[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Kerrey bill introduced in Senate (fwd)




Hi,

Forwarded message:

> Date: Tue, 17 Jun 1997 19:09:09 -0400
> From: Robert Hettinga <[email protected]>
> Subject: Kerrey bill introduced in Senate

> Sen. Kerrey's evil "Secure Public Networks Act" was introduced in the
> Senate today, cosponsored by Sen. McCain.
> 
> The bill, if passed, would:
> 
> Criminalize breaking another person's ciphertext for the purpose of
> violating their privacy, security, or property rights; (goodbye, Netscape
> bugs bounty and DES/RC4 cracks) (s. 105(3))

Actualy it would prevent me from cracking your ciphertext, it does not
prevent me from trying to crack my own ciphertext. Since I am supplying the
plaintext it is clear that I can continue to test Netscape or any other
algorithm. It also implies, by specificaly mentioning privacy, that you can
give me permission to attempt to crack your ciphertext. It, intentionaly or
not, give you the individual the choice and not Uncle Sam.

> Criminalize intercepting another's intellectual property for the purpose of
> violating intellectual property rights (s. 105(4))

I have absolutely no problem with making it illegal for you to packet sniff
my network when your specific goal is to take internal information against
my will and use it against me.

I think this is the kind of law that needs to be made. I would however
suspect that existing law covers this quite thoroughly.

> Require federal government purchasers of crypto equipment to buy GAK
> crypto; (s. 202, 204)

The federal government can require whatever the hell it wants of itself. I
don't work for them anymore and would not consider it in the future. When
they start telling me that I have to do something for their convenience,
then and there I have a major bitch.

> Require crypto products purchased with federal funds for use on a public
> network to employ GAK crypto; (s. 203, 205)

See above.

> Legalize the export of 56-bit DES crypto; (s. 302)

Ain't much, but it is a step in the right direction. I mean, 64-bit ain't
that far from 56, and shoot if your gonna give me 64 how about 128 since it
is ONLY twice as 'large'.

> Criminalizes the issuance of signature certificates by registered CA's for
> encryption keys if the user has not complied with GAK procedures; (s.
> 407(a)(4))

When did they pass a law requiring registration of CA's in the first place?
Or is this another law that only applies to voluntarily registered
government  CA's? And just exactly what is the ANSI/ISO standard of said
registrant? RFC?

> Criminalizes requesting a signature certificate for an encryption key from
> a registered CA if the user has not complied with GAK procedures; (s.
> 407(a)(5))

I don't understand this. Is the person asking committing the crime for
asking for a signature certificate without complying with GAK processes?
Or is the person refusing to register their key with a CA after the CA
received a request from a third party?

> Allows the Secretary of Commerce to "make investigations, obtain
> information, take sworn testimony, and require reports or the keeping of
> records by .. any person", to the extent necessary to enforce the Act; (s.
> 701(a))

Are you saying they must require everyone in a particular business class to
comply with their regulatory mechanations without exception OR that they
will be able to force such regulatory excesses as they can squeeze out of an
individual person/business?

> Allows the Secretary of Commerce to subpoena witnesses and documents in any
> State at any designated place; (s. 701(b)(3)(A))

Their enforcement agents already have this power since they are considered
federal agents equivalent to DEA or FBI (Hint: NEVER argue with a guy wearing
NOAA, NASA, USGS, DoA, etc. *AND* a badge).

> Allows the Secretary of Commerce to impose civil/adminstrative penalties of
> up to $100K for violations of the Act; (s. 702(1))

Without trial?

    ____________________________________________________________________
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http:// www.ssz.com/  |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 [email protected]     |
   |                                                  512-451-7087      |
   |____________________________________________________________________|