Re: clipper + enaction = illegal alternate encryption

[rcain@netcom.com (Robert Cain)]

VACCINIA@UNCVX1.OIT.UNC.EDU sez:
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> Jeremy@crl.com writes:
> 
> >Now why bother going through all the trouble to take out the chip? Why 
> >not just leave it in there and send RSA encrypted over your phone line?
> >Once they _DO_ decrypt your clipper, they will still have another barrier. 
> >Leaving the chip in there does make it a little harder even for law 
> >enforcement doesn't it?
> 
> This is the reason all other forms of encryption will be outlawed if the
> clipper proposal goes through.

I do not think so.  It is perceived at very high levels that this
simply won't fly.  Y'all have been pretty effective at creating an
initial negative impression within the press that is being accepted by
John and Jane Q. public.  Congrats.  It is felt that already there has
been too much bad press to counteract even with good arguments.  If it
happens I don't think it will be a matter of legislation but executive
order that will stand the scrutiny of private consultation with
congress and the flak this early publicity will generate.  The latter
is just a guess but I do know that the Clipper proponents are not at
all encouraged and feel the need for it in the most sincere and
concerned ways for what I think are very good reasons.  Personally I
don't think they will do anything to prevent our opening Pandora's Box
simply because they are outflanked and know it but they have considered
things they can't say in public that are creating much fear not only
within this government but quite recently among many governments.  It
is not dope dealers or racketeers these governments are worried about.

> I foresee at least two lines of enforcement.
> The first is that one is held in contempt of court (assuming they can find 
> some charges to press) until you give them your key. How long can they keep 
> you in the slammer on a contempt charge? This option is already available 
> and seems to work, at least so far. 

This could work except that if exchanges are interactive so that a D-H
type protocol can be used to generate one time session keys, using the
RSA PK's only to do this securely, then yielding one's private key gives
no ability to decrypt any prior interactive sessions.  For documents
this line of enforcement could work but for conversation it is useless.

> 
> The second is to make alternate encryption illegal and thus they will
> get you even if they have no evidence to charge you with. After all, if
> the police are monitering you AND you are encrypting information, you
> must be guilty, right? Encryption will be enough evidence to convict.
> This makes life easy for law enforcement and will surely be the next
> step after clipper.

Except that if you use Clipper too they will have no reason to suspect
that you might be using something hard going into it until they have
done the escrow thing and by then you are probably in pretty deep
anyway if the escrow method works as described and probably guilty of
something pretty serious.

There really is a strong argument from their side that says if one must
use a form that is immune from a compromise like well escrowed keys one
is *way* more than likely to be discussing something most of us would
want LE or NS to know about.  I know that argument is anathema here
but I am finding it more and more compelling.


Peace,

Bob

-- 
Bob Cain    rcain@netcom.com   408-354-8021


           "I used to be different.  But now I'm the same."


--------------PGP 1.0 or 2.0 public key available on request.------------------