die@frog.UUCP (Dave Emery, Software) (09/06/86)
First reaction
Perhaps the strongest impression on seeing the text of the
privacy act is how incredibly draconian the penalties are considering
the ease with which radio communications can be intercepted and the
fact that such interception isn't currently a crime.
The crimes
The act provides that intentionally intercepting the contents of a
radio or electromagnetic communication "not readily available to the general
public" is legally the same crime as wiretapping or bugging and carries the
same penalties with certain few exceptions.
The bill provides a year in jail and/or a $10,000 fine for merely
intentionally listening to ("acquiring the contents of") a radio communication
on certain frequencies (those used by radio and TV remote pickup and studio
transmitter links), sent over facilities provided by a common carrier (such as
a communications satellite) or on a subcarrier or other subsidiary signal
(such as Teletext, vertical blanking interval signals + SCA). This 'reduced'
penalty only applies if the interception is not for commercial purposes or
private gain or in violation of any contract and is the first offense.
The full penalty of five years in jail and a $250,000 fine applies
if the interception is for commercial purposes or private gain or is a
second or subsequent offense.
And perhaps the most incredible of all - five years in jail
and a $250,000 fine for intercepting and acquiring the contents of (ie
descrambling) any radio communication that is "scrambled or encrypted"
(such as pay tv stations or scrambled satellite TV). This applies even if
this is a first offense, and is not for private gain or commercial purposes.
There is no requirement that the scrambling or encryption be secure or
difficult to break, absolutely any kind qualifies.
And in a very nasty section, not only is it a crime for which
one can get thrown in the pokey for a year to intercept a common-carrier
signal or other private signals but it is a crime to intercept any signal
whose "essential modulation parameters have been witheld from the general
public" in order to protect privacy. This means that if one finds an
odd signal and demodulates it, one may have committed a serious crime
even if one had no knowlage that the signal was modulated that way
for the purpose of preserving privacy and knew (from the frequency or other
information) that it was not a common carrier signal or other otherwise
private signal.
Further the bill provides for civil damages for anyone
whose radio communication, "not readily accessible to the general public",
is intercepted or used. This provision allows for a suite to recover
all profits or gains from the use of the communication, court costs,
and punitive damages of the greater of $10,000 or $100 a day for every day
the radio communication was intercepted. Though I am not a lawyer (just a
humble engineer) it appears to me to be possible to mount such a law suite
even if there was no criminal prosecution for the violation. (That
is to say if the local pay TV or cable company (this applies to wire
communications too) decides to take you to court for descrambling their
pay signals they can do so and collect $10,000 damages even if the
local US attorney doesn't want to prosecute you on the felony interception
charges.)
The exceptions
There are bizzare exceptions made for cellular telephone calls
(6 months and $500) and non-scrambled or encrypted private satellite video
(only $500 !!), and complete exemptions for cordless telephones and tone only
pagers (???!!!).
The things that are legal
Certain things are explicitly legal to receive including
anything on ham, CB, and general mobile radio service frequencies, a distress
signal from an aircraft, vessel or person (not car or truck), transmissions
from a marine or aeronautical communication system, and police, fire, civil
defense, government, and law enforcement transmissions that are readily
accessible to the general public.
Naturally one can legally receive any transmission specifically
intended for the general public such as radio and TV broadcasts (but not any
subcarriers or subsidiary services riding on broadcast signals unless they are
also specifically intended for the use of the general public). And one can
legally receive unscrambled and unencrypted satellite transmissions of
programs intended to be broadcast (network TV feeds and radio feeds). I
believe that the underlying law already allows reception of cable tv feeds
(Satellite Viewing Rights Act) that are not scrambled or encrypted under
certain conditions.
An editorial note
To me, the radio part of the Electronic Communications
Privacy Act seems to have little or nothing to do with privacy of radio
communications. It seems to really be a bill designed to protect the
economic interests of certain people who transmit pay tv signals,
stock market data, cable TV programming and other signals that
have recently become targets of widespread piracy. Unfortunately,
the way the law is written it makes no difference whether or not there is an
intent to steal a service, it is a felony to merely peek to see what is
there.
If there is an intent to protect privacy, it is not to mandate
real security or provide encouragements to carriers to provide it,
(the bill carefully avoids making carriers liable for the disclosure
of radio communications transmitted over radio systems foolishly
designed so they can be easily intercepted (like cellular telephones))
but to make sure that it is in fact a crime to intercept almost any
conceivably private communication. The actual purpose of this is more to get
providers of communications services off the hook if customers sue them
because their communications were intercepted then to provide security as it
is normally a valid defense against charges of negligence to demonstrate that
the act in question is a serious crime.
The saddest part is that the bill does nothing to encourage
the use of the only technology that can provide real radio security -
encryption with a secure cipher. It actually stifles that effort
by giving complete legal protection to any cipher or other security
technique no matter how feeble, and by protecting even many completely
open signals with harsh penalties.
Post Script
The rest of the act is basicly anti-hacker. I am on the
side of the angels on most of the rest of the bill's provisions,
as I do think that there is a fundemental difference between listening
to a radio communication and breaking into a computer system and
accessing private information contained therein (or exceeding ones
authorization to use the system). Radio is all around us, and is by its very
nature a publicly accessible medium - while wire (fiber and cable)
communications and computer systems are legitimately private spaces.
Some sleepers in the bill - very technical
The most obvious sleeper is the use of the key (and very ambiguous)
phrase "readily accessible to the general public". Though the bill defines
that concept as it pertains to radio (and thus precludes use of the extremely
logical and common sense argument that almost any radio signal is
readily accessible to the general public), the phrase is made for judges
to add interpretations to.
Almost any signal which is on a secret frequency, or has not been
widely publicized, or seems from its contents like it ought to be secret, or
is not publically admitted to by its owning agency, or which requires special
equipment to receive could be excluded on the grounds it wasn't readily
accessible to the general public. I am sure that the argument will soon be
made that any signal on a non-published or secret frequency is not readily
accessible to the general public just by virtue of the fact that the frequency
information is not made readily available to the general public.
Ready Access
The bill leaves hanging questions about signals that are only
receivable in certain limited places (such as highly directional signals,
very low power signals, or signals on frequencies that don't propagate well)
Is it illegal to receive them even if one happens to live near the
transmitter ? Suppose one builds a large antenna ? What sort of difficulty
does one have to go to to exceed the limits of "ready access" ? And what is
the "general public" in this context anyway ? Does being a technically
knowlageable engineer or other specialist disqualify one from membership in
the "general public" the bill refers to ?
Banned Frequencies
The bill for the first time forbids receiving and "acquiring the
contents of" any communication on certain frequencies allocated to broadcast
remote pickup and auxiliary services regardless of whether the intercepted
signal is in fact a signal used by a broadcast station. This concept of a
"banned frequency" might prevent one from receiving ANY radio signal of
unknown origen on some frequencies if the bill is strictly interpreted.
In many ways that is a much harsher restriction than forbidding the
"acquistion of the contents of" a signal transmitted by certain specific
groups.
This establishes a nasty precedent that might have impact on
electronic instrumentation, EMC/Tempest, and rf equipment engineering, test,
and repair. It also could be used to convict someone for simply possessing
a receiver turned on and tuned to such a channel since it could be
argued that receiving any signal that came in (presumably including cosmic
noise and the thermal background hiss) was illegal unless one could
establish that one was an authorized recipient of some lawful transmission
on these channels. And it would make establishing intent easier, since there
could be no legal purpose for someone not authorized to receive such
signals to possess a receiver for those frequencies.
Common Carriers
The bill defines as private any signals "transmitted over
a communication system provided by a common carrier". This would
seem to include situations where the common carrier provides radios,
transmitter sites or other facilities to radio communications
systems that do not operate on common carrier frequencies. This makes
determining whether a particular communication is private and illegal to
listen to much more complicated. (An example is the White House
Nationwide (Echo Foxtrot) radio system used to provide a very unsecure
radio telephone connection to Air Force One - this system is supposed to
have been provided by AT&T in whole or in part and uses AT&T sites but
uses federal frequencies for the radio links)
It is also very unclear what the bill means by "transmitted over".
Does this mean transmitted by a transmitter provided by a common carrier ?
Or does it mean that if the signal at some point in its path between original
sender and ultimate recipiant goes over a communication link provided
by a common carrier it is illegal to receive it ? Suppose it is transmitted
by a privately provided transmitter in communication with a common carrier
system (such as a cellular phone owned by a subscriber and not purchased
from a common carrier) ?. How about an otherwise legal-to-receive radio
signal that happened to go over telephone lines or other common-carrier
provided facilities between the control point and the transmitter (a very
common case in mobile radio systems) ? How about signals from a privately
owned satellite uplink ?
Subcarriers
Another bit of legal language that could be sticky is "subcarrier
or other signal subsidiary to a radio transmission". At first glance this
seems to mean SCA signals on FM radio broadcasts. But depending on
how subcarrier is interpreted it could mean virtually any modulation
more complex than simple direct AM or FM. Is a FDM-SSB voice channel
a subcarrier ? (One could argue no, it is not further modulated - it
is merely shifted in frequency - unlike an FM subcarrier which is itself
a modulated carrier.) Is a pcm subchannel on a tdm multiplexed signal
a subcarrier ? What is meant by "subsidiary to" ?
Many digital signals transmitted over analog paths (such as
the AFSK used in 2 meter ham packet radio) use modems which modulate
an audio frequency carrier. When transmitted over a radio channel,
these audio signals become subcarriers. Does the bill mean to
preclude reception of any digital transmission except direct FSK, PSK
or PAM of a carrier ? (Reception of 2 meter packet is otherwise
explicitly allowed so this is not an issue for hams). What about
those military multiplex HF RTTY transmissions that some people copy news
wires or weather information from ? Are the individual channels subcarriers
or separate 85hz shift FSK signals that happen to be transmitted from a
common transmitter ?
Scrambling
Another problem area lies with the definition of "scrambled". To
lawmakers this probably means what one sees on a pay cable channel one
doesn't subscribe to. But what constitutes scrambling ? What parameters
of a signal have to be changed for it to be scrambled ? Is merely inverting
the usual video polarity (as some satellite services do) scrambling ?
What is enough alteration to put one in jail ?
And what constitutes scrambling for other sorts of radio signals ?
Does it have to be effective ? or is it merely enough to alter some
parameter of the signal with the intent of making harder to receive
on some kind of receiver. Suppose your receiver can receive the signal
anyway, is it still illegal ?
Another problem with the term "scrambling" is that it has a technical
meaning different from its common usage meaning. All modern digital radio
transmission systems (and almost all modems > 300 bps) permutate the data
transmitted with a digital pattern to ensure that the modulated signal
contains plenty of 0-1 and 1-0 transitions (for maintaining clock
synchronism between transmitter and receiver) and to guarantee that the
same data does not always result in the same modulated signal in case
some particular pattern in the data produces a worse case analog signal
(this ensures that if the transmission is retried, it probably will
work the second time). This technique has been called (since its inception)
"scrambling". If it is illegal to intercept a radio signal that has
been scrambled for this purpose (and the bill does not say "scrambled or
encrypted to protect the privacy of" it will be illegal to intercept
almost any properly designed digital radio transmission or radio transmission
of a modem signal carrying data at greater than 300 bps (except 202 FSK).
Note to Phil Karn
I don't have my table of FCC frequency allocations handy but
isn't 39.17 mhz (the frequency on which the preacher hears God) a broadcast
remote pickup frequency ? Perhaps Phil Karn's theory that the fundementalists
are the force behind this bill because of the debunking of that phoney TV
evangelist on the Johnny Carson show is real !!
David I. Emery Charles River Data Systems 617-626-1102
983 Concord St., Framingham, MA 01701.
uucp: decvax!frog!die
--
David I. Emery Charles River Data Systems
983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!dietedrick@ernie.Berkeley.EDU (Tom Tedrick) (09/07/86)
Sigh. Once again we see an example of an incredibly stupid law being proposed. Is there any chance that this monstrosity will pass? Rather than fine someone for intercepting signals, they should fine the sender for being too stupid to use a secure encryption scheme and reward the "pirate" for revealing the insecurity in the system. If we can't keep our systems secure from our budding hackers, what are we going to do when the Soviets decide to disrupt our communications prior to launching a first strike? I say we owe the hackers our deepest gratitude for revealing our stupidity before it is too late.
gjphw@mhuxo.UUCP (WYANT) (09/09/86)
> Once again we see an example of an incredibly stupid law > being proposed. Is there any chance that this monstrosity will > pass? > While I agree that the proposed law is a change in the way the airwaves have been treated in the U.S. (anyone can try to receive anything, only transmissions are regulated), restrictions on reception are common in many other countries. Despite the difficulty of enforcing restrictions on receptions, many governments have chosen to pursue this route in an attempt to protect themselves or major commercial interests. There is more to restriction on reception proposals than merely seeking to protect commercial interests. If the responsibility for ensuring secure communications were lodged solely with the system operator, it would be quite reasonable for the operators to pursue the use of digital encryption. This is likely to lead to the introduction of some very nice encoding/decoding boxes to the general public. According the the government, the general public includes terrorists, subversives, common criminals (as opposed to uncommon criminals), and hackers (!). The law enforcement and intelligence agencies would not like these unsavory characters to gain ready access to a means of communication that could not easily be tapped. Some of the encryption schemes can not even be broken by the National Security Agency. In an effort to avoid handing any more advantages to criminals (e.g., communications secure from monitoring by law enforcement people), the government has evidently decided to restrict selected public freedoms. We must decide which of the various conflicting rights take precedence in the arena of communications. It is not an easy decision to make. Patrick Wyant AT&T Bell Laboratories Naperville, IL *!ihnp4!{mhuxo,ihwld}!gjphw
knudsen@ihwpt.UUCP (mike knudsen) (09/09/86)
n> There is more to restriction on reception proposals than merely seeking to > protect commercial interests. If the responsibility for ensuring secure > communications were lodged solely with the system operator, it would be quite > reasonable for the operators to pursue the use of digital encryption. This is > likely to lead to the introduction of some very nice encoding/decoding boxes > to the general public. According the the government, the general public > includes terrorists, subversives, common criminals (as opposed to uncommon > criminals), and hackers (!). The law enforcement and intelligence agencies > would not like these unsavory characters to gain ready access to a means of > communication that could not easily be tapped. Some of the encryption schemes > can not even be broken by the National Security Agency. > > In an effort to avoid handing any more advantages to criminals (e.g., > communications secure from monitoring by law enforcement people), the > government has evidently decided to restrict selected public freedoms. We > must decide which of the various conflicting rights take precedence in the > arena of communications. It is not an easy decision to make. > > Patrick Wyant > This makes sense. However, it is contrary to a decision recently made by the Federal govt, incouding the NSA. Federal contracts have been let to three companies to build digitally encrypted telephones for use over the regular switched public phone network. Initially intended for Federal agents and companies with govt contracts, these phone sets are expected to ultimately be sold to any US citizen willing to pay (about $2000) for them. The intent is to stop the Russians from monitoring our phone calls, as alluded to earlier. The NSA has stated that it realizes that the Mafia et al will surely take advantage of these phones to thwart the FBI et al, but that this **is a price we are willing to pay** to stop the hemmorhage of foreign and industrial espionage currently occuring on our telephone system. (On the other hand, there is the case of the college prof who was told by the NSA not to divulge his great new encryption technique, because the NSA didn't know how to break it.) Do you get the idea the Feds' left and right hands don't know what each other is doing?? Why am I surprised?? :-( -- Mike J Knudsen / \ ...ihnp4!ihwpt!knudsen / NO \ Bell Labs / BABY \ (312)-979-4132 (work) (AT & T) /ON BOARD\ \GO AHEAD/ BORED SAILORS IH 6D-319 \ & HIT/ go BOARDSAILING. x4132 \ ME / \ / Bell Labs pays \/ me for my thoughts; my opinions are all mine!
karn@petrus.UUCP (Phil R. Karn) (09/10/86)
I think Mike and Joe miss the point. The idea of the act is to make it easier for OUR spooks (the NSA) to monitor the communications of naive American civilians by giving them a false sense of security. Certainly no one in US government or industry would rely for a minute on the prohibitions of the act, nor would the KGB give a damn about American laws. Phil
die@frog.UUCP (Dave Emery, Software) (09/11/86)
Patrick Wyant writes : > There is more to restriction on reception proposals than merely seeking to >protect commercial interests. If the responsibility for ensuring secure >communications were lodged solely with the system operator, it would be quite >reasonable for the operators to pursue the use of digital encryption. This is >likely to lead to the introduction of some very nice encoding/decoding boxes >to the general public. According the the government, the general public >includes terrorists, subversives, common criminals (as opposed to uncommon >criminals), and hackers (!). The law enforcement and intelligence agencies >would not like these unsavory characters to gain ready access to a means of >communication that could not easily be tapped. Some of the encryption schemes >can not even be broken by the National Security Agency. Criminalizing radio reception in the hopes that providers of communications services will not provide their customers with a truly secure service is only a short term solution that at most buys a few years. The basic technology of end to end secure telephony is here now, and is getting cheaper and cheaper every year. It will not be too many years before the cost is low enough so some enterprising folks will mass market secure telephones. (I have dreamed for years of doing this when I finally find myself and get rich). As for data communications, the technology for effectively encoding digital data has been around for years, and anyone with something to hide would have to be stupid not to use the available tools such as the plethora of RSA/DES encryption programs for the PC family. It seems very likely if the federal government continues to follow it's current anti-privacy policy there will have to be a follow on act to the Electronic Communications Privacy Act making the possession or use of effective cryptographic technology illegal. In fact use of ciphers or codes over public communications facilities IS illegal in some countries. Simply relying on market forces to keep effective ciphers out of the public hands will not be enough. Unfortunately, this policy of dangerous openness and harsh civil and legal penalties for exploiting it leaves most of our communications terribly vulnerable to any serious criminal or spy clever enough to quietly intercept and exploit them. There will be no certainty that someone (in addition to the NSA, FBI, CIA or other such friendly agencies with long histories of law abiding and ethical behavior) isn't listening. If the law is effectively enforced (with well-publicized arrests of comparatively innocent listeners and long jail terms) most casual radio hobbiests and technically clever hacker types will be careful of what they publically admit to doing; and sadly some of the more law-abiding sorts (myself included) will probably give up what was a very innocent and non-criminal hobby that helped sharpen and develop our technical talents. It is hardly clear, however, that this group of people constitutes much of a threat to anyone. But the federal policy will be very much to the advantage of anyone who wishes to exploit communications and who is willing to take the risk of penalties under the law. A great deal of what might have been securely locked away beneath ciphers generated by $15 chips that produce keys only breakable with very large scale systems will be happily out there in the open for anyone with even simple equipment to intercept if they dare. This brave new world will be a field day for pirates, common criminals, sleazy characters and spies. And even more so if the public is denied access to secure communications technology so they can't protect themselves even if they want to. And I am particularly frightened of certain implications. The new law will only be effective in curbing the use of secure communications technology if it is enforced effectively enough so that users of communications systems are given the illusion that what they are sending is private by virtue of the stiff enforcement of the legal ban on interception. If the law is ignored as much as section 705 of the communications act has been (the current privacy provision) nobody with any sense will believe that it protects their privacy and there will continue to be public pressure for encryption. So the government will have to aggressively and publicaly prosecute listeners, and pressure judges into giving them harsh sentences. This necessarily implies that some innocent people are going to be badly hurt, and I am afraid that hams, SWLs and particularly the technically sophisticated engineering professionals who dabble as an innocent hobby in such projects as trying to break satellite scrambling schemes are going to be made examples of and thrown in jail. Radio regulation enforcement has not been draconian to date, the idiot ("Captain Midnight") who abused his position as an uplink operator to jam HBO only got probation and a moderate fine. It is pretty hard to see judges handing out 5 year sentences and $250,000 fines for such passive acts as descrambling some Canadian satellite feed or a soft core pornographic movie. It is even harder to see a judge throwing the book at some poor fellow who buys a scanner and listens to a mobile phone conversation. And yet the only way the Privacy Act is going to be beleived is by very stiff sentences - if there aren't such sentences the public won't feel secure. It isn't even clear that the required police/FBI manpower, prosecuters, and cooperative judges will ever come together to give the act teeth (although it is quite possible that the authors of the bill expect the civil penalties with lesser standards of proof to be the main deterents). In addition to stiff sentences for merely listening and further legislation forbidding use of secure ciphers, I think that the federal policy will not be seen as credible by the general public unless there are curbs on sales and possession of interception equipment. This no doubt means that such things as scanners, TVRO's, Hf-SSB receivers (connected to a TVRO a HF-SSB receiver can intercept a remarkable collection of private microwave and satellite communications), and other radio receiving devices will become illegal. -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die
scorpion@titan.UUCP (09/11/86)
What is the status of this dread bill? Also, what is a "law suite"? scorpion I don't have opinions. "Husbandry would be most efficacious" - Mr. Spock (in "The Apple").
werner@ut-ngp.UUCP (Werner Uhrig) (09/11/86)
In article <301@petrus.UUCP>, karn@petrus.UUCP (Phil R. Karn) writes: > I think Mike and Joe miss the point. The idea of the act is to make it > easier for OUR spooks (the NSA) to monitor the communications of naive > American civilians by giving them a false sense of security. I had long suspected it: Encoded communications contain a certain "signature" which makes them easy to identify in the MASS of communications. Either it can be detected by the pure randomness of the bits, or, maybe, the crypto device has a little "innocuous" commercial in the header of each message; something like: "Safe communications - another service of <your favorite 3-letter company goes here>" It is thus easy for the spook to identify the messages worth paying ATTention to .... and, of course, having the decoder helps ...(-: ---Werner "The best encryption is a low signal-to-noise ratio. that's why I often mumble senselessly..."
newton2@topaz.berkeley.edu (09/14/86)
The low-cost secure voice terminals (STU-III) contracted for by NSA via ATT, Motorola, RCA et al. will not pose a problem for NSA. Who do you suppose will manage the keys for the new secure phones? Unfortunately, given the porosity of NSA, one can expect the ultimate result will be a substantial net loss for true security of U.S. interests: bureaucrats will spend billions and will become assured of the security of the techno-glossy new system- *everyone* will be required to use it, with the greatest urgency of use reserved for the most truly valuable info. Ivan will pay a GTE clerk enough to cover his short positions on the day the stock market falls 100 points and he'll hand over the key list. It's happened before, according to my newspaper. Doug Maisel
newton2@topaz.berkeley.edu (09/14/86)
Er, in my smart aleck posting about the possible subversion of NSA-knows best crypto schemes (I advocate autonomous key generators), make that "on a day the market *rises* 100 points etc. etc." Doug Maisel
johnmill@mmintl.UUCP (John Miller) (09/16/86)
In article <1269@jade.BERKELEY.EDU> newton2@topaz.berkeley.edu.UUCP () writes: > Ivan will pay a GTE clerk enough to cover his short positions on >the day the stock market falls 100 points and he'll hand over the key list. You have it backwards. The day the DJA drops 100 points is the day my short positions REALLY make me some money. -- johnmill
johnmill@mmintl.UUCP (John Miller) (09/17/86)
In article <1270@jade.BERKELEY.EDU> newton2@topaz.berkeley.edu.UUCP () writes: > >Er, in my smart aleck posting about the possible subversion of NSA-knows >best crypto schemes (I advocate autonomous key generators), make >that "on a day the market *rises* 100 points etc. etc." > >Doug Maisel Yeah, "Whoops" from me too, and apologies for not reading the rest of the articles before my smart-aleck correction. ---johnmill
rupp@trout.UUCP (William L. Rupp) (09/19/86)
I think I have missed something in this discussion of communications privacy. Has there been a proposal in Congress to ban transmission encryption, or is that eventuality merely a supposition on the part of some net.crypt posters?
die@frog.UUCP (Dave Emery, Software) (09/22/86)
In article <315@trout.UUCP> rupp@trout.UUCP (William L. Rupp) writes: >I think I have missed something in this discussion of communications privacy. >Has there been a proposal in Congress to ban transmission encryption, or is >that eventuality merely a supposition on the part of some net.crypt posters? > There hasn't yet been such a bill, but as a number of posters have pointed out, apparently one of the major forces behind the movement to pass the Electronic Communications Privacy Act is a group of law enforcement and intelligence agencies who are reputed to fear that widespread use of secure and effective encryption will deny them important sources of intelligence. (eg terrorists, organised crime, drug dealers, hackers, and other such bad guys will start using secure crypto communications if they are made widely available) It is assumed that the agencies are backing the bill because it provides legal protection for unencrypted common carrier communications, and for any other communication encrypted in any manner (or even transmitted using complex or unusual modulation). It is presumed that they feel that the existance of a strong law with stiff penalties and the possibility of civil as well as criminal action (with lower standards of proof and no prosecutorial discression) will be seen by the communications service buying public as an adaquate answer to the security problem, and the movement toward use of really effective encryption will slow down or stop as a result. I personally suspect that the large common carriers (who have also backed the bill) would very much not like to spend billions of dollars securing their transmissions (particularly the wide open microwave radio and satellite links that represent the lowest-cost-to-provide long distance interconnections). If the bill passes the carriers will have a legal defense against lawsuits by subscribers whose communications have been intercepted from these links, if there isn't such a law someone might someday successfully sue a carrier for a large amount of money for not taking adaquate precautions to ensure his privacy. And a court ruling that the mostly open transmissions currently used are not adaquately secure could be devastating to carriers with limited investments in such more secure technologies as coaxial cable and optical fibers. Thus the intelligence agencies are hoping that shielded from liability for providing privacy the carriers will not install encryption and provide secure service as rapidly since the major reasons for them to do so (fear of lawsuits and public pressure) will have been at least partially neutralized. And they hope that the public, provided with a new and powerful defense against those who intercept its communications (the civil penalties) will not press as hard for technology that provides real security (even from the intelligence agencies themselves). I speculate that this attempt to slow the spread of encryption by providing legal tools to wronged parties and protection to carriers from suits will not be enough to prevent its use from becoming widespread, and that the intelligence agencies will have to pressure for restrictions on the use of encryption. And perhaps there are fools enough in congress for such a law to pass too.. -- David I. Emery Charles River Data Systems 983 Concord St., Framingham, MA 01701 (617) 626-1102 uucp: decvax!frog!die