Cyphernomicon Top
Cyphernomicon 10.4

Legal Issues:
Can Crypto be Banned?


   10.4.1. "Why won't government simply _ban such encryption methods?"
           + This has always been the Number One Issue!
             - raised by Stiegler, Drexler, Salin, and several others
                (and in fact raised by some as an objection to my even
                discussing these issues, namely, that action may then be
                taken to head off the world I describe)
           + Types of Bans on Encryption and Secrecy
             - Ban on Private Use of Encryption
             - Ban on Store-and-Forward Nodes
             - Ban on Tokens and ZKIPS Authentication
             - Requirement for public disclosure of all transactions
             + Recent news (3-6-92, same day as Michaelangelo and
                Lawnmower Man) that government is proposing a surcharge
                on telcos and long distance services to pay for new
                equipment needed to tap phones!
               - S.266 and related bills
               - this was argued in terms of stopping drug dealers and
                  other criminals
               - but how does the government intend to deal with the
                  various forms fo end-user encryption or "confusion"
                  (the confusion that will come from compression,
                  packetizing, simple file encryption, etc.)
           + Types of Arguments Against Such Bans
             - The "Constitutional Rights" Arguments
             + The "It's Too Late" Arguments
               - PCs are already widely scattered, running dozens of
                  compression and encryption programs...it is far too
                  late to insist on "in the clear" broadcasts, whatever
                  those may be (is program code distinguishable from
                  encrypted messages? No.)
               - encrypted faxes, modem scramblers (albeit with some
                  restrictions)
               - wireless LANs, packets, radio, IR, compressed text and
                  images, etc....all will defeat any efforts short of
                  police state intervention (which may still happen)
             + The "Feud Within the NSA" Arguments
               - COMSEC vs. PROD
             + Will affect the privacy rights of corporations
               - and there is much evidence that corporations are in
                  fact being spied upon, by foreign governments, by the
                  NSA, etc.
           + They Will Try to Ban Such Encryption Techniques
             + Stings (perhaps using viruses and logic bombs)
               - or "barium," to trace the code
             + Legal liability for companies that allow employees to use
                such methods
               - perhaps even in their own time, via the assumption that
                  employees who use illegal software methods in their own
                  time are perhaps couriers or agents for their
                  corporations (a tenuous point)
   10.4.2. The long-range impossibility of banning crypto
           - stego
           - direct broadcast to overhead satellites
           - samizdat
           - compression, algorithms, ....all made plaintext hard to
              find
   10.4.3. Banning crypto is comparable to
           + banning ski masks because criminals can hide their identity
             - Note: yes, there are laws about "going masked for the
                purpose of being masked," or somesuch
           + insisting that all speech be in languages understandable by
              eavesdroppers
             - (I don't mean "official languages" for dealing with the
                Feds, or what employers may reasonably insist on)
           - outlawing curtains, or at least requiring that "Clipper
              curtains" be bought (curtains which are transparent at
              wavelengths the governments of the world can use)
           - position escrow, via electronic bracelets like criminals
              wear
           - restrictions on books that possibly help criminals
           - banning body armor (proposed in several communities)
           - banning radar detectors
           - (Note that these bans become more "reasonable" when the
              items like body armor and radar detectos are reached, at
              least to many people. Not to me, of course.)
   10.4.4. So Won't Governments Stop These Systems?
           - Citing national security, protection of private property,
              common decency, etc.
           + Legal Measures
             - Bans on ownership and operation of "anonymous" systems
             + Restrictions on cryptographic algorithms
               - RSA patent may be a start
             + RICO, civil suits, money-laundering laws
               - FINCEN, Financial Crimes Information Center
               - IRS, Justice, NSA, FBI, DIA, CIA
               - attempts to force other countries to comply with U.S.
                  banking laws
   10.4.5. Scenario for a ban on encryption
           - "Paranoia is cryptography's occupational hazard." [Eric
              Hughes, 1994-05-14]
           + There are many scenarios. Here is a graphic one from Sandy
              Sandfort:
             - "Remember the instructions for cooking a live frog.  The
                government does not intend to stop until they have
                effectively eliminated your privacy.
                
                STEP 1:  Clipper becomes the de facto encryption
                standard.
                
                STEP 2:  When Cypherpunks and other "criminals" eschew
                Clipper in favor of trusted strong crypto, the government
                is "forced" to ban non-escrowed encryption systems.
                (Gotta catch those pedophiles, drug dealers and
                terrorists, after all.)
                
                STEP 3:  When Cypherpunks and other criminals use
                superencryption with Clipper or spoof LEAFs, the
                government will regretably be forced to engage in random
                message monitoring to detect these illegal techniques.
                
                Each of these steps will be taken because we wouldn't
                passively accept such things as unrestricted wiretaps and
                reasonable precautions like
                digital telephony.  It will portrayed as our fault.
                Count on it." [Sandy Sandfort, 6-14-94]
                
   10.4.6. Can the flow of bits be stopped? Is the genie really out of
            the bottle?
           - Note that Carl Ellison has long argued that the genie was
              never _in_  the bottle, at least not in the U.S. in non-
              wartime situations (use of cryptography, especially in
              communications, in wartime obviously raises eyebrows)
 

Next Page: 10.5 Legal Issues with PGP
Previous Page: 10.3 Basic Legality of Encryption

By Tim May, see README

HTML by Jonathan Rochkind