[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Nightmare Scenario: Public Key Distribution Controlled



At 4:03 PM -0700 9/13/97, Declan McCullagh wrote:
>This proposal is perhaps the most terrifying thing I've read. Mostly
>because such a proposal could pass quite easily by a small change -- one
>sentence -- to the definition of "cryptographic product" in a bill.
>
>You can bet that members of Congress would vote for it, too.
>
>-Declan
>

I brought this up at yesterday's meeting, and those who commented agreed
that "cryptographic keys" will likely be covered by the final language
(next year's version, if one believes the consensus of our meeting).

The U.K. TTP thing I cited is very long and detailed, in contrast to the
brief language now circulating for the unSAFE bill. The Brits were more
detailed in their planning process.

Kelly Baugh had a great line. I hope my quoting of it here does not get her
into trouble. Paraphrasing:

"The FBI would rather get legislation passed without much planning, and
then worry about the implementation later."

(Her version may have been blunter, about thinking vs. acting, but my
paraphrase captures the idea.)

Antonomasia (sp?) made some points about whether or not the TTP draft
really would cover key distribution. Recall we had many such discussions
around the time the TTP thing was first being circulated, circa earlier
this year. The archives may produce analyses on both sides.

I believe the TTP draft would certainly cover the keyservers, and possibly
even key-signing parties (under RICO, the Racketeer-Influenced and
Cryptography Organizations Act).

And whether the British TTP draft directly bans such things is not really
the point. The U.S. version (and the versions eventually adopted,
lapdog/OECD/Wasenaar/NWO style by other nations) could easily have explicit
language to cover this.

Like I said, I think the "key management...key certification...digital
signatures...." stuff in the TTP draft is *already* sufficient to, if
passed in the U.S., outlaw key servers. Whether contacting a key server in
a foreign location is also illegal is another issue. Recall, though, that
the TTP also had language about the illegality of using offshore
cryptographic services (even non-U.K. services in general!).

I believe the excitement we're now seeing is just Act One of the "Scare
Them 'till they Beg for Big Brother" show. Act Two will commence in 1998.
Probably with more detailed language, along the lines of the
OECD/French/British legislation.

The climax may not come until some Tragic Event: an airliner shot down by
crypto-using terrorists, a major Child Terrorism or Nuclear Pornography
ring is uncovered, another truck bombing, a nerve gas attack, a war in the
Middle East, etc.

Then the legislation will make it out of committee and be passed
overwhelmingly.

Exit, stage left.

--Tim May

There's something wrong when I'm a felon under an increasing number of laws.
Only one response to the key grabbers is warranted: "Death to Tyrants!"
---------:---------:---------:---------:---------:---------:---------:----
Timothy C. May              | Crypto Anarchy: encryption, digital money,
[email protected]  408-728-0152 | anonymous networks, digital pseudonyms, zero
W.A.S.T.E.: Corralitos, CA  | knowledge, reputations, information markets,
Higher Power: 2^1398269     | black markets, collapse of governments.
"National borders aren't even speed bumps on the information superhighway."