <g>) we will see more
business as usual and some completely draconian steps taken against strong encryption. 
The only recourse is to take an active role now. We must go on the offensive and :

1) Deploy S/WAN
2) Write more strong ubiquitous crypto
3) Attack the SILE agencies directly by challenging their purpose, gutting their budgets, 
exposing their falacies (umm is that almost freudian or what), flooding international 
communications with strong crypto messages (content need not apply), and of course 
ridiculing their every effort.
4) Finding allies in the legal community and educating fence sitters, critical judges, 
legislators, and so on.

Now is the time to act.

diGriz