Slashdot Mirror
House subcommittee passes crypto bill
kabir writes "Computerworld Daily reports that a House of Representatives Subcommittee has just passed a bill (H.R. 850) easing crypto export restrictions. Interestingly, there are also clauses preventing government officials from forcing people to decrypt data. It's not law yet, but looks like it's headed that way. " It passed unanimously in the subcommittee and is headed out to the general House.
For the children? This is dishonest. Its worse than faking video testimony in front of the court three times! We are talking about making laws here that are supposed to protect. The opposite will happen. Our lawmakers are spineless and crooked! Its lying and they are doing not a goddamn thing to protect children!
Apr 27, 99:
Referred jointly and sequentially to the House Committee on Intelligence (Permanent Select) for a period ending
not later than July 2, 1999 for consideration of such provisions of the bill as fall within the jurisdiction of that
committee pursuant to clause 11, rule X.
In other words, the Committee on Intelligence is on a deadline. Cool.
It's not a bug, it's a feature...
Article [V.] (AKA 5th Ammendment)
No person shall be held to answer for a capital, or otherwise infamous crime, unless on a presentment or indictment of a Grand Jury, except in cases arising in the land or naval forces, or in the Militia, when in actual service in time of War or public danger; nor shall any person be subject for the same offence to be twice put in jeopardy of life or limb; nor shall be compelled in any criminal case to be a witness against himself, nor be deprived of life, liberty, or property, without due process of law; nor shall private property be taken for public use, without just compensation.
It depends on how you look at the 5th Ammendment or to be exact on which side you are, but from my point of view phraze clearly states that you don't have to witness against yourself, saying ANYTHING, including PGP passphraze. Afterall, you might well forget your super-duper 101 byte white noise pass.
If I fail to decrypt files under arrest for a felony charge, I should be protected by the Fith Amendment.
If there is a problem arresting and punishing people who cause harm towards people and property, why not change the laws in more constructive ways. This attempt seems to violate rights of people. If I stole enough candy bars from the store to qualify for a felony, sent dozens of encrypted emails about it, refused to open them, I could face life in jail?
At the risk of invoking Godwin's Law, is there some sort of statue of limitations beyond which government misconduct is not to be criticised?
is not proven or is just plain wrong (waco)
Huh? I can't find anything wrong with Kano's description of Waco. (Specifically, the ATF and/or FBI, I forget which, concocted a story about a methamphetemine lab in Davidians' village in order to invoke a "drug exception" to the Posse Comitatus Act.)
Illegally obtained evidence cannot be allowed in court
There are plenty of things corrupt government agencies can do with illegal wiretaps that don't involve any court -- recall for example the story of Martin Luther King's personal indiscretions being taped by J. Edgar Hoover's men.
the government doesn't care one bit about the email you send
Well, then, why are Louis Freeh's shorts in a knot because he won't be able to read it any more? He'll still be able to monitor the few hundred or so suspects who are legally targeted by search warrants using alternative technologies (planting old-fashioned bugs, Trojan Horsing the suspect's computer, reading van Eck emissions, etc).
This law is a big step in the right direction.
True, though as some others have pointed out there is some potential for abusing certain clauses.
I have travelled and lived in most industrialized countries, and we definatly have the best government of all.
Not as bad as the others, but I still see that particular glass as half empty.
/.
/. If the government wants us to respect the law, it should set a better example.
Then all blocking software can just block encrypted content in general.
I'm a little bothered by the "use of crypto to hide a crime is a crime" part; it's already a crime to commit a crime. What do they hope to accomplish with that?
Posted by Lord Kano-The Gangster Of Love:
Slightly off-topic, but not much. Major rant ahead.
It's good to see eased crypto export controls, but the portion about forbidding the gov't from forcing people to decrypt data is a joke.
It's not like our government obeys it's own laws or anything. In the 1960's-1970's the FBI used illegal measured to bring down the Black Panther Party. There are rules against shooting unarmed people, but that didn't stop FBI sniper Lon Horiuchi from shooting Vicky Weaver inthe face while she held her infant daughter(musta been one of those fully automatic assault babies). It's illegal for the US military to engage in domestic law enforcement, but that didn't stop the FBI and BATF from filing bogus charges to get through a loophole in the law to get the US Special forces to torture and barbecue babies in Waco Texas.
This government also inturned AMERICAL CITIZENS for doing nothing more that being 1/4 Japanese. This government exposed mentally retarded people to radioactive substances just to watch them react. This government gave LSD to men in it's armed forces to gauge how well it could be used to interrogate prisoners. This government let men die from syphillis, while lying about giving them treatment, just to gain information about the progression of the disease. This government assisted the Russians in assassinating the leader of the Chechnian rebels, which is 100% ILLEGAL.
I could go on for paragraphs on this, but I think you all get the point. Agents of government (all of them) will routinely violate or circumvent (but usually the former) domestic and international law if they believe that it serves their purpose. Just because they added a provision forbidding their agents from forcing us to decrypt on demand doesn't mean a thing. It's a paper tiger with no teeth or claws to back itself up.
LK
Well, It's about time that the US congress dragged themselves into some semblance of reality on this issue.
The laws in the US regarding the exporting of encryption and decryption technology were all derived from the premise that US engineers and scientists were the only ones on the face of the planet with any ability whatsoever to invent any sort of encryption/decryption techniques, and that the scientific/engineering/software community elsewhere were completely incapable of developing any such technology on their own and would only obtain it if they got if from us.
Just a TAD bit stupidly arrogant, no?
The laws are, in fact, so stupid that if I download a program that does encryption/decryption from a site in, for example, France, and then I translate the text in its GUI from French to English and stick it back up on the Internet, I have committed treason. (Because I transfered a program containing encryption/decryption from my computer, on US soil, owned by a US citizen, to the world-wide Internet. It was irrelevant that the encryption/decryption portion of the code originated in another country anyway!)
From my reading of the article, (and it's kinda sketchy) it looks like this represents only the first small step towards sanity. But at least it's a step.
Hmmm...that would put a damper in Win98/IE5 sales. The fact that these things tell Microsoft lots of tidbits about you over the Internet implies that it tells lots of tidbits about everybody over the Internet.
I wonder how well this goes over at the Pentagon.
--The basis of all love is respect
>Everything that you stated either happened over 20 years ago, is not proven or is just plain wrong (waco).
Randy Weaver's wife was shot less than a decade ago. If you are saying that it is wrong from an ethical point of view, I'll go right along with that. If you are saying it didn't happen that way, I suggest you check ANY news source, national, local, or even a militia zine for the facts on the situation.
Geek-grrl in training
"Always two there are. A geek and her sig."
To truly understand recursion, you must first truly understand recursion.
I believe that either 2/3 or 3/4 of the states can call for a constitutional convention without requiring any action by the Federal government.
--
Business. Numbers. Money. People. Computer World.
While checking up the House Sub-Committee on Telecommunications, Trade, and Consumer Protection, I decided to look at some other bills that they are considering. This is highly misleading (w/o reading the text of the bills) but some of the titles are very interesting.
/.)
H.R.543: A bill to require the installation and use by schools and libraries of a technology for filtering or blocking material on the Internet on computers with Internet access to be eligible to receive or retain universal service assistance. (obviously to screen out
H.J.RES.47: A joint resolution expressing the sense of the Congress regarding the need for a Surgeon General's report on media and violence. (where Dr Koop when you need him?)
H.R.313: A bill to regulate the use by interactive computer services of personally identifiable information provided by subscribers to such services. (Note: This one actually looks good, hence it will never pass)
H.R.515: A bill to prevent children from injuring themselves with handguns. (Great title, totally misleading)
Keep in mind that only a small amount of bills even get out of sub-committee. This is a good thing. Back onto the subject at hand, IMO the other sub-committees are going to gut the export provisions of HR850. IOW, those aspects (exports) may not reach the House Floor for a vote.
That was my initial thought also, but in the case that the police already had probable cause (they saw you hold up the bank, etc.) they can still arrest you, and if you had encrypted your plans to rob the bank then you could be prosecuted for both the plans and the encryption. Also, this just prevents use of encryption from being the "sole basis" of probable cause, but use of encryption could be a contributory basis. This was a step in the right direction, just not as far as it looks at first glance.
Your right to not believe: Americans United for Separation of Church and
I found it interesting that the US government would deny exporting encryption products if they were designed to exploit little children. What does encryption and little children have to do with each other? Might as well ban cars that are designed to help child molesters. Its nice that the US is watching out for the rest of the world and wanting to play "big brother." I do not feel my taxes should be used in this way.
Restricting encryption puts a damper on free distribution of solid communication tools and operating system distributions.
You can be prosecuted for multiple crimes in the course of one trial or as part of a larger crime. For example, you can commit a felony, use a firearm in the commission of said felony, and cross state lines, commit the felony in a building, use encryption in the commission of the crime... Each count can carry mandatory sentences, etc... That's how people get 2 life sentences. You may get off on one count of something, or plea bargain to get a charge dropped, but the others may stick. Welcome to the US legal system. ;) It may make sense, and there may be a reason for it all, but I'm not in posession of that knowledge at the moment.
One of the amendments grants the Secretary of Commerce the authority to deny the export of any "custom-made" encryption products designed for "use in harming national security, use in the sexual exploitation of children [or] use by organized crime."
Is it just me or is this a giant loophole? It seems that anything other than SSL type commercial transactions could fall under this loop hole (e.g. PGP) They [Government/ Law Enforcement] seem to think that they have an absolute right to spy on people at whim.
Uh? You are describing SSL/TLS. Go get mod_ssl for Apache and Fortify to enable 128-bit ciphers in all Netscape browsers.
Obviously this subcommittee dosen't realize what this really is yet.
How long before the NSA fires back? I love to see an all out war between the NSA and a powerful(supposedly) elected body. How quickly do you think congress could pass a bill outdating the NSA's usefullness? How many house members would be found floating in a river?
Enough silly rant...This is the meat right here... (Sec. 3) Amends the Export Administration Act of 1979 to grant the Secretary of Commerce exclusive authority to control exports of all computer hardware, software, computing devices, customer premises equipment, communications network equipment, and technology for information security (including encryption), except that which is specifically designed or modified for military use.
Which is exactly what we need for usefull protection without stale laws. A human being in charge and acountable for regulation of encryption. Who not only has the power to regulate (upon a 50 day review period) but not to regulate at all.
This may be a rouse though, supposedly he is to compile data on impedements to law enforcment created by his policy. If the NSA could just buy him out...
To learn more about the Secretary of Commerce... Department of Commerce website
How long until we can get a human being in a federal postition directly responsible for regulating cameras, I can think of a few I'd like an explanation for.
I expecting the MIB in front of house any second now.
Novel theory: Modern Man evolved from psychopath
How coincidental! 256 cosponsors! And that should be plenty to get the thing passed (assuming they show up to vote, not a given)
Overall, seems a lot better than the status quo, but several problems remain:
1. The bill seems to have an NSA/FBI/CIA inspired loophole - it only relaxes standards on user-"inaccessible" or non-"end-to-end user encryption" products. In other words, you can use whatever you want to connect securely to your ISP, but not to use strongly encrypted VPN tunnels, or send encrypted messages via PGP/voice scramblers/whatever. The intent seems to be that the powers-that-be will still be able to tap your cleartext (presumably only by warrant, but what about the NSA's reputed ubiquitous taps?) at the first unencrypted hop. Of course, with PGP et al. already out of the bag, this may be a moot point anyway.
2. The tack-on penalties for using encryption in the furtherance of a crime, seem like they might run afoul of the Fourth and/or Fifth Amendment. Of course, our current batch of Supremes will likely not see it that way, especially if drug dealers and kiddie porners are the ones being prosecuted for encrypting the evidence. Besides, the cops will only be able to tell if the encrypted stuff was related to the bad stuff if they follow their current routine - seize everything that even looks like a computer, and try to crack all of it. This bill merely encourages that kind of overreaching behavior. More martyred Mitnicks to come? Start generating those 2048-bit keys now... maybe the statute of limitations on your crime will run out before they can decrypt your data. Does "self-incrimination" cover giving up your PGP pass-phrase?
3. It still has to make it past the Senate.... and judging from our enlightened members of both houses ("Ten Commandments" in every school, anyone?) a lot more could go wrong from here.
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
#include "disclaim.h"
"All the best people in life seem to like LINUX." - Steve Wozniak
"It shall be lawful for any person within any State, and for any United States person in a foreign country, to use " (or sell) "any encryption, regardless of the encryption algorithm selected, encryption key length chosen, or implementation technique or medium used."
"Neither the Federal Government nor a State may require that...a key, access to a key, key recovery information, or any other plaintext access capability be:"
"built into computer hardware or software for any purpose;"
"given to any other person, including a Federal Government agency"
"retained by the owner or user of an encryption key or any other person"
"The use of encryption by any person shall not be the sole basis for establishing probable cause with respect to a criminal offense or a search warrant."
"The Attorney General shall compile, and maintain in classified form, data on the instances in which encryption (as defined in section 2801 of title 18, United States Code) has interfered with, impeded, or obstructed the ability of the Department of Justice to enforce the criminal laws of the United States."
It doesn't look like it says they can't decrypt things. It just says they can't force you to file a key with the government or a government agency (outlawing key escrow). Maybe I missed the part about not decrypting.
It also makes it a crime to use encryption to hide criminal activities. Seems akin to mail fraud. Watch out for encrypting those MP3s, though! That's an extra 5 years in jail.
And it says that using encryption is not by itself "probably cause" for decrypting. Good! You know they'd use that if that clause weren't in there.
When campaigning for re-election, the politicians want to be able to make statements like: "I voted for n bills that protect the little children of the world from exploitation."
By tacking this amendment onto this bill, that of course has absolutely no relevance to the issue of child exploitation, the politicians can count this bill in that total of n.
I'm not convinced anybody ever thought there weren't comparable crypto products available outside the U.S. If this were the real reason for the export restrictions they would have been removed long ago. Now the European crypto market is quite well developed.
As I see it, the only reason for the restrictions is to put economic shackles on U.S. based crypto companies. Keeping these companies small and unprofitable limits their ability to sell crypto products domestically, and therefore slows the inevitable adoption of real crypto in this country.
(In the interest of disclosure, I work for such a company)
/* The beatings will continue until morale improves. */
So, we can look at the list who voted for this bill and see the spineless and possibly corrupt. Preventing export of encryption that is designed to exploit children? That has nothing to do with protecting little children in the US and its not honest to say they are voting for our children. Something's fishy.
If one wants to protect little children, there are better ways. This is ignoring a problem and creating a new one.