-----BEGIN PGP SIGNED MESSAGE----- At 06:14 AM 3/8/96 GMT, Dan Weinstein wrote:

On Wed, 06 Mar 1996 16:59:36 -0800, you wrote:

...

At that point, Bob is GUILTY of violation of the Leahy bill, because his encrypted anonymous remailer:

1. Uses encryption to thwart message tracing, and thus the "criminal investigation."

2. Bob has already been informed that his system will be used for illegal purposes; the cops have the messages to prove he has been told. He's GUILTY GUILTY GUILTY, he will definitely lose the system and possibly whatever residence it runs in, and will probably have to pay a huge fine to boot.

This is not my understanding. I believe that Bob has to be commiting a felony himself before they can get him under the current phrasing.

Well, first, the section's phrasing is screwed up. Whether this is the fault of VTW, who posted the text, or the original bill I do not know. Second, if what they're charging is the hindrance of an felony investigation, it isn't clear to me why they would be limiting the charging of that "crime" to only those actually who have committed a felony. (logic isn't the normal mode of thought for a government employee, you realize.) Third, all they have to do is to "suspect" the person of a felony, and a "felony investigation" starts. That would presumably make him guilty of the Leahy bill's provision, regardless of whether he is actually participating in the crime supposedly being investigated. Fourth, I gave what I considered to be a clear example of the hypothetical misuse of an encrypted remailer by the cops, one that would arguably make the remailer operator guilty of some "reasonable" anti-kiddie-porn statute. At that point, _he_is_ the target of the investigation. Unless you can show that this kind of action by the government is impossible, I consider it to be not merely possible but almost certain to occur. Fifth, it isn't clear what amount of knowledge is necessary to "trigger" this clause, especially in its current flawed state. Since ISP's and encrypted remailers might know, in general, that their systems can and probably are being used for SOME criminal activity, even if they can't identify it or the user, or decrypt it, etc, a broad interpretation of the resulting law could easily de-facto prohibit any business practices (i.e., allowing users to use encryption) that prevents full-scale monitoring and/or tracing. This is only the beginning of the problems with this section. If you can explain why nothing I've described could possibly occur, I welcome a contrary explanation. But I would also ask this: Why, exactly, do we need this section? We've already been told that the opponents of this bill will fight it tooth-and-nail under its current wording; if that's the case then the presence of this section is inadequate to appease their unhappiness. Therefore, we shouldn't include it in the bill at all; it does no good. Any explanations, Dan? BTW, I'm not the source of those recent anonymous notes on Cypherpunks criticizing you for the support of this bill. As you by now have guessed, I'm not at all reticent about standing up and being counted and identified. Jim Bell jimbell@pacifier.com Klaatu Burada Nikto -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMUBjH/qHVDBboB2dAQEeEAQAm5V7jTZWZo1MIIaL1WlQjQHdSlAOCMNJ 7j7tfpH6peWM23T7iGhZT3AckqPYwLxV8u6N96SFxaQDJ+IiCRyBRO+5qxr6sxXk A9BCkmRxzorsqeViyIVev9lzMcljtTiZmTQ7KIAToSZD4+12xQgROLZRYtf1/tlv E7ypJHLtsFM= =2MNi -----END PGP SIGNATURE-----