Tech Insider					   Technology and Trends


			   USENET Archives

Path: sparky!uunet!ogicse!emory!swrinde!cs.utexas.edu!milano!
cactus.org!ritter
From: rit...@cactus.org (Terry Ritter)
Newsgroups: sci.crypt
Subject: Limits on the Use of Cryptography?
Message-ID: <1992Nov11.061210.9933@cactus.org>
Date: 11 Nov 92 06:12:10 GMT
Article-I.D.: cactus.1992Nov11.061210.9933
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
Lines: 31


 Although the discussion of key registration has been interesting,
 it does seem a bit like shooting fish in a barrel.  Discussing the
 proposition on a computer network invokes an inherent bias in most
 readers.  So, suppose we give the issue a different environment:

    The police bust an alleged child molester, and take possession
    of his PC.  They believe that the hard drive contains a full
    database of young kids who have been *or may be* assaulted.
    That database is enciphered.

 Now, your mission, should you decide to accept it, is to defend
 cryptography to ordinary voters, congress people and newspaper
 reporters.  You also need to explain to a relative of one of those
 kids, someone who doesn't own or work with a computer, why the
 government should "allow" private cryptography which could hide
 this sort of information.

 You *could* say that cryptography does not molest children, that
 only molesters molest children.  Or you could say that if ciphers
 are outlawed, only outlaws will have ciphers, and that criminals
 would not register keys anyway.  But the district attorney might
 point out that, if the law required key registration (or even just
 the delivery of keys *after* a formal court hearing), the molester
 could at least be convicted on *that* charge, and would not be
 molesting anybody for a while.

 So what do *you* say?

 ---
 Terry Ritter   rit...@cactus.org

Xref: sparky sci.crypt:4595 alt.society.civil-liberty:6524
Path: sparky!uunet!sun-barr!sh.wide!wnoc-tyo-news!nec-tyo!nec-gw!
sgiblab!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!
linac!att!bu.edu!transfer.stratus.com!ellisun.sw.stratus.com!cme
From: c...@ellisun.sw.stratus.com (Carl Ellison)
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <1dre8mINNhfk@transfer.stratus.com>
Date: 11 Nov 92 17:01:10 GMT
References: <1992Nov11.061210.9933@cactus.org>
Organization: Stratus Computer, Software Engineering
Lines: 84
NNTP-Posting-Host: ellisun.sw.stratus.com

In article <1992Nov11....@cactus.org> rit...@cactus.org (Terry Ritter) writes:
>
>    The police bust an alleged child molester, and take possession
>    of his PC.  They believe that the hard drive contains a full
>    database of young kids who have been *or may be* assaulted.
>    That database is enciphered.
>
> Now, your mission, should you decide to accept it, is to defend
> cryptography to ordinary voters, congress people and newspaper
> reporters.

	[ . . . ]

>
> So what do *you* say?
>


Terry asks the key question.

I have a liberal friend in the People's Republic of Cambridge (MA :-) who
has only a Mac-user's acquanitance with computers to whom I was trying to
explain this issue.  Her reaction was "what are you trying to hide with
cryptography anyway?  ...that's just a silly game emotional infants play."
[She had known an emotional infant who was heavily into inventing the
perfect cryptosystem -- perhaps like people we see on sci.crypt
occasionally.]

So -- I had to explain to her about the dangers of hacking -- starting with
funds transfers.  We go from there to industrial espionage.  Consider, for
example, my e-mail working relationships with co-workers in Stratus.

Stratus is a multi-national company.  We have engineering organizations in
various cities.  We cooperate in new system design via e-mail (and
telephone and video conferencing).  We log in from home.  (Stratus provides
terminals, modems and phone lines to most employees.)  There is a hell of a
lot of sensitive information going through public carriers where it can be
tapped.

This is not like the postal system.  Back when I worked in a classified
facility, I was told to send SECRET documents by the US Mail, inside a
plain mailing envelope with an inner envelope giving the security
classification.  That was in the days of the gov't post office and they
trusted it.  (I just assume they still do.)

Electronic communication is not that closed a system.  The evidence for
breaking into it is ephemeral at best.  At least if a postal worker snagged
a letter, there was physical evidence and he would be in BIG trouble.
With electronic communication, there's little evidence -- good deniability,
to use a hopefully archaic term.  So, we have to have both authentication
and privacy in electronic communications.

***** SO -- with this much explanation, I got her to think a little more
about encryption.  She now recognizes it as necessary.  However, even with
her bias against abuses by recent Republican administrations, I doubt
she would agree that cryptography needs to be available, unregulated to
the average citizen.

I share the notion that a citizen's privacy should be a fundamental right
and that the government is the enemy -- but this is no place for that
political argument.

This is the place for concrete examples which will convince even the person
who doesn't share my belief and who *never will share that belief*.

Let's answer Terry's question with more examples.

Once we have a good enough groundwork of solid examples, then maybe we can
address (in some other group) how to calm down the father of a 9-year-old
girl who has been raped by this mad porno-user who owns a diskette the 
police can't read.

(It could as easily be a locked safe no one in the country could open.
Defiance of the police when the people are against you is a defiance of
each of those individuals -- and there's nothing more infuriating to many
people than "(nyah, nyah) I've got a secret and I'll never tell you.".  A
person (voter) infuriated like that needs to be calmed down and turned back
into a rational being before he votes.)

-- 
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison						c...@sw.stratus.com
-- Stratus Computer Inc.	M3-2-BKW		TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298	FAX: (508)624-7488






Newsgroups: sci.crypt
Path: sparky!uunet!cis.ohio-state.edu!pacific.mps.ohio-state.edu!
linac!uchinews!gargoyle.uchicago.edu!hugh
From: hu...@gargoyle.uchicago.edu (Hugh Miller)
Subject: Re: Demons and Ogres
Message-ID: <hugh.721982357@gargoyle.uchicago.edu>
Sender: ne...@uchinews.uchicago.edu (News System)
Organization: University of Chicago Computing Organizations
References: <921114182202.126812@DOCKMASTER.NCSC.MIL> 
<1992Nov14.204512.17407@csi.uottawa.ca>
Date: Tue, 17 Nov 1992 06:39:17 GMT
Lines: 131

    Chris Browne's wonderful post is the very voice of reason, although
it's a gone a little short of replies due, I suppose, to the clang of
various metallic balloons.  (Phil Zimmermann's post of Nov. 17, I note
happily, makes many of the same points.)

    He is, of course, exactly right.  It does those of us who support
freely accessible practically secure cryptography no good at all to get
tied up in endless wrangles amongst ourselves as to, in effect, who is
the true keeper of the privacy (etc.) flame.  Phil Zimmermann's joke
about the leftist firing squad is apropos.  (When I was in graduate
school at Toronto a friend of a friend in the St. George Graduate
Residence used to play a game he called `Anarchist Snooker.' It was set
up like regular snooker, only the balls had meanings: the yellow ball
stood for `The Press,' the green for `Capital,' the brown for `Fascism,'
the blue for `The Military-Industrial Complex,' the pink for
`Socialism,' the black for `Anarchism,' the white (cue) ball for `The
Will of the People,' and the 15 reds, each differently labelled with a
grease pen, stood for the various communist factions.  After each shot
you had to stop and expound the politics of the layout of the table. The
game pointed up the endless, senseless wrangling among the factions of
the left, and what was especially cute was that, as in regular snooker,
once all the red balls were in the pockets and gone, the other balls
(`The Press,' `Capital,' `Fascism,' `The Military-Industrial Complex,')
remained on the table and still in play.)

    Dr. Denning speaks from the perspective of one who deals with the
sorts of people to whom Chris Browne refers -- the sort of people who
would be likely to find even the `Modest Proposal' she floats in her
initial (`lead') and revised (`copper') key-registration schemes too
anarchistic and subversive for their tastes.  A genuine defense of
freely accessible practically secure cryptography must attempt to
address some of their concerns, even if we cannot hope to win over the
more pathologically control-minded.  In the battle for the hearts and
minds of the general public and the legislators we have to provide
arguments which will be, as Browne says, "convincing to someone who has
no problem with `strong government' as well as to someone who believes
the government should either be small or nonexistent."  And, as Phil Z.
notes, one has got to take into account the misuse of crypto, and
provide convincing, not just abstract or logically valid, arguments for
its use despite that potential for misuse.

    To start the ball rolling, a few initial efforts:

  I.    Freely accessible practically secure cryptography (FAPSC) is an
        area in which the interests of private corporations and the
        interests (some would say rights) of private individuals to be
        secure in their persons and papers converge.  (They, ahem, don't
        always.)  As one of the recent contributors to the discussion on
        sci.crypt noted (I can't remember who, sorry!), it was supremely
        ironic that in the same Congressional testimony in which he
        lamented the explosive growth in recent years of industrial
        espionage, FBI Director William Sessions went on record as
        opposing FAPSC.  Making FAPSC illegal for the general populace
        will severely impact the security of internal corporate
        communications.  (Individual corporations are, I think, unlikely
        to win exemptions to such legislation unless they do contract
        work with the government, and then only on those specific
        contracts.)  Such a general ukase on FAPSC would thus hurt
        American business in a competitive world market.  This kind of
        argument is already being made by many corporations, and loudly.

  II.   From my educated layman's view of the intelligence-gathering
        process, two critical problems faced by analysts are (1)
        identifying the needles of valuable information in the haystack
        of more-or-less irrelevant data, and (2) correctly interpreting
        that information for the end-user.  The presence of FAPSC would
        not affect the second problem at all, as it is internal to the
        relationship of the intelligence-gatherer and the end-user. It
        _would_ affect the first problem, in certain ways.  It would of
        course reduce the size of the haystack, since most of the bits
        flowing into the intercept horns and linetaps would be
        encrypted.  Some informational `needles' would doubtless be
        obscured as well, and it is this prospect which exercises those
        who oppose FAPSC.  But consider that the kind of
        information-gathering facility which would be most impacted by
        FAPSC is the one about which almost everybody in this debate has
        the most misgivings: brute-force keyword searches on very-broad-
        band comm trunks.  Here the analogy with paper mail is most apt
        and should be played up for all it's worth: no one (or almost no
        one) would agree that the government ought to be in the business
        of steaming open and reading every letter passing through the
        U.S. Postal Service in the hopes of catching someone plotting to
        sell drugs or distribute kiddie porn, reprehensible as we find
        such activities to be.  (Wartime mail censorhip is, of course,
        the sole exception to this rule; but we haven't been formally at
        war in a _very_ long time, and we have shown no inclination to
        accept it or other related wartime expediencies even at the
        height of the Korean, Vietnam, Drug, and Persian Gulf wars.)  If
        by some other means (e.g. HUMINT) an intelligence-gathering
        agency discovers several parties communicating for possibly
        illegal purposes, it may obtain a court order by due process and
        proceed to eavesdrop.  That the data stream that it intercepts
        will be encrypted may not turn out to be a big problem, for
        reasons given below.  So, taken all in all, when one counts the
        (small) possible losses in information from ubiquitous FAPSC
        against the enormous benefits to business and private citizens
        from having it in place, it is clear that the balance of utility
        is on the side of the latter option.  (Most folks love
        cost-benefit analyses.)

   III. I propose that -- and this is, admiitedly, a stretch --
        ubiquitous FAPSC would tend to _improve_ the quality of
        intelligence gathered from telecomm.  Suppose, for the sake of
        argument, that Agency N gets information that individuals A and
        B are involved in what appears to be a conspiracy to, say, sell
        illicitly acquired industrial secrets to company C. Further
        assume that A and B are not professionals, i.e., trained spies;
        assume rather that they use common carriers for their
        communications and a trusted FAPSC package such as RIPEM or PGP.
        Such persons are likely, given the current understanding of
        FAPSC in the general populace, to be rather too credulous and
        trusting of their security system.  This makes them easy
        pickings for Agency N.  A quick trip in a Tempest van or a
        black-bag job to obtain the secret keys of one or both parties,
        and a wiretap, and Agency N can listen to their correspondence
        until at least the next keychange, and maybe beyond.  It can
        even spoof one or both parties and insert disinformation into
        the communications stream between A and B, and have that
        information acted on in complete trust of its authenticity.
        This is the key point: a shallow understanding of current crypto
        security (especially asymmetric cryptosystem) would lead the
        likes of A and B to be more easily monitored and duped.  Shallow
        understanding is about all that most nonprofessionals would ever
        exhibit.  As for the professionals, of course, special means
        will, and have always been, required to catch them; and the
        presence of ubiquitous FAPSC will not make that task any more
        onerous than it already is.

    More needs to be done.  Add to the list, or tear these apart.
Hugh Miller         | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 |  FAX: 312-508-2292  |    hmi...@lucpul.it.luc.edu

Newsgroups: sci.crypt
Path: sparky!uunet!zaphod.mps.ohio-state.edu!cs.utexas.edu!milano!
cactus.org!ritter
From: rit...@cactus.org (Terry Ritter)
Subject: Re: Demons and Ogres
Message-ID: <1992Nov17.103439.19143@cactus.org>
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
References: <921114182202.126812@DOCKMASTER.NCSC.MIL> 
<hugh.721982357@gargoyle.uchicago.edu>
Date: Tue, 17 Nov 1992 10:34:39 GMT
Lines: 57


 In <hugh.72...@gargoyle.uchicago.edu>
 hu...@gargoyle.uchicago.edu (Hugh Miller) writes:


>  I.    Freely accessible practically secure cryptography (FAPSC) is an
>        area in which the interests of private corporations and the
>        interests (some would say rights) of private individuals to be
>        secure in their persons and papers converge.

 I believe this is clearly false.  What corporations (e.g., banks)
 have typically screamed about is the right to continue to use DES.
 A few months ago, corporations were screaming about possibly being
 required to provide remote monitoring access to their private
 telephone switches.  None that I know of is fighting, say, for
 the right of their employees to use cryptography for personal
 communications or data storage.


>        Making FAPSC illegal for the general populace
>        will severely impact the security of internal corporate
>        communications.  (Individual corporations are, I think, unlikely
>        to win exemptions to such legislation unless they do contract
>        work with the government, and then only on those specific
>        contracts.)

 I see no reason to think that corporations would not be granted
 easy-to-get licenses if they use particular types of equipment.

 In fact, a March 1987 article in Data Communications magazine
 described NSA's Commercial Comsec Endorsement Program (CEEP) and
 Project Overtake encryption equipment in two classes:  Types I
 and II.  Type I would be available only to government agencies and
 contractors, but a Type II "module" would be a replacement for DES
 equipment, and would be built into a computer or communications
 device and sold by a vendor.

 This program was not a success (they "ran it up the flagpole" and
 nobody saluted), but, clearly, NSA *is* prepared to support the
 concept of data encryption for business.  Not unexpectedly, there
 was no proposal to provide low-cost consumer encryption, a topic
 which has been at the heart of the argument here for the past week.


>Such a general ukase on FAPSC would thus hurt
>        American business in a competitive world market.  This kind of
>        argument is already being made by many corporations, and loudly.

 Business use and personal use are two different things.  I think
 it quite likely that the government would like to license the
 first, and minimize the second.  Consequently, arguments based on
 American business competitiveness may be totally irrelevant to the
 continued use of strong cryptography by individuals.

 ---
 Terry Ritter   rit...@cactus.org

Newsgroups: sci.crypt
Path: sparky!uunet!destroyer!ncar!uchinews!gargoyle.uchicago.edu!hugh
From: hu...@gargoyle.uchicago.edu (Hugh Miller)
Subject: Re: Demons and Ogres
Message-ID: <hugh.722121298@gargoyle.uchicago.edu>
Sender: ne...@uchinews.uchicago.edu (News System)
Organization: University of Chicago Computing Organizations
References: <921114182202.126812@DOCKMASTER.NCSC.MIL> 
<hugh.721982357@gargoyle.uchicago.edu> <1992Nov17.103439.19143@cactus.org>
Date: Wed, 18 Nov 1992 21:14:58 GMT
Lines: 84

    Terry Ritter writes:

>What corporations (e.g., banks) have typically screamed about is the
>right to continue to use DES. A few months ago, corporations were
>screaming about possibly being required to provide remote monitoring
>access to their private telephone switches.  None that I know of is
>fighting, say, for the right of their employees to use cryptography for
>personal communications or data storage.

    But there _have_ been calls for the continued legality of public-key
cryptosystems, since businesses recognize the key-management advantages
such systems provide over single-key ones like DES.  Most corporations
seem happy with the security DES affords, but would like to dispense
with single-key management problems.  It is trivially true that
corporations have no interest in supporting such crypto for the personal
communications of their employees, since they don't want to pay
employees for personal affairs, only for business ones; and it is
equally trivially true that they would not be concerned with using
crypto for internal data storage, since other systems already in place
(physical security, access control, tape lockups, etc.) have been paid
for and can be expected to do their jobs reasonably well.

> I see no reason to think that corporations would not be granted
> easy-to-get licenses if they use particular types of equipment.
>
> In fact, a March 1987 article in Data Communications magazine
> described NSA's Commercial Comsec Endorsement Program (CEEP) and
> Project Overtake encryption equipment in two classes:  Types I
> and II.  Type I would be available only to government agencies and
> contractors, but a Type II "module" would be a replacement for DES
> equipment, and would be built into a computer or communications
> device and sold by a vendor.
>
> This program was not a success (they "ran it up the flagpole" and
> nobody saluted), but, clearly, NSA *is* prepared to support the
> concept of data encryption for business.  Not unexpectedly, there
> was no proposal to provide low-cost consumer encryption, a topic
> which has been at the heart of the argument here for the past week.

    As I pointed out in my original post, the government would likely
support practically secure crypto for communications between its
contractors and itself.  (There's your `Type I' equipment.)  For
everybody else who wants it, NSA will be happy to ship you a board with
some proprietary blackbox chips on it for use in your PC, plus a 16-page
manual containing instructions and a mantra, "Trust us." (There's your
Type II.)  This is not `practically secure' crypto, since it violates
Kerckhoff's Assumption.  Corporations, who pay good money to hire good
security people who know about such things, did not `salute,' as you put
it.  On the basis of clumsy proposals like this I think it can be
reasonably concluded that NSA supports "data encryption" if you are
Martin Marietta communicating with Pentagon boffins about weapons
systems; otherwise, it supports "data encryption" which we can be
reasonably sure cannot be read by anybody but your intended recipient
and the NSA.
    _Of course_ NSA will not support freely available practically secure
crypto for the masses.  In its view, such a thing would only make its
own task, and that of domestic LE, harder.  But the burden of my
argument (and that of others in this thread) is that we must try to come
up with arguments, convincing to the public and legislators, why FAPSC
should be allowed anyway.

> Business use and personal use are two different things.  I think
> it quite likely that the government would like to license the
> first, and minimize the second.

    I disagree (about business use).  A great deal of intelligence is (I
understand) gotten from intercepts of business communications.  Why
should intelligence agencies want to see that stream dry up?  (That's
the whole reason, as I see it, for the `Type II' Overtake equipment.)

> Consequently, arguments based on American business competitiveness may
> be totally irrelevant to the continued use of strong cryptography by
> individuals.

    I still think that we have to try to construct _rhetorically_
convincing arguments which, for example, piggyback FAPSC for the general
public on the need for its use by business.  Politics makes strange
bedfellows, and if keeping FAPSC legal for the use of business allows us
to keep it legal for use by the masses, let's not kick our allies in 
business out of the sack.

    -=- Hugh
Hugh Miller         | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 |  FAX: 312-508-2292  |    hmi...@lucpul.it.luc.edu

Xref: sparky sci.crypt:5443 alt.society.civil-liberty:6811
Newsgroups: sci.crypt,alt.society.civil-liberty
Path: sparky!uunet!grebyn!daily!sgs
From: s...@grebyn.com (Stephen G. Smith)
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <1992Dec4.181819.26504@grebyn.com>
Organization: Agincourt Computing
References: <1992Nov11.061210.9933@cactus.org> 
<1dre8mINNhfk@transfer.stratus.com>
Date: Fri, 4 Dec 1992 18:18:19 GMT
Lines: 56

In article <1dre8m...@transfer.stratus.com> 
c...@ellisun.sw.stratus.com (Carl Ellison) writes:

>I share the notion that a citizen's privacy should be a fundamental right
>and that the government is the enemy -- but this is no place for that
>political argument.

>This is the place for concrete examples which will convince even the person
>who doesn't share my belief and who *never will share that belief*.

>-- Carl Ellison					c...@sw.stratus.com

This is the point.  Upper middle class Whites are raised to believe that
Mr. Policeman Is Your Friend.  Upper middle class Whites also make the
laws.  Anyone who is working class or non-White can supply many
counterexamples.

Anyone worried about Government abuse should look at the history of the
Watergate scandal, and see just exactly what President Nixon, Attorney
General Mitchell, and Special Counsel Coulsen *really did*. Breakins.
"Enemy lists".  Contempt citations.  Bribes.  Wiretaps.  "Dirty
tricks".  In the future, we will undoubtedly have leaders who are just
as bad or worse.  (No, this is not a comment on any current politicians
:-).

Note that the "child molester" scenario is a non-argument.  The gov't
can always get a subpoena for the key.  The thing we are worried
about is letting the gov't have access to *all* encrypted data at any
time without notifying the owner of the data.  This is equivalent to
legalized burglary.

Anyway, the best arguement that I can come up with on short notice
is based on the security of the data.

Security in the legal system stinks.  So they put in this big vault with
all the keys in it, and who has to fetch them out?  A minimum wage
clerk.

Note that when a key is fetched by the gov't, it compromises *all* data
encrypted with that key.  A person or business under investigation can
only assume that *all* of their encrypted data has been compromised.
The only solution is to go to "more primitive" ways of protecting data.

To summarize:

1.  The only reason for requiring key registration is to allow the gov't
    *undetected* access to encrypted materials.

2.  When the gov't accesses the information, all information encrypted
    with the registered keys is compromised.

3.  The only safe assumption is that all information encrypted with a
    registered key has been compromised.
-- 
Steve Smith                     Agincourt Computing
s...@grebyn.com                  (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."

Xref: sparky sci.crypt:5522 alt.society.civil-liberty:6840
Path: sparky!uunet!haven.umd.edu!ames!agate!spool.mu.edu!darwin.sura.net!
wupost!crcnis1.unl.edu!moe.ksu.ksu.edu!engr.uark.edu!mbox.ualr.edu!
grapevine!jim.wenzel
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <2229.517.uupcb@grapevine.lrk.ar.us>
From: jim.w...@grapevine.lrk.ar.us (Jim Wenzel) 
Date: 8 Dec 92 21:55:00 GMT
Reply-To: jim.w...@grapevine.lrk.ar.us (Jim Wenzel) 
Distribution: world
Organization: The GrapeVine BBS *** N. Little Rock, AR *** (501) 753-8121
Lines: 33



Stephen G. * Note that the "child  molester" scenario is a non-argument.
             The gov't can always get a  subpoena for the key. The thing
             we are  worried about is  letting the gov't  have access to
             *all* encrypted data at any
                                 = = =


    I just  got off the  phone with the  'non-argument' "child molestor"
    scenario.

    According to  the detective involved in  the case, they have  had no
    luck  (naturally) breaking  the PGP  code. They  are going after the
    'contempt of  court' angle in order  to force the defendent  to give
    them the password.

    Other interesting note.  He spoke with the FBI  about the matter and
    they indicated that they have also run into PGP. Once case involving
    espionage.

    Now, I  do not know  for a fact  that this note  is true. However, I
    have reasonable  assurances that the  child molestor case  is indeed
    true and have no reason to doubt the second.

    I still post the question:

    Since laws will probably be drafted concerning the use of cryptology
    how would you want such a law  to read if you had the opportunity to
    shape it.
---
 * SM 1.06 A0059 * BOING!  Nice chair.  Good tea.

Xref: sparky sci.crypt:5553 alt.society.civil-liberty:6852
Path: sparky!uunet!zaphod.mps.ohio-state.edu!saimiri.primate.wisc.edu!ames!
agate!doc.ic.ac.uk!uknet!strath-cs!imcc
From: im...@cs.strath.ac.uk (Iain McCord)
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <11283@baird.cs.strath.ac.uk>
Date: 10 Dec 92 13:01:06 GMT
References: <2229.517.uupcb@grapevine.lrk.ar.us>
Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
Lines: 28
X-Newsreader: Tin 1.1 PL5

Jim Wenzel (jim.w...@grapevine.lrk.ar.us) wrote:
: 
:     According to  the detective involved in  the case, they have  had no
:     luck  (naturally) breaking  the PGP  code. They  are going after the
:     'contempt of  court' angle in order  to force the defendent  to give
:     them the password.
  So if you want to lock someone up all you have to do is put an encrypted
file on one of their discs and demand the password. 
  Either --
 a) The file is not his, it's possible he can guess the password, just
not very likely.
 b) If it is his file, forcing the defendant to give the password is
requiring him to, possibly, incriminate himself.
 c) It is his file, the defendant gives a password ( which may be a fake ),
the police substitute the original with an other encrypted with that key.  
 d) The defendant has obeyed the putative key registration laws.  The police
use the registered key to create a file, which they then give in evidence.

  The case you are talking about is one where you have shown that the 
investigating officers have already decided that the defendant is guilty. 
The lack of any other evidence than some encrypted data on a computer disc
indicates, to me, that they are more interested in harassing him than the
possibility that they may have the wrong man.


		~~~~~/\~~~~~
Iain McCord	~~~~/()\~~~~	Thu Dec 10 13:01:04 WET 1992
		~~~~~~~~~~~~

Xref: sparky sci.crypt:5631 alt.society.civil-liberty:6881
Path: sparky!uunet!zaphod.mps.ohio-state.edu!moe.ksu.ksu.edu!engr.uark.edu!
mbox.ualr.edu!grapevine!jim.wenzel
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <2338.517.uupcb@grapevine.lrk.ar.us>
From: jim.w...@grapevine.lrk.ar.us (Jim Wenzel) 
Date: 12 Dec 92 21:37:00 GMT
Reply-To: jim.w...@grapevine.lrk.ar.us (Jim Wenzel) 
Distribution: world
Organization: The GrapeVine BBS *** N. Little Rock, AR *** (501) 753-8121
Lines: 40



Iain Mccord *   The  case you  are talking  about is  one where you have
              shown that the investigating officers have already decided
              that  the  defendant  is  guilty.  The  lack  of any other
              evidence  than  some  encrypted  data  on  a computer disc
              indicates,  to  me,  that  they  are  more  interested  in
              harassing him than the possibility  that they may have the
              wrong man.
                                 = = =


    Actually  I  know  very  little  about  the  case  and  only  posted
    originally  as I  thought it  would be  of interest  to this  group.
    Primarily  because   it  presented  some   interesting  'real  life'
    questions.

    These things  I do know (or  have learned from others  who know.)

    The 'suspect' is a repeat offender.
    It is common for pedophiles to keep diaries.

    I  need to  make this  plain, I  do not  agree with  the limits that
    law-enforcement is  able to operate  within. I do  know that if/when
    you encrypt a file with PGP it has *your* signature on it. I do know
    that law-enforcement has extraordinary means at times to bypass some
    of  our basic  freedoms. I  am not  condoning these  methods, merely
    passing them on for comment.

    I am as  interested as anyone on the  conversation that ensues based
    on these actions but, I must make this plain:

    I DO NOT  CONDONE THE CASE NOR AM I  AN ACTIVIST FOR LAW ENFORCEMENT
    OFFICIALS. Merely  a concerned citizen  and sysop who  believes very
    strongly in our  (US) bill of rights and the  travesty that has been
    placed upon it under the "War on Drugs" regime.

---
 * SM 1.06 A0059 * "Hex Dump" - Where Witches put used Curses?

			   USENET Archives


The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or 
research.


Electronic mail:			      WorldWideWeb:
   tech-insider@outlook.com		         http://tech-insider.org/