On Wed, 4 May 1994, Stephen Humble wrote:
Ed Carp <ecarp@netcom.com> sez:
Consider a successful terrorist attack against a significant group of innocents (the larger the number killed, the greater the horror and shock value). The terrorists were using PGP-encrypted email to plan out the thing.
Now, how long do you think it would take before ALL crypto was outlawed? Who would benefit from such a thing? Consider that it's child's play to finance, arm, and train a group of people to conduct a terrorist attack and (conveniently) they all get killed in their attack. No one's going to complain too loudly - after all, they *are* terrorists, right?
I suspect significant problems implementing a law that criminalizes crypto. The government currently spends $billions per year trying to eliminate illegal drugs, to very little effect. Drugs should be easier to eliminate than crypto since phys-obs can't be copied ad infinitum as bits can.
There's also the matter of recognizing crypto in use. A program that transforms its input so that the output can be converted back to the input but has maximum entropy is a good compression program and might also be an encryption program. If a TLA taps my phone and finds a mysterious bit sequence, how can they distinguish reliably and cheaply between an encrypted conversation and a download of emacs-19.22.tar.gz?
Unless you use some sort of stego software, most encrypted stuff is pretty easy to figure out that it *is* encrypted. grep " BEGIN PGP " message is a pretty good way to detect PGP traffic, magic numbers will tell you if it's a compressed file or not, etc. It might not be necessary to prove what you were using to encrypt, merely proving that you *were* encrypting might be sufficient. It's like the FCC: if they catch a ham sending out packets, and the FCC can't read them, they issue you a pink slip. Doesn't matter what you're using, the meaning is obscured, and that's enough for them.