At 4:03 PM -0700 9/13/97, Declan McCullagh wrote:
This proposal is perhaps the most terrifying thing I've read. Mostly because such a proposal could pass quite easily by a small change -- one sentence -- to the definition of "cryptographic product" in a bill.
You can bet that members of Congress would vote for it, too.
-Declan
I brought this up at yesterday's meeting, and those who commented agreed that "cryptographic keys" will likely be covered by the final language (next year's version, if one believes the consensus of our meeting). The U.K. TTP thing I cited is very long and detailed, in contrast to the brief language now circulating for the unSAFE bill. The Brits were more detailed in their planning process. Kelly Baugh had a great line. I hope my quoting of it here does not get her into trouble. Paraphrasing: "The FBI would rather get legislation passed without much planning, and then worry about the implementation later." (Her version may have been blunter, about thinking vs. acting, but my paraphrase captures the idea.) Antonomasia (sp?) made some points about whether or not the TTP draft really would cover key distribution. Recall we had many such discussions around the time the TTP thing was first being circulated, circa earlier this year. The archives may produce analyses on both sides. I believe the TTP draft would certainly cover the keyservers, and possibly even key-signing parties (under RICO, the Racketeer-Influenced and Cryptography Organizations Act). And whether the British TTP draft directly bans such things is not really the point. The U.S. version (and the versions eventually adopted, lapdog/OECD/Wasenaar/NWO style by other nations) could easily have explicit language to cover this. Like I said, I think the "key management...key certification...digital signatures...." stuff in the TTP draft is *already* sufficient to, if passed in the U.S., outlaw key servers. Whether contacting a key server in a foreign location is also illegal is another issue. Recall, though, that the TTP also had language about the illegality of using offshore cryptographic services (even non-U.K. services in general!). I believe the excitement we're now seeing is just Act One of the "Scare Them 'till they Beg for Big Brother" show. Act Two will commence in 1998. Probably with more detailed language, along the lines of the OECD/French/British legislation. The climax may not come until some Tragic Event: an airliner shot down by crypto-using terrorists, a major Child Terrorism or Nuclear Pornography ring is uncovered, another truck bombing, a nerve gas attack, a war in the Middle East, etc. Then the legislation will make it out of committee and be passed overwhelmingly. Exit, stage left. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."