distribution scheme
I'd like to request your comments on the following idea. code for this is ready, awaiting yours and some other people's comments regarding some of the non-coding issues. for example, I'd like a lawyer or someone else familiar with the law to comment on the legal aspects. also, cryptologic expertise would be great. however, this is NOT an encryption scheme. the goals are different ones, I'll talk about that in a second. the basic idea is to take a piece of information and chop it into a number of pieces. this is basically the reverse process of "take the first letter of every word". digital information, however, can be divided at an even lower level, the bit level. imagine to chop a file into 8 parts, with the top bit of every byte going into the first file, the second bit into the second and so on. as you can imagine, the first 8 top-bits will again form a byte in the first file. now imagine the same principle, with an *arbitrary* number of files. the goal of this is not a new encryption scheme. cryptological, my limited knowledge tells me this is not too bad, but far from "secure". the nice things are that the files themselves contain no information about how many total files there are and in which order they have to be re-assembled, and without that knowledge you are in for some work of cryptoanalysis. the idea is to provide for a channel of distribution of arbitrary material, even copyrighted, patented or illegal in your country (e.g. china) in a "legal" way. that's why I'd like legal advice on this - is the idea correct? I cannot be sued for distributing a couple hundred E's and A's because they are part of a copyrighted book. can I be sued for distributing a couple of bits from a copyrighted image file? a trademarked or patented document? are there any legal precedents? I know that in the case of encryption, courts have at least once ruled that distribution of the key that unlocks this is equivalent to distribution of the copyrighted material, but in this case there is no key, no single piece of information that contains anything "central". tell me what you think. I can post code or details if you want. Falcon
At 09:53 AM 12/22/98 +0100, Falcon, aka FitugMix <tonne@thur.de>, wrote about a suggestion to chop crypto or other contraband material into separate streams, e.g. bit 1 of each byte in stream 1, etc., hoping that this would be "legal" because it's not really encryption, though if managed carefully it would still be hard to read. That's of course a distinct question from "will this make the information hard enough to notice that I won't get caught?"; the answer to that question depends on many factors besides the direct details themselves, like who you use this to send things to, and how you advertise the things you make available to send, etc.
I'd like legal advice on this - is the idea correct?
I'm not only not a US lawyer, I'm also not a German lawyer, or a Chinese lawyer, or a Russian lawyer, and you're not paying me, so this is not legal advice :-) But my strongly considered engineering opinion is "Don't bet on it if it really matters." If you use the system to distribute a copyrighted work, you've still distributed a copyrighted work, even if you've shredded the paper and shipped the shreds and sticky-tape. No win. And if you try this in a country like China, where the laws are arbitrary and defined on the spot, the fact that you may not have violated the letters of a written law is potentially irrelevant. The Chinese government is currently threatening to execute someone who distributed 30000 email addresses of mainland Chinese to some foreign human-rights activists - "assisting enemies of the state" is seldom a well-defined crime; only the punishment is consistent. On the other hand, in countries that have well-defined laws, and law enforcement organizations and courts that only enforce the laws that are defined, and always want to enforce them correctly, it can be entertaining to play with technologies like this. Sometimes this gets them to change the rules, usually administratively rather than through a public political process, but sometimes it can make them look silly and feel bad about what they're doing. Ron Rivest's "Chaffing and Winnowing" protocol is a great example, and you can find details on your favorite web search engines. (Farming definitions: "Chaff" is the stuff you don't want that comes with wheat, like stems and hulls, and "winnowing" is the process of separating wheat from chaff.) Basically, you define an authentication checksum that uses a key, so only the sender and the intended recipient can validate a checksum. Then you send a series of entries like BitNumber, 0, checksum(bitN,BitNumber,key), 1, checksum(bitN,BitNumber,Key) where the checksum is correct depending on whether the bit N of the message is a 0 or a 1. There is no encryption used - only authentication, so it's perfectly legal in some jurisdictions, but only the recipient can tell which bits are "wheat" and which bits are "chaff". One of the cool things about it is that you don't need to use fake material as chaff - somebody else's wheat works just as well, because the checksums fail if you use your key on their bits. It's a very inefficient protocol, but there are ways to make it less bad (not *good*, but at least less bad.) Thanks! Bill Bill Stewart, bill.stewart@pobox.com PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
On Mon, 28 Dec 1998 01:05:13 -0800 Bill Stewart <bill.stewart@pobox.com> writes:
Falcon, aka FitugMix, wrote about a suggestion to chop crypto or other contraband material into separate streams, e.g. bit 1 of each byte in stream 1, etc., hoping that this would be "legal" because it's not really encryption, though if managed carefully it would still be hard to read.
this concept is virtually identical to fractal encryption, where a message is chopped into its component parts (25 a's, 3 b's, 8 c's, and so on) and also chopped into a configuration scheme. this form of encryption does fall under the definition of munitions by the u.s. government... ac ___________________________________________________________________ You don't need to buy Internet access to use free Internet e-mail. Get completely free e-mail from Juno at http://www.juno.com/getjuno.html or call Juno at (800) 654-JUNO [654-5866]
participants (3)
-
Bill Stewart -
FitugMix -
jeradonah@juno.com