Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!think!mit-eddie!cybvax0!frog!die From: die@frog.UUCP (Dave Emery, Software) Newsgroups: net.ham-radio,net.video,net.crypt,net.mail,net.legal Subject: Re: Some comments on the Electronic Communications Privacy Act Message-ID: <1035@frog.UUCP> Date: Thu, 11-Sep-86 03:25:52 EDT Article-I.D.: frog.1035 Posted: Thu Sep 11 03:25:52 1986 Date-Received: Fri, 12-Sep-86 07:02:41 EDT References: <1031@frog.UUCP> <15591@ucbvax.BERKELEY.EDU> <1240@mhuxo.UUCP> Reply-To: die@frog.UUCP (David I. Emery) Organization: Superfrog Heaven [ CRDS, Framingham MA ] Lines: 103 Keywords: DES RSA LPC cheap simple too late Summary: Shortsighted Xref: mnetor net.ham-radio:2234 net.video:2194 net.crypt:575 net.mail:1153 net.legal:3518 Patrick Wyant writes : > There is more to restriction on reception proposals than merely seeking to >protect commercial interests. If the responsibility for ensuring secure >communications were lodged solely with the system operator, it would be quite >reasonable for the operators to pursue the use of digital encryption. This is >likely to lead to the introduction of some very nice encoding/decoding boxes >to the general public. According the the government, the general public >includes terrorists, subversives, common criminals (as opposed to uncommon >criminals), and hackers (!). The law enforcement and intelligence agencies >would not like these unsavory characters to gain ready access to a means of >communication that could not easily be tapped. Some of the encryption schemes >can not even be broken by the National Security Agency. Criminalizing radio reception in the hopes that providers of communications services will not provide their customers with a truly secure service is only a short term solution that at most buys a few years. The basic technology of end to end secure telephony is here now, and is getting cheaper and cheaper every year. It will not be too many years before the cost is low enough so some enterprising folks will mass market secure telephones. (I have dreamed for years of doing this when I finally find myself and get rich). As for data communications, the technology for effectively encoding digital data has been around for years, and anyone with something to hide would have to be stupid not to use the available tools such as the plethora of RSA/DES encryption programs for the PC family. It seems very likely if the federal government continues to follow it's current anti-privacy policy there will have to be a follow on act to the Electronic Communications Privacy Act making the possession or use of effective cryptographic technology illegal. In fact use of ciphers or codes over public communications facilities IS illegal in some countries. Simply relying on market forces to keep effective ciphers out of the public hands will not be enough. Unfortunately, this policy of dangerous openness and harsh civil and legal penalties for exploiting it leaves most of our communications terribly vulnerable to any serious criminal or spy clever enough to quietly intercept and exploit them. There will be no certainty that someone (in addition to the NSA, FBI, CIA or other such friendly agencies with long histories of law abiding and ethical behavior) isn't listening. If the law is effectively enforced (with well-publicized arrests of comparatively innocent listeners and long jail terms) most casual radio hobbiests and technically clever hacker types will be careful of what they publically admit to doing; and sadly some of the more law-abiding sorts (myself included) will probably give up what was a very innocent and non-criminal hobby that helped sharpen and develop our technical talents. It is hardly clear, however, that this group of people constitutes much of a threat to anyone. But the federal policy will be very much to the advantage of anyone who wishes to exploit communications and who is willing to take the risk of penalties under the law. A great deal of what might have been securely locked away beneath ciphers generated by $15 chips that produce keys only breakable with very large scale systems will be happily out there in the open for anyone with even simple equipment to intercept if they dare. This brave new world will be a field day for pirates, common criminals, sleazy characters and spies. And even more so if the public is denied access to secure communications technology so they can't protect themselves even if they want to. And I am particularly frightened of certain implications. The new law will only be effective in curbing the use of secure communications technology if it is enforced effectively enough so that users of communications systems are given the illusion that what they are sending is private by virtue of the stiff enforcement of the legal ban on interception. If the law is ignored as much as section 705 of the communications act has been (the current privacy provision) nobody with any sense will believe that it protects their privacy and there will continue to be public pressure for encryption. So the government will have to aggressively and publicaly prosecute listeners, and pressure judges into giving them harsh sentences. This necessarily implies that some innocent people are going to be badly hurt, and I am afraid that hams, SWLs and particularly the technically sophisticated engineering professionals who dabble as an innocent hobby in such projects as trying to break satellite scrambling schemes are going to be made examples of and thrown in jail. Radio regulation enforcement has not been draconian to date, the idiot ("Captain Midnight") who abused his position as an uplink operator to jam HBO only got probation and a moderate fine. It is pretty hard to see judges handing out 5 year sentences and $250,000 fines for such passive acts as descrambling some Canadian satellite feed or a soft core pornographic movie. It is even harder to see a judge throwing the book at some poor fellow who buys a scanner and listens to a mobile phone conversation. And yet the only way the Privacy Act is going to be beleived is by very stiff sentences - if there aren't such sentences the public won't feel secure. It isn't even clear that the required police/FBI manpower, prosecuters, and cooperative judges will ever come together to give the act teeth (although it is quite possible that the authors of the bill expect the civil penalties with lesser standards of proof to be the main deterents). In addition to stiff sentences for merely listening and further legislation forbidding use of secure ciphers, I think that the federal policy will not be seen as credible by the general public unless there are curbs on sales and possession of interception equipment. This no doubt means that such things as scanners, TVRO's, Hf-SSB receivers (connected to a TVRO a HF-SSB receiver can intercept a remarkable collection of private microwave and satellite communications), and other radio receiving devices will become illegal. -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die