grayt@uunet.uu.net> (05/09/91)
In article <telecom11.340.11@eecs.nwu.edu> phil@wubios.wustl.edu (J. Philip Miller) writes: > It is the sense of Congress that providers of electronic > communications services and manufacturers of electronic communications > service equipment shall ensure that communications systems permit the > government to obtain the plain text contents of voice, data, and other > communications when appropriately authorized by law. All this really states is that the government should have the right to wire tap if it gets a search warrant. I don't see anything draconian about this. You may also note that this text does NOT specicifically refer to encryption. How can the government wire tap a subscriber multiplexer system and not violate the privacy of many innocent people. This text could be read to include this case. The equipment provider must provide means that enable the government to intecept a single party whithout infringing on the rights of others. Privacy boxes such as these are now provided to prevent users of public WAN's from having access to all of the data on the net. Only information destined to a node is allowed to pass the privacy box. All that this text really does is to bring wire tapping into the current era of multiplexers and shared bandwidth. If this technology is available, the government would be compelled to use it. it could not cite compelling national interest to intercept all communications on a link. It would have to limit itself to a specifically restricted set of communications.
Andy Oakland <sao@athena.mit.edu> (05/09/91)
In article <telecom11.344.4@eecs.nwu.edu> mitel!Software!grayt@uunet. uu.net (Tom Gray) writes: > In article <telecom11.340.11@eecs.nwu.edu> phil@wubios.wustl.edu (J. > Philip Miller) writes: >> It is the sense of Congress that providers of electronic >> communications services and manufacturers of electronic communications >> service equipment shall ensure that communications systems permit the >> government to obtain the plain text contents of voice, data, and other >> communications when appropriately authorized by law. > All this really states is that the government should have the right to > wire tap if it gets a search warrant. I don't see anything draconian > about this. > You may also note that this text does NOT specicifically refer to >encryption. Actually, this "sense of Congress" resolution has been causing us here at MIT Project Athena great distress, because it effectively bans certain types of encryption. We're working on "privacy enhanced email," which is email guaranteed to be unreadable by anyone except the person to whom it was directed. Thanks to public and private key encryption, even the system operator can't read these messages. But since the resolution demands that the "plain text" of all messages must be available to the government, this privacy enhanced mail effectively becomes illegal! Andy Oakland Project Athena Advanced Development Group sao@athena.mit.edu
"Michael H. Riddle" <riddle@hoss.unl.edu> (05/09/91)
In <telecom11.344.4@eecs.nwu.edu> Tom Gray <mitel!Software!grayt@ uunet.uu.net> writes: >> It is the sense of Congress that providers of electronic >> communications services and manufacturers of electronic communications >> service equipment shall ensure that communications systems permit the >> government to obtain the plain text contents of voice, data, and other >> communications when appropriately authorized by law. This is probably one of those bills where a lot of concerned people will disagree on the effect, but I for one disagree with you. Perhapas my disagreement is founded on over twenty years' experience in military communications, which is admittedly a specialized subset of the profession. Anyway, the phrase "plain text" has a rather particular meaning. I've /never/ heard it used except to differentiate from cipher text. ( I use "cipher" in a general sense, to include codes, although technically they are different.) Part of the reason for concern is that this section appears in the middle of a bill (238Kbytes on my disk) that addresses: (quote) S. 266 1991 S. 266 SYNOPSIS: A BILL To prevent and punish domestic and international terrorist acts, and for other purposes. (unquote) Additionally, substantially the same language: (quote) 1991 S. 618 MARCH 15, 1991 -- VERSION: 1 PART II-ELECTRONIC COMMUNICATIONS SEC. 545. COOPERATION OF TELECOMMUNICATIONS PROVIDERS WITH LAW ENFORCEMENT. It is the sense of Congress that providers of electronic communications services and manufacturers of electronic communications service equipment shall ensure that communications systems permit the government to obtain the plain text contents of voice, data, and other communications when appropriately authorized by law. (unquote) appears in an even longer bill, S. 618 (238Kbytes) dealing with: (quote) S. 618 1991 S. 618 SYNOPSIS: A BILL To control and reduce violent crime. (unquote) Perhaps its the conspiracy theorists at work, but many of us see this "sense of the Congress" as granting a "hunting license" to NSA. Perhaps you remember the discussion (continuing even today in sci.crypt and elsewhere) whether the NSA designed the DES so it could be broken. Given their ability to place Secrecy Orders on cryptographic devices, those that would not trust some government agencies find it easy to believe the allegation that Biden and Deconcini mean exactly what they say -- they want government agencies to break any cipher text. For example, while I haven't heard of it, I wouldn't be surprised to hear that some drug operations used digital voice encrypted radios in their operations. They are well-enough organized in other aspects of their business. The problem is that secrets can't be held forever, and if there is a way to break it, then the "enemies" of legitimate users of cryptography are less secure. Trade secrets and industrial espionage aren't exactly rare terms these days. Some people just feel that no one has a reason to listen in on their calls for any reason. When ISDN comes a little more into service, digitial encryption will become (I think) affordable for the masses. The RSA patent expires in a few years, and for text it's fairly workable. Finally, as a legal thought, if a court ordered a wire tap, the agencies could recover the ciphertext, and if evidence were sufficient, I'm sure they could then order production of the keys. (I know this is less workable in practice, since destruction of superseded keys should be a priority.) Anyway, whether or not the bills get enacted, there /is/ sufficient reason to become concerned. <<<< insert standard disclaimer here >>>> riddle@hoss.unl.edu | University of Nebraska ivgate!inns!postmaster@uunet.uu.net | College of Law mike.riddle@f27.n285.z1.fidonet.org | Lincoln, Nebraska, USA
bud@uunet.uu.net> (05/09/91)
In article <telecom11.340.11@eecs.nwu.edu> phil@wubios.wustl.edu (J. Philip Miller) writes: [Moderator's Note: Text omitted. See earlier messages this issue. PAT] -------------- > You might consider writing your Senator and/or Representative and > expressing your opinion on this piece of, uh, legislation. The U.S. Congress is just now catching up to the third world on this one. Although most people see this as a requirement that any encrypting method used be "breakable" by NSC, it also seems to say that telecom switching equipment should allow easy access (read: wiretapping) by government officials. I have seen a number of RFP's for switching equipment issued by Taiwan, Malaysia, and Indonesia (and I have heard that other countries RFP's are similar) which require the ability to remotely monitor *any* call at any time. Software was also *required* that allowed this remote site to scan the call record database. You don't have a problem with this, do you? After all, an honest person has noting to hide. Bud Couch - ADC/Kentrox If my employer only knew... standard BS applies
"Marc T. Kaufman" <kaufman@neon.stanford.edu> (05/10/91)
In article <telecom11.340.11@eecs.nwu.edu> phil@wubios.wustl.edu (J. Philip Miller) writes: -> (A proposed Senate resolution:) [Moderator's Note: Text omitted here. See prior messages. PAT] In article <telecom11.344.4@eecs.nwu.edu> Tom Gray <mitel!Software! grayt@uunet.uu.net> writes: > All this really states is that the government should have the right to > wire tap if it gets a search warrant. I don't see anything draconian > about this. > You may also note that this text does NOT specicifically refer to > encryption. On the contrary, the phrase "plain text contents" specifically refer to the proposal that encryption providers should (must?) provide a back door through which the encryption can be compromised. The interesting (to me) speculation is how the timing and content of this proposal relate to Motorola's proposal to sell STU-3 equipped telephones to the general public so that they can carry on conversations privately over cellular phones. [the STU-3 is a DES encryption digatal voice unit]. It is known that certain Federal law enforcement agencies are very unhappy over that proposal. (Which leads into the Computers, Freedom and Privacy thread ...) Why should there be a PRESUMPTION that electronic communication is NOT subject to privacy when such things as the US Mail are specifically private by law. [There's a mailgroup for privacy issues, right? how much traffic does it get? I might subscribe if it doesn't take all day to read ...] Marc Kaufman (kaufman@Neon.stanford.edu) [Moderator's Note: Yes, there is such a list. See the first message in this issue. Write to 'telecom-priv-request@pica.army.mil'. PAT]
grayt@uunet.uu.net> (05/15/91)
In article <telecom11.349.3@eecs.nwu.edu> sao@athena.mit.edu (Andy Oakland) writes: > In article <telecom11.344.4@eecs.nwu.edu> mitel!Software!grayt@uunet. > uu.net (Tom Gray) writes: >>> service equipment shall ensure that communications systems permit the >>> government to obtain the plain text contents of voice, data, and other >>> communications when appropriately authorized by law. >> All this really states is that the government should have the right to >> wire tap if it gets a search warrant. I don't see anything draconian >> about this. >> You may also note that this text does NOT specicifically refer to >> encryption. > Actually, this "sense of Congress" resolution has been causing us here > at MIT Project Athena great distress, because it effectively bans > certain types of encryption. We're working on "privacy enhanced Encryption may be important in certain areas. However shared bandwidth systems are the future of the telecom network. In these systems, communications from many users will share the same physical medium. It is important that any survelliance be restricted to only those under suspicion and not to the innocent users (and probably unknowing users) of a multiplexer system. The telephone line to your house is likely terminated on a subscriber multiplexer system. A simple piece of equipment on this multiplexer could allow the systematic monitoring of all telephone loops in your neighbourhood. I have seen accounts where such systems have been used to intercept long distance trunk traffic on microwave links. ANI and routing information is decoded. It is reasonable that systems such as this be restricted and that the reasonable use of wire tapping be allowed. Only traffic specifically authorized by the search warrant should be intercepted. Additionally users can present the network with encrypted data. Encryption will take place end to end with no involvement of the network. This will be the nature of the new ISDN networks. The network will provide a shared transport function with services being performed on the periphery.