Re: cypherpunks-digest V1 #18
Date: Fri, 19 Aug 1994 11:54:45 +0200 (METDST) Subject: 15 years! About the EFF Wiretap Bill: The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. I commented on this before but feel like repeating myself: So an alt.2600 tec-addict makes some hardware hacks on his cellular - and gets 15 years in the slammer for catching some airwaves. A punishment scale suggestive of a very repressive state! And why outlawing it in the first place? What is crypto for? I'm not defending a 15 year sentence; it's far too harsh. But I strongly disagree with ``why outlawing it in the first place? What is crypto for?'' By analogy, why outlaw burglary? After all, what are safes and alarms for? The purpose of a civilized society is precisely to avoid this sort of ``arms race'' between bandits and those who pay for services. Even libertarians generally agree that theft is wrong, and theft of service is just as wrong as theft of tangible objects; otherwise, there is no way to recover the cost of the capital investment necessary to provide the service. That is, the marginal cost -- the electricity, wear and tear on the ICs, etc., to make a cellular phone call -- is obviously very low. But someone had to pay for all the cellular switches out there, to say nothing of the R&D that went into them, and a large part of the charges for a call go towards repaying that investment. Now, a prudent service provider may wish to invest in crypto as a way to prevent fraud, just as many homeowners invest in alarm systems. But failure to do so doesn't make either sort of theft correct. --Steve Bellovin
Regarding the topic of a 15-year prison term for receiving broadcasts one is not supposed to, Steve Bellovin wrote:
I'm not defending a 15 year sentence; it's far too harsh. But I strongly disagree with ``why outlawing it in the first place? What is crypto for?'' By analogy, why outlaw burglary? After all, what are safes and alarms for?
The purpose of a civilized society is precisely to avoid this sort of ``arms race'' between bandits and those who pay for services. Even libertarians generally agree that theft is wrong, and theft of service is just as wrong as theft of tangible objects; otherwise, there is
As a libertarian, I disagree that thefts of services are the same as thefts of tangible objects. Consider some possible "thefts of services": - I'm tuning my radio, listening to what is freely available on my property, and I hear something that helps me in some way. Have I broken any law, plausibly? - I find a number which looks to be compressed or encrypted. I fiddle around with it and manage to decrypt it, and it turns out to be a useful to me (and possibly harmful to others). What law have I broken, plausibly? - I'm a 15th-century blacksmith. I use the new technology of printing to help people learn to do basic home-blacksmithing. The Blacksmith's Guild claims I have deprived them of business and have violated their rights. Etc. The "listening to the radio" and "decrypting a number" are both similar situations. (I threw in the last point to make a slightly different point, about the collapse of guilds and the parallels to what is now happening with corporations.) If I overhear someone talking in a restaurant, is this criminal? Does it matter if I learn something of commercial value or not? The common sense response is that those who don't want to be overheard should either keep their voices down or speak in a kind of code. Talking about trade secrets of business deals where conversations can be overheard, and then claiming "theft of services" is an abuse of the law. And impossible to enforce, as the current scanner laws are. The issue of "spaces" also comes up. Personal, local spaces (such as houses, offices, etc.) are protectable, and a thief who enters can be captured, shot, etc. But extending this idea of a personal space to include things spoken in public places, or broadcast for hundreds of miles with radio or television transmitters, is a terrible idea. Let those who speak in a public place--restaurants, the airwaves--but wish not be understood by outsiders choose a technology which supports this. Don't ask me, or other taxpayers, to prosecute those who happen to hear and understand what was said. (There are more interesting digressions into privately-produced law, into haow insurance companies would charge to insure against such cases, etc.) I know of very few libertarians who support the idea of criminalizing the hearing of broadcast messages, let alone who would criminalize mere possession of certain kinds of radios (scanners). --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
Steve Bellovin writes :
I'm not defending a 15 year sentence; it's far too harsh. But I strongly disagree with ``why outlawing it in the first place? What is crypto for?'' By analogy, why outlaw burglary? After all, what are safes and alarms for?
There are certainly at least two issues here. One is whether or not radio communications are in any way intrinsicly private or are by nature public. Outlawing listening to radio communications has always seemed logically absurd to many thoughtful people as the ether is intrinsicly and unavoidably an open broadcast medium with the property that anything transmitted into it can almost always be easily received by many many unauthorized others from spaces they have the legitimate access to and a basic right to operate radio receivers in. The original restriction of the right to listen to radio signals and use the information received implemented in the 1934 Communications Act was perhaps justifiable as a special artifical protection of an infant industry in 1934 because conveniant, low cost, small, low power and weight, user transparent, and reliable radio encryption technology simply did not exist. In fact it was only 8-10 years later that Bell Labs actually implemented the first really secure vocoder based HF radio digital voice crypto system - it took up some like 30 floor to ceiling racks, and was obviously not something that could ever be justified for use for the normal communications of mere mortals. But today such technology is so cheap, small, easily integrated, secure, and in a digital world so completely transparent that preserving this artificial protection for a now robust adult industry is patently absurd. To my view this policy of criminalizing radio listening has actually seriously decreased the real privacy of radio communications as it has reduced pressure to implement even rudimentary encryption, and encouraged the view that radio is just the same as the much more intrinsically private wired communications only without the wires. It is also my long held view that one very important but silent and shadowy player in this pretend radio privacy charade is the intelligence and law enforcement community that obviously benefits greatly from an open communication system that can be so easy covertly monitored for the purpose of conducting searches, including many that are very questionable or completely illegal under the constitution. But ...
libertarians generally agree that theft is wrong, and theft of service is just as wrong as theft of tangible objects; otherwise, there is no way to recover the cost of the capital investment necessary to provide the service. That is, the marginal cost -- the electricity, wear and tear on the ICs, etc., to make a cellular phone call -- is obviously very low. But someone had to pay for all the cellular switches out there, to say nothing of the R&D that went into them, and a large part of the charges for a call go towards repaying that investment.
The second issue here is the issue of what constitutes theft of services. Is merely passively using a service broadcast by radio a crime that should be rewarded with 5 year sentences and $250,000 fines ? It is quite easy to argue that actively using a radio based service such as a cellular system without authority is intrinsicly an act of fraud in that it involves lying about one's identity to obtain a valuable service, and criminal trespass in that it involves entering a private virtual space without authority, but isn't the best analogy with unauthorized listening or watching radio and tv signals not such active intrusions but merely reading the front page of a newspaper in a vending machine in a public place without paying for it ? I would think that anybody who spends capital to create and provide a service and then provides it to the public over a broadcast channel protected only by a silly legal charade deserves any piracy he suffers and should not be able to create the enforcable legal myth that using the service without paying is theft. Perhaps forbiding commerce in encryption keys ("wizard numbers"), and technology specificly and only intended to enable access to such a service without paying such as pirate decoder chips and modified boards is a justifiable legitimate protection for such businesses but outlawing the mere possession or use of such technology is far too broad a protection for something that is really public broadcasting and not private. On the other hand a cellular provider has only a limited amount of capacity available to serve a particular cellphone, capacity which costs capital to provide, and usually pays something for the landline part of the calls it provides - unauthorized use of such a service does cost the carrier something if only by degrading the quality of service for paying subscribers. Fred the Pirate
Now, a prudent service provider may wish to invest in crypto as a way to prevent fraud, just as many homeowners invest in alarm systems. But failure to do so doesn't make either sort of theft correct.
This is precisely the sort of argument that makes the least amount of sense to those who are looking for a justification of some sort to continue to rip "them" off. After all, "they" are rich, so what's it hurt? I am currently employed as an information management security consultant for a rather large telecommunications company subsidiary (no, not Bell, but you're close). A discussion arose the other day between myself and another consultant as to the ethics of theft. If one steals a pen from work, is that "really" theft? Is stealing a box, or a truckload? You might be surprised to learn how many people think stealing a pen is OK, but stealing a truckload is not OK. Just because someone doesn't say explicitely "don't steal this pen" some people think it's OK to steal it. But it's an ethics problem, and I feel a failure at the deepest levels of our society that says that stealing in any form is OK. As for "stealing" radio signals that happen to stray onto your property, my position is that it's not theft - any more than it's theft to read a paper one finds in the restroom while sitting on the throne ;) The Communications Act of 1934 spelled this out explicitly. But the fools in Washington let special interest $$$ seduce them into doing something utterly foolish. Again. If it comes within my purview, then it's mine - and if I choose to spend the time and effort it takes to decrypt it, well, tough for the satellite TV industry. I don't see them going after folks without decryption gear, which is what they'd have to do if they really wanted to make their position even marginally tenable.
The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000.
Hmm.... Depending on how you read this, this can be a real can-o-worms. First off, does it outlaw ANY receiver covering 800 mhz? Second, consider software-only hacks to phones to monitor and collect ESN's, etc. Now you are raided by the Powers-that-Rule, but hit the scrooge-switch first so the phone forgets, & the evidence is gone. Will they then claim the fact the phone remembers nothing as evidence that it was altered? Or is erasing it "altering" too? And how about test-equipment? The kind the celldealer has. And if you modify it by replacing the power cord with a new one, or......
Steve Bellovin writes:
I'm not defending a 15 year sentence; it's far too harsh. But I strongly disagree with ``why outlawing it in the first place? What is crypto for?'' By analogy, why outlaw burglary? After all, what are safes and alarms for?
I concur with Tim May's comments that a service is not the same thing as property. Nor, going further, is physical property the same as intellectual property. We have a long legal tradition of protecting physical property. It's the kind of thing people can clearly understand, morally and legally. Intellectual property is often more nebulous. Protecting new kinds of services at the whim of a business (such as, for example, defining some string of bits as an "access code" and instituting stiff penalties for "unauthorized use" of that code, which ends up meaning whatever the offended party wants it to mean) is a going way too far, putting all of us at risk of extreme legal jeoapady at the whim of bureaucrats, lawyers, and jurors who couldn't tell an access code from a mail header. For a business to lobby that some new and flawed system be protected at taxpayer expense is a gross abuse of the law. To criminalize an entire group of people, such as hackers, is morally bankrupt and turns the law into an illegitimate farce. We have quite enough crimes on the books that are hardly being enforced right now; the last thing we need is to define new crimes out of thin air because some jerks couldn't be bothered to take the precautions necessary for the success of their business. Criminalization of business intelligence is a great recipe for destroying our civil rights and bankrupting the government. Jim Hart chaos.bsu.edu
I agree 100% with Jim Hart's points. Let me add that I think this topic is very relevant to Cypherpunks, as it gets to the heart of the matter on what should be legal, illegal, etc. I didn't respond yesterday to Steve Bellovin's remarks because my Netcom mail was delayed for many hours at at time (Netcom has 30,000 user accounts now and is facing growing pains out the wazoo). Last night I posted my "For Subscribers Only" newsletter, to make my point by example. Anyone who "illegally decrypted" it (and of course a couple of folks did immediately--a trivial rot-13 "encryption") was, putatively, "stealing" from me. Hardly. (To be fair to Steve B., one of his later postings said something about a "difficulty test," along the lines of the NSA's 40-bit keylength allowance. I dislike laws that depend on someone's idea of computational complexity...that would be a new can of worms.) Such laws about "illegal to decrypt" are also essentially unenforceable, besides being on shaky ideological/ethical ground. Any such laws would likely be extended to require certain kinds of encryption, to place limits on crypto, etc. (I see signs in the text of the Digital Telephony Bill of application to crypto.) If a number comes my way, I don't want no steenking data cops telling me I can't look it, manipulate it, etc. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. "National borders are just speed bumps on the information superhighway."
The purpose of a civilized society is precisely to avoid this sort of ``arms race'' between bandits and those who pay for services. Even
This "arms race" would not have been necessary had the vendors and cellular carriers not been so short sighted as to not put meaningful cryptographic security into their system at the very beginning. All of the technology necessary to prevent the now-rampant snooping and replay of ESNs already existed in the early 1980s when AMPS was being deployed. It certainly exists now. Unfortunately, the TIA seems to be just as incompetent now as they were back then. The cellular industry is as bad as the credit card industry. Both claim that cryptographic security mechanisms are not "economically viable", but if you look more closely you'll discover this conclusion is based solely on their own direct costs. They ignore the consequences of bad security borne by others: the mail-order merchant stuck with a bad debt, the honest customer with a credit rating destroyed by a stolen card number, the taxpayers who have to pay the police, courts and prisons to investigate, prosecute and punish credit card and cellular fraud, and of course every customer who pays a higher price to subsidize fraud. As long as the credit card and cellular carriers don't have to carry these costs themselves, they don't give a damn. And I can't get too sympathetic when I see them trying to heap even more of the consequences of their laziness on the legal system. Phil
Could be an interesting basis for a class action negligence lawsuit. Even if it was lost, it would become a factor in future business plans.
The purpose of a civilized society is precisely to avoid this sort of ``arms race'' between bandits and those who pay for services. Even
This "arms race" would not have been necessary had the vendors and cellular carriers not been so short sighted as to not put meaningful cryptographic security into their system at the very beginning. All of the technology necessary to prevent the now-rampant snooping and replay of ESNs already existed in the early 1980s when AMPS was being deployed. It certainly exists now.
sdw -- Stephen D. Williams Local Internet Gateway Co.; SDW Systems 513 496-5223APager LIG dev./sales Internet: sdw@lig.net OO R&D Source Dist. By Horse: 2464 Rosina Dr., Miamisburg, OH 45342-6430 Comm. Consulting ICBM: 39 34N 85 15W I love it when a plan comes together Newbie Notice: (Surfer's know the score...) I speak for LIGCo., CCI, myself, and no one else, regardless of where it is convenient to post from or thru.
participants (8)
-
die@pig.jjm.com -
Jim Hart -
khijol!erc@apple.com -
Phil Karn -
sdw@lig.net -
smb@research.att.com -
tcmay@netcom.com -
wb8foz@nrk.com