SAFE Bill is a Disaster--"Use a cipher, go to prison"

[Tim May]

At 6:09 AM -0800 5/1/97, Jonah Seiger wrote:
>Tim -
>
>It's too bad we may not see eye-to-eye on this one.
>
>For what it's worth, CDT shares your concerns about the criminal provision
>in the SAFE bill.  We believe that as currently written, the provision is
>overly broad and could create a chilling effect on the everyday use of
>encryption, and  unnecessary because it duplicates existing obstruction of
>justice law.

Indeed. All reasons to withdraw support for the Bill and to actively seek
to undermine and sabotage it, as I hope many of us do.

Further, it is quite clear that the Bill will *not* allow strong crypto (by
"strong" I mean "arbitrarily strong," the only kind most of us support!) to
be exported freely. Even for "financial cryptography," as clearly any
strong crypto system can--and wiil--be used eventually by some group the
Administration deems to be "international terrorists."

(I would classify the U.S. government as a supporter of international
terrorism, for many reasons. The mining of the harbors in a country with a
relatively freely elected government, for example. The support of Kurdish
terrorists. The funding and equippers of sappers in Serbia. And so on. Oh,
and does the use of PGP by Burmese rebels/freedom fighters/terrorists, so
often cited by Phil Zimmermann as a postive example, count as use by
terrorists? You get the picture. One man's terrorist is another man's
freedom fighter. I support, for example, the use of strong cryptography to
undermine the Zionist entity which preys upon the life of the people
(TM)...does this make me a supporter of terrorists or of freedom fighters?
And why do George Bush and Bill Clinton get to decide?)


>We have expressed these concerns both publicly (in a letter to the
>committee signed by EPIC, ACLU, EFF, VTW, CDT, and over 20 other
>organizations - see  http://www.privacy.org/ipc/safe_letter.html) and
>privately in conversations with the committee staff.  We hope to work with
>the authors of SAFE to address these concerns, but, as you know, we are not
>running this show and have to work with what the Congress gives us.

Yoo're not "running the show," nor am I, or we, but you can withdraw
support and actively oppose a bad bill.


>However, despite our concerns about the criminal provisions, we believe
>strongly that the SAFE bill, and the bills in the Senate sponsored by Burns
>and Leahy, are vitally important and should be passed.
>
>As you know, the debate over encryption policy reform has been going on for
>more than 4 years.  Despite all of our efforts to promote the use of
>encryption, crypto is still not widely used by the public.

"Use a cipher, go to prison" will hardly engender more public support for
cryptography.

More importantly, what the hell does the SAFE bill have to do with
Americans using crypto? Crypto is completely unrestricted, at least by law,
anywhere in the U.S. for use by American citizens and (most) others. If
Americans aren't using crypto, it's for other reasons.

"Use a cipher, go to prison" will not help in this process.

>The Clinton administration has not backed off from their commitment to a
>global key-escrow/key-recovery system with guaranteed law enforcement
>access to private keys. And despite the brilliant work of EFF on the
>various legal challenges to the export restrictions, we feel this issue
>will only be fully resolved through legislation.
>
>The status quo, in our view, is not good enough.  Because of the export
>controls and the lack of a coherent US encryption policy, Internet users do
>not have access to the privacy protecting encryption products they need.
>
>Congress needs to stand up to the Administration and say, with a strong
>voice, "your policy is a failure - we need a different solution".  That's
>what SAFE, Pro-CODE, and ECPA II do.

Sorry, Johah, but these are just platitudes from a press release.

More detailed analysis is called for, not just mouthings about Congress
standing up to the Administration, etc.

For example, answer this question: Will "unbreakable" (*) cryptography,
using full-strength RSA and drop-in 3DES, IDEA, Blowfish, AES, etc., be
allowed for unrestricted export?

If "yes," then this is indeed a good deal. But the weasel words in nearly
every section clearly say it is not.

If "no," then crypto is still crippled for export...the details just vary
(or maybe they don't, actually, as nothing is spelled out).


(* "Unbreakable" is a dangerous term. By "unbreakable" I mean here an
algorithm and key distribution mechanism (or no KD, as in PK systems) which
surpasses any known breaking attempts by some comfortable margin. Cf. the
study by the noted cryptographers, and use keylengths like 128 bits of work
factor...that ought to be "unbreakable" by the standards of the next few
centuries!)

Importantly, the putative goals of the SAFE Bill could be much more simply
handled this way:


"SAFE -- Security and Freedom Through Encryption: Computer software shall
be treated as any other form of speech is. Software shall not be subject to
restrictions on dissemination, export, or possession."


--Tim May, still a felon, and still using encryption to further
prosecutable offenses. Fuck Congress.


--
[This Bible excerpt awaiting review under the U.S. Communications Decency
Act of 1996]
And then Lot said, "I have some mighty fine young virgin daughters. Why
don't you boys just come on in and fuck them right here in my house - I'll
just watch!"....Later, up in the mountains, the younger daughter said:
"Dad's getting old. I say we should fuck him before he's too old to fuck."
So the two daughters got him drunk and screwed him all that night. Sure
enough, Dad got them pregnant, and had an incestuous bastard son....Onan
really hated the idea of doing his brother's wife and getting her pregnant
while his brother got all the credit, so he pulled out before he
came....Remember, it's not a good idea to have sex with your sister, your
brother, your parents, your pet dog, or the farm animals, unless of course
God tells you to. [excerpts from the Old Testament, Modern Vernacular
Translation, TCM, 1996]