die@frog.UUCP (Dave Emery, Software) (09/06/86)
First reaction Perhaps the strongest impression on seeing the text of the privacy act is how incredibly draconian the penalties are considering the ease with which radio communications can be intercepted and the fact that such interception isn't currently a crime. The crimes The act provides that intentionally intercepting the contents of a radio or electromagnetic communication "not readily available to the general public" is legally the same crime as wiretapping or bugging and carries the same penalties with certain few exceptions. The bill provides a year in jail and/or a $10,000 fine for merely intentionally listening to ("acquiring the contents of") a radio communication on certain frequencies (those used by radio and TV remote pickup and studio transmitter links), sent over facilities provided by a common carrier (such as a communications satellite) or on a subcarrier or other subsidiary signal (such as Teletext, vertical blanking interval signals + SCA). This 'reduced' penalty only applies if the interception is not for commercial purposes or private gain or in violation of any contract and is the first offense. The full penalty of five years in jail and a $250,000 fine applies if the interception is for commercial purposes or private gain or is a second or subsequent offense. And perhaps the most incredible of all - five years in jail and a $250,000 fine for intercepting and acquiring the contents of (ie descrambling) any radio communication that is "scrambled or encrypted" (such as pay tv stations or scrambled satellite TV). This applies even if this is a first offense, and is not for private gain or commercial purposes. There is no requirement that the scrambling or encryption be secure or difficult to break, absolutely any kind qualifies. And in a very nasty section, not only is it a crime for which one can get thrown in the pokey for a year to intercept a common-carrier signal or other private signals but it is a crime to intercept any signal whose "essential modulation parameters have been witheld from the general public" in order to protect privacy. This means that if one finds an odd signal and demodulates it, one may have committed a serious crime even if one had no knowlage that the signal was modulated that way for the purpose of preserving privacy and knew (from the frequency or other information) that it was not a common carrier signal or other otherwise private signal. Further the bill provides for civil damages for anyone whose radio communication, "not readily accessible to the general public", is intercepted or used. This provision allows for a suite to recover all profits or gains from the use of the communication, court costs, and punitive damages of the greater of $10,000 or $100 a day for every day the radio communication was intercepted. Though I am not a lawyer (just a humble engineer) it appears to me to be possible to mount such a law suite even if there was no criminal prosecution for the violation. (That is to say if the local pay TV or cable company (this applies to wire communications too) decides to take you to court for descrambling their pay signals they can do so and collect $10,000 damages even if the local US attorney doesn't want to prosecute you on the felony interception charges.) The exceptions There are bizzare exceptions made for cellular telephone calls (6 months and $500) and non-scrambled or encrypted private satellite video (only $500 !!), and complete exemptions for cordless telephones and tone only pagers (???!!!). The things that are legal Certain things are explicitly legal to receive including anything on ham, CB, and general mobile radio service frequencies, a distress signal from an aircraft, vessel or person (not car or truck), transmissions from a marine or aeronautical communication system, and police, fire, civil defense, government, and law enforcement transmissions that are readily accessible to the general public. Naturally one can legally receive any transmission specifically intended for the general public such as radio and TV broadcasts (but not any subcarriers or subsidiary services riding on broadcast signals unless they are also specifically intended for the use of the general public). And one can legally receive unscrambled and unencrypted satellite transmissions of programs intended to be broadcast (network TV feeds and radio feeds). I believe that the underlying law already allows reception of cable tv feeds (Satellite Viewing Rights Act) that are not scrambled or encrypted under certain conditions. An editorial note To me, the radio part of the Electronic Communications Privacy Act seems to have little or nothing to do with privacy of radio communications. It seems to really be a bill designed to protect the economic interests of certain people who transmit pay tv signals, stock market data, cable TV programming and other signals that have recently become targets of widespread piracy. Unfortunately, the way the law is written it makes no difference whether or not there is an intent to steal a service, it is a felony to merely peek to see what is there. If there is an intent to protect privacy, it is not to mandate real security or provide encouragements to carriers to provide it, (the bill carefully avoids making carriers liable for the disclosure of radio communications transmitted over radio systems foolishly designed so they can be easily intercepted (like cellular telephones)) but to make sure that it is in fact a crime to intercept almost any conceivably private communication. The actual purpose of this is more to get providers of communications services off the hook if customers sue them because their communications were intercepted then to provide security as it is normally a valid defense against charges of negligence to demonstrate that the act in question is a serious crime. The saddest part is that the bill does nothing to encourage the use of the only technology that can provide real radio security - encryption with a secure cipher. It actually stifles that effort by giving complete legal protection to any cipher or other security technique no matter how feeble, and by protecting even many completely open signals with harsh penalties. Post Script The rest of the act is basicly anti-hacker. I am on the side of the angels on most of the rest of the bill's provisions, as I do think that there is a fundemental difference between listening to a radio communication and breaking into a computer system and accessing private information contained therein (or exceeding ones authorization to use the system). Radio is all around us, and is by its very nature a publicly accessible medium - while wire (fiber and cable) communications and computer systems are legitimately private spaces. Some sleepers in the bill - very technical The most obvious sleeper is the use of the key (and very ambiguous) phrase "readily accessible to the general public". Though the bill defines that concept as it pertains to radio (and thus precludes use of the extremely logical and common sense argument that almost any radio signal is readily accessible to the general public), the phrase is made for judges to add interpretations to. Almost any signal which is on a secret frequency, or has not been widely publicized, or seems from its contents like it ought to be secret, or is not publically admitted to by its owning agency, or which requires special equipment to receive could be excluded on the grounds it wasn't readily accessible to the general public. I am sure that the argument will soon be made that any signal on a non-published or secret frequency is not readily accessible to the general public just by virtue of the fact that the frequency information is not made readily available to the general public. Ready Access The bill leaves hanging questions about signals that are only receivable in certain limited places (such as highly directional signals, very low power signals, or signals on frequencies that don't propagate well) Is it illegal to receive them even if one happens to live near the transmitter ? Suppose one builds a large antenna ? What sort of difficulty does one have to go to to exceed the limits of "ready access" ? And what is the "general public" in this context anyway ? Does being a technically knowlageable engineer or other specialist disqualify one from membership in the "general public" the bill refers to ? Banned Frequencies The bill for the first time forbids receiving and "acquiring the contents of" any communication on certain frequencies allocated to broadcast remote pickup and auxiliary services regardless of whether the intercepted signal is in fact a signal used by a broadcast station. This concept of a "banned frequency" might prevent one from receiving ANY radio signal of unknown origen on some frequencies if the bill is strictly interpreted. In many ways that is a much harsher restriction than forbidding the "acquistion of the contents of" a signal transmitted by certain specific groups. This establishes a nasty precedent that might have impact on electronic instrumentation, EMC/Tempest, and rf equipment engineering, test, and repair. It also could be used to convict someone for simply possessing a receiver turned on and tuned to such a channel since it could be argued that receiving any signal that came in (presumably including cosmic noise and the thermal background hiss) was illegal unless one could establish that one was an authorized recipient of some lawful transmission on these channels. And it would make establishing intent easier, since there could be no legal purpose for someone not authorized to receive such signals to possess a receiver for those frequencies. Common Carriers The bill defines as private any signals "transmitted over a communication system provided by a common carrier". This would seem to include situations where the common carrier provides radios, transmitter sites or other facilities to radio communications systems that do not operate on common carrier frequencies. This makes determining whether a particular communication is private and illegal to listen to much more complicated. (An example is the White House Nationwide (Echo Foxtrot) radio system used to provide a very unsecure radio telephone connection to Air Force One - this system is supposed to have been provided by AT&T in whole or in part and uses AT&T sites but uses federal frequencies for the radio links) It is also very unclear what the bill means by "transmitted over". Does this mean transmitted by a transmitter provided by a common carrier ? Or does it mean that if the signal at some point in its path between original sender and ultimate recipiant goes over a communication link provided by a common carrier it is illegal to receive it ? Suppose it is transmitted by a privately provided transmitter in communication with a common carrier system (such as a cellular phone owned by a subscriber and not purchased from a common carrier) ?. How about an otherwise legal-to-receive radio signal that happened to go over telephone lines or other common-carrier provided facilities between the control point and the transmitter (a very common case in mobile radio systems) ? How about signals from a privately owned satellite uplink ? Subcarriers Another bit of legal language that could be sticky is "subcarrier or other signal subsidiary to a radio transmission". At first glance this seems to mean SCA signals on FM radio broadcasts. But depending on how subcarrier is interpreted it could mean virtually any modulation more complex than simple direct AM or FM. Is a FDM-SSB voice channel a subcarrier ? (One could argue no, it is not further modulated - it is merely shifted in frequency - unlike an FM subcarrier which is itself a modulated carrier.) Is a pcm subchannel on a tdm multiplexed signal a subcarrier ? What is meant by "subsidiary to" ? Many digital signals transmitted over analog paths (such as the AFSK used in 2 meter ham packet radio) use modems which modulate an audio frequency carrier. When transmitted over a radio channel, these audio signals become subcarriers. Does the bill mean to preclude reception of any digital transmission except direct FSK, PSK or PAM of a carrier ? (Reception of 2 meter packet is otherwise explicitly allowed so this is not an issue for hams). What about those military multiplex HF RTTY transmissions that some people copy news wires or weather information from ? Are the individual channels subcarriers or separate 85hz shift FSK signals that happen to be transmitted from a common transmitter ? Scrambling Another problem area lies with the definition of "scrambled". To lawmakers this probably means what one sees on a pay cable channel one doesn't subscribe to. But what constitutes scrambling ? What parameters of a signal have to be changed for it to be scrambled ? Is merely inverting the usual video polarity (as some satellite services do) scrambling ? What is enough alteration to put one in jail ? And what constitutes scrambling for other sorts of radio signals ? Does it have to be effective ? or is it merely enough to alter some parameter of the signal with the intent of making harder to receive on some kind of receiver. Suppose your receiver can receive the signal anyway, is it still illegal ? Another problem with the term "scrambling" is that it has a technical meaning different from its common usage meaning. All modern digital radio transmission systems (and almost all modems > 300 bps) permutate the data transmitted with a digital pattern to ensure that the modulated signal contains plenty of 0-1 and 1-0 transitions (for maintaining clock synchronism between transmitter and receiver) and to guarantee that the same data does not always result in the same modulated signal in case some particular pattern in the data produces a worse case analog signal (this ensures that if the transmission is retried, it probably will work the second time). This technique has been called (since its inception) "scrambling". If it is illegal to intercept a radio signal that has been scrambled for this purpose (and the bill does not say "scrambled or encrypted to protect the privacy of" it will be illegal to intercept almost any properly designed digital radio transmission or radio transmission of a modem signal carrying data at greater than 300 bps (except 202 FSK). Note to Phil Karn I don't have my table of FCC frequency allocations handy but isn't 39.17 mhz (the frequency on which the preacher hears God) a broadcast remote pickup frequency ? Perhaps Phil Karn's theory that the fundementalists are the force behind this bill because of the debunking of that phoney TV evangelist on the Johnny Carson show is real !! David I. Emery Charles River Data Systems 617-626-1102 983 Concord St., Framingham, MA 01701. uucp: decvax!frog!die -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die
tedrick@ernie.Berkeley.EDU (Tom Tedrick) (09/07/86)
Sigh. Once again we see an example of an incredibly stupid law being proposed. Is there any chance that this monstrosity will pass? Rather than fine someone for intercepting signals, they should fine the sender for being too stupid to use a secure encryption scheme and reward the "pirate" for revealing the insecurity in the system. If we can't keep our systems secure from our budding hackers, what are we going to do when the Soviets decide to disrupt our communications prior to launching a first strike? I say we owe the hackers our deepest gratitude for revealing our stupidity before it is too late.
gjphw@mhuxo.UUCP (WYANT) (09/09/86)
> Once again we see an example of an incredibly stupid law > being proposed. Is there any chance that this monstrosity will > pass? > While I agree that the proposed law is a change in the way the airwaves have been treated in the U.S. (anyone can try to receive anything, only transmissions are regulated), restrictions on reception are common in many other countries. Despite the difficulty of enforcing restrictions on receptions, many governments have chosen to pursue this route in an attempt to protect themselves or major commercial interests. There is more to restriction on reception proposals than merely seeking to protect commercial interests. If the responsibility for ensuring secure communications were lodged solely with the system operator, it would be quite reasonable for the operators to pursue the use of digital encryption. This is likely to lead to the introduction of some very nice encoding/decoding boxes to the general public. According the the government, the general public includes terrorists, subversives, common criminals (as opposed to uncommon criminals), and hackers (!). The law enforcement and intelligence agencies would not like these unsavory characters to gain ready access to a means of communication that could not easily be tapped. Some of the encryption schemes can not even be broken by the National Security Agency. In an effort to avoid handing any more advantages to criminals (e.g., communications secure from monitoring by law enforcement people), the government has evidently decided to restrict selected public freedoms. We must decide which of the various conflicting rights take precedence in the arena of communications. It is not an easy decision to make. Patrick Wyant AT&T Bell Laboratories Naperville, IL *!ihnp4!{mhuxo,ihwld}!gjphw
knudsen@ihwpt.UUCP (mike knudsen) (09/09/86)
n> There is more to restriction on reception proposals than merely seeking to > protect commercial interests. If the responsibility for ensuring secure > communications were lodged solely with the system operator, it would be quite > reasonable for the operators to pursue the use of digital encryption. This is > likely to lead to the introduction of some very nice encoding/decoding boxes > to the general public. According the the government, the general public > includes terrorists, subversives, common criminals (as opposed to uncommon > criminals), and hackers (!). The law enforcement and intelligence agencies > would not like these unsavory characters to gain ready access to a means of > communication that could not easily be tapped. Some of the encryption schemes > can not even be broken by the National Security Agency. > > In an effort to avoid handing any more advantages to criminals (e.g., > communications secure from monitoring by law enforcement people), the > government has evidently decided to restrict selected public freedoms. We > must decide which of the various conflicting rights take precedence in the > arena of communications. It is not an easy decision to make. > > Patrick Wyant > This makes sense. However, it is contrary to a decision recently made by the Federal govt, incouding the NSA. Federal contracts have been let to three companies to build digitally encrypted telephones for use over the regular switched public phone network. Initially intended for Federal agents and companies with govt contracts, these phone sets are expected to ultimately be sold to any US citizen willing to pay (about $2000) for them. The intent is to stop the Russians from monitoring our phone calls, as alluded to earlier. The NSA has stated that it realizes that the Mafia et al will surely take advantage of these phones to thwart the FBI et al, but that this **is a price we are willing to pay** to stop the hemmorhage of foreign and industrial espionage currently occuring on our telephone system. (On the other hand, there is the case of the college prof who was told by the NSA not to divulge his great new encryption technique, because the NSA didn't know how to break it.) Do you get the idea the Feds' left and right hands don't know what each other is doing?? Why am I surprised?? :-( -- Mike J Knudsen / \ ...ihnp4!ihwpt!knudsen / NO \ Bell Labs / BABY \ (312)-979-4132 (work) (AT & T) /ON BOARD\ \GO AHEAD/ BORED SAILORS IH 6D-319 \ & HIT/ go BOARDSAILING. x4132 \ ME / \ / Bell Labs pays \/ me for my thoughts; my opinions are all mine!
karn@petrus.UUCP (Phil R. Karn) (09/10/86)
I think Mike and Joe miss the point. The idea of the act is to make it easier for OUR spooks (the NSA) to monitor the communications of naive American civilians by giving them a false sense of security. Certainly no one in US government or industry would rely for a minute on the prohibitions of the act, nor would the KGB give a damn about American laws. Phil
die@frog.UUCP (Dave Emery, Software) (09/11/86)
Patrick Wyant writes : > There is more to restriction on reception proposals than merely seeking to >protect commercial interests. If the responsibility for ensuring secure >communications were lodged solely with the system operator, it would be quite >reasonable for the operators to pursue the use of digital encryption. This is >likely to lead to the introduction of some very nice encoding/decoding boxes >to the general public. According the the government, the general public >includes terrorists, subversives, common criminals (as opposed to uncommon >criminals), and hackers (!). The law enforcement and intelligence agencies >would not like these unsavory characters to gain ready access to a means of >communication that could not easily be tapped. Some of the encryption schemes >can not even be broken by the National Security Agency. Criminalizing radio reception in the hopes that providers of communications services will not provide their customers with a truly secure service is only a short term solution that at most buys a few years. The basic technology of end to end secure telephony is here now, and is getting cheaper and cheaper every year. It will not be too many years before the cost is low enough so some enterprising folks will mass market secure telephones. (I have dreamed for years of doing this when I finally find myself and get rich). As for data communications, the technology for effectively encoding digital data has been around for years, and anyone with something to hide would have to be stupid not to use the available tools such as the plethora of RSA/DES encryption programs for the PC family. It seems very likely if the federal government continues to follow it's current anti-privacy policy there will have to be a follow on act to the Electronic Communications Privacy Act making the possession or use of effective cryptographic technology illegal. In fact use of ciphers or codes over public communications facilities IS illegal in some countries. Simply relying on market forces to keep effective ciphers out of the public hands will not be enough. Unfortunately, this policy of dangerous openness and harsh civil and legal penalties for exploiting it leaves most of our communications terribly vulnerable to any serious criminal or spy clever enough to quietly intercept and exploit them. There will be no certainty that someone (in addition to the NSA, FBI, CIA or other such friendly agencies with long histories of law abiding and ethical behavior) isn't listening. If the law is effectively enforced (with well-publicized arrests of comparatively innocent listeners and long jail terms) most casual radio hobbiests and technically clever hacker types will be careful of what they publically admit to doing; and sadly some of the more law-abiding sorts (myself included) will probably give up what was a very innocent and non-criminal hobby that helped sharpen and develop our technical talents. It is hardly clear, however, that this group of people constitutes much of a threat to anyone. But the federal policy will be very much to the advantage of anyone who wishes to exploit communications and who is willing to take the risk of penalties under the law. A great deal of what might have been securely locked away beneath ciphers generated by $15 chips that produce keys only breakable with very large scale systems will be happily out there in the open for anyone with even simple equipment to intercept if they dare. This brave new world will be a field day for pirates, common criminals, sleazy characters and spies. And even more so if the public is denied access to secure communications technology so they can't protect themselves even if they want to. And I am particularly frightened of certain implications. The new law will only be effective in curbing the use of secure communications technology if it is enforced effectively enough so that users of communications systems are given the illusion that what they are sending is private by virtue of the stiff enforcement of the legal ban on interception. If the law is ignored as much as section 705 of the communications act has been (the current privacy provision) nobody with any sense will believe that it protects their privacy and there will continue to be public pressure for encryption. So the government will have to aggressively and publicaly prosecute listeners, and pressure judges into giving them harsh sentences. This necessarily implies that some innocent people are going to be badly hurt, and I am afraid that hams, SWLs and particularly the technically sophisticated engineering professionals who dabble as an innocent hobby in such projects as trying to break satellite scrambling schemes are going to be made examples of and thrown in jail. Radio regulation enforcement has not been draconian to date, the idiot ("Captain Midnight") who abused his position as an uplink operator to jam HBO only got probation and a moderate fine. It is pretty hard to see judges handing out 5 year sentences and $250,000 fines for such passive acts as descrambling some Canadian satellite feed or a soft core pornographic movie. It is even harder to see a judge throwing the book at some poor fellow who buys a scanner and listens to a mobile phone conversation. And yet the only way the Privacy Act is going to be beleived is by very stiff sentences - if there aren't such sentences the public won't feel secure. It isn't even clear that the required police/FBI manpower, prosecuters, and cooperative judges will ever come together to give the act teeth (although it is quite possible that the authors of the bill expect the civil penalties with lesser standards of proof to be the main deterents). In addition to stiff sentences for merely listening and further legislation forbidding use of secure ciphers, I think that the federal policy will not be seen as credible by the general public unless there are curbs on sales and possession of interception equipment. This no doubt means that such things as scanners, TVRO's, Hf-SSB receivers (connected to a TVRO a HF-SSB receiver can intercept a remarkable collection of private microwave and satellite communications), and other radio receiving devices will become illegal. -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die
scorpion@titan.UUCP (09/11/86)
What is the status of this dread bill? Also, what is a "law suite"? scorpion I don't have opinions. "Husbandry would be most efficacious" - Mr. Spock (in "The Apple").
werner@ut-ngp.UUCP (Werner Uhrig) (09/11/86)
In article <301@petrus.UUCP>, karn@petrus.UUCP (Phil R. Karn) writes: > I think Mike and Joe miss the point. The idea of the act is to make it > easier for OUR spooks (the NSA) to monitor the communications of naive > American civilians by giving them a false sense of security. I had long suspected it: Encoded communications contain a certain "signature" which makes them easy to identify in the MASS of communications. Either it can be detected by the pure randomness of the bits, or, maybe, the crypto device has a little "innocuous" commercial in the header of each message; something like: "Safe communications - another service of <your favorite 3-letter company goes here>" It is thus easy for the spook to identify the messages worth paying ATTention to .... and, of course, having the decoder helps ...(-: ---Werner "The best encryption is a low signal-to-noise ratio. that's why I often mumble senselessly..."
dclouser@hpldsla.HP.COM (Dave Clouser) (09/13/86)
Modulating an RF carrier with an audio signal certainly makes it hard to hear the audio part, unaided. The reason that we don't consider this a form of encryption is that one can buy the "decoder" cheaply and readily (at least in the US), for many varieties of broadcast signals. As technology becomes availible to the public, we must adapt to the changes. Radio signals must have seemed pretty secure to the military when they first were used. But as more people began using them, the security waned, so we developed ways to encrypt them further. Now, commercial companies facing the same situation are asking for legal protection, instead of solving the technological problem. The burden of protecting one's data should fall on oneself, and not on possible listeners. Laws preventing someone from taking advantage of something they heard, that the sender did not wish known, are already on shakey enough ground, as far as enforcement. We don't need more laws that are even more difficult to enforce. All too often, as the world changes, and we can do things more easily, people or corporations turn to the government to pass laws to protect their old ways. If a cable company doesn't want their broadcasts intercepted by non-subscribers, make them difficult to intercept. If the first solution used is overcome by an advance in technology, (satellite antennae), don't ask the government to pass a law to solve the problem. Such laws may cost more in the long run than the technology to encrypt the signals, and they erode our freedom. Instead, try for a longer-term technological solution, the next time. Better yet, use the cheap solution for as long as you can without losing money on it, then switch to a better one. Passing a law against something has seldom prevented criminals from doing it, or getting it, or using it. The technological solutions still have to be found, anyway. The idea that limiting the availability of sophisticated technology will prevent its falling into the "wrong" hands is silly. Look how successful we've been with nuclear technology. Sure, most terrorists don't have nuclear weapons, but it's not because they can't find out how to make them. It's because it's hard to get fuel for them. And plenty of "wrong" hands have gotten hold of nuclear weapons, anyway. This is my opinion, and as such, is important only to me. Dave Clouser Hewlett-Packard Scientific Instruments Division Palo Alto, CA 94304
newton2@topaz.berkeley.edu (09/14/86)
The low-cost secure voice terminals (STU-III) contracted for by NSA via ATT, Motorola, RCA et al. will not pose a problem for NSA. Who do you suppose will manage the keys for the new secure phones? Unfortunately, given the porosity of NSA, one can expect the ultimate result will be a substantial net loss for true security of U.S. interests: bureaucrats will spend billions and will become assured of the security of the techno-glossy new system- *everyone* will be required to use it, with the greatest urgency of use reserved for the most truly valuable info. Ivan will pay a GTE clerk enough to cover his short positions on the day the stock market falls 100 points and he'll hand over the key list. It's happened before, according to my newspaper. Doug Maisel
newton2@topaz.berkeley.edu (09/14/86)
Er, in my smart aleck posting about the possible subversion of NSA-knows best crypto schemes (I advocate autonomous key generators), make that "on a day the market *rises* 100 points etc. etc." Doug Maisel
johnmill@mmintl.UUCP (John Miller) (09/16/86)
In article <1269@jade.BERKELEY.EDU> newton2@topaz.berkeley.edu.UUCP () writes: > Ivan will pay a GTE clerk enough to cover his short positions on >the day the stock market falls 100 points and he'll hand over the key list. You have it backwards. The day the DJA drops 100 points is the day my short positions REALLY make me some money. -- johnmill
johnmill@mmintl.UUCP (John Miller) (09/17/86)
In article <1270@jade.BERKELEY.EDU> newton2@topaz.berkeley.edu.UUCP () writes: > >Er, in my smart aleck posting about the possible subversion of NSA-knows >best crypto schemes (I advocate autonomous key generators), make >that "on a day the market *rises* 100 points etc. etc." > >Doug Maisel Yeah, "Whoops" from me too, and apologies for not reading the rest of the articles before my smart-aleck correction. ---johnmill
don@nscpdc.UUCP (Don McGlauflin) (09/18/86)
In article <450001@hpldsla.HP.COM> dclouser@hpldsla.HP.COM (Dave Clouser) writes: > >Modulating an RF carrier with an audio signal certainly makes it hard to >hear the audio part, unaided. The reason that we don't consider this a >form of encryption is that one can buy the "decoder" cheaply and readily >(at least in the US), for many varieties of broadcast signals. As >technology becomes availible to the public, we must adapt to the >changes. Radio signals must have seemed pretty secure to the military >when they first were used. But as more people began using them, the >security waned, so we developed ways to encrypt them further. Now, >commercial companies facing the same situation are asking for legal >protection, instead of solving the technological problem. > >The burden of protecting one's data should fall on oneself, and not on >possible listeners. Laws preventing someone from taking advantage of >something they heard, that the sender did not wish known, are already on >shakey enough ground, as far as enforcement. We don't need more laws >that are even more difficult to enforce. > >All too often, as the world changes, and we can do things more easily, >people or corporations turn to the government to pass laws to protect >their old ways. If a cable company doesn't want their broadcasts >intercepted by non-subscribers, make them difficult to intercept. If >the first solution used is overcome by an advance in technology, >(satellite antennae), don't ask the government to pass a law to solve the >problem. Such laws may cost more in the long run than the >technology to encrypt the signals, and they erode our freedom. Instead, >try for a longer-term technological solution, the next time. Better yet, >use the cheap solution for as long as you can without losing money on it, >then switch to a better one. > >Passing a law against something has seldom prevented criminals from doing >it, or getting it, or using it. The technological solutions still have to >be found, anyway. The idea that limiting the availability of sophisticated >technology will prevent its falling into the "wrong" hands is silly. >Look how successful we've been with nuclear technology. Sure, most >terrorists don't have nuclear weapons, but it's not because they can't find out >how to make them. It's because it's hard to get fuel for them. And plenty >of "wrong" hands have gotten hold of nuclear weapons, anyway. > >This is my opinion, and as such, is important only to me. > > >Dave Clouser >Hewlett-Packard >Scientific Instruments Division >Palo Alto, CA 94304 ********* SOMEBODY FINALLY HIT THE NAIL ON THE HEAD! ********** Sorry about including the whole article, but it deserves to read again. Here's an interesting analogy: If a woman stands naked in a public place, who is more likely to get in trouble for it? HER, for indecent exposure? Or YOU, for looking at her? Flames to /dev/null, please. "Epoxy can be cured" Don McGlauflin nsc!nscpdc!don National Semiconductor tektronix!reed!nscpdc!don MaBell: (503) 629-4443
rupp@trout.UUCP (William L. Rupp) (09/19/86)
I think I have missed something in this discussion of communications privacy. Has there been a proposal in Congress to ban transmission encryption, or is that eventuality merely a supposition on the part of some net.crypt posters?
die@frog.UUCP (Dave Emery, Software) (09/22/86)
In article <315@trout.UUCP> rupp@trout.UUCP (William L. Rupp) writes: >I think I have missed something in this discussion of communications privacy. >Has there been a proposal in Congress to ban transmission encryption, or is >that eventuality merely a supposition on the part of some net.crypt posters? > There hasn't yet been such a bill, but as a number of posters have pointed out, apparently one of the major forces behind the movement to pass the Electronic Communications Privacy Act is a group of law enforcement and intelligence agencies who are reputed to fear that widespread use of secure and effective encryption will deny them important sources of intelligence. (eg terrorists, organised crime, drug dealers, hackers, and other such bad guys will start using secure crypto communications if they are made widely available) It is assumed that the agencies are backing the bill because it provides legal protection for unencrypted common carrier communications, and for any other communication encrypted in any manner (or even transmitted using complex or unusual modulation). It is presumed that they feel that the existance of a strong law with stiff penalties and the possibility of civil as well as criminal action (with lower standards of proof and no prosecutorial discression) will be seen by the communications service buying public as an adaquate answer to the security problem, and the movement toward use of really effective encryption will slow down or stop as a result. I personally suspect that the large common carriers (who have also backed the bill) would very much not like to spend billions of dollars securing their transmissions (particularly the wide open microwave radio and satellite links that represent the lowest-cost-to-provide long distance interconnections). If the bill passes the carriers will have a legal defense against lawsuits by subscribers whose communications have been intercepted from these links, if there isn't such a law someone might someday successfully sue a carrier for a large amount of money for not taking adaquate precautions to ensure his privacy. And a court ruling that the mostly open transmissions currently used are not adaquately secure could be devastating to carriers with limited investments in such more secure technologies as coaxial cable and optical fibers. Thus the intelligence agencies are hoping that shielded from liability for providing privacy the carriers will not install encryption and provide secure service as rapidly since the major reasons for them to do so (fear of lawsuits and public pressure) will have been at least partially neutralized. And they hope that the public, provided with a new and powerful defense against those who intercept its communications (the civil penalties) will not press as hard for technology that provides real security (even from the intelligence agencies themselves). I speculate that this attempt to slow the spread of encryption by providing legal tools to wronged parties and protection to carriers from suits will not be enough to prevent its use from becoming widespread, and that the intelligence agencies will have to pressure for restrictions on the use of encryption. And perhaps there are fools enough in congress for such a law to pass too.. -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die