On Mon, 25 Mar 1996, Simon Spero wrote:
If the Leahy bill is unacceptable, what legistlation is necessary? I can't see how the use of cryptography in the commission of a crime needs to be a separate offence, but I could see how it could be treated as a special circumstance - that doesn't really needed a new law though.
This kind of legislation would be painfully unenforceable. How do you know if crypto was used in the commission of a crime unless you can offer the plaintext to show that the content was criminal or in furtherance of a criminal act or conspiracy, >and< that the content was encrypted? This kind of statute nearly requires escrowed encryption or the old standby, stupid crooks. I'd be happy to see this pass alone because I think it would placate some of the screaming crypto-frady-cats on the hill much the way the cosmetic assualt "looking" weapons ban did, but I think this unlikely. It's like criminalizing the destruction of bodies in furtherance of murder. What's the point? Just use obstruction of justice.
I do feel that it should be possible for courts to sub poena crypto keys, but that doesn't really need new law either (4th and 5th ammendments become _really_ important though (hmmm- there advantages to writing down a constitution after all :)
After doing some work in a somewhat related area (I'm about to release the workproduct to the list), I am more and more dubious as to the protections the 4th and 5th amendments will provide in these instances. I think many people on the list here had the right idea generally. No legislation is good legislation for crypto. Really the ITAR applications are beseiged right now, and will probably fizzle out of their own accord, not to mention the fact that they are de facto moot. In practice it is trivial to subvert ITAR for the purposes of worldwide crypto availability. Someone just needs to get a foreign entity producing strong hardware encryption in Estonia (hardware IDEA would be nice) to capitalize on the markets in the U.S. and non-escrow jurisdictions in Europe and Asia. If we have no-legislation and a foreign producer of strong crypto soft and hardware for the next 3 years, I think we are way ahead of the game. Unfortunately, I think some version of crypto legislation is going to see passage in the next pair of years. Leahy certainly isn't going to give up, and he may have a bit more momentum after an election year runs its course. Whoever wins the election, I think you can expect to see even more aggressive bills from congress on the subject. All it would take is one anti-trust case with encryption as a concealing method and people would be busting down doors at night looking for PGP.
Simon
--- They say in online country So which side are you on boys There is no middle way Which side are you on You'll either be a Usenet man Which side are you on boys Or a thug for the CDA Which side are you on? National Union of Computer Operatives; Hackers, local 37 APL-CPIO
--- My prefered and soon to be permanent e-mail address: unicorn@schloss.li "In fact, had Bancroft not existed, potestas scientiae in usu est Franklin might have had to invent him." in nihilum nil posse reverti 00B9289C28DC0E55 E16D5378B81E1C96 - Finger for Current Key Information