At 09:53 AM 12/22/98 +0100, Falcon, aka FitugMix <tonne@thur.de>, wrote about a suggestion to chop crypto or other contraband material into separate streams, e.g. bit 1 of each byte in stream 1, etc., hoping that this would be "legal" because it's not really encryption, though if managed carefully it would still be hard to read. That's of course a distinct question from "will this make the information hard enough to notice that I won't get caught?"; the answer to that question depends on many factors besides the direct details themselves, like who you use this to send things to, and how you advertise the things you make available to send, etc.
I'd like legal advice on this - is the idea correct?
I'm not only not a US lawyer, I'm also not a German lawyer, or a Chinese lawyer, or a Russian lawyer, and you're not paying me, so this is not legal advice :-) But my strongly considered engineering opinion is "Don't bet on it if it really matters." If you use the system to distribute a copyrighted work, you've still distributed a copyrighted work, even if you've shredded the paper and shipped the shreds and sticky-tape. No win. And if you try this in a country like China, where the laws are arbitrary and defined on the spot, the fact that you may not have violated the letters of a written law is potentially irrelevant. The Chinese government is currently threatening to execute someone who distributed 30000 email addresses of mainland Chinese to some foreign human-rights activists - "assisting enemies of the state" is seldom a well-defined crime; only the punishment is consistent. On the other hand, in countries that have well-defined laws, and law enforcement organizations and courts that only enforce the laws that are defined, and always want to enforce them correctly, it can be entertaining to play with technologies like this. Sometimes this gets them to change the rules, usually administratively rather than through a public political process, but sometimes it can make them look silly and feel bad about what they're doing. Ron Rivest's "Chaffing and Winnowing" protocol is a great example, and you can find details on your favorite web search engines. (Farming definitions: "Chaff" is the stuff you don't want that comes with wheat, like stems and hulls, and "winnowing" is the process of separating wheat from chaff.) Basically, you define an authentication checksum that uses a key, so only the sender and the intended recipient can validate a checksum. Then you send a series of entries like BitNumber, 0, checksum(bitN,BitNumber,key), 1, checksum(bitN,BitNumber,Key) where the checksum is correct depending on whether the bit N of the message is a 0 or a 1. There is no encryption used - only authentication, so it's perfectly legal in some jurisdictions, but only the recipient can tell which bits are "wheat" and which bits are "chaff". One of the cool things about it is that you don't need to use fake material as chaff - somebody else's wheat works just as well, because the checksums fail if you use your key on their bits. It's a very inefficient protocol, but there are ways to make it less bad (not *good*, but at least less bad.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639