Re: (fwd) "Will You Be a Terrorist?"
At 01:43 PM 9/20/94 +0200, Alex de Joode wrote:
Please keep in mind that the US jurisdiction doen't cover the whole earth.
(There is life outside the US)
I am well aware of that and, in fact, intend to expat myself. I was merely responding to Tim and others who were writing about the legal risks remailers face in the US under RICO, The Crime Bill, etc. I know foreign laws differ. It would be interesting for those in other jurisdictions to comment about how *their* rulers might view anonymous communications and strong crypto. DCF ************************************************************************* ATMs, Contracting Out, Digital Switching, Downsizing, EDI, Fax, Fedex, Home Workers, Internet, Just In Time, Leasing, Mail Receiving, Phone Cards, Quants, Securitization, Temping, Voice Mail.
Duncan Frissell wrote:
It would be interesting for those in other jurisdictions to comment about how *their* rulers might view anonymous communications and strong crypto.
In Sweden there has been no public discussion at all. Well, there was a TV news item a month ago about GSM (not how this, compared to older in-the-clear protocols, could strengthen privacy - of course - but how GSM could be used by Terrorists and Drug Dealers). A representative of a leading Swedish GSM provider was interviewed; he said that there was no tapping abilities built into their system but that it would cost a mere $1.000.000 in software development to fix it (and obviously, if legislation a la DTB would be forthcoming, he would happily implement it - if someone else paid the bill). My general impression is that a semi-secret committee is following the situation in the US very closely. If GAK comes true over at your side of the Atlantic we would probably follow in a year or so. Then there is the tragedy of the European Community. Sweden might very well join next year, depending on the outcome of a referendum due in two months. And the leading politruks will not take a no for a no but pull some tricks and offer new referendums until they get what they want - more personal power and fat-paying seats in Brussels - like they did in Denmark - and the propaganda, paid for by the government, in favor of joining the United States of Europe is so strong that we might vote yes in the first place (a stable majority against joining seems to be declining rapidly). The rectification of Europe is against everything a crypto anarchist stands for: French-style bureaucracy, German-style standardization, a huge increase in the number of laws and regulations (down to the shapes of cucumbers and %meat in sausages) - and loss of opportunities for the politically uncorrect to hide in other juris- dictions. If Sweden falls, so does Finland for sure, and possibly Norway. So in a few years the legitimacy of anon.penet.fi might very well be decided by the huge cancer-bureaucracy in Brussels. As for the present legal situation in Sweden - nobody seems to know. The only net.lawyer I ever heard of here is working for the SPA. The few computer related trials have dealt with software piracy. Oh, years ago a Fido BBS user (message-writer) was fined for degrading remarks on some minority - we have laws against group-libel. The most obvious change regarding privacy if we join the EC will be the status of 'public' information. In Sweden every citizen has a right to know all information, about anybody, stored in most national and other public registers. This is not so in EC. Some say that the EC way gives more privacy. I say (I think...) that as long as the stored information is public the politruks dare not make the registered information too detailed or otherwise offensive. Mats
At 01:43 PM 9/20/94 +0200, Alex de Joode wrote:
Please keep in mind that the US jurisdiction doen't cover the whole earth.
(There is life outside the US)
I am well aware of that and, in fact, intend to expat myself. I was merely responding to Tim and others who were writing about the legal risks remailers face in the US under RICO, The Crime Bill, etc. I know foreign laws differ.
It would be interesting for those in other jurisdictions to comment about how *their* rulers might view anonymous communications and strong crypto.
I heartily agree with Duncan here! There has been very little said by the good residents of France, Germany, Sweden, Holland, Italy, etc. about just what the crypto-related laws of their countries are. Lots of clucking about U.S. policy, followed by "And the U.S. is not the whole world" comments, but very little about, for example, the Dutch Binnenlandse Veiligheids Dienst (BVD) is targetting crypto users, or how, for example, the German Bundesnachrichtendienst (BND) is pushing for constitutional limits on speech in Germany. I for one would like to hear the discussion about what _other_ countries are doing. Rishab Ghosh has written some about what India is doing, but not too much. My hunch is that most of the Western nations are looking for policy guidance to Washington, and that whatever laws the U.S. adopts as part of Clipper-Key Escrow-Digital Telephony-Antiterrorism-Tracking will be adopted in a similar form by the EC and other countries. (The recent or upcoming conference on international issues in key escrow, whose agenda was posted a while back, is indicative of this.) So, I appreciate that some of our European readers may be tired of hearing about U.S. policy or proposed laws, but the proper solution is _competing speech_. That is, give us something new to talk about. Tell us about what *your* country is doing. Tell us about any laws limiting what kind of modems can be hooked up to your PTTs, as a concrete example. Tell us about the raids on BBSs in Italy. Tell us about the rumor that the Netherlands plans to ban unapproved crypto. Tell us about Chobetsu, the Japanese NSA. We and the NSA are all ears. --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
I heartily agree with Duncan here! There has been very little said by the good residents of France, Germany, Sweden, Holland, Italy, etc. about just what the crypto-related laws of their countries are.
Okay, how about the text of the French law regulating cryptography? It's available as http://www.ens.fr/equipes_dmi/grecc/loi.html. It's in French, and unfortunately my 3 years of high school study aren't up to the task. Anybody out there fluent in the language who would care to prepare an English translation? We really ought to know what the French law says, given that the US government keeps citing it as precedent for a western country to regulate cryptography. By the way, the next time a pro-clipper person does this, point out that our very own government has repeatedly accused French intelligence of committing industrial espionage on behalf of its own industries, and that there just might be a connection between these two policies that the US is trying to emulate. At a CPSR/EFF meeting a few years ago I succeeded in getting a real rise out of James Kallstrom of the FBI with this comment. Great fun. But then again, he *is* a rather excitable sort... Phil
First, thanks to Mats Bergstrom, Alex de Joode, and Matthew Gream for posting good essays about the situation in their respective countries. (And to those who posted earlier...I did not mean to imply in my posting earlier that nobody had ever described the situations in non-U.S. countries, only that more such discussions are needed.) Phil Karn writes: ...
We really ought to know what the French law says, given that the US government keeps citing it as precedent for a western country to regulate cryptography.
Indeed. One of the mysteries is why so few French are on our list...I can't recall any, actually. Their country has some of the most draconian laws, it is alleged, and, as Phil notes, an active SDECE industrial espionage unit. (I have no dislike for the French, by the way. I lived outside Nice for more than a year. Don't ask me to translate the documents, though, as that was 30 years ago and I was in an American school and learned very little French.) --Tim May -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^859433 | Public Key: PGP and MailSafe available. Cypherpunks list: majordomo@toad.com with body message of only: subscribe cypherpunks. FAQ available at ftp.netcom.com in pub/tcmay
By the way, the next time a pro-clipper person does this, point out that our very own government has repeatedly accused French intelligence of committing industrial espionage on behalf of its own industries, and that there just might be a connection between these two policies that the US is trying to emulate. At a CPSR/EFF meeting a few years ago I succeeded in getting a real rise out of James Kallstrom of the FBI with this comment. Great fun. But then again, he *is* a rather excitable sort...
But what connection could their be? French crypto regulation arguably does very little to weaken corporate security of foreign firms. brad
"Timothy C. May" wrote:
I heartily agree with Duncan here! There has been very little said by the good residents of France, Germany, Sweden, Holland, Italy, etc. about just what the crypto-related laws of their countries are.
(I've touched on this issue in a few bits and peices, but this is an opportunity for me to summarise some of the critical points) Crypto in Australia: - There are no regulations or laws covering the use of crypto, ie. encryption of communications over common carriers. However, when a Law Enforcement Agency (only our Federal Police and the Australian Security Intelligence Organisation can obtain warrants for telephone intercepts) requires an intercept, the carrier must be able to furnish the information to them. What this means is that if the carrier employs encryption or some other method of altering information between external communication end points, it must unwrap this for AFP/ASIO when they have a warrant for such information. This applies _only_ to "carriers". - There _are_ export laws on crypto, covered under section 13B and 13E of the Customs (Prohibited Exports) Regulations (under the Customs Act 1901). This prohibits certain specified goods of which crypto is one, along with any goods in a list produced by the `Minister of State for Defence' on `Goods with Civil and Military Applications' [ie. what comes from COCOM]. Permits must be obtained in writing from the Minister of State for Defence _or_ someone authorised in writing by him/her. This legislation doesn't seem to have been applied. - There are no laws on crypto import. Of course, importing implies something coming from another jurisdiction, who may see the export issue a different way. It's my belief that the laws are in place to "scare" and "standover" the _exporters_ and place the onus on them to control emissions. In other words, just as if the smoke shop sold to a minor, the shop, not the minor would get it. I did at one stage think that "they" wouldn't mind occasional abuses of the legislation, as it gives them the occasional victim to prosecute and hold up for all to see. I don't think this anymore, because "they" would _not_ win a case unless it's shown that the exporter did so explicitely to construct products for "the bad guys" (a dubious concept at best) -- as opposed to products for personal security and commerce (I suspect this is why Phils case is on ice, prosecuting him isn't ever going to work). - The Defence Signals Directorate (DSD) is our primary SIGINT/COMSEC agency. Much like the NSA (but on a smaller scale, their HQ in Canberra consists of 3 or 4 buildings only, surrounded by razor fencing though and my "driver" swears the radio went dead as I stepped out for a closer look :>) they provide COMSEC advice to the Govt. They are also the ones that deal with authorising crypto products for export under s.13B & 13E as mentioned above. - Some peripheral issues: There is a section in the Telecommunications (Interception) Act that makes it an "offence" to hinder an officer under a warrant. This may apply to the use of crypto, but would do so only after a warrant has already been obtained to look into a criminal offence -- this is mere speculation on my behalf. Our privacy act deals _only_ with information relating to the Tax File Number, and credit agencies. We have a `Data matching Act' that allows social security and the tax department to correlate data base information. Interestingly enough this Act specifically outlines in algorithm steps what is to be compared, how it is to be compared and even time restrictions on the lengths of these steps and looking at the composition of the information, one gets an idea about exactly what is stored in these databases.
Lots of clucking about U.S. policy, followed by "And the U.S. is not the whole world" comments, but very little about, for example, the Dutch Binnenlandse Veiligheids Dienst (BVD) is targetting crypto users, or how, for example, the German Bundesnachrichtendienst (BND) is pushing for constitutional limits on speech in Germany.
So far there don't seem to be any moves here in Australia to change what legislation is already in place. Though, I must admit that I haven't gone into depth on this and am relying only upon what the Department of Transport and Communications and our Attorney General's Department have told me [by letter and telephone]. Ian Farqhar might have some comments on the Law Enforcement Access Committee. I have it on my "to do list" to wander up to the Law Reform Commission and ask them whether they've considered or are considering any of these issues (Justice Kirby once wrote an excellent paper in Computer Networks and ISDN Systems on `Data protection and Law Reform' back in 1979 -- well, I would have been about 7 years old then, I read it at a later stage).
My hunch is that most of the Western nations are looking for policy guidance to Washington, and that whatever laws the U.S. adopts as part of Clipper-Key Escrow-Digital Telephony-Antiterrorism-Tracking will be adopted in a similar form by the EC and other countries. (The recent or upcoming conference on international issues in key escrow, whose agenda was posted a while back, is indicative of this.)
I'd say this is so. One thing that is particular about Australia is that our Government "loves" International Agreements and likes to be seen adhering to them. This fuels my skeptism about changes in our crypto export laws (which have been unenforced anyways -- for the reasons mentioned wrt. Phil above) because they come from COCOM agreements. We've always had close ties with the US, but these have been wavering, if only slightly, in the last few years. I'd like to know more about COCOM though, can anyone offer ? We beat the Australia card (then suffered the Tax File Number in its place, though not as severe). I'm confident that something as high profile as Clipper or Key Escrow would have a good level of opposition where the public can understand the direct application to telephone conversions, I'm not so confident about general issues of cryptography though. I suspect this is the case in other countries, but anytime we see "bulletin boards" and "the internet" on current affairs shows, it tends to be in the context of underage access to pornography. Matthew. -- Matthew Gream <M.Gream@uts.edu.au> (02) 821-2043 (sw/hw engineer)
Possible misconception (was rushing to beat a system downtime): "Matthew Gream" wrote:
in writing from the Minister of State for Defence _or_ someone authorised in writing by him/her. This legislation doesn't seem to have been applied.
When I mean "hasn't been applied", I mean as in it doesn't seem that anyone has been prosecuted explicitly for crypto export. The regulations deal with lots of other things as well (export to Iraq, Libya, <insert bad guy of the month> and export of nuclear and munitions et al) and it's sure to have been enforced on many other points. Matthew. -- Matthew Gream <M.Gream@uts.edu.au> (02) 821-2043 (sw/hw engineer)
On Sep 21, 9:13am, Matthew Gream wrote:
- The Defence Signals Directorate (DSD) is our primary SIGINT/COMSEC agency. Much like the NSA (but on a smaller scale, their HQ in Canberra consists of 3 or 4 buildings only, surrounded by razor fencing though and my "driver" swears the radio went dead as I stepped out for a closer look :>)
I don't know about that, but I do know that the building is completely TEMPEST shielded. It was custom built for DSD 2-3 years ago, when they moved to Canberra from Melbourne.
they provide COMSEC advice to the Govt. They are also the ones that deal with authorising crypto products for export under s.13B & 13E as mentioned above.
DSD provides both COMSEC and COMPUSEC, and is surprisingly open about SIGINT too. I must admit that I have found them to be surprisingly helpful on most occasions, although they do take security VERY seriously.
So far there don't seem to be any moves here in Australia to change what legislation is already in place. Though, I must admit that I haven't gone into depth on this and am relying only upon what the Department of Transport and Communications and our Attorney General's Department have told me [by letter and telephone]. Ian Farqhar might have some comments on the Law Enforcement Access Committee. ^^^^^^
Law Enforcement Advisory Committee. That might have been my mistake, as I once did miscall them that. Not much, no. They're heavily secretive, and my understanding is that they consist of representatives of the Attorney General's department, ASIO and the Australian Federal Police. They were mentioned to me in passing as one body which might have a lot of interest in controlling domestic cryptography, and I also understand that they were involved in the deliberations over the A5/1 and A5/2 decision (which, I am told by Austel - Telecommunications watchdog - was quite different to what was reported on the Internet). I must admit to finding myself quite irritated that bodies like the LEAC (which are, after all, advising government on domestic policy) are so secretive. Ian.
"Ian Farquhar" wrote:
- The Defence Signals Directorate (DSD) is our primary SIGINT/COMSEC agency. Much like the NSA (but on a smaller scale, their HQ in Canberra consists of 3 or 4 buildings only, surrounded by razor fencing though and my "driver" swears the radio went dead as I stepped out for a closer look :>)
I don't know about that, but I do know that the building is completely TEMPEST shielded. It was custom built for DSD 2-3 years ago, when they moved to Canberra from Melbourne.
Actually, I have to admit to having a slight fascination with buildings of this type, some other points about the architecture and location of DSD HQ: [Note: It's an offence to photograph these facilities, it might be bordering on the edge of legality to make the following observations, but these are all a matter of the public record and intended for informational purposes -- if it's me making them at all :-)]: - It's located in Russell Offices along with most of the Deparment of Defence and ASIO's HQ. Just down the road is ASIS, and around the corner is the AFP's HQ. It puts a lot of valuable resources in close physical proximity. - Just above Russell Offices (on Russell Hill in fact) is a lookout, you drive up from ADFA. Standing up here gives you direct line of sight into DSD and all the other Defence buildings, you can watch people walking around. Interestingly, when I drove down and back around the front and looked back up to lookout, a utility had pulled up. In any case, employees have questionable ability to remain "anonymous". - Right along the front of the building is a major road, a couple of feet away stands the razor fencing, then the building is a few more feet inside, on the other side of the road is a carpark. The guardhouse for entry into the "complex" sits just off the road too. - You can drive up around the back of the complex, there is a little road that has the DSD facility on the lower side and bushland on the upper. You can get out and walk up to the fence and stare straight down into a smaller inside carpark and people walking around. - The building immediately adjacent to the road out the front only stands some 20 or so metres high, it has no windows and is quite recent --> the TEMPEST sheilding you mention. The other buildings, more than likely only for administrative purposes have darkened windows. More than likely it extends to a significant distance underground. - There are no obvious antennas on or near it at all. Although the Defence Integrated Secure Communications Network (DISCON) has it's certain switching station at Canberra, this is mainted by another division within the Defence Dept. (DSD is an "outrider" organisation anyway). Desmond Ball's book shows a picture of a sat dish at Watsonia for NSA uplink, used when DSD were in Melbourne -- there is none of this in Canberra. I'm pretty sure Defence maintains a communications facility just out of Canberra (not far from Tidbinbilla (sp?), probably initially processed there and leased line into Russell Offices ?). - DSD uses the Signals Corp, and when a new battalion relocated to Moorebank Army base, as they were building it, someone who drove by daily remarked to me that up went the frame, then went in a room concreted with only one doorway and subsequently wrapped in "insulation". They then bricked the building up as per usual, ie. adding another layer over this "room". When the work in this room (I'm told), the shifts last about 4-6 hrs, they enter and don't leave until their time is up. Standard security procedures I guess, interesting to see it on your proverbial backdoor none the less :-). Not exactly what most people go and see on their holidays, but then I've never been like "most people" :-) [footnote: I take a purely passive and observant role in these affairs]. cheers, Matthew. ps. There's also the Brian Wilshire conjectured "Big Brother Information Processing Centre" at St. Leonards (I could see it out the window of my previous place of employment!), but it's nothing more than Telecom's Data Processing Facility. Brian Wilshire (talkback host on local 2GB, author of "Fine Print") is a loony anyway. -- Matthew Gream <M.Gream@uts.edu.au> (02) 821-2043 (sw/hw engineer)
On Sep 20, 10:21am, Timothy C. May wrote:
I heartily agree with Duncan here! There has been very little said by the good residents of France, Germany, Sweden, Holland, Italy, etc. about just what the crypto-related laws of their countries are.
As I recall, Matthew Gream just posted the results of several months of investigation into Australia's crypto laws, which is probably the most definitive summary available to date. It is a superb piece of work, but the thread died swiftly. I also posted a summary of SENECA in sci.crypt (compiled with the help of DSD), which is the Australian government classified DES replacement, and there were were no followups there either. One can only presume from all this that the interest is not really there.
My hunch is that most of the Western nations are looking for policy guidance to Washington, and that whatever laws the U.S. adopts as part of Clipper-Key Escrow-Digital Telephony-Antiterrorism-Tracking will be adopted in a similar form by the EC and other countries. (The recent or upcoming conference on international issues in key escrow, whose agenda was posted a while back, is indicative of this.)
I suspect, unfortunately, that you're right. It's like taking cooking tips from Lucretia Borger (sp?). Ian.
participants (7)
-
Brad Huntting -
frissell@panix.com -
Ian Farquhar -
M.Gream@uts.EDU.AU -
Mats Bergstrom -
Phil Karn -
tcmay@netcom.com