Re: So, what crypto legislation (if any) is necessary? (Was List O' , shame)

[Black Unicorn <unicorn@schloss.li>]

On Mon, 25 Mar 1996, Simon Spero wrote:

> 
> If the Leahy bill is unacceptable, what legistlation is necessary? I 
> can't see how the use of cryptography in the commission of a crime needs 
> to be a separate offence, but I could see how it could be treated as a 
> special circumstance - that doesn't really needed a new law though.

This kind of legislation would be painfully unenforceable.  How do you 
know if crypto was used in the commission of a crime unless you can offer 
the plaintext to show that the content was criminal or in furtherance of 
a criminal act or conspiracy, >and< that the content was encrypted?

This kind of statute nearly requires escrowed encryption or the old 
standby, stupid crooks.  I'd be happy to see this pass alone because I 
think it would placate some of the screaming crypto-frady-cats on the 
hill much the way the cosmetic assualt "looking" weapons ban did, but I 
think this unlikely.

It's like criminalizing the destruction of bodies in furtherance of 
murder.  What's the point?  Just use obstruction of justice.

> I do feel that it should be possible for courts to sub poena crypto keys, 
> but that doesn't really need new law either (4th and 5th ammendments 
> become _really_ important though (hmmm- there advantages to writing down a 
> constitution after all :)

After doing some work in a somewhat related area (I'm about to release 
the workproduct to the list), I am more and more dubious as to the 
protections the 4th and 5th amendments will provide in these instances.

I think many people on the list here had the right idea generally.  No 
legislation is good legislation for crypto.  Really the ITAR 
applications are beseiged right now, and will probably fizzle out of 
their own accord, not to mention the fact that they are de facto moot.

In practice it is trivial to subvert ITAR for the purposes of 
worldwide crypto availability.

Someone just needs to get a foreign entity producing strong hardware 
encryption in Estonia (hardware IDEA would be nice) to capitalize on the 
markets in the U.S. and non-escrow jurisdictions in Europe and Asia.

If we have no-legislation and a foreign producer of strong crypto soft 
and hardware for the next 3 years, I think we are way ahead of the game.

Unfortunately, I think some version of crypto legislation is going to see 
passage in the next pair of years.  Leahy certainly isn't going to give 
up, and he may have a bit more momentum after an election year runs its 
course.

Whoever wins the election, I think you can expect to see even more 
aggressive bills from congress on the subject.

All it would take is one anti-trust case with encryption as a concealing 
method and people would be busting down doors at night looking for PGP.

> Simon
> 
> ---
> They say in  online country             So which side are you on boys
> There is no middle way                  Which side are you on
> You'll either be a Usenet man           Which side are you on boys
> Or a thug for the CDA                   Which side are you on?
>   National Union of Computer Operatives; Hackers, local 37   APL-CPIO
> 
> 

---
My prefered and soon to be permanent e-mail address: unicorn@schloss.li
"In fact, had Bancroft not existed,       potestas scientiae in usu est
Franklin might have had to invent him."    in nihilum nil posse reverti
00B9289C28DC0E55  E16D5378B81E1C96 - Finger for Current Key Information