[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SAFE Bill is a Disaster--"Use a cipher, go to prison"



(A copy of this message has also been posted to the following newsgroups:
alt.cypherpunks,  talk.politics.crypto, comp.org.eff.talk)


CDT and other Washington insider groups are busily singing the praises of
the SAFE encryption bill, despite some acknowledged "minor flaws."

Well, the flaws are not minor. The bill does not give Americans any rights
they do not already have, and does not ease export of strong crypto in any
meaningful way. In fact, the bill contains odd language implying it is
essentially only financial software which is easier to export, and then
only if the receiving country (huh?) allows it...since when is the duty of
U.S. Customs to pass products for export based on whether Baluchistan, for
example, wants the product?

Ah, but things get worse. The language speaks of barring key escrow, but
then says that law enforcment needs are not affected. This not only is not
a bar on key escrow, which of course is not required at this time, but it
also may open the door for "legitimate needs of law enforcement" key
escrow.

And, worst of all,  it criminalizes the use of crypto in connection with
the use of crypto in any prosecutable offense. Say "Fuck Goodlatte and the
horse he rode in on" in a message using encrypted remailers, and the
Communications Decency Act is violated (if it gets upheld). Voila, instant
5-year sentence. Use remailers to distribute information banned by Big
Brother.... 

The chilling effect is exactly and completely analogous to the chilling
effect intended when those giant billboards went up some years back with
the dire warning: "Use a gun, go to prison."

I hope the fools at CDT are prepared to help install the "Use a cipher, go
to prison" billboards.

I've been watching these so-called "crypto liberation" bills, Pro-CODE and
SAFE, wend their ways through the legislative process. Both are severely
flawed. Both should be rejected. Passing laws with flaws is worse than
doing nothing, than just relying on the good old Constitution for our
rights.

Here's a partial analysis of this pernicious piece of legislation:

At 2:19 PM -0800 4/30/97, Alan Davidson of CDT wrote:

> CDT POLICY POST Volume 3, Number 1                       April 30, 1997
>
> CONTENTS: (1) House Subcommittee Approves SAFE Internet-privacy bill

>-----------------------------------------------------------------------------
>HOUSE SUBCOMMITTEE APPROVES SAFE INTERNET-PRIVACY BILL
>
>The House Judiciary Subcommittee on Courts and Intellectual property today
>approved the Security And Freedom through Encryption (SAFE) act (HR 695),
>sending the SAFE bill to the full House Judiciary Committee.
...
>Today's vote marks a critical step forward in the ongoing fight to reform
>US encryption policy, and sends a strong signal to the Clinton
>Administration that Congress is serious about passing real encryption
>reform legislation.

SAFE provides no rights not already enjoyed by Americans, and contains
language which appears to compromise some other rights.

For example:

""�2804. Prohibition on mandatory key escrow

"(a) PROHIBITION. -- No person in lawful possession of a key to encrypted
information may be required by Federal or State law to relinquish to
another person control of that key. 
"(b) EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES.-Subsection (a)
shall not affect the authority of any investigative or law
enforcement officer, under any law in effect on the effective date of this
chapter, to gain access to a key to encrypted information. "

Sounds good...a ban on key escrow, right? No, because "EXCEPTION FOR ACCESS
FOR LAW ENFORCEMENT PURPOSES" could easily be used to mandage key escrow.
After all, even Louis Freeh and Dorothy Denning have never argued that key
escrow is for use by non-law enforcement!

Put another way, this particular section says Alice doesn't have to
relinquish a key to Bob, a private citizen. Same as the way things are now,
where there is no law, modulo contractual relationships, mandating such
disclosure of keys.

A truly meaningful form of this putative or purported ban on key escrow
would include language along the lines of: "No government agency or
department shall in any work propose, negotiate, plan, or do research on
any scheme related to "key escrow," blah blah blah..." (Not being a lawyer,
I won't try to write the language; the point is that SAFE contains only
weasel language and doesn't actually bar key escrow so long as the Magic
Words "Law Enforcement Purposes" are uttered.)

Meanwhile, the traitors have criminalized crypto with this little gem:

"�2805. Unlawful use of encryption in furtherance of a criminal act

"Any person who willfully uses encryption in furtherance of the commission
of a criminal offense for which the person may be prosecuted in a court of
competent jurisdiction -- 

       "(1) in the case of a first offense under this section, shall be
imprisoned for not more than 5 years, or fined in the amount set forth in
       this title, or both; and
       "(2) in the case of a second or subsequent offense under this
section, shall be imprisoned for not more than 10 years, or fined in the
       amount set forth in this title, or both."."

Obviously, this is a serious problem, recognized by CDT, Lofgren, and many
others. Given that a vast and increasing number of behaviors are now
prosecutable offenses, this section alone would make most remailers parties
to a crime, would make corporations parties to crimes, and would have a
"chilling effect" on the use of crypto.

"Use a cipher, go to prison."

(Using a cipher alone would not itself be a crime, obviously, but the
parallels are *exact* with the famously chilling billboard message: "Use a
gun, go to prison." Using a gun in and of itself is not a crime, as in
target shooting, etc., but the chilling effect message is crystal
clear...this was the whole intent of the California billboards with this
message. So, will billboards be erected with the same message about
crypto?)

This alone is grounds for CDT, EFF, EPIC, ACLU, and anyone else to
immediately and completely withdraw all support for SAFE. The message "Use
a cipher, go to prison" is simply too pernicious to be allowed. Period.

Anyone who disagrees with this should immediately get out of the "civil
rights" industry.

As for the supposed relaxation of export restrictions, I fail to see much
of a difference. The SAFE text says (and I am only partly quoting it, as
quoting it all is too complicated for a message like this one):

" No validated license may be required, except pursuant to the Trading With
the Enemy
       Act or the International Emergency Economic Powers Act (but only to
the extent that the authority of such Act is not exercised to
       extend controls imposed under this Act), for the export or reexport
of..."

Gee, that little clause gives back control of exports. The "except pursuant
to the Trading with the Enemy Act," etc. part means that strong crypto
still won't be freely exportable.  



And the famous bit about exports being allowed to any country in which the
product is already approved...well, we see which way the wind is blowing in
other countries on this one. No doubt the Crypto Tsar, David Aaron, will
ensure that many products are not legal for use in France, Germany, Japan,
etc.

Oh, and just why is a U.S. _export_ contingent on it being "allowed" in
some other country? Export laws regarding national security are about stuff
_leaving_ the United States, not about stuff _entering_ France! That's a
problem for France to solve, not a problem for U.S. Customs to worry about.

And the "permitted for use by financial institutions" seems odd. Is this
SAFE bill only allowing (supposedly) free export of _financial_ software?
It sure looks this way.

       "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES. -- The Secretary shall
authorize the export or reexport of software with encryption capabilities
for nonmilitary end-uses in any country to which exports of software of
similar capability are permitted for use by financial institutions not
controlled in 
              ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
fact by United States persons, unless there is substantial evidence that
such software will be
       -- 

              "(A) diverted to a military end-use or an end-use supporting
international terrorism; 

Well, there's the gotcha. There goes the export of "unbreakable crypto," as
it will surely (and already has) been used by Hamas, Sindero Luminoso, the
IRA, and other such international freedom fighters, er, "terrorists."

Thus, we've gained absolutely nothing. Nada. Zip. 



And so it goes. 

Crypto becomes semi-criminalized. Key escrow is not at all restricted,
providing the need is related to "law enforcement" (though private citizens
like me are apparently no longer able to demand the keys of our
neighbors...but, gee, I guess we never were, so nothing even here has been
gained...duh).

And export has the same restrictions related to the Trading with the Enemy
Act, with various national security and law enforcement concerns, but with
some strange language about export being allowed for financial cryptography
providing the receiving country allows it for non-U.S.-owned entities.
(????)

A dangerous piece of legislation. Worse than the status quo. 

It ought to be killed dead.

"Use a cipher, go to prison."

--Tim May, who is a felon under various laws, and who has used crypto in
furtherance of these felonious activitities, and who hence faces 10 years
in the pokey for the SAFE "crime" of using crypto in furtherance of
multiple prosecutable offenses

Fuck that. Fuck CDT, too, for not denouncing this horrible piece of crap.

-- 
There's something wrong when I'm a felon under an increasing number of laws.
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."