Re: Outlawing the overhearing of conversations
- I find a number which looks to be compressed or encrypted. I fiddle around with it and manage to decrypt it, and it turns out to be a useful to me (and possibly harmful to others). What law have I broken, plausibly? With the possible exception of this point, I suspect that we agree more than we disagree. My note included the following excerpt from the original: The bill makes it a crime to possess or use an altered telecommunications instrument (such as a cellular telephone or scanning receiver) to obtain unauthorized access to telecommunications services (Sec. 9). This provision is intended to prevent the illegal use of cellular and other wireless communications services. Violations under this section face imprisonment for up to 15 years and a fine of up to $50,000. My reply was keyed to the phrase ``unauthorized access to telecommunications services''. As I read it -- and you may differ -- the action that's being prohibited here is picking up things like ESNs, credit card numbers, etc., and using those to obtain fraudulent access to the phone network. I'm hard put to justify such behavior as ethical, and I have no problem with declaring it illegal. (Again, though, prudent folks and/or their insurance companies and/or the government may choose to use/mandate crypto. Banks started using DES authentication for EFT transfers because the Fed insisted -- they didn't see the problem.) As for decrypting numbers picked up over the air -- although I'm going to be vague, I suspect that there is a real issue here. Suppose that you run a pay TV service that you genuinely attempt to protect -- that is, you use DES or stronger. Am I *entitled* to watch for free because I happen to be smart enough and/or rich enough to crack DES? Can I legally or ethically give away or sell recovered keys? The point I'm making here is that you're making a reasonable effort to protect something, and thus implicitly declare it private and worthy of protection. This is in distiction to unencrypted transmissions (i.e., today's cellular stuff), security through obscurity (today's digital cellular), or marginally encrypted (frequency inversion). To be sure, I don't know where to draw the line here, and I don't think I want a judge (state-appointed or freely agreed upon) drawing it for me. Maybe we should take a leaf from NSA's book and say that 40 bits or less of key amounts to a welcome mat... --Steve Bellovin
smb@research.att.com writes:
Suppose that you run a pay TV service that you genuinely attempt to protect -- that is, you use DES or stronger. Am I *entitled* to watch for free because I happen to be smart enough and/or rich enough to crack DES?
I had a long e-argument with a strange young man in Canada over this point, and of course it's familiar to anyone who knows anything about satellite TV issues. My own feeling is that if somebody's going to blast radiation through my property and through my very body, then to say I have no rightit is illegal for me to interpret the radiation is absurd. It's like making it illegal to look at a newspaper shoved in front of your face by a vendor unless you pay for it. My understanding is that US law was originally written according to this philosophy, but that things changed when the cable indu$stry started to realize that they'd have to either spend money to make their signals difficult to receive and view, or else spend money buying dinners for Congressmen to legislate the problem out of existance.
Can I legally or ethically give away or sell recovered keys?
This is a somewhat different question, methinks, and maybe there's a difference between "give away" and "sell". | GOOD TIME FOR MOVIE - GOING ||| Mike McNally <m5@tivoli.com> | | TAKE TWA TO CAIRO. ||| Tivoli Systems, Austin, TX: | | (actual fortune cookie) ||| "Like A Little Bit of Semi-Heaven" |
participants (2)
-
m5@vail.tivoli.com -
smb@research.att.com