(A copy of this message has also been posted to the following newsgroups: alt.cypherpunks, talk.politics.crypto, comp.org.eff.talk) CDT and other Washington insider groups are busily singing the praises of the SAFE encryption bill, despite some acknowledged "minor flaws." Well, the flaws are not minor. The bill does not give Americans any rights they do not already have, and does not ease export of strong crypto in any meaningful way. In fact, the bill contains odd language implying it is essentially only financial software which is easier to export, and then only if the receiving country (huh?) allows it...since when is the duty of U.S. Customs to pass products for export based on whether Baluchistan, for example, wants the product? Ah, but things get worse. The language speaks of barring key escrow, but then says that law enforcment needs are not affected. This not only is not a bar on key escrow, which of course is not required at this time, but it also may open the door for "legitimate needs of law enforcement" key escrow. And, worst of all, it criminalizes the use of crypto in connection with the use of crypto in any prosecutable offense. Say "Fuck Goodlatte and the horse he rode in on" in a message using encrypted remailers, and the Communications Decency Act is violated (if it gets upheld). Voila, instant 5-year sentence. Use remailers to distribute information banned by Big Brother.... The chilling effect is exactly and completely analogous to the chilling effect intended when those giant billboards went up some years back with the dire warning: "Use a gun, go to prison." I hope the fools at CDT are prepared to help install the "Use a cipher, go to prison" billboards. I've been watching these so-called "crypto liberation" bills, Pro-CODE and SAFE, wend their ways through the legislative process. Both are severely flawed. Both should be rejected. Passing laws with flaws is worse than doing nothing, than just relying on the good old Constitution for our rights. Here's a partial analysis of this pernicious piece of legislation: At 2:19 PM -0800 4/30/97, Alan Davidson of CDT wrote:

CDT POLICY POST Volume 3, Number 1 April 30, 1997

CONTENTS: (1) House Subcommittee Approves SAFE Internet-privacy bill

----------------------------------------------------------------------------- HOUSE SUBCOMMITTEE APPROVES SAFE INTERNET-PRIVACY BILL

The House Judiciary Subcommittee on Courts and Intellectual property today approved the Security And Freedom through Encryption (SAFE) act (HR 695), sending the SAFE bill to the full House Judiciary Committee. ... Today's vote marks a critical step forward in the ongoing fight to reform US encryption policy, and sends a strong signal to the Clinton Administration that Congress is serious about passing real encryption reform legislation.

SAFE provides no rights not already enjoyed by Americans, and contains language which appears to compromise some other rights. For example: ""§2804. Prohibition on mandatory key escrow "(a) PROHIBITION. -- No person in lawful possession of a key to encrypted information may be required by Federal or State law to relinquish to another person control of that key. "(b) EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES.-Subsection (a) shall not affect the authority of any investigative or law enforcement officer, under any law in effect on the effective date of this chapter, to gain access to a key to encrypted information. " Sounds good...a ban on key escrow, right? No, because "EXCEPTION FOR ACCESS FOR LAW ENFORCEMENT PURPOSES" could easily be used to mandage key escrow. After all, even Louis Freeh and Dorothy Denning have never argued that key escrow is for use by non-law enforcement! Put another way, this particular section says Alice doesn't have to relinquish a key to Bob, a private citizen. Same as the way things are now, where there is no law, modulo contractual relationships, mandating such disclosure of keys. A truly meaningful form of this putative or purported ban on key escrow would include language along the lines of: "No government agency or department shall in any work propose, negotiate, plan, or do research on any scheme related to "key escrow," blah blah blah..." (Not being a lawyer, I won't try to write the language; the point is that SAFE contains only weasel language and doesn't actually bar key escrow so long as the Magic Words "Law Enforcement Purposes" are uttered.) Meanwhile, the traitors have criminalized crypto with this little gem: "§2805. Unlawful use of encryption in furtherance of a criminal act "Any person who willfully uses encryption in furtherance of the commission of a criminal offense for which the person may be prosecuted in a court of competent jurisdiction -- "(1) in the case of a first offense under this section, shall be imprisoned for not more than 5 years, or fined in the amount set forth in this title, or both; and "(2) in the case of a second or subsequent offense under this section, shall be imprisoned for not more than 10 years, or fined in the amount set forth in this title, or both."." Obviously, this is a serious problem, recognized by CDT, Lofgren, and many others. Given that a vast and increasing number of behaviors are now prosecutable offenses, this section alone would make most remailers parties to a crime, would make corporations parties to crimes, and would have a "chilling effect" on the use of crypto. "Use a cipher, go to prison." (Using a cipher alone would not itself be a crime, obviously, but the parallels are *exact* with the famously chilling billboard message: "Use a gun, go to prison." Using a gun in and of itself is not a crime, as in target shooting, etc., but the chilling effect message is crystal clear...this was the whole intent of the California billboards with this message. So, will billboards be erected with the same message about crypto?) This alone is grounds for CDT, EFF, EPIC, ACLU, and anyone else to immediately and completely withdraw all support for SAFE. The message "Use a cipher, go to prison" is simply too pernicious to be allowed. Period. Anyone who disagrees with this should immediately get out of the "civil rights" industry. As for the supposed relaxation of export restrictions, I fail to see much of a difference. The SAFE text says (and I am only partly quoting it, as quoting it all is too complicated for a message like this one): " No validated license may be required, except pursuant to the Trading With the Enemy Act or the International Emergency Economic Powers Act (but only to the extent that the authority of such Act is not exercised to extend controls imposed under this Act), for the export or reexport of..." Gee, that little clause gives back control of exports. The "except pursuant to the Trading with the Enemy Act," etc. part means that strong crypto still won't be freely exportable. And the famous bit about exports being allowed to any country in which the product is already approved...well, we see which way the wind is blowing in other countries on this one. No doubt the Crypto Tsar, David Aaron, will ensure that many products are not legal for use in France, Germany, Japan, etc. Oh, and just why is a U.S. _export_ contingent on it being "allowed" in some other country? Export laws regarding national security are about stuff _leaving_ the United States, not about stuff _entering_ France! That's a problem for France to solve, not a problem for U.S. Customs to worry about. And the "permitted for use by financial institutions" seems odd. Is this SAFE bill only allowing (supposedly) free export of _financial_ software? It sure looks this way. "(3) SOFTWARE WITH ENCRYPTION CAPABILITIES. -- The Secretary shall authorize the export or reexport of software with encryption capabilities for nonmilitary end-uses in any country to which exports of software of similar capability are permitted for use by financial institutions not controlled in ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ fact by United States persons, unless there is substantial evidence that such software will be -- "(A) diverted to a military end-use or an end-use supporting international terrorism; Well, there's the gotcha. There goes the export of "unbreakable crypto," as it will surely (and already has) been used by Hamas, Sindero Luminoso, the IRA, and other such international freedom fighters, er, "terrorists." Thus, we've gained absolutely nothing. Nada. Zip. And so it goes. Crypto becomes semi-criminalized. Key escrow is not at all restricted, providing the need is related to "law enforcement" (though private citizens like me are apparently no longer able to demand the keys of our neighbors...but, gee, I guess we never were, so nothing even here has been gained...duh). And export has the same restrictions related to the Trading with the Enemy Act, with various national security and law enforcement concerns, but with some strange language about export being allowed for financial cryptography providing the receiving country allows it for non-U.S.-owned entities. (????) A dangerous piece of legislation. Worse than the status quo. It ought to be killed dead. "Use a cipher, go to prison." --Tim May, who is a felon under various laws, and who has used crypto in furtherance of these felonious activitities, and who hence faces 10 years in the pokey for the SAFE "crime" of using crypto in furtherance of multiple prosecutable offenses Fuck that. Fuck CDT, too, for not denouncing this horrible piece of crap. -- There's something wrong when I'm a felon under an increasing number of laws. ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."