[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

UK TTP regs



-----BEGIN PGP SIGNED MESSAGE-----

Have spent some time reading over the paper re TTP/CA regulation in the UK. I
don't think the paper is exactly a model of clarity, but my impression (from
a few passes over it) is that it isn't intended to affect the distribution of
software but is intended to affect people acting as CA's (including signing a
friend's key) or as key escrow agents.

But both this document and two of the three bills in the US Congress
(Goodlatte and Leahy) look to me like "first shoes" which precede "the other
shoe dropping", e.g., making use of a TTP/key escrow agent mandatory once
there's a reasonable infrastructure in place.

Regulating essentially informal and private transactions like key signing
between associates strikes me as absurd - but not much more absurd than
things done on this side of the Atlantic, of course. I do think there are
interesting issues around certifying CA's and CA liability, but it seems like
they can be addressed using existing legal theories/strategies - some mix of
tort law and contract law should be sufficient. Criminalizing a PGP
key-signing party is almost as stupid as threatening to criminalize PGP. My
hunch is that legislatures in Europe as well as Congress are going to get
around to trying that within a few years. All it's going to take is repeating
the phrase "legitimate needs of law enforcement" and "a fair balance between
law enforcement needs and industry needs" a few thousand more times and it'll
all seem perfectly rational.

Last week's hearing for the ProCODE bill totally ignored the right of
individuals to be free from interception/eavesdropping, and seemed to focus
on some sort of compromise between business (who's perceived as wanting to
make money from exporting strong crypto, but the argument is structurally the
same whether we're talking about export/import controls on wheat or cars or
on crypto) and law enforcement (who's perceived as being, at worst, slightly
overzealous in their pursuit of safety & tranquility for each and every
American, perhaps to the detriment of business interests, apologies to those
fine businesses & their investors, etc.) (* I missed the first 20 minutes or
so, perhaps that's when this was discussed, but I'll bet not.) I don't think
I heard the Fourth Amendment (or any similar concerns) mentioned even once,
nor the consistent pattern (across tens of years, subject matter, internal
jurisdictions, national boundaries, and ideology of the government in power)
by which law enforcement grows contemptuous of the law itself and begins
using its power to perpetuate itself and in various flavors of political or
personal repression. I suppose it would have been impolite to mention the
various Red Squads, the COINTELPRO operation against domestic dissident
groups, harassment of antinuclear and anti-Contra activists, local police
spying in Pittsburgh and Los Angeles and San Francisco (and surely many other
places I haven't heard about, too), Ruby Ridge, Waco, Operation MOVE, and
recent revelations that the FBI crime lab has been altering lab reports and
offering perjured testimony against criminal defendants. Law enforcement
abuses are not "aberrations" nor "unfortunate incidents" which could not be
predicted nor are they unlikely to recur. The only real question is whether
or not we want to give law enforcement tools which can only be misused in
obvious ways (like guns, which make noise, or tanks or helicopters, which are
easy to see/hear) or if we're going to give them tools (like secret wiretaps
and access to crypto keys) which are very difficult to track or detect when
used illegitimately.

Between cops who fuck up for political reasons (see above) and spooks/cops
who sell out just for money (Ames, Lonetree, and the rest of the sad parade
I've already forgotten who've been willing to sell "top secret" material
which they knew put their colleagues' lives in danger, as well as
street-level corrupt cops who "look the other way", steal from
suspects/defendants, "borrow" from evidence lockers, carry "throw-down" guns
and the rest), it's hard to feel like this is an institution that deserves
any real trust. It may be that society ends up with less net brutality and
corruption if we let the SFPD or the LAPD or the FBI drive around with guns &
radios than if we allowed the Mafia or the Crips or the Bloods to do that ..
but it's really just "more brutality" or "less brutality". The lesser of two
evils is still evil. 

Which is a lot of rant to say that I don't think the sky is falling in the UK
just yet.
-----BEGIN PGP SIGNATURE-----
Version: 4.5

iQEVAgUBMzZU2f37pMWUJFlhAQEO2wf+Lmuc6t8m1pdvcFt3EKsG6UEKoSIV9SUn
e8QYrj2FFkCYUMS4Oh/FZ8T+wtgLRZ/z1eZQs5KUU1GMpP58j1KLS6K859Y9rvQs
kFZqVwXzoLrD06Dn7Vr9AOxcqx0VC/692jEBoMsuqCjfL9VGDjIPFJFbPN900QQn
mbbU5eL5567YGnYYd2Xe25zPDS4UWUiF7HKxgZF+mt619wOBVMRf9h8A853iA9h5
as156RPh1t5R4NGKwfGb+b8S5vmB5+tbTkFNLcPv2gcTl4xUHMnUST0I5BG6ww9C
aV1Ove4muVg/Dw/vhbWixjGKI312uWQ+4lcRSaUOJ9j6XsKGUzxFEw==
=Gnfa
-----END PGP SIGNATURE-----

--
Greg Broiles                | US crypto export control policy in a nutshell:
[email protected]         | 
http://www.io.com/~gbroiles | Export jobs, not crypto.
                            |