Path: utzoo!telecom-request Date: Thu, 9 May 1991 13:32:22 GMT From: "Michael H. Riddle" Newsgroups: comp.dcom.telecom Subject: Re: You're All A Bunch of Terrorists Message-ID: Organization: University of Nebraska - Lincoln Sender: Telecom@eecs.nwu.edu Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 349, Message 4 of 10 Lines: 99 In Tom Gray writes: >> It is the sense of Congress that providers of electronic >> communications services and manufacturers of electronic communications >> service equipment shall ensure that communications systems permit the >> government to obtain the plain text contents of voice, data, and other >> communications when appropriately authorized by law. This is probably one of those bills where a lot of concerned people will disagree on the effect, but I for one disagree with you. Perhapas my disagreement is founded on over twenty years' experience in military communications, which is admittedly a specialized subset of the profession. Anyway, the phrase "plain text" has a rather particular meaning. I've /never/ heard it used except to differentiate from cipher text. ( I use "cipher" in a general sense, to include codes, although technically they are different.) Part of the reason for concern is that this section appears in the middle of a bill (238Kbytes on my disk) that addresses: (quote) S. 266 1991 S. 266 SYNOPSIS: A BILL To prevent and punish domestic and international terrorist acts, and for other purposes. (unquote) Additionally, substantially the same language: (quote) 1991 S. 618 MARCH 15, 1991 -- VERSION: 1 PART II-ELECTRONIC COMMUNICATIONS SEC. 545. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT. It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law. (unquote) appears in an even longer bill, S. 618 (238Kbytes) dealing with: (quote) S. 618 1991 S. 618 SYNOPSIS: A BILL To control and reduce violent crime. (unquote) Perhaps its the conspiracy theorists at work, but many of us see this "sense of the Congress" as granting a "hunting license" to NSA. Perhaps you remember the discussion (continuing even today in sci.crypt and elsewhere) whether the NSA designed the DES so it could be broken. Given their ability to place Secrecy Orders on cryptographic devices, those that would not trust some government agencies find it easy to believe the allegation that Biden and Deconcini mean exactly what they say -- they want government agencies to break any cipher text. For example, while I haven't heard of it, I wouldn't be surprised to hear that some drug operations used digital voice encrypted radios in their operations. They are well-enough organized in other aspects of their business. The problem is that secrets can't be held forever, and if there is a way to break it, then the "enemies" of legitimate users of cryptography are less secure. Trade secrets and industrial espionage aren't exactly rare terms these days. Some people just feel that no one has a reason to listen in on their calls for any reason. When ISDN comes a little more into service, digitial encryption will become (I think) affordable for the masses. The RSA patent expires in a few years, and for text it's fairly workable. Finally, as a legal thought, if a court ordered a wire tap, the agencies could recover the ciphertext, and if evidence were sufficient, I'm sure they could then order production of the keys. (I know this is less workable in practice, since destruction of superseded keys should be a priority.) Anyway, whether or not the bills get enacted, there /is/ sufficient reason to become concerned. <<<< insert standard disclaimer here >>>> riddle@hoss.unl.edu | University of Nebraska ivgate!inns!postmaster@uunet.uu.net | College of Law mike.riddle@f27.n285.z1.fidonet.org | Lincoln, Nebraska, USA