[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ECPA/1997: the other shoe?



At 07:51 AM 3/5/97 -0800, Greg Broiles wrote:
>I've seen discussion on various lists and in the media about the reissue of
>Sen. Burns' Pro-CODE bill (S. 377); I was poking around thomas.loc.gov for
>information about S. 377 and ran across S. 376, introduced by Sen. Leahy,
>the "Encrypted Communications Privacy Act of 1997", which implements a lot
>of legislation that cypherpunks types have been speculating about for
>several years now.
[snip]
>I haven't had a chance to go over it in detail, but it purports to do these
>things:
>Makes the use of any cryptosystem in the US, or by US persons on foreign
>soil, legal;

Which is somewhat illogical, because if we assume that things are legal 
until made illegal, and there is no illegal cryptosystem, that means that no 
bill can "make the use of any cryptosystem legal."

(I understand, of course, that you may simply be saying that the bill 
pretends to do it...)


>Prohibits the implementation of mandatory key escrow

Again, somewhat of a non-issue, wouldn't you say?  What with the 1st 
amendment, the government would have an enormous uphill battle to make key 
escrow mandatory anyway.


>Establishes standards and procedures under which key escrow agents may
>release escrowed keys (including criminalizing wrongful release and
>wrongful failure to release pursuant to court order/other authorization)

Key escrow agents (to the extent they currently exist and will exist in the 
future) are presumably entitled to contract with their customers whatever 
conditions and terms their customers desire.  If that DOESN'T include 
sharing the key with the government, as far as I know that's entirely 
legitimate.  ("impairment of contracts.") Also, I see no reason to believe 
that those agents will necessarily have copies of the keys in unencrypted 
form, useable by the government.  


>Criminalizes the willful use of encryption to obstruct justice

Which, as Tim May points out, could imply practically any useage of crypto 
with the "appropriate" misinterpretation on the part of government, 
particularly encrypted remailers.  Just what the Leahy bill last year 
appeared to be intended to do.


>Confirms that it is legal to sell any cryptosystem within the US 

Again, that's unnecessary and redundant.

>Sets standards for the release of keys to foreign governments


>
>I'll post a more detailed summary later when I've had a chance to go over
>the bill more carefully.

What we should be particularly suspicious of is any differnces between last 
year's bill and this year's.  Somehow I doubt we'll see any desireable 
change; all the changes will be bad.


Jim Bell
[email protected]