Path: sparky!uunet!ogicse!emory!swrinde!cs.utexas.edu!milano!
cactus.org!ritter
From: rit...@cactus.org (Terry Ritter)
Newsgroups: sci.crypt
Subject: Limits on the Use of Cryptography?
Message-ID: <1992Nov11.061210.9933@cactus.org>
Date: 11 Nov 92 06:12:10 GMT
Article-I.D.: cactus.1992Nov11.061210.9933
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
Lines: 31
Although the discussion of key registration has been interesting,
it does seem a bit like shooting fish in a barrel. Discussing the
proposition on a computer network invokes an inherent bias in most
readers. So, suppose we give the issue a different environment:
The police bust an alleged child molester, and take possession
of his PC. They believe that the hard drive contains a full
database of young kids who have been *or may be* assaulted.
That database is enciphered.
Now, your mission, should you decide to accept it, is to defend
cryptography to ordinary voters, congress people and newspaper
reporters. You also need to explain to a relative of one of those
kids, someone who doesn't own or work with a computer, why the
government should "allow" private cryptography which could hide
this sort of information.
You *could* say that cryptography does not molest children, that
only molesters molest children. Or you could say that if ciphers
are outlawed, only outlaws will have ciphers, and that criminals
would not register keys anyway. But the district attorney might
point out that, if the law required key registration (or even just
the delivery of keys *after* a formal court hearing), the molester
could at least be convicted on *that* charge, and would not be
molesting anybody for a while.
So what do *you* say?
---
Terry Ritter rit...@cactus.org
Xref: sparky sci.crypt:4595 alt.society.civil-liberty:6524
Path: sparky!uunet!sun-barr!sh.wide!wnoc-tyo-news!nec-tyo!nec-gw!
sgiblab!zaphod.mps.ohio-state.edu!pacific.mps.ohio-state.edu!
linac!att!bu.edu!transfer.stratus.com!ellisun.sw.stratus.com!cme
From: c...@ellisun.sw.stratus.com (Carl Ellison)
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <1dre8mINNhfk@transfer.stratus.com>
Date: 11 Nov 92 17:01:10 GMT
References: <1992Nov11.061210.9933@cactus.org>
Organization: Stratus Computer, Software Engineering
Lines: 84
NNTP-Posting-Host: ellisun.sw.stratus.com
In article <1992Nov11....@cactus.org> rit...@cactus.org (Terry Ritter) writes:
>
> The police bust an alleged child molester, and take possession
> of his PC. They believe that the hard drive contains a full
> database of young kids who have been *or may be* assaulted.
> That database is enciphered.
>
> Now, your mission, should you decide to accept it, is to defend
> cryptography to ordinary voters, congress people and newspaper
> reporters.
[ . . . ]
>
> So what do *you* say?
>
Terry asks the key question.
I have a liberal friend in the People's Republic of Cambridge (MA :-) who
has only a Mac-user's acquanitance with computers to whom I was trying to
explain this issue. Her reaction was "what are you trying to hide with
cryptography anyway? ...that's just a silly game emotional infants play."
[She had known an emotional infant who was heavily into inventing the
perfect cryptosystem -- perhaps like people we see on sci.crypt
occasionally.]
So -- I had to explain to her about the dangers of hacking -- starting with
funds transfers. We go from there to industrial espionage. Consider, for
example, my e-mail working relationships with co-workers in Stratus.
Stratus is a multi-national company. We have engineering organizations in
various cities. We cooperate in new system design via e-mail (and
telephone and video conferencing). We log in from home. (Stratus provides
terminals, modems and phone lines to most employees.) There is a hell of a
lot of sensitive information going through public carriers where it can be
tapped.
This is not like the postal system. Back when I worked in a classified
facility, I was told to send SECRET documents by the US Mail, inside a
plain mailing envelope with an inner envelope giving the security
classification. That was in the days of the gov't post office and they
trusted it. (I just assume they still do.)
Electronic communication is not that closed a system. The evidence for
breaking into it is ephemeral at best. At least if a postal worker snagged
a letter, there was physical evidence and he would be in BIG trouble.
With electronic communication, there's little evidence -- good deniability,
to use a hopefully archaic term. So, we have to have both authentication
and privacy in electronic communications.
***** SO -- with this much explanation, I got her to think a little more
about encryption. She now recognizes it as necessary. However, even with
her bias against abuses by recent Republican administrations, I doubt
she would agree that cryptography needs to be available, unregulated to
the average citizen.
I share the notion that a citizen's privacy should be a fundamental right
and that the government is the enemy -- but this is no place for that
political argument.
This is the place for concrete examples which will convince even the person
who doesn't share my belief and who *never will share that belief*.
Let's answer Terry's question with more examples.
Once we have a good enough groundwork of solid examples, then maybe we can
address (in some other group) how to calm down the father of a 9-year-old
girl who has been raped by this mad porno-user who owns a diskette the
police can't read.
(It could as easily be a locked safe no one in the country could open.
Defiance of the police when the people are against you is a defiance of
each of those individuals -- and there's nothing more infuriating to many
people than "(nyah, nyah) I've got a secret and I'll never tell you.". A
person (voter) infuriated like that needs to be calmed down and turned back
into a rational being before he votes.)
--
-- <<Disclaimer: All opinions expressed are my own, of course.>>
-- Carl Ellison c...@sw.stratus.com
-- Stratus Computer Inc. M3-2-BKW TEL: (508)460-2783
-- 55 Fairbanks Boulevard ; Marlborough MA 01752-1298 FAX: (508)624-7488
Newsgroups: sci.crypt
Path: sparky!uunet!cis.ohio-state.edu!pacific.mps.ohio-state.edu!
linac!uchinews!gargoyle.uchicago.edu!hugh
From: hu...@gargoyle.uchicago.edu (Hugh Miller)
Subject: Re: Demons and Ogres
Message-ID: <hugh.721982357@gargoyle.uchicago.edu>
Sender: ne...@uchinews.uchicago.edu (News System)
Organization: University of Chicago Computing Organizations
References: <921114182202.126812@DOCKMASTER.NCSC.MIL>
<1992Nov14.204512.17407@csi.uottawa.ca>
Date: Tue, 17 Nov 1992 06:39:17 GMT
Lines: 131
Chris Browne's wonderful post is the very voice of reason, although
it's a gone a little short of replies due, I suppose, to the clang of
various metallic balloons. (Phil Zimmermann's post of Nov. 17, I note
happily, makes many of the same points.)
He is, of course, exactly right. It does those of us who support
freely accessible practically secure cryptography no good at all to get
tied up in endless wrangles amongst ourselves as to, in effect, who is
the true keeper of the privacy (etc.) flame. Phil Zimmermann's joke
about the leftist firing squad is apropos. (When I was in graduate
school at Toronto a friend of a friend in the St. George Graduate
Residence used to play a game he called `Anarchist Snooker.' It was set
up like regular snooker, only the balls had meanings: the yellow ball
stood for `The Press,' the green for `Capital,' the brown for `Fascism,'
the blue for `The Military-Industrial Complex,' the pink for
`Socialism,' the black for `Anarchism,' the white (cue) ball for `The
Will of the People,' and the 15 reds, each differently labelled with a
grease pen, stood for the various communist factions. After each shot
you had to stop and expound the politics of the layout of the table. The
game pointed up the endless, senseless wrangling among the factions of
the left, and what was especially cute was that, as in regular snooker,
once all the red balls were in the pockets and gone, the other balls
(`The Press,' `Capital,' `Fascism,' `The Military-Industrial Complex,')
remained on the table and still in play.)
Dr. Denning speaks from the perspective of one who deals with the
sorts of people to whom Chris Browne refers -- the sort of people who
would be likely to find even the `Modest Proposal' she floats in her
initial (`lead') and revised (`copper') key-registration schemes too
anarchistic and subversive for their tastes. A genuine defense of
freely accessible practically secure cryptography must attempt to
address some of their concerns, even if we cannot hope to win over the
more pathologically control-minded. In the battle for the hearts and
minds of the general public and the legislators we have to provide
arguments which will be, as Browne says, "convincing to someone who has
no problem with `strong government' as well as to someone who believes
the government should either be small or nonexistent." And, as Phil Z.
notes, one has got to take into account the misuse of crypto, and
provide convincing, not just abstract or logically valid, arguments for
its use despite that potential for misuse.
To start the ball rolling, a few initial efforts:
I. Freely accessible practically secure cryptography (FAPSC) is an
area in which the interests of private corporations and the
interests (some would say rights) of private individuals to be
secure in their persons and papers converge. (They, ahem, don't
always.) As one of the recent contributors to the discussion on
sci.crypt noted (I can't remember who, sorry!), it was supremely
ironic that in the same Congressional testimony in which he
lamented the explosive growth in recent years of industrial
espionage, FBI Director William Sessions went on record as
opposing FAPSC. Making FAPSC illegal for the general populace
will severely impact the security of internal corporate
communications. (Individual corporations are, I think, unlikely
to win exemptions to such legislation unless they do contract
work with the government, and then only on those specific
contracts.) Such a general ukase on FAPSC would thus hurt
American business in a competitive world market. This kind of
argument is already being made by many corporations, and loudly.
II. From my educated layman's view of the intelligence-gathering
process, two critical problems faced by analysts are (1)
identifying the needles of valuable information in the haystack
of more-or-less irrelevant data, and (2) correctly interpreting
that information for the end-user. The presence of FAPSC would
not affect the second problem at all, as it is internal to the
relationship of the intelligence-gatherer and the end-user. It
_would_ affect the first problem, in certain ways. It would of
course reduce the size of the haystack, since most of the bits
flowing into the intercept horns and linetaps would be
encrypted. Some informational `needles' would doubtless be
obscured as well, and it is this prospect which exercises those
who oppose FAPSC. But consider that the kind of
information-gathering facility which would be most impacted by
FAPSC is the one about which almost everybody in this debate has
the most misgivings: brute-force keyword searches on very-broad-
band comm trunks. Here the analogy with paper mail is most apt
and should be played up for all it's worth: no one (or almost no
one) would agree that the government ought to be in the business
of steaming open and reading every letter passing through the
U.S. Postal Service in the hopes of catching someone plotting to
sell drugs or distribute kiddie porn, reprehensible as we find
such activities to be. (Wartime mail censorhip is, of course,
the sole exception to this rule; but we haven't been formally at
war in a _very_ long time, and we have shown no inclination to
accept it or other related wartime expediencies even at the
height of the Korean, Vietnam, Drug, and Persian Gulf wars.) If
by some other means (e.g. HUMINT) an intelligence-gathering
agency discovers several parties communicating for possibly
illegal purposes, it may obtain a court order by due process and
proceed to eavesdrop. That the data stream that it intercepts
will be encrypted may not turn out to be a big problem, for
reasons given below. So, taken all in all, when one counts the
(small) possible losses in information from ubiquitous FAPSC
against the enormous benefits to business and private citizens
from having it in place, it is clear that the balance of utility
is on the side of the latter option. (Most folks love
cost-benefit analyses.)
III. I propose that -- and this is, admiitedly, a stretch --
ubiquitous FAPSC would tend to _improve_ the quality of
intelligence gathered from telecomm. Suppose, for the sake of
argument, that Agency N gets information that individuals A and
B are involved in what appears to be a conspiracy to, say, sell
illicitly acquired industrial secrets to company C. Further
assume that A and B are not professionals, i.e., trained spies;
assume rather that they use common carriers for their
communications and a trusted FAPSC package such as RIPEM or PGP.
Such persons are likely, given the current understanding of
FAPSC in the general populace, to be rather too credulous and
trusting of their security system. This makes them easy
pickings for Agency N. A quick trip in a Tempest van or a
black-bag job to obtain the secret keys of one or both parties,
and a wiretap, and Agency N can listen to their correspondence
until at least the next keychange, and maybe beyond. It can
even spoof one or both parties and insert disinformation into
the communications stream between A and B, and have that
information acted on in complete trust of its authenticity.
This is the key point: a shallow understanding of current crypto
security (especially asymmetric cryptosystem) would lead the
likes of A and B to be more easily monitored and duped. Shallow
understanding is about all that most nonprofessionals would ever
exhibit. As for the professionals, of course, special means
will, and have always been, required to catch them; and the
presence of ubiquitous FAPSC will not make that task any more
onerous than it already is.
More needs to be done. Add to the list, or tear these apart.
Hugh Miller | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 | FAX: 312-508-2292 | hmi...@lucpul.it.luc.edu
Newsgroups: sci.crypt
Path: sparky!uunet!zaphod.mps.ohio-state.edu!cs.utexas.edu!milano!
cactus.org!ritter
From: rit...@cactus.org (Terry Ritter)
Subject: Re: Demons and Ogres
Message-ID: <1992Nov17.103439.19143@cactus.org>
Organization: Capital Area Central Texas UNIX Society, Austin, Tx
References: <921114182202.126812@DOCKMASTER.NCSC.MIL>
<hugh.721982357@gargoyle.uchicago.edu>
Date: Tue, 17 Nov 1992 10:34:39 GMT
Lines: 57
In <hugh.72...@gargoyle.uchicago.edu>
hu...@gargoyle.uchicago.edu (Hugh Miller) writes:
> I. Freely accessible practically secure cryptography (FAPSC) is an
> area in which the interests of private corporations and the
> interests (some would say rights) of private individuals to be
> secure in their persons and papers converge.
I believe this is clearly false. What corporations (e.g., banks)
have typically screamed about is the right to continue to use DES.
A few months ago, corporations were screaming about possibly being
required to provide remote monitoring access to their private
telephone switches. None that I know of is fighting, say, for
the right of their employees to use cryptography for personal
communications or data storage.
> Making FAPSC illegal for the general populace
> will severely impact the security of internal corporate
> communications. (Individual corporations are, I think, unlikely
> to win exemptions to such legislation unless they do contract
> work with the government, and then only on those specific
> contracts.)
I see no reason to think that corporations would not be granted
easy-to-get licenses if they use particular types of equipment.
In fact, a March 1987 article in Data Communications magazine
described NSA's Commercial Comsec Endorsement Program (CEEP) and
Project Overtake encryption equipment in two classes: Types I
and II. Type I would be available only to government agencies and
contractors, but a Type II "module" would be a replacement for DES
equipment, and would be built into a computer or communications
device and sold by a vendor.
This program was not a success (they "ran it up the flagpole" and
nobody saluted), but, clearly, NSA *is* prepared to support the
concept of data encryption for business. Not unexpectedly, there
was no proposal to provide low-cost consumer encryption, a topic
which has been at the heart of the argument here for the past week.
>Such a general ukase on FAPSC would thus hurt
> American business in a competitive world market. This kind of
> argument is already being made by many corporations, and loudly.
Business use and personal use are two different things. I think
it quite likely that the government would like to license the
first, and minimize the second. Consequently, arguments based on
American business competitiveness may be totally irrelevant to the
continued use of strong cryptography by individuals.
---
Terry Ritter rit...@cactus.org
Newsgroups: sci.crypt
Path: sparky!uunet!destroyer!ncar!uchinews!gargoyle.uchicago.edu!hugh
From: hu...@gargoyle.uchicago.edu (Hugh Miller)
Subject: Re: Demons and Ogres
Message-ID: <hugh.722121298@gargoyle.uchicago.edu>
Sender: ne...@uchinews.uchicago.edu (News System)
Organization: University of Chicago Computing Organizations
References: <921114182202.126812@DOCKMASTER.NCSC.MIL>
<hugh.721982357@gargoyle.uchicago.edu> <1992Nov17.103439.19143@cactus.org>
Date: Wed, 18 Nov 1992 21:14:58 GMT
Lines: 84
Terry Ritter writes:
>What corporations (e.g., banks) have typically screamed about is the
>right to continue to use DES. A few months ago, corporations were
>screaming about possibly being required to provide remote monitoring
>access to their private telephone switches. None that I know of is
>fighting, say, for the right of their employees to use cryptography for
>personal communications or data storage.
But there _have_ been calls for the continued legality of public-key
cryptosystems, since businesses recognize the key-management advantages
such systems provide over single-key ones like DES. Most corporations
seem happy with the security DES affords, but would like to dispense
with single-key management problems. It is trivially true that
corporations have no interest in supporting such crypto for the personal
communications of their employees, since they don't want to pay
employees for personal affairs, only for business ones; and it is
equally trivially true that they would not be concerned with using
crypto for internal data storage, since other systems already in place
(physical security, access control, tape lockups, etc.) have been paid
for and can be expected to do their jobs reasonably well.
> I see no reason to think that corporations would not be granted
> easy-to-get licenses if they use particular types of equipment.
>
> In fact, a March 1987 article in Data Communications magazine
> described NSA's Commercial Comsec Endorsement Program (CEEP) and
> Project Overtake encryption equipment in two classes: Types I
> and II. Type I would be available only to government agencies and
> contractors, but a Type II "module" would be a replacement for DES
> equipment, and would be built into a computer or communications
> device and sold by a vendor.
>
> This program was not a success (they "ran it up the flagpole" and
> nobody saluted), but, clearly, NSA *is* prepared to support the
> concept of data encryption for business. Not unexpectedly, there
> was no proposal to provide low-cost consumer encryption, a topic
> which has been at the heart of the argument here for the past week.
As I pointed out in my original post, the government would likely
support practically secure crypto for communications between its
contractors and itself. (There's your `Type I' equipment.) For
everybody else who wants it, NSA will be happy to ship you a board with
some proprietary blackbox chips on it for use in your PC, plus a 16-page
manual containing instructions and a mantra, "Trust us." (There's your
Type II.) This is not `practically secure' crypto, since it violates
Kerckhoff's Assumption. Corporations, who pay good money to hire good
security people who know about such things, did not `salute,' as you put
it. On the basis of clumsy proposals like this I think it can be
reasonably concluded that NSA supports "data encryption" if you are
Martin Marietta communicating with Pentagon boffins about weapons
systems; otherwise, it supports "data encryption" which we can be
reasonably sure cannot be read by anybody but your intended recipient
and the NSA.
_Of course_ NSA will not support freely available practically secure
crypto for the masses. In its view, such a thing would only make its
own task, and that of domestic LE, harder. But the burden of my
argument (and that of others in this thread) is that we must try to come
up with arguments, convincing to the public and legislators, why FAPSC
should be allowed anyway.
> Business use and personal use are two different things. I think
> it quite likely that the government would like to license the
> first, and minimize the second.
I disagree (about business use). A great deal of intelligence is (I
understand) gotten from intercepts of business communications. Why
should intelligence agencies want to see that stream dry up? (That's
the whole reason, as I see it, for the `Type II' Overtake equipment.)
> Consequently, arguments based on American business competitiveness may
> be totally irrelevant to the continued use of strong cryptography by
> individuals.
I still think that we have to try to construct _rhetorically_
convincing arguments which, for example, piggyback FAPSC for the general
public on the need for its use by business. Politics makes strange
bedfellows, and if keeping FAPSC legal for the use of business allows us
to keep it legal for use by the masses, let's not kick our allies in
business out of the sack.
-=- Hugh
Hugh Miller | Dept. of Philosophy | Loyola University of Chicago
Voice: 312-508-2727 | FAX: 312-508-2292 | hmi...@lucpul.it.luc.edu
Xref: sparky sci.crypt:5443 alt.society.civil-liberty:6811
Newsgroups: sci.crypt,alt.society.civil-liberty
Path: sparky!uunet!grebyn!daily!sgs
From: s...@grebyn.com (Stephen G. Smith)
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <1992Dec4.181819.26504@grebyn.com>
Organization: Agincourt Computing
References: <1992Nov11.061210.9933@cactus.org>
<1dre8mINNhfk@transfer.stratus.com>
Date: Fri, 4 Dec 1992 18:18:19 GMT
Lines: 56
In article <1dre8m...@transfer.stratus.com>
c...@ellisun.sw.stratus.com (Carl Ellison) writes:
>I share the notion that a citizen's privacy should be a fundamental right
>and that the government is the enemy -- but this is no place for that
>political argument.
>This is the place for concrete examples which will convince even the person
>who doesn't share my belief and who *never will share that belief*.
>-- Carl Ellison c...@sw.stratus.com
This is the point. Upper middle class Whites are raised to believe that
Mr. Policeman Is Your Friend. Upper middle class Whites also make the
laws. Anyone who is working class or non-White can supply many
counterexamples.
Anyone worried about Government abuse should look at the history of the
Watergate scandal, and see just exactly what President Nixon, Attorney
General Mitchell, and Special Counsel Coulsen *really did*. Breakins.
"Enemy lists". Contempt citations. Bribes. Wiretaps. "Dirty
tricks". In the future, we will undoubtedly have leaders who are just
as bad or worse. (No, this is not a comment on any current politicians
:-).
Note that the "child molester" scenario is a non-argument. The gov't
can always get a subpoena for the key. The thing we are worried
about is letting the gov't have access to *all* encrypted data at any
time without notifying the owner of the data. This is equivalent to
legalized burglary.
Anyway, the best arguement that I can come up with on short notice
is based on the security of the data.
Security in the legal system stinks. So they put in this big vault with
all the keys in it, and who has to fetch them out? A minimum wage
clerk.
Note that when a key is fetched by the gov't, it compromises *all* data
encrypted with that key. A person or business under investigation can
only assume that *all* of their encrypted data has been compromised.
The only solution is to go to "more primitive" ways of protecting data.
To summarize:
1. The only reason for requiring key registration is to allow the gov't
*undetected* access to encrypted materials.
2. When the gov't accesses the information, all information encrypted
with the registered keys is compromised.
3. The only safe assumption is that all information encrypted with a
registered key has been compromised.
--
Steve Smith Agincourt Computing
s...@grebyn.com (301) 681 7395
"Truth is stranger than fiction because fiction has to make sense."
Xref: sparky sci.crypt:5522 alt.society.civil-liberty:6840
Path: sparky!uunet!haven.umd.edu!ames!agate!spool.mu.edu!darwin.sura.net!
wupost!crcnis1.unl.edu!moe.ksu.ksu.edu!engr.uark.edu!mbox.ualr.edu!
grapevine!jim.wenzel
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <2229.517.uupcb@grapevine.lrk.ar.us>
From: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Date: 8 Dec 92 21:55:00 GMT
Reply-To: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Distribution: world
Organization: The GrapeVine BBS *** N. Little Rock, AR *** (501) 753-8121
Lines: 33
Stephen G. * Note that the "child molester" scenario is a non-argument.
The gov't can always get a subpoena for the key. The thing
we are worried about is letting the gov't have access to
*all* encrypted data at any
= = =
I just got off the phone with the 'non-argument' "child molestor"
scenario.
According to the detective involved in the case, they have had no
luck (naturally) breaking the PGP code. They are going after the
'contempt of court' angle in order to force the defendent to give
them the password.
Other interesting note. He spoke with the FBI about the matter and
they indicated that they have also run into PGP. Once case involving
espionage.
Now, I do not know for a fact that this note is true. However, I
have reasonable assurances that the child molestor case is indeed
true and have no reason to doubt the second.
I still post the question:
Since laws will probably be drafted concerning the use of cryptology
how would you want such a law to read if you had the opportunity to
shape it.
---
* SM 1.06 A0059 * BOING! Nice chair. Good tea.
Xref: sparky sci.crypt:5553 alt.society.civil-liberty:6852
Path: sparky!uunet!zaphod.mps.ohio-state.edu!saimiri.primate.wisc.edu!ames!
agate!doc.ic.ac.uk!uknet!strath-cs!imcc
From: im...@cs.strath.ac.uk (Iain McCord)
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <11283@baird.cs.strath.ac.uk>
Date: 10 Dec 92 13:01:06 GMT
References: <2229.517.uupcb@grapevine.lrk.ar.us>
Organization: Comp. Sci. Dept., Strathclyde Univ., Scotland.
Lines: 28
X-Newsreader: Tin 1.1 PL5
Jim Wenzel (jim.w...@grapevine.lrk.ar.us) wrote:
:
: According to the detective involved in the case, they have had no
: luck (naturally) breaking the PGP code. They are going after the
: 'contempt of court' angle in order to force the defendent to give
: them the password.
So if you want to lock someone up all you have to do is put an encrypted
file on one of their discs and demand the password.
Either --
a) The file is not his, it's possible he can guess the password, just
not very likely.
b) If it is his file, forcing the defendant to give the password is
requiring him to, possibly, incriminate himself.
c) It is his file, the defendant gives a password ( which may be a fake ),
the police substitute the original with an other encrypted with that key.
d) The defendant has obeyed the putative key registration laws. The police
use the registered key to create a file, which they then give in evidence.
The case you are talking about is one where you have shown that the
investigating officers have already decided that the defendant is guilty.
The lack of any other evidence than some encrypted data on a computer disc
indicates, to me, that they are more interested in harassing him than the
possibility that they may have the wrong man.
~~~~~/\~~~~~
Iain McCord ~~~~/()\~~~~ Thu Dec 10 13:01:04 WET 1992
~~~~~~~~~~~~
Xref: sparky sci.crypt:5631 alt.society.civil-liberty:6881
Path: sparky!uunet!zaphod.mps.ohio-state.edu!moe.ksu.ksu.edu!engr.uark.edu!
mbox.ualr.edu!grapevine!jim.wenzel
Newsgroups: sci.crypt,alt.society.civil-liberty
Subject: Re: Limits on the Use of Cryptography?
Message-ID: <2338.517.uupcb@grapevine.lrk.ar.us>
From: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Date: 12 Dec 92 21:37:00 GMT
Reply-To: jim.w...@grapevine.lrk.ar.us (Jim Wenzel)
Distribution: world
Organization: The GrapeVine BBS *** N. Little Rock, AR *** (501) 753-8121
Lines: 40
Iain Mccord * The case you are talking about is one where you have
shown that the investigating officers have already decided
that the defendant is guilty. The lack of any other
evidence than some encrypted data on a computer disc
indicates, to me, that they are more interested in
harassing him than the possibility that they may have the
wrong man.
= = =
Actually I know very little about the case and only posted
originally as I thought it would be of interest to this group.
Primarily because it presented some interesting 'real life'
questions.
These things I do know (or have learned from others who know.)
The 'suspect' is a repeat offender.
It is common for pedophiles to keep diaries.
I need to make this plain, I do not agree with the limits that
law-enforcement is able to operate within. I do know that if/when
you encrypt a file with PGP it has *your* signature on it. I do know
that law-enforcement has extraordinary means at times to bypass some
of our basic freedoms. I am not condoning these methods, merely
passing them on for comment.
I am as interested as anyone on the conversation that ensues based
on these actions but, I must make this plain:
I DO NOT CONDONE THE CASE NOR AM I AN ACTIVIST FOR LAW ENFORCEMENT
OFFICIALS. Merely a concerned citizen and sysop who believes very
strongly in our (US) bill of rights and the travesty that has been
placed upon it under the "War on Drugs" regime.
---
* SM 1.06 A0059 * "Hex Dump" - Where Witches put used Curses?