The Clipper connection

[hkhenson at cup.portal.com]

    If I may boil down one side of the Clipper/Capstone debate, it is 
certain members of the government saying: 

    "We need to implement this encryption method so as to avoid 
problems we think may be coming.  Trust us!  We promise not to abuse 
your privacy."  [except for the following--expandable--list of 
reasons.] 

    Unlike some in this debate, I do not doubt the sincerity of 
Dorothy Denning or others like her.  And I would have a lot fewer 
problems with Clipper/Capstone proposal if the people who will be 
granting access to the keys and those with legal access to the keys 
were of Dorothy's caliber. 

    However, people of good will are not likely to be the ones who 
apply for these keys to your privacy in the future.  I am right in the 
middle of a case which has remarkable similarities to a Clipper 
"request for keys." 

    Full details have been posted to comp.eff.talk and misc.legal, but 
in brief summery, a Postal Inspector from Tennessee is attempting (for 
political reasons) to impose the obscenity standards of that region on 
an adult BBS run from Milpitas (just North of San Jose).  To this end, 
he obtained a warrant to take the BBS hardware.  Because of contained 
email and First Amendment activities of a BBS, subpoenas, not 
warrants, are required under two sections of federal law.  The laws 
are Title 42, Section 2000aa, and Title 18 Section 2701, the same ones 
which were applied in the well-known Steve Jackson Games case. 

    Pointers to these federal laws were *posted* on the BBS.  The 
postal inspector downloaded this file (most of which *I* originally 
wrote), and *included* it in his affidavit for a search warrant to a 
Magistrate-Judge in San Francisco, along with a remarkably weak theory 
of how he could avoid application of these laws to himself.  

    To obtain a warrant to take email and 2000aa materials, a number 
of judicial findings should have been made.  None were.  The postal 
inspector got his warrant, mailed child pornography to the BBS, served 
the warrant, and "found" the child porn.  To give you an idea of the 
good will (and competence) of the particular agent involved, he had 
not included the child porn in the warrant, and so had to fill out 
another document at the time of the search.  On this form he 
specifically described the material as "sent without his knowledge" 
(referring to the sysop).  Of course this statement did not prevent 
this child pornography (in the sysop's house for all of half an hour) 
from being the basis of one count (of 12) of a grand jury indictment 
the BBS sysop faces in Tennessee. 

    This warrant example applies to the Clipper situation.  

    The risk under Clipper is that your private communications will be 
protected by the *weakest* link in the chain--one of the thousands of 
low level Magistrate-Judges among whom law enforcement agents shop for 
warrants and will shop for keys.  These judges tend to be busy, or 
lazy or both, and they *trust* law enforcement agents.  Even if the 
law is *directly quoted* in search warrant affidavits or key requests, 
and these laws *expressly forbid* granting warrants or key requests 
under the conditions cited, the judge may not even read a lengthy 
supporting affidavit before approving it.  He is *very* unlikely to 
consider a the underlying laws when granting a request.  The key 
escrow agents provide no protection whatsoever since they simply fill 
orders from agents with approved applications. 

    Judges ignore the law with impunity, and so do law enforcement 
agents because one agency will almost never investigate another. 

    As a practical matter, applications for search warrants are almost 
never denied.  The same situation is certain to occur for Clipper key 
applications, no mater how weak the justification happens to be, or 
what laws are being violated by those seeking the keys. 

Keith Henson