DOJ wants Court to re-think Pro-Crypto Ruling

ptevis writes "There's a story over on Wired News about the DOJ asking the Ninth Circuit Court of Appeals to reconsider their decision in May's landamrk crypto case. It's got some interesting info about where the case may go from here and what the government may try to do. " This stems from the lawsuit from the University of Illinois professor who wanted to post one of his programs online. The DOJ/White House is claiming that this will make broadband listening too difficult, and that "this type of regulation is an executive branch policy decision involving 'extraordinarily sensitive' info that's too secret to disclose publicly." However, it seems unlikely that the court will change its' mind.

U of Illinois Prof

[Enry]

To give a touch of context here, that prof is Dan J. Bernstein, the ever-popular author of Qmail

Re:Vacuum Cleaner?

[gavinhall]

Posted by Lord Kano-The Gangster Of Love:

NO, you are mistaken. Being that IP packets travel over multiple routers which are often owned by MANY differend groups of people. Any admin along that chain can run a packet sniffer and read anything that passes by.

Why do you think there is https? Why do you think Netscape and IE warn you when you submit forms? Because it's easy for the right person to watch packets go by. You have no expectation that at any given moment someone isn't watching. This is why crypto is important.

If I borrow a little from Phil Zimmerman (ok, borrow a lot) sending e-mail is like sending a postcard. Anyone along the way may read it. If you don't like the way that works, use an envelope. Crypto is that envelope. If you want privacy, ENCRYPT, ENCRYPT, ENCRYPT!

LK

Re:Crypto is Munitions

[copito]

A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed.

I suppose you can argue that the 2nd amendment was conceived in the age of the single shot musket so should not be applied to more lethal weapons. But the arms the founders had in mind were also the most lethal weapons of the time and the wording is intentionally vague. It does not say "muskets" but "Arms".

ANAL, but my interpretation of the 2nd amendment is that I should be allowed to own ("keep") an ICBM ("Arms") and carry it around ("bear"). Although it is unclear if need to be part of a "well regulated militia" or if it is enough that I am part of the"people". I know that the courts don't agree with me, and in fact I am strongly in favor of gun control, but I believe that there needs to be a constitutional amendment to reverse the 2nd amendment first. IMHO, it is better to uphold an anachronistic 2nd amendment (and support it's repeal by democratic means) than to selectively apply it at the whim of the courts and thus create precedent for selectively applying our other freedoms.

So to recap, I'm not a gun nut. In fact I have never owned a gun, but the 2nd amendment is part of the US Constitution and should not be shifted by political winds if the Constitution as a whole is to have any meaning.


--

Confusing secrecy with privacy

[Aleatoric]

'extraordinarily sensitive' info that's too secret to disclose publicly

This argument completely misses the point. There is a difference between information that should be kept secret and the method for keeping it secret.

There can be no doubt that any information deemed truly secret by the government will be protected with strong encryption, (at least), even if we disregard the various procedural and physical protocols that are also used.

It is disingenous to argue that the mere existence of strong encryption (and the free dissemination thereof) is, in and of itself, a threat to security.

What the argument really breaks down to is this:

"We (the government) want to be able to easily read any transmission of information under the auspices of protecting ourselves from terrorists and other criminals, and barring the ability to easily read these missives, we want to be able to hold the use of strong encryption itself as a criminal act, so that we can prosecute anyone who uses it, even if we can't prove that they were otherwise engaged in criminal behaviour".

In other words, they want the existence of a strongly encrypted message to remove the presumption of innocence.

As stated in the article, if everyone used strong encryption, they would lose the ability to use strong encryption as a flag to identify potential targets, not to mention that it would be far more difficult (and resource intensive) to attempt to decode all of those messages. What this means is that the government really does want to read your e-mail and intercept your e-commerce, etc., and the idea that they might not be able to really bothers them, despite all their rhetoric about national security and protection.

The free speech qualities of source code in this venue, at least, are clear. It is contradictory to argue that the source code should be restricted while other methods that could be used (printed word, voice communication) would convey the same information, and are already considered protected speech.

I suspect that if it comes before the Supreme Court (likely), they will uphold the decision of the 9th circuit court.

Distressing repercussions regardless

[FreeUser]

The encryption export policy of Reagan, Bush, Clinton, et. al. is one of the most disturbingly short-sighted and dangerous policies politicians have come up with in a very long time. I'll leave the free speach implications to others -- they have been discussed in great detail already.

The economic disadvantages of such a policy are also widely known and acknowledged, even by proponents of the policy. Foreign vendors (in particular European vendors whos governments have much more liberal cryptographic polices) can offer their customers unencumbered, strong, reliable encryption today. No American company can compete internationally. With more and more firms becoming international in scope, the marketplace for strong American encryption grows smaller, which means American presence in the industry growing smaller and weaker as time goes by. What does this mean? If you're a cryptographer, go to work for the government, or, ultimately, go work abraod. Since we can be sure that the percentage of people chosing to work for Uncle Sam will be less than 100%, this means a net brain drain on the United States.

But, there is an even more distressing trend which some would argue has already begun to develop. The impetus to develop new cryptographic algorithms, whether it be money via a commercial product, widespread recognition via an open source product, or even simple political idealism, has been largely destroyed in the United States by these restrictions. While the NSA may get some short term benefit from this, medium term the consequences are clear: more and more expertise will migrate abroad, not just in terms of the "brain drain" described above, but simply because less and less Americans have interest in working on something with such draconian governmental fetters attached to it, and such high personal risk in terms of legal and financial consequences. More and more breakthroughs will be made abroad rather than here, and the number of cryptographic experts abroad will continue to increase while in the United States the number will probably go down.

The only question is how long this scenerio will take to play out. Weeks? Unlikely. Years? Quite possibly. Within two or three decades? Almost certainly.

This will be bad for the NSA, the CIA, and the FBI, and can only grow worse over time as America falls further and further behind other nations in this critical technology. In the end, it will be the entire United States that will be playing catch up to the rest of the world. Not just private industry or private programmers, but the entire U.S. Government as well, including the NSA, CIA, and FBI, not to mention the various military branches which also have more than a passing interest in tapping dometic cryptographic expertise. These export restrictions promise to have a very profound long term impact on our national security, but not in the sense the various Executive offices would have us believe.

This is ordinary stuff

[alkali]

The Federal Rules of Appellate Procedure contemplate that a case may be reconsidered by the original panel of judges to correct obvious errors of fact and law. The Rules also contemplate that very important cases might be reheard by the all the judges on the court ("in banc"). It's not a trick; it's just the way the process goes.

The applicable rules are quoted below in pertinent part:

Rule 40. Petition for Rehearing

(a) Time for Filing; Content; Answer; Action by Court if Granted. -- A petition for rehearing may be filed within 14 days after entry of judgment unless the time is shortened or enlarged by order or by local rule. ... The petition must state with particularity the points of law or fact which in the opinion of the petitioner the court has overlooked or misapprehended and must contain such argument in support of the petition as the petitioner desires to present. ... If a petition for rehearing is granted, the court may make a final disposition of the cause without reargument or may restore it to the calendar for reargument or resubmission or may make such other orders as are deemed appropriate under the circumstances of the particular case.

Rule 35. Determination of Causes by the Court in Banc

(a) When hearing or rehearing in banc will be ordered. -- A majority of the circuit judges who are in regular active service may order that an appeal or other proceeding be heard or reheard by the court of appeals in banc. Such a hearing or rehearing is not favored and ordinarily will not be ordered except ... when the proceeding involves a question of exceptional importance.

(b) Suggestion of a party for hearing or rehearing in banc. - A party may suggest the appropriateness of a hearing or rehearing in banc.

Re:Let them Appeal

[alkali]

Incidentally, re: "despite" -- certain of the Court's more conservative members (Scalia, Rehnquist) aren't "right" in the oft-vilified Christian Right / Moral Majority sense; they're strict constructionists to a degree who have in the past shown disdain for expansive gov't.

Without going off on a rant, this is wildly untrue. Scalia and Thomas in particular are adamantly opposed to rights to abortion or sexual privacy, and have been -- at best -- inconsistent on questions of free speech and court supervision of police conduct. If these are the friends of civil liberties, I'd hate to see the enemies.

I'd classify them roughly as:

Rehnquist, Scalia, Thomas: Fairly strict constructionists; generally, they'll defend the Bill of Rights w/o seeking to expand beyond original intent. For instance, they opposed a recent decision where the following sequence is grounds for suing a district:
1. Girl gets called names by boy.
2. Girl tells administrator/teacher.
3. Boy continues to call names.
4. Girl claims to be "hurt".

Boom, lawsuit -- against the boy AND the school.
This is the scenario that, apparently, Ginsburg (who, IIRC, wrote the majority opinion) has no problems with...
In the interests of intellectual honesty, the reader should know that this is a wild mistatement of the facts of this case, erroneous right down to the identity of the author of the majority opinion (Reagan's nominee, O'Connor). Here's O'Connor's description of the salient allegations in the case:

Petitioner alleges that her daughter was the victim of repeated acts of sexual harassment by G.F. over a 5-month period, and there are allegations in support of the conclusion that G. F.'s misconduct was severe, pervasive, and objectively offensive. The harassment was not only verbal; it included numerous acts of objectively offensive touching, and, indeed, G.F. ultimately pleaded guilty to criminal sexual misconduct. Moreover, the complaint alleges that there were multiple victims who were sufficiently disturbed by G.F.'s misconduct to seek an audience with the school principal. Further, petitioner contends that the harassment had a concrete, negative effect on her daughter's ability to receive an education. The complaint also suggests that petitioner may be able to show both actual knowledge and deliberate indifference on the part of the Board, which made no effort whatsoever either to investigate or to put an end to the harassment.

That's the conduct a majority found to be "so severe, pervasive, and objectively offensive that it effectively bars the victim's access to an educational opportunity or benefit" in violation of federal law. Disagree with their conclusion if you want, but get the facts straight.

Re:hmmmm. Source code, eh?

[remande]

I could see it now...

"Couldn't decrypt it? Hmmm...what's your Genesis translation? I encrypted it with the King James version...your New International version would never be able to read it..."

encryption is not the end-all protection.

[Restil]

DOJ and other spooks are worried that encryption will prevent them from monitoring the activity of the terrorists, child pornographers, drug dealers, and other meanaces to society. The simple fact of the matter is, encryption is rarely used in these circumstances. Encryption is used primarily where it is needed, to keep something safe from prying eyes for such a time that by the time the encryption was decoded, the information would no longer be of any value.

Credit card numbers are an important example. It has been proven that 56 bit DES can be cracked in a day, with sufficient computing power. Retrieving an encrypted credit card number off the internet and decoding it a day later would result in a good number. If it took 20 years to decrypt the same number, it would no longer be of any use to the cracker.

People need to know that if they put their credit card number out on the internet, the only entity that will be able to decode it within a significant amount of time will be whoever the credit card number was specifically destined for, in this case, the merchant.

Now we have the government's argument that the loss of a few million/billion/etc worth in credit card numbers is insignificant compared to the child pornographer that they are unable to catch any other way. However, this only goes to display their incompetance.

There is a lot of evidence relating to pornography. Photographs need to be taken, then scanned. At this point, they are in an insecure format. There is at least 2 witnesses to this act. Data at this point could be encrypted while it is being stored and transfered, and original negatives and photographs could be destroyed, leaving no permanant evidence.

However, unless the pornographer is doing this for his own amusement and has no financial interest, there will at least be someone on the other end of the line who will want to see these pictures in a decoded format, as encrypted photographs of any type are not too exciting. And while this individual may also be storing all his information in an encrypted format, he at some point in time needs to decrypt the data to view it.

The government wants to rely on automated computer systems to discover, locate, and trace this data while it is in transit. This takes the job off of them and allows them to spend more time on whatever it is they want to do. The system would now be prepared to simply monitor everything and flag anything suspicious. Obviously, this isn't what they publicly are stating their intentions are, but don't be surprised if 20 years from now, they consider this to be important.

The fact is, there are other ways to obtain evidence beyond the easy decryption of data. For some time now the technology has existed to view the monitor and "listen" to the keyboard with such clarity that you would be able to know which key was being pressed simply by the sound. This technology has existed for decades now, and if someone is suspected of trafficing in pornography, and the warrants are obtained for survaillence, this technology can easily be put to use. You wouldn't NEED easy decryption as you could simply pick up the passwords as they're typed in. Granted, this might be an expensive solution, but that's not really our problem.

Terrorists and drug dealers can be delt with in the same way. Drug dealers who take their job seriously have long since discovered the police scanner, and the police realize this. Law enforcement has long since had the ability to scramble or encrypt their transmissions, and many police departments do, but in big cities, its quite likely that any radio shack scanner will pick up those transmissions. And if the police are coordinating a raid over the scanners and drug dealers get a 5 minute warning because of it, it could easily botch the entire operation.

Which is why the police don't USE their scanners during raids. They use their MDT units in their cars to communicate so nobody gets tipped off early.

It seems to me, that if law enforcement is going to be tracking criminals, they are unlikely to discover the criminal activity through encrypted messages anyways. After all, if they're not allowed to decode them without warrants anyways, how will they even know about the criminal activity unless they get information from some other source. And once they have appropriate survaillence set up, monitoring encrypted data will be unlikely to make or break the case.

-Restil

Let them Appeal

[Mr.+Morden]

If you think about it probably the best thing that can happen for us is to have the DOJ appeal the decision and lose in the Supreme Court. The only way to overrule the Court is to make a Constitutional ammendment.
The article quotes someone as saying that the worst case for the DOJ is to appeal and lose.
The Supreme Court in the past has been very strict on free speech issues. despite decades of being packed with conservatives by the republicans the Court has been unfailingly ruthless in upholding freedom of speech.
Just look at flag burning as an example. Most of the American public is behind an anti-flag burning law. but the Court has struck it down twice and Congress has tried and failed to make an Ammendment to overrule the Court.

So I say that we encourage the DOJ to appeal to the Supreme Court. They'll lose again and then there will be no further recourse for them.