On Tue, 8 Oct 1996, jim bell wrote:
At 06:45 PM 10/6/96 -0700, Steve Schear wrote:
Using, as you say, out-of-the-shower ideas to re-argue settled caselaw are almost always fruitless. Since the intents of the ranters are generally anarchistic, why even involve the law and justice. Even if their ideas have good philosophical basis there is little hope for the broad changes they seek in the political or legal landscape (given the powerful and selfish interests of those inside and outside the beltway) without a great trauma to the system.
Maybe you're missing the point? Even if you accept the idea of wiretapping telephone lines, one of the things that _isn't_ settled is how law is going to start treating ISP's. That, let me point out, IS NOT settled law, and in fact it hasn't really even started, so those lawyers who have a knee-jerk tendency to accept precedent don't have any precedent to accept! (unless, of course, they "pre-accept" the assumption that what the government can do WRT ISP's is somehow identical to what they do with telephones.)
I disagree. There is lots of potential precident. The entire concept that data voluntarily turned over to a 3rd party is not entitled to 4th amendment protection (i.e., pen registers) is just the one that happens to jump to mind. The fact that the government has had to deal with the breakup of ma bell and cooperate with several different phone companies now suggests to me that not much of a leap is required to include ISPs. Constitutional arguments that ISPs are somehow different from phone companies and therefore not required to comply with wiretap orders? Good luck. I know its fun to make the argument that ISPs and E-mail and NetPhone are all new technologies and so it must be unconstitutional to regulate them but the amusement in these cases stems from a wish that it was so, not fact or reason. Are there some flexibilities in the developing law? Yes. Are they going to make all e-mail and electronic communications legally untapable and immune from electronic search warrant? Of course not. Don't be stupid. This is what technology is for.
I see two broad and conflicting ideas of what the government can do in a search. The first is a classic search warrant, which simply allows the cops to go in and look around, for a comparatively limited amount of time, informing the person searched,taking a few things, and then _leaving_. Period. Generally, they can't sneak in, they can't hide in the closet for weeks or months, etc.
Without effective challenge by telephone companies (which have no motivation to challenge it) there has been a very different precedent set, that of the wiretap: No informing the target at the beginning, indefinite time limit, and not necessarily even informing those tapped after it's over. _VERY_ different.
The question is, which of these precedents should control ISPs? Police, obviously enough, would probably want to insinuate into the game with the assumption that the latter scenario rules. After all, they're talking about wires and electricity, right? That sure sounds like wiretapping, right?
Why bother with all this trash? Use SSH and end to end encryption. End of discussion. See how much simpler and cheaper that is than trying to get the supreme court to kneecap the police and the feds? Hint: If you don't, you're on the wrong list.
I contend that an ISP should be entitled to enter into a contract with his customers in a way which obligates him to structure his business to minimize his ability to cooperate with police when given a search warrant.
"I content that a phone company should be entitled to enter into a contract with his customers in a way which obligates him to structure his business to minimize his ability to cooperate with police when given a search warrant." Yeah. Good luck. Switch phone comapny with "deli" or with "employer" or with "interstate shipper." Same result. "Good luck." Find me a General Counsel who would let their firm do that and I'll find you a wonderful canidate for a malpractice suit. I would suggest you study the contractual doctrine of "Illegality" and state statutes on "Obstruction of Justice."
One example which occurred to be months ago (which, amazingly, shut up even Black Unicorn!) was that the ISP could agree to encrypt any email received with the user's public key (or another public key whose private key is known only to the user) so that useful information is only ephemerally available in the ISP's computers. A few seconds after it arrives, it's been encrypted and is "gone" from the standpoint of the ISP. Only the user, when he logs in and after he downloads the encrypted files, can decrypt them.
Why even involve the ISP? Why would an ISP want to do this and expose themselves to potential liability when the end user could just do it themselves? I don't remember this point, but if I ignored it it's probably because its just lacking in any remarkable insight. Actually it doesn't even seem to have undergone the scrutiny of 10 minutes consideration. The entire advantage of encryption is that it moves the burden and ability to protect communications to the end user. There is no need to depend on the phone company, an ISP, or anyone else but the person with whom you are communicating. If you want an ISP to encrypt all your mail as it shows up (a strange request to begin with because of the potential for some third party to encrypt with the wrong key or etc. and destroy the data permanently) you are introducing a third party into the equation which you now have to trust and depend on as far as resistence to government coercion goes. (You seem to have identified this problem below, but in a way that suggests it just occured to you or that this is just a stream of consciousness blathering post). I don't understand at all how this leaves anyone better off. I can point out explicitly, however, how it leaves everyone worse off. 1. The government now has another party to squeeze (The ISP, who would have been fairly untouchable if they had done nothing but forward e-mail). 2. The party receiving mail now has to depend on the ISP and some method of contractual enforcement if the ISP breaks its word. (I suppose this is where it will be suggested that we just kill all the ISP employees). 3. The party sending mail now has to rely on the discression of the ISP (From whom he/she has no contractual assurances at all).
But that raises another question. Suppose the government, not liking this situation, decides to not merely do a search, but in fact order the ISP to turn off the encrypt-on-receipt feature? And more particularly, to do so without telling the customer? What if, in fact, they order the ISP to LIE about this? Or what if they order the ISP to change his system's software to store away an unencrypted version of the messages so as to bypass this protection?
What if they just packet sniff at the "In" plug of the ISP and cut the ISP out all together? Why bother telling the ISP anything if it's clearly not being compliant? Duh. Same reason I would send agents to go around an island bank which was not cooperating were I the IRS. Of course, the ISP could easily be charged in a conspiracy and obstruction action after this.
My answer to all this should be obvious: There is a vast difference between doing a "search" and, in effect, turning an ISP into a slave who has to say "how high?" when the government says "jump." Arguably the ISP has to consent to a search;
Where do you get this last part? Arguably in the Jim Bell Court of Invented Appeals perhaps. Of course in that court the death penality applies for parking violations if the complaintant is rich enough.
I don't think he has to change his business practices in order to make those searches more useful. And I think he's entitled to make promises to his customers that he's obligated to keep, even when the government would want him to break them.
I refer you back to the concepts of "obstruction" and "conspiracy."
However, I won't claim that this matter has been settled; in fact, it's probably an issue that never came up before, in any court.
Neither has the argument that cows fly and therefore should be regulated by the FAA. How that lends the argument any merit at all is beyond my comprehension.
That's why I think it's important to ensure that ISP-law does not follow is the bad precedents set by wiretap law.
Suggestion: Start a foundation with this goal. Let me know how far you get. Try calling some law schools and asking them if they might have some students willing to work on the problem for free.
Jim Bell jimbell@pacifier.com
-- I hate lightning - finger for public key - Vote Monarchist unicorn@schloss.li